TX proposal/endorsement/validation flow (+MSP)

This change set contains a set of functions to generate a transaction (from
proposal, endorsements and a signing identity) and validate it (given a set
of root CAs). The validation code will be used by the committer. The tx
assembling code should be helpful for the SDK team to understand how
transactions should be assembled. Additionally, it has changed the type of
messages exchanged everywhere to be of the proper type and with signatures
(obtained from a fixed identity for now). Finally, it contains an initial
implementation of VSCC with unit tests (which is however not yet called by
the committer).

Change-Id: I375ecc7e61516f3c4ab8fd874aa564e99cc720fb
Signed-off-by: Alessandro Sorniotti <[email protected]>

Author: ale-linux

core/chaincode/exectransaction_test.go

@@ -35,11 +35,12 @@ import (
 	"github.com/hyperledger/fabric/core/ledger/kvledger"
 	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/core/util"
-	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	putils "github.com/hyperledger/fabric/protos/utils"
 
 	"github.com/golang/protobuf/proto"
+	"github.com/hyperledger/fabric/core/crypto/primitives"
+	"github.com/hyperledger/fabric/msp"
 	"github.com/spf13/viper"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
@@ -127,7 +128,37 @@ func startTxSimulation(ctxt context.Context) (context.Context, ledger.TxSimulato
 	return ctxt, txsim, nil
 }
 
-func endTxSimulation(txsim ledger.TxSimulator, payload []byte, commit bool) error {
+func endTxSimulationCDS(txsim ledger.TxSimulator, payload []byte, commit bool, cds *pb.ChaincodeDeploymentSpec) error {
+	// get serialized version of the signer
+	ss, err := signer.Serialize()
+	if err != nil {
+		return err
+	}
+	// get a proposal - we need it to get a transaction
+	prop, err := putils.CreateProposalFromCDS(cds, ss)
+	if err != nil {
+		return err
+	}
+
+	return endTxSimulation(txsim, payload, commit, prop)
+}
+
+func endTxSimulationCIS(txsim ledger.TxSimulator, payload []byte, commit bool, cis *pb.ChaincodeInvocationSpec) error {
+	// get serialized version of the signer
+	ss, err := signer.Serialize()
+	if err != nil {
+		return err
+	}
+	// get a proposal - we need it to get a transaction
+	prop, err := putils.CreateProposalFromCIS(cis, ss)
+	if err != nil {
+		return err
+	}
+
+	return endTxSimulation(txsim, payload, commit, prop)
+}
+
+func endTxSimulation(txsim ledger.TxSimulator, payload []byte, commit bool, prop *pb.Proposal) error {
 	txsim.Done()
 	ledgername := string(DefaultChain)
 	if lgr := kvledger.GetLedger(ledgername); lgr != nil {
@@ -139,16 +170,26 @@ func endTxSimulation(txsim ledger.TxSimulator, payload []byte, commit bool) erro
 			if txSimulationResults, err = txsim.GetTxSimulationResults(); err != nil {
 				return err
 			}
-			tx, err := putils.CreateTx(common.HeaderType_ENDORSER_TRANSACTION, util.ComputeCryptoHash([]byte("dummyProposal")), []byte("dummyCCEvents"), txSimulationResults, []*pb.Endorsement{&pb.Endorsement{}})
+
+			// assemble a (signed) proposal response message
+			resp, err := putils.CreateProposalResponse(prop.Header, prop.Payload, txSimulationResults, nil, nil, signer)
 			if err != nil {
 				return err
 			}
-			txBytes, err := proto.Marshal(tx)
+
+			// get the envelope
+			env, err := putils.CreateSignedTx(prop, signer, resp)
 			if err != nil {
 				return err
 			}
+
+			envBytes, err := putils.GetBytesEnvelope(env)
+			if err != nil {
+				return err
+			}
+
 			//create the block with 1 transaction
-			block := &pb.Block2{Transactions: [][]byte{txBytes}}
+			block := &pb.Block2{Transactions: [][]byte{envBytes}}
 			if _, _, err = lgr.RemoveInvalidTransactionsAndPrepare(block); err != nil {
 				return err
 			}
@@ -252,10 +293,10 @@ func deploy2(ctx context.Context, chaincodeDeploymentSpec *pb.ChaincodeDeploymen
 		//no error, lets try commit
 		if err == nil {
 			//capture returned error from commit
-			err = endTxSimulation(txsim, []byte("deployed"), true)
+			err = endTxSimulationCDS(txsim, []byte("deployed"), true, chaincodeDeploymentSpec)
 		} else {
 			//there was an error, just close simulation and return that
-			endTxSimulation(txsim, []byte("deployed"), false)
+			endTxSimulationCDS(txsim, []byte("deployed"), false, chaincodeDeploymentSpec)
 		}
 	}()
 
@@ -299,10 +340,10 @@ func invoke(ctx context.Context, spec *pb.ChaincodeSpec) (ccevt *pb.ChaincodeEve
 		//no error, lets try commit
 		if err == nil {
 			//capture returned error from commit
-			err = endTxSimulation(txsim, []byte("invoke"), true)
+			err = endTxSimulationCIS(txsim, []byte("invoke"), true, chaincodeInvocationSpec)
 		} else {
 			//there was an error, just close simulation and return that
-			endTxSimulation(txsim, []byte("invoke"), false)
+			endTxSimulationCIS(txsim, []byte("invoke"), false, chaincodeInvocationSpec)
 		}
 	}()
 
@@ -1112,7 +1153,25 @@ func TestGetEvent(t *testing.T) {
 	GetChain(DefaultChain).Stop(ctxt, &pb.ChaincodeDeploymentSpec{ChaincodeSpec: spec})
 }
 
+var signer msp.SigningIdentity
+
 func TestMain(m *testing.M) {
+	var err error
+	primitives.SetSecurityLevel("SHA2", 256)
+
+	// setup the MSP manager so that we can sign/verify
+	mspMgrConfigFile := "../../msp/peer-config.json"
+	msp.GetManager().Setup(mspMgrConfigFile)
+	mspId := "DEFAULT"
+	id := "PEER"
+	signingIdentity := &msp.IdentityIdentifier{Mspid: msp.ProviderIdentifier{Value: mspId}, Value: id}
+	signer, err = msp.GetManager().GetSigningIdentity(signingIdentity)
+	if err != nil {
+		os.Exit(-1)
+		fmt.Printf("Could not initialize msp/signer")
+		return
+	}
+
 	SetupTestConfig()
 	os.Exit(m.Run())
 }

core/committer/committer_test.go

@@ -24,10 +24,29 @@ import (
 	"github.com/hyperledger/fabric/core/ledger/testutil"
 	"github.com/stretchr/testify/assert"
 
+	"fmt"
+
+	"github.com/hyperledger/fabric/core/crypto/primitives"
+	"github.com/hyperledger/fabric/msp"
 	pb "github.com/hyperledger/fabric/protos/peer"
 )
 
 func TestKVLedgerBlockStorage(t *testing.T) {
+	primitives.SetSecurityLevel("SHA2", 256)
+
+	// setup the MSP manager so that we can sign/verify
+	mspMgrConfigFile := "../../msp/peer-config.json"
+	msp.GetManager().Setup(mspMgrConfigFile)
+	mspId := "DEFAULT"
+	id := "PEER"
+	signingIdentity := &msp.IdentityIdentifier{Mspid: msp.ProviderIdentifier{Value: mspId}, Value: id}
+	signer, err := msp.GetManager().GetSigningIdentity(signingIdentity)
+	if err != nil {
+		os.Exit(-1)
+		fmt.Printf("Could not initialize msp/signer")
+		return
+	}
+
 	conf := kvledger.NewConf("/tmp/tests/ledger/", 0)
 	defer os.RemoveAll("/tmp/tests/ledger/")
 
@@ -36,8 +55,6 @@ func TestKVLedgerBlockStorage(t *testing.T) {
 
 	committer := NewLedgerCommitter(ledger)
 
-	var err error
-
 	height, err := committer.LedgerHeight()
 	assert.Equal(t, uint64(0), height)
 	assert.NoError(t, err)
@@ -53,7 +70,7 @@ func TestKVLedgerBlockStorage(t *testing.T) {
 	simulator.Done()
 
 	simRes, _ := simulator.GetTxSimulationResults()
-	block1 := testutil.ConstructBlockForSimulationResults(t, [][]byte{simRes})
+	block1 := testutil.ConstructBlockForSimulationResults(t, [][]byte{simRes}, signer)
 
 	err = committer.CommitBlock(block1)
 	assert.NoError(t, err)

core/committer/noopssinglechain/client.go

@@ -32,6 +32,7 @@ import (
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 
+	"github.com/hyperledger/fabric/core/peer"
 	pb "github.com/hyperledger/fabric/protos/peer"
 )
 
@@ -126,13 +127,25 @@ func (d *DeliverService) readUntilClose() {
 			block := &pb.Block2{}
 			for _, d := range t.Block.Data.Data {
 				if d != nil {
-					if tx, err := putils.GetEndorserTxFromBlock(d); err != nil {
+					if env, err := putils.GetEnvelopeFromBlock(d); err != nil {
 						fmt.Printf("Error getting tx from block(%s)\n", err)
-					} else if tx != nil {
-						if t, err := proto.Marshal(tx); err == nil {
-							block.Transactions = append(block.Transactions, t)
+					} else if env != nil {
+						// validate the transaction: here we check that the transaction
+						// is properly formed, properly signed and that the security
+						// chain binding proposal to endorsements to tx holds. We do
+						// NOT check the validity of endorsements, though. That's a
+						// job for VSCC below
+						_, err := peer.ValidateTransaction(env)
+						if err != nil {
+							// TODO: this code needs to receive a bit more attention and discussion: it's not clear what it means if a transaction which causes a failure in validation is just dropped on the floor
+							logger.Errorf("Invalid transaction, error %s", err)
 						} else {
-							fmt.Printf("Cannot marshal transactoins %s\n", err)
+							// TODO: call VSCC now
+							if t, err := proto.Marshal(env); err == nil {
+								block.Transactions = append(block.Transactions, t)
+							} else {
+								fmt.Printf("Cannot marshal transactoins %s\n", err)
+							}
 						}
 					} else {
 						fmt.Printf("Nil tx from block\n")

core/endorser/endorser.go

@@ -26,8 +26,8 @@ import (
 	"github.com/hyperledger/fabric/core/chaincode"
 	"github.com/hyperledger/fabric/core/ledger"
 	"github.com/hyperledger/fabric/core/ledger/kvledger"
+	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/msp"
-	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	putils "github.com/hyperledger/fabric/protos/utils"
 )
@@ -234,116 +234,10 @@ func (e *Endorser) endorseProposal(ctx context.Context, proposal *pb.Proposal, s
 	return prBytes, nil
 }
 
-// FIXME: this method might be of general interest, should we package it somewhere else?
-// validateChaincodeProposalMessage checks the validity of a CHAINCODE Proposal message
-func (e *Endorser) validateChaincodeProposalMessage(prop *pb.Proposal, hdr *common.Header) (*pb.ChaincodeHeaderExtension, error) {
-	endorserLogger.Infof("validateChaincodeProposalMessage starts for proposal %p, header %p", prop, hdr)
-
-	// 4) based on the header type (assuming it's CHAINCODE), look at the extensions
-	chaincodeHdrExt, err := putils.GetChaincodeHeaderExtension(hdr)
-	if err != nil {
-		return nil, fmt.Errorf("Invalid header extension for type CHAINCODE")
-	}
-
-	endorserLogger.Infof("validateChaincodeProposalMessage info: header extension references chaincode %s", chaincodeHdrExt.ChaincodeID)
-
-	//    - ensure that the chaincodeID is correct (?)
-	// TODO: should we even do this? If so, using which interface?
-
-	//    - ensure that the visibility field has some value we understand
-	// TODO: we need to define visibility fields first
-
-	// TODO: should we check the payload as well?
-
-	return chaincodeHdrExt, nil
-}
-
-// FIXME: this method might be of general interest, should we package it somewhere else?
-// validateProposalMessage checks the validity of a generic Proposal message
-// this function returns Header and ChaincodeHeaderExtension messages since they
-// have been unmarshalled and validated
-func (e *Endorser) validateProposalMessage(signedProp *pb.SignedProposal) (*pb.Proposal, *common.Header, *pb.ChaincodeHeaderExtension, error) {
-	endorserLogger.Infof("validateProposalMessage starts for signed proposal %p", signedProp)
-
-	// extract the Proposal message from signedProp
-	prop, err := putils.GetProposal(signedProp.ProposalBytes)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	// 1) look at the ProposalHeader
-	hdr, err := putils.GetHeader(prop)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	// TODO: validate the type
-
-	endorserLogger.Infof("validateProposalMessage info: proposal type %d", hdr.ChainHeader.Type)
-
-	//    - ensure that the version is what we expect
-	// TODO: Which is the right version?
-
-	//    - ensure that the chainID is valid
-	// TODO: which set of APIs is supposed to give us this info?
-
-	// ensure that there is a nonce and a creator
-	if hdr.SignatureHeader.Nonce == nil || len(hdr.SignatureHeader.Nonce) == 0 {
-		return nil, nil, nil, fmt.Errorf("Invalid nonce specified in the header")
-	}
-	if hdr.SignatureHeader.Creator == nil || len(hdr.SignatureHeader.Creator) == 0 {
-		return nil, nil, nil, fmt.Errorf("Invalid creator specified in the header")
-	}
-
-	// get the identity of the creator
-	creator, err := msp.GetManager().DeserializeIdentity(hdr.SignatureHeader.Creator)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("Failed to deserialize creator identity, err %s", err)
-	}
-
-	// ensure that creator is a valid certificate
-	valid, err := creator.Validate()
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("Could not determine whether the identity is valid, err %s", err)
-	} else if !valid {
-		return nil, nil, nil, fmt.Errorf("The creator certificate is not valid, aborting")
-	}
-
-	// get the identifier and log info on the creator
-	identifier := creator.Identifier()
-	endorserLogger.Infof("validateProposalMessage info: creator identity is %s", identifier)
-
-	//    - ensure that creator is trusted (signed by a trusted CA)
-	// TODO: We need MSP APIs for this
-
-	//    - ensure that creator can transact with us (some ACLs?)
-	// TODO: which set of APIs is supposed to give us this info?
-
-	// 2) validate the signature of creator on header and payload
-	verified, err := creator.Verify(signedProp.ProposalBytes, signedProp.Signature)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("Could not determine whether the signature is valid, err %s", err)
-	} else if !verified {
-		return nil, nil, nil, fmt.Errorf("The creator's signature over the proposal is not valid, aborting")
-	}
-
-	// 3) perform a check against replay attacks
-	// TODO
-
-	// validation of the proposal message knowing it's of type CHAINCODE
-	chaincodeHdrExt, err := e.validateChaincodeProposalMessage(prop, hdr)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	return prop, hdr, chaincodeHdrExt, err
-}
-
 // ProcessProposal process the Proposal
 func (e *Endorser) ProcessProposal(ctx context.Context, signedProp *pb.SignedProposal) (*pb.ProposalResponse, error) {
 	// at first, we check whether the message is valid
-	// TODO: Do the checks performed by this function belong here or in the ESCC? From a security standpoint they should be performed as early as possible so here seems to be a good place
-	prop, _, hdrExt, err := e.validateProposalMessage(signedProp)
+	prop, _, hdrExt, err := peer.ValidateProposalMessage(signedProp)
 	if err != nil {
 		return &pb.ProposalResponse{Response: &pb.Response2{Status: 500, Message: err.Error()}}, err
 	}
@@ -394,8 +288,8 @@ func (e *Endorser) ProcessProposal(ctx context.Context, signedProp *pb.SignedPro
 // Only exposed for testing purposes - commit the tx simulation so that
 // a deploy transaction is persisted and that chaincode can be invoked.
 // This makes the endorser test self-sufficient
-func (e *Endorser) commitTxSimulation(pResp *pb.ProposalResponse) error {
-	tx, err := putils.CreateTxFromProposalResponse(pResp)
+func (e *Endorser) commitTxSimulation(proposal *pb.Proposal, signer msp.SigningIdentity, pResp *pb.ProposalResponse) error {
+	tx, err := putils.CreateSignedTx(proposal, signer, pResp)
 	if err != nil {
 		return err
 	}