Skip to content
This repository has been archived by the owner on Nov 6, 2020. It is now read-only.

SecretStore: administrative sessions prototypes #6605

Merged
merged 74 commits into from
Oct 2, 2017
Merged
Changes from 1 commit
Commits
Show all changes
74 commits
Select commit Hold shift + click to select a range
b5bcb61
generate random channel encryption key on restart
svyatonik Sep 5, 2017
1639785
session-level nonces
svyatonik Sep 5, 2017
8fa75c2
fixed warning after rebase
svyatonik Sep 6, 2017
0fbcdac
session_nonce -> nonce
svyatonik Sep 7, 2017
43182db
full_generation_math_session_with_refreshing_shares && full_generatio…
svyatonik Sep 7, 2017
d6e03d5
add serveral secret shares at once
svyatonik Sep 7, 2017
34524c9
Merge branch 'secretstore_addnode_poc' into secretstore_change_server…
svyatonik Sep 12, 2017
04fa83f
SecretStore: initial ShareAdd session prototype
svyatonik Sep 13, 2017
404a992
SecretStore: ServersSetChange jobs
svyatonik Sep 14, 2017
40f2051
SecretStore: servers set change session continued
svyatonik Sep 14, 2017
1061c3c
SecretStore: servers set change session continued
svyatonik Sep 14, 2017
2add88e
SecretStore: servers set change session continued
svyatonik Sep 14, 2017
1abc035
SecretStore: known_sessions iterator
svyatonik Sep 14, 2017
2c98678
SecretStore: implemented SessionsQueue
svyatonik Sep 14, 2017
7163a3f
SecretStore: UnknownSessionsJobTransport
svyatonik Sep 14, 2017
177ccc2
SecretStore: node_added_using_servers_set_change almost done
svyatonik Sep 18, 2017
fe56517
SecretStore: continue adding tests
svyatonik Sep 19, 2017
5788cf9
SecretStore: node_added_using_servers_set_change + node_added_using_s…
svyatonik Sep 19, 2017
320d661
SecretStore: node_added_using_server_set_change_from_this_node
svyatonik Sep 19, 2017
d2cec70
SecretStore: node_moved_using_share_move
svyatonik Sep 20, 2017
16e282e
SecretStore: node_moved_using_servers_set_change
svyatonik Sep 20, 2017
3b95536
SecretStore: node_removed_using_share_remove
svyatonik Sep 20, 2017
20aa6af
SecretStore: node_removed_using_servers_set_change
svyatonik Sep 20, 2017
734b059
SecretStore: different folders for client && admin sessions
svyatonik Sep 20, 2017
ef38dd1
SecretStore: started adding share change consensus (flush)
svyatonik Sep 21, 2017
df000f8
SecretStore: fixed spurious tests failures
svyatonik Sep 21, 2017
7f5802b
enum JobPartialRequestAction
svyatonik Sep 21, 2017
854df5b
SecretStore: started adding consensus layer to ShareAdd session
svyatonik Sep 21, 2017
ad0f2f8
SecretStore: starting external consensus for ShareAdd
svyatonik Sep 22, 2017
45a1bb9
SecretStore: started restoring node_added_using_servers_set_change
svyatonik Sep 25, 2017
7349d1e
SecretStore: node_added_using_servers_set_change works with external …
svyatonik Sep 25, 2017
f006262
SecretStore: node_added_using_server_set_change_from_this_node works …
svyatonik Sep 25, 2017
d25f920
removed debug comments/printlns
svyatonik Sep 25, 2017
0349d29
SecretStore: share move session supports consensus
svyatonik Sep 25, 2017
d87bac0
SecretStore: share remove with external consensus
svyatonik Sep 26, 2017
b0f524a
SecretStore: started adding basic ShareAdd tests
svyatonik Sep 26, 2017
d02f675
SecretStore: added ShareAdd tests
svyatonik Sep 26, 2017
ea15c9c
SecretStore: added ShareAdd session to cluster
svyatonik Sep 26, 2017
7d80d16
SecretStore: added share move && remove sessions to cluster
svyatonik Sep 26, 2017
c8cb715
SecretStore: ShareMove session tests cleanup
svyatonik Sep 26, 2017
a522f47
SecretStore: ShareRemove session tests cleanup
svyatonik Sep 26, 2017
bfcb544
SecretStore: added check_secret_is_preserved check
svyatonik Sep 26, 2017
b56beaf
SecretStore: added servers set change to cluster
svyatonik Sep 27, 2017
fa3a035
SecretStore: cleaned up ServersSetChange session tests
svyatonik Sep 27, 2017
b83795a
SecretStore: cleaning + added tests for ShareRemove
svyatonik Sep 27, 2017
4129a3f
SecretStore: cleaning up
svyatonik Sep 27, 2017
aa460b6
SecretStore: propagated admin_public
svyatonik Sep 27, 2017
895db2d
SecretStore: fixed persistent_key_storage test
svyatonik Sep 27, 2017
baa9350
SecretStore: upgrade_db_from_1
svyatonik Sep 27, 2017
b82ac4f
SecretStore: fixed ServersSetChange session completion
svyatonik Sep 27, 2017
947024f
SecretStore: check polynom1 in ShareAdd sessions (error for pre-v2 sh…
svyatonik Sep 27, 2017
4bf4599
SecretStore: fixing TODOs
svyatonik Sep 27, 2017
0ec87d9
SecretStore: fixing TODOs
svyatonik Sep 28, 2017
7a26086
SecretStore: check share change plan on 'old' slave nodes
svyatonik Sep 28, 2017
fd5b8c1
SecretStore: fixing TODOs
svyatonik Sep 28, 2017
760d246
SecretStore: store all admin sessions in single container to avoid ov…
svyatonik Sep 28, 2017
33fc4f7
SecretStore: do not update nodes set during admin sessions
svyatonik Sep 28, 2017
c61581c
SecretStore: moved TODOs to appropriate methods
svyatonik Sep 28, 2017
c7eafda
SecretStore: TODOs
svyatonik Sep 28, 2017
b8403c1
SecretStore: added admin_public arg && fixed warnigs
svyatonik Sep 28, 2017
dd9ec16
Merge branch 'master' into secretstore_change_server_set
svyatonik Sep 28, 2017
55d8d8b
Merge commit '61daa5f3e7c86a3a5a8b259598334fb0240da076' into secretst…
svyatonik Sep 28, 2017
a89b301
SecretStore: added shares_to_move_reversed to ShareMove session
svyatonik Sep 28, 2017
1f5edc8
SecretStore: additional checks during consensus establishing
svyatonik Sep 28, 2017
cd3be57
license
svyatonik Sep 28, 2017
77c1d90
SecretStore: added TODO about starting ServersSetChange session
svyatonik Sep 28, 2017
693b67a
SecretStore: redundant clones + docs + lsot unimplemented-s
svyatonik Sep 29, 2017
3f1d233
SecretStore: generation_session_completion_signalled_if_failed_on_master
svyatonik Sep 29, 2017
b27bf52
SecretStore: updated obsolete comment
svyatonik Sep 29, 2017
42158be
SecretStore: added type alias for current DocumentKeyShare serializat…
svyatonik Sep 29, 2017
0542cec
SecretStore: fixed typo
svyatonik Sep 29, 2017
90e0484
Merge branch 'master' into secretstore_change_server_set
svyatonik Oct 2, 2017
8e541d7
SecretStore; fixed warnings for futures 0.1.15
svyatonik Sep 28, 2017
9deb579
fixed warning
svyatonik Oct 2, 2017
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
SecretStore: check share change plan on 'old' slave nodes
svyatonik committed Sep 28, 2017

Unverified

This user has not yet uploaded their public signing key.
commit 7a26086279e9fef62d418f4105d90fd0fbfc7ae5
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
// TODO: active_sessions -> key_session, session_id -> key_id, ...
// TODO: when servers set change session is active, pause updating servers set from contract
// TODO: even if node was lost, it is still required for share removal, ...
// TODO: before setting pre-established consensus - check that old nodes are in general old set && new nodes are in general new set
// TODO: in long session some nodes (that are not participating in share change sessions) can stop session as stalled
// TODO: check servers set

@@ -171,13 +170,6 @@ struct UnknownSessionsJobTransport {
impl SessionImpl {
/// Create new servers set change session.
pub fn new(params: SessionParams) -> Result<Self, Error> {
// TODO: threshold = all_nodes_len() - 1
// session id must be the hash of sorted nodes set
/*let new_nodes_set_hash = nodes_hash(&params.new_nodes_set);
if new_nodes_set_hash != params.meta.id {
return Err(Error::InvalidNodesConfiguration);
}*/

Ok(SessionImpl {
core: SessionCore {
meta: params.meta.clone(),
@@ -203,8 +195,8 @@ impl SessionImpl {

/// Initialize servers set change session on master node.
pub fn initialize(&self, new_nodes_set: BTreeSet<NodeId>, all_set_signature: Signature, new_set_signature: Signature) -> Result<(), Error> {
// TODO: check that all_nodes_set.contains(new_nodes_set)
// TODO: check that threshold + 1 == all_nodes_set.len()
check_nodes_set(&self.core.all_nodes_set, &new_nodes_set)?;

let mut data = self.data.lock();
if data.state != SessionState::EstablishingConsensus || data.consensus_session.is_some() {
return Err(Error::InvalidStateForRequest);
@@ -326,17 +318,23 @@ impl SessionImpl {

let mut data = self.data.lock();

{
let new_nodes_set = {
let consensus_session = data.consensus_session.as_mut().ok_or(Error::InvalidMessage)?;
let unknown_sessions_job = UnknownSessionsJob::new_on_slave(self.core.key_storage.clone());
let unknown_sessions_transport = self.unknown_sessions_transport();

// and respond with unknown sessions
consensus_session.on_job_request(&sender, sender.clone(), unknown_sessions_job, unknown_sessions_transport)?;
}

consensus_session.consensus_job().executor()
.new_servers_set()
.expect("consensus session is now completed; new_servers_set is intermediate result of consensus session; qed")
.clone()
};

// update state
data.state = SessionState::RunningShareChangeSessions;
data.new_nodes_set = Some(new_nodes_set);

Ok(())
}
@@ -353,7 +351,7 @@ impl SessionImpl {
}

// process message
let (unknown_sessions, new_nodes_set) = {
let unknown_sessions = {
let consensus_session = data.consensus_session.as_mut().ok_or(Error::InvalidMessage)?;
consensus_session.on_job_response(sender, message.unknown_sessions.iter().cloned().map(Into::into).collect())?;
if consensus_session.state() != ConsensusSessionState::Finished {
@@ -362,18 +360,11 @@ impl SessionImpl {

// all nodes have reported their unknown sessions
// => we are ready to start adding/moving/removing shares
(
consensus_session.result()?,
consensus_session.consensus_job().executor()
.new_servers_set()
.expect("consensus session is finished; new_servers_set is intermediate result of consensus session; qed")
.clone(),
)
consensus_session.result()?
};

// initialize sessions queue
data.state = SessionState::RunningShareChangeSessions;
data.new_nodes_set = Some(new_nodes_set);
data.sessions_queue = Some(SessionsQueue::new(self.core.key_storage.clone(), unknown_sessions));

// and disseminate session initialization requests
@@ -397,25 +388,43 @@ impl SessionImpl {
}

// insert new session
match data.active_sessions.entry(message.key_id.clone().into()) {
Entry::Occupied(_) => return Err(Error::InvalidMessage),
Entry::Vacant(entry) => entry.insert(ShareChangeSession::new(ShareChangeSessionParams {
session_id: message.key_id.clone().into(),
nonce: self.core.nonce,
meta: ShareChangeSessionMeta {
id: message.key_id.clone().into(),
self_node_id: self.core.meta.self_node_id.clone(),
master_node_id: message.master_node_id.clone().into(),
},
cluster: self.core.cluster.clone(),
key_storage: self.core.key_storage.clone(),
old_nodes_set: message.old_shares_set.iter().cloned().map(Into::into).collect(),
plan: ShareChangeSessionPlan {
let key_id = message.key_id.clone().into();
match data.active_sessions.contains_key(&key_id) {
true => return Err(Error::InvalidMessage),
false => {
let master_plan = ShareChangeSessionPlan {
nodes_to_add: message.shares_to_add.iter().map(|(k, v)| (k.clone().into(), v.clone().into())).collect(),
nodes_to_move: message.shares_to_move.iter().map(|(k, v)| (k.clone().into(), v.clone().into())).collect(),
nodes_to_remove: message.shares_to_remove.iter().cloned().map(Into::into).collect(),
},
})?),
};

// on nodes, which have their own key share, we could check if master node plan is correct
if let Ok(key_share) = self.core.key_storage.get(&message.key_id.clone().into()) {
let new_nodes_set = data.new_nodes_set.as_ref()
.expect("new_nodes_set is filled during consensus establishing; change sessions are running after this; qed");
let local_plan = prepare_share_change_session_plan(&key_share.id_numbers.keys().cloned().collect(), new_nodes_set)?;
if local_plan.nodes_to_add.keys().any(|n| !local_plan.nodes_to_add.contains_key(n))
|| local_plan.nodes_to_add.keys().any(|n| !master_plan.nodes_to_add.contains_key(n))
|| local_plan.nodes_to_move != master_plan.nodes_to_move
|| local_plan.nodes_to_remove != master_plan.nodes_to_remove {
return Err(Error::InvalidMessage);
}
}

data.active_sessions.insert(key_id.clone(), ShareChangeSession::new(ShareChangeSessionParams {
session_id: key_id.clone(),
nonce: self.core.nonce,
meta: ShareChangeSessionMeta {
id: key_id,
self_node_id: self.core.meta.self_node_id.clone(),
master_node_id: message.master_node_id.clone().into(),
},
cluster: self.core.cluster.clone(),
key_storage: self.core.key_storage.clone(),
old_nodes_set: message.old_shares_set.iter().cloned().map(Into::into).collect(),
plan: master_plan,
})?);
},
};

// send confirmation
@@ -821,6 +830,14 @@ impl JobTransport for UnknownSessionsJobTransport {
}
}

fn check_nodes_set(all_nodes_set: &BTreeSet<NodeId>, new_nodes_set: &BTreeSet<NodeId>) -> Result<(), Error> {
// all new nodes must be a part of all nodes set
match new_nodes_set.iter().any(|n| !all_nodes_set.contains(n)) {
true => Err(Error::InvalidNodesConfiguration),
false => Ok(())
}
}

#[cfg(test)]
pub mod tests {
use std::sync::Arc;