Problem: e2ee module is not backported (crypto-org-chain#1417)

* Problem: e2ee module is not backported

Problem: no end-to-end encryption module (crypto-org-chain#1407)

* Problem: no end-to-end encryption module

add keeper

add grpc query

signer option

getter/setter

genesis init/export

fix lint

* fix proto lint

* fix test

* register codec

* changelog

* fix build

* Update x/e2ee/types/keys.go

Co-authored-by: mmsqe <mavis@crypto.com>
Signed-off-by: yihuang <huang@crypto.com>

* Update x/e2ee/types/codec.go

Co-authored-by: mmsqe <mavis@crypto.com>
Signed-off-by: yihuang <huang@crypto.com>

---------

Signed-off-by: yihuang <huang@crypto.com>
Co-authored-by: mmsqe <mavis@crypto.com>

Problem: encryption-key cmd is not supported (crypto-org-chain#1409)

* Problem: encryption-key cmd is not supported

* gen doc

* add validate

Problem: no keyring interface for e2ee to store arbitrary payload (crypto-org-chain#1413)

changelo

add age encrypt/decrypt in unit test

Update x/e2ee/keyring/keyring.go

Signed-off-by: yihuang <huang@crypto.com>

fix lint

fix build

Problem: no encrypt and decrypt cmds for message (crypto-org-chain#1411)

* Problem: no encrypt and decrypt cmds for message

* fix doc

* add gen

* test

* cleanup

* move command to e2ee module

move encrypt cmd to e2ee module

move decrypt cmd to e2ee

update integration test

store key as string, to make autocli better

fix integration test

Update x/e2ee/client/cli/encrypt.go

Signed-off-by: yihuang <huang@crypto.com>

fix lint

---------

Signed-off-by: yihuang <huang@crypto.com>
Co-authored-by: yihuang <huang@crypto.com>
Co-authored-by: yihuang <yi.codeplayer@gmail.com>

Problem: no efficient batch query for encryption keys (crypto-org-chain#1415)

Update CHANGELOG.md

Signed-off-by: yihuang <huang@crypto.com>

update swagger

typo

fix build

proposal handler

update version

check exist

Problem: proto-gen fails in CI (crypto-org-chain#1392)

* Problem: proto-gen fails in CI

* Apply suggestions from code review

add cronos msg

add store-block-list cmd

refresh block list

add handler

update deps

add handler

lint

fix cmd

test store list

set with ante

move to util

fix ibc

Revert "set with ante"

This reverts commit c2700f5.

reject on err

fix prepare proposal

fix proto lint

* cmd to encrypt to validators

* fix test

* temp

* fix test

* improve test

* Problem: no validate for malformed e2ee key in register (crypto-org-chain#1421)

* Problem: no validate for malformed e2ee key in register

* update doc

* Apply suggestions from code review

* cleanup

---------

Co-authored-by: yihuang <yi.codeplayer@gmail.com>

* cleanup test

* revert

* fix test

* fix test

* remove mempool blocked-addresses

* fix test

* fix test

* fix test

* fix patch

* avoid prompt

* encrypt clear list

* cleanup

* add validate

* avoid concurrent mutate

* Update app/proposal.go

Signed-off-by: mmsqe <mavis@crypto.com>

* cleanup

* proto-gen

---------

Signed-off-by: yihuang <huang@crypto.com>
Signed-off-by: mmsqe <mavis@crypto.com>
Co-authored-by: mmsqe <mavis@crypto.com>

Author: yihuang

.github/workflows/proto.yml

@@ -40,10 +40,10 @@ jobs:
         with:
           PATTERNS: |
             **/**.proto
-      - name: proto-gen
+      - name: proto-gen-ci
         if: env.GIT_DIFF
         run: |
-          make proto-gen # proto-swagger-gen  FIXME swagger-gen result is not reproducible in CI
+          make proto-gen-ci # proto-swagger-gen  FIXME swagger-gen result is not reproducible in CI
           git checkout -- go.mod go.sum docs/api/proto-docs.md  # FIXME doc gen not reproducible in CI
       - name: check working directory is clean
         uses: numtide/clean-git-action@main

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## UNRELEASED
+
+### State Machine Breaking
+
+* [#1407](https://github.com/crypto-org-chain/cronos/pull/1407) Add end-to-end encryption module.
+
+### Improvements
+
+* [#1413](https://github.com/crypto-org-chain/cronos/pull/1413) Add custom keyring implementation for e2ee module.
+* (e2ee)[#1415](https://github.com/crypto-org-chain/cronos/pull/1415) Add batch keys query for e2ee module.
+* (e2ee)[#1421](https://github.com/crypto-org-chain/cronos/pull/1421) Validate e2ee key when register.
+
 *May 3, 2024*
 
 ## v1.2.2
@@ -21,6 +33,11 @@
 
 * (rpc) [#1397](https://github.com/crypto-org-chain/cronos/pull/1397) Avoid panic on invalid elasticity_multiplier.
 
+### Features
+
+* [#1406](https://github.com/crypto-org-chain/cronos/pull/1406) Add set-encryption-key for encryption module.
+* [#1411](https://github.com/crypto-org-chain/cronos/pull/1411) Add encrypt and decrypt cmds for message.
+
 *April 8, 2024*
 
 ## v1.2.0

Makefile

@@ -272,6 +272,7 @@ endif
 HTTPS_GIT := https://github.com/crypto-org-chain/cronos.git
 protoVer=0.11.6
 protoImageName=ghcr.io/cosmos/proto-builder:$(protoVer)
+protoImageCi=$(DOCKER) run --rm -v $(CURDIR):/workspace --workdir /workspace --user root $(protoImageName)
 protoImage=$(DOCKER) run --rm -v $(CURDIR):/workspace --workdir /workspace $(protoImageName)
 
 # ------
@@ -280,6 +281,10 @@ protoImage=$(DOCKER) run --rm -v $(CURDIR):/workspace --workdir /workspace $(pro
 #
 proto-all: proto-format proto-lint proto-gen
 
+proto-gen-ci:
+	@echo "Generating Protobuf files"
+	$(protoImageCi) sh ./scripts/protocgen.sh
+
 proto-gen:
 	@echo "Generating Protobuf files"
 	$(protoImage) sh ./scripts/protocgen.sh

app/app.go

@@ -1,8 +1,6 @@
 package app
 
 import (
-	"crypto/sha256"
-	"encoding/hex"
 	stderrors "errors"
 	"fmt"
 	"io"
@@ -11,10 +9,10 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"sort"
 
 	autocliv1 "cosmossdk.io/api/cosmos/autocli/v1"
 	reflectionv1 "cosmossdk.io/api/cosmos/reflection/v1"
+	"filippo.io/age"
 	runtimeservices "github.com/cosmos/cosmos-sdk/runtime/services"
 	"golang.org/x/exp/slices"
 
@@ -23,6 +21,7 @@ import (
 	tmjson "github.com/cometbft/cometbft/libs/json"
 	"github.com/cometbft/cometbft/libs/log"
 	tmos "github.com/cometbft/cometbft/libs/os"
+	tmproto "github.com/cometbft/cometbft/proto/tendermint/types"
 	"github.com/cosmos/cosmos-sdk/client"
 	"github.com/cosmos/cosmos-sdk/codec/types"
 	"github.com/gorilla/mux"
@@ -123,6 +122,7 @@ import (
 	icaauthkeeper "github.com/crypto-org-chain/cronos/v2/x/icaauth/keeper"
 	icaauthtypes "github.com/crypto-org-chain/cronos/v2/x/icaauth/types"
 
+	clientflags "github.com/cosmos/cosmos-sdk/client/flags"
 	evmante "github.com/evmos/ethermint/app/ante"
 	srvflags "github.com/evmos/ethermint/server/flags"
 	ethermint "github.com/evmos/ethermint/types"
@@ -159,6 +159,11 @@ import (
 	_ "github.com/ethereum/go-ethereum/eth/tracers/native"
 	ethparams "github.com/ethereum/go-ethereum/params"
 
+	e2ee "github.com/crypto-org-chain/cronos/v2/x/e2ee"
+	e2eekeeper "github.com/crypto-org-chain/cronos/v2/x/e2ee/keeper"
+	e2eekeyring "github.com/crypto-org-chain/cronos/v2/x/e2ee/keyring"
+	e2eetypes "github.com/crypto-org-chain/cronos/v2/x/e2ee/types"
+
 	// force register the extension json-rpc.
 	_ "github.com/crypto-org-chain/cronos/v2/x/cronos/rpc"
 )
@@ -170,8 +175,6 @@ const (
 	//
 	// NOTE: In the SDK, the default value is 255.
 	AddrLen = 20
-
-	FlagBlockedAddresses = "blocked-addresses"
 )
 
 var Forks = []Fork{}
@@ -260,6 +263,7 @@ func GenModuleBasics() module.BasicManager {
 		ibcfee.AppModuleBasic{},
 		evm.AppModuleBasic{},
 		feemarket.AppModuleBasic{},
+		e2ee.AppModuleBasic{},
 		// this line is used by starport scaffolding # stargate/app/moduleBasic
 		gravity.AppModuleBasic{},
 		cronos.AppModuleBasic{},
@@ -286,6 +290,8 @@ func StoreKeys(skipGravity bool) (
 		icaauthtypes.StoreKey,
 		// ethermint keys
 		evmtypes.StoreKey, feemarkettypes.StoreKey,
+		// e2ee keys
+		e2eetypes.StoreKey,
 		// this line is used by starport scaffolding # stargate/app/storeKey
 		cronostypes.StoreKey,
 	}
@@ -357,6 +363,9 @@ type App struct {
 	// Gravity module
 	GravityKeeper gravitykeeper.Keeper
 
+	// e2ee keeper
+	E2EEKeeper e2eekeeper.Keeper
+
 	// this line is used by starport scaffolding # stargate/app/keeperDeclaration
 
 	CronosKeeper cronoskeeper.Keeper
@@ -371,6 +380,8 @@ type App struct {
 	configurator module.Configurator
 
 	qms storetypes.MultiStore
+
+	blockProposalHandler *ProposalHandler
 }
 
 // New returns a reference to an initialized chain.
@@ -385,15 +396,37 @@ func New(
 	cdc := encodingConfig.Amino
 	interfaceRegistry := encodingConfig.InterfaceRegistry
 
+	var identity age.Identity
+	{
+		if cast.ToString(appOpts.Get("mode")) == "validator" {
+			krBackend := cast.ToString(appOpts.Get(clientflags.FlagKeyringBackend))
+			kr, err := e2eekeyring.New("cronosd", krBackend, homePath, os.Stdin)
+			if err != nil {
+				panic(err)
+			}
+			bz, err := kr.Get(e2eetypes.DefaultKeyringName)
+			if err != nil {
+				logger.Error("e2ee identity for validator not found", "error", err)
+			} else {
+				identity, err = age.ParseX25519Identity(string(bz))
+				if err != nil {
+					panic(err)
+				}
+			}
+		}
+	}
+
 	baseAppOptions = memiavlstore.SetupMemIAVL(logger, homePath, appOpts, false, false, baseAppOptions)
+
+	blockProposalHandler := NewProposalHandler(encodingConfig.TxConfig.TxDecoder(), identity)
+
 	// NOTE we use custom transaction decoder that supports the sdk.Tx interface instead of sdk.StdTx
 	// Setup Mempool and Proposal Handlers
 	baseAppOptions = append(baseAppOptions, func(app *baseapp.BaseApp) {
 		mempool := mempool.NoOpMempool{}
 		app.SetMempool(mempool)
-		handler := baseapp.NewDefaultProposalHandler(mempool, app)
-		app.SetPrepareProposal(handler.PrepareProposalHandler())
-		app.SetProcessProposal(handler.ProcessProposalHandler())
+		app.SetPrepareProposal(blockProposalHandler.PrepareProposalHandler())
+		app.SetProcessProposal(blockProposalHandler.ProcessProposalHandler())
 	})
 	bApp := baseapp.NewBaseApp(Name, logger, db, encodingConfig.TxConfig.TxDecoder(), baseAppOptions...)
 
@@ -404,14 +437,15 @@ func New(
 	keys, memKeys, tkeys := StoreKeys(skipGravity)
 
 	app := &App{
-		BaseApp:           bApp,
-		cdc:               cdc,
-		appCodec:          appCodec,
-		interfaceRegistry: interfaceRegistry,
-		invCheckPeriod:    invCheckPeriod,
-		keys:              keys,
-		tkeys:             tkeys,
-		memKeys:           memKeys,
+		BaseApp:              bApp,
+		cdc:                  cdc,
+		appCodec:             appCodec,
+		interfaceRegistry:    interfaceRegistry,
+		invCheckPeriod:       invCheckPeriod,
+		keys:                 keys,
+		tkeys:                tkeys,
+		memKeys:              memKeys,
+		blockProposalHandler: blockProposalHandler,
 	}
 
 	// init params keeper and subspaces
@@ -666,6 +700,8 @@ func New(
 	// this line is used by starport scaffolding # ibc/app/router
 	app.IBCKeeper.SetRouter(ibcRouter)
 
+	app.E2EEKeeper = e2eekeeper.NewKeeper(keys[e2eetypes.StoreKey])
+
 	/****  Module Options ****/
 
 	// NOTE: we may consider parsing `appOpts` inside module constructors. For the moment
@@ -709,6 +745,9 @@ func New(
 		feeModule,
 		feemarket.NewAppModule(app.FeeMarketKeeper, feeMarketS),
 		evm.NewAppModule(app.EvmKeeper, app.AccountKeeper, evmS),
+		e2ee.NewAppModule(app.E2EEKeeper),
+
+		// Cronos app modules
 		cronosModule,
 	}
 
@@ -737,6 +776,7 @@ func New(
 		vestingtypes.ModuleName,
 		cronostypes.ModuleName,
 		consensusparamtypes.ModuleName,
+		e2eetypes.ModuleName,
 	}
 	endBlockersOrder := []string{
 		crisistypes.ModuleName, govtypes.ModuleName, stakingtypes.ModuleName,
@@ -760,6 +800,7 @@ func New(
 		vestingtypes.ModuleName,
 		cronostypes.ModuleName,
 		consensusparamtypes.ModuleName,
+		e2eetypes.ModuleName,
 	}
 	// NOTE: The genutils module must occur after staking so that pools are
 	// properly initialized with tokens from genesis accounts.
@@ -795,6 +836,7 @@ func New(
 		consensusparamtypes.ModuleName,
 		// NOTE: crisis module must go at the end to check for invariants on each module
 		crisistypes.ModuleName,
+		e2eetypes.ModuleName,
 	}
 
 	if !skipGravity {
@@ -876,7 +918,6 @@ func New(
 	app.SetEndBlocker(app.EndBlocker)
 	if err := app.setAnteHandler(encodingConfig.TxConfig,
 		cast.ToUint64(appOpts.Get(srvflags.EVMMaxTxGasWanted)),
-		cast.ToStringSlice(appOpts.Get(FlagBlockedAddresses)),
 	); err != nil {
 		panic(err)
 	}
@@ -908,6 +949,10 @@ func New(
 				tmos.Exit(fmt.Sprintf("versiondb version %d lag behind iavl version %d", v1, v2))
 			}
 		}
+
+		if err := app.RefreshBlockList(app.NewUncachedContext(false, tmproto.Header{})); err != nil {
+			panic(err)
+		}
 	}
 
 	app.ScopedIBCKeeper = scopedIBCKeeper
@@ -920,34 +965,7 @@ func New(
 }
 
 // use Ethermint's custom AnteHandler
-func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64, blacklist []string) error {
-	if len(blacklist) > 0 {
-		sort.Strings(blacklist)
-		// hash blacklist concatenated
-		h := sha256.New()
-		for _, addr := range blacklist {
-			_, err := h.Write([]byte(addr))
-			if err != nil {
-				panic(err)
-			}
-		}
-		app.Logger().Error("Setting ante handler with blacklist", "size", len(blacklist), "hash", hex.EncodeToString(h.Sum(nil)))
-		for _, addr := range blacklist {
-			app.Logger().Error("Blacklisted address", "address", addr)
-		}
-	} else {
-		app.Logger().Error("Setting ante handler without blacklist")
-	}
-	blockedMap := make(map[string]struct{}, len(blacklist))
-	for _, str := range blacklist {
-		addr, err := sdk.AccAddressFromBech32(str)
-		if err != nil {
-			return fmt.Errorf("invalid bech32 address: %s, err: %w", str, err)
-		}
-
-		blockedMap[string(addr)] = struct{}{}
-	}
-	blockAddressDecorator := NewBlockAddressesDecorator(blockedMap)
+func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64) error {
 	options := evmante.HandlerOptions{
 		AccountKeeper:          app.AccountKeeper,
 		BankKeeper:             app.BankKeeper,
@@ -964,7 +982,6 @@ func (app *App) setAnteHandler(txConfig client.TxConfig, maxGasWanted uint64, bl
 			sdk.MsgTypeURL(&evmtypes.MsgEthereumTx{}),
 			sdk.MsgTypeURL(&vestingtypes.MsgCreateVestingAccount{}),
 		},
-		ExtraDecorators: []sdk.AnteDecorator{blockAddressDecorator},
 	}
 
 	anteHandler, err := evmante.NewAnteHandler(options)
@@ -1002,7 +1019,22 @@ func (app *App) BeginBlocker(ctx sdk.Context, req abci.RequestBeginBlock) abci.R
 
 // EndBlocker application updates every end block
 func (app *App) EndBlocker(ctx sdk.Context, req abci.RequestEndBlock) abci.ResponseEndBlock {
-	return app.mm.EndBlock(ctx, req)
+	rsp := app.mm.EndBlock(ctx, req)
+
+	if err := app.RefreshBlockList(ctx); err != nil {
+		app.Logger().Error("failed to update blocklist", "error", err)
+	}
+
+	return rsp
+}
+
+func (app *App) RefreshBlockList(ctx sdk.Context) error {
+	if app.blockProposalHandler == nil || app.blockProposalHandler.Identity == nil {
+		return nil
+	}
+
+	// refresh blocklist
+	return app.blockProposalHandler.SetBlockList(app.CronosKeeper.GetBlockList(ctx))
 }
 
 // InitChainer application update at chain initialization