zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7614 Commits
183 Branches
291 MiB
Tree: d86706b0e8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd86706b0e8'
${ noResults }
tendermint/lite2/verifier.go

116 lines
2.9 KiB
Raw Normal View History

lite2: light client with weak subjectivity (#3989) Refs #1771 ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md ## Commits: * add Verifier and VerifyCommitTrusting * add two more checks make trustLevel an option * float32 for trustLevel * check newHeader time * started writing lite Client * unify Verify methods * ensure h2.Header.bfttime < h1.Header.bfttime + tp * move trust checks into Verify function * add more comments * more docs * started writing tests * unbonding period failures * tests are green * export ErrNewHeaderTooFarIntoFuture * make golangci happy * test for non-adjusted headers * more precision * providers and stores * VerifyHeader and VerifyHeaderAtHeight funcs * fix compile errors * remove lastVerifiedHeight, persist new trusted header * sequential verification * remove TrustedStore option * started writing tests for light client * cover basic cases for linear verification * bisection tests PASS * rename BisectingVerification to SkippingVerification * refactor the code * add TrustedHeader method * consolidate sequential verification tests * consolidate skipping verification tests * rename trustedVals to trustedNextVals * start writing docs * ValidateTrustLevel func and ErrOldHeaderExpired error * AutoClient and example tests * fix errors * update doc * remove ErrNewHeaderTooFarIntoFuture This check is unnecessary given existing a) ErrOldHeaderExpired b) h2.Time > now checks. * return an error if we're at more recent height * add comments * add LastSignedHeaderHeight method to Store I think it's fine if Store tracks last height * copy over proxy from old lite package * make TrustedHeader return latest if height=0 * modify LastSignedHeaderHeight to return an error if no headers exist * copy over proxy impl * refactor proxy and start http lite client * Tx and BlockchainInfo methods * Block method * commit method * code compiles again * lite client compiles * extract updateLiteClientIfNeededTo func * move final parts * add placeholder for tests * force usage of lite http client in proxy * comment out query tests for now * explicitly mention tp: trusting period * verify nextVals in VerifyHeader * refactor bisection * move the NextValidatorsHash check into updateTrustedHeaderAndVals + update the comment * add ConsensusParams method to RPC client * add ConsensusParams to rpc/mock/client * change trustLevel type to a new cmn.Fraction type + update SkippingVerification comment * stress out trustLevel is only used for non-adjusted headers * fixes after Fede's review Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * compare newHeader with a header from an alternative provider * save pivot header Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824 * check header can still be trusted in TrustedHeader Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424 * lite: update Validators and Block endpoints - Block no longer contains BlockMeta - Validators now accept two additional params: page and perPage * make linter happy
5 years ago
libs/common: Refactor libs/common 5 (#4240) * libs/common: Refactor libs/common 5 - move mathematical functions and types out of `libs/common` to math pkg - move net functions out of `libs/common` to net pkg - move string functions out of `libs/common` to strings pkg - move async functions out of `libs/common` to async pkg - move bit functions out of `libs/common` to bits pkg - move cmap functions out of `libs/common` to cmap pkg - move os functions out of `libs/common` to os pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing issues * fix tests closes #41417 woooooooooooooooooo kill the cmn pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry * fix goimport issues * run gofmt
5 years ago
lite2: light client with weak subjectivity (#3989) Refs #1771 ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md ## Commits: * add Verifier and VerifyCommitTrusting * add two more checks make trustLevel an option * float32 for trustLevel * check newHeader time * started writing lite Client * unify Verify methods * ensure h2.Header.bfttime < h1.Header.bfttime + tp * move trust checks into Verify function * add more comments * more docs * started writing tests * unbonding period failures * tests are green * export ErrNewHeaderTooFarIntoFuture * make golangci happy * test for non-adjusted headers * more precision * providers and stores * VerifyHeader and VerifyHeaderAtHeight funcs * fix compile errors * remove lastVerifiedHeight, persist new trusted header * sequential verification * remove TrustedStore option * started writing tests for light client * cover basic cases for linear verification * bisection tests PASS * rename BisectingVerification to SkippingVerification * refactor the code * add TrustedHeader method * consolidate sequential verification tests * consolidate skipping verification tests * rename trustedVals to trustedNextVals * start writing docs * ValidateTrustLevel func and ErrOldHeaderExpired error * AutoClient and example tests * fix errors * update doc * remove ErrNewHeaderTooFarIntoFuture This check is unnecessary given existing a) ErrOldHeaderExpired b) h2.Time > now checks. * return an error if we're at more recent height * add comments * add LastSignedHeaderHeight method to Store I think it's fine if Store tracks last height * copy over proxy from old lite package * make TrustedHeader return latest if height=0 * modify LastSignedHeaderHeight to return an error if no headers exist * copy over proxy impl * refactor proxy and start http lite client * Tx and BlockchainInfo methods * Block method * commit method * code compiles again * lite client compiles * extract updateLiteClientIfNeededTo func * move final parts * add placeholder for tests * force usage of lite http client in proxy * comment out query tests for now * explicitly mention tp: trusting period * verify nextVals in VerifyHeader * refactor bisection * move the NextValidatorsHash check into updateTrustedHeaderAndVals + update the comment * add ConsensusParams method to RPC client * add ConsensusParams to rpc/mock/client * change trustLevel type to a new cmn.Fraction type + update SkippingVerification comment * stress out trustLevel is only used for non-adjusted headers * fixes after Fede's review Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * compare newHeader with a header from an alternative provider * save pivot header Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824 * check header can still be trusted in TrustedHeader Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424 * lite: update Validators and Block endpoints - Block no longer contains BlockMeta - Validators now accept two additional params: page and perPage * make linter happy
5 years ago
libs/common: Refactor libs/common 5 (#4240) * libs/common: Refactor libs/common 5 - move mathematical functions and types out of `libs/common` to math pkg - move net functions out of `libs/common` to net pkg - move string functions out of `libs/common` to strings pkg - move async functions out of `libs/common` to async pkg - move bit functions out of `libs/common` to bits pkg - move cmap functions out of `libs/common` to cmap pkg - move os functions out of `libs/common` to os pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing issues * fix tests closes #41417 woooooooooooooooooo kill the cmn pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry * fix goimport issues * run gofmt
5 years ago
lite2: light client with weak subjectivity (#3989) Refs #1771 ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md ## Commits: * add Verifier and VerifyCommitTrusting * add two more checks make trustLevel an option * float32 for trustLevel * check newHeader time * started writing lite Client * unify Verify methods * ensure h2.Header.bfttime < h1.Header.bfttime + tp * move trust checks into Verify function * add more comments * more docs * started writing tests * unbonding period failures * tests are green * export ErrNewHeaderTooFarIntoFuture * make golangci happy * test for non-adjusted headers * more precision * providers and stores * VerifyHeader and VerifyHeaderAtHeight funcs * fix compile errors * remove lastVerifiedHeight, persist new trusted header * sequential verification * remove TrustedStore option * started writing tests for light client * cover basic cases for linear verification * bisection tests PASS * rename BisectingVerification to SkippingVerification * refactor the code * add TrustedHeader method * consolidate sequential verification tests * consolidate skipping verification tests * rename trustedVals to trustedNextVals * start writing docs * ValidateTrustLevel func and ErrOldHeaderExpired error * AutoClient and example tests * fix errors * update doc * remove ErrNewHeaderTooFarIntoFuture This check is unnecessary given existing a) ErrOldHeaderExpired b) h2.Time > now checks. * return an error if we're at more recent height * add comments * add LastSignedHeaderHeight method to Store I think it's fine if Store tracks last height * copy over proxy from old lite package * make TrustedHeader return latest if height=0 * modify LastSignedHeaderHeight to return an error if no headers exist * copy over proxy impl * refactor proxy and start http lite client * Tx and BlockchainInfo methods * Block method * commit method * code compiles again * lite client compiles * extract updateLiteClientIfNeededTo func * move final parts * add placeholder for tests * force usage of lite http client in proxy * comment out query tests for now * explicitly mention tp: trusting period * verify nextVals in VerifyHeader * refactor bisection * move the NextValidatorsHash check into updateTrustedHeaderAndVals + update the comment * add ConsensusParams method to RPC client * add ConsensusParams to rpc/mock/client * change trustLevel type to a new cmn.Fraction type + update SkippingVerification comment * stress out trustLevel is only used for non-adjusted headers * fixes after Fede's review Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * compare newHeader with a header from an alternative provider * save pivot header Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824 * check header can still be trusted in TrustedHeader Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424 * lite: update Validators and Block endpoints - Block no longer contains BlockMeta - Validators now accept two additional params: page and perPage * make linter happy
5 years ago
libs/common: Refactor libs/common 5 (#4240) * libs/common: Refactor libs/common 5 - move mathematical functions and types out of `libs/common` to math pkg - move net functions out of `libs/common` to net pkg - move string functions out of `libs/common` to strings pkg - move async functions out of `libs/common` to async pkg - move bit functions out of `libs/common` to bits pkg - move cmap functions out of `libs/common` to cmap pkg - move os functions out of `libs/common` to os pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing issues * fix tests closes #41417 woooooooooooooooooo kill the cmn pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry * fix goimport issues * run gofmt
5 years ago
lite2: light client with weak subjectivity (#3989) Refs #1771 ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md ## Commits: * add Verifier and VerifyCommitTrusting * add two more checks make trustLevel an option * float32 for trustLevel * check newHeader time * started writing lite Client * unify Verify methods * ensure h2.Header.bfttime < h1.Header.bfttime + tp * move trust checks into Verify function * add more comments * more docs * started writing tests * unbonding period failures * tests are green * export ErrNewHeaderTooFarIntoFuture * make golangci happy * test for non-adjusted headers * more precision * providers and stores * VerifyHeader and VerifyHeaderAtHeight funcs * fix compile errors * remove lastVerifiedHeight, persist new trusted header * sequential verification * remove TrustedStore option * started writing tests for light client * cover basic cases for linear verification * bisection tests PASS * rename BisectingVerification to SkippingVerification * refactor the code * add TrustedHeader method * consolidate sequential verification tests * consolidate skipping verification tests * rename trustedVals to trustedNextVals * start writing docs * ValidateTrustLevel func and ErrOldHeaderExpired error * AutoClient and example tests * fix errors * update doc * remove ErrNewHeaderTooFarIntoFuture This check is unnecessary given existing a) ErrOldHeaderExpired b) h2.Time > now checks. * return an error if we're at more recent height * add comments * add LastSignedHeaderHeight method to Store I think it's fine if Store tracks last height * copy over proxy from old lite package * make TrustedHeader return latest if height=0 * modify LastSignedHeaderHeight to return an error if no headers exist * copy over proxy impl * refactor proxy and start http lite client * Tx and BlockchainInfo methods * Block method * commit method * code compiles again * lite client compiles * extract updateLiteClientIfNeededTo func * move final parts * add placeholder for tests * force usage of lite http client in proxy * comment out query tests for now * explicitly mention tp: trusting period * verify nextVals in VerifyHeader * refactor bisection * move the NextValidatorsHash check into updateTrustedHeaderAndVals + update the comment * add ConsensusParams method to RPC client * add ConsensusParams to rpc/mock/client * change trustLevel type to a new cmn.Fraction type + update SkippingVerification comment * stress out trustLevel is only used for non-adjusted headers * fixes after Fede's review Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * compare newHeader with a header from an alternative provider * save pivot header Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824 * check header can still be trusted in TrustedHeader Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424 * lite: update Validators and Block endpoints - Block no longer contains BlockMeta - Validators now accept two additional params: page and perPage * make linter happy
5 years ago
libs/common: Refactor libs/common 5 (#4240) * libs/common: Refactor libs/common 5 - move mathematical functions and types out of `libs/common` to math pkg - move net functions out of `libs/common` to net pkg - move string functions out of `libs/common` to strings pkg - move async functions out of `libs/common` to async pkg - move bit functions out of `libs/common` to bits pkg - move cmap functions out of `libs/common` to cmap pkg - move os functions out of `libs/common` to os pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing issues * fix tests closes #41417 woooooooooooooooooo kill the cmn pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry * fix goimport issues * run gofmt
5 years ago
lite2: light client with weak subjectivity (#3989) Refs #1771 ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md ## Commits: * add Verifier and VerifyCommitTrusting * add two more checks make trustLevel an option * float32 for trustLevel * check newHeader time * started writing lite Client * unify Verify methods * ensure h2.Header.bfttime < h1.Header.bfttime + tp * move trust checks into Verify function * add more comments * more docs * started writing tests * unbonding period failures * tests are green * export ErrNewHeaderTooFarIntoFuture * make golangci happy * test for non-adjusted headers * more precision * providers and stores * VerifyHeader and VerifyHeaderAtHeight funcs * fix compile errors * remove lastVerifiedHeight, persist new trusted header * sequential verification * remove TrustedStore option * started writing tests for light client * cover basic cases for linear verification * bisection tests PASS * rename BisectingVerification to SkippingVerification * refactor the code * add TrustedHeader method * consolidate sequential verification tests * consolidate skipping verification tests * rename trustedVals to trustedNextVals * start writing docs * ValidateTrustLevel func and ErrOldHeaderExpired error * AutoClient and example tests * fix errors * update doc * remove ErrNewHeaderTooFarIntoFuture This check is unnecessary given existing a) ErrOldHeaderExpired b) h2.Time > now checks. * return an error if we're at more recent height * add comments * add LastSignedHeaderHeight method to Store I think it's fine if Store tracks last height * copy over proxy from old lite package * make TrustedHeader return latest if height=0 * modify LastSignedHeaderHeight to return an error if no headers exist * copy over proxy impl * refactor proxy and start http lite client * Tx and BlockchainInfo methods * Block method * commit method * code compiles again * lite client compiles * extract updateLiteClientIfNeededTo func * move final parts * add placeholder for tests * force usage of lite http client in proxy * comment out query tests for now * explicitly mention tp: trusting period * verify nextVals in VerifyHeader * refactor bisection * move the NextValidatorsHash check into updateTrustedHeaderAndVals + update the comment * add ConsensusParams method to RPC client * add ConsensusParams to rpc/mock/client * change trustLevel type to a new cmn.Fraction type + update SkippingVerification comment * stress out trustLevel is only used for non-adjusted headers * fixes after Fede's review Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com> * compare newHeader with a header from an alternative provider * save pivot header Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824 * check header can still be trusted in TrustedHeader Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424 * lite: update Validators and Block endpoints - Block no longer contains BlockMeta - Validators now accept two additional params: page and perPage * make linter happy
5 years ago
 
  1. package lite
  2. 

  3. import (
  4. 	"bytes"
  5. 	"time"
  6. 

  7. 	"github.com/pkg/errors"
  8. 

  9. 	tmmath "github.com/tendermint/tendermint/libs/math"
  10. 	"github.com/tendermint/tendermint/types"
  11. )
  12. 

  13. var (
  14. 	// DefaultTrustLevel - new header can be trusted if at least one correct old

  15. 	// validator signed it.

  16. 	DefaultTrustLevel = tmmath.Fraction{Numerator: 1, Denominator: 3}
  17. )
  18. 

  19. func Verify(
  20. 	chainID string,
  21. 	h1 *types.SignedHeader,
  22. 	h1NextVals *types.ValidatorSet,
  23. 	h2 *types.SignedHeader,
  24. 	h2Vals *types.ValidatorSet,
  25. 	trustingPeriod time.Duration,
  26. 	now time.Time,
  27. 	trustLevel tmmath.Fraction) error {
  28. 

  29. 	if err := ValidateTrustLevel(trustLevel); err != nil {
  30. 		return err
  31. 	}
  32. 

  33. 	// Ensure last header can still be trusted.

  34. 	expirationTime := h1.Time.Add(trustingPeriod)
  35. 	if !expirationTime.After(now) {
  36. 		return ErrOldHeaderExpired{expirationTime, now}
  37. 	}
  38. 

  39. 	if err := verifyNewHeaderAndVals(chainID, h2, h2Vals, h1, now); err != nil {
  40. 		return err
  41. 	}
  42. 

  43. 	if h2.Height == h1.Height+1 {
  44. 		if !bytes.Equal(h2.ValidatorsHash, h1NextVals.Hash()) {
  45. 			return errors.Errorf("expected old header validators (%X) to match those from new header (%X)",
  46. 				h1NextVals.Hash(),
  47. 				h2.ValidatorsHash,
  48. 			)
  49. 		}
  50. 	} else {
  51. 		// Ensure that +`trustLevel` (default 1/3) or more of last trusted validators signed correctly.

  52. 		err := h1NextVals.VerifyCommitTrusting(chainID, h2.Commit.BlockID, h2.Height, h2.Commit, trustLevel)
  53. 		if err != nil {
  54. 			return err
  55. 		}
  56. 	}
  57. 

  58. 	// Ensure that +2/3 of new validators signed correctly.

  59. 	err := h2Vals.VerifyCommit(chainID, h2.Commit.BlockID, h2.Height, h2.Commit)
  60. 	if err != nil {
  61. 		return err
  62. 	}
  63. 

  64. 	return nil
  65. }
  66. 

  67. func verifyNewHeaderAndVals(
  68. 	chainID string,
  69. 	h2 *types.SignedHeader,
  70. 	h2Vals *types.ValidatorSet,
  71. 	h1 *types.SignedHeader,
  72. 	now time.Time) error {
  73. 

  74. 	if err := h2.ValidateBasic(chainID); err != nil {
  75. 		return errors.Wrap(err, "h2.ValidateBasic failed")
  76. 	}
  77. 

  78. 	if h2.Height <= h1.Height {
  79. 		return errors.Errorf("expected new header height %d to be greater than one of old header %d",
  80. 			h2.Height,
  81. 			h1.Height)
  82. 	}
  83. 

  84. 	if !h2.Time.After(h1.Time) {
  85. 		return errors.Errorf("expected new header time %v to be after old header time %v",
  86. 			h2.Time,
  87. 			h1.Time)
  88. 	}
  89. 

  90. 	if !h2.Time.Before(now) {
  91. 		return errors.Errorf("new header has a time from the future %v (now: %v)",
  92. 			h2.Time,
  93. 			now)
  94. 	}
  95. 

  96. 	if !bytes.Equal(h2.ValidatorsHash, h2Vals.Hash()) {
  97. 		return errors.Errorf("expected new header validators (%X) to match those that were supplied (%X)",
  98. 			h2Vals.Hash(),
  99. 			h2.NextValidatorsHash,
  100. 		)
  101. 	}
  102. 

  103. 	return nil
  104. }
  105. 

  106. // ValidateTrustLevel checks that trustLevel is within the allowed range [1/3,

  107. // 1]. If not, it returns an error. 1/3 is the minimum amount of trust needed

  108. // which does not break the security model.

  109. func ValidateTrustLevel(lvl tmmath.Fraction) error {
  110. 	if lvl.Numerator*3 < lvl.Denominator || // < 1/3

  111. 		lvl.Numerator > lvl.Denominator || // > 1

  112. 		lvl.Denominator == 0 {
  113. 		return errors.Errorf("trustLevel must be within [1/3, 1], given %v", lvl)
  114. 	}
  115. 	return nil
  116. }