feat(client/v2/offchain): sign and verify file

[JulianToledano]

Description

Closes:
#18483

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title
• confirmed ! in the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• reviewed "Files changed" and left comments if necessary
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• updated the relevant documentation or specification, including comments for documenting Go code
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed all author checklist items have been addressed
• reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

[coderabbitai]

Walkthrough

The update implements a new feature for off-chain signing and verification of arbitrary data, specifically targeting files. This enhancement involves several parts of the client, adding commands and utilities to sign and verify files using different encoding and marshalling methods. It allows for the handling of off-chain messages, transaction building, and signature verification, broadening the scope of off-chain capabilities with respect to file management within a Cosmos SDK application context.

Changes

File Path	Change Summary
client/v2/CHANGELOG.md	Introduced new feature for off-chain signing and verification referenced by PR #18626.
client/v2/internal/offchain/msgSignArbitraryData.proto client/v2/internal/offchain/msgSignArbitraryData.pulsar.go	Added MsgSignArbitraryData message for off-chain signing of arbitrary data.
client/v2/offchain/builder.go client/v2/offchain/cli.go client/v2/offchain/sign.go client/v2/offchain/verify.go	Implemented off-chain transaction builder, CLI commands for file signing/verification, and methods for signing and verifying transactions.
client/v2/offchain/encode.go client/v2/offchain/marshal.go	Provided encoding and marshalling utilities for off-chain transactions.
client/v2/offchain/common_test.go	Added test configurations and helper functions for off-chain transaction signing and encoding.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Note: Auto-reply has been disabled for this repository by the repository owner. The CodeRabbit bot will not respond to your comments unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[tac0turtle]

we should see what it takes to not have the sdk as a dependency here. If we keep it the next person will need to refactor this code again

[JulianToledano]

we should see what it takes to not have the sdk as a dependency here. If we keep it the next person will need to refactor this code again

I think the codec and crypto packages are needed as dependency. Same with the client package as this is heavy dependant on the client context.

[tac0turtle]

Suggested change

	string signerAddress = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"];
	string signer = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"];

nit

[JulianToledano]

maybe is a good idea to modify it in the CIP as well.

[tac0turtle]

I think the codec and crypto packages are needed as dependency. Same with the client package as this is heavy dependant on the client context.

this is part of client v2 so maybe its removed later on. i think that is fine since its bleeding elsewhere as well

[JulianToledano]

I think the codec and crypto packages are needed as dependency. Same with the client package as this is heavy dependant on the client context.

this is part of client v2 so maybe its removed later on. i think that is fine since its bleeding elsewhere as well

Ok. I'm only concerned then with cosmos-sdk/types/tx/signing dependency as signmode is needed for keyring sing function.

[julienrbrt]

Ok. I'm only concerned then with cosmos-sdk/types/tx/signing dependency as signmode is needed for keyring sing function.

Aren't we able to use x/tx instead for some data? With #18580, we should be able to use:

cosmos-sdk/client/v2/autocli/keyring/interface.go

Line 22 in eee0945

Sign(name string, msg []byte, signMode signingv1beta1.SignMode) ([]byte, error)

for signing and have the sdk keyring implement that.

[JulianToledano]

should we implement this for multisig accounts? I don' think it will be really used, plus this builder it's meant to be deleted once the v2 builder is developed.
@tac0turtle @julienrbrt

[coderabbitai]

Consider adding negative test cases to Test_unmarshal to ensure that the unmarshalling function properly handles invalid data or formats.

[coderabbitai]

The VerifyFile command also follows the standard pattern for Cobra commands. It reads the file and calls the Verify function with the appropriate parameters. Points to consider:

1. The RunE function assumes that any error returned from the Verify function is a verification failure. However, it could also be an error related to reading the file or other issues. It might be beneficial to differentiate between verification failures and other types of errors to provide clearer feedback to the user.
2. The flagFileFormat is retrieved, but similar to the SignFile command, there is no validation to ensure that the provided value is within the expected range or format. This could lead to unexpected behavior if an invalid value is passed.

Adding error handling to differentiate between verification failures and other errors, as well as validation for the flagFileFormat, would improve the robustness of the command.

[coderabbitai]

The test cases in Test_sign cover various sign modes and expected outcomes. It would be beneficial to include comments explaining why an error is expected for certain test cases, such as signMode direct aux.

[coderabbitai]

The sign function appears to correctly implement the signing process. However, consider adding error handling for the case where pubKey.Address() returns an address that cannot be converted to a string by ctx.AddressCodec.BytesToString. This could prevent a panic in case of an invalid address.

addr, err := ctx.AddressCodec.BytesToString(pubKey.Address())
if err != nil {
+   // Handle invalid address conversion
+   return nil, fmt.Errorf("failed to convert address to string: %w", err)
}

---

Committable suggestion

❗ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	// sign signs a digest with provided key and SignMode.
	func sign(ctx client.Context, fromName, digest string, signMode apisigning.SignMode) (*apitx.Tx, error) {
	keybase, err := keyring.NewAutoCLIKeyring(ctx.Keyring)
	if err != nil {
	return nil, err
	}
	pubKey, err := keybase.GetPubKey(fromName)
	if err != nil {
	return nil, err
	}
	addr, err := ctx.AddressCodec.BytesToString(pubKey.Address())
	if err != nil {
	return nil, err
	}
	msg := &offchain.MsgSignArbitraryData{
	AppDomain: version.AppName,
	Signer: addr,
	Data: digest,
	}
	txBuilder := newBuilder(ctx.Codec)
	err = txBuilder.setMsgs(msg)
	if err != nil {
	return nil, err
	}
	signerData := signerData{
	Address: addr,
	ChainID: ExpectedChainID,
	AccountNumber: ExpectedAccountNumber,
	Sequence: ExpectedSequence,
	PubKey: pubKey,
	}
	sigData := &SingleSignatureData{
	SignMode: signMode,
	Signature: nil,
	}
	sig := OffchainSignature{
	PubKey: pubKey,
	Data: sigData,
	Sequence: ExpectedSequence,
	}
	sigs := []OffchainSignature{sig}
	err = txBuilder.SetSignatures(sigs...)
	if err != nil {
	return nil, err
	}
	bytesToSign, err := getSignBytes(
	context.Background(), ctx.TxConfig.SignModeHandler(),
	signMode, signerData, txBuilder)
	if err != nil {
	return nil, err
	}
	signedBytes, err := keybase.Sign(fromName, bytesToSign, signMode)
	if err != nil {
	return nil, err
	}
	sigData.Signature = signedBytes
	err = txBuilder.SetSignatures(sig)
	if err != nil {
	return nil, err
	}
	return txBuilder.GetTx(), nil
	// sign signs a digest with provided key and SignMode.
	func sign(ctx client.Context, fromName, digest string, signMode apisigning.SignMode) (*apitx.Tx, error) {
	keybase, err := keyring.NewAutoCLIKeyring(ctx.Keyring)
	if err != nil {
	return nil, err
	}
	pubKey, err := keybase.GetPubKey(fromName)
	if err != nil {
	return nil, err
	}
	addr, err := ctx.AddressCodec.BytesToString(pubKey.Address())
	if err != nil {
	// Handle invalid address conversion
	return nil, fmt.Errorf("failed to convert address to string: %w", err)
	}
	msg := &offchain.MsgSignArbitraryData{
	AppDomain: version.AppName,
	Signer: addr,
	Data: digest,
	}
	txBuilder := newBuilder(ctx.Codec)
	err = txBuilder.setMsgs(msg)
	if err != nil {
	return nil, err
	}
	signerData := signerData{
	Address: addr,
	ChainID: ExpectedChainID,
	AccountNumber: ExpectedAccountNumber,
	Sequence: ExpectedSequence,
	PubKey: pubKey,
	}
	sigData := &SingleSignatureData{
	SignMode: signMode,
	Signature: nil,
	}
	sig := OffchainSignature{
	PubKey: pubKey,
	Data: sigData,
	Sequence: ExpectedSequence,
	}
	sigs := []OffchainSignature{sig}
	err = txBuilder.SetSignatures(sigs...)
	if err != nil {
	return nil, err
	}
	bytesToSign, err := getSignBytes(
	context.Background(), ctx.TxConfig.SignModeHandler(),
	signMode, signerData, txBuilder)
	if err != nil {
	return nil, err
	}
	signedBytes, err := keybase.Sign(fromName, bytesToSign, signMode)
	if err != nil {
	return nil, err
	}
	sigData.Signature = signedBytes
	err = txBuilder.SetSignatures(sig)
	if err != nil {
	return nil, err
	}
	return txBuilder.GetTx(), nil
	}

[julienrbrt]

Are we able to remove cosmossdk.io/x/auth for x/tx or the api module?

cosmossdk.io/x/auth has been removed in last commit.

About api module, do you mean cosmossdk.io/api/cosmos/tx...? Thats needed for accessing signing modes and Tx struct.

Perfect ty, no I just meant removing auth.
Are we able to remove it from the tests as well?

[JulianToledano]

Are we able to remove it from the tests as well?

If I remove the textual tests, it's easy as I can use types/module/testutil to get client.TxConfig. But as textual needs a GRPCCoinMetadataQueryFn and it's not in DefaultSignModes, I've not been able to remove it. Still looking for a possible solution.

[JulianToledano]

@julienrbrt I've been able to remove x/auth in last commit

[coderabbitai]

The Test_sign function correctly sets up an in-memory keyring and a client context for testing the sign function. The test cases cover different sign modes, and the assertions check for the presence or absence of errors as expected. However, the test case named "signMode direct aux" expects an error (wantErr: true), but there is no explanation as to why this error is expected. It would be beneficial to include a comment explaining the reason for the expected error to improve the maintainability of the test code.

		{
			name: "signMode direct aux",
			args: args{
				ctx:      ctx,
				fromName: "direct-aux",
				digest:   "Hello world!",
				signMode: apitxsigning.SignMode_SIGN_MODE_DIRECT_AUX,
			},
			wantErr: true, // Please add a comment explaining why an error is expected here.
		},

---

Committable suggestion

❗ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	func Test_sign(t *testing.T) {
	k := keyring.NewInMemory(getCodec())
	ctx := client.Context{
	Keyring: k,
	TxConfig: newTestConfig(t),
	AddressCodec: address.NewBech32Codec("cosmos"),
	}
	type args struct {
	ctx client.Context
	fromName string
	digest string
	signMode apitxsigning.SignMode
	}
	tests := []struct {
	name string
	args args
	wantErr bool
	}{
	{
	name: "signMode direct",
	args: args{
	ctx: ctx,
	fromName: "direct",
	digest: "Hello world!",
	signMode: apitxsigning.SignMode_SIGN_MODE_DIRECT,
	},
	wantErr: false,
	},
	{
	name: "signMode textual",
	args: args{
	ctx: ctx,
	fromName: "textual",
	digest: "Hello world!",
	signMode: apitxsigning.SignMode_SIGN_MODE_TEXTUAL,
	},
	wantErr: false,
	},
	{
	name: "signMode legacyAmino",
	args: args{
	ctx: ctx,
	fromName: "legacy",
	digest: "Hello world!",
	signMode: apitxsigning.SignMode_SIGN_MODE_LEGACY_AMINO_JSON,
	},
	wantErr: false,
	},
	{
	name: "signMode direct aux",
	args: args{
	ctx: ctx,
	fromName: "direct-aux",
	digest: "Hello world!",
	signMode: apitxsigning.SignMode_SIGN_MODE_DIRECT_AUX,
	},
	wantErr: true,
	},
	}
	for _, tt := range tests {
	t.Run(tt.name, func(t *testing.T) {
	_, err := k.NewAccount(tt.args.fromName, mnemonic, tt.name, "m/44'/118'/0'/0/0", hd.Secp256k1)
	require.NoError(t, err)
	got, err := sign(tt.args.ctx, tt.args.fromName, tt.args.digest, tt.args.signMode)
	if !tt.wantErr {
	require.NoError(t, err)
	require.NotNil(t, got)
	} else {
	require.Error(t, err)
	}
	})
	}
	{
	name: "signMode direct aux",
	args: args{
	ctx: ctx,
	fromName: "direct-aux",
	digest: "Hello world!",
	signMode: apitxsigning.SignMode_SIGN_MODE_DIRECT_AUX,
	},
	wantErr: true, // Please add a comment explaining why an error is expected here.
	},

[julienrbrt]

mostly lgtm, but we need to add some docs in client/v2/offchain/README.md or client/v2/README.md under an offchain section. Otherwise, it is unclear how to use/discover the commands.

Personally, I have a small preference to add it directly in client/v2/README.md
And indend all the autocli docs one time more.

# Client/v2

## AutoCLI

## Offchain Signing

[JulianToledano]

@julienrbrt Readme added alongside output file flag and hex encoding

[julienrbrt]

lgtm! One nit