mirror of
https://github.com/tendermint/tendermint.git
synced 2026-01-07 13:55:17 +00:00
Enforce validators can only use the correct pubkey type (#2739)
* Enforce validators can only use the correct pubkey type * adapt to variable renames * Address comments from #2636 * separate updating and validation logic * update spec * Add test case for TestStringSliceEqual, clarify slice copying code * Address @ebuchman's comments * Split up testing validator update execution, and its validation
This commit is contained in:
Dev Ojha
Ethan Buchman
@@ -107,12 +107,16 @@ func (blockExec *BlockExecutor) ApplyBlock(state State, blockID types.BlockID, b
|
||||
|
||||
fail.Fail() // XXX
|
||||
|
||||
// these are tendermint types now
|
||||
validatorUpdates, err := types.PB2TM.ValidatorUpdates(abciResponses.EndBlock.ValidatorUpdates)
|
||||
// validate the validator updates and convert to tendermint types
|
||||
abciValUpdates := abciResponses.EndBlock.ValidatorUpdates
|
||||
err = validateValidatorUpdates(abciValUpdates, state.ConsensusParams.Validator)
|
||||
if err != nil {
|
||||
return state, fmt.Errorf("Error in validator updates: %v", err)
|
||||
}
|
||||
validatorUpdates, err := types.PB2TM.ValidatorUpdates(abciValUpdates)
|
||||
if err != nil {
|
||||
return state, err
|
||||
}
|
||||
|
||||
if len(validatorUpdates) > 0 {
|
||||
blockExec.logger.Info("Updates to validators", "updates", makeValidatorUpdatesLogString(validatorUpdates))
|
||||
}
|
||||
@@ -318,17 +322,40 @@ func getBeginBlockValidatorInfo(block *types.Block, lastValSet *types.ValidatorS
|
||||
|
||||
}
|
||||
|
||||
func validateValidatorUpdates(abciUpdates []abci.ValidatorUpdate,
|
||||
params types.ValidatorParams) error {
|
||||
for _, valUpdate := range abciUpdates {
|
||||
if valUpdate.GetPower() < 0 {
|
||||
return fmt.Errorf("Voting power can't be negative %v", valUpdate)
|
||||
} else if valUpdate.GetPower() == 0 {
|
||||
// continue, since this is deleting the validator, and thus there is no
|
||||
// pubkey to check
|
||||
continue
|
||||
}
|
||||
|
||||
// Check if validator's pubkey matches an ABCI type in the consensus params
|
||||
thisKeyType := valUpdate.PubKey.Type
|
||||
if !params.IsValidPubkeyType(thisKeyType) {
|
||||
return fmt.Errorf("Validator %v is using pubkey %s, which is unsupported for consensus",
|
||||
valUpdate, thisKeyType)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// If more or equal than 1/3 of total voting power changed in one block, then
|
||||
// a light client could never prove the transition externally. See
|
||||
// ./lite/doc.go for details on how a light client tracks validators.
|
||||
func updateValidators(currentSet *types.ValidatorSet, updates []*types.Validator) error {
|
||||
for _, valUpdate := range updates {
|
||||
// should already have been checked
|
||||
if valUpdate.VotingPower < 0 {
|
||||
return fmt.Errorf("Voting power can't be negative %v", valUpdate)
|
||||
}
|
||||
|
||||
address := valUpdate.Address
|
||||
_, val := currentSet.GetByAddress(address)
|
||||
// valUpdate.VotingPower is ensured to be non-negative in validation method
|
||||
if valUpdate.VotingPower == 0 {
|
||||
// remove val
|
||||
_, removed := currentSet.Remove(address)
|
||||
@@ -367,7 +394,7 @@ func updateState(
|
||||
|
||||
// Update the validator set with the latest abciResponses.
|
||||
lastHeightValsChanged := state.LastHeightValidatorsChanged
|
||||
if len(abciResponses.EndBlock.ValidatorUpdates) > 0 {
|
||||
if len(validatorUpdates) > 0 {
|
||||
err := updateValidators(nValSet, validatorUpdates)
|
||||
if err != nil {
|
||||
return state, fmt.Errorf("Error changing validator set: %v", err)
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/tendermint/tendermint/abci/example/kvstore"
|
||||
abci "github.com/tendermint/tendermint/abci/types"
|
||||
"github.com/tendermint/tendermint/crypto/ed25519"
|
||||
"github.com/tendermint/tendermint/crypto/secp256k1"
|
||||
cmn "github.com/tendermint/tendermint/libs/common"
|
||||
dbm "github.com/tendermint/tendermint/libs/db"
|
||||
"github.com/tendermint/tendermint/libs/log"
|
||||
@@ -152,6 +153,76 @@ func TestBeginBlockByzantineValidators(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateValidatorUpdates(t *testing.T) {
|
||||
pubkey1 := ed25519.GenPrivKey().PubKey()
|
||||
pubkey2 := ed25519.GenPrivKey().PubKey()
|
||||
|
||||
secpKey := secp256k1.GenPrivKey().PubKey()
|
||||
|
||||
defaultValidatorParams := types.ValidatorParams{[]string{types.ABCIPubKeyTypeEd25519}}
|
||||
|
||||
testCases := []struct {
|
||||
name string
|
||||
|
||||
abciUpdates []abci.ValidatorUpdate
|
||||
validatorParams types.ValidatorParams
|
||||
|
||||
shouldErr bool
|
||||
}{
|
||||
{
|
||||
"adding a validator is OK",
|
||||
|
||||
[]abci.ValidatorUpdate{{PubKey: types.TM2PB.PubKey(pubkey2), Power: 20}},
|
||||
defaultValidatorParams,
|
||||
|
||||
false,
|
||||
},
|
||||
{
|
||||
"updating a validator is OK",
|
||||
|
||||
[]abci.ValidatorUpdate{{PubKey: types.TM2PB.PubKey(pubkey1), Power: 20}},
|
||||
defaultValidatorParams,
|
||||
|
||||
false,
|
||||
},
|
||||
{
|
||||
"removing a validator is OK",
|
||||
|
||||
[]abci.ValidatorUpdate{{PubKey: types.TM2PB.PubKey(pubkey2), Power: 0}},
|
||||
defaultValidatorParams,
|
||||
|
||||
false,
|
||||
},
|
||||
{
|
||||
"adding a validator with negative power results in error",
|
||||
|
||||
[]abci.ValidatorUpdate{{PubKey: types.TM2PB.PubKey(pubkey2), Power: -100}},
|
||||
defaultValidatorParams,
|
||||
|
||||
true,
|
||||
},
|
||||
{
|
||||
"adding a validator with pubkey thats not in validator params results in error",
|
||||
|
||||
[]abci.ValidatorUpdate{{PubKey: types.TM2PB.PubKey(secpKey), Power: -100}},
|
||||
defaultValidatorParams,
|
||||
|
||||
true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
err := validateValidatorUpdates(tc.abciUpdates, tc.validatorParams)
|
||||
if tc.shouldErr {
|
||||
assert.Error(t, err)
|
||||
} else {
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdateValidators(t *testing.T) {
|
||||
pubkey1 := ed25519.GenPrivKey().PubKey()
|
||||
val1 := types.NewValidator(pubkey1, 10)
|
||||
@@ -194,7 +265,6 @@ func TestUpdateValidators(t *testing.T) {
|
||||
types.NewValidatorSet([]*types.Validator{val1}),
|
||||
false,
|
||||
},
|
||||
|
||||
{
|
||||
"removing a non-existing validator results in error",
|
||||
|
||||
@@ -204,16 +274,6 @@ func TestUpdateValidators(t *testing.T) {
|
||||
types.NewValidatorSet([]*types.Validator{val1}),
|
||||
true,
|
||||
},
|
||||
|
||||
{
|
||||
"adding a validator with negative power results in error",
|
||||
|
||||
types.NewValidatorSet([]*types.Validator{val1}),
|
||||
[]abci.ValidatorUpdate{{PubKey: types.TM2PB.PubKey(pubkey2), Power: -100}},
|
||||
|
||||
types.NewValidatorSet([]*types.Validator{val1}),
|
||||
true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
@@ -224,6 +284,7 @@ func TestUpdateValidators(t *testing.T) {
|
||||
if tc.shouldErr {
|
||||
assert.Error(t, err)
|
||||
} else {
|
||||
assert.NoError(t, err)
|
||||
require.Equal(t, tc.resultingSet.Size(), tc.currentSet.Size())
|
||||
|
||||
assert.Equal(t, tc.resultingSet.TotalVotingPower(), tc.currentSet.TotalVotingPower())
|
||||
|
||||
Reference in New Issue
Block a user