fabric icon indicating copy to clipboard operation
fabric copied to clipboard

Published 20 hours ago verified publisher icon hyperledger-archives

3 VPs panic when they cannot validate default identity in core.yaml under security level 384

Open RicHernandez2 opened this issue 9 years ago • 8 comments

Description:

3 VPs panicked when they could not verify jdoe's (default VP name) identity saying they could not verify signature.

Steps to repro:

  1. Setup a secure set of 4 VPs using pbft and security to 384 in membersvc.yaml and core.yaml
  2. Start up ./membersvc
  3. Start up peers with the following commandlines:
docker run --rm -it -e CORE_VM_ENDPOINT=http://172.17.0.1:4243 -e CORE_PEER_ADDRESSAUTODETECT=true -e CORE_PEER_PKI_ECA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TCA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TLSCA_PADDR=172.17.0.1:50051 -v /opt/gopath:/go -p 5000:5000 hyperledger-peer ./peer peer
docker run --rm -it -e CORE_VM_ENDPOINT=http://172.17.0.1:4243 -e CORE_PEER_ID=vp1 -e CORE_PEER_ADDRESSAUTODETECT=true -e CORE_PEER_DISCOVERY_ROOTNODE=172.17.0.2:30303 -e CORE_PEER_PKI_ECA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TCA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TLSCA_PADDR=172.17.0.1:50051 -e CORE_SECURITY_ENROLLID=test_vp1 -e CORE_SECURITY_ENROLLSECRET=5wgHK9qqYaPy -v /opt/gopath:/go hyperledger-peer ./peer peer
docker run --rm -it -e CORE_VM_ENDPOINT=http://172.17.0.1:4243 -e CORE_PEER_ID=vp2 -e CORE_PEER_ADDRESSAUTODETECT=true -e CORE_PEER_DISCOVERY_ROOTNODE=172.17.0.2:30303 -e CORE_PEER_PKI_ECA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TCA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TLSCA_PADDR=172.17.0.1:50051 -e CORE_SECURITY_ENROLLID=test_vp2 -e CORE_SECURITY_ENROLLSECRET=vQelbRvja7cJ -v /opt/gopath:/go hyperledger-peer ./peer peer
docker run --rm -it -e CORE_VM_ENDPOINT=http://172.17.0.1:4243 -e CORE_PEER_ID=vp3 -e CORE_PEER_ADDRESSAUTODETECT=true -e CORE_PEER_DISCOVERY_ROOTNODE=172.17.0.2:30303 -e CORE_PEER_PKI_ECA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TCA_PADDR=172.17.0.1:50051 -e CORE_PEER_PKI_TLSCA_PADDR=172.17.0.1:50051 -e CORE_SECURITY_ENROLLID=test_vp3 -e CORE_SECURITY_ENROLLSECRET=9LKqKH5peurL -v /opt/gopath:/go hyperledger-peer ./peer peer

Results:

3 VPs Panic.

Expected Results:

Security at level 384 should still be able to function

Logs: 3 VP panic 1 of 4.txt 3 VP panic 2 of 4.txt 3 VP panic 3 of 4.txt 3 VP panic 4 of 4.txt

RicHernandez2 avatar Apr 13 '16 19:04 RicHernandez2

#756 hasn't been merged yet. I'm doing the behave tests for that as we speak.

tuand27613 avatar Apr 13 '16 19:04 tuand27613

From the logs, I don't see any issue related to the crypto layer. @RicHernandez2, does the same setting with security level at 256 work?

adecaro avatar Apr 14 '16 08:04 adecaro

@adecaro, It does happen at level 256, it seems to be the name "jdoe" tripping things up.

256 security level with default name in core yaml.txt

RicHernandez2 avatar Apr 14 '16 15:04 RicHernandez2

@tuand27613 is this a dupe of issue #756?

srderson avatar Apr 15 '16 01:04 srderson

can we merge this with #756?

corecode avatar Apr 27 '16 09:04 corecode

yes. I was going to verify #756 using this as one of the test cases.

tuand27613 avatar Apr 27 '16 12:04 tuand27613

@tuand27613 is this issue still relevant? Please close if not. Thanks

christo4ferris avatar Jul 25 '16 14:07 christo4ferris

We can close this.

@cbf, can you close ? Ric, who opened this , is no longer on the project. Thanks !

tuand27613 avatar Jul 25 '16 21:07 tuand27613