tendermint: github.com/tendermint/tendermint/privval Index | Files

package privval

import "github.com/tendermint/tendermint/privval"

Package privval provides different implementations of the types.PrivValidator.

FilePV

FilePV is the simplest implementation and developer default. It uses one file for the private key and another to store state.

SignerListenerEndpoint

SignerListenerEndpoint establishes a connection to an external process, like a Key Management Server (KMS), using a socket. SignerListenerEndpoint listens for the external KMS process to dial in. SignerListenerEndpoint takes a listener, which determines the type of connection (ie. encrypted over tcp, or unencrypted over unix).

SignerDialerEndpoint

SignerDialerEndpoint is a simple wrapper around a net.Conn. It's used by both IPCVal and TCPVal.

Index

Package Files

codec.go doc.go errors.go file.go file_deprecated.go messages.go signer_client.go signer_dialer_endpoint.go signer_endpoint.go signer_listener_endpoint.go signer_requestHandler.go signer_server.go socket_dialers.go socket_listeners.go utils.go

Variables

var (
    ErrUnexpectedResponse = fmt.Errorf("received unexpected response")
    ErrNoConnection       = fmt.Errorf("endpoint is not connected")
    ErrConnectionTimeout  = EndpointTimeoutError{}

    ErrReadTimeout  = fmt.Errorf("endpoint read timed out")
    ErrWriteTimeout = fmt.Errorf("endpoint write timed out")
)

Socket errors.

var (
    ErrDialRetryMax = errors.New("dialed maximum retries")
)

Socket errors.

func GetFreeLocalhostAddrPort Uses

func GetFreeLocalhostAddrPort() string

GetFreeLocalhostAddrPort returns a free localhost:port address

func IsConnTimeout Uses

func IsConnTimeout(err error) bool

IsConnTimeout returns a boolean indicating whether the error is known to report that a connection timeout occurred. This detects both fundamental network timeouts, as well as ErrConnTimeout errors.

func NewTCPListener Uses

func NewTCPListener(ln net.Listener, secretConnKey ed25519.PrivKeyEd25519) *tcpListener

NewTCPListener returns a listener that accepts authenticated encrypted connections using the given secretConnKey and the default timeout values.

func NewUnixListener Uses

func NewUnixListener(ln net.Listener) *unixListener

NewUnixListener returns a listener that accepts unencrypted connections using the default timeout values.

func RegisterRemoteSignerMsg Uses

func RegisterRemoteSignerMsg(cdc *amino.Codec)

type EndpointTimeoutError Uses

type EndpointTimeoutError struct{}

func (EndpointTimeoutError) Error Uses

func (e EndpointTimeoutError) Error() string

Implement the net.Error interface.

func (EndpointTimeoutError) Temporary Uses

func (e EndpointTimeoutError) Temporary() bool

func (EndpointTimeoutError) Timeout Uses

func (e EndpointTimeoutError) Timeout() bool

type FilePV Uses

type FilePV struct {
    Key           FilePVKey
    LastSignState FilePVLastSignState
}

FilePV implements PrivValidator using data persisted to disk to prevent double signing. NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist. It includes the LastSignature and LastSignBytes so we don't lose the signature if the process crashes after signing but before the resulting consensus message is processed.

func GenFilePV Uses

func GenFilePV(keyFilePath, stateFilePath string) *FilePV

GenFilePV generates a new validator with randomly generated private key and sets the filePaths, but does not call Save().

func LoadFilePV Uses

func LoadFilePV(keyFilePath, stateFilePath string) *FilePV

LoadFilePV loads a FilePV from the filePaths. The FilePV handles double signing prevention by persisting data to the stateFilePath. If either file path does not exist, the program will exit.

func LoadFilePVEmptyState Uses

func LoadFilePVEmptyState(keyFilePath, stateFilePath string) *FilePV

LoadFilePVEmptyState loads a FilePV from the given keyFilePath, with an empty LastSignState. If the keyFilePath does not exist, the program will exit.

func LoadOrGenFilePV Uses

func LoadOrGenFilePV(keyFilePath, stateFilePath string) *FilePV

LoadOrGenFilePV loads a FilePV from the given filePaths or else generates a new one and saves it to the filePaths.

func (*FilePV) GetAddress Uses

func (pv *FilePV) GetAddress() types.Address

GetAddress returns the address of the validator. Implements PrivValidator.

func (*FilePV) GetPubKey Uses

func (pv *FilePV) GetPubKey() crypto.PubKey

GetPubKey returns the public key of the validator. Implements PrivValidator.

func (*FilePV) Reset Uses

func (pv *FilePV) Reset()

Reset resets all fields in the FilePV. NOTE: Unsafe!

func (*FilePV) Save Uses

func (pv *FilePV) Save()

Save persists the FilePV to disk.

func (*FilePV) SignProposal Uses

func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal signs a canonical representation of the proposal, along with the chainID. Implements PrivValidator.

func (*FilePV) SignVote Uses

func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error

SignVote signs a canonical representation of the vote, along with the chainID. Implements PrivValidator.

func (*FilePV) String Uses

func (pv *FilePV) String() string

String returns a string representation of the FilePV.

type FilePVKey Uses

type FilePVKey struct {
    Address types.Address  `json:"address"`
    PubKey  crypto.PubKey  `json:"pub_key"`
    PrivKey crypto.PrivKey `json:"priv_key"`
    // contains filtered or unexported fields
}

FilePVKey stores the immutable part of PrivValidator.

func (FilePVKey) Save Uses

func (pvKey FilePVKey) Save()

Save persists the FilePVKey to its filePath.

type FilePVLastSignState Uses

type FilePVLastSignState struct {
    Height    int64        `json:"height"`
    Round     int          `json:"round"`
    Step      int8         `json:"step"`
    Signature []byte       `json:"signature,omitempty"`
    SignBytes cmn.HexBytes `json:"signbytes,omitempty"`
    // contains filtered or unexported fields
}

FilePVLastSignState stores the mutable part of PrivValidator.

func (*FilePVLastSignState) CheckHRS Uses

func (lss *FilePVLastSignState) CheckHRS(height int64, round int, step int8) (bool, error)

CheckHRS checks the given height, round, step (HRS) against that of the FilePVLastSignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. The returned boolean indicates whether the last Signature should be reused - it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.

func (*FilePVLastSignState) Save Uses

func (lss *FilePVLastSignState) Save()

Save persists the FilePvLastSignState to its filePath.

type OldFilePV Uses

type OldFilePV struct {
    Address       types.Address  `json:"address"`
    PubKey        crypto.PubKey  `json:"pub_key"`
    LastHeight    int64          `json:"last_height"`
    LastRound     int            `json:"last_round"`
    LastStep      int8           `json:"last_step"`
    LastSignature []byte         `json:"last_signature,omitempty"`
    LastSignBytes cmn.HexBytes   `json:"last_signbytes,omitempty"`
    PrivKey       crypto.PrivKey `json:"priv_key"`
    // contains filtered or unexported fields
}

OldFilePV is the old version of the FilePV, pre v0.28.0. Deprecated: Use FilePV instead.

func LoadOldFilePV Uses

func LoadOldFilePV(filePath string) (*OldFilePV, error)

LoadOldFilePV loads an OldFilePV from the filePath.

func (*OldFilePV) Upgrade Uses

func (oldFilePV *OldFilePV) Upgrade(keyFilePath, stateFilePath string) *FilePV

Upgrade convets the OldFilePV to the new FilePV, separating the immutable and mutable components, and persisting them to the keyFilePath and stateFilePath, respectively. It renames the original file by adding ".bak".

type PingRequest Uses

type PingRequest struct {
}

PingRequest is a request to confirm that the connection is alive.

type PingResponse Uses

type PingResponse struct {
}

PingResponse is a response to confirm that the connection is alive.

type PubKeyRequest Uses

type PubKeyRequest struct{}

PubKeyRequest requests the consensus public key from the remote signer.

type PubKeyResponse Uses

type PubKeyResponse struct {
    PubKey crypto.PubKey
    Error  *RemoteSignerError
}

PubKeyResponse is a response message containing the public key.

type RemoteSignerError Uses

type RemoteSignerError struct {
    // TODO(ismail): create an enum of known errors
    Code        int
    Description string
}

RemoteSignerError allows (remote) validators to include meaningful error descriptions in their reply.

func (*RemoteSignerError) Error Uses

func (e *RemoteSignerError) Error() string

type SignProposalRequest Uses

type SignProposalRequest struct {
    Proposal *types.Proposal
}

SignProposalRequest is a request to sign a proposal

type SignVoteRequest Uses

type SignVoteRequest struct {
    Vote *types.Vote
}

SignVoteRequest is a request to sign a vote

type SignedProposalResponse Uses

type SignedProposalResponse struct {
    Proposal *types.Proposal
    Error    *RemoteSignerError
}

SignedProposalResponse is response containing a signed proposal or an error

type SignedVoteResponse Uses

type SignedVoteResponse struct {
    Vote  *types.Vote
    Error *RemoteSignerError
}

SignedVoteResponse is a response containing a signed vote or an error

type SignerClient Uses

type SignerClient struct {
    // contains filtered or unexported fields
}

SignerClient implements PrivValidator. Handles remote validator connections that provide signing services

func NewSignerClient Uses

func NewSignerClient(endpoint *SignerListenerEndpoint) (*SignerClient, error)

NewSignerClient returns an instance of SignerClient. it will start the endpoint (if not already started)

func (*SignerClient) Close Uses

func (sc *SignerClient) Close() error

Close closes the underlying connection

func (*SignerClient) GetPubKey Uses

func (sc *SignerClient) GetPubKey() crypto.PubKey

GetPubKey retrieves a public key from a remote signer

func (*SignerClient) IsConnected Uses

func (sc *SignerClient) IsConnected() bool

IsConnected indicates with the signer is connected to a remote signing service

func (*SignerClient) Ping Uses

func (sc *SignerClient) Ping() error

Ping sends a ping request to the remote signer

func (*SignerClient) SignProposal Uses

func (sc *SignerClient) SignProposal(chainID string, proposal *types.Proposal) error

SignProposal requests a remote signer to sign a proposal

func (*SignerClient) SignVote Uses

func (sc *SignerClient) SignVote(chainID string, vote *types.Vote) error

SignVote requests a remote signer to sign a vote

func (*SignerClient) WaitForConnection Uses

func (sc *SignerClient) WaitForConnection(maxWait time.Duration) error

WaitForConnection waits maxWait for a connection or returns a timeout error

type SignerDialerEndpoint Uses

type SignerDialerEndpoint struct {
    // contains filtered or unexported fields
}

SignerDialerEndpoint dials using its dialer and responds to any signature requests using its privVal.

func NewSignerDialerEndpoint Uses

func NewSignerDialerEndpoint(
    logger log.Logger,
    dialer SocketDialer,
) *SignerDialerEndpoint

NewSignerDialerEndpoint returns a SignerDialerEndpoint that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.

func (*SignerDialerEndpoint) Close Uses

func (se *SignerDialerEndpoint) Close() error

Close closes the underlying net.Conn.

func (*SignerDialerEndpoint) DropConnection Uses

func (se *SignerDialerEndpoint) DropConnection()

IsConnected indicates if there is an active connection

func (*SignerDialerEndpoint) GetAvailableConnection Uses

func (se *SignerDialerEndpoint) GetAvailableConnection(connectionAvailableCh chan net.Conn) bool

TryGetConnection retrieves a connection if it is already available

func (*SignerDialerEndpoint) IsConnected Uses

func (se *SignerDialerEndpoint) IsConnected() bool

IsConnected indicates if there is an active connection

func (*SignerDialerEndpoint) ReadMessage Uses

func (se *SignerDialerEndpoint) ReadMessage() (msg SignerMessage, err error)

ReadMessage reads a message from the endpoint

func (*SignerDialerEndpoint) SetConnection Uses

func (se *SignerDialerEndpoint) SetConnection(newConnection net.Conn)

SetConnection replaces the current connection object

func (*SignerDialerEndpoint) WaitConnection Uses

func (se *SignerDialerEndpoint) WaitConnection(connectionAvailableCh chan net.Conn, maxWait time.Duration) error

TryGetConnection retrieves a connection if it is already available

func (*SignerDialerEndpoint) WriteMessage Uses

func (se *SignerDialerEndpoint) WriteMessage(msg SignerMessage) (err error)

WriteMessage writes a message from the endpoint

type SignerListenerEndpoint Uses

type SignerListenerEndpoint struct {
    // contains filtered or unexported fields
}

SignerListenerEndpoint listens for an external process to dial in and keeps the connection alive by dropping and reconnecting

func NewSignerListener Uses

func NewSignerListener(listenAddr string, logger log.Logger) (*SignerListenerEndpoint, error)

NewSignerListener creates a new SignerListenerEndpoint using the corresponding listen address

func NewSignerListenerEndpoint Uses

func NewSignerListenerEndpoint(
    logger log.Logger,
    listener net.Listener,
) *SignerListenerEndpoint

NewSignerListenerEndpoint returns an instance of SignerListenerEndpoint.

func (*SignerListenerEndpoint) Close Uses

func (se *SignerListenerEndpoint) Close() error

Close closes the underlying net.Conn.

func (*SignerListenerEndpoint) DropConnection Uses

func (se *SignerListenerEndpoint) DropConnection()

IsConnected indicates if there is an active connection

func (*SignerListenerEndpoint) GetAvailableConnection Uses

func (se *SignerListenerEndpoint) GetAvailableConnection(connectionAvailableCh chan net.Conn) bool

TryGetConnection retrieves a connection if it is already available

func (*SignerListenerEndpoint) IsConnected Uses

func (se *SignerListenerEndpoint) IsConnected() bool

IsConnected indicates if there is an active connection

func (*SignerListenerEndpoint) OnStart Uses

func (sl *SignerListenerEndpoint) OnStart() error

OnStart implements cmn.Service.

func (*SignerListenerEndpoint) OnStop Uses

func (sl *SignerListenerEndpoint) OnStop()

OnStop implements cmn.Service

func (*SignerListenerEndpoint) ReadMessage Uses

func (se *SignerListenerEndpoint) ReadMessage() (msg SignerMessage, err error)

ReadMessage reads a message from the endpoint

func (*SignerListenerEndpoint) SendRequest Uses

func (sl *SignerListenerEndpoint) SendRequest(request SignerMessage) (SignerMessage, error)

SendRequest ensures there is a connection, sends a request and waits for a response

func (*SignerListenerEndpoint) SetConnection Uses

func (se *SignerListenerEndpoint) SetConnection(newConnection net.Conn)

SetConnection replaces the current connection object

func (*SignerListenerEndpoint) WaitConnection Uses

func (se *SignerListenerEndpoint) WaitConnection(connectionAvailableCh chan net.Conn, maxWait time.Duration) error

TryGetConnection retrieves a connection if it is already available

func (*SignerListenerEndpoint) WaitForConnection Uses

func (sl *SignerListenerEndpoint) WaitForConnection(maxWait time.Duration) error

WaitForConnection waits maxWait for a connection or returns a timeout error

func (*SignerListenerEndpoint) WriteMessage Uses

func (se *SignerListenerEndpoint) WriteMessage(msg SignerMessage) (err error)

WriteMessage writes a message from the endpoint

type SignerMessage Uses

type SignerMessage interface{}

SignerMessage is sent between Signer Clients and Servers.

func DefaultValidationRequestHandler Uses

func DefaultValidationRequestHandler(privVal types.PrivValidator, req SignerMessage, chainID string) (SignerMessage, error)

type SignerServer Uses

type SignerServer struct {
    cmn.BaseService
    // contains filtered or unexported fields
}

func NewSignerServer Uses

func NewSignerServer(endpoint *SignerDialerEndpoint, chainID string, privVal types.PrivValidator) *SignerServer

func (*SignerServer) OnStart Uses

func (ss *SignerServer) OnStart() error

OnStart implements cmn.Service.

func (*SignerServer) OnStop Uses

func (ss *SignerServer) OnStop()

OnStop implements cmn.Service.

func (*SignerServer) SetRequestHandler Uses

func (ss *SignerServer) SetRequestHandler(validationRequestHandler ValidationRequestHandlerFunc)

SetRequestHandler override the default function that is used to service requests

type SignerServiceEndpointOption Uses

type SignerServiceEndpointOption func(*SignerDialerEndpoint)

SignerServiceEndpointOption sets an optional parameter on the SignerDialerEndpoint.

func SignerDialerEndpointConnRetries Uses

func SignerDialerEndpointConnRetries(retries int) SignerServiceEndpointOption

SignerDialerEndpointConnRetries sets the amount of attempted retries to acceptNewConnection.

func SignerDialerEndpointTimeoutReadWrite Uses

func SignerDialerEndpointTimeoutReadWrite(timeout time.Duration) SignerServiceEndpointOption

SignerDialerEndpointTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type SignerValidatorEndpointOption Uses

type SignerValidatorEndpointOption func(*SignerListenerEndpoint)

SignerValidatorEndpointOption sets an optional parameter on the SocketVal.

type SocketDialer Uses

type SocketDialer func() (net.Conn, error)

SocketDialer dials a remote address and returns a net.Conn or an error.

func DialTCPFn Uses

func DialTCPFn(addr string, timeoutReadWrite time.Duration, privKey ed25519.PrivKeyEd25519) SocketDialer

DialTCPFn dials the given tcp addr, using the given timeoutReadWrite and privKey for the authenticated encryption handshake.

func DialUnixFn Uses

func DialUnixFn(addr string) SocketDialer

DialUnixFn dials the given unix socket.

type TCPListenerOption Uses

type TCPListenerOption func(*tcpListener)

TCPListenerOption sets an optional parameter on the tcpListener.

func TCPListenerTimeoutAccept Uses

func TCPListenerTimeoutAccept(timeout time.Duration) TCPListenerOption

TCPListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.

func TCPListenerTimeoutReadWrite Uses

func TCPListenerTimeoutReadWrite(timeout time.Duration) TCPListenerOption

TCPListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type UnixListenerOption Uses

type UnixListenerOption func(*unixListener)

func UnixListenerTimeoutAccept Uses

func UnixListenerTimeoutAccept(timeout time.Duration) UnixListenerOption

UnixListenerTimeoutAccept sets the timeout for the listener. A zero time value disables the timeout.

func UnixListenerTimeoutReadWrite Uses

func UnixListenerTimeoutReadWrite(timeout time.Duration) UnixListenerOption

UnixListenerTimeoutReadWrite sets the read and write timeout for connections from external signing processes.

type ValidationRequestHandlerFunc Uses

type ValidationRequestHandlerFunc func(
    privVal types.PrivValidator,
    requestMessage SignerMessage,
    chainID string) (SignerMessage, error)

ValidationRequestHandlerFunc handles different remoteSigner requests

Package privval imports 19 packages (graph) and is imported by 47 packages. Updated 2019-08-11. Refresh now. Tools for package owners.