From 341ac6c8bd5ae8752b2a2d785a613d533f20fba8 Mon Sep 17 00:00:00 2001 From: Alessandro Sorniotti Date: Thu, 20 Apr 2017 19:13:24 +0200 Subject: [PATCH] [FAB-3156] check correctness of instant'n policy The purpose of this change set is that for each invocation, we check that the instantiated chaincode matches the installed one (if any) in terms of its instantiation policy, just to avoid repercussions from any rogue instantiation of a chaincode. Change-Id: I4dbdb3459076a8d6d3f145d2ee7b89022f107e4b Signed-off-by: Alessandro Sorniotti --- core/common/ccprovider/ccinfocache.go | 106 ++++++++++++ core/common/ccprovider/ccinfocache_test.go | 183 +++++++++++++++++++++ core/common/ccprovider/ccprovider.go | 84 +++++++++- core/common/ccprovider/sigcdspackage.go | 14 +- core/endorser/endorser.go | 41 ++++- peer/node/start.go | 4 + 6 files changed, 421 insertions(+), 11 deletions(-) create mode 100644 core/common/ccprovider/ccinfocache.go create mode 100644 core/common/ccprovider/ccinfocache_test.go diff --git a/core/common/ccprovider/ccinfocache.go b/core/common/ccprovider/ccinfocache.go new file mode 100644 index 00000000000..0bd97dd0feb --- /dev/null +++ b/core/common/ccprovider/ccinfocache.go @@ -0,0 +1,106 @@ +/* +Copyright IBM Corp. 2017 All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ccprovider + +import ( + "fmt" + "sync" + + "github.com/hyperledger/fabric/protos/peer" +) + +// ccInfoCacheImpl implements CCInfoProvider by providing an in-memory +// cache layer on top of the internal CCInfoProvider instance +type ccInfoCacheImpl struct { + sync.RWMutex + + cache map[string]CCPackage + ccfs CCInfoProvider +} + +// NewCCInfoCache returns a new cache on top of the supplied CCInfoProvider instance +func NewCCInfoCache(ccfs CCInfoProvider) CCInfoProvider { + return &ccInfoCacheImpl{ + cache: make(map[string]CCPackage), + ccfs: ccfs, + } +} + +func (c *ccInfoCacheImpl) GetChaincode(ccname string, ccversion string) (CCPackage, error) { + // c.cache is guaranteed to be non-nil + + key := ccname + "/" + ccversion + + c.RLock() + ccpack, in := c.cache[key] + c.RUnlock() + + if !in { + var err error + + // the chaincode data is not in the cache + // try to look it up from the file system + ccpack, err = c.ccfs.GetChaincode(ccname, ccversion) + if err != nil || ccpack == nil { + return nil, fmt.Errorf("cannot retrieve package for chaincode %s/%s, error %s", ccname, ccversion, err) + } + + // we have a non-nil CCPackage, put it in the cache + c.Lock() + c.cache[key] = ccpack + c.Unlock() + } + + return ccpack, nil +} + +func (c *ccInfoCacheImpl) PutChaincode(depSpec *peer.ChaincodeDeploymentSpec) (CCPackage, error) { + // c.cache is guaranteed to be non-nil + + ccname := depSpec.ChaincodeSpec.ChaincodeId.Name + ccversion := depSpec.ChaincodeSpec.ChaincodeId.Version + + if ccname == "" { + return nil, fmt.Errorf("the chaincode name cannot be an emoty string") + } + + if ccversion == "" { + return nil, fmt.Errorf("the chaincode version cannot be an emoty string") + } + + key := ccname + "/" + ccversion + + c.RLock() + _, in := c.cache[key] + c.RUnlock() + + if in { + return nil, fmt.Errorf("attempted to put chaincode data twice for %s/%s", ccname, ccversion) + } + + ccpack, err := c.ccfs.PutChaincode(depSpec) + if err != nil || ccpack == nil { + return nil, fmt.Errorf("PutChaincodeIntoFS failed, error %s", err) + } + + // we have a non-nil CCPackage, put it in the cache + c.Lock() + c.cache[key] = ccpack + c.Unlock() + + return ccpack, nil +} diff --git a/core/common/ccprovider/ccinfocache_test.go b/core/common/ccprovider/ccinfocache_test.go new file mode 100644 index 00000000000..2956e4917b7 --- /dev/null +++ b/core/common/ccprovider/ccinfocache_test.go @@ -0,0 +1,183 @@ +/* +Copyright IBM Corp. 2017 All Rights Reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package ccprovider + +import ( + "archive/tar" + "bytes" + "compress/gzip" + "testing" + + "os" + + "github.com/golang/protobuf/proto" + "github.com/hyperledger/fabric/core/container/util" + "github.com/hyperledger/fabric/protos/peer" + "github.com/stretchr/testify/assert" +) + +func getDepSpec(name string, path string, version string, initArgs [][]byte) (*peer.ChaincodeDeploymentSpec, error) { + spec := &peer.ChaincodeSpec{Type: 1, ChaincodeId: &peer.ChaincodeID{Name: name, Path: path, Version: version}, Input: &peer.ChaincodeInput{Args: initArgs}} + + codePackageBytes := bytes.NewBuffer(nil) + gz := gzip.NewWriter(codePackageBytes) + tw := tar.NewWriter(gz) + + err := util.WriteBytesToPackage("src/garbage.go", []byte(name+path+version), tw) + if err != nil { + return nil, err + } + + tw.Close() + gz.Close() + + return &peer.ChaincodeDeploymentSpec{ChaincodeSpec: spec, CodePackage: codePackageBytes.Bytes()}, nil +} + +func buildPackage(name string, path string, version string, initArgs [][]byte) (CCPackage, error) { + depSpec, err := getDepSpec(name, path, version, initArgs) + if err != nil { + return nil, err + } + + buf, err := proto.Marshal(depSpec) + if err != nil { + return nil, err + } + cccdspack := &CDSPackage{} + if _, err := cccdspack.InitFromBuffer(buf); err != nil { + return nil, err + } + + return cccdspack, nil +} + +type mockCCInfoFSStorageMgrImpl struct { + CCMap map[string]CCPackage +} + +func (m *mockCCInfoFSStorageMgrImpl) PutChaincode(depSpec *peer.ChaincodeDeploymentSpec) (CCPackage, error) { + buf, err := proto.Marshal(depSpec) + if err != nil { + return nil, err + } + cccdspack := &CDSPackage{} + if _, err := cccdspack.InitFromBuffer(buf); err != nil { + return nil, err + } + + m.CCMap[depSpec.ChaincodeSpec.ChaincodeId.Name+depSpec.ChaincodeSpec.ChaincodeId.Version] = cccdspack + + return cccdspack, nil +} + +func (m *mockCCInfoFSStorageMgrImpl) GetChaincode(ccname string, ccversion string) (CCPackage, error) { + return m.CCMap[ccname+ccversion], nil +} + +// here we test the cache implementation itself +func TestCCInfoCache(t *testing.T) { + ccname := "foo" + ccver := "1.0" + ccpath := "github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02" + + ccinfoFs := &mockCCInfoFSStorageMgrImpl{CCMap: map[string]CCPackage{}} + cccache := NewCCInfoCache(ccinfoFs) + + // test the get side + + // the cc data is not yet in the cache + _, err := cccache.GetChaincode(ccname, ccver) + assert.Error(t, err) + + // put it in the file system + pack, err := buildPackage(ccname, ccpath, ccver, [][]byte{[]byte("init"), []byte("a"), []byte("100"), []byte("b"), []byte("200")}) + assert.NoError(t, err) + ccinfoFs.CCMap[ccname+ccver] = pack + + // expect it to be in the cache now + cd1, err := cccache.GetChaincode(ccname, ccver) + assert.NoError(t, err) + + // it should still be in the cache + cd2, err := cccache.GetChaincode(ccname, ccver) + assert.NoError(t, err) + + // they are not null + assert.NotNil(t, cd1) + assert.NotNil(t, cd2) + + // test the put side now.. + ccver = "2.0" + + // create a dep spec to put + ds, err := getDepSpec(ccname, ccpath, ccver, [][]byte{[]byte("init"), []byte("a"), []byte("100"), []byte("b"), []byte("200")}) + assert.NoError(t, err) + + // put it + _, err = cccache.PutChaincode(ds) + assert.NoError(t, err) + + // expect it to be in the cache + cd1, err = cccache.GetChaincode(ccname, ccver) + assert.NoError(t, err) + + // it should still be in the cache + cd2, err = cccache.GetChaincode(ccname, ccver) + assert.NoError(t, err) + + // they are not null + assert.NotNil(t, cd1) + assert.NotNil(t, cd2) +} + +// here we test the peer's built-in cache after enabling it +func TestCCInfoCachePeerInstance(t *testing.T) { + // enable the cache first: it's disabled by default + EnableCCInfoCache() + + ccname := "foo" + ccver := "1.0" + ccpath := "github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02" + + // the cc data is not yet in the cache + _, err := GetChaincodeFromFS(ccname, ccver) + assert.Error(t, err) + + // create a dep spec to put + ds, err := getDepSpec(ccname, ccpath, ccver, [][]byte{[]byte("init"), []byte("a"), []byte("100"), []byte("b"), []byte("200")}) + assert.NoError(t, err) + + // put it + err = PutChaincodeIntoFS(ds) + assert.NoError(t, err) + + // expect it to be in the cache + cd, err := GetChaincodeFromFS(ccname, ccver) + assert.NoError(t, err) + assert.NotNil(t, cd) +} + +var ccinfocachetestpath = "/tmp/ccinfocachetest" + +func TestMain(m *testing.M) { + os.RemoveAll(ccinfocachetestpath) + defer os.RemoveAll(ccinfocachetestpath) + + SetChaincodesPath(ccinfocachetestpath) + os.Exit(m.Run()) +} diff --git a/core/common/ccprovider/ccprovider.go b/core/common/ccprovider/ccprovider.go index 43a2a599517..f18aa80e866 100644 --- a/core/common/ccprovider/ccprovider.go +++ b/core/common/ccprovider/ccprovider.go @@ -110,8 +110,24 @@ func ChaincodePackageExists(ccname string, ccversion string) (bool, error) { return false, err } +// CCInfoProvider is responsible to provide backend storage for information +// about chaincodes. Multiple implementations can persist data to a file system +// or store them in a cache +type CCInfoProvider interface { + // GetChaincode returns information for the chaincode with the + // supplied name and version + GetChaincode(ccname string, ccversion string) (CCPackage, error) + + // PutChaincode stores the supplied chaincode info + PutChaincode(depSpec *pb.ChaincodeDeploymentSpec) (CCPackage, error) +} + +// CCInfoFSStorageMgr is an implementation of CCInfoProvider +// backed by the file system +type CCInfoFSImpl struct{} + // GetChaincodeFromFS this is a wrapper for hiding package implementation. -func GetChaincodeFromFS(ccname string, ccversion string) (CCPackage, error) { +func (*CCInfoFSImpl) GetChaincode(ccname string, ccversion string) (CCPackage, error) { //try raw CDS cccdspack := &CDSPackage{} _, _, err := cccdspack.InitFromFS(ccname, ccversion) @@ -129,16 +145,76 @@ func GetChaincodeFromFS(ccname string, ccversion string) (CCPackage, error) { // PutChaincodeIntoFS is a wrapper for putting raw ChaincodeDeploymentSpec //using CDSPackage. This is only used in UTs -func PutChaincodeIntoFS(depSpec *pb.ChaincodeDeploymentSpec) error { +func (*CCInfoFSImpl) PutChaincode(depSpec *pb.ChaincodeDeploymentSpec) (CCPackage, error) { buf, err := proto.Marshal(depSpec) if err != nil { - return err + return nil, err } cccdspack := &CDSPackage{} if _, err := cccdspack.InitFromBuffer(buf); err != nil { + return nil, err + } + err = cccdspack.PutChaincodeToFS() + if err != nil { + return nil, err + } + + return cccdspack, nil +} + +// The following lines create the cache of CCPackage data that sits +// on top of the file system and avoids a trip to the file system +// every time. The cache is disabled by default and only enabled +// if EnableCCInfoCache is called. This is an unfortunate hack +// required by some legacy tests that remove chaincode packages +// from the file system as a means of simulating particular test +// conditions. This way of testing is incompatible with the +// immutable nature of chaincode packages that is assumed by hlf v1 +// and implemented by this cache. For this reason, tests are for now +// allowed to run with the cache disabled (unless they enable it) +// until a later time in which they are fixed. The peer process on +// the other hand requires the benefits of this cache and therefore +// enables it. +// TODO: (post v1) enable cache by default as soon as https://jira.hyperledger.org/browse/FAB-3785 is completed + +// ccInfoFSStorageMgr is the storage manager used either by the cache or if the +// cache is bypassed +var ccInfoFSProvider = &CCInfoFSImpl{} + +// ccInfoCache is the cache instance itself +var ccInfoCache = NewCCInfoCache(ccInfoFSProvider) + +// ccInfoCacheEnabled keeps track of whether the cache is enable +// (it is disabled by default) +var ccInfoCacheEnabled bool + +// EnableCCInfoCache can be called to enable the cache +func EnableCCInfoCache() { + ccInfoCacheEnabled = true +} + +// GetChaincodeFromFS retrieves chaincode information from the cache (or the +// file system in case of a cache miss) if the cache is enabled, or directly +// from the file system otherwise +func GetChaincodeFromFS(ccname string, ccversion string) (CCPackage, error) { + if ccInfoCacheEnabled { + return ccInfoCache.GetChaincode(ccname, ccversion) + } else { + return ccInfoFSProvider.GetChaincode(ccname, ccversion) + } +} + +// PutChaincodeIntoFS puts chaincode information in the file system (and +// also in the cache to prime it) if the cache is enabled, or directly +// from the file system otherwise +func PutChaincodeIntoFS(depSpec *pb.ChaincodeDeploymentSpec) error { + if ccInfoCacheEnabled { + _, err := ccInfoCache.PutChaincode(depSpec) + return err + } else { + _, err := ccInfoFSProvider.PutChaincode(depSpec) return err } - return cccdspack.PutChaincodeToFS() } // GetCCPackage tries each known package implementation one by one diff --git a/core/common/ccprovider/sigcdspackage.go b/core/common/ccprovider/sigcdspackage.go index c5260d3a27d..76e2e30c481 100644 --- a/core/common/ccprovider/sigcdspackage.go +++ b/core/common/ccprovider/sigcdspackage.go @@ -130,7 +130,19 @@ func (ccpack *SignedCDSPackage) GetChaincodeData() *ChaincodeData { if ccpack.depSpec == nil || ccpack.datab == nil || ccpack.id == nil { panic("GetChaincodeData called on uninitialized package") } - return &ChaincodeData{Name: ccpack.depSpec.ChaincodeSpec.ChaincodeId.Name, Version: ccpack.depSpec.ChaincodeSpec.ChaincodeId.Version, Data: ccpack.datab, Id: ccpack.id} + + var instPolicy []byte + if ccpack.sDepSpec != nil { + instPolicy = ccpack.sDepSpec.InstantiationPolicy + } + + return &ChaincodeData{ + Name: ccpack.depSpec.ChaincodeSpec.ChaincodeId.Name, + Version: ccpack.depSpec.ChaincodeSpec.ChaincodeId.Version, + Data: ccpack.datab, + Id: ccpack.id, + InstantiationPolicy: instPolicy, + } } func (ccpack *SignedCDSPackage) getCDSData(scds *pb.SignedChaincodeDeploymentSpec) ([]byte, []byte, *SignedCDSData, error) { diff --git a/core/endorser/endorser.go b/core/endorser/endorser.go index 8e1ee732ecb..1f947cfdfd0 100644 --- a/core/endorser/endorser.go +++ b/core/endorser/endorser.go @@ -25,6 +25,8 @@ import ( "errors" + "bytes" + "github.com/hyperledger/fabric/common/policies" "github.com/hyperledger/fabric/common/util" "github.com/hyperledger/fabric/core/chaincode" @@ -167,16 +169,43 @@ func (e *Endorser) simulateProposal(ctx context.Context, chainID string, txid st return nil, nil, nil, nil, err } - var cd *ccprovider.ChaincodeData + var cdLedger *ccprovider.ChaincodeData + var version string - //default it to a system CC - version := util.GetSysCCVersion() if !syscc.IsSysCC(cid.Name) { - cd, err = e.getCDSFromLSCC(ctx, chainID, txid, signedProp, prop, cid.Name, txsim) + cdLedger, err = e.getCDSFromLSCC(ctx, chainID, txid, signedProp, prop, cid.Name, txsim) if err != nil { return nil, nil, nil, nil, fmt.Errorf("failed to obtain cds for %s - %s", cid.Name, err) } - version = cd.Version + version = cdLedger.Version + + // we retrieve info about this chaincode from the file system + ccpack, err := ccprovider.GetChaincodeFromFS(cid.Name, version) + if err != nil { + return nil, nil, nil, nil, fmt.Errorf("Chaincode data for cc %s/%s was not found, error %s", cid.Name, version, err) + } + // ccpack is guaranteed to be non-nil + cdLocalFS := ccpack.GetChaincodeData() + + // we have the info from the fs, check that the policy + // matches the one on the file system if one was specified; + // this check is required because the admin of this peer + // might have specified instantiation policies for their + // chaincode, for example to make sure that the chaincode + // is only instantiated on certain channels; a malicious + // peer on the other hand might have created a deploy + // transaction that attempts to bypass the instantiation + // policy. This check is there to ensure that this will not + // happen, i.e. that the peer will refuse to invoke the + // chaincode under these conditions. More info on + // https://jira.hyperledger.org/browse/FAB-3156 + if cdLocalFS.InstantiationPolicy != nil { + if !bytes.Equal(cdLocalFS.InstantiationPolicy, cdLedger.InstantiationPolicy) { + return nil, nil, nil, nil, fmt.Errorf("Instantiation policy mismatch for cc %s/%s", cid.Name, version) + } + } + } else { + version = util.GetSysCCVersion() } //---3. execute the proposal and get simulation results @@ -194,7 +223,7 @@ func (e *Endorser) simulateProposal(ctx context.Context, chainID string, txid st } } - return cd, res, simResult, ccevent, nil + return cdLedger, res, simResult, ccevent, nil } func (e *Endorser) getCDSFromLSCC(ctx context.Context, chainID string, txid string, signedProp *pb.SignedProposal, prop *pb.Proposal, chaincodeID string, txsim ledger.TxSimulator) (*ccprovider.ChaincodeData, error) { diff --git a/peer/node/start.go b/peer/node/start.go index 930a01e5f4c..8754fec7726 100644 --- a/peer/node/start.go +++ b/peer/node/start.go @@ -35,6 +35,7 @@ import ( "github.com/hyperledger/fabric/core" "github.com/hyperledger/fabric/core/chaincode" "github.com/hyperledger/fabric/core/comm" + "github.com/hyperledger/fabric/core/common/ccprovider" "github.com/hyperledger/fabric/core/config" "github.com/hyperledger/fabric/core/endorser" "github.com/hyperledger/fabric/core/ledger/ledgermgmt" @@ -137,6 +138,9 @@ func serve(args []string) error { grpclog.Fatalf("Failed to create ehub server: %v", err) } + // enable the cache of chaincode info + ccprovider.EnableCCInfoCache() + registerChaincodeSupport(peerServer.Server()) logger.Debugf("Running peer")