[FAB-12926] Validate hash chain when listing blocks

yacovm · yacovm · commit 300e50916c69 · 2018-12-04T21:58:09.000Z
This change set adds validation of the hash chain to the ChainInspector.

We need to validate the hash chain (backward hash pointers) when iterating over
the system channel when inspecting the channels that exist (which is
what the ChainInspector does).

Even though the block puller that fetches the channels validates the hash chain in batches,
it doesn't verify the hash pointers between the batches themselves.

Since the onboarding puller (unlike the etcdraft one) is equipped with a no-op
signature validator and relies on the validity of the bootstrap block
in conjunction with the integrity of the pulled hash chain,
it doesn't verify the signature of the last block of a pulled batch,
thus we need to add this check into the code of the channel lister.

Change-Id: I8320d093f8d6f5a81291e6377536b0ebdcc83c48
Signed-off-by: yacovm &lt;yacovm@il.ibm.com&gt;
diff --git a/orderer/common/cluster/replication.go b/orderer/common/cluster/replication.go
@@ -366,15 +366,19 @@ func (ci *ChainInspector) Channels() []string {
 	channels := make(map[string]struct{})
 	lastConfigBlockNum := ci.LastConfigBlock.Header.Number
 	var block *common.Block
+	var prevHash []byte
 	for seq := uint64(1); seq < lastConfigBlockNum; seq++ {
 		block = ci.Puller.PullBlock(seq)
+		ci.validateHashPointer(block, prevHash)
 		channel, err := IsNewChannelBlock(block)
 		if err != nil {
 			// If we failed to classify a block, something is wrong in the system chain
 			// we're trying to pull, so abort.
 			ci.Logger.Panic("Failed classifying block", seq, ":", err)
 			continue
 		}
+		// Set the previous hash for the next iteration
+		prevHash = block.Header.Hash()
 		if channel == "" {
 			ci.Logger.Info("Block", seq, "doesn't contain a new channel")
 			continue
@@ -395,6 +399,17 @@ func (ci *ChainInspector) Channels() []string {
 	return flattenChannelMap(channels)
 }
 
+func (ci *ChainInspector) validateHashPointer(block *common.Block, prevHash []byte) {
+	if prevHash == nil {
+		return
+	}
+	if bytes.Equal(block.Header.PreviousHash, prevHash) {
+		return
+	}
+	ci.Logger.Panicf("Claimed previous hash of block %d is %x but actual previous hash is %x",
+		block.Header.Number, block.Header.PreviousHash, prevHash)
+}
+
 func flattenChannelMap(m map[string]struct{}) []string {
 	var res []string
 	for channel := range m {
diff --git a/orderer/common/cluster/replication_test.go b/orderer/common/cluster/replication_test.go
@@ -1039,17 +1039,34 @@ func TestChannels(t *testing.T) {
 			},
 		},
 		{
-			name:               "bad path - pulled chain's hash is mismatched",
-			prepareSystemChain: func(_ []*common.Block) {},
+			name: "bad path - pulled chain's last block hash doesn't match the last config block",
+			prepareSystemChain: func(systemChain []*common.Block) {
+				assignHashes(systemChain)
+				systemChain[len(systemChain)-1].Header.PreviousHash = nil
+			},
 			assertion: func(t *testing.T, ci *cluster.ChainInspector) {
 				panicValue := "System channel pulled doesn't match the boot last config block:" +
-					" block 4's hash (d8553eb97aa57e3c795a185f30efdbe8d88ae4b1e44b984b311159beac9bd5f4)" +
+					" block 4's hash (34762d9deefdea2514a85663856e92b5c7e1ae4669e6265b27b079d1f320e741)" +
 					" mismatches 3's prev block hash ()"
 				assert.PanicsWithValue(t, panicValue, func() {
 					ci.Channels()
 				})
 			},
 		},
+		{
+			name: "bad path - hash chain mismatch",
+			prepareSystemChain: func(systemChain []*common.Block) {
+				assignHashes(systemChain)
+				systemChain[len(systemChain)/2].Header.PreviousHash = nil
+			},
+			assertion: func(t *testing.T, ci *cluster.ChainInspector) {
+				panicValue := "Claimed previous hash of block 3 is  but actual previous " +
+					"hash is ab6be2effec106c0324f9d6b1af2cf115c60c3f60e250658362991cb8e195a50"
+				assert.PanicsWithValue(t, panicValue, func() {
+					ci.Channels()
+				})
+			},
+		},
 		{
 			name: "bad path - a block cannot be classified",
 			prepareSystemChain: func(systemChain []*common.Block) {
@@ -1080,6 +1097,7 @@ func TestChannels(t *testing.T) {
 			}
 			testCase.prepareSystemChain(systemChain)
 			puller := &mocks.ChainPuller{}
+			puller.On("Close")
 			for seq := uint64(1); int(seq) <= len(systemChain); seq++ {
 				puller.On("PullBlock", seq).Return(systemChain[int(seq)-1])
 			}
@@ -1089,6 +1107,8 @@ func TestChannels(t *testing.T) {
 				Puller:          puller,
 				LastConfigBlock: systemChain[len(systemChain)-1],
 			}
+			defer puller.AssertNumberOfCalls(t, "Close", 1)
+			defer ci.Close()
 			testCase.assertion(t, ci)
 		})
 	}
