Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: [ADR-071] Cryptography v2 #18824

Merged
merged 37 commits into from
Aug 6, 2024
Merged

feat: [ADR-071] Cryptography v2 #18824

merged 37 commits into from
Aug 6, 2024

Conversation

raynaudoe
Copy link
Contributor

@raynaudoe raynaudoe commented Dec 19, 2023

Description


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • updated the relevant documentation or specification, including comments for documenting Go code
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

  • Documentation

    • Proposed an enhancement to the Cosmos SDK's cryptographic module with multi-curve support.
    • Introduces support for Hardware Security Modules (HSM) and remote signers for improved security.
  • New Features

    • Added CryptoProvider interface for signing, verifying, hashing, and metadata retrieval.
    • Introduced interfaces for Signer, Verifier, Hasher, ProviderMetadata, PubKey, PrivKey, and Signature.
  • Refactor

    • Updated Record.proto to include the CryptoProvider message.
    • Created CryptoProviderFactory for creating CryptoProviders.
    • Unified existing PrivValidator implementations under CryptoProviderPV.

@raynaudoe raynaudoe marked this pull request as ready for review December 19, 2023 18:06
@raynaudoe raynaudoe requested a review from a team as a code owner December 19, 2023 18:06
Copy link
Contributor

coderabbitai bot commented Dec 19, 2023

Walkthrough

Walkthrough

The new changes propose a significant upgrade to the Cosmos SDK's cryptographic module by introducing multi-curve support. This enhancement allows for the integration of various cryptographic curves for signing and verification. Additionally, the changes provide support for Hardware Security Modules (HSM) and remote signers to improve security and flexibility. Key features include the introduction of the CryptoProvider interface and updates to the Keyring module to accommodate these enhancements.

Changes

File Change Summary
docs/architecture/adr-071-crypto-v2-multi-curve.md Introduces a proposal for multi-curve support, HSM integration, and remote signer capabilities.
cosmos/crypto/keyring/v1/record.proto Modifies the Record struct to include the CryptoProvider message.
cosmos/crypto/keyring/v1/keyring.go Introduces the new KeyringV2 interface with methods for managing and fetching CryptoProviders.
Various /crypto package files Adds CryptoProviderFactory interface and several new interfaces (Signer, Verifier, Hasher, etc.).
privval/providers directory in cometbft Introduces the CryptoProviderPV implementation to unify PrivValidator implementations.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Keyring
    participant CryptoProviderFactory
    participant CryptoProvider
    Client ->> Keyring: ListCryptoProviders()
    Keyring -->> Client: List of ProviderMetadata
    Client ->> Keyring: GetCryptoProvider(id)
    Keyring ->> CryptoProviderFactory: Create(id)
    CryptoProviderFactory -->> Keyring: CryptoProvider instance
    Keyring -->> Client: CryptoProvider instance
    Client ->> CryptoProvider: Perform cryptographic operations
    CryptoProvider -->> Client: Operation results
Loading
sequenceDiagram
    participant System
    participant HSM
    participant RemoteSigner
    System ->> CryptoProvider: Sign(Data)
    CryptoProvider ->> HSM: Securely Sign(Data)
    HSM -->> CryptoProvider: Signature
    CryptoProvider -->> System: Signature
    System ->> RemoteSigner: Verify(Data, Signature)
    RemoteSigner -->> System: Verification Result
Loading

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Member

@tac0turtle tac0turtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've reread this a few times and thought how would the flow work, there are a few things unclear to me.

Is this meant to replace the current crypto package? It seems like a no since modules would all need to be modified to take a cryptoprovider which passes a client and state machine oriented interface to it. It doesnt follow the service design for modules we currently have in the software.

If this is meant to be client side only, does it need to live in the sdk? The only user of this would be CLI users, which I think we should treat as second class citizens, not first.

If this is client side only, then if a chain needs a custom hasher or cipher they would need to reimplement the whole cryptoprovider interface as noops other than what they need. It begs the question, is it better not to have the cryptoprovider and only a bunch of interfaces and services to get them?

@raynaudoe
Copy link
Contributor Author

Is this meant to replace the current crypto package?

It is meant to decouple from the standard and limited crypto package in a way that makes the SDK extensible and allow for more advance cryptography, remote signers, etc.. in a way that is currently not possible or unmaintainable.

If this is meant to be client side only, does it need to live in the sdk?

It is not meant to be client side only. By having interfaces that decouples behaviour from implementations we follow the SDK's good practices and promote reusability within the ecosystem. Crypto tools are used widely in the SDK and other chains could do even more heavy usage of these tools. So in the future teams can leverage other implementations too in a very modular way without touching any unrelated code.

If this is client side only, then if a chain needs a custom hasher or cipher they would need to reimplement the whole cryptoprovider interface as noops other than what they need. It begs the question, is it better not to have the cryptoprovider and only a bunch of interfaces and services to get them?

Actually the CryptoProvider is an aggregator of such interfaces that makes easier to create such custom "crypto toolbox". As mentioned in the ADR, if anyone wants to use HasherA in a standalone way they'll still can, the crypto provider is there to encapsulate all these tools with their configurations with an appropriate interface.
Again, interfaces are there to promote common practices. If we don’t have them, the ecosystem will evolve in a very disorganized non modular way.

Copy link
Member

@tac0turtle tac0turtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did some thinking about this pr and it should be rewritten into a service based design. There is the cryptoprovider aggregator, that aggregates all the services that are state machine oriented and then there can be another client only crypto provider. Since the state machine does not need GetKeys and potentially other things.

We need to get this ADR to follow existing designs in the sdk with how services work, can be found in "cosmossdk.io/core". Once we have that we should identify what is needed for the state machine. I forsee, GetSigner as the major one as it coincides with future designs we have been thinking about. If you want to chat about the current design in the sdk, let me know.

This adr still needs refining to be able to fit into the sdk in the way you want and the way the sdk is written.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 3

Configuration used: .coderabbit.yml

Commits Files that changed from the base of the PR and between ef09a84 and 528b994.
Files selected for processing (1)
  • docs/architecture/adr-071-cryptography-v2.md (1 hunks)

docs/architecture/adr-071-cryptography-v2.md Outdated Show resolved Hide resolved
docs/architecture/adr-071-cryptography-v2.md Outdated Show resolved Hide resolved
docs/architecture/adr-071-cryptography-v2.md Outdated Show resolved Hide resolved
Copy link
Contributor

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label Mar 25, 2024
Copy link
Contributor

@sergio-mena sergio-mena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ OK from CometBFT side

@raynaudoe
Copy link
Contributor Author

As agreed, this ADR got divided into three documents:

  • Base ADR
  • Cosmos-sdk implementation (this PR)
  • CometBFT implementation PR

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Review details

Configuration used: .coderabbit.yml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5367717 and caa80f4.

Files selected for processing (1)
  • docs/architecture/adr-071-crypto-v2-multi-curve.md (1 hunks)
Additional context used
Path-based instructions (1)
docs/architecture/adr-071-crypto-v2-multi-curve.md (1)

Pattern **/*.md: "Assess the documentation for misspellings, grammatical errors, missing documentation and correctness"

LanguageTool
docs/architecture/adr-071-crypto-v2-multi-curve.md

[typographical] ~17-~17: Consider adding a comma here.
Context: ...f the CryptoProviders and their design please refer to ADR mentioned above. ## Intro...

(PLEASE_COMMA)


[style] ~36-~36: Consider a shorter alternative to avoid wordiness.
Context: ...unit of code organization. ## Context In order to fully understand the need for changes a...

(IN_ORDER_TO_PREMIUM)


[uncategorized] ~171-~171: Possible missing preposition found.
Context: ...We will: * Leverage crypto providers * Refactor the module structure as described above...

(AI_HYDRA_LEO_MISSING_TO)

Markdownlint
docs/architecture/adr-071-crypto-v2-multi-curve.md

24-24: Expected: 0 or 2; Actual: 1
Trailing spaces

(MD009, no-trailing-spaces)


23-23: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


26-26: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


73-73: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


76-76: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


81-81: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


99-99: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


137-137: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


142-142: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


161-161: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


186-186: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


196-196: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


199-199: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

Additional comments not posted (19)
docs/architecture/adr-071-crypto-v2-multi-curve.md (19)

23-23: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

23-23: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


26-26: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

26-26: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


9-11: LGTM!

The "Status" section is correctly marked as "DRAFT".


17-17: Add a comma for clarity.

Consider adding a comma for better readability.

- For in-depth details of the `CryptoProviders` and their design please refer to ADR mentioned above.
+ For in-depth details of the `CryptoProviders` and their design, please refer to ADR mentioned above.
Tools
LanguageTool

[typographical] ~17-~17: Consider adding a comma here.
Context: ...f the CryptoProviders and their design please refer to ADR mentioned above. ## Intro...

(PLEASE_COMMA)


27-33: LGTM!

The "Glossary" section is clear and concise.


36-36: Consider a more concise phrasing to avoid wordiness.

The phrase "In order to" could be shortened to "To" for conciseness and clarity.

- In order to fully understand the need for changes and the proposed improvements, it's crucial to consider the current state of affairs:
+ To fully understand the need for changes and the proposed improvements, it's crucial to consider the current state of affairs:
Tools
LanguageTool

[style] ~36-~36: Consider a shorter alternative to avoid wordiness.
Context: ...unit of code organization. ## Context In order to fully understand the need for changes a...

(IN_ORDER_TO_PREMIUM)


73-73: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

73-73: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


76-76: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

76-76: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


81-81: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

81-81: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


99-99: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

99-99: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


137-137: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

137-137: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


142-142: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

142-142: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


162-164: LGTM!

The "Alternatives" section is clear and well-written.


161-161: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

161-161: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


186-186: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

186-186: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


196-196: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

196-196: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


199-199: Remove extra blank line.

There is an extra blank line that should be removed to improve formatting.

- 
Tools
Markdownlint

199-199: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)


43-43: Correct the verb agreement for clarity.

The verb "expose" should be "exposes" to agree with the singular subject "Type leakage".

- Type leakage of specific crypto data types expose backward compatibility and extensibility challenges.
+ Type leakage of specific crypto data types exposes backward compatibility and extensibility challenges.

Likely invalid or redundant comment.


171-171: Add missing preposition.

There is a missing preposition in the phrase "Refactor the module structure as described above".

- Refactor the module structure as described above.
+ Refactor the module structure as described above to.

Likely invalid or redundant comment.

Tools
LanguageTool

[uncategorized] ~171-~171: Possible missing preposition found.
Context: ...We will: * Leverage crypto providers * Refactor the module structure as described above...

(AI_HYDRA_LEO_MISSING_TO)

@educlerici-zondax
Copy link
Contributor

@tac0turtle can you please take a new look to the ADR please? We got sergio's approve

Copy link
Member

@julienrbrt julienrbrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK!

@raynaudoe raynaudoe added this pull request to the merge queue Aug 6, 2024
Merged via the queue into main with commit feb0e07 Aug 6, 2024
69 of 70 checks passed
@raynaudoe raynaudoe deleted the ADR/crypto_v2 branch August 6, 2024 21:18
github-merge-queue bot pushed a commit to cometbft/cometbft that referenced this pull request Aug 9, 2024
#3400)

<!--

Please add a reference to the issue that this PR addresses and indicate
which
files are most critical to review. If it fully addresses a particular
issue,
please include "Closes #XXX" (where "XXX" is the issue number).

If this PR is non-trivial/large/complex, please ensure that you have
either
created an issue that the team's had a chance to respond to, or had some
discussion with the team prior to submitting substantial pull requests.
The team
can be reached via GitHub Discussions or the Cosmos Network Discord
server in
the #cometbft channel. GitHub Discussions is preferred over Discord as
it
allows us to keep track of conversations topically.
https://github.com/cometbft/cometbft/discussions

If the work in this PR is not aligned with the team's current
priorities, please
be advised that it may take some time before it is merged - especially
if it has
not yet been discussed with the team.

See the project board for the team's current priorities:
https://github.com/orgs/cometbft/projects/1

-->

This PR introduces **ADR-117** which implements the `CryptoProvider`
[ADR](https://github.com/cosmos/crypto/blob/main/docs/architecture/adr-001-crypto-provider.md)
("aka pluggable cryptography")

The ADR in this repo is only a shortened version of the original one
posted [here ](cosmos/cosmos-sdk#18824)
containing only the relevant concepts and code for cometBFT.

For the full text explaining all concepts please check this
[file](https://github.com/cosmos/crypto/blob/main/docs/architecture/adr-001-crypto-provider.md)
(links are included in ADR-117)


---

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [X] Updated relevant documentation (`docs/` or `spec/`) and code
comments
- [X] Title follows the [Conventional
Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.