Skip to content

Supersede ClientState proof verification methods with generic interfaces #531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Mar 16, 2023
Merged

Supersede ClientState proof verification methods with generic interfaces #531

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
bd2d028
Supersede ClientState proof verification methods with generic interfaces
Farhad-Shabani Mar 13, 2023
d8684e3
add changelog entry
Farhad-Shabani Mar 14, 2023
e1f40ec
Inline tendermint verify_(non)_membership impls
Farhad-Shabani Mar 14, 2023
6258916
Move height verifications to appropriate places
Farhad-Shabani Mar 14, 2023
256fa0f
Fix verify_* comments
Farhad-Shabani Mar 14, 2023
992a9d3
Fix tests
Farhad-Shabani Mar 14, 2023
fcd8b79
Remove Seq & ConsState conversions
Farhad-Shabani Mar 14, 2023
6e47f47
Fix no-std
Farhad-Shabani Mar 14, 2023
139f479
Fix ChannelEnd error comment
Farhad-Shabani Mar 14, 2023
2a7580d
Add client_state frozen check for chan_open/close_init
Farhad-Shabani Mar 14, 2023
9cd9c4a
Rename assert_not_frozen and make it abstract
Farhad-Shabani Mar 15, 2023
425ccb2
Fix chan_open_init unit tests
Farhad-Shabani Mar 15, 2023
d5b830a
remove extra block
plafer Mar 16, 2023
1889d83
changelog 545
plafer Mar 16, 2023
cbb5597
Remove frozen_height interface
Farhad-Shabani Mar 16, 2023
3a4c9e4
Merge branch 'main' into farhad/generic-proof-verification
Farhad-Shabani Mar 16, 2023
828b40a
Add missed client frozen checks
Farhad-Shabani Mar 16, 2023
bfe0004
Add proto_encode_vec
Farhad-Shabani Mar 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/unreleased/breaking-changes/530-generic-proof-verification-interface.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- Replace specific verify_functions inside `ics02_client` with generic
`verify_membership` and `verify_non_membership` interfaces.
([#530](https://github.com/cosmos/ibc-rs/issues/530))
185 changes: 12 additions & 173 deletions crates/ibc/src/clients/ics07_tendermint/client_state.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,13 @@ use crate::core::ics02_client::client_type::ClientType;
use crate::core::ics02_client::consensus_state::ConsensusState;
use crate::core::ics02_client::error::ClientError;
use crate::core::ics02_client::trust_threshold::TrustThreshold;
use crate::core::ics03_connection::connection::ConnectionEnd;
use crate::core::ics04_channel::channel::ChannelEnd;
use crate::core::ics04_channel::commitment::{AcknowledgementCommitment, PacketCommitment};
use crate::core::ics04_channel::packet::Sequence;
use crate::core::ics23_commitment::commitment::{
CommitmentPrefix, CommitmentProofBytes, CommitmentRoot,
};
use crate::core::ics23_commitment::merkle::{apply_prefix, MerkleProof};
use crate::core::ics23_commitment::specs::ProofSpecs;
use crate::core::ics24_host::identifier::{ChainId, ClientId};
use crate::core::ics24_host::path::{
AckPath, ChannelEndPath, ClientConsensusStatePath, ClientStatePath, ClientUpgradePath,
CommitmentPath, ConnectionPath, ReceiptPath, SeqRecvPath,
};
use crate::core::ics24_host::path::{ClientConsensusStatePath, ClientUpgradePath};
use crate::core::ics24_host::Path;
use crate::timestamp::{Timestamp, ZERO_DURATION};
use crate::Height;
Expand Down Expand Up @@ -184,10 +177,6 @@ impl ClientState {
})
}

pub fn latest_height(&self) -> Height {
self.latest_height
}

pub fn with_header(self, h: TmHeader) -> Result<Self, Error> {
Ok(ClientState {
latest_height: Height::new(
Expand Down Expand Up @@ -764,181 +753,31 @@ impl Ics2ClientState for ClientState {
})
}

fn verify_client_consensus_state(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
client_cons_state_path: &ClientConsensusStatePath,
expected_consensus_state: &dyn ConsensusState,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;

let value = expected_consensus_state
.encode_vec()
.map_err(ClientError::InvalidAnyConsensusState)?;

verify_membership(
client_state,
prefix,
proof,
root,
client_cons_state_path.clone(),
value,
)
}

fn verify_connection_state(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
conn_path: &ConnectionPath,
expected_connection_end: &ConnectionEnd,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;

let value = expected_connection_end
.encode_vec()
.map_err(ClientError::InvalidConnectionEnd)?;
verify_membership(client_state, prefix, proof, root, conn_path.clone(), value)
}

fn verify_channel_state(
fn verify_membership(
&self,
height: Height,
proof_height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
channel_end_path: &ChannelEndPath,
expected_channel_end: &ChannelEnd,
path: Path,
value: Vec<u8>,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;
let value = expected_channel_end
.encode_vec()
.map_err(ClientError::InvalidChannelEnd)?;

verify_membership(
client_state,
prefix,
proof,
root,
channel_end_path.clone(),
value,
)
client_state.verify_height(proof_height)?;
verify_membership(client_state, prefix, proof, root, path, value)
}

fn verify_client_full_state(
fn verify_non_membership(
&self,
height: Height,
proof_height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
client_state_path: &ClientStatePath,
expected_client_state: Any,
path: Path,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;
let value = expected_client_state.encode_to_vec();

verify_membership(
client_state,
prefix,
proof,
root,
client_state_path.clone(),
value,
)
}

fn verify_packet_data(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
commitment_path: &CommitmentPath,
commitment: PacketCommitment,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;

verify_membership(
client_state,
prefix,
proof,
root,
commitment_path.clone(),
commitment.into_vec(),
)
}

fn verify_packet_acknowledgement(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
ack_path: &AckPath,
ack: AcknowledgementCommitment,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;

verify_membership(
client_state,
prefix,
proof,
root,
ack_path.clone(),
ack.into_vec(),
)
}

fn verify_next_sequence_recv(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
seq_recv_path: &SeqRecvPath,
sequence: Sequence,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;

let mut seq_bytes = Vec::new();
u64::from(sequence)
.encode(&mut seq_bytes)
.expect("buffer size too small");

verify_membership(
client_state,
prefix,
proof,
root,
seq_recv_path.clone(),
seq_bytes,
)
}

fn verify_packet_receipt_absence(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
receipt_path: &ReceiptPath,
) -> Result<(), ClientError> {
let client_state = downcast_tm_client_state(self)?;
client_state.verify_height(height)?;

verify_non_membership(client_state, prefix, proof, root, receipt_path.clone())
client_state.verify_height(proof_height)?;
verify_non_membership(client_state, prefix, proof, root, path)
}
}

Expand Down
99 changes: 11 additions & 88 deletions crates/ibc/src/core/ics02_client/client_state.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,11 @@ use ibc_proto::protobuf::Protobuf as ErasedProtobuf;

use crate::core::ics02_client::client_type::ClientType;
use crate::core::ics02_client::error::ClientError;
use crate::core::ics03_connection::connection::ConnectionEnd;
use crate::core::ics04_channel::channel::ChannelEnd;
use crate::core::ics04_channel::commitment::{AcknowledgementCommitment, PacketCommitment};
use crate::core::ics04_channel::packet::Sequence;
use crate::core::ics23_commitment::commitment::{
CommitmentPrefix, CommitmentProofBytes, CommitmentRoot,
};
use crate::core::ics24_host::identifier::{ChainId, ClientId};
use crate::core::ics24_host::path::{
AckPath, ChannelEndPath, ClientConsensusStatePath, ClientStatePath, CommitmentPath,
ConnectionPath, ReceiptPath, SeqRecvPath,
};
use crate::core::ics24_host::Path;
use crate::dynamic_typing::AsAny;
use crate::erased::ErasedSerialize;
use crate::prelude::*;
Expand Down Expand Up @@ -116,97 +109,27 @@ pub trait ClientState:
upgraded_consensus_state: Any,
) -> Result<UpdatedState, ClientError>;

/// Verification functions as specified in:
/// <https://github.com/cosmos/ibc/tree/master/spec/core/ics-002-client-semantics>
///
/// Verify a `proof` that the consensus state of a given client (at height `consensus_height`)
/// matches the input `consensus_state`. The parameter `counterparty_height` represent the
/// height of the counterparty chain that this proof assumes (i.e., the height at which this
/// proof was computed).
fn verify_client_consensus_state(
&self,
proof_height: Height,
counterparty_prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
client_cons_state_path: &ClientConsensusStatePath,
expected_consensus_state: &dyn ConsensusState,
) -> Result<(), ClientError>;

/// Verify a `proof` that a connection state matches that of the input `connection_end`.
fn verify_connection_state(
&self,
proof_height: Height,
counterparty_prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
counterparty_conn_path: &ConnectionPath,
expected_counterparty_connection_end: &ConnectionEnd,
) -> Result<(), ClientError>;

/// Verify a `proof` that a channel state matches that of the input `channel_end`.
fn verify_channel_state(
&self,
proof_height: Height,
counterparty_prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
counterparty_chan_end_path: &ChannelEndPath,
expected_counterparty_channel_end: &ChannelEnd,
) -> Result<(), ClientError>;

/// Verify the client state for this chain that it is stored on the counterparty chain.
fn verify_client_full_state(
// Verify_membership is a generic proof verification method which verifies a
// proof of the existence of a value at a given Path at the specified height.
fn verify_membership(
&self,
proof_height: Height,
counterparty_prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
client_state_path: &ClientStatePath,
expected_client_state: Any,
) -> Result<(), ClientError>;

/// Verify a `proof` that a packet has been committed.
fn verify_packet_data(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
commitment_path: &CommitmentPath,
commitment: PacketCommitment,
path: Path,
value: Vec<u8>,
) -> Result<(), ClientError>;

/// Verify a `proof` that a packet has been committed.
fn verify_packet_acknowledgement(
// Verify_non_membership is a generic proof verification method which
// verifies the absence of a given commitment at a specified height.
fn verify_non_membership(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
ack_path: &AckPath,
ack: AcknowledgementCommitment,
) -> Result<(), ClientError>;

/// Verify a `proof` that of the next_seq_received.
fn verify_next_sequence_recv(
&self,
height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
seq_recv_path: &SeqRecvPath,
sequence: Sequence,
) -> Result<(), ClientError>;

/// Verify a `proof` that a packet has not been received.
fn verify_packet_receipt_absence(
&self,
height: Height,
proof_height: Height,
prefix: &CommitmentPrefix,
proof: &CommitmentProofBytes,
root: &CommitmentRoot,
receipt_path: &ReceiptPath,
path: Path,
) -> Result<(), ClientError>;
}

Expand Down
9 changes: 9 additions & 0 deletions crates/ibc/src/core/ics02_client/consensus_state.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,15 @@ pub fn downcast_consensus_state<CS: ConsensusState>(h: &dyn ConsensusState) -> O
h.as_any().downcast_ref::<CS>()
}

impl TryFrom<Box<dyn ConsensusState>> for Vec<u8> {
type Error = ClientError;

fn try_from(value: Box<dyn ConsensusState>) -> Result<Self, Self::Error> {
let value = value.encode_vec().map_err(ClientError::Encode)?;
Ok(value)
}
}

impl PartialEq for dyn ConsensusState {
fn eq(&self, other: &Self) -> bool {
self.eq_consensus_state(other)
Expand Down
9 changes: 0 additions & 9 deletions crates/ibc/src/core/ics02_client/error.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,12 +96,6 @@ pub enum ClientError {
},
/// the local consensus state could not be retrieved for height `{height}`
MissingLocalConsensusState { height: Height },
/// invalid connection end error: `{0}`
InvalidConnectionEnd(TendermintProtoError),
/// invalid channel end error: `{0}`
InvalidChannelEnd(TendermintProtoError),
/// invalid any client consensus state error: `{0}`
InvalidAnyConsensusState(TendermintProtoError),
/// failed to parse signer error: `{0}`
Signer(SignerError),
/// ics23 verification failure error: `{0}`
Expand Down Expand Up @@ -130,9 +124,6 @@ impl std::error::Error for ClientError {
Self::InvalidUpgradeConsensusStateProof(e) => Some(e),
Self::InvalidCommitmentProof(e) => Some(e),
Self::InvalidPacketTimestamp(e) => Some(e),
Self::InvalidConnectionEnd(e) => Some(e),
Self::InvalidChannelEnd(e) => Some(e),
Self::InvalidAnyConsensusState(e) => Some(e),
Self::Signer(e) => Some(e),
Self::Ics23Verification(e) => Some(e),
_ => None,
Expand Down
Loading