From e813fb28f38a5d706e751dbbb663643dab34391f Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 11:48:02 +0100 Subject: [PATCH 01/10] Restructure capability API --- spec/ics-005-port-allocation/README.md | 58 ++++++++++++++++++-------- 1 file changed, 40 insertions(+), 18 deletions(-) diff --git a/spec/ics-005-port-allocation/README.md b/spec/ics-005-port-allocation/README.md index e3a1b509e..261a65a2b 100644 --- a/spec/ics-005-port-allocation/README.md +++ b/spec/ics-005-port-allocation/README.md @@ -75,9 +75,35 @@ and object references as used in Agoric's Javascript runtime ([reference](https: type CapabilityKey object ``` +`newCapability` must take a name and generate a unique capability key, such that the name is locally mapped to the capability key and can be used with `getCapability` later. + +```typescript +function newCapability(name: string): CapabilityKey { + // provided by host state machine, e.g. ADR 3 / ScopedCapabilityKeeper in Cosmos SDK +} +``` + +`authenticateCapability` must take a name & a capability and check whether the name is locally mapped to the provided capability. The name can be untrusted user input. + ```typescript -function newCapabilityPath(): CapabilityKey { - // provided by host state machine, e.g. pointer address in Cosmos SDK +function authenticateCapability(name: string, capability: CapabilityKey): bool { + // provided by host state machine, e.g. ADR 3 / ScopedCapabilityKeeper in Cosmos SDK +} +``` + +`claimCapability` must take a name & a capability (provided by another module) and locally map the name to the capability, "claiming" it for future usage. + +```typescript +function claimCapability(name: string, capability: CapabilityKey) { + // provided by host state machine, e.g. ADR 3 / ScopedCapabilityKeeper in Cosmos SDK +} +``` + +`getCapability` must allow a module to lookup a capability which it has previously created or claimed by name. + +```typescript +function getCapability(name: string): CapabilityKey { + // provided by host state machine, e.g. ADR 3 / ScopedCapabilityKeeper in Cosmos SDK } ``` @@ -95,33 +121,30 @@ function callingModuleIdentifier(): SourceIdentifier { } ``` -`generate` and `authenticate` functions are then defined as follows. - -In the former case, `generate` returns a new object-capability key, which must be returned by the outer-layer function, and `authenticate` requires that the outer-layer function take an extra argument `capability`, which is an object-capability key with uniqueness enforced by the host state machine. Outer-layer functions are any functions exposed by the IBC handler ([ICS 25](../ics-025-handler-interface)) or routing module ([ICS 26](../ics-026-routing-module)) to modules. +`newCapability`, `authenticateCapability`, `claimCapability`, and `getCapability` are then implemented as follows: -``` -function generate(): CapabilityKey { - return newCapabilityPath() +```typescript +function newCapability(name: string): CapabilityKey { + return callingModuleIdentifier() } ``` -``` -function authenticate(key: CapabilityKey): boolean { - return capability === key +```typescript +function authenticateCapability(name: string, capability: CapabilityKey) { + return callingModuleIdentifier() === name } ``` -In the latter case, `generate` returns the calling module's identifier and `authenticate` merely checks it. - ```typescript -function generate(): SourceIdentifier { - return callingModuleIdentifier() +function claimCapability(name: string, capability: CapabilityKey) { + // no-op } ``` ```typescript -function authenticate(id: SourceIdentifier): boolean { - return callingModuleIdentifier() === id +function getCapability(name: string): CapabilityKey { + // not actually used + return nil } ``` @@ -135,7 +158,6 @@ function portPath(id: Identifier): Path { } ``` - ### Sub-protocols #### Identifier validation From efb3ef991e6682d3291b50b8597053e3ed5bcb52 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 12:06:59 +0100 Subject: [PATCH 02/10] Add "releaseCapability" --- spec/ics-005-port-allocation/README.md | 37 ++++++++++++++------------ 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/spec/ics-005-port-allocation/README.md b/spec/ics-005-port-allocation/README.md index 261a65a2b..9f9adf094 100644 --- a/spec/ics-005-port-allocation/README.md +++ b/spec/ics-005-port-allocation/README.md @@ -107,6 +107,14 @@ function getCapability(name: string): CapabilityKey { } ``` +`releaseCapability` must allow a module to release a capability which it owns. + +```typescript +function releaseCapability(capability: CapabilityKey) { + // provided by host state machine, e.g. ADR 3 / ScopedCapabilityKeeper in Cosmos SDK +} +``` + In the latter source authentication case, the IBC handler must have the ability to securely read the *source identifier* of the calling module, a unique string for each module in the host state machine, which cannot be altered by the module or faked by another module. An example is smart contract addresses as used by Ethereum ([reference](https://ethereum.github.io/yellowpaper/paper.pdf)). @@ -121,7 +129,7 @@ function callingModuleIdentifier(): SourceIdentifier { } ``` -`newCapability`, `authenticateCapability`, `claimCapability`, and `getCapability` are then implemented as follows: +`newCapability`, `authenticateCapability`, `claimCapability`, `getCapability`, and `releaseCapability` are then implemented as follows: ```typescript function newCapability(name: string): CapabilityKey { @@ -148,6 +156,12 @@ function getCapability(name: string): CapabilityKey { } ``` +```typescript +function releaseCapability(capability: CapabilityKey) { + // no-op +} +``` + #### Store paths `portPath` takes an `Identifier` and returns the store path under which the object-capability reference or owner module identifier associated with a port should be stored. @@ -179,28 +193,17 @@ The IBC handler MUST implement `bindPort`. `bindPort` binds to an unallocated po If the host state machine does not implement a special module manager to control port allocation, `bindPort` SHOULD be available to all modules. If it does, `bindPort` SHOULD only be callable by the module manager. ```typescript -function bindPort(id: Identifier) { +function bindPort(id: Identifier): CapabilityKey { abortTransactionUnless(validatePortIdentifier(id)) abortTransactionUnless(privateStore.get(portPath(id)) === null) - key = generate() - privateStore.set(portPath(id), key) + key = newCapability(portPath(id)) return key } ``` #### Transferring ownership of a port -If the host state machine supports object-capabilities, no additional protocol is necessary, since the port reference is a bearer capability. If it does not, the IBC handler MAY implement the following `transferPort` function. - -`transferPort` SHOULD be available to all modules. - -```typescript -function transferPort(id: Identifier) { - abortTransactionUnless(authenticate(privateStore.get(portPath(id)))) - key = generate() - privateStore.set(portPath(id), key) -} -``` +If the host state machine supports object-capabilities, no additional protocol is necessary, since the port reference is a bearer capability. #### Releasing a port @@ -211,9 +214,9 @@ The IBC handler MUST implement the `releasePort` function, which allows a module > Warning: releasing a port will allow other modules to bind to that port and possibly intercept incoming channel opening handshakes. Modules should release ports only when doing so is safe. ```typescript -function releasePort(id: Identifier) { +function releasePort(capability: CapabilityKey) { abortTransactionUnless(authenticate(privateStore.get(portPath(id)))) - privateStore.delete(portPath(id)) + releaseCapability(capability) } ``` From ea277b911c9df5fb8bde3f1999e494ca8f80e549 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 12:18:39 +0100 Subject: [PATCH 03/10] Update instances of generate() --- spec/ics-004-channel-and-packet-semantics/README.md | 6 ++---- spec/ics-026-routing-module/README.md | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/spec/ics-004-channel-and-packet-semantics/README.md b/spec/ics-004-channel-and-packet-semantics/README.md index 84c78013d..67e8adfd9 100644 --- a/spec/ics-004-channel-and-packet-semantics/README.md +++ b/spec/ics-004-channel-and-packet-semantics/README.md @@ -284,8 +284,7 @@ function chanOpenInit( channel = ChannelEnd{INIT, order, counterpartyPortIdentifier, counterpartyChannelIdentifier, connectionHops, version} provableStore.set(channelPath(portIdentifier, channelIdentifier), channel) - key = generate() - provableStore.set(channelCapabilityPath(portIdentifier, channelIdentifier), key) + key = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier)) provableStore.set(nextSequenceSendPath(portIdentifier, channelIdentifier), 1) provableStore.set(nextSequenceRecvPath(portIdentifier, channelIdentifier), 1) return key @@ -334,8 +333,7 @@ function chanOpenTry( channel = ChannelEnd{TRYOPEN, order, counterpartyPortIdentifier, counterpartyChannelIdentifier, connectionHops, version} provableStore.set(channelPath(portIdentifier, channelIdentifier), channel) - key = generate() - provableStore.set(channelCapabilityPath(portIdentifier, channelIdentifier), key) + key = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier)) provableStore.set(nextSequenceSendPath(portIdentifier, channelIdentifier), 1) provableStore.set(nextSequenceRecvPath(portIdentifier, channelIdentifier), 1) return key diff --git a/spec/ics-026-routing-module/README.md b/spec/ics-026-routing-module/README.md index 4b8dc5818..d2ffe2f46 100644 --- a/spec/ics-026-routing-module/README.md +++ b/spec/ics-026-routing-module/README.md @@ -159,12 +159,12 @@ The function `bindPort` can be called by a module in order to bind to a port, th ```typescript function bindPort( id: Identifier, - callbacks: Callbacks) { + callbacks: Callbacks): CapabilityKey { abortTransactionUnless(privateStore.get(callbackPath(id)) === null) - handler.bindPort(id) - capability = generate() - privateStore.set(authenticationPath(id), capability) privateStore.set(callbackPath(id), callbacks) + capability = handler.bindPort(id) + claimCapability(authenticationPath(id), capability) + return capability } ``` From eb9c7426da29cd49ccaf329e7a714b96d97266d0 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 12:25:34 +0100 Subject: [PATCH 04/10] Update all uses of "authenticate()" --- .../README.md | 26 +++++++++---------- spec/ics-005-port-allocation/README.md | 2 +- spec/ics-026-routing-module/README.md | 11 +++++--- 3 files changed, 21 insertions(+), 18 deletions(-) diff --git a/spec/ics-004-channel-and-packet-semantics/README.md b/spec/ics-004-channel-and-packet-semantics/README.md index 67e8adfd9..35d94775b 100644 --- a/spec/ics-004-channel-and-packet-semantics/README.md +++ b/spec/ics-004-channel-and-packet-semantics/README.md @@ -30,7 +30,7 @@ In order to provide the desired ordering, exactly-once delivery, and module perm `Connection` is as defined in [ICS 3](../ics-003-connection-semantics). -`Port` and `authenticate` are as defined in [ICS 5](../ics-005-port-allocation). +`Port` and `authenticateCapability` are as defined in [ICS 5](../ics-005-port-allocation). `hash` is a generic collision-resistant hash function, the specifics of which must be agreed on by the modules utilising the channel. `hash` can be defined differently by different chains. @@ -280,7 +280,7 @@ function chanOpenInit( // optimistic channel handshakes are allowed abortTransactionUnless(connection !== null) - abortTransactionUnless(authenticate(privateStore.get(portPath(portIdentifier)))) + abortTransactionUnless(authenticateCapability(portPath(portIdentifier), capability)) channel = ChannelEnd{INIT, order, counterpartyPortIdentifier, counterpartyChannelIdentifier, connectionHops, version} provableStore.set(channelPath(portIdentifier, channelIdentifier), channel) @@ -317,7 +317,7 @@ function chanOpenTry( previous.connectionHops === connectionHops && previous.version === version) ) - abortTransactionUnless(authenticate(privateStore.get(portPath(portIdentifier)))) + abortTransactionUnless(authenticateCapability(portPath(portIdentifier), capability)) connection = provableStore.get(connectionPath(connectionHops[0])) abortTransactionUnless(connection !== null) abortTransactionUnless(connection.state === OPEN) @@ -352,7 +352,7 @@ function chanOpenAck( proofHeight: uint64) { channel = provableStore.get(channelPath(portIdentifier, channelIdentifier)) abortTransactionUnless(channel.state === INIT || channel.state === TRYOPEN) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(portIdentifier, channelIdentifier)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability)) connection = provableStore.get(connectionPath(channel.connectionHops[0])) abortTransactionUnless(connection !== null) abortTransactionUnless(connection.state === OPEN) @@ -383,7 +383,7 @@ function chanOpenConfirm( channel = provableStore.get(channelPath(portIdentifier, channelIdentifier)) abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state === TRYOPEN) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(portIdentifier, channelIdentifier)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability)) connection = provableStore.get(connectionPath(channel.connectionHops[0])) abortTransactionUnless(connection !== null) abortTransactionUnless(connection.state === OPEN) @@ -413,7 +413,7 @@ Any in-flight packets can be timed-out as soon as a channel is closed. function chanCloseInit( portIdentifier: Identifier, channelIdentifier: Identifier) { - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(portIdentifier, channelIdentifier)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability)) channel = provableStore.get(channelPath(portIdentifier, channelIdentifier)) abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state !== CLOSED) @@ -438,7 +438,7 @@ function chanCloseConfirm( channelIdentifier: Identifier, proofInit: CommitmentProof, proofHeight: uint64) { - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(portIdentifier, channelIdentifier)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(portIdentifier, channelIdentifier), capability)) channel = provableStore.get(channelPath(portIdentifier, channelIdentifier)) abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state !== CLOSED) @@ -512,7 +512,7 @@ function sendPacket(packet: Packet) { // optimistic sends are permitted once the handshake has started abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state !== CLOSED) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(packet.sourcePort, packet.sourceChannel)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability)) abortTransactionUnless(packet.destPort === channel.counterpartyPortIdentifier) abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier) connection = provableStore.get(connectionPath(channel.connectionHops[0])) @@ -565,7 +565,7 @@ function recvPacket( channel = provableStore.get(channelPath(packet.destPort, packet.destChannel)) abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state === OPEN) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(packet.destPort, packet.destChannel)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.destPort, packet.destChannel), capability)) abortTransactionUnless(packet.sourcePort === channel.counterpartyPortIdentifier) abortTransactionUnless(packet.sourceChannel === channel.counterpartyChannelIdentifier) @@ -628,7 +628,7 @@ function acknowledgePacket( channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel)) abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state === OPEN) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(packet.sourcePort, packet.sourceChannel)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability)) abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier) connection = provableStore.get(connectionPath(channel.connectionHops[0])) @@ -691,7 +691,7 @@ function timeoutPacket( abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state === OPEN) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(packet.sourcePort, packet.sourceChannel)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability)) abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier) connection = provableStore.get(connectionPath(channel.connectionHops[0])) @@ -761,7 +761,7 @@ function timeoutOnClose( channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel)) // note: the channel may have been closed - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(packet.sourcePort, packet.sourceChannel)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability)) abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier) connection = provableStore.get(connectionPath(channel.connectionHops[0])) @@ -830,7 +830,7 @@ function cleanupPacket( channel = provableStore.get(channelPath(packet.sourcePort, packet.sourceChannel)) abortTransactionUnless(channel !== null) abortTransactionUnless(channel.state === OPEN) - abortTransactionUnless(authenticate(privateStore.get(channelCapabilityPath(packet.sourcePort, packet.sourceChannel)))) + abortTransactionUnless(authenticateCapability(channelCapabilityPath(packet.sourcePort, packet.sourceChannel), capability)) abortTransactionUnless(packet.destChannel === channel.counterpartyChannelIdentifier) connection = provableStore.get(connectionPath(channel.connectionHops[0])) diff --git a/spec/ics-005-port-allocation/README.md b/spec/ics-005-port-allocation/README.md index 9f9adf094..19f5fc39a 100644 --- a/spec/ics-005-port-allocation/README.md +++ b/spec/ics-005-port-allocation/README.md @@ -215,7 +215,7 @@ The IBC handler MUST implement the `releasePort` function, which allows a module ```typescript function releasePort(capability: CapabilityKey) { - abortTransactionUnless(authenticate(privateStore.get(portPath(id)))) + abortTransactionUnless(authenticateCapability(portPath(id), capability)) releaseCapability(capability) } ``` diff --git a/spec/ics-026-routing-module/README.md b/spec/ics-026-routing-module/README.md index d2ffe2f46..6c83b1ff0 100644 --- a/spec/ics-026-routing-module/README.md +++ b/spec/ics-026-routing-module/README.md @@ -26,7 +26,7 @@ logic to determine when modules are allowed to bind to ports and what those port All functions provided by the IBC handler interface are defined as in [ICS 25](../ics-025-handler-interface). -The functions `generate` & `authenticate` are defined as in [ICS 5](../ics-005-port-allocation). +The functions `newCapability` & `authenticateCapability` are defined as in [ICS 5](../ics-005-port-allocation). ### Desired Properties @@ -173,8 +173,9 @@ The function `updatePort` can be called by a module in order to alter the callba ```typescript function updatePort( id: Identifier, + capability: CapabilityKey, newCallbacks: Callbacks) { - abortTransactionUnless(authenticate(privateStore.get(authenticationPath(id)))) + abortTransactionUnless(authenticateCapability(authenticationPath(id), capability)) privateStore.set(callbackPath(id), newCallbacks) } ``` @@ -184,8 +185,10 @@ The function `releasePort` can be called by a module in order to release a port > Warning: releasing a port will allow other modules to bind to that port and possibly intercept incoming channel opening handshakes. Modules should release ports only when doing so is safe. ```typescript -function releasePort(id: Identifier) { - abortTransactionUnless(authenticate(privateStore.get(authenticationPath(id)))) +function releasePort( + id: Identifier, + capability: CapabilityKey) { + abortTransactionUnless(authenticateCapability(authenticationPath(id), capability)) handler.releasePort(id) privateStore.delete(callbackPath(id)) privateStore.delete(authenticationPath(id)) From 9fdce093001272b4ad2d1ed42cac78c3fbb88b47 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 12:27:44 +0100 Subject: [PATCH 05/10] Fix linter issues; rebuild --- spec.pdf | Bin 131 -> 131 bytes spec/ics-005-port-allocation/README.md | 10 +++++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/spec.pdf b/spec.pdf index 9cb0c55b06c9ae61f576a9cef1644a15ff564f68..ea9c703a200155e4dd237f16c574173c58bfdad8 100644 GIT binary patch delta 84 zcmV~$yAgmO3;@uhWeP_KAwPz22qMXywVf>sII{2UvdbqYi{M-cHXPF%u-Zs~mB4)t ekxMnqGQg20T6(ZUTa?_B6tzD08;3R)mihzAI~H{S delta 84 zcmV~$u@S%^2mrvdb&8Atf}lfW2taa|I$c^9$jJHMWtUG*hcS#7ihAq0m|Jf#$4W~= eLKqSP9H5s Date: Thu, 26 Mar 2020 12:40:17 +0100 Subject: [PATCH 06/10] Rebuild, spellcheck --- misc/aspell_dict | 8 +++++++- spec.pdf | Bin 131 -> 131 bytes .../README.md | 8 ++++---- spec/ics-005-port-allocation/README.md | 6 +++--- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/misc/aspell_dict b/misc/aspell_dict index 0974bef44..945f1d382 100644 --- a/misc/aspell_dict +++ b/misc/aspell_dict @@ -1,6 +1,7 @@ -personal_ws-1.1 en 579 +personal_ws-1.1 en 585 ABCI ABI +ADR Agoric Agoric's Anca @@ -102,6 +103,7 @@ RegisterIBCAccountPacketData RegisterLightClient RootOfTrust RunTxPacketData +ScopedCapabilityKeeper SignatureAndData SourceIdentifier SpeckleOS @@ -140,6 +142,7 @@ addConnectionToClient applyPrefix atomicity auth +authenticateCapability authenticateTx authenticationKey authenticationPath @@ -184,6 +187,7 @@ checkMisbehaviourAndUpdateState checkSignature checkValidityAndUpdateState checkVersion +claimCapability cleanupPacket clientConnectionsKey clientConnectionsPath @@ -376,6 +380,7 @@ namespaces namespacing newAddress newCallbacks +newCapability newCapabilityKey newCapabilityPath newPublicKey @@ -475,6 +480,7 @@ refundTokens relayer relayerModule relayers +releaseCapability releasePort remoteEnd removeChannelFromConnection diff --git a/spec.pdf b/spec.pdf index ea9c703a200155e4dd237f16c574173c58bfdad8..f3d377f574054d5151caa6df3efa43126c371e1f 100644 GIT binary patch delta 84 zcmV~$yAgmO3;@uxWeP_C@?{8zASAi7wzFjcNA|sa?BnB098A+gn+psdf;kyTo1qfA ebciP#PS2>!4~TP delta 84 zcmV~$yAgmO3;@uhWeP_KAwPz22qMXywVf>sII{2UvdbqYi{M-cHXPF%u-Zs~mB4)t ekxMnqGQg20T6(ZUTa?_B6tzD08;3R)mihzAI~H{S diff --git a/spec/ics-004-channel-and-packet-semantics/README.md b/spec/ics-004-channel-and-packet-semantics/README.md index 35d94775b..cac383733 100644 --- a/spec/ics-004-channel-and-packet-semantics/README.md +++ b/spec/ics-004-channel-and-packet-semantics/README.md @@ -284,10 +284,10 @@ function chanOpenInit( channel = ChannelEnd{INIT, order, counterpartyPortIdentifier, counterpartyChannelIdentifier, connectionHops, version} provableStore.set(channelPath(portIdentifier, channelIdentifier), channel) - key = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier)) + capability = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier)) provableStore.set(nextSequenceSendPath(portIdentifier, channelIdentifier), 1) provableStore.set(nextSequenceRecvPath(portIdentifier, channelIdentifier), 1) - return key + return capability } ``` @@ -333,10 +333,10 @@ function chanOpenTry( channel = ChannelEnd{TRYOPEN, order, counterpartyPortIdentifier, counterpartyChannelIdentifier, connectionHops, version} provableStore.set(channelPath(portIdentifier, channelIdentifier), channel) - key = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier)) + capability = newCapability(channelCapabilityPath(portIdentifier, channelIdentifier)) provableStore.set(nextSequenceSendPath(portIdentifier, channelIdentifier), 1) provableStore.set(nextSequenceRecvPath(portIdentifier, channelIdentifier), 1) - return key + return capability } ``` diff --git a/spec/ics-005-port-allocation/README.md b/spec/ics-005-port-allocation/README.md index 47829c729..d06554576 100644 --- a/spec/ics-005-port-allocation/README.md +++ b/spec/ics-005-port-allocation/README.md @@ -195,9 +195,9 @@ If the host state machine does not implement a special module manager to control ```typescript function bindPort(id: Identifier): CapabilityKey { abortTransactionUnless(validatePortIdentifier(id)) - abortTransactionUnless(privateStore.get(portPath(id)) === null) - key = newCapability(portPath(id)) - return key + abortTransactionUnless(getCapability(portPath(id)) === null) + capability = newCapability(portPath(id)) + return capability } ``` From 392f2cd7b0deb9cb0ed8e6c9508cc2c6d2fd6f34 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 12:41:11 +0100 Subject: [PATCH 07/10] Forgot a word --- misc/aspell_dict | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/misc/aspell_dict b/misc/aspell_dict index 945f1d382..18ddb1e38 100644 --- a/misc/aspell_dict +++ b/misc/aspell_dict @@ -1,4 +1,4 @@ -personal_ws-1.1 en 585 +personal_ws-1.1 en 586 ABCI ABI ADR @@ -296,6 +296,7 @@ frozenKey fungibility generateAccount generateAddress +getCapability getChannelsUsingConnections getCommitmentPrefix getCompatibleVersions From 591518327b60d7fa9fefe4f3b10ecffe01bf8964 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 26 Mar 2020 13:24:36 +0100 Subject: [PATCH 08/10] Update ICS 20 --- spec.pdf | Bin 131 -> 131 bytes spec/ics-020-fungible-token-transfer/README.md | 5 +++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/spec.pdf b/spec.pdf index f3d377f574054d5151caa6df3efa43126c371e1f..6ee5345eb8e65ccce9a9f528993b20ef6f87b8de 100644 GIT binary patch delta 84 zcmV~$u@S%^2mrvdb&8B2f(S!o2qJKoI$c^9$jJHMWtWdncb#YrVDWSY6`Is8bVE-Q eOm>6pAu%u|c~C6khC>$$v-JAhZyXbb64W2w4iciP#PS2>!4~TP diff --git a/spec/ics-020-fungible-token-transfer/README.md b/spec/ics-020-fungible-token-transfer/README.md index b0b5537bd..b1575b3e5 100644 --- a/spec/ics-020-fungible-token-transfer/README.md +++ b/spec/ics-020-fungible-token-transfer/README.md @@ -72,7 +72,7 @@ The `setup` function must be called exactly once when the module is created (per ```typescript function setup() { - routingModule.bindPort("bank", ModuleCallbacks{ + capability = routingModule.bindPort("bank", ModuleCallbacks{ onChanOpenInit, onChanOpenTry, onChanOpenAck, @@ -84,6 +84,7 @@ function setup() { onAcknowledgePacket, onTimeoutPacketClose }) + claimCapability("port", capability) } ``` @@ -221,7 +222,7 @@ function createOutgoingPacket( bank.BurnCoins(sender, denomination, amount) } FungibleTokenPacketData data = FungibleTokenPacketData{denomination, amount, sender, receiver} - handler.sendPacket(Packet{destPort, destChannel, sourcePort, sourceChannel, data}) + handler.sendPacket(Packet{destPort, destChannel, sourcePort, sourceChannel, data}, getCapability("port")) } ``` From 8147dd4b29057a4f26871ec8c1fdf8e28c7c62b1 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Fri, 27 Mar 2020 10:08:19 +0100 Subject: [PATCH 09/10] Rename for clarity --- spec.pdf | Bin 131 -> 131 bytes .../README.md | 12 ++++++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/spec.pdf b/spec.pdf index 6ee5345eb8e65ccce9a9f528993b20ef6f87b8de..fcc2619fb45a5d493c0c9f635bd1ce25f2c252b9 100644 GIT binary patch delta 84 zcmV~$yAgmO3;@uxWeP_KgnSsnAxKE>tnF-Bz>$4#AN%6pAu%u|c~C6khC>$$v-JAhZyXbb64W2w4i Date: Fri, 27 Mar 2020 10:09:30 +0100 Subject: [PATCH 10/10] Update dictionary --- misc/aspell_dict | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/misc/aspell_dict b/misc/aspell_dict index 18ddb1e38..5d76d0b80 100644 --- a/misc/aspell_dict +++ b/misc/aspell_dict @@ -1,4 +1,4 @@ -personal_ws-1.1 en 586 +personal_ws-1.1 en 588 ABCI ABI ADR @@ -173,6 +173,7 @@ chanOpenInit chanOpenTimeout chanOpenTry changelog +channelCapability channelCapabilityPath channelEnd channelEscrowAddresses @@ -427,6 +428,7 @@ permissionless pickVersion plaintext png +portCapability portId portIdentifier portKey