From 64011459d779f4a4a5dfcfebfa7ea18b8f1290ad Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Thu, 14 Dec 2023 10:49:26 +0100 Subject: [PATCH 01/11] chore: clippy --- abci/src/server.rs | 2 +- abci/src/server/codec.rs | 12 ++++++------ abci/tests/common/docker.rs | 10 ++++++---- abci/tests/kvstore.rs | 3 +-- abci/tests/tcp.rs | 6 +++--- 5 files changed, 17 insertions(+), 16 deletions(-) diff --git a/abci/src/server.rs b/abci/src/server.rs index 9b33151b..630379a0 100644 --- a/abci/src/server.rs +++ b/abci/src/server.rs @@ -115,7 +115,7 @@ impl<'a, App: RequestDispatcher + 'a> ServerBuilder { let _guard = server_runtime.handle.enter(); // No cancel is defined, so we add some "mock" - let cancel = self.cancel.unwrap_or(CancellationToken::new()); + let cancel = self.cancel.unwrap_or_default(); let server = match bind_address.scheme() { #[cfg(feature = "tcp")] diff --git a/abci/src/server/codec.rs b/abci/src/server/codec.rs index 1da927a7..8d531e33 100644 --- a/abci/src/server/codec.rs +++ b/abci/src/server/codec.rs @@ -230,12 +230,12 @@ mod test { let codec = tokio_util::codec::Framed::new(server, super::Coder {}); let worker_cancel = cancel.clone(); - let hdl = tokio::spawn( - async move { - super::Codec::process_worker_queues(codec, request_tx, response_rx, worker_cancel) - } - .await, - ); + let hdl = tokio::spawn(super::Codec::process_worker_queues( + codec, + request_tx, + response_rx, + worker_cancel, + )); // We send 2 requests over the wire for n_requests in 0..5 { diff --git a/abci/tests/common/docker.rs b/abci/tests/common/docker.rs index 61cc9216..5e1e5001 100644 --- a/abci/tests/common/docker.rs +++ b/abci/tests/common/docker.rs @@ -153,14 +153,14 @@ impl TenderdashDocker { None }; - let app_address = app_address.to_string().replace("/", "\\/"); + let app_address = app_address.to_string().replace('/', "\\/"); debug!("Tenderdash will connect to ABCI address: {}", app_address); let container_config = Config { image: Some(self.image.clone()), env: Some(vec![format!("PROXY_APP={}", app_address)]), host_config: Some(HostConfig { - binds: binds, + binds, ..Default::default() }), ..Default::default() @@ -215,7 +215,7 @@ impl TenderdashDocker { let mut dest = tokio::io::BufWriter::new(stderror); let mut logs = docker.logs( - &id, + id, Some(bollard::container::LogsOptions { follow: false, stdout: true, @@ -269,6 +269,8 @@ impl Drop for TenderdashDocker { pub fn setup_td_logs_panic(td_docker: &Arc) { let weak_ref = Arc::downgrade(td_docker); std::panic::set_hook(Box::new(move |_| { - weak_ref.upgrade().map(|td| td.print_logs()); + if let Some(td) = weak_ref.upgrade() { + td.print_logs() + } })); } diff --git a/abci/tests/kvstore.rs b/abci/tests/kvstore.rs index aec9fa89..a243363f 100644 --- a/abci/tests/kvstore.rs +++ b/abci/tests/kvstore.rs @@ -2,7 +2,6 @@ mod common; use std::{ collections::{BTreeMap, BTreeSet}, - mem, ops::Deref, sync::{RwLock, RwLockWriteGuard}, }; @@ -95,7 +94,7 @@ impl KVStore { } pub(crate) fn commit(&mut self) { - let pending_operations = mem::replace(&mut self.pending_operations, BTreeSet::new()); + let pending_operations = std::mem::take(&mut self.pending_operations); pending_operations .into_iter() .for_each(|op| op.apply(&mut self.persisted_state)); diff --git a/abci/tests/tcp.rs b/abci/tests/tcp.rs index 80b95dd6..8b439768 100644 --- a/abci/tests/tcp.rs +++ b/abci/tests/tcp.rs @@ -14,7 +14,7 @@ use tenderdash_abci::proto; fn test_ipv4_server() { // we assume the host uses default Docker network configuration, with the host // using 172.17.0.1 - let bind_address = format!("tcp://172.17.0.1:1234"); + let bind_address = "tcp://172.17.0.1:1234".to_string(); tcp_server_test("v4", bind_address.as_str()); } @@ -27,7 +27,7 @@ fn test_ipv4_server() { fn test_ipv6_server() { // we assume the host uses default Docker network configuration, with the host // using 172.17.0.1. This is IPv6 notation of the IPv4 address. - let bind_address = format!("tcp://[::ffff:ac11:1]:5678"); + let bind_address = "tcp://[::ffff:ac11:1]:5678".to_string(); tcp_server_test("v6", bind_address.as_str()); } @@ -50,7 +50,7 @@ fn tcp_server_test(test_name: &str, bind_address: &str) { let app = TestDispatcher {}; - let server = ServerBuilder::new(app, &bind_address) + let server = ServerBuilder::new(app, bind_address) .build() .expect("server failed"); let socket_uri = bind_address.to_string(); From e343a0bbbc6b0f3663250057c986b3c628897217 Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Thu, 14 Dec 2023 11:31:23 +0100 Subject: [PATCH 02/11] fix: use TENDERDASH_COMMITISH env var if set --- proto/build.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/proto/build.rs b/proto/build.rs index dd0eb6f1..41c909c0 100644 --- a/proto/build.rs +++ b/proto/build.rs @@ -3,10 +3,17 @@ use std::env; fn main() { let version = env!("CARGO_PKG_VERSION"); - env::set_var("TENDERDASH_COMMITISH", "v".to_owned() + version); + // check if TENDERDASH_COMMITISH is alrady set; if not, set it to the current + // version + let commitish = env::var("TENDERDASH_COMMITISH").unwrap_or_default(); + if commitish.is_empty() { + env::set_var("TENDERDASH_COMMITISH", "v".to_owned() + version); + } + tenderdash_proto_compiler::proto_compile(); println!("cargo:rerun-if-changed=../proto-compiler/src"); println!("cargo:rerun-if-changed=Cargo.toml"); println!("cargo:rerun-if-env-changed=CARGO_PKG_VERSION"); + println!("cargo:rerun-if-env-changed=TENDERDASH_COMMITISH"); } From 8df17a1410c1553923d6a13b45985054c6a2670d Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Thu, 14 Dec 2023 11:50:15 +0100 Subject: [PATCH 03/11] feat: support ThresholdRecoverRaw vote extensions --- abci/src/signatures.rs | 82 ++++++++++++++++++++++++++++++++++-------- abci/tests/kvstore.rs | 1 + 2 files changed, 69 insertions(+), 14 deletions(-) diff --git a/abci/src/signatures.rs b/abci/src/signatures.rs index b55400c8..97e050a6 100644 --- a/abci/src/signatures.rs +++ b/abci/src/signatures.rs @@ -318,20 +318,24 @@ impl SignBytes for CanonicalVote { impl SignBytes for VoteExtension { fn sign_bytes(&self, chain_id: &str, height: i64, round: i32) -> Result, Error> { - if self.r#type() != VoteExtensionType::ThresholdRecover { - return Err(Error::Canonical(String::from( - "only ThresholdRecover vote extensions can be signed", - ))); + match self.r#type() { + VoteExtensionType::ThresholdRecover => { + let ve = CanonicalVoteExtension { + chain_id: chain_id.to_string(), + extension: self.extension.clone(), + height, + round: round as i64, + r#type: self.r#type, + }; + + Ok(ve.encode_length_delimited_to_vec()) + }, + VoteExtensionType::ThresholdRecoverRaw => Ok(self.extension.to_vec()), + _ => Err(Error::Canonical(format!( + "unimplemented: vote extension of type {:?} cannot be signed", + self.r#type() + ))), } - let ve = CanonicalVoteExtension { - chain_id: chain_id.to_string(), - extension: self.extension.clone(), - height, - round: round as i64, - r#type: self.r#type, - }; - - Ok(ve.encode_length_delimited_to_vec()) } } @@ -416,11 +420,12 @@ pub mod tests { } #[test] - fn vote_extension_sign_bytes() { + fn vote_extension_threshold_sign_bytes() { let ve = VoteExtension { extension: Vec::from([1u8, 2u8, 3u8, 4u8, 5u8, 6u8, 7u8, 8u8]), r#type: VoteExtensionType::ThresholdRecover.into(), signature: Default::default(), + sign_request_id: None, }; let chain_id = "some-chain".to_string(); @@ -437,6 +442,27 @@ pub mod tests { assert_eq!(expect_sign_bytes, actual); } + #[test] + fn vote_extension_threshold_raw_sign_bytes() { + const EXTENSION: &[u8] = &[1u8, 2u8, 3u8, 4u8, 5u8, 6u8, 7u8, 8u8]; + let ve = VoteExtension { + extension: EXTENSION.to_vec(), + r#type: VoteExtensionType::ThresholdRecoverRaw.into(), + signature: Default::default(), + sign_request_id: Some("dpe-sign-request-id".as_bytes().to_vec()), + }; + + let chain_id = "some-chain".to_string(); + let height = 1; + let round = 2; + + let expect_sign_bytes = EXTENSION.to_vec(); + + let actual = ve.sign_bytes(&chain_id, height, round).unwrap(); + + assert_eq!(expect_sign_bytes, actual); + } + #[test] fn test_sign_digest() { let quorum_hash: [u8; 32] = @@ -459,4 +485,32 @@ pub mod tests { let sign_id = super::sign_digest(100, &quorum_hash, request_id, &sign_bytes_hash); assert_eq!(expect_sign_id, sign_id); // 194,4 } + + #[test] + fn test_raw_extension_sign_digest() { + const QUORUM_TYPE: u8 = 106; + + let quorum_hash: [u8; 32] = + hex::decode("dddabfe1c883dd8a2c71c4281a4212c3715a61f87d62a99aaed0f65a0506c053") + .unwrap() + .try_into() + .unwrap(); + + let request_id = + hex::decode("922a8fc39b6e265ca761eaaf863387a5e2019f4795a42260805f5562699fd9fa") + .unwrap(); + let request_id = request_id[..].try_into().unwrap(); + + let sign_bytes_hash = + hex::decode("7dfb2432d37f004c4eb2b9aebf601ba4ad59889b81d2e8c7029dce3e0bf8381c") + .unwrap(); + + let mut expect_sign_id = + hex::decode("6d98f773cef8484432c4946c6b96e04aab39fd119c77de2f21d668dd17d5d2f6") + .unwrap(); + expect_sign_id.reverse(); + + let sign_id = super::sign_digest(QUORUM_TYPE, &quorum_hash, request_id, &sign_bytes_hash); + assert_eq!(expect_sign_id, sign_id); + } } diff --git a/abci/tests/kvstore.rs b/abci/tests/kvstore.rs index a243363f..bcd41090 100644 --- a/abci/tests/kvstore.rs +++ b/abci/tests/kvstore.rs @@ -320,6 +320,7 @@ impl Application for KVStoreABCI<'_> { vote_extensions: vec![proto::abci::ExtendVoteExtension { r#type: proto::types::VoteExtensionType::ThresholdRecover as i32, extension: height, + sign_request_id: None, }], }) } From 951b4670e95771803c31111ea1ec82e6c02fc4f1 Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Thu, 14 Dec 2023 12:00:52 +0100 Subject: [PATCH 04/11] chore: bump version to 0.14.0-dev.1 --- abci/Cargo.toml | 4 ++-- proto-compiler/Cargo.toml | 4 ++-- proto/Cargo.toml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/abci/Cargo.toml b/abci/Cargo.toml index 3c35f125..27237dd3 100644 --- a/abci/Cargo.toml +++ b/abci/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tenderdash-abci" -version = "0.13.1" +version = "0.14.0-dev.1" edition = "2021" license = "Apache-2.0" readme = "README.md" @@ -31,7 +31,7 @@ required-features = ["server"] [dependencies] uuid = { version = "1.4.1", features = ["v4", "fast-rng"], optional = true } -tenderdash-proto = { version = "0.13.2", path = "../proto" } +tenderdash-proto = { path = "../proto" } bytes = { version = "1.0" } prost = { version = "0.12" } tracing = { version = "0.1", default-features = false } diff --git a/proto-compiler/Cargo.toml b/proto-compiler/Cargo.toml index 3e4e01c1..20049eb6 100644 --- a/proto-compiler/Cargo.toml +++ b/proto-compiler/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "tenderdash-proto-compiler" -version = "0.1.0" -authors = ["Informal Systems "] +version = "0.14.0-dev.1" +authors = ["Informal Systems ", "Dash Core Group"] edition = "2021" description = "Internal tool to download and build tenderdash protobuf definitions; used by proto/build.rs" publish = false diff --git a/proto/Cargo.toml b/proto/Cargo.toml index 8f0530bd..ec5f4370 100644 --- a/proto/Cargo.toml +++ b/proto/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tenderdash-proto" -version = "0.13.2" +version = "0.14.0-dev.1" edition = "2021" license = "Apache-2.0" repository = "https://github.com/dashpay/rs-tenderdash-abci/tree/main/proto" From 7472e93406ab9dcc1cf0c23132f07eb3dc9d6764 Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:13:44 +0100 Subject: [PATCH 05/11] chore: bump version to 0.14.0-dev.6 --- abci/Cargo.toml | 2 +- proto-compiler/Cargo.toml | 2 +- proto/Cargo.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/abci/Cargo.toml b/abci/Cargo.toml index 349507a8..152126ae 100644 --- a/abci/Cargo.toml +++ b/abci/Cargo.toml @@ -1,5 +1,5 @@ [package] -version = "0.14.0-dev.5" +version = "0.14.0-dev.6" name = "tenderdash-abci" edition = "2021" license = "Apache-2.0" diff --git a/proto-compiler/Cargo.toml b/proto-compiler/Cargo.toml index 8b34e0fd..9980ade6 100644 --- a/proto-compiler/Cargo.toml +++ b/proto-compiler/Cargo.toml @@ -1,5 +1,5 @@ [package] -version = "0.14.0-dev.5" +version = "0.14.0-dev.6" name = "tenderdash-proto-compiler" authors = ["Informal Systems ", "Dash Core Group"] edition = "2021" diff --git a/proto/Cargo.toml b/proto/Cargo.toml index 17950168..430b4646 100644 --- a/proto/Cargo.toml +++ b/proto/Cargo.toml @@ -1,5 +1,5 @@ [package] -version = "0.14.0-dev.5" +version = "0.14.0-dev.6" name = "tenderdash-proto" edition = "2021" license = "Apache-2.0" From 34be58b557d50c8d535d9754a66e23de807ec802 Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:23:19 +0100 Subject: [PATCH 06/11] chore: set default Tenderdash version to v0.14.0-dev.2 --- proto/build.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proto/build.rs b/proto/build.rs index c0947619..80894aae 100644 --- a/proto/build.rs +++ b/proto/build.rs @@ -1,13 +1,13 @@ use std::env; fn main() { - // let version = env!("CARGO_PKG_VERSION"); + const DEFAULT_VERSION: &str = "v0.14.0-dev.2"; // check if TENDERDASH_COMMITISH is already set; if not, set it to the current // version let commitish = env::var("TENDERDASH_COMMITISH").unwrap_or_default(); if commitish.is_empty() { - env::set_var("TENDERDASH_COMMITISH", "v0.14.0-dev.1".to_owned()); + env::set_var("TENDERDASH_COMMITISH", DEFAULT_VERSION); } tenderdash_proto_compiler::proto_compile(); From 712c33c0c5402ede0950f2f8551b535d2b0151cb Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Wed, 31 Jan 2024 14:21:11 +0100 Subject: [PATCH 07/11] feat: threshold raw vote extensions sign_hash --- abci/src/signatures.rs | 157 ++++++++++++++++++++++++++++------------- 1 file changed, 107 insertions(+), 50 deletions(-) diff --git a/abci/src/signatures.rs b/abci/src/signatures.rs index 97e050a6..fac9bc9f 100644 --- a/abci/src/signatures.rs +++ b/abci/src/signatures.rs @@ -33,6 +33,7 @@ const VOTE_EXTENSION_REQUEST_ID_PREFIX: &str = "dpevote"; /// SignDigest returns message digest that should be provided directly to a /// signing/verification function (aka Sign ID) pub trait SignDigest { + #[deprecated = "replaced with sign_hash() to unify naming between core, platform and tenderdash"] fn sign_digest( &self, chain_id: &str, @@ -40,11 +41,24 @@ pub trait SignDigest { quorum_hash: &[u8; 32], height: i64, round: i32, + ) -> Result, Error> { + self.sign_hash(chain_id, quorum_type, quorum_hash, height, round) + } + + /// Returns message digest that should be provided directly to a + /// signing/verification function. + fn sign_hash( + &self, + chain_id: &str, + quorum_type: u8, + quorum_hash: &[u8; 32], + height: i64, + round: i32, ) -> Result, Error>; } impl SignDigest for Commit { - fn sign_digest( + fn sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -60,7 +74,7 @@ impl SignDigest for Commit { let request_id = sign_request_id(VOTE_REQUEST_ID_PREFIX, height, round); let sign_bytes_hash = self.sha256(chain_id, height, round)?; - let digest = sign_digest( + let digest = sign_hash( quorum_type, quorum_hash, request_id[..] @@ -81,7 +95,7 @@ impl SignDigest for Commit { } impl SignDigest for CanonicalVote { - fn sign_digest( + fn sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -93,7 +107,7 @@ impl SignDigest for CanonicalVote { let request_id = sign_request_id(VOTE_REQUEST_ID_PREFIX, height, round); let sign_bytes_hash = self.sha256(chain_id, height, round)?; - let digest = sign_digest( + let digest = sign_hash( quorum_type, quorum_hash, request_id[..] @@ -114,7 +128,7 @@ impl SignDigest for CanonicalVote { } impl SignDigest for VoteExtension { - fn sign_digest( + fn sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -122,15 +136,53 @@ impl SignDigest for VoteExtension { height: i64, round: i32, ) -> Result, Error> { - let request_id = sign_request_id(VOTE_EXTENSION_REQUEST_ID_PREFIX, height, round); - let sign_bytes_hash = self.sha256(chain_id, height, round)?; + let (request_id, sign_bytes_hash) = match self.r#type() { + VoteExtensionType::ThresholdRecover => { + let request_id = sign_request_id(VOTE_EXTENSION_REQUEST_ID_PREFIX, height, round); + let sign_bytes_hash = self.sha256(chain_id, height, round)?; - Ok(sign_digest( + (request_id, sign_bytes_hash) + }, + + VoteExtensionType::ThresholdRecoverRaw => { + let mut sign_bytes_hash = self.extension.clone(); + sign_bytes_hash.reverse(); + + let request_id = self.sign_request_id.clone().unwrap_or_default(); + let request_id = if request_id.is_empty() { + sign_request_id(VOTE_EXTENSION_REQUEST_ID_PREFIX, height, round) + } else { + // we do double-sha256, and then reverse bytes + let mut request_id = lhash::sha256(&lhash::sha256(&request_id)); + request_id.reverse(); + request_id.to_vec() + }; + + (request_id, sign_bytes_hash) + }, + + VoteExtensionType::Default => unimplemented!( + "vote extension of type {:?} cannot be signed", + self.r#type() + ), + }; + let sign_hash = sign_hash( quorum_type, quorum_hash, - request_id[..].try_into().unwrap(), + request_id[..] + .try_into() + .expect("invalid request ID length"), &sign_bytes_hash, - )) + ); + + tracing::trace!( + digest=hex::encode(&sign_hash), + ?quorum_type, + quorum_hash=hex::encode(quorum_hash), + request_id=hex::encode(request_id), + vote_extension=?self, "vote extension sign hash"); + + Ok(sign_hash) } } @@ -142,7 +194,7 @@ fn sign_request_id(prefix: &str, height: i64, round: i32) -> Vec { lhash::sha256(&buf).to_vec() } -fn sign_digest( +fn sign_hash( quorum_type: u8, quorum_hash: &[u8; 32], request_id: &[u8; 32], @@ -344,8 +396,11 @@ pub mod tests { use std::{string::ToString, vec::Vec}; use super::SignBytes; - use crate::proto::types::{ - Commit, PartSetHeader, SignedMsgType, Vote, VoteExtension, VoteExtensionType, + use crate::{ + proto::types::{ + Commit, PartSetHeader, SignedMsgType, Vote, VoteExtension, VoteExtensionType, + }, + signatures::SignDigest, }; #[test] @@ -442,25 +497,38 @@ pub mod tests { assert_eq!(expect_sign_bytes, actual); } - #[test] - fn vote_extension_threshold_raw_sign_bytes() { - const EXTENSION: &[u8] = &[1u8, 2u8, 3u8, 4u8, 5u8, 6u8, 7u8, 8u8]; + /// test vector for threshold-raw vote extensions + /// + /// Returns expected sig hash and vote extension + fn ve_threshold_raw() -> ([u8; 32], VoteExtension) { let ve = VoteExtension { - extension: EXTENSION.to_vec(), + extension: [1, 2, 3, 4, 5, 6, 7, 8].repeat(4), r#type: VoteExtensionType::ThresholdRecoverRaw.into(), signature: Default::default(), - sign_request_id: Some("dpe-sign-request-id".as_bytes().to_vec()), + sign_request_id: Some("dpevote-someSignRequestID".as_bytes().to_vec()), }; + let expected_sign_hash: [u8; 32] = [ + 0xe, 0x88, 0x8d, 0xa8, 0x97, 0xf1, 0xc0, 0xfd, 0x6a, 0xe8, 0x3b, 0x77, 0x9b, 0x5, 0xdd, + 0x28, 0xc, 0xe2, 0x58, 0xf6, 0x4c, 0x86, 0x1, 0x34, 0xfa, 0x4, 0x27, 0xe1, 0xaa, 0xab, + 0x1a, 0xde, + ]; - let chain_id = "some-chain".to_string(); - let height = 1; - let round = 2; + (expected_sign_hash, ve) + } - let expect_sign_bytes = EXTENSION.to_vec(); + #[test] + fn test_ve_threshold_raw_sign_bytes() { + let (_, ve) = ve_threshold_raw(); + let expected_sign_bytes = ve.extension.clone(); + + // chain_id, height and round are unused + let chain_id = String::new(); + let height = -1; + let round = -1; let actual = ve.sign_bytes(&chain_id, height, round).unwrap(); - assert_eq!(expect_sign_bytes, actual); + assert_eq!(expected_sign_bytes, actual); } #[test] @@ -478,39 +546,28 @@ pub mod tests { hex::decode("0CA3D5F42BDFED0C4FDE7E6DE0F046CC76CDA6CEE734D65E8B2EE0E375D4C57D") .unwrap(); - let expect_sign_id = + let expect_sign_hash = hex::decode("DA25B746781DDF47B5D736F30B1D9D0CC86981EEC67CBE255265C4361DEF8C2E") .unwrap(); - let sign_id = super::sign_digest(100, &quorum_hash, request_id, &sign_bytes_hash); - assert_eq!(expect_sign_id, sign_id); // 194,4 + let sign_hash = super::sign_hash(100, &quorum_hash, request_id, &sign_bytes_hash); + assert_eq!(expect_sign_hash, sign_hash); // 194,4 } #[test] - fn test_raw_extension_sign_digest() { + fn test_ve_threshold_raw_sign_digest() { const QUORUM_TYPE: u8 = 106; - - let quorum_hash: [u8; 32] = - hex::decode("dddabfe1c883dd8a2c71c4281a4212c3715a61f87d62a99aaed0f65a0506c053") - .unwrap() - .try_into() - .unwrap(); - - let request_id = - hex::decode("922a8fc39b6e265ca761eaaf863387a5e2019f4795a42260805f5562699fd9fa") - .unwrap(); - let request_id = request_id[..].try_into().unwrap(); - - let sign_bytes_hash = - hex::decode("7dfb2432d37f004c4eb2b9aebf601ba4ad59889b81d2e8c7029dce3e0bf8381c") - .unwrap(); - - let mut expect_sign_id = - hex::decode("6d98f773cef8484432c4946c6b96e04aab39fd119c77de2f21d668dd17d5d2f6") - .unwrap(); - expect_sign_id.reverse(); - - let sign_id = super::sign_digest(QUORUM_TYPE, &quorum_hash, request_id, &sign_bytes_hash); - assert_eq!(expect_sign_id, sign_id); + let quorum_hash: [u8; 32] = [8u8, 7, 6, 5, 4, 3, 2, 1] + .repeat(4) + .try_into() + .expect("invalid quorum hash length"); + let (expected_sign_hash, ve) = ve_threshold_raw(); + + // height, round, chain id are not used in sign digest for threshold-raw + let sign_hash = ve + .sign_hash("", QUORUM_TYPE, &quorum_hash, -1, -1) + .expect("sign digest failed"); + + assert_eq!(sign_hash, expected_sign_hash); } } From 24c3000801f8433dbca1877dbc9ff5f29e57be3f Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Wed, 31 Jan 2024 14:25:11 +0100 Subject: [PATCH 08/11] fix: take TENDERDASH_VERSION from td version.go --- abci/tests/common/docker.rs | 7 +++---- proto-compiler/src/functions.rs | 31 ++++++++++++++++++++++++++++--- proto-compiler/src/lib.rs | 7 ++++--- proto/tests/unit.rs | 6 ------ 4 files changed, 35 insertions(+), 16 deletions(-) diff --git a/abci/tests/common/docker.rs b/abci/tests/common/docker.rs index 5e1e5001..9d084ca6 100644 --- a/abci/tests/common/docker.rs +++ b/abci/tests/common/docker.rs @@ -39,10 +39,9 @@ impl TenderdashDocker { app_address: &str, ) -> TenderdashDocker { // let tag = String::from(tenderdash_proto::VERSION); - let tag = match tag { - None => tenderdash_proto::meta::TENDERDASH_VERSION, - Some("") => tenderdash_proto::meta::TENDERDASH_VERSION, - Some(tag) => tag, + let tag = match tag.unwrap_or_default() { + "" => tenderdash_proto::meta::TENDERDASH_VERSION, + tag => tag, }; let app_address = url::Url::parse(app_address).expect("invalid app address"); diff --git a/proto-compiler/src/functions.rs b/proto-compiler/src/functions.rs index f3dc02c9..50ca2904 100644 --- a/proto-compiler/src/functions.rs +++ b/proto-compiler/src/functions.rs @@ -222,8 +222,32 @@ pub fn abci_version>(dir: T) -> String { .to_string() } +pub fn tenderdash_version>(dir: T) -> String { + let mut file_path = dir.as_ref().to_path_buf(); + file_path.push("version/version.go"); + + let contents = read_to_string(&file_path).expect("cannot read version/version.go"); + use regex::Regex; + + let re = Regex::new(r##"(?m)^\s+TMVersionDefault\s*=\s*"([^"]+)"\s+*$"##).unwrap(); + let captures = re + .captures(&contents) + .expect("cannot find TMVersionDefault in version/version.go"); + + captures + .get(1) + .expect("TMVersionDefault not found in version/version.go") + .as_str() + .to_string() +} + /// Create tenderdash.rs with library information -pub fn generate_tenderdash_lib(prost_dir: &Path, tenderdash_lib_target: &Path, abci_version: &str) { +pub fn generate_tenderdash_lib( + prost_dir: &Path, + tenderdash_lib_target: &Path, + abci_ver: &str, + td_ver: &str, +) { let mut file_names = WalkDir::new(prost_dir) .into_iter() .filter_map(|e| e.ok()) @@ -279,13 +303,14 @@ pub mod meta {{ /// Semantic version of ABCI protocol pub const ABCI_VERSION: &str = \"{}\"; /// Version of Tenderdash server used to generate protobuf configs - pub const TENDERDASH_VERSION: &str = env!(\"CARGO_PKG_VERSION\"); + pub const TENDERDASH_VERSION: &str =\"{}\"; }} ", content, crate::constants::TENDERDASH_REPO, tenderdash_commitish(), - abci_version, + abci_ver, + td_ver, ); let mut file = diff --git a/proto-compiler/src/lib.rs b/proto-compiler/src/lib.rs index 38b0dd70..0dcb7215 100644 --- a/proto-compiler/src/lib.rs +++ b/proto-compiler/src/lib.rs @@ -5,7 +5,7 @@ use tempfile::tempdir; mod functions; use functions::{ abci_version, copy_files, fetch_commitish, find_proto_files, generate_tenderdash_lib, - tenderdash_commitish, + tenderdash_commitish, tenderdash_version, }; mod constants; @@ -93,7 +93,8 @@ pub fn proto_compile() { ); println!("[info] => Determining ABCI protocol version."); - let abci_ver = abci_version(tenderdash_dir); + let abci_ver = abci_version(&tenderdash_dir); + let tenderdash_ver = tenderdash_version(tenderdash_dir); println!("[info] => Creating structs."); pb.compile_protos(&protos, &proto_includes_paths).unwrap(); @@ -101,7 +102,7 @@ pub fn proto_compile() { println!("[info] => Removing old structs and copying new structs."); copy_files(&out_dir, &target_dir); // This panics if it fails. - generate_tenderdash_lib(&out_dir, &tenderdash_lib_target, &abci_ver); + generate_tenderdash_lib(&out_dir, &tenderdash_lib_target, &abci_ver, &tenderdash_ver); println!("[info] => Done!"); } diff --git a/proto/tests/unit.rs b/proto/tests/unit.rs index 8ebd5929..f820160b 100644 --- a/proto/tests/unit.rs +++ b/proto/tests/unit.rs @@ -133,9 +133,3 @@ pub fn test_response_exception_from() { "string" ); } - -#[test] -pub fn test_tenderdash_version() { - let version = env!("CARGO_PKG_VERSION"); - assert_eq!(version, tenderdash_proto::meta::TENDERDASH_VERSION) -} From f8b141b97cc4811282d5a377592b61eb86aca3f2 Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Wed, 31 Jan 2024 14:59:16 +0100 Subject: [PATCH 09/11] chore: fmt --- proto-compiler/src/functions.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto-compiler/src/functions.rs b/proto-compiler/src/functions.rs index 50ca2904..fe183e74 100644 --- a/proto-compiler/src/functions.rs +++ b/proto-compiler/src/functions.rs @@ -303,7 +303,7 @@ pub mod meta {{ /// Semantic version of ABCI protocol pub const ABCI_VERSION: &str = \"{}\"; /// Version of Tenderdash server used to generate protobuf configs - pub const TENDERDASH_VERSION: &str =\"{}\"; + pub const TENDERDASH_VERSION: &str = \"{}\"; }} ", content, From 251386f9e4109c89ca628226c981c489b80aed80 Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Thu, 1 Feb 2024 12:02:00 +0100 Subject: [PATCH 10/11] refactor(abci)!: renames in signature processing --- abci/src/signatures.rs | 94 +++++++++++++++++++++++++++--------------- 1 file changed, 60 insertions(+), 34 deletions(-) diff --git a/abci/src/signatures.rs b/abci/src/signatures.rs index fac9bc9f..63e48213 100644 --- a/abci/src/signatures.rs +++ b/abci/src/signatures.rs @@ -1,14 +1,21 @@ //! Digital signature processing //! -//! The workflow is as follows: +//! This module contains code for processing digital signatures, including +//! calculating message hash to be signed, and calculating signature digest. //! -//! 1. First, we serialize data to get bytes to be signed using -//! [SignBytes::sign_bytes]. +//! The code in this module is based on Tenderdash implementation. //! -//! 2. Then, we calculate hash with [SignBytes::sha256]. +//! Two main traits are defined: +//! - [Signable] - for objects that can be signed/verified by Tenderdash. +//! - [Hashable] - for objects that can be serialized and hashed by Tenderdash. //! -//! 3. Then, we calculate digest using [SignDigest::sign_digest] that is passed -//! directly to the public/private key. +//! All [Signable] objects are also [Hashable], but not vice versa. +//! For example, [StateId] is [Hashable], but not [Signable], as it is only +//! part of some other signed objects. +//! +//! When signing or verifying signature, use [Signable::calculate_sign_hash] to +//! calculate signature digest and provide it as a digest directly to the +//! signature or verification function. use std::{ string::{String, ToString}, @@ -30,10 +37,9 @@ use crate::{ const VOTE_REQUEST_ID_PREFIX: &str = "dpbvote"; const VOTE_EXTENSION_REQUEST_ID_PREFIX: &str = "dpevote"; -/// SignDigest returns message digest that should be provided directly to a -/// signing/verification function (aka Sign ID) -pub trait SignDigest { - #[deprecated = "replaced with sign_hash() to unify naming between core, platform and tenderdash"] +/// Object that can be signed/verified by Tenderdash. +pub trait Signable: Hashable { + #[deprecated = "replaced by calculate_sign_hash() to unify naming between core, platform and tenderdash"] fn sign_digest( &self, chain_id: &str, @@ -42,12 +48,12 @@ pub trait SignDigest { height: i64, round: i32, ) -> Result, Error> { - self.sign_hash(chain_id, quorum_type, quorum_hash, height, round) + self.calculate_sign_hash(chain_id, quorum_type, quorum_hash, height, round) } - /// Returns message digest that should be provided directly to a + /// Returns message hash that should be provided directly to a /// signing/verification function. - fn sign_hash( + fn calculate_sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -57,8 +63,8 @@ pub trait SignDigest { ) -> Result, Error>; } -impl SignDigest for Commit { - fn sign_hash( +impl Signable for Commit { + fn calculate_sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -72,7 +78,7 @@ impl SignDigest for Commit { } let request_id = sign_request_id(VOTE_REQUEST_ID_PREFIX, height, round); - let sign_bytes_hash = self.sha256(chain_id, height, round)?; + let sign_bytes_hash = self.calculate_msg_hash(chain_id, height, round)?; let digest = sign_hash( quorum_type, @@ -94,8 +100,8 @@ impl SignDigest for Commit { } } -impl SignDigest for CanonicalVote { - fn sign_hash( +impl Signable for CanonicalVote { + fn calculate_sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -105,7 +111,7 @@ impl SignDigest for CanonicalVote { round: i32, ) -> Result, Error> { let request_id = sign_request_id(VOTE_REQUEST_ID_PREFIX, height, round); - let sign_bytes_hash = self.sha256(chain_id, height, round)?; + let sign_bytes_hash = self.calculate_msg_hash(chain_id, height, round)?; let digest = sign_hash( quorum_type, @@ -127,8 +133,8 @@ impl SignDigest for CanonicalVote { } } -impl SignDigest for VoteExtension { - fn sign_hash( +impl Signable for VoteExtension { + fn calculate_sign_hash( &self, chain_id: &str, quorum_type: u8, @@ -139,7 +145,7 @@ impl SignDigest for VoteExtension { let (request_id, sign_bytes_hash) = match self.r#type() { VoteExtensionType::ThresholdRecover => { let request_id = sign_request_id(VOTE_EXTENSION_REQUEST_ID_PREFIX, height, round); - let sign_bytes_hash = self.sha256(chain_id, height, round)?; + let sign_bytes_hash = self.calculate_msg_hash(chain_id, height, round)?; (request_id, sign_bytes_hash) }, @@ -222,21 +228,41 @@ fn sign_hash( lhash::sha256(&hash).to_vec() } -pub trait SignBytes { - /// Marshal into byte buffer, representing bytes to be used in signature - /// process. - /// - /// See also: [SignDigest]. - fn sign_bytes(&self, chain_id: &str, height: i64, round: i32) -> Result, Error>; - +/// Calculate hash (sha256) of the data, using algorithms used by +/// Tenderdash. +pub trait Hashable { /// Generate hash of data to sign - fn sha256(&self, chain_id: &str, height: i64, round: i32) -> Result, Error> { + fn calculate_msg_hash(&self, chain_id: &str, height: i64, round: i32) + -> Result, Error>; +} + +impl Hashable for T { + /// Generate hash of data, to be used in signature process. + /// + /// Generates hash of the m + fn calculate_msg_hash( + &self, + chain_id: &str, + height: i64, + round: i32, + ) -> Result, Error> { let sb = self.sign_bytes(chain_id, height, round)?; let result = lhash::sha256(&sb); Ok(Vec::from(result)) } } +/// Marshals data into bytes to be used in signature process. +/// +/// After marhaling, the bytes are hashed and then +trait SignBytes { + /// Marshal into byte buffer, representing bytes to be used in signature + /// process. + /// + /// See also: [SignDigest]. + fn sign_bytes(&self, chain_id: &str, height: i64, round: i32) -> Result, Error>; +} + impl SignBytes for StateId { fn sign_bytes(&self, _chain_id: &str, _height: i64, _round: i32) -> Result, Error> { let mut buf = Vec::new(); @@ -287,7 +313,7 @@ impl SignBytes for Vote { .clone() .ok_or(Error::Canonical(String::from("missing vote.block id")))?; - let block_id_hash = block_id.sha256(chain_id, height, round)?; + let block_id_hash = block_id.calculate_msg_hash(chain_id, height, round)?; let state_id_hash = block_id.state_id; let canonical = CanonicalVote { @@ -317,7 +343,7 @@ impl SignBytes for Commit { .ok_or(Error::Canonical(String::from("missing vote.block id")))?; let state_id_hash = block_id.state_id.clone(); - let block_id_hash = block_id.sha256(chain_id, height, round)?; + let block_id_hash = block_id.calculate_msg_hash(chain_id, height, round)?; let canonical = CanonicalVote { block_id: block_id_hash, @@ -400,7 +426,7 @@ pub mod tests { proto::types::{ Commit, PartSetHeader, SignedMsgType, Vote, VoteExtension, VoteExtensionType, }, - signatures::SignDigest, + signatures::Signable, }; #[test] @@ -565,7 +591,7 @@ pub mod tests { // height, round, chain id are not used in sign digest for threshold-raw let sign_hash = ve - .sign_hash("", QUORUM_TYPE, &quorum_hash, -1, -1) + .calculate_sign_hash("", QUORUM_TYPE, &quorum_hash, -1, -1) .expect("sign digest failed"); assert_eq!(sign_hash, expected_sign_hash); From c0b9faa1e39227fe79bbeca609b0e3bcdd743a4b Mon Sep 17 00:00:00 2001 From: Lukasz Klimek <842586+lklimek@users.noreply.github.com> Date: Thu, 1 Feb 2024 12:07:28 +0100 Subject: [PATCH 11/11] chore(abci): add comments to remove tracing:: in signatures once stable --- abci/src/signatures.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/abci/src/signatures.rs b/abci/src/signatures.rs index 63e48213..649fb9e1 100644 --- a/abci/src/signatures.rs +++ b/abci/src/signatures.rs @@ -89,6 +89,7 @@ impl Signable for Commit { &sign_bytes_hash, ); + // TODO: Remove once withdrawals are stable tracing::trace!( digest=hex::encode(&digest), ?quorum_type, @@ -122,6 +123,7 @@ impl Signable for CanonicalVote { &sign_bytes_hash, ); + // TODO: Remove once withdrawals are stable tracing::trace!( digest=hex::encode(&digest), ?quorum_type, @@ -181,6 +183,7 @@ impl Signable for VoteExtension { &sign_bytes_hash, ); + // TODO: Remove once withdrawals are stable tracing::trace!( digest=hex::encode(&sign_hash), ?quorum_type, @@ -385,6 +388,7 @@ impl SignBytes for CanonicalVote { } buf.put(chain_id.as_bytes()); + // TODO: Remove once withdrawals are stable tracing::trace!( sign_bytes=hex::encode(&buf), height,round,