movementlabsxyz · musitdev · Jan 10, 2025 · Jan 13, 2025 · Jan 13, 2025 · Jan 14, 2025
@@ -130,6 +130,7 @@ movement-signer-hashicorp-vault = { path = "util/signing/providers/hashicorp-vau
 movement-signer-local = { path = "util/signing/providers/local" }
 movement-signer-loader = { path = "util/signing/util/loader" }
 movement-signing-aptos = { path = "util/signing/integrations/aptos" }
+movement-signing-eth = { path = "util/signing/integrations/eth" }
 
 ## vault
 vaultrs = { version = "0.7.3" }

@@ -6,7 +6,7 @@ use celestia_rpc::Client;
 use celestia_types::nmt::Namespace;
 use celestia_types::Blob as CelestiaBlob;
 use movement_celestia_da_util::ir_blob::IntermediateBlobRepresentation;
-use movement_signer::{cryptography::Curve, Verify};
+use movement_signer::{cryptography::Curve, Digester, Verify};
 use std::sync::Arc;
 
 /// A verifier of Celestia blobs for permissioned signers
@@ -44,7 +44,7 @@ where
 #[tonic::async_trait]
 impl<C> VerifierOperations<CelestiaBlob, IntermediateBlobRepresentation> for Verifier<C>
 where
-	C: Curve + Verify<C> + Send + Sync,
+	C: Curve + Verify<C> + Digester<C> + Send + Sync,
 {
 	async fn verify(
 		&self,

@@ -1,6 +1,6 @@
 use crate::{Error, Verified, VerifierOperations};
 use movement_celestia_da_util::ir_blob::IntermediateBlobRepresentation;
-use movement_signer::{cryptography::Curve, Verify};
+use movement_signer::{cryptography::Curve, Digester, Verify};
 use std::collections::HashSet;
 use tracing::info;
 
@@ -26,7 +26,7 @@ where
 impl<C> VerifierOperations<IntermediateBlobRepresentation, IntermediateBlobRepresentation>
 	for Verifier<C>
 where
-	C: Curve + Verify<C> + Send + Sync,
+	C: Curve + Verify<C> + Digester<C> + Send + Sync,
 {
 	async fn verify(
 		&self,
@@ -74,7 +74,7 @@ where
 impl<C> VerifierOperations<IntermediateBlobRepresentation, IntermediateBlobRepresentation>
 	for InKnownSignersVerifier<C>
 where
-	C: Curve + Verify<C> + Send + Sync,
+	C: Curve + Verify<C> + Digester<C> + Send + Sync,
 {
 	async fn verify(
 		&self,

@@ -42,7 +42,7 @@ impl InnerSignedBlobV1Data {
 	}
 
 	/// Computes the id of InnerSignedBlobV1Data
-	pub fn compute_id<O, C>(&self) -> Result<Id, anyhow::Error>
+	pub fn compute_id<C>(&self) -> Result<Id, anyhow::Error>
 	where
 		C: Curve + Digester<C>,
 	{
@@ -59,7 +59,7 @@ impl InnerSignedBlobV1Data {
 		O: Signing<C>,
 		C: Curve + Digester<C>,
 	{
-		let id = self.compute_id::<O, C>()?;
+		let id = self.compute_id::<C>()?;
 		let signature = signer.inner().sign(&id.as_slice()).await?.to_bytes();
 		let signer = signer.inner().public_key().await?.to_bytes();
 
@@ -78,12 +78,13 @@ pub struct InnerSignedBlobV1 {
 impl InnerSignedBlobV1 {
 	pub fn try_verify<C>(&self) -> Result<(), anyhow::Error>
 	where
-		C: Curve + Verify<C>,
+		C: Curve + Digester<C> + Verify<C>,
 	{
 		let public_key = C::PublicKey::try_from_bytes(self.signer.as_slice())?;
 		let signature = C::Signature::try_from_bytes(self.signature.as_slice())?;
+		let id = self.data.compute_id::<C>()?;
 
-		if !C::verify(self.data.blob.as_slice(), &signature, &public_key)? {
+		if !C::verify(id.as_slice(), &signature, &public_key)? {
 			return Err(anyhow::anyhow!("signature verification failed"))?;
 		}
 
@@ -139,7 +140,7 @@ impl IntermediateBlobRepresentation {
 
 	pub fn verify_signature<C>(&self) -> Result<(), anyhow::Error>
 	where
-		C: Curve + Verify<C>,
+		C: Curve + Digester<C> + Verify<C>,
 	{
 		match self {
 			IntermediateBlobRepresentation::SignedV1(inner) => inner.try_verify::<C>(),

@@ -16,6 +16,9 @@ rust-version = { workspace = true }
 
 [dependencies]
 mcr-settlement-config = { workspace = true }
+movement-signer-loader = { workspace = true }
+movement-signer = { workspace = true }
+movement-signing-eth = { workspace = true }
 
 alloy = { workspace = true, features = [
     "node-bindings",

@@ -11,7 +11,7 @@ use alloy::providers::fillers::NonceFiller;
 use alloy::providers::fillers::WalletFiller;
 use alloy::providers::{Provider, ProviderBuilder, RootProvider};
 use alloy::pubsub::PubSubFrontend;
-use alloy::signers::local::PrivateKeySigner;
+use alloy::signers::Signer;
 use alloy_network::Ethereum;
 use alloy_network::EthereumWallet;
 use alloy_primitives::Address;
@@ -21,6 +21,9 @@ use alloy_transport::BoxTransport;
 use alloy_transport_ws::WsConnect;
 use anyhow::Context;
 use mcr_settlement_config::Config;
+use movement_signer::cryptography::secp256k1::Secp256k1;
+use movement_signer_loader::identifiers::Load;
+use movement_signing_eth::HsmSigner;
 use movement_types::block::{BlockCommitment, Commitment, Id};
 use serde_json::Value as JsonValue;
 use std::array::TryFromSliceError;
@@ -100,19 +103,12 @@ impl
 	>
 {
 	pub async fn build_with_config(config: &Config) -> Result<Self, anyhow::Error> {
-		let signer_private_key = match &config.deploy {
-			Some(deployment_config) => {
-				info!("Using deployment config for signer private key");
-				deployment_config.mcr_deployment_account_private_key.clone()
-			}
-			None => {
-				info!("Using settlement config for signer private key");
-				config.settle.signer_private_key.clone()
-			}
-		};
-		let signer = signer_private_key
-			.parse::<PrivateKeySigner>()
-			.context("Failed to parse the private key for the MCR settlement client signer")?;
+		let signer_identifier: Box<dyn Load<Secp256k1> + Send> =
+			Box::new(config.settle.signer_identifier.clone());
+		let signer_provider = signer_identifier.load().await?;
+		let signer =
+			HsmSigner::try_new(signer_provider, Some(config.eth_connection.eth_chain_id)).await?;
+
 		let signer_address = signer.address();
 		info!("Signer address: {}", signer_address);
 		let contract_address = config

@@ -16,5 +16,7 @@ alloy = { workspace = true }
 godfig = { workspace = true }
 anyhow = { workspace = true }
 
+movement-signer-loader = { workspace = true }
+
 [lints]
 workspace = true
@@ -6,9 +6,8 @@ use serde::{Deserialize, Serialize};
 pub struct Config {
 	#[serde(default = "mcr_deployment_working_directory")]
 	pub mcr_deployment_working_directory: String,
-
-	#[serde(default = "mcr_deployment_account_private_key")]
-	pub mcr_deployment_account_private_key: String,
+	#[serde(default = "mcr_local_anvil_account_private_key")]
+	pub mcr_local_anvil_account_private_key: String,
 }
 
 env_short_default!(
@@ -18,7 +17,7 @@ env_short_default!(
 );
 
 env_short_default!(
-	mcr_deployment_account_private_key,
+	mcr_local_anvil_account_private_key,
 	String,
 	PrivateKeySigner::random().to_bytes().to_string()
 );
@@ -43,7 +42,7 @@ impl Default for Config {
 	fn default() -> Self {
 		Config {
 			mcr_deployment_working_directory: mcr_deployment_working_directory(),
-			mcr_deployment_account_private_key: mcr_deployment_account_private_key(),
+			mcr_local_anvil_account_private_key: mcr_local_anvil_account_private_key(),
 		}
 	}
 }