package types import ( "bytes" "fmt" "strings" "github.com/pkg/errors" "github.com/tendermint/tendermint/crypto/tmhash" amino "github.com/tendermint/go-amino" "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/merkle" ) const ( // MaxEvidenceBytes is a maximum size of any evidence (including amino overhead). MaxEvidenceBytes int64 = 484 ) // ErrEvidenceInvalid wraps a piece of evidence and the error denoting how or why it is invalid. type ErrEvidenceInvalid struct { Evidence Evidence ErrorValue error } // NewErrEvidenceInvalid returns a new EvidenceInvalid with the given err. func NewErrEvidenceInvalid(ev Evidence, err error) *ErrEvidenceInvalid { return &ErrEvidenceInvalid{ev, err} } // Error returns a string representation of the error. func (err *ErrEvidenceInvalid) Error() string { return fmt.Sprintf("Invalid evidence: %v. Evidence: %v", err.ErrorValue, err.Evidence) } // ErrEvidenceOverflow is for when there is too much evidence in a block. type ErrEvidenceOverflow struct { MaxNum int64 GotNum int64 } // NewErrEvidenceOverflow returns a new ErrEvidenceOverflow where got > max. func NewErrEvidenceOverflow(max, got int64) *ErrEvidenceOverflow { return &ErrEvidenceOverflow{max, got} } // Error returns a string representation of the error. func (err *ErrEvidenceOverflow) Error() string { return fmt.Sprintf("Too much evidence: Max %d, got %d", err.MaxNum, err.GotNum) } //------------------------------------------- // Evidence represents any provable malicious activity by a validator type Evidence interface { Height() int64 // height of the equivocation Address() []byte // address of the equivocating validator Bytes() []byte // bytes which compromise the evidence Hash() []byte // hash of the evidence Verify(chainID string, pubKey crypto.PubKey) error // verify the evidence Equal(Evidence) bool // check equality of evidence ValidateBasic() error String() string } func RegisterEvidences(cdc *amino.Codec) { cdc.RegisterInterface((*Evidence)(nil), nil) cdc.RegisterConcrete(&DuplicateVoteEvidence{}, "tendermint/DuplicateVoteEvidence", nil) } func RegisterMockEvidences(cdc *amino.Codec) { cdc.RegisterConcrete(MockGoodEvidence{}, "tendermint/MockGoodEvidence", nil) cdc.RegisterConcrete(MockRandomGoodEvidence{}, "tendermint/MockRandomGoodEvidence", nil) cdc.RegisterConcrete(MockBadEvidence{}, "tendermint/MockBadEvidence", nil) } const ( MaxEvidenceBytesDenominator = 10 ) // MaxEvidencePerBlock returns the maximum number of evidences // allowed in the block and their maximum total size (limitted to 1/10th // of the maximum block size). // TODO: change to a constant, or to a fraction of the validator set size. // See https://github.com/tendermint/tendermint/issues/2590 func MaxEvidencePerBlock(blockMaxBytes int64) (int64, int64) { maxBytes := blockMaxBytes / MaxEvidenceBytesDenominator maxNum := maxBytes / MaxEvidenceBytes return maxNum, maxBytes } //------------------------------------------- // DuplicateVoteEvidence contains evidence a validator signed two conflicting // votes. type DuplicateVoteEvidence struct { PubKey crypto.PubKey VoteA *Vote VoteB *Vote } var _ Evidence = &DuplicateVoteEvidence{} // NewDuplicateVoteEvidence creates DuplicateVoteEvidence with right ordering given // two conflicting votes. If one of the votes is nil, evidence returned is nil as well func NewDuplicateVoteEvidence(pubkey crypto.PubKey, vote1 *Vote, vote2 *Vote) *DuplicateVoteEvidence { var voteA, voteB *Vote if vote1 == nil || vote2 == nil { return nil } if strings.Compare(vote1.BlockID.Key(), vote2.BlockID.Key()) == -1 { voteA = vote1 voteB = vote2 } else { voteA = vote2 voteB = vote1 } return &DuplicateVoteEvidence{ PubKey: pubkey, VoteA: voteA, VoteB: voteB, } } // String returns a string representation of the evidence. func (dve *DuplicateVoteEvidence) String() string { return fmt.Sprintf("VoteA: %v; VoteB: %v", dve.VoteA, dve.VoteB) } // Height returns the height this evidence refers to. func (dve *DuplicateVoteEvidence) Height() int64 { return dve.VoteA.Height } // Address returns the address of the validator. func (dve *DuplicateVoteEvidence) Address() []byte { return dve.PubKey.Address() } // Hash returns the hash of the evidence. func (dve *DuplicateVoteEvidence) Bytes() []byte { return cdcEncode(dve) } // Hash returns the hash of the evidence. func (dve *DuplicateVoteEvidence) Hash() []byte { return tmhash.Sum(cdcEncode(dve)) } // Verify returns an error if the two votes aren't conflicting. // To be conflicting, they must be from the same validator, for the same H/R/S, but for different blocks. func (dve *DuplicateVoteEvidence) Verify(chainID string, pubKey crypto.PubKey) error { // H/R/S must be the same if dve.VoteA.Height != dve.VoteB.Height || dve.VoteA.Round != dve.VoteB.Round || dve.VoteA.Type != dve.VoteB.Type { return fmt.Errorf("duplicateVoteEvidence Error: H/R/S does not match. Got %v and %v", dve.VoteA, dve.VoteB) } // Address must be the same if !bytes.Equal(dve.VoteA.ValidatorAddress, dve.VoteB.ValidatorAddress) { return fmt.Errorf( "duplicateVoteEvidence Error: Validator addresses do not match. Got %X and %X", dve.VoteA.ValidatorAddress, dve.VoteB.ValidatorAddress, ) } // Index must be the same if dve.VoteA.ValidatorIndex != dve.VoteB.ValidatorIndex { return fmt.Errorf( "duplicateVoteEvidence Error: Validator indices do not match. Got %d and %d", dve.VoteA.ValidatorIndex, dve.VoteB.ValidatorIndex, ) } // BlockIDs must be different if dve.VoteA.BlockID.Equals(dve.VoteB.BlockID) { return fmt.Errorf( "duplicateVoteEvidence Error: BlockIDs are the same (%v) - not a real duplicate vote", dve.VoteA.BlockID, ) } // pubkey must match address (this should already be true, sanity check) addr := dve.VoteA.ValidatorAddress if !bytes.Equal(pubKey.Address(), addr) { return fmt.Errorf("duplicateVoteEvidence FAILED SANITY CHECK - address (%X) doesn't match pubkey (%v - %X)", addr, pubKey, pubKey.Address()) } // Signatures must be valid if !pubKey.VerifyBytes(dve.VoteA.SignBytes(chainID), dve.VoteA.Signature) { return fmt.Errorf("duplicateVoteEvidence Error verifying VoteA: %v", ErrVoteInvalidSignature) } if !pubKey.VerifyBytes(dve.VoteB.SignBytes(chainID), dve.VoteB.Signature) { return fmt.Errorf("duplicateVoteEvidence Error verifying VoteB: %v", ErrVoteInvalidSignature) } return nil } // Equal checks if two pieces of evidence are equal. func (dve *DuplicateVoteEvidence) Equal(ev Evidence) bool { if _, ok := ev.(*DuplicateVoteEvidence); !ok { return false } // just check their hashes dveHash := tmhash.Sum(cdcEncode(dve)) evHash := tmhash.Sum(cdcEncode(ev)) return bytes.Equal(dveHash, evHash) } // ValidateBasic performs basic validation. func (dve *DuplicateVoteEvidence) ValidateBasic() error { if len(dve.PubKey.Bytes()) == 0 { return errors.New("empty PubKey") } if dve.VoteA == nil || dve.VoteB == nil { return fmt.Errorf("one or both of the votes are empty %v, %v", dve.VoteA, dve.VoteB) } if err := dve.VoteA.ValidateBasic(); err != nil { return fmt.Errorf("invalid VoteA: %v", err) } if err := dve.VoteB.ValidateBasic(); err != nil { return fmt.Errorf("invalid VoteB: %v", err) } // Enforce Votes are lexicographically sorted on blockID if strings.Compare(dve.VoteA.BlockID.Key(), dve.VoteB.BlockID.Key()) >= 0 { return errors.New("duplicate votes in invalid order") } return nil } //----------------------------------------------------------------- // UNSTABLE type MockRandomGoodEvidence struct { MockGoodEvidence randBytes []byte } var _ Evidence = &MockRandomGoodEvidence{} // UNSTABLE func NewMockRandomGoodEvidence(height int64, address []byte, randBytes []byte) MockRandomGoodEvidence { return MockRandomGoodEvidence{ MockGoodEvidence{height, address}, randBytes, } } func (e MockRandomGoodEvidence) Hash() []byte { return []byte(fmt.Sprintf("%d-%x", e.Height_, e.randBytes)) } // UNSTABLE type MockGoodEvidence struct { Height_ int64 Address_ []byte } var _ Evidence = &MockGoodEvidence{} // UNSTABLE func NewMockGoodEvidence(height int64, idx int, address []byte) MockGoodEvidence { return MockGoodEvidence{height, address} } func (e MockGoodEvidence) Height() int64 { return e.Height_ } func (e MockGoodEvidence) Address() []byte { return e.Address_ } func (e MockGoodEvidence) Hash() []byte { return []byte(fmt.Sprintf("%d-%x", e.Height_, e.Address_)) } func (e MockGoodEvidence) Bytes() []byte { return []byte(fmt.Sprintf("%d-%x", e.Height_, e.Address_)) } func (e MockGoodEvidence) Verify(chainID string, pubKey crypto.PubKey) error { return nil } func (e MockGoodEvidence) Equal(ev Evidence) bool { e2 := ev.(MockGoodEvidence) return e.Height_ == e2.Height_ && bytes.Equal(e.Address_, e2.Address_) } func (e MockGoodEvidence) ValidateBasic() error { return nil } func (e MockGoodEvidence) String() string { return fmt.Sprintf("GoodEvidence: %d/%s", e.Height_, e.Address_) } // UNSTABLE type MockBadEvidence struct { MockGoodEvidence } func (e MockBadEvidence) Verify(chainID string, pubKey crypto.PubKey) error { return fmt.Errorf("mockBadEvidence") } func (e MockBadEvidence) Equal(ev Evidence) bool { e2 := ev.(MockBadEvidence) return e.Height_ == e2.Height_ && bytes.Equal(e.Address_, e2.Address_) } func (e MockBadEvidence) ValidateBasic() error { return nil } func (e MockBadEvidence) String() string { return fmt.Sprintf("BadEvidence: %d/%s", e.Height_, e.Address_) } //------------------------------------------- // EvidenceList is a list of Evidence. Evidences is not a word. type EvidenceList []Evidence // Hash returns the simple merkle root hash of the EvidenceList. func (evl EvidenceList) Hash() []byte { // These allocations are required because Evidence is not of type Bytes, and // golang slices can't be typed cast. This shouldn't be a performance problem since // the Evidence size is capped. evidenceBzs := make([][]byte, len(evl)) for i := 0; i < len(evl); i++ { evidenceBzs[i] = evl[i].Bytes() } return merkle.SimpleHashFromByteSlices(evidenceBzs) } func (evl EvidenceList) String() string { s := "" for _, e := range evl { s += fmt.Sprintf("%s\t\t", e) } return s } // Has returns true if the evidence is in the EvidenceList. func (evl EvidenceList) Has(evidence Evidence) bool { for _, ev := range evl { if ev.Equal(evidence) { return true } } return false }