-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R4R: Judge if trust-node predefined before create certifier add verification for getBlock, queryTx and getValidators #2210
Changes from 13 commits
71625ed
0681648
f254d28
d8a951d
bed593d
e8ef342
582886b
61c6d33
4146cb2
f075e25
9e1bd1a
68655ce
5cc7088
e1b15c6
bf6b445
ca840e6
abf1a8a
253db7f
a63ea1c
7a7c6df
8dcc536
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -309,7 +309,7 @@ func (ctx CLIContext) query(path string, key cmn.HexBytes) (res []byte, err erro | |
return res, errors.Errorf("query failed: (%d) %s", resp.Code, resp.Log) | ||
} | ||
|
||
// Data from trusted node or subspace query doesn't need verification | ||
// data from trusted node or subspace query doesn't need verification | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Capitalize and add trailing period please. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm sorry. Could you clarify trailing period please? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @HaoyangLiu I think he is stating that it should be reverted back to a sentence with a period. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Got it! Thanks There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. my pleasure 👍 |
||
if ctx.TrustNode || !isQueryStoreWithProof(path) { | ||
return resp.Value, nil | ||
} | ||
|
@@ -348,15 +348,17 @@ func (ctx CLIContext) verifyProof(path string, resp abci.ResponseQuery) error { | |
} | ||
|
||
// Verify the substore commit hash against trusted appHash | ||
substoreCommitHash, err := store.VerifyMultiStoreCommitInfo(multiStoreProof.StoreName, | ||
multiStoreProof.StoreInfos, commit.Header.AppHash) | ||
substoreCommitHash, err := store.VerifyMultiStoreCommitInfo( | ||
multiStoreProof.StoreName, multiStoreProof.StoreInfos, commit.Header.AppHash) | ||
if err != nil { | ||
return errors.Wrap(err, "failed in verifying the proof against appHash") | ||
} | ||
|
||
err = store.VerifyRangeProof(resp.Key, resp.Value, substoreCommitHash, &multiStoreProof.RangeProof) | ||
if err != nil { | ||
return errors.Wrap(err, "failed in the range proof verification") | ||
} | ||
|
||
return nil | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -177,7 +177,7 @@ func TestBlock(t *testing.T) { | |
|
||
// -- | ||
|
||
res, body = Request(t, port, "GET", "/blocks/1", nil) | ||
res, body = Request(t, port, "GET", "/blocks/2", nil) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why did this change? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have added a comment about the reason above. When gaia-lite is launched, it will fetch the latest height as its trust basement. Then it can only verify blocks or transactions in later height. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OK, we should update gaia lite so that you can easily start it with a separate root-of-trust. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ref #2323 |
||
require.Equal(t, http.StatusOK, res.StatusCode, body) | ||
|
||
err = wire.Cdc.UnmarshalJSON([]byte(body), &resultBlock) | ||
|
@@ -210,7 +210,7 @@ func TestValidators(t *testing.T) { | |
|
||
// -- | ||
|
||
res, body = Request(t, port, "GET", "/validatorsets/1", nil) | ||
res, body = Request(t, port, "GET", "/validatorsets/2", nil) | ||
require.Equal(t, http.StatusOK, res.StatusCode, body) | ||
|
||
err = cdc.UnmarshalJSON([]byte(body), &resultVals) | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,6 +10,9 @@ import ( | |
|
||
"github.com/gorilla/mux" | ||
"github.com/spf13/cobra" | ||
"github.com/spf13/viper" | ||
tmliteErr "github.com/tendermint/tendermint/lite/errors" | ||
tmliteProxy "github.com/tendermint/tendermint/lite/proxy" | ||
) | ||
|
||
//BlockCommand returns the verified block data for a given heights | ||
|
@@ -21,8 +24,8 @@ func BlockCommand() *cobra.Command { | |
RunE: printBlock, | ||
} | ||
cmd.Flags().StringP(client.FlagNode, "n", "tcp://localhost:26657", "Node to connect to") | ||
// TODO: change this to false when we can | ||
cmd.Flags().Bool(client.FlagTrustNode, true, "Don't verify proofs for responses") | ||
cmd.Flags().Bool(client.FlagTrustNode, false, "Don't verify proofs for query responses") | ||
cmd.Flags().String(client.FlagChainID, "", "The chain ID to connect to") | ||
return cmd | ||
} | ||
|
||
|
@@ -41,6 +44,26 @@ func getBlock(cliCtx context.CLIContext, height *int64) ([]byte, error) { | |
return nil, err | ||
} | ||
|
||
trustNode := viper.GetBool(client.FlagTrustNode) | ||
if !trustNode { | ||
check, err := tmliteProxy.GetCertifiedCommit(*height, node, cliCtx.Certifier) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Combine this with similar instances below (DRY) |
||
if tmliteErr.IsCommitNotFoundErr(err) { | ||
return nil, context.ErrVerifyCommit(*height) | ||
} else if err != nil { | ||
return nil, err | ||
} | ||
|
||
err = tmliteProxy.ValidateBlockMeta(res.BlockMeta, check) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
err = tmliteProxy.ValidateBlock(res.Block, check) | ||
if err != nil { | ||
return nil, err | ||
} | ||
} | ||
|
||
// TODO move maarshalling into cmd/rest functions | ||
// output, err := tmwire.MarshalJSON(res) | ||
output, err := cdc.MarshalJSON(res) | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,9 +8,14 @@ import ( | |
"github.com/gorilla/mux" | ||
"github.com/spf13/cobra" | ||
|
||
"bytes" | ||
"github.com/cosmos/cosmos-sdk/client" | ||
"github.com/cosmos/cosmos-sdk/client/context" | ||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
"github.com/spf13/viper" | ||
tmliteErr "github.com/tendermint/tendermint/lite/errors" | ||
tmliteProxy "github.com/tendermint/tendermint/lite/proxy" | ||
tmTypes "github.com/tendermint/tendermint/types" | ||
tmtypes "github.com/tendermint/tendermint/types" | ||
) | ||
|
||
|
@@ -25,8 +30,8 @@ func ValidatorCommand() *cobra.Command { | |
RunE: printValidators, | ||
} | ||
cmd.Flags().StringP(client.FlagNode, "n", "tcp://localhost:26657", "Node to connect to") | ||
// TODO: change this to false when we can | ||
cmd.Flags().Bool(client.FlagTrustNode, true, "Don't verify proofs for responses") | ||
cmd.Flags().Bool(client.FlagTrustNode, false, "Don't verify proofs for query responses") | ||
cmd.Flags().String(client.FlagChainID, "", "The chain ID to connect to") | ||
return cmd | ||
} | ||
|
||
|
@@ -70,6 +75,21 @@ func getValidators(cliCtx context.CLIContext, height *int64) ([]byte, error) { | |
return nil, err | ||
} | ||
|
||
trustNode := viper.GetBool(client.FlagTrustNode) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This should be fetched from the |
||
|
||
if !trustNode { | ||
check, err := tmliteProxy.GetCertifiedCommit(*height, node, cliCtx.Certifier) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. DRY |
||
if tmliteErr.IsCommitNotFoundErr(err) { | ||
return nil, context.ErrVerifyCommit(*height) | ||
} else if err != nil { | ||
return nil, err | ||
} | ||
|
||
if !bytes.Equal(check.ValidatorsHash(), tmTypes.NewValidatorSet(validatorsRes.Validators).Hash()) { | ||
return nil, fmt.Errorf("got invalid validatorset") | ||
} | ||
} | ||
|
||
outputValidatorsRes := ResultValidatorsOutput{ | ||
BlockHeight: validatorsRes.BlockHeight, | ||
Validators: make([]ValidatorOutput, len(validatorsRes.Validators)), | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,6 +19,8 @@ import ( | |
sdk "github.com/cosmos/cosmos-sdk/types" | ||
"github.com/cosmos/cosmos-sdk/wire" | ||
"github.com/cosmos/cosmos-sdk/x/auth" | ||
tmliteErr "github.com/tendermint/tendermint/lite/errors" | ||
tmliteProxy "github.com/tendermint/tendermint/lite/proxy" | ||
) | ||
|
||
// QueryTxCmd implements the default command for a tx query. | ||
|
@@ -45,9 +47,8 @@ func QueryTxCmd(cdc *wire.Codec) *cobra.Command { | |
} | ||
|
||
cmd.Flags().StringP(client.FlagNode, "n", "tcp://localhost:26657", "Node to connect to") | ||
|
||
// TODO: change this to false when we can | ||
cmd.Flags().Bool(client.FlagTrustNode, true, "Don't verify proofs for responses") | ||
cmd.Flags().Bool(client.FlagTrustNode, false, "Don't verify proofs for query responses") | ||
cmd.Flags().String(client.FlagChainID, "", "The chain ID to connect to") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
return cmd | ||
} | ||
|
||
|
@@ -72,6 +73,20 @@ func queryTx(cdc *wire.Codec, cliCtx context.CLIContext, hashHexStr string, trus | |
return nil, err | ||
} | ||
|
||
if !trustNode { | ||
check, err := tmliteProxy.GetCertifiedCommit(info.Height, node, cliCtx.Certifier) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. DRY with above/below |
||
if tmliteErr.IsCommitNotFoundErr(err) { | ||
return nil, context.ErrVerifyCommit(info.Height) | ||
} else if err != nil { | ||
return nil, err | ||
} | ||
|
||
err = res.Proof.Validate(check.Header.DataHash) | ||
if err != nil { | ||
return nil, err | ||
} | ||
} | ||
|
||
return wire.MarshalJSONIndent(cdc, info) | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,6 +15,8 @@ import ( | |
"github.com/spf13/cobra" | ||
"github.com/spf13/viper" | ||
|
||
tmliteErr "github.com/tendermint/tendermint/lite/errors" | ||
tmliteProxy "github.com/tendermint/tendermint/lite/proxy" | ||
ctypes "github.com/tendermint/tendermint/rpc/core/types" | ||
) | ||
|
||
|
@@ -62,9 +64,8 @@ $ gaiacli tendermint txs --tag test1,test2 --any | |
} | ||
|
||
cmd.Flags().StringP(client.FlagNode, "n", "tcp://localhost:26657", "Node to connect to") | ||
|
||
// TODO: change this to false once proofs built in | ||
cmd.Flags().Bool(client.FlagTrustNode, true, "Don't verify proofs for responses") | ||
cmd.Flags().Bool(client.FlagTrustNode, false, "Don't verify proofs for query responses") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Seems we're inconsistent with this flag's description. Can we update all occurrences to something like: |
||
cmd.Flags().String(client.FlagChainID, "", "The chain ID to connect to") | ||
cmd.Flags().StringSlice(flagTags, nil, "Comma-separated list of tags that must match") | ||
cmd.Flags().Bool(flagAny, false, "Return transactions that match ANY tag, rather than ALL") | ||
return cmd | ||
|
@@ -93,7 +94,21 @@ func searchTxs(cliCtx context.CLIContext, cdc *wire.Codec, tags []string) ([]Inf | |
if err != nil { | ||
return nil, err | ||
} | ||
if prove { | ||
for _, tx := range res.Txs { | ||
check, err := tmliteProxy.GetCertifiedCommit(tx.Height, node, cliCtx.Certifier) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. DRY with above There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This will be cached so the loop is OK I think |
||
if tmliteErr.IsCommitNotFoundErr(err) { | ||
return nil, context.ErrVerifyCommit(tx.Height) | ||
} else if err != nil { | ||
return nil, err | ||
} | ||
|
||
err = tx.Proof.Validate(check.Header.DataHash) | ||
if err != nil { | ||
return nil, err | ||
} | ||
} | ||
} | ||
info, err := FormatTxResults(cdc, res.Txs) | ||
if err != nil { | ||
return nil, err | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
trustNodeDefined
?