[ADR][DRAFT] 024: SignBytes and validator types in privval#2445

Merged

ebuchman merged 5 commits intodevelopfrom

Oct 5, 2018

Contributor

liamsi commented Sep 19, 2018 •

edited

Loading

Work in progress: Quick fledged draft summarizing #1622

If time allows, please review for overall sanity (not typos/nitpicks):
https://github.com/tendermint/tendermint/blob/5d46a2d49dba4da726463ba43058c6b230e3d24a/docs/architecture/adr-02x-sign-bytes.md

Updated all relevant documentation in docs
Updated all code comments where relevant
Wrote tests
Updated CHANGELOG_PENDING.md


          first draft for ADR summarizing discussion from:

30943ec

#1622

liamsi added C:docs T:design labels

liamsi requested review from ebuchman, melekes, xla and zramsay as code owners

September 19, 2018 13:21

liamsi changed the base branch from master to develop

September 19, 2018 13:21


          fix link and add comment about pub-key per message and fix link

dbe1f00

liamsi mentioned this pull request

Why Vote.SignBytes is a JSON string? #1622

Closed

Contributor Author

liamsi commented Sep 19, 2018

@tarcieri also suggested as while ago to include the public-key / fingerprint thereof into each "SignRequest" sent by tendermint. E.g. the KMS holds a bunch of key-pairs and needs to know which priv-key of those to use to sign Votes, Proposals, or Hearbeats. This is probably quite important. I still left it away here as I assume the implied changes to be quite involved already.

tendermint deleted a comment from codecov-io


          fix link and add comment about pub-key per message; also:

19ded87

 - fix link
 - add little diagram
 - fix typo

liamsi force-pushed the adr_sign_bytes branch from 3813f1f to 19ded87 Compare

September 19, 2018 14:21


          Add a slightly different approach

5d46a2d

Contributor

ebuchman commented Sep 20, 2018

Thanks for taking this on!!

Just noting it should be ADR-024. See number assignment in #2313


          typo and ADR number

b2af2ac

liamsi force-pushed the adr_sign_bytes branch from d9a3cf1 to b2af2ac Compare

September 20, 2018 14:00

tendermint deleted a comment from codecov-io

Contributor

zmanian commented Sep 21, 2018

IMO there is a lot of scope for improving the validator socket protocol lets focus on getting the MVP working with KMS before we add important features like key ids and and error handling.

tendermint deleted a comment from codecov-io

Contributor Author

liamsi commented Sep 21, 2018

@zmanian: OK, I'll open an issue and a PR that just moves SignBytes(chainId string) to be amino encoded and leave everything else as it is now (including leaving the fields variable sized). We can change this incrementally instead. It is still worthwhile to have this discussion earlier than later. As I assume we will change the structs before launch (and the kms needs to catch up with these changes then).

liamsi added a commit that referenced this pull request


          WIP: exploring changes related to proposed ADR:

d54c09d

#2445

- still contains a lot of failing tests etc

Contributor

xla commented Sep 21, 2018

Error handling should be considered part of an MVP.

liamsi mentioned this pull request

Switch to amino encoding in SignBytes #2455

Closed

xla changed the title ~~[ADR][WIP] sign bytes, sign-requests and types~~ [ADR][DRAFT] sign bytes, sign-requests and types

xla changed the title ~~[ADR][DRAFT] sign bytes, sign-requests and types~~ [ADR][DRAFT] 024: sign bytes, sign-requests and types

xla changed the title ~~[ADR][DRAFT] 024: sign bytes, sign-requests and types~~ [ADR][DRAFT] 024: SignBytes and validator types in privval

ebuchman approved these changes

View reviewed changes

Contributor

ebuchman left a comment

Will merge this and open an issue to follow up

docs/architecture/adr-024-sign-bytes.md


		### Vote

		As explained in [issue#1622] `Vote` will be changed to contain the following fields

Contributor

ebuchman Oct 5, 2018

Let's add a summary of why here (ie. fixed points for jumping to to check fields for preventing double signing), and note that from Timestamp and on we lose the fixed lengths.

docs/architecture/adr-024-sign-bytes.md

+              // registered with "tendermint/socketpv/SignedVoteReply"
+              message SignedVoteReply {
+                 Vote      Vote
+                 Signature Signature

Contributor

ebuchman Oct 5, 2018

Might be nice to ultimately get to this, but we should probably separate it out last, since so much expects a Vote to have a Signature.

docs/architecture/adr-024-sign-bytes.md

+              ```proto
+              // vanilla protobuf / amino encoded
+              message Proposal {

Contributor

ebuchman Oct 5, 2018

missing Version?

docs/architecture/adr-024-sign-bytes.md

+                  Round             sfixed32
+                  Timestamp         Timestamp         // << using protobuf definition
+                  BlockPartsHeader  PartSetHeader     // as already defined
+                  POLRound          sfixed32

Contributor

ebuchman Oct 5, 2018

lets move this into the fixed length section (ie. above Timestamp).

docs/architecture/adr-024-sign-bytes.md


		### Heartbeat

		TODO: clarify if heartbeat also needs a fixed offset and update the fields accordingly:

Contributor

ebuchman Oct 5, 2018

It doesn't, it's just for debugging

ebuchman mentioned this pull request

Use fixed lengths in and finalize sign bytes #2545

Closed

ebuchman merged commit d2be748 into develop

ebuchman deleted the adr_sign_bytes branch

October 5, 2018 00:28

ebuchman mentioned this pull request

Follow up on ADR-024 #2546

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

melekes Awaiting requested review from melekes

xla Awaiting requested review from xla

zramsay Awaiting requested review from zramsay

1 more reviewer

ebuchman ebuchman approved these changes

Labels

C:docs T:design