package privval import ( "bytes" "errors" "fmt" "io/ioutil" "sync" "time" "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/ed25519" cmn "github.com/tendermint/tendermint/libs/common" "github.com/tendermint/tendermint/types" tmtime "github.com/tendermint/tendermint/types/time" ) // TODO: type ? const ( stepNone int8 = 0 // Used to distinguish the initial state stepPropose int8 = 1 stepPrevote int8 = 2 stepPrecommit int8 = 3 ) func voteToStep(vote *types.Vote) int8 { switch vote.Type { case types.PrevoteType: return stepPrevote case types.PrecommitType: return stepPrecommit default: cmn.PanicSanity("Unknown vote type") return 0 } } // FilePV implements PrivValidator using data persisted to disk // to prevent double signing. // NOTE: the directory containing the pv.filePath must already exist. // It includes the LastSignature and LastSignBytes so we don't lose the signature // if the process crashes after signing but before the resulting consensus message is processed. type FilePV struct { Address types.Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` LastHeight int64 `json:"last_height"` LastRound int `json:"last_round"` LastStep int8 `json:"last_step"` LastSignature []byte `json:"last_signature,omitempty"` LastSignBytes cmn.HexBytes `json:"last_signbytes,omitempty"` PrivKey crypto.PrivKey `json:"priv_key"` // For persistence. // Overloaded for testing. filePath string mtx sync.Mutex } // GetAddress returns the address of the validator. // Implements PrivValidator. func (pv *FilePV) GetAddress() types.Address { return pv.Address } // GetPubKey returns the public key of the validator. // Implements PrivValidator. func (pv *FilePV) GetPubKey() crypto.PubKey { return pv.PubKey } // GenFilePV generates a new validator with randomly generated private key // and sets the filePath, but does not call Save(). func GenFilePV(filePath string) *FilePV { privKey := ed25519.GenPrivKey() return &FilePV{ Address: privKey.PubKey().Address(), PubKey: privKey.PubKey(), PrivKey: privKey, LastStep: stepNone, filePath: filePath, } } // LoadFilePV loads a FilePV from the filePath. The FilePV handles double // signing prevention by persisting data to the filePath. If the filePath does // not exist, the FilePV must be created manually and saved. func LoadFilePV(filePath string) *FilePV { pvJSONBytes, err := ioutil.ReadFile(filePath) if err != nil { cmn.Exit(err.Error()) } pv := &FilePV{} err = cdc.UnmarshalJSON(pvJSONBytes, &pv) if err != nil { cmn.Exit(fmt.Sprintf("Error reading PrivValidator from %v: %v\n", filePath, err)) } // overwrite pubkey and address for convenience pv.PubKey = pv.PrivKey.PubKey() pv.Address = pv.PubKey.Address() pv.filePath = filePath return pv } // LoadOrGenFilePV loads a FilePV from the given filePath // or else generates a new one and saves it to the filePath. func LoadOrGenFilePV(filePath string) *FilePV { var pv *FilePV if cmn.FileExists(filePath) { pv = LoadFilePV(filePath) } else { pv = GenFilePV(filePath) pv.Save() } return pv } // Save persists the FilePV to disk. func (pv *FilePV) Save() { pv.mtx.Lock() defer pv.mtx.Unlock() pv.save() } func (pv *FilePV) save() { outFile := pv.filePath if outFile == "" { panic("Cannot save PrivValidator: filePath not set") } jsonBytes, err := cdc.MarshalJSONIndent(pv, "", " ") if err != nil { panic(err) } err = cmn.WriteFileAtomic(outFile, jsonBytes, 0600) if err != nil { panic(err) } } // Reset resets all fields in the FilePV. // NOTE: Unsafe! func (pv *FilePV) Reset() { var sig []byte pv.LastHeight = 0 pv.LastRound = 0 pv.LastStep = 0 pv.LastSignature = sig pv.LastSignBytes = nil pv.Save() } // SignVote signs a canonical representation of the vote, along with the // chainID. Implements PrivValidator. func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error { pv.mtx.Lock() defer pv.mtx.Unlock() if err := pv.signVote(chainID, vote); err != nil { return fmt.Errorf("Error signing vote: %v", err) } return nil } // SignProposal signs a canonical representation of the proposal, along with // the chainID. Implements PrivValidator. func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error { pv.mtx.Lock() defer pv.mtx.Unlock() if err := pv.signProposal(chainID, proposal); err != nil { return fmt.Errorf("Error signing proposal: %v", err) } return nil } // returns error if HRS regression or no LastSignBytes. returns true if HRS is unchanged func (pv *FilePV) checkHRS(height int64, round int, step int8) (bool, error) { if pv.LastHeight > height { return false, errors.New("Height regression") } if pv.LastHeight == height { if pv.LastRound > round { return false, errors.New("Round regression") } if pv.LastRound == round { if pv.LastStep > step { return false, errors.New("Step regression") } else if pv.LastStep == step { if pv.LastSignBytes != nil { if pv.LastSignature == nil { panic("pv: LastSignature is nil but LastSignBytes is not!") } return true, nil } return false, errors.New("No LastSignature found") } } } return false, nil } // signVote checks if the vote is good to sign and sets the vote signature. // It may need to set the timestamp as well if the vote is otherwise the same as // a previously signed vote (ie. we crashed after signing but before the vote hit the WAL). func (pv *FilePV) signVote(chainID string, vote *types.Vote) error { height, round, step := vote.Height, vote.Round, voteToStep(vote) signBytes := vote.SignBytes(chainID) sameHRS, err := pv.checkHRS(height, round, step) if err != nil { return err } // We might crash before writing to the wal, // causing us to try to re-sign for the same HRS. // If signbytes are the same, use the last signature. // If they only differ by timestamp, use last timestamp and signature // Otherwise, return error if sameHRS { if bytes.Equal(signBytes, pv.LastSignBytes) { vote.Signature = pv.LastSignature } else if timestamp, ok := checkVotesOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok { vote.Timestamp = timestamp vote.Signature = pv.LastSignature } else { err = fmt.Errorf("Conflicting data") } return err } // It passed the checks. Sign the vote sig, err := pv.PrivKey.Sign(signBytes) if err != nil { return err } pv.saveSigned(height, round, step, signBytes, sig) vote.Signature = sig return nil } // signProposal checks if the proposal is good to sign and sets the proposal signature. // It may need to set the timestamp as well if the proposal is otherwise the same as // a previously signed proposal ie. we crashed after signing but before the proposal hit the WAL). func (pv *FilePV) signProposal(chainID string, proposal *types.Proposal) error { height, round, step := proposal.Height, proposal.Round, stepPropose signBytes := proposal.SignBytes(chainID) sameHRS, err := pv.checkHRS(height, round, step) if err != nil { return err } // We might crash before writing to the wal, // causing us to try to re-sign for the same HRS. // If signbytes are the same, use the last signature. // If they only differ by timestamp, use last timestamp and signature // Otherwise, return error if sameHRS { if bytes.Equal(signBytes, pv.LastSignBytes) { proposal.Signature = pv.LastSignature } else if timestamp, ok := checkProposalsOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok { proposal.Timestamp = timestamp proposal.Signature = pv.LastSignature } else { err = fmt.Errorf("Conflicting data") } return err } // It passed the checks. Sign the proposal sig, err := pv.PrivKey.Sign(signBytes) if err != nil { return err } pv.saveSigned(height, round, step, signBytes, sig) proposal.Signature = sig return nil } // Persist height/round/step and signature func (pv *FilePV) saveSigned(height int64, round int, step int8, signBytes []byte, sig []byte) { pv.LastHeight = height pv.LastRound = round pv.LastStep = step pv.LastSignature = sig pv.LastSignBytes = signBytes pv.save() } // SignHeartbeat signs a canonical representation of the heartbeat, along with the chainID. // Implements PrivValidator. func (pv *FilePV) SignHeartbeat(chainID string, heartbeat *types.Heartbeat) error { pv.mtx.Lock() defer pv.mtx.Unlock() sig, err := pv.PrivKey.Sign(heartbeat.SignBytes(chainID)) if err != nil { return err } heartbeat.Signature = sig return nil } // String returns a string representation of the FilePV. func (pv *FilePV) String() string { return fmt.Sprintf("PrivValidator{%v LH:%v, LR:%v, LS:%v}", pv.GetAddress(), pv.LastHeight, pv.LastRound, pv.LastStep) } //------------------------------------- // returns the timestamp from the lastSignBytes. // returns true if the only difference in the votes is their timestamp. func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) { var lastVote, newVote types.CanonicalVote if err := cdc.UnmarshalBinaryLengthPrefixed(lastSignBytes, &lastVote); err != nil { panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into vote: %v", err)) } if err := cdc.UnmarshalBinaryLengthPrefixed(newSignBytes, &newVote); err != nil { panic(fmt.Sprintf("signBytes cannot be unmarshalled into vote: %v", err)) } lastTime := lastVote.Timestamp // set the times to the same value and check equality now := tmtime.Now() lastVote.Timestamp = now newVote.Timestamp = now lastVoteBytes, _ := cdc.MarshalJSON(lastVote) newVoteBytes, _ := cdc.MarshalJSON(newVote) return lastTime, bytes.Equal(newVoteBytes, lastVoteBytes) } // returns the timestamp from the lastSignBytes. // returns true if the only difference in the proposals is their timestamp func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) { var lastProposal, newProposal types.CanonicalProposal if err := cdc.UnmarshalBinaryLengthPrefixed(lastSignBytes, &lastProposal); err != nil { panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into proposal: %v", err)) } if err := cdc.UnmarshalBinaryLengthPrefixed(newSignBytes, &newProposal); err != nil { panic(fmt.Sprintf("signBytes cannot be unmarshalled into proposal: %v", err)) } lastTime := lastProposal.Timestamp // set the times to the same value and check equality now := tmtime.Now() lastProposal.Timestamp = now newProposal.Timestamp = now lastProposalBytes, _ := cdc.MarshalBinaryLengthPrefixed(lastProposal) newProposalBytes, _ := cdc.MarshalBinaryLengthPrefixed(newProposal) return lastTime, bytes.Equal(newProposalBytes, lastProposalBytes) }