Merge pull request #10267 from EOSIO/feature-privacy

Feature privacy

.cicd/platforms/pinned/amazon_linux-2-pinned.dockerfile

@@ -3,7 +3,7 @@ ENV VERSION 1
 # install dependencies.
 RUN yum update -y && \
     yum install -y which git sudo procps-ng util-linux autoconf automake \
-    libtool make bzip2 bzip2-devel openssl-devel gmp-devel libstdc++ libcurl-devel \
+    libtool make bzip2 bzip2-devel openssl openssl-devel gmp-devel libstdc++ libcurl-devel \
     libusbx-devel python3 python3-devel python-devel libedit-devel doxygen \
     graphviz patch gcc gcc-c++ vim-common jq && \
     yum clean all && rm -rf /var/cache/yum

.cicd/platforms/pinned/centos-7.7-pinned.dockerfile

@@ -6,7 +6,7 @@ RUN yum update -y && \
     yum --enablerepo=extras install -y centos-release-scl && \
     yum --enablerepo=extras install -y devtoolset-8 && \
     yum --enablerepo=extras install -y which git autoconf automake libtool make bzip2 doxygen \
-    graphviz bzip2-devel openssl-devel gmp-devel ocaml \
+    graphviz bzip2-devel openssl openssl-devel gmp-devel ocaml \
     python python-devel rh-python36 file libusbx-devel \
     libcurl-devel patch vim-common jq glibc-locale-source glibc-langpack-en && \
     yum clean all && rm -rf /var/cache/yum

.cicd/platforms/unpinned/amazon_linux-2-unpinned.dockerfile

@@ -3,7 +3,7 @@ ENV VERSION 1
 # install dependencies.
 RUN yum update -y && \
     yum install -y which git sudo procps-ng util-linux autoconf automake \
-    libtool make bzip2 bzip2-devel openssl-devel gmp-devel libstdc++ libcurl-devel \
+    libtool make bzip2 bzip2-devel openssl openssl-devel gmp-devel libstdc++ libcurl-devel \
     libusbx-devel python3 python3-devel python-devel libedit-devel doxygen \
     graphviz clang patch llvm-devel llvm-static vim-common jq && \
     yum clean all && rm -rf /var/cache/yum

.cicd/platforms/unpinned/centos-7.7-unpinned.dockerfile

@@ -6,7 +6,7 @@ RUN yum update -y && \
     yum --enablerepo=extras install -y centos-release-scl && \
     yum --enablerepo=extras install -y devtoolset-8 && \
     yum --enablerepo=extras install -y which git autoconf automake libtool make bzip2 doxygen \
-    graphviz bzip2-devel openssl-devel gmp-devel ocaml \
+    graphviz bzip2-devel openssl openssl-devel gmp-devel ocaml \
     python python-devel rh-python36 file libusbx-devel \
     libcurl-devel patch vim-common jq llvm-toolset-7.0-llvm-devel llvm-toolset-7.0-llvm-static \
     glibc-locale-source glibc-langpack-en && \

.gitignore

@@ -87,4 +87,4 @@ var/lib/node_*
 *.iws
 .DS_Store
 
-!*.swagger.*
+!*.swagger.*

libraries/chain/CMakeLists.txt

@@ -71,6 +71,7 @@ set(CHAIN_WEBASSEMBLY_SOURCES
    webassembly/softfloat.cpp
    webassembly/system.cpp
    webassembly/transaction.cpp
+   webassembly/security_group.cpp
 )
 
 ## SORT .cpp by most likely to change / break compile

libraries/chain/block_header_state.cpp

@@ -167,6 +167,8 @@ namespace eosio { namespace chain {
          result.producer_to_last_implied_irb[proauth.producer_name] = dpos_proposed_irreversible_blocknum;
       }
 
+      result.security_group = get_security_group_info();
+
       return result;
    }
 
@@ -314,6 +316,8 @@ namespace eosio { namespace chain {
 
       result.activated_protocol_features = std::move( new_activated_protocol_features );
 
+      result.set_security_group_info(std::move(security_group));
+
       return result;
    }
 

libraries/chain/combined_database.cpp

@@ -389,6 +389,8 @@ namespace eosio { namespace chain {
          header.validate();
       });
 
+      snapshot->chain_snapshot_version = header.version;
+
       db.create<kv_db_config_object>([](auto&) {});
       check_backing_store_setting(true);
 

libraries/chain/controller.cpp

@@ -252,6 +252,7 @@ struct controller_impl {
       set_activation_handler<builtin_protocol_feature_t::kv_database>();
       set_activation_handler<builtin_protocol_feature_t::configurable_wasm_limits>();
       set_activation_handler<builtin_protocol_feature_t::blockchain_parameters>();
+      set_activation_handler<builtin_protocol_feature_t::security_group>();
 
       self.irreversible_block.connect([this](const block_state_ptr& bsp) {
          wasmif.current_lib(bsp->block_num);
@@ -1432,6 +1433,29 @@ struct controller_impl {
             });
          }
 
+         if (gpo.proposed_security_group_block_num) {
+            if (gpo.proposed_security_group_block_num <= pbhs.dpos_irreversible_blocknum) {
+
+               // Promote proposed security group to pending.
+               if( !replay_head_time ) {
+                  ilog( "promoting proposed security group (set in block ${proposed_num}) to pending; current block: ${n} lib: ${lib} participants: ${participants} ",
+                        ("proposed_num", gpo.proposed_security_group_block_num)("n", pbhs.block_num)
+                        ("lib", pbhs.dpos_irreversible_blocknum)
+                        ("participants",  gpo.proposed_security_group_participants ) );
+               }
+
+               ++bb._pending_block_header_state.security_group.version;
+               bb._pending_block_header_state.security_group.participants = {
+                  gpo.proposed_security_group_participants.begin(),
+                  gpo.proposed_security_group_participants.end()};
+
+               db.modify(gpo, [&](auto& gp) { 
+                  gp.proposed_security_group_block_num = 0; 
+                  gp.proposed_security_group_participants.clear(); 
+               });
+            }
+         }
+
          try {
             transaction_metadata_ptr onbtrx =
                   transaction_metadata::create_no_recover_keys( std::make_shared<packed_transaction>( get_on_block_transaction(), true ),
@@ -1736,6 +1760,9 @@ struct controller_impl {
          if( !use_bsp_cached ) {
             bsp->set_trxs_metas( std::move( ab._trx_metas ), !skip_auth_checks );
          }
+
+         auto& pbsh = ab._pending_block_header_state;
+         bsp->set_security_group_info(std::move(pbsh.security_group));
          // create completed_block with the existing block_state as we just verified it is the same as assembled_block
          pending->_block_stage = completed_block{ bsp };
 
@@ -2232,6 +2259,37 @@ struct controller_impl {
       return deep_mind_logger;
    }
 
+   int64_t propose_security_group(std::function<void(flat_set<account_name>&)> && modify_participants) {
+      const auto& gpo           = self.get_global_properties();
+      auto        cur_block_num = head->block_num + 1;
+
+      if (!self.is_builtin_activated(builtin_protocol_feature_t::security_group)) {
+         return -1;
+      }
+
+      flat_set<account_name> proposed_participants = gpo.proposed_security_group_block_num == 0
+                              ? self.active_security_group().participants
+                              : flat_set<account_name>{gpo.proposed_security_group_participants.begin(),
+                                                       gpo.proposed_security_group_participants.end()};
+
+      auto orig_participants_size = proposed_participants.size();
+
+      modify_participants(proposed_participants);
+
+      if (orig_participants_size == proposed_participants.size()) {
+         // no changes in the participants
+         return -1;
+      }
+
+      db.modify(gpo, [&proposed_participants, cur_block_num](auto& gp) {
+         gp.proposed_security_group_block_num    = cur_block_num;
+         gp.set_proposed_security_group_participants(proposed_participants.begin(),
+                                                     proposed_participants.end());
+      });
+
+      return 0;
+   }
+
 }; /// controller_impl
 
 const resource_limits_manager&   controller::get_resource_limits_manager()const
@@ -2817,6 +2875,44 @@ int64_t controller::set_proposed_producers( vector<producer_authority> producers
    return version;
 }
 
+const security_group_info_t& controller::active_security_group() const {
+   if( !(my->pending) )
+      return  my->head->get_security_group_info();
+
+   return std::visit(
+       overloaded{
+           [](const building_block& bb) -> const security_group_info_t& { return bb._pending_block_header_state.security_group; },
+           [](const assembled_block& ab) -> const security_group_info_t& { return ab._pending_block_header_state.security_group; },
+           [](const completed_block& cb) -> const security_group_info_t& { return cb._block_state->get_security_group_info(); }},
+       my->pending->_block_stage);
+}
+
+flat_set<account_name> controller::proposed_security_group_participants() const {
+   return {get_global_properties().proposed_security_group_participants.begin(),
+           get_global_properties().proposed_security_group_participants.end()};
+}
+
+int64_t controller::add_security_group_participants(const flat_set<account_name>& participants) {
+   return participants.size() == 0 ? -1 : my->propose_security_group([&participants](auto& pending_participants) {
+      pending_participants.insert(participants.begin(), participants.end());
+   });
+}
+
+int64_t controller::remove_security_group_participants(const flat_set<account_name>& participants) {
+   return participants.size() == 0 ? -1 : my->propose_security_group([&participants](auto& pending_participants) {
+      flat_set<account_name>::sequence_type tmp;
+      tmp.reserve(pending_participants.size());
+      std::set_difference(pending_participants.begin(), pending_participants.end(), participants.begin(),
+                          participants.end(), std::back_inserter(tmp));
+      pending_participants.adopt_sequence(std::move(tmp));
+   });
+}
+
+bool controller::in_active_security_group(const flat_set<account_name>& participants) const {
+   const auto& active = active_security_group().participants;
+   return std::includes(active.begin(), active.end(), participants.begin(), participants.end());
+}
+
 const producer_authority_schedule&    controller::active_producers()const {
    if( !(my->pending) )
       return  my->head->active_schedule;
@@ -3324,6 +3420,17 @@ void controller_impl::on_activation<builtin_protocol_feature_t::blockchain_param
    } );
 }
 
+
+template<>
+void controller_impl::on_activation<builtin_protocol_feature_t::security_group>() {
+   db.modify( db.get<protocol_state_object>(), [&]( auto& ps ) {
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "add_security_group_participants" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "remove_security_group_participants" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "in_active_security_group" );
+      add_intrinsic_to_whitelist( ps.whitelisted_intrinsics, "get_active_security_group" );
+   } );
+}
+
 /// End of protocol feature activation handlers
 
 } } /// eosio::chain

libraries/chain/fork_database.cpp

@@ -9,6 +9,7 @@
 #include <boost/multi_index/composite_key.hpp>
 #include <fc/io/fstream.hpp>
 #include <fstream>
+#include <eosio/chain/versioned_unpack_stream.hpp>
 
 namespace eosio { namespace chain {
    using boost::multi_index_container;
@@ -17,7 +18,7 @@ namespace eosio { namespace chain {
    const uint32_t fork_database::magic_number = 0x30510FDB;
 
    const uint32_t fork_database::min_supported_version = 1;
-   const uint32_t fork_database::max_supported_version = 1;
+   const uint32_t fork_database::max_supported_version = 2;
 
    // work around block_state::is_valid being private
    inline bool block_state_is_valid( const block_state& bs ) {
@@ -122,14 +123,23 @@ namespace eosio { namespace chain {
                        ("max", max_supported_version)
             );
 
+            // The unpack_strm here is used only to unpack `block_header_state` and `block_state`. However, those two
+            // classes are written to unpack based on the snapshot version; therefore,  we orient it to the snapshot version.
+
+            const bool              has_block_header_state_extension = version > min_supported_version;
+            versioned_unpack_stream unpack_strm(
+                ds, has_block_header_state_extension
+                        ? block_header_state::minimum_snapshot_version_with_state_extension
+                        : block_header_state::minimum_snapshot_version_with_state_extension - 1);
+
             block_header_state bhs;
-            fc::raw::unpack( ds, bhs );
+            fc::raw::unpack( unpack_strm, bhs );
             reset( bhs );
 
             unsigned_int size; fc::raw::unpack( ds, size );
             for( uint32_t i = 0, n = size.value; i < n; ++i ) {
                block_state s;
-               fc::raw::unpack( ds, s );
+               fc::raw::unpack( unpack_strm, s );
                // do not populate transaction_metadatas, they will be created as needed in apply_block with appropriate key recovery
                s.header_exts = s.block->validate_and_extract_header_extensions();
                my->add( std::make_shared<block_state>( move( s ) ), false, true, validator );