Branch data Line data Source code
1 : : // Copyright (c) 2022-present The Bitcoin Core developers
2 : : // Distributed under the MIT software license, see the accompanying
3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 : :
5 : : #ifndef BITCOIN_HEADERSSYNC_H
6 : : #define BITCOIN_HEADERSSYNC_H
7 : :
8 : : #include <arith_uint256.h>
9 : : #include <chain.h>
10 : : #include <consensus/params.h>
11 : : #include <net.h>
12 : : #include <primitives/block.h>
13 : : #include <uint256.h>
14 : : #include <util/bitdeque.h>
15 : : #include <util/hasher.h>
16 : :
17 : : #include <deque>
18 : : #include <vector>
19 : :
20 : : // A compressed CBlockHeader, which leaves out the prevhash
21 : : struct CompressedHeader {
22 : : // header
23 : : int32_t nVersion{0};
24 : : uint256 hashMerkleRoot;
25 : : uint32_t nTime{0};
26 : : uint32_t nBits{0};
27 : : uint32_t nNonce{0};
28 : :
29 : : CompressedHeader()
30 : : {
31 : : hashMerkleRoot.SetNull();
32 : : }
33 : :
34 : 30230 : CompressedHeader(const CBlockHeader& header)
35 : 30230 : {
36 : 30230 : nVersion = header.nVersion;
37 : 30230 : hashMerkleRoot = header.hashMerkleRoot;
38 : 30230 : nTime = header.nTime;
39 : 30230 : nBits = header.nBits;
40 : 30230 : nNonce = header.nNonce;
41 : 30230 : }
42 : :
43 : 29998 : CBlockHeader GetFullHeader(const uint256& hash_prev_block) {
44 : 29998 : CBlockHeader ret;
45 : 29998 : ret.nVersion = nVersion;
46 : 29998 : ret.hashPrevBlock = hash_prev_block;
47 : 29998 : ret.hashMerkleRoot = hashMerkleRoot;
48 : 29998 : ret.nTime = nTime;
49 : 29998 : ret.nBits = nBits;
50 : 29998 : ret.nNonce = nNonce;
51 [ + - ]: 29998 : return ret;
52 : : };
53 : : };
54 : :
55 : : /** HeadersSyncState:
56 : : *
57 : : * We wish to download a peer's headers chain in a DoS-resistant way.
58 : : *
59 : : * The Bitcoin protocol does not offer an easy way to determine the work on a
60 : : * peer's chain. Currently, we can query a peer's headers by using a GETHEADERS
61 : : * message, and our peer can return a set of up to 2000 headers that connect to
62 : : * something we know. If a peer's chain has more than 2000 blocks, then we need
63 : : * a way to verify that the chain actually has enough work on it to be useful to
64 : : * us -- by being above our anti-DoS minimum-chain-work threshold -- before we
65 : : * commit to storing those headers in memory. Otherwise, it would be cheap for
66 : : * an attacker to waste all our memory by serving us low-work headers
67 : : * (particularly for a new node coming online for the first time).
68 : : *
69 : : * To prevent memory-DoS with low-work headers, while still always being
70 : : * able to reorg to whatever the most-work chain is, we require that a chain
71 : : * meet a work threshold before committing it to memory. We can do this by
72 : : * downloading a peer's headers twice, whenever we are not sure that the chain
73 : : * has sufficient work:
74 : : *
75 : : * - In the first download phase, called pre-synchronization, we can calculate
76 : : * the work on the chain as we go (just by checking the nBits value on each
77 : : * header, and validating the proof-of-work).
78 : : *
79 : : * - Once we have reached a header where the cumulative chain work is
80 : : * sufficient, we switch to downloading the headers a second time, this time
81 : : * processing them fully, and possibly storing them in memory.
82 : : *
83 : : * To prevent an attacker from using (eg) the honest chain to convince us that
84 : : * they have a high-work chain, but then feeding us an alternate set of
85 : : * low-difficulty headers in the second phase, we store commitments to the
86 : : * chain we see in the first download phase that we check in the second phase,
87 : : * as follows:
88 : : *
89 : : * - In phase 1 (presync), store 1 bit (using a salted hash function) for every
90 : : * N headers that we see. With a reasonable choice of N, this uses relatively
91 : : * little memory even for a very long chain.
92 : : *
93 : : * - In phase 2 (redownload), keep a lookahead buffer and only accept headers
94 : : * from that buffer into the block index (permanent memory usage) once they
95 : : * have some target number of verified commitments on top of them. With this
96 : : * parametrization, we can achieve a given security target for potential
97 : : * permanent memory usage, while choosing N to minimize memory use during the
98 : : * sync (temporary, per-peer storage).
99 : : */
100 : :
101 : : class HeadersSyncState {
102 : : public:
103 : 4 : ~HeadersSyncState() = default;
104 : :
105 : : enum class State {
106 : : /** PRESYNC means the peer has not yet demonstrated their chain has
107 : : * sufficient work and we're only building commitments to the chain they
108 : : * serve us. */
109 : : PRESYNC,
110 : : /** REDOWNLOAD means the peer has given us a high-enough-work chain,
111 : : * and now we're redownloading the headers we saw before and trying to
112 : : * accept them */
113 : : REDOWNLOAD,
114 : : /** We're done syncing with this peer and can discard any remaining state */
115 : : FINAL
116 : : };
117 : :
118 : : /** Return the current state of our download */
119 [ + - + - : 14 : State GetState() const { return m_download_state; }
+ - + - +
- + - + -
+ - + - +
- ][ # # ]
120 : :
121 : : /** Return the height reached during the PRESYNC phase */
122 : 0 : int64_t GetPresyncHeight() const { return m_current_height; }
123 : :
124 : : /** Return the block timestamp of the last header received during the PRESYNC phase. */
125 : 0 : uint32_t GetPresyncTime() const { return m_last_header_received.nTime; }
126 : :
127 : : /** Return the amount of work in the chain received during the PRESYNC phase. */
128 [ # # ]: 0 : arith_uint256 GetPresyncWork() const { return m_current_chain_work; }
129 : :
130 : : /** Construct a HeadersSyncState object representing a headers sync via this
131 : : * download-twice mechanism).
132 : : *
133 : : * id: node id (for logging)
134 : : * consensus_params: parameters needed for difficulty adjustment validation
135 : : * chain_start: best known fork point that the peer's headers branch from
136 : : * minimum_required_work: amount of chain work required to accept the chain
137 : : */
138 : : HeadersSyncState(NodeId id, const Consensus::Params& consensus_params,
139 : : const HeadersSyncParams& params, const CBlockIndex* chain_start,
140 : : const arith_uint256& minimum_required_work);
141 : :
142 : : /** Result data structure for ProcessNextHeaders. */
143 [ - + + - : 13 : struct ProcessingResult {
+ - + - -
+ - + ]
144 : : std::vector<CBlockHeader> pow_validated_headers;
145 : : bool success{false};
146 : : bool request_more{false};
147 : : };
148 : :
149 : : /** Process a batch of headers, once a sync via this mechanism has started
150 : : *
151 : : * received_headers: headers that were received over the network for processing.
152 : : * Assumes the caller has already verified the headers
153 : : * are continuous, and has checked that each header
154 : : * satisfies the proof-of-work target included in the
155 : : * header (but not necessarily verified that the
156 : : * proof-of-work target is correct and passes consensus
157 : : * rules).
158 : : * full_headers_message: true if the message was at max capacity,
159 : : * indicating more headers may be available
160 : : * ProcessingResult.pow_validated_headers: will be filled in with any
161 : : * headers that the caller can fully process and
162 : : * validate now (because these returned headers are
163 : : * on a chain with sufficient work)
164 : : * ProcessingResult.success: set to false if an error is detected and the sync is
165 : : * aborted; true otherwise.
166 : : * ProcessingResult.request_more: if true, the caller is suggested to call
167 : : * NextHeadersRequestLocator and send a getheaders message using it.
168 : : */
169 : : ProcessingResult ProcessNextHeaders(std::span<const CBlockHeader>
170 : : received_headers, bool full_headers_message);
171 : :
172 : : /** Issue the next GETHEADERS message to our peer.
173 : : *
174 : : * This will return a locator appropriate for the current sync object, to continue the
175 : : * synchronization phase it is in.
176 : : */
177 : : CBlockLocator NextHeadersRequestLocator() const;
178 : :
179 : : protected:
180 : : /** The (secret) offset on the heights for which to create commitments.
181 : : *
182 : : * m_header_commitments entries are created at any height h for which
183 : : * (h % m_params.commitment_period) == m_commit_offset. */
184 : : const size_t m_commit_offset;
185 : :
186 : : private:
187 : : /** Clear out all download state that might be in progress (freeing any used
188 : : * memory), and mark this object as no longer usable.
189 : : */
190 : : void Finalize();
191 : :
192 : : /**
193 : : * Only called in PRESYNC.
194 : : * Validate the work on the headers we received from the network, and
195 : : * store commitments for later. Update overall state with successfully
196 : : * processed headers.
197 : : * On failure, this invokes Finalize() and returns false.
198 : : */
199 : : bool ValidateAndStoreHeadersCommitments(std::span<const CBlockHeader> headers);
200 : :
201 : : /** In PRESYNC, process and update state for a single header */
202 : : bool ValidateAndProcessSingleHeader(const CBlockHeader& current);
203 : :
204 : : /** In REDOWNLOAD, check a header's commitment (if applicable) and add to
205 : : * buffer for later processing */
206 : : bool ValidateAndStoreRedownloadedHeader(const CBlockHeader& header);
207 : :
208 : : /** Return a set of headers that satisfy our proof-of-work threshold */
209 : : std::vector<CBlockHeader> PopHeadersReadyForAcceptance();
210 : :
211 : : private:
212 : : /** NodeId of the peer (used for log messages) **/
213 : : const NodeId m_id;
214 : :
215 : : /** We use the consensus params in our anti-DoS calculations */
216 : : const Consensus::Params& m_consensus_params;
217 : :
218 : : /** Parameters that impact memory usage for a given chain, especially when attacked. */
219 : : const HeadersSyncParams m_params;
220 : :
221 : : /** Store the last block in our block index that the peer's chain builds from */
222 : : const CBlockIndex* m_chain_start{nullptr};
223 : :
224 : : /** Minimum work that we're looking for on this chain. */
225 : : const arith_uint256 m_minimum_required_work;
226 : :
227 : : /** Work that we've seen so far on the peer's chain */
228 : : arith_uint256 m_current_chain_work;
229 : :
230 : : /** m_hasher is a salted hasher for making our 1-bit commitments to headers we've seen. */
231 : : const SaltedUint256Hasher m_hasher;
232 : :
233 : : /** A queue of commitment bits, created during the 1st phase, and verified during the 2nd. */
234 : : bitdeque<> m_header_commitments;
235 : :
236 : : /** m_max_commitments is a bound we calculate on how long an honest peer's chain could be,
237 : : * given the MTP rule.
238 : : *
239 : : * Any peer giving us more headers than this will have its sync aborted. This serves as a
240 : : * memory bound on m_header_commitments. */
241 : : uint64_t m_max_commitments{0};
242 : :
243 : : /** Store the latest header received while in PRESYNC (initialized to m_chain_start) */
244 : : CBlockHeader m_last_header_received;
245 : :
246 : : /** Height of m_last_header_received */
247 : : int64_t m_current_height{0};
248 : :
249 : : /** During phase 2 (REDOWNLOAD), we buffer redownloaded headers in memory
250 : : * until enough commitments have been verified; those are stored in
251 : : * m_redownloaded_headers */
252 : : std::deque<CompressedHeader> m_redownloaded_headers;
253 : :
254 : : /** Height of last header in m_redownloaded_headers */
255 : : int64_t m_redownload_buffer_last_height{0};
256 : :
257 : : /** Hash of last header in m_redownloaded_headers (initialized to
258 : : * m_chain_start). We have to cache it because we don't have hashPrevBlock
259 : : * available in a CompressedHeader.
260 : : */
261 : : uint256 m_redownload_buffer_last_hash;
262 : :
263 : : /** The hashPrevBlock entry for the first header in m_redownloaded_headers
264 : : * We need this to reconstruct the full header when it's time for
265 : : * processing.
266 : : */
267 : : uint256 m_redownload_buffer_first_prev_hash;
268 : :
269 : : /** The accumulated work on the redownloaded chain. */
270 : : arith_uint256 m_redownload_chain_work;
271 : :
272 : : /** Set this to true once we encounter the target blockheader during phase
273 : : * 2 (REDOWNLOAD). At this point, we can process and store all remaining
274 : : * headers still in m_redownloaded_headers.
275 : : */
276 : : bool m_process_all_remaining_headers{false};
277 : :
278 : : /** Current state of our headers sync. */
279 : : State m_download_state{State::PRESYNC};
280 : : };
281 : :
282 : : #endif // BITCOIN_HEADERSSYNC_H
|
