[Proof] Relay signature & Merkle proof validation

e2e/tests/session.feature

@@ -9,7 +9,7 @@ Feature: Session Namespace
     # The timeout for when a claim can be submitted on-chain depends on `createClaimWindowStartHeight`, which
     # is a function of `SessionGracePeriod`. The higher this value, the higher this timeout needs to be. Since
     # this test is not dependant on the grace period, setting it to 0 and having a lower grace period will simplify it.
-    And the user should wait for "7" seconds
+    And the user should wait for "10" seconds
     Then the claim created by supplier "supplier1" for service "svc1" for application "app1" should be persisted on-chain
     # TODO_IMPROVE: And an event should be emitted...
     And after the supplier submits a proof for the session for service "svc1" for application "app1"

pkg/appgateserver/cmd/cmd.go

@@ -191,6 +191,7 @@ func setupAppGateServerDependencies(
 		config.NewSupplyAccountQuerierFn(),                     // leaf
 		config.NewSupplyApplicationQuerierFn(),                 // leaf
 		config.NewSupplySessionQuerierFn(),                     // leaf
+		config.NewSupplyPubKeyClientFn(),
 		config.NewSupplyRingCacheFn(),
 
 		config.NewSupplyPOKTRollSDKFn(appGateConfig.SigningKey),

pkg/crypto/interface.go

@@ -4,27 +4,49 @@ package crypto
 import (
 	"context"
 
+	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
 	"github.com/noot/ring-go"
+
+	"github.com/pokt-network/poktroll/x/service/types"
 )
 
 // RingCache is used to store rings used for signing and verifying relay requests.
 // It will cache rings for future use after querying the application module for
 // the addresses of the gateways the application is delegated to, and converting
 // them into their corresponding public key points on the secp256k1 curve.
 type RingCache interface {
+	RingClient
+
+	// GetCachedAddresses returns the addresses of the applications that are
+	// currently cached in the ring cache.
+	GetCachedAddresses() []string
 	// Start starts the ring cache, it takes a cancellable context and, in a
 	// separate goroutine, listens for on-chain delegation events and invalidates
 	// the cache if the redelegation event's AppAddress is stored in the cache.
 	Start(ctx context.Context)
-	// GetCachedAddresses returns the addresses of the applications that are
-	// currently cached in the ring cache.
-	GetCachedAddresses() []string
-	// GetRingForAddress returns the ring for the given application address if
-	// it exists. If it does not exist in the cache, it follows a lazy approach
-	// of querying the on-chain state and creating it just-in-time, caching for
-	// future retrievals.
-	GetRingForAddress(ctx context.Context, appAddress string) (*ring.Ring, error)
 	// Stop stops the ring cache by unsubscribing from on-chain delegation events.
 	// And clears the cache, so that it no longer contains any rings,
 	Stop()
 }
+
+// RingClient is used to construct rings by querying the application module for
+// the addresses of the gateways the application is delegated to, and converting
+// them into their corresponding public key points on the secp256k1 curve.
+type RingClient interface {
+	// GetRingForAddress returns the ring for the given application address if
+	// it exists.
+	GetRingForAddress(ctx context.Context, appAddress string) (*ring.Ring, error)
+
+	// VerifyRelayRequestSignature verifies the relay request signature against the
+	// ring for the application address in the relay request.
+	VerifyRelayRequestSignature(ctx context.Context, relayRequest *types.RelayRequest) error
+}
+
+// PubKeyClient is used to get the public key given an address.
+// On-chain and off-chain implementations should take care of retrieving the
+// address' account and returning its public key.
+type PubKeyClient interface {
+	// GetPubKeyFromAddress returns the public key of the given account address if
+	// it exists.
+	GetPubKeyFromAddress(ctx context.Context, address string) (cryptotypes.PubKey, error)
+}

pkg/crypto/pubkey_client/client.go

@@ -0,0 +1,58 @@
+package pubkeyclient
+
+import (
+	"context"
+
+	"cosmossdk.io/depinject"
+	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
+
+	"github.com/pokt-network/poktroll/pkg/client"
+	"github.com/pokt-network/poktroll/pkg/crypto"
+)
+
+var _ crypto.PubKeyClient = (*pubKeyClient)(nil)
+
+// pubKeyClient is an implementation of the PubKeyClient that uses an account
+// querier to get the public key of an address.
+type pubKeyClient struct {
+	// accountQuerier is the querier for the account module, it is used to get
+	// the account of an address.
+	accountQuerier client.AccountQueryClient
+}
+
+// NewPubKeyClient creates a new PubKeyClient with the given dependencies.
+// The querier is injected using depinject and has to be specific to the
+// environment in which the pubKeyClient is initialized as on-chain and off-chain
+// environments may have different queriers.
+//
+// Required dependencies:
+// - client.AccountQueryClient
+func NewPubKeyClient(deps depinject.Config) (crypto.PubKeyClient, error) {
+	pc := new(pubKeyClient)
+
+	if err := depinject.Inject(
+		deps,
+		&pc.accountQuerier,
+	); err != nil {
+		return nil, err
+	}
+
+	return pc, nil
+}
+
+// GetPubKeyFromAddress returns the public key of the given address.
+// It uses the accountQuerier to get the account and then returns its public key.
+func (pc *pubKeyClient) GetPubKeyFromAddress(ctx context.Context, address string) (cryptotypes.PubKey, error) {
+	acc, err := pc.accountQuerier.GetAccount(ctx, address)
+	if err != nil {
+		return nil, err
+	}
+
+	// If the account's public key is nil, then return an error.
+	pubKey := acc.GetPubKey()
+	if pubKey == nil {
+		return nil, ErrPubKeyClientEmptyPubKey
+	}
+
+	return pubKey, nil
+}

pkg/crypto/pubkey_client/errors.go

@@ -0,0 +1,8 @@
+package pubkeyclient
+
+import sdkerrors "cosmossdk.io/errors"
+
+var (
+	codespace                  = "pubkeyclient"
+	ErrPubKeyClientEmptyPubKey = sdkerrors.Register(codespace, 1, "empty public key")
+)