sbft: check signature count on blocks

corecode · corecode · commit 4a72065489cf · 2016-11-16T12:12:27.000+01:00
Change-Id: I66113390aa1b0993359c16187c689f3f9389da23
Signed-off-by: Simon Schubert &lt;sis@zurich.ibm.com&gt;
diff --git a/orderer/sbft/simplebft/batch.go b/orderer/sbft/simplebft/batch.go
@@ -41,7 +41,7 @@ func (s *SBFT) makeBatch(seq uint64, prevHash []byte, data [][]byte) *Batch {
 	}
 }
 
-func (s *SBFT) checkBatch(b *Batch, checkData bool) (*BatchHeader, error) {
+func (s *SBFT) checkBatch(b *Batch, checkData bool, needSigs bool) (*BatchHeader, error) {
 	batchheader := &BatchHeader{}
 	err := proto.Unmarshal(b.Header, batchheader)
 	if err != nil {
@@ -55,6 +55,14 @@ func (s *SBFT) checkBatch(b *Batch, checkData bool) (*BatchHeader, error) {
 		}
 	}
 
+	if batchheader.PrevHash == nil {
+		// TODO check against root hash, which should be part of constructor
+	} else if needSigs {
+		if len(b.Signatures) < s.oneCorrectQuorum() {
+			return nil, fmt.Errorf("insufficient number of signatures on batch: need %d, got %d", s.oneCorrectQuorum(), len(b.Signatures))
+		}
+	}
+
 	bh := b.Hash()
 	for r, sig := range b.Signatures {
 		err = s.sys.CheckSig(bh, r, sig)
diff --git a/orderer/sbft/simplebft/connection.go b/orderer/sbft/simplebft/connection.go
@@ -39,7 +39,7 @@ func (s *SBFT) Connection(replica uint64) {
 	// commit, checkpoint so that the reconnecting replica can
 	// catch up on the in-flight batch.
 
-	batchheader, err := s.checkBatch(&batch, false)
+	batchheader, err := s.checkBatch(&batch, false, true)
 	if err != nil {
 		panic(err)
 	}
@@ -60,7 +60,7 @@ func (s *SBFT) Connection(replica uint64) {
 }
 
 func (s *SBFT) handleHello(h *Hello, src uint64) {
-	bh, err := s.checkBatch(h.Batch, false)
+	bh, err := s.checkBatch(h.Batch, false, true)
 	if err != nil {
 		log.Warningf("invalid hello batch from %d: %s", src, err)
 		return
diff --git a/orderer/sbft/simplebft/newview.go b/orderer/sbft/simplebft/newview.go
@@ -128,7 +128,7 @@ func (s *SBFT) handleNewView(nv *NewView, src uint64) {
 		return
 	}
 
-	_, err = s.checkBatch(nv.Batch, true)
+	_, err = s.checkBatch(nv.Batch, true, false)
 	if err != nil {
 		log.Warningf("invalid new view from %d: invalid batch, %s",
 			src, err)
diff --git a/orderer/sbft/simplebft/preprepare.go b/orderer/sbft/simplebft/preprepare.go
@@ -59,9 +59,9 @@ func (s *SBFT) handlePreprepare(pp *Preprepare, src uint64) {
 		return
 	}
 
-	batchheader, err := s.checkBatch(pp.Batch, true)
+	batchheader, err := s.checkBatch(pp.Batch, true, false)
 	if err != nil || batchheader.Seq != pp.Seq.Seq {
-		log.Infof("preprepare %v batch head inconsistent from %d", pp.Seq, src)
+		log.Infof("preprepare %v batch head inconsistent from %d: %s", pp.Seq, src, err)
 		return
 	}
 
diff --git a/orderer/sbft/simplebft/testsys_test.go b/orderer/sbft/simplebft/testsys_test.go
@@ -170,7 +170,7 @@ func (t *testSystemAdapter) Restore(key string, out proto.Message) bool {
 
 func (t *testSystemAdapter) LastBatch() *Batch {
 	if len(t.batches) == 0 {
-		return t.receiver.(*SBFT).makeBatch(0, []byte("ROOTHASH"), nil)
+		return t.receiver.(*SBFT).makeBatch(0, nil, nil)
 	} else {
 		return t.batches[len(t.batches)-1]
 	}

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func (s SBFT) makeBatch(seq uint64, prevHash []byte, data [][]byte) Batch {`
`41`	`41`	`}`
`42`	`42`	`}`
`43`	`43`
`44`		`-func (s SBFT) checkBatch(b Batch, checkData bool) (*BatchHeader, error) {`
	`44`	`+func (s SBFT) checkBatch(b Batch, checkData bool, needSigs bool) (*BatchHeader, error) {`
`45`	`45`	`batchheader := &BatchHeader{}`
`46`	`46`	`err := proto.Unmarshal(b.Header, batchheader)`
`47`	`47`	`if err != nil {`
`@@ -55,6 +55,14 @@ func (s SBFT) checkBatch(b Batch, checkData bool) (*BatchHeader, error) {`
`55`	`55`	`}`
`56`	`56`	`}`
`57`	`57`
	`58`	`+ if batchheader.PrevHash == nil {`
	`59`	`+ // TODO check against root hash, which should be part of constructor`
	`60`	`+ } else if needSigs {`
	`61`	`+ if len(b.Signatures) < s.oneCorrectQuorum() {`
	`62`	`+ return nil, fmt.Errorf("insufficient number of signatures on batch: need %d, got %d", s.oneCorrectQuorum(), len(b.Signatures))`
	`63`	`+ }`
	`64`	`+ }`
	`65`	`+`
`58`	`66`	`bh := b.Hash()`
`59`	`67`	`for r, sig := range b.Signatures {`
`60`	`68`	`err = s.sys.CheckSig(bh, r, sig)`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ func (s SBFT) handleNewView(nv NewView, src uint64) {`
`128`	`128`	`return`
`129`	`129`	`}`
`130`	`130`
`131`		`- _, err = s.checkBatch(nv.Batch, true)`
	`131`	`+ _, err = s.checkBatch(nv.Batch, true, false)`
`132`	`132`	`if err != nil {`
`133`	`133`	`log.Warningf("invalid new view from %d: invalid batch, %s",`
`134`	`134`	`src, err)`
Original file line number	Diff line number	Diff line change
`@@ -59,9 +59,9 @@ func (s SBFT) handlePreprepare(pp Preprepare, src uint64) {`
`59`	`59`	`return`
`60`	`60`	`}`
`61`	`61`
`62`		`- batchheader, err := s.checkBatch(pp.Batch, true)`
	`62`	`+ batchheader, err := s.checkBatch(pp.Batch, true, false)`
`63`	`63`	`if err != nil \|\| batchheader.Seq != pp.Seq.Seq {`
`64`		`- log.Infof("preprepare %v batch head inconsistent from %d", pp.Seq, src)`
	`64`	`+ log.Infof("preprepare %v batch head inconsistent from %d: %s", pp.Seq, src, err)`
`65`	`65`	`return`
`66`	`66`	`}`
`67`	`67`
Original file line number	Diff line number	Diff line change
`@@ -170,7 +170,7 @@ func (t *testSystemAdapter) Restore(key string, out proto.Message) bool {`
`170`	`170`
`171`	`171`	`func (t testSystemAdapter) LastBatch() Batch {`
`172`	`172`	`if len(t.batches) == 0 {`
`173`		`- return t.receiver.(*SBFT).makeBatch(0, []byte("ROOTHASH"), nil)`
	`173`	`+ return t.receiver.(*SBFT).makeBatch(0, nil, nil)`
`174`	`174`	`} else {`
`175`	`175`	`return t.batches[len(t.batches)-1]`
`176`	`176`	`}`