cerc-io/lotus
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 27 Wiki Activity

Merge pull request #1534 from filecoin-project/patch/syscalls

Browse Source 
VerifyConsensusFault syscall impl
This commit is contained in:
Whyrusleeping 2020-04-16 13:33:58 -07:00 committed by GitHub
commit 0db5fc422a
2 changed files with 150 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
chain/types/blockheader.go
View File

@ -175,6 +175,15 @@ func CidArrsEqual(a, b []cid.Cid) bool {
return true return true
} }
func CidArrsContains(a []cid.Cid, b cid.Cid) bool {
for _, elem := range a {
if elem.Equals(b) {
return true
}
}
return false
}
var blocksPerEpoch = NewInt(build.BlocksPerEpoch) var blocksPerEpoch = NewInt(build.BlocksPerEpoch)
const sha256bits = 256 const sha256bits = 256

145
chain/vm/syscalls.go
View File

@ -1,15 +1,22 @@
package vm package vm
import ( import (
"bytes"
"context" "context"
"fmt" "fmt"
"github.com/filecoin-project/go-address" "github.com/filecoin-project/go-address"
"github.com/ipfs/go-cid" "github.com/ipfs/go-cid"
cbor "github.com/ipfs/go-ipld-cbor"
"github.com/minio/blake2b-simd"
mh "github.com/multiformats/go-multihash" mh "github.com/multiformats/go-multihash"
"golang.org/x/xerrors" "golang.org/x/xerrors"
"github.com/filecoin-project/lotus/chain/state"
"github.com/filecoin-project/lotus/chain/types"
"github.com/filecoin-project/lotus/lib/sigs"
"github.com/filecoin-project/specs-actors/actors/abi" "github.com/filecoin-project/specs-actors/actors/abi"
"github.com/filecoin-project/specs-actors/actors/builtin/miner"
"github.com/filecoin-project/specs-actors/actors/crypto" "github.com/filecoin-project/specs-actors/actors/crypto"
"github.com/filecoin-project/specs-actors/actors/runtime" "github.com/filecoin-project/specs-actors/actors/runtime"
@ -23,10 +30,14 @@ func init() {
// Actual type is defined in chain/types/vmcontext.go because the VMContext interface is there // Actual type is defined in chain/types/vmcontext.go because the VMContext interface is there
func Syscalls(verifier ffiwrapper.Verifier) runtime.Syscalls { func Syscalls(verifier ffiwrapper.Verifier) runtime.Syscalls {
return &syscallShim{verifier} return &syscallShim{verifier: verifier}
} }
type syscallShim struct { type syscallShim struct {
ctx context.Context
cstate *state.StateTree
cst *cbor.BasicIpldStore
verifier ffiwrapper.Verifier verifier ffiwrapper.Verifier
} }
@ -46,15 +57,141 @@ func (ss *syscallShim) ComputeUnsealedSectorCID(st abi.RegisteredProof, pieces [
} }
func (ss *syscallShim) HashBlake2b(data []byte) [32]byte { func (ss *syscallShim) HashBlake2b(data []byte) [32]byte {
panic("NYI") return blake2b.Sum256(data)
} }
// Checks validity of the submitted consensus fault with the two block headers needed to prove the fault
// and an optional extra one to check common ancestry (as needed).
// Note that the blocks are ordered: the method requires a.Epoch() <= b.Epoch().
func (ss *syscallShim) VerifyConsensusFault(a, b, extra []byte, epoch abi.ChainEpoch) (*runtime.ConsensusFault, error) { func (ss *syscallShim) VerifyConsensusFault(a, b, extra []byte, epoch abi.ChainEpoch) (*runtime.ConsensusFault, error) {
panic("NYI") // Note that block syntax is not validated. Any validly signed block will be accepted pursuant to the below conditions.
// Whether or not it could ever have been accepted in a chain is not checked/does not matter here.
// for that reason when checking block parent relationships, rather than instantiating a Tipset to do so
// (which runs a syntactic check), we do it directly on the CIDs.
// (0) cheap preliminary checks
// are blocks the same?
if bytes.Equal(a, b) {
return nil, fmt.Errorf("no consensus fault: submitted blocks are the same")
}
// can blocks be decoded properly?
var blockA, blockB types.BlockHeader
if decodeErr := blockA.UnmarshalCBOR(bytes.NewReader(a)); decodeErr != nil {
return nil, xerrors.Errorf("cannot decode first block header: %w", decodeErr)
}
if decodeErr := blockB.UnmarshalCBOR(bytes.NewReader(b)); decodeErr != nil {
return nil, xerrors.Errorf("cannot decode second block header: %f", decodeErr)
}
// (1) check conditions necessary to any consensus fault
// were blocks mined by same miner?
if blockA.Miner != blockB.Miner {
return nil, fmt.Errorf("no consensus fault: blocks not mined by same miner")
}
// block a must be earlier or equal to block b, epoch wise (ie at least as early in the chain).
if blockB.Height < blockA.Height {
return nil, fmt.Errorf("first block must not be of higher height than second")
}
// (2) check for the consensus faults themselves
var consensusFault *runtime.ConsensusFault
// (a) double-fork mining fault
if blockA.Height == blockB.Height {
consensusFault = &runtime.ConsensusFault{
Target: blockA.Miner,
Epoch: blockB.Height,
Type: runtime.ConsensusFaultDoubleForkMining,
}
}
// (b) time-offset mining fault
// strictly speaking no need to compare heights based on double fork mining check above,
// but at same height this would be a different fault.
if !types.CidArrsEqual(blockA.Parents, blockB.Parents) && blockA.Height != blockB.Height {
consensusFault = &runtime.ConsensusFault{
Target: blockA.Miner,
Epoch: blockB.Height,
Type: runtime.ConsensusFaultTimeOffsetMining,
}
}
// (c) parent-grinding fault
// Here extra is the "witness", a third block that shows the connection between A and B as
// A's sibling and B's parent.
// Specifically, since A is of lower height, it must be that B was mined omitting A from its tipset
var blockC types.BlockHeader
if len(extra) > 0 {
if decodeErr := blockC.UnmarshalCBOR(bytes.NewReader(extra)); decodeErr != nil {
return nil, xerrors.Errorf("cannot decode extra: %w", decodeErr)
}
if types.CidArrsEqual(blockA.Parents, blockC.Parents) && blockA.Height == blockC.Height &&
types.CidArrsContains(blockB.Parents, blockC.Cid()) && !types.CidArrsContains(blockB.Parents, blockA.Cid()) {
consensusFault = &runtime.ConsensusFault{
Target: blockA.Miner,
Epoch: blockB.Height,
Type: runtime.ConsensusFaultParentGrinding,
}
}
}
// (3) return if no consensus fault by now
if consensusFault == nil {
return consensusFault, nil
}
// else
// (4) expensive final checks
// check blocks are properly signed by their respective miner
// note we do not need to check extra's: it is a parent to block b
// which itself is signed, so it was willingly included by the miner
if sigErr := ss.VerifyBlockSig(&blockA); sigErr != nil {
return nil, xerrors.Errorf("cannot verify first block sig: %w", sigErr)
}
if sigErr := ss.VerifyBlockSig(&blockB); sigErr != nil {
return nil, xerrors.Errorf("cannot verify first block sig: %w", sigErr)
}
return consensusFault, nil
}
func (ss *syscallShim) VerifyBlockSig(blk *types.BlockHeader) error {
// get appropriate miner actor
act, err := ss.cstate.GetActor(blk.Miner)
if err != nil {
return err
}
// use that to get the miner state
var mas miner.State
if err = ss.cst.Get(ss.ctx, act.Head, &mas); err != nil {
return err
}
// and use to get resolved workerKey
waddr, err := ResolveToKeyAddr(ss.cstate, ss.cst, mas.Info.Worker)
if err != nil {
return err
}
if err := sigs.CheckBlockSignature(blk, ss.ctx, waddr); err != nil {
return err
}
return nil
} }
func (ss *syscallShim) VerifyPoSt(proof abi.PoStVerifyInfo) error { func (ss *syscallShim) VerifyPoSt(proof abi.PoStVerifyInfo) error {
ok, err := ss.verifier.VerifyFallbackPost(context.TODO(), proof) ok, err := ss.verifier.VerifyFallbackPost(ss.ctx, proof)
if err != nil { if err != nil {
return err return err
} }