privval

package
v0.31.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 9, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package privval provides different implementations of the types.PrivValidator.

FilePV

FilePV is the simplest implementation and developer default. It uses one file for the private key and another to store state.

SignerValidatorEndpoint

SignerValidatorEndpoint establishes a connection to an external process, like a Key Management Server (KMS), using a socket. SignerValidatorEndpoint listens for the external KMS process to dial in. SignerValidatorEndpoint takes a listener, which determines the type of connection (ie. encrypted over tcp, or unencrypted over unix).

SignerServiceEndpoint

SignerServiceEndpoint is a simple wrapper around a net.Conn. It's used by both IPCVal and TCPVal.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrUnexpectedResponse = fmt.Errorf("received unexpected response")
	ErrConnTimeout        = fmt.Errorf("remote signer timed out")
)

Socket errors.

View Source
var (
	ErrDialRetryMax = errors.New("dialed maximum retries")
)

Socket errors.

Functions

func IsConnTimeout

func IsConnTimeout(err error) bool

IsConnTimeout returns a boolean indicating whether the error is known to report that a connection timeout occurred. This detects both fundamental network timeouts, as well as ErrConnTimeout errors.

func NewTCPListener

func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener

NewTCPListener returns a listener that accepts authenticated encrypted connections using the given secretConnKey and the default timeout values.

func NewUnixListener

func NewUnixListener(ln net.Listener) *unixListener

NewUnixListener returns a listener that accepts unencrypted connections using the default timeout values.

func RegisterRemoteSignerMsg

func RegisterRemoteSignerMsg(cdc *amino.Codec)

Types

type FilePV

type FilePV struct {
	Key           FilePVKey
	LastSignState FilePVLastSignState
}

FilePV implements PrivValidator using data persisted to disk to prevent double signing. NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist. It includes the LastSignature and LastSignBytes so we don't lose the signature if the process crashes after signing but before the resulting consensus message is processed.

func GenFilePV

func GenFilePV(keyFilePath, stateFilePath string) *FilePV

GenFilePV generates a new validator with randomly generated private key and sets the filePaths, but does not call Save().

func LoadFilePV

func LoadFilePV(keyFilePath, stateFilePath string) *FilePV

LoadFilePV loads a FilePV from the filePaths. The FilePV handles double signing prevention by persisting data to the stateFilePath. If either file path does not exist, the program will exit.

func LoadFilePVEmptyState

func LoadFilePVEmptyState(keyFilePath, stateFilePath string) *FilePV

LoadFilePVEmptyState loads a FilePV from the given keyFilePath, with an empty LastSignState. If the keyFilePath does not exist, the program will exit.

func LoadOrGenFilePV

func LoadOrGenFilePV(keyFilePath, stateFilePath string) *FilePV

LoadOrGenFilePV loads a FilePV from the given filePaths or else generates a new one and saves it to the filePaths.

func (*FilePV) GetAddress

func (pv *FilePV) GetAddress() types.Address

GetAddress returns the address of the validator. Implements PrivValidator.

func (*FilePV) GetPubKey

func (pv *FilePV) GetPubKey() crypto.PubKey

GetPubKey returns the public key of the validator. Implements PrivValidator.

func (*FilePV) Reset

func (pv *FilePV) Reset()

Reset resets all fields in the FilePV. NOTE: Unsafe!

func (*FilePV) Save

func (pv *FilePV) Save()

Save persists the FilePV to disk.

func (*FilePV) SignProposal

func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal signs a canonical representation of the proposal, along with the chainID. Implements PrivValidator.

func (*FilePV) SignVote

func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error

SignVote signs a canonical representation of the vote, along with the chainID. Implements PrivValidator.

func (*FilePV) String

func (pv *FilePV) String() string

String returns a string representation of the FilePV.

type FilePVKey

type FilePVKey struct {
	Address types.Address  `json:"address"`
	PubKey  crypto.PubKey  `json:"pub_key"`
	PrivKey crypto.PrivKey `json:"priv_key"`
	// contains filtered or unexported fields
}

FilePVKey stores the immutable part of PrivValidator.

func (FilePVKey) Save

func (pvKey FilePVKey) Save()

Save persists the FilePVKey to its filePath.

type FilePVLastSignState

type FilePVLastSignState struct {
	Height    int64        `json:"height"`
	Round     int          `json:"round"`
	Step      int8         `json:"step"`
	Signature []byte       `json:"signature,omitempty"`
	SignBytes cmn.HexBytes `json:"signbytes,omitempty"`
	// contains filtered or unexported fields
}

FilePVLastSignState stores the mutable part of PrivValidator.

func (*FilePVLastSignState) CheckHRS

func (lss *FilePVLastSignState) CheckHRS(height int64, round int, step int8) (bool, error)

CheckHRS checks the given height, round, step (HRS) against that of the FilePVLastSignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. The returned boolean indicates whether the last Signature should be reused - it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.

func (*FilePVLastSignState) Save

func (lss *FilePVLastSignState) Save()

Save persists the FilePvLastSignState to its filePath.

type OldFilePV

type OldFilePV struct {
	Address       types.Address  `json:"address"`
	PubKey        crypto.PubKey  `json:"pub_key"`
	LastHeight    int64          `json:"last_height"`
	LastRound     int            `json:"last_round"`
	LastStep      int8           `json:"last_step"`
	LastSignature []byte         `json:"last_signature,omitempty"`
	LastSignBytes cmn.HexBytes   `json:"last_signbytes,omitempty"`
	PrivKey       crypto.PrivKey `json:"priv_key"`
	// contains filtered or unexported fields
}

OldFilePV is the old version of the FilePV, pre v0.28.0. Deprecated: Use FilePV instead.

func LoadOldFilePV

func LoadOldFilePV(filePath string) (*OldFilePV, error)

LoadOldFilePV loads an OldFilePV from the filePath.

func (*OldFilePV) Upgrade

func (oldFilePV *OldFilePV) Upgrade(keyFilePath, stateFilePath string) *FilePV

Upgrade convets the OldFilePV to the new FilePV, separating the immutable and mutable components, and persisting them to the keyFilePath and stateFilePath, respectively. It renames the original file by adding ".bak".

type PingRequest

type PingRequest struct {
}

PingRequest is a PrivValidatorSocket message to keep the connection alive.

type PingResponse

type PingResponse struct {
}

PingRequest is a PrivValidatorSocket response to keep the connection alive.

type PubKeyRequest

type PubKeyRequest struct{}

PubKeyRequest requests the consensus public key from the remote signer.

type PubKeyResponse

type PubKeyResponse struct {
	PubKey crypto.PubKey
	Error  *RemoteSignerError
}

PubKeyResponse is a PrivValidatorSocket message containing the public key.

type RemoteSignerError

type RemoteSignerError struct {
	// TODO(ismail): create an enum of known errors
	Code        int
	Description string
}

RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.

func (*RemoteSignerError) Error

func (e *RemoteSignerError) Error() string

type RemoteSignerMsg

type RemoteSignerMsg interface{}

RemoteSignerMsg is sent between SignerServiceEndpoint and the SignerServiceEndpoint client.

type SignProposalRequest

type SignProposalRequest struct {
	Proposal *types.Proposal
}

SignProposalRequest is a PrivValidatorSocket message containing a Proposal.

type SignVoteRequest

type SignVoteRequest struct {
	Vote *types.Vote
}

SignVoteRequest is a PrivValidatorSocket message containing a vote.

type SignedProposalResponse

type SignedProposalResponse struct {
	Proposal *types.Proposal
	Error    *RemoteSignerError
}

SignedProposalResponse is a PrivValidatorSocket message containing a proposal response

type SignedVoteResponse

type SignedVoteResponse struct {
	Vote  *types.Vote
	Error *RemoteSignerError
}

SignedVoteResponse is a PrivValidatorSocket message containing a signed vote along with a potenial error message.

type SignerRemote

type SignerRemote struct {
	// contains filtered or unexported fields
}

SignerRemote implements PrivValidator. It uses a net.Conn to request signatures from an external process.

func NewSignerRemote

func NewSignerRemote(conn net.Conn) (*SignerRemote, error)

NewSignerRemote returns an instance of SignerRemote.

func (*SignerRemote) Close

func (sc *SignerRemote) Close() error

Close calls Close on the underlying net.Conn.

func (*SignerRemote) GetPubKey

func (sc *SignerRemote) GetPubKey() crypto.PubKey

GetPubKey implements PrivValidator.

func (*SignerRemote) Ping

func (sc *SignerRemote) Ping() error

Ping is used to check connection health.

func (*SignerRemote) SignProposal

func (sc *SignerRemote) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal implements PrivValidator.

func (*SignerRemote) SignVote

func (sc *SignerRemote) SignVote(chainID string, vote *types.Vote) error

SignVote implements PrivValidator.

type SignerServiceEndpoint

type SignerServiceEndpoint struct {
	cmn.BaseService
	// contains filtered or unexported fields
}

SignerServiceEndpoint dials using its dialer and responds to any signature requests using its privVal.

func NewSignerServiceEndpoint

func NewSignerServiceEndpoint(
	logger log.Logger,
	chainID string,
	privVal types.PrivValidator,
	dialer SocketDialer,
) *SignerServiceEndpoint

NewSignerServiceEndpoint returns a SignerServiceEndpoint that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.

func (*SignerServiceEndpoint) OnStart

func (se *SignerServiceEndpoint) OnStart() error

OnStart implements cmn.Service.

func (*SignerServiceEndpoint) OnStop

func (se *SignerServiceEndpoint) OnStop()

OnStop implements cmn.Service.

type SignerServiceEndpointOption

type SignerServiceEndpointOption func(*SignerServiceEndpoint)

SignerServiceEndpointOption sets an optional parameter on the SignerServiceEndpoint.

func SignerServiceEndpointConnRetries

func SignerServiceEndpointConnRetries(retries int) SignerServiceEndpointOption

SignerServiceEndpointConnRetries sets the amount of attempted retries to connect.

func SignerServiceEndpointTimeoutReadWrite

func SignerServiceEndpointTimeoutReadWrite(timeout time.Duration) SignerServiceEndpointOption

SignerServiceEndpointTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type SignerValidatorEndpoint

type SignerValidatorEndpoint struct {
	cmn.BaseService
	// contains filtered or unexported fields
}

SocketVal implements PrivValidator. It listens for an external process to dial in and uses the socket to request signatures.

func NewSignerValidatorEndpoint

func NewSignerValidatorEndpoint(logger log.Logger, listener net.Listener) *SignerValidatorEndpoint

NewSignerValidatorEndpoint returns an instance of SignerValidatorEndpoint.

func (*SignerValidatorEndpoint) Close

func (ve *SignerValidatorEndpoint) Close()

Close closes the underlying net.Conn.

func (*SignerValidatorEndpoint) GetPubKey

func (ve *SignerValidatorEndpoint) GetPubKey() crypto.PubKey

GetPubKey implements PrivValidator.

func (*SignerValidatorEndpoint) OnStart

func (ve *SignerValidatorEndpoint) OnStart() error

OnStart implements cmn.Service.

func (*SignerValidatorEndpoint) OnStop

func (ve *SignerValidatorEndpoint) OnStop()

OnStop implements cmn.Service.

func (*SignerValidatorEndpoint) Ping

func (ve *SignerValidatorEndpoint) Ping() error

Ping is used to check connection health.

func (*SignerValidatorEndpoint) SignProposal

func (ve *SignerValidatorEndpoint) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal implements PrivValidator.

func (*SignerValidatorEndpoint) SignVote

func (ve *SignerValidatorEndpoint) SignVote(chainID string, vote *types.Vote) error

SignVote implements PrivValidator.

type SignerValidatorEndpointOption

type SignerValidatorEndpointOption func(*SignerValidatorEndpoint)

SignerValidatorEndpointOption sets an optional parameter on the SocketVal.

func SignerValidatorEndpointSetHeartbeat

func SignerValidatorEndpointSetHeartbeat(period time.Duration) SignerValidatorEndpointOption

SignerValidatorEndpointSetHeartbeat sets the period on which to check the liveness of the connected Signer connections.

type SocketDialer

type SocketDialer func() (net.Conn, error)

SocketDialer dials a remote address and returns a net.Conn or an error.

func DialTCPFn

func DialTCPFn(addr string, timeoutReadWrite time.Duration, privKey ed25519.PrivKeyEd25519) SocketDialer

DialTCPFn dials the given tcp addr, using the given timeoutReadWrite and privKey for the authenticated encryption handshake.

func DialUnixFn

func DialUnixFn(addr string) SocketDialer

DialUnixFn dials the given unix socket.

type TCPListenerOption

type TCPListenerOption func(*tcpListener)

TCPListenerOption sets an optional parameter on the tcpListener.

func TCPListenerTimeoutAccept

func TCPListenerTimeoutAccept(timeout time.Duration) TCPListenerOption

TCPListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.

func TCPListenerTimeoutReadWrite

func TCPListenerTimeoutReadWrite(timeout time.Duration) TCPListenerOption

TCPListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type UnixListenerOption

type UnixListenerOption func(*unixListener)

func UnixListenerTimeoutAccept

func UnixListenerTimeoutAccept(timeout time.Duration) UnixListenerOption

UnixListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.

func UnixListenerTimeoutReadWrite

func UnixListenerTimeoutReadWrite(timeout time.Duration) UnixListenerOption

UnixListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL