feat: Support for importing unarmored key (secp256k1 & ed25519 algos) (#176)

Author: pbukva

.github/workflows/labeler.yml

@@ -6,6 +6,11 @@ jobs:
   labeler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@main
+      - name: Checkout
+        uses: actions/checkout@v4
         with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Label PR
+        uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/release-sims.yml

@@ -22,7 +22,7 @@ jobs:
       - name: install runsim
         run: |
           export GO111MODULE="on" && go install github.com/cosmos/tools/cmd/[email protected]
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary
@@ -32,7 +32,7 @@ jobs:
     needs: [build, install-runsim]
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary

.github/workflows/sims.yml

@@ -31,7 +31,7 @@ jobs:
         run: go version
       - name: Install runsim
         run: export GO111MODULE="on" && go install github.com/cosmos/tools/cmd/[email protected]
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary
@@ -52,7 +52,7 @@ jobs:
             **/**.go
             go.mod
             go.sum
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary
@@ -80,7 +80,7 @@ jobs:
             go.sum
           SET_ENV_NAME_INSERTIONS: 1
           SET_ENV_NAME_LINES: 1
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary
@@ -108,7 +108,7 @@ jobs:
             go.sum
           SET_ENV_NAME_INSERTIONS: 1
           SET_ENV_NAME_LINES: 1
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary
@@ -136,7 +136,7 @@ jobs:
             go.sum
           SET_ENV_NAME_INSERTIONS: 1
           SET_ENV_NAME_LINES: 1
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-runsim-binary

.github/workflows/test.yml

@@ -18,7 +18,7 @@ jobs:
       - name: install tparse
         run: |
           go install github.com/mfridman/[email protected]
-      - uses: actions/cache@v2.1.6
+      - uses: actions/cache@v4
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-go-tparse-binary
@@ -77,19 +77,19 @@ jobs:
       - name: Split pkgs into 4 files
         run: split -d -n l/4 pkgs.txt pkgs.txt.part.
       # cache multiple
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: "${{ github.sha }}-00"
           path: ./pkgs.txt.part.00
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: "${{ github.sha }}-01"
           path: ./pkgs.txt.part.01
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: "${{ github.sha }}-02"
           path: ./pkgs.txt.part.02
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: "${{ github.sha }}-03"
           path: ./pkgs.txt.part.03
@@ -112,15 +112,15 @@ jobs:
             **/**.go
             go.mod
             go.sum
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: "${{ github.sha }}-${{ matrix.part }}"
         if: env.GIT_DIFF
       - name: test & coverage report creation
         run: |
           cat pkgs.txt.part.${{ matrix.part }} | xargs go test -mod=readonly -timeout 30m -coverprofile=${{ matrix.part }}profile.out -covermode=atomic -tags='norace ledger test_ledger_mock'
         if: env.GIT_DIFF
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: "${{ github.sha }}-${{ matrix.part }}-coverage"
           path: ./${{ matrix.part }}profile.out
@@ -136,19 +136,19 @@ jobs:
             **/**.go
             go.mod
             go.sum
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: "${{ github.sha }}-00-coverage"
         if: env.GIT_DIFF
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: "${{ github.sha }}-01-coverage"
         if: env.GIT_DIFF
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: "${{ github.sha }}-02-coverage"
         if: env.GIT_DIFF
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: "${{ github.sha }}-03-coverage"
         if: env.GIT_DIFF
@@ -190,15 +190,15 @@ jobs:
             **/**.go
             go.mod
             go.sum
-      - uses: actions/download-artifact@v2
+      - uses: actions/download-artifact@v4
         with:
           name: "${{ github.sha }}-${{ matrix.part }}"
         if: env.GIT_DIFF
       - name: test & coverage report creation
         run: |
           xargs --arg-file=pkgs.txt.part.${{ matrix.part }} go test -mod=readonly -timeout 30m -race -tags='cgo ledger test_ledger_mock'
         if: env.GIT_DIFF
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v4
         with:
           name: "${{ github.sha }}-${{ matrix.part }}-race-output"
           path: ./${{ matrix.part }}-race-output.txt

Makefile

@@ -309,7 +309,7 @@ test-cover:
 
 test-rosetta:
 	docker build -t rosetta-ci:latest -f contrib/rosetta/node/Dockerfile .
-	docker-compose -f contrib/rosetta/docker-compose.yaml up --abort-on-container-exit --exit-code-from test_rosetta --build
+	docker compose -f contrib/rosetta/docker-compose.yaml up --abort-on-container-exit --exit-code-from test_rosetta --build
 .PHONY: test-rosetta
 
 benchmark:

client/keys/export.go

@@ -12,8 +12,9 @@ import (
 )
 
 const (
-	flagUnarmoredHex = "unarmored-hex"
-	flagUnsafe       = "unsafe"
+	flagUnarmoredHex     = "unarmored-hex"
+	flagUnarmoredKeyAlgo = "unarmored-key-algo"
+	flagUnsafe           = "unsafe"
 )
 
 // ExportKeyCommand exports private keys from the key store.

client/keys/import.go

@@ -2,7 +2,13 @@ package keys
 
 import (
 	"bufio"
+	"encoding/hex"
+	"fmt"
 	"os"
+	"strings"
+
+	"github.com/cosmos/cosmos-sdk/crypto/hd"
+	"github.com/cosmos/cosmos-sdk/crypto/keyring"
 
 	"github.com/spf13/cobra"
 
@@ -38,3 +44,142 @@ func ImportKeyCommand() *cobra.Command {
 		},
 	}
 }
+
+// ImportUnarmoredKeyCommand imports private keys from a keyfile.
+func ImportUnarmoredKeyCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "import-unarmored <name> [keyfile]",
+		Short: "Imports unarmored private key into the local keybase",
+		Long: `Imports hex encoded raw unarmored private key into the local keybase 
+
+[keyfile] - Path to the file containing unarmored hex encoded private key.
+            => *IF* this non-mandatory 2nd positional argument has been
+               *PROVIDED*, then private key will be read from that file.
+			
+            => *ELSE* If this positional argument has been *OMITTED*, then
+               user will be prompted on terminal to provide the private key
+               at SECURE PROMPT = passed in characters of the key hex value
+               will *not* be displayed on the terminal.
+
+            File format: The only condition for the file format is, that
+            the unarmored key must be on the first line (the file can also
+            contain further lines, though they are ignored).
+
+            The 1st line must contain only hex encoded unarmored raw value,
+            serialised *exactly* as it is expected by given cryptographic
+            algorithm specified by the '--unarmored-key-algo <algo>' flag
+            (see the description of that flag).
+            Hex key value can be preceded & followed by any number of any
+            whitespace characters, they will be ignored.
+
+Key value:
+As mentioned above, key is expected to be hex encoded. Hex encoding can be
+lowercase, uppercase or mixed case, it does not matter, and it can (but
+does NOT need to) contain the '0x' or just 'x' prefix at the beginning of
+the hex encoded value.
+
+Output:
+The command will print key info after the import, the same way as the
+'keys add ...' command does. 
+This is quite useful, since user will immediately see the address (and pub
+key value) derived from the imported private key.`,
+		Args: cobra.RangeArgs(1, 2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			clientCtx, err := client.GetClientQueryContext(cmd)
+			if err != nil {
+				return err
+			}
+
+			buf := bufio.NewReader(clientCtx.Input)
+			var privKeyHex string
+			if len(args) == 1 {
+				privKeyHex, err = input.GetPassword("Enter hex encoded private key:", buf)
+				if err != nil {
+					return err
+				}
+			} else {
+				filename := args[1]
+				f, err := os.OpenFile(filename, os.O_RDONLY, os.ModePerm)
+				if err != nil {
+					return fmt.Errorf("open file \"%s\" error: %w", filename, err)
+				}
+				defer f.Close()
+
+				sc := bufio.NewScanner(f)
+				if sc.Scan() {
+					firstLine := sc.Text()
+					privKeyHex = strings.TrimSpace(firstLine)
+				} else {
+					return fmt.Errorf("unable to read 1st line from the \"%s\" file", filename)
+				}
+
+				if err := sc.Err(); err != nil {
+					return fmt.Errorf("error while scanning the \"%s\" file: %w", filename, err)
+				}
+			}
+
+			algo, _ := cmd.Flags().GetString(flagUnarmoredKeyAlgo)
+
+			privKeyHexLC := strings.ToLower(privKeyHex)
+			acceptedHexValPrefixes := []string{"0x", "x"}
+			for _, prefix := range acceptedHexValPrefixes {
+				if strings.HasPrefix(privKeyHexLC, prefix) {
+					privKeyHexLC = privKeyHexLC[len(prefix):]
+					break
+				}
+			}
+
+			privKeyRaw, err := hex.DecodeString(privKeyHexLC)
+			if err != nil {
+				return fmt.Errorf("failed to decode provided hex value of private key: %w", err)
+			}
+
+			info, err := clientCtx.Keyring.ImportUnarmoredPrivKey(args[0], privKeyRaw, algo)
+			if err != nil {
+				return fmt.Errorf("importing unarmored private key: %w", err)
+			}
+
+			if err := printCreateUnarmored(cmd, info, clientCtx.OutputFormat); err != nil {
+				return fmt.Errorf("printing private key info: %w", err)
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().String(flagUnarmoredKeyAlgo, string(hd.Secp256k1Type), fmt.Sprintf(
+		`Defines cryptographic scheme algorithm of the provided unarmored private key.
+At the moment *ONLY* the "%s" and "%s" algorithms are supported.
+Expected serialisation format of the raw unarmored key value:
+* for "%s": 32 bytes raw private key (hex encoded)  
+* for "%s": 32 bytes raw public key immediately followed by 32 bytes
+                 private key = 64 bytes altogether (hex encoded)
+`, hd.Secp256k1Type, hd.Ed25519Type, hd.Secp256k1Type, hd.Ed25519Type))
+
+	return cmd
+}
+
+func printCreateUnarmored(cmd *cobra.Command, info keyring.Info, outputFormat string) error {
+	switch outputFormat {
+	case OutputFormatText:
+		cmd.PrintErrln()
+		printKeyInfo(cmd.OutOrStdout(), info, keyring.MkAccKeyOutput, outputFormat)
+	case OutputFormatJSON:
+		out, err := keyring.MkAccKeyOutput(info)
+		if err != nil {
+			return err
+		}
+
+		jsonString, err := KeysCdc.MarshalJSON(out)
+		if err != nil {
+			return err
+		}
+
+		cmd.Println(string(jsonString))
+
+	default:
+		return fmt.Errorf("invalid output format %s", outputFormat)
+	}
+
+	return nil
+}