IBFT2.1 requires that message content be separated, thus concepts
at the message level must not leak into the business logic - eg
RoundChangeCertificate should not be created by the
RoundChangeManager - rather an intermediate type is to be inserted.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Moving to IBFT2.1 requires that validation be conducted
on the signeddata aspects of a message separately from the
'piggybacked' block.
Move Validators to using Messages
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Create wrapper types for Ibft Signed messages
As future IBFT message will require only subsets of the data to be signed,
the message structures need to be modified such taht the signed-data
aspects can be a component of the message (Rather than the whole
message).
THis chnage starts this process by having a "flat" message which allows
clients to query the required round, and author of the message.
* Updated IbftHeightManager to new msgtypes
* Removed final from interface
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
As future IBFT message will require only subsets of the data to be signed,
the message structures need to be modified such taht the signed-data
aspects can be a component of the message (Rather than the whole
message).
This change starts this process by having a "flat" message which allows
clients to query the required round, and author of the message.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Messages which originate with the current node are logged in the
gossiper such that if a remote peer sends a packet which originated
from the local back to the local node, it should not go back out
again.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Refactoring for more readable IBFT IT
* Renaming Roles to peers
* Moving the assert behaviour into the RoundChangePeers
* Renmaing prefix of assert to verify, grammar
* Reducing usage of getAllPeers()
* Dropping the getter for the peer list
* Dropping peer from method names, as it's now in the class name
* Spotless
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Makes Synchronizer responsible for deciding if it has enough peers or not rather than ProtocolManager.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Add Privacy Cli options
* Wire up Precompiled contract configuration to Protocol Spec
* Rename createDefault to noPrivacy to indicate the defaults.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Nodes which are not validators in a network should not inject
IBFT messages to the consensus round, and should not gossip
received messages.
I.e. all events should ensure that they are only handled if
the node is a validator at the current height.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Ibft will no longer buffer round change messages for prior rounds.
While the messages buffered where discarded on round change, they
should not be buffered.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This commit adds additional tests which fall outside of the existing
suite, and target spuriously behaved peers - i.e. illegal seals,
illformed RLP data etc.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This allows individual items of the test framework to be replaced
during the test construction (i.e. eventqueue, clock, validator count).
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
This adds tests to ensure the IBFT capability handles the chain updating
"under" the state machine.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
The ibftGetValidatorsByBlockNumber and ibftGetValidatorsByBlockHash
both returned a list of Addresses, whichi when translated back into
JSON RPC responses, results in an incorrect 'shape'.
These RPC calls should (and now do) return a list of strings.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Previously, IBFT only validated the header of the block on reception
of a proposal. However in order to minimise the risk of a "bad block"
being detected after a PreparedCertificate being created, it has been
decided to validate the whole block (i.e. exercise the transactions,
process the block and ensure hashes etc line up with the header).
There is still some (minor) risk of a failed block import, however
it is substantially reduced.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Testing indicated that if quorum-1 commit messages is received prior
to the proposal, the proposed block will be imported twice.
Theoretically this is handled safely by the BlockImporter, however
is clearly an error in the IbftRound code.
This commit updates IbftRound such that the import can only occur
once.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Removing code identified by the 'unused declaration' analysis in IntelliJ
* Undoing removal of injectNewRound as that's actually used
* Removing wrapper class from Clique UT
* Spotless
* Adding back code
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
In order to validate a block separate to its commit seals, the commit
seals must be validated separately to the validator content of the
block.
At this stage, the commit rule is _not_ light, however this change
is to be conducted in subsequent PRs.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Constructor of the RoundChangeManager now accepts a
RoundChangeMessageValidator rather than creating it from inputs.
This removes complexity from this class, pushes creation back to the
validator factory, and simplifies the IbftBlockHeightManagerFactory.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Ibft is required to validate a block upon reception, but not import
it until a later time.
As such, IBFT will require validation and importing to be separated.
The validator has been exposed as part of the ProtocolSpecification.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Integration tests have been added to determine the IBFT components
response to the reception of RoundChange messages.
Through the course of creating these tests the following changes were
made to the RoundChangeManager:
* Stores RoundChangeMessages in the order of arrival
* Discards subsequent RoundChange messages from the same node,
targeting a specific round.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* NewRoundMessageValidator ignores Round Number when comparing blocks
NewRoundMessageValidator previously ensured the block in the newest
PreparedCertificate was the same as that in the Proposal by comparing
block hashes.
However, the hash-function for received IBFT blocks includes round
number - thus the blocks will never be deemed 'equal'.
As such, the blocks must be compared using a hash function which
ignores the round number - i.e. the OnChain function.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
To test the IBFT implementation at an integration level, an amount of "setup" is required.
This commit creates a framework of "n" 'external' nodes which are able to inject messages to the IbftController, while also exposing the messages received from the local node.
Thus integration tests are able to be written in terms of input events (including messages), expected (network) responses and changes in the blockchain state.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>