zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6501 Commits
183 Branches
291 MiB
Tree: e1b9bf7c81
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e1b9bf7c81'
${ noResults }
tendermint/privval/priv_validator.go

360 lines
10 KiB
Raw Normal View History

Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
crypto: Refactor to move files out of the top level directory Currently the top level directory contains basically all of the code for the crypto package. This PR moves the crypto code into submodules in a similar manner to what `golang/x/crypto` does. This improves code organization. Ref discussion: https://github.com/tendermint/tendermint/pull/1966 Closes #1956
6 years ago
fix import paths
6 years ago
overwrite pubkey and address for convenience Closes #1829
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
crypto: Remove interface from crypto.Signature Signatures are now []byte, which saves on the number of bytes after amino encoding (squash this) address Ismail's comment
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
crypto: Remove Ed25519 and Secp256k1 suffix on GenPrivKey
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
overwrite pubkey and address for convenience Closes #1829
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
crypto: Remove interface from crypto.Signature Signatures are now []byte, which saves on the number of bytes after amino encoding (squash this) address Ismail's comment
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
crypto: Remove interface from crypto.Signature Signatures are now []byte, which saves on the number of bytes after amino encoding (squash this) address Ismail's comment
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
revert back to Jae's original payload size limit except now we calculate the max size using the maxPacketMsgSize() function, which frees developers from having to know amino encoding details. plus, 10 additional bytes are added to leave the room for amino upgrades (both making it more efficient / less efficient)
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
 
  1. package privval
  2. 

  3. import (
  4. 	"bytes"
  5. 	"errors"
  6. 	"fmt"
  7. 	"io/ioutil"
  8. 	"sync"
  9. 	"time"
  10. 

  11. 	"github.com/tendermint/tendermint/crypto"
  12. 	"github.com/tendermint/tendermint/crypto/ed25519"
  13. 	cmn "github.com/tendermint/tendermint/libs/common"
  14. 	"github.com/tendermint/tendermint/types"
  15. )
  16. 

  17. // TODO: type ?

  18. const (
  19. 	stepNone      int8 = 0 // Used to distinguish the initial state

  20. 	stepPropose   int8 = 1
  21. 	stepPrevote   int8 = 2
  22. 	stepPrecommit int8 = 3
  23. )
  24. 

  25. func voteToStep(vote *types.Vote) int8 {
  26. 	switch vote.Type {
  27. 	case types.VoteTypePrevote:
  28. 		return stepPrevote
  29. 	case types.VoteTypePrecommit:
  30. 		return stepPrecommit
  31. 	default:
  32. 		cmn.PanicSanity("Unknown vote type")
  33. 		return 0
  34. 	}
  35. }
  36. 

  37. // FilePV implements PrivValidator using data persisted to disk

  38. // to prevent double signing.

  39. // NOTE: the directory containing the pv.filePath must already exist.

  40. type FilePV struct {
  41. 	Address       types.Address  `json:"address"`
  42. 	PubKey        crypto.PubKey  `json:"pub_key"`
  43. 	LastHeight    int64          `json:"last_height"`
  44. 	LastRound     int            `json:"last_round"`
  45. 	LastStep      int8           `json:"last_step"`
  46. 	LastSignature []byte         `json:"last_signature,omitempty"` // so we dont lose signatures XXX Why would we lose signatures?

  47. 	LastSignBytes cmn.HexBytes   `json:"last_signbytes,omitempty"` // so we dont lose signatures XXX Why would we lose signatures?

  48. 	PrivKey       crypto.PrivKey `json:"priv_key"`
  49. 

  50. 	// For persistence.

  51. 	// Overloaded for testing.

  52. 	filePath string
  53. 	mtx      sync.Mutex
  54. }
  55. 

  56. // GetAddress returns the address of the validator.

  57. // Implements PrivValidator.

  58. func (pv *FilePV) GetAddress() types.Address {
  59. 	return pv.Address
  60. }
  61. 

  62. // GetPubKey returns the public key of the validator.

  63. // Implements PrivValidator.

  64. func (pv *FilePV) GetPubKey() crypto.PubKey {
  65. 	return pv.PubKey
  66. }
  67. 

  68. // GenFilePV generates a new validator with randomly generated private key

  69. // and sets the filePath, but does not call Save().

  70. func GenFilePV(filePath string) *FilePV {
  71. 	privKey := ed25519.GenPrivKey()
  72. 	return &FilePV{
  73. 		Address:  privKey.PubKey().Address(),
  74. 		PubKey:   privKey.PubKey(),
  75. 		PrivKey:  privKey,
  76. 		LastStep: stepNone,
  77. 		filePath: filePath,
  78. 	}
  79. }
  80. 

  81. // LoadFilePV loads a FilePV from the filePath.  The FilePV handles double

  82. // signing prevention by persisting data to the filePath.  If the filePath does

  83. // not exist, the FilePV must be created manually and saved.

  84. func LoadFilePV(filePath string) *FilePV {
  85. 	pvJSONBytes, err := ioutil.ReadFile(filePath)
  86. 	if err != nil {
  87. 		cmn.Exit(err.Error())
  88. 	}
  89. 	pv := &FilePV{}
  90. 	err = cdc.UnmarshalJSON(pvJSONBytes, &pv)
  91. 	if err != nil {
  92. 		cmn.Exit(cmn.Fmt("Error reading PrivValidator from %v: %v\n", filePath, err))
  93. 	}
  94. 

  95. 	// overwrite pubkey and address for convenience

  96. 	pv.PubKey = pv.PrivKey.PubKey()
  97. 	pv.Address = pv.PubKey.Address()
  98. 

  99. 	pv.filePath = filePath
  100. 	return pv
  101. }
  102. 

  103. // LoadOrGenFilePV loads a FilePV from the given filePath

  104. // or else generates a new one and saves it to the filePath.

  105. func LoadOrGenFilePV(filePath string) *FilePV {
  106. 	var pv *FilePV
  107. 	if cmn.FileExists(filePath) {
  108. 		pv = LoadFilePV(filePath)
  109. 	} else {
  110. 		pv = GenFilePV(filePath)
  111. 		pv.Save()
  112. 	}
  113. 	return pv
  114. }
  115. 

  116. // Save persists the FilePV to disk.

  117. func (pv *FilePV) Save() {
  118. 	pv.mtx.Lock()
  119. 	defer pv.mtx.Unlock()
  120. 	pv.save()
  121. }
  122. 

  123. func (pv *FilePV) save() {
  124. 	outFile := pv.filePath
  125. 	if outFile == "" {
  126. 		panic("Cannot save PrivValidator: filePath not set")
  127. 	}
  128. 	jsonBytes, err := cdc.MarshalJSONIndent(pv, "", "  ")
  129. 	if err != nil {
  130. 		panic(err)
  131. 	}
  132. 	err = cmn.WriteFileAtomic(outFile, jsonBytes, 0600)
  133. 	if err != nil {
  134. 		panic(err)
  135. 	}
  136. }
  137. 

  138. // Reset resets all fields in the FilePV.

  139. // NOTE: Unsafe!

  140. func (pv *FilePV) Reset() {
  141. 	var sig []byte
  142. 	pv.LastHeight = 0
  143. 	pv.LastRound = 0
  144. 	pv.LastStep = 0
  145. 	pv.LastSignature = sig
  146. 	pv.LastSignBytes = nil
  147. 	pv.Save()
  148. }
  149. 

  150. // SignVote signs a canonical representation of the vote, along with the

  151. // chainID. Implements PrivValidator.

  152. func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error {
  153. 	pv.mtx.Lock()
  154. 	defer pv.mtx.Unlock()
  155. 	if err := pv.signVote(chainID, vote); err != nil {
  156. 		return errors.New(cmn.Fmt("Error signing vote: %v", err))
  157. 	}
  158. 	return nil
  159. }
  160. 

  161. // SignProposal signs a canonical representation of the proposal, along with

  162. // the chainID. Implements PrivValidator.

  163. func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error {
  164. 	pv.mtx.Lock()
  165. 	defer pv.mtx.Unlock()
  166. 	if err := pv.signProposal(chainID, proposal); err != nil {
  167. 		return fmt.Errorf("Error signing proposal: %v", err)
  168. 	}
  169. 	return nil
  170. }
  171. 

  172. // returns error if HRS regression or no LastSignBytes. returns true if HRS is unchanged

  173. func (pv *FilePV) checkHRS(height int64, round int, step int8) (bool, error) {
  174. 	if pv.LastHeight > height {
  175. 		return false, errors.New("Height regression")
  176. 	}
  177. 

  178. 	if pv.LastHeight == height {
  179. 		if pv.LastRound > round {
  180. 			return false, errors.New("Round regression")
  181. 		}
  182. 

  183. 		if pv.LastRound == round {
  184. 			if pv.LastStep > step {
  185. 				return false, errors.New("Step regression")
  186. 			} else if pv.LastStep == step {
  187. 				if pv.LastSignBytes != nil {
  188. 					if pv.LastSignature == nil {
  189. 						panic("pv: LastSignature is nil but LastSignBytes is not!")
  190. 					}
  191. 					return true, nil
  192. 				}
  193. 				return false, errors.New("No LastSignature found")
  194. 			}
  195. 		}
  196. 	}
  197. 	return false, nil
  198. }
  199. 

  200. // signVote checks if the vote is good to sign and sets the vote signature.

  201. // It may need to set the timestamp as well if the vote is otherwise the same as

  202. // a previously signed vote (ie. we crashed after signing but before the vote hit the WAL).

  203. func (pv *FilePV) signVote(chainID string, vote *types.Vote) error {
  204. 	height, round, step := vote.Height, vote.Round, voteToStep(vote)
  205. 	signBytes := vote.SignBytes(chainID)
  206. 

  207. 	sameHRS, err := pv.checkHRS(height, round, step)
  208. 	if err != nil {
  209. 		return err
  210. 	}
  211. 

  212. 	// We might crash before writing to the wal,

  213. 	// causing us to try to re-sign for the same HRS.

  214. 	// If signbytes are the same, use the last signature.

  215. 	// If they only differ by timestamp, use last timestamp and signature

  216. 	// Otherwise, return error

  217. 	if sameHRS {
  218. 		if bytes.Equal(signBytes, pv.LastSignBytes) {
  219. 			vote.Signature = pv.LastSignature
  220. 		} else if timestamp, ok := checkVotesOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok {
  221. 			vote.Timestamp = timestamp
  222. 			vote.Signature = pv.LastSignature
  223. 		} else {
  224. 			err = fmt.Errorf("Conflicting data")
  225. 		}
  226. 		return err
  227. 	}
  228. 

  229. 	// It passed the checks. Sign the vote

  230. 	sig, err := pv.PrivKey.Sign(signBytes)
  231. 	if err != nil {
  232. 		return err
  233. 	}
  234. 	pv.saveSigned(height, round, step, signBytes, sig)
  235. 	vote.Signature = sig
  236. 	return nil
  237. }
  238. 

  239. // signProposal checks if the proposal is good to sign and sets the proposal signature.

  240. // It may need to set the timestamp as well if the proposal is otherwise the same as

  241. // a previously signed proposal ie. we crashed after signing but before the proposal hit the WAL).

  242. func (pv *FilePV) signProposal(chainID string, proposal *types.Proposal) error {
  243. 	height, round, step := proposal.Height, proposal.Round, stepPropose
  244. 	signBytes := proposal.SignBytes(chainID)
  245. 

  246. 	sameHRS, err := pv.checkHRS(height, round, step)
  247. 	if err != nil {
  248. 		return err
  249. 	}
  250. 

  251. 	// We might crash before writing to the wal,

  252. 	// causing us to try to re-sign for the same HRS.

  253. 	// If signbytes are the same, use the last signature.

  254. 	// If they only differ by timestamp, use last timestamp and signature

  255. 	// Otherwise, return error

  256. 	if sameHRS {
  257. 		if bytes.Equal(signBytes, pv.LastSignBytes) {
  258. 			proposal.Signature = pv.LastSignature
  259. 		} else if timestamp, ok := checkProposalsOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok {
  260. 			proposal.Timestamp = timestamp
  261. 			proposal.Signature = pv.LastSignature
  262. 		} else {
  263. 			err = fmt.Errorf("Conflicting data")
  264. 		}
  265. 		return err
  266. 	}
  267. 

  268. 	// It passed the checks. Sign the proposal

  269. 	sig, err := pv.PrivKey.Sign(signBytes)
  270. 	if err != nil {
  271. 		return err
  272. 	}
  273. 	pv.saveSigned(height, round, step, signBytes, sig)
  274. 	proposal.Signature = sig
  275. 	return nil
  276. }
  277. 

  278. // Persist height/round/step and signature

  279. func (pv *FilePV) saveSigned(height int64, round int, step int8,
  280. 	signBytes []byte, sig []byte) {
  281. 

  282. 	pv.LastHeight = height
  283. 	pv.LastRound = round
  284. 	pv.LastStep = step
  285. 	pv.LastSignature = sig
  286. 	pv.LastSignBytes = signBytes
  287. 	pv.save()
  288. }
  289. 

  290. // SignHeartbeat signs a canonical representation of the heartbeat, along with the chainID.

  291. // Implements PrivValidator.

  292. func (pv *FilePV) SignHeartbeat(chainID string, heartbeat *types.Heartbeat) error {
  293. 	pv.mtx.Lock()
  294. 	defer pv.mtx.Unlock()
  295. 	sig, err := pv.PrivKey.Sign(heartbeat.SignBytes(chainID))
  296. 	if err != nil {
  297. 		return err
  298. 	}
  299. 	heartbeat.Signature = sig
  300. 	return nil
  301. }
  302. 

  303. // String returns a string representation of the FilePV.

  304. func (pv *FilePV) String() string {
  305. 	return fmt.Sprintf("PrivValidator{%v LH:%v, LR:%v, LS:%v}", pv.GetAddress(), pv.LastHeight, pv.LastRound, pv.LastStep)
  306. }
  307. 

  308. //-------------------------------------

  309. 

  310. // returns the timestamp from the lastSignBytes.

  311. // returns true if the only difference in the votes is their timestamp.

  312. func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) {
  313. 	var lastVote, newVote types.CanonicalJSONVote
  314. 	if err := cdc.UnmarshalJSON(lastSignBytes, &lastVote); err != nil {
  315. 		panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into vote: %v", err))
  316. 	}
  317. 	if err := cdc.UnmarshalJSON(newSignBytes, &newVote); err != nil {
  318. 		panic(fmt.Sprintf("signBytes cannot be unmarshalled into vote: %v", err))
  319. 	}
  320. 

  321. 	lastTime, err := time.Parse(types.TimeFormat, lastVote.Timestamp)
  322. 	if err != nil {
  323. 		panic(err)
  324. 	}
  325. 

  326. 	// set the times to the same value and check equality

  327. 	now := types.CanonicalTime(time.Now())
  328. 	lastVote.Timestamp = now
  329. 	newVote.Timestamp = now
  330. 	lastVoteBytes, _ := cdc.MarshalJSON(lastVote)
  331. 	newVoteBytes, _ := cdc.MarshalJSON(newVote)
  332. 

  333. 	return lastTime, bytes.Equal(newVoteBytes, lastVoteBytes)
  334. }
  335. 

  336. // returns the timestamp from the lastSignBytes.

  337. // returns true if the only difference in the proposals is their timestamp

  338. func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) {
  339. 	var lastProposal, newProposal types.CanonicalJSONProposal
  340. 	if err := cdc.UnmarshalJSON(lastSignBytes, &lastProposal); err != nil {
  341. 		panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into proposal: %v", err))
  342. 	}
  343. 	if err := cdc.UnmarshalJSON(newSignBytes, &newProposal); err != nil {
  344. 		panic(fmt.Sprintf("signBytes cannot be unmarshalled into proposal: %v", err))
  345. 	}
  346. 

  347. 	lastTime, err := time.Parse(types.TimeFormat, lastProposal.Timestamp)
  348. 	if err != nil {
  349. 		panic(err)
  350. 	}
  351. 

  352. 	// set the times to the same value and check equality

  353. 	now := types.CanonicalTime(time.Now())
  354. 	lastProposal.Timestamp = now
  355. 	newProposal.Timestamp = now
  356. 	lastProposalBytes, _ := cdc.MarshalJSON(lastProposal)
  357. 	newProposalBytes, _ := cdc.MarshalJSON(newProposal)
  358. 

  359. 	return lastTime, bytes.Equal(newProposalBytes, lastProposalBytes)
  360. }