1. 01 May, 2018 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-6381] Secure defaults for txsFilter · 53de0781
      Alessandro Sorniotti authored
      
      
      The aim of this change set is to apply the well-established "Secure by
      default" security principle to the way the validator validates transactions
      in a block.
      
      The current code behaves as follows: create an array of validation codes, set
      by default to "all transactions are valid"; then perform validation which may
      mark transactions as invalid. Furthermore, in other parts of the code, if no
      array of validation codes is yet persent in the block, a new one is
      indiscriminately created (again, marking all transactions as valid). This
      approach is a security anti-pattern because it opens up to attacks where an
      adversary may force the code through a path where the default "tx is valid"
      validation code is maintained even for invalid txes.
      
      This change set ensures that validation code arrays are created and set to a
      new value (TxValidationCode_NOT_VALIDATED) which ensures that a transaction
      that hasn't been validated cannot be mistaken for a valid one.
      
      Change-Id: I5dbb18dd77af3cd14b168042ae660e4e27bf29dd
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      53de0781
  2. 25 Apr, 2018 1 commit
  3. 19 Mar, 2018 2 commits
  4. 05 Mar, 2018 1 commit
  5. 28 Feb, 2018 1 commit
  6. 01 Feb, 2018 1 commit
  7. 10 Jan, 2018 2 commits
  8. 21 Dec, 2017 1 commit
  9. 20 Dec, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-7497] validate txes against LSCC cc data · 0febaf8d
      Alessandro Sorniotti authored
      
      
      As per the original design of FAB-6042, the main repository for chaincode
      data was to be the resource tree. As a consequence, changes to both VSCC
      and the validator code were introduced to retrieve chaincode data from
      the resource tree and to use a policy pointer vs. policy literal in VSCC.
      According to FAB-7497 however, chaincode data is always
      stored in LSCC. This change set therefore removes the alternate code path.
      
      Change-Id: I02421ac6c607472968e71f5969daa0a3bd7d2b07
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      0febaf8d
  10. 09 Dec, 2017 1 commit
  11. 08 Dec, 2017 1 commit
  12. 06 Dec, 2017 1 commit
  13. 27 Oct, 2017 1 commit
  14. 09 Oct, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-5932] - Parallel tx validation · 9b6b8fe6
      Alessandro Sorniotti authored
      
      
      This change-set introduces parallelism on the committer. In particular, tx
      generic validation (e.g. well-formedness, signature checks) and VSCC validation
      are conducted in parallel for all transactions inside a block. This change-set
      scales the *validation* throughput with number of cores on the machine that
      runs the peer.
      
      Change-Id: I80c03bd713a30f3db56627c7ae8fcf6fdd0d7891
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      9b6b8fe6
  15. 13 Aug, 2017 1 commit
  16. 10 Aug, 2017 1 commit
    • manish's avatar
      [FAB-5654] SideDB - Tx simulation/validation/commit · 8a87b8ae
      manish authored
      
      
      This CR modifies the tranaction simulation, validation, and commit
      code and delivers the end-to-end transaction flow that treats the
      private data in a special manner. This CR mainly leverages the earlier
      submitted independent CRs for sidedb feature for accomplishing this behavior.
      
      This CR also allows ledger to receive the blocks and the pvt data from
      another peer on the same channel (i.e., a peer catching up via state)
      
      This CR is exceptionally large becasue of manily two reasons
      
      1) The way currently the code (and specially the tests) is organized in
      simulation/validation/commit flow, its not easy to submit such kind
      of changes independently that cuase the change in the whole transaction
      processing flow.
      
      2) This CR causes a change in the existing ledger APIs which are used widely
      across other packages (specially in the tests) and hence many files are included
      for fixing the broken dependencies
      
      Change-Id: Id29575176575f4c01793efd3476b68f8364cb592
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
      8a87b8ae
  17. 01 Aug, 2017 1 commit
    • Baohua Yang's avatar
      [FAB-5194] Fix usage problems in code · 76c0dc56
      Baohua Yang authored
      
      
      This patchset helps clean up the code and docs:
      
      * Fix redundant parenthesese.
      * Fix mismatching params in func return.
      * Fix variable name collides with imported package name and builtin
        function or reserved words.
      * Fix word typos.
      
      Change-Id: I30304c233067ead7e74d18e3caf2604b3ed1490a
      Signed-off-by: default avatarBaohua Yang <yangbaohua@gmail.com>
      76c0dc56
  18. 26 Jul, 2017 1 commit
  19. 22 Jul, 2017 1 commit
    • Artem Barger's avatar
      [FAB-5353]: Qualify sys. failure vs validation error · 0cf4c35a
      Artem Barger authored
      
      
      Currently as stated in [FAB-5353], there is no clear separation during
      transaction validation during block commmit, between invalid transaction
      and some system failure which migh lead to inability to validate the
      transaction. For example db is down or file system is unavailable. This
      might lead to inconsistency of the state accross peers, therefore this
      commit takes care to distinguish between real case of invalid
      transaction versus system failure, later the error propagated down to
      the committer and forces peer to stop with panic, so admin will be able
      to take manual control and fix the problem therefore preventing peer
      state to diverge.
      
      Change-Id: I384e16d37e2f2b0fe144d504f566e0b744a5095c
      Signed-off-by: default avatarArtem Barger <bartem@il.ibm.com>
      0cf4c35a
  20. 13 Jun, 2017 1 commit
    • Yuki Kondo's avatar
      [FAB-4591]Fix log message formatting · 4f882258
      Yuki Kondo authored
      
      
      Log formatting is not correct in some codes.
      There are log messages with format designator called by "Debug",
      "Warning" or "Info".
      These logging messages should be called by "Debugf", "Warningf"
      or "Infof".
      
      This patch fixes log formatting.
      
      Change-Id: Ic9777b1eb67ccd6ef76aebb365916f8c4dc3e8d6
      Signed-off-by: default avatarYuki Kondo <yuki.kondo@hal.hitachi.com>
      4f882258
  21. 08 May, 2017 1 commit
  22. 02 May, 2017 1 commit
  23. 01 May, 2017 1 commit
  24. 30 Apr, 2017 1 commit
  25. 28 Apr, 2017 1 commit
  26. 27 Apr, 2017 1 commit
    • jiangyaoguo's avatar
      [FAB-3330] validate chaincode version · f30fc741
      jiangyaoguo authored
      
      
      1. Add VsccOutputData struct to keep output of vscc.
      Vscc will return proposalResponsePayload(has verison info)
      bytes contained in ChaincodeAction.
      2. When committer validates transaction, check that the
      chaincode version in ProposalResponse matches the
      verision in lscc.
      3. Add new ValidateCode to distinguash two kinds of invalid
      reason because of chaincode upgrade.
      4. vsccValidatorImpl will return latest chaincodeInstance
      from lscc and vsccOutputData from vscc. So we can mock
      system chaincode in UT.
      5. Move ChaincodeInstance to sysccprovider to avoid
      cycle import.
      
      Change-Id: I45387f119054d64b57d28173cabda0194a9e3464
      Signed-off-by: default avatarjiangyaoguo <jiangyaoguo@gmail.com>
      f30fc741
  27. 23 Apr, 2017 1 commit
  28. 22 Apr, 2017 1 commit
    • Will Lahti's avatar
      [FAB-2351] Update loggers to flogging.MustGetLogger · 7132dd54
      Will Lahti authored
      
      
      This CR updates all loggers throughout the code base to use
      `flogging.MustGetLogger`. This function wraps `logging.MustGetLogger`
      and tracks the logger modules defined in the system. This enables the
      ability to set log levels for modules using regular expressions.
      and make it easy to change the levels for any module and all its
      submodules with a single command (e.g. gossip, ledger, msp).
      
      Change-Id: If5d3229ea2312adb56fc21bfdafbed3d967cf1df
      Signed-off-by: default avatarWill Lahti <wtlahti@us.ibm.com>
      7132dd54
  29. 20 Apr, 2017 1 commit
    • jiangyaoguo's avatar
      [FAB-1516] committer side upgrade processing Part I · d88c3bc9
      jiangyaoguo authored
      
      
      This CR focuses on invalidating all transactions which
      are "invokes" to upgraded chaincodes in the same block.
      Invalid expired transactions in other blocks will be done
      as part II. Some envelop unpacking works are duplicate
      for logic part to be tested easier.
      
      Change-Id: Iea7d1d29a1927e73973319ce088b1435f9ff8b55
      Signed-off-by: default avatarjiangyaoguo <jiangyaoguo@gmail.com>
      d88c3bc9
  30. 19 Apr, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-3155] LSCC security checks at validation time · 735878b6
      Alessandro Sorniotti authored
      
      
      Invocations of LSCC need to undergo some common validation (e.g. that they
      are endorsed by as valid peer). Furthermore:
       - the instantiation policy should be satisfied
       - the read/write set should be coherent (e.g. it should only change the
         chaincode state whose instantiation policy is checked);
      
      This change-set refactors the validator code and prepares fabric for the
      two checks listed above, which will be delivered as a follow-up CS.
      
      Change-Id: I6480261ce6ec2cc747e23b44159e08aa7a76c884
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      735878b6
  31. 17 Apr, 2017 1 commit
  32. 27 Feb, 2017 2 commits
    • denyeart's avatar
      Clean up peer logging - serviceability · b39b8a8f
      denyeart authored
      
      
      Clean up peer logging for improved serviceability.
      
      INFO level log had a lot of debug information, making it impossible
      to find important INFO information and errors through the noise.
      Changed most of the debug information to use DEBUG level.
      
      After this change, during normal transaction processing there
      will be a single entry in info log per block with messages
      like this:
      
      Channel [myc1]: Created block [1] with 43 transaction(s)
      Channel [myc1]: Created block [2] with 14 transaction(s)
      Channel [myc1]: Created block [3] with 26 transaction(s)
      
      This will make it easy to spot any anomilies in the logs, while
      still tracking block progress.
      
      Confirmed there are good INFO messages for important events
      such as peer initialization and channel creation.
      
      Removed data content from debug messages for enhanced privacy.
      
      Change-Id: I3a0b2f3a07d5c7dcf388a609d11cfa3bcf7bb065
      Signed-off-by: default avatardenyeart <enyeart@us.ibm.com>
      b39b8a8f
    • Ruslan Kryukov's avatar
      [FAB-2243] Replace Tx Validation bit-array by flags · 29d7fc03
      Ruslan Kryukov authored
      https://jira.hyperledger.org/browse/FAB-2243
      
      
      
      Switch valid flag from a boolean to an enum, so that we can indicate the reason
      for the invalidation (txid already exists, vscc validation failure
      (endorsement policy failure), mvcc validation failure, etc)
      
      This change adds invalidation reason codes, sets them in the block as a uint8
      (byte) array, and returns validation result in GetTransactionById.
      
      Change-Id: I3593bf6aa4f35bb01b14f8fb3d9950b405f84660
      Signed-off-by: default avatarRuslan Kryukov <ruslan.kryukov@ru.ibm.com>
      29d7fc03
  33. 21 Feb, 2017 1 commit
    • Alessandro Sorniotti's avatar
      [FAB-1392] - Use bytes for headers · 011cd41b
      Alessandro Sorniotti authored
      
      
      This change set ensures that the protobuf representation for headers be in
      bytes. This makes sure that if ever protobuf marshalling is non-deterministic,
      we do not have problems because whenever we hash a header, we do that over
      the serialized version we receive.
      
      Change-Id: I838e0d5dec2f79f88fab63d92bdfb51d92c2f069
      Signed-off-by: default avatarAlessandro Sorniotti <ale.linux@sopit.net>
      011cd41b
  34. 19 Feb, 2017 1 commit
  35. 18 Feb, 2017 1 commit
  36. 15 Feb, 2017 1 commit
  37. 14 Feb, 2017 1 commit