INDY-1846: Change pool state root hash for BLS-signature in Commit messages #980
Conversation
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Changes: - Add the current uncommitted pool state root hash to "POOL_STATE_ROOT_HASH" to PrePrepare message - Extend validation of received PrePrepares Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Toktar
changed the title
Changes: - Change commit BLS signature creating - Change validation of a commit BLS signature - Add tests Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Changes: - Add tests - Move pool_state_root_hash in create3PCBatch() - Back to use in signatures committed state Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Toktar
changed the title
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
plenum/bls/bls_bft_replica_plenum.py
Outdated
| @@ -183,10 +188,12 @@ def _validate_multi_sig(self, multi_sig: MultiSignature): | |||
| public_keys) | |||
|
|
|||
| def _sign_state(self, pre_prepare: PrePrepare): | |||
| pool_root_hash_ser = self.state_root_serializer.serialize( | |||
| bytes(self._bls_bft.bls_key_register.get_pool_root_hash_committed())) | |||
| pool_root_hash = pre_prepare.poolStateRootHash \ | |||
There was a problem hiding this comment.
I think it would be better to create a helper method (in this class) to get pool_root_hash with PrePrepare as an input
There was a problem hiding this comment.
Added BlsBftReplicaPlenum._get_pool_root_hash()
| @@ -152,11 +151,14 @@ class PrePrepare(MessageBase): | |||
| (f.TXN_ROOT.nm, MerkleRootField(nullable=True)), | |||
| (f.SUB_SEQ_NO.nm, NonNegativeNumberField()), | |||
| (f.FINAL.nm, BooleanField()), | |||
| (f.POOL_STATE_ROOT_HASH.nm, MerkleRootField(optional=True, | |||
There was a problem hiding this comment.
It needs to be after BLS_MULTI_SIG
There was a problem hiding this comment.
Please add a test checking that a Primary sending POOL_STATE_ROOT_HASH is understood by nodes which are not aware of this field
There was a problem hiding this comment.
POOL_STATE_ROOT_HASH needs to be before BLS_MULTI_SIG because PrePrepare can be not contains multi signature.
But will add tests for parsing different variants of PrePrepare messages.
There was a problem hiding this comment.
- add test_process_pre_prepare_validation_old_schema (for all variants of PrePrepare)
- change test_process_pre_prepare_validation (for all variants of PrePrepare)
| @@ -295,6 +315,19 @@ def test_validate_commit_incorrect_sig(bls_bft_replicas, pre_prepare_with_bls): | |||
| assert status == BlsBftReplica.CM_BLS_SIG_WRONG | |||
|
|
|||
|
|
|||
| def test_validate_commit_incorrect_signed_without_pool_state_root(bls_bft_replicas, multi_signature): | |||
There was a problem hiding this comment.
Why the signature is incorrect in this case?
There was a problem hiding this comment.
Signature is correct in this case. Changed wrong method name to test_validate_commit_signature_without_pool_state_root
plenum/test/replica/test_api.py
Outdated
|
|
||
|
|
||
| def test_process_pre_prepare_with_pool_state_root(replica): |
There was a problem hiding this comment.
Should this test be named test_process_pre_prepare_with_incorrect_pool_state_root?
| sender_bls_bft.node_id, | ||
| pre_prepare) | ||
|
|
||
|
|
There was a problem hiding this comment.
I think we need more unit tests when pool_state_root_hash is incorrect
There was a problem hiding this comment.
What can we add to addition the test where pool_state_root_hash in PrePrepare is incorrect and message will be discarded?
| Nodes 1, 2 ordered txn1 and nodes 3, 4 did not. | ||
| All nodes receive PrePrepare2(txn2 for domain_ledger) | ||
| Nodes 3, 4 receive commits from nodes 1, 2 | ||
| Nodes 1, 2 ordered txn1 |
There was a problem hiding this comment.
Should it be: Nodes 3, 4 ordered txn1?
There was a problem hiding this comment.
Yes, thank you. Fixed it.
| looper.run(eventually(check_fast_nodes_ordered_request)) | ||
|
|
||
| request2 = sdk_send_random_request(looper, sdk_pool_handle, sdk_wallet_client) | ||
| looper.run(eventually(check_nodes_receive_pp, first_ordered[0], first_ordered[1] + 2)) |
There was a problem hiding this comment.
I think we should also check, that slow nodes receive commits for the second request (that is they validate it while txn1 is still not ordered)
Changes: - refactoring test_process_pre_prepare_with_pool_state_root - refactoring test_commit_signature_validation_integration - refactoring test_validate_commit_incorrect_signed_without_pool_state_root - refactoring test_validate_commit_correct_sig_second_time - add _get_pool_root_hash to BlsBftReplicaPlenum Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
plenum/bls/bls_bft_replica_plenum.py
Outdated
| sender_node = self.get_node_name(sender) | ||
| pk = self._bls_bft.bls_key_register.get_key_by_name(sender_node, pool_root_hash) | ||
| if not pk: | ||
| return False | ||
| pool_root_hash_ser = self._get_pool_root_hash(pre_prepare, serialize=False) |
There was a problem hiding this comment.
I think serialized value needs to be passed here (serialize=True).
In general, I would suggest to move calculation of pool_root_hash_ser to _create_multi_sig_value_for_pre_prepare method.
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
plenum/test/replica/test_api.py
Outdated
| replica.processPrePrepare(pp, replica.primaryName) | ||
| fake_replica.node.reportSuspiciousNodeEx = reportSuspiciousNodeEx | ||
|
|
||
| fake_replica.processPrePrepare(pre_prepare, fake_replica.primaryName) |
There was a problem hiding this comment.
This test doesn't make sense, since schema is not called here, we already pass pre_prepare object.
We need to create PrePrepare as a dict, patch PrePrepare schema, and create PrePrepare instance from this dict.
see test_strict_schema.py for example
| @@ -236,8 +236,11 @@ def test_validate_pre_prepare_no_sigs(bls_bft_replicas, pre_prepare_no_bls): | |||
| def test_validate_pre_prepare_correct_multi_sig(bls_bft_replicas, pre_prepare_with_bls): | |||
| for sender_bls_bft_replica in bls_bft_replicas: | |||
| for verifier_bls_bft_replica in bls_bft_replicas: | |||
| committed_root_hash = verifier_bls_bft_replica._bls_bft.bls_key_register.get_pool_root_hash_committed | |||
There was a problem hiding this comment.
Please create a separate test test_validate_pre_prepare_does_not_use_committed_pool_state
| @@ -298,9 +301,12 @@ def test_validate_commit_correct_sig_second_time(bls_bft_replicas, pre_prepare_w | |||
| for sender_bls_bft in bls_bft_replicas: | |||
| commit = create_commit_bls_sig(sender_bls_bft, key, pre_prepare_with_bls) | |||
| for verifier_bls_bft in bls_bft_replicas: | |||
| committed_root_hash = verifier_bls_bft._bls_bft.bls_key_register.get_pool_root_hash_committed | |||
There was a problem hiding this comment.
Please create a separate test test_validate_commit_does_not_use_committed_pool_state
| @@ -236,8 +236,11 @@ def test_validate_pre_prepare_no_sigs(bls_bft_replicas, pre_prepare_no_bls): | |||
| def test_validate_pre_prepare_correct_multi_sig(bls_bft_replicas, pre_prepare_with_bls): | |||
| for sender_bls_bft_replica in bls_bft_replicas: | |||
| for verifier_bls_bft_replica in bls_bft_replicas: | |||
| committed_root_hash = verifier_bls_bft_replica._bls_bft.bls_key_register.get_pool_root_hash_committed | |||
There was a problem hiding this comment.
Can we patch the methods like this? Should we use monkeypatch?
There was a problem hiding this comment.
Changed to using monkeypatch.
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Add unit tests:
- test for create3PCBatchwith for empty requests queues -
test_create_3pc_batch_with_empty_requests- test for successful finish for create3PCBatch (POOL_STATE_ROOT_HASH added) -
test_create_3pc_batch- test for update_commit with _can_process_ledger() = false -
test_update_commit_pool_ledger- test for update_commit with can_sign_bls() = false -
test_update_commit_without_bls_crypto_signer- test for successful finish for update_commit (signature added) -
test_update_commit- test for validate_commit with no BLS_MULTI_SIG in pre_prepare -
test_validate_commit_correct_sig_first_time- test for validate_commit with invalid pool_state_root_hash -
test_validate_commit_signature_without_pool_state_root- test for validate_commit with correct pool_state_root_hash -
test_validate_commit_correct_sig_second_time- test for validate_commit without pool_state_root_hash -
test_validate_commit_signature_without_pool_state_root- test for success processPrePrepare -
test_process_pre_prepare_validation- test for processPrePrepare without old PrePrepare schema -
test_process_pre_prepare_validation_old_schema- test for processPrePrepare with invalid POOL_STATE_ROOT_HASH -
test_process_pre_prepare_with_pool_state_root- test for processPrePrepare with correct POOL_STATE_ROOT_HASH -
test_process_pre_prepare_with_incorrect_pool_state_rootAdd integration test -
test_commit_signature_validation_integration:All nodes receive PrePrepare1(txn1 for pool_ledger)
Nodes 1, 2 ordered txn1 and nodes 3, 4 did not.
All nodes receive PrePrepare2(txn2 for domain_ledger)
Nodes 3, 4 receive commits from nodes 1, 2
Nodes 1, 2 ordered txn1
Check that all nodes ordered txn2