nklave-cosmos 0.1.0

Cosmos/CometBFT remote signer protocol (Tendermint PrivValidator) for Nklave
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582

//! TCP/Unix socket server implementing the Tendermint PrivValidator protocol
//!
//! This module provides a socket server that implements the Tendermint
//! PrivValidator protocol, allowing Cosmos validators to use Nklave
//! as a remote signer.
//!
//! The protocol uses length-prefixed protobuf messages wrapped in a
//! `Message` oneof type.

use crate::error::{CosmosError, RemoteSignerCode};
use crate::service::CosmosSigningService;
use prost::Message as ProstMessage;
use std::sync::Arc;
use tendermint_proto::privval::{
    message::Sum, Message, PingResponse, PubKeyResponse, RemoteSignerError, SignedProposalResponse,
    SignedVoteResponse,
};
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::net::{TcpListener, TcpStream, UnixListener, UnixStream};
use tokio::sync::oneshot;
use tracing::{debug, error, info, warn};

/// Configuration for the Cosmos protocol server
#[derive(Debug, Clone)]
pub struct CosmosServerConfig {
    /// TCP address to listen on (e.g., "127.0.0.1:26659")
    /// Set to None to disable TCP listener
    pub tcp_addr: Option<String>,

    /// Unix socket path to listen on
    /// Set to None to disable Unix socket listener
    pub unix_socket: Option<String>,
}

impl Default for CosmosServerConfig {
    fn default() -> Self {
        Self {
            tcp_addr: Some("127.0.0.1:26659".to_string()),
            unix_socket: None,
        }
    }
}

/// Handle for controlling the running server
pub struct CosmosServerHandle {
    shutdown_tx: oneshot::Sender<()>,
}

impl CosmosServerHandle {
    /// Signal the server to shut down gracefully
    pub fn shutdown(self) {
        let _ = self.shutdown_tx.send(());
    }
}

/// Cosmos protocol server
pub struct CosmosServer {
    service: Arc<CosmosSigningService>,
    config: CosmosServerConfig,
}

impl CosmosServer {
    /// Create a new Cosmos server
    pub fn new(service: Arc<CosmosSigningService>, config: CosmosServerConfig) -> Self {
        Self { service, config }
    }

    /// Start the server and return a handle for shutdown
    pub async fn serve(self) -> Result<CosmosServerHandle, CosmosError> {
        let (shutdown_tx, shutdown_rx) = oneshot::channel();

        // Start TCP listener if configured
        if let Some(ref addr) = self.config.tcp_addr {
            let listener = TcpListener::bind(addr)
                .await
                .map_err(|e| CosmosError::BindError(format!("TCP bind failed: {}", e)))?;

            info!(addr = %addr, "Cosmos TCP server listening");

            let service = self.service.clone();
            tokio::spawn(async move {
                Self::tcp_accept_loop(listener, service).await;
            });
        }

        // Start Unix socket listener if configured
        if let Some(ref path) = self.config.unix_socket {
            // Remove existing socket file if present
            let _ = std::fs::remove_file(path);

            let listener = UnixListener::bind(path)
                .map_err(|e| CosmosError::BindError(format!("Unix socket bind failed: {}", e)))?;

            info!(path = %path, "Cosmos Unix socket server listening");

            let service = self.service.clone();
            tokio::spawn(async move {
                Self::unix_accept_loop(listener, service).await;
            });
        }

        // Wait for shutdown signal in a separate task
        tokio::spawn(async move {
            let _ = shutdown_rx.await;
            info!("Cosmos server shutdown requested");
        });

        Ok(CosmosServerHandle { shutdown_tx })
    }

    async fn tcp_accept_loop(listener: TcpListener, service: Arc<CosmosSigningService>) {
        loop {
            match listener.accept().await {
                Ok((stream, addr)) => {
                    info!(addr = %addr, "Accepted TCP connection");
                    let service = service.clone();
                    tokio::spawn(async move {
                        if let Err(e) = Self::handle_tcp_connection(stream, service).await {
                            error!(error = %e, "TCP connection handler error");
                        }
                    });
                }
                Err(e) => {
                    error!(error = %e, "TCP accept error");
                }
            }
        }
    }

    async fn unix_accept_loop(listener: UnixListener, service: Arc<CosmosSigningService>) {
        loop {
            match listener.accept().await {
                Ok((stream, _addr)) => {
                    info!("Accepted Unix socket connection");
                    let service = service.clone();
                    tokio::spawn(async move {
                        if let Err(e) = Self::handle_unix_connection(stream, service).await {
                            error!(error = %e, "Unix socket connection handler error");
                        }
                    });
                }
                Err(e) => {
                    error!(error = %e, "Unix socket accept error");
                }
            }
        }
    }

    async fn handle_tcp_connection(
        mut stream: TcpStream,
        service: Arc<CosmosSigningService>,
    ) -> Result<(), CosmosError> {
        loop {
            // Read message
            let request = match read_message(&mut stream).await {
                Ok(Some(msg)) => msg,
                Ok(None) => {
                    debug!("TCP connection closed by peer");
                    return Ok(());
                }
                Err(e) => {
                    warn!(error = %e, "Error reading from TCP stream");
                    return Err(e);
                }
            };

            // Process and send response
            let response = process_message(request, &service);
            write_message(&mut stream, &response).await?;
        }
    }

    async fn handle_unix_connection(
        mut stream: UnixStream,
        service: Arc<CosmosSigningService>,
    ) -> Result<(), CosmosError> {
        loop {
            // Read message
            let request = match read_message(&mut stream).await {
                Ok(Some(msg)) => msg,
                Ok(None) => {
                    debug!("Unix socket connection closed by peer");
                    return Ok(());
                }
                Err(e) => {
                    warn!(error = %e, "Error reading from Unix socket");
                    return Err(e);
                }
            };

            // Process and send response
            let response = process_message(request, &service);
            write_message(&mut stream, &response).await?;
        }
    }
}

/// Read a length-prefixed protobuf message from a stream
async fn read_message<R>(reader: &mut R) -> Result<Option<Message>, CosmosError>
where
    R: AsyncReadExt + Unpin,
{
    // Read length prefix (4 bytes, big-endian)
    let mut len_buf = [0u8; 4];
    match reader.read_exact(&mut len_buf).await {
        Ok(_) => {}
        Err(e) if e.kind() == std::io::ErrorKind::UnexpectedEof => {
            return Ok(None); // Connection closed
        }
        Err(e) => {
            return Err(CosmosError::Internal(format!("Read error: {}", e)));
        }
    }

    let msg_len = u32::from_be_bytes(len_buf) as usize;
    if msg_len > 10 * 1024 * 1024 {
        // 10MB limit
        return Err(CosmosError::Internal(format!(
            "Message too large: {} bytes",
            msg_len
        )));
    }

    // Read message body
    let mut msg_buf = vec![0u8; msg_len];
    reader
        .read_exact(&mut msg_buf)
        .await
        .map_err(|e| CosmosError::Internal(format!("Read error: {}", e)))?;

    // Decode protobuf
    let message = Message::decode(&msg_buf[..])
        .map_err(|e| CosmosError::Internal(format!("Decode error: {}", e)))?;

    Ok(Some(message))
}

/// Write a length-prefixed protobuf message to a stream
async fn write_message<W>(writer: &mut W, message: &Message) -> Result<(), CosmosError>
where
    W: AsyncWriteExt + Unpin,
{
    // Encode message
    let mut msg_buf = Vec::new();
    message
        .encode(&mut msg_buf)
        .map_err(|e| CosmosError::Internal(format!("Encode error: {}", e)))?;

    // Write length prefix (4 bytes, big-endian)
    let len_buf = (msg_buf.len() as u32).to_be_bytes();
    writer
        .write_all(&len_buf)
        .await
        .map_err(|e| CosmosError::Internal(format!("Write error: {}", e)))?;

    // Write message body
    writer
        .write_all(&msg_buf)
        .await
        .map_err(|e| CosmosError::Internal(format!("Write error: {}", e)))?;

    writer
        .flush()
        .await
        .map_err(|e| CosmosError::Internal(format!("Flush error: {}", e)))?;

    Ok(())
}

/// Process a privval protocol message and return the response
fn process_message(request: Message, service: &CosmosSigningService) -> Message {
    let response_sum = match request.sum {
        Some(Sum::PubKeyRequest(req)) => {
            debug!(chain_id = %req.chain_id, "Handling PubKeyRequest");
            handle_pub_key_request(req.chain_id, service)
        }
        Some(Sum::SignVoteRequest(req)) => {
            debug!(chain_id = %req.chain_id, "Handling SignVoteRequest");
            handle_sign_vote_request(req, service)
        }
        Some(Sum::SignProposalRequest(req)) => {
            debug!(chain_id = %req.chain_id, "Handling SignProposalRequest");
            handle_sign_proposal_request(req, service)
        }
        Some(Sum::PingRequest(_)) => {
            debug!("Handling PingRequest");
            Sum::PingResponse(PingResponse {})
        }
        Some(other) => {
            warn!("Received unexpected message type: {:?}", std::mem::discriminant(&other));
            // Return an error response
            Sum::PubKeyResponse(PubKeyResponse {
                pub_key: None,
                error: Some(RemoteSignerError {
                    code: RemoteSignerCode::Unknown as i32,
                    description: "Unexpected message type".to_string(),
                }),
            })
        }
        None => {
            warn!("Received empty message");
            Sum::PubKeyResponse(PubKeyResponse {
                pub_key: None,
                error: Some(RemoteSignerError {
                    code: RemoteSignerCode::Unknown as i32,
                    description: "Empty message".to_string(),
                }),
            })
        }
    };

    Message {
        sum: Some(response_sum),
    }
}

fn handle_pub_key_request(chain_id: String, service: &CosmosSigningService) -> Sum {
    // Verify chain ID
    if let Err(e) = service.verify_chain_id(&chain_id) {
        warn!(error = %e, "Chain ID verification failed");
        return Sum::PubKeyResponse(PubKeyResponse {
            pub_key: None,
            error: Some(RemoteSignerError {
                code: RemoteSignerCode::Unknown as i32,
                description: e.to_string(),
            }),
        });
    }

    // Get the public key
    match service.get_first_public_key() {
        Some(pubkey) => {
            info!(pubkey = hex::encode(pubkey), "Returning public key");
            Sum::PubKeyResponse(PubKeyResponse {
                pub_key: Some(tendermint_proto::crypto::PublicKey {
                    sum: Some(tendermint_proto::crypto::public_key::Sum::Ed25519(
                        pubkey.to_vec(),
                    )),
                }),
                error: None,
            })
        }
        None => {
            warn!("No validator registered");
            Sum::PubKeyResponse(PubKeyResponse {
                pub_key: None,
                error: Some(RemoteSignerError {
                    code: RemoteSignerCode::NotFound as i32,
                    description: "No validator registered".to_string(),
                }),
            })
        }
    }
}

fn handle_sign_vote_request(
    req: tendermint_proto::privval::SignVoteRequest,
    service: &CosmosSigningService,
) -> Sum {
    let mut vote = match req.vote {
        Some(v) => v,
        None => {
            warn!("SignVoteRequest missing vote");
            return Sum::SignedVoteResponse(SignedVoteResponse {
                vote: None,
                error: Some(RemoteSignerError {
                    code: RemoteSignerCode::Unknown as i32,
                    description: "Missing vote in request".to_string(),
                }),
            });
        }
    };

    match service.sign_vote(&req.chain_id, &mut vote) {
        Ok(_signature) => {
            info!(
                height = vote.height,
                round = vote.round,
                vote_type = vote.r#type,
                "Vote signed successfully"
            );
            Sum::SignedVoteResponse(SignedVoteResponse {
                vote: Some(vote),
                error: None,
            })
        }
        Err((err, code)) => {
            let error_code = code
                .map(|c| c as i32)
                .unwrap_or(RemoteSignerCode::Unknown as i32);
            warn!(error = %err, code = error_code, "Vote signing failed");
            Sum::SignedVoteResponse(SignedVoteResponse {
                vote: None,
                error: Some(RemoteSignerError {
                    code: error_code,
                    description: err.to_string(),
                }),
            })
        }
    }
}

fn handle_sign_proposal_request(
    req: tendermint_proto::privval::SignProposalRequest,
    service: &CosmosSigningService,
) -> Sum {
    let mut proposal = match req.proposal {
        Some(p) => p,
        None => {
            warn!("SignProposalRequest missing proposal");
            return Sum::SignedProposalResponse(SignedProposalResponse {
                proposal: None,
                error: Some(RemoteSignerError {
                    code: RemoteSignerCode::Unknown as i32,
                    description: "Missing proposal in request".to_string(),
                }),
            });
        }
    };

    match service.sign_proposal(&req.chain_id, &mut proposal) {
        Ok(_signature) => {
            info!(
                height = proposal.height,
                round = proposal.round,
                "Proposal signed successfully"
            );
            Sum::SignedProposalResponse(SignedProposalResponse {
                proposal: Some(proposal),
                error: None,
            })
        }
        Err((err, code)) => {
            let error_code = code
                .map(|c| c as i32)
                .unwrap_or(RemoteSignerCode::Unknown as i32);
            warn!(error = %err, code = error_code, "Proposal signing failed");
            Sum::SignedProposalResponse(SignedProposalResponse {
                proposal: None,
                error: Some(RemoteSignerError {
                    code: error_code,
                    description: err.to_string(),
                }),
            })
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::CosmosSigningService;
    use nklave_core::Ed25519Keypair;
    use tendermint_proto::privval::{message::Sum, Message, PingRequest};
    use tendermint_proto::types::{BlockId, PartSetHeader, Vote};

    fn create_test_service() -> Arc<CosmosSigningService> {
        let service = CosmosSigningService::new("test-chain".to_string());
        let keypair = Ed25519Keypair::random();
        service.register_keypair(keypair);
        Arc::new(service)
    }

    #[test]
    fn test_handle_pub_key_request() {
        let service = create_test_service();

        let response = handle_pub_key_request("test-chain".to_string(), &service);

        if let Sum::PubKeyResponse(resp) = response {
            assert!(resp.pub_key.is_some());
            assert!(resp.error.is_none());
        } else {
            panic!("Expected PubKeyResponse");
        }
    }

    #[test]
    fn test_handle_pub_key_request_wrong_chain() {
        let service = create_test_service();

        let response = handle_pub_key_request("wrong-chain".to_string(), &service);

        if let Sum::PubKeyResponse(resp) = response {
            assert!(resp.error.is_some());
        } else {
            panic!("Expected PubKeyResponse");
        }
    }

    #[test]
    fn test_process_ping_request() {
        let service = create_test_service();

        let request = Message {
            sum: Some(Sum::PingRequest(PingRequest {})),
        };

        let response = process_message(request, &service);

        assert!(matches!(response.sum, Some(Sum::PingResponse(_))));
    }

    #[test]
    fn test_handle_sign_vote_request() {
        let service = CosmosSigningService::new("test-chain".to_string());
        let keypair = Ed25519Keypair::random();
        let validator_address = keypair.tendermint_address().to_vec();
        service.register_keypair(keypair);
        let service = Arc::new(service);

        let req = tendermint_proto::privval::SignVoteRequest {
            vote: Some(Vote {
                r#type: 1, // Prevote
                height: 100,
                round: 0,
                block_id: Some(BlockId {
                    hash: vec![1; 32],
                    part_set_header: Some(PartSetHeader {
                        total: 1,
                        hash: vec![2; 32],
                    }),
                }),
                timestamp: None,
                validator_address,
                validator_index: 0,
                signature: vec![],
                extension: vec![],
                extension_signature: vec![],
            }),
            chain_id: "test-chain".to_string(),
        };

        let response = handle_sign_vote_request(req, &service);

        if let Sum::SignedVoteResponse(resp) = response {
            assert!(resp.vote.is_some());
            assert!(resp.error.is_none());
            assert!(!resp.vote.unwrap().signature.is_empty());
        } else {
            panic!("Expected SignedVoteResponse");
        }
    }

    #[test]
    fn test_handle_sign_vote_request_missing_vote() {
        let service = create_test_service();

        let req = tendermint_proto::privval::SignVoteRequest {
            vote: None,
            chain_id: "test-chain".to_string(),
        };

        let response = handle_sign_vote_request(req, &service);

        if let Sum::SignedVoteResponse(resp) = response {
            assert!(resp.vote.is_none());
            assert!(resp.error.is_some());
        } else {
            panic!("Expected SignedVoteResponse");
        }
    }

    #[tokio::test]
    async fn test_message_roundtrip() {
        use tokio::io::duplex;

        let (mut client, mut server) = duplex(1024);

        let request = Message {
            sum: Some(Sum::PingRequest(PingRequest {})),
        };

        // Write from client side
        write_message(&mut client, &request).await.unwrap();

        // Read from server side
        let received = read_message(&mut server).await.unwrap().unwrap();

        assert!(matches!(received.sum, Some(Sum::PingRequest(_))));
    }
}