package lite import ( "bytes" "time" "github.com/pkg/errors" tmmath "github.com/tendermint/tendermint/libs/math" "github.com/tendermint/tendermint/types" ) var ( // DefaultTrustLevel - new header can be trusted if at least one correct old // validator signed it. DefaultTrustLevel = tmmath.Fraction{Numerator: 1, Denominator: 3} ) // Verify verifies the new header (h2) against the old header (h1). It ensures that: // // a) h1 can still be trusted (if not, ErrOldHeaderExpired is returned); // b) h2 is valid (if not, ErrInvalidNewHeader is returned); // c) either h2.ValidatorsHash equals h1NextVals.Hash() // OR trustLevel ([1/3, 1]) of last trusted validators (h1NextVals) signed // correctly (if not, ErrNewValSetCantBeTrusted is returned); // c) more than 2/3 of new validators (h2Vals) have signed h2 (if not, // ErrNotEnoughVotingPowerSigned is returned). func Verify( chainID string, h1 *types.SignedHeader, h1NextVals *types.ValidatorSet, h2 *types.SignedHeader, h2Vals *types.ValidatorSet, trustingPeriod time.Duration, now time.Time, trustLevel tmmath.Fraction) error { if err := ValidateTrustLevel(trustLevel); err != nil { return err } // Ensure last header can still be trusted. if HeaderExpired(h1, trustingPeriod, now) { return ErrOldHeaderExpired{h1.Time.Add(trustingPeriod), now} } if err := verifyNewHeaderAndVals(chainID, h2, h2Vals, h1, now); err != nil { return err } if h2.Height == h1.Height+1 { if !bytes.Equal(h2.ValidatorsHash, h1NextVals.Hash()) { err := errors.Errorf("expected old header next validators (%X) to match those from new header (%X)", h1NextVals.Hash(), h2.ValidatorsHash, ) return err } } else { // Ensure that +`trustLevel` (default 1/3) or more of last trusted validators signed correctly. err := h1NextVals.VerifyCommitTrusting(chainID, h2.Commit.BlockID, h2.Height, h2.Commit, trustLevel) if err != nil { switch e := err.(type) { case types.ErrNotEnoughVotingPowerSigned: return ErrNewValSetCantBeTrusted{e} default: return e } } } // Ensure that +2/3 of new validators signed correctly. err := h2Vals.VerifyCommit(chainID, h2.Commit.BlockID, h2.Height, h2.Commit) if err != nil { return err } return nil } func verifyNewHeaderAndVals( chainID string, h2 *types.SignedHeader, h2Vals *types.ValidatorSet, h1 *types.SignedHeader, now time.Time) error { if err := h2.ValidateBasic(chainID); err != nil { return errors.Wrap(err, "h2.ValidateBasic failed") } if h2.Height <= h1.Height { return errors.Errorf("expected new header height %d to be greater than one of old header %d", h2.Height, h1.Height) } if !h2.Time.After(h1.Time) { return errors.Errorf("expected new header time %v to be after old header time %v", h2.Time, h1.Time) } if !h2.Time.Before(now) { return errors.Errorf("new header has a time from the future %v (now: %v)", h2.Time, now) } if !bytes.Equal(h2.ValidatorsHash, h2Vals.Hash()) { return errors.Errorf("expected new header validators (%X) to match those that were supplied (%X)", h2.ValidatorsHash, h2Vals.Hash(), ) } return nil } // ValidateTrustLevel checks that trustLevel is within the allowed range [1/3, // 1]. If not, it returns an error. 1/3 is the minimum amount of trust needed // which does not break the security model. func ValidateTrustLevel(lvl tmmath.Fraction) error { if lvl.Numerator*3 < lvl.Denominator || // < 1/3 lvl.Numerator > lvl.Denominator || // > 1 lvl.Denominator == 0 { return errors.Errorf("trustLevel must be within [1/3, 1], given %v", lvl) } return nil } // HeaderExpired return true if the given header expired. func HeaderExpired(h *types.SignedHeader, trustingPeriod time.Duration, now time.Time) bool { expirationTime := h.Time.Add(trustingPeriod) return !expirationTime.After(now) }