-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
INDY-1846: Change pool state root hash for BLS-signature in Commit messages #980
INDY-1846: Change pool state root hash for BLS-signature in Commit messages #980
Conversation
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Changes: - Add the current uncommitted pool state root hash to "POOL_STATE_ROOT_HASH" to PrePrepare message - Extend validation of received PrePrepares Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Changes: - Change commit BLS signature creating - Change validation of a commit BLS signature - Add tests Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Changes: - Add tests - Move pool_state_root_hash in create3PCBatch() - Back to use in signatures committed state Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
plenum/bls/bls_bft_replica_plenum.py
Outdated
@@ -183,10 +188,12 @@ def _validate_multi_sig(self, multi_sig: MultiSignature): | |||
public_keys) | |||
|
|||
def _sign_state(self, pre_prepare: PrePrepare): | |||
pool_root_hash_ser = self.state_root_serializer.serialize( | |||
bytes(self._bls_bft.bls_key_register.get_pool_root_hash_committed())) | |||
pool_root_hash = pre_prepare.poolStateRootHash \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be better to create a helper method (in this class) to get pool_root_hash with PrePrepare as an input
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added BlsBftReplicaPlenum._get_pool_root_hash()
@@ -152,11 +151,14 @@ class PrePrepare(MessageBase): | |||
(f.TXN_ROOT.nm, MerkleRootField(nullable=True)), | |||
(f.SUB_SEQ_NO.nm, NonNegativeNumberField()), | |||
(f.FINAL.nm, BooleanField()), | |||
(f.POOL_STATE_ROOT_HASH.nm, MerkleRootField(optional=True, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It needs to be after BLS_MULTI_SIG
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a test checking that a Primary sending POOL_STATE_ROOT_HASH is understood by nodes which are not aware of this field
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
POOL_STATE_ROOT_HASH needs to be before BLS_MULTI_SIG because PrePrepare can be not contains multi signature.
But will add tests for parsing different variants of PrePrepare messages.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- add test_process_pre_prepare_validation_old_schema (for all variants of PrePrepare)
- change test_process_pre_prepare_validation (for all variants of PrePrepare)
@@ -295,6 +315,19 @@ def test_validate_commit_incorrect_sig(bls_bft_replicas, pre_prepare_with_bls): | |||
assert status == BlsBftReplica.CM_BLS_SIG_WRONG | |||
|
|||
|
|||
def test_validate_commit_incorrect_signed_without_pool_state_root(bls_bft_replicas, multi_signature): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the signature is incorrect in this case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signature is correct in this case. Changed wrong method name to test_validate_commit_signature_without_pool_state_root
plenum/test/replica/test_api.py
Outdated
|
||
|
||
def test_process_pre_prepare_with_pool_state_root(replica): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this test be named test_process_pre_prepare_with_incorrect_pool_state_root
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed it
sender_bls_bft.node_id, | ||
pre_prepare) | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need more unit tests when pool_state_root_hash is incorrect
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What can we add to addition the test where pool_state_root_hash in PrePrepare is incorrect and message will be discarded?
Nodes 1, 2 ordered txn1 and nodes 3, 4 did not. | ||
All nodes receive PrePrepare2(txn2 for domain_ledger) | ||
Nodes 3, 4 receive commits from nodes 1, 2 | ||
Nodes 1, 2 ordered txn1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should it be: Nodes 3, 4 ordered txn1?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, thank you. Fixed it.
looper.run(eventually(check_fast_nodes_ordered_request)) | ||
|
||
request2 = sdk_send_random_request(looper, sdk_pool_handle, sdk_wallet_client) | ||
looper.run(eventually(check_nodes_receive_pp, first_ordered[0], first_ordered[1] + 2)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should also check, that slow nodes receive commits for the second request (that is they validate it while txn1 is still not ordered)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added check.
Changes: - refactoring test_process_pre_prepare_with_pool_state_root - refactoring test_commit_signature_validation_integration - refactoring test_validate_commit_incorrect_signed_without_pool_state_root - refactoring test_validate_commit_correct_sig_second_time - add _get_pool_root_hash to BlsBftReplicaPlenum Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
plenum/bls/bls_bft_replica_plenum.py
Outdated
sender_node = self.get_node_name(sender) | ||
pk = self._bls_bft.bls_key_register.get_key_by_name(sender_node, pool_root_hash) | ||
if not pk: | ||
return False | ||
pool_root_hash_ser = self._get_pool_root_hash(pre_prepare, serialize=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think serialized value needs to be passed here (serialize=True).
In general, I would suggest to move calculation of pool_root_hash_ser to _create_multi_sig_value_for_pre_prepare
method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
plenum/test/replica/test_api.py
Outdated
replica.processPrePrepare(pp, replica.primaryName) | ||
fake_replica.node.reportSuspiciousNodeEx = reportSuspiciousNodeEx | ||
|
||
fake_replica.processPrePrepare(pre_prepare, fake_replica.primaryName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test doesn't make sense, since schema is not called here, we already pass pre_prepare
object.
We need to create PrePrepare as a dict, patch PrePrepare schema, and create PrePrepare instance from this dict.
see test_strict_schema.py for example
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -236,8 +236,11 @@ def test_validate_pre_prepare_no_sigs(bls_bft_replicas, pre_prepare_no_bls): | |||
def test_validate_pre_prepare_correct_multi_sig(bls_bft_replicas, pre_prepare_with_bls): | |||
for sender_bls_bft_replica in bls_bft_replicas: | |||
for verifier_bls_bft_replica in bls_bft_replicas: | |||
committed_root_hash = verifier_bls_bft_replica._bls_bft.bls_key_register.get_pool_root_hash_committed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please create a separate test test_validate_pre_prepare_does_not_use_committed_pool_state
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -298,9 +301,12 @@ def test_validate_commit_correct_sig_second_time(bls_bft_replicas, pre_prepare_w | |||
for sender_bls_bft in bls_bft_replicas: | |||
commit = create_commit_bls_sig(sender_bls_bft, key, pre_prepare_with_bls) | |||
for verifier_bls_bft in bls_bft_replicas: | |||
committed_root_hash = verifier_bls_bft._bls_bft.bls_key_register.get_pool_root_hash_committed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please create a separate test test_validate_commit_does_not_use_committed_pool_state
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -236,8 +236,11 @@ def test_validate_pre_prepare_no_sigs(bls_bft_replicas, pre_prepare_no_bls): | |||
def test_validate_pre_prepare_correct_multi_sig(bls_bft_replicas, pre_prepare_with_bls): | |||
for sender_bls_bft_replica in bls_bft_replicas: | |||
for verifier_bls_bft_replica in bls_bft_replicas: | |||
committed_root_hash = verifier_bls_bft_replica._bls_bft.bls_key_register.get_pool_root_hash_committed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we patch the methods like this? Should we use monkeypatch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to using monkeypatch.
Signed-off-by: toktar <renata.toktar@dsr-corporation.com>
Add unit tests:
- test for create3PCBatchwith for empty requests queues -
test_create_3pc_batch_with_empty_requests
- test for successful finish for create3PCBatch (POOL_STATE_ROOT_HASH added) -
test_create_3pc_batch
- test for update_commit with _can_process_ledger() = false -
test_update_commit_pool_ledger
- test for update_commit with can_sign_bls() = false -
test_update_commit_without_bls_crypto_signer
- test for successful finish for update_commit (signature added) -
test_update_commit
- test for validate_commit with no BLS_MULTI_SIG in pre_prepare -
test_validate_commit_correct_sig_first_time
- test for validate_commit with invalid pool_state_root_hash -
test_validate_commit_signature_without_pool_state_root
- test for validate_commit with correct pool_state_root_hash -
test_validate_commit_correct_sig_second_time
- test for validate_commit without pool_state_root_hash -
test_validate_commit_signature_without_pool_state_root
- test for success processPrePrepare -
test_process_pre_prepare_validation
- test for processPrePrepare without old PrePrepare schema -
test_process_pre_prepare_validation_old_schema
- test for processPrePrepare with invalid POOL_STATE_ROOT_HASH -
test_process_pre_prepare_with_pool_state_root
- test for processPrePrepare with correct POOL_STATE_ROOT_HASH -
test_process_pre_prepare_with_incorrect_pool_state_root
Add integration test -
test_commit_signature_validation_integration
:All nodes receive PrePrepare1(txn1 for pool_ledger)
Nodes 1, 2 ordered txn1 and nodes 3, 4 did not.
All nodes receive PrePrepare2(txn2 for domain_ledger)
Nodes 3, 4 receive commits from nodes 1, 2
Nodes 1, 2 ordered txn1
Check that all nodes ordered txn2