Skip to content

Commit

Permalink
Watermark order issue (#385)
Browse files Browse the repository at this point in the history
* watermark order is gone, watermark v2 is introduced

* Edo block blobs removed from unit tests

* fix watermark integration tests in resolving order issue

---------

Co-authored-by: stephengaudet <[email protected]>
  • Loading branch information
e-asphyx and stephengaudet authored Jul 6, 2023
1 parent 7d22b8d commit 11d91a4
Show file tree
Hide file tree
Showing 16 changed files with 549 additions and 609 deletions.
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ dist
.release-env
.env
.docker-creds
signatory
signatory-cli
./signatory
./signatory-cli
.DS_Store

# some integration_tests write secret env var to files
integration_test/gcp-token.json
Expand Down
2 changes: 1 addition & 1 deletion cmd/approve-list-svc/server/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func testServer(t *testing.T, addr []net.IP) error {
s, err := signatory.New(context.Background(), &conf)
require.NoError(t, err)

msg, _ := hex.DecodeString("019caecab9000753d3029bc7d9a36b60cce68ade985a0a16929587166e0d3de61efff2fa31b7116bf670000000005ee3c23b04519d71c4e54089c56773c44979b3ba3d61078ade40332ad81577ae074f653e0e0000001100000001010000000800000000000753d2da051ba81185783e4cbc633cf2ba809139ef07c3e5f6c5867f930e7667b224430000cde7fbbb948e030000")
msg, _ := hex.DecodeString("11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000")
_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: signKeyHash, Message: msg, Source: net.IPv6loopback})
return err
}
Expand Down
7 changes: 6 additions & 1 deletion cmd/commands/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,11 +78,16 @@ func NewRootCommand(c *Context, name string) *cobra.Command {
return err
}

watermark, err := signatory.NewFileWatermark(baseDir)
if err != nil {
return err
}

sigConf := signatory.Config{
Policy: pol,
Vaults: conf.Vaults,
Interceptor: metrics.Interceptor,
Watermark: &signatory.FileWatermark{BaseDir: baseDir},
Watermark: watermark,
}

if conf.PolicyHook != nil && conf.PolicyHook.Address != "" {
Expand Down
4 changes: 4 additions & 0 deletions integration_test/.watermarks/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Ignore everything in this directory
*
# Except this file
!.gitignore
2 changes: 2 additions & 0 deletions integration_test/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ services:
- "9583:9583"
networks:
- ecadnet
volumes:
- ./.watermarks:/var/lib/signatory
configs:
- source: sigy-config
target: /etc/signatory.yaml
Expand Down
139 changes: 54 additions & 85 deletions integration_test/watermark_test.go

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions pkg/signatory/policy_hook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ func testPolicyHookAuth(t *testing.T, status int) error {
s, err := signatory.New(context.Background(), &conf)
require.NoError(t, err)

msg := mustHex("019caecab9000753d3029bc7d9a36b60cce68ade985a0a16929587166e0d3de61efff2fa31b7116bf670000000005ee3c23b04519d71c4e54089c56773c44979b3ba3d61078ade40332ad81577ae074f653e0e0000001100000001010000000800000000000753d2da051ba81185783e4cbc633cf2ba809139ef07c3e5f6c5867f930e7667b224430000cde7fbbb948e030000")
msg := mustHex("11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000")
_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: signKeyHash, Message: msg})
return err
}
Expand Down Expand Up @@ -156,7 +156,7 @@ func testPolicyHook(t *testing.T, status int) error {
s, err := signatory.New(context.Background(), &conf)
require.NoError(t, err)

msg := mustHex("019caecab9000753d3029bc7d9a36b60cce68ade985a0a16929587166e0d3de61efff2fa31b7116bf670000000005ee3c23b04519d71c4e54089c56773c44979b3ba3d61078ade40332ad81577ae074f653e0e0000001100000001010000000800000000000753d2da051ba81185783e4cbc633cf2ba809139ef07c3e5f6c5867f930e7667b224430000cde7fbbb948e030000")
msg := mustHex("11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000")
_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: signKeyHash, Message: msg})
return err
}
Expand Down
165 changes: 33 additions & 132 deletions pkg/signatory/request/request.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,43 +11,37 @@ type SignRequest interface {
RequestKind() string
}

type EmmyBlockRequest struct {
Chain *tz.ChainID
BlockHeader protocol.ShellHeader
}

func (*EmmyBlockRequest) RequestKind() string { return "block" }

type TenderbakeBlockRequest struct {
type BlockRequest struct {
Chain *tz.ChainID
BlockHeader protocol.TenderbakeBlockHeader
}

func (*TenderbakeBlockRequest) RequestKind() string { return "block" }

type EmmyEndorsementRequest struct {
Chain *tz.ChainID
Branch *tz.BlockHash
Operation protocol.InlinedEmmyEndorsementContents
}

func (*EmmyEndorsementRequest) RequestKind() string { return "endorsement" }
func (*BlockRequest) RequestKind() string { return "block" }
func (r *BlockRequest) GetChainID() *tz.ChainID { return r.Chain }
func (r *BlockRequest) GetLevel() int32 { return r.BlockHeader.Level }
func (r *BlockRequest) GetRound() int32 { return r.BlockHeader.PayloadRound }

type PreendorsementRequest struct {
Chain *tz.ChainID
Branch *tz.BlockHash
Operation protocol.InlinedPreendorsementContents
}

func (*PreendorsementRequest) RequestKind() string { return "preendorsement" }
func (*PreendorsementRequest) RequestKind() string { return "preendorsement" }
func (r *PreendorsementRequest) GetChainID() *tz.ChainID { return r.Chain }
func (r *PreendorsementRequest) GetLevel() int32 { return r.Operation.(*protocol.Preendorsement).Level }
func (r *PreendorsementRequest) GetRound() int32 { return r.Operation.(*protocol.Preendorsement).Round }

type EndorsementRequest struct {
Chain *tz.ChainID
Branch *tz.BlockHash
Operation protocol.InlinedEndorsementContents
}

func (*EndorsementRequest) RequestKind() string { return "endorsement" }
func (*EndorsementRequest) RequestKind() string { return "endorsement" }
func (r *EndorsementRequest) GetChainID() *tz.ChainID { return r.Chain }
func (r *EndorsementRequest) GetLevel() int32 { return r.Operation.(*protocol.Endorsement).Level }
func (r *EndorsementRequest) GetRound() int32 { return r.Operation.(*protocol.Endorsement).Round }

type GenericOperationRequest struct {
Branch *tz.BlockHash
Expand All @@ -59,10 +53,8 @@ func (*GenericOperationRequest) RequestKind() string { return "generic" }
func init() {
encoding.RegisterEnum(&encoding.Enum[SignRequest]{
Variants: encoding.Variants[SignRequest]{
0x01: (*EmmyBlockRequest)(nil),
0x02: (*EmmyEndorsementRequest)(nil),
0x03: (*GenericOperationRequest)(nil),
0x11: (*TenderbakeBlockRequest)(nil),
0x11: (*BlockRequest)(nil),
0x12: (*PreendorsementRequest)(nil),
0x13: (*EndorsementRequest)(nil),
},
Expand All @@ -71,131 +63,40 @@ func init() {

type WithWatermark interface {
SignRequest
Watermark() *Watermark
}

const (
WmOrderDefault = iota
WmOrderPreendorsement
WmOrderEndorsement
)

type Level struct {
Level int32 `json:"level"`
Round tz.Option[int32] `json:"round"`
}

func (l *Level) Cmp(other *Level) tz.Option[int] {
if l.Round.IsNone() && other.Round.IsSome() {
return tz.None[int]()
}

if d := l.Level - other.Level; d == 0 {
switch {
case l.Round.IsSome() && other.Round.IsSome():
return tz.Some(int(l.Round.Unwrap() - other.Round.Unwrap()))
case l.Round.IsSome() && other.Round.IsNone():
return tz.Some(1)
default:
return tz.Some(0)
}
} else {
return tz.Some(int(d))
}
GetChainID() *tz.ChainID
GetLevel() int32
GetRound() int32
}

type Watermark struct {
Level
Chain *tz.ChainID
Order int
}

type StoredWatermark struct {
Level
Order int `json:"order"`
Level int32 `json:"level"`
Round int32 `json:"round"`
Hash tz.Option[tz.BlockPayloadHash] `json:"hash"`
}

func (w *Watermark) Stored(hash *crypt.Digest) *StoredWatermark {
wm := StoredWatermark{
Level: w.Level,
Order: w.Order,
}
if hash != nil {
var h tz.BlockPayloadHash
copy(h[:], hash[:])
wm.Hash = tz.Some(h)
}
return &wm
}

func (w *Watermark) Validate(stored *StoredWatermark, hash *crypt.Digest) bool {
if hash != nil && stored.Hash.IsSome() && *(*tz.BlockPayloadHash)(hash) == stored.Hash.Unwrap() {
return true
}
c := w.Level.Cmp(&stored.Level)
return c.IsSome() && (c.Unwrap() > 0 || c.Unwrap() == 0 && w.Order > stored.Order)
}

func (r *EmmyBlockRequest) Watermark() *Watermark {
return &Watermark{
Chain: r.Chain,
Level: Level{
Level: r.BlockHeader.Level,
Round: tz.None[int32](),
},
Order: WmOrderDefault,
}
}

func (r *TenderbakeBlockRequest) Watermark() *Watermark {
return &Watermark{
Chain: r.Chain,
Level: Level{
Level: r.BlockHeader.Level,
Round: tz.Some(r.BlockHeader.PayloadRound),
},
Order: WmOrderDefault,
}
}

func (r *EmmyEndorsementRequest) Watermark() *Watermark {
func NewWatermark(req WithWatermark, hash *crypt.Digest) *Watermark {
return &Watermark{
Chain: r.Chain,
Level: Level{
Level: r.Operation.(*protocol.EmmyEndorsement).Level,
Round: tz.None[int32](),
},
Order: WmOrderEndorsement,
Level: req.GetLevel(),
Round: req.GetRound(),
Hash: tz.Some((tz.BlockPayloadHash)(*hash)),
}
}

func (r *PreendorsementRequest) Watermark() *Watermark {
return &Watermark{
Chain: r.Chain,
Level: Level{
Level: r.Operation.(*protocol.Preendorsement).Level,
Round: tz.Some(r.Operation.(*protocol.Preendorsement).Round),
},
Order: WmOrderPreendorsement,
func (l *Watermark) Validate(stored *Watermark) bool {
if l.Hash.IsSome() && stored.Hash.IsSome() && l.Hash.Unwrap() == stored.Hash.Unwrap() {
return true
}
}

func (r *EndorsementRequest) Watermark() *Watermark {
return &Watermark{
Chain: r.Chain,
Level: Level{
Level: r.Operation.(*protocol.Endorsement).Level,
Round: tz.Some(r.Operation.(*protocol.Endorsement).Round),
},
Order: WmOrderEndorsement,
var diff int32
if d := l.Level - stored.Level; d == 0 {
diff = l.Round - stored.Round
} else {
diff = d
}
return diff > 0
}

var (
_ WithWatermark = (*EmmyBlockRequest)(nil)
_ WithWatermark = (*EmmyEndorsementRequest)(nil)
_ WithWatermark = (*TenderbakeBlockRequest)(nil)
_ WithWatermark = (*BlockRequest)(nil)
_ WithWatermark = (*PreendorsementRequest)(nil)
_ WithWatermark = (*EndorsementRequest)(nil)
)
2 changes: 1 addition & 1 deletion pkg/signatory/request/request_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func TestSignRequest(t *testing.T) {
{
title: "block",
src: "11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000",
expect: &TenderbakeBlockRequest{
expect: &BlockRequest{
Chain: &tz.ChainID{0xed, 0x9d, 0x21, 0x7c},
BlockHeader: proto.TenderbakeBlockHeader{
ShellHeader: proto.ShellHeader{
Expand Down
Loading

0 comments on commit 11d91a4

Please sign in to comment.