signer

package
v3.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 10, 2024 License: Apache-2.0 Imports: 75 Imported by: 2

Documentation

Overview

Provides a simple distributed key-value store. The keys and associated values are changed via distributed consensus, meaning that the values are changed only when a majority of nodes in the cluster agree on the new value.

Distributed consensus is provided via the Raft algorithm, specifically the Hashicorp implementation.

Index

Constants

This section is empty.

Variables

View Source 
var ErrEmptySignBytes = errors.New("no SignBytes found")

Functions

func CanonicalVoteToStep 

func CanonicalVoteToStep(vote *cometproto.CanonicalVote) int8

func ProposalToStep 

func ProposalToStep(_ *cometproto.Proposal) int8

func PubKey 

func PubKey(bech32BasePrefix string, pubKey crypto.PubKey) (string, error)

func ReadMsg 

func ReadMsg(reader io.Reader, maxReadSize int) (msg cometprotoprivval.Message, err error)

ReadMsg reads a message from an io.Reader

func ReadPrivValidatorFile 

func ReadPrivValidatorFile(priv string) (out privval.FilePVKey, err error)

ReadPrivValidatorFile reads in a privval.FilePVKey from a given file.

func RequireNotRunning 

func RequireNotRunning(log cometlog.Logger, pidFilePath string) error

func StartMetrics 

func StartMetrics()

func StartRemoteSigners 

func StartRemoteSigners(
	services []cometservice.Service,
	logger cometlog.Logger,
	privVal PrivValidator,
	nodes []string,
	maxReadSize int,
) ([]cometservice.Service, error)

func StepToType 

func StepToType(step int8) cometproto.SignedMsgType

func VoteToStep 

func VoteToStep(vote *cometproto.Vote) int8

func WaitAndTerminate 

func WaitAndTerminate(logger cometlog.Logger, services []cometservice.Service, pidFilePath string)

func WriteCosignerECIESShardFile 

func WriteCosignerECIESShardFile(cosigner CosignerECIESKey, file string) error

WriteCosignerECIESShardFile writes a cosigner ECIES key to a given file name.

func WriteCosignerEd25519ShardFile 

func WriteCosignerEd25519ShardFile(cosigner CosignerEd25519Key, file string) error

WriteCosignerEd25519ShardFile writes a cosigner Ed25519 key to a given file name.

func WriteCosignerRSAShardFile 

func WriteCosignerRSAShardFile(cosigner CosignerRSAKey, file string) error

WriteCosignerRSAShardFile writes a cosigner RSA key to a given file name.

func WriteMsg 

func WriteMsg(writer io.Writer, msg cometprotoprivval.Message) (err error)

WriteMsg writes a message to an io.Writer

Types

type AlreadySignedVoteError 

type AlreadySignedVoteError struct {
	// contains filtered or unexported fields
}

func (*AlreadySignedVoteError) Error 

func (e *AlreadySignedVoteError) Error() string

type BeyondBlockError 

type BeyondBlockError struct {
	// contains filtered or unexported fields
}

func (*BeyondBlockError) Error 

func (e *BeyondBlockError) Error() string

type Block 

type Block struct {
	Height                 int64
	Round                  int64
	Step                   int8
	SignBytes              []byte
	VoteExtensionSignBytes []byte
	Timestamp              time.Time
}

func BlockFromProto 

func BlockFromProto(block *proto.Block) Block

func ProposalToBlock 

func ProposalToBlock(chainID string, proposal *cometproto.Proposal) Block

func VoteToBlock 

func VoteToBlock(chainID string, vote *cometproto.Vote) Block

func (Block) HRSKey 

func (block Block) HRSKey() HRSKey

func (Block) HRSTKey 

func (block Block) HRSTKey() HRSTKey

func (Block) ToProto 

func (block Block) ToProto() *proto.Block

type CachedNonce 

type CachedNonce struct {
	// UUID identifying this collection of nonces
	UUID uuid.UUID

	// Expiration time of this nonce
	Expiration time.Time

	// Cached nonces, cosigners which have this nonce in their metadata, ready to sign
	Nonces []CosignerNoncesRel
}

type CachedNonceSingle 

type CachedNonceSingle struct {
	Cosigner Cosigner
	Nonces   CosignerUUIDNoncesMultiple
}

type ChainNode 

type ChainNode struct {
	PrivValAddr string `json:"privValAddr" yaml:"privValAddr"`
}

func (ChainNode) Validate 

func (cn ChainNode) Validate() error

type ChainNodes 

type ChainNodes []ChainNode

func ChainNodesFromFlag 

func ChainNodesFromFlag(nodes []string) (ChainNodes, error)

func (ChainNodes) Validate 

func (cns ChainNodes) Validate() error

type ChainSignState 

type ChainSignState struct {
	// contains filtered or unexported fields
}

type ChainSignStateConsensus 

type ChainSignStateConsensus struct {
	ChainID            string
	SignStateConsensus SignStateConsensus
}

type ChainState 

type ChainState struct {
	// contains filtered or unexported fields
}

type Config 

type Config struct {
	PrivValKeyDir       *string              `yaml:"keyDir,omitempty"`
	SignMode            SignMode             `yaml:"signMode"`
	ThresholdModeConfig *ThresholdModeConfig `yaml:"thresholdMode,omitempty"`
	ChainNodes          ChainNodes           `yaml:"chainNodes"`
	DebugAddr           string               `yaml:"debugAddr"`
	GRPCAddr            string               `yaml:"grpcAddr"`
	MaxReadSize         int                  `yaml:"maxReadSize"`
}

Config maps to the on-disk yaml format

func (*Config) MustMarshalYaml 

func (c *Config) MustMarshalYaml() []byte

func (*Config) Nodes 

func (c *Config) Nodes() (out []string)

func (*Config) ValidateSingleSignerConfig 

func (c *Config) ValidateSingleSignerConfig() error

func (*Config) ValidateThresholdModeConfig 

func (c *Config) ValidateThresholdModeConfig() error

type ConflictingDataError 

type ConflictingDataError struct {
	// contains filtered or unexported fields
}

func (*ConflictingDataError) Error 

func (e *ConflictingDataError) Error() string

type Cosigner 

type Cosigner interface {
	// Get the ID of the cosigner
	// The ID is the shamir index: 1, 2, etc...
	GetID() int

	// Get the P2P URL (GRPC and Raft)
	GetAddress() string

	// Get the combined public key
	GetPubKey(chainID string) (cometcrypto.PubKey, error)

	VerifySignature(chainID string, payload, signature []byte) bool

	// Get nonces for all cosigner shards
	GetNonces(ctx context.Context, uuids []uuid.UUID) (CosignerUUIDNoncesMultiple, error)

	// Sign the requested bytes
	SetNoncesAndSign(ctx context.Context, req CosignerSetNoncesAndSignRequest) (*CosignerSignResponse, error)
}

Cosigner interface is a set of methods for an m-of-n threshold signature. This interface abstracts the underlying key storage and management

type CosignerConfig 

type CosignerConfig struct {
	ShardID int    `yaml:"shardID"`
	P2PAddr string `yaml:"p2pAddr"`
}

CosignerConfig is the on disk format representing a cosigner for threshold sign mode.

func CosignersFromFlag 

func CosignersFromFlag(cosigners []string) (out []CosignerConfig, err error)

type CosignerECIESKey 

type CosignerECIESKey struct {
	ECIESKey  *ecies.PrivateKey  `json:"eciesKey"`
	ID        int                `json:"id"`
	ECIESPubs []*ecies.PublicKey `json:"eciesPubs"`
}

CosignerECIESKey is an ECIES key for an m-of-n threshold signer, composed of a private key and n public keys.

func CreateCosignerECIESShards 

func CreateCosignerECIESShards(shards int) ([]CosignerECIESKey, error)

CreateCosignerECIESShards generates CosignerECIESKey objects.

func LoadCosignerECIESKey 

func LoadCosignerECIESKey(file string) (CosignerECIESKey, error)

LoadCosignerECIESKey loads a CosignerECIESKey from file.

func (*CosignerECIESKey) MarshalJSON 

func (key *CosignerECIESKey) MarshalJSON() ([]byte, error)

func (*CosignerECIESKey) UnmarshalJSON 

func (key *CosignerECIESKey) UnmarshalJSON(data []byte) error

type CosignerECIESPubKey 

type CosignerECIESPubKey struct {
	ID        int
	PublicKey *ecies.PublicKey
}

CosignerECIESKey is a cosigner's ECIES public key.

type CosignerEd25519Key 

type CosignerEd25519Key struct {
	PubKey       cometcrypto.PubKey `json:"pubKey"`
	PrivateShard []byte             `json:"privateShard"`
	ID           int                `json:"id"`
}

CosignerEd25519Key is a single Ed255219 key shard for an m-of-n threshold signer.

func CreateCosignerEd25519Shards 

func CreateCosignerEd25519Shards(pv privval.FilePVKey, threshold, shards uint8) []CosignerEd25519Key

CreateCosignerEd25519Shards creates CosignerEd25519Key objects from a privval.FilePVKey

func CreateCosignerEd25519ShardsFromFile 

func CreateCosignerEd25519ShardsFromFile(priv string, threshold, shards uint8) ([]CosignerEd25519Key, error)

CreateCosignerEd25519ShardsFromFile creates CosignerEd25519Key objects from a priv_validator_key.json file

func LoadCosignerEd25519Key 

func LoadCosignerEd25519Key(file string) (CosignerEd25519Key, error)

LoadCosignerEd25519Key loads a CosignerEd25519Key from file.

func (*CosignerEd25519Key) MarshalJSON 

func (key *CosignerEd25519Key) MarshalJSON() ([]byte, error)

func (*CosignerEd25519Key) UnmarshalJSON 

func (key *CosignerEd25519Key) UnmarshalJSON(data []byte) error

type CosignerGRPCServer 

type CosignerGRPCServer struct {
	proto.UnimplementedCosignerServer
	// contains filtered or unexported fields
}

func NewCosignerGRPCServer 

func NewCosignerGRPCServer(
	cosigner *LocalCosigner,
	thresholdValidator *ThresholdValidator,
	raftStore *RaftStore,
) *CosignerGRPCServer

func (*CosignerGRPCServer) GetLeader 

func (rpc *CosignerGRPCServer) GetLeader(
	context.Context,
	*proto.GetLeaderRequest,
) (*proto.GetLeaderResponse, error)

func (*CosignerGRPCServer) GetNonces 

func (rpc *CosignerGRPCServer) GetNonces(
	ctx context.Context,
	req *proto.GetNoncesRequest,
) (*proto.GetNoncesResponse, error)

func (*CosignerGRPCServer) Ping 

func (rpc *CosignerGRPCServer) Ping(context.Context, *proto.PingRequest) (*proto.PingResponse, error)

func (*CosignerGRPCServer) SetNoncesAndSign 

func (rpc *CosignerGRPCServer) SetNoncesAndSign(
	ctx context.Context,
	req *proto.SetNoncesAndSignRequest,
) (*proto.SetNoncesAndSignResponse, error)

func (*CosignerGRPCServer) SignBlock 

func (rpc *CosignerGRPCServer) SignBlock(
	ctx context.Context,
	req *proto.SignBlockRequest,
) (*proto.SignBlockResponse, error)

func (*CosignerGRPCServer) TransferLeadership 

func (rpc *CosignerGRPCServer) TransferLeadership(
	_ context.Context,
	req *proto.TransferLeadershipRequest,
) (*proto.TransferLeadershipResponse, error)

type CosignerHealth 

type CosignerHealth struct {
	// contains filtered or unexported fields
}

func NewCosignerHealth 

func NewCosignerHealth(logger cometlog.Logger, cosigners []Cosigner, leader Leader) *CosignerHealth

func (*CosignerHealth) GetFastest 

func (ch *CosignerHealth) GetFastest() []Cosigner

func (*CosignerHealth) MarkUnhealthy 

func (ch *CosignerHealth) MarkUnhealthy(cosigner Cosigner)

func (*CosignerHealth) Reconcile 

func (ch *CosignerHealth) Reconcile(ctx context.Context)

func (*CosignerHealth) Start 

func (ch *CosignerHealth) Start(ctx context.Context)

type CosignerNonce 

type CosignerNonce struct {
	SourceID      int
	DestinationID int
	PubKey        []byte
	Share         []byte
	Signature     []byte
}

func CosignerNonceFromProto 

func CosignerNonceFromProto(secretPart *proto.Nonce) CosignerNonce

func CosignerNoncesFromProto 

func CosignerNoncesFromProto(secretParts []*proto.Nonce) []CosignerNonce

type CosignerNonceCache 

type CosignerNonceCache struct {
	// contains filtered or unexported fields
}

func NewCosignerNonceCache 

func NewCosignerNonceCache(
	logger cometlog.Logger,
	cosigners []Cosigner,
	leader Leader,
	getNoncesInterval time.Duration,
	getNoncesTimeout time.Duration,
	nonceExpiration time.Duration,
	threshold uint8,
	pruner NonceCachePruner,
) *CosignerNonceCache

func (*CosignerNonceCache) ClearNonces 

func (cnc *CosignerNonceCache) ClearNonces(cosigner Cosigner)

func (*CosignerNonceCache) GetNonces 

func (cnc *CosignerNonceCache) GetNonces(fastestPeers []Cosigner) (*CosignerUUIDNonces, error)

func (*CosignerNonceCache) LoadN 

func (cnc *CosignerNonceCache) LoadN(ctx context.Context, n int)

func (*CosignerNonceCache) Start 

func (cnc *CosignerNonceCache) Start(ctx context.Context)

type CosignerNonces 

type CosignerNonces []CosignerNonce

type CosignerNoncesRel 

type CosignerNoncesRel struct {
	Cosigner Cosigner
	Nonces   CosignerNonces
}

type CosignerRSAKey 

type CosignerRSAKey struct {
	RSAKey  rsa.PrivateKey   `json:"rsaKey"`
	ID      int              `json:"id"`
	RSAPubs []*rsa.PublicKey `json:"rsaPubs"`
}

CosignerRSAKey is an RSA key for an m-of-n threshold signer, composed of a private key and n public keys.

func CreateCosignerRSAShards 

func CreateCosignerRSAShards(shards int) ([]CosignerRSAKey, error)

CreateCosignerRSAShards generate CosignerRSAKey objects.

func LoadCosignerRSAKey 

func LoadCosignerRSAKey(file string) (CosignerRSAKey, error)

LoadCosignerRSAKey loads a CosignerRSAKey from file.

func (*CosignerRSAKey) MarshalJSON 

func (key *CosignerRSAKey) MarshalJSON() ([]byte, error)

func (*CosignerRSAKey) UnmarshalJSON 

func (key *CosignerRSAKey) UnmarshalJSON(data []byte) error

type CosignerRSAPubKey 

type CosignerRSAPubKey struct {
	ID        int
	PublicKey rsa.PublicKey
}

CosignerRSAKey is a cosigner's RSA public key.

type CosignerSecurity 

type CosignerSecurity interface {
	// GetID returns the ID of the cosigner.
	GetID() int

	// EncryptAndSign encrypts the nonce and signs it for authentication.
	EncryptAndSign(
		id int,
		noncePub []byte,
		nonceShare []byte,
	) (CosignerNonce, error)

	// DecryptAndVerify decrypts the nonce and verifies the signature to authenticate the source cosigner.
	DecryptAndVerify(
		id int,
		encryptedNoncePub []byte,
		encryptedNonceShare []byte,
		signature []byte,
	) (noncePub []byte, nonceShare []byte, err error)
}

CosignerSecurity is an interface for the security layer of the cosigner.

type CosignerSecurityECIES 

type CosignerSecurityECIES struct {
	// contains filtered or unexported fields
}

CosignerSecurityECIES is an implementation of CosignerSecurity using ECIES for encryption and ECDSA for digital signature.

func NewCosignerSecurityECIES 

func NewCosignerSecurityECIES(key CosignerECIESKey) *CosignerSecurityECIES

NewCosignerSecurityECIES creates a new CosignerSecurityECIES.

func (*CosignerSecurityECIES) DecryptAndVerify 

func (c *CosignerSecurityECIES) DecryptAndVerify(
	id int,
	encryptedNoncePub []byte,
	encryptedNonceShare []byte,
	signature []byte,
) ([]byte, []byte, error)

DecryptAndVerify decrypts the nonce and verifies the signature to authenticate the source cosigner.

func (*CosignerSecurityECIES) EncryptAndSign 

func (c *CosignerSecurityECIES) EncryptAndSign(id int, noncePub []byte, nonceShare []byte) (CosignerNonce, error)

EncryptAndSign encrypts the nonce and signs it for authentication.

func (*CosignerSecurityECIES) GetID 

func (c *CosignerSecurityECIES) GetID() int

GetID returns the ID of the cosigner.

type CosignerSecurityRSA 

type CosignerSecurityRSA struct {
	// contains filtered or unexported fields
}

CosignerSecurityRSA is an implementation of CosignerSecurity using RSA for encryption and P5S for digital signature.

func NewCosignerSecurityRSA 

func NewCosignerSecurityRSA(key CosignerRSAKey) *CosignerSecurityRSA

NewCosignerSecurityRSA creates a new CosignerSecurityRSA.

func (*CosignerSecurityRSA) DecryptAndVerify 

func (c *CosignerSecurityRSA) DecryptAndVerify(
	id int,
	encryptedNoncePub []byte,
	encryptedNonceShare []byte,
	signature []byte,
) ([]byte, []byte, error)

DecryptAndVerify decrypts the nonce and verifies the signature to authenticate the source cosigner.

func (*CosignerSecurityRSA) EncryptAndSign 

func (c *CosignerSecurityRSA) EncryptAndSign(id int, noncePub []byte, nonceShare []byte) (CosignerNonce, error)

EncryptAndSign encrypts the nonce and signs it for authentication.

func (*CosignerSecurityRSA) GetID 

func (c *CosignerSecurityRSA) GetID() int

GetID returns the ID of the cosigner.

type CosignerSetNoncesAndSignRequest 

type CosignerSetNoncesAndSignRequest struct {
	ChainID string
	HRST    HRSTKey

	Nonces    *CosignerUUIDNonces
	SignBytes []byte

	VoteExtensionNonces    *CosignerUUIDNonces
	VoteExtensionSignBytes []byte
}

type CosignerSignBlockRequest 

type CosignerSignBlockRequest struct {
	ChainID string
	Block   *Block
}

type CosignerSignBlockResponse 

type CosignerSignBlockResponse struct {
	Signature              []byte
	VoteExtensionSignature []byte
}

type CosignerSignRequest 

type CosignerSignRequest struct {
	ChainID                string
	SignBytes              []byte
	UUID                   uuid.UUID
	VoteExtensionSignBytes []byte
	VoteExtUUID            uuid.UUID
}

CosignerSignRequest is sent to a co-signer to obtain their signature for the SignBytes The SignBytes should be a serialized block

type CosignerSignResponse 

type CosignerSignResponse struct {
	Timestamp                time.Time
	NoncePublic              []byte
	Signature                []byte
	VoteExtensionNoncePublic []byte
	VoteExtensionSignature   []byte
}

type CosignerUUIDNonces 

type CosignerUUIDNonces struct {
	UUID   uuid.UUID
	Nonces CosignerNonces
}

func (*CosignerUUIDNonces) For 

func (n *CosignerUUIDNonces) For(id int) *CosignerUUIDNonces

type CosignerUUIDNoncesMultiple 

type CosignerUUIDNoncesMultiple []*CosignerUUIDNonces

type Cosigners 

type Cosigners []Cosigner

func (Cosigners) GetByID 

func (cosigners Cosigners) GetByID(id int) Cosigner

type CosignersAndNonces 

type CosignersAndNonces struct {
	Cosigners Cosigners
	Nonces    CosignerUUIDNoncesMultiple
}

type CosignersConfig 

type CosignersConfig []CosignerConfig

func (CosignersConfig) Validate 

func (cosigners CosignersConfig) Validate() error

type DiffBlockIDsError 

type DiffBlockIDsError struct {
	// contains filtered or unexported fields
}

func (*DiffBlockIDsError) Error 

func (e *DiffBlockIDsError) Error() string

type FilePV 

type FilePV struct {
	Key           FilePVKey
	LastSignState FilePVLastSignState
}

FilePV implements PrivValidator using data persisted to disk to prevent double signing. NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist. It includes the LastSignature and LastSignBytes so we don't lose the signature if the process crashes after signing but before the resulting consensus message is processed.

func GenFilePV 

func GenFilePV(keyFilePath, stateFilePath string) *FilePV

GenFilePV generates a new validator with randomly generated private key and sets the filePaths, but does not call Save().

func LoadFilePV 

func LoadFilePV(keyFilePath, stateFilePath string, loadState bool) (*FilePV, error)

If loadState is true, we load from the stateFilePath. Otherwise, we use an empty LastSignState.

func NewFilePV 

func NewFilePV(privKey crypto.PrivKey, keyFilePath, stateFilePath string) *FilePV

NewFilePV generates a new validator from the given key and paths.

func (*FilePV) GetAddress 

func (pv *FilePV) GetAddress() types.Address

GetAddress returns the address of the validator. Implements PrivValidator.

func (*FilePV) GetPubKey 

func (pv *FilePV) GetPubKey() (crypto.PubKey, error)

GetPubKey returns the public key of the validator. Implements PrivValidator.

func (*FilePV) Reset 

func (pv *FilePV) Reset()

Reset resets all fields in the FilePV. NOTE: Unsafe!

func (*FilePV) Save 

func (pv *FilePV) Save()

Save persists the FilePV to disk.

func (*FilePV) Sign 

func (pv *FilePV) Sign(chainID string, block Block) ([]byte, []byte, time.Time, error)

func (*FilePV) String 

func (pv *FilePV) String() string

String returns a string representation of the FilePV.

type FilePVKey 

type FilePVKey struct {
	Address types.Address  `json:"address"`
	PubKey  crypto.PubKey  `json:"pub_key"`
	PrivKey crypto.PrivKey `json:"priv_key"`
	// contains filtered or unexported fields
}

FilePVKey stores the immutable part of PrivValidator.

func (FilePVKey) Save 

func (pvKey FilePVKey) Save()

Save persists the FilePVKey to its filePath.

type FilePVLastSignState 

type FilePVLastSignState struct {
	Height    int64  `json:"height"`
	Round     int32  `json:"round"`
	Step      int8   `json:"step"`
	Signature []byte `json:"signature,omitempty"`
	SignBytes []byte `json:"signbytes,omitempty"`
	// contains filtered or unexported fields
}

FilePVLastSignState stores the mutable part of PrivValidator.

func (*FilePVLastSignState) CheckHRS 

func (lss *FilePVLastSignState) CheckHRS(height int64, round int32, step int8) (bool, error)

CheckHRS checks the given height, round, step (HRS) against that of the FilePVLastSignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. The returned boolean indicates whether the last Signature should be reused - it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.

func (*FilePVLastSignState) Save 

func (lss *FilePVLastSignState) Save()

Save persists the FilePvLastSignState to its filePath.

type HRSKey 

type HRSKey struct {
	Height int64
	Round  int64
	Step   int8
}

HRSKey represents the key for the HRS metadata map.

func (HRSKey) GreaterThan 

func (hrs HRSKey) GreaterThan(other HRSKey) bool

GreaterThan returns true if the HRSKey is greater than the other HRSKey.

func (HRSKey) LessThan 

func (hrs HRSKey) LessThan(other HRSKey) bool

LessThan returns true if the HRSKey is less than the other HRSKey.

type HRSTKey 

type HRSTKey struct {
	Height    int64
	Round     int64
	Step      int8
	Timestamp int64
}

HRSTKey represents the HRS metadata key with a timestamp.

func HRSTKeyFromProto 

func HRSTKeyFromProto(hrs *proto.HRST) HRSTKey

HRSTKeyFromProto returns a HRSTKey from a proto.HRST.

func (HRSTKey) HRSKey 

func (hrst HRSTKey) HRSKey() HRSKey

HRSKey returns the HRSKey portion of the HRSTKey.

type HeightRegressionError 

type HeightRegressionError struct {
	// contains filtered or unexported fields
}

func (*HeightRegressionError) Error 

func (e *HeightRegressionError) Error() string

type Leader 

type Leader interface {
	// IsLeader returns true if the cosigner is the leader.
	IsLeader() bool

	// ShareSigned shares the last signed state with the other cosigners.
	ShareSigned(lss ChainSignStateConsensus) error

	// Get current leader
	GetLeader() int
}

Leader is an interface for the detecting if the current cosigner is the leader and performing leader actions.

type LocalCosigner 

type LocalCosigner struct {
	// contains filtered or unexported fields
}

LocalCosigner responds to sign requests. It maintains a high watermark to avoid double-signing. Signing is thread safe.

func NewLocalCosigner 

func NewLocalCosigner(
	logger cometlog.Logger,
	config *RuntimeConfig,
	security CosignerSecurity,
	address string,
) *LocalCosigner

func (*LocalCosigner) CombineSignatures 

func (cosigner *LocalCosigner) CombineSignatures(chainID string, signatures []PartialSignature) ([]byte, error)

CombineSignatures combines partial signatures into a full signature.

func (*LocalCosigner) GetAddress 

func (cosigner *LocalCosigner) GetAddress() string

GetAddress returns the RPC URL of the cosigner Implements Cosigner interface

func (*LocalCosigner) GetID 

func (cosigner *LocalCosigner) GetID() int

GetID returns the id of the cosigner Implements Cosigner interface

func (*LocalCosigner) GetNonces 

func (cosigner *LocalCosigner) GetNonces(
	_ context.Context,
	uuids []uuid.UUID,
) (CosignerUUIDNoncesMultiple, error)

GetNonces returns the nonces for the given UUIDs, generating if necessary.

func (*LocalCosigner) GetPubKey 

func (cosigner *LocalCosigner) GetPubKey(chainID string) (cometcrypto.PubKey, error)

GetPubKey returns public key of the validator. Implements Cosigner interface

func (*LocalCosigner) LoadSignStateIfNecessary 

func (cosigner *LocalCosigner) LoadSignStateIfNecessary(chainID string) error

func (*LocalCosigner) SaveLastSignedState 

func (cosigner *LocalCosigner) SaveLastSignedState(chainID string, signState SignStateConsensus) error

Save updates the high watermark height/round/step (HRS) if it is greater than the current high watermark. A mutex is used to avoid concurrent state updates. The disk write is scheduled in a separate goroutine which will perform an atomic write. pendingDiskWG is used upon termination in pendingDiskWG to ensure all writes have completed.

func (*LocalCosigner) SetNoncesAndSign 

func (cosigner *LocalCosigner) SetNoncesAndSign(
	_ context.Context,
	req CosignerSetNoncesAndSignRequest) (*CosignerSignResponse, error)

func (*LocalCosigner) StartNoncePruner 

func (cosigner *LocalCosigner) StartNoncePruner(ctx context.Context)

StartNoncePruner periodically prunes nonces that have expired.

func (*LocalCosigner) VerifySignature 

func (cosigner *LocalCosigner) VerifySignature(chainID string, payload, signature []byte) bool

VerifySignature validates a signed payload against the public key. Implements Cosigner interface

type MockLeader 

type MockLeader struct {
	// contains filtered or unexported fields
}

func (*MockLeader) GetLeader 

func (m *MockLeader) GetLeader() int

func (*MockLeader) IsLeader 

func (m *MockLeader) IsLeader() bool

func (*MockLeader) SetLeader 

func (m *MockLeader) SetLeader(tv *ThresholdValidator)

func (*MockLeader) ShareSigned 

func (m *MockLeader) ShareSigned(_ ChainSignStateConsensus) error

type Nonce 

type Nonce struct {
	ID     int
	Share  []byte
	PubKey []byte
}

Nonce is the ephemeral information from another cosigner destined for this cosigner.

type NonceCache 

type NonceCache struct {
	// contains filtered or unexported fields
}

func (*NonceCache) Add 

func (nc *NonceCache) Add(cn *CachedNonce)

func (*NonceCache) Delete 

func (nc *NonceCache) Delete(index int)

func (*NonceCache) PruneNonces 

func (nc *NonceCache) PruneNonces() int

func (*NonceCache) Size 

func (nc *NonceCache) Size() int

type NonceCachePruner 

type NonceCachePruner interface {
	PruneNonces() int
}

type Nonces 

type Nonces struct {
	PubKey []byte
	Shares [][]byte
}

Nonces contains the ephemeral information generated by one cosigner for all other cosigners.

func GenerateNonces 

func GenerateNonces(threshold, total uint8) (Nonces, error)

type NoncesWithExpiration 

type NoncesWithExpiration struct {
	Expiration time.Time
	Nonces     []Nonces
}

type PartialSignature 

type PartialSignature struct {
	ID        int
	Signature []byte
}

PartialSignature contains the signature and identifier for a piece of the combined signature.

type PrivValidator 

type PrivValidator interface {
	Sign(ctx context.Context, chainID string, block Block) ([]byte, []byte, time.Time, error)
	GetPubKey(ctx context.Context, chainID string) ([]byte, error)
	Stop()
}

PrivValidator is a wrapper for tendermint PrivValidator, with additional Stop method for safe shutdown.

type RaftStore 

type RaftStore struct {
	service.BaseService

	NodeID      string
	RaftDir     string
	RaftBind    string
	RaftTimeout time.Duration
	Cosigners   []Cosigner
	// contains filtered or unexported fields
}

Store is a simple key-value store, where all changes are made via Raft consensus.

func NewRaftStore 

func NewRaftStore(
	nodeID string, directory string, bindAddress string, timeout time.Duration,
	logger log.Logger, cosigner *LocalCosigner, cosigners []Cosigner) *RaftStore

New returns a new Store.

func (*RaftStore) Delete 

func (s *RaftStore) Delete(key string) error

Delete deletes the given key.

func (*RaftStore) Emit 

func (s *RaftStore) Emit(key string, value interface{}) error

func (*RaftStore) Get 

func (s *RaftStore) Get(key string) (string, error)

Get returns the value for the given key.

func (*RaftStore) GetLeader 

func (s *RaftStore) GetLeader() int

func (*RaftStore) IsLeader 

func (s *RaftStore) IsLeader() bool

func (*RaftStore) Join 

func (s *RaftStore) Join(nodeID, addr string) error

Join joins a node, identified by nodeID and located at addr, to this store. The node must be ready to respond to Raft communications at that address.

func (*RaftStore) OnStart 

func (s *RaftStore) OnStart() error

OnStart starts the raft server

func (*RaftStore) Open 

func (s *RaftStore) Open() (*raftgrpctransport.Manager, error)

Open opens the store. If enableSingle is set, and there are no existing peers, then this node becomes the first node, and therefore leader, of the cluster. localID should be the server identifier for this node.

func (*RaftStore) Set 

func (s *RaftStore) Set(key, value string) error

Set sets the value for the given key.

func (*RaftStore) SetThresholdValidator 

func (s *RaftStore) SetThresholdValidator(thresholdValidator *ThresholdValidator)

func (*RaftStore) ShareSigned 

func (s *RaftStore) ShareSigned(lss ChainSignStateConsensus) error

type ReconnRemoteSigner 

type ReconnRemoteSigner struct {
	cometservice.BaseService
	// contains filtered or unexported fields
}

ReconnRemoteSigner dials using its dialer and responds to any signature requests using its privVal.

func NewReconnRemoteSigner 

func NewReconnRemoteSigner(
	address string,
	logger cometlog.Logger,
	privVal PrivValidator,
	dialer net.Dialer,
	maxReadSize int,
) *ReconnRemoteSigner

NewReconnRemoteSigner return a ReconnRemoteSigner that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.

If the connection is broken, the ReconnRemoteSigner will attempt to reconnect.

func (*ReconnRemoteSigner) OnStart 

func (rs *ReconnRemoteSigner) OnStart() error

OnStart implements cmn.Service.

func (*ReconnRemoteSigner) OnStop 

func (rs *ReconnRemoteSigner) OnStop()

OnStop implements cmn.Service.

type RemoteCosigner 

type RemoteCosigner struct {
	// contains filtered or unexported fields
}

RemoteCosigner uses CosignerGRPC to request signing from a remote cosigner

func NewRemoteCosigner 

func NewRemoteCosigner(id int, address string) (*RemoteCosigner, error)

NewRemoteCosigner returns a newly initialized RemoteCosigner

func (*RemoteCosigner) GetAddress 

func (cosigner *RemoteCosigner) GetAddress() string

GetAddress returns the P2P URL of the remote cosigner Implements the cosigner interface

func (*RemoteCosigner) GetID 

func (cosigner *RemoteCosigner) GetID() int

GetID returns the ID of the remote cosigner Implements the cosigner interface

func (*RemoteCosigner) GetNonces 

func (cosigner *RemoteCosigner) GetNonces(
	ctx context.Context,
	uuids []uuid.UUID,
) (CosignerUUIDNoncesMultiple, error)

Implements the cosigner interface

func (*RemoteCosigner) GetPubKey 

func (cosigner *RemoteCosigner) GetPubKey(_ string) (cometcrypto.PubKey, error)

GetPubKey returns public key of the validator. Implements Cosigner interface

func (*RemoteCosigner) SetNoncesAndSign 

func (cosigner *RemoteCosigner) SetNoncesAndSign(
	ctx context.Context,
	req CosignerSetNoncesAndSignRequest) (*CosignerSignResponse, error)

Implements the cosigner interface

func (*RemoteCosigner) Sign 

func (cosigner *RemoteCosigner) Sign(
	ctx context.Context,
	req CosignerSignBlockRequest,
) (*CosignerSignBlockResponse, error)

func (*RemoteCosigner) VerifySignature 

func (cosigner *RemoteCosigner) VerifySignature(_ string, _, _ []byte) bool

VerifySignature validates a signed payload against the public key. Implements Cosigner interface

type RemoteSignerGRPCServer 

type RemoteSignerGRPCServer struct {
	cometservice.BaseService

	proto.UnimplementedRemoteSignerServer
	// contains filtered or unexported fields
}

func NewRemoteSignerGRPCServer 

func NewRemoteSignerGRPCServer(
	logger cometlog.Logger,
	validator PrivValidator,
	listenAddr string,
) *RemoteSignerGRPCServer

func (*RemoteSignerGRPCServer) OnStart 

func (s *RemoteSignerGRPCServer) OnStart() error

func (*RemoteSignerGRPCServer) OnStop 

func (s *RemoteSignerGRPCServer) OnStop()

func (*RemoteSignerGRPCServer) PubKey 

func (s *RemoteSignerGRPCServer) PubKey(ctx context.Context, req *proto.PubKeyRequest) (*proto.PubKeyResponse, error)

func (*RemoteSignerGRPCServer) Sign 

func (s *RemoteSignerGRPCServer) Sign(
	ctx context.Context,
	req *proto.SignBlockRequest,
) (*proto.SignBlockResponse, error)

type RoundRegressionError 

type RoundRegressionError struct {
	// contains filtered or unexported fields
}

func (*RoundRegressionError) Error 

func (e *RoundRegressionError) Error() string

type RuntimeConfig 

type RuntimeConfig struct {
	HomeDir    string
	ConfigFile string
	StateDir   string
	PidFile    string
	Config     Config
}

func (RuntimeConfig) CosignerSecurityECIES 

func (c RuntimeConfig) CosignerSecurityECIES() (*CosignerSecurityECIES, error)

func (RuntimeConfig) CosignerSecurityRSA 

func (c RuntimeConfig) CosignerSecurityRSA() (*CosignerSecurityRSA, error)

func (RuntimeConfig) CosignerStateFile 

func (c RuntimeConfig) CosignerStateFile(chainID string) string

func (RuntimeConfig) KeyFileExistsCosigner 

func (c RuntimeConfig) KeyFileExistsCosigner(chainID string) (string, error)

func (RuntimeConfig) KeyFileExistsCosignerECIES 

func (c RuntimeConfig) KeyFileExistsCosignerECIES() (string, error)

func (RuntimeConfig) KeyFileExistsCosignerRSA 

func (c RuntimeConfig) KeyFileExistsCosignerRSA() (string, error)

func (RuntimeConfig) KeyFileExistsSingleSigner 

func (c RuntimeConfig) KeyFileExistsSingleSigner(chainID string) (string, error)

func (RuntimeConfig) KeyFilePathCosigner 

func (c RuntimeConfig) KeyFilePathCosigner(chainID string) string

func (RuntimeConfig) KeyFilePathCosignerECIES 

func (c RuntimeConfig) KeyFilePathCosignerECIES() string

func (RuntimeConfig) KeyFilePathCosignerRSA 

func (c RuntimeConfig) KeyFilePathCosignerRSA() string

func (RuntimeConfig) KeyFilePathSingleSigner 

func (c RuntimeConfig) KeyFilePathSingleSigner(chainID string) string

func (RuntimeConfig) PrivValStateFile 

func (c RuntimeConfig) PrivValStateFile(chainID string) string

func (RuntimeConfig) WriteConfigFile 

func (c RuntimeConfig) WriteConfigFile() error

type SameBlockError 

type SameBlockError struct {
	// contains filtered or unexported fields
}

func (*SameBlockError) Error 

func (e *SameBlockError) Error() string

type SameHRSError 

type SameHRSError struct {
	// contains filtered or unexported fields
}

func (*SameHRSError) Error 

func (e *SameHRSError) Error() string

type SignMode 

type SignMode string
const (
	SignModeThreshold SignMode = "threshold"
	SignModeSingle    SignMode = "single"
)

type SignState 

type SignState struct {
	Height                 int64               `json:"height"`
	Round                  int64               `json:"round"`
	Step                   int8                `json:"step"`
	NoncePublic            []byte              `json:"nonce_public"`
	Signature              []byte              `json:"signature,omitempty"`
	SignBytes              cometbytes.HexBytes `json:"signbytes,omitempty"`
	VoteExtensionSignature []byte              `json:"vote_ext_signature,omitempty"`
	// contains filtered or unexported fields
}

SignState stores signing information for high level watermark management.

func LoadOrCreateSignState 

func LoadOrCreateSignState(filepath string) (*SignState, error)

LoadOrCreateSignState loads the sign state from filepath If the sign state could not be loaded, an empty sign state is initialized and saved to filepath.

func LoadSignState 

func LoadSignState(filepath string) (*SignState, error)

LoadSignState loads a sign state from disk.

func (*SignState) CheckHRS 

func (signState *SignState) CheckHRS(hrst HRSTKey) (bool, error)

CheckHRS checks the given height, round, step (HRS) against that of the SignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. Returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.

func (*SignState) FreshCache 

func (signState *SignState) FreshCache() *SignState

FreshCache returns a clone of a SignState with a new cache including the most recent sign state.

func (*SignState) GetErrorIfLessOrEqual 

func (signState *SignState) GetErrorIfLessOrEqual(height int64, round int64, step int8) error

func (*SignState) GetFromCache 

func (signState *SignState) GetFromCache(hrs HRSKey) (HRSKey, *SignStateConsensus)

GetFromCache will return the latest signed block within the SignState and the relevant SignStateConsensus from the cache, if present.

func (*SignState) HRSKey 

func (signState *SignState) HRSKey() HRSKey

func (*SignState) OnlyDifferByTimestamp 

func (signState *SignState) OnlyDifferByTimestamp(signBytes []byte) error

OnlyDifferByTimestamp returns true if the sign bytes of the sign state are the same as the new sign bytes excluding the timestamp.

func (*SignState) Save 

func (signState *SignState) Save(
	ssc SignStateConsensus,
	pendingDiskWG *sync.WaitGroup,
) error

Save updates the high watermark height/round/step (HRS) if it is greater than the current high watermark. If pendingDiskWG is provided, the write operation will be a separate goroutine (async). This allows pendingDiskWG to be used to .Wait() for all pending SignState disk writes.

type SignStateConsensus 

type SignStateConsensus struct {
	Height                 int64
	Round                  int64
	Step                   int8
	Signature              []byte
	VoteExtensionSignature []byte
	SignBytes              cometbytes.HexBytes
}

func NewSignStateConsensus 

func NewSignStateConsensus(height int64, round int64, step int8) SignStateConsensus

func (SignStateConsensus) HRSKey 

func (signState SignStateConsensus) HRSKey() HRSKey

func (*SignStateConsensus) OnlyDifferByTimestamp 

func (signState *SignStateConsensus) OnlyDifferByTimestamp(signBytes []byte) error

type SingleSignerChainState 

type SingleSignerChainState struct {
	// contains filtered or unexported fields
}

SingleSignerChainState holds the priv validator and associated mutex for a single chain.

type SingleSignerValidator 

type SingleSignerValidator struct {
	// contains filtered or unexported fields
}

SingleSignerValidator guards access to an underlying PrivValidator by using mutexes for each of the PrivValidator interface functions

func NewSingleSignerValidator 

func NewSingleSignerValidator(config *RuntimeConfig) *SingleSignerValidator

NewSingleSignerValidator constructs a validator for single-sign mode (not recommended). NewThresholdValidator is recommended, but single-sign mode can be used for convenience.

func (*SingleSignerValidator) GetPubKey 

func (pv *SingleSignerValidator) GetPubKey(_ context.Context, chainID string) ([]byte, error)

GetPubKey implements types.PrivValidator

func (*SingleSignerValidator) Sign 

func (pv *SingleSignerValidator) Sign(
	_ context.Context,
	chainID string,
	block Block) (
	[]byte,
	[]byte,
	time.Time,
	error,
)

SignVote implements types.PrivValidator

func (*SingleSignerValidator) Stop 

func (pv *SingleSignerValidator) Stop()

type StepRegressionError 

type StepRegressionError struct {
	// contains filtered or unexported fields
}

func (*StepRegressionError) Error 

func (e *StepRegressionError) Error() string

type StillWaitingForBlockError 

type StillWaitingForBlockError struct {
	// contains filtered or unexported fields
}

func (*StillWaitingForBlockError) Error 

func (e *StillWaitingForBlockError) Error() string

type ThresholdModeConfig 

type ThresholdModeConfig struct {
	Threshold   int             `yaml:"threshold"`
	Cosigners   CosignersConfig `yaml:"cosigners"`
	GRPCTimeout string          `yaml:"grpcTimeout"`
	RaftTimeout string          `yaml:"raftTimeout"`
}

ThresholdModeConfig is the on disk config format for threshold sign mode.

func (*ThresholdModeConfig) LeaderElectMultiAddress 

func (cfg *ThresholdModeConfig) LeaderElectMultiAddress() (string, error)

type ThresholdSigner 

type ThresholdSigner interface {
	// PubKey returns the public key bytes for the combination of all cosigners.
	PubKey() []byte

	// Sign signs a byte payload with the provided nonces.
	Sign(nonces []Nonce, payload []byte) ([]byte, error)

	// CombineSignatures combines multiple partial signatures to a full signature.
	CombineSignatures([]PartialSignature) ([]byte, error)
}

Interface for the local signer whether it's a soft sign or HSM

type ThresholdSignerSoft 

type ThresholdSignerSoft struct {
	// contains filtered or unexported fields
}

func NewThresholdSignerSoft 

func NewThresholdSignerSoft(config *RuntimeConfig, id int, chainID string) (*ThresholdSignerSoft, error)

func (*ThresholdSignerSoft) CombineSignatures 

func (s *ThresholdSignerSoft) CombineSignatures(signatures []PartialSignature) ([]byte, error)

func (*ThresholdSignerSoft) PubKey 

func (s *ThresholdSignerSoft) PubKey() []byte

func (*ThresholdSignerSoft) Sign 

func (s *ThresholdSignerSoft) Sign(nonces []Nonce, payload []byte) ([]byte, error)

type ThresholdValidator 

type ThresholdValidator struct {
	// contains filtered or unexported fields
}

func NewThresholdValidator 

func NewThresholdValidator(
	logger log.Logger,
	config *RuntimeConfig,
	threshold int,
	grpcTimeout time.Duration,
	maxWaitForSameBlockAttempts int,
	myCosigner *LocalCosigner,
	peerCosigners []Cosigner,
	leader Leader,
) *ThresholdValidator

NewThresholdValidator creates and returns a new ThresholdValidator

func (*ThresholdValidator) GetPubKey 

func (pv *ThresholdValidator) GetPubKey(_ context.Context, chainID string) ([]byte, error)

GetPubKey returns the public key of the validator. Implements PrivValidator.

func (*ThresholdValidator) LoadSignStateIfNecessary 

func (pv *ThresholdValidator) LoadSignStateIfNecessary(chainID string) error

func (*ThresholdValidator) SaveLastSignedState 

func (pv *ThresholdValidator) SaveLastSignedState(chainID string, signState SignStateConsensus) error

SaveLastSignedState updates the high watermark height/round/step (HRS) for a completed sign process if it is greater than the current high watermark. A mutex is used to avoid concurrent state updates. The disk write is scheduled in a separate goroutine which will perform an atomic write. pendingDiskWG is used upon termination in pendingDiskWG to ensure all writes have completed.

func (*ThresholdValidator) SaveLastSignedStateInitiated 

func (pv *ThresholdValidator) SaveLastSignedStateInitiated(
	chainID string,
	block *Block,
) ([]byte, []byte, time.Time, error)

SaveLastSignedStateInitiated updates the high watermark height/round/step (HRS) for an initiated sign process if it is greater than the current high watermark. A mutex is used to avoid concurrent state updates. The disk write is scheduled in a separate goroutine which will perform an atomic write. pendingDiskWG is used upon termination in pendingDiskWG to ensure all writes have completed.

func (*ThresholdValidator) Sign 

func (pv *ThresholdValidator) Sign(
	ctx context.Context,
	chainID string,
	block Block,
) ([]byte, []byte, time.Time, error)

func (*ThresholdValidator) Start 

func (pv *ThresholdValidator) Start(ctx context.Context) error

Start starts the ThresholdValidator.

func (*ThresholdValidator) Stop 

func (pv *ThresholdValidator) Stop()

Stop safely shuts down the ThresholdValidator.

type UnmarshalError 

type UnmarshalError struct {
	// contains filtered or unexported fields
}

func (*UnmarshalError) Error 

func (e *UnmarshalError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
multiresolver package allows you to Dial to multiple hosts/IPs as a single ClientConn.
 multiresolver package allows you to Dial to multiple hosts/IPs as a single ClientConn.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.