Skip to content
This repository has been archived by the owner on Jul 27, 2022. It is now read-only.

Commit

Permalink
Merge #1668
Browse files Browse the repository at this point in the history
1668: Problem (WIP #1616): keypackage not verified in nodejointx / council node data r=tomtau a=yihuang

Solution:
- record most recent isv_svn, warn when a new version appears
- add mock data and fix unit/integration tests temporarily.

TBD: generate real keypackage when construct node-join tx, or prepare genesis.

Co-authored-by: yihuang <[email protected]>
  • Loading branch information
bors[bot] and yihuang authored May 27, 2020
2 parents 9bc16d1 + 44d7a67 commit 725c7c3
Show file tree
Hide file tree
Showing 37 changed files with 337 additions and 338 deletions.
10 changes: 8 additions & 2 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion chain-abci/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ structopt = "0.3"
secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism"] }
parity-scale-codec = { features = ["derive"], version = "1.3" }
thiserror = "1.0"
rustls = { version = "0.17", features = ["dangerous_configuration"] }

[target.'cfg(target_os = "linux")'.dependencies]
enclave-u-common = { path = "../chain-tx-enclave/enclave-u-common" }
Expand Down
38 changes: 18 additions & 20 deletions chain-abci/src/app/app_init.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ use chain_storage::buffer::{
};
use chain_storage::jellyfish::{compute_staking_root, sum_staking_coins, StakingGetter, Version};
use chain_storage::{Storage, StoredChainState};
use ra_client::EnclaveCertVerifier;

/// ABCI app state snapshot
#[derive(Serialize, Deserialize, Clone, Encode, Decode)]
Expand All @@ -55,6 +54,9 @@ pub struct ChainNodeState {
pub staking_version: Version,
/// Record the sum of all the coins in UTxO set
pub utxo_coins: Coin,
/// Record the biggest enclave ISVSVN (Security Version Number of the Enclave) we've seen in
/// keypackage so far
pub enclave_isv_svn: u16,

/// The parts of states which involved in computing app_hash
pub top_level: ChainState,
Expand Down Expand Up @@ -98,6 +100,7 @@ impl ChainNodeState {
max_evidence_age,
staking_version: 0,
utxo_coins: Coin::zero(),
enclave_isv_svn: 0,
top_level: ChainState {
account_root,
rewards_pool,
Expand Down Expand Up @@ -137,8 +140,6 @@ pub struct ChainNodeApp<T: EnclaveProxy> {
pub rewards_pool_updated: bool,
/// address of tx query enclave to supply to clients (if any)
pub tx_query_address: Option<String>,
/// Enclave certificate verifier
pub enclave_cert_verifier: EnclaveCertVerifier,

/// consensus buffer of staking merkle trie storage
pub staking_buffer: StakingBuffer,
Expand Down Expand Up @@ -225,14 +226,14 @@ fn get_voting_power(
}

pub fn init_app_hash(conf: &InitConfig, genesis_time: Timespec) -> H256 {
let (accounts, rp, _nodes) = conf
let state = conf
.validate_config_get_genesis(genesis_time)
.expect("distribution validation error");

compute_app_hash(
&MerkleTree::empty(),
&compute_staking_root(&accounts),
&rp,
&compute_staking_root(&state.accounts),
&state.rewards_pool,
&NetworkParameters::Genesis(conf.network_params.clone()),
)
}
Expand All @@ -245,7 +246,6 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
chain_id: &str,
storage: Storage,
tx_query_address: Option<String>,
enclave_cert_verifier: EnclaveCertVerifier,
) -> Self {
let stored_genesis = storage.get_genesis_app_hash();

Expand Down Expand Up @@ -276,7 +276,6 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
tx_validator,
rewards_pool_updated: false,
tx_query_address,
enclave_cert_verifier,

staking_buffer: HashMap::new(),
mempool_staking_buffer: HashMap::new(),
Expand Down Expand Up @@ -315,9 +314,6 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
let _ = start_zmq(_conn_str, chain_hex_id, storage.get_read_only());
}

let enclave_cert_verifier = EnclaveCertVerifier::new(Default::default())
.expect("enclave cert verifier init failed");

if let Some(data) = storage.get_last_app_state() {
info!("last app state stored");
let mut last_state =
Expand Down Expand Up @@ -365,7 +361,6 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
chain_id,
storage,
tx_query_address,
enclave_cert_verifier,
)
} else {
info!("no last app state stored");
Expand All @@ -390,7 +385,6 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
tx_validator,
rewards_pool_updated: false,
tx_query_address,
enclave_cert_verifier,

staking_buffer: HashMap::new(),
mempool_staking_buffer: HashMap::new(),
Expand Down Expand Up @@ -426,7 +420,7 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
.get_seconds()
.try_into()
.expect("invalid genesis time");
let (accounts, rp, nodes) = conf
let state = conf
.validate_config_get_genesis(genesis_time)
.expect("distribution validation error");

Expand All @@ -440,11 +434,11 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
}

let network_params = NetworkParameters::Genesis(conf.network_params);
let new_account_root = self.storage.put_stakings(0, &accounts);
let new_account_root = self.storage.put_stakings(0, &state.accounts);
let genesis_app_hash = compute_app_hash(
&MerkleTree::empty(),
&new_account_root,
&rp,
&state.rewards_pool,
&network_params,
);

Expand All @@ -454,19 +448,23 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {

check_and_store_consensus_params(
req.consensus_params.as_ref(),
&nodes,
&state.validators,
&network_params,
&mut self.storage,
);

check_validators(
&nodes,
&state.validators,
req.validators.clone().into_vec(),
&conf.distribution,
)
.expect("validators in genesis configuration are not consistent with app_state");

let val_addresses = nodes.iter().map(|(addr, _)| *addr).collect::<Vec<_>>();
let val_addresses = state
.validators
.iter()
.map(|(addr, _)| *addr)
.collect::<Vec<_>>();
let staking_table = StakingTable::from_genesis(
&staking_getter!(self, 0),
network_params.get_required_council_node_stake(),
Expand All @@ -479,7 +477,7 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
genesis_time,
max_evidence_age,
new_account_root,
rp,
state.rewards_pool,
network_params,
staking_table,
);
Expand Down
8 changes: 5 additions & 3 deletions chain-abci/src/app/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -404,9 +404,11 @@ fn generate_tx_staking_change_event(tx_action: TxAction) -> Option<abci::Event>
fee,
..
} => Some(StakingEvent::Unbond(&unbond.0, unbond.1, unbonded_from, fee).into()),
TxPublicAction::NodeJoin(staking_address, council_node) => {
Some(StakingEvent::NodeJoin(&staking_address, council_node).into())
}
TxPublicAction::NodeJoin {
address,
council_node,
..
} => Some(StakingEvent::NodeJoin(&address, council_node).into()),
TxPublicAction::Unjail(staking_address) => {
Some(StakingEvent::Unjail(&staking_address).into())
}
Expand Down
13 changes: 11 additions & 2 deletions chain-abci/src/app/validate_tx.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
use super::{BufferType, ChainNodeApp, ChainNodeState};
use crate::enclave_bridge::EnclaveProxy;
use crate::storage::{process_public_tx, verify_enclave_tx, TxAction, TxEnclaveAction};
use crate::storage::{
process_public_tx, verify_enclave_tx, TxAction, TxEnclaveAction, TxPublicAction,
};
use crate::tx_error::TxError;
use abci::*;
use chain_core::tx::data::TxId;
Expand Down Expand Up @@ -118,11 +120,18 @@ impl<T: EnclaveProxy> ChainNodeApp<T> {
let action = process_public_tx(
&mut staking_store!(self, state.staking_version, buffer_type),
&mut state.staking_table,
&self.enclave_cert_verifier,
state.enclave_isv_svn,
&extra_info,
&tx,
)?;

match action {
TxPublicAction::NodeJoin { isv_svn, .. } => {
state.enclave_isv_svn = isv_svn;
}
_ => {}
};

TxAction::Public(action)
}
};
Expand Down
Loading

0 comments on commit 725c7c3

Please sign in to comment.