R4R: Split immutable and mutable parts of priv_validator.json (#2870)

* split immutable and mutable parts of priv_validator.json * fix bugs * minor changes * retrig test * delete scripts/wire2amino.go * fix test * fixes from review * privval: remove mtx * rearrange priv_validator.go * upgrade path * write tests for the upgrade * fix for unsafe_reset_all * add test * add reset test
2025-06-13 05:11:21 +00:00 · 2018-12-22 05:58:27 +08:00
parent a88e283a9d
commit 41e2eeee9c
22 changed files with 805 additions and 445 deletions
--- a/privval/old_priv_validator.go
+++ b/privval/old_priv_validator.go
@ -0,0 +1,80 @@
+package privval
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/tendermint/tendermint/crypto"
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/types"
+)
+
+// OldFilePV is the old version of the FilePV, pre v0.28.0.
+type OldFilePV struct {
+	Address       types.Address  `json:"address"`
+	PubKey        crypto.PubKey  `json:"pub_key"`
+	LastHeight    int64          `json:"last_height"`
+	LastRound     int            `json:"last_round"`
+	LastStep      int8           `json:"last_step"`
+	LastSignature []byte         `json:"last_signature,omitempty"`
+	LastSignBytes cmn.HexBytes   `json:"last_signbytes,omitempty"`
+	PrivKey       crypto.PrivKey `json:"priv_key"`
+
+	filePath string
+}
+
+// LoadOldFilePV loads an OldFilePV from the filePath.
+func LoadOldFilePV(filePath string) (*OldFilePV, error) {
+	pvJSONBytes, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return nil, err
+	}
+	pv := &OldFilePV{}
+	err = cdc.UnmarshalJSON(pvJSONBytes, &pv)
+	if err != nil {
+		return nil, err
+	}
+
+	// overwrite pubkey and address for convenience
+	pv.PubKey = pv.PrivKey.PubKey()
+	pv.Address = pv.PubKey.Address()
+
+	pv.filePath = filePath
+	return pv, nil
+}
+
+// Upgrade convets the OldFilePV to the new FilePV, separating the immutable and mutable components,
+// and persisting them to the keyFilePath and stateFilePath, respectively.
+// It renames the original file by adding ".bak".
+func (oldFilePV *OldFilePV) Upgrade(keyFilePath, stateFilePath string) *FilePV {
+	privKey := oldFilePV.PrivKey
+	pvKey := FilePVKey{
+		PrivKey:  privKey,
+		PubKey:   privKey.PubKey(),
+		Address:  privKey.PubKey().Address(),
+		filePath: keyFilePath,
+	}
+
+	pvState := FilePVLastSignState{
+		Height:    oldFilePV.LastHeight,
+		Round:     oldFilePV.LastRound,
+		Step:      oldFilePV.LastStep,
+		Signature: oldFilePV.LastSignature,
+		SignBytes: oldFilePV.LastSignBytes,
+		filePath:  stateFilePath,
+	}
+
+	// Save the new PV files
+	pv := &FilePV{
+		Key:           pvKey,
+		LastSignState: pvState,
+	}
+	pv.Save()
+
+	// Rename the old PV file
+	err := os.Rename(oldFilePV.filePath, oldFilePV.filePath+".bak")
+	if err != nil {
+		panic(err)
+	}
+	return pv
+}
--- a/privval/old_priv_validator_test.go
+++ b/privval/old_priv_validator_test.go
@ -0,0 +1,77 @@
+package privval_test
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/tendermint/tendermint/privval"
+)
+
+const oldPrivvalContent = `{
+  "address": "1D8089FAFDFAE4A637F3D616E17B92905FA2D91D",
+  "pub_key": {
+    "type": "tendermint/PubKeyEd25519",
+    "value": "r3Yg2AhDZ745CNTpavsGU+mRZ8WpRXqoJuyqjN8mJq0="
+  },
+  "last_height": "5",
+  "last_round": "0",
+  "last_step": 3,
+  "last_signature": "CTr7b9ZQlrJJf+12rPl5t/YSCUc/KqV7jQogCfFJA24e7hof69X6OMT7eFLVQHyodPjD/QTA298XHV5ejxInDQ==",
+  "last_signbytes": "750802110500000000000000220B08B398F3E00510F48DA6402A480A20FC258973076512999C3E6839A22E9FBDB1B77CF993E8A9955412A41A59D4CAD312240A20C971B286ACB8AAA6FCA0365EB0A660B189EDC08B46B5AF2995DEFA51A28D215B10013211746573742D636861696E2D533245415533",
+  "priv_key": {
+    "type": "tendermint/PrivKeyEd25519",
+    "value": "7MwvTGEWWjsYwjn2IpRb+GYsWi9nnFsw8jPLLY1UtP6vdiDYCENnvjkI1Olq+wZT6ZFnxalFeqgm7KqM3yYmrQ=="
+  }
+}`
+
+func TestLoadAndUpgrade(t *testing.T) {
+
+	oldFilePath := initTmpOldFile(t)
+	defer os.Remove(oldFilePath)
+	newStateFile, err := ioutil.TempFile("", "priv_validator_state*.json")
+	defer os.Remove(newStateFile.Name())
+	require.NoError(t, err)
+	newKeyFile, err := ioutil.TempFile("", "priv_validator_key*.json")
+	defer os.Remove(newKeyFile.Name())
+	require.NoError(t, err)
+
+	oldPV, err := privval.LoadOldFilePV(oldFilePath)
+	assert.NoError(t, err)
+	newPV := oldPV.Upgrade(newKeyFile.Name(), newStateFile.Name())
+
+	assertEqualPV(t, oldPV, newPV)
+	assert.NoError(t, err)
+	upgradedPV := privval.LoadFilePV(newKeyFile.Name(), newStateFile.Name())
+	assertEqualPV(t, oldPV, upgradedPV)
+	oldPV, err = privval.LoadOldFilePV(oldFilePath + ".bak")
+	require.NoError(t, err)
+	assertEqualPV(t, oldPV, upgradedPV)
+}
+
+func assertEqualPV(t *testing.T, oldPV *privval.OldFilePV, newPV *privval.FilePV) {
+	assert.Equal(t, oldPV.Address, newPV.Key.Address)
+	assert.Equal(t, oldPV.Address, newPV.GetAddress())
+	assert.Equal(t, oldPV.PubKey, newPV.Key.PubKey)
+	assert.Equal(t, oldPV.PubKey, newPV.GetPubKey())
+	assert.Equal(t, oldPV.PrivKey, newPV.Key.PrivKey)
+
+	assert.Equal(t, oldPV.LastHeight, newPV.LastSignState.Height)
+	assert.Equal(t, oldPV.LastRound, newPV.LastSignState.Round)
+	assert.Equal(t, oldPV.LastSignature, newPV.LastSignState.Signature)
+	assert.Equal(t, oldPV.LastSignBytes, newPV.LastSignState.SignBytes)
+	assert.Equal(t, oldPV.LastStep, newPV.LastSignState.Step)
+}
+
+func initTmpOldFile(t *testing.T) string {
+	tmpfile, err := ioutil.TempFile("", "priv_validator_*.json")
+	require.NoError(t, err)
+	t.Logf("created test file %s", tmpfile.Name())
+	_, err = tmpfile.WriteString(oldPrivvalContent)
+	require.NoError(t, err)
+
+	return tmpfile.Name()
+}
--- a/privval/priv_validator.go
+++ b/privval/priv_validator.go
@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"sync"
 	"time"

 	"github.com/tendermint/tendermint/crypto"
@ -35,100 +34,90 @@ func voteToStep(vote *types.Vote) int8 {
 	}
 }

-// FilePV implements PrivValidator using data persisted to disk
-// to prevent double signing.
-// NOTE: the directory containing the pv.filePath must already exist.
-// It includes the LastSignature and LastSignBytes so we don't lose the signature
-// if the process crashes after signing but before the resulting consensus message is processed.
-type FilePV struct {
-	Address       types.Address  `json:"address"`
-	PubKey        crypto.PubKey  `json:"pub_key"`
-	LastHeight    int64          `json:"last_height"`
-	LastRound     int            `json:"last_round"`
-	LastStep      int8           `json:"last_step"`
-	LastSignature []byte         `json:"last_signature,omitempty"`
-	LastSignBytes cmn.HexBytes   `json:"last_signbytes,omitempty"`
-	PrivKey       crypto.PrivKey `json:"priv_key"`
+//-------------------------------------------------------------------------------
+
+// FilePVKey stores the immutable part of PrivValidator.
+type FilePVKey struct {
+	Address types.Address  `json:"address"`
+	PubKey  crypto.PubKey  `json:"pub_key"`
+	PrivKey crypto.PrivKey `json:"priv_key"`

-	// For persistence.
-	// Overloaded for testing.
 	filePath string
-	mtx      sync.Mutex
 }

-// GetAddress returns the address of the validator.
-// Implements PrivValidator.
-func (pv *FilePV) GetAddress() types.Address {
-	return pv.Address
-}
-
-// GetPubKey returns the public key of the validator.
-// Implements PrivValidator.
-func (pv *FilePV) GetPubKey() crypto.PubKey {
-	return pv.PubKey
-}
-
-// GenFilePV generates a new validator with randomly generated private key
-// and sets the filePath, but does not call Save().
-func GenFilePV(filePath string) *FilePV {
-	privKey := ed25519.GenPrivKey()
-	return &FilePV{
-		Address:  privKey.PubKey().Address(),
-		PubKey:   privKey.PubKey(),
-		PrivKey:  privKey,
-		LastStep: stepNone,
-		filePath: filePath,
-	}
-}
-
-// LoadFilePV loads a FilePV from the filePath.  The FilePV handles double
-// signing prevention by persisting data to the filePath.  If the filePath does
-// not exist, the FilePV must be created manually and saved.
-func LoadFilePV(filePath string) *FilePV {
-	pvJSONBytes, err := ioutil.ReadFile(filePath)
-	if err != nil {
-		cmn.Exit(err.Error())
-	}
-	pv := &FilePV{}
-	err = cdc.UnmarshalJSON(pvJSONBytes, &pv)
-	if err != nil {
-		cmn.Exit(fmt.Sprintf("Error reading PrivValidator from %v: %v\n", filePath, err))
-	}
-
-	// overwrite pubkey and address for convenience
-	pv.PubKey = pv.PrivKey.PubKey()
-	pv.Address = pv.PubKey.Address()
-
-	pv.filePath = filePath
-	return pv
-}
-
-// LoadOrGenFilePV loads a FilePV from the given filePath
-// or else generates a new one and saves it to the filePath.
-func LoadOrGenFilePV(filePath string) *FilePV {
-	var pv *FilePV
-	if cmn.FileExists(filePath) {
-		pv = LoadFilePV(filePath)
-	} else {
-		pv = GenFilePV(filePath)
-		pv.Save()
-	}
-	return pv
-}
-
-// Save persists the FilePV to disk.
-func (pv *FilePV) Save() {
-	pv.mtx.Lock()
-	defer pv.mtx.Unlock()
-	pv.save()
-}
-
-func (pv *FilePV) save() {
-	outFile := pv.filePath
+// Save persists the FilePVKey to its filePath.
+func (pvKey FilePVKey) Save() {
+	outFile := pvKey.filePath
 	if outFile == "" {
-		panic("Cannot save PrivValidator: filePath not set")
+		panic("Cannot save PrivValidator key: filePath not set")
 	}
-	jsonBytes, err := cdc.MarshalJSONIndent(pv, "", "  ")
+
+	jsonBytes, err := cdc.MarshalJSONIndent(pvKey, "", "  ")
+	if err != nil {
+		panic(err)
+	}
+	err = cmn.WriteFileAtomic(outFile, jsonBytes, 0600)
+	if err != nil {
+		panic(err)
+	}
+
+}
+
+//-------------------------------------------------------------------------------
+
+// FilePVLastSignState stores the mutable part of PrivValidator.
+type FilePVLastSignState struct {
+	Height    int64        `json:"height"`
+	Round     int          `json:"round"`
+	Step      int8         `json:"step"`
+	Signature []byte       `json:"signature,omitempty"`
+	SignBytes cmn.HexBytes `json:"signbytes,omitempty"`
+
+	filePath string
+}
+
+// CheckHRS checks the given height, round, step (HRS) against that of the
+// FilePVLastSignState. It returns an error if the arguments constitute a regression,
+// or if they match but the SignBytes are empty.
+// The returned boolean indicates whether the last Signature should be reused -
+// it returns true if the HRS matches the arguments and the SignBytes are not empty (indicating
+// we have already signed for this HRS, and can reuse the existing signature).
+// It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.
+func (lss *FilePVLastSignState) CheckHRS(height int64, round int, step int8) (bool, error) {
+
+	if lss.Height > height {
+		return false, errors.New("Height regression")
+	}
+
+	if lss.Height == height {
+		if lss.Round > round {
+			return false, errors.New("Round regression")
+		}
+
+		if lss.Round == round {
+			if lss.Step > step {
+				return false, errors.New("Step regression")
+			} else if lss.Step == step {
+				if lss.SignBytes != nil {
+					if lss.Signature == nil {
+						panic("pv: Signature is nil but SignBytes is not!")
+					}
+					return true, nil
+				}
+				return false, errors.New("No SignBytes found")
+			}
+		}
+	}
+	return false, nil
+}
+
+// Save persists the FilePvLastSignState to its filePath.
+func (lss *FilePVLastSignState) Save() {
+	outFile := lss.filePath
+	if outFile == "" {
+		panic("Cannot save FilePVLastSignState: filePath not set")
+	}
+	jsonBytes, err := cdc.MarshalJSONIndent(lss, "", "  ")
 	if err != nil {
 		panic(err)
 	}
@ -138,23 +127,115 @@ func (pv *FilePV) save() {
 	}
 }

-// Reset resets all fields in the FilePV.
-// NOTE: Unsafe!
-func (pv *FilePV) Reset() {
-	var sig []byte
-	pv.LastHeight = 0
-	pv.LastRound = 0
-	pv.LastStep = 0
-	pv.LastSignature = sig
-	pv.LastSignBytes = nil
-	pv.Save()
+//-------------------------------------------------------------------------------
+
+// FilePV implements PrivValidator using data persisted to disk
+// to prevent double signing.
+// NOTE: the directories containing pv.Key.filePath and pv.LastSignState.filePath must already exist.
+// It includes the LastSignature and LastSignBytes so we don't lose the signature
+// if the process crashes after signing but before the resulting consensus message is processed.
+type FilePV struct {
+	Key           FilePVKey
+	LastSignState FilePVLastSignState
+}
+
+// GenFilePV generates a new validator with randomly generated private key
+// and sets the filePaths, but does not call Save().
+func GenFilePV(keyFilePath, stateFilePath string) *FilePV {
+	privKey := ed25519.GenPrivKey()
+
+	return &FilePV{
+		Key: FilePVKey{
+			Address:  privKey.PubKey().Address(),
+			PubKey:   privKey.PubKey(),
+			PrivKey:  privKey,
+			filePath: keyFilePath,
+		},
+		LastSignState: FilePVLastSignState{
+			Step:     stepNone,
+			filePath: stateFilePath,
+		},
+	}
+}
+
+// LoadFilePV loads a FilePV from the filePaths.  The FilePV handles double
+// signing prevention by persisting data to the stateFilePath.  If either file path
+// does not exist, the program will exit.
+func LoadFilePV(keyFilePath, stateFilePath string) *FilePV {
+	return loadFilePV(keyFilePath, stateFilePath, true)
+}
+
+// LoadFilePVEmptyState loads a FilePV from the given keyFilePath, with an empty LastSignState.
+// If the keyFilePath does not exist, the program will exit.
+func LoadFilePVEmptyState(keyFilePath, stateFilePath string) *FilePV {
+	return loadFilePV(keyFilePath, stateFilePath, false)
+}
+
+// If loadState is true, we load from the stateFilePath. Otherwise, we use an empty LastSignState.
+func loadFilePV(keyFilePath, stateFilePath string, loadState bool) *FilePV {
+	keyJSONBytes, err := ioutil.ReadFile(keyFilePath)
+	if err != nil {
+		cmn.Exit(err.Error())
+	}
+	pvKey := FilePVKey{}
+	err = cdc.UnmarshalJSON(keyJSONBytes, &pvKey)
+	if err != nil {
+		cmn.Exit(fmt.Sprintf("Error reading PrivValidator key from %v: %v\n", keyFilePath, err))
+	}
+
+	// overwrite pubkey and address for convenience
+	pvKey.PubKey = pvKey.PrivKey.PubKey()
+	pvKey.Address = pvKey.PubKey.Address()
+	pvKey.filePath = keyFilePath
+
+	pvState := FilePVLastSignState{}
+	if loadState {
+		stateJSONBytes, err := ioutil.ReadFile(stateFilePath)
+		if err != nil {
+			cmn.Exit(err.Error())
+		}
+		err = cdc.UnmarshalJSON(stateJSONBytes, &pvState)
+		if err != nil {
+			cmn.Exit(fmt.Sprintf("Error reading PrivValidator state from %v: %v\n", stateFilePath, err))
+		}
+	}
+
+	pvState.filePath = stateFilePath
+
+	return &FilePV{
+		Key:           pvKey,
+		LastSignState: pvState,
+	}
+}
+
+// LoadOrGenFilePV loads a FilePV from the given filePaths
+// or else generates a new one and saves it to the filePaths.
+func LoadOrGenFilePV(keyFilePath, stateFilePath string) *FilePV {
+	var pv *FilePV
+	if cmn.FileExists(keyFilePath) {
+		pv = LoadFilePV(keyFilePath, stateFilePath)
+	} else {
+		pv = GenFilePV(keyFilePath, stateFilePath)
+		pv.Save()
+	}
+	return pv
+}
+
+// GetAddress returns the address of the validator.
+// Implements PrivValidator.
+func (pv *FilePV) GetAddress() types.Address {
+	return pv.Key.Address
+}
+
+// GetPubKey returns the public key of the validator.
+// Implements PrivValidator.
+func (pv *FilePV) GetPubKey() crypto.PubKey {
+	return pv.Key.PubKey
 }

 // SignVote signs a canonical representation of the vote, along with the
 // chainID. Implements PrivValidator.
 func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error {
-	pv.mtx.Lock()
-	defer pv.mtx.Unlock()
 	if err := pv.signVote(chainID, vote); err != nil {
 		return fmt.Errorf("Error signing vote: %v", err)
 	}
@ -164,65 +245,63 @@ func (pv *FilePV) SignVote(chainID string, vote *types.Vote) error {
 // SignProposal signs a canonical representation of the proposal, along with
 // the chainID. Implements PrivValidator.
 func (pv *FilePV) SignProposal(chainID string, proposal *types.Proposal) error {
-	pv.mtx.Lock()
-	defer pv.mtx.Unlock()
 	if err := pv.signProposal(chainID, proposal); err != nil {
 		return fmt.Errorf("Error signing proposal: %v", err)
 	}
 	return nil
 }

-// returns error if HRS regression or no LastSignBytes. returns true if HRS is unchanged
-func (pv *FilePV) checkHRS(height int64, round int, step int8) (bool, error) {
-	if pv.LastHeight > height {
-		return false, errors.New("Height regression")
-	}
-
-	if pv.LastHeight == height {
-		if pv.LastRound > round {
-			return false, errors.New("Round regression")
-		}
-
-		if pv.LastRound == round {
-			if pv.LastStep > step {
-				return false, errors.New("Step regression")
-			} else if pv.LastStep == step {
-				if pv.LastSignBytes != nil {
-					if pv.LastSignature == nil {
-						panic("pv: LastSignature is nil but LastSignBytes is not!")
-					}
-					return true, nil
-				}
-				return false, errors.New("No LastSignature found")
-			}
-		}
-	}
-	return false, nil
+// Save persists the FilePV to disk.
+func (pv *FilePV) Save() {
+	pv.Key.Save()
+	pv.LastSignState.Save()
 }

+// Reset resets all fields in the FilePV.
+// NOTE: Unsafe!
+func (pv *FilePV) Reset() {
+	var sig []byte
+	pv.LastSignState.Height = 0
+	pv.LastSignState.Round = 0
+	pv.LastSignState.Step = 0
+	pv.LastSignState.Signature = sig
+	pv.LastSignState.SignBytes = nil
+	pv.Save()
+}
+
+// String returns a string representation of the FilePV.
+func (pv *FilePV) String() string {
+	return fmt.Sprintf("PrivValidator{%v LH:%v, LR:%v, LS:%v}", pv.GetAddress(), pv.LastSignState.Height, pv.LastSignState.Round, pv.LastSignState.Step)
+}
+
+//------------------------------------------------------------------------------------
+
 // signVote checks if the vote is good to sign and sets the vote signature.
 // It may need to set the timestamp as well if the vote is otherwise the same as
 // a previously signed vote (ie. we crashed after signing but before the vote hit the WAL).
 func (pv *FilePV) signVote(chainID string, vote *types.Vote) error {
 	height, round, step := vote.Height, vote.Round, voteToStep(vote)
-	signBytes := vote.SignBytes(chainID)

-	sameHRS, err := pv.checkHRS(height, round, step)
+	lss := pv.LastSignState
+
+	sameHRS, err := lss.CheckHRS(height, round, step)
 	if err != nil {
 		return err
 	}

+	signBytes := vote.SignBytes(chainID)
+
 	// We might crash before writing to the wal,
 	// causing us to try to re-sign for the same HRS.
 	// If signbytes are the same, use the last signature.
 	// If they only differ by timestamp, use last timestamp and signature
 	// Otherwise, return error
 	if sameHRS {
-		if bytes.Equal(signBytes, pv.LastSignBytes) {
-			vote.Signature = pv.LastSignature
-		} else if timestamp, ok := checkVotesOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok {
+		if bytes.Equal(signBytes, lss.SignBytes) {
+			vote.Signature = lss.Signature
+		} else if timestamp, ok := checkVotesOnlyDifferByTimestamp(lss.SignBytes, signBytes); ok {
 			vote.Timestamp = timestamp
-			vote.Signature = pv.LastSignature
+			vote.Signature = lss.Signature
 		} else {
 			err = fmt.Errorf("Conflicting data")
 		}
@ -230,7 +309,7 @@ func (pv *FilePV) signVote(chainID string, vote *types.Vote) error {
 	}

 	// It passed the checks. Sign the vote
-	sig, err := pv.PrivKey.Sign(signBytes)
+	sig, err := pv.Key.PrivKey.Sign(signBytes)
 	if err != nil {
 		return err
 	}
@ -244,24 +323,27 @@ func (pv *FilePV) signVote(chainID string, vote *types.Vote) error {
 // a previously signed proposal ie. we crashed after signing but before the proposal hit the WAL).
 func (pv *FilePV) signProposal(chainID string, proposal *types.Proposal) error {
 	height, round, step := proposal.Height, proposal.Round, stepPropose
-	signBytes := proposal.SignBytes(chainID)

-	sameHRS, err := pv.checkHRS(height, round, step)
+	lss := pv.LastSignState
+
+	sameHRS, err := lss.CheckHRS(height, round, step)
 	if err != nil {
 		return err
 	}

+	signBytes := proposal.SignBytes(chainID)
+
 	// We might crash before writing to the wal,
 	// causing us to try to re-sign for the same HRS.
 	// If signbytes are the same, use the last signature.
 	// If they only differ by timestamp, use last timestamp and signature
 	// Otherwise, return error
 	if sameHRS {
-		if bytes.Equal(signBytes, pv.LastSignBytes) {
-			proposal.Signature = pv.LastSignature
-		} else if timestamp, ok := checkProposalsOnlyDifferByTimestamp(pv.LastSignBytes, signBytes); ok {
+		if bytes.Equal(signBytes, lss.SignBytes) {
+			proposal.Signature = lss.Signature
+		} else if timestamp, ok := checkProposalsOnlyDifferByTimestamp(lss.SignBytes, signBytes); ok {
 			proposal.Timestamp = timestamp
-			proposal.Signature = pv.LastSignature
+			proposal.Signature = lss.Signature
 		} else {
 			err = fmt.Errorf("Conflicting data")
 		}
@ -269,7 +351,7 @@ func (pv *FilePV) signProposal(chainID string, proposal *types.Proposal) error {
 	}

 	// It passed the checks. Sign the proposal
-	sig, err := pv.PrivKey.Sign(signBytes)
+	sig, err := pv.Key.PrivKey.Sign(signBytes)
 	if err != nil {
 		return err
 	}
@ -282,20 +364,15 @@ func (pv *FilePV) signProposal(chainID string, proposal *types.Proposal) error {
 func (pv *FilePV) saveSigned(height int64, round int, step int8,
 	signBytes []byte, sig []byte) {

-	pv.LastHeight = height
-	pv.LastRound = round
-	pv.LastStep = step
-	pv.LastSignature = sig
-	pv.LastSignBytes = signBytes
-	pv.save()
+	pv.LastSignState.Height = height
+	pv.LastSignState.Round = round
+	pv.LastSignState.Step = step
+	pv.LastSignState.Signature = sig
+	pv.LastSignState.SignBytes = signBytes
+	pv.LastSignState.Save()
 }

-// String returns a string representation of the FilePV.
-func (pv *FilePV) String() string {
-	return fmt.Sprintf("PrivValidator{%v LH:%v, LR:%v, LS:%v}", pv.GetAddress(), pv.LastHeight, pv.LastRound, pv.LastStep)
-}
-
-//-------------------------------------
+//-----------------------------------------------------------------------------------------

 // returns the timestamp from the lastSignBytes.
 // returns true if the only difference in the votes is their timestamp.
--- a/privval/priv_validator_test.go
+++ b/privval/priv_validator_test.go
@ -18,36 +18,100 @@ import (
 func TestGenLoadValidator(t *testing.T) {
 	assert := assert.New(t)

-	tempFile, err := ioutil.TempFile("", "priv_validator_")
+	tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
 	require.Nil(t, err)
-	privVal := GenFilePV(tempFile.Name())
+	tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+	require.Nil(t, err)
+
+	privVal := GenFilePV(tempKeyFile.Name(), tempStateFile.Name())

 	height := int64(100)
-	privVal.LastHeight = height
+	privVal.LastSignState.Height = height
 	privVal.Save()
 	addr := privVal.GetAddress()

-	privVal = LoadFilePV(tempFile.Name())
+	privVal = LoadFilePV(tempKeyFile.Name(), tempStateFile.Name())
 	assert.Equal(addr, privVal.GetAddress(), "expected privval addr to be the same")
-	assert.Equal(height, privVal.LastHeight, "expected privval.LastHeight to have been saved")
+	assert.Equal(height, privVal.LastSignState.Height, "expected privval.LastHeight to have been saved")
+}
+
+func TestResetValidator(t *testing.T) {
+	tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
+	require.Nil(t, err)
+	tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+	require.Nil(t, err)
+
+	privVal := GenFilePV(tempKeyFile.Name(), tempStateFile.Name())
+	emptyState := FilePVLastSignState{filePath: tempStateFile.Name()}
+
+	// new priv val has empty state
+	assert.Equal(t, privVal.LastSignState, emptyState)
+
+	// test vote
+	height, round := int64(10), 1
+	voteType := byte(types.PrevoteType)
+	blockID := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{}}
+	vote := newVote(privVal.Key.Address, 0, height, round, voteType, blockID)
+	err = privVal.SignVote("mychainid", vote)
+	assert.NoError(t, err, "expected no error signing vote")
+
+	// priv val after signing is not same as empty
+	assert.NotEqual(t, privVal.LastSignState, emptyState)
+
+	// priv val after reset is same as empty
+	privVal.Reset()
+	assert.Equal(t, privVal.LastSignState, emptyState)
 }

 func TestLoadOrGenValidator(t *testing.T) {
 	assert := assert.New(t)

-	tempFile, err := ioutil.TempFile("", "priv_validator_")
+	tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
 	require.Nil(t, err)
-	tempFilePath := tempFile.Name()
-	if err := os.Remove(tempFilePath); err != nil {
+	tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+	require.Nil(t, err)
+
+	tempKeyFilePath := tempKeyFile.Name()
+	if err := os.Remove(tempKeyFilePath); err != nil {
 		t.Error(err)
 	}
-	privVal := LoadOrGenFilePV(tempFilePath)
+	tempStateFilePath := tempStateFile.Name()
+	if err := os.Remove(tempStateFilePath); err != nil {
+		t.Error(err)
+	}
+
+	privVal := LoadOrGenFilePV(tempKeyFilePath, tempStateFilePath)
 	addr := privVal.GetAddress()
-	privVal = LoadOrGenFilePV(tempFilePath)
+	privVal = LoadOrGenFilePV(tempKeyFilePath, tempStateFilePath)
 	assert.Equal(addr, privVal.GetAddress(), "expected privval addr to be the same")
 }

-func TestUnmarshalValidator(t *testing.T) {
+func TestUnmarshalValidatorState(t *testing.T) {
+	assert, require := assert.New(t), require.New(t)
+
+	// create some fixed values
+	serialized := `{
+		"height": "1",
+		"round": "1",
+		"step": 1
+	}`
+
+	val := FilePVLastSignState{}
+	err := cdc.UnmarshalJSON([]byte(serialized), &val)
+	require.Nil(err, "%+v", err)
+
+	// make sure the values match
+	assert.EqualValues(val.Height, 1)
+	assert.EqualValues(val.Round, 1)
+	assert.EqualValues(val.Step, 1)
+
+	// export it and make sure it is the same
+	out, err := cdc.MarshalJSON(val)
+	require.Nil(err, "%+v", err)
+	assert.JSONEq(serialized, string(out))
+}
+
+func TestUnmarshalValidatorKey(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)

 	// create some fixed values
@ -67,22 +131,19 @@ func TestUnmarshalValidator(t *testing.T) {
    "type": "tendermint/PubKeyEd25519",
    "value": "%s"
  },
-  "last_height": "0",
-  "last_round": "0",
-  "last_step": 0,
  "priv_key": {
    "type": "tendermint/PrivKeyEd25519",
    "value": "%s"
  }
 }`, addr, pubB64, privB64)

-	val := FilePV{}
+	val := FilePVKey{}
 	err := cdc.UnmarshalJSON([]byte(serialized), &val)
 	require.Nil(err, "%+v", err)

 	// make sure the values match
-	assert.EqualValues(addr, val.GetAddress())
-	assert.EqualValues(pubKey, val.GetPubKey())
+	assert.EqualValues(addr, val.Address)
+	assert.EqualValues(pubKey, val.PubKey)
 	assert.EqualValues(privKey, val.PrivKey)

 	// export it and make sure it is the same
@ -94,9 +155,12 @@ func TestUnmarshalValidator(t *testing.T) {
 func TestSignVote(t *testing.T) {
 	assert := assert.New(t)

-	tempFile, err := ioutil.TempFile("", "priv_validator_")
+	tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
 	require.Nil(t, err)
-	privVal := GenFilePV(tempFile.Name())
+	tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+	require.Nil(t, err)
+
+	privVal := GenFilePV(tempKeyFile.Name(), tempStateFile.Name())

 	block1 := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{}}
 	block2 := types.BlockID{[]byte{3, 2, 1}, types.PartSetHeader{}}
@ -104,7 +168,7 @@ func TestSignVote(t *testing.T) {
 	voteType := byte(types.PrevoteType)

 	// sign a vote for first time
-	vote := newVote(privVal.Address, 0, height, round, voteType, block1)
+	vote := newVote(privVal.Key.Address, 0, height, round, voteType, block1)
 	err = privVal.SignVote("mychainid", vote)
 	assert.NoError(err, "expected no error signing vote")

@ -114,10 +178,10 @@ func TestSignVote(t *testing.T) {

 	// now try some bad votes
 	cases := []*types.Vote{
-		newVote(privVal.Address, 0, height, round-1, voteType, block1),   // round regression
-		newVote(privVal.Address, 0, height-1, round, voteType, block1),   // height regression
-		newVote(privVal.Address, 0, height-2, round+4, voteType, block1), // height regression and different round
-		newVote(privVal.Address, 0, height, round, voteType, block2),     // different block
+		newVote(privVal.Key.Address, 0, height, round-1, voteType, block1),   // round regression
+		newVote(privVal.Key.Address, 0, height-1, round, voteType, block1),   // height regression
+		newVote(privVal.Key.Address, 0, height-2, round+4, voteType, block1), // height regression and different round
+		newVote(privVal.Key.Address, 0, height, round, voteType, block2),     // different block
 	}

 	for _, c := range cases {
@ -136,9 +200,12 @@ func TestSignVote(t *testing.T) {
 func TestSignProposal(t *testing.T) {
 	assert := assert.New(t)

-	tempFile, err := ioutil.TempFile("", "priv_validator_")
+	tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
 	require.Nil(t, err)
-	privVal := GenFilePV(tempFile.Name())
+	tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+	require.Nil(t, err)
+
+	privVal := GenFilePV(tempKeyFile.Name(), tempStateFile.Name())

 	block1 := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{5, []byte{1, 2, 3}}}
 	block2 := types.BlockID{[]byte{3, 2, 1}, types.PartSetHeader{10, []byte{3, 2, 1}}}
@ -175,9 +242,12 @@ func TestSignProposal(t *testing.T) {
 }

 func TestDifferByTimestamp(t *testing.T) {
-	tempFile, err := ioutil.TempFile("", "priv_validator_")
+	tempKeyFile, err := ioutil.TempFile("", "priv_validator_key_")
 	require.Nil(t, err)
-	privVal := GenFilePV(tempFile.Name())
+	tempStateFile, err := ioutil.TempFile("", "priv_validator_state_")
+	require.Nil(t, err)
+
+	privVal := GenFilePV(tempKeyFile.Name(), tempStateFile.Name())

 	block1 := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{5, []byte{1, 2, 3}}}
 	height, round := int64(10), 1
@ -208,7 +278,7 @@ func TestDifferByTimestamp(t *testing.T) {
 	{
 		voteType := byte(types.PrevoteType)
 		blockID := types.BlockID{[]byte{1, 2, 3}, types.PartSetHeader{}}
-		vote := newVote(privVal.Address, 0, height, round, voteType, blockID)
+		vote := newVote(privVal.Key.Address, 0, height, round, voteType, blockID)
 		err := privVal.SignVote("mychainid", vote)
 		assert.NoError(t, err, "expected no error signing vote")