Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Signing e2e Integration #993

Open
wants to merge 116 commits into
base: main
Choose a base branch
from
Open

Secure Signing e2e Integration #993

wants to merge 116 commits into from

Conversation

l-monninger
Copy link
Collaborator

Summary

  • RFCs: \emptyset$.
  • Categories: misc.

Integrates secure signing work and prepares e2e testing.

  • To facilitate e2e testing, a common Identifier is used to render a LoadedSigner struct, which currently wraps any of the HashiCropVault, AwsKms, or Local signers provided here.
  • An example usage of loading the a Secp256k1 signer from the Config into the DA Light Node is implemented here.
  • Required next steps are the successful updates and replacements of MAPTOS_PRIVATE_KEY, MCR_SETTLEMENT_KEY, and MOVEMENT_DA_SIGNER to match the canonical string serialization here, s.t. the overlay runs and can toggel different backends. The overlay will then be expanded upon.

Changelog

Testing

Outstanding issues

l-monninger and others added 30 commits December 17, 2024 10:38
@l-monninger
fix: messing around.
d842b40
@l-monninger
fix: google and amazon.
642227e
@andygolay
Server for HSM demo (#962)
873d1ff
@l-monninger
feat: generics for cryptography.
df28163
@l-monninger
fix: hsm demo CLI.
2093ac1
@musitdev
first draf of the API
8477374
@musitdev
correct get_public_key call
37cfc8e
@musitdev
add error to sign API
7ba55d9
@musitdev
set API function pub
50bbc98
@l-monninger
fix: structuring.
dfa32da
@l-monninger
Merge branch 'l-monninger/hsm-demo' of https://github.com/movementlab…
14fef3c 
…sxyz/movement into hsm/signapi
@l-monninger
chore: scaffold signing api.
2f5636f
@musitdev
Alloy signing integration
e461221
@mzabaluev
feat(signing): byte array conversions for ed25519
653adf7 
Provide From conversion impls to construct
PrivateKey and Signature from byte arrays.
The conversions into PrivateKey are fallible, while
a Signature is allowed to be constructed from any
64 bytes.
@mzabaluev
feat(signing): movement-signer-test crate
53e08b7 
Add TestSigner providing an in-process Signing
implementation for tests.
@musitdev
simple transfer test for AWS signing
43c974b
@mzabaluev
refactor(signing): no need for custom trait
7929c21 
TryFromBytes is not needed, neither is the public key
as a member of HashiCorpVault state.
@mzabaluev
test(signing): test TestSigner
a50bf0e
@mzabaluev
chore: clean up unused rand_core dep
ca1ffac
@musitdev
adapte AWS provider to new API version
436b21b
@musitdev
use AwsKmsCryptography trait
ca9c370
@musitdev
rename new to try_new
1f522d5
@musitdev
correct build
7f6c6b3
@musitdev
add rustls-tls to allow https connections
4d6faa8
@musitdev
correct Cargo.lock file
7ad333d
@musitdev
Merge branch 'musitdev/alloy-integration' of github.com:movementlabsx…
a8ae7d1 
…yz/movement into musitdev/alloy-integration
@mzabaluev
test(signing): Add executor test for signed transactions
82b7b68
@mzabaluev
test: add signer tests to the unit-tests workflow
0018145
@l-monninger
feat: key standard.
a2439bb
@l-monninger
feat: create key.
99875dc
mzabaluev
mzabaluev reviewed Jan 16, 2025
View reviewed changes
protocol-units/da/movement/celestia/light-node/src/v1/passthrough.rs Outdated
Comment on lines 37 to 40
pub verifier: Arc<
Box<dyn VerifierOperations<CelestiaBlob, IntermediateBlobRepresentation> + Send + Sync>,
>,
pub signing_key: SigningKey<C>,
pub signer: Arc<Signer<O, C>>,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we're punting the blob signature curve choice as a generic parameter up to here, but the VerifierOperations trait does not fix it, so...

protocol-units/da/movement/celestia/light-node/src/v1/passthrough.rs Outdated

Ok(Self {
config: config.clone(),
celestia_namespace: config.celestia_namespace(),
default_client: client.clone(),
verifier: Arc::new(Box::new(Verifier::<C>::new(
verifier: Arc::new(Box::new(Verifier::<Secp256k1>::new(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... so this concrete implementation is responsible for hooking the verifier with the correct curve choice.

l-monninger and others added 22 commits January 17, 2025 09:30
@l-monninger
fix: working through refactor.
d78b8bf
@l-monninger
fix: serialization and deserialization.
d530ba3
@l-monninger
chore: supported curves serialization and deserialization.
0ec5f5c
@l-monninger
fix: refactor.
112cd64
@l-monninger
chore: logging for loader.
a27e65b
@andygolay
Secure signing: Key rotation with CLI (#1002)
ff49b15
@musitdev @mzabaluev @l-monninger
Signing: Settlement signing integration (#995)
3d971c6 
Co-authored-by: Mikhail Zabaluev <[email protected]>
Co-authored-by: Liam Monninger <[email protected]>
@andygolay
fix: change VAULT_ADDRESS to VAULT_ADDR
a669be2
@andygolay
fix: injective mapping with different delineators for aws and vault
9c415ad
@l-monninger
fix: default to uncompressed bytes.
309df7a
@l-monninger
fix: ensure vault test readability.
7ca2d9f
@l-monninger
fix: merge.
c238379
@l-monninger
fix: merge.
7596d3f
@l-monninger
fix: add key roation subcommand.
f47ce67
@l-monninger
fix: add key roation subcommand.
3e873e8
@l-monninger
fix: stash.
31827be
@l-monninger
fix: stash.
280c548
@l-monninger
fix: aptos signer e2e test.
c92884d
@l-monninger
Mainnet Target Branch (#1017)
9bdabaf
@l-monninger
fix: framework.
1900145
@l-monninger
fix: add mint lock.
8e3b690
@l-monninger
fix: add governed gas pool ops.
87c68d6
@mzabaluev mzabaluev mentioned this pull request Jan 27, 2025
Merged
@mzabaluev
Copy link
Collaborator

The sec256k1::send_tx test fails.

@l-monninger @0xmovses
@Icarus131 @Primata @musitdev @andygolay @mzabaluev
Upgrade GGP Framework Script and Framework Migration Standards (#1018)
bc40426 
Co-authored-by: Richard Melkonian <[email protected]>
Co-authored-by: Icarus131 <[email protected]>
Co-authored-by: primata <[email protected]>
Co-authored-by: musitdev <[email protected]>
Co-authored-by: Andy Golay <[email protected]>
Co-authored-by: Icarus131 <[email protected]>
Co-authored-by: Mikhail Zabaluev <[email protected]>
@andygolay
Copy link
Contributor

The sec256k1::send_tx test fails.

I saw I was pinged for a review.

What is the command for running this and the other tests? I see the tests in util/signing/testing/tests but haven't managed to run them yet with various attempted commands.

Also does util/signing/testing needed to be added to the workspace.members array in the root Cargo.toml? noticed it's not in there. I got an error about it with one test command I tried.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mzabaluev mzabaluev mzabaluev left review comments

@0xmovses 0xmovses Awaiting requested review from 0xmovses 0xmovses is a code owner

@musitdev musitdev Awaiting requested review from musitdev musitdev is a code owner

@andygolay andygolay Awaiting requested review from andygolay andygolay is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@l-monninger @mzabaluev @andygolay @musitdev