Merge pull request #6411 from paritytech/secretstore_tests

Added missing SecretStore tests - signing session
This commit is contained in:
Svyatoslav Nikolsky 2017-09-05 10:35:21 +03:00 committed by GitHub
commit 2df61d0a8c
4 changed files with 317 additions and 24 deletions

View File

@ -281,10 +281,13 @@ impl SessionImpl {
return Ok(());
}
self.core.cluster.broadcast(Message::Decryption(DecryptionMessage::DecryptionSessionCompleted(DecryptionSessionCompleted {
// send compeltion signal to all nodes, except for rejected nodes
for node in data.consensus_session.consensus_non_rejected_nodes() {
self.core.cluster.send(&node, Message::Decryption(DecryptionMessage::DecryptionSessionCompleted(DecryptionSessionCompleted {
session: self.core.meta.id.clone().into(),
sub_session: self.core.access_key.clone().into(),
})))?;
}
data.result = Some(Ok(data.consensus_session.result()?));
self.core.completed.notify_all();

View File

@ -107,6 +107,17 @@ impl<ConsensusTransport, ComputationExecutor, ComputationTransport> ConsensusSes
&self.consensus_job
}
/// Get all nodes, which chas not rejected consensus request.
pub fn consensus_non_rejected_nodes(&self) -> BTreeSet<NodeId> {
self.consensus_job.responses().iter()
.filter(|r| *r.1)
.map(|r| r.0)
.chain(self.consensus_job.requests())
.filter(|n| **n != self.meta.self_node_id)
.cloned()
.collect()
}
/// Get computation job reference.
#[cfg(test)]
pub fn computation_job(&self) -> &JobSession<ComputationExecutor, ComputationTransport> {

View File

@ -153,7 +153,6 @@ impl<Executor, Transport> JobSession<Executor, Transport> where Executor: JobExe
.requests
}
#[cfg(test)]
/// Get responses.
pub fn responses(&self) -> &BTreeMap<NodeId, Executor::PartialJobResponse> {
debug_assert!(self.meta.self_node_id == self.meta.master_node_id);

View File

@ -86,6 +86,7 @@ struct SessionData {
/// Signing session state.
#[derive(Debug, PartialEq)]
#[cfg_attr(test, derive(Clone, Copy))]
pub enum SessionState {
/// State when consensus is establishing.
ConsensusEstablishing,
@ -187,6 +188,12 @@ impl SessionImpl {
})
}
#[cfg(test)]
/// Get session state.
pub fn state(&self) -> SessionState {
self.data.lock().state
}
/// Initialize signing session on master node.
pub fn initialize(&self, message_hash: H256) -> Result<(), Error> {
let mut data = self.data.lock();
@ -378,10 +385,13 @@ impl SessionImpl {
return Ok(());
}
self.core.cluster.broadcast(Message::Signing(SigningMessage::SigningSessionCompleted(SigningSessionCompleted {
// send compeltion signal to all nodes, except for rejected nodes
for node in data.consensus_session.consensus_non_rejected_nodes() {
self.core.cluster.send(&node, Message::Signing(SigningMessage::SigningSessionCompleted(SigningSessionCompleted {
session: self.core.meta.id.clone().into(),
sub_session: self.core.access_key.clone().into(),
})))?;
}
data.result = Some(Ok(data.consensus_session.result()?));
self.core.completed.notify_all();
@ -569,17 +579,19 @@ impl JobTransport for SigningJobTransport {
#[cfg(test)]
mod tests {
use std::sync::Arc;
use std::str::FromStr;
use std::collections::{BTreeMap, VecDeque};
use ethkey::{self, Random, Generator, Public};
use ethkey::{self, Random, Generator, Public, Secret, KeyPair};
use util::H256;
use acl_storage::DummyAclStorage;
use key_server_cluster::{NodeId, SessionId, SessionMeta, Error, KeyStorage};
use key_server_cluster::{NodeId, DocumentKeyShare, SessionId, SessionMeta, Error, KeyStorage};
use key_server_cluster::cluster::tests::DummyCluster;
use key_server_cluster::generation_session::{Session as GenerationSession};
use key_server_cluster::generation_session::tests::MessageLoop as KeyGenerationMessageLoop;
use key_server_cluster::math;
use key_server_cluster::message::{Message, SigningMessage};
use key_server_cluster::signing_session::{Session, SessionImpl, SessionParams};
use key_server_cluster::message::{Message, SigningMessage, SigningConsensusMessage, ConsensusMessage, ConfirmConsensusInitialization,
SigningGenerationMessage, GenerationMessage, ConfirmInitialization, InitializeSession, RequestPartialSignature};
use key_server_cluster::signing_session::{Session, SessionImpl, SessionState, SessionParams};
struct Node {
pub node_id: NodeId,
@ -589,8 +601,10 @@ mod tests {
struct MessageLoop {
pub session_id: SessionId,
pub requester: KeyPair,
pub nodes: BTreeMap<NodeId, Node>,
pub queue: VecDeque<(NodeId, NodeId, Message)>,
pub acl_storages: Vec<Arc<DummyAclStorage>>,
}
impl MessageLoop {
@ -600,8 +614,10 @@ mod tests {
let requester = Random.generate().unwrap();
let signature = Some(ethkey::sign(requester.secret(), &SessionId::default()).unwrap());
let master_node_id = gl.nodes.keys().nth(0).unwrap().clone();
let mut acl_storages = Vec::new();
for (i, (gl_node_id, gl_node)) in gl.nodes.iter().enumerate() {
let acl_storage = Arc::new(DummyAclStorage::default());
acl_storages.push(acl_storage.clone());
let cluster = Arc::new(DummyCluster::new(gl_node_id.clone()));
let session = SessionImpl::new(SessionParams {
meta: SessionMeta {
@ -627,8 +643,10 @@ mod tests {
MessageLoop {
session_id: session_id,
requester: requester,
nodes: nodes,
queue: VecDeque::new(),
acl_storages: acl_storages,
}
}
@ -676,12 +694,21 @@ mod tests {
}
}
}
pub fn run_until<F: Fn(&MessageLoop) -> bool>(&mut self, predicate: F) -> Result<(), Error> {
while let Some((from, to, message)) = self.take_message() {
if predicate(self) {
return Ok(());
}
#[test]
fn complete_gen_sign_session() {
let test_cases = [(0, 1), (0, 5), (2, 5), (3, 5)];
for &(threshold, num_nodes) in &test_cases {
self.process_message((from, to, message))?;
}
unreachable!("either wrong predicate, or failing test")
}
}
fn prepare_signing_sessions(threshold: usize, num_nodes: usize) -> (KeyGenerationMessageLoop, MessageLoop) {
// run key generation sessions
let mut gl = KeyGenerationMessageLoop::new(num_nodes);
gl.master().initialize(Public::default(), threshold, gl.nodes.keys().cloned().collect()).unwrap();
@ -689,9 +716,19 @@ mod tests {
gl.process_message((from, to, message)).unwrap();
}
// run signing session
let sl = MessageLoop::new(&gl);
(gl, sl)
}
#[test]
fn complete_gen_sign_session() {
let test_cases = [(0, 1), (0, 5), (2, 5), (3, 5)];
for &(threshold, num_nodes) in &test_cases {
let (gl, mut sl) = prepare_signing_sessions(threshold, num_nodes);
// run signing session
let message_hash = H256::from(777);
let mut sl = MessageLoop::new(&gl);
sl.master().initialize(message_hash).unwrap();
while let Some((from, to, message)) = sl.take_message() {
sl.process_message((from, to, message)).unwrap();
@ -703,4 +740,247 @@ mod tests {
assert!(math::verify_signature(&public, &signature, &message_hash).unwrap());
}
}
#[test]
fn constructs_in_cluster_of_single_node() {
let mut nodes = BTreeMap::new();
let self_node_id = Random.generate().unwrap().public().clone();
nodes.insert(self_node_id, Random.generate().unwrap().secret().clone());
match SessionImpl::new(SessionParams {
meta: SessionMeta {
id: SessionId::default(),
self_node_id: self_node_id.clone(),
master_node_id: self_node_id.clone(),
threshold: 0,
},
access_key: Random.generate().unwrap().secret().clone(),
key_share: DocumentKeyShare {
author: Public::default(),
threshold: 0,
id_numbers: nodes,
secret_share: Random.generate().unwrap().secret().clone(),
common_point: Some(Random.generate().unwrap().public().clone()),
encrypted_point: Some(Random.generate().unwrap().public().clone()),
},
acl_storage: Arc::new(DummyAclStorage::default()),
cluster: Arc::new(DummyCluster::new(self_node_id.clone())),
}, Some(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap())) {
Ok(_) => (),
_ => panic!("unexpected"),
}
}
#[test]
fn fails_to_construct_if_not_a_part_of_cluster() {
let mut nodes = BTreeMap::new();
let self_node_id = Random.generate().unwrap().public().clone();
nodes.insert(Random.generate().unwrap().public().clone(), Random.generate().unwrap().secret().clone());
nodes.insert(Random.generate().unwrap().public().clone(), Random.generate().unwrap().secret().clone());
match SessionImpl::new(SessionParams {
meta: SessionMeta {
id: SessionId::default(),
self_node_id: self_node_id.clone(),
master_node_id: self_node_id.clone(),
threshold: 0,
},
access_key: Random.generate().unwrap().secret().clone(),
key_share: DocumentKeyShare {
author: Public::default(),
threshold: 0,
id_numbers: nodes,
secret_share: Random.generate().unwrap().secret().clone(),
common_point: Some(Random.generate().unwrap().public().clone()),
encrypted_point: Some(Random.generate().unwrap().public().clone()),
},
acl_storage: Arc::new(DummyAclStorage::default()),
cluster: Arc::new(DummyCluster::new(self_node_id.clone())),
}, Some(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap())) {
Err(Error::InvalidNodesConfiguration) => (),
_ => panic!("unexpected"),
}
}
#[test]
fn fails_to_construct_if_threshold_is_wrong() {
let mut nodes = BTreeMap::new();
let self_node_id = Random.generate().unwrap().public().clone();
nodes.insert(self_node_id.clone(), Random.generate().unwrap().secret().clone());
nodes.insert(Random.generate().unwrap().public().clone(), Random.generate().unwrap().secret().clone());
match SessionImpl::new(SessionParams {
meta: SessionMeta {
id: SessionId::default(),
self_node_id: self_node_id.clone(),
master_node_id: self_node_id.clone(),
threshold: 2,
},
access_key: Random.generate().unwrap().secret().clone(),
key_share: DocumentKeyShare {
author: Public::default(),
threshold: 2,
id_numbers: nodes,
secret_share: Random.generate().unwrap().secret().clone(),
common_point: Some(Random.generate().unwrap().public().clone()),
encrypted_point: Some(Random.generate().unwrap().public().clone()),
},
acl_storage: Arc::new(DummyAclStorage::default()),
cluster: Arc::new(DummyCluster::new(self_node_id.clone())),
}, Some(ethkey::sign(Random.generate().unwrap().secret(), &SessionId::default()).unwrap())) {
Err(Error::InvalidThreshold) => (),
_ => panic!("unexpected"),
}
}
#[test]
fn fails_to_initialize_when_already_initialized() {
let (_, sl) = prepare_signing_sessions(1, 3);
assert_eq!(sl.master().initialize(777.into()), Ok(()));
assert_eq!(sl.master().initialize(777.into()), Err(Error::InvalidStateForRequest));
}
#[test]
fn does_not_fail_when_consensus_message_received_after_consensus_established() {
let (_, mut sl) = prepare_signing_sessions(1, 3);
sl.master().initialize(777.into()).unwrap();
// consensus is established
sl.run_until(|sl| sl.master().state() == SessionState::SessionKeyGeneration).unwrap();
// but 3rd node continues to send its messages
// this should not fail session
let consensus_group = sl.master().data.lock().consensus_session.select_consensus_group().unwrap().clone();
let mut had_3rd_message = false;
while let Some((from, to, message)) = sl.take_message() {
if !consensus_group.contains(&from) {
had_3rd_message = true;
sl.process_message((from, to, message)).unwrap();
}
}
assert!(had_3rd_message);
}
#[test]
fn fails_when_consensus_message_is_received_when_not_initialized() {
let (_, sl) = prepare_signing_sessions(1, 3);
assert_eq!(sl.master().on_consensus_message(sl.nodes.keys().nth(1).unwrap(), &SigningConsensusMessage {
session: SessionId::default().into(),
sub_session: sl.master().core.access_key.clone().into(),
message: ConsensusMessage::ConfirmConsensusInitialization(ConfirmConsensusInitialization {
is_confirmed: true,
}),
}), Err(Error::InvalidStateForRequest));
}
#[test]
fn fails_when_generation_message_is_received_when_not_initialized() {
let (_, sl) = prepare_signing_sessions(1, 3);
assert_eq!(sl.master().on_generation_message(sl.nodes.keys().nth(1).unwrap(), &SigningGenerationMessage {
session: SessionId::default().into(),
sub_session: sl.master().core.access_key.clone().into(),
message: GenerationMessage::ConfirmInitialization(ConfirmInitialization {
session: SessionId::default().into(),
derived_point: Public::default().into(),
}),
}), Err(Error::InvalidStateForRequest));
}
#[test]
fn fails_when_generation_sesson_is_initialized_by_slave_node() {
let (_, mut sl) = prepare_signing_sessions(1, 3);
sl.master().initialize(777.into()).unwrap();
sl.run_until(|sl| sl.master().state() == SessionState::SessionKeyGeneration).unwrap();
let slave2_id = sl.nodes.keys().nth(2).unwrap().clone();
let slave1 = &sl.nodes.values().nth(1).unwrap().session;
assert_eq!(slave1.on_generation_message(&slave2_id, &SigningGenerationMessage {
session: SessionId::default().into(),
sub_session: sl.master().core.access_key.clone().into(),
message: GenerationMessage::InitializeSession(InitializeSession {
session: SessionId::default().into(),
author: Public::default().into(),
nodes: BTreeMap::new(),
threshold: 1,
derived_point: Public::default().into(),
})
}), Err(Error::InvalidMessage));
}
#[test]
fn fails_when_signature_requested_when_not_initialized() {
let (_, sl) = prepare_signing_sessions(1, 3);
let slave1 = &sl.nodes.values().nth(1).unwrap().session;
assert_eq!(slave1.on_partial_signature_requested(sl.nodes.keys().nth(0).unwrap(), &RequestPartialSignature {
session: SessionId::default().into(),
sub_session: sl.master().core.access_key.clone().into(),
request_id: Secret::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap().into(),
message_hash: H256::default().into(),
nodes: Default::default(),
}), Err(Error::InvalidStateForRequest));
}
#[test]
fn fails_when_signature_requested_by_slave_node() {
let (_, sl) = prepare_signing_sessions(1, 3);
assert_eq!(sl.master().on_partial_signature_requested(sl.nodes.keys().nth(1).unwrap(), &RequestPartialSignature {
session: SessionId::default().into(),
sub_session: sl.master().core.access_key.clone().into(),
request_id: Secret::from_str("0000000000000000000000000000000000000000000000000000000000000001").unwrap().into(),
message_hash: H256::default().into(),
nodes: Default::default(),
}), Err(Error::InvalidMessage));
}
#[test]
fn failed_signing_session() {
let (_, mut sl) = prepare_signing_sessions(1, 3);
sl.master().initialize(777.into()).unwrap();
// we need at least 2-of-3 nodes to agree to reach consensus
// let's say 2 of 3 nodes disagee
sl.acl_storages[1].prohibit(sl.requester.public().clone(), SessionId::default());
sl.acl_storages[2].prohibit(sl.requester.public().clone(), SessionId::default());
// then consensus is unreachable
assert_eq!(sl.run_until(|_| false), Err(Error::ConsensusUnreachable));
}
#[test]
fn complete_signing_session_with_single_node_failing() {
let (_, mut sl) = prepare_signing_sessions(1, 3);
sl.master().initialize(777.into()).unwrap();
// we need at least 2-of-3 nodes to agree to reach consensus
// let's say 1 of 3 nodes disagee
sl.acl_storages[1].prohibit(sl.requester.public().clone(), SessionId::default());
// then consensus reachable, but single node will disagree
while let Some((from, to, message)) = sl.take_message() {
sl.process_message((from, to, message)).unwrap();
}
let data = sl.master().data.lock();
match data.result {
Some(Ok(_)) => (),
_ => unreachable!(),
}
}
#[test]
fn complete_signing_session_with_acl_check_failed_on_master() {
let (_, mut sl) = prepare_signing_sessions(1, 3);
sl.master().initialize(777.into()).unwrap();
// we need at least 2-of-3 nodes to agree to reach consensus
// let's say 1 of 3 nodes disagee
sl.acl_storages[0].prohibit(sl.requester.public().clone(), SessionId::default());
// then consensus reachable, but single node will disagree
while let Some((from, to, message)) = sl.take_message() {
sl.process_message((from, to, message)).unwrap();
}
let data = sl.master().data.lock();
match data.result {
Some(Ok(_)) => (),
_ => unreachable!(),
}
}
}