Skip to content

Commit

Permalink
refactor, always verify witnesses if beacon valid.
Browse files Browse the repository at this point in the history 
apply recip check post beacon & witness verification
  • Loading branch information
@andymck
andymck committed Mar 14, 2024
1 parent 60b5450 commit cd23fde
Show file tree
Hide file tree
Showing 3 changed files with 324 additions and 259 deletions.
62 changes: 5 additions & 57 deletions iot_verifier/src/poc.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,6 @@ lazy_static! {
static ref MAX_WITNESS_LAG: Duration = Duration::milliseconds(1500);
/// max permitted lag between the beaconer and a witness
static ref MAX_BEACON_TO_WITNESS_LAG: Duration = Duration::milliseconds(4000);
/// the duration in which a beaconer or witness must have a valid opposite report from
static ref RECIPROCITY_WINDOW: Duration = Duration::hours(48);

}
#[derive(Debug, PartialEq)]
pub struct InvalidResponse {
Expand All @@ -70,8 +67,8 @@ pub struct InvalidResponse {
pub struct Poc {
pool: PgPool,
beacon_interval: Duration,
beacon_report: IotBeaconIngestReport,
witness_reports: Vec<IotWitnessIngestReport>,
pub beacon_report: IotBeaconIngestReport,
pub witness_reports: Vec<IotWitnessIngestReport>,
entropy_start: DateTime<Utc>,
entropy_end: DateTime<Utc>,
entropy_version: i32,
Expand Down Expand Up @@ -118,7 +115,6 @@ impl Poc {
gateway_cache: &GatewayCache,
region_cache: &RegionCache<G>,
deny_list: &DenyList,
witness_updater: &WitnessUpdater,
) -> anyhow::Result<VerifyBeaconResult>
where
G: Gateways,
Expand Down Expand Up @@ -176,21 +172,9 @@ impl Poc {
&beaconer_pub_key,
self.beacon_report.received_timestamp,
)
.await?;
}

// post regular validations, check for beacon reciprocity
// if this check fails we will invalidate the beacon
// even tho it has passed all regular validations
if !self.verify_beacon_reciprocity(witness_updater).await? {
Ok(VerifyBeaconResult::invalid(
InvalidReason::GatewayNoValidWitnesses,
None,
beaconer_info,
))
} else {
Ok(VerifyBeaconResult::valid(beaconer_info, tx_scale))
.await?
}
Ok(VerifyBeaconResult::valid(beaconer_info, tx_scale))
}
Err(invalid_response) => Ok(VerifyBeaconResult::invalid(
invalid_response.reason,
Expand Down Expand Up @@ -233,7 +217,7 @@ impl Poc {
)
.await
{
Ok(mut verified_witness) => {
Ok(verified_witness) => {
// track which gateways we have saw a witness report from
existing_gateways.push(verified_witness.report.pub_key.clone());
if verified_witness.status == VerificationStatus::Valid {
Expand All @@ -242,17 +226,6 @@ impl Poc {
id: witness_report.report.pub_key.clone(),
timestamp: verified_witness.received_timestamp,
});

// post regular validations, check for witness reciprocity
// if this check fails we will invalidate the witness
// even tho it has passed all regular validations
if !self.verify_witness_reciprocity(&witness_report).await? {
verified_witness.status = VerificationStatus::Invalid;
verified_witness.invalid_reason =
InvalidReason::GatewayNoValidBeacons;
verified_witness.participant_side =
InvalidParticipantSide::Witness;
}
};
verified_witnesses.push(verified_witness);
}
Expand Down Expand Up @@ -383,31 +356,6 @@ impl Poc {
)),
}
}

async fn verify_beacon_reciprocity(
&self,
witness_updater: &WitnessUpdater,
) -> anyhow::Result<bool> {
if !self.witness_reports.is_empty() {
let last_witness = witness_updater
.get_last_witness(&self.beacon_report.report.pub_key)
.await?;
return Ok(last_witness.map_or(false, |lw| {
self.beacon_report.received_timestamp - lw.timestamp < *RECIPROCITY_WINDOW
}));
}
Ok(false)
}

async fn verify_witness_reciprocity(
&self,
report: &IotWitnessIngestReport,
) -> anyhow::Result<bool> {
let last_beacon = LastBeacon::get(&self.pool, &report.report.pub_key).await?;
Ok(last_beacon.map_or(false, |lw| {
report.received_timestamp - lw.timestamp < *RECIPROCITY_WINDOW
}))
}
}

#[allow(clippy::too_many_arguments)]
Expand Down
Loading

0 comments on commit cd23fde

Please sign in to comment.