crypto: add keyring supported algorithms (#439)

* add keyring supported algorithms

* lint

* minor updates

* use eth_secp256k1 as the default signing algo

* add flag

* derivation func

* refactor

* rename keys amino registration

* fix keys

* address comments from review
This commit is contained in:
Federico Kunze 2020-08-11 17:01:15 +02:00 committed by GitHub
parent defcad2bcd
commit a243f43fe2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 239 additions and 52 deletions

View File

@ -16,7 +16,7 @@ import (
"github.com/cosmos/cosmos-sdk/crypto/keyring"
sdk "github.com/cosmos/cosmos-sdk/types"
emintcrypto "github.com/cosmos/ethermint/crypto"
"github.com/cosmos/ethermint/crypto"
)
// UnsafeExportEthKeyCommand exports a key with the given name as a private key in hex format.
@ -34,6 +34,7 @@ func UnsafeExportEthKeyCommand() *cobra.Command {
viper.GetString(flags.FlagKeyringBackend),
viper.GetString(flags.FlagHome),
inBuf,
crypto.EthSecp256k1Options()...,
)
if err != nil {
return err
@ -63,7 +64,7 @@ func UnsafeExportEthKeyCommand() *cobra.Command {
}
// Converts key to Ethermint secp256 implementation
emintKey, ok := privKey.(emintcrypto.PrivKeySecp256k1)
emintKey, ok := privKey.(crypto.PrivKeySecp256k1)
if !ok {
return fmt.Errorf("invalid private key type, must be Ethereum key: %T", privKey)
}

View File

@ -65,7 +65,9 @@ func runAddCmd(cmd *cobra.Command, args []string) error {
func getKeybase(transient bool, buf io.Reader) (keyring.Keybase, error) {
if transient {
return keyring.NewInMemory(keyring.WithKeygenFunc(crypto.EthermintKeygenFunc)), nil
return keyring.NewInMemory(
crypto.EthSecp256k1Options()...,
), nil
}
return keyring.NewKeyring(
@ -73,5 +75,6 @@ func getKeybase(transient bool, buf io.Reader) (keyring.Keybase, error) {
viper.GetString(flags.FlagKeyringBackend),
viper.GetString(flags.FlagHome),
buf,
keyring.WithKeygenFunc(crypto.EthermintKeygenFunc))
crypto.EthSecp256k1Options()...,
)
}

View File

@ -165,7 +165,7 @@ func InitTestnet(
keyringBackend,
clientDir,
inBuf,
keyring.WithKeygenFunc(crypto.EthermintKeygenFunc),
crypto.EthSecp256k1Options()...,
)
if err != nil {
return err

View File

@ -22,6 +22,7 @@ import (
"github.com/cosmos/cosmos-sdk/x/genutil"
"github.com/cosmos/ethermint/codec"
"github.com/cosmos/ethermint/crypto"
ethermint "github.com/cosmos/ethermint/types"
ethcrypto "github.com/ethereum/go-ethereum/crypto"
@ -61,6 +62,7 @@ contain valid denominations. Accounts may optionally be supplied with vesting pa
viper.GetString(flags.FlagKeyringBackend),
viper.GetString(flagClientHome),
inBuf,
crypto.EthSecp256k1Options()...,
)
if err != nil {
return err

84
crypto/algorithm.go Normal file
View File

@ -0,0 +1,84 @@
package crypto
import (
"fmt"
"github.com/pkg/errors"
"crypto/hmac"
"crypto/sha512"
"github.com/tyler-smith/go-bip39"
ethcrypto "github.com/ethereum/go-ethereum/crypto"
tmcrypto "github.com/tendermint/tendermint/crypto"
"github.com/cosmos/cosmos-sdk/crypto/keyring"
)
const (
// EthSecp256k1 defines the ECDSA secp256k1 used on Ethereum
EthSecp256k1 = keyring.SigningAlgo("eth_secp256k1")
)
// SupportedAlgorithms defines the list of signing algorithms used on Ethermint:
// - eth_secp256k1 (Ethereum)
// - secp256k1 (Tendermint)
var SupportedAlgorithms = []keyring.SigningAlgo{EthSecp256k1, keyring.Secp256k1}
// EthSecp256k1Options defines a keyring options for the ethereum Secp256k1 curve.
func EthSecp256k1Options() []keyring.KeybaseOption {
return []keyring.KeybaseOption{
keyring.WithKeygenFunc(EthermintKeygenFunc),
keyring.WithDeriveFunc(DeriveKey),
keyring.WithSupportedAlgos(SupportedAlgorithms),
keyring.WithSupportedAlgosLedger(SupportedAlgorithms),
}
}
func DeriveKey(mnemonic, bip39Passphrase, hdPath string, algo keyring.SigningAlgo) ([]byte, error) {
switch algo {
case keyring.Secp256k1:
return keyring.StdDeriveKey(mnemonic, bip39Passphrase, hdPath, algo)
case EthSecp256k1:
return DeriveSecp256k1(mnemonic, bip39Passphrase, hdPath)
default:
return nil, errors.Wrap(keyring.ErrUnsupportedSigningAlgo, string(algo))
}
}
// EthermintKeygenFunc is the key generation function to generate secp256k1 ToECDSA
// from ethereum.
func EthermintKeygenFunc(bz []byte, algo keyring.SigningAlgo) (tmcrypto.PrivKey, error) {
if algo != EthSecp256k1 {
return nil, fmt.Errorf("signing algorithm must be %s, got %s", EthSecp256k1, algo)
}
return PrivKeySecp256k1(bz), nil
}
func DeriveSecp256k1(mnemonic, bip39Passphrase, _ string) ([]byte, error) {
seed, err := bip39.NewSeedWithErrorChecking(mnemonic, bip39Passphrase)
if err != nil {
return nil, err
}
// HMAC the seed to produce the private key and chain code
mac := hmac.New(sha512.New, []byte("Bitcoin seed"))
_, err = mac.Write(seed)
if err != nil {
return nil, err
}
seed = mac.Sum(nil)
priv, err := ethcrypto.ToECDSA(seed[:32])
if err != nil {
return nil, err
}
derivedKey := PrivKeySecp256k1(ethcrypto.FromECDSA(priv))
return derivedKey, nil
}

99
crypto/algorithm_test.go Normal file
View File

@ -0,0 +1,99 @@
package crypto
import (
"strings"
"testing"
"github.com/stretchr/testify/require"
ethcrypto "github.com/ethereum/go-ethereum/crypto"
"github.com/cosmos/cosmos-sdk/crypto/keyring"
"github.com/cosmos/cosmos-sdk/crypto/keys/hd"
"github.com/cosmos/cosmos-sdk/tests"
sdk "github.com/cosmos/cosmos-sdk/types"
)
func TestEthermintKeygenFunc(t *testing.T) {
privkey, err := GenerateKey()
require.NoError(t, err)
testCases := []struct {
name string
privKey []byte
algo keyring.SigningAlgo
expPass bool
}{
{
"valid ECDSA privKey",
ethcrypto.FromECDSA(privkey.ToECDSA()),
EthSecp256k1,
true,
},
{
"nil bytes, valid algo",
nil,
EthSecp256k1,
true,
},
{
"empty bytes, valid algo",
[]byte{},
EthSecp256k1,
true,
},
{
"invalid algo",
nil,
keyring.MultiAlgo,
false,
},
}
for _, tc := range testCases {
privkey, err := EthermintKeygenFunc(tc.privKey, tc.algo)
if tc.expPass {
require.NoError(t, err, tc.name)
} else {
require.Error(t, err, tc.name)
require.Nil(t, privkey, tc.name)
}
}
}
func TestKeyring(t *testing.T) {
dir, cleanup := tests.NewTestCaseDir(t)
mockIn := strings.NewReader("")
t.Cleanup(cleanup)
kr, err := keyring.NewKeyring("ethermint", keyring.BackendTest, dir, mockIn, EthSecp256k1Options()...)
require.NoError(t, err)
// fail in retrieving key
info, err := kr.Get("foo")
require.Error(t, err)
require.Nil(t, info)
mockIn.Reset("password\npassword\n")
info, mnemonic, err := kr.CreateMnemonic("foo", keyring.English, sdk.FullFundraiserPath, EthSecp256k1)
require.NoError(t, err)
require.NotEmpty(t, mnemonic)
require.Equal(t, "foo", info.GetName())
require.Equal(t, "local", info.GetType().String())
require.Equal(t, EthSecp256k1, info.GetAlgo())
params := *hd.NewFundraiserParams(0, sdk.CoinType, 0)
hdPath := params.String()
bz, err := DeriveKey(mnemonic, keyring.DefaultBIP39Passphrase, hdPath, EthSecp256k1)
require.NoError(t, err)
require.NotEmpty(t, bz)
bz, err = DeriveKey(mnemonic, keyring.DefaultBIP39Passphrase, hdPath, keyring.Secp256k1)
require.NoError(t, err)
require.NotEmpty(t, bz)
bz, err = DeriveKey(mnemonic, keyring.DefaultBIP39Passphrase, hdPath, keyring.SigningAlgo(""))
require.Error(t, err)
require.Empty(t, bz)
}

View File

@ -1,19 +1,28 @@
package crypto
import (
cryptoamino "github.com/tendermint/tendermint/crypto/encoding/amino"
"github.com/cosmos/cosmos-sdk/codec"
"github.com/cosmos/cosmos-sdk/crypto/keyring"
)
var cryptoCodec = codec.New()
// CryptoCodec is the default amino codec used by ethermint
var CryptoCodec = codec.New()
const (
// Amino encoding names
PrivKeyAminoName = "crypto/PrivKeySecp256k1"
PubKeyAminoName = "crypto/PubKeySecp256k1"
const (
PrivKeyAminoName = "ethermint/PrivKeySecp256k1"
PubKeyAminoName = "ethermint/PubKeySecp256k1"
)
func init() {
RegisterCodec(cryptoCodec)
// replace the keyring codec with the ethermint crypto codec to prevent
// amino panics because of unregistered Priv/PubKey
keyring.CryptoCdc = CryptoCodec
keyring.RegisterCodec(CryptoCodec)
cryptoamino.RegisterAmino(CryptoCodec)
RegisterCodec(CryptoCodec)
}
// RegisterCodec registers all the necessary types with amino for the given

View File

@ -1,12 +0,0 @@
package crypto
import (
"github.com/cosmos/cosmos-sdk/crypto/keyring"
tmcrypto "github.com/tendermint/tendermint/crypto"
)
// EthermintKeygenFunc is the key generation function to generate secp256k1 ToECDSA
// from ethereum.
func EthermintKeygenFunc(bz []byte, algo keyring.SigningAlgo) (tmcrypto.PrivKey, error) {
return PrivKeySecp256k1(bz), nil
}

View File

@ -45,7 +45,7 @@ func (privkey PrivKeySecp256k1) PubKey() tmcrypto.PubKey {
// Bytes returns the raw ECDSA private key bytes.
func (privkey PrivKeySecp256k1) Bytes() []byte {
return cryptoCodec.MustMarshalBinaryBare(privkey)
return CryptoCodec.MustMarshalBinaryBare(privkey)
}
// Sign creates a recoverable ECDSA signature on the secp256k1 curve over the
@ -87,7 +87,7 @@ func (key PubKeySecp256k1) Address() tmcrypto.Address {
// Bytes returns the raw bytes of the ECDSA public key.
func (key PubKeySecp256k1) Bytes() []byte {
bz, err := cryptoCodec.MarshalBinaryBare(key)
bz, err := CryptoCodec.MarshalBinaryBare(key)
if err != nil {
panic(err)
}

View File

@ -47,7 +47,7 @@ ethermintd start
To run a node with the same key every time: replace `ethermintcli keys add $KEY` in `./init.sh` with:
```bash
echo "your mnemonic here" | ethermintcli keys add $KEY --recover
echo "your mnemonic here" | ethermintcli keys add $KEY --recover --algo "eth_secp256k1"
```
::: tip Ethermint currently only supports 24 word mnemonics.
@ -56,7 +56,7 @@ echo "your mnemonic here" | ethermintcli keys add $KEY --recover
You can generate a new key/mnemonic with:
```bash
ethermintcli keys add $KEY
ethermintcli keys add $KEY --algo "eth_secp256k1"
```
To export your ethermint key as an ethereum private key (for use with Metamask for example):

View File

@ -57,7 +57,7 @@ minimum-gas-prices = ""
```bash
# Create a key to hold your account
ethermintcli keys add $KEY
ethermintcli keys add $KEY --algo "eth_secp256k1"
# Add that key into the genesis.app_state.accounts array in the genesis file
# NOTE: this command lets you set the number of coins. Make sure this account has some coins
@ -268,7 +268,7 @@ Now that accounts exists, you may create new accounts and send those accounts
funds!
::: tip
**Note**: Each node's seed is located at `./build/nodeN/ethermintcli/key_seed.json` and can be restored to the CLI using the `ethermintcli keys add --restore` command
**Note**: Each node's seed is located at `./build/nodeN/ethermintcli/key_seed.json` and can be restored to the CLI using the `ethermintcli keys add --restore --algo "eth_secp256k1"` command
:::
### Special Binaries

3
go.mod
View File

@ -27,9 +27,10 @@ require (
github.com/stretchr/testify v1.6.1
github.com/tendermint/tendermint v0.33.4
github.com/tendermint/tm-db v0.5.1
github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
gopkg.in/yaml.v2 v2.3.0
)
// forked SDK to avoid breaking changes
replace github.com/cosmos/cosmos-sdk => github.com/Chainsafe/cosmos-sdk v0.34.4-0.20200622114457-35ea97f29c5f
replace github.com/cosmos/cosmos-sdk => github.com/Chainsafe/cosmos-sdk v0.34.4-0.20200811134358-723463e1daec

6
go.sum
View File

@ -33,8 +33,8 @@ github.com/ChainSafe/go-schnorrkel v0.0.0-20200102211924-4bcbc698314f h1:4O1om+U
github.com/ChainSafe/go-schnorrkel v0.0.0-20200102211924-4bcbc698314f/go.mod h1:URdX5+vg25ts3aCh8H5IFZybJYKWhJHYMTnf+ULtoC4=
github.com/ChainSafe/go-schnorrkel v0.0.0-20200405005733-88cbf1b4c40d h1:nalkkPQcITbvhmL4+C4cKA87NW0tfm3Kl9VXRoPywFg=
github.com/ChainSafe/go-schnorrkel v0.0.0-20200405005733-88cbf1b4c40d/go.mod h1:URdX5+vg25ts3aCh8H5IFZybJYKWhJHYMTnf+ULtoC4=
github.com/Chainsafe/cosmos-sdk v0.34.4-0.20200622114457-35ea97f29c5f h1:hLvatKcr7PZPWlwBb08oSxdfd7bN5JT0d3MKIwm3zEk=
github.com/Chainsafe/cosmos-sdk v0.34.4-0.20200622114457-35ea97f29c5f/go.mod h1:brXC4wuGawcC5pQebaWER22hzunmXFLgN8vajUh+xhE=
github.com/Chainsafe/cosmos-sdk v0.34.4-0.20200811134358-723463e1daec h1:xcqymee4N5YPH9+NKmrNGw0pdfM82VOoohiXIaQwLzo=
github.com/Chainsafe/cosmos-sdk v0.34.4-0.20200811134358-723463e1daec/go.mod h1:brXC4wuGawcC5pQebaWER22hzunmXFLgN8vajUh+xhE=
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
@ -563,8 +563,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
github.com/spf13/viper v1.6.2/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k=
github.com/spf13/viper v1.6.3/go.mod h1:jUMtyi0/lB5yZH/FjyGAoH7IMNrIhlBf6pXZmbMDvzw=
github.com/spf13/viper v1.7.0 h1:xVKxvI7ouOI5I+U9s2eeiUfMaWBVoXA3AWskkrqK0VM=
github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/spf13/viper v1.7.1 h1:pM5oEahlgWv/WnHXpgbKz7iLIxRf65tye2Ci+XFK5sk=
github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/status-im/keycard-go v0.0.0-20190316090335-8537d3370df4/go.mod h1:RZLeN1LMWmRsyYjvAu+I6Dm9QmlDaIIt+Y+4Kd7Tp+Q=

View File

@ -18,7 +18,7 @@ ethermintcli config indent true
ethermintcli config trust-node true
# if $KEY exists it should be deleted
ethermintcli keys add $KEY
ethermintcli keys add $KEY --algo "eth_secp256k1"
# Set moniker and chain-id for Ethermint (Moniker can be anything, chain-id must be an integer)
ethermintd init $MONIKER --chain-id $CHAINID
@ -49,4 +49,3 @@ echo -e "ethermintcli rest-server --laddr \"tcp://localhost:8545\" --unlock-key
# Start the node (remove the --pruning=nothing flag if historical queries are not needed)
ethermintd start --pruning=nothing --rpc.unsafe --log_level "main:info,state:info,mempool:info" --trace

View File

@ -16,7 +16,7 @@ import (
authrest "github.com/cosmos/cosmos-sdk/x/auth/client/rest"
"github.com/cosmos/ethermint/app"
emintcrypto "github.com/cosmos/ethermint/crypto"
"github.com/cosmos/ethermint/crypto"
"github.com/ethereum/go-ethereum/rpc"
"github.com/spf13/cobra"
@ -45,7 +45,7 @@ func registerRoutes(rs *lcd.RestServer) {
accountName := viper.GetString(flagUnlockKey)
accountNames := strings.Split(accountName, ",")
var emintKeys []emintcrypto.PrivKeySecp256k1
var keys []crypto.PrivKeySecp256k1
if len(accountName) > 0 {
var err error
inBuf := bufio.NewReader(os.Stdin)
@ -64,13 +64,13 @@ func registerRoutes(rs *lcd.RestServer) {
}
}
emintKeys, err = unlockKeyFromNameAndPassphrase(accountNames, passphrase)
keys, err = unlockKeyFromNameAndPassphrase(accountNames, passphrase)
if err != nil {
panic(err)
}
}
apis := GetRPCAPIs(rs.CliCtx, emintKeys)
apis := GetRPCAPIs(rs.CliCtx, keys)
// TODO: Allow cli to configure modules https://github.com/ChainSafe/ethermint/issues/74
whitelist := make(map[string]bool)
@ -98,33 +98,35 @@ func registerRoutes(rs *lcd.RestServer) {
ws.start()
}
func unlockKeyFromNameAndPassphrase(accountNames []string, passphrase string) (emintKeys []emintcrypto.PrivKeySecp256k1, err error) {
func unlockKeyFromNameAndPassphrase(accountNames []string, passphrase string) ([]crypto.PrivKeySecp256k1, error) {
keybase, err := keyring.NewKeyring(
sdk.KeyringServiceName(),
viper.GetString(flags.FlagKeyringBackend),
viper.GetString(flags.FlagHome),
os.Stdin,
crypto.EthSecp256k1Options()...,
)
if err != nil {
return
return []crypto.PrivKeySecp256k1{}, err
}
// try the for loop with array []string accountNames
// run through the bottom code inside the for loop
for _, acc := range accountNames {
keys := make([]crypto.PrivKeySecp256k1, len(accountNames))
for i, acc := range accountNames {
// With keyring keybase, password is not required as it is pulled from the OS prompt
privKey, err := keybase.ExportPrivateKeyObject(acc, passphrase)
if err != nil {
return nil, err
return []crypto.PrivKeySecp256k1{}, err
}
var ok bool
emintKey, ok := privKey.(emintcrypto.PrivKeySecp256k1)
keys[i], ok = privKey.(crypto.PrivKeySecp256k1)
if !ok {
panic(fmt.Sprintf("invalid private key type: %T", privKey))
panic(fmt.Sprintf("invalid private key type %T at index %d", privKey, i))
}
emintKeys = append(emintKeys, emintKey)
}
return
return keys, nil
}

View File

@ -14,7 +14,7 @@ import (
"github.com/spf13/viper"
"github.com/cosmos/ethermint/codec"
emintcrypto "github.com/cosmos/ethermint/crypto"
"github.com/cosmos/ethermint/crypto"
params "github.com/cosmos/ethermint/rpc/args"
emint "github.com/cosmos/ethermint/types"
"github.com/cosmos/ethermint/utils"
@ -46,14 +46,14 @@ import (
type PublicEthAPI struct {
cliCtx context.CLIContext
backend Backend
keys []emintcrypto.PrivKeySecp256k1
keys []crypto.PrivKeySecp256k1
nonceLock *AddrLocker
keybaseLock sync.Mutex
}
// NewPublicEthAPI creates an instance of the public ETH Web3 API.
func NewPublicEthAPI(cliCtx context.CLIContext, backend Backend, nonceLock *AddrLocker,
key []emintcrypto.PrivKeySecp256k1) *PublicEthAPI {
key []crypto.PrivKeySecp256k1) *PublicEthAPI {
return &PublicEthAPI{
cliCtx: cliCtx,
@ -142,6 +142,7 @@ func (e *PublicEthAPI) Accounts() ([]common.Address, error) {
viper.GetString(flags.FlagKeyringBackend),
viper.GetString(flags.FlagHome),
e.cliCtx.Input,
crypto.EthSecp256k1Options()...,
)
if err != nil {
return addresses, err
@ -294,7 +295,7 @@ func (e *PublicEthAPI) ExportAccount(address common.Address, blockNumber BlockNu
return string(res), nil
}
func checkKeyInKeyring(keys []emintcrypto.PrivKeySecp256k1, address common.Address) (key emintcrypto.PrivKeySecp256k1, exist bool) {
func checkKeyInKeyring(keys []crypto.PrivKeySecp256k1, address common.Address) (key crypto.PrivKeySecp256k1, exist bool) {
if len(keys) > 0 {
for _, key := range keys {
if bytes.Equal(key.PubKey().Address().Bytes(), address.Bytes()) {

View File

@ -74,7 +74,7 @@ arrcli=()
init_func() {
echo "create and add new keys"
"$PWD"/build/ethermintcli config keyring-backend test --home "$DATA_CLI_DIR$i"
"$PWD"/build/ethermintcli keys add $KEY"$i" --home "$DATA_CLI_DIR$i" --no-backup --chain-id $CHAINID
"$PWD"/build/ethermintcli keys add $KEY"$i" --home "$DATA_CLI_DIR$i" --no-backup --chain-id $CHAINID --algo "eth_secp256k1"
echo "init Ethermint with moniker=$MONIKER and chain-id=$CHAINID"
"$PWD"/build/ethermintd init $MONIKER --chain-id $CHAINID --home "$DATA_DIR$i"
echo "init ethermintcli with chain-id=$CHAINID and config it trust-node true"