frostfs-contract/neofs_contract.go
alexvanin 78b8af8f83 Do not store multiaddress of inner ring nodes
With neo:morph environment, there will be no direct communication
between inner ring nodes and storage nodes. neo:morph smart-contracts
will identify inner ring nodes by their signatures.
2020-06-15 13:32:13 +03:00

407 lines
9.9 KiB
Go

package smart_contract
import (
"github.com/nspcc-dev/neo-go/pkg/interop/crypto"
"github.com/nspcc-dev/neo-go/pkg/interop/engine"
"github.com/nspcc-dev/neo-go/pkg/interop/runtime"
"github.com/nspcc-dev/neo-go/pkg/interop/storage"
"github.com/nspcc-dev/neo-go/pkg/interop/util"
)
type node struct {
pub []byte
}
type check struct {
id []byte
height []byte
}
// GAS NEP-5 HASH
const tokenHash = "\x77\xea\x59\x6b\x7a\xdf\x7e\x4d\xd1\x40\x76\x97\x31\xb7\xd2\xf0\xe0\x6b\xcd\x9b"
const innerRingCandidateFee = 100 * 1000 * 1000 // 10^8
const version = 1
func Main(op string, args []interface{}) interface{} {
// The trigger determines whether this smart-contract is being
// run in 'verification' or 'application' mode.
if runtime.GetTrigger() != runtime.Application() {
return false
}
/*
Utility operations - they will be changed in production:
- Deploy(params: address, pubKey, ... ) - setup initial inner ring state
User operations:
- InnerRingList() - get list of inner ring nodes addresses and public keys
- InnerRingCandidateRemove(params: pubKey) - remove node with given public key from the inner ring candidate queue
- InnerRingCandidateAdd(params: pubKey) - add node to the inner ring candidate queue
- Deposit(params: pubKey, amount) - deposit GAS to the NeoFS account
- Withdraw(params: withdrawCheque) - withdraw GAS from the NeoFS account
- InnerRingUpdate(params: irCheque) - change list of inner ring nodes
- IsInnerRing(params: pubKey) - returns true if pubKey presented in inner ring list
- Version() - get version of the NeoFS smart-contract
Params:
- address - string of the valid multiaddress (github.com/multiformats/multiaddr)
- pubKey - 33 byte public key
- withdrawCheque - serialized structure, that confirms GAS transfer;
contains inner ring signatures
- irCheque - serialized structure, that confirms new inner ring node list;
contains inner ring signatures
*/
ctx := storage.GetContext()
switch op {
case "Deploy":
irList := getSerialized(ctx, "InnerRingList").([]node)
if len(irList) >= 3 {
panic("contract already deployed")
}
irList = []node{}
for i := 0; i < len(args); i++ {
pub := args[i].([]byte)
irList = append(irList, node{pub: pub})
}
data := runtime.Serialize(irList)
storage.Put(ctx, "InnerRingList", data)
data = runtime.Serialize([]interface{}{})
storage.Put(ctx, "UsedVerifCheckList", data)
storage.Put(ctx, "InnerRingCandidates", data)
return true
case "InnerRingList":
irList := getSerialized(ctx, "InnerRingList").([]node)
return irList
case "InnerRingCandidateRemove":
data := args[0].([]byte) // public key
if !runtime.CheckWitness(data) {
panic("you should be the owner of the public key")
}
delSerializedIR(ctx, "InnerRingCandidates", data)
return true
case "InnerRingCandidateAdd":
key := args[0].([]byte) // public key
if !runtime.CheckWitness(key) {
panic("you should be the owner of the public key")
}
candidates := getSerialized(ctx, "InnerRingCandidates").([]node)
if containsPub(candidates, key) {
panic("is already in list")
}
from := pubToScriptHash(key)
to := engine.GetExecutingScriptHash()
params := []interface{}{from, to, innerRingCandidateFee}
transferred := engine.AppCall([]byte(tokenHash), "transfer", params).(bool)
if !transferred {
panic("failed to transfer funds, aborting")
}
candidate := node{pub: key}
if !putSerialized(ctx, "InnerRingCandidates", candidate) {
panic("failed to put candidate into the queue")
}
return true
case "Deposit":
pk := args[0].([]byte)
if !runtime.CheckWitness(pk) {
panic("you should be the owner of the public key")
}
amount := args[1].(int)
if amount > 0 {
amount = amount * 100000000
}
from := pubToScriptHash(pk)
to := engine.GetExecutingScriptHash()
params := []interface{}{from, to, amount}
transferred := engine.AppCall([]byte(tokenHash), "transfer", params).(bool)
if !transferred {
panic("failed to transfer funds, aborting")
}
runtime.Log("funds have been transferred")
return true
case "Withdraw":
from := engine.GetExecutingScriptHash()
data := args[0].([]byte)
message := data[0:66]
uuid := data[0:25]
owner := data[25:50]
value := data[50:58]
height := data[58:66]
offset := 68
usedList := getSerialized(ctx, "UsedVerifCheckList").([]check)
c := check{
id: uuid,
height: height,
}
if containsCheck(usedList, c) {
panic("verification check has already been used")
}
irList := getSerialized(ctx, "InnerRingList").([]node)
if !verifySignatures(irList, data, message, offset) {
panic("can't verify signatures")
}
h := owner[1:21]
params := []interface{}{from, h, value}
transferred := engine.AppCall([]byte(tokenHash), "transfer", params).(bool)
if !transferred {
panic("failed to transfer funds, aborting")
}
putSerialized(ctx, "UsedVerifCheckList", c)
return true
case "InnerRingUpdate":
data := args[0].([]byte)
id := data[:8]
var ln interface{} = data[8:10]
listItemCount := ln.(int)
listSize := listItemCount * 33
offset := 8 + 2 + listSize
msg := data[:offset]
message := crypto.SHA256(msg)
irList := getSerialized(ctx, "InnerRingList").([]node)
if !verifySignatures(irList, data, message, offset) {
panic("can't verify signatures")
}
usedList := getSerialized(ctx, "UsedVerifCheckList").([]check)
c := check{
id: id,
height: []byte{1}, // ir update cheques use height as id
}
if containsCheck(usedList, c) {
panic("check has already been used")
}
candidates := getSerialized(ctx, "InnerRingCandidates").([]node)
offset = 10
newIR := []node{}
loop:
for i := 0; i < listItemCount; i, offset = i+1, offset+33 {
pub := data[offset : offset+33]
for j := 0; j < len(irList); j++ {
n := irList[j]
if util.Equals(n.pub, pub) {
newIR = append(newIR, n)
continue loop
}
}
for j := 0; j < len(candidates); j++ {
n := candidates[j]
if util.Equals(n.pub, pub) {
newIR = append(newIR, n)
continue loop
}
}
}
if len(newIR) != listItemCount {
panic("new inner ring wasn't processed correctly")
}
for i := 0; i < len(newIR); i++ {
n := newIR[i]
delSerializedIR(ctx, "InnerRingCandidates", n.pub)
}
newIRData := runtime.Serialize(newIR)
storage.Put(ctx, "InnerRingList", newIRData)
putSerialized(ctx, "UsedVerifCheckList", c)
return true
case "IsInnerRing":
if len(args) != 1 {
panic("isInnerRing: wrong arguments")
}
key := args[0].([]byte)
if len(key) != 33 {
panic("isInnerRing: incorrect public key")
}
irList := getSerialized(ctx, "InnerRingList").([]node)
for i := range irList {
node := irList[i]
if util.Equals(node.pub, key) {
return true
}
}
return false
case "Version":
return version
}
panic("unknown operation")
}
func getSerialized(ctx storage.Context, key string) interface{} {
data := storage.Get(ctx, key).([]byte)
if len(data) != 0 {
return runtime.Deserialize(data)
}
return nil
}
func delSerialized(ctx storage.Context, key string, value []byte) bool {
data := storage.Get(ctx, key).([]byte)
deleted := false
var newList [][]byte
if len(data) != 0 {
lst := runtime.Deserialize(data).([][]byte)
for i := 0; i < len(lst); i++ {
if util.Equals(value, lst[i]) {
deleted = true
} else {
newList = append(newList, lst[i])
}
}
if deleted {
if len(newList) != 0 {
data := runtime.Serialize(newList)
storage.Put(ctx, key, data)
} else {
storage.Delete(ctx, key)
}
runtime.Log("target element has been removed")
return true
}
}
runtime.Log("target element has not been removed")
return false
}
func putSerialized(ctx storage.Context, key string, value interface{}) bool {
data := storage.Get(ctx, key).([]byte)
var lst []interface{}
if len(data) != 0 {
lst = runtime.Deserialize(data).([]interface{})
}
lst = append(lst, value)
data = runtime.Serialize(lst)
storage.Put(ctx, key, data)
return true
}
func pubToScriptHash(pkey []byte) []byte {
pre := []byte{0x21}
buf := append(pre, pkey...)
buf = append(buf, 0xac)
h := crypto.Hash160(buf)
return h
}
func containsCheck(lst []check, c check) bool {
for i := 0; i < len(lst); i++ {
if util.Equals(c, lst[i]) {
return true
}
}
return false
}
func containsPub(lst []node, elem []byte) bool {
for i := 0; i < len(lst); i++ {
e := lst[i]
if util.Equals(elem, e.pub) {
return true
}
}
return false
}
func delSerializedIR(ctx storage.Context, key string, value []byte) bool {
data := storage.Get(ctx, key).([]byte)
deleted := false
newList := []node{}
if len(data) != 0 {
lst := runtime.Deserialize(data).([]node)
for i := 0; i < len(lst); i++ {
n := lst[i]
if util.Equals(value, n.pub) {
deleted = true
} else {
newList = append(newList, n)
}
}
if deleted {
data := runtime.Serialize(newList)
storage.Put(ctx, key, data)
runtime.Log("target element has been removed")
return true
}
}
runtime.Log("target element has not been removed")
return false
}
func verifySignatures(irList []node, data []byte, message []byte, offset int) bool {
n := len(irList)
f := (n - 1) / 3
s := n - f
if s < 3 {
runtime.Log("not enough inner ring nodes for consensus")
return false
}
used := [][]byte{}
count := 0
for count < s && offset < len(data) {
pubkey := data[offset : offset+33]
signature := data[offset+33 : offset+97]
if containsPub(irList, pubkey) {
if crypto.VerifySignature(message, signature, pubkey) {
count++
for i := 0; i < len(used); i++ {
if util.Equals(used[i], pubkey) {
panic("duplicate public keys")
}
}
used = append(used, pubkey)
}
}
offset += 97
}
if count >= s {
return true
}
runtime.Log("not enough verified signatures")
return false
}