You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

116 lines
2.9 KiB

lite2: light client with weak subjectivity (#3989) Refs #1771 ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md ## Commits: * add Verifier and VerifyCommitTrusting * add two more checks make trustLevel an option * float32 for trustLevel * check newHeader time * started writing lite Client * unify Verify methods * ensure h2.Header.bfttime < h1.Header.bfttime + tp * move trust checks into Verify function * add more comments * more docs * started writing tests * unbonding period failures * tests are green * export ErrNewHeaderTooFarIntoFuture * make golangci happy * test for non-adjusted headers * more precision * providers and stores * VerifyHeader and VerifyHeaderAtHeight funcs * fix compile errors * remove lastVerifiedHeight, persist new trusted header * sequential verification * remove TrustedStore option * started writing tests for light client * cover basic cases for linear verification * bisection tests PASS * rename BisectingVerification to SkippingVerification * refactor the code * add TrustedHeader method * consolidate sequential verification tests * consolidate skipping verification tests * rename trustedVals to trustedNextVals * start writing docs * ValidateTrustLevel func and ErrOldHeaderExpired error * AutoClient and example tests * fix errors * update doc * remove ErrNewHeaderTooFarIntoFuture This check is unnecessary given existing a) ErrOldHeaderExpired b) h2.Time > now checks. * return an error if we're at more recent height * add comments * add LastSignedHeaderHeight method to Store I think it's fine if Store tracks last height * copy over proxy from old lite package * make TrustedHeader return latest if height=0 * modify LastSignedHeaderHeight to return an error if no headers exist * copy over proxy impl * refactor proxy and start http lite client * Tx and BlockchainInfo methods * Block method * commit method * code compiles again * lite client compiles * extract updateLiteClientIfNeededTo func * move final parts * add placeholder for tests * force usage of lite http client in proxy * comment out query tests for now * explicitly mention tp: trusting period * verify nextVals in VerifyHeader * refactor bisection * move the NextValidatorsHash check into updateTrustedHeaderAndVals + update the comment * add ConsensusParams method to RPC client * add ConsensusParams to rpc/mock/client * change trustLevel type to a new cmn.Fraction type + update SkippingVerification comment * stress out trustLevel is only used for non-adjusted headers * fixes after Fede's review Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * compare newHeader with a header from an alternative provider * save pivot header Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824 * check header can still be trusted in TrustedHeader Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424 * lite: update Validators and Block endpoints - Block no longer contains BlockMeta - Validators now accept two additional params: page and perPage * make linter happy
5 years ago
  1. package lite
  2. import (
  3. "bytes"
  4. "time"
  5. "github.com/pkg/errors"
  6. cmn "github.com/tendermint/tendermint/libs/common"
  7. "github.com/tendermint/tendermint/types"
  8. )
  9. var (
  10. // DefaultTrustLevel - new header can be trusted if at least one correct old
  11. // validator signed it.
  12. DefaultTrustLevel = cmn.Fraction{Numerator: 1, Denominator: 3}
  13. )
  14. func Verify(
  15. chainID string,
  16. h1 *types.SignedHeader,
  17. h1NextVals *types.ValidatorSet,
  18. h2 *types.SignedHeader,
  19. h2Vals *types.ValidatorSet,
  20. trustingPeriod time.Duration,
  21. now time.Time,
  22. trustLevel cmn.Fraction) error {
  23. if err := ValidateTrustLevel(trustLevel); err != nil {
  24. return err
  25. }
  26. // Ensure last header can still be trusted.
  27. expirationTime := h1.Time.Add(trustingPeriod)
  28. if !expirationTime.After(now) {
  29. return ErrOldHeaderExpired{expirationTime, now}
  30. }
  31. if err := verifyNewHeaderAndVals(chainID, h2, h2Vals, h1, now); err != nil {
  32. return err
  33. }
  34. if h2.Height == h1.Height+1 {
  35. if !bytes.Equal(h2.ValidatorsHash, h1NextVals.Hash()) {
  36. return errors.Errorf("expected old header validators (%X) to match those from new header (%X)",
  37. h1NextVals.Hash(),
  38. h2.ValidatorsHash,
  39. )
  40. }
  41. } else {
  42. // Ensure that +`trustLevel` (default 1/3) or more of last trusted validators signed correctly.
  43. err := h1NextVals.VerifyCommitTrusting(chainID, h2.Commit.BlockID, h2.Height, h2.Commit, trustLevel)
  44. if err != nil {
  45. return err
  46. }
  47. }
  48. // Ensure that +2/3 of new validators signed correctly.
  49. err := h2Vals.VerifyCommit(chainID, h2.Commit.BlockID, h2.Height, h2.Commit)
  50. if err != nil {
  51. return err
  52. }
  53. return nil
  54. }
  55. func verifyNewHeaderAndVals(
  56. chainID string,
  57. h2 *types.SignedHeader,
  58. h2Vals *types.ValidatorSet,
  59. h1 *types.SignedHeader,
  60. now time.Time) error {
  61. if err := h2.ValidateBasic(chainID); err != nil {
  62. return errors.Wrap(err, "h2.ValidateBasic failed")
  63. }
  64. if h2.Height <= h1.Height {
  65. return errors.Errorf("expected new header height %d to be greater than one of old header %d",
  66. h2.Height,
  67. h1.Height)
  68. }
  69. if !h2.Time.After(h1.Time) {
  70. return errors.Errorf("expected new header time %v to be after old header time %v",
  71. h2.Time,
  72. h1.Time)
  73. }
  74. if !h2.Time.Before(now) {
  75. return errors.Errorf("new header has a time from the future %v (now: %v)",
  76. h2.Time,
  77. now)
  78. }
  79. if !bytes.Equal(h2.ValidatorsHash, h2Vals.Hash()) {
  80. return errors.Errorf("expected new header validators (%X) to match those that were supplied (%X)",
  81. h2Vals.Hash(),
  82. h2.NextValidatorsHash,
  83. )
  84. }
  85. return nil
  86. }
  87. // ValidateTrustLevel checks that trustLevel is within the allowed range [1/3,
  88. // 1]. If not, it returns an error. 1/3 is the minimum amount of trust needed
  89. // which does not break the security model.
  90. func ValidateTrustLevel(lvl cmn.Fraction) error {
  91. if lvl.Numerator*3 < lvl.Denominator || // < 1/3
  92. lvl.Numerator > lvl.Denominator || // > 1
  93. lvl.Denominator == 0 {
  94. return errors.Errorf("trustLevel must be within [1/3, 1], given %v", lvl)
  95. }
  96. return nil
  97. }