node: add disableHeartbeatVerify flag
During network boot, the guardian set is empty and we temporarily need this flag to figure out everyone's status. Change-Id: I8ba23848310837080ae845d55ece5d3818181b98
This commit is contained in:
parent
95c752247b
commit
8cee72ba9c
|
@ -80,6 +80,8 @@ var (
|
||||||
publicRPC *string
|
publicRPC *string
|
||||||
publicREST *string
|
publicREST *string
|
||||||
|
|
||||||
|
disableHeartbeatVerify *bool
|
||||||
|
|
||||||
bigTablePersistenceEnabled *bool
|
bigTablePersistenceEnabled *bool
|
||||||
bigTableGCPProject *string
|
bigTableGCPProject *string
|
||||||
bigTableInstanceName *string
|
bigTableInstanceName *string
|
||||||
|
@ -126,6 +128,9 @@ func init() {
|
||||||
publicRPC = BridgeCmd.Flags().String("publicRPC", "", "Listen address for public gRPC interface")
|
publicRPC = BridgeCmd.Flags().String("publicRPC", "", "Listen address for public gRPC interface")
|
||||||
publicREST = BridgeCmd.Flags().String("publicREST", "", "Listen address for public REST interface")
|
publicREST = BridgeCmd.Flags().String("publicREST", "", "Listen address for public REST interface")
|
||||||
|
|
||||||
|
disableHeartbeatVerify = BridgeCmd.Flags().Bool("disableHeartbeatVerify", false,
|
||||||
|
"Disable heartbeat signature verification (useful during network startup)")
|
||||||
|
|
||||||
bigTablePersistenceEnabled = BridgeCmd.Flags().Bool("bigTablePersistenceEnabled", false, "Turn on forwarding events to BigTable")
|
bigTablePersistenceEnabled = BridgeCmd.Flags().Bool("bigTablePersistenceEnabled", false, "Turn on forwarding events to BigTable")
|
||||||
bigTableGCPProject = BridgeCmd.Flags().String("bigTableGCPProject", "", "Google Cloud project ID for storing events")
|
bigTableGCPProject = BridgeCmd.Flags().String("bigTableGCPProject", "", "Google Cloud project ID for storing events")
|
||||||
bigTableInstanceName = BridgeCmd.Flags().String("bigTableInstanceName", "", "BigTable instance name for storing events")
|
bigTableInstanceName = BridgeCmd.Flags().String("bigTableInstanceName", "", "BigTable instance name for storing events")
|
||||||
|
@ -440,7 +445,7 @@ func runBridge(cmd *cobra.Command, args []string) {
|
||||||
// Run supervisor.
|
// Run supervisor.
|
||||||
supervisor.New(rootCtx, logger, func(ctx context.Context) error {
|
supervisor.New(rootCtx, logger, func(ctx context.Context) error {
|
||||||
if err := supervisor.Run(ctx, "p2p", p2p.Run(
|
if err := supervisor.Run(ctx, "p2p", p2p.Run(
|
||||||
obsvC, sendC, rawHeartbeatListeners, priv, gk, gst, *p2pPort, *p2pNetworkID, *p2pBootstrap, *nodeName, rootCtxCancel)); err != nil {
|
obsvC, sendC, rawHeartbeatListeners, priv, gk, gst, *p2pPort, *p2pNetworkID, *p2pBootstrap, *nodeName, *disableHeartbeatVerify, rootCtxCancel)); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ func heartbeatDigest(b []byte) common.Hash {
|
||||||
return ethcrypto.Keccak256Hash(append(heartbeatMessagePrefix, b...))
|
return ethcrypto.Keccak256Hash(append(heartbeatMessagePrefix, b...))
|
||||||
}
|
}
|
||||||
|
|
||||||
func Run(obsvC chan *gossipv1.SignedObservation, sendC chan []byte, rawHeartbeatListeners *publicrpc.RawHeartbeatConns, priv crypto.PrivKey, gk *ecdsa.PrivateKey, gst *bridge_common.GuardianSetState, port uint, networkID string, bootstrapPeers string, nodeName string, rootCtxCancel context.CancelFunc) func(ctx context.Context) error {
|
func Run(obsvC chan *gossipv1.SignedObservation, sendC chan []byte, rawHeartbeatListeners *publicrpc.RawHeartbeatConns, priv crypto.PrivKey, gk *ecdsa.PrivateKey, gst *bridge_common.GuardianSetState, port uint, networkID string, bootstrapPeers string, nodeName string, disableHeartbeatVerify bool, rootCtxCancel context.CancelFunc) func(ctx context.Context) error {
|
||||||
return func(ctx context.Context) (re error) {
|
return func(ctx context.Context) (re error) {
|
||||||
logger := supervisor.Logger(ctx)
|
logger := supervisor.Logger(ctx)
|
||||||
|
|
||||||
|
@ -301,7 +301,7 @@ func Run(obsvC chan *gossipv1.SignedObservation, sendC chan []byte, rawHeartbeat
|
||||||
zap.String("from", envelope.GetFrom().String()))
|
zap.String("from", envelope.GetFrom().String()))
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
if heartbeat, err := processSignedHeartbeat(s, gs, gst); err != nil {
|
if heartbeat, err := processSignedHeartbeat(s, gs, gst, disableHeartbeatVerify); err != nil {
|
||||||
p2pMessagesReceived.WithLabelValues("invalid_heartbeat").Inc()
|
p2pMessagesReceived.WithLabelValues("invalid_heartbeat").Inc()
|
||||||
logger.Warn("invalid signed heartbeat received",
|
logger.Warn("invalid signed heartbeat received",
|
||||||
zap.Error(err),
|
zap.Error(err),
|
||||||
|
@ -330,15 +330,18 @@ func Run(obsvC chan *gossipv1.SignedObservation, sendC chan []byte, rawHeartbeat
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func processSignedHeartbeat(s *gossipv1.SignedHeartbeat, gs *bridge_common.GuardianSet, gst *bridge_common.GuardianSetState) (*gossipv1.Heartbeat, error) {
|
func processSignedHeartbeat(s *gossipv1.SignedHeartbeat, gs *bridge_common.GuardianSet, gst *bridge_common.GuardianSetState, disableVerify bool) (*gossipv1.Heartbeat, error) {
|
||||||
envelopeAddr := common.BytesToAddress(s.GuardianAddr)
|
envelopeAddr := common.BytesToAddress(s.GuardianAddr)
|
||||||
idx, ok := gs.KeyIndex(envelopeAddr)
|
idx, ok := gs.KeyIndex(envelopeAddr)
|
||||||
|
var pk common.Address
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("invalid message: %s not in guardian set", envelopeAddr)
|
if !disableVerify {
|
||||||
|
return nil, fmt.Errorf("invalid message: %s not in guardian set", envelopeAddr)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
pk = gs.Keys[idx]
|
||||||
}
|
}
|
||||||
|
|
||||||
pk := gs.Keys[idx]
|
|
||||||
|
|
||||||
digest := heartbeatDigest(s.Heartbeat)
|
digest := heartbeatDigest(s.Heartbeat)
|
||||||
|
|
||||||
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
|
pubKey, err := ethcrypto.Ecrecover(digest.Bytes(), s.Signature)
|
||||||
|
@ -347,7 +350,7 @@ func processSignedHeartbeat(s *gossipv1.SignedHeartbeat, gs *bridge_common.Guard
|
||||||
}
|
}
|
||||||
|
|
||||||
signerAddr := common.BytesToAddress(ethcrypto.Keccak256(pubKey[1:])[12:])
|
signerAddr := common.BytesToAddress(ethcrypto.Keccak256(pubKey[1:])[12:])
|
||||||
if pk != signerAddr {
|
if pk != signerAddr && !disableVerify {
|
||||||
return nil, fmt.Errorf("invalid signer: %v", signerAddr)
|
return nil, fmt.Errorf("invalid signer: %v", signerAddr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue