Alloy signing integration

Cargo.toml

@@ -3,6 +3,7 @@
 resolver = "2"
 
 members = [
+    "demo/hsm",
     "protocol-units/bridge/config",
     "protocol-units/bridge/setup",
     "protocol-units/execution/maptos/dof",
@@ -41,7 +42,7 @@ members = [
     "protocol-units/bridge/indexer-db",
     "protocol-units/bridge/util",
     "benches/*",
-    "util/signing/interface",
+    "util/signing/integrations/eth",
     "util/signing/integrations/aptos",
     "util/signing/providers/aws-kms",
     "util/signing/providers/hashicorp-vault",
@@ -213,6 +214,7 @@ alloy-eips = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b17258
 alloy-contract = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
 alloy-network = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
 alloy-primitives = { version = "0.7.2", default-features = false }
+alloy-consensus = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
 alloy-provider = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2", features = [
     "ws",
 ] }
@@ -221,6 +223,7 @@ alloy-rpc-types = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b
 alloy-sol-types = { version = "0.7.2", features = ["json"] }
 alloy-signer = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
 alloy-transport = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
+alloy-transport-http = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2", features = ["reqwest-rustls-tls"] }
 alloy-transport-ws = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
 
 anyhow = "1.0"

util/signing/aws-kms/Cargo.toml

@@ -0,0 +1,34 @@
+[package]
+name = "aws-kms-signer"
+version = { workspace = true }
+edition  = { workspace = true }
+license  = { workspace = true }
+authors = { workspace = true }
+repository = { workspace = true }
+homepage = { workspace = true }
+publish = { workspace = true }
+rust-version = { workspace = true }
+
+[dependencies]
+tokio = { workspace = true, features = ["full"] }
+async-trait = { workspace = true }
+vaultrs = { workspace = true }
+anyhow = { workspace = true }
+aws-sdk-kms = { workspace = true }
+aws-config = { workspace = true }
+rand = { workspace = true }
+base64 = { workspace = true }
+dotenv = "0.15"
+ed25519 = { workspace = true }
+ring-compat = { workspace = true }
+k256 = { workspace = true, features = ["ecdsa", "pkcs8"] }
+google-cloud-kms = { workspace = true }
+reqwest = { version = "0.12", features = ["json"] }
+axum = "0.6"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+clap = { workspace = true }
+movement-signer = { workspace = true }
+
+[lints]
+workspace = true

util/signing/aws-kms/src/cryptography/mod.rs

@@ -0,0 +1 @@
+pub mod secp256k1;

util/signing/aws-kms/src/cryptography/secp256k1/mod.rs

@@ -0,0 +1,28 @@
+use aws_sdk_kms::types::{KeySpec, KeyUsageType, SigningAlgorithmSpec};
+use signer::cryptography::secp256k1::Secp256k1;
+
+/// Defines the needed methods for providing a definition of cryptography used with AWS KMS
+pub trait AwsKmsCryptography {
+	/// Returns the [KeySpec] for the desired cryptography
+	fn key_spec() -> KeySpec;
+
+	/// Returns the [KeyUsageType] for the desired cryptography
+	fn key_usage_type() -> KeyUsageType;
+
+	/// Returns the [SigningAlgorithmSpec] for the desired cryptography
+	fn signing_algorithm_spec() -> SigningAlgorithmSpec;
+}
+
+impl AwsKmsCryptography for Secp256k1 {
+	fn key_spec() -> KeySpec {
+		KeySpec::EccSecgP256K1
+	}
+
+	fn key_usage_type() -> KeyUsageType {
+		KeyUsageType::SignVerify
+	}
+
+	fn signing_algorithm_spec() -> SigningAlgorithmSpec {
+		SigningAlgorithmSpec::EcdsaSha256
+	}
+}

util/signing/aws-kms/src/lib.rs

@@ -0,0 +1 @@
+pub mod cryptography;

util/signing/hashicorp-vault/Cargo.toml

@@ -0,0 +1,34 @@
+[package]
+name = "hashicorp-vault-signer"
+version = { workspace = true }
+edition  = { workspace = true }
+license  = { workspace = true }
+authors = { workspace = true }
+repository = { workspace = true }
+homepage = { workspace = true }
+publish = { workspace = true }
+rust-version = { workspace = true }
+
+[dependencies]
+tokio = { workspace = true, features = ["full"] }
+async-trait = { workspace = true }
+vaultrs = { workspace = true }
+anyhow = { workspace = true }
+aws-sdk-kms = { workspace = true }
+aws-config = { workspace = true }
+rand = { workspace = true }
+base64 = { workspace = true }
+dotenv = "0.15"
+ed25519 = { workspace = true }
+ring-compat = { workspace = true }
+k256 = { workspace = true, features = ["ecdsa", "pkcs8"] }
+google-cloud-kms = { workspace = true }
+reqwest = { version = "0.12", features = ["json"] }
+axum = "0.6"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+clap = { workspace = true }
+signer = { workspace = true }
+
+[lints]
+workspace = true

util/signing/hashicorp-vault/src/cryptography/ed25519/mod.rs

@@ -0,0 +1,28 @@
+use aws_sdk_kms::types::{KeySpec, KeyUsageType, SigningAlgorithmSpec};
+use signer::cryptography::secp256k1::Secp256k1;
+
+/// Defines the needed methods for providing a definition of cryptography used with AWS KMS
+pub trait AwsKmsCryptography {
+	/// Returns the [KeySpec] for the desired cryptography
+	fn key_spec() -> KeySpec;
+
+	/// Returns the [KeyUsageType] for the desired cryptography
+	fn key_usage_type() -> KeyUsageType;
+
+	/// Returns the [SigningAlgorithmSpec] for the desired cryptography
+	fn signing_algorithm_spec() -> SigningAlgorithmSpec;
+}
+
+impl AwsKmsCryptography for Secp256k1 {
+	fn key_spec() -> KeySpec {
+		KeySpec::EccSecgP256K1
+	}
+
+	fn key_usage_type() -> KeyUsageType {
+		KeyUsageType::SignVerify
+	}
+
+	fn signing_algorithm_spec() -> SigningAlgorithmSpec {
+		SigningAlgorithmSpec::EcdsaSha256
+	}
+}

util/signing/hashicorp-vault/src/cryptography/mod.rs

@@ -0,0 +1 @@
+pub mod ed25519;

util/signing/hashicorp-vault/src/hsm/mod.rs

@@ -0,0 +1,12 @@
+// ! Develop HSM here under [SignerOperations]
+// use signer::{cryptography::ed25519, SignerOperations};
+
+pub struct HashicorpVault;
+
+/*#[async_trait::async_trait]
+impl SignerOperations<ed25519::Ed25519> for HashicorpVault {
+	async fn sign(&self, _message: Bytes) -> Result<Signature, SignerError> {
+		// Sign the message.
+		Ok(Signature::default())
+	}
+}*/

util/signing/hashicorp-vault/src/lib.rs

@@ -0,0 +1,2 @@
+pub mod cryptography;
+pub mod hsm;

util/signing/integrations/eth/Cargo.toml

@@ -0,0 +1,39 @@
+[package]
+name = "movement-signing-eth"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+repository.workspace = true
+homepage.workspace = true
+publish.workspace = true
+rust-version.workspace = true
+
+[dependencies]
+movement-signer = { workspace = true }
+movement-signer-aws-kms = { workspace = true }
+async-trait.workspace = true
+
+# Alloy needed crates
+alloy-primitives.workspace = true
+alloy-signer.workspace = true
+alloy-network.workspace = true
+alloy-consensus.workspace = true
+alloy-transport-http = { workspace = true, features = ["reqwest-rustls-tls"] }
+k256 = "0.13.4"
+
+[dev-dependencies]
+aws-sdk-kms = { workspace = true }
+anyhow = { workspace = true }
+tokio = { workspace = true }
+alloy.workspace = true
+alloy-signer-aws = { git = "https://github.com/alloy-rs/alloy.git", rev = "83343b172585fe4e040fb104b4d1421f58cbf9a2" }
+aws-config = { workspace = true }
+
+ethereum-types = "0.11"
+keccak-hash = "0.10"
+hex = "0.4"
+sha3 = "0.10.8"
+
+[lints]
+workspace = true