Merge PR #4400: Release v0.34.5 - RC1

* Cherry Pick PR #4345: Upgrade ledger-cosmos-go

* Cherry Pick PR #4336: Fix AppendTags usage error

* Update modules

* Cherry Pick PR #4265: CacheKVStore keep sorted items

* Cherry Pick #4227: Adding support for Ledger Cosmos App v1.5

* Cherry Pick #4395: Improve sig verification error message

* Cherry Pick PR #4140: Fix Failed Simulation Seeds

CHANGELOG.md

@@ -1,13 +1,34 @@
 # Changelog
 
+## 0.34.5
+
+### Bug Fixes
+
+#### SDK
+
+* [\#4273](https://github.com/cosmos/cosmos-sdk/issues/4273) Fix usage of `AppendTags` in x/staking/handler.go
+
+### Improvements
+
+### SDK
+
+* [\#2286](https://github.com/cosmos/cosmos-sdk/issues/2286) Improve performance of `CacheKVStore` iterator.
+* [\#3655](https://github.com/cosmos/cosmos-sdk/issues/3655) Improve signature verification failure error message.
+
+#### Gaia CLI
+
+* [\#4227](https://github.com/cosmos/cosmos-sdk/issues/4227) Support for Ledger App v1.5.
+* [#4345](https://github.com/cosmos/cosmos-sdk/pull/4345) Update `ledger-cosmos-go`
+to v0.10.3.
+
 ## 0.34.4
 
 ### Bug Fixes
 
 #### SDK
 
 * [#4234](https://github.com/cosmos/cosmos-sdk/pull/4234) Allow `tx send --generate-only` to
-actually work offline. 
+actually work offline.
 
 #### Gaia
 

client/keys/add.go

@@ -171,9 +171,10 @@ func runAddCmd(_ *cobra.Command, args []string) error {
  account := uint32(viper.GetInt(flagAccount))
  index := uint32(viper.GetInt(flagIndex))
 
- // If we're using ledger, only thing we need is the path. So generate key and we're done.
+ // If we're using ledger, only thing we need is the path and the bech32 prefix.
  if viper.GetBool(client.FlagUseLedger) {
- info, err := kb.CreateLedger(name, keys.Secp256k1, account, index)
+ bech32PrefixAccAddr := sdk.GetConfig().GetBech32AccountAddrPrefix()
+ info, err := kb.CreateLedger(name, keys.Secp256k1, bech32PrefixAccAddr, account, index)
  if err != nil {
  return err
  }

client/keys/show.go

@@ -24,7 +24,7 @@ const (
  FlagPublicKey = "pubkey"
  // FlagBechPrefix defines a desired Bech32 prefix encoding for a key.
  FlagBechPrefix = "bech"
- // FlagBechPrefix defines a desired Bech32 prefix encoding for a key.
+ // FlagDevice indicates that the information should be shown in the device
  FlagDevice = "device"
 
  flagMultiSigThreshold = "multisig-threshold"
@@ -47,7 +47,7 @@ consisting of all the keys provided by name and multisig threshold.`,
  cmd.Flags().String(FlagBechPrefix, sdk.PrefixAccount, "The Bech32 prefix encoding for a key (acc|val|cons)")
  cmd.Flags().BoolP(FlagAddress, "a", false, "Output the address only (overrides --output)")
  cmd.Flags().BoolP(FlagPublicKey, "p", false, "Output the public key only (overrides --output)")
- cmd.Flags().BoolP(FlagDevice, "d", false, "Output the address in the device")
+ cmd.Flags().BoolP(FlagDevice, "d", false, "Output the address in a ledger device")
  cmd.Flags().Uint(flagMultiSigThreshold, 1, "K out of N required signatures")
  cmd.Flags().BoolP(flagShowMultiSig, "m", false, "Output multisig pubkey constituents, threshold, and weights")
  cmd.Flags().Bool(client.FlagIndentResponse, false, "Add indent to JSON response")

cmd/gaia/app/sim_test.go

@@ -119,23 +119,27 @@ func appStateRandomizedFn(r *rand.Rand, accs []simulation.Account, genesisTimest
  if int64(i) > numInitiallyBonded && r.Intn(100) < 50 {
  var (
  vacc auth.VestingAccount
- endTime int
+ endTime int64
  )
 
  startTime := genesisTimestamp.Unix()
 
  // Allow for some vesting accounts to vest very quickly while others very
  // slowly.
  if r.Intn(100) < 50 {
- endTime = randIntBetween(r, int(startTime), int(startTime+(60*60*24*30)))
+ endTime = int64(simulation.RandIntBetween(r, int(startTime), int(startTime+(60*60*24*30))))
  } else {
- endTime = randIntBetween(r, int(startTime), int(startTime+(60*60*12)))
+ endTime = int64(simulation.RandIntBetween(r, int(startTime), int(startTime+(60*60*12))))
+ }
+
+ if startTime == endTime {
+ endTime += 1
  }
 
  if r.Intn(100) < 50 {
- vacc = auth.NewContinuousVestingAccount(&bacc, startTime, int64(endTime))
+ vacc = auth.NewContinuousVestingAccount(&bacc, startTime, endTime)
  } else {
- vacc = auth.NewDelayedVestingAccount(&bacc, int64(endTime))
+ vacc = auth.NewDelayedVestingAccount(&bacc, endTime)
  }
 
  gacc = NewGenesisAccountI(vacc)
@@ -148,11 +152,11 @@ func appStateRandomizedFn(r *rand.Rand, accs []simulation.Account, genesisTimest
 
  authGenesis := auth.GenesisState{
  Params: auth.Params{
- MaxMemoCharacters: uint64(randIntBetween(r, 100, 200)),
+ MaxMemoCharacters: uint64(simulation.RandIntBetween(r, 100, 200)),
  TxSigLimit: uint64(r.Intn(7) + 1),
- TxSizeCostPerByte: uint64(randIntBetween(r, 5, 15)),
- SigVerifyCostED25519: uint64(randIntBetween(r, 500, 1000)),
- SigVerifyCostSecp256k1: uint64(randIntBetween(r, 500, 1000)),
+ TxSizeCostPerByte: uint64(simulation.RandIntBetween(r, 5, 15)),
+ SigVerifyCostED25519: uint64(simulation.RandIntBetween(r, 500, 1000)),
+ SigVerifyCostSecp256k1: uint64(simulation.RandIntBetween(r, 500, 1000)),
  },
  }
  fmt.Printf("Selected randomly generated auth parameters:\n\t%+v\n", authGenesis)
@@ -182,7 +186,7 @@ func appStateRandomizedFn(r *rand.Rand, accs []simulation.Account, genesisTimest
  stakingGenesis := staking.GenesisState{
  Pool: staking.InitialPool(),
  Params: staking.Params{
- UnbondingTime: time.Duration(randIntBetween(r, 60, 60*60*24*3*2)) * time.Second,
+ UnbondingTime: time.Duration(simulation.RandIntBetween(r, 60, 60*60*24*3*2)) * time.Second,
  MaxValidators: uint16(r.Intn(250) + 1),
  BondDenom: sdk.DefaultBondDenom,
  },
@@ -192,9 +196,9 @@ func appStateRandomizedFn(r *rand.Rand, accs []simulation.Account, genesisTimest
  slashingGenesis := slashing.GenesisState{
  Params: slashing.Params{
  MaxEvidenceAge: stakingGenesis.Params.UnbondingTime,
- SignedBlocksWindow: int64(randIntBetween(r, 10, 1000)),
+ SignedBlocksWindow: int64(simulation.RandIntBetween(r, 10, 1000)),
  MinSignedPerWindow: sdk.NewDecWithPrec(int64(r.Intn(10)), 1),
- DowntimeJailDuration: time.Duration(randIntBetween(r, 60, 60*60*24)) * time.Second,
+ DowntimeJailDuration: time.Duration(simulation.RandIntBetween(r, 60, 60*60*24)) * time.Second,
  SlashFractionDoubleSign: sdk.NewDec(1).Quo(sdk.NewDec(int64(r.Intn(50) + 1))),
  SlashFractionDowntime: sdk.NewDec(1).Quo(sdk.NewDec(int64(r.Intn(200) + 1))),
  },
@@ -269,10 +273,6 @@ func appStateFn(r *rand.Rand, accs []simulation.Account, genesisTimestamp time.T
  return appStateRandomizedFn(r, accs, genesisTimestamp)
 }
 
-func randIntBetween(r *rand.Rand, min, max int) int {
- return r.Intn(max-min) + min
-}
-
 func testAndRunTxs(app *GaiaApp) []simulation.WeightedOperation {
  return []simulation.WeightedOperation{
  {5, authsim.SimulateDeductFee(app.accountKeeper, app.feeCollectionKeeper)},

crypto/keys/keybase.go

@@ -137,18 +137,19 @@ func (kb dbKeybase) Derive(name, mnemonic, bip39Passphrase, encryptPasswd string
 
 // CreateLedger creates a new locally-stored reference to a Ledger keypair
 // It returns the created key info and an error if the Ledger could not be queried
-func (kb dbKeybase) CreateLedger(name string, algo SigningAlgo, account uint32, index uint32) (Info, error) {
+func (kb dbKeybase) CreateLedger(name string, algo SigningAlgo, hrp string, account, index uint32) (Info, error) {
  if algo != Secp256k1 {
  return nil, ErrUnsupportedSigningAlgo
  }
 
  hdPath := hd.NewFundraiserParams(account, index)
- priv, err := crypto.NewPrivKeyLedgerSecp256k1(*hdPath)
+ priv, _, err := crypto.NewPrivKeyLedgerSecp256k1(*hdPath, hrp)
  if err != nil {
  return nil, err
  }
  pub := priv.PubKey()
 
+ // Note: Once Cosmos App v1.3.1 is compulsory, it could be possible to check that pubkey and addr match
  return kb.writeLedgerKey(name, pub, *hdPath), nil
 }
 
@@ -246,7 +247,7 @@ func (kb dbKeybase) Sign(name, passphrase string, msg []byte) (sig []byte, pub t
 
  case ledgerInfo:
  linfo := info.(ledgerInfo)
- priv, err = crypto.NewPrivKeyLedgerSecp256k1(linfo.Path)
+ priv, err = crypto.NewPrivKeyLedgerSecp256k1Unsafe(linfo.Path)
  if err != nil {
  return
  }

crypto/keys/keybase_test.go

@@ -37,7 +37,7 @@ func TestCreateAccountInvalidMnemonic(t *testing.T) {
 
 func TestCreateLedgerUnsupportedAlgo(t *testing.T) {
  kb := NewInMemory()
- _, err := kb.CreateLedger("some_account", Ed25519, 0, 1)
+ _, err := kb.CreateLedger("some_account", Ed25519, "cosmos", 0, 1)
  assert.Error(t, err)
  assert.Equal(t, "unsupported signing algo: only secp256k1 is supported", err.Error())
 }
@@ -49,7 +49,7 @@ func TestCreateLedger(t *testing.T) {
  // test_cover does not compile some dependencies so ledger is disabled
  // test_unit may add a ledger mock
  // both cases are acceptable
- ledger, err := kb.CreateLedger("some_account", Secp256k1, 3, 1)
+ ledger, err := kb.CreateLedger("some_account", Secp256k1, "cosmos", 3, 1)
 
  if err != nil {
  assert.Error(t, err)

crypto/keys/lazy_keybase.go

@@ -106,14 +106,14 @@ func (lkb lazyKeybase) Derive(name, mnemonic, bip39Passwd, encryptPasswd string,
  return newDbKeybase(db).Derive(name, mnemonic, bip39Passwd, encryptPasswd, params)
 }
 
-func (lkb lazyKeybase) CreateLedger(name string, algo SigningAlgo, account uint32, index uint32) (info Info, err error) {
+func (lkb lazyKeybase) CreateLedger(name string, algo SigningAlgo, hrp string, account, index uint32) (info Info, err error) {
  db, err := sdk.NewLevelDB(lkb.name, lkb.dir)
  if err != nil {
  return nil, err
  }
  defer db.Close()
 
- return newDbKeybase(db).CreateLedger(name, algo, account, index)
+ return newDbKeybase(db).CreateLedger(name, algo, hrp, account, index)
 }
 
 func (lkb lazyKeybase) CreateOffline(name string, pubkey crypto.PubKey) (info Info, err error) {

crypto/keys/types.go

@@ -35,7 +35,7 @@ type Keybase interface {
  Derive(name, mnemonic, bip39Passwd, encryptPasswd string, params hd.BIP44Params) (Info, error)
 
  // CreateLedger creates, stores, and returns a new Ledger key reference
- CreateLedger(name string, algo SigningAlgo, account uint32, index uint32) (info Info, err error)
+ CreateLedger(name string, algo SigningAlgo, hrp string, account, index uint32) (info Info, err error)
 
  // CreateOffline creates, stores, and returns a new offline key reference
  CreateOffline(name string, pubkey crypto.PubKey) (info Info, err error)

crypto/ledger_mock.go

@@ -4,14 +4,17 @@ package crypto
 
 import (
  "fmt"
-
  "github.com/btcsuite/btcd/btcec"
+ "github.com/pkg/errors"
+
  "github.com/cosmos/cosmos-sdk/crypto/keys/hd"
  "github.com/cosmos/cosmos-sdk/tests"
- bip39 "github.com/cosmos/go-bip39"
- "github.com/pkg/errors"
+ "github.com/cosmos/cosmos-sdk/types"
+ "github.com/cosmos/go-bip39"
+
  secp256k1 "github.com/tendermint/btcd/btcec"
  "github.com/tendermint/tendermint/crypto"
+ tmsecp256k1 "github.com/tendermint/tendermint/crypto/secp256k1"
 )
 
 // If ledger support (build tag) has been enabled, which implies a CGO dependency,
@@ -30,6 +33,8 @@ func (mock LedgerSECP256K1Mock) Close() error {
  return nil
 }
 
+// GetPublicKeySECP256K1 mocks a ledger device
+// as per the original API, it returns an uncompressed key
 func (mock LedgerSECP256K1Mock) GetPublicKeySECP256K1(derivationPath []uint32) ([]byte, error) {
  if derivationPath[0] != 44 {
  return nil, errors.New("Invalid derivation path")
@@ -55,6 +60,28 @@ func (mock LedgerSECP256K1Mock) GetPublicKeySECP256K1(derivationPath []uint32) (
  return pubkeyObject.SerializeUncompressed(), nil
 }
 
+// GetAddressPubKeySECP256K1 mocks a ledger device
+// as per the original API, it returns a compressed key and a bech32 address
+func (mock LedgerSECP256K1Mock) GetAddressPubKeySECP256K1(derivationPath []uint32, hrp string) ([]byte, string, error) {
+ pk, err := mock.GetPublicKeySECP256K1(derivationPath)
+ if err != nil {
+ return nil, "", err
+ }
+
+ // re-serialize in the 33-byte compressed format
+ cmp, err := btcec.ParsePubKey(pk[:], btcec.S256())
+ if err != nil {
+ return nil, "", fmt.Errorf("error parsing public key: %v", err)
+ }
+
+ var compressedPublicKey tmsecp256k1.PubKeySecp256k1
+ copy(compressedPublicKey[:], cmp.SerializeCompressed())
+
+ // Generate the bech32 addr using existing tmcrypto/etc.
+ addr := types.AccAddress(compressedPublicKey.Address()).String()
+ return pk, addr, err
+}
+
 func (mock LedgerSECP256K1Mock) SignSECP256K1(derivationPath []uint32, message []byte) ([]byte, error) {
  path := hd.NewParams(derivationPath[0], derivationPath[1], derivationPath[2], derivationPath[3] != 0, derivationPath[4])
  seed, err := bip39.NewSeedWithErrorChecking(tests.TestMnemonic, "")