lotus/checks.go

package sealing

import (
	"bytes"
	"context"

	"github.com/ipfs/go-cid"
	cbg "github.com/whyrusleeping/cbor-gen"
	"golang.org/x/xerrors"

	"github.com/filecoin-project/go-address"
	"github.com/filecoin-project/sector-storage/ffiwrapper"
	"github.com/filecoin-project/specs-actors/actors/abi"
	"github.com/filecoin-project/specs-actors/actors/builtin"
	"github.com/filecoin-project/specs-actors/actors/builtin/market"
	"github.com/filecoin-project/specs-actors/actors/crypto"

	"github.com/filecoin-project/lotus/build"
	"github.com/filecoin-project/lotus/chain/actors"
	"github.com/filecoin-project/lotus/chain/types"
	"github.com/filecoin-project/sector-storage/zerocomm"
)

// TODO: For now we handle this by halting state execution, when we get jsonrpc reconnecting
//  We should implement some wait-for-api logic
type ErrApi struct{ error }

type ErrInvalidDeals struct{ error }
type ErrInvalidPiece struct{ error }
type ErrExpiredDeals struct{ error }

type ErrBadCommD struct{ error }
type ErrExpiredTicket struct{ error }

type ErrBadSeed struct{ error }
type ErrInvalidProof struct{ error }

// checkPieces validates that:
//  - Each piece han a corresponding on chain deal
//  - Piece commitments match with on chain deals
//  - Piece sizes match
//  - Deals aren't expired
func checkPieces(ctx context.Context, si SectorInfo, api sealingApi) error {
	head, err := api.ChainHead(ctx)
	if err != nil {
		return &ErrApi{xerrors.Errorf("getting chain head: %w", err)}
	}

	for i, piece := range si.Pieces {
		if piece.DealID == nil {
			exp := zerocomm.ZeroPieceCommitment(piece.Size)
			if piece.CommP != exp {
				return &ErrInvalidPiece{xerrors.Errorf("deal %d piece %d had non-zero CommP %+v", piece.DealID, i, piece.CommP)}
			}
			continue
		}
		deal, err := api.StateMarketStorageDeal(ctx, *piece.DealID, types.EmptyTSK)
		if err != nil {
			return &ErrApi{xerrors.Errorf("getting deal %d for piece %d: %w", piece.DealID, i, err)}
		}

		if deal.Proposal.PieceCID != piece.CommP {
			return &ErrInvalidDeals{xerrors.Errorf("piece %d (or %d) of sector %d refers deal %d with wrong CommP: %x != %x", i, len(si.Pieces), si.SectorID, piece.DealID, piece.CommP, deal.Proposal.PieceCID)}
		}

		if piece.Size != deal.Proposal.PieceSize.Unpadded() {
			return &ErrInvalidDeals{xerrors.Errorf("piece %d (or %d) of sector %d refers deal %d with different size: %d != %d", i, len(si.Pieces), si.SectorID, piece.DealID, piece.Size, deal.Proposal.PieceSize)}
		}

		if head.Height() >= deal.Proposal.StartEpoch {
			return &ErrExpiredDeals{xerrors.Errorf("piece %d (or %d) of sector %d refers expired deal %d - should start at %d, head %d", i, len(si.Pieces), si.SectorID, piece.DealID, deal.Proposal.StartEpoch, head.Height())}
		}
	}

	return nil
}

// checkPrecommit checks that data commitment generated in the sealing process
//  matches pieces, and that the seal ticket isn't expired
func checkPrecommit(ctx context.Context, maddr address.Address, si SectorInfo, api sealingApi) (err error) {
	head, err := api.ChainHead(ctx)
	if err != nil {
		return &ErrApi{xerrors.Errorf("getting chain head: %w", err)}
	}

	ccparams, err := actors.SerializeParams(&market.ComputeDataCommitmentParams{
		DealIDs:    si.deals(),
		SectorType: si.SectorType,
	})
	if err != nil {
		return xerrors.Errorf("computing params for ComputeDataCommitment: %w", err)
	}

	ccmt := &types.Message{
		To:       builtin.StorageMarketActorAddr,
		From:     maddr,
		Value:    types.NewInt(0),
		GasPrice: types.NewInt(0),
		GasLimit: 9999999999,
		Method:   builtin.MethodsMarket.ComputeDataCommitment,
		Params:   ccparams,
	}
	r, err := api.StateCall(ctx, ccmt, types.EmptyTSK)
	if err != nil {
		return &ErrApi{xerrors.Errorf("calling ComputeDataCommitment: %w", err)}
	}
	if r.MsgRct.ExitCode != 0 {
		return &ErrBadCommD{xerrors.Errorf("receipt for ComputeDataCommitment had exit code %d", r.MsgRct.ExitCode)}
	}

	var c cbg.CborCid
	if err := c.UnmarshalCBOR(bytes.NewReader(r.MsgRct.Return)); err != nil {
		return err
	}

	if cid.Cid(c) != *si.CommD {
		return &ErrBadCommD{xerrors.Errorf("on chain CommD differs from sector: %s != %s", cid.Cid(c), si.CommD)}
	}

	if int64(head.Height())-int64(si.Ticket.Epoch+build.SealRandomnessLookback) > build.SealRandomnessLookbackLimit {
		return &ErrExpiredTicket{xerrors.Errorf("ticket expired: seal height: %d, head: %d", si.Ticket.Epoch+build.SealRandomnessLookback, head.Height())}
	}

	return nil
}

func (m *Sealing) checkCommit(ctx context.Context, si SectorInfo) (err error) {
	head, err := m.api.ChainHead(ctx)
	if err != nil {
		return &ErrApi{xerrors.Errorf("getting chain head: %w", err)}
	}

	if si.Seed.Epoch == 0 {
		return &ErrBadSeed{xerrors.Errorf("seed epoch was not set")}
	}

	seed, err := m.api.ChainGetRandomness(ctx, head.Key(), crypto.DomainSeparationTag_InteractiveSealChallengeSeed, si.Seed.Epoch, nil)
	if err != nil {
		return &ErrApi{xerrors.Errorf("failed to get randomness for computing seal proof: %w", err)}
	}

	if string(seed) != string(si.Seed.Value) {
		return &ErrBadSeed{xerrors.Errorf("seed has changed")}
	}

	ss, err := m.api.StateMinerSectorSize(ctx, m.maddr, head.Key())
	if err != nil {
		return &ErrApi{err}
	}
	_, spt, err := ffiwrapper.ProofTypeFromSectorSize(ss)
	if err != nil {
		return err
	}

	ok, err := ffiwrapper.ProofVerifier.VerifySeal(abi.SealVerifyInfo{
		SectorID:              m.minerSector(si.SectorID),
		OnChain:               abi.OnChainSealVerifyInfo{
			SealedCID:        *si.CommR,
			InteractiveEpoch: si.Seed.Epoch,
			RegisteredProof:  spt,
			Proof:            si.Proof,
			SectorNumber:     si.SectorID,
			SealRandEpoch:    si.Ticket.Epoch,
		},
		Randomness:            si.Ticket.Value,
		InteractiveRandomness: si.Seed.Value,
		UnsealedCID:           *si.CommD,
	})
	if err != nil {
		return xerrors.Errorf("verify seal: %w", err)
	}
	if !ok {
		return &ErrInvalidProof{xerrors.New("invalid proof (compute error?)")}
	}


	return nil
}
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`package sealing`

			`import (`
Implement committed capacity sectors 2020-02-23 00:47:47 +00:00			`"bytes"`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`"context"`

actors: drop a bunch of type aliases 2020-02-25 20:35:15 +00:00			`"github.com/ipfs/go-cid"`
			`cbg "github.com/whyrusleeping/cbor-gen"`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`"golang.org/x/xerrors"`

			`"github.com/filecoin-project/go-address"`
fsm: Handle invalid Commits 2020-04-04 01:50:05 +00:00			`"github.com/filecoin-project/sector-storage/ffiwrapper"`
			`"github.com/filecoin-project/specs-actors/actors/abi"`
actors: drop a bunch of type aliases 2020-02-25 20:35:15 +00:00			`"github.com/filecoin-project/specs-actors/actors/builtin"`
			`"github.com/filecoin-project/specs-actors/actors/builtin/market"`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`"github.com/filecoin-project/specs-actors/actors/crypto"`
sealing: Check ticket expiration 2020-01-23 14:05:44 +00:00
			`"github.com/filecoin-project/lotus/build"`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`"github.com/filecoin-project/lotus/chain/actors"`
			`"github.com/filecoin-project/lotus/chain/types"`
Extract sector-storage 2020-03-27 23:00:21 +00:00			`"github.com/filecoin-project/sector-storage/zerocomm"`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`)`

sealing: implement handler for sealFailed 2020-01-23 15:38:01 +00:00			`// TODO: For now we handle this by halting state execution, when we get jsonrpc reconnecting`
			`// We should implement some wait-for-api logic`
storageminer: Use tabwriter in sectors list 2020-01-23 16:15:45 +00:00			`type ErrApi struct{ error }`
sealing: check deal expiration 2020-01-23 12:17:45 +00:00
storageminer: Use tabwriter in sectors list 2020-01-23 16:15:45 +00:00			`type ErrInvalidDeals struct{ error }`
Implement committed capacity sectors 2020-02-23 00:47:47 +00:00			`type ErrInvalidPiece struct{ error }`
storageminer: Use tabwriter in sectors list 2020-01-23 16:15:45 +00:00			`type ErrExpiredDeals struct{ error }`
sealing: check deal expiration 2020-01-23 12:17:45 +00:00
storageminer: Use tabwriter in sectors list 2020-01-23 16:15:45 +00:00			`type ErrBadCommD struct{ error }`
			`type ErrExpiredTicket struct{ error }`
sealing: Check ticket expiration 2020-01-23 14:05:44 +00:00
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`type ErrBadSeed struct{ error }`
fsm: Handle invalid Commits 2020-04-04 01:50:05 +00:00			`type ErrInvalidProof struct{ error }`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00
sealing: docstrings for sanity-checks 2020-01-24 20:15:02 +00:00			`// checkPieces validates that:`
			`// - Each piece han a corresponding on chain deal`
			`// - Piece commitments match with on chain deals`
			`// - Piece sizes match`
			`// - Deals aren't expired`
sealing: wire up checkPieces and checkSeal 2020-01-22 19:47:29 +00:00			`func checkPieces(ctx context.Context, si SectorInfo, api sealingApi) error {`
sealing: check deal expiration 2020-01-23 12:17:45 +00:00			`head, err := api.ChainHead(ctx)`
			`if err != nil {`
sealing: Error types that can actually be checked 2020-01-23 15:57:14 +00:00			`return &ErrApi{xerrors.Errorf("getting chain head: %w", err)}`
sealing: check deal expiration 2020-01-23 12:17:45 +00:00			`}`

sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`for i, piece := range si.Pieces {`
Implement committed capacity sectors 2020-02-23 00:47:47 +00:00			`if piece.DealID == nil {`
Merge sectorbuilder into sectorstorage 2020-03-26 02:50:56 +00:00			`exp := zerocomm.ZeroPieceCommitment(piece.Size)`
more fixes for random garbage 2020-02-27 00:42:39 +00:00			`if piece.CommP != exp {`
Implement committed capacity sectors 2020-02-23 00:47:47 +00:00			`return &ErrInvalidPiece{xerrors.Errorf("deal %d piece %d had non-zero CommP %+v", piece.DealID, i, piece.CommP)}`
			`}`
			`continue`
			`}`
Merge branch 'testnet/3' into feat/specs-actors 2020-02-24 17:32:02 +00:00			`deal, err := api.StateMarketStorageDeal(ctx, *piece.DealID, types.EmptyTSK)`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`if err != nil {`
sealing: Error types that can actually be checked 2020-01-23 15:57:14 +00:00			`return &ErrApi{xerrors.Errorf("getting deal %d for piece %d: %w", piece.DealID, i, err)}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`

more fixes for random garbage 2020-02-27 00:42:39 +00:00			`if deal.Proposal.PieceCID != piece.CommP {`
			`return &ErrInvalidDeals{xerrors.Errorf("piece %d (or %d) of sector %d refers deal %d with wrong CommP: %x != %x", i, len(si.Pieces), si.SectorID, piece.DealID, piece.CommP, deal.Proposal.PieceCID)}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`

specs-actors: Fix most compilation errors 2020-02-09 06:06:32 +00:00			`if piece.Size != deal.Proposal.PieceSize.Unpadded() {`
			`return &ErrInvalidDeals{xerrors.Errorf("piece %d (or %d) of sector %d refers deal %d with different size: %d != %d", i, len(si.Pieces), si.SectorID, piece.DealID, piece.Size, deal.Proposal.PieceSize)}`
sealing: check deal expiration 2020-01-23 12:17:45 +00:00			`}`

specs-actors: Fix most compilation errors 2020-02-09 06:06:32 +00:00			`if head.Height() >= deal.Proposal.StartEpoch {`
			`return &ErrExpiredDeals{xerrors.Errorf("piece %d (or %d) of sector %d refers expired deal %d - should start at %d, head %d", i, len(si.Pieces), si.SectorID, piece.DealID, deal.Proposal.StartEpoch, head.Height())}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`
			`}`

			`return nil`
			`}`

fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`// checkPrecommit checks that data commitment generated in the sealing process`
sealing: docstrings for sanity-checks 2020-01-24 20:15:02 +00:00			`// matches pieces, and that the seal ticket isn't expired`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`func checkPrecommit(ctx context.Context, maddr address.Address, si SectorInfo, api sealingApi) (err error) {`
sealing: Check ticket expiration 2020-01-23 14:05:44 +00:00			`head, err := api.ChainHead(ctx)`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`if err != nil {`
sealing: Error types that can actually be checked 2020-01-23 15:57:14 +00:00			`return &ErrApi{xerrors.Errorf("getting chain head: %w", err)}`
sealing: Check ticket expiration 2020-01-23 14:05:44 +00:00			`}`

actors: drop a bunch of type aliases 2020-02-25 20:35:15 +00:00			`ccparams, err := actors.SerializeParams(&market.ComputeDataCommitmentParams{`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`DealIDs: si.deals(),`
more fixes for random garbage 2020-02-27 00:42:39 +00:00			`SectorType: si.SectorType,`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`})`
			`if err != nil {`
			`return xerrors.Errorf("computing params for ComputeDataCommitment: %w", err)`
			`}`

			`ccmt := &types.Message{`
actors: Remove addrass aliases 2020-02-25 20:54:58 +00:00			`To: builtin.StorageMarketActorAddr,`
sealing: wire up checkPieces and checkSeal 2020-01-22 19:47:29 +00:00			`From: maddr,`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`Value: types.NewInt(0),`
			`GasPrice: types.NewInt(0),`
change gas limit to be a normal int64 2020-03-18 20:45:37 +00:00			`GasLimit: 9999999999,`
stmgr: Update stmgr utils 2020-02-11 02:33:27 +00:00			`Method: builtin.MethodsMarket.ComputeDataCommitment,`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`Params: ccparams,`
			`}`
Re: #1250: API methods should receive TipSetKeys, not TipSets, as input 2020-02-11 23:29:45 +00:00			`r, err := api.StateCall(ctx, ccmt, types.EmptyTSK)`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`if err != nil {`
sealing: Error types that can actually be checked 2020-01-23 15:57:14 +00:00			`return &ErrApi{xerrors.Errorf("calling ComputeDataCommitment: %w", err)}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`
Unify MethodCall and ReplayResults into SimulationResult - Call and Replay now return the same type, which includes both Message and MessageReceipt 2020-03-03 23:32:17 +00:00			`if r.MsgRct.ExitCode != 0 {`
			`return &ErrBadCommD{xerrors.Errorf("receipt for ComputeDataCommitment had exit code %d", r.MsgRct.ExitCode)}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`
Implement committed capacity sectors 2020-02-23 00:47:47 +00:00
			`var c cbg.CborCid`
Merge branch 'master' into testnet/3 2020-03-08 00:46:12 +00:00			`if err := c.UnmarshalCBOR(bytes.NewReader(r.MsgRct.Return)); err != nil {`
Implement committed capacity sectors 2020-02-23 00:47:47 +00:00			`return err`
			`}`

more fixes for random garbage 2020-02-27 00:42:39 +00:00			`if cid.Cid(c) != *si.CommD {`
more misc fixes 2020-03-02 01:09:38 +00:00			`return &ErrBadCommD{xerrors.Errorf("on chain CommD differs from sector: %s != %s", cid.Cid(c), si.CommD)}`
sealing: Check ticket expiration 2020-01-23 14:05:44 +00:00			`}`

make it all build finally 2020-02-27 21:45:31 +00:00			`if int64(head.Height())-int64(si.Ticket.Epoch+build.SealRandomnessLookback) > build.SealRandomnessLookbackLimit {`
			`return &ErrExpiredTicket{xerrors.Errorf("ticket expired: seal height: %d, head: %d", si.Ticket.Epoch+build.SealRandomnessLookback, head.Height())}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`

			`return nil`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`}`

fsm: Handle invalid Commits 2020-04-04 01:50:05 +00:00			`func (m *Sealing) checkCommit(ctx context.Context, si SectorInfo) (err error) {`
			`head, err := m.api.ChainHead(ctx)`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`if err != nil {`
			`return &ErrApi{xerrors.Errorf("getting chain head: %w", err)}`
			`}`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`if si.Seed.Epoch == 0 {`
			`return &ErrBadSeed{xerrors.Errorf("seed epoch was not set")}`
			`}`

fsm: Handle invalid Commits 2020-04-04 01:50:05 +00:00			`seed, err := m.api.ChainGetRandomness(ctx, head.Key(), crypto.DomainSeparationTag_InteractiveSealChallengeSeed, si.Seed.Epoch, nil)`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`if err != nil {`
			`return &ErrApi{xerrors.Errorf("failed to get randomness for computing seal proof: %w", err)}`
			`}`

fsm: Handle invalid Commits 2020-04-04 01:50:05 +00:00			`if string(seed) != string(si.Seed.Value) {`
fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`return &ErrBadSeed{xerrors.Errorf("seed has changed")}`
			`}`

fsm: Handle invalid Commits 2020-04-04 01:50:05 +00:00			`ss, err := m.api.StateMinerSectorSize(ctx, m.maddr, head.Key())`
			`if err != nil {`
			`return &ErrApi{err}`
			`}`
			`_, spt, err := ffiwrapper.ProofTypeFromSectorSize(ss)`
			`if err != nil {`
			`return err`
			`}`

			`ok, err := ffiwrapper.ProofVerifier.VerifySeal(abi.SealVerifyInfo{`
			`SectorID: m.minerSector(si.SectorID),`
			`OnChain: abi.OnChainSealVerifyInfo{`
			`SealedCID: *si.CommR,`
			`InteractiveEpoch: si.Seed.Epoch,`
			`RegisteredProof: spt,`
			`Proof: si.Proof,`
			`SectorNumber: si.SectorID,`
			`SealRandEpoch: si.Ticket.Epoch,`
			`},`
			`Randomness: si.Ticket.Value,`
			`InteractiveRandomness: si.Seed.Value,`
			`UnsealedCID: *si.CommD,`
			`})`
			`if err != nil {`
			`return xerrors.Errorf("verify seal: %w", err)`
			`}`
			`if !ok {`
			`return &ErrInvalidProof{xerrors.New("invalid proof (compute error?)")}`
			`}`


fsm: Implement handlers for Commit errors 2020-04-03 17:45:48 +00:00			`return nil`
sealing: WIP SectorInfo sanity checks 2020-01-20 22:03:50 +00:00			`}`