feat(vald): add support for manual signing of arbitrary data (#1966)

* feat(vald): add support for manual signing of arbitrary data

cmd/axelard/cmd/root.go

@@ -222,10 +222,7 @@ func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) {
 	rootCmd.PersistentFlags().String(tmcli.OutputFlag, "text", "Output format (text|json)")
 
 	// add vald after the overwrite so it can set its own defaults
-	rootCmd.AddCommand(vald.GetValdCommand())
-
-	// add health check command
-	rootCmd.AddCommand(vald.GetHealthCheckCommand())
+	rootCmd.AddCommand(vald.GetValdCommand(), vald.GetHealthCheckCommand(), vald.GetSignCommand())
 }
 
 func newApp(logger log.Logger, db dbm.DB, traceStore io.Writer, appOpts servertypes.AppOptions) servertypes.Application {

go.mod

@@ -4,8 +4,8 @@ go 1.19
 
 require (
 	github.com/armon/go-metrics v0.4.1
-	github.com/axelarnetwork/tm-events v0.0.0-20230615024059-2c843b8fc6f7
-	github.com/axelarnetwork/utils v0.0.0-20230615020512-c9d3f82faeb1
+	github.com/axelarnetwork/tm-events v0.0.0-20230704201410-3cf91089034b
+	github.com/axelarnetwork/utils v0.0.0-20230706045331-b7aacc1f4a2f
 	github.com/btcsuite/btcd/btcec/v2 v2.3.2
 	github.com/cosmos/cosmos-sdk v0.45.16
 	github.com/cosmos/ibc-go/v4 v4.4.1
@@ -31,12 +31,12 @@ require (
 	github.com/stretchr/testify v1.8.3
 	github.com/tendermint/tendermint v0.34.27
 	github.com/tendermint/tm-db v0.6.7
-	golang.org/x/crypto v0.10.0
+	golang.org/x/crypto v0.11.0
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/mod v0.11.0
+	golang.org/x/mod v0.12.0
 	golang.org/x/sync v0.3.0
-	golang.org/x/text v0.10.0
-	golang.org/x/tools v0.10.0
+	golang.org/x/text v0.11.0
+	golang.org/x/tools v0.11.0
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
 	google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a
 	google.golang.org/grpc v1.55.0
@@ -155,9 +155,9 @@ require (
 	github.com/zondax/hid v0.9.1 // indirect
 	github.com/zondax/ledger-go v0.14.1 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
-	golang.org/x/net v0.11.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
-	golang.org/x/term v0.9.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/term v0.10.0 // indirect
 	google.golang.org/genproto v0.0.0-20230526015343-6ee61e4f9d5f // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect

vald/sign.go

@@ -0,0 +1,113 @@
+package vald
+
+import (
+	"context"
+	"encoding/hex"
+	"fmt"
+
+	ec "github.com/btcsuite/btcd/btcec/v2/ecdsa"
+	"github.com/cosmos/cosmos-sdk/server"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/spf13/cobra"
+
+	"github.com/axelarnetwork/axelar-core/vald/config"
+	"github.com/axelarnetwork/axelar-core/vald/tss"
+	evm "github.com/axelarnetwork/axelar-core/x/evm/types"
+	multisig "github.com/axelarnetwork/axelar-core/x/multisig/exported"
+	"github.com/axelarnetwork/axelar-core/x/tss/tofnd"
+	"github.com/axelarnetwork/utils/funcs"
+)
+
+// GetHealthCheckCommand returns the command to execute a node health check
+func GetSignCommand() *cobra.Command {
+
+	cmd := &cobra.Command{
+		Use:   "vald-sign [key-id] [public-key] [hash to sign]",
+		Short: "Sign hash with specified key",
+		Args:  cobra.ExactArgs(3),
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			keyID := multisig.KeyID(args[0])
+			if err := keyID.ValidateBasic(); err != nil {
+				return err
+			}
+
+			pubKeyRaw, err := hex.DecodeString(args[1])
+			if err != nil {
+				return err
+			}
+
+			pubKey := multisig.PublicKey(pubKeyRaw)
+			if err := pubKey.ValidateBasic(); err != nil {
+				return err
+			}
+
+			hashRaw, err := hex.DecodeString(args[2])
+			if err != nil {
+				return err
+			}
+
+			if len(hashRaw) != common.HashLength {
+				return fmt.Errorf("hash to sign must be 32 bytes")
+			}
+
+			hash := common.BytesToHash(hashRaw)
+
+			valAddr, err := cmd.Flags().GetString("validator-addr")
+			if err != nil {
+				return err
+			}
+
+			if _, err := sdk.ValAddressFromBech32(valAddr); valAddr != "" && err != nil {
+				return err
+			}
+
+			serverCtx := server.GetServerContextFromCmd(cmd)
+			valdCfg := config.DefaultValdConfig()
+			if err := serverCtx.Viper.Unmarshal(&valdCfg); err != nil {
+				panic(err)
+			}
+
+			conn, err := tss.Connect(valdCfg.TssConfig.Host, valdCfg.TssConfig.Port, valdCfg.TssConfig.DialTimeout)
+			if err != nil {
+				return fmt.Errorf("failed to reach tofnd: %s", err.Error())
+			}
+
+			// creates client to communicate with the external tofnd process multisig service
+			client := tofnd.NewMultisigClient(conn)
+
+			grpcCtx, cancel := context.WithTimeout(cmd.Context(), timeout)
+			defer cancel()
+
+			res, err := client.Sign(grpcCtx, &tofnd.SignRequest{
+				KeyUid:    fmt.Sprintf("%s_%d", keyID, 0),
+				MsgToSign: hash.Bytes(),
+				PartyUid:  valAddr,
+				PubKey:    pubKey,
+			})
+
+			if err != nil {
+				return sdkerrors.Wrapf(err, "failed signing")
+			}
+
+			switch res.GetSignResponse().(type) {
+			case *tofnd.SignResponse_Signature:
+				ecdsaSig := *funcs.Must(ec.ParseDERSignature(res.GetSignature()))
+				evmSignature := funcs.Must(evm.ToSignature(ecdsaSig, hash, pubKey.ToECDSAPubKey())).ToHomesteadSig()
+				fmt.Printf("signature: %s\n", hex.EncodeToString(evmSignature))
+				return nil
+			case *tofnd.SignResponse_Error:
+				return fmt.Errorf(res.GetError())
+			default:
+				panic(fmt.Errorf("unknown multisig sign response %T", res.GetSignResponse()))
+			}
+
+		},
+	}
+
+	cmd.Flags().String("validator-addr", "", "the address of the validator operator, i.e axelarvaloper1..")
+
+	return cmd
+}