aboutsummaryrefslogtreecommitdiffstats
path: root/eth/downloader/downloader_test.go
blob: 434861c6108fea632b7723da029c1a14d50aefc9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
package downloader

import (
    "encoding/binary"
    "math/big"
    "testing"
    "time"

    "github.com/ethereum/go-ethereum/common"
    "github.com/ethereum/go-ethereum/core/types"
    "github.com/ethereum/go-ethereum/event"
)

var (
    knownHash   = common.Hash{1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
    unknownHash = common.Hash{9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9}
)

func createHashes(start, amount int) (hashes []common.Hash) {
    hashes = make([]common.Hash, amount+1)
    hashes[len(hashes)-1] = knownHash

    for i := range hashes[:len(hashes)-1] {
        binary.BigEndian.PutUint64(hashes[i][:8], uint64(start+i+2))
    }
    return
}

func createBlock(i int, parent, hash common.Hash) *types.Block {
    header := &types.Header{Number: big.NewInt(int64(i))}
    block := types.NewBlockWithHeader(header)
    block.HeaderHash = hash
    block.ParentHeaderHash = parent
    return block
}

func createBlocksFromHashes(hashes []common.Hash) map[common.Hash]*types.Block {
    blocks := make(map[common.Hash]*types.Block)
    for i := 0; i < len(hashes); i++ {
        parent := knownHash
        if i < len(hashes)-1 {
            parent = hashes[i+1]
        }
        blocks[hashes[i]] = createBlock(len(hashes)-i, parent, hashes[i])
    }
    return blocks
}

type downloadTester struct {
    downloader *Downloader

    hashes []common.Hash                // Chain of hashes simulating
    blocks map[common.Hash]*types.Block // Blocks associated with the hashes
    chain  []common.Hash                // Block-chain being constructed

    maxHashFetch int // Overrides the maximum number of retrieved hashes

    t            *testing.T
    done         chan bool
    activePeerId string
}

func newTester(t *testing.T, hashes []common.Hash, blocks map[common.Hash]*types.Block) *downloadTester {
    tester := &downloadTester{
        t: t,

        hashes: hashes,
        blocks: blocks,
        chain:  []common.Hash{knownHash},

        done: make(chan bool),
    }
    var mux event.TypeMux
    downloader := New(&mux, tester.hasBlock, tester.getBlock)
    tester.downloader = downloader

    return tester
}

// sync is a simple wrapper around the downloader to start synchronisation and
// block until it returns
func (dl *downloadTester) sync(peerId string, head common.Hash) error {
    dl.activePeerId = peerId
    return dl.downloader.Synchronise(peerId, head)
}

// syncTake is starts synchronising with a remote peer, but concurrently it also
// starts fetching blocks that the downloader retrieved. IT blocks until both go
// routines terminate.
func (dl *downloadTester) syncTake(peerId string, head common.Hash) ([]*Block, error) {
    // Start a block collector to take blocks as they become available
    done := make(chan struct{})
    took := []*Block{}
    go func() {
        for running := true; running; {
            select {
            case <-done:
                running = false
            default:
                time.Sleep(time.Millisecond)
            }
            // Take a batch of blocks and accumulate
            took = append(took, dl.downloader.TakeBlocks()...)
        }
        done <- struct{}{}
    }()
    // Start the downloading, sync the taker and return
    err := dl.sync(peerId, head)

    done <- struct{}{}
    <-done

    return took, err
}

func (dl *downloadTester) hasBlock(hash common.Hash) bool {
    for _, h := range dl.chain {
        if h == hash {
            return true
        }
    }
    return false
}

func (dl *downloadTester) getBlock(hash common.Hash) *types.Block {
    return dl.blocks[knownHash]
}

// getHashes retrieves a batch of hashes for reconstructing the chain.
func (dl *downloadTester) getHashes(head common.Hash) error {
    limit := MaxHashFetch
    if dl.maxHashFetch > 0 {
        limit = dl.maxHashFetch
    }
    // Gather the next batch of hashes
    hashes := make([]common.Hash, 0, limit)
    for i, hash := range dl.hashes {
        if hash == head {
            i++
            for len(hashes) < cap(hashes) && i < len(dl.hashes) {
                hashes = append(hashes, dl.hashes[i])
                i++
            }
            break
        }
    }
    // Delay delivery a bit to allow attacks to unfold
    id := dl.activePeerId
    go func() {
        time.Sleep(time.Millisecond)
        dl.downloader.DeliverHashes(id, hashes)
    }()
    return nil
}

func (dl *downloadTester) getBlocks(id string) func([]common.Hash) error {
    return func(hashes []common.Hash) error {
        blocks := make([]*types.Block, 0, len(hashes))
        for _, hash := range hashes {
            if block, ok := dl.blocks[hash]; ok {
                blocks = append(blocks, block)
            }
        }
        go dl.downloader.DeliverBlocks(id, blocks)

        return nil
    }
}

func (dl *downloadTester) newPeer(id string, td *big.Int, hash common.Hash) {
    dl.downloader.RegisterPeer(id, hash, dl.getHashes, dl.getBlocks(id))
}

// Tests that simple synchronization, without throttling from a good peer works.
func TestSynchronisation(t *testing.T) {
    // Create a small enough block chain to download and the tester
    targetBlocks := blockCacheLimit - 15
    hashes := createHashes(0, targetBlocks)
    blocks := createBlocksFromHashes(hashes)

    tester := newTester(t, hashes, blocks)
    tester.newPeer("peer", big.NewInt(10000), hashes[0])

    // Synchronise with the peer and make sure all blocks were retrieved
    if err := tester.sync("peer", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
    if queued := len(tester.downloader.queue.blockCache); queued != targetBlocks {
        t.Fatalf("synchronised block mismatch: have %v, want %v", queued, targetBlocks)
    }
}

// Tests that the synchronized blocks can be correctly retrieved.
func TestBlockTaking(t *testing.T) {
    // Create a small enough block chain to download and the tester
    targetBlocks := blockCacheLimit - 15
    hashes := createHashes(0, targetBlocks)
    blocks := createBlocksFromHashes(hashes)

    tester := newTester(t, hashes, blocks)
    tester.newPeer("peer", big.NewInt(10000), hashes[0])

    // Synchronise with the peer and test block retrieval
    if err := tester.sync("peer", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
    if took := tester.downloader.TakeBlocks(); len(took) != targetBlocks {
        t.Fatalf("took block mismatch: have %v, want %v", len(took), targetBlocks)
    }
}

// Tests that an inactive downloader will not accept incoming hashes and blocks.
func TestInactiveDownloader(t *testing.T) {
    // Create a small enough block chain to download and the tester
    targetBlocks := blockCacheLimit - 15
    hashes := createHashes(0, targetBlocks)
    blocks := createBlocksFromHashSet(createHashSet(hashes))

    tester := newTester(t, nil, nil)

    // Check that neither hashes nor blocks are accepted
    if err := tester.downloader.DeliverHashes("bad peer", hashes); err != errNoSyncActive {
        t.Errorf("error mismatch: have %v, want %v", err, errNoSyncActive)
    }
    if err := tester.downloader.DeliverBlocks("bad peer", blocks); err != errNoSyncActive {
        t.Errorf("error mismatch: have %v, want %v", err, errNoSyncActive)
    }
}

// Tests that a canceled download wipes all previously accumulated state.
func TestCancel(t *testing.T) {
    // Create a small enough block chain to download and the tester
    targetBlocks := blockCacheLimit - 15
    hashes := createHashes(0, targetBlocks)
    blocks := createBlocksFromHashes(hashes)

    tester := newTester(t, hashes, blocks)
    tester.newPeer("peer", big.NewInt(10000), hashes[0])

    // Synchronise with the peer, but cancel afterwards
    if err := tester.sync("peer", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
    if !tester.downloader.Cancel() {
        t.Fatalf("cancel operation failed")
    }
    // Make sure the queue reports empty and no blocks can be taken
    hashCount, blockCount := tester.downloader.queue.Size()
    if hashCount > 0 || blockCount > 0 {
        t.Errorf("block or hash count mismatch: %d hashes, %d blocks, want 0", hashCount, blockCount)
    }
    if took := tester.downloader.TakeBlocks(); len(took) != 0 {
        t.Errorf("taken blocks mismatch: have %d, want %d", len(took), 0)
    }
}

// Tests that if a large batch of blocks are being downloaded, it is throttled
// until the cached blocks are retrieved.
func TestThrottling(t *testing.T) {
    // Create a long block chain to download and the tester
    targetBlocks := 8 * blockCacheLimit
    hashes := createHashes(0, targetBlocks)
    blocks := createBlocksFromHashes(hashes)

    tester := newTester(t, hashes, blocks)
    tester.newPeer("peer", big.NewInt(10000), hashes[0])

    // Start a synchronisation concurrently
    errc := make(chan error)
    go func() {
        errc <- tester.sync("peer", hashes[0])
    }()
    // Iteratively take some blocks, always checking the retrieval count
    for total := 0; total < targetBlocks; {
        // Sleep a bit for sync to complete
        time.Sleep(250 * time.Millisecond)

        // Fetch the next batch of blocks
        took := tester.downloader.TakeBlocks()
        if len(took) != blockCacheLimit {
            t.Fatalf("block count mismatch: have %v, want %v", len(took), blockCacheLimit)
        }
        total += len(took)
        if total > targetBlocks {
            t.Fatalf("target block count mismatch: have %v, want %v", total, targetBlocks)
        }
    }
    if err := <-errc; err != nil {
        t.Fatalf("block synchronization failed: %v", err)
    }
}

// Tests that if a peer returns an invalid chain with a block pointing to a non-
// existing parent, it is correctly detected and handled.
func TestNonExistingParentAttack(t *testing.T) {
    // Forge a single-link chain with a forged header
    hashes := createHashes(0, 1)
    blocks := createBlocksFromHashes(hashes)

    forged := blocks[hashes[0]]
    forged.ParentHeaderHash = unknownHash

    // Try and sync with the malicious node and check that it fails
    tester := newTester(t, hashes, blocks)
    tester.newPeer("attack", big.NewInt(10000), hashes[0])
    if err := tester.sync("attack", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
    bs := tester.downloader.TakeBlocks()
    if len(bs) != 1 {
        t.Fatalf("retrieved block mismatch: have %v, want %v", len(bs), 1)
    }
    if tester.hasBlock(bs[0].RawBlock.ParentHash()) {
        t.Fatalf("tester knows about the unknown hash")
    }
    tester.downloader.Cancel()

    // Reconstruct a valid chain, and try to synchronize with it
    forged.ParentHeaderHash = knownHash
    tester.newPeer("valid", big.NewInt(20000), hashes[0])
    if err := tester.sync("valid", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
    bs = tester.downloader.TakeBlocks()
    if len(bs) != 1 {
        t.Fatalf("retrieved block mismatch: have %v, want %v", len(bs), 1)
    }
    if !tester.hasBlock(bs[0].RawBlock.ParentHash()) {
        t.Fatalf("tester doesn't know about the origin hash")
    }
}

// Tests that if a malicious peers keeps sending us repeating hashes, we don't
// loop indefinitely.
func TestRepeatingHashAttack(t *testing.T) {
    // Create a valid chain, but drop the last link
    hashes := createHashes(0, blockCacheLimit)
    blocks := createBlocksFromHashes(hashes)
    forged := hashes[:len(hashes)-1]

    // Try and sync with the malicious node
    tester := newTester(t, forged, blocks)
    tester.newPeer("attack", big.NewInt(10000), forged[0])

    errc := make(chan error)
    go func() {
        errc <- tester.sync("attack", hashes[0])
    }()

    // Make sure that syncing returns and does so with a failure
    select {
    case <-time.After(time.Second):
        t.Fatalf("synchronisation blocked")
    case err := <-errc:
        if err == nil {
            t.Fatalf("synchronisation succeeded")
        }
    }
    // Ensure that a valid chain can still pass sync
    tester.hashes = hashes
    tester.newPeer("valid", big.NewInt(20000), hashes[0])
    if err := tester.sync("valid", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
}

// Tests that if a malicious peers returns a non-existent block hash, it should
// eventually time out and the sync reattempted.
func TestNonExistingBlockAttack(t *testing.T) {
    // Create a valid chain, but forge the last link
    hashes := createHashes(0, blockCacheLimit)
    blocks := createBlocksFromHashes(hashes)
    origin := hashes[len(hashes)/2]

    hashes[len(hashes)/2] = unknownHash

    // Try and sync with the malicious node and check that it fails
    tester := newTester(t, hashes, blocks)
    tester.newPeer("attack", big.NewInt(10000), hashes[0])
    if err := tester.sync("attack", hashes[0]); err != errPeersUnavailable {
        t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errPeersUnavailable)
    }
    // Ensure that a valid chain can still pass sync
    hashes[len(hashes)/2] = origin
    tester.newPeer("valid", big.NewInt(20000), hashes[0])
    if err := tester.sync("valid", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
}

// Tests that if a malicious peer is returning hashes in a weird order, that the
// sync throttler doesn't choke on them waiting for the valid blocks.
func TestInvalidHashOrderAttack(t *testing.T) {
    // Create a valid long chain, but reverse some hashes within
    hashes := createHashes(0, 4*blockCacheLimit)
    blocks := createBlocksFromHashes(hashes)

    chunk1 := make([]common.Hash, blockCacheLimit)
    chunk2 := make([]common.Hash, blockCacheLimit)
    copy(chunk1, hashes[blockCacheLimit:2*blockCacheLimit])
    copy(chunk2, hashes[2*blockCacheLimit:3*blockCacheLimit])

    reverse := make([]common.Hash, len(hashes))
    copy(reverse, hashes)
    copy(reverse[2*blockCacheLimit:], chunk1)
    copy(reverse[blockCacheLimit:], chunk2)

    // Try and sync with the malicious node and check that it fails
    tester := newTester(t, reverse, blocks)
    tester.newPeer("attack", big.NewInt(10000), reverse[0])
    if _, err := tester.syncTake("attack", reverse[0]); err != ErrInvalidChain {
        t.Fatalf("synchronisation error mismatch: have %v, want %v", err, ErrInvalidChain)
    }
    // Ensure that a valid chain can still pass sync
    tester.hashes = hashes
    tester.newPeer("valid", big.NewInt(20000), hashes[0])
    if _, err := tester.syncTake("valid", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
}

// Tests that if a malicious peer makes up a random hash chain and tries to push
// indefinitely, it actually gets caught with it.
func TestMadeupHashChainAttack(t *testing.T) {
    blockSoftTTL = 100 * time.Millisecond
    crossCheckCycle = 25 * time.Millisecond

    // Create a long chain of hashes without backing blocks
    hashes := createHashes(0, 1024*blockCacheLimit)

    // Try and sync with the malicious node and check that it fails
    tester := newTester(t, hashes, nil)
    tester.newPeer("attack", big.NewInt(10000), hashes[0])
    if _, err := tester.syncTake("attack", hashes[0]); err != ErrCrossCheckFailed {
        t.Fatalf("synchronisation error mismatch: have %v, want %v", err, ErrCrossCheckFailed)
    }
}

// Tests that if a malicious peer makes up a random hash chain, and tries to push
// indefinitely, one hash at a time, it actually gets caught with it. The reason
// this is separate from the classical made up chain attack is that sending hashes
// one by one prevents reliable block/parent verification.
func TestMadeupHashChainDrippingAttack(t *testing.T) {
    // Create a random chain of hashes to drip
    hashes := createHashes(0, 16*blockCacheLimit)
    tester := newTester(t, hashes, nil)

    // Try and sync with the attacker, one hash at a time
    tester.maxHashFetch = 1
    tester.newPeer("attack", big.NewInt(10000), hashes[0])
    if _, err := tester.syncTake("attack", hashes[0]); err != ErrStallingPeer {
        t.Fatalf("synchronisation error mismatch: have %v, want %v", err, ErrStallingPeer)
    }
}

// Tests that if a malicious peer makes up a random block chain, and tried to
// push indefinitely, it actually gets caught with it.
func TestMadeupBlockChainAttack(t *testing.T) {
    defaultBlockTTL := blockSoftTTL
    defaultCrossCheckCycle := crossCheckCycle

    blockSoftTTL = 100 * time.Millisecond
    crossCheckCycle = 25 * time.Millisecond

    // Create a long chain of blocks and simulate an invalid chain by dropping every second
    hashes := createHashes(0, 16*blockCacheLimit)
    blocks := createBlocksFromHashes(hashes)

    gapped := make([]common.Hash, len(hashes)/2)
    for i := 0; i < len(gapped); i++ {
        gapped[i] = hashes[2*i]
    }
    // Try and sync with the malicious node and check that it fails
    tester := newTester(t, gapped, blocks)
    tester.newPeer("attack", big.NewInt(10000), gapped[0])
    if _, err := tester.syncTake("attack", gapped[0]); err != ErrCrossCheckFailed {
        t.Fatalf("synchronisation error mismatch: have %v, want %v", err, ErrCrossCheckFailed)
    }
    // Ensure that a valid chain can still pass sync
    blockSoftTTL = defaultBlockTTL
    crossCheckCycle = defaultCrossCheckCycle

    tester.hashes = hashes
    tester.newPeer("valid", big.NewInt(20000), hashes[0])
    if _, err := tester.syncTake("valid", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
}

// Advanced form of the above forged blockchain attack, where not only does the
// attacker make up a valid hashes for random blocks, but also forges the block
// parents to point to existing hashes.
func TestMadeupParentBlockChainAttack(t *testing.T) {
    defaultBlockTTL := blockSoftTTL
    defaultCrossCheckCycle := crossCheckCycle

    blockSoftTTL = 100 * time.Millisecond
    crossCheckCycle = 25 * time.Millisecond

    // Create a long chain of blocks and simulate an invalid chain by dropping every second
    hashes := createHashes(0, 16*blockCacheLimit)
    blocks := createBlocksFromHashes(hashes)
    forges := createBlocksFromHashes(hashes)
    for hash, block := range forges {
        block.ParentHeaderHash = hash // Simulate pointing to already known hash
    }
    // Try and sync with the malicious node and check that it fails
    tester := newTester(t, hashes, forges)
    tester.newPeer("attack", big.NewInt(10000), hashes[0])
    if _, err := tester.syncTake("attack", hashes[0]); err != ErrCrossCheckFailed {
        t.Fatalf("synchronisation error mismatch: have %v, want %v", err, ErrCrossCheckFailed)
    }
    // Ensure that a valid chain can still pass sync
    blockSoftTTL = defaultBlockTTL
    crossCheckCycle = defaultCrossCheckCycle

    tester.blocks = blocks
    tester.newPeer("valid", big.NewInt(20000), hashes[0])
    if _, err := tester.syncTake("valid", hashes[0]); err != nil {
        t.Fatalf("failed to synchronise blocks: %v", err)
    }
}