From 5651fa3869572d86e43c2c2d3df2fc12d22ecb25 Mon Sep 17 00:00:00 2001 From: Tomas Tauber <2410580+tomtau@users.noreply.github.com> Date: Fri, 10 Sep 2021 15:12:40 +0800 Subject: [PATCH] Ethermint support (#1295) * added Ethermint support (fixes #1267 #1071) - collected changes from https://github.com/informalsystems/ibc-rs/issues/1267#issuecomment-896459781 - EthAccount definition was directly pasted into the proto library (as different chains the same proto definition, but under a different package path) - added a new configuration option that allows specifying the address derivation as well as the proto type of public keys (e.g. "/injective.crypto.v1beta1.ethsecp256k1.PubKey" or "/ethermint.crypto.v1alpha1.ethsecp256k1.PubKey") * added a comment for eth address and change query_account return type back to BaseAccount * check the public key type in ethermint address generation * added a check on `sign_msg` * added comments + reordered example config * added links with information for testing Ethermint * adjusted a comment for `EthAccount` Co-authored-by: Romain Ruetschi --- .../features/1267-ethermint-support.md | 4 + Cargo.lock | 10 +++ ci/README.md | 7 ++ config.toml | 15 ++++ relayer-cli/src/commands/keys/restore.rs | 2 +- relayer/Cargo.toml | 1 + relayer/src/chain/cosmos.rs | 47 ++++++---- relayer/src/chain/mock.rs | 3 +- relayer/src/config.rs | 33 +++++++ relayer/src/error.rs | 13 +++ relayer/src/keyring.rs | 88 ++++++++++++++----- relayer/src/keyring/errors.rs | 4 + relayer/src/keyring/pub_key.rs | 10 ++- .../config/fixtures/relayer_conf_example.toml | 3 +- 14 files changed, 194 insertions(+), 46 deletions(-) create mode 100644 .changelog/unreleased/features/1267-ethermint-support.md diff --git a/.changelog/unreleased/features/1267-ethermint-support.md b/.changelog/unreleased/features/1267-ethermint-support.md new file mode 100644 index 0000000000..602c516bee --- /dev/null +++ b/.changelog/unreleased/features/1267-ethermint-support.md @@ -0,0 +1,4 @@ +- Added post-Stargate (v0.5+) Ethermint support ([#1267] [#1071]) + +[#1267]: https://github.com/informalsystems/ibc-rs/issues/1267 +[#1071]: https://github.com/informalsystems/ibc-rs/issues/1071 diff --git a/Cargo.lock b/Cargo.lock index 7dd6566030..8426a25672 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1418,6 +1418,7 @@ dependencies = [ "test-env-log", "thiserror", "tiny-bip39", + "tiny-keccak", "tokio", "toml", "tonic", @@ -3160,6 +3161,15 @@ dependencies = [ "zeroize", ] +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237" +dependencies = [ + "crunchy", +] + [[package]] name = "tiny_http" version = "0.8.2" diff --git a/ci/README.md b/ci/README.md index bea8098dcc..184e096a17 100644 --- a/ci/README.md +++ b/ci/README.md @@ -6,6 +6,13 @@ This folder contains the files required to run the End to end testing in [Github The [End to end (e2e) testing workflow](https://github.com/informalsystems/ibc-rs/actions?query=workflow%3A%22End+to+End+testing%22) spins up two `gaia` chains (`ibc-0` and `ibc-1`) in Docker containers and one container that runs the relayer. There's a script that configures the relayer (e.g. configure light clients and add keys) and runs transactions and queries. A successful run of this script ensures that the relayer is working properly with two chains that support `IBC`. +### Testing Ethermint-based networks +At this moment, the automated E2E workflow does not spin up a network with the (post-Stargate) Ethermint module. In the meantime, you can test it manually by following one of the resources below: + +- [the official documentation on ethermint.dev](https://ethermint.dev/quickstart/run_node.html) +- [using the tweaked E2E scripts from the Injective's fork](https://github.com/InjectiveLabs/ibc-rs/commit/669535617a6e45be9916387e292d45a77e7d23d2) +- [using the nix-based integration test scripts in the Cronos project](https://github.com/crypto-org-chain/cronos#quitck-start) + ### Running an End to end (e2e) test locally If you want to run the end to end test locally, you will need [Docker](https://www.docker.com/) installed on your machine. diff --git a/config.toml b/config.toml index 6e887b5740..72b9a0c973 100644 --- a/config.toml +++ b/config.toml @@ -90,6 +90,20 @@ account_prefix = 'cosmos' # https://hermes.informal.systems/commands/keys/index.html#adding-keys key_name = 'testkey' +# Specify the address type which determines: +# 1) address derivation; +# 2) how to retrieve and decode accounts and pubkeys; +# 3) the message signing method. +# The current configuration options are for Cosmos SDK and Ethermint. +# +# Example configuration for Ethermint: +# +# address_type = { derivation = 'ethermint', proto_type = { pk_type = '/injective.crypto.v1beta1.ethsecp256k1.PubKey' } } +# +# Default: { derivation = 'cosmos' }, i.e. address derivation as in Cosmos SDK +# Warning: This is an advanced feature! Modify with caution. +address_type = { derivation = 'cosmos' } + # Specify the store prefix used by the on-chain IBC modules. Required # Recommended value for Cosmos SDK: 'ibc' store_prefix = 'ibc' @@ -168,3 +182,4 @@ max_tx_size = 2097152 clock_drift = '5s' trusting_period = '14days' trust_threshold = { numerator = '1', denominator = '3' } +address_type = { derivation = 'cosmos' } diff --git a/relayer-cli/src/commands/keys/restore.rs b/relayer-cli/src/commands/keys/restore.rs index ae2f0208c2..12e08ee6c3 100644 --- a/relayer-cli/src/commands/keys/restore.rs +++ b/relayer-cli/src/commands/keys/restore.rs @@ -93,7 +93,7 @@ pub fn restore_key( config: &ChainConfig, ) -> Result> { let mut keyring = KeyRing::new(Store::Test, &config.account_prefix, &config.id)?; - let key_entry = keyring.key_from_mnemonic(mnemonic, hdpath)?; + let key_entry = keyring.key_from_mnemonic(mnemonic, hdpath, &config.address_type)?; keyring.add_key(key_name, key_entry.clone())?; Ok(key_entry) diff --git a/relayer/Cargo.toml b/relayer/Cargo.toml index fbe1e21122..a76bb5b21d 100644 --- a/relayer/Cargo.toml +++ b/relayer/Cargo.toml @@ -49,6 +49,7 @@ bitcoin = { version = "=0.27", features = ["use-serde"] } tiny-bip39 = "0.8.0" hdpath = { version = "0.6.0", features = ["with-bitcoin"] } sha2 = "0.9.6" +tiny-keccak = { version = "2.0.2", features = ["keccak"], default-features = false } ripemd160 = "0.9.1" bech32 = "0.8.1" itertools = "0.10.1" diff --git a/relayer/src/chain/cosmos.rs b/relayer/src/chain/cosmos.rs index 420794192d..c5488c1df8 100644 --- a/relayer/src/chain/cosmos.rs +++ b/relayer/src/chain/cosmos.rs @@ -50,7 +50,7 @@ use ibc::ics24_host::{ClientUpgradePath, Path, IBC_QUERY_PATH, SDK_UPGRADE_QUERY use ibc::query::{QueryTxHash, QueryTxRequest}; use ibc::signer::Signer; use ibc::Height as ICSHeight; -use ibc_proto::cosmos::auth::v1beta1::{BaseAccount, QueryAccountRequest}; +use ibc_proto::cosmos::auth::v1beta1::{BaseAccount, EthAccount, QueryAccountRequest}; use ibc_proto::cosmos::base::tendermint::v1beta1::service_client::ServiceClient; use ibc_proto::cosmos::base::tendermint::v1beta1::GetNodeInfoRequest; use ibc_proto::cosmos::base::v1beta1::Coin; @@ -71,7 +71,7 @@ use ibc_proto::ibc::core::connection::v1::{ QueryClientConnectionsRequest, QueryConnectionsRequest, }; -use crate::config::{ChainConfig, GasPrice}; +use crate::config::{AddressType, ChainConfig, GasPrice}; use crate::error::Error; use crate::event::monitor::{EventMonitor, EventReceiver}; use crate::keyring::{KeyEntry, KeyRing, Store}; @@ -523,14 +523,12 @@ impl CosmosSdkChain { fn account(&mut self) -> Result<&mut BaseAccount, Error> { if self.account == None { let account = self.block_on(query_account(self, self.key()?.account))?; - debug!( sequence = %account.sequence, number = %account.account_number, "[{}] send_tx: retrieved account", self.id() ); - self.account = Some(account); } @@ -555,9 +553,13 @@ impl CosmosSdkChain { fn signer(&self, sequence: u64) -> Result { let (_key, pk_buf) = self.key_and_bytes()?; + let pk_type = match &self.config.address_type { + AddressType::Cosmos => "/cosmos.crypto.secp256k1.PubKey".to_string(), + AddressType::Ethermint { pk_type } => pk_type.clone(), + }; // Create a MsgSend proto Any message let pk_any = Any { - type_url: "/cosmos.crypto.secp256k1.PubKey".to_string(), + type_url: pk_type, value: pk_buf, }; @@ -610,7 +612,11 @@ impl CosmosSdkChain { // Sign doc let signed = self .keybase - .sign_msg(&self.config.key_name, signdoc_buf) + .sign_msg( + &self.config.key_name, + signdoc_buf, + &self.config.address_type, + ) .map_err(Error::key_base)?; Ok(signed) @@ -1948,19 +1954,22 @@ async fn query_account(chain: &CosmosSdkChain, address: String) -> Result Result { diff --git a/relayer/src/chain/mock.rs b/relayer/src/chain/mock.rs index 018daf05d5..a027e2d7d1 100644 --- a/relayer/src/chain/mock.rs +++ b/relayer/src/chain/mock.rs @@ -401,7 +401,7 @@ pub mod test_utils { use ibc::ics24_host::identifier::ChainId; - use crate::config::{ChainConfig, GasPrice, PacketFilter}; + use crate::config::{AddressType, ChainConfig, GasPrice, PacketFilter}; /// Returns a very minimal chain configuration, to be used in initializing `MockChain`s. pub fn get_basic_chain_config(id: &str) -> ChainConfig { @@ -423,6 +423,7 @@ pub mod test_utils { trusting_period: Duration::from_secs(14 * 24 * 60 * 60), // 14 days trust_threshold: Default::default(), packet_filter: PacketFilter::default(), + address_type: AddressType::default(), } } } diff --git a/relayer/src/config.rs b/relayer/src/config.rs index cd91cb90fb..4e8220791b 100644 --- a/relayer/src/config.rs +++ b/relayer/src/config.rs @@ -262,6 +262,37 @@ impl Default for RestConfig { } } +/// It defines the address generation method +/// TODO: Ethermint `pk_type` to be restricted +/// after the Cosmos SDK release with ethsecp256k1 +/// https://github.com/cosmos/cosmos-sdk/pull/9981 +#[derive(Clone, Debug, PartialEq, Deserialize, Serialize)] +#[serde( + rename_all = "lowercase", + tag = "derivation", + content = "proto_type", + deny_unknown_fields +)] +pub enum AddressType { + Cosmos, + Ethermint { pk_type: String }, +} + +impl Default for AddressType { + fn default() -> Self { + AddressType::Cosmos + } +} + +impl fmt::Display for AddressType { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + AddressType::Cosmos => write!(f, "cosmos"), + AddressType::Ethermint { .. } => write!(f, "ethermint"), + } + } +} + #[derive(Clone, Debug, Deserialize, Serialize)] #[serde(deny_unknown_fields)] pub struct ChainConfig { @@ -291,6 +322,8 @@ pub struct ChainConfig { pub gas_price: GasPrice, #[serde(default)] pub packet_filter: PacketFilter, + #[serde(default)] + pub address_type: AddressType, } /// Attempt to load and parse the TOML config file as a `Config`. diff --git a/relayer/src/error.rs b/relayer/src/error.rs index 4af2417ba5..308add8994 100644 --- a/relayer/src/error.rs +++ b/relayer/src/error.rs @@ -422,6 +422,19 @@ define_error! { format!("Hermes health check failed while verifying the application compatibility for chain {0}:{1}; caused by: {2}", e.chain_id, e.address, e.cause) }, + + UnknownAccountType + { + type_url: String + } + |e| { + format!("Failed to deserialize account of an unknown protobuf type: {0}", + e.type_url) + }, + + EmptyBaseAccount + |_| { "Empty BaseAccount within EthAccount" }, + } } diff --git a/relayer/src/keyring.rs b/relayer/src/keyring.rs index 3ae33576e3..6adb920f53 100644 --- a/relayer/src/keyring.rs +++ b/relayer/src/keyring.rs @@ -1,13 +1,9 @@ -use std::collections::HashMap; -use std::ffi::OsStr; -use std::fs::{self, File}; -use std::path::{Path, PathBuf}; - +use crate::config::AddressType; use bech32::{ToBase32, Variant}; use bip39::{Language, Mnemonic, Seed}; use bitcoin::{ network::constants::Network, - secp256k1::Secp256k1, + secp256k1::{Message, Secp256k1, SecretKey}, util::bip32::{DerivationPath, ExtendedPrivKey, ExtendedPubKey}, }; use hdpath::StandardHDPath; @@ -16,6 +12,11 @@ use k256::ecdsa::{signature::Signer, Signature, SigningKey}; use ripemd160::Ripemd160; use serde::{Deserialize, Serialize}; use sha2::{Digest, Sha256}; +use std::collections::HashMap; +use std::ffi::OsStr; +use std::fs::{self, File}; +use std::path::{Path, PathBuf}; +use tiny_keccak::{Hasher, Keccak}; use errors::Error; pub use pub_key::EncodedPubKey; @@ -320,6 +321,7 @@ impl KeyRing { &self, mnemonic_words: &str, hd_path: &HDPath, + at: &AddressType, ) -> Result { // Get the private key from the mnemonic let private_key = private_key_from_mnemonic(mnemonic_words, hd_path)?; @@ -328,7 +330,7 @@ impl KeyRing { let public_key = ExtendedPubKey::from_private(&Secp256k1::new(), &private_key); // Get address from the public Key - let address = get_address(public_key); + let address = get_address(public_key, at); // Compute Bech32 account let account = bech32::encode(self.account_prefix(), address.to_base32(), Variant::Bech32) @@ -343,15 +345,33 @@ impl KeyRing { } /// Sign a message - pub fn sign_msg(&self, key_name: &str, msg: Vec) -> Result, Error> { + pub fn sign_msg( + &self, + key_name: &str, + msg: Vec, + address_type: &AddressType, + ) -> Result, Error> { let key = self.get_key(key_name)?; let private_key_bytes = key.private_key.private_key.to_bytes(); - let signing_key = - SigningKey::from_bytes(private_key_bytes.as_slice()).map_err(Error::invalid_key)?; - - let signature: Signature = signing_key.sign(&msg); - Ok(signature.as_ref().to_vec()) + match address_type { + AddressType::Ethermint { ref pk_type } if pk_type.ends_with(".ethsecp256k1.PubKey") => { + let hash = keccak256_hash(msg.as_slice()); + let s = Secp256k1::signing_only(); + // SAFETY: hash is 32 bytes, as expected in `Message::from_slice` -- see `keccak256_hash`, hence `unwrap` + let sign_msg = Message::from_slice(hash.as_slice()).unwrap(); + let key = SecretKey::from_slice(private_key_bytes.as_slice()) + .map_err(Error::invalid_key_raw)?; + let (_, sig_bytes) = s.sign_recoverable(&sign_msg, &key).serialize_compact(); + Ok(sig_bytes.to_vec()) + } + AddressType::Cosmos | AddressType::Ethermint { .. } => { + let signing_key = SigningKey::from_bytes(private_key_bytes.as_slice()) + .map_err(Error::invalid_key)?; + let signature: Signature = signing_key.sign(&msg); + Ok(signature.as_ref().to_vec()) + } + } } pub fn account_prefix(&self) -> &str { @@ -380,19 +400,33 @@ fn private_key_from_mnemonic( } /// Return an address from a Public Key -fn get_address(pk: ExtendedPubKey) -> Vec { - let mut hasher = Sha256::new(); - hasher.update(pk.public_key.to_bytes().as_slice()); +fn get_address(pk: ExtendedPubKey, at: &AddressType) -> Vec { + match at { + AddressType::Ethermint { ref pk_type } if pk_type.ends_with(".ethsecp256k1.PubKey") => { + let public_key = pk.public_key.key.serialize_uncompressed(); + // 0x04 is [SECP256K1_TAG_PUBKEY_UNCOMPRESSED](https://github.com/bitcoin-core/secp256k1/blob/d7ec49a6893751f068275cc8ddf4993ef7f31756/include/secp256k1.h#L196) + debug_assert_eq!(public_key[0], 0x04); + + let output = keccak256_hash(&public_key[1..]); + // right-most 20-bytes from the 32-byte keccak hash + // (see https://kobl.one/blog/create-full-ethereum-keypair-and-address/) + output[12..].to_vec() + } + AddressType::Cosmos | AddressType::Ethermint { .. } => { + let mut hasher = Sha256::new(); + hasher.update(pk.public_key.to_bytes().as_slice()); - // Read hash digest over the public key bytes & consume hasher - let pk_hash = hasher.finalize(); + // Read hash digest over the public key bytes & consume hasher + let pk_hash = hasher.finalize(); - // Plug the hash result into the next crypto hash function. - let mut rip_hasher = Ripemd160::new(); - rip_hasher.update(pk_hash); - let rip_result = rip_hasher.finalize(); + // Plug the hash result into the next crypto hash function. + let mut rip_hasher = Ripemd160::new(); + rip_hasher.update(pk_hash); + let rip_result = rip_hasher.finalize(); - rip_result.to_vec() + rip_result.to_vec() + } + } } fn decode_bech32(input: &str) -> Result, Error> { @@ -415,3 +449,11 @@ fn disk_store_path(folder_name: &str) -> Result { Ok(folder) } + +fn keccak256_hash(bytes: &[u8]) -> Vec { + let mut hasher = Keccak::v256(); + hasher.update(bytes); + let mut resp = vec![0u8; 32]; + hasher.finalize(&mut resp); + resp +} diff --git a/relayer/src/keyring/errors.rs b/relayer/src/keyring/errors.rs index b5abaf5bf8..4e06f876d4 100644 --- a/relayer/src/keyring/errors.rs +++ b/relayer/src/keyring/errors.rs @@ -7,6 +7,10 @@ define_error! { [ TraceError ] |_| { "invalid key: could not build signing key from private key bytes" }, + InvalidKeyRaw + [ TraceError ] + |_| { "invalid key: could not build signing key from private key bytes" }, + KeyNotFound |_| { "key not found" }, diff --git a/relayer/src/keyring/pub_key.rs b/relayer/src/keyring/pub_key.rs index 97ba01bc09..445401f39f 100644 --- a/relayer/src/keyring/pub_key.rs +++ b/relayer/src/keyring/pub_key.rs @@ -63,7 +63,15 @@ impl FromStr for EncodedPubKey { proto.tpe ); - if proto.tpe != "/cosmos.crypto.secp256k1.PubKey" { + // Ethermint pubkey types: + // e.g. "/ethermint.crypto.v1alpha1.ethsecp256k1.PubKey", "/injective.crypto.v1beta1.ethsecp256k1.PubKey" + // "/ethermint.crypto.v1beta1.ethsecp256k1.PubKey", "/ethermint.crypto.v1.ethsecp256k1.PubKey", + // "/cosmos.crypto.ethsecp256k1.PubKey" + // TODO: to be restricted after the Cosmos SDK release with ethsecp256k1 + // https://github.com/cosmos/cosmos-sdk/pull/9981 + if proto.tpe != "/cosmos.crypto.secp256k1.PubKey" + && !proto.tpe.ends_with(".ethsecp256k1.PubKey") + { Err(Error::unsupported_public_key(proto.tpe)) } else { Ok(EncodedPubKey::Proto(proto)) diff --git a/relayer/tests/config/fixtures/relayer_conf_example.toml b/relayer/tests/config/fixtures/relayer_conf_example.toml index bd3d322a39..44d001bcc5 100644 --- a/relayer/tests/config/fixtures/relayer_conf_example.toml +++ b/relayer/tests/config/fixtures/relayer_conf_example.toml @@ -18,6 +18,7 @@ max_tx_size = 1048576 clock_drift = '5s' trusting_period = '14days' trust_threshold = { numerator = '1', denominator = '3' } +address_type = { derivation = 'cosmos' } [[chains]] id = 'chain_B' @@ -32,4 +33,4 @@ gas_price = { price = 0.001, denom = 'stake' } clock_drift = '5s' trusting_period = '14days' trust_threshold = { numerator = '1', denominator = '3' } - +address_type = { derivation = 'ethermint', proto_type = { pk_type = '/injective.crypto.v1beta1.ethsecp256k1.PubKey' } }