doxygen/html/mnauth_8cpp_source.html

 // Copyright (c) 2019-2020 The Dash Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #include <evo/mnauth.h>

 #include <evo/deterministicmns.h>
 #include <llmq/quorums_utils.h>
 #include <masternode/activemasternode.h>
 #include <masternode/masternode-meta.h>
 #include <masternode/masternode-sync.h>
 #include <net.h>
 #include <net_processing.h>
 #include <netmessagemaker.h>
 #include <validation.h>

 #include <unordered_set>

 void CMNAuth::PushMNAUTH(CNode* pnode, CConnman& connman)
 {
     if (!fMasternodeMode || activeMasternodeInfo.proTxHash.IsNull()) {
         return;
     }

     uint256 signHash;
     {
         LOCK(pnode->cs_mnauth);
         if (pnode->receivedMNAuthChallenge.IsNull()) {
             return;
         }
         // We include fInbound in signHash to forbid interchanging of challenges by a man in the middle (MITM). This way
         // we protect ourselves against MITM in this form:
         //   node1 <- Eve -> node2
         // It does not protect against:
         //   node1 -> Eve -> node2
         // This is ok as we only use MNAUTH as a DoS protection and not for sensitive stuff
         int nOurNodeVersion{PROTOCOL_VERSION};
         if (Params().NetworkIDString() != CBaseChainParams::MAIN && gArgs.IsArgSet("-pushversion")) {
             nOurNodeVersion = gArgs.GetArg("-pushversion", PROTOCOL_VERSION);
         }
         if (pnode->nVersion < MNAUTH_NODE_VER_VERSION || nOurNodeVersion < MNAUTH_NODE_VER_VERSION) {
             signHash = ::SerializeHash(std::make_tuple(*activeMasternodeInfo.blsPubKeyOperator, pnode->receivedMNAuthChallenge, pnode->fInbound));
         } else {
             signHash = ::SerializeHash(std::make_tuple(*activeMasternodeInfo.blsPubKeyOperator, pnode->receivedMNAuthChallenge, pnode->fInbound, nOurNodeVersion));
         }
     }

     CMNAuth mnauth;
     mnauth.proRegTxHash = activeMasternodeInfo.proTxHash;
     mnauth.sig = activeMasternodeInfo.blsKeyOperator->Sign(signHash);

     LogPrint(BCLog::NET_NETCONN, "CMNAuth::%s -- Sending MNAUTH, peer=%d\n", __func__, pnode->GetId());

     connman.PushMessage(pnode, CNetMsgMaker(pnode->GetSendVersion()).Make(NetMsgType::MNAUTH, mnauth));
 }

 void CMNAuth::ProcessMessage(CNode* pnode, const std::string& strCommand, CDataStream& vRecv, CConnman& connman)
 {
     if (!masternodeSync.IsBlockchainSynced()) {
         // we can't verify MNAUTH messages when we don't have the latest MN list
         return;
     }

     if (strCommand == NetMsgType::MNAUTH) {
         CMNAuth mnauth;
         vRecv >> mnauth;

         // only one MNAUTH allowed
         bool fAlreadyHaveMNAUTH = false;
         {
             LOCK(pnode->cs_mnauth);
             fAlreadyHaveMNAUTH = !pnode->verifiedProRegTxHash.IsNull();
         }
         if (fAlreadyHaveMNAUTH) {
             LOCK(cs_main);
             Misbehaving(pnode->GetId(), 100, "duplicate mnauth");
             return;
         }

         if ((~pnode->nServices) & (NODE_NETWORK | NODE_BLOOM)) {
             // either NODE_NETWORK or NODE_BLOOM bit is missing in node's services
             LOCK(cs_main);
             Misbehaving(pnode->GetId(), 100, "mnauth from a node with invalid services");
             return;
         }

         if (mnauth.proRegTxHash.IsNull()) {
             LOCK(cs_main);
             Misbehaving(pnode->GetId(), 100, "empty mnauth proRegTxHash");
             return;
         }

         if (!mnauth.sig.IsValid()) {
             LOCK(cs_main);
             Misbehaving(pnode->GetId(), 100, "invalid mnauth signature");
             return;
         }

         auto mnList = deterministicMNManager->GetListAtChainTip();
         auto dmn = mnList.GetMN(mnauth.proRegTxHash);
         if (!dmn) {
             LOCK(cs_main);
             // in case node was unlucky and not up to date, just let it be connected as a regular node, which gives it
             // a chance to get up-to-date and thus realize that it's not a MN anymore. We still give it a
             // low DoS score.
             Misbehaving(pnode->GetId(), 10, "missing mnauth masternode");
             return;
         }

         uint256 signHash;
         {
             LOCK(pnode->cs_mnauth);
             int nOurNodeVersion{PROTOCOL_VERSION};
             if (Params().NetworkIDString() != CBaseChainParams::MAIN && gArgs.IsArgSet("-pushversion")) {
                 nOurNodeVersion = gArgs.GetArg("-pushversion", PROTOCOL_VERSION);
             }
             // See comment in PushMNAUTH (fInbound is negated here as we're on the other side of the connection)
             if (pnode->nVersion < MNAUTH_NODE_VER_VERSION || nOurNodeVersion < MNAUTH_NODE_VER_VERSION) {
                 signHash = ::SerializeHash(std::make_tuple(dmn->pdmnState->pubKeyOperator, pnode->sentMNAuthChallenge, !pnode->fInbound));
             } else {
                 signHash = ::SerializeHash(std::make_tuple(dmn->pdmnState->pubKeyOperator, pnode->sentMNAuthChallenge, !pnode->fInbound, pnode->nVersion.load()));
             }
             LogPrint(BCLog::NET_NETCONN, "CMNAuth::%s -- constructed signHash for nVersion %d, peer=%d\n", __func__, pnode->nVersion, pnode->GetId());
         }

         if (!mnauth.sig.VerifyInsecure(dmn->pdmnState->pubKeyOperator.Get(), signHash)) {
             LOCK(cs_main);
             // Same as above, MN seems to not know its fate yet, so give it a chance to update. If this is a
             // malicious node (DoSing us), it'll get banned soon.
             Misbehaving(pnode->GetId(), 10, "mnauth signature verification failed");
             return;
         }

         if (!pnode->fInbound) {
             mmetaman.GetMetaInfo(mnauth.proRegTxHash)->SetLastOutboundSuccess(GetAdjustedTime());
             if (pnode->fMasternodeProbe) {
                 LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- Masternode probe successful for %s, disconnecting. peer=%d\n",
                          mnauth.proRegTxHash.ToString(), pnode->GetId());
                 pnode->fDisconnect = true;
                 return;
             }
         }

         connman.ForEachNode([&](CNode* pnode2) {
             if (pnode->fDisconnect) {
                 // we've already disconnected the new peer
                 return;
             }

             if (pnode2->verifiedProRegTxHash == mnauth.proRegTxHash) {
                 if (fMasternodeMode) {
                     auto deterministicOutbound = llmq::CLLMQUtils::DeterministicOutboundConnection(activeMasternodeInfo.proTxHash, mnauth.proRegTxHash);
                     LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- Masternode %s has already verified as peer %d, deterministicOutbound=%s. peer=%d\n",
                              mnauth.proRegTxHash.ToString(), pnode2->GetId(), deterministicOutbound.ToString(), pnode->GetId());
                     if (deterministicOutbound == activeMasternodeInfo.proTxHash) {
                         if (pnode2->fInbound) {
                             LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- dropping old inbound, peer=%d\n", pnode2->GetId());
                             pnode2->fDisconnect = true;
                         } else if (pnode->fInbound) {
                             LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- dropping new inbound, peer=%d\n", pnode->GetId());
                             pnode->fDisconnect = true;
                         }
                     } else {
                         if (!pnode2->fInbound) {
                             LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- dropping old outbound, peer=%d\n", pnode2->GetId());
                             pnode2->fDisconnect = true;
                         } else if (!pnode->fInbound) {
                             LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- dropping new outbound, peer=%d\n", pnode->GetId());
                             pnode->fDisconnect = true;
                         }
                     }
                 } else {
                     LogPrint(BCLog::NET_NETCONN, "CMNAuth::ProcessMessage -- Masternode %s has already verified as peer %d, dropping new connection. peer=%d\n",
                             mnauth.proRegTxHash.ToString(), pnode2->GetId(), pnode->GetId());
                     pnode->fDisconnect = true;
                 }
             }
         });

         if (pnode->fDisconnect) {
             return;
         }

         {
             LOCK(pnode->cs_mnauth);
             pnode->verifiedProRegTxHash = mnauth.proRegTxHash;
             pnode->verifiedPubKeyHash = dmn->pdmnState->pubKeyOperator.GetHash();
         }

         LogPrint(BCLog::NET_NETCONN, "CMNAuth::%s -- Valid MNAUTH for %s, peer=%d\n", __func__, mnauth.proRegTxHash.ToString(), pnode->GetId());
     }
 }

 void CMNAuth::NotifyMasternodeListChanged(bool undo, const CDeterministicMNList& oldMNList, const CDeterministicMNListDiff& diff)
 {
     // we're only interested in updated/removed MNs. Added MNs are of no interest for us
     if (diff.updatedMNs.empty() && diff.removedMns.empty()) {
         return;
     }

     g_connman->ForEachNode([&](CNode* pnode) {
         LOCK(pnode->cs_mnauth);
         if (pnode->verifiedProRegTxHash.IsNull()) {
             return;
         }
         auto verifiedDmn = oldMNList.GetMN(pnode->verifiedProRegTxHash);
         if (!verifiedDmn) {
             return;
         }
         bool doRemove = false;
         if (diff.removedMns.count(verifiedDmn->GetInternalId())) {
             doRemove = true;
         } else {
             auto it = diff.updatedMNs.find(verifiedDmn->GetInternalId());
             if (it != diff.updatedMNs.end()) {
                 if ((it->second.fields & CDeterministicMNStateDiff::Field_pubKeyOperator) && it->second.state.pubKeyOperator.GetHash() != pnode->verifiedPubKeyHash) {
                     doRemove = true;
                 }
             }
         }

         if (doRemove) {
             LogPrint(BCLog::NET_NETCONN, "CMNAuth::NotifyMasternodeListChanged -- Disconnecting MN %s due to key changed/removed, peer=%d\n",
                      pnode->verifiedProRegTxHash.ToString(), pnode->GetId());
             pnode->fDisconnect = true;
         }
     });
 }
BCLog::NET_NETCONN
Definition: util.h:147

net_processing.h

CChainParams::NetworkIDString
std::string NetworkIDString() const
Return the BIP70 network string (main, test or regtest)
Definition: chainparams.h:76

ArgsManager::IsArgSet
bool IsArgSet(const std::string &strArg) const
Return true if the given argument has been manually set.
Definition: util.cpp:784

masternodeSync
CMasternodeSync masternodeSync
Definition: masternode-sync.cpp:16

CNode::GetSendVersion
int GetSendVersion() const
Definition: net.cpp:887

CDeterministicMNListDiff
Definition: deterministicmns.h:547

net.h

CDeterministicMNStateDiff::Field_pubKeyOperator
Definition: deterministicmns.h:133

CDeterministicMNList::GetMN
CDeterministicMNCPtr GetMN(const uint256 &proTxHash) const
Definition: deterministicmns.cpp:134

activemasternode.h

cs_main
CCriticalSection cs_main
Definition: validation.cpp:213

NODE_NETWORK
Definition: protocol.h:285

CNode::cs_mnauth
CCriticalSection cs_mnauth
Definition: net.h:938

CConnman::PushMessage
void PushMessage(CNode *pnode, CSerializedNetMsg &&msg)
Definition: net.cpp:3733

CActiveMasternodeInfo::proTxHash
uint256 proTxHash
Definition: activemasternode.h:29

mnauth.h

CNode::verifiedPubKeyHash
uint256 verifiedPubKeyHash
Definition: net.h:942

NODE_BLOOM
Definition: protocol.h:293

CDataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:103

CMasternodeSync::IsBlockchainSynced
bool IsBlockchainSynced()
Definition: masternode-sync.h:52

CMNAuth::NotifyMasternodeListChanged
static void NotifyMasternodeListChanged(bool undo, const CDeterministicMNList &oldMNList, const CDeterministicMNListDiff &diff)
Definition: mnauth.cpp:194

deterministicMNManager
std::unique_ptr< CDeterministicMNManager > deterministicMNManager
Definition: deterministicmns.cpp:24

base_blob::IsNull
bool IsNull() const
Definition: uint256.h:33

CNode::nServices
std::atomic< ServiceFlags > nServices
Definition: net.h:805

CConnman::ForEachNode
void ForEachNode(const Condition &cond, Callable &&func)
Definition: net.h:288

CMNAuth::sig
CBLSSignature sig
Definition: mnauth.h:40

CBaseChainParams::MAIN
static const std::string MAIN
BIP70 chain name strings (main, test or regtest)
Definition: chainparamsbase.h:20

mmetaman
CMasternodeMetaMan mmetaman
Definition: masternode-meta.cpp:9

quorums_utils.h

SerializeHash
uint256 SerializeHash(const T &obj, int nType=SER_GETHASH, int nVersion=PROTOCOL_VERSION)
Compute the 256-bit hash of an object&#39;s serialization.
Definition: hash.h:254

Misbehaving
void Misbehaving(NodeId pnode, int howmuch, const std::string &message)
Increase a node&#39;s misbehavior score.
Definition: net_processing.cpp:1024

fMasternodeMode
bool fMasternodeMode
Definition: util.cpp:93

CDeterministicMNList
Definition: deterministicmns.h:288

activeMasternodeInfo
CActiveMasternodeInfo activeMasternodeInfo
Definition: activemasternode.cpp:15

LOCK
#define LOCK(cs)
Definition: sync.h:178

netmessagemaker.h

CMNAuth::proRegTxHash
uint256 proRegTxHash
Definition: mnauth.h:39

masternode-meta.h

deterministicmns.h

CConnman
Definition: net.h:136

CNode::fMasternodeProbe
bool fMasternodeProbe
Definition: net.h:866

CNode::sentMNAuthChallenge
uint256 sentMNAuthChallenge
Definition: net.h:939

base_blob::ToString
std::string ToString() const
Definition: uint256.cpp:62

CNode::GetId
NodeId GetId() const
Definition: net.h:973

CNode::fDisconnect
std::atomic_bool fDisconnect
Definition: net.h:853

LogPrint
#define LogPrint(category,...)
Definition: util.h:214

CMNAuth::ProcessMessage
static void ProcessMessage(CNode *pnode, const std::string &strCommand, CDataStream &vRecv, CConnman &connman)
Definition: mnauth.cpp:57

CMNAuth::PushMNAUTH
static void PushMNAUTH(CNode *pnode, CConnman &connman)
Definition: mnauth.cpp:19

uint256
256-bit opaque blob.
Definition: uint256.h:123

gArgs
ArgsManager gArgs
Definition: util.cpp:108

CNode::receivedMNAuthChallenge
uint256 receivedMNAuthChallenge
Definition: net.h:940

CMNAuth
This class handles the p2p message MNAUTH.
Definition: mnauth.h:36

CNode::verifiedProRegTxHash
uint256 verifiedProRegTxHash
Definition: net.h:941

MNAUTH_NODE_VER_VERSION
static const int MNAUTH_NODE_VER_VERSION
protocol version is included in MNAUTH starting with this version
Definition: version.h:58

CNode::fInbound
const bool fInbound
Definition: net.h:851

Params
const CChainParams & Params()
Return the currently selected parameters.
Definition: chainparams.cpp:947

PROTOCOL_VERSION
static const int PROTOCOL_VERSION
network protocol versioning
Definition: version.h:14

ArgsManager::GetArg
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
Definition: util.cpp:808

GetAdjustedTime
int64_t GetAdjustedTime()
Definition: timedata.cpp:35

g_connman
std::unique_ptr< CConnman > g_connman
Definition: init.cpp:97

CNetMsgMaker
Definition: netmessagemaker.h:12

CNode::nVersion
std::atomic< int > nVersion
Definition: net.h:838

NetMsgType::MNAUTH
const char * MNAUTH
Definition: protocol.cpp:77

masternode-sync.h

CActiveMasternodeInfo::blsPubKeyOperator
std::unique_ptr< CBLSPublicKey > blsPubKeyOperator
Definition: activemasternode.h:25

CNode
Information about a peer.
Definition: net.h:800

CDeterministicMNListDiff::removedMns
std::set< uint64_t > removedMns
Definition: deterministicmns.h:555

CActiveMasternodeInfo::blsKeyOperator
std::unique_ptr< CBLSSecretKey > blsKeyOperator
Definition: activemasternode.h:26

CDeterministicMNListDiff::updatedMNs
std::map< uint64_t, CDeterministicMNStateDiff > updatedMNs
Definition: deterministicmns.h:554

CMasternodeMetaMan::GetMetaInfo
CMasternodeMetaInfoPtr GetMetaInfo(const uint256 &proTxHash, bool fCreate=true)
Definition: masternode-meta.cpp:45