Skip to content
This repository has been archived by the owner on Dec 22, 2021. It is now read-only.

Validate privateFrom before executing private transaction #357

Closed
MadelineMurray opened this issue Mar 18, 2020 · 5 comments
Closed

Validate privateFrom before executing private transaction #357

MadelineMurray opened this issue Mar 18, 2020 · 5 comments
Assignees
@lucassaldanha
Labels
privacy
Milestone
1.5 Privacy Features

Comments

@MadelineMurray
Copy link
Contributor

As a member of a privacy group, I only want to execute private transactions sent from a member of the privacy group. To ensure a non-member isn't sending a transaction with a privateFrom of an actual member, I need to check the sender (ie, the privateFrom) is who they say they are.

Options to consider:

  1. Validate the privateFrom in Orion -> drawback of adding logic to Orion
  2. Have Orion pass the public key, that was used to decrypt the private Tx, back with the private transaction so Besu can validate the privateFrom
  3. Option we haven't thought of yet

We're going with Option 2.

This change was made in #317 and then reverted in #318 because older versions of Besu did not allow the additional value.

So before re-instating we need to resolve how we're going to handle versioning - do we allow users to update Orion only? Can we expect users of Besu to use a certain version of Orion?
@MadelineMurray MadelineMurray self-assigned this Apr 15, 2020
@MadelineMurray
Copy link
Contributor Author

MadelineMurray commented Apr 15, 2020
edited
Loading

Are we going to enforce specific versions being used together.

API to get version.

Consider failing on startup if it's not the right version.

@MadelineMurray
Copy link
Contributor Author

Need to include after last 1.4.x release but before 1.5 RC.

@MadelineMurray MadelineMurray added this to the 1.5 Privacy Features milestone May 13, 2020
@lucassaldanha
Copy link
Member

Here are three scenarios:

Scenario 1: Besu 1.5+ connected to an incompatible Orion version (< 1.6)

  • Besu WARN log message: Missing sender key from Orion response. Upgrade Orion to 1.6 to enforce privateFrom check.
  • Consequence: Node stops syncing with network
  • How to fix: Upgrade Orion to 1.6+ and Besu should be back syncing the network

Scenario 2: Besu 1.5+ (and Orion 1.6+) processing transaction with invalid privateFrom (not matching payload sender key)

  • Besu WARN log message: Private transaction privateFrom doesn't match payload sender key
  • Consequence: private tx fails (result = 0). PMT is processed successfully)
  • How to fix: Don't send payloads with invalid privateFrom :)

Scenario 3: Besu 1.5+ (and Orion 1.6+) processing transaction with invalid RLP (not containing privateFrom)

  • Besu WARN log message: Private transaction is missing privateFrom
  • Consequence: private tx fails (result = 0). PMT is processed successfully)
  • How to fix: Don't send payloads with invalid tx RLP :)

@lucassaldanha
Copy link
Member

Both PRs are ready. Now we just need to wait for the right time to merge it!

Orion: #374
Besu: hyperledger/besu#976

@MadelineMurray
Copy link
Contributor Author

Now is the time for merging!

@lucassaldanha lucassaldanha mentioned this issue Jul 8, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@lucassaldanha lucassaldanha

Labels
privacy
Projects
None yet
Milestone
1.5 Privacy Features
Development

No branches or pull requests
2 participants
@lucassaldanha @MadelineMurray