privval

package
v0.31.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package privval provides different implementations of the types.PrivValidator.

FilePV

FilePV is the simplest implementation and developer default. It uses one file for the private key and another to store state.

SignerValidatorEndpoint

SignerValidatorEndpoint establishes a connection to an external process, like a Key Management Server (KMS), using a socket. SignerValidatorEndpoint listens for the external KMS process to dial in. SignerValidatorEndpoint takes a listener, which determines the type of connection (ie. encrypted over tcp, or unencrypted over unix).

SignerServiceEndpoint

SignerServiceEndpoint is a simple wrapper around a net.Conn. It's used by both IPCVal and TCPVal.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrUnexpectedResponse = fmt.Errorf("received unexpected response")
	ErrConnTimeout        = fmt.Errorf("remote signer timed out")
)

Socket errors.

View Source 
var (
	ErrDialRetryMax = errors.New("dialed maximum retries")
)

Socket errors.

Functions

func IsConnTimeout 

func IsConnTimeout(err error) bool

IsConnTimeout returns a boolean indicating whether the error is known to report that a connection timeout occurred. This detects both fundamental network timeouts, as well as ErrConnTimeout errors.

func NewTCPListener 

func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener

NewTCPListener returns a listener that accepts authenticated encrypted connections using the given secretConnKey and the default timeout values.

func NewUnixListener 

func NewUnixListener(ln net.Listener) *unixListener

NewUnixListener returns a listener that accepts unencrypted connections using the default timeout values.

func RegisterRemoteSignerMsg 

func RegisterRemoteSignerMsg(cdc *amino.Codec)

Types

type FilePV 

type FilePV struct {
	Key           FilePVKey
	LastSignState FilePVLastSignState
}

FilePV implements PrivValidator using data persisted to disk to prevent double signing. NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist. It includes the LastSignature and LastSignBytes so we don't lose the signature if the process crashes after signing but before the resulting consensus message is processed.

func GenFilePV 

func GenFilePV(keyFilePath, stateFilePath string) *FilePV

GenFilePV generates a new validator with randomly generated private key and sets the filePaths, but does not call Save().

func LoadFilePV 

func LoadFilePV(keyFilePath, stateFilePath string) *FilePV

LoadFilePV loads a FilePV from the filePaths. The FilePV handles double signing prevention by persisting data to the stateFilePath. If either file path does not exist, the program will exit.

func LoadFilePVEmptyState 

func LoadFilePVEmptyState(keyFilePath, stateFilePath string) *FilePV

LoadFilePVEmptyState loads a FilePV from the given keyFilePath, with an empty LastSignState. If the keyFilePath does not exist, the program will exit.

func LoadOrGenFilePV 

func LoadOrGenFilePV(keyFilePath, stateFilePath string) *FilePV

LoadOrGenFilePV loads a FilePV from the given filePaths or else generates a new one and saves it to the filePaths.

func (*FilePV) GetAddress 

func (pv *FilePV) GetAddress() types.Address

GetAddress returns the address of the validator. Implements PrivValidator.

func (*FilePV) GetPubKey 

func (pv *FilePV) GetPubKey() crypto.PubKey

GetPubKey returns the public key of the validator. Implements PrivValidator.

func (*FilePV) Reset 

func (pv *FilePV) Reset()

Reset resets all fields in the FilePV. NOTE: Unsafe!

func (*FilePV) Save 

func (pv *FilePV) Save()

Save persists the FilePV to disk.

func (*FilePV) SignProposal 

func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal signs a canonical representation of the proposal, along with the chainID. Implements PrivValidator.

func (*FilePV) SignVote 

func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error

SignVote signs a canonical representation of the vote, along with the chainID. Implements PrivValidator.

func (*FilePV) String 

func (pv *FilePV) String() string

String returns a string representation of the FilePV.

type FilePVKey 

type FilePVKey struct {
	Address types.Address  `json:"address"`
	PubKey  crypto.PubKey  `json:"pub_key"`
	PrivKey crypto.PrivKey `json:"priv_key"`
	// contains filtered or unexported fields
}

FilePVKey stores the immutable part of PrivValidator.

func (FilePVKey) Save 

func (pvKey FilePVKey) Save()

Save persists the FilePVKey to its filePath.

type FilePVLastSignState 

type FilePVLastSignState struct {
	Height    int64        `json:"height"`
	Round     int          `json:"round"`
	Step      int8         `json:"step"`
	Signature []byte       `json:"signature,omitempty"`
	SignBytes cmn.HexBytes `json:"signbytes,omitempty"`
	// contains filtered or unexported fields
}

FilePVLastSignState stores the mutable part of PrivValidator.

func (*FilePVLastSignState) CheckHRS 

func (lss *FilePVLastSignState) CheckHRS(height int64, round int, step int8) (bool, error)

CheckHRS checks the given height, round, step (HRS) against that of the FilePVLastSignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. The returned boolean indicates whether the last Signature should be reused - it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.

func (*FilePVLastSignState) Save 

func (lss *FilePVLastSignState) Save()

Save persists the FilePvLastSignState to its filePath.

type OldFilePV 

type OldFilePV struct {
	Address       types.Address  `json:"address"`
	PubKey        crypto.PubKey  `json:"pub_key"`
	LastHeight    int64          `json:"last_height"`
	LastRound     int            `json:"last_round"`
	LastStep      int8           `json:"last_step"`
	LastSignature []byte         `json:"last_signature,omitempty"`
	LastSignBytes cmn.HexBytes   `json:"last_signbytes,omitempty"`
	PrivKey       crypto.PrivKey `json:"priv_key"`
	// contains filtered or unexported fields
}

OldFilePV is the old version of the FilePV, pre v0.28.0. Deprecated: Use FilePV instead.

func LoadOldFilePV 

func LoadOldFilePV(filePath string) (*OldFilePV, error)

LoadOldFilePV loads an OldFilePV from the filePath.

func (*OldFilePV) Upgrade 

func (oldFilePV *OldFilePV) Upgrade(keyFilePath, stateFilePath string) *FilePV

Upgrade convets the OldFilePV to the new FilePV, separating the immutable and mutable components, and persisting them to the keyFilePath and stateFilePath, respectively. It renames the original file by adding ".bak".

type PingRequest 

type PingRequest struct {
}

PingRequest is a PrivValidatorSocket message to keep the connection alive.

type PingResponse 

type PingResponse struct {
}

PingRequest is a PrivValidatorSocket response to keep the connection alive.

type PubKeyRequest 

type PubKeyRequest struct{}

PubKeyRequest requests the consensus public key from the remote signer.

type PubKeyResponse 

type PubKeyResponse struct {
	PubKey crypto.PubKey
	Error  *RemoteSignerError
}

PubKeyResponse is a PrivValidatorSocket message containing the public key.

type RemoteSignerError 

type RemoteSignerError struct {
	// TODO(ismail): create an enum of known errors
	Code        int
	Description string
}

RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.

func (*RemoteSignerError) Error 

func (e *RemoteSignerError) Error() string

type RemoteSignerMsg 

type RemoteSignerMsg interface{}

RemoteSignerMsg is sent between SignerServiceEndpoint and the SignerServiceEndpoint client.

type SignProposalRequest 

type SignProposalRequest struct {
	Proposal *types.Proposal
}

SignProposalRequest is a PrivValidatorSocket message containing a Proposal.

type SignVoteRequest 

type SignVoteRequest struct {
	Vote *types.Vote
}

SignVoteRequest is a PrivValidatorSocket message containing a vote.

type SignedProposalResponse 

type SignedProposalResponse struct {
	Proposal *types.Proposal
	Error    *RemoteSignerError
}

SignedProposalResponse is a PrivValidatorSocket message containing a proposal response

type SignedVoteResponse 

type SignedVoteResponse struct {
	Vote  *types.Vote
	Error *RemoteSignerError
}

SignedVoteResponse is a PrivValidatorSocket message containing a signed vote along with a potenial error message.

type SignerRemote 

type SignerRemote struct {
	// contains filtered or unexported fields
}

SignerRemote implements PrivValidator. It uses a net.Conn to request signatures from an external process.

func NewSignerRemote 

func NewSignerRemote(conn net.Conn) (*SignerRemote, error)

NewSignerRemote returns an instance of SignerRemote.

func (*SignerRemote) Close 

func (sc *SignerRemote) Close() error

Close calls Close on the underlying net.Conn.

func (*SignerRemote) GetPubKey 

func (sc *SignerRemote) GetPubKey() crypto.PubKey

GetPubKey implements PrivValidator.

func (*SignerRemote) Ping 

func (sc *SignerRemote) Ping() error

Ping is used to check connection health.

func (*SignerRemote) SignProposal 

func (sc *SignerRemote) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal implements PrivValidator.

func (*SignerRemote) SignVote 

func (sc *SignerRemote) SignVote(chainID string, vote *types.Vote) error

SignVote implements PrivValidator.

type SignerServiceEndpoint 

type SignerServiceEndpoint struct {
	cmn.BaseService
	// contains filtered or unexported fields
}

SignerServiceEndpoint dials using its dialer and responds to any signature requests using its privVal.

func NewSignerServiceEndpoint 

func NewSignerServiceEndpoint(
	logger log.Logger,
	chainID string,
	privVal types.PrivValidator,
	dialer SocketDialer,
) *SignerServiceEndpoint

NewSignerServiceEndpoint returns a SignerServiceEndpoint that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.

func (*SignerServiceEndpoint) OnStart 

func (se *SignerServiceEndpoint) OnStart() error

OnStart implements cmn.Service.

func (*SignerServiceEndpoint) OnStop 

func (se *SignerServiceEndpoint) OnStop()

OnStop implements cmn.Service.

type SignerServiceEndpointOption 

type SignerServiceEndpointOption func(*SignerServiceEndpoint)

SignerServiceEndpointOption sets an optional parameter on the SignerServiceEndpoint.

func SignerServiceEndpointConnRetries 

func SignerServiceEndpointConnRetries(retries int) SignerServiceEndpointOption

SignerServiceEndpointConnRetries sets the amount of attempted retries to connect.

func SignerServiceEndpointTimeoutReadWrite 

func SignerServiceEndpointTimeoutReadWrite(timeout time.Duration) SignerServiceEndpointOption

SignerServiceEndpointTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type SignerValidatorEndpoint 

type SignerValidatorEndpoint struct {
	cmn.BaseService
	// contains filtered or unexported fields
}

SocketVal implements PrivValidator. It listens for an external process to dial in and uses the socket to request signatures.

func NewSignerValidatorEndpoint 

func NewSignerValidatorEndpoint(logger log.Logger, listener net.Listener) *SignerValidatorEndpoint

NewSignerValidatorEndpoint returns an instance of SignerValidatorEndpoint.

func (*SignerValidatorEndpoint) Close 

func (ve *SignerValidatorEndpoint) Close()

Close closes the underlying net.Conn.

func (*SignerValidatorEndpoint) GetPubKey 

func (ve *SignerValidatorEndpoint) GetPubKey() crypto.PubKey

GetPubKey implements PrivValidator.

func (*SignerValidatorEndpoint) OnStart 

func (ve *SignerValidatorEndpoint) OnStart() error

OnStart implements cmn.Service.

func (*SignerValidatorEndpoint) OnStop 

func (ve *SignerValidatorEndpoint) OnStop()

OnStop implements cmn.Service.

func (*SignerValidatorEndpoint) Ping 

func (ve *SignerValidatorEndpoint) Ping() error

Ping is used to check connection health.

func (*SignerValidatorEndpoint) SignProposal 

func (ve *SignerValidatorEndpoint) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal implements PrivValidator.

func (*SignerValidatorEndpoint) SignVote 

func (ve *SignerValidatorEndpoint) SignVote(chainID string, vote *types.Vote) error

SignVote implements PrivValidator.

type SignerValidatorEndpointOption 

type SignerValidatorEndpointOption func(*SignerValidatorEndpoint)

SignerValidatorEndpointOption sets an optional parameter on the SocketVal.

func SignerValidatorEndpointSetHeartbeat 

func SignerValidatorEndpointSetHeartbeat(period time.Duration) SignerValidatorEndpointOption

SignerValidatorEndpointSetHeartbeat sets the period on which to check the liveness of the connected Signer connections.

type SocketDialer 

type SocketDialer func() (net.Conn, error)

SocketDialer dials a remote address and returns a net.Conn or an error.

func DialTCPFn 

func DialTCPFn(addr string, timeoutReadWrite time.Duration, privKey ed25519.PrivKeyEd25519) SocketDialer

DialTCPFn dials the given tcp addr, using the given timeoutReadWrite and privKey for the authenticated encryption handshake.

func DialUnixFn 

func DialUnixFn(addr string) SocketDialer

DialUnixFn dials the given unix socket.

type TCPListenerOption 

type TCPListenerOption func(*tcpListener)

TCPListenerOption sets an optional parameter on the tcpListener.

func TCPListenerTimeoutAccept 

func TCPListenerTimeoutAccept(timeout time.Duration) TCPListenerOption

TCPListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.

func TCPListenerTimeoutReadWrite 

func TCPListenerTimeoutReadWrite(timeout time.Duration) TCPListenerOption

TCPListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type UnixListenerOption 

type UnixListenerOption func(*unixListener)

func UnixListenerTimeoutAccept 

func UnixListenerTimeoutAccept(timeout time.Duration) UnixListenerOption

UnixListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.

func UnixListenerTimeoutReadWrite 

func UnixListenerTimeoutReadWrite(timeout time.Duration) UnixListenerOption

UnixListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.