Documentation ¶
Overview ¶
Package privval provides different implementations of the types.PrivValidator.
FilePV ¶
FilePV is the simplest implementation and developer default. It uses one file for the private key and another to store state.
SocketVal ¶
SocketVal establishes a connection to an external process, like a Key Management Server (KMS), using a socket. SocketVal listens for the external KMS process to dial in. SocketVal takes a listener, which determines the type of connection (ie. encrypted over tcp, or unencrypted over unix).
RemoteSigner ¶
RemoteSigner is a simple wrapper around a net.Conn. It's used by both IPCVal and TCPVal.
Index ¶
- Variables
- func IsConnTimeout(err error) bool
- func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener
- func NewUnixListener(ln net.Listener) *unixListener
- func RegisterRemoteSignerMsg(cdc *amino.Codec)
- type Dialer
- type FilePV
- func (pv *FilePV) GetAddress() types.Address
- func (pv *FilePV) GetPubKey() crypto.PubKey
- func (pv *FilePV) Reset()
- func (pv *FilePV) Save()
- func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error
- func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error
- func (pv *FilePV) String() string
- type FilePVKey
- type FilePVLastSignState
- type OldFilePV
- type PingRequest
- type PingResponse
- type PubKeyRequest
- type PubKeyResponse
- type RemoteSigner
- type RemoteSignerClient
- func (sc *RemoteSignerClient) Close() error
- func (sc *RemoteSignerClient) GetPubKey() crypto.PubKey
- func (sc *RemoteSignerClient) Ping() error
- func (sc *RemoteSignerClient) SignProposal(chainID string, proposal *types.Proposal) error
- func (sc *RemoteSignerClient) SignVote(chainID string, vote *types.Vote) error
- type RemoteSignerError
- type RemoteSignerMsg
- type RemoteSignerOption
- type SignProposalRequest
- type SignVoteRequest
- type SignedProposalResponse
- type SignedVoteResponse
- type SocketVal
- func (sc *SocketVal) Close()
- func (sc *SocketVal) GetPubKey() crypto.PubKey
- func (sc *SocketVal) OnStart() error
- func (sc *SocketVal) OnStop()
- func (sc *SocketVal) Ping() error
- func (sc *SocketVal) SignProposal(chainID string, proposal *types.Proposal) error
- func (sc *SocketVal) SignVote(chainID string, vote *types.Vote) error
- type SocketValOption
- type TCPListenerOption
- type UnixListenerOption
Constants ¶
This section is empty.
Variables ¶
var (
ErrConnTimeout = errors.New("remote signer timed out")
)
Socket errors.
var (
ErrDialRetryMax = errors.New("dialed maximum retries")
)
Socket errors.
var (
ErrUnexpectedResponse = errors.New("received unexpected response")
)
Socket errors.
Functions ¶
func IsConnTimeout ¶ added in v0.29.2
IsConnTimeout returns a boolean indicating whether the error is known to report that a connection timeout occurred. This detects both fundamental network timeouts, as well as ErrConnTimeout errors.
func NewTCPListener ¶ added in v0.29.2
func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener
NewTCPListener returns a listener that accepts authenticated encrypted connections using the given secretConnKey and the default timeout values.
func NewUnixListener ¶ added in v0.29.2
NewUnixListener returns a listener that accepts unencrypted connections using the default timeout values.
func RegisterRemoteSignerMsg ¶
Types ¶
type Dialer ¶ added in v0.29.2
Dialer dials a remote address and returns a net.Conn or an error.
func DialTCPFn ¶ added in v0.29.2
DialTCPFn dials the given tcp addr, using the given connTimeout and privKey for the authenticated encryption handshake.
func DialUnixFn ¶ added in v0.29.2
DialUnixFn dials the given unix socket.
type FilePV ¶
type FilePV struct { Key FilePVKey LastSignState FilePVLastSignState }
FilePV implements PrivValidator using data persisted to disk to prevent double signing. NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist. It includes the LastSignature and LastSignBytes so we don't lose the signature if the process crashes after signing but before the resulting consensus message is processed.
func GenFilePV ¶
GenFilePV generates a new validator with randomly generated private key and sets the filePaths, but does not call Save().
func LoadFilePV ¶
LoadFilePV loads a FilePV from the filePaths. The FilePV handles double signing prevention by persisting data to the stateFilePath. If either file path does not exist, the program will exit.
func LoadFilePVEmptyState ¶ added in v0.29.2
LoadFilePVEmptyState loads a FilePV from the given keyFilePath, with an empty LastSignState. If the keyFilePath does not exist, the program will exit.
func LoadOrGenFilePV ¶
LoadOrGenFilePV loads a FilePV from the given filePaths or else generates a new one and saves it to the filePaths.
func (*FilePV) GetAddress ¶
GetAddress returns the address of the validator. Implements PrivValidator.
func (*FilePV) GetPubKey ¶
GetPubKey returns the public key of the validator. Implements PrivValidator.
func (*FilePV) Reset ¶
func (pv *FilePV) Reset()
Reset resets all fields in the FilePV. NOTE: Unsafe!
func (*FilePV) SignProposal ¶
SignProposal signs a canonical representation of the proposal, along with the chainID. Implements PrivValidator.
type FilePVKey ¶ added in v0.29.2
type FilePVKey struct { Address types.Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` PrivKey crypto.PrivKey `json:"priv_key"` // contains filtered or unexported fields }
FilePVKey stores the immutable part of PrivValidator.
type FilePVLastSignState ¶ added in v0.29.2
type FilePVLastSignState struct { Height int64 `json:"height"` Round int `json:"round"` Step int8 `json:"step"` Signature []byte `json:"signature,omitempty"` SignBytes cmn.HexBytes `json:"signbytes,omitempty"` // contains filtered or unexported fields }
FilePVLastSignState stores the mutable part of PrivValidator.
func (*FilePVLastSignState) CheckHRS ¶ added in v0.29.2
CheckHRS checks the given height, round, step (HRS) against that of the FilePVLastSignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. The returned boolean indicates whether the last Signature should be reused - it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.
func (*FilePVLastSignState) Save ¶ added in v0.29.2
func (lss *FilePVLastSignState) Save()
Save persists the FilePvLastSignState to its filePath.
type OldFilePV ¶ added in v0.29.2
type OldFilePV struct { Address types.Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` LastHeight int64 `json:"last_height"` LastRound int `json:"last_round"` LastStep int8 `json:"last_step"` LastSignature []byte `json:"last_signature,omitempty"` LastSignBytes cmn.HexBytes `json:"last_signbytes,omitempty"` PrivKey crypto.PrivKey `json:"priv_key"` // contains filtered or unexported fields }
OldFilePV is the old version of the FilePV, pre v0.28.0.
func LoadOldFilePV ¶ added in v0.29.2
LoadOldFilePV loads an OldFilePV from the filePath.
type PingRequest ¶
type PingRequest struct { }
PingRequest is a PrivValidatorSocket message to keep the connection alive.
type PingResponse ¶
type PingResponse struct { }
type PubKeyRequest ¶ added in v0.29.2
type PubKeyRequest struct{}
PubKeyRequest requests the consensus public key from the remote signer.
type PubKeyResponse ¶ added in v0.29.2
type PubKeyResponse struct { PubKey crypto.PubKey Error *RemoteSignerError }
PubKeyResponse is a PrivValidatorSocket message containing the public key.
type RemoteSigner ¶
type RemoteSigner struct { cmn.BaseService // contains filtered or unexported fields }
RemoteSigner dials using its dialer and responds to any signature requests using its privVal.
func NewRemoteSigner ¶
func NewRemoteSigner( logger log.Logger, chainID string, privVal types.PrivValidator, dialer Dialer, ) *RemoteSigner
NewRemoteSigner return a RemoteSigner that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.
func (*RemoteSigner) OnStart ¶
func (rs *RemoteSigner) OnStart() error
OnStart implements cmn.Service.
type RemoteSignerClient ¶
type RemoteSignerClient struct {
// contains filtered or unexported fields
}
RemoteSignerClient implements PrivValidator. It uses a net.Conn to request signatures from an external process.
func NewRemoteSignerClient ¶
func NewRemoteSignerClient(conn net.Conn) (*RemoteSignerClient, error)
NewRemoteSignerClient returns an instance of RemoteSignerClient.
func (*RemoteSignerClient) Close ¶ added in v0.29.2
func (sc *RemoteSignerClient) Close() error
Close calls Close on the underlying net.Conn.
func (*RemoteSignerClient) GetPubKey ¶
func (sc *RemoteSignerClient) GetPubKey() crypto.PubKey
GetPubKey implements PrivValidator.
func (*RemoteSignerClient) Ping ¶
func (sc *RemoteSignerClient) Ping() error
Ping is used to check connection health.
func (*RemoteSignerClient) SignProposal ¶
func (sc *RemoteSignerClient) SignProposal( chainID string, proposal *types.Proposal, ) error
SignProposal implements PrivValidator.
type RemoteSignerError ¶
type RemoteSignerError struct { // TODO(ismail): create an enum of known errors Code int Description string }
RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.
func (*RemoteSignerError) Error ¶
func (e *RemoteSignerError) Error() string
type RemoteSignerMsg ¶
type RemoteSignerMsg interface{}
RemoteSignerMsg is sent between RemoteSigner and the RemoteSigner client.
type RemoteSignerOption ¶
type RemoteSignerOption func(*RemoteSigner)
RemoteSignerOption sets an optional parameter on the RemoteSigner.
func RemoteSignerConnDeadline ¶
func RemoteSignerConnDeadline(deadline time.Duration) RemoteSignerOption
RemoteSignerConnDeadline sets the read and write deadline for connections from external signing processes.
func RemoteSignerConnRetries ¶
func RemoteSignerConnRetries(retries int) RemoteSignerOption
RemoteSignerConnRetries sets the amount of attempted retries to connect.
type SignProposalRequest ¶
SignProposalRequest is a PrivValidatorSocket message containing a Proposal.
type SignVoteRequest ¶
SignVoteRequest is a PrivValidatorSocket message containing a vote.
type SignedProposalResponse ¶
type SignedProposalResponse struct { Proposal *types.Proposal Error *RemoteSignerError }
type SignedVoteResponse ¶
type SignedVoteResponse struct { Vote *types.Vote Error *RemoteSignerError }
SignedVoteResponse is a PrivValidatorSocket message containing a signed vote along with a potenial error message.
type SocketVal ¶ added in v0.29.2
type SocketVal struct { cmn.BaseService // contains filtered or unexported fields }
SocketVal implements PrivValidator. It listens for an external process to dial in and uses the socket to request signatures.
func NewSocketVal ¶ added in v0.29.2
NewSocketVal returns an instance of SocketVal.
func (*SocketVal) Close ¶ added in v0.29.2
func (sc *SocketVal) Close()
Close closes the underlying net.Conn.
func (*SocketVal) OnStop ¶ added in v0.29.2
func (sc *SocketVal) OnStop()
OnStop implements cmn.Service.
func (*SocketVal) SignProposal ¶ added in v0.29.2
SignProposal implements PrivValidator.
type SocketValOption ¶ added in v0.29.2
type SocketValOption func(*SocketVal)
SocketValOption sets an optional parameter on the SocketVal.
func SocketValHeartbeat ¶ added in v0.29.2
func SocketValHeartbeat(period time.Duration) SocketValOption
SocketValHeartbeat sets the period on which to check the liveness of the connected Signer connections.
type TCPListenerOption ¶ added in v0.29.2
type TCPListenerOption func(*tcpListener)
TCPListenerOption sets an optional parameter on the tcpListener.
func TCPListenerAcceptDeadline ¶ added in v0.29.2
func TCPListenerAcceptDeadline(deadline time.Duration) TCPListenerOption
TCPListenerAcceptDeadline sets the deadline for the listener. A zero time value disables the deadline.
func TCPListenerConnDeadline ¶ added in v0.29.2
func TCPListenerConnDeadline(deadline time.Duration) TCPListenerOption
TCPListenerConnDeadline sets the read and write deadline for connections from external signing processes.
type UnixListenerOption ¶ added in v0.29.2
type UnixListenerOption func(*unixListener)
func UnixListenerAcceptDeadline ¶ added in v0.29.2
func UnixListenerAcceptDeadline(deadline time.Duration) UnixListenerOption
UnixListenerAcceptDeadline sets the deadline for the listener. A zero time value disables the deadline.
func UnixListenerConnDeadline ¶ added in v0.29.2
func UnixListenerConnDeadline(deadline time.Duration) UnixListenerOption
UnixListenerConnDeadline sets the read and write deadline for connections from external signing processes.