1. 01 May, 2018 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-6381] Secure defaults for txsFilter · 53de0781
      Alessandro Sorniotti authored
      
      
      The aim of this change set is to apply the well-established "Secure by
      default" security principle to the way the validator validates transactions
      in a block.
      
      The current code behaves as follows: create an array of validation codes, set
      by default to "all transactions are valid"; then perform validation which may
      mark transactions as invalid. Furthermore, in other parts of the code, if no
      array of validation codes is yet persent in the block, a new one is
      indiscriminately created (again, marking all transactions as valid). This
      approach is a security anti-pattern because it opens up to attacks where an
      adversary may force the code through a path where the default "tx is valid"
      validation code is maintained even for invalid txes.
      
      This change set ensures that validation code arrays are created and set to a
      new value (TxValidationCode_NOT_VALIDATED) which ensures that a transaction
      that hasn't been validated cannot be mistaken for a valid one.
      
      Change-Id: I5dbb18dd77af3cd14b168042ae660e4e27bf29dd
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      53de0781
  2. 19 Mar, 2018 2 commits
  3. 02 Nov, 2017 1 commit
    • Baohua Yang's avatar
      [FAB-3603] Enable more strict code checking · dcf36eb5
      Baohua Yang authored
      
      
      * Update the linter script to checking go vet result when `make linter`;
      * Add the new created idemix path to the check list;
      * Update source code to pass the more strict checking;
      * Fix several wrong usages in Error msg.
      
      Change-Id: I1ed61745079726df00643206069b56b9846fa1c1
      Signed-off-by: default avatarBaohua Yang <yangbaohua@gmail.com>
      dcf36eb5
  4. 27 Oct, 2017 1 commit
  5. 09 Oct, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-5932] - Parallel tx validation · 9b6b8fe6
      Alessandro Sorniotti authored
      
      
      This change-set introduces parallelism on the committer. In particular, tx
      generic validation (e.g. well-formedness, signature checks) and VSCC validation
      are conducted in parallel for all transactions inside a block. This change-set
      scales the *validation* throughput with number of cores on the machine that
      runs the peer.
      
      Change-Id: I80c03bd713a30f3db56627c7ae8fcf6fdd0d7891
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      9b6b8fe6
  6. 29 Aug, 2017 1 commit
    • yacovm's avatar
      [FAB-5907] coordinator and transient decoupling · fad6ca2c
      yacovm authored
      
      
      This commit:
      - Decouples the coordinator from the state transfer
      and moves it to its own package.
      
      - Carves out the transient store from the ledger
      
      - Makes the endorser pass the private simulation results
      to the coordinator, for writing to the transient store
      and (in future commits) for dissemination
      
      Change-Id: Iadc8528915a0ce50dd44b17b0d0bdfa11487d600
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
      fad6ca2c
  7. 10 Aug, 2017 1 commit
    • manish's avatar
      [FAB-5654] SideDB - Tx simulation/validation/commit · 8a87b8ae
      manish authored
      
      
      This CR modifies the tranaction simulation, validation, and commit
      code and delivers the end-to-end transaction flow that treats the
      private data in a special manner. This CR mainly leverages the earlier
      submitted independent CRs for sidedb feature for accomplishing this behavior.
      
      This CR also allows ledger to receive the blocks and the pvt data from
      another peer on the same channel (i.e., a peer catching up via state)
      
      This CR is exceptionally large becasue of manily two reasons
      
      1) The way currently the code (and specially the tests) is organized in
      simulation/validation/commit flow, its not easy to submit such kind
      of changes independently that cuase the change in the whole transaction
      processing flow.
      
      2) This CR causes a change in the existing ledger APIs which are used widely
      across other packages (specially in the tests) and hence many files are included
      for fixing the broken dependencies
      
      Change-Id: Id29575176575f4c01793efd3476b68f8364cb592
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
      8a87b8ae
  8. 02 May, 2017 1 commit
  9. 30 Apr, 2017 1 commit
  10. 27 Apr, 2017 1 commit
    • jiangyaoguo's avatar
      [FAB-3330] validate chaincode version · f30fc741
      jiangyaoguo authored
      
      
      1. Add VsccOutputData struct to keep output of vscc.
      Vscc will return proposalResponsePayload(has verison info)
      bytes contained in ChaincodeAction.
      2. When committer validates transaction, check that the
      chaincode version in ProposalResponse matches the
      verision in lscc.
      3. Add new ValidateCode to distinguash two kinds of invalid
      reason because of chaincode upgrade.
      4. vsccValidatorImpl will return latest chaincodeInstance
      from lscc and vsccOutputData from vscc. So we can mock
      system chaincode in UT.
      5. Move ChaincodeInstance to sysccprovider to avoid
      cycle import.
      
      Change-Id: I45387f119054d64b57d28173cabda0194a9e3464
      Signed-off-by: default avatarjiangyaoguo <jiangyaoguo@gmail.com>
      f30fc741
  11. 25 Apr, 2017 1 commit
  12. 24 Apr, 2017 1 commit
    • Gregory Haskins's avatar
      [FAB-3160] Provide config-relative path feature · 8ce10737
      Gregory Haskins authored
      
      
      Introduction
      ======================
      The primary goal of this patch is to create the notion of a
      "config-relative" path reference.  For example, a configuration file
      "/etc/foo/bar.yaml" that contains a key "bat" with a value
      "baz/blaz/blamo" can be used to specify that "baz/blaz/blamo" should
      be considered relative to the configuration file itself.  In this case,
      it would be expected to be found at /etc/foo/baz/blaz/blamo.  FAB-2037
      does a much more thorough job of explaining the rationale on why
      config-relative is considered important/good-form.
      
      This is in stark contrast to what we have today, which is a jumbled
      mess of assumed GOPATH relative, CWD relative, ENVVAR absolute and
      sometimes even ENVVAR relative.  Therefore, an additional positive
      side-effect of this endeavor is that this patch also substantially
      cleans up some technical debt that had been accumulating in the tree
      for some time related to ad-hoc pathing, DRY violations, and just
      general inconsistencies in how configuration files were managed.
      
      Design Details
      ==========================
      This patch refactors the basic configuration system into the notion of
      a tree rooted at a configuration-path.  By default, this path is
      $GOROOT/..../fabric/sampleconfig during dev/test and
      /etc/hyperledger/fabric during runtime.  The root may be overridden
      at any time by specifying the environment variable FABRIC_CFG_PATH.
      (Note that this variable unifies and replaces the former PEER_CFG_PATH
      and ORDERER_CFG_PATH).
      
      The dev/test environment will operate out of the ./fabric/sampleconfig
      configuration root.  The build-system will package that root into
      /etc/hyperledger/fabric in the runtime context with the intention of
      the end-user/admin/deployer replacing parts or all of the sampleconfig
      to suit their application.
      
      Since configuration-relative paths are now possible, the configuration
      files may reference other relative files and they will behave
      appropriately regardless of the context in which they are executed.
      For example, consider the files ./sampleconfig/tls/server.[crt|key].
      A configuration file may contain a key "tls/server.key" and the system
      will properly resolve this relative file even at runtime. This is (IMO)
      far more natural than assuming a path is relative to the CWD of where
      the command is executed, which is how most of the system behaves today
      (or requires awkward and very specific ENVVAR overrides).
      
      This will be conducive to something like a package-installer
      (e.g. RPM/DEB) or a docker environment to augment/replace elements
      of the configuration root and to freely move the configuration around
      as the package/deployer sees fit.
      
      As an example, a deployment on Kubernetes might opt to volume mount
      /etc/hyperledger/fabric to replace the entire config, or it might just use
      a secrets mount on /etc/hyperledger/fabric/peer/tls.  An RPM packager
      might opt to install the configuration files in the default
      /etc/hyperledger/fabric, whereas an unprivledged user might install them
      in ~/hyperledger.  The point is, it shouldn't matter where they are and the
      user shouldn't need a PhD in CORE_* variables to get it to work.
      
      This is part of an overall effort to improve the user-experience as we
      march towards a v1.0 release.
      
      Fixes FAB-3169 as part of FAB-2037
      
      Change-Id: I5f47f554c2f956ec2e1afebd9bd82b0bbb62892a
      Signed-off-by: default avatarGreg Haskins <gregory.haskins@gmail.com>
      8ce10737
  13. 20 Apr, 2017 1 commit
    • jiangyaoguo's avatar
      [FAB-1516] committer side upgrade processing Part I · d88c3bc9
      jiangyaoguo authored
      
      
      This CR focuses on invalidating all transactions which
      are "invokes" to upgraded chaincodes in the same block.
      Invalid expired transactions in other blocks will be done
      as part II. Some envelop unpacking works are duplicate
      for logic part to be tested easier.
      
      Change-Id: Iea7d1d29a1927e73973319ce088b1435f9ff8b55
      Signed-off-by: default avatarjiangyaoguo <jiangyaoguo@gmail.com>
      d88c3bc9
  14. 27 Feb, 2017 1 commit
  15. 21 Feb, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-1392] - Use bytes for headers · 011cd41b
      Alessandro Sorniotti authored
      
      
      This change set ensures that the protobuf representation for headers be in
      bytes. This makes sure that if ever protobuf marshalling is non-deterministic,
      we do not have problems because whenever we hash a header, we do that over
      the serialized version we receive.
      
      Change-Id: I838e0d5dec2f79f88fab63d92bdfb51d92c2f069
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      011cd41b
  16. 11 Feb, 2017 2 commits
  17. 03 Feb, 2017 1 commit
    • manish's avatar
      Move Blockstorage code under /fabric/common package · 2a16532c
      manish authored
      https://jira.hyperledger.org/browse/FAB-2022
      
      
      
      This changes introduced by this CR
      - Moves the block storage code from package
      core/ledger/blkstorage to common/ledger/blkstorage
      
      - Splits the ledger_interface.go so as to move common interfaces
      and data type to common/ledger package
      
      - Moves some of the util functions to common/ledger package
      
      - Moves core/ledger/ordererledger package to orderer/ledger/fsledger
      orderer folks can futher rename/refactor this as seems suitable to them
      
      Change-Id: I759e16f00dc2ec9bb62196121083cf48eae76948
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
      2a16532c
  18. 24 Jan, 2017 1 commit
  19. 16 Jan, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-1639] [FAB-1580] Rework validator · ae10d2b6
      Alessandro Sorniotti authored
      
      
      This change-set has removed calls to the txvalidator that were issued right
      after the peer (the leader) receives blocks from the orderers. The validator
      is now called to validate messages received from the gossip layer. In order
      to fix an import cycle, we have introduced the ChaincodeProvider interface
      in core/common/ccprovider/ccprovider.go, an implementation and a factory.
      This way, code that needs to use functions from the chaincode package
      without importing it can simply use (and possibly extend) the
      ChaincodeProvider interface and implementation.
      
      Furthermore, this drop has introduced protocol-level message validation for
      config transactions that was lacking before.
      
      Change-Id: I5906a6fe3da8410b05b5079dd7f0b9d28d20bb85
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      ae10d2b6
  20. 11 Jan, 2017 1 commit
    • Jason Yellick's avatar
      Move core/util to common/util · 289b1a29
      Jason Yellick authored
      
      
      As a matter of policy, the only imports a package should have outside of
      its base dir are protos/ vendor/ and common/.  The core/util package was
      referenced all over the code, so moving it to common seems like the best
      option.
      
      Change-Id: Ic7d797be6a1b44634480a361ae7469b794685762
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
      289b1a29
  21. 09 Jan, 2017 1 commit
  22. 08 Jan, 2017 1 commit
  23. 29 Dec, 2016 1 commit
  24. 01 Dec, 2016 1 commit
  25. 28 Nov, 2016 1 commit
  26. 23 Nov, 2016 1 commit
    • Alessandro Sorniotti's avatar
      TX proposal/endorsement/validation flow (+MSP) · 16fa08e2
      Alessandro Sorniotti authored
      
      
      This change set contains a set of functions to generate a transaction (from
      proposal, endorsements and a signing identity) and validate it (given a set
      of root CAs). The validation code will be used by the committer. The tx
      assembling code should be helpful for the SDK team to understand how
      transactions should be assembled. Additionally, it has changed the type of
      messages exchanged everywhere to be of the proper type and with signatures
      (obtained from a fixed identity for now). Finally, it contains an initial
      implementation of VSCC with unit tests (which is however not yet called by
      the committer).
      
      Change-Id: I375ecc7e61516f3c4ab8fd874aa564e99cc720fb
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      16fa08e2
  27. 11 Nov, 2016 1 commit
  28. 10 Nov, 2016 1 commit
    • Artem Barger's avatar
      Add Committer service API interface. · 41e842f1
      Artem Barger authored
      
      
      Introduce committer service API with basic functionality
      required for gossip layer. Additionally refactored a toy
      example of committer service implementation within "noopssinglechain"
      package, separating beetwen the block delivery and committing
      functionality.
      
      Change-Id: Id2b05c4dae9af55c7f14801051ea510eaf54fcbb
      Signed-off-by: default avatarArtem Barger <bartem@il.ibm.com>
      41e842f1
  29. 26 Oct, 2016 1 commit
  30. 15 Sep, 2016 1 commit