1. 10 Aug, 2017 1 commit
    • manish's avatar
      [FAB-5654] SideDB - Tx simulation/validation/commit · 8a87b8ae
      manish authored
      This CR modifies the tranaction simulation, validation, and commit
      code and delivers the end-to-end transaction flow that treats the
      private data in a special manner. This CR mainly leverages the earlier
      submitted independent CRs for sidedb feature for accomplishing this behavior.
      This CR also allows ledger to receive the blocks and the pvt data from
      another peer on the same channel (i.e., a peer catching up via state)
      This CR is exceptionally large becasue of manily two reasons
      1) The way currently the code (and specially the tests) is organized in
      simulation/validation/commit flow, its not easy to submit such kind
      of changes independently that cuase the change in the whole transaction
      processing flow.
      2) This CR causes a change in the existing ledger APIs which are used widely
      across other packages (specially in the tests) and hence many files are included
      for fixing the broken dependencies
      Change-Id: Id29575176575f4c01793efd3476b68f8364cb592
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
  2. 08 Aug, 2017 4 commits
  3. 07 Aug, 2017 3 commits
  4. 06 Aug, 2017 3 commits
    • manish's avatar
      [FAB-4977] sidedb:statedb enhancements · 2dec57d8
      manish authored
      This CR provides support for maintaining public, private, and hashed data
      This includes
         - An interface for managing the three categories of data
         - A default implementation that allows the use of either
           leveldb or couchdb. The default implementation uses a
           single logical db and uses different namespaces for
           different categories of data. Alternate implementation
           based on furture need or exploration should be easy to support.
           These may include using different dbs for different categories
           such as using leveldb for hashed data and using separate dbs in
           a couch instance for public and private data
         - If the underlying db does not support storing random bytes as key
           (for example couch supports onlu valid utf-8 bytes as key), the
           key for the hashed data is encoded using base64
      Change-Id: Ia8ede4f4c0ab392119e59bb7f46e9c20062a411a
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
    • Artem Barger's avatar
    • Gari Singh's avatar
  5. 05 Aug, 2017 11 commits
  6. 04 Aug, 2017 14 commits
    • Jason Yellick's avatar
    • Jason Yellick's avatar
      [FAB-5628] Make peer CLI broadcast errors useful · 005b4c9e
      Jason Yellick authored
      This is a simple one line fix to expose the info message returned along
      with the status code when the peer CLI makes broadcast calls (such as
      for creating or updating channels).
      Change-Id: I22c458b76259201615a8581ecea8a63f00cad201
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Jason Yellick's avatar
      [FAB-5552] Fix some TODOs in msgprocessor · d6b475a8
      Jason Yellick authored
      The restructuring of the msgprocessor code has left some outstanding
      TODOs.  In particular, for conditions where a CONFIG_UPDATE is rewrapped
      into a containing message, like a CONFIG or an ORDERER_TRANSACTION, this
      wrapping message could end up violating rules for the channel, like the
      maximum message size.  This could see the message silently dropped by
      the consenter (silent from a client perspective).
      This CR adds a second pass of filtering in the message flow which
      generates a wrapping message.
      Also fixes a small comment bug from a previous CR.
      Change-Id: Ic482a8195720992c68e9986a1ff7f34004d5986c
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Kostas Christidis's avatar
    • Artem Barger's avatar
    • yacovm's avatar
      [FAB-5627] Missing checks at endorser.go · 3da11e21
      yacovm authored
      There is a missing array bounds check that may cause the peer to crash.
      Stack trace in the JIRA item.
      Change-Id: Ie018f9160aeb2eef4e9075282e15271250b25e17
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • yacovm's avatar
      [FAB-5406] Mutual TLS in chaincode service-P2 · 2459f93b
      yacovm authored
      This commit adds an authentication layer to the chaincode service
      that inspects the first REGISTER message from the shim, and based
      on the passed chaincode name - authorizes the stream or rejects it.
      The full details of the flow can be seen in the JIRA item.
      Change-Id: I4a1b3c9b3b078d96906f3c9618520b9fe319eeb6
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • yacovm's avatar
      [FAB-5406] Mutual TLS in chaincode service-P1 · c7fe1081
      yacovm authored
      This commit adds the needed infrastructure to implement an interceptor
      that would wrap the existing chaincode service (chaincode Support struct)
      and would check that the chaincode name in the REGISTER message matches
      the mapping that was set at the chaincode launch.
      The full details of the flow is in the JIRA item.
      Change-Id: I2a8d33fc33adf845984b73e3ab1010c34914c716
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • gbolo's avatar
      FAB-5586 allow functions implemented in .s files · 9ff04694
      gbolo authored
      Having an issue instantiating chaincode which vendors
      in go packages which include .h and .s files. Example:
      Install works fine, however when i instantiate I get the following:
      2017-08-02 15:26:27.825 UTC [dockercontroller] deployImage ->
      ERRO 045 Error building images: Failed to generate
      platform-specific docker build: Error returned from build:
      ... testcc/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go:15:
       missing function body for "cswap"
      Change-Id: I3adf39440a343e61718f0c519d559c3463d92cd2
      Signed-off-by: default avatargbolo <george.bolo@gmail.com>
    • Yacov Manevich's avatar
    • Jason Yellick's avatar
      [FAB-5361] Properly return FORBIDDEN on broadcast · 1e4a71c6
      Jason Yellick authored
      For messages which fail signature verification, the orderer currently
      returns BAD_REQUEST, as it is registered simply as an error in
      processing the message.  However, this is very poor from a
      serviceability perspective, and a more precise status should be returned
      when possible.
      This CR creates a new error type in the message processor which may be
      returned for signature validation failures.
      This CR also allows the broadcast error processing to use the errors
      package to retrieve the cause of an error, so that additional
      descriptive information beyond the basic error definition may be
      included as well.
      Change-Id: I7c02ca1b456bb4c052492b7979c0e75954f2b75a
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Jason Yellick's avatar
      [FAB-5445] Consolidate filters into msgprocessor · cc5ca309
      Jason Yellick authored
      The individual filters are currently in subpackages of the msgprocessor
      package.  However, the filters are simple enough this is probably no
      longer warranted.
      Additionally, in order to return more sane status codes, it's necessary
      to have shared error definitions, which is difficult to do without
      import cycles with the sub-package structure.
      This CR moves the individual filter code to msgprocessor.
      Change-Id: I6617f9b053345446d4636e1b62b7daf2280dee42
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Jason Yellick's avatar
      [FAB-5606] Failed ctx update may mutate cache · 87b2f608
      Jason Yellick authored
      The configtx code maintains a map of the current config, as derived from
      the Config proto structure.  This map stores references to a cached
      Config proto structure which is used when constructing the next Config
      The problem arises when this map is used to construct a new Config to be
      applied, that it mutates the cached version of of the Config.  This is
      generally fine, so long as the new Config applies successfully, but in
      the event of bad inputs, such as a bad certificate, the config update
      fails to apply and is rolled back, but the cache has been mutated and
      will not be rolled back with it.
      The observed issue occurs because this Config cache is also used in
      creating the new channel config template.  So, because there is a bad
      certificate in the config cache, the new channel template attempts to
      bootstrap using the bad key material, detects the error, and aborts.
      As noted in the issue, restarting the orderer rebuilds this cache, and
      channel creation can occur normally once more.
      This CR fixes the code which constructs a new Config from the config map
      to create a copy of the cached config in-process, rather than taint the
      cache with potentially invalid data.
      Note, there may be novel ways to corrupt this cache which could cause
      other undesirable behavior.  However, prior to the operation which
      mutates the cache, the config update has been validated to adheer to the
      security constraints of the channel (including all necessary admin
      signatures), so it requires in a sense, a conspiracy of channel
      administrators attempting to corrupt their own channel, so the security
      implications are limited or non-existant.
      Change-Id: I44ef3b50c6716c3ae38df4521d860ead595e16fa
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • manish's avatar
      [FAB-4974] Ledger proto messages enhancement for sidedb · 4c11ed77
      manish authored
      This CR enhances the proto message for supporting the
      hashed read-write set and private read-write set for the
      private data. To summarize - under a namespace (chaincodeid),
      there could be one or more sub-spaces (referred to as collections)
      for managing private state. The hashed read-write set is intented
      be part of the block and the private read-write set is intented to be
      transferred to the need-to-have peers only.
      Change-Id: I2f5127f93c945ab6559ed625f677d467e67bbcda
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
  7. 03 Aug, 2017 4 commits