mirror of
https://github.com/tendermint/tendermint.git
synced 2026-02-11 22:31:09 +00:00
06b1812094
* Add protos for ExtendedCommit Cherry-pick from e73f0178b72a16ee81f8e856aadf651f2c62ec6e just the changes to the .proto files, since we have deleted the .intermediate files. Signed-off-by: Thane Thomson <connect@thanethomson.com> * make proto-gen Signed-off-by: Thane Thomson <connect@thanethomson.com> * BlockStore holds extended commit Cherry-pick 8d504d4b50ec6afbdffe2df7ababbef30e15053d and fix conflicts. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Reshuffle ExtendedCommit and ExtendedCommitSig Separate the data structures and functions from their Commit-oriented counterparts to adhere to the current coding style. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix exit condition in blocksync * Add note to remove TxResult proto As Sergio pointed out in 3e31aa6f583cdc71e208ed03a82f1d804ec0de49, this proto message can probably be removed. We should do this in a separate PR. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Lift termination condition into for loop Signed-off-by: Thane Thomson <connect@thanethomson.com> * Enforce vote extension signature requirement Signed-off-by: Thane Thomson <connect@thanethomson.com> * Expand on comment for PeekTwoBlocks for posterity Signed-off-by: Thane Thomson <connect@thanethomson.com> * Isolate TODO more clearly Signed-off-by: Thane Thomson <connect@thanethomson.com> * make mockery Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix comment Signed-off-by: Thane Thomson <connect@thanethomson.com> * Make panic output from BlockStore.SaveBlock more readable Signed-off-by: Thane Thomson <connect@thanethomson.com> * Add helper methods to ExtendedCommitSig and ExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix most tests except TestHandshake* Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix store prefix collision Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix TestBlockFetchAtHeight Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove global state from store tests Signed-off-by: Thane Thomson <connect@thanethomson.com> * Apply suggestions from code review Co-authored-by: M. J. Fromberger <fromberger@interchain.io> Co-authored-by: Sergio Mena <sergio@informal.systems> * blocksync: Just return error Signed-off-by: Thane Thomson <connect@thanethomson.com> * make format Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove unused/commented-out code Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Change pool AddBlock function signature to return errors Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Improve legibility of switch statements Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Expand on extended commit requirement in AddBlock description Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Return error without also logging it Signed-off-by: Thane Thomson <connect@thanethomson.com> * consensus: Rename short-lived local variable Signed-off-by: Thane Thomson <connect@thanethomson.com> * consensus: Allocate TODO to Sergio Signed-off-by: Thane Thomson <connect@thanethomson.com> * evidence/pool_test: Inline slice construction Signed-off-by: Thane Thomson <connect@thanethomson.com> * state: Rename LoadBlockExtCommit to LoadBlockExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * proto: Remove TODO on TxResult Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Minor format Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Reformat ExtendedCommitSig.BlockID Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove NewExtendedCommit constructor Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove NewCommit constructor Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Shorten receiver names for ExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Convert ExtendedCommit.Copy to a deep clone Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Assign TODO to Sergio Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Fix legibility nits Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Improve legibility Signed-off-by: Thane Thomson <connect@thanethomson.com> * store/state: Add TODO to move prefixes to common package Signed-off-by: Thane Thomson <connect@thanethomson.com> * Propagate validator info to PrepareProposal In order to propagate validator voting power through to PrepareProposal, we need to load the validator set info from the height corresponding to the extended commit that we're passing through to PrepareProposal as the "LocalLastCommit". Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rename local var for clarity Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix TestMaxProposalBlockSize Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rename local var for clarity Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove debug log Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove CommigSig.ForBlock helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove CommigSig.Absent helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove ExtendedCommitSig.ForBlock helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove ExtendedCommitSig.Absent helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * There are no extended commits below the initial height Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix comment grammar Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove JSON encoding from ExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Embed CommitSig into ExtendedCommitSig instead of duplicating fields Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rename ExtendedCommit vote_extension field to extension for consistency with domain types Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Panic if we peek a block without an extended commit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Apply suggestions from code review Co-authored-by: M. J. Fromberger <fromberger@interchain.io> * Remove Sergio from TODO Signed-off-by: Thane Thomson <connect@thanethomson.com> * Increase hard-coded vote extension max size to 1MB Signed-off-by: Thane Thomson <connect@thanethomson.com> * state: Remove unnecessary comment Signed-off-by: Thane Thomson <connect@thanethomson.com> * state: Ensure no of commit sigs equals validator set length Signed-off-by: Thane Thomson <connect@thanethomson.com> * make format Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Minor legibility improvements Signed-off-by: Thane Thomson <connect@thanethomson.com> * Improve legibility Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove unused GetVotes function on VoteSet Signed-off-by: Thane Thomson <connect@thanethomson.com> * Refactor TestMaxProposalBlockSize to construct more realistic extended commit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Refactor buildExtendedCommitInfo to resemble buildLastCommitInfo Signed-off-by: Thane Thomson <connect@thanethomson.com> * Apply suggestions from code review Co-authored-by: M. J. Fromberger <fromberger@interchain.io> * abci++: Disable VerifyVoteExtension call on nil precommits (#8491) Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Require vote extensions on non-nil precommits and not otherwise Signed-off-by: Thane Thomson <connect@thanethomson.com> * Disable lint Signed-off-by: Thane Thomson <connect@thanethomson.com> * Increase timeout for TestReactorVotingPowerChange to counter flakiness Signed-off-by: Thane Thomson <connect@thanethomson.com> * Only sign and verify vote extensions in non-nil precommits Signed-off-by: Thane Thomson <connect@thanethomson.com> * Revert "Disable lint" This reverts commit6fffbf9402. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Add missing non-nil check uncovered non-deterministically in TestHandshakeReplayAll Signed-off-by: Thane Thomson <connect@thanethomson.com> * Expand error message for accuracy Signed-off-by: Thane Thomson <connect@thanethomson.com> * Only call ExtendVote when we make non-nil precommits Signed-off-by: Thane Thomson <connect@thanethomson.com> * Revert "Increase timeout for TestReactorVotingPowerChange to counter flakiness" This reverts commitaf514939db. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Refactor ValidateBasic for ExtendedCommitSig for legibility Signed-off-by: Thane Thomson <connect@thanethomson.com> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: M. J. Fromberger <fromberger@interchain.io>
369 lines
11 KiB
Go
369 lines
11 KiB
Go
package types
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/tendermint/tendermint/crypto"
|
|
"github.com/tendermint/tendermint/internal/libs/protoio"
|
|
tmbytes "github.com/tendermint/tendermint/libs/bytes"
|
|
tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
|
|
)
|
|
|
|
const (
|
|
nilVoteStr string = "nil-Vote"
|
|
|
|
// The maximum supported number of bytes in a vote extension.
|
|
MaxVoteExtensionSize int = 1024 * 1024
|
|
)
|
|
|
|
var (
|
|
ErrVoteUnexpectedStep = errors.New("unexpected step")
|
|
ErrVoteInvalidValidatorIndex = errors.New("invalid validator index")
|
|
ErrVoteInvalidValidatorAddress = errors.New("invalid validator address")
|
|
ErrVoteInvalidSignature = errors.New("invalid signature")
|
|
ErrVoteInvalidBlockHash = errors.New("invalid block hash")
|
|
ErrVoteNonDeterministicSignature = errors.New("non-deterministic signature")
|
|
ErrVoteNil = errors.New("nil vote")
|
|
ErrVoteInvalidExtension = errors.New("invalid vote extension")
|
|
)
|
|
|
|
type ErrVoteConflictingVotes struct {
|
|
VoteA *Vote
|
|
VoteB *Vote
|
|
}
|
|
|
|
func (err *ErrVoteConflictingVotes) Error() string {
|
|
return fmt.Sprintf("conflicting votes from validator %X", err.VoteA.ValidatorAddress)
|
|
}
|
|
|
|
func NewConflictingVoteError(vote1, vote2 *Vote) *ErrVoteConflictingVotes {
|
|
return &ErrVoteConflictingVotes{
|
|
VoteA: vote1,
|
|
VoteB: vote2,
|
|
}
|
|
}
|
|
|
|
// Address is hex bytes.
|
|
type Address = crypto.Address
|
|
|
|
// Vote represents a prevote, precommit, or commit vote from validators for
|
|
// consensus.
|
|
type Vote struct {
|
|
Type tmproto.SignedMsgType `json:"type"`
|
|
Height int64 `json:"height,string"`
|
|
Round int32 `json:"round"` // assume there will not be greater than 2_147_483_647 rounds
|
|
BlockID BlockID `json:"block_id"` // zero if vote is nil.
|
|
Timestamp time.Time `json:"timestamp"`
|
|
ValidatorAddress Address `json:"validator_address"`
|
|
ValidatorIndex int32 `json:"validator_index"`
|
|
Signature []byte `json:"signature"`
|
|
Extension []byte `json:"extension"`
|
|
ExtensionSignature []byte `json:"extension_signature"`
|
|
}
|
|
|
|
// VoteFromProto attempts to convert the given serialization (Protobuf) type to
|
|
// our Vote domain type. No validation is performed on the resulting vote -
|
|
// this is left up to the caller to decide whether to call ValidateBasic or
|
|
// ValidateWithExtension.
|
|
func VoteFromProto(pv *tmproto.Vote) (*Vote, error) {
|
|
blockID, err := BlockIDFromProto(&pv.BlockID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &Vote{
|
|
Type: pv.Type,
|
|
Height: pv.Height,
|
|
Round: pv.Round,
|
|
BlockID: *blockID,
|
|
Timestamp: pv.Timestamp,
|
|
ValidatorAddress: pv.ValidatorAddress,
|
|
ValidatorIndex: pv.ValidatorIndex,
|
|
Signature: pv.Signature,
|
|
Extension: pv.Extension,
|
|
ExtensionSignature: pv.ExtensionSignature,
|
|
}, nil
|
|
}
|
|
|
|
// CommitSig converts the Vote to a CommitSig.
|
|
func (vote *Vote) CommitSig() CommitSig {
|
|
if vote == nil {
|
|
return NewCommitSigAbsent()
|
|
}
|
|
|
|
var blockIDFlag BlockIDFlag
|
|
switch {
|
|
case vote.BlockID.IsComplete():
|
|
blockIDFlag = BlockIDFlagCommit
|
|
case vote.BlockID.IsNil():
|
|
blockIDFlag = BlockIDFlagNil
|
|
default:
|
|
panic(fmt.Sprintf("Invalid vote %v - expected BlockID to be either empty or complete", vote))
|
|
}
|
|
|
|
return CommitSig{
|
|
BlockIDFlag: blockIDFlag,
|
|
ValidatorAddress: vote.ValidatorAddress,
|
|
Timestamp: vote.Timestamp,
|
|
Signature: vote.Signature,
|
|
}
|
|
}
|
|
|
|
// ExtendedCommitSig attempts to construct an ExtendedCommitSig from this vote.
|
|
// Panics if either the vote extension signature is missing or if the block ID
|
|
// is not either empty or complete.
|
|
func (vote *Vote) ExtendedCommitSig() ExtendedCommitSig {
|
|
if vote == nil {
|
|
return NewExtendedCommitSigAbsent()
|
|
}
|
|
|
|
cs := vote.CommitSig()
|
|
if vote.BlockID.IsComplete() && len(vote.ExtensionSignature) == 0 {
|
|
panic(fmt.Sprintf("Invalid vote %v - BlockID is complete but missing vote extension signature", vote))
|
|
}
|
|
|
|
return ExtendedCommitSig{
|
|
CommitSig: cs,
|
|
Extension: vote.Extension,
|
|
ExtensionSignature: vote.ExtensionSignature,
|
|
}
|
|
}
|
|
|
|
// VoteSignBytes returns the proto-encoding of the canonicalized Vote, for
|
|
// signing. Panics if the marshaling fails.
|
|
//
|
|
// The encoded Protobuf message is varint length-prefixed (using MarshalDelimited)
|
|
// for backwards-compatibility with the Amino encoding, due to e.g. hardware
|
|
// devices that rely on this encoding.
|
|
//
|
|
// See CanonicalizeVote
|
|
func VoteSignBytes(chainID string, vote *tmproto.Vote) []byte {
|
|
pb := CanonicalizeVote(chainID, vote)
|
|
bz, err := protoio.MarshalDelimited(&pb)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
// VoteExtensionSignBytes returns the proto-encoding of the canonicalized vote
|
|
// extension for signing. Panics if the marshaling fails.
|
|
//
|
|
// Similar to VoteSignBytes, the encoded Protobuf message is varint
|
|
// length-prefixed for backwards-compatibility with the Amino encoding.
|
|
func VoteExtensionSignBytes(chainID string, vote *tmproto.Vote) []byte {
|
|
pb := CanonicalizeVoteExtension(chainID, vote)
|
|
bz, err := protoio.MarshalDelimited(&pb)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
func (vote *Vote) Copy() *Vote {
|
|
voteCopy := *vote
|
|
return &voteCopy
|
|
}
|
|
|
|
// String returns a string representation of Vote.
|
|
//
|
|
// 1. validator index
|
|
// 2. first 6 bytes of validator address
|
|
// 3. height
|
|
// 4. round,
|
|
// 5. type byte
|
|
// 6. type string
|
|
// 7. first 6 bytes of block hash
|
|
// 8. first 6 bytes of signature
|
|
// 9. first 6 bytes of vote extension
|
|
// 10. timestamp
|
|
func (vote *Vote) String() string {
|
|
if vote == nil {
|
|
return nilVoteStr
|
|
}
|
|
|
|
var typeString string
|
|
switch vote.Type {
|
|
case tmproto.PrevoteType:
|
|
typeString = "Prevote"
|
|
case tmproto.PrecommitType:
|
|
typeString = "Precommit"
|
|
default:
|
|
panic("Unknown vote type")
|
|
}
|
|
|
|
return fmt.Sprintf("Vote{%v:%X %v/%02d/%v(%v) %X %X %X @ %s}",
|
|
vote.ValidatorIndex,
|
|
tmbytes.Fingerprint(vote.ValidatorAddress),
|
|
vote.Height,
|
|
vote.Round,
|
|
vote.Type,
|
|
typeString,
|
|
tmbytes.Fingerprint(vote.BlockID.Hash),
|
|
tmbytes.Fingerprint(vote.Signature),
|
|
tmbytes.Fingerprint(vote.Extension),
|
|
CanonicalTime(vote.Timestamp),
|
|
)
|
|
}
|
|
|
|
func (vote *Vote) verifyAndReturnProto(chainID string, pubKey crypto.PubKey) (*tmproto.Vote, error) {
|
|
if !bytes.Equal(pubKey.Address(), vote.ValidatorAddress) {
|
|
return nil, ErrVoteInvalidValidatorAddress
|
|
}
|
|
v := vote.ToProto()
|
|
if !pubKey.VerifySignature(VoteSignBytes(chainID, v), vote.Signature) {
|
|
return nil, ErrVoteInvalidSignature
|
|
}
|
|
return v, nil
|
|
}
|
|
|
|
// Verify checks whether the signature associated with this vote corresponds to
|
|
// the given chain ID and public key. This function does not validate vote
|
|
// extension signatures - to do so, use VerifyWithExtension instead.
|
|
func (vote *Vote) Verify(chainID string, pubKey crypto.PubKey) error {
|
|
_, err := vote.verifyAndReturnProto(chainID, pubKey)
|
|
return err
|
|
}
|
|
|
|
// VerifyWithExtension performs the same verification as Verify, but
|
|
// additionally checks whether the vote extension signature corresponds to the
|
|
// given chain ID and public key. We only verify vote extension signatures for
|
|
// precommits.
|
|
func (vote *Vote) VerifyWithExtension(chainID string, pubKey crypto.PubKey) error {
|
|
v, err := vote.verifyAndReturnProto(chainID, pubKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// We only verify vote extension signatures for non-nil precommits.
|
|
if vote.Type == tmproto.PrecommitType && !ProtoBlockIDIsNil(&v.BlockID) {
|
|
extSignBytes := VoteExtensionSignBytes(chainID, v)
|
|
if !pubKey.VerifySignature(extSignBytes, vote.ExtensionSignature) {
|
|
return ErrVoteInvalidSignature
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ValidateBasic checks whether the vote is well-formed. It does not, however,
|
|
// check vote extensions - for vote validation with vote extension validation,
|
|
// use ValidateWithExtension.
|
|
func (vote *Vote) ValidateBasic() error {
|
|
if !IsVoteTypeValid(vote.Type) {
|
|
return errors.New("invalid Type")
|
|
}
|
|
|
|
if vote.Height < 0 {
|
|
return errors.New("negative Height")
|
|
}
|
|
|
|
if vote.Round < 0 {
|
|
return errors.New("negative Round")
|
|
}
|
|
|
|
// NOTE: Timestamp validation is subtle and handled elsewhere.
|
|
|
|
if err := vote.BlockID.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("wrong BlockID: %w", err)
|
|
}
|
|
|
|
// BlockID.ValidateBasic would not err if we for instance have an empty hash but a
|
|
// non-empty PartsSetHeader:
|
|
if !vote.BlockID.IsNil() && !vote.BlockID.IsComplete() {
|
|
return fmt.Errorf("blockID must be either empty or complete, got: %v", vote.BlockID)
|
|
}
|
|
|
|
if len(vote.ValidatorAddress) != crypto.AddressSize {
|
|
return fmt.Errorf("expected ValidatorAddress size to be %d bytes, got %d bytes",
|
|
crypto.AddressSize,
|
|
len(vote.ValidatorAddress),
|
|
)
|
|
}
|
|
if vote.ValidatorIndex < 0 {
|
|
return errors.New("negative ValidatorIndex")
|
|
}
|
|
if len(vote.Signature) == 0 {
|
|
return errors.New("signature is missing")
|
|
}
|
|
|
|
if len(vote.Signature) > MaxSignatureSize {
|
|
return fmt.Errorf("signature is too big (max: %d)", MaxSignatureSize)
|
|
}
|
|
|
|
// We should only ever see vote extensions in non-nil precommits, otherwise
|
|
// this is a violation of the specification.
|
|
// https://github.com/tendermint/tendermint/issues/8487
|
|
if vote.Type != tmproto.PrecommitType || (vote.Type == tmproto.PrecommitType && vote.BlockID.IsNil()) {
|
|
if len(vote.Extension) > 0 {
|
|
return errors.New("unexpected vote extension")
|
|
}
|
|
if len(vote.ExtensionSignature) > 0 {
|
|
return errors.New("unexpected vote extension signature")
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateWithExtension performs the same validations as ValidateBasic, but
|
|
// additionally checks whether a vote extension signature is present. This
|
|
// function is used in places where vote extension signatures are expected.
|
|
func (vote *Vote) ValidateWithExtension() error {
|
|
if err := vote.ValidateBasic(); err != nil {
|
|
return err
|
|
}
|
|
|
|
// We should always see vote extension signatures in non-nil precommits
|
|
if vote.Type == tmproto.PrecommitType && !vote.BlockID.IsNil() {
|
|
if len(vote.ExtensionSignature) == 0 {
|
|
return errors.New("vote extension signature is missing")
|
|
}
|
|
if len(vote.ExtensionSignature) > MaxSignatureSize {
|
|
return fmt.Errorf("vote extension signature is too big (max: %d)", MaxSignatureSize)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ToProto converts the handwritten type to proto generated type
|
|
// return type, nil if everything converts safely, otherwise nil, error
|
|
func (vote *Vote) ToProto() *tmproto.Vote {
|
|
if vote == nil {
|
|
return nil
|
|
}
|
|
|
|
return &tmproto.Vote{
|
|
Type: vote.Type,
|
|
Height: vote.Height,
|
|
Round: vote.Round,
|
|
BlockID: vote.BlockID.ToProto(),
|
|
Timestamp: vote.Timestamp,
|
|
ValidatorAddress: vote.ValidatorAddress,
|
|
ValidatorIndex: vote.ValidatorIndex,
|
|
Signature: vote.Signature,
|
|
Extension: vote.Extension,
|
|
ExtensionSignature: vote.ExtensionSignature,
|
|
}
|
|
}
|
|
|
|
func VotesToProto(votes []*Vote) []*tmproto.Vote {
|
|
if votes == nil {
|
|
return nil
|
|
}
|
|
|
|
res := make([]*tmproto.Vote, 0, len(votes))
|
|
for _, vote := range votes {
|
|
v := vote.ToProto()
|
|
// protobuf crashes when serializing "repeated" fields with nil elements
|
|
if v != nil {
|
|
res = append(res, v)
|
|
}
|
|
}
|
|
return res
|
|
}
|