mirrors/tendermint
1
0
Fork 0
mirror of https://github.com/tendermint/tendermint.git synced 2026-01-07 05:46:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
89f0bbbd76622bda14fc475bef0f83128119f014
tendermint/lite2/verifier.go
Anton Kaliaev fb8b00f1d8 lite2: light client with weak subjectivity (#3989) 
Refs #1771

ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md

## Commits:

* add Verifier and VerifyCommitTrusting

* add two more checks

make trustLevel an option

* float32 for trustLevel

* check newHeader time

* started writing lite Client

* unify Verify methods

* ensure h2.Header.bfttime < h1.Header.bfttime + tp

* move trust checks into Verify function

* add more comments

* more docs

* started writing tests

* unbonding period failures

* tests are green

* export ErrNewHeaderTooFarIntoFuture

* make golangci happy

* test for non-adjusted headers

* more precision

* providers and stores

* VerifyHeader and VerifyHeaderAtHeight funcs

* fix compile errors

* remove lastVerifiedHeight, persist new trusted header

* sequential verification

* remove TrustedStore option

* started writing tests for light client

* cover basic cases for linear verification

* bisection tests PASS

* rename BisectingVerification to SkippingVerification

* refactor the code

* add TrustedHeader method

* consolidate sequential verification tests

* consolidate skipping verification tests

* rename trustedVals to trustedNextVals

* start writing docs

* ValidateTrustLevel func and ErrOldHeaderExpired error

* AutoClient and example tests

* fix errors

* update doc

* remove ErrNewHeaderTooFarIntoFuture

This check is unnecessary given existing a) ErrOldHeaderExpired b)
h2.Time > now checks.

* return an error if we're at more recent height

* add comments

* add LastSignedHeaderHeight method to Store

I think it's fine if Store tracks last height

* copy over proxy from old lite package

* make TrustedHeader return latest if height=0

* modify LastSignedHeaderHeight to return an error if no headers exist

* copy over proxy impl

* refactor proxy and start http lite client

* Tx and BlockchainInfo methods

* Block method

* commit method

* code compiles again

* lite client compiles

* extract updateLiteClientIfNeededTo func

* move final parts

* add placeholder for tests

* force usage of lite http client in proxy

* comment out query tests for now

* explicitly mention tp: trusting period

* verify nextVals in VerifyHeader

* refactor bisection

* move the NextValidatorsHash check into updateTrustedHeaderAndVals

+ update the comment

* add ConsensusParams method to RPC client

* add ConsensusParams to rpc/mock/client

* change trustLevel type to a new cmn.Fraction type

+ update SkippingVerification comment

* stress out trustLevel is only used for non-adjusted headers

* fixes after Fede's review

Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com>

* compare newHeader with a header from an alternative provider

* save pivot header

Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824

* check header can still be trusted in TrustedHeader

Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424

* lite: update Validators and Block endpoints

- Block no longer contains BlockMeta
- Validators now accept two additional params: page and perPage

* make linter happy
2019-11-25 19:07:40 +04:00

117 lines
2.9 KiB
Go
Raw Blame History

package lite
import (
"bytes"
"time"
"github.com/pkg/errors"
cmn "github.com/tendermint/tendermint/libs/common"
"github.com/tendermint/tendermint/types"
)
var (
// DefaultTrustLevel - new header can be trusted if at least one correct old
// validator signed it.
DefaultTrustLevel = cmn.Fraction{Numerator: 1, Denominator: 3}
)
func Verify(
chainID string,
h1 *types.SignedHeader,
h1NextVals *types.ValidatorSet,
h2 *types.SignedHeader,
h2Vals *types.ValidatorSet,
trustingPeriod time.Duration,
now time.Time,
trustLevel cmn.Fraction) error {
if err := ValidateTrustLevel(trustLevel); err != nil {
return err
}
// Ensure last header can still be trusted.
expirationTime := h1.Time.Add(trustingPeriod)
if !expirationTime.After(now) {
return ErrOldHeaderExpired{expirationTime, now}
}
if err := verifyNewHeaderAndVals(chainID, h2, h2Vals, h1, now); err != nil {
return err
}
if h2.Height == h1.Height+1 {
if !bytes.Equal(h2.ValidatorsHash, h1NextVals.Hash()) {
return errors.Errorf("expected old header validators (%X) to match those from new header (%X)",
h1NextVals.Hash(),
h2.ValidatorsHash,
)
}
} else {
// Ensure that +`trustLevel` (default 1/3) or more of last trusted validators signed correctly.
err := h1NextVals.VerifyCommitTrusting(chainID, h2.Commit.BlockID, h2.Height, h2.Commit, trustLevel)
if err != nil {
return err
}
}
// Ensure that +2/3 of new validators signed correctly.
err := h2Vals.VerifyCommit(chainID, h2.Commit.BlockID, h2.Height, h2.Commit)
if err != nil {
return err
}
return nil
}
func verifyNewHeaderAndVals(
chainID string,
h2 *types.SignedHeader,
h2Vals *types.ValidatorSet,
h1 *types.SignedHeader,
now time.Time) error {
if err := h2.ValidateBasic(chainID); err != nil {
return errors.Wrap(err, "h2.ValidateBasic failed")
}
if h2.Height <= h1.Height {
return errors.Errorf("expected new header height %d to be greater than one of old header %d",
h2.Height,
h1.Height)
}
if !h2.Time.After(h1.Time) {
return errors.Errorf("expected new header time %v to be after old header time %v",
h2.Time,
h1.Time)
}
if !h2.Time.Before(now) {
return errors.Errorf("new header has a time from the future %v (now: %v)",
h2.Time,
now)
}
if !bytes.Equal(h2.ValidatorsHash, h2Vals.Hash()) {
return errors.Errorf("expected new header validators (%X) to match those that were supplied (%X)",
h2Vals.Hash(),
h2.NextValidatorsHash,
)
}
return nil
}
// ValidateTrustLevel checks that trustLevel is within the allowed range [1/3,
// 1]. If not, it returns an error. 1/3 is the minimum amount of trust needed
// which does not break the security model.
func ValidateTrustLevel(lvl cmn.Fraction) error {
if lvl.Numerator*3 < lvl.Denominator || // < 1/3
lvl.Numerator > lvl.Denominator || // > 1
lvl.Denominator == 0 {
return errors.Errorf("trustLevel must be within [1/3, 1], given %v", lvl)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink