package lite import ( "bytes" "time" "github.com/pkg/errors" tmmath "github.com/tendermint/tendermint/libs/math" "github.com/tendermint/tendermint/types" ) const ( maxClockDrift = 10 * time.Second ) var ( // DefaultTrustLevel - new header can be trusted if at least one correct // validator signed it. DefaultTrustLevel = tmmath.Fraction{Numerator: 1, Denominator: 3} ) // VerifyNonAdjacent verifies non-adjacent untrustedHeader against // trustedHeader. It ensures that: // // a) trustedHeader can still be trusted (if not, ErrOldHeaderExpired is returned) // b) untrustedHeader is valid (if not, ErrInvalidHeader is returned) // c) trustLevel ([1/3, 1]) of trustedHeaderVals (or trustedHeaderNextVals) // signed correctly (if not, ErrNewValSetCantBeTrusted is returned) // d) more than 2/3 of untrustedVals have signed h2 // (otherwise, ErrInvalidHeader is returned) // e) headers are non-adjacent. func VerifyNonAdjacent( chainID string, trustedHeader *types.SignedHeader, // height=X trustedVals *types.ValidatorSet, // height=X or height=X+1 untrustedHeader *types.SignedHeader, // height=Y untrustedVals *types.ValidatorSet, // height=Y trustingPeriod time.Duration, now time.Time, trustLevel tmmath.Fraction) error { if untrustedHeader.Height == trustedHeader.Height+1 { return errors.New("headers must be non adjacent in height") } if HeaderExpired(trustedHeader, trustingPeriod, now) { return ErrOldHeaderExpired{trustedHeader.Time.Add(trustingPeriod), now} } if err := verifyNewHeaderAndVals(chainID, untrustedHeader, untrustedVals, trustedHeader, now); err != nil { return ErrInvalidHeader{err} } // Ensure that +`trustLevel` (default 1/3) or more of last trusted validators signed correctly. err := trustedVals.VerifyCommitTrusting(chainID, untrustedHeader.Commit.BlockID, untrustedHeader.Height, untrustedHeader.Commit, trustLevel) if err != nil { switch e := err.(type) { case types.ErrNotEnoughVotingPowerSigned: return ErrNewValSetCantBeTrusted{e} default: return e } } // Ensure that +2/3 of new validators signed correctly. // // NOTE: this should always be the last check because untrustedVals can be // intentionally made very large to DOS the light client. not the case for // VerifyAdjacent, where validator set is known in advance. if err := untrustedVals.VerifyCommit(chainID, untrustedHeader.Commit.BlockID, untrustedHeader.Height, untrustedHeader.Commit); err != nil { return ErrInvalidHeader{err} } return nil } // VerifyAdjacent verifies directly adjacent untrustedHeader against // trustedHeader. It ensures that: // // a) trustedHeader can still be trusted (if not, ErrOldHeaderExpired is returned) // b) untrustedHeader is valid (if not, ErrInvalidHeader is returned) // c) untrustedHeader.ValidatorsHash equals trustedHeader.NextValidatorsHash // d) more than 2/3 of new validators (untrustedVals) have signed h2 // (otherwise, ErrInvalidHeader is returned) // e) headers are adjacent. func VerifyAdjacent( chainID string, trustedHeader *types.SignedHeader, // height=X untrustedHeader *types.SignedHeader, // height=X+1 untrustedVals *types.ValidatorSet, // height=X+1 trustingPeriod time.Duration, now time.Time) error { if untrustedHeader.Height != trustedHeader.Height+1 { return errors.New("headers must be adjacent in height") } if HeaderExpired(trustedHeader, trustingPeriod, now) { return ErrOldHeaderExpired{trustedHeader.Time.Add(trustingPeriod), now} } if err := verifyNewHeaderAndVals(chainID, untrustedHeader, untrustedVals, trustedHeader, now); err != nil { return ErrInvalidHeader{err} } // Check the validator hashes are the same if !bytes.Equal(untrustedHeader.ValidatorsHash, trustedHeader.NextValidatorsHash) { err := errors.Errorf("expected old header next validators (%X) to match those from new header (%X)", trustedHeader.NextValidatorsHash, untrustedHeader.ValidatorsHash, ) return err } // Ensure that +2/3 of new validators signed correctly. if err := untrustedVals.VerifyCommit(chainID, untrustedHeader.Commit.BlockID, untrustedHeader.Height, untrustedHeader.Commit); err != nil { return ErrInvalidHeader{err} } return nil } // Verify combines both VerifyAdjacent and VerifyNonAdjacent functions. func Verify( chainID string, trustedHeader *types.SignedHeader, // height=X trustedVals *types.ValidatorSet, // height=X or height=X+1 untrustedHeader *types.SignedHeader, // height=Y untrustedVals *types.ValidatorSet, // height=Y trustingPeriod time.Duration, now time.Time, trustLevel tmmath.Fraction) error { if untrustedHeader.Height != trustedHeader.Height+1 { return VerifyNonAdjacent(chainID, trustedHeader, trustedVals, untrustedHeader, untrustedVals, trustingPeriod, now, trustLevel) } return VerifyAdjacent(chainID, trustedHeader, untrustedHeader, untrustedVals, trustingPeriod, now) } func verifyNewHeaderAndVals( chainID string, untrustedHeader *types.SignedHeader, untrustedVals *types.ValidatorSet, trustedHeader *types.SignedHeader, now time.Time) error { if err := untrustedHeader.ValidateBasic(chainID); err != nil { return errors.Wrap(err, "untrustedHeader.ValidateBasic failed") } if untrustedHeader.Height <= trustedHeader.Height { return errors.Errorf("expected new header height %d to be greater than one of old header %d", untrustedHeader.Height, trustedHeader.Height) } if !untrustedHeader.Time.After(trustedHeader.Time) { return errors.Errorf("expected new header time %v to be after old header time %v", untrustedHeader.Time, trustedHeader.Time) } if !untrustedHeader.Time.Before(now.Add(maxClockDrift)) { return errors.Errorf("new header has a time from the future %v (now: %v; max clock drift: %v)", untrustedHeader.Time, now, maxClockDrift) } if !bytes.Equal(untrustedHeader.ValidatorsHash, untrustedVals.Hash()) { return errors.Errorf("expected new header validators (%X) to match those that were supplied (%X)", untrustedHeader.ValidatorsHash, untrustedVals.Hash(), ) } return nil } // ValidateTrustLevel checks that trustLevel is within the allowed range [1/3, // 1]. If not, it returns an error. 1/3 is the minimum amount of trust needed // which does not break the security model. func ValidateTrustLevel(lvl tmmath.Fraction) error { if lvl.Numerator*3 < lvl.Denominator || // < 1/3 lvl.Numerator > lvl.Denominator || // > 1 lvl.Denominator == 0 { return errors.Errorf("trustLevel must be within [1/3, 1], given %v", lvl) } return nil } // HeaderExpired return true if the given header expired. func HeaderExpired(h *types.SignedHeader, trustingPeriod time.Duration, now time.Time) bool { expirationTime := h.Time.Add(trustingPeriod) return !expirationTime.After(now) } // VerifyBackwards verifies an untrusted header with a height one less than // that of an adjacent trusted header. It ensures that: // // a) untrusted header is valid // b) untrusted header has a time before the trusted header // c) that the LastBlockID hash of the trusted header is the same as the hash // of the trusted header // // For any of these cases ErrInvalidHeader is returned. func VerifyBackwards(chainID string, untrustedHeader, trustedHeader *types.SignedHeader) error { if err := untrustedHeader.ValidateBasic(chainID); err != nil { return ErrInvalidHeader{err} } if !untrustedHeader.Time.Before(trustedHeader.Time) { return ErrInvalidHeader{ errors.Errorf("expected older header time %v to be before new header time %v", untrustedHeader.Time, trustedHeader.Time)} } if !bytes.Equal(untrustedHeader.Hash(), trustedHeader.LastBlockID.Hash) { return ErrInvalidHeader{ errors.Errorf("older header hash %X does not match trusted header's last block %X", untrustedHeader.Hash(), trustedHeader.LastBlockID.Hash)} } return nil }