Unsigned responses

cmd/neofs-cli/modules/request/container.go

@@ -161,13 +161,7 @@ func createContainer(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("transport failure: %w", err)
 	}
 
-	cmd.Println("Response received. Checking signatures...")
-
-	if err := neofscrypto.VerifyResponseWithBuffer(resp, nil); err != nil {
-		return fmt.Errorf("failed to verify response signatures: %w", err)
-	}
-
-	cmd.Println("Signatures are valid. Checking status...")
+	cmd.Println("Response received. Checking status...")
 
 	if err := apistatus.ToError(resp.GetMetaHeader().GetStatus()); err != nil {
 		return fmt.Errorf("status failure: %w", err)
@@ -210,13 +204,7 @@ func createContainer(cmd *cobra.Command, args []string) error {
 			return fmt.Errorf("transport failure: %w", err)
 		}
 
-		cmd.Println("Response received. Checking signatures...")
-
-		if err := neofscrypto.VerifyResponseWithBuffer(resp, nil); err != nil {
-			return fmt.Errorf("failed to verify response signatures: %w", err)
-		}
-
-		cmd.Println("Signatures are valid. Checking status...")
+		cmd.Println("Response received. Checking status...")
 
 		if err := apistatus.ToError(resp.GetMetaHeader().GetStatus()); err == nil {
 			cmd.Println("Status OK. Operation succeeded.")

cmd/neofs-node/container.go

@@ -511,7 +511,7 @@ func (c *usedSpaceService) NumberOfAddresses() int {
 	return c.cfg.addressNum()
 }
 
-func (c *usedSpaceService) makeResponse(body *protocontainer.AnnounceUsedSpaceResponse_Body, st *protostatus.Status) (*protocontainer.AnnounceUsedSpaceResponse, error) {
+func (c *usedSpaceService) makeResponse(body *protocontainer.AnnounceUsedSpaceResponse_Body, st *protostatus.Status, req *protocontainer.AnnounceUsedSpaceRequest) (*protocontainer.AnnounceUsedSpaceResponse, error) {
 	resp := &protocontainer.AnnounceUsedSpaceResponse{
 		Body: body,
 		MetaHeader: &protosession.ResponseMetaHeader{
@@ -520,17 +520,17 @@ func (c *usedSpaceService) makeResponse(body *protocontainer.AnnounceUsedSpaceRe
 			Status:  st,
 		},
 	}
-	resp.VerifyHeader = util.SignResponse(&c.cfg.key.PrivateKey, resp)
+	resp.VerifyHeader = util.SignResponse(&c.cfg.key.PrivateKey, resp, req)
 	return resp, nil
 }
 
-func (c *usedSpaceService) makeStatusResponse(err error) (*protocontainer.AnnounceUsedSpaceResponse, error) {
-	return c.makeResponse(nil, util.ToStatus(err))
+func (c *usedSpaceService) makeStatusResponse(err error, req *protocontainer.AnnounceUsedSpaceRequest) (*protocontainer.AnnounceUsedSpaceResponse, error) {
+	return c.makeResponse(nil, util.ToStatus(err), req)
 }
 
 func (c *usedSpaceService) AnnounceUsedSpace(ctx context.Context, req *protocontainer.AnnounceUsedSpaceRequest) (*protocontainer.AnnounceUsedSpaceResponse, error) {
 	if err := icrypto.VerifyRequestSignatures(req); err != nil {
-		return c.makeStatusResponse(err)
+		return c.makeStatusResponse(err, req)
 	}
 
 	var passedRoute []loadroute.ServerInfo
@@ -549,23 +549,23 @@ func (c *usedSpaceService) AnnounceUsedSpace(ctx context.Context, req *protocont
 
 	w, err := c.loadWriterProvider.InitWriter(loadroute.NewRouteContext(ctx, passedRoute))
 	if err != nil {
-		return c.makeStatusResponse(fmt.Errorf("could not initialize container's used space writer: %w", err))
+		return c.makeStatusResponse(fmt.Errorf("could not initialize container's used space writer: %w", err), req)
 	}
 
 	var est containerSDK.SizeEstimation
 
 	for _, a := range req.GetBody().GetAnnouncements() {
 		err = est.FromProtoMessage(a)
 		if err != nil {
-			return c.makeStatusResponse(fmt.Errorf("invalid size announcement: %w", err))
+			return c.makeStatusResponse(fmt.Errorf("invalid size announcement: %w", err), req)
 		}
 
 		if err := c.processLoadValue(ctx, est, passedRoute, w); err != nil {
-			return c.makeStatusResponse(err)
+			return c.makeStatusResponse(err, req)
 		}
 	}
 
-	return c.makeResponse(nil, util.StatusOK)
+	return c.makeResponse(nil, util.StatusOK, req)
 }
 
 var errNodeOutsideContainer = errors.New("node outside the container")

cmd/neofs-node/reputation.go

@@ -263,17 +263,17 @@ func (s *reputationServer) makeResponseMetaHeader(st *protostatus.Status) *proto
 	}
 }
 
-func (s *reputationServer) makeLocalResponse(err error) (*protoreputation.AnnounceLocalTrustResponse, error) {
+func (s *reputationServer) makeLocalResponse(err error, req *protoreputation.AnnounceLocalTrustRequest) (*protoreputation.AnnounceLocalTrustResponse, error) {
 	resp := &protoreputation.AnnounceLocalTrustResponse{
 		MetaHeader: s.makeResponseMetaHeader(util.ToStatus(err)),
 	}
-	resp.VerifyHeader = util.SignResponse(&s.key.PrivateKey, resp)
+	resp.VerifyHeader = util.SignResponse(&s.key.PrivateKey, resp, req)
 	return resp, nil
 }
 
 func (s *reputationServer) AnnounceLocalTrust(ctx context.Context, req *protoreputation.AnnounceLocalTrustRequest) (*protoreputation.AnnounceLocalTrustResponse, error) {
 	if err := icrypto.VerifyRequestSignatures(req); err != nil {
-		return s.makeLocalResponse(err)
+		return s.makeLocalResponse(err, req)
 	}
 
 	passedRoute := reverseRoute(req.GetVerifyHeader())
@@ -288,30 +288,30 @@ func (s *reputationServer) AnnounceLocalTrust(ctx context.Context, req *protorep
 
 	w, err := s.localRouter.InitWriter(reputationrouter.NewRouteContext(eCtx, passedRoute))
 	if err != nil {
-		return s.makeLocalResponse(fmt.Errorf("could not initialize local trust writer: %w", err))
+		return s.makeLocalResponse(fmt.Errorf("could not initialize local trust writer: %w", err), req)
 	}
 
 	for _, trust := range body.GetTrusts() {
 		err = s.processLocalTrust(body.GetEpoch(), apiToLocalTrust(trust, passedRoute[0].PublicKey()), passedRoute, w)
 		if err != nil {
-			return s.makeLocalResponse(fmt.Errorf("could not write one of local trusts: %w", err))
+			return s.makeLocalResponse(fmt.Errorf("could not write one of local trusts: %w", err), req)
 		}
 	}
 
-	return s.makeLocalResponse(util.StatusOKErr)
+	return s.makeLocalResponse(util.StatusOKErr, req)
 }
 
-func (s *reputationServer) makeIntermediateResponse(err error) (*protoreputation.AnnounceIntermediateResultResponse, error) {
+func (s *reputationServer) makeIntermediateResponse(err error, req *protoreputation.AnnounceIntermediateResultRequest) (*protoreputation.AnnounceIntermediateResultResponse, error) {
 	resp := &protoreputation.AnnounceIntermediateResultResponse{
 		MetaHeader: s.makeResponseMetaHeader(util.ToStatus(err)),
 	}
-	resp.VerifyHeader = util.SignResponse(&s.key.PrivateKey, resp)
+	resp.VerifyHeader = util.SignResponse(&s.key.PrivateKey, resp, req)
 	return resp, nil
 }
 
 func (s *reputationServer) AnnounceIntermediateResult(ctx context.Context, req *protoreputation.AnnounceIntermediateResultRequest) (*protoreputation.AnnounceIntermediateResultResponse, error) {
 	if err := icrypto.VerifyRequestSignatures(req); err != nil {
-		return s.makeIntermediateResponse(err)
+		return s.makeIntermediateResponse(err, req)
 	}
 
 	passedRoute := reverseRoute(req.GetVerifyHeader())
@@ -323,7 +323,7 @@ func (s *reputationServer) AnnounceIntermediateResult(ctx context.Context, req *
 
 	w, err := s.intermediateRouter.InitWriter(reputationrouter.NewRouteContext(eiCtx, passedRoute))
 	if err != nil {
-		return s.makeIntermediateResponse(fmt.Errorf("could not initialize trust writer: %w", err))
+		return s.makeIntermediateResponse(fmt.Errorf("could not initialize trust writer: %w", err), req)
 	}
 
 	v2Trust := body.GetTrust()
@@ -332,10 +332,10 @@ func (s *reputationServer) AnnounceIntermediateResult(ctx context.Context, req *
 
 	err = w.Write(trust)
 	if err != nil {
-		return s.makeIntermediateResponse(fmt.Errorf("could not write trust: %w", err))
+		return s.makeIntermediateResponse(fmt.Errorf("could not write trust: %w", err), req)
 	}
 
-	return s.makeIntermediateResponse(util.StatusOKErr)
+	return s.makeIntermediateResponse(util.StatusOKErr, req)
 }
 
 func (s *reputationServer) processLocalTrust(epoch uint64, t reputation.Trust,

go.mod

@@ -22,7 +22,7 @@ require (
 	github.com/nspcc-dev/neo-go v0.110.0
 	github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240827150555-5ce597aa14ea
 	github.com/nspcc-dev/neofs-contract v0.23.0
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.13.0.20250610144537-4b8bd696a7eb
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.13.0.20250611171242-421f0237ff94
 	github.com/nspcc-dev/tzhash v1.8.2
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/panjf2000/ants/v2 v2.9.0

go.sum

@@ -201,8 +201,8 @@ github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240827150555-5ce597aa14ea h1:mK
 github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240827150555-5ce597aa14ea/go.mod h1:YzhD4EZmC9Z/PNyd7ysC7WXgIgURc9uCG1UWDeV027Y=
 github.com/nspcc-dev/neofs-contract v0.23.0 h1:F5ciU0wPqSbycPY8qOtb4PvgnSZBNQ5Jp9tdeVSKu4o=
 github.com/nspcc-dev/neofs-contract v0.23.0/go.mod h1:it6Su92UvEFQDsMOfDIXapLu0j5TQSOvkS2YdUlPdgo=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.13.0.20250610144537-4b8bd696a7eb h1:aQ6W8/8SIvcJwH1QF+NuwB8Uvt6LYFCOcRHLgynejeA=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.13.0.20250610144537-4b8bd696a7eb/go.mod h1:j/NUu5iOGFkOVYM42XoC1X9DZD0/y89Pws++w5vxtQk=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.13.0.20250611171242-421f0237ff94 h1:W7JPuX/tclgcX2VF8zECEpCOn68diUJiJKl74731nb8=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.13.0.20250611171242-421f0237ff94/go.mod h1:j/NUu5iOGFkOVYM42XoC1X9DZD0/y89Pws++w5vxtQk=
 github.com/nspcc-dev/rfc6979 v0.2.3 h1:QNVykGZ3XjFwM/88rGfV3oj4rKNBy+nYI6jM7q19hDI=
 github.com/nspcc-dev/rfc6979 v0.2.3/go.mod h1:q3sCL1Ed7homjqYK8KmFSzEmm+7Ngyo7PePbZanhaDE=
 github.com/nspcc-dev/tzhash v1.8.2 h1:ebRCbPoEuoqrhC6sSZmrT/jI3h1SzCWakxxV6gp5QAg=

pkg/core/client/util.go

@@ -1,11 +1,9 @@
 package client
 
 import (
-	"bytes"
 	"fmt"
 
 	"github.com/nspcc-dev/neofs-node/pkg/network"
-	"github.com/nspcc-dev/neofs-sdk-go/client"
 )
 
 // NodeInfoFromRawNetmapElement fills NodeInfo structure from the interface of raw netmap member's descriptor.
@@ -28,15 +26,3 @@ func NodeInfoFromRawNetmapElement(dst *NodeInfo, info interface {
 
 	return nil
 }
-
-// AssertKeyResponseCallback returns client response callback which checks if the response was signed by the expected key.
-// Returns ErrWrongPublicKey in case of key mismatch.
-func AssertKeyResponseCallback(expectedKey []byte) func(client.ResponseMetaInfo) error {
-	return func(info client.ResponseMetaInfo) error {
-		if !bytes.Equal(info.ResponderKey(), expectedKey) {
-			return ErrWrongPublicKey
-		}
-
-		return nil
-	}
-}

pkg/network/cache/client.go

@@ -5,7 +5,6 @@ import (
 	"time"
 
 	clientcore "github.com/nspcc-dev/neofs-node/pkg/core/client"
-	"github.com/nspcc-dev/neofs-sdk-go/client"
 	"go.uber.org/zap"
 )
 
@@ -25,7 +24,6 @@ type (
 		DialTimeout      time.Duration
 		StreamTimeout    time.Duration
 		ReconnectTimeout time.Duration
-		ResponseCallback func(client.ResponseMetaInfo) error
 		Buffers          *sync.Pool
 		Logger           *zap.Logger
 	}
@@ -65,7 +63,6 @@ func (c *ClientCache) Get(info clientcore.NodeInfo) (clientcore.Client, error) {
 	}
 
 	newClientOpts := c.opts
-	newClientOpts.ResponseCallback = clientcore.AssertKeyResponseCallback(info.PublicKey())
 	cli := newMultiClient(netAddr, newClientOpts)
 
 	c.clients[cacheKey] = cli

pkg/network/cache/multi.go

@@ -75,10 +75,6 @@ func (x *multiClient) createForAddress(addr network.Address) (*client.Client, er
 		prmDial.SetStreamTimeout(x.opts.StreamTimeout)
 	}
 
-	if x.opts.ResponseCallback != nil {
-		prmInit.SetResponseInfoCallback(x.opts.ResponseCallback)
-	}
-
 	c, err := client.New(prmInit)
 	if err != nil {
 		return nil, fmt.Errorf("can't create SDK client: %w", err)

pkg/services/accounting/server.go

@@ -46,7 +46,7 @@ func New(s *ecdsa.PrivateKey, net netmap.State, c BalanceContract) protoaccounti
 	}
 }
 
-func (s *server) makeBalanceResponse(body *protoaccounting.BalanceResponse_Body, st *protostatus.Status) (*protoaccounting.BalanceResponse, error) {
+func (s *server) makeBalanceResponse(body *protoaccounting.BalanceResponse_Body, st *protostatus.Status, req *protoaccounting.BalanceRequest) (*protoaccounting.BalanceResponse, error) {
 	resp := &protoaccounting.BalanceResponse{
 		Body: body,
 		MetaHeader: &protosession.ResponseMetaHeader{
@@ -55,41 +55,41 @@ func (s *server) makeBalanceResponse(body *protoaccounting.BalanceResponse_Body,
 			Status:  st,
 		},
 	}
-	resp.VerifyHeader = util.SignResponse(s.signer, resp)
+	resp.VerifyHeader = util.SignResponse(s.signer, resp, req)
 	return resp, nil
 }
 
-func (s *server) makeFailedBalanceResponse(err error) (*protoaccounting.BalanceResponse, error) {
-	return s.makeBalanceResponse(nil, util.ToStatus(err))
+func (s *server) makeFailedBalanceResponse(err error, req *protoaccounting.BalanceRequest) (*protoaccounting.BalanceResponse, error) {
+	return s.makeBalanceResponse(nil, util.ToStatus(err), req)
 }
 
 // Balance gets current balance of the requested user using underlying
 // [BalanceContract] and returns result in the response.
 func (s *server) Balance(_ context.Context, req *protoaccounting.BalanceRequest) (*protoaccounting.BalanceResponse, error) {
 	if err := icrypto.VerifyRequestSignatures(req); err != nil {
-		return s.makeFailedBalanceResponse(err)
+		return s.makeFailedBalanceResponse(err, nil)
 	}
 
 	mUsr := req.GetBody().GetOwnerId()
 	if mUsr == nil {
-		return s.makeFailedBalanceResponse(errors.New("missing account"))
+		return s.makeFailedBalanceResponse(errors.New("missing account"), req)
 	}
 	var id user.ID
 	if err := id.FromProtoMessage(mUsr); err != nil {
-		return s.makeFailedBalanceResponse(fmt.Errorf("invalid account: %w", err))
+		return s.makeFailedBalanceResponse(fmt.Errorf("invalid account: %w", err), req)
 	}
 
 	bal, err := s.contract.BalanceOf(id)
 	if err != nil {
-		return s.makeFailedBalanceResponse(err)
+		return s.makeFailedBalanceResponse(err, req)
 	}
 	ds, err := s.contract.Decimals()
 	if err != nil {
-		return s.makeFailedBalanceResponse(err)
+		return s.makeFailedBalanceResponse(err, req)
 	}
 
 	body := &protoaccounting.BalanceResponse_Body{
 		Balance: &protoaccounting.Decimal{Value: bal.Int64(), Precision: ds},
 	}
-	return s.makeBalanceResponse(body, util.StatusOK)
+	return s.makeBalanceResponse(body, util.StatusOK, req)
 }