Handle Crytpo failures in Ibft, Clique, discovery and Handshaking (#831)

IbftRound has been updated to accept Signing errors (eg no signature supplier available) and
continue operating if possible.

This also catches failures in signing and ECDH Key agreement
creation during discovery and handshaking.

Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
pull/850/head
Trent Mohay 5 years ago committed by GitHub
parent 8a6f34913f
commit 0917f8905a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 183
      consensus/ibft/src/integration-test/java/org/hyperledger/besu/consensus/ibft/tests/round/IbftRoundIntegrationTest.java
  2. 51
      consensus/ibft/src/main/java/org/hyperledger/besu/consensus/ibft/network/IbftMessageTransmitter.java
  3. 1
      consensus/ibft/src/main/java/org/hyperledger/besu/consensus/ibft/payload/MessageFactory.java
  4. 20
      consensus/ibft/src/main/java/org/hyperledger/besu/consensus/ibft/statemachine/IbftBlockHeightManager.java
  5. 2
      consensus/ibft/src/main/java/org/hyperledger/besu/consensus/ibft/statemachine/IbftController.java
  6. 68
      consensus/ibft/src/main/java/org/hyperledger/besu/consensus/ibft/statemachine/IbftRound.java
  7. 38
      consensus/ibft/src/test/java/org/hyperledger/besu/consensus/ibft/statemachine/IbftRoundTest.java
  8. 5
      ethereum/blockcreation/src/main/java/org/hyperledger/besu/ethereum/blockcreation/AbstractBlockCreator.java
  9. 30
      ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/handshake/ecies/ECIESHandshaker.java
  10. 2
      ethereum/referencetests/src/test/resources

@ -0,0 +1,183 @@
/*
* Copyright ConsenSys AG.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
*/
package org.hyperledger.besu.consensus.ibft.tests.round;
import static java.util.Collections.emptyList;
import static java.util.Optional.empty;
import static org.assertj.core.api.Assertions.assertThat;
import static org.hyperledger.besu.consensus.ibft.IbftContextBuilder.setupContextWithValidators;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.when;
import org.hyperledger.besu.consensus.ibft.ConsensusRoundIdentifier;
import org.hyperledger.besu.consensus.ibft.IbftContext;
import org.hyperledger.besu.consensus.ibft.IbftExtraData;
import org.hyperledger.besu.consensus.ibft.RoundTimer;
import org.hyperledger.besu.consensus.ibft.blockcreation.IbftBlockCreator;
import org.hyperledger.besu.consensus.ibft.network.IbftMessageTransmitter;
import org.hyperledger.besu.consensus.ibft.payload.MessageFactory;
import org.hyperledger.besu.consensus.ibft.statemachine.IbftRound;
import org.hyperledger.besu.consensus.ibft.statemachine.RoundState;
import org.hyperledger.besu.consensus.ibft.support.StubValidatorMulticaster;
import org.hyperledger.besu.consensus.ibft.validation.MessageValidator;
import org.hyperledger.besu.crypto.NodeKey;
import org.hyperledger.besu.crypto.NodeKeyUtils;
import org.hyperledger.besu.crypto.SECP256K1.Signature;
import org.hyperledger.besu.ethereum.ProtocolContext;
import org.hyperledger.besu.ethereum.chain.MinedBlockObserver;
import org.hyperledger.besu.ethereum.chain.MutableBlockchain;
import org.hyperledger.besu.ethereum.core.Block;
import org.hyperledger.besu.ethereum.core.BlockBody;
import org.hyperledger.besu.ethereum.core.BlockHeader;
import org.hyperledger.besu.ethereum.core.BlockHeaderTestFixture;
import org.hyperledger.besu.ethereum.core.BlockImporter;
import org.hyperledger.besu.ethereum.core.Hash;
import org.hyperledger.besu.ethereum.worldstate.WorldStateArchive;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import org.hyperledger.besu.util.Subscribers;
import java.math.BigInteger;
import java.util.Optional;
import org.apache.tuweni.bytes.Bytes;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
@RunWith(MockitoJUnitRunner.class)
public class IbftRoundIntegrationTest {
private final MessageFactory peerMessageFactory = new MessageFactory(NodeKeyUtils.generate());
private final ConsensusRoundIdentifier roundIdentifier = new ConsensusRoundIdentifier(1, 0);
private final Subscribers<MinedBlockObserver> subscribers = Subscribers.create();
private ProtocolContext<IbftContext> protocolContext;
@Mock private MutableBlockchain blockChain;
@Mock private WorldStateArchive worldStateArchive;
@Mock private BlockImporter<IbftContext> blockImporter;
@Mock private IbftBlockCreator blockCreator;
@Mock private MessageValidator messageValidator;
@Mock private RoundTimer roundTimer;
@Mock private NodeKey nodeKey;
private MessageFactory throwingMessageFactory;
private IbftMessageTransmitter transmitter;
@Mock private StubValidatorMulticaster multicaster;
private Block proposedBlock;
private final Signature remoteCommitSeal =
Signature.create(BigInteger.ONE, BigInteger.ONE, (byte) 1);
@Before
public void setup() {
protocolContext =
new ProtocolContext<>(
blockChain, worldStateArchive, setupContextWithValidators(emptyList()));
when(messageValidator.validateProposal(any())).thenReturn(true);
when(messageValidator.validatePrepare(any())).thenReturn(true);
when(messageValidator.validateCommit(any())).thenReturn(true);
when(nodeKey.sign(any())).thenThrow(new SecurityModuleException("Hsm Is Down"));
throwingMessageFactory = new MessageFactory(nodeKey);
transmitter = new IbftMessageTransmitter(throwingMessageFactory, multicaster);
IbftExtraData proposedExtraData =
new IbftExtraData(Bytes.wrap(new byte[32]), emptyList(), empty(), 0, emptyList());
final BlockHeaderTestFixture headerTestFixture = new BlockHeaderTestFixture();
headerTestFixture.extraData(proposedExtraData.encode());
headerTestFixture.number(1);
final BlockHeader header = headerTestFixture.buildHeader();
proposedBlock = new Block(header, new BlockBody(emptyList(), emptyList()));
when(blockImporter.importBlock(any(), any(), any())).thenReturn(true);
}
@Test
public void signingFailsOnReceiptOfProposalUpdatesRoundButTransmitsNothing() {
final int QUORUM_SIZE = 1;
final RoundState roundState = new RoundState(roundIdentifier, QUORUM_SIZE, messageValidator);
final IbftRound round =
new IbftRound(
roundState,
blockCreator,
protocolContext,
blockImporter,
subscribers,
nodeKey,
throwingMessageFactory,
transmitter,
roundTimer);
round.handleProposalMessage(
peerMessageFactory.createProposal(roundIdentifier, proposedBlock, Optional.empty()));
assertThat(roundState.getProposedBlock()).isNotEmpty();
assertThat(roundState.isPrepared()).isTrue();
assertThat(roundState.isCommitted()).isFalse();
verifyNoInteractions(multicaster);
}
@Test
public void failuresToSignStillAllowBlockToBeImported() {
final int QUORUM_SIZE = 2;
final RoundState roundState = new RoundState(roundIdentifier, QUORUM_SIZE, messageValidator);
final IbftRound round =
new IbftRound(
roundState,
blockCreator,
protocolContext,
blockImporter,
subscribers,
nodeKey,
throwingMessageFactory,
transmitter,
roundTimer);
// inject a block first, then a prepare on it.
round.handleProposalMessage(
peerMessageFactory.createProposal(roundIdentifier, proposedBlock, Optional.empty()));
assertThat(roundState.getProposedBlock()).isNotEmpty();
assertThat(roundState.isPrepared()).isFalse();
assertThat(roundState.isCommitted()).isFalse();
round.handlePrepareMessage(peerMessageFactory.createPrepare(roundIdentifier, Hash.EMPTY));
assertThat(roundState.getProposedBlock()).isNotEmpty();
assertThat(roundState.isPrepared()).isTrue();
assertThat(roundState.isCommitted()).isFalse();
verifyNoInteractions(multicaster);
round.handleCommitMessage(
peerMessageFactory.createCommit(roundIdentifier, Hash.EMPTY, remoteCommitSeal));
assertThat(roundState.isCommitted()).isFalse();
verifyNoInteractions(multicaster);
round.handleCommitMessage(
peerMessageFactory.createCommit(roundIdentifier, Hash.EMPTY, remoteCommitSeal));
assertThat(roundState.isCommitted()).isTrue();
verifyNoInteractions(multicaster);
verify(blockImporter).importBlock(any(), any(), any());
}
}

@ -29,11 +29,17 @@ import org.hyperledger.besu.consensus.ibft.statemachine.PreparedRoundArtifacts;
import org.hyperledger.besu.crypto.SECP256K1.Signature; import org.hyperledger.besu.crypto.SECP256K1.Signature;
import org.hyperledger.besu.ethereum.core.Block; import org.hyperledger.besu.ethereum.core.Block;
import org.hyperledger.besu.ethereum.core.Hash; import org.hyperledger.besu.ethereum.core.Hash;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import java.util.Optional; import java.util.Optional;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
public class IbftMessageTransmitter { public class IbftMessageTransmitter {
private static final Logger LOG = LogManager.getLogger();
private final MessageFactory messageFactory; private final MessageFactory messageFactory;
private final ValidatorMulticaster multicaster; private final ValidatorMulticaster multicaster;
@ -47,42 +53,57 @@ public class IbftMessageTransmitter {
final ConsensusRoundIdentifier roundIdentifier, final ConsensusRoundIdentifier roundIdentifier,
final Block block, final Block block,
final Optional<RoundChangeCertificate> roundChangeCertificate) { final Optional<RoundChangeCertificate> roundChangeCertificate) {
final Proposal data = try {
messageFactory.createProposal(roundIdentifier, block, roundChangeCertificate); final Proposal data =
messageFactory.createProposal(roundIdentifier, block, roundChangeCertificate);
final ProposalMessageData message = ProposalMessageData.create(data); final ProposalMessageData message = ProposalMessageData.create(data);
multicaster.send(message); multicaster.send(message);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to generate signature for Proposal (not sent): {} ", e.getMessage());
}
} }
public void multicastPrepare(final ConsensusRoundIdentifier roundIdentifier, final Hash digest) { public void multicastPrepare(final ConsensusRoundIdentifier roundIdentifier, final Hash digest) {
final Prepare data = messageFactory.createPrepare(roundIdentifier, digest); try {
final Prepare data = messageFactory.createPrepare(roundIdentifier, digest);
final PrepareMessageData message = PrepareMessageData.create(data); final PrepareMessageData message = PrepareMessageData.create(data);
multicaster.send(message); multicaster.send(message);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to generate signature for Prepare (not sent): {} ", e.getMessage());
}
} }
public void multicastCommit( public void multicastCommit(
final ConsensusRoundIdentifier roundIdentifier, final ConsensusRoundIdentifier roundIdentifier,
final Hash digest, final Hash digest,
final Signature commitSeal) { final Signature commitSeal) {
final Commit data = messageFactory.createCommit(roundIdentifier, digest, commitSeal); try {
final Commit data = messageFactory.createCommit(roundIdentifier, digest, commitSeal);
final CommitMessageData message = CommitMessageData.create(data); final CommitMessageData message = CommitMessageData.create(data);
multicaster.send(message); multicaster.send(message);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to generate signature for Commit (not sent): {} ", e.getMessage());
}
} }
public void multicastRoundChange( public void multicastRoundChange(
final ConsensusRoundIdentifier roundIdentifier, final ConsensusRoundIdentifier roundIdentifier,
final Optional<PreparedRoundArtifacts> preparedRoundArtifacts) { final Optional<PreparedRoundArtifacts> preparedRoundArtifacts) {
try {
final RoundChange data =
messageFactory.createRoundChange(roundIdentifier, preparedRoundArtifacts);
final RoundChange data = final RoundChangeMessageData message = RoundChangeMessageData.create(data);
messageFactory.createRoundChange(roundIdentifier, preparedRoundArtifacts);
final RoundChangeMessageData message = RoundChangeMessageData.create(data);
multicaster.send(message); multicaster.send(message);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to generate signature for RoundChange (not sent): {} ", e.getMessage());
}
} }
} }

@ -79,7 +79,6 @@ public class MessageFactory {
private <M extends Payload> SignedData<M> createSignedMessage(final M payload) { private <M extends Payload> SignedData<M> createSignedMessage(final M payload) {
final Signature signature = nodeKey.sign(hashForSignature(payload)); final Signature signature = nodeKey.sign(hashForSignature(payload));
return new SignedData<>(payload, Util.publicKeyToAddress(nodeKey.getPublicKey()), signature); return new SignedData<>(payload, Util.publicKeyToAddress(nodeKey.getPublicKey()), signature);
} }

@ -32,6 +32,7 @@ import org.hyperledger.besu.consensus.ibft.payload.Payload;
import org.hyperledger.besu.consensus.ibft.validation.FutureRoundProposalMessageValidator; import org.hyperledger.besu.consensus.ibft.validation.FutureRoundProposalMessageValidator;
import org.hyperledger.besu.consensus.ibft.validation.MessageValidatorFactory; import org.hyperledger.besu.consensus.ibft.validation.MessageValidatorFactory;
import org.hyperledger.besu.ethereum.core.BlockHeader; import org.hyperledger.besu.ethereum.core.BlockHeader;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import java.time.Clock; import java.time.Clock;
import java.util.Collection; import java.util.Collection;
@ -139,15 +140,20 @@ public class IbftBlockHeightManager implements BlockHeightManager {
startNewRound(currentRound.getRoundIdentifier().getRoundNumber() + 1); startNewRound(currentRound.getRoundIdentifier().getRoundNumber() + 1);
final RoundChange localRoundChange = try {
messageFactory.createRoundChange( final RoundChange localRoundChange =
currentRound.getRoundIdentifier(), latestPreparedRoundArtifacts); messageFactory.createRoundChange(
currentRound.getRoundIdentifier(), latestPreparedRoundArtifacts);
// Its possible the locally created RoundChange triggers the transmission of a NewRound
// message - so it must be handled accordingly.
handleRoundChangePayload(localRoundChange);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to create signed RoundChange message.", e);
}
transmitter.multicastRoundChange( transmitter.multicastRoundChange(
currentRound.getRoundIdentifier(), latestPreparedRoundArtifacts); currentRound.getRoundIdentifier(), latestPreparedRoundArtifacts);
// Its possible the locally created RoundChange triggers the transmission of a NewRound
// message - so it must be handled accordingly.
handleRoundChangePayload(localRoundChange);
} }
@Override @Override

@ -153,7 +153,7 @@ public class IbftController {
if (newBlockHeader.getNumber() == currentMiningParent.getNumber()) { if (newBlockHeader.getNumber() == currentMiningParent.getNumber()) {
if (newBlockHeader.getHash().equals(currentMiningParent.getHash())) { if (newBlockHeader.getHash().equals(currentMiningParent.getHash())) {
LOG.trace( LOG.trace(
"Discarding duplicate NewChainHead event. chainHeight={} newBlockHash={} parentBlockHash", "Discarding duplicate NewChainHead event. chainHeight={} newBlockHash={} parentBlockHash={}",
newBlockHeader.getNumber(), newBlockHeader.getNumber(),
newBlockHeader.getHash(), newBlockHeader.getHash(),
currentMiningParent.getHash()); currentMiningParent.getHash());

@ -38,6 +38,7 @@ import org.hyperledger.besu.ethereum.core.BlockHeader;
import org.hyperledger.besu.ethereum.core.BlockImporter; import org.hyperledger.besu.ethereum.core.BlockImporter;
import org.hyperledger.besu.ethereum.core.Hash; import org.hyperledger.besu.ethereum.core.Hash;
import org.hyperledger.besu.ethereum.mainnet.HeaderValidationMode; import org.hyperledger.besu.ethereum.mainnet.HeaderValidationMode;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import org.hyperledger.besu.util.Subscribers; import org.hyperledger.besu.util.Subscribers;
import java.util.Optional; import java.util.Optional;
@ -118,8 +119,13 @@ public class IbftRound {
private void updateStateWithProposalAndTransmit( private void updateStateWithProposalAndTransmit(
final Block block, final Optional<RoundChangeCertificate> roundChangeCertificate) { final Block block, final Optional<RoundChangeCertificate> roundChangeCertificate) {
final Proposal proposal = final Proposal proposal;
messageFactory.createProposal(getRoundIdentifier(), block, roundChangeCertificate); try {
proposal = messageFactory.createProposal(getRoundIdentifier(), block, roundChangeCertificate);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to create a signed Proposal, waiting for next round.", e);
return;
}
transmitter.multicastProposal( transmitter.multicastProposal(
proposal.getRoundIdentifier(), proposal.getBlock(), proposal.getRoundChangeCertificate()); proposal.getRoundIdentifier(), proposal.getBlock(), proposal.getRoundChangeCertificate());
@ -132,11 +138,15 @@ public class IbftRound {
if (updateStateWithProposedBlock(msg)) { if (updateStateWithProposedBlock(msg)) {
LOG.debug("Sending prepare message. round={}", roundState.getRoundIdentifier()); LOG.debug("Sending prepare message. round={}", roundState.getRoundIdentifier());
final Prepare localPrepareMessage = try {
messageFactory.createPrepare(getRoundIdentifier(), block.getHash()); final Prepare localPrepareMessage =
transmitter.multicastPrepare( messageFactory.createPrepare(getRoundIdentifier(), block.getHash());
localPrepareMessage.getRoundIdentifier(), localPrepareMessage.getDigest()); peerIsPrepared(localPrepareMessage);
peerIsPrepared(localPrepareMessage); transmitter.multicastPrepare(
localPrepareMessage.getRoundIdentifier(), localPrepareMessage.getDigest());
} catch (final SecurityModuleException e) {
LOG.warn("Failed to create a signed Prepare; {}", e.getMessage());
}
} }
} }
@ -158,23 +168,41 @@ public class IbftRound {
final boolean wasPrepared = roundState.isPrepared(); final boolean wasPrepared = roundState.isPrepared();
final boolean wasCommitted = roundState.isCommitted(); final boolean wasCommitted = roundState.isCommitted();
final boolean blockAccepted = roundState.setProposedBlock(msg); final boolean blockAccepted = roundState.setProposedBlock(msg);
if (blockAccepted) { if (blockAccepted) {
final Block block = roundState.getProposedBlock().get();
final Signature commitSeal;
try {
commitSeal = createCommitSeal(block);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to construct commit seal; {}", e.getMessage());
return blockAccepted;
}
// There are times handling a proposed block is enough to enter prepared. // There are times handling a proposed block is enough to enter prepared.
if (wasPrepared != roundState.isPrepared()) { if (wasPrepared != roundState.isPrepared()) {
LOG.debug("Sending commit message. round={}", roundState.getRoundIdentifier()); LOG.debug("Sending commit message. round={}", roundState.getRoundIdentifier());
final Block block = roundState.getProposedBlock().get(); transmitter.multicastCommit(getRoundIdentifier(), block.getHash(), commitSeal);
transmitter.multicastCommit(getRoundIdentifier(), block.getHash(), createCommitSeal(block)); }
// can automatically add _our_ commit message to the roundState
// cannot create a prepare message here, as it may be _our_ proposal, and thus we cannot also
// prepare
try {
final Commit localCommitMessage =
messageFactory.createCommit(
roundState.getRoundIdentifier(), msg.getBlock().getHash(), commitSeal);
roundState.addCommitMessage(localCommitMessage);
} catch (final SecurityModuleException e) {
LOG.warn("Failed to create signed Commit message; {}", e.getMessage());
return blockAccepted;
} }
// It is possible sufficient commit seals are now available and the block should be imported
if (wasCommitted != roundState.isCommitted()) { if (wasCommitted != roundState.isCommitted()) {
importBlockToChain(); importBlockToChain();
} }
final Commit localCommitMessage =
messageFactory.createCommit(
roundState.getRoundIdentifier(),
msg.getBlock().getHash(),
createCommitSeal(roundState.getProposedBlock().get()));
peerIsCommitted(localCommitMessage);
} }
return blockAccepted; return blockAccepted;
@ -186,7 +214,13 @@ public class IbftRound {
if (wasPrepared != roundState.isPrepared()) { if (wasPrepared != roundState.isPrepared()) {
LOG.debug("Sending commit message. round={}", roundState.getRoundIdentifier()); LOG.debug("Sending commit message. round={}", roundState.getRoundIdentifier());
final Block block = roundState.getProposedBlock().get(); final Block block = roundState.getProposedBlock().get();
transmitter.multicastCommit(getRoundIdentifier(), block.getHash(), createCommitSeal(block)); try {
transmitter.multicastCommit(getRoundIdentifier(), block.getHash(), createCommitSeal(block));
// Note: the local-node's commit message was added to RoundState on block acceptance
// and thus does not need to be done again here.
} catch (final SecurityModuleException e) {
LOG.warn("Failed to construct a commit seal: {}", e.getMessage());
}
} }
} }

@ -21,9 +21,11 @@ import static org.hyperledger.besu.consensus.ibft.IbftContextBuilder.setupContex
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.ArgumentMatchers.anyLong;
import static org.mockito.ArgumentMatchers.eq; import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never; import static org.mockito.Mockito.never;
import static org.mockito.Mockito.times; import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import org.hyperledger.besu.consensus.ibft.ConsensusRoundIdentifier; import org.hyperledger.besu.consensus.ibft.ConsensusRoundIdentifier;
@ -49,6 +51,7 @@ import org.hyperledger.besu.ethereum.core.BlockHeaderTestFixture;
import org.hyperledger.besu.ethereum.core.BlockImporter; import org.hyperledger.besu.ethereum.core.BlockImporter;
import org.hyperledger.besu.ethereum.core.Hash; import org.hyperledger.besu.ethereum.core.Hash;
import org.hyperledger.besu.ethereum.worldstate.WorldStateArchive; import org.hyperledger.besu.ethereum.worldstate.WorldStateArchive;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import org.hyperledger.besu.util.Subscribers; import org.hyperledger.besu.util.Subscribers;
import java.math.BigInteger; import java.math.BigInteger;
@ -446,4 +449,39 @@ public class IbftRoundTest {
verify(blockImporter, times(1)).importBlock(any(), any(), any()); verify(blockImporter, times(1)).importBlock(any(), any(), any());
} }
@Test
public void exceptionDuringNodeKeySigningDoesNotEscape() {
final int QUORUM_SIZE = 1;
final RoundState roundState = new RoundState(roundIdentifier, QUORUM_SIZE, messageValidator);
final NodeKey throwingNodeKey = mock(NodeKey.class);
final MessageFactory throwingMessageFactory = new MessageFactory(throwingNodeKey);
when(throwingNodeKey.sign(any())).thenThrow(new SecurityModuleException("Hsm is Offline"));
final IbftRound round =
new IbftRound(
roundState,
blockCreator,
protocolContext,
blockImporter,
subscribers,
throwingNodeKey,
throwingMessageFactory,
transmitter,
roundTimer);
round.handleProposalMessage(
messageFactory.createProposal(roundIdentifier, proposedBlock, Optional.empty()));
// Verify that no prepare message was constructed by the IbftRound
assertThat(
roundState
.constructPreparedRoundArtifacts()
.get()
.getPreparedCertificate()
.getPreparePayloads())
.isEmpty();
verifyNoInteractions(transmitter);
}
} }

@ -41,6 +41,7 @@ import org.hyperledger.besu.ethereum.mainnet.ProtocolSchedule;
import org.hyperledger.besu.ethereum.mainnet.ProtocolSpec; import org.hyperledger.besu.ethereum.mainnet.ProtocolSpec;
import org.hyperledger.besu.ethereum.mainnet.ScheduleBasedBlockHeaderFunctions; import org.hyperledger.besu.ethereum.mainnet.ScheduleBasedBlockHeaderFunctions;
import org.hyperledger.besu.ethereum.mainnet.TransactionProcessor; import org.hyperledger.besu.ethereum.mainnet.TransactionProcessor;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.List; import java.util.List;
@ -186,7 +187,9 @@ public abstract class AbstractBlockCreator<C> implements AsyncBlockCreator {
final BlockHeader blockHeader = createFinalBlockHeader(sealableBlockHeader); final BlockHeader blockHeader = createFinalBlockHeader(sealableBlockHeader);
return new Block(blockHeader, new BlockBody(transactionResults.getTransactions(), ommers)); return new Block(blockHeader, new BlockBody(transactionResults.getTransactions(), ommers));
} catch (final SecurityModuleException ex) {
LOG.warn("Failed to create block signature.", ex);
throw ex;
} catch (final CancellationException ex) { } catch (final CancellationException ex) {
LOG.trace("Attempt to create block was interrupted."); LOG.trace("Attempt to create block was interrupted.");
throw ex; throw ex;

@ -25,6 +25,7 @@ import org.hyperledger.besu.crypto.SecureRandomProvider;
import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.HandshakeException; import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.HandshakeException;
import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.HandshakeSecrets; import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.HandshakeSecrets;
import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.Handshaker; import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.Handshaker;
import org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Optional; import java.util.Optional;
@ -47,6 +48,7 @@ import org.bouncycastle.crypto.InvalidCipherTextException;
* encrypted handshake</a> * encrypted handshake</a>
*/ */
public class ECIESHandshaker implements Handshaker { public class ECIESHandshaker implements Handshaker {
private static final Logger LOG = LogManager.getLogger(); private static final Logger LOG = LogManager.getLogger();
private static final SecureRandom RANDOM = SecureRandomProvider.publicSecureRandom(); private static final SecureRandom RANDOM = SecureRandomProvider.publicSecureRandom();
@ -203,6 +205,10 @@ public class ECIESHandshaker implements Handshaker {
} catch (final InvalidCipherTextException e) { } catch (final InvalidCipherTextException e) {
status.set(Handshaker.HandshakeStatus.FAILED); status.set(Handshaker.HandshakeStatus.FAILED);
throw new HandshakeException("Decrypting an incoming handshake message failed", e); throw new HandshakeException("Decrypting an incoming handshake message failed", e);
} catch (final SecurityModuleException e) {
status.set(Handshaker.HandshakeStatus.FAILED);
throw new HandshakeException(
"Unable to create ECDH Key agreement due to Crypto engine failure", e);
} }
Optional<Bytes> nextMsg = Optional.empty(); Optional<Bytes> nextMsg = Optional.empty();
@ -242,10 +248,16 @@ public class ECIESHandshaker implements Handshaker {
// Store the message, as we need it to generating our ingress and egress MACs. // Store the message, as we need it to generating our ingress and egress MACs.
initiatorMsgEnc = encryptedMsg; initiatorMsgEnc = encryptedMsg;
if (version4) { try {
initiatorMsg = InitiatorHandshakeMessageV4.decode(bytes, nodeKey); if (version4) {
} else { initiatorMsg = InitiatorHandshakeMessageV4.decode(bytes, nodeKey);
initiatorMsg = InitiatorHandshakeMessageV1.decode(bytes, nodeKey); } else {
initiatorMsg = InitiatorHandshakeMessageV1.decode(bytes, nodeKey);
}
} catch (final SecurityModuleException e) {
status.set(Handshaker.HandshakeStatus.FAILED);
throw new HandshakeException(
"Unable to create ECDH Key agreement due to Crypto engine failure", e);
} }
LOG.trace( LOG.trace(
@ -290,7 +302,14 @@ public class ECIESHandshaker implements Handshaker {
// Compute the secrets and declare this handshake as successful. // Compute the secrets and declare this handshake as successful.
} }
computeSecrets();
try {
computeSecrets();
} catch (final SecurityModuleException e) {
status.set(Handshaker.HandshakeStatus.FAILED);
throw new HandshakeException(
"Unable to create ECDH Key agreement due to Crypto engine failure", e);
}
status.set(Handshaker.HandshakeStatus.SUCCESS); status.set(Handshaker.HandshakeStatus.SUCCESS);
LOG.trace("Handshake status set to {}", status.get()); LOG.trace("Handshake status set to {}", status.get());
@ -337,6 +356,7 @@ public class ECIESHandshaker implements Handshaker {
void computeSecrets() { void computeSecrets() {
final Bytes agreedSecret = final Bytes agreedSecret =
SECP256K1.calculateECDHKeyAgreement(ephKeyPair.getPrivateKey(), partyEphPubKey); SECP256K1.calculateECDHKeyAgreement(ephKeyPair.getPrivateKey(), partyEphPubKey);
final Bytes sharedSecret = final Bytes sharedSecret =
keccak256( keccak256(
concatenate(agreedSecret, keccak256(concatenate(responderNonce, initiatorNonce)))); concatenate(agreedSecret, keccak256(concatenate(responderNonce, initiatorNonce))));

@ -1 +1 @@
Subproject commit 5841af6da472fb3f19810354cf9a30afd8e72b5f Subproject commit 6af0621522dd0274525457741291d391c10002be
Loading…
Cancel
Save