509 lines
17 KiB
Go
509 lines
17 KiB
Go
// Copyright 2017 The go-ethereum Authors
|
|
// This file is part of the go-ethereum library.
|
|
//
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package clique
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
"fmt"
|
|
"math/big"
|
|
"sort"
|
|
"testing"
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
"github.com/ethereum/go-ethereum/core"
|
|
"github.com/ethereum/go-ethereum/core/rawdb"
|
|
"github.com/ethereum/go-ethereum/core/types"
|
|
"github.com/ethereum/go-ethereum/core/vm"
|
|
"github.com/ethereum/go-ethereum/crypto"
|
|
"github.com/ethereum/go-ethereum/params"
|
|
)
|
|
|
|
// testerAccountPool is a pool to maintain currently active tester accounts,
|
|
// mapped from textual names used in the tests below to actual Ethereum private
|
|
// keys capable of signing transactions.
|
|
type testerAccountPool struct {
|
|
accounts map[string]*ecdsa.PrivateKey
|
|
}
|
|
|
|
func newTesterAccountPool() *testerAccountPool {
|
|
return &testerAccountPool{
|
|
accounts: make(map[string]*ecdsa.PrivateKey),
|
|
}
|
|
}
|
|
|
|
// checkpoint creates a Clique checkpoint signer section from the provided list
|
|
// of authorized signers and embeds it into the provided header.
|
|
func (ap *testerAccountPool) checkpoint(header *types.Header, signers []string) {
|
|
auths := make([]common.Address, len(signers))
|
|
for i, signer := range signers {
|
|
auths[i] = ap.address(signer)
|
|
}
|
|
sort.Sort(signersAscending(auths))
|
|
for i, auth := range auths {
|
|
copy(header.Extra[extraVanity+i*common.AddressLength:], auth.Bytes())
|
|
}
|
|
}
|
|
|
|
// address retrieves the Ethereum address of a tester account by label, creating
|
|
// a new account if no previous one exists yet.
|
|
func (ap *testerAccountPool) address(account string) common.Address {
|
|
// Return the zero account for non-addresses
|
|
if account == "" {
|
|
return common.Address{}
|
|
}
|
|
// Ensure we have a persistent key for the account
|
|
if ap.accounts[account] == nil {
|
|
ap.accounts[account], _ = crypto.GenerateKey()
|
|
}
|
|
// Resolve and return the Ethereum address
|
|
return crypto.PubkeyToAddress(ap.accounts[account].PublicKey)
|
|
}
|
|
|
|
// sign calculates a Clique digital signature for the given block and embeds it
|
|
// back into the header.
|
|
func (ap *testerAccountPool) sign(header *types.Header, signer string) {
|
|
// Ensure we have a persistent key for the signer
|
|
if ap.accounts[signer] == nil {
|
|
ap.accounts[signer], _ = crypto.GenerateKey()
|
|
}
|
|
// Sign the header and embed the signature in extra data
|
|
sig, _ := crypto.Sign(SealHash(header).Bytes(), ap.accounts[signer])
|
|
copy(header.Extra[len(header.Extra)-extraSeal:], sig)
|
|
}
|
|
|
|
// testerVote represents a single block signed by a particular account, where
|
|
// the account may or may not have cast a Clique vote.
|
|
type testerVote struct {
|
|
signer string
|
|
voted string
|
|
auth bool
|
|
checkpoint []string
|
|
newbatch bool
|
|
}
|
|
|
|
type cliqueTest struct {
|
|
epoch uint64
|
|
signers []string
|
|
votes []testerVote
|
|
results []string
|
|
failure error
|
|
}
|
|
|
|
// Tests that Clique signer voting is evaluated correctly for various simple and
|
|
// complex scenarios, as well as that a few special corner cases fail correctly.
|
|
func TestClique(t *testing.T) {
|
|
// Define the various voting scenarios to test
|
|
tests := []cliqueTest{
|
|
{
|
|
// Single signer, no votes cast
|
|
signers: []string{"A"},
|
|
votes: []testerVote{{signer: "A"}},
|
|
results: []string{"A"},
|
|
}, {
|
|
// Single signer, voting to add two others (only accept first, second needs 2 votes)
|
|
signers: []string{"A"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "B", auth: true},
|
|
{signer: "B"},
|
|
{signer: "A", voted: "C", auth: true},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Two signers, voting to add three others (only accept first two, third needs 3 votes already)
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: true},
|
|
{signer: "B", voted: "C", auth: true},
|
|
{signer: "A", voted: "D", auth: true},
|
|
{signer: "B", voted: "D", auth: true},
|
|
{signer: "C"},
|
|
{signer: "A", voted: "E", auth: true},
|
|
{signer: "B", voted: "E", auth: true},
|
|
},
|
|
results: []string{"A", "B", "C", "D"},
|
|
}, {
|
|
// Single signer, dropping itself (weird, but one less cornercase by explicitly allowing this)
|
|
signers: []string{"A"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "A", auth: false},
|
|
},
|
|
results: []string{},
|
|
}, {
|
|
// Two signers, actually needing mutual consent to drop either of them (not fulfilled)
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "B", auth: false},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Two signers, actually needing mutual consent to drop either of them (fulfilled)
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "B", auth: false},
|
|
{signer: "B", voted: "B", auth: false},
|
|
},
|
|
results: []string{"A"},
|
|
}, {
|
|
// Three signers, two of them deciding to drop the third
|
|
signers: []string{"A", "B", "C"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Four signers, consensus of two not being enough to drop anyone
|
|
signers: []string{"A", "B", "C", "D"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
},
|
|
results: []string{"A", "B", "C", "D"},
|
|
}, {
|
|
// Four signers, consensus of three already being enough to drop someone
|
|
signers: []string{"A", "B", "C", "D"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "D", auth: false},
|
|
{signer: "B", voted: "D", auth: false},
|
|
{signer: "C", voted: "D", auth: false},
|
|
},
|
|
results: []string{"A", "B", "C"},
|
|
}, {
|
|
// Authorizations are counted once per signer per target
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: true},
|
|
{signer: "B"},
|
|
{signer: "A", voted: "C", auth: true},
|
|
{signer: "B"},
|
|
{signer: "A", voted: "C", auth: true},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Authorizing multiple accounts concurrently is permitted
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: true},
|
|
{signer: "B"},
|
|
{signer: "A", voted: "D", auth: true},
|
|
{signer: "B"},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "D", auth: true},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "C", auth: true},
|
|
},
|
|
results: []string{"A", "B", "C", "D"},
|
|
}, {
|
|
// Deauthorizations are counted once per signer per target
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "B", auth: false},
|
|
{signer: "B"},
|
|
{signer: "A", voted: "B", auth: false},
|
|
{signer: "B"},
|
|
{signer: "A", voted: "B", auth: false},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Deauthorizing multiple accounts concurrently is permitted
|
|
signers: []string{"A", "B", "C", "D"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B"},
|
|
{signer: "C"},
|
|
{signer: "A", voted: "D", auth: false},
|
|
{signer: "B"},
|
|
{signer: "C"},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "D", auth: false},
|
|
{signer: "C", voted: "D", auth: false},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "C", auth: false},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Votes from deauthorized signers are discarded immediately (deauth votes)
|
|
signers: []string{"A", "B", "C"},
|
|
votes: []testerVote{
|
|
{signer: "C", voted: "B", auth: false},
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
{signer: "A", voted: "B", auth: false},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Votes from deauthorized signers are discarded immediately (auth votes)
|
|
signers: []string{"A", "B", "C"},
|
|
votes: []testerVote{
|
|
{signer: "C", voted: "D", auth: true},
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
{signer: "A", voted: "D", auth: true},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Cascading changes are not allowed, only the account being voted on may change
|
|
signers: []string{"A", "B", "C", "D"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B"},
|
|
{signer: "C"},
|
|
{signer: "A", voted: "D", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
{signer: "C"},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "D", auth: false},
|
|
{signer: "C", voted: "D", auth: false},
|
|
},
|
|
results: []string{"A", "B", "C"},
|
|
}, {
|
|
// Changes reaching consensus out of bounds (via a deauth) execute on touch
|
|
signers: []string{"A", "B", "C", "D"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B"},
|
|
{signer: "C"},
|
|
{signer: "A", voted: "D", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
{signer: "C"},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "D", auth: false},
|
|
{signer: "C", voted: "D", auth: false},
|
|
{signer: "A"},
|
|
{signer: "C", voted: "C", auth: true},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// Changes reaching consensus out of bounds (via a deauth) may go out of consensus on first touch
|
|
signers: []string{"A", "B", "C", "D"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: false},
|
|
{signer: "B"},
|
|
{signer: "C"},
|
|
{signer: "A", voted: "D", auth: false},
|
|
{signer: "B", voted: "C", auth: false},
|
|
{signer: "C"},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "D", auth: false},
|
|
{signer: "C", voted: "D", auth: false},
|
|
{signer: "A"},
|
|
{signer: "B", voted: "C", auth: true},
|
|
},
|
|
results: []string{"A", "B", "C"},
|
|
}, {
|
|
// Ensure that pending votes don't survive authorization status changes. This
|
|
// corner case can only appear if a signer is quickly added, removed and then
|
|
// re-added (or the inverse), while one of the original voters dropped. If a
|
|
// past vote is left cached in the system somewhere, this will interfere with
|
|
// the final signer outcome.
|
|
signers: []string{"A", "B", "C", "D", "E"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "F", auth: true}, // Authorize F, 3 votes needed
|
|
{signer: "B", voted: "F", auth: true},
|
|
{signer: "C", voted: "F", auth: true},
|
|
{signer: "D", voted: "F", auth: false}, // Deauthorize F, 4 votes needed (leave A's previous vote "unchanged")
|
|
{signer: "E", voted: "F", auth: false},
|
|
{signer: "B", voted: "F", auth: false},
|
|
{signer: "C", voted: "F", auth: false},
|
|
{signer: "D", voted: "F", auth: true}, // Almost authorize F, 2/3 votes needed
|
|
{signer: "E", voted: "F", auth: true},
|
|
{signer: "B", voted: "A", auth: false}, // Deauthorize A, 3 votes needed
|
|
{signer: "C", voted: "A", auth: false},
|
|
{signer: "D", voted: "A", auth: false},
|
|
{signer: "B", voted: "F", auth: true}, // Finish authorizing F, 3/3 votes needed
|
|
},
|
|
results: []string{"B", "C", "D", "E", "F"},
|
|
}, {
|
|
// Epoch transitions reset all votes to allow chain checkpointing
|
|
epoch: 3,
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A", voted: "C", auth: true},
|
|
{signer: "B"},
|
|
{signer: "A", checkpoint: []string{"A", "B"}},
|
|
{signer: "B", voted: "C", auth: true},
|
|
},
|
|
results: []string{"A", "B"},
|
|
}, {
|
|
// An unauthorized signer should not be able to sign blocks
|
|
signers: []string{"A"},
|
|
votes: []testerVote{
|
|
{signer: "B"},
|
|
},
|
|
failure: errUnauthorizedSigner,
|
|
}, {
|
|
// An authorized signer that signed recently should not be able to sign again
|
|
signers: []string{"A", "B"},
|
|
votes: []testerVote{
|
|
{signer: "A"},
|
|
{signer: "A"},
|
|
},
|
|
failure: errRecentlySigned,
|
|
}, {
|
|
// Recent signatures should not reset on checkpoint blocks imported in a batch
|
|
epoch: 3,
|
|
signers: []string{"A", "B", "C"},
|
|
votes: []testerVote{
|
|
{signer: "A"},
|
|
{signer: "B"},
|
|
{signer: "A", checkpoint: []string{"A", "B", "C"}},
|
|
{signer: "A"},
|
|
},
|
|
failure: errRecentlySigned,
|
|
}, {
|
|
// Recent signatures should not reset on checkpoint blocks imported in a new
|
|
// batch (https://github.com/ethereum/go-ethereum/issues/17593). Whilst this
|
|
// seems overly specific and weird, it was a Rinkeby consensus split.
|
|
epoch: 3,
|
|
signers: []string{"A", "B", "C"},
|
|
votes: []testerVote{
|
|
{signer: "A"},
|
|
{signer: "B"},
|
|
{signer: "A", checkpoint: []string{"A", "B", "C"}},
|
|
{signer: "A", newbatch: true},
|
|
},
|
|
failure: errRecentlySigned,
|
|
},
|
|
}
|
|
|
|
// Run through the scenarios and test them
|
|
for i, tt := range tests {
|
|
t.Run(fmt.Sprint(i), tt.run)
|
|
}
|
|
}
|
|
|
|
func (tt *cliqueTest) run(t *testing.T) {
|
|
// Create the account pool and generate the initial set of signers
|
|
accounts := newTesterAccountPool()
|
|
|
|
signers := make([]common.Address, len(tt.signers))
|
|
for j, signer := range tt.signers {
|
|
signers[j] = accounts.address(signer)
|
|
}
|
|
for j := 0; j < len(signers); j++ {
|
|
for k := j + 1; k < len(signers); k++ {
|
|
if bytes.Compare(signers[j][:], signers[k][:]) > 0 {
|
|
signers[j], signers[k] = signers[k], signers[j]
|
|
}
|
|
}
|
|
}
|
|
// Create the genesis block with the initial set of signers
|
|
genesis := &core.Genesis{
|
|
ExtraData: make([]byte, extraVanity+common.AddressLength*len(signers)+extraSeal),
|
|
BaseFee: big.NewInt(params.InitialBaseFee),
|
|
}
|
|
for j, signer := range signers {
|
|
copy(genesis.ExtraData[extraVanity+j*common.AddressLength:], signer[:])
|
|
}
|
|
|
|
// Assemble a chain of headers from the cast votes
|
|
config := *params.TestChainConfig
|
|
config.Clique = ¶ms.CliqueConfig{
|
|
Period: 1,
|
|
Epoch: tt.epoch,
|
|
}
|
|
genesis.Config = &config
|
|
|
|
engine := New(config.Clique, rawdb.NewMemoryDatabase())
|
|
engine.fakeDiff = true
|
|
|
|
_, blocks, _ := core.GenerateChainWithGenesis(genesis, engine, len(tt.votes), func(j int, gen *core.BlockGen) {
|
|
// Cast the vote contained in this block
|
|
gen.SetCoinbase(accounts.address(tt.votes[j].voted))
|
|
if tt.votes[j].auth {
|
|
var nonce types.BlockNonce
|
|
copy(nonce[:], nonceAuthVote)
|
|
gen.SetNonce(nonce)
|
|
}
|
|
})
|
|
// Iterate through the blocks and seal them individually
|
|
for j, block := range blocks {
|
|
// Get the header and prepare it for signing
|
|
header := block.Header()
|
|
if j > 0 {
|
|
header.ParentHash = blocks[j-1].Hash()
|
|
}
|
|
header.Extra = make([]byte, extraVanity+extraSeal)
|
|
if auths := tt.votes[j].checkpoint; auths != nil {
|
|
header.Extra = make([]byte, extraVanity+len(auths)*common.AddressLength+extraSeal)
|
|
accounts.checkpoint(header, auths)
|
|
}
|
|
header.Difficulty = diffInTurn // Ignored, we just need a valid number
|
|
|
|
// Generate the signature, embed it into the header and the block
|
|
accounts.sign(header, tt.votes[j].signer)
|
|
blocks[j] = block.WithSeal(header)
|
|
}
|
|
// Split the blocks up into individual import batches (cornercase testing)
|
|
batches := [][]*types.Block{nil}
|
|
for j, block := range blocks {
|
|
if tt.votes[j].newbatch {
|
|
batches = append(batches, nil)
|
|
}
|
|
batches[len(batches)-1] = append(batches[len(batches)-1], block)
|
|
}
|
|
// Pass all the headers through clique and ensure tallying succeeds
|
|
chain, err := core.NewBlockChain(rawdb.NewMemoryDatabase(), nil, genesis, nil, engine, vm.Config{}, nil, nil)
|
|
if err != nil {
|
|
t.Fatalf("failed to create test chain: %v", err)
|
|
}
|
|
defer chain.Stop()
|
|
|
|
for j := 0; j < len(batches)-1; j++ {
|
|
if k, err := chain.InsertChain(batches[j]); err != nil {
|
|
t.Fatalf("failed to import batch %d, block %d: %v", j, k, err)
|
|
break
|
|
}
|
|
}
|
|
if _, err = chain.InsertChain(batches[len(batches)-1]); err != tt.failure {
|
|
t.Errorf("failure mismatch: have %v, want %v", err, tt.failure)
|
|
}
|
|
if tt.failure != nil {
|
|
return
|
|
}
|
|
|
|
// No failure was produced or requested, generate the final voting snapshot
|
|
head := blocks[len(blocks)-1]
|
|
|
|
snap, err := engine.snapshot(chain, head.NumberU64(), head.Hash(), nil)
|
|
if err != nil {
|
|
t.Fatalf("failed to retrieve voting snapshot: %v", err)
|
|
}
|
|
// Verify the final list of signers against the expected ones
|
|
signers = make([]common.Address, len(tt.results))
|
|
for j, signer := range tt.results {
|
|
signers[j] = accounts.address(signer)
|
|
}
|
|
for j := 0; j < len(signers); j++ {
|
|
for k := j + 1; k < len(signers); k++ {
|
|
if bytes.Compare(signers[j][:], signers[k][:]) > 0 {
|
|
signers[j], signers[k] = signers[k], signers[j]
|
|
}
|
|
}
|
|
}
|
|
result := snap.signers()
|
|
if len(result) != len(signers) {
|
|
t.Fatalf("signers mismatch: have %x, want %x", result, signers)
|
|
}
|
|
for j := 0; j < len(result); j++ {
|
|
if !bytes.Equal(result[j][:], signers[j][:]) {
|
|
t.Fatalf("signer %d: signer mismatch: have %x, want %x", j, result[j], signers[j])
|
|
}
|
|
}
|
|
}
|