prysm-pulse/validator/keymanager/remote.go

268 lines
8.3 KiB
Go
Raw Normal View History

Align code base to v0.11 (#5127) * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * add in new patch and workspace * update cloners * Handle rewards overflow (#5122) * Refactoring of initial sync (#5096) * implements blocks queue * refactors updateCounter method * fixes deadlock on stop w/o start * refactors updateSchedulerState * more tests on schduler * parseFetchResponse tests * wraps up tests for blocks queue * eod commit * fixes data race in round robin * revamps fetcher * fixes race conditions + livelocks + deadlocks * less verbose output * fixes data race, by isolating critical sections * minor refactoring: resolves blocking calls * implements init-sync queue * udpate fetch/send buffers in blocks fetcher * blockState enum-like type alias * refactors common code into releaseTicket() * better gc * linter * minor fix to round robin * moves original round robin into its own package * adds enableInitSyncQueue flag * fixes issue with init-sync service selection * Update beacon-chain/sync/initial-sync/round_robin.go Co-Authored-By: terence tsao <terence@prysmaticlabs.com> * initsyncv1 -> initsyncold * adds span Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> Co-authored-by: terence tsao <terence@prysmaticlabs.com> * Handle rewards overflow * Revert "Refactoring of initial sync (#5096)" This reverts commit 3ec2a0f9e0924b9ce06159916e89742a85521033. Co-authored-by: Victor Farazdagi <simple.square@gmail.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * updated block operations * updated validator client * Merge refs/heads/master into v0.10.1 * updated block operations test * skip benchmark test * updated transition test * updated db kv tests * updated ops tests * updated ops tests * updated slashing tests * updated rpc tests * updated state utils * updated test utils and miscs * Temp skips minimal spec tests * Fixed proposer slashing test * Gaz * Skip 2 more minimal tests * Skip 2 more minimal tests * Update readme * gaz * Conflict * Fix import and not use * Update workspace for new spec test * Fix workspace * Merge refs/heads/master into v0.10.1 * Update workspace with new ethapi commit * Unblock a few tests * Merge refs/heads/master into v0.10.1 * fixed block op test * gaz * Merge refs/heads/master into v0.10.1 * Skip gen state test (test setup issue * Updated hysteresis config * Updated epoch processing for new hyteresis * Updated tests * regen proto beacon * update state util for state root * update state types * update getter and setters * update compute domain and get domain and tests * update validators * Add forkdata proto * Updated compute domain api, moved it to helper pkg * Merge refs/heads/master into v0.10.1 * Fixed all core tests * Fixed all the sync tests * Fixed all the rpc tests * Merge refs/heads/master into v0.10.1 * Merge refs/heads/master into v0.10.1 * Fixed conflict * Fixed conflict * Conflict fix * visibility * Fixed validator tests * Fixing test util * Fixed rest of non spec tests * Fixed a bug proposer index wasn't included * gaz * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Updated eth1 data voting period to epoch based * Fixed failed tests * fix bug * fix error * Fixed more misc tests * Add new SignedAggregateAndProof to pass spec test * Update minimalConfig.PersistentCommitteePeriod * allow to rebuild trie * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Skip e2e tests * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Align aggregator action with v0.11 (#5146) * Remove Head Root from Beacon Block by Range Request (#5165) * make proto changes * remove head root * Merge branch 'master' of https://github.com/prysmaticlabs/geth-sharding into v0.11 * add back herumi's library * Update ethapi in workspace, started fixing test. Hand off to Nishant * fix build * All tests passing * Align finalized slot check with v0.11 (#5166) * Merge branch 'master' into v0.11 * Add DoS resistance for v0.11 (#5158) * Add Fork Digest Helper (#5173) * Extend DoS prevention to rest of operation objects (#5174) * Update mapping * Add caches * Update seen block in validation pipeline * Update seen att in validation pipeline * Update seen att in validation pipeline * Fixed rest of tests * Gazelle * Better writes * Lint * Preston's feedback * Switched to LRU cache and fixed tests * Gazelle * Fix test * Update proposer slashing * Update proposer slashing * Fixed a block test * Update exit * Update atteser slashing * Raul's feedback Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Add remote keymanager (#5133) * Add remote keymanager * Add generic signRoot() helper * Add tests for remote keymanager * NewRemote -> NewRemoteWallet * signRoot -> signOject, to increase reuse * Fix end-to-end compile error Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> * Add Snappy Framing to the Encoder (#5172) * change to framing * more fixes * fix everything * add stricter limits * preston feedback Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: rauljordan <raul@prysmaticlabs.com> * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Move Subnet Functionality to its Own File (#5179) * move subnets to their own file * fix build fail * build * Update beacon-chain/p2p/discovery_test.go Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Sync with master * Verify proposer signature in sync (#5206) * Fix Signed Attestation In Sync (#5207) * Add Eth2 Fork ENR Functionality (#5181) * add fork entry enr * add in fork * add the required fork entry to node * add and retrieve fork entry * await state initialized * utilize new structure * more progress, utilizing a config map instead * send the genesis validators root via the event feed * struct method for discovery * fix broken builds * fixed up more tsts using state feed initializer * fix up most tests * only one more failing test * almost done with tests * p2p tests all pass * config fix * fix blockchain test * gaz * add in todo * lint * add compare func * ensure fork ENR versions match between peers * add in test for discovery * test name * tests complete * tests done * done * comments * fix all flakes * addressed comments * build using ssz gen * marshal record * use custom ssz * deduplicate import * fix build * add enr proto * p2p tests done Co-authored-by: nisdas <nishdas93@gmail.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Verify aggregator signature in sync (#5208) * Add Fork Digest For Gossip Topics (#5191) * update for the day * fix remaining failing test * fix one more test * change message * Apply suggestions from code review Co-Authored-By: terence tsao <terence@prysmaticlabs.com> * terence's review * implement fork digest' * align digest to interface' * passed all tests * spawn in goroutine Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: terence tsao <terence@prysmaticlabs.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Fix Incorrect Attester Slashing Method (#5229) * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Remove keystore keymanager from validator (#5236) * Remove keystore keymanager from validator * Update dependency * Update validator/flags/flags.go * Update validator/flags/flags.go Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> * fix broadcaster * update metrics with fork digest for p2p (#5251) * update metrics with fork digest for p2p * update p2p metrics * update metrics using att values * wrapped up * fix bug Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Fix incorrect domain type comments (#5250) * Fix incorrect domain type comments * resolve conflicts * fix broken broadcast test * fix tests * include protocol suffix * fix confs * lint * fix test * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Merge branch 'master' of github.com:prysmaticlabs/prysm into v0.11 * resolve broken slasher test' * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Merge branch 'master' into v0.11 * fix config override * Remove deprecated parameters (#5249) * Avoid div by zero in extreme balance case (#5273) * Return effective balance increment instead of 1 * Update to new spec tests v0.11.1 * Revert "Regen historical states for `new-state-mgmt` compatibility (#5261)" This reverts commit df9a534826037ddac8dcaac0b1b470ce9fa8ecd4. Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Revert "Remove deprecated parameters (#5249)" (#5276) This reverts commit 7d17c9ac3455ee15c67b3645485693309216bc97. * Verify block proposer index before gossip (#5274) * Update pipeline * Update tests Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Add in Proposer Index to Custom HTR (#5269) * fix test * Update beacon-chain/state/stateutil/blocks_test.go Co-authored-by: terence tsao <terence@prysmaticlabs.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Resolve Flakey P2P Tests (#5285) * double time for flakey test * fix test flakeyness in p2p: * flakey * time tolerance * greater tolerance * Merge branch 'master' into v0.11 * release resources correctly (#5287) * Merge refs/heads/master into v0.11 * Enable NOISE Handshake by Default v0.11 (#5272) * noise handshakes by default * fix build * noisy noise everywhere * deprecated noisy noise flag with more noise * add secio as fallback Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: nisdas <nishdas93@gmail.com> * Merge refs/heads/master into v0.11 * new ports * fix broken build * Make `new-state-mgmt` canonical (#5289) * Invert the flags * Update checking messages * Fixed all db tests * Fixed rest of the block chain tests * Fix chain race tests * Fixed rpc tests * Disable soudns better... * Merge branch 'v0.11' into invert-new-state-mgmt * Merge refs/heads/v0.11 into invert-new-state-mgmt * Fix export * Merge branch 'invert-new-state-mgmt' of github.com:prysmaticlabs/prysm into invert-new-state-mgmt * Fix conflict tests * Gazelle * Merge refs/heads/v0.11 into invert-new-state-mgmt * Merge refs/heads/v0.11 into invert-new-state-mgmt * Merge branch 'master' into v0.11 * resolve flakeyness * Merge refs/heads/master into v0.11 * Merge refs/heads/master into v0.11 * Detect Proposer Slashing Implementation (#5139) * detect blocks * detect blocks * use stub * use stub * use stub * todo * fix test * add tests and utils * fix imports * fix imports * fix comment * todo * proposerIndex * fix broken test * formatting and simplified if * Update slasher/detection/service.go * Update slasher/detection/testing/utils.go Co-Authored-By: terence tsao <terence@prysmaticlabs.com> * fixed up final comments * better naming * Update slasher/detection/service.go * Update slasher/detection/service.go * Update slasher/detection/service.go Co-Authored-By: Ivan Martinez <ivanthegreatdev@gmail.com> * no more named args Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> Co-authored-by: terence tsao <terence@prysmaticlabs.com> Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> * Merge branch 'master' of https://github.com/prysmaticlabs/geth-sharding into v0.11 * Add Metadata And Ping RPC methods (#5271) * add new proto files * add flag and helper * add initializer * imports * add ping method * add receive/send ping request * add ping test * refactor rpc methods and add ping test * finish adding all tests * fix up tests * Apply suggestions from code review * lint * imports * lint * Update beacon-chain/p2p/service.go * Update shared/cmd/flags.go Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: terence tsao <terence@prysmaticlabs.com> * Merge branch 'master' of https://github.com/prysmaticlabs/geth-sharding into v0.11 * Updates for remote keymanager (#5260) * Merge branch 'spec-v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Merge remote-tracking branch 'origin' into v0.11 * Update to slash by slot instead of epoch (#5297) * change to slash by slot instead of epoch * gaz * fix test * fix test * fix infinite loop on error parse * Sync with master * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Update proposer protection to v0.11 (#5292) * Complete most of changes * Fix other tests * Test progress * Tests * Finish tests * update pbs * Fix mocked tests * Gazelle * pt 2 * Fix * Fixes * Fix tests wit hwrong copying * Merge refs/heads/master into v0.11 * Merge refs/heads/master into v0.11 * Implement `SubscribeCommitteeSubnet` method (#5299) * Add client implementation * Update workspace * Update server * Update service * Gaz * Mocks * Fixed validator tests * Add round tirp tests * Fixed subnet test * Comment * Update committee cache * Comment * Update RPC * Fixed test * Nishant's comment * Gaz * Refresh ENR is for epoch * Needs to be append * Merge refs/heads/master into v0.11 * resolve confs * Validator subscribe subnet to next epoch (#5312) * Alert to subscribe to next epoch * Fixed tests * Comments * Fixed tests * Update validator/client/validator.go Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Revert "Revert "Remove deprecated parameters (#5249)" (#5276)" (#5277) This reverts commit 47e5a2cf96f5add151bf135a5352c2dad7922615. * Aggregate on demand for v0.11 (#5302) * Add client implementation * Update workspace * Update server * Update service * Gaz * Mocks * Fixed validator tests * Add round tirp tests * Fixed subnet test * Wait 1/3 on validator side * Lint * Comment * Update committee cache * Comment * Update RPC * Fixed test * Nishant's comment * Gaz * Refresh ENR is for epoch * Needs to be append * Fixed duplication * Tests * Skip e2e * Update beacon-chain/rpc/validator/aggregator.go Co-Authored-By: shayzluf <thezluf@gmail.com> * Apply suggestions from code review Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: shayzluf <thezluf@gmail.com> Co-authored-by: Raul Jordan <raul@prysmaticlabs.com> * Refactor Dynamic Subscriptions (#5318) * clean up * comment * metrics * fix Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Merge refs/heads/master into v0.11 * Fix listindexed attestations and detect historic attestations (#5321) * fix list indexed attestations * fix tests * goimports * names * Add check for slot == 0 (#5322) * Change attester protection to return default if DB is empty (#5323) * Change how default values are set * Remove unused imports * Remove wasteful db call * Fix db tests * Fix db test * Merge refs/heads/master into v0.11 * fix it (#5326) * V0.11 run time fixes to use interop config (#5324) * Started testing * Bunch of fixes * use-interop * Sync with v0.11 * Conflict * Uncomment wait for activation * Move pending block queue from subscriber to validator pipeline * Merge branch 'v0.11' into use-interop-config * passing tests * Merge refs/heads/v0.11 into use-interop-config * Merge refs/heads/v0.11 into use-interop-config * Merge refs/heads/master into v0.11 * Merge refs/heads/master into v0.11 * Merge refs/heads/master into v0.11 * Nil Checks in Process Attestation v0.11 (#5331) * Started testing * Bunch of fixes * use-interop * Sync with v0.11 * Uncomment wait for activation * Move pending block queue from subscriber to validator pipeline * passing tests * nil checks to prevent panics * lint Co-authored-by: terence tsao <terence@prysmaticlabs.com> * Validator batch subscribe subnets (#5332) * Update both beacon node and validator * Comments * Tests * Lint Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Validator smarter subscribe (#5334) * Fix incorrect proposer index calculation (#5336) * Use correct parent state * Fixed test Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * enhance error * enhance error * Update P2P Service to Handle Local Metadata (#5319) * add metadata to ENR * add new methods * glue everything * fix all tests and refs * add tests * add more tests * Apply suggestions from code review * fix method * raul's review * gaz * fix test setup * fix all tests * better naming * fix broken test * validate nil Co-authored-by: rauljordan <raul@prysmaticlabs.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Revert "Revert "Revert "Remove deprecated parameters (#5249)" (#5276)" (#5277)" (#5343) This reverts commit e5aef1686e582fc2077767c42187c8527f3a742f. * Wait for Genesis Event to Start P2P (#5303) * use event feed for state initialized events * add in handler for tests * wait till genesis for p2p * Apply suggestions from code review Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Merge refs/heads/master into v0.11 * Avoid duplicated aggregation request (#5346) * Avoid duplicated aggregation request * Test and lock * Gaz * Fix Validate For Metadata (#5348) * return true * shay's review Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Multiple Proposer Slots Allowed Per Epoch for Validators (#5344) * allow multiple proposer slots * multi propose * proposer indices to slots map * remove deprecated comm assign * Apply suggestions from code review * resolve broken tests, add logic in validator client * fix val tests Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Networking Fixes (#5349) * close stream later * add ping method * add method * lint * More efficient aggregation on demand (#5354) * Return Nil Error if Pre-Genesis in P2P Service Healthz Check (#5355) * pregenesis healthz check: * optimal * right order * Update beacon-chain/p2p/service.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update beacon-chain/p2p/service.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * no comment Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> * Release DiscoveryV5 for Testnet Restart (#5357) * release discv5 * fix build * Fix Overflow in Status Check (#5361) * fix overflow * Apply suggestions from code review * Merge branch 'master' of github.com:prysmaticlabs/prysm into v0.11 * fix after merge * Merge refs/heads/master into v0.11 * Make Mainnet Config Default, No More Demo Config (#5367) * bye bye demo config * gaz * fix usage * fix dep * gaz * Update default balance for sendDeposits Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> * Use FastSSZ Marshal/Unmarshal for DB Encodings in v0.11.1 (#5351) * try * use marshaler structure for db instead of proto * white list types * attempt * revert * testutil.NewBeaconState() * Fully populate fields for round trip ssz marshal * fix //beacon-chain/db/kv:go_default_test * more passing tests * another test target passed * fixed stategen * blockchain tests green * passing sync * more targets fixed * more test fixes in rpc/validator * most rpc val * validators test fixes * skip round robin old * aggregate test * whitelist done * Update beacon-chain/rpc/validator/attester_test.go * edit baz * Fixed tests * Fixed getblock test * Add back init * reduce test size * fix broken build * tests pass Co-authored-by: Preston Van Loon <preston@prysmaticlabs.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> Co-authored-by: terence tsao <terence@prysmaticlabs.com> * Reconnect slasher streams on beacon node shutdown (#5376) * restart streams on beacon node shutdown * fix comment * remove export * ivan feedback * ivan feedback * case insensitive * Update slasher/beaconclient/receivers.go * raul feedback Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com> Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Merge branch 'master' into v0.11 * Merge refs/heads/master into v0.11 * Amend Faucet to Offer 32.5 ETH for v0.11 (#5378) * deposit amount in faucet * fix eth amount * gas cost * unskip exec transition test * Revert "Enable NOISE Handshake by Default v0.11 (#5272)" (#5381) This reverts commit a8d32d504a8f923cdf7fa9dfc2684f8804fbab92. * Merge refs/heads/master into v0.11 * use string for deposit flag * Update Bootnode to v0.11 (#5387) * fix bootnode * add changes * gaz * fix docker * Merge branch 'master' of github.com:prysmaticlabs/prysm into v0.11 * build fix * fix flaky test * Merge refs/heads/master into v0.11 * Unskip E2E for V0.11 (#5386) * Begin work on fixing e2e for v0.11 * Start bootnode work * Begin implementing bootnode into e2e * Fix E2E for v0.11 * Remove extra * gaz * Remove unused key gen code * Remove trailing multiaddr code * add skip for slashing * Fix slashing e2e * Fix docker image build * Merge branch 'master' of https://github.com/prysmaticlabs/prysm into v0.11 * Merge refs/heads/master into v0.11 * Merge branch 'master' of github.com:prysmaticlabs/prysm into v0.11 * Update beacon-chain/p2p/broadcaster_test.go * Merge refs/heads/master into v0.11 * Pass E2E Tests for v0.11 and Enable Attestation Subnets By Default (#5407) * Update README.md Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Apply suggestions from code review Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update beacon-chain/p2p/config.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update shared/keystore/deposit_input.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update tools/faucet/server.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update beacon-chain/p2p/service.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update shared/benchutil/pregen_test.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update shared/benchutil/pregen_test.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update proto/beacon/p2p/v1/BUILD.bazel Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update shared/benchutil/pregen_test.go Co-Authored-By: Preston Van Loon <preston@prysmaticlabs.com> * Update shared/bls/spectest/aggregate_verify_test.go * Addressed feedback. All test passing * Merge branch 'v0.11' of github.com:prysmaticlabs/prysm into v0.11 * Update beacon-chain/core/blocks/block_operations_fuzz_test.go Co-Authored-By: Ivan Martinez <ivanthegreatdev@gmail.com> * Update beacon-chain/core/blocks/block_operations_test.go Co-Authored-By: Ivan Martinez <ivanthegreatdev@gmail.com> * Update shared/testutil/helpers.go Co-Authored-By: Ivan Martinez <ivanthegreatdev@gmail.com> * Update beacon-chain/core/helpers/signing_root.go Co-Authored-By: Ivan Martinez <ivanthegreatdev@gmail.com> * Resolve Misc v0.11 Items (Raul) (#5414) * address all comments * set faucet * nishant feedback * Update beacon-chain/p2p/service.go Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Revert keymanager changes (#5416) * Revert "Updates for remote keymanager (#5260)" This reverts commit bbcd895db50ce5e7c0ecb64210471cf56f63b373. * Revert "Remove keystore keymanager from validator (#5236)" This reverts commit 46008770c162e741251e13772fd7356b43a9af87. * Revert "Update eth2 wallet keymanager (#4984)" This reverts commit 7f7ef43f218598a671aaeb327342d7e5130fe8b1. Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com> * Update BLS and limit visibility (#5415) * remove duplicated BLS, add golang.org/x/mod * Update BLS and restrict visibility * fix build * Fix eth1data test and fix order of ops (#5413) * use multiaddr builder (#5419) * Unskip benchutil and minor v0.11 fixes (#5417) * Unskip benchutil tests * Remove protos and gaz * Fixes * Networking Fixes (#5421) * check * fix test * fix size * fix test * more fixes * fix test again * Update ethereum APIs with latest master * Error handling for v0.11 tests (#5428) * Proper err handling for tests * Lint * Fixed rest of the tests * Gaz * Fixed old master tests * Sync with master * Rm old aggregate_test.go
2020-04-14 20:27:03 +00:00
package keymanager
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/json"
"io/ioutil"
"github.com/pkg/errors"
ethpb "github.com/prysmaticlabs/ethereumapis/eth/v1alpha1"
"github.com/prysmaticlabs/prysm/shared/bls"
"github.com/prysmaticlabs/prysm/shared/bytesutil"
pb "github.com/wealdtech/eth2-signer-api/pb/v1"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
// Remote is a key manager that accesses a remote wallet daemon.
type Remote struct {
paths []string
conn *grpc.ClientConn
accounts map[[48]byte]*accountInfo
signClientInitiator func(*grpc.ClientConn)
}
type accountInfo struct {
Name string `json:"name"`
PubKey []byte `json:"pubkey"`
}
type remoteOpts struct {
Location string `json:"location"`
Accounts []string `json:"accounts"`
Certificates *remoteCertificateOpts `json:"certificates"`
}
type remoteCertificateOpts struct {
CACert string `json:"ca_cert"`
ClientCert string `json:"client_cert"`
ClientKey string `json:"client_key"`
}
var remoteOptsHelp = `The remote key manager connects to a walletd instance. The options are:
- location This is the location to look for wallets. If not supplied it will
use the standard (operating system-dependent) path.
- accounts This is a list of account specifiers. An account specifier is of
the form <wallet name>/[account name], where the account name can be a
regular expression. If the account specifier is just <wallet name> all
accounts in that wallet will be used. Multiple account specifiers can be
supplied if required.
- certificates This provides paths to certificates:
- ca_cert This is the path to the server's certificate authority certificate file
- client_cert This is the path to the client's certificate file
- client_key This is the path to the client's key file
An sample keymanager options file (with annotations; these should be removed if
using this as a template) is:
{
"location": "host.example.com:12345", // Connect to walletd at host.example.com on port 12345
"accounts": ["Validators/Account.*"] // Use all accounts in the 'Validators' wallet starting with 'Account'
"certificates": {
"ca_cert": "/home/eth2/certs/ca.crt" // Certificate file for the CA that signed the server's certificate
"client_cert": "/home/eth2/certs/client.crt" // Certificate file for this client
"client_key": "/home/eth2/certs/client.key" // Key file for this client
}
}`
// NewRemoteWallet creates a key manager populated with the keys from walletd.
func NewRemoteWallet(input string) (KeyManager, string, error) {
opts := &remoteOpts{}
err := json.Unmarshal([]byte(input), opts)
if err != nil {
return nil, remoteOptsHelp, err
}
if len(opts.Accounts) == 0 {
return nil, remoteOptsHelp, errors.New("at least one account specifier is required")
}
// Load the client certificates.
if opts.Certificates == nil {
return nil, remoteOptsHelp, errors.New("certificates are required")
}
if opts.Certificates.ClientCert == "" {
return nil, remoteOptsHelp, errors.New("client certificate is required")
}
if opts.Certificates.ClientKey == "" {
return nil, remoteOptsHelp, errors.New("client key is required")
}
clientPair, err := tls.LoadX509KeyPair(opts.Certificates.ClientCert, opts.Certificates.ClientKey)
if err != nil {
return nil, remoteOptsHelp, errors.Wrap(err, "failed to obtain client's certificate and/or key")
}
// Load the CA for the server certificate if present.
cp := x509.NewCertPool()
if opts.Certificates.CACert != "" {
serverCA, err := ioutil.ReadFile(opts.Certificates.CACert)
if err != nil {
return nil, remoteOptsHelp, errors.Wrap(err, "failed to obtain server's CA certificate")
}
if !cp.AppendCertsFromPEM(serverCA) {
return nil, remoteOptsHelp, errors.Wrap(err, "failed to add server's CA certificate to pool")
}
}
tlsCfg := &tls.Config{
Certificates: []tls.Certificate{clientPair},
RootCAs: cp,
}
clientCreds := credentials.NewTLS(tlsCfg)
grpcOpts := []grpc.DialOption{
// Require TLS with client certificate.
grpc.WithTransportCredentials(clientCreds),
}
conn, err := grpc.Dial(opts.Location, grpcOpts...)
if err != nil {
return nil, remoteOptsHelp, errors.New("failed to connect to remote wallet")
}
km := &Remote{
conn: conn,
paths: opts.Accounts,
}
err = km.RefreshValidatingKeys()
if err != nil {
return nil, remoteOptsHelp, errors.New("failed to fetch accounts from remote wallet")
}
return km, remoteOptsHelp, nil
}
// FetchValidatingKeys fetches the list of public keys that should be used to validate with.
func (km *Remote) FetchValidatingKeys() ([][48]byte, error) {
res := make([][48]byte, 0, len(km.accounts))
for _, accountInfo := range km.accounts {
res = append(res, bytesutil.ToBytes48(accountInfo.PubKey))
}
return res, nil
}
// Sign without protection is not supported by remote keymanagers.
func (km *Remote) Sign(pubKey [48]byte, root [32]byte) (*bls.Signature, error) {
return nil, errors.New("remote keymanager does not support unprotected signing")
}
// SignGeneric signs a generic message for the validator to broadcast.
func (km *Remote) SignGeneric(pubKey [48]byte, root [32]byte, domain [32]byte) (*bls.Signature, error) {
accountInfo, exists := km.accounts[pubKey]
if !exists {
return nil, ErrNoSuchKey
}
client := pb.NewSignerClient(km.conn)
req := &pb.SignRequest{
Id: &pb.SignRequest_Account{Account: accountInfo.Name},
Data: root[:],
Domain: domain[:],
}
resp, err := client.Sign(context.Background(), req)
if err != nil {
return nil, err
}
switch resp.State {
case pb.SignState_DENIED:
return nil, ErrDenied
case pb.SignState_FAILED:
return nil, ErrCannotSign
}
return bls.SignatureFromBytes(resp.Signature)
}
// SignProposal signs a block proposal for the validator to broadcast.
func (km *Remote) SignProposal(pubKey [48]byte, domain [32]byte, data *ethpb.BeaconBlockHeader) (*bls.Signature, error) {
accountInfo, exists := km.accounts[pubKey]
if !exists {
return nil, ErrNoSuchKey
}
client := pb.NewSignerClient(km.conn)
req := &pb.SignBeaconProposalRequest{
Id: &pb.SignBeaconProposalRequest_Account{Account: accountInfo.Name},
Domain: domain[:],
Data: &pb.BeaconBlockHeader{
Slot: data.Slot,
ParentRoot: data.ParentRoot,
StateRoot: data.StateRoot,
BodyRoot: data.BodyRoot,
},
}
resp, err := client.SignBeaconProposal(context.Background(), req)
if err != nil {
return nil, err
}
switch resp.State {
case pb.SignState_DENIED:
return nil, ErrDenied
case pb.SignState_FAILED:
return nil, ErrCannotSign
}
return bls.SignatureFromBytes(resp.Signature)
}
// SignAttestation signs an attestation for the validator to broadcast.
func (km *Remote) SignAttestation(pubKey [48]byte, domain [32]byte, data *ethpb.AttestationData) (*bls.Signature, error) {
accountInfo, exists := km.accounts[pubKey]
if !exists {
return nil, ErrNoSuchKey
}
client := pb.NewSignerClient(km.conn)
req := &pb.SignBeaconAttestationRequest{
Id: &pb.SignBeaconAttestationRequest_Account{Account: accountInfo.Name},
Domain: domain[:],
Data: &pb.AttestationData{
Slot: data.Slot,
CommitteeIndex: data.CommitteeIndex,
BeaconBlockRoot: data.BeaconBlockRoot,
Source: &pb.Checkpoint{
Epoch: data.Source.Epoch,
Root: data.Source.Root,
},
Target: &pb.Checkpoint{
Epoch: data.Target.Epoch,
Root: data.Target.Root,
},
},
}
resp, err := client.SignBeaconAttestation(context.Background(), req)
if err != nil {
return nil, err
}
switch resp.State {
case pb.SignState_DENIED:
return nil, ErrDenied
case pb.SignState_FAILED:
return nil, ErrCannotSign
}
return bls.SignatureFromBytes(resp.Signature)
}
// RefreshValidatingKeys refreshes the list of validating keys from the remote signer.
func (km *Remote) RefreshValidatingKeys() error {
listerClient := pb.NewListerClient(km.conn)
listAccountsReq := &pb.ListAccountsRequest{
Paths: km.paths,
}
accountsResp, err := listerClient.ListAccounts(context.Background(), listAccountsReq)
if err != nil {
panic(err)
}
accounts := make(map[[48]byte]*accountInfo, len(accountsResp.Accounts))
for _, account := range accountsResp.Accounts {
account := &accountInfo{
Name: account.Name,
PubKey: account.PublicKey,
}
accounts[bytesutil.ToBytes48(account.PubKey)] = account
}
km.accounts = accounts
return nil
}