zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5059 Commits
183 Branches
291 MiB
Tree: 7f4498f8b1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7f4498f8b1'
${ noResults }
tendermint/privval/priv_validator.go

355 lines
10 KiB
Raw Normal View History

Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
 
  1. package privval
  2. 

  3. import (
  4. 	"bytes"
  5. 	"errors"
  6. 	"fmt"
  7. 	"io/ioutil"
  8. 	"sync"
  9. 	"time"
  10. 

  11. 	"github.com/tendermint/tendermint/crypto"
  12. 	"github.com/tendermint/tendermint/types"
  13. 	cmn "github.com/tendermint/tmlibs/common"
  14. )
  15. 

  16. // TODO: type ?

  17. const (
  18. 	stepNone      int8 = 0 // Used to distinguish the initial state

  19. 	stepPropose   int8 = 1
  20. 	stepPrevote   int8 = 2
  21. 	stepPrecommit int8 = 3
  22. )
  23. 

  24. func voteToStep(vote *types.Vote) int8 {
  25. 	switch vote.Type {
  26. 	case types.VoteTypePrevote:
  27. 		return stepPrevote
  28. 	case types.VoteTypePrecommit:
  29. 		return stepPrecommit
  30. 	default:
  31. 		cmn.PanicSanity("Unknown vote type")
  32. 		return 0
  33. 	}
  34. }
  35. 

  36. // FilePV implements PrivValidator using data persisted to disk

  37. // to prevent double signing.

  38. // NOTE: the directory containing the pv.filePath must already exist.

  39. type FilePV struct {
  40. 	Address       types.Address    `json:"address"`
  41. 	PubKey        crypto.PubKey    `json:"pub_key"`
  42. 	LastHeight    int64            `json:"last_height"`
  43. 	LastRound     int              `json:"last_round"`
  44. 	LastStep      int8             `json:"last_step"`
  45. 	LastSignature crypto.Signature `json:"last_signature,omitempty"` // so we dont lose signatures XXX Why would we lose signatures?

  46. 	LastSignBytes cmn.HexBytes     `json:"last_signbytes,omitempty"` // so we dont lose signatures XXX Why would we lose signatures?

  47. 	PrivKey       crypto.PrivKey   `json:"priv_key"`
  48. 

  49. 	// For persistence.

  50. 	// Overloaded for testing.

  51. 	filePath string
  52. 	mtx      sync.Mutex
  53. }
  54. 

  55. // GetAddress returns the address of the validator.

  56. // Implements PrivValidator.

  57. func (pv *FilePV) GetAddress() types.Address {
  58. 	return pv.Address
  59. }
  60. 

  61. // GetPubKey returns the public key of the validator.

  62. // Implements PrivValidator.

  63. func (pv *FilePV) GetPubKey() crypto.PubKey {
  64. 	return pv.PubKey
  65. }
  66. 

  67. // GenFilePV generates a new validator with randomly generated private key

  68. // and sets the filePath, but does not call Save().

  69. func GenFilePV(filePath string) *FilePV {
  70. 	privKey := crypto.GenPrivKeyEd25519()
  71. 	return &FilePV{
  72. 		Address:  privKey.PubKey().Address(),
  73. 		PubKey:   privKey.PubKey(),
  74. 		PrivKey:  privKey,
  75. 		LastStep: stepNone,
  76. 		filePath: filePath,
  77. 	}
  78. }
  79. 

  80. // LoadFilePV loads a FilePV from the filePath.  The FilePV handles double

  81. // signing prevention by persisting data to the filePath.  If the filePath does

  82. // not exist, the FilePV must be created manually and saved.

  83. func LoadFilePV(filePath string) *FilePV {
  84. 	pvJSONBytes, err := ioutil.ReadFile(filePath)
  85. 	if err != nil {
  86. 		cmn.Exit(err.Error())
  87. 	}
  88. 	pv := &FilePV{}
  89. 	err = cdc.UnmarshalJSON(pvJSONBytes, &pv)
  90. 	if err != nil {
  91. 		cmn.Exit(cmn.Fmt("Error reading PrivValidator from %v: %v\n", filePath, err))
  92. 	}
  93. 

  94. 	pv.filePath = filePath
  95. 	return pv
  96. }
  97. 

  98. // LoadOrGenFilePV loads a FilePV from the given filePath

  99. // or else generates a new one and saves it to the filePath.

  100. func LoadOrGenFilePV(filePath string) *FilePV {
  101. 	var pv *FilePV
  102. 	if cmn.FileExists(filePath) {
  103. 		pv = LoadFilePV(filePath)
  104. 	} else {
  105. 		pv = GenFilePV(filePath)
  106. 		pv.Save()
  107. 	}
  108. 	return pv
  109. }
  110. 

  111. // Save persists the FilePV to disk.

  112. func (pv *FilePV) Save() {
  113. 	pv.mtx.Lock()
  114. 	defer pv.mtx.Unlock()
  115. 	pv.save()
  116. }
  117. 

  118. func (pv *FilePV) save() {
  119. 	outFile := pv.filePath
  120. 	if outFile == "" {
  121. 		panic("Cannot save PrivValidator: filePath not set")
  122. 	}
  123. 	jsonBytes, err := cdc.MarshalJSONIndent(pv, "", "  ")
  124. 	if err != nil {
  125. 		panic(err)
  126. 	}
  127. 	err = cmn.WriteFileAtomic(outFile, jsonBytes, 0600)
  128. 	if err != nil {
  129. 		panic(err)
  130. 	}
  131. }
  132. 

  133. // Reset resets all fields in the FilePV.

  134. // NOTE: Unsafe!

  135. func (pv *FilePV) Reset() {
  136. 	var sig crypto.Signature
  137. 	pv.LastHeight = 0
  138. 	pv.LastRound = 0
  139. 	pv.LastStep = 0
  140. 	pv.LastSignature = sig
  141. 	pv.LastSignBytes = nil
  142. 	pv.Save()
  143. }
  144. 

  145. // SignVote signs a canonical representation of the vote, along with the

  146. // chainID. Implements PrivValidator.

  147. func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error {
  148. 	pv.mtx.Lock()
  149. 	defer pv.mtx.Unlock()
  150. 	if err := pv.signVote(chainID, vote); err != nil {
  151. 		return errors.New(cmn.Fmt("Error signing vote: %v", err))
  152. 	}
  153. 	return nil
  154. }
  155. 

  156. // SignProposal signs a canonical representation of the proposal, along with

  157. // the chainID. Implements PrivValidator.

  158. func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error {
  159. 	pv.mtx.Lock()
  160. 	defer pv.mtx.Unlock()
  161. 	if err := pv.signProposal(chainID, proposal); err != nil {
  162. 		return fmt.Errorf("Error signing proposal: %v", err)
  163. 	}
  164. 	return nil
  165. }
  166. 

  167. // returns error if HRS regression or no LastSignBytes. returns true if HRS is unchanged

  168. func (pv *FilePV) checkHRS(height int64, round int, step int8) (bool, error) {
  169. 	if pv.LastHeight > height {
  170. 		return false, errors.New("Height regression")
  171. 	}
  172. 

  173. 	if pv.LastHeight == height {
  174. 		if pv.LastRound > round {
  175. 			return false, errors.New("Round regression")
  176. 		}
  177. 

  178. 		if pv.LastRound == round {
  179. 			if pv.LastStep > step {
  180. 				return false, errors.New("Step regression")
  181. 			} else if pv.LastStep == step {
  182. 				if pv.LastSignBytes != nil {
  183. 					if pv.LastSignature == nil {
  184. 						panic("pv: LastSignature is nil but LastSignBytes is not!")
  185. 					}
  186. 					return true, nil
  187. 				}
  188. 				return false, errors.New("No LastSignature found")
  189. 			}
  190. 		}
  191. 	}
  192. 	return false, nil
  193. }
  194. 

  195. // signVote checks if the vote is good to sign and sets the vote signature.

  196. // It may need to set the timestamp as well if the vote is otherwise the same as

  197. // a previously signed vote (ie. we crashed after signing but before the vote hit the WAL).

  198. func (pv *FilePV) signVote(chainID string, vote *types.Vote) error {
  199. 	height, round, step := vote.Height, vote.Round, voteToStep(vote)
  200. 	signBytes := vote.SignBytes(chainID)
  201. 

  202. 	sameHRS, err := pv.checkHRS(height, round, step)
  203. 	if err != nil {
  204. 		return err
  205. 	}
  206. 

  207. 	// We might crash before writing to the wal,

  208. 	// causing us to try to re-sign for the same HRS.

  209. 	// If signbytes are the same, use the last signature.

  210. 	// If they only differ by timestamp, use last timestamp and signature

  211. 	// Otherwise, return error

  212. 	if sameHRS {
  213. 		if bytes.Equal(signBytes, pv.LastSignBytes) {
  214. 			vote.Signature = pv.LastSignature
  215. 		} else if timestamp, ok := checkVotesOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok {
  216. 			vote.Timestamp = timestamp
  217. 			vote.Signature = pv.LastSignature
  218. 		} else {
  219. 			err = fmt.Errorf("Conflicting data")
  220. 		}
  221. 		return err
  222. 	}
  223. 

  224. 	// It passed the checks. Sign the vote

  225. 	sig, err := pv.PrivKey.Sign(signBytes)
  226. 	if err != nil {
  227. 		return err
  228. 	}
  229. 	pv.saveSigned(height, round, step, signBytes, sig)
  230. 	vote.Signature = sig
  231. 	return nil
  232. }
  233. 

  234. // signProposal checks if the proposal is good to sign and sets the proposal signature.

  235. // It may need to set the timestamp as well if the proposal is otherwise the same as

  236. // a previously signed proposal ie. we crashed after signing but before the proposal hit the WAL).

  237. func (pv *FilePV) signProposal(chainID string, proposal *types.Proposal) error {
  238. 	height, round, step := proposal.Height, proposal.Round, stepPropose
  239. 	signBytes := proposal.SignBytes(chainID)
  240. 

  241. 	sameHRS, err := pv.checkHRS(height, round, step)
  242. 	if err != nil {
  243. 		return err
  244. 	}
  245. 

  246. 	// We might crash before writing to the wal,

  247. 	// causing us to try to re-sign for the same HRS.

  248. 	// If signbytes are the same, use the last signature.

  249. 	// If they only differ by timestamp, use last timestamp and signature

  250. 	// Otherwise, return error

  251. 	if sameHRS {
  252. 		if bytes.Equal(signBytes, pv.LastSignBytes) {
  253. 			proposal.Signature = pv.LastSignature
  254. 		} else if timestamp, ok := checkProposalsOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok {
  255. 			proposal.Timestamp = timestamp
  256. 			proposal.Signature = pv.LastSignature
  257. 		} else {
  258. 			err = fmt.Errorf("Conflicting data")
  259. 		}
  260. 		return err
  261. 	}
  262. 

  263. 	// It passed the checks. Sign the proposal

  264. 	sig, err := pv.PrivKey.Sign(signBytes)
  265. 	if err != nil {
  266. 		return err
  267. 	}
  268. 	pv.saveSigned(height, round, step, signBytes, sig)
  269. 	proposal.Signature = sig
  270. 	return nil
  271. }
  272. 

  273. // Persist height/round/step and signature

  274. func (pv *FilePV) saveSigned(height int64, round int, step int8,
  275. 	signBytes []byte, sig crypto.Signature) {
  276. 

  277. 	pv.LastHeight = height
  278. 	pv.LastRound = round
  279. 	pv.LastStep = step
  280. 	pv.LastSignature = sig
  281. 	pv.LastSignBytes = signBytes
  282. 	pv.save()
  283. }
  284. 

  285. // SignHeartbeat signs a canonical representation of the heartbeat, along with the chainID.

  286. // Implements PrivValidator.

  287. func (pv *FilePV) SignHeartbeat(chainID string, heartbeat *types.Heartbeat) error {
  288. 	pv.mtx.Lock()
  289. 	defer pv.mtx.Unlock()
  290. 	sig, err:= pv.PrivKey.Sign(heartbeat.SignBytes(chainID))
  291. 	if err != nil {
  292. 		return err
  293. 	}
  294. 	heartbeat.Signature = sig
  295. 	return nil
  296. }
  297. 

  298. // String returns a string representation of the FilePV.

  299. func (pv *FilePV) String() string {
  300. 	return fmt.Sprintf("PrivValidator{%v LH:%v, LR:%v, LS:%v}", pv.GetAddress(), pv.LastHeight, pv.LastRound, pv.LastStep)
  301. }
  302. 

  303. //-------------------------------------

  304. 

  305. // returns the timestamp from the lastSignBytes.

  306. // returns true if the only difference in the votes is their timestamp.

  307. func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) {
  308. 	var lastVote, newVote types.CanonicalJSONVote
  309. 	if err := cdc.UnmarshalJSON(lastSignBytes, &lastVote); err != nil {
  310. 		panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into vote: %v", err))
  311. 	}
  312. 	if err := cdc.UnmarshalJSON(newSignBytes, &newVote); err != nil {
  313. 		panic(fmt.Sprintf("signBytes cannot be unmarshalled into vote: %v", err))
  314. 	}
  315. 

  316. 	lastTime, err := time.Parse(types.TimeFormat, lastVote.Timestamp)
  317. 	if err != nil {
  318. 		panic(err)
  319. 	}
  320. 

  321. 	// set the times to the same value and check equality

  322. 	now := types.CanonicalTime(time.Now())
  323. 	lastVote.Timestamp = now
  324. 	newVote.Timestamp = now
  325. 	lastVoteBytes, _ := cdc.MarshalJSON(lastVote)
  326. 	newVoteBytes, _ := cdc.MarshalJSON(newVote)
  327. 

  328. 	return lastTime, bytes.Equal(newVoteBytes, lastVoteBytes)
  329. }
  330. 

  331. // returns the timestamp from the lastSignBytes.

  332. // returns true if the only difference in the proposals is their timestamp

  333. func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) {
  334. 	var lastProposal, newProposal types.CanonicalJSONProposal
  335. 	if err := cdc.UnmarshalJSON(lastSignBytes, &lastProposal); err != nil {
  336. 		panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into proposal: %v", err))
  337. 	}
  338. 	if err := cdc.UnmarshalJSON(newSignBytes, &newProposal); err != nil {
  339. 		panic(fmt.Sprintf("signBytes cannot be unmarshalled into proposal: %v", err))
  340. 	}
  341. 

  342. 	lastTime, err := time.Parse(types.TimeFormat, lastProposal.Timestamp)
  343. 	if err != nil {
  344. 		panic(err)
  345. 	}
  346. 

  347. 	// set the times to the same value and check equality

  348. 	now := types.CanonicalTime(time.Now())
  349. 	lastProposal.Timestamp = now
  350. 	newProposal.Timestamp = now
  351. 	lastProposalBytes, _ := cdc.MarshalJSON(lastProposal)
  352. 	newProposalBytes, _ := cdc.MarshalJSON(newProposal)
  353. 

  354. 	return lastTime, bytes.Equal(newProposalBytes, lastProposalBytes)
  355. }