Documentation ¶
Overview ¶
Package privval provides different implementations of the types.PrivValidator.
FilePV ¶
FilePV is the simplest implementation and developer default. It uses one file for the private key and another to store state.
SignerValidatorEndpoint ¶
SignerValidatorEndpoint establishes a connection to an external process, like a Key Management Server (KMS), using a socket. SignerValidatorEndpoint listens for the external KMS process to dial in. SignerValidatorEndpoint takes a listener, which determines the type of connection (ie. encrypted over tcp, or unencrypted over unix).
SignerServiceEndpoint ¶
SignerServiceEndpoint is a simple wrapper around a net.Conn. It's used by both IPCVal and TCPVal.
Index ¶
- Variables
- func IsConnTimeout(err error) bool
- func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener
- func NewUnixListener(ln net.Listener) *unixListener
- func RegisterRemoteSignerMsg(cdc *amino.Codec)
- type FilePV
- func (pv *FilePV) GetAddress() types.Address
- func (pv *FilePV) GetPubKey() crypto.PubKey
- func (pv *FilePV) Reset()
- func (pv *FilePV) Save()
- func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error
- func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error
- func (pv *FilePV) String() string
- type FilePVKey
- type FilePVLastSignState
- type OldFilePV
- type PingRequest
- type PingResponse
- type PubKeyRequest
- type PubKeyResponse
- type RemoteSignerError
- type RemoteSignerMsg
- type SignProposalRequest
- type SignVoteRequest
- type SignedProposalResponse
- type SignedVoteResponse
- type SignerRemote
- type SignerServiceEndpoint
- type SignerServiceEndpointOption
- type SignerValidatorEndpoint
- func (ve *SignerValidatorEndpoint) Close()
- func (ve *SignerValidatorEndpoint) GetPubKey() crypto.PubKey
- func (ve *SignerValidatorEndpoint) OnStart() error
- func (ve *SignerValidatorEndpoint) OnStop()
- func (ve *SignerValidatorEndpoint) Ping() error
- func (ve *SignerValidatorEndpoint) SignProposal(chainID string, proposal *types.Proposal) error
- func (ve *SignerValidatorEndpoint) SignVote(chainID string, vote *types.Vote) error
- type SignerValidatorEndpointOption
- type SocketDialer
- type TCPListenerOption
- type UnixListenerOption
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnexpectedResponse = fmt.Errorf("received unexpected response") ErrConnTimeout = fmt.Errorf("remote signer timed out") )
Socket errors.
var (
ErrDialRetryMax = errors.New("dialed maximum retries")
)
Socket errors.
Functions ¶
func IsConnTimeout ¶
IsConnTimeout returns a boolean indicating whether the error is known to report that a connection timeout occurred. This detects both fundamental network timeouts, as well as ErrConnTimeout errors.
func NewTCPListener ¶
func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener
NewTCPListener returns a listener that accepts authenticated encrypted connections using the given secretConnKey and the default timeout values.
func NewUnixListener ¶
NewUnixListener returns a listener that accepts unencrypted connections using the default timeout values.
func RegisterRemoteSignerMsg ¶
Types ¶
type FilePV ¶
type FilePV struct { Key FilePVKey LastSignState FilePVLastSignState }
FilePV implements PrivValidator using data persisted to disk to prevent double signing. NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist. It includes the LastSignature and LastSignBytes so we don't lose the signature if the process crashes after signing but before the resulting consensus message is processed.
func GenFilePV ¶
GenFilePV generates a new validator with randomly generated private key and sets the filePaths, but does not call Save().
func LoadFilePV ¶
LoadFilePV loads a FilePV from the filePaths. The FilePV handles double signing prevention by persisting data to the stateFilePath. If either file path does not exist, the program will exit.
func LoadFilePVEmptyState ¶
LoadFilePVEmptyState loads a FilePV from the given keyFilePath, with an empty LastSignState. If the keyFilePath does not exist, the program will exit.
func LoadOrGenFilePV ¶
LoadOrGenFilePV loads a FilePV from the given filePaths or else generates a new one and saves it to the filePaths.
func (*FilePV) GetAddress ¶
GetAddress returns the address of the validator. Implements PrivValidator.
func (*FilePV) GetPubKey ¶
GetPubKey returns the public key of the validator. Implements PrivValidator.
func (*FilePV) Reset ¶
func (pv *FilePV) Reset()
Reset resets all fields in the FilePV. NOTE: Unsafe!
func (*FilePV) SignProposal ¶
SignProposal signs a canonical representation of the proposal, along with the chainID. Implements PrivValidator.
type FilePVKey ¶
type FilePVKey struct { Address types.Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` PrivKey crypto.PrivKey `json:"priv_key"` // contains filtered or unexported fields }
FilePVKey stores the immutable part of PrivValidator.
type FilePVLastSignState ¶
type FilePVLastSignState struct { Height int64 `json:"height"` Round int `json:"round"` Step int8 `json:"step"` Signature []byte `json:"signature,omitempty"` SignBytes cmn.HexBytes `json:"signbytes,omitempty"` // contains filtered or unexported fields }
FilePVLastSignState stores the mutable part of PrivValidator.
func (*FilePVLastSignState) CheckHRS ¶
CheckHRS checks the given height, round, step (HRS) against that of the FilePVLastSignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. The returned boolean indicates whether the last Signature should be reused - it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.
func (*FilePVLastSignState) Save ¶
func (lss *FilePVLastSignState) Save()
Save persists the FilePvLastSignState to its filePath.
type OldFilePV ¶
type OldFilePV struct { Address types.Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` LastHeight int64 `json:"last_height"` LastRound int `json:"last_round"` LastStep int8 `json:"last_step"` LastSignature []byte `json:"last_signature,omitempty"` LastSignBytes cmn.HexBytes `json:"last_signbytes,omitempty"` PrivKey crypto.PrivKey `json:"priv_key"` // contains filtered or unexported fields }
OldFilePV is the old version of the FilePV, pre v0.28.0. Deprecated: Use FilePV instead.
func LoadOldFilePV ¶
LoadOldFilePV loads an OldFilePV from the filePath.
type PingRequest ¶
type PingRequest struct { }
PingRequest is a PrivValidatorSocket message to keep the connection alive.
type PingResponse ¶
type PingResponse struct { }
PingRequest is a PrivValidatorSocket response to keep the connection alive.
type PubKeyRequest ¶
type PubKeyRequest struct{}
PubKeyRequest requests the consensus public key from the remote signer.
type PubKeyResponse ¶
type PubKeyResponse struct { PubKey crypto.PubKey Error *RemoteSignerError }
PubKeyResponse is a PrivValidatorSocket message containing the public key.
type RemoteSignerError ¶
type RemoteSignerError struct { // TODO(ismail): create an enum of known errors Code int Description string }
RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.
func (*RemoteSignerError) Error ¶
func (e *RemoteSignerError) Error() string
type RemoteSignerMsg ¶
type RemoteSignerMsg interface{}
RemoteSignerMsg is sent between SignerServiceEndpoint and the SignerServiceEndpoint client.
type SignProposalRequest ¶
SignProposalRequest is a PrivValidatorSocket message containing a Proposal.
type SignVoteRequest ¶
SignVoteRequest is a PrivValidatorSocket message containing a vote.
type SignedProposalResponse ¶
type SignedProposalResponse struct { Proposal *types.Proposal Error *RemoteSignerError }
SignedProposalResponse is a PrivValidatorSocket message containing a proposal response
type SignedVoteResponse ¶
type SignedVoteResponse struct { Vote *types.Vote Error *RemoteSignerError }
SignedVoteResponse is a PrivValidatorSocket message containing a signed vote along with a potenial error message.
type SignerRemote ¶
type SignerRemote struct {
// contains filtered or unexported fields
}
SignerRemote implements PrivValidator. It uses a net.Conn to request signatures from an external process.
func NewSignerRemote ¶
func NewSignerRemote(conn net.Conn) (*SignerRemote, error)
NewSignerRemote returns an instance of SignerRemote.
func (*SignerRemote) Close ¶
func (sc *SignerRemote) Close() error
Close calls Close on the underlying net.Conn.
func (*SignerRemote) GetPubKey ¶
func (sc *SignerRemote) GetPubKey() crypto.PubKey
GetPubKey implements PrivValidator.
func (*SignerRemote) Ping ¶
func (sc *SignerRemote) Ping() error
Ping is used to check connection health.
func (*SignerRemote) SignProposal ¶
func (sc *SignerRemote) SignProposal(chainID string, proposal *types.Proposal) error
SignProposal implements PrivValidator.
type SignerServiceEndpoint ¶
type SignerServiceEndpoint struct { cmn.BaseService // contains filtered or unexported fields }
SignerServiceEndpoint dials using its dialer and responds to any signature requests using its privVal.
func NewSignerServiceEndpoint ¶
func NewSignerServiceEndpoint( logger log.Logger, chainID string, privVal types.PrivValidator, dialer SocketDialer, ) *SignerServiceEndpoint
NewSignerServiceEndpoint returns a SignerServiceEndpoint that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.
func (*SignerServiceEndpoint) OnStart ¶
func (se *SignerServiceEndpoint) OnStart() error
OnStart implements cmn.Service.
func (*SignerServiceEndpoint) OnStop ¶
func (se *SignerServiceEndpoint) OnStop()
OnStop implements cmn.Service.
type SignerServiceEndpointOption ¶
type SignerServiceEndpointOption func(*SignerServiceEndpoint)
SignerServiceEndpointOption sets an optional parameter on the SignerServiceEndpoint.
func SignerServiceEndpointConnRetries ¶
func SignerServiceEndpointConnRetries(retries int) SignerServiceEndpointOption
SignerServiceEndpointConnRetries sets the amount of attempted retries to connect.
func SignerServiceEndpointTimeoutReadWrite ¶
func SignerServiceEndpointTimeoutReadWrite(timeout time.Duration) SignerServiceEndpointOption
SignerServiceEndpointTimeoutReadWrite sets the read and write timeout for connections from external signing processes.
type SignerValidatorEndpoint ¶
type SignerValidatorEndpoint struct { cmn.BaseService // contains filtered or unexported fields }
SocketVal implements PrivValidator. It listens for an external process to dial in and uses the socket to request signatures.
func NewSignerValidatorEndpoint ¶
func NewSignerValidatorEndpoint(logger log.Logger, listener net.Listener) *SignerValidatorEndpoint
NewSignerValidatorEndpoint returns an instance of SignerValidatorEndpoint.
func (*SignerValidatorEndpoint) Close ¶
func (ve *SignerValidatorEndpoint) Close()
Close closes the underlying net.Conn.
func (*SignerValidatorEndpoint) GetPubKey ¶
func (ve *SignerValidatorEndpoint) GetPubKey() crypto.PubKey
GetPubKey implements PrivValidator.
func (*SignerValidatorEndpoint) OnStart ¶
func (ve *SignerValidatorEndpoint) OnStart() error
OnStart implements cmn.Service.
func (*SignerValidatorEndpoint) OnStop ¶
func (ve *SignerValidatorEndpoint) OnStop()
OnStop implements cmn.Service.
func (*SignerValidatorEndpoint) Ping ¶
func (ve *SignerValidatorEndpoint) Ping() error
Ping is used to check connection health.
func (*SignerValidatorEndpoint) SignProposal ¶
func (ve *SignerValidatorEndpoint) SignProposal(chainID string, proposal *types.Proposal) error
SignProposal implements PrivValidator.
type SignerValidatorEndpointOption ¶
type SignerValidatorEndpointOption func(*SignerValidatorEndpoint)
SignerValidatorEndpointOption sets an optional parameter on the SocketVal.
func SignerValidatorEndpointSetHeartbeat ¶
func SignerValidatorEndpointSetHeartbeat(period time.Duration) SignerValidatorEndpointOption
SignerValidatorEndpointSetHeartbeat sets the period on which to check the liveness of the connected Signer connections.
type SocketDialer ¶
SocketDialer dials a remote address and returns a net.Conn or an error.
func DialTCPFn ¶
func DialTCPFn(addr string, timeoutReadWrite time.Duration, privKey ed25519.PrivKeyEd25519) SocketDialer
DialTCPFn dials the given tcp addr, using the given timeoutReadWrite and privKey for the authenticated encryption handshake.
type TCPListenerOption ¶
type TCPListenerOption func(*tcpListener)
TCPListenerOption sets an optional parameter on the tcpListener.
func TCPListenerTimeoutAccept ¶
func TCPListenerTimeoutAccept(timeout time.Duration) TCPListenerOption
TCPListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.
func TCPListenerTimeoutReadWrite ¶
func TCPListenerTimeoutReadWrite(timeout time.Duration) TCPListenerOption
TCPListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.
type UnixListenerOption ¶
type UnixListenerOption func(*unixListener)
func UnixListenerTimeoutAccept ¶
func UnixListenerTimeoutAccept(timeout time.Duration) UnixListenerOption
UnixListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.
func UnixListenerTimeoutReadWrite ¶
func UnixListenerTimeoutReadWrite(timeout time.Duration) UnixListenerOption
UnixListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.