use const for abci type strings

WIP: simplify & update documentation, fix typo

.circleci/config.yml

@@ -133,18 +133,21 @@ jobs:
           key: v1-pkg-cache
       - restore_cache:
           key: v1-tree-{{ .Environment.CIRCLE_SHA1 }}
+      - run: mkdir -p /tmp/logs
       - run:
           name: Run tests
           command: |
             for pkg in $(go list github.com/tendermint/tendermint/... | grep -v /vendor/ | circleci tests split --split-by=timings); do
               id=$(basename "$pkg")
 
-              GOCACHE=off go test -v -timeout 5m -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg"
+              GOCACHE=off go test -v -timeout 5m -race -coverprofile=/tmp/workspace/profiles/$id.out -covermode=atomic "$pkg" | tee "/tmp/logs/$id-$RANDOM.log"
             done
       - persist_to_workspace:
           root: /tmp/workspace
           paths:
             - "profiles/*"
+      - store_artifacts:
+          path: /tmp/logs
 
   test_persistence:
     <<: *defaults
@@ -196,9 +199,6 @@ workflows:
   test-suite:
     jobs:
       - setup_dependencies
-      - build_slate:
-          requires:
-            - setup_dependencies
       - setup_abci:
           requires:
             - setup_dependencies

CHANGELOG.md

@@ -1,8 +1,9 @@
 # Changelog
 
-## 0.19.7
+- [p2p] remove `auth_enc` config option, peer connections are always auth
+  encrypted
 
-*May 31st, 2018*
+## 0.19.7
 
 BREAKING:
 
@@ -15,7 +16,6 @@ FEATURES
 - [p2p] AllowDuplicateIP config option to refuse connections from same IP.
     - true by default for now, false by default in next breaking release
 - [docs] Add docs for query, tx indexing, events, pubsub
-- [docs] Add some notes about running Tendermint in production
 
 IMPROVEMENTS:
 

Gopkg.lock

@@ -5,7 +5,7 @@
   branch = "master"
   name = "github.com/btcsuite/btcd"
   packages = ["btcec"]
-  revision = "675abc5df3c5531bc741b56a765e35623459da6d"
+  revision = "86fed781132ac890ee03e906e4ecd5d6fa180c64"
 
 [[projects]]
   name = "github.com/davecgh/go-spew"
@@ -82,7 +82,7 @@
   branch = "master"
   name = "github.com/golang/snappy"
   packages = ["."]
-  revision = "553a641470496b2327abcac10b36396bd98e45c9"
+  revision = "2e65f85255dbc3072edf28d6b5b8efc472979f5a"
 
 [[projects]]
   name = "github.com/gorilla/websocket"
@@ -128,14 +128,14 @@
 [[projects]]
   name = "github.com/magiconair/properties"
   packages = ["."]
-  revision = "c3beff4c2358b44d0493c7dda585e7db7ff28ae6"
-  version = "v1.7.6"
+  revision = "c2353362d570a7bfa228149c62842019201cfb71"
+  version = "v1.8.0"
 
 [[projects]]
   branch = "master"
   name = "github.com/mitchellh/mapstructure"
   packages = ["."]
-  revision = "00c29f56e2386353d58c599509e8dc3801b0d716"
+  revision = "bb74f1db0675b241733089d5a1faa5dd8b0ef57b"
 
 [[projects]]
   name = "github.com/pelletier/go-toml"
@@ -159,7 +159,7 @@
   branch = "master"
   name = "github.com/rcrowley/go-metrics"
   packages = ["."]
-  revision = "d932a24a8ccb8fcadc993e5c6c58f93dac168294"
+  revision = "e2704e165165ec55d062f5919b4b29494e9fa790"
 
 [[projects]]
   name = "github.com/spf13/afero"
@@ -179,8 +179,8 @@
 [[projects]]
   name = "github.com/spf13/cobra"
   packages = ["."]
-  revision = "a1f051bc3eba734da4772d60e2d677f47cf93ef4"
-  version = "v0.0.2"
+  revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385"
+  version = "v0.0.3"
 
 [[projects]]
   branch = "master"
@@ -226,7 +226,7 @@
     "leveldb/table",
     "leveldb/util"
   ]
-  revision = "714f901b98fdb3aa954b4193d8cbd64a28d80cad"
+  revision = "5d6fca44a948d2be89a9702de7717f0168403d3d"
 
 [[projects]]
   name = "github.com/tendermint/abci"
@@ -238,8 +238,8 @@
     "server",
     "types"
   ]
-  revision = "78a8905690ef54f9d57e3b2b0ee7ad3a04ef3f1f"
-  version = "v0.10.3"
+  revision = "9af8b7a7c87478869f8c280ed9539470b8f470b4"
+  version = "v0.11.0-rc4"
 
 [[projects]]
   branch = "master"
@@ -263,12 +263,6 @@
   revision = "915416979bf70efa4bcbf1c6cd5d64c5fff9fc19"
   version = "v0.6.2"
 
-[[projects]]
-  name = "github.com/tendermint/go-wire"
-  packages = ["."]
-  revision = "fa721242b042ecd4c6ed1a934ee740db4f74e45c"
-  version = "v0.7.3"
-
 [[projects]]
   name = "github.com/tendermint/tmlibs"
   packages = [
@@ -283,8 +277,8 @@
     "merkle",
     "test"
   ]
-  revision = "cc5f287c4798ffe88c04d02df219ecb6932080fd"
-  version = "v0.8.3-rc0"
+  revision = "d970af87248a4e162590300dbb74e102183a417d"
+  version = "v0.8.3"
 
 [[projects]]
   branch = "master"
@@ -299,7 +293,7 @@
     "ripemd160",
     "salsa20/salsa"
   ]
-  revision = "b0697eccbea9adec5b7ba8008f4c33d98d733388"
+  revision = "5ba7f63082460102a45837dbd1827e10f9479ac0"
 
 [[projects]]
   branch = "master"
@@ -311,16 +305,15 @@
     "http2/hpack",
     "idna",
     "internal/timeseries",
-    "lex/httplex",
     "trace"
   ]
-  revision = "5f9ae10d9af5b1c89ae6904293b14b064d4ada23"
+  revision = "1e491301e022f8f977054da4c2d852decd59571f"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/sys"
   packages = ["unix"]
-  revision = "bb9c189858d91f42db229b04d45a4c3d23a7662a"
+  revision = "c11f84a56e43e20a78cee75a7c034031ecf57d1f"
 
 [[projects]]
   name = "golang.org/x/text"
@@ -344,7 +337,6 @@
   version = "v0.3.0"
 
 [[projects]]
-  branch = "master"
   name = "google.golang.org/genproto"
   packages = ["googleapis/rpc/status"]
   revision = "7fd901a49ba6a7f87732eb344f6e3c5b19d1b200"
@@ -382,6 +374,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "d85c98dcac32cc1fe05d006aa75e8985f6447a150a041b972a673a65e7681da9"
+  inputs-digest = "8df4c3cc6f6e61bbe6971c4593d838ec36103667376efd7799b6edf4021adf31"
   solver-name = "gps-cdcl"
   solver-version = 1

Gopkg.toml

@@ -71,7 +71,7 @@
 
 [[constraint]]
   name = "github.com/tendermint/abci"
-  version = "~0.10.3"
+  version = "~0.11.0-rc4"
 
 [[constraint]]
   name = "github.com/tendermint/go-crypto"
@@ -79,7 +79,7 @@
 
 [[constraint]]
   name = "github.com/tendermint/go-amino"
-  version = "0.9.9"
+  version = "=0.9.9"
 
 [[override]]
   name = "github.com/tendermint/tmlibs"
@@ -89,6 +89,12 @@
   name = "google.golang.org/grpc"
   version = "~1.7.3"
 
+# this got updated and broke, so locked to an old working commit ...
+[[override]]
+  name = "google.golang.org/genproto"
+  revision = "7fd901a49ba6a7f87732eb344f6e3c5b19d1b200"
+
+
 [prune]
   go-tests = true
   unused-packages = true

config/config.go

@@ -287,9 +287,6 @@ type P2PConfig struct {
 	// Does not work if the peer-exchange reactor is disabled.
 	SeedMode bool `mapstructure:"seed_mode"`
 
-	// Authenticated encryption
-	AuthEnc bool `mapstructure:"auth_enc"`
-
 	// Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 	PrivatePeerIDs string `mapstructure:"private_peer_ids"`
 
@@ -310,7 +307,6 @@ func DefaultP2PConfig() *P2PConfig {
 		RecvRate:                512000, // 500 kB/s
 		PexReactor:              true,
 		SeedMode:                false,
-		AuthEnc:                 true,
 		AllowDuplicateIP:        true, // so non-breaking yet
 	}
 }

config/toml.go

@@ -165,9 +165,6 @@ pex = {{ .P2P.PexReactor }}
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = {{ .P2P.SeedMode }}
 
-# Authenticated encryption
-auth_enc = {{ .P2P.AuthEnc }}
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = "{{ .P2P.PrivatePeerIDs }}"
 

consensus/byzantine_test.go

@@ -58,14 +58,11 @@ func TestByzantine(t *testing.T) {
 			css[i].doPrevote = func(height int64, round int) {}
 		}
 
-		eventBus := types.NewEventBus()
+		eventBus := css[i].eventBus
 		eventBus.SetLogger(logger.With("module", "events", "validator", i))
-		err := eventBus.Start()
-		require.NoError(t, err)
-		defer eventBus.Stop()
 
 		eventChans[i] = make(chan interface{}, 1)
-		err = eventBus.Subscribe(context.Background(), testSubscriber, types.EventQueryNewBlock, eventChans[i])
+		err := eventBus.Subscribe(context.Background(), testSubscriber, types.EventQueryNewBlock, eventChans[i])
 		require.NoError(t, err)
 
 		conR := NewConsensusReactor(css[i], true) // so we dont start the consensus states

consensus/reactor_test.go

@@ -254,7 +254,8 @@ func TestReactorVotingPowerChange(t *testing.T) {
 	logger.Debug("---------------------------- Testing changing the voting power of one validator a few times")
 
 	val1PubKey := css[0].privValidator.GetPubKey()
-	updateValidatorTx := kvstore.MakeValSetChangeTx(val1PubKey.Bytes(), 25)
+	val1PubKeyABCI := types.TM2PB.PubKey(val1PubKey)
+	updateValidatorTx := kvstore.MakeValSetChangeTx(val1PubKeyABCI, 25)
 	previousTotalVotingPower := css[0].GetRoundState().LastValidators.TotalVotingPower()
 
 	waitForAndValidateBlock(t, nVals, activeVals, eventChans, css, updateValidatorTx)
@@ -266,7 +267,7 @@ func TestReactorVotingPowerChange(t *testing.T) {
 		t.Fatalf("expected voting power to change (before: %d, after: %d)", previousTotalVotingPower, css[0].GetRoundState().LastValidators.TotalVotingPower())
 	}
 
-	updateValidatorTx = kvstore.MakeValSetChangeTx(val1PubKey.Bytes(), 2)
+	updateValidatorTx = kvstore.MakeValSetChangeTx(val1PubKeyABCI, 2)
 	previousTotalVotingPower = css[0].GetRoundState().LastValidators.TotalVotingPower()
 
 	waitForAndValidateBlock(t, nVals, activeVals, eventChans, css, updateValidatorTx)
@@ -278,7 +279,7 @@ func TestReactorVotingPowerChange(t *testing.T) {
 		t.Fatalf("expected voting power to change (before: %d, after: %d)", previousTotalVotingPower, css[0].GetRoundState().LastValidators.TotalVotingPower())
 	}
 
-	updateValidatorTx = kvstore.MakeValSetChangeTx(val1PubKey.Bytes(), 26)
+	updateValidatorTx = kvstore.MakeValSetChangeTx(val1PubKeyABCI, 26)
 	previousTotalVotingPower = css[0].GetRoundState().LastValidators.TotalVotingPower()
 
 	waitForAndValidateBlock(t, nVals, activeVals, eventChans, css, updateValidatorTx)
@@ -316,7 +317,8 @@ func TestReactorValidatorSetChanges(t *testing.T) {
 	logger.Info("---------------------------- Testing adding one validator")
 
 	newValidatorPubKey1 := css[nVals].privValidator.GetPubKey()
-	newValidatorTx1 := kvstore.MakeValSetChangeTx(newValidatorPubKey1.Bytes(), testMinPower)
+	valPubKey1ABCI := types.TM2PB.PubKey(newValidatorPubKey1)
+	newValidatorTx1 := kvstore.MakeValSetChangeTx(valPubKey1ABCI, testMinPower)
 
 	// wait till everyone makes block 2
 	// ensure the commit includes all validators
@@ -342,7 +344,8 @@ func TestReactorValidatorSetChanges(t *testing.T) {
 	logger.Info("---------------------------- Testing changing the voting power of one validator")
 
 	updateValidatorPubKey1 := css[nVals].privValidator.GetPubKey()
-	updateValidatorTx1 := kvstore.MakeValSetChangeTx(updateValidatorPubKey1.Bytes(), 25)
+	updatePubKey1ABCI := types.TM2PB.PubKey(updateValidatorPubKey1)
+	updateValidatorTx1 := kvstore.MakeValSetChangeTx(updatePubKey1ABCI, 25)
 	previousTotalVotingPower := css[nVals].GetRoundState().LastValidators.TotalVotingPower()
 
 	waitForAndValidateBlock(t, nPeers, activeVals, eventChans, css, updateValidatorTx1)
@@ -358,10 +361,12 @@ func TestReactorValidatorSetChanges(t *testing.T) {
 	logger.Info("---------------------------- Testing adding two validators at once")
 
 	newValidatorPubKey2 := css[nVals+1].privValidator.GetPubKey()
-	newValidatorTx2 := kvstore.MakeValSetChangeTx(newValidatorPubKey2.Bytes(), testMinPower)
+	newVal2ABCI := types.TM2PB.PubKey(newValidatorPubKey2)
+	newValidatorTx2 := kvstore.MakeValSetChangeTx(newVal2ABCI, testMinPower)
 
 	newValidatorPubKey3 := css[nVals+2].privValidator.GetPubKey()
-	newValidatorTx3 := kvstore.MakeValSetChangeTx(newValidatorPubKey3.Bytes(), testMinPower)
+	newVal3ABCI := types.TM2PB.PubKey(newValidatorPubKey3)
+	newValidatorTx3 := kvstore.MakeValSetChangeTx(newVal3ABCI, testMinPower)
 
 	waitForAndValidateBlock(t, nPeers, activeVals, eventChans, css, newValidatorTx2, newValidatorTx3)
 	waitForAndValidateBlockWithTx(t, nPeers, activeVals, eventChans, css, newValidatorTx2, newValidatorTx3)
@@ -373,8 +378,8 @@ func TestReactorValidatorSetChanges(t *testing.T) {
 	//---------------------------------------------------------------------------
 	logger.Info("---------------------------- Testing removing two validators at once")
 
-	removeValidatorTx2 := kvstore.MakeValSetChangeTx(newValidatorPubKey2.Bytes(), 0)
-	removeValidatorTx3 := kvstore.MakeValSetChangeTx(newValidatorPubKey3.Bytes(), 0)
+	removeValidatorTx2 := kvstore.MakeValSetChangeTx(newVal2ABCI, 0)
+	removeValidatorTx3 := kvstore.MakeValSetChangeTx(newVal3ABCI, 0)
 
 	waitForAndValidateBlock(t, nPeers, activeVals, eventChans, css, removeValidatorTx2, removeValidatorTx3)
 	waitForAndValidateBlockWithTx(t, nPeers, activeVals, eventChans, css, removeValidatorTx2, removeValidatorTx3)

consensus/replay.go

@@ -2,7 +2,6 @@ package consensus
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"hash/crc32"
 	"io"
@@ -197,20 +196,20 @@ type Handshaker struct {
 	stateDB      dbm.DB
 	initialState sm.State
 	store        types.BlockStore
-	appState     json.RawMessage
+	genDoc       *types.GenesisDoc
 	logger       log.Logger
 
 	nBlocks int // number of blocks applied to the state
 }
 
 func NewHandshaker(stateDB dbm.DB, state sm.State,
-	store types.BlockStore, appState json.RawMessage) *Handshaker {
+	store types.BlockStore, genDoc *types.GenesisDoc) *Handshaker {
 
 	return &Handshaker{
 		stateDB:      stateDB,
 		initialState: state,
 		store:        store,
-		appState:     appState,
+		genDoc:       genDoc,
 		logger:       log.NewNopLogger(),
 		nBlocks:      0,
 	}
@@ -269,8 +268,11 @@ func (h *Handshaker) ReplayBlocks(state sm.State, appHash []byte, appBlockHeight
 	if appBlockHeight == 0 {
 		validators := types.TM2PB.Validators(state.Validators)
 		req := abci.RequestInitChain{
-			Validators:    validators,
-			AppStateBytes: h.appState,
+			Time:            h.genDoc.GenesisTime.Unix(), // TODO
+			ChainId:         h.genDoc.ChainID,
+			ConsensusParams: types.TM2PB.ConsensusParams(h.genDoc.ConsensusParams),
+			Validators:      validators,
+			AppStateBytes:   h.genDoc.AppStateJSON,
 		}
 		_, err := proxyApp.Consensus().InitChainSync(req)
 		if err != nil {
@@ -365,7 +367,7 @@ func (h *Handshaker) replayBlocks(state sm.State, proxyApp proxy.AppConns, appBl
 	for i := appBlockHeight + 1; i <= finalBlock; i++ {
 		h.logger.Info("Applying block", "height", i)
 		block := h.store.LoadBlock(i)
-		appHash, err = sm.ExecCommitBlock(proxyApp.Consensus(), block, h.logger)
+		appHash, err = sm.ExecCommitBlock(proxyApp.Consensus(), block, h.logger, state.LastValidators, h.stateDB)
 		if err != nil {
 			return nil, err
 		}

consensus/replay_file.go

@@ -299,7 +299,7 @@ func newConsensusStateForReplay(config cfg.BaseConfig, csConfig *cfg.ConsensusCo
 	// Create proxyAppConn connection (consensus, mempool, query)
 	clientCreator := proxy.DefaultClientCreator(config.ProxyApp, config.ABCI, config.DBDir())
 	proxyApp := proxy.NewAppConns(clientCreator,
-		NewHandshaker(stateDB, state, blockStore, gdoc.AppState()))
+		NewHandshaker(stateDB, state, blockStore, gdoc))
 	err = proxyApp.Start()
 	if err != nil {
 		cmn.Exit(cmn.Fmt("Error starting proxy app conns: %v", err))

consensus/replay_test.go

@@ -366,7 +366,8 @@ func testHandshakeReplay(t *testing.T, nBlocks int, mode uint) {
 	}
 
 	// now start the app using the handshake - it should sync
-	handshaker := NewHandshaker(stateDB, state, store, nil)
+	genDoc, _ := sm.MakeGenesisDocFromFile(config.GenesisFile())
+	handshaker := NewHandshaker(stateDB, state, store, genDoc)
 	proxyApp := proxy.NewAppConns(clientCreator2, handshaker)
 	if err := proxyApp.Start(); err != nil {
 		t.Fatalf("Error starting proxy app connections: %v", err)
@@ -416,10 +417,10 @@ func buildAppStateFromChain(proxyApp proxy.AppConns, stateDB dbm.DB,
 	}
 	defer proxyApp.Stop()
 
-	// TODO: get the genesis bytes (https://github.com/tendermint/tendermint/issues/1224)
-	var genesisBytes []byte
 	validators := types.TM2PB.Validators(state.Validators)
-	if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators, genesisBytes}); err != nil {
+	if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{
+		Validators: validators,
+	}); err != nil {
 		panic(err)
 	}
 
@@ -453,10 +454,10 @@ func buildTMStateFromChain(config *cfg.Config, stateDB dbm.DB, state sm.State, c
 	}
 	defer proxyApp.Stop()
 
-	// TODO: get the genesis bytes (https://github.com/tendermint/tendermint/issues/1224)
-	var genesisBytes []byte
 	validators := types.TM2PB.Validators(state.Validators)
-	if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators, genesisBytes}); err != nil {
+	if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{
+		Validators: validators,
+	}); err != nil {
 		panic(err)
 	}
 

consensus/wal_generator.go

@@ -52,7 +52,7 @@ func WALWithNBlocks(numBlocks int) (data []byte, err error) {
 		return nil, errors.Wrap(err, "failed to make genesis state")
 	}
 	blockStore := bc.NewBlockStore(blockStoreDB)
-	handshaker := NewHandshaker(stateDB, state, blockStore, genDoc.AppState())
+	handshaker := NewHandshaker(stateDB, state, blockStore, genDoc)
 	proxyApp := proxy.NewAppConns(proxy.NewLocalClientCreator(app), handshaker)
 	proxyApp.SetLogger(logger.With("module", "proxy"))
 	if err := proxyApp.Start(); err != nil {

docs/examples/node0/config/config.toml

@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false
 
-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""
 

docs/examples/node1/config/config.toml

@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false
 
-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""
 

docs/examples/node2/config/config.toml

@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false
 
-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""
 

docs/examples/node3/config/config.toml

@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false
 
-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""
 

docs/spec/blockchain/encoding.md

@@ -39,7 +39,7 @@ place of the public key. Here we list the concrete types, their names,
 and prefix bytes for public keys and signatures, as well as the address schemes
 for each PubKey. Note for brevity we don't
 include details of the private keys beyond their type and name, as they can be
-derrived the same way as the others using Amino.
+derived the same way as the others using Amino.
 
 All registered objects are encoded by Amino using a 4-byte PrefixBytes that
 uniquely identifies the object and includes information about its underlying
@@ -49,107 +49,35 @@ spec](https://github.com/tendermint/go-amino#computing-the-prefix-and-disambigua
 In what follows, we provide the type names and prefix bytes directly.
 Notice that when encoding byte-arrays, the length of the byte-array is appended
 to the PrefixBytes. Thus the encoding of a byte array becomes `<PrefixBytes>
-<Length> <ByteArray>`
+<Length> <ByteArray>`. In other words, to encode any type listed below you do not need to be 
+familiar with amino encoding. 
+You can simply use below table and concatenate Prefix || Length (of raw bytes) || raw bytes 
+( while || stands for byte concatenation here).
 
-NOTE: the remainder of this section on Public Key Cryptography can be generated
-from [this script](https://github.com/tendermint/tendermint/blob/master/docs/spec/scripts/crypto.go)
+| Type | Name | Prefix | Length |
+| ---- | ---- | ------ | ----- | 
+| PubKeyEd25519 | tendermint/PubKeyEd25519 | 0x1624DE62 | 0x20 | 
+| PubKeyLedgerEd25519 | tendermint/PubKeyLedgerEd25519 | 0x5C3453B2 | 0x20 |
+| PubKeySecp256k1 | tendermint/PubKeySecp256k1 | 0xEB5AE982 | 0x21 |
+| PrivKeyEd25519 | tendermint/PrivKeyEd25519 | 0xA3288912 | 0x40 |
+| PrivKeySecp256k1 | tendermint/PrivKeySecp256k1 | 0xE1B0F79A | 0x20 |
+| PrivKeyLedgerSecp256k1 | tendermint/PrivKeyLedgerSecp256k1 | 0x10CAB393 | variable |
+| PrivKeyLedgerEd25519 | tendermint/PrivKeyLedgerEd25519 | 0x0CFEEF9B | variable |
+| SignatureEd25519 | tendermint/SignatureKeyEd25519 | 0x3DA1DB2A | 0x40 |
+| SignatureSecp256k1 | tendermint/SignatureKeySecp256k1 | 0x16E1FEEA | variable |
 
-### PubKeyEd25519
+### Examples
 
-```
-// Name: tendermint/PubKeyEd25519
-// PrefixBytes: 0x1624DE62
-// Length: 0x20
-// Notes: raw 32-byte Ed25519 pubkey
-type PubKeyEd25519 [32]byte
-
-func (pubkey PubKeyEd25519) Address() []byte {
-      // NOTE: hash of the Amino encoded bytes!
-        return RIPEMD160(AminoEncode(pubkey))
-}
-```
-
-For example, the 32-byte Ed25519 pubkey
-`CCACD52F9B29D04393F01CD9AF6535455668115641F3D8BAEFD2295F24BAF60E` would be
-encoded as
-`1624DE6220CCACD52F9B29D04393F01CD9AF6535455668115641F3D8BAEFD2295F24BAF60E`.
-
-The address would then be
-`RIPEMD160(0x1624DE6220CCACD52F9B29D04393F01CD9AF6535455668115641F3D8BAEFD2295F24BAF60E)`
-or `430FF75BAF1EC4B0D51BB3EEC2955479D0071605`
-
-### SignatureEd25519
-
-```
-// Name: tendermint/SignatureKeyEd25519
-// PrefixBytes: 0x3DA1DB2A
-// Length: 0x40
-// Notes: raw 64-byte Ed25519 signature
-type SignatureEd25519 [64]byte
-```
-
-For example, the 64-byte Ed25519 signature
-`1B6034A8ED149D3C94FDA13EC03B26CC0FB264D9B0E47D3FA3DEF9FCDE658E49C80B35F9BE74949356401B15B18FB817D6E54495AD1C4A8401B248466CB0DB0B`
+1. For example, the 33-byte (or 0x21-byte in hex) Secp256k1 pubkey
+`020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`  
 would be encoded as
-`3DA1DB2A401B6034A8ED149D3C94FDA13EC03B26CC0FB264D9B0E47D3FA3DEF9FCDE658E49C80B35F9BE74949356401B15B18FB817D6E54495AD1C4A8401B248466CB0DB0B`
-
-### PrivKeyEd25519
-
-```
-// Name: tendermint/PrivKeyEd25519
-// Notes: raw 32-byte priv key concatenated to raw 32-byte pub key
-type PrivKeyEd25519 [64]byte
-```
-
-### PubKeySecp256k1
-
-```
-// Name: tendermint/PubKeySecp256k1
-// PrefixBytes: 0xEB5AE982
-// Length: 0x21
-// Notes: OpenSSL compressed pubkey prefixed with 0x02 or 0x03
-type PubKeySecp256k1 [33]byte
-
-func (pubkey PubKeySecp256k1) Address() []byte {
-      // NOTE: hash of the raw pubkey bytes (not Amino encoded!).
-        // Compatible with Bitcoin addresses.
-          return RIPEMD160(SHA256(pubkey[:]))
-}
-```
-
-For example, the 33-byte Secp256k1 pubkey
-`020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9` would be
-encoded as
 `EB5AE98221020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`
 
-The address would then be
-`RIPEMD160(SHA256(0x020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9))`
-or `0AE5BEE929ABE51BAD345DB925EEA652680783FC`
-
-### SignatureSecp256k1
-
-```
-// Name: tendermint/SignatureKeySecp256k1
-// PrefixBytes: 0x16E1FEEA
-// Length: Variable
-// Encoding prefix: Variable
-// Notes: raw bytes of the Secp256k1 signature
-type SignatureSecp256k1 []byte
-```
-
-For example, the Secp256k1 signature
+2. For example, the variable size Secp256k1 signature (in this particular example 70 or 0x46 bytes)
 `304402201CD4B8C764D2FD8AF23ECFE6666CA8A53886D47754D951295D2D311E1FEA33BF02201E0F906BB1CF2C30EAACFFB032A7129358AFF96B9F79B06ACFFB18AC90C2ADD7`
 would be encoded as
 `16E1FEEA46304402201CD4B8C764D2FD8AF23ECFE6666CA8A53886D47754D951295D2D311E1FEA33BF02201E0F906BB1CF2C30EAACFFB032A7129358AFF96B9F79B06ACFFB18AC90C2ADD7`
 
-### PrivKeySecp256k1
-
-```
-// Name: tendermint/PrivKeySecp256k1
-// Notes: raw 32-byte priv key
-type PrivKeySecp256k1 [32]byte
-```
-
 ## Other Common Types
 
 ### BitArray

docs/spec/p2p/peer.md

@@ -17,9 +17,6 @@ We will attempt to connect to the peer at IP:PORT, and verify,
 via authenticated encryption, that it is in possession of the private key
 corresponding to `<ID>`. This prevents man-in-the-middle attacks on the peer layer.
 
-If `auth_enc = false`, peers can use an arbitrary ID, but they must always use
-one. Authentication can then happen out-of-band of Tendermint, for instance via VPN.
-
 ## Connections
 
 All p2p connections use TCP.

docs/specification/configuration.rst

@@ -122,9 +122,6 @@ like the file below, however, double check by inspecting the
     # Does not work if the peer-exchange reactor is disabled.
     seed_mode = false
 
-    # Authenticated encryption
-    auth_enc = true
-
     # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
     private_peer_ids = ""
 

docs/specification/secure-p2p.rst

@@ -65,9 +65,7 @@ are connected to at least one validator.
 Config
 ------
 
-Authenticated encryption is enabled by default. If you wish to use another
-authentication scheme or your peers are connected via VPN, you can turn it off
-by setting ``auth_enc`` to ``false`` in the config file.
+Authenticated encryption is enabled by default.
 
 Additional Reading
 ------------------

node/node.go

@@ -159,7 +159,7 @@ func NewNode(config *cfg.Config,
 	// and sync tendermint and the app by performing a handshake
 	// and replaying any necessary blocks
 	consensusLogger := logger.With("module", "consensus")
-	handshaker := cs.NewHandshaker(stateDB, state, blockStore, genDoc.AppState())
+	handshaker := cs.NewHandshaker(stateDB, state, blockStore, genDoc)
 	handshaker.SetLogger(consensusLogger)
 	proxyApp := proxy.NewAppConns(clientCreator, handshaker)
 	proxyApp.SetLogger(logger.With("module", "proxy"))
@@ -269,9 +269,6 @@ func NewNode(config *cfg.Config,
 	// but it would still be nice to have a clear list of the current "PersistentPeers"
 	// somewhere that we can return with net_info.
 	//
-	// Let's assume we always have IDs ... and we just dont authenticate them
-	// if auth_enc=false.
-	//
 	// If PEX is on, it should handle dialing the seeds. Otherwise the switch does it.
 	// Note we currently use the addrBook regardless at least for AddOurAddress
 	addrBook := pex.NewAddrBook(config.P2P.AddrBookFile(), config.P2P.AddrBookStrict)

p2p/peer.go

@@ -116,8 +116,6 @@ func newPeer(pc peerConn, nodeInfo NodeInfo,
 
 // PeerConfig is a Peer configuration.
 type PeerConfig struct {
-	AuthEnc bool `mapstructure:"auth_enc"` // authenticated encryption
-
 	// times are in seconds
 	HandshakeTimeout time.Duration `mapstructure:"handshake_timeout"`
 	DialTimeout      time.Duration `mapstructure:"dial_timeout"`
@@ -132,7 +130,6 @@ type PeerConfig struct {
 // DefaultPeerConfig returns the default config.
 func DefaultPeerConfig() *PeerConfig {
 	return &PeerConfig{
-		AuthEnc:          true,
 		HandshakeTimeout: 20, // * time.Second,
 		DialTimeout:      3,  // * time.Second,
 		MConfig:          tmconn.DefaultMConnConfig(),
@@ -159,7 +156,7 @@ func newOutboundPeerConn(addr *NetAddress, config *PeerConfig, persistent bool,
 	}
 
 	// ensure dialed ID matches connection ID
-	if config.AuthEnc && addr.ID != pc.ID() {
+	if addr.ID != pc.ID() {
 		if err2 := conn.Close(); err2 != nil {
 			return pc, cmn.ErrorWrap(err, err2.Error())
 		}
@@ -187,17 +184,15 @@ func newPeerConn(rawConn net.Conn,
 		conn = FuzzConnAfterFromConfig(conn, 10*time.Second, config.FuzzConfig)
 	}
 
-	if config.AuthEnc {
-		// Set deadline for secret handshake
-		if err := conn.SetDeadline(time.Now().Add(config.HandshakeTimeout * time.Second)); err != nil {
-			return pc, cmn.ErrorWrap(err, "Error setting deadline while encrypting connection")
-		}
+	// Set deadline for secret handshake
+	if err := conn.SetDeadline(time.Now().Add(config.HandshakeTimeout * time.Second)); err != nil {
+		return pc, cmn.ErrorWrap(err, "Error setting deadline while encrypting connection")
+	}
 
-		// Encrypt connection
-		conn, err = tmconn.MakeSecretConnection(conn, ourNodePrivKey)
-		if err != nil {
-			return pc, cmn.ErrorWrap(err, "Error creating peer")
-		}
+	// Encrypt connection
+	conn, err = tmconn.MakeSecretConnection(conn, ourNodePrivKey)
+	if err != nil {
+		return pc, cmn.ErrorWrap(err, "Error creating peer")
 	}
 
 	// Only the information we already have

p2p/peer_test.go

@@ -41,32 +41,10 @@ func TestPeerBasic(t *testing.T) {
 	assert.Equal(rp.ID(), p.ID())
 }
 
-func TestPeerWithoutAuthEnc(t *testing.T) {
-	assert, require := assert.New(t), require.New(t)
-
-	config := DefaultPeerConfig()
-	config.AuthEnc = false
-
-	// simulate remote peer
-	rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: config}
-	rp.Start()
-	defer rp.Stop()
-
-	p, err := createOutboundPeerAndPerformHandshake(rp.Addr(), config)
-	require.Nil(err)
-
-	err = p.Start()
-	require.Nil(err)
-	defer p.Stop()
-
-	assert.True(p.IsRunning())
-}
-
 func TestPeerSend(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)
 
 	config := DefaultPeerConfig()
-	config.AuthEnc = false
 
 	// simulate remote peer
 	rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: config}

p2p/switch.go

@@ -95,7 +95,6 @@ func NewSwitch(config *cfg.P2PConfig) *Switch {
 	sw.peerConfig.MConfig.SendRate = config.SendRate
 	sw.peerConfig.MConfig.RecvRate = config.RecvRate
 	sw.peerConfig.MConfig.MaxPacketMsgPayloadSize = config.MaxPacketMsgPayloadSize
-	sw.peerConfig.AuthEnc = config.AuthEnc
 
 	sw.BaseService = *cmn.NewBaseService(nil, "P2P Switch", sw)
 	return sw
@@ -534,10 +533,6 @@ func (sw *Switch) addPeer(pc peerConn) error {
 		return err
 	}
 
-	// NOTE: if AuthEnc==false, we don't have a peerID until after the handshake.
-	// If AuthEnc==true then we already know the ID and could do the checks first before the handshake,
-	// but it's simple to just deal with both cases the same after the handshake.
-
 	// Exchange NodeInfo on the conn
 	peerNodeInfo, err := pc.HandshakeTimeout(sw.nodeInfo, time.Duration(sw.peerConfig.HandshakeTimeout*time.Second))
 	if err != nil {
@@ -547,13 +542,14 @@ func (sw *Switch) addPeer(pc peerConn) error {
 	peerID := peerNodeInfo.ID
 
 	// ensure connection key matches self reported key
-	if pc.config.AuthEnc {
-		connID := pc.ID()
+	connID := pc.ID()
 
-		if peerID != connID {
-			return fmt.Errorf("nodeInfo.ID() (%v) doesn't match conn.ID() (%v)",
-				peerID, connID)
-		}
+	if peerID != connID {
+		return fmt.Errorf(
+			"nodeInfo.ID() (%v) doesn't match conn.ID() (%v)",
+			peerID,
+			connID,
+		)
 	}
 
 	// Validate the peers nodeInfo

state/execution.go

@@ -5,7 +5,6 @@ import (
 
 	fail "github.com/ebuchman/fail-test"
 	abci "github.com/tendermint/abci/types"
-	crypto "github.com/tendermint/go-crypto"
 	"github.com/tendermint/tendermint/proxy"
 	"github.com/tendermint/tendermint/types"
 	dbm "github.com/tendermint/tmlibs/db"
@@ -74,7 +73,7 @@ func (blockExec *BlockExecutor) ApplyBlock(s State, blockID types.BlockID, block
 		return s, ErrInvalidBlock(err)
 	}
 
-	abciResponses, err := execBlockOnProxyApp(blockExec.logger, blockExec.proxyApp, block)
+	abciResponses, err := execBlockOnProxyApp(blockExec.logger, blockExec.proxyApp, block, s.LastValidators, blockExec.db)
 	if err != nil {
 		return s, ErrProxyAppConn(err)
 	}
@@ -160,7 +159,8 @@ func (blockExec *BlockExecutor) Commit(block *types.Block) ([]byte, error) {
 
 // Executes block's transactions on proxyAppConn.
 // Returns a list of transaction results and updates to the validator set
-func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus, block *types.Block) (*ABCIResponses, error) {
+func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus,
+	block *types.Block, lastValSet *types.ValidatorSet, stateDB dbm.DB) (*ABCIResponses, error) {
 	var validTxs, invalidTxs = 0, 0
 
 	txIndex := 0
@@ -186,29 +186,14 @@ func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus,
 	}
 	proxyAppConn.SetResponseCallback(proxyCb)
 
-	// determine which validators did not sign last block
-	absentVals := make([]int32, 0)
-	for valI, vote := range block.LastCommit.Precommits {
-		if vote == nil {
-			absentVals = append(absentVals, int32(valI))
-		}
-	}
-
-	// TODO: determine which validators were byzantine
-	byzantineVals := make([]abci.Evidence, len(block.Evidence.Evidence))
-	for i, ev := range block.Evidence.Evidence {
-		byzantineVals[i] = abci.Evidence{
-			PubKey: ev.Address(), // XXX
-			Height: ev.Height(),
-		}
-	}
+	signVals, byzVals := getBeginBlockValidatorInfo(block, lastValSet, stateDB)
 
 	// Begin block
 	_, err := proxyAppConn.BeginBlockSync(abci.RequestBeginBlock{
 		Hash:                block.Hash(),
 		Header:              types.TM2PB.Header(block.Header),
-		AbsentValidators:    absentVals,
-		ByzantineValidators: byzantineVals,
+		Validators:          signVals,
+		ByzantineValidators: byzVals,
 	})
 	if err != nil {
 		logger.Error("Error in proxyAppConn.BeginBlock", "err", err)
@@ -240,12 +225,56 @@ func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus,
 	return abciResponses, nil
 }
 
+func getBeginBlockValidatorInfo(block *types.Block, lastValSet *types.ValidatorSet, stateDB dbm.DB) ([]abci.SigningValidator, []abci.Evidence) {
+
+	// Sanity check that commit length matches validator set size -
+	// only applies after first block
+	if block.Height > 1 {
+		precommitLen := len(block.LastCommit.Precommits)
+		valSetLen := len(lastValSet.Validators)
+		if precommitLen != valSetLen {
+			// sanity check
+			panic(fmt.Sprintf("precommit length (%d) doesn't match valset length (%d) at height %d\n\n%v\n\n%v",
+				precommitLen, valSetLen, block.Height, block.LastCommit.Precommits, lastValSet.Validators))
+		}
+	}
+
+	// determine which validators did not sign last block.
+	signVals := make([]abci.SigningValidator, len(lastValSet.Validators))
+	for i, val := range lastValSet.Validators {
+		var vote *types.Vote
+		if i < len(block.LastCommit.Precommits) {
+			vote = block.LastCommit.Precommits[i]
+		}
+		val := abci.SigningValidator{
+			Validator:       types.TM2PB.Validator(val),
+			SignedLastBlock: vote != nil,
+		}
+		signVals[i] = val
+	}
+
+	byzVals := make([]abci.Evidence, len(block.Evidence.Evidence))
+	for i, ev := range block.Evidence.Evidence {
+		// We need the validator set. We already did this in validateBlock.
+		// TODO: Should we instead cache the valset in the evidence itself and add
+		// `SetValidatorSet()` and `ToABCI` methods ?
+		valset, err := LoadValidators(stateDB, ev.Height())
+		if err != nil {
+			panic(err) // shoudn't happen
+		}
+		byzVals[i] = types.TM2PB.Evidence(ev, valset, block.Time)
+	}
+
+	return signVals, byzVals
+
+}
+
 // If more or equal than 1/3 of total voting power changed in one block, then
 // a light client could never prove the transition externally. See
 // ./lite/doc.go for details on how a light client tracks validators.
 func updateValidators(currentSet *types.ValidatorSet, updates []abci.Validator) error {
 	for _, v := range updates {
-		pubkey, err := crypto.PubKeyFromBytes(v.PubKey) // NOTE: expects go-amino encoded pubkey
+		pubkey, err := types.PB2TM.PubKey(v.PubKey)
 		if err != nil {
 			return err
 		}
@@ -359,8 +388,9 @@ func fireEvents(logger log.Logger, eventBus types.BlockEventPublisher, block *ty
 
 // ExecCommitBlock executes and commits a block on the proxyApp without validating or mutating the state.
 // It returns the application root hash (result of abci.Commit).
-func ExecCommitBlock(appConnConsensus proxy.AppConnConsensus, block *types.Block, logger log.Logger) ([]byte, error) {
-	_, err := execBlockOnProxyApp(logger, appConnConsensus, block)
+func ExecCommitBlock(appConnConsensus proxy.AppConnConsensus, block *types.Block,
+	logger log.Logger, lastValSet *types.ValidatorSet, stateDB dbm.DB) ([]byte, error) {
+	_, err := execBlockOnProxyApp(logger, appConnConsensus, block, lastValSet, stateDB)
 	if err != nil {
 		logger.Error("Error executing block on proxy app", "height", block.Height, "err", err)
 		return nil, err

state/execution_test.go

@@ -1,6 +1,7 @@
 package state
 
 import (
+	"fmt"
 	"testing"
 	"time"
 
@@ -18,7 +19,6 @@ import (
 )
 
 var (
-	privKey      = crypto.GenPrivKeyEd25519FromSecret([]byte("execution_test"))
 	chainID      = "execution_chain"
 	testPartSize = 65536
 	nTxsPerBlock = 10
@@ -31,7 +31,7 @@ func TestApplyBlock(t *testing.T) {
 	require.Nil(t, err)
 	defer proxyApp.Stop()
 
-	state, stateDB := state(), dbm.NewMemDB()
+	state, stateDB := state(1, 1)
 
 	blockExec := NewBlockExecutor(stateDB, log.TestingLogger(), proxyApp.Consensus(),
 		types.MockMempool{}, types.MockEvidencePool{})
@@ -45,8 +45,8 @@ func TestApplyBlock(t *testing.T) {
 	// TODO check state and mempool
 }
 
-// TestBeginBlockAbsentValidators ensures we send absent validators list.
-func TestBeginBlockAbsentValidators(t *testing.T) {
+// TestBeginBlockValidators ensures we send absent validators list.
+func TestBeginBlockValidators(t *testing.T) {
 	app := &testApp{}
 	cc := proxy.NewLocalClientCreator(app)
 	proxyApp := proxy.NewAppConns(cc, nil)
@@ -54,32 +54,46 @@ func TestBeginBlockAbsentValidators(t *testing.T) {
 	require.Nil(t, err)
 	defer proxyApp.Stop()
 
-	state := state()
+	state, stateDB := state(2, 2)
 
 	prevHash := state.LastBlockID.Hash
 	prevParts := types.PartSetHeader{}
 	prevBlockID := types.BlockID{prevHash, prevParts}
 
 	now := time.Now().UTC()
+	vote0 := &types.Vote{ValidatorIndex: 0, Timestamp: now, Type: types.VoteTypePrecommit}
+	vote1 := &types.Vote{ValidatorIndex: 1, Timestamp: now}
+
 	testCases := []struct {
 		desc                     string
 		lastCommitPrecommits     []*types.Vote
-		expectedAbsentValidators []int32
+		expectedAbsentValidators []int
 	}{
-		{"none absent", []*types.Vote{{ValidatorIndex: 0, Timestamp: now, Type: types.VoteTypePrecommit}, {ValidatorIndex: 1, Timestamp: now}}, []int32{}},
-		{"one absent", []*types.Vote{{ValidatorIndex: 0, Timestamp: now, Type: types.VoteTypePrecommit}, nil}, []int32{1}},
-		{"multiple absent", []*types.Vote{nil, nil}, []int32{0, 1}},
+		{"none absent", []*types.Vote{vote0, vote1}, []int{}},
+		{"one absent", []*types.Vote{vote0, nil}, []int{1}},
+		{"multiple absent", []*types.Vote{nil, nil}, []int{0, 1}},
 	}
 
 	for _, tc := range testCases {
 		lastCommit := &types.Commit{BlockID: prevBlockID, Precommits: tc.lastCommitPrecommits}
 
+		// block for height 2
 		block, _ := state.MakeBlock(2, makeTxs(2), lastCommit)
-		_, err = ExecCommitBlock(proxyApp.Consensus(), block, log.TestingLogger())
+		_, err = ExecCommitBlock(proxyApp.Consensus(), block, log.TestingLogger(), state.Validators, stateDB)
 		require.Nil(t, err, tc.desc)
 
-		// -> app must receive an index of the absent validator
-		assert.Equal(t, tc.expectedAbsentValidators, app.AbsentValidators, tc.desc)
+		// -> app receives a list of validators with a bool indicating if they signed
+		ctr := 0
+		for i, v := range app.Validators {
+			if ctr < len(tc.expectedAbsentValidators) &&
+				tc.expectedAbsentValidators[ctr] == i {
+
+				assert.False(t, v.SignedLastBlock)
+				ctr++
+			} else {
+				assert.True(t, v.SignedLastBlock)
+			}
+		}
 	}
 }
 
@@ -92,35 +106,41 @@ func TestBeginBlockByzantineValidators(t *testing.T) {
 	require.Nil(t, err)
 	defer proxyApp.Stop()
 
-	state := state()
+	state, stateDB := state(2, 12)
 
 	prevHash := state.LastBlockID.Hash
 	prevParts := types.PartSetHeader{}
 	prevBlockID := types.BlockID{prevHash, prevParts}
 
-	height1, idx1, val1 := int64(8), 0, []byte("val1")
-	height2, idx2, val2 := int64(3), 1, []byte("val2")
+	height1, idx1, val1 := int64(8), 0, state.Validators.Validators[0].Address
+	height2, idx2, val2 := int64(3), 1, state.Validators.Validators[1].Address
 	ev1 := types.NewMockGoodEvidence(height1, idx1, val1)
 	ev2 := types.NewMockGoodEvidence(height2, idx2, val2)
 
+	now := time.Now()
+	valSet := state.Validators
 	testCases := []struct {
 		desc                        string
 		evidence                    []types.Evidence
 		expectedByzantineValidators []abci.Evidence
 	}{
 		{"none byzantine", []types.Evidence{}, []abci.Evidence{}},
-		{"one byzantine", []types.Evidence{ev1}, []abci.Evidence{{ev1.Address(), ev1.Height()}}},
+		{"one byzantine", []types.Evidence{ev1}, []abci.Evidence{types.TM2PB.Evidence(ev1, valSet, now)}},
 		{"multiple byzantine", []types.Evidence{ev1, ev2}, []abci.Evidence{
-			{ev1.Address(), ev1.Height()},
-			{ev2.Address(), ev2.Height()}}},
+			types.TM2PB.Evidence(ev1, valSet, now),
+			types.TM2PB.Evidence(ev2, valSet, now)}},
 	}
 
+	vote0 := &types.Vote{ValidatorIndex: 0, Timestamp: now, Type: types.VoteTypePrecommit}
+	vote1 := &types.Vote{ValidatorIndex: 1, Timestamp: now}
+	votes := []*types.Vote{vote0, vote1}
+	lastCommit := &types.Commit{BlockID: prevBlockID, Precommits: votes}
 	for _, tc := range testCases {
-		lastCommit := &types.Commit{BlockID: prevBlockID}
 
 		block, _ := state.MakeBlock(10, makeTxs(2), lastCommit)
+		block.Time = now
 		block.Evidence.Evidence = tc.evidence
-		_, err = ExecCommitBlock(proxyApp.Consensus(), block, log.TestingLogger())
+		_, err = ExecCommitBlock(proxyApp.Consensus(), block, log.TestingLogger(), state.Validators, stateDB)
 		require.Nil(t, err, tc.desc)
 
 		// -> app must receive an index of the byzantine validator
@@ -138,15 +158,30 @@ func makeTxs(height int64) (txs []types.Tx) {
 	return txs
 }
 
-func state() State {
+func state(nVals, height int) (State, dbm.DB) {
+	vals := make([]types.GenesisValidator, nVals)
+	for i := 0; i < nVals; i++ {
+		secret := []byte(fmt.Sprintf("test%d", i))
+		pk := crypto.GenPrivKeyEd25519FromSecret(secret)
+		vals[i] = types.GenesisValidator{
+			pk.PubKey(), 1000, fmt.Sprintf("test%d", i),
+		}
+	}
 	s, _ := MakeGenesisState(&types.GenesisDoc{
-		ChainID: chainID,
-		Validators: []types.GenesisValidator{
-			{privKey.PubKey(), 10000, "test"},
-		},
-		AppHash: nil,
+		ChainID:    chainID,
+		Validators: vals,
+		AppHash:    nil,
 	})
-	return s
+
+	// save validators to db for 2 heights
+	stateDB := dbm.NewMemDB()
+	SaveState(stateDB, s)
+
+	for i := 1; i < height; i++ {
+		s.LastBlockHeight += 1
+		SaveState(stateDB, s)
+	}
+	return s, stateDB
 }
 
 func makeBlock(state State, height int64) *types.Block {
@@ -161,7 +196,7 @@ var _ abci.Application = (*testApp)(nil)
 type testApp struct {
 	abci.BaseApplication
 
-	AbsentValidators    []int32
+	Validators          []abci.SigningValidator
 	ByzantineValidators []abci.Evidence
 }
 
@@ -174,7 +209,7 @@ func (app *testApp) Info(req abci.RequestInfo) (resInfo abci.ResponseInfo) {
 }
 
 func (app *testApp) BeginBlock(req abci.RequestBeginBlock) abci.ResponseBeginBlock {
-	app.AbsentValidators = req.AbsentValidators
+	app.Validators = req.Validators
 	app.ByzantineValidators = req.ByzantineValidators
 	return abci.ResponseBeginBlock{}
 }

state/state_test.go

@@ -78,10 +78,7 @@ func TestABCIResponsesSaveLoad1(t *testing.T) {
 	abciResponses.DeliverTx[0] = &abci.ResponseDeliverTx{Data: []byte("foo"), Tags: nil}
 	abciResponses.DeliverTx[1] = &abci.ResponseDeliverTx{Data: []byte("bar"), Log: "ok", Tags: nil}
 	abciResponses.EndBlock = &abci.ResponseEndBlock{ValidatorUpdates: []abci.Validator{
-		{
-			PubKey: crypto.GenPrivKeyEd25519().PubKey().Bytes(),
-			Power:  10,
-		},
+		types.TM2PB.ValidatorFromPubKeyAndPower(crypto.GenPrivKeyEd25519().PubKey(), 10),
 	}}
 
 	saveABCIResponses(stateDB, block.Height, abciResponses)
@@ -435,8 +432,8 @@ func makeHeaderPartsResponsesValPubKeyChange(state State, height int64,
 	if !bytes.Equal(pubkey.Bytes(), val.PubKey.Bytes()) {
 		abciResponses.EndBlock = &abci.ResponseEndBlock{
 			ValidatorUpdates: []abci.Validator{
-				{val.PubKey.Bytes(), 0},
-				{pubkey.Bytes(), 10},
+				types.TM2PB.ValidatorFromPubKeyAndPower(val.PubKey, 0),
+				types.TM2PB.ValidatorFromPubKeyAndPower(pubkey, 10),
 			},
 		}
 	}
@@ -457,7 +454,7 @@ func makeHeaderPartsResponsesValPowerChange(state State, height int64,
 	if val.VotingPower != power {
 		abciResponses.EndBlock = &abci.ResponseEndBlock{
 			ValidatorUpdates: []abci.Validator{
-				{val.PubKey.Bytes(), power},
+				types.TM2PB.ValidatorFromPubKeyAndPower(val.PubKey, power),
 			},
 		}
 	}

state/store.go

@@ -173,11 +173,12 @@ func LoadValidators(db dbm.DB, height int64) (*types.ValidatorSet, error) {
 	}
 
 	if valInfo.ValidatorSet == nil {
-		valInfo = loadValidatorsInfo(db, valInfo.LastHeightChanged)
-		if valInfo == nil {
+		valInfo2 := loadValidatorsInfo(db, valInfo.LastHeightChanged)
+		if valInfo2 == nil {
 			cmn.PanicSanity(fmt.Sprintf(`Couldn't find validators at height %d as
                         last changed from height %d`, valInfo.LastHeightChanged, height))
 		}
+		valInfo = valInfo2
 	}
 
 	return valInfo.ValidatorSet, nil

state/validation.go

@@ -73,6 +73,9 @@ func validateBlock(stateDB dbm.DB, s State, b *types.Block) error {
 		}
 	}
 
+	// TODO: Each check requires loading an old validator set.
+	// We should cap the amount of evidence per block
+	// to prevent potential proposer DoS.
 	for _, ev := range b.Evidence.Evidence {
 		if err := VerifyEvidence(stateDB, s, ev); err != nil {
 			return types.NewEvidenceInvalidErr(ev, err)
@@ -82,11 +85,11 @@ func validateBlock(stateDB dbm.DB, s State, b *types.Block) error {
 	return nil
 }
 
-// XXX: What's cheaper (ie. what should be checked first):
-//  evidence internal validity (ie. sig checks) or validator existed (fetch historical val set from db)
-
-// VerifyEvidence verifies the evidence fully by checking it is internally
-// consistent and sufficiently recent.
+// VerifyEvidence verifies the evidence fully by checking:
+// - it is sufficiently recent (MaxAge)
+// - it is from a key who was a validator at the given height
+// - it is internally consistent
+// - it was properly signed by the alleged equivocator
 func VerifyEvidence(stateDB dbm.DB, s State, evidence types.Evidence) error {
 	height := s.LastBlockHeight
 
@@ -97,10 +100,6 @@ func VerifyEvidence(stateDB dbm.DB, s State, evidence types.Evidence) error {
 			evidence.Height(), height-maxAge)
 	}
 
-	if err := evidence.Verify(s.ChainID); err != nil {
-		return err
-	}
-
 	valset, err := LoadValidators(stateDB, evidence.Height())
 	if err != nil {
 		// TODO: if err is just that we cant find it cuz we pruned, ignore.
@@ -108,14 +107,18 @@ func VerifyEvidence(stateDB dbm.DB, s State, evidence types.Evidence) error {
 		return err
 	}
 
-	// The address must have been an active validator at the height
+	// The address must have been an active validator at the height.
+	// NOTE: we will ignore evidence from H if the key was not a validator
+	// at H, even if it is a validator at some nearby H'
 	ev := evidence
-	height, addr, idx := ev.Height(), ev.Address(), ev.Index()
-	valIdx, val := valset.GetByAddress(addr)
+	height, addr := ev.Height(), ev.Address()
+	_, val := valset.GetByAddress(addr)
 	if val == nil {
 		return fmt.Errorf("Address %X was not a validator at height %d", addr, height)
-	} else if idx != valIdx {
-		return fmt.Errorf("Address %X was validator %d at height %d, not %d", addr, valIdx, height, idx)
+	}
+
+	if err := evidence.Verify(s.ChainID, val.PubKey); err != nil {
+		return err
 	}
 
 	return nil

state/validation_test.go

@@ -9,7 +9,7 @@ import (
 )
 
 func TestValidateBlock(t *testing.T) {
-	state := state()
+	state, _ := state(1, 1)
 
 	blockExec := NewBlockExecutor(dbm.NewMemDB(), log.TestingLogger(), nil, nil, nil)
 

test/app/grpc_client.go

@@ -2,12 +2,12 @@ package main
 
 import (
 	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"os"
 
 	"context"
 
-	"github.com/tendermint/go-wire"
 	"github.com/tendermint/tendermint/rpc/grpc"
 )
 
@@ -32,5 +32,10 @@ func main() {
 		fmt.Println(err)
 		os.Exit(1)
 	}
-	fmt.Println(string(wire.JSONBytes(res)))
+	bz, err := json.Marshal(res)
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	fmt.Println(string(bz))
 }

types/evidence.go

@@ -28,12 +28,11 @@ func (err *ErrEvidenceInvalid) Error() string {
 
 // Evidence represents any provable malicious activity by a validator
 type Evidence interface {
-	Height() int64               // height of the equivocation
-	Address() []byte             // address of the equivocating validator
-	Index() int                  // index of the validator in the validator set
-	Hash() []byte                // hash of the evidence
-	Verify(chainID string) error // verify the evidence
-	Equal(Evidence) bool         // check equality of evidence
+	Height() int64                                     // height of the equivocation
+	Address() []byte                                   // address of the equivocating validator
+	Hash() []byte                                      // hash of the evidence
+	Verify(chainID string, pubKey crypto.PubKey) error // verify the evidence
+	Equal(Evidence) bool                               // check equality of evidence
 
 	String() string
 }
@@ -68,11 +67,6 @@ func (dve *DuplicateVoteEvidence) Address() []byte {
 	return dve.PubKey.Address()
 }
 
-// Index returns the index of the validator.
-func (dve *DuplicateVoteEvidence) Index() int {
-	return dve.VoteA.ValidatorIndex
-}
-
 // Hash returns the hash of the evidence.
 func (dve *DuplicateVoteEvidence) Hash() []byte {
 	return aminoHasher(dve).Hash()
@@ -80,7 +74,7 @@ func (dve *DuplicateVoteEvidence) Hash() []byte {
 
 // Verify returns an error if the two votes aren't conflicting.
 // To be conflicting, they must be from the same validator, for the same H/R/S, but for different blocks.
-func (dve *DuplicateVoteEvidence) Verify(chainID string) error {
+func (dve *DuplicateVoteEvidence) Verify(chainID string, pubKey crypto.PubKey) error {
 	// H/R/S must be the same
 	if dve.VoteA.Height != dve.VoteB.Height ||
 		dve.VoteA.Round != dve.VoteB.Round ||
@@ -92,7 +86,8 @@ func (dve *DuplicateVoteEvidence) Verify(chainID string) error {
 	if !bytes.Equal(dve.VoteA.ValidatorAddress, dve.VoteB.ValidatorAddress) {
 		return fmt.Errorf("DuplicateVoteEvidence Error: Validator addresses do not match. Got %X and %X", dve.VoteA.ValidatorAddress, dve.VoteB.ValidatorAddress)
 	}
-	// XXX: Should we enforce index is the same ?
+
+	// Index must be the same
 	if dve.VoteA.ValidatorIndex != dve.VoteB.ValidatorIndex {
 		return fmt.Errorf("DuplicateVoteEvidence Error: Validator indices do not match. Got %d and %d", dve.VoteA.ValidatorIndex, dve.VoteB.ValidatorIndex)
 	}
@@ -102,11 +97,18 @@ func (dve *DuplicateVoteEvidence) Verify(chainID string) error {
 		return fmt.Errorf("DuplicateVoteEvidence Error: BlockIDs are the same (%v) - not a real duplicate vote", dve.VoteA.BlockID)
 	}
 
+	// pubkey must match address (this should already be true, sanity check)
+	addr := dve.VoteA.ValidatorAddress
+	if !bytes.Equal(pubKey.Address(), addr) {
+		return fmt.Errorf("DuplicateVoteEvidence FAILED SANITY CHECK - address (%X) doesn't match pubkey (%v - %X)",
+			addr, pubKey, pubKey.Address())
+	}
+
 	// Signatures must be valid
-	if !dve.PubKey.VerifyBytes(dve.VoteA.SignBytes(chainID), dve.VoteA.Signature) {
+	if !pubKey.VerifyBytes(dve.VoteA.SignBytes(chainID), dve.VoteA.Signature) {
 		return fmt.Errorf("DuplicateVoteEvidence Error verifying VoteA: %v", ErrVoteInvalidSignature)
 	}
-	if !dve.PubKey.VerifyBytes(dve.VoteB.SignBytes(chainID), dve.VoteB.Signature) {
+	if !pubKey.VerifyBytes(dve.VoteB.SignBytes(chainID), dve.VoteB.Signature) {
 		return fmt.Errorf("DuplicateVoteEvidence Error verifying VoteB: %v", ErrVoteInvalidSignature)
 	}
 
@@ -131,29 +133,26 @@ func (dve *DuplicateVoteEvidence) Equal(ev Evidence) bool {
 type MockGoodEvidence struct {
 	Height_  int64
 	Address_ []byte
-	Index_   int
 }
 
 // UNSTABLE
-func NewMockGoodEvidence(height int64, index int, address []byte) MockGoodEvidence {
-	return MockGoodEvidence{height, address, index}
+func NewMockGoodEvidence(height int64, idx int, address []byte) MockGoodEvidence {
+	return MockGoodEvidence{height, address}
 }
 
 func (e MockGoodEvidence) Height() int64   { return e.Height_ }
 func (e MockGoodEvidence) Address() []byte { return e.Address_ }
-func (e MockGoodEvidence) Index() int      { return e.Index_ }
 func (e MockGoodEvidence) Hash() []byte {
-	return []byte(fmt.Sprintf("%d-%d", e.Height_, e.Index_))
+	return []byte(fmt.Sprintf("%d-%x", e.Height_, e.Address_))
 }
-func (e MockGoodEvidence) Verify(chainID string) error { return nil }
+func (e MockGoodEvidence) Verify(chainID string, pubKey crypto.PubKey) error { return nil }
 func (e MockGoodEvidence) Equal(ev Evidence) bool {
 	e2 := ev.(MockGoodEvidence)
 	return e.Height_ == e2.Height_ &&
-		bytes.Equal(e.Address_, e2.Address_) &&
-		e.Index_ == e2.Index_
+		bytes.Equal(e.Address_, e2.Address_)
 }
 func (e MockGoodEvidence) String() string {
-	return fmt.Sprintf("GoodEvidence: %d/%s/%d", e.Height_, e.Address_, e.Index_)
+	return fmt.Sprintf("GoodEvidence: %d/%s", e.Height_, e.Address_)
 }
 
 // UNSTABLE
@@ -161,15 +160,16 @@ type MockBadEvidence struct {
 	MockGoodEvidence
 }
 
-func (e MockBadEvidence) Verify(chainID string) error { return fmt.Errorf("MockBadEvidence") }
+func (e MockBadEvidence) Verify(chainID string, pubKey crypto.PubKey) error {
+	return fmt.Errorf("MockBadEvidence")
+}
 func (e MockBadEvidence) Equal(ev Evidence) bool {
 	e2 := ev.(MockBadEvidence)
 	return e.Height_ == e2.Height_ &&
-		bytes.Equal(e.Address_, e2.Address_) &&
-		e.Index_ == e2.Index_
+		bytes.Equal(e.Address_, e2.Address_)
 }
 func (e MockBadEvidence) String() string {
-	return fmt.Sprintf("BadEvidence: %d/%s/%d", e.Height_, e.Address_, e.Index_)
+	return fmt.Sprintf("BadEvidence: %d/%s", e.Height_, e.Address_)
 }
 
 //-------------------------------------------

types/evidence_test.go

@@ -59,17 +59,16 @@ func TestEvidence(t *testing.T) {
 		{vote1, badVote, false},                                          // signed by wrong key
 	}
 
+	pubKey := val.GetPubKey()
 	for _, c := range cases {
 		ev := &DuplicateVoteEvidence{
-			PubKey: val.GetPubKey(),
-			VoteA:  c.vote1,
-			VoteB:  c.vote2,
+			VoteA: c.vote1,
+			VoteB: c.vote2,
 		}
 		if c.valid {
-			assert.Nil(t, ev.Verify(chainID), "evidence should be valid")
+			assert.Nil(t, ev.Verify(chainID, pubKey), "evidence should be valid")
 		} else {
-			assert.NotNil(t, ev.Verify(chainID), "evidence should be invalid")
+			assert.NotNil(t, ev.Verify(chainID, pubKey), "evidence should be invalid")
 		}
 	}
-
 }

types/protobuf.go

@@ -1,71 +1,166 @@
 package types
 
 import (
-	"github.com/tendermint/abci/types"
+	"fmt"
+	"reflect"
+	"time"
+
+	abci "github.com/tendermint/abci/types"
+	crypto "github.com/tendermint/go-crypto"
 )
 
-// TM2PB is used for converting Tendermint types to protobuf types.
+//-------------------------------------------------------
+// Use strings to distinguish types in ABCI messages
+
+const (
+	ABCIEvidenceTypeDuplicateVote = "duplicate/vote"
+	ABCIEvidenceTypeMockGood      = "mock/good"
+)
+
+const (
+	ABCIPubKeyTypeEd25519   = "ed25519"
+	ABCIPubKeyTypeSecp256k1 = "secp256k1"
+)
+
+//-------------------------------------------------------
+
+// TM2PB is used for converting Tendermint ABCI to protobuf ABCI.
 // UNSTABLE
 var TM2PB = tm2pb{}
 
 type tm2pb struct{}
 
-func (tm2pb) Header(header *Header) types.Header {
-	return types.Header{
-		ChainID:        header.ChainID,
-		Height:         header.Height,
-		Time:           header.Time.Unix(),
-		NumTxs:         int32(header.NumTxs), // XXX: overflow
-		LastBlockID:    TM2PB.BlockID(header.LastBlockID),
-		LastCommitHash: header.LastCommitHash,
-		DataHash:       header.DataHash,
-		AppHash:        header.AppHash,
+func (tm2pb) Header(header *Header) abci.Header {
+	return abci.Header{
+		ChainID:       header.ChainID,
+		Height:        header.Height,
+		Time:          header.Time.Unix(),
+		NumTxs:        int32(header.NumTxs), // XXX: overflow
+		LastBlockHash: header.LastBlockID.Hash,
+		AppHash:       header.AppHash,
 	}
 }
 
-func (tm2pb) BlockID(blockID BlockID) types.BlockID {
-	return types.BlockID{
-		Hash:  blockID.Hash,
-		Parts: TM2PB.PartSetHeader(blockID.PartsHeader),
-	}
-}
-
-func (tm2pb) PartSetHeader(partSetHeader PartSetHeader) types.PartSetHeader {
-	return types.PartSetHeader{
-		Total: int32(partSetHeader.Total), // XXX: overflow
-		Hash:  partSetHeader.Hash,
-	}
-}
-
-func (tm2pb) Validator(val *Validator) types.Validator {
-	return types.Validator{
-		PubKey: val.PubKey.Bytes(),
+func (tm2pb) Validator(val *Validator) abci.Validator {
+	return abci.Validator{
+		PubKey: TM2PB.PubKey(val.PubKey),
 		Power:  val.VotingPower,
 	}
 }
 
-func (tm2pb) Validators(vals *ValidatorSet) []types.Validator {
-	validators := make([]types.Validator, len(vals.Validators))
+func (tm2pb) PubKey(pubKey crypto.PubKey) abci.PubKey {
+	switch pk := pubKey.(type) {
+	case crypto.PubKeyEd25519:
+		return abci.PubKey{
+			Type: "ed25519",
+			Data: pk[:],
+		}
+	case crypto.PubKeySecp256k1:
+		return abci.PubKey{
+			Type: "secp256k1",
+			Data: pk[:],
+		}
+	default:
+		panic(fmt.Sprintf("unknown pubkey type: %v %v", pubKey, reflect.TypeOf(pubKey)))
+	}
+}
+
+func (tm2pb) Validators(vals *ValidatorSet) []abci.Validator {
+	validators := make([]abci.Validator, len(vals.Validators))
 	for i, val := range vals.Validators {
 		validators[i] = TM2PB.Validator(val)
 	}
 	return validators
 }
 
-func (tm2pb) ConsensusParams(params *ConsensusParams) *types.ConsensusParams {
-	return &types.ConsensusParams{
-		BlockSize: &types.BlockSize{
+func (tm2pb) ConsensusParams(params *ConsensusParams) *abci.ConsensusParams {
+	return &abci.ConsensusParams{
+		BlockSize: &abci.BlockSize{
 
 			MaxBytes: int32(params.BlockSize.MaxBytes),
 			MaxTxs:   int32(params.BlockSize.MaxTxs),
 			MaxGas:   params.BlockSize.MaxGas,
 		},
-		TxSize: &types.TxSize{
+		TxSize: &abci.TxSize{
 			MaxBytes: int32(params.TxSize.MaxBytes),
 			MaxGas:   params.TxSize.MaxGas,
 		},
-		BlockGossip: &types.BlockGossip{
+		BlockGossip: &abci.BlockGossip{
 			BlockPartSizeBytes: int32(params.BlockGossip.BlockPartSizeBytes),
 		},
 	}
 }
+
+// ABCI Evidence includes information from the past that's not included in the evidence itself
+// so Evidence types stays compact.
+func (tm2pb) Evidence(ev Evidence, valSet *ValidatorSet, evTime time.Time) abci.Evidence {
+	_, val := valSet.GetByAddress(ev.Address())
+	if val == nil {
+		// should already have checked this
+		panic(val)
+	}
+
+	abciEvidence := abci.Evidence{
+		Validator: abci.Validator{
+			Address: ev.Address(),
+			PubKey:  TM2PB.PubKey(val.PubKey),
+			Power:   val.VotingPower,
+		},
+		Height:           ev.Height(),
+		Time:             evTime.Unix(),
+		TotalVotingPower: valSet.TotalVotingPower(),
+	}
+
+	// set type
+	switch ev.(type) {
+	case *DuplicateVoteEvidence:
+		abciEvidence.Type = ABCIEvidenceTypeDuplicateVote
+	case *MockGoodEvidence, MockGoodEvidence:
+		abciEvidence.Type = ABCIEvidenceTypeMockGood
+	default:
+		panic(fmt.Sprintf("Unknown evidence type: %v %v", ev, reflect.TypeOf(ev)))
+	}
+
+	return abciEvidence
+}
+
+func (tm2pb) ValidatorFromPubKeyAndPower(pubkey crypto.PubKey, power int64) abci.Validator {
+	pubkeyABCI := TM2PB.PubKey(pubkey)
+	return abci.Validator{
+		Address: pubkey.Address(),
+		PubKey:  pubkeyABCI,
+		Power:   power,
+	}
+}
+
+//----------------------------------------------------------------------------
+
+// PB2TM is used for converting protobuf ABCI to Tendermint ABCI.
+// UNSTABLE
+var PB2TM = pb2tm{}
+
+type pb2tm struct{}
+
+func (pb2tm) PubKey(pubKey abci.PubKey) (crypto.PubKey, error) {
+	// TODO: define these in go-crypto and use them
+	sizeEd := 32
+	sizeSecp := 33
+	switch pubKey.Type {
+	case ABCIPubKeyTypeEd25519:
+		if len(pubKey.Data) != sizeEd {
+			return nil, fmt.Errorf("Invalid size for PubKeyEd25519. Got %d, expected %d", len(pubKey.Data), sizeEd)
+		}
+		var pk crypto.PubKeyEd25519
+		copy(pk[:], pubKey.Data)
+		return pk, nil
+	case ABCIPubKeyTypeSecp256k1:
+		if len(pubKey.Data) != sizeSecp {
+			return nil, fmt.Errorf("Invalid size for PubKeyEd25519. Got %d, expected %d", len(pubKey.Data), sizeSecp)
+		}
+		var pk crypto.PubKeySecp256k1
+		copy(pk[:], pubKey.Data)
+		return pk, nil
+	default:
+		return nil, fmt.Errorf("Unknown pubkey type %v", pubKey.Type)
+	}
+}

version/version.go

@@ -10,7 +10,7 @@ const (
 var (
 	// Version is the current version of Tendermint
 	// Must be a string because scripts like dist.sh read this file.
-	Version = "0.19.7"
+	Version = "0.19.7-dev"
 
 	// GitCommit is the current HEAD set using ldflags.
 	GitCommit string