Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Address to the problem that the signature of bls voter cannot be verified #202

Merged
merged 4 commits into from
Mar 31, 2021
Merged

Conversation

Kynea0b
Copy link
Contributor

@Kynea0b Kynea0b commented Mar 29, 2021

Closes: #182

Description

If the node is delayed, it downloads the block and revalidates the voter of the last block. At this time, the BLS signature could not be verified. So, this PR fixs a bug that BLS verification could not be performed.(SwitchToConsensusCommitToVoteSet)

Reference:
https://github.com/line/lbm/issues/1237
#182


For contributor use:

  • Wrote tests
  • Updated CHANGELOG_PENDING.md
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Updated relevant documentation (docs/) and code comments
  • Re-reviewed Files changed in the Github PR explorer

@Kynea0b Kynea0b changed the title fix: fix a bug that bls voter could not be verified fix: Address to the problem that the signature of bls voter cannot be verified Mar 29, 2021
@Kynea0b Kynea0b requested review from torao and tnasu March 29, 2021 05:17
@Kynea0b
Copy link
Contributor Author

Kynea0b commented Mar 29, 2021

I changed the commit message and pushed it back.

types/block.go Outdated Show resolved Hide resolved
types/block.go Outdated Show resolved Hide resolved
types/block.go Outdated Show resolved Hide resolved
types/block.go Outdated Show resolved Hide resolved
types/block.go Outdated Show resolved Hide resolved
types/vote_set.go Outdated Show resolved Hide resolved
types/vote_set.go Outdated Show resolved Hide resolved
types/vote_set.go Outdated Show resolved Hide resolved
Copy link
Contributor

@torao torao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please insert an if and panic() in MakeCommit() to ensure that it's not possible to create another Commit from the VoterSet that contains aggregated signatures.

types/block.go Outdated Show resolved Hide resolved
types/block.go Outdated Show resolved Hide resolved
@@ -200,9 +224,7 @@ func (voteSet *VoteSet) addVote(vote *Vote) (added bool, err error) {
}

// Check signature.
if err := vote.Verify(voteSet.chainID, voter.PubKey); err != nil {
return false, errors.Wrapf(err, "Failed to verify vote with ChainID %s and PubKey %s", voteSet.chainID, voter.PubKey)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where are the checks made that are erased here?

Copy link
Contributor Author

@Kynea0b Kynea0b Mar 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The verification points are as follows.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The specified URL seems not to address the correct location. I can't find execVoteVerify() in this PR and develop branch. Where is it defined?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah~ I understood.

types/vote_set.go Outdated Show resolved Hide resolved
@Kynea0b
Copy link
Contributor Author

Kynea0b commented Mar 30, 2021

Since there were many omissions in error processing, I will force-push the commits together.

@Kynea0b
Copy link
Contributor Author

Kynea0b commented Mar 30, 2021

@torao

Please insert an if and panic() in MakeCommit() to ensure that it's not possible to create another Commit from the VoterSet that contains aggregated signatures.

Do you mean to put panic processing in this function? If so, it's different from this issue, so I'd like to make another PR.
https://github.com/line/ostracon/blob/develop/types/vote_set.go#L557

Copy link
Member

@tnasu tnasu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@torao torao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fix modifies the behavior of CommitToVoteSet() and related other functions, so the corresponding unit-test code is required. Please add tests that ensure the behavior of the functions.

@@ -200,9 +224,7 @@ func (voteSet *VoteSet) addVote(vote *Vote) (added bool, err error) {
}

// Check signature.
if err := vote.Verify(voteSet.chainID, voter.PubKey); err != nil {
return false, errors.Wrapf(err, "Failed to verify vote with ChainID %s and PubKey %s", voteSet.chainID, voter.PubKey)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The specified URL seems not to address the correct location. I can't find execVoteVerify() in this PR and develop branch. Where is it defined?

Copy link
Contributor

@torao torao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@torao

Please insert an if and panic() in MakeCommit() to ensure that it's not possible to create another Commit from the VoterSet that contains aggregated signatures.

Do you mean to put panic processing in this function? If so, it's different from this issue, so I'd like to make another PR.
https://github.com/line/ostracon/blob/develop/types/vote_set.go#L557

Yes, the VoteSet converted from Commit is missing AggregatedSignature field, so it seems that Commit cannot be restored, but the API allows it. So I think it's better to place the assertion on it.

@Kynea0b
Copy link
Contributor Author

Kynea0b commented Mar 31, 2021

@torao
The intention of processing CommitToVoteSet is to confirm whether the vote verification of the last block has passed. Since this is a process that is not related to block creation, I think the assertion is not necessary to meet the intention of this CommitToVoteSet process.

@Kynea0b
Copy link
Contributor Author

Kynea0b commented Mar 31, 2021

This fix modifies the behavior of CommitToVoteSet() and related other functions, so the corresponding unit-test code is > required. Please add tests that ensure the behavior of the functions.

@torao
ComitToVoteSet is only called by reconstructLastCommit. MakeCommit is used as preprocessing in the CommitToVoteset test code. MakeCommit is currently a separate process from AggregateSignature, but it seems necessary to combine it. If I don't write the test after reviewing it, I have to rewrite it twice. So I would like to do it together with the repair of MakeCommit in the next PR.

Copy link
Contributor

@torao torao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I understand that there is currently no behavior to generate a Commit from a restored VoteSet, and we will not be doing so in the future. However, the implementors of Tendermint assume that Commit and VoteSet are mutually convertible. I think it would be better to set up an assertion because there are no further assumptions for them.

This isn't about the current problems, but about whether to implement them defensively, so I'm not going to make a strong request about this.

I'll approve this on the assumption that testing will definitely be done later.

@@ -200,9 +224,7 @@ func (voteSet *VoteSet) addVote(vote *Vote) (added bool, err error) {
}

// Check signature.
if err := vote.Verify(voteSet.chainID, voter.PubKey); err != nil {
return false, errors.Wrapf(err, "Failed to verify vote with ChainID %s and PubKey %s", voteSet.chainID, voter.PubKey)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah~ I understood.

@Kynea0b
Copy link
Contributor Author

Kynea0b commented Mar 31, 2021

Thank you. If you know where this tendermint description is, I would appreciate it if you could let me know. If this is the case, I think we may need to revisit your data structure.

However, the implementors of Tendermint assume that Commit and VoteSet are mutually convertible.

@Kynea0b Kynea0b merged commit b77afff into Finschia:develop Mar 31, 2021
if err != nil {
panic(fmt.Sprintf("Failed to MarshalBinaryLengthPrefixed : %v", err))
}
blsPubKeys = append(blsPubKeys, voter.PubKey.(composite.PubKeyComposite).SignKey.(bls.PubKeyBLS12))
Copy link
Member

@tnasu tnasu Apr 1, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We seem to have implemented similar logic like this:

@Kynea0b Kynea0b self-assigned this Apr 5, 2021
torao pushed a commit that referenced this pull request Jun 18, 2021
… verified (#202)

* fix: Address to the problem that the signature of bls voter cannot be verified

* fix: fix error handling

* fix: fix error handling omission

* fix: Specify the capacity of the slice `blsPubKeys` and `msgs` in advance
torao added a commit that referenced this pull request Jul 5, 2021
* Fix skipped `TestReactorWithTimeoutCommit` test

* Fix `TestByzantine`

* Modify to find proposer directly on `TestReactorRecordsVotesAndBlockParts`

* fix: reactor test failure

* set resource for the circleci machine

* fix: skipped tests

* fix: race bug

* fix: apply comment

* chore: remove blank line

* fix: refine forceProposer

* fix: remove hard code

* fix: refactoring forceProposer

* fixed skipped testcase (but in the end, skipped them that were difficult to apply VRF)

* fixed all FIXME, pass all tests

* Fix race detection error of `SelectProposer` (unit tests uncompleted)

* Fix `TestReactorHelperMode` error in the `blockchain/v2/reactor_test.go`

* fix lint warnings.

* Modify the file name of `CHANGELOG.md` to `CHANGELOG_OF_TENDERMINT.md`

* changelog and version
* Add LINE version in Tendermint version

* Disable checking the markdown links.
- Error links are all origin Tendermint links

* Fix swagger format error.

* Fix dredd skip paths.

* Fix `/genesis` dredd test
- Change `max_age` to `max_age_num_blocks` of GenesisResponse in the swagger
- Add `max_age_duration` of GenesisResponse in the swagger

* Fix dredd fail case.
- `broadcast_tx_sync`
- `broadcast_tx_async`
- `broadcast_tx_commit`
- `tx_search`

* Fix dredd test case(2)
- /block_results
- /tx_search
- /dump_consensus_state
- /consensus_params

* Add fixed dredd test to circleCI

* Add changelog

* Remove unused RemoveProperty of unmarshal.go

* feat: election of ValidatorSet based on VRF #74

feat: add voteset to state

feat: implement VoterSet

fix: test failure

fix: change validators to voters more

feat: implement select voters

feat: implement RandomSamplingToMax

feat: add test case

feat: more test

fix: fmt check failure

fix: circleci failure

fix: randValidator may create a validator having 0 voting power

fix: elect a proposer among validators not among voters

fix: apply comment; proposer must be found in validators

fix: apply comments

fix: contracts_test failure

fix: contracts_test failure

fix: apply comments

* Apply changelog of Tendermint about v0.33.4
(It's a fix commit that has already been fixed in the past.)

* fix lint error

* fix p2p test of circleCI
```
The following packages have unmet dependencies:

 libc6-dev : Breaks: libgcc-8-dev (< 8.4.0-2~) but 8.3.0-6 is to be installed

E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
```

* fix unit test of `helpers_test`

* fix lint error

* Update protobuf implementations
(This commit is empty because it re-make *.pb.go with 3, which was accidentally generated with protobuf 2 in the past commit.)

* Apply reviews
(It's a fix commit that has already been fixed in the past.)

* fix some bugs and apply formatting, for a merged branch zemyblue/apply_v0.33.4

* fix: blockchain/v1/peer_test failure
(The changes in v0.34 take precedence.)

* fix: consensus timed out failure

* fix: diable proto-checking of circle-ci

* fix: raise resource class to pass test suits

* fix: restore test code

* Revert "fix: restore test code"

This reverts commit dec47e5.

* refactor: rename VotingPower to StakingPower

* fix: separate StakingPower and VotingPower

* feat: implement RandomSamplingWithoutReplacement

* fix: lint error

* feat: implement assigning voting power

* fix: lint error

* fix: lint error

* fix: lite2 test failure

* fix: proto generated file

* fix: diable proto-checking of circle-ci

* fix: apply comment; use VotingPower on adding vote

* fix: apply comment; remove totalStakingPower from VoterSet

* fix: apply comment; fix NewVoterSet

* fix: apply comment; rename validatorSet to voterSet and fix compile errors

* fix: apply comment; use VotingPower on consensus

* fix: lint error

* fix: lint error

* fix: lite test compile error

* fix: remove unused function

* fix: modify validator to voter in comments

* fix: total voting power overflow

* fix: update total voting power if 0

* docs: change log

* fix: apply comments

* fix: lint error

* fix: rewrite randomThreshold; remove priorityRateThreshold; some test cases

* fix: lint error

* test: add test for randomThreshold

* test: add testing for verifying idempotence of randomThreshold

* fix: lint error

* fix: improve voting power polacy

* fix: compile error

* fix: lint error

* fix: test case

* test: add comment

* fix: remove unused function

* fix: define MaxTotalVotingPower

* fix: remove useless test case, and leave todo

* fix some bugs and apply formatting, for a merged branch feature/voting_power

* Add `CalNumOfVoterToElect` function to calculate the number of voter to elect

* re-add removed libraries in the before commit.

* Modify don't using floating-point to calculate `CalNumOfVoterToElect`.

* Add `CalNumOfVoterToElect` function to calculate the number of voter to elect

* re-add removed libraries in the before commit.

* feat: add voter params to genesis doc

* feat: add voter params to state

* fix: add go.sum

* test: add TestCalVotersNum2

* docs: change log

* fix: test failure

* test: add consensus test with voter election

* test: refine the test more precisely

* fix: apply comments

* fix: lint error, test failure

* fix: consensus logic, race error

* fix: rename a parameter; modify limit value

* fix: add comment, refactoring test code

* fix: rename AccuracyPrecision to ElectionPrecision

* fix: apply comment; debugging log conflict

* fix some fails and apply formatting, for a merged branch feature/num_of_voters

* Update changelog of v0.33.4-0.2

* Change LINE Core version to 0.2

* fix golang lint warning

* introduce BLS12-381 signature key
(build incompleted)

* introduce BLS12-381 signature key

* Fix the floating-point problem of sampling

* fix integer overflow problem of `winPoint`.

* fix lint warning

* fix lint warning

* add `GenerateVRFProof` function for `RetrySignerClient`

* fix lint warning.

* Remove `CGO_ENABLED` in Makefile.
- BLS library always need the CGO_ENABLED=1 option

* fix contract_test error in circleCI

* fix contract_test error in circleCI

* fix contract_test error in circleCI

* types: return an error if voting power overflows  in VerifyCommitTrusting
- apply missing codes of tendermint/tendermint#4896

* Add `VoterSet` protobuf and set to State message

* Add `VoterParams` protobuf and set to State message

* Fix type error

* Apply the PR review feedback
 - remove `LastValidators`
 - add `LastProofHash`

* feat: remove NextVoters from state

* fix: modify LoadVoters/SaveVoters logic

* fix: disable skipping verification

* test: add test case for load/save voters

* test: apply voter sampling to lite verification

* test: add TestVerifyAdjacentHeadersWithVoterSampling

* fix: fmt errors

* fix: dredd error

* fix: evidence test failure

* fix: lint error

* fix: test failure

* fix: modify private function name

* fix: apply goimports

* fix: apply comments

* fix: lint error

* fix: apply comment

* optimize imports

* add voting power in `VotingInfo` of abci

* update changelog.

* modify from `VoterInfo.power` to `VoterInfo.voting_power` for distinguishing

* test: add test case; non-voter votes

* test: verifying voter sampling under validator set changed

* fix: add comments

* test: add test case load/save voters

* fix: lint error

* fix: race problem

* fix: test failure

* fix: minus voting power

* fix: lint error

* fix: remove useless test code

* fix: apply comment; add test case of max total staking

* add comment

* fix: test failure

* fix: use voting power in MedianTime

* Update changelogs and the version about 0.33.5-0.3

* introduced a composite-key that delegates processing to each key-function

* fix the points made in the review

* add public-key type in sending ValidatorUpdate Tx
(there is little difference because alternate way to get the type of public key has been implemented)

* Ready for demo (#106)

* Add a script to generate new validator and add new validator to the chain

* Fix: `add_validator.sh` script error

* Add `Validators` in metric of consensus.

* Add the setting of `addr_book_strict` of config change to false

* Add `ValidatorsPower` in consensus metrics

* fix: set consensus_voter_power to 0 if not elected as voter

* fix: citest failure

* fix: nil pointer reference

* fix: set voter power metric with label

* fix: check nil

* fix: race

* feat: add an option for selecting priv key type

* fix: test cases

* fix: golang ci error

* fix: apply priv-key-type option to testnet command

* fix: bls compile problem

* fix: contract-tests failure

* fix: modify change log pending

* fix: typo

* feat: Make voting satisfy finality

* fix: Make voter sorting working well

* Move sampling logic to types package

* Change the voter that don't use winpoint to validator

* Change condition to sort voters

* fix: Fix error during test run

* feat: log execution time

* feat: add consensus duration metric

* fix: end time overwrite bug

* feat: modify metric type to histogram

* fix: duration max float

* feat: add proposal creating metric and missing proposal metric

* fix: time duration error

* fix: change log

* fix: fmt error

* fix: rename a configure

* test: Write a test case to verify a new voter sampling

* test: Write a test case to verify a new voter sampling

* Change a condition when determining if is voters byzantine

change a staking power to voting power in condition to determine if is voters byzantine
change a type of winpoint to big int. beacause, it is using for sampling only

* test: Use a seed to generate random value in test

* fix: overflow, integer division truncated, more test cases

* fix: fmt error

* feat: add test sample, verifying sort order

* fix: priv test failure

* fix: apply comment; log seed for random

* feat: async reactor receiving

* fix: add VotingPower to abci.Evidence

* ci: remove `add-path` (#5674)

* fix: github action failure

* fix: github action failure

* fix: skip test cases that require skipping mode in verification, and a few FAIL cases

* fix: calculate MaxDataBytes accurately by pv key type

* fix: lint error

* fix: apply review comments

* fix: merge conflict

* fix: golangci error

* fix: golangci error

* fix: golangci error

* change Evidence size calculation to be based on Signature size, and remove PubKey from Evidence

* added signature aggregation and verify to block

* fixed to restore aggregate signature when restoring Commit to VoteSet

* fixed a trivial typo

* fix: rollback needless modification

* fix: Changed to ubuntu20.04 due to end of support for ubuntu19.0

* fix: typo about variable names that select the type of private key

* codecov: Restore a codecov job in circleci

* codecov: Add a codecov token in config

* codecov: Report all of modules to codecov

* codecov: Allow a undercoverd source can pass CI

* test: don't use foo-bar.net in TestHTTPClientMakeHTTPDialer (#5997)

This test relied on connecting to the external site `foo-bar.net`, and (predictably) the site went down and broke all of our CI runs. This changes it to use local HTTP servers instead.

(cherry picked from commit f54f80b)

* ci: increase the test_cover timeout

* apply 0.33.8

* change golang version to 1.15

* fix: A bug fix

* feat: add an option for selecting priv key type to `unsafe_reset_all`, `unsafe_reset_priv_validator`, and `gen_validator`

* fix: use the proposer address selected by VRF when creating new proposal block

* revert: it's correct to create the Proposal Block iff privValidator is Proposer

* Merge pull request #190 from line/fix/set_proposer_selected_in_vrf_to_block

Add a test case to confirm that the selected Proposer matches the VRF-selected one

* test: add tests for each validator type (#189)

* test: add test GenFilePV() with the addition of new privKeyType

* test: add aggregate signature test

* use fmt.Sprint for string to int conversion

* bump version and update changelog

* privval: increase read/write timeout to 5s and calculate ping interval based on it (#5638)

Partially closes #5550

* consensus: only call privValidator.GetPubKey once per block (#5143)

Closes #4865

* only retrieve pubkey once for all validators (partially fixes #4865) (#4895)

in consensus/state.go, when calulating metrics, retrieve address (ergo, pubkey) once prior to iterating over validatorset to ensure we do not make excessive calls to signer.

Partially closes: #4865

* fix: replace privValidatorPubKey on the same time of privValidator to ensure the state become correct

* remove redundant section mistakenly added in the merge

* remove redundant empty line

* fix: Address to the problem that the signature of bls voter cannot be verified (#202)

* fix: Address to the problem that the signature of bls voter cannot be verified

* fix: fix error handling

* fix: fix error handling omission

* fix: Specify the capacity of the slice `blsPubKeys` and `msgs` in advance

* feat: Modify MakeCommit and AggregateSignature to one operation at once (#210)

* feat: Modify `MakeCommit` and `AggregateSignature` to atomic operation

* fix: fix panic error message with `MakeCommit` and add this test

* fix: Correct variable name

* fix: fix flag location

* refactor: move `isEqualVoteWithoutSignature` to vote_test.go and separate `MakeCommit` panic test

* fix: add assert.Fail and log when ed25519 only

* chore: remove hard coded codecov token (#220)

* fix: Specified RecvBufSize for pex_reactor_test (91e1df7)

* remove Skip() of test cases that are currently successful

* add a TODO comment after investigating the fail of TestWALCrash since it was still present in Tendermint

Co-authored-by: zemyblue <[email protected]>
Co-authored-by: Woosang Son <[email protected]>
Co-authored-by: hongsup.so <[email protected]>
Co-authored-by: shiki.takahashi <[email protected]>
Co-authored-by: kukugi <[email protected]>
Co-authored-by: egonspace <[email protected]>
Co-authored-by: Marko <[email protected]>
Co-authored-by: mariko <[email protected]>
Co-authored-by: Erik Grinaker <[email protected]>
Co-authored-by: Sangyeop.lee <[email protected]>
Co-authored-by: kokeshiM0chi <[email protected]>
Co-authored-by: Anton Kaliaev <[email protected]>
Co-authored-by: Joe Bowman <[email protected]>
Co-authored-by: tnasu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

The later nodes got panic when a large number of them are started
3 participants