feat!: move key manager service to key_manager (#5284)

Description
---
Moves the key_manager_services to key_manager_create

Motivation and Context
---
Currently, all transactions are built by supplying private keys to the
constructor. The wallet implements a Key_manager_service that safely
constructs the private key but this is then passed around in code to
where it is used to sign transactions etc.

We want to refactor this, that the code only ask for a signature and not
a private key. This means the private key generation should happen where
core can access it. This will be refactored in a future PR. This is part
of allowing support of Hardware devices in the future.

How Has This Been Tested?
---
Unit tests and manual tx sending



Breaking Changes
---

- [x] None
- [ ] Requires data directory on base node to be deleted
- [ ] Requires hard fork
- [x] Other - Please specify
Requires data directory to be deleted on the wallet

<!-- Does this include a breaking change? If so, include this line as a
footer -->
<!-- BREAKING CHANGE: Description what the user should do, e.g. delete a
database, resync the chain -->
BREAKING CHANGE: Requires data directory to be deleted on the wallet
because it changes how the wallet database structure looks.

.license.ignore

@@ -13,6 +13,7 @@
 ./applications/tari_console_wallet/linux/start_tari_console_wallet
 ./base_layer/contacts/src/schema.rs
 ./base_layer/key_manager/Makefile
+./base_layer/key_manager/src/schema.rs
 ./base_layer/p2p/src/dns/roots/tls.rs
 ./base_layer/wallet/src/schema.rs
 ./buildtools/docker/torrc

applications/tari_console_wallet/src/automation/commands.rs

@@ -56,11 +56,11 @@ use tari_core::transactions::{
     transaction_components::{OutputFeatures, TransactionOutput, UnblindedOutput},
 };
 use tari_crypto::ristretto::RistrettoSecretKey;
+use tari_key_manager::key_manager_service::NextKeyResult;
 use tari_utilities::{hex::Hex, ByteArray};
 use tari_wallet::{
     connectivity_service::WalletConnectivityInterface,
     error::WalletError,
-    key_manager_service::NextKeyResult,
     output_manager_service::{handle::OutputManagerHandle, UtxoSelectionCriteria},
     transaction_service::handle::{TransactionEvent, TransactionServiceHandle},
     TransactionStage,

applications/tari_console_wallet/src/automation/error.rs

@@ -29,10 +29,10 @@ use log::*;
 use tari_common::exit_codes::{ExitCode, ExitError};
 use tari_common_types::types::FixedHashSizeError;
 use tari_core::transactions::{tari_amount::MicroTariError, transaction_components::TransactionError};
+use tari_key_manager::key_manager_service::KeyManagerServiceError;
 use tari_utilities::{hex::HexError, ByteArrayError};
 use tari_wallet::{
     error::{WalletError, WalletStorageError},
-    key_manager_service::KeyManagerServiceError,
     output_manager_service::error::OutputManagerError,
     transaction_service::error::TransactionServiceError,
 };

base_layer/common_types/Cargo.toml

@@ -13,6 +13,7 @@ tari_utilities = "0.4.10"
 tari_common = {  path = "../../common" }
 
 
+chacha20poly1305 = "0.10.1"
 borsh = "0.9.3"
 digest = "0.9.0"
 lazy_static = "1.4.0"

base_layer/wallet/src/util/encryption.rs → base_layer/common_types/src/encryption.rs

@@ -114,7 +114,7 @@ mod test {
     use rand::{rngs::OsRng, RngCore};
     use tari_utilities::{ByteArray, Hidden};
 
-    use crate::util::encryption::{decrypt_bytes_integral_nonce, encrypt_bytes_integral_nonce};
+    use super::*;
 
     #[test]
     fn test_encrypt_decrypt() {

base_layer/common_types/src/lib.rs

@@ -24,6 +24,7 @@ pub mod burnt_proof;
 pub mod chain_metadata;
 pub mod dammsum;
 pub mod emoji;
+pub mod encryption;
 pub mod epoch;
 pub mod grpc_authentication;
 pub mod tari_address;

base_layer/key_manager/Cargo.toml

@@ -12,10 +12,20 @@ crate-type = ["lib", "cdylib"]
 
 # NB: All dependencies must support or be gated for the WASM target.
 [dependencies]
-tari_common_types = {  path = "../../base_layer/common_types", optional = true }
-tari_crypto = { version = "0.16.11"}
+tari_crypto = "0.16.11"
 tari_utilities = "0.4.10"
+tari_common_sqlite = { path = "../../common_sqlite" }
+tari_common_types = {  path = "../../base_layer/common_types"}
+tari_service_framework = {  path = "../service_framework" }
 
+async-trait = {version = "0.1.50"}
+chrono = { version = "0.4.19", default-features = false, features = ["serde"] }
+chacha20poly1305 = "0.10.1"
+tokio = { version = "1.23", features = ["sync", "macros"]}
+futures = { version = "^0.3.1", features = ["compat", "std"] }
+log = {version = "0.4.6"}
+diesel = { version = "2.0.3", features = ["sqlite", "serde_json", "chrono", "64-column-tables"]}
+diesel_migrations = {version = "2.0.0"}
 argon2 = { version = "0.4.1", features = ["std", "alloc"] }
 blake2 = "0.9.1"
 chacha20 = "0.7.1"
@@ -36,8 +46,11 @@ subtle = "2.4.1"
 [dev-dependencies]
 sha2 = "0.9.8"
 wasm-bindgen-test = "0.3.28"
+tempfile = "3.1.0"
 
 [features]
+default = []
+key_manager_service = []
 avx2 = ["tari_crypto/simd_backend"]
 js = [ "js-sys"]
-wasm = ["tari_crypto/wasm", "wasm-bindgen", "js", "tari_common_types", "console_error_panic_hook"]
+wasm = ["tari_crypto/wasm", "wasm-bindgen", "js", "console_error_panic_hook"]

base_layer/key_manager/diesel.toml

@@ -0,0 +1,8 @@
+# For documentation on how to configure this file,
+# see https://diesel.rs/guides/configuring-diesel-cli
+
+[print_schema]
+file = "src/schema.rs"
+
+[migrations_directory]
+dir = "migrations"

base_layer/key_manager/migrations/2023-03-31-130611_initial/down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS key_manager_states;

base_layer/key_manager/migrations/2023-03-31-130611_initial/up.sql

@@ -0,0 +1,6 @@
+CREATE TABLE key_manager_states (
+    id                INTEGER PRIMARY KEY NOT NULL,
+    branch_seed       TEXT UNIQUE         NOT NULL,
+    primary_key_index BLOB                NOT NULL,
+    timestamp         DATETIME            NOT NULL
+);

base_layer/wallet/src/key_manager_service/error.rs → base_layer/key_manager/src/key_manager_service/error.rs

@@ -22,11 +22,11 @@
 
 use diesel::result::Error as DieselError;
 use tari_common_sqlite::error::SqliteStorageError;
-use tari_key_manager::error::KeyManagerError as KMError;
-use tari_script::ScriptError;
 use tari_utilities::{hex::HexError, ByteArrayError};
 
-use crate::error::WalletStorageError;
+use crate::error::KeyManagerError as KMError;
+
+// use crate::error::WalletStorageError;
 /// Error enum for the [KeyManagerService]
 #[derive(Debug, thiserror::Error)]
 pub enum KeyManagerServiceError {
@@ -60,8 +60,6 @@ pub enum KeyManagerStorageError {
     ConversionError { reason: String },
     #[error("Key Manager not initialized")]
     KeyManagerNotInitialized,
-    #[error("Wallet storage error: `{0}`")]
-    WalletStorageError(#[from] WalletStorageError),
     #[error("Diesel error: `{0}`")]
     DieselError(#[from] DieselError),
     #[error("Diesel connection error: `{0}`")]
@@ -76,8 +74,6 @@ pub enum KeyManagerStorageError {
     ByteArrayError(#[from] ByteArrayError),
     #[error("Aead error: `{0}`")]
     AeadError(String),
-    #[error("Tari script error : {0}")]
-    ScriptError(#[from] ScriptError),
     #[error("Binary not stored as valid hex:{0}")]
     HexError(#[from] HexError),
     #[error("Tari Key Manager error: `{0}`")]

base_layer/wallet/src/key_manager_service/handle.rs → base_layer/key_manager/src/key_manager_service/handle.rs

@@ -23,16 +23,18 @@
 use std::sync::Arc;
 
 use tari_common_types::types::PrivateKey;
-use tari_key_manager::cipher_seed::CipherSeed;
 use tokio::sync::RwLock;
 
-use crate::key_manager_service::{
-    error::KeyManagerServiceError,
-    interface::NextKeyResult,
-    storage::database::{KeyManagerBackend, KeyManagerDatabase},
-    AddResult,
-    KeyManagerInner,
-    KeyManagerInterface,
+use crate::{
+    cipher_seed::CipherSeed,
+    key_manager_service::{
+        error::KeyManagerServiceError,
+        interface::NextKeyResult,
+        storage::database::{KeyManagerBackend, KeyManagerDatabase},
+        AddResult,
+        KeyManagerInner,
+        KeyManagerInterface,
+    },
 };
 /// The key manager provides a hierarchical key derivation function (KDF) that derives uniformly random secret keys from
 /// a single seed key for arbitrary branches, using an implementation of `KeyManagerBackend` to store the current index

base_layer/wallet/src/key_manager_service/initializer.rs → base_layer/key_manager/src/key_manager_service/initializer.rs

@@ -28,12 +28,14 @@
 // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 // USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-use tari_key_manager::cipher_seed::CipherSeed;
 use tari_service_framework::{async_trait, ServiceInitializationError, ServiceInitializer, ServiceInitializerContext};
 
-use crate::key_manager_service::{
-    storage::database::{KeyManagerBackend, KeyManagerDatabase},
-    KeyManagerHandle,
+use crate::{
+    cipher_seed::CipherSeed,
+    key_manager_service::{
+        storage::database::{KeyManagerBackend, KeyManagerDatabase},
+        KeyManagerHandle,
+    },
 };
 
 /// Initializes the key manager service by implementing the [ServiceInitializer] trait.

base_layer/wallet/src/key_manager_service/mock.rs → base_layer/key_manager/src/key_manager_service/mock.rs

@@ -24,21 +24,22 @@ use std::{collections::HashMap, sync::Arc};
 
 use log::*;
 use tari_common_types::types::PrivateKey;
-use tari_key_manager::{cipher_seed::CipherSeed, key_manager::KeyManager};
 use tokio::sync::RwLock;
 
 use crate::{
+    cipher_seed::CipherSeed,
+    key_manager::KeyManager,
     key_manager_service::{
         error::KeyManagerServiceError,
         interface::NextKeyResult,
         storage::database::KeyManagerState,
         AddResult,
+        KeyDigest,
         KeyManagerInterface,
     },
-    types::KeyDigest,
 };
 
-const LOG_TARGET: &str = "wallet::Key_manager_mock";
+const LOG_TARGET: &str = "key_manager::Key_manager_mock";
 const KEY_MANAGER_MAX_SEARCH_DEPTH: u64 = 1_000_000;
 
 /// Testing Mock for the key manager service

base_layer/wallet/src/key_manager_service/mod.rs → base_layer/key_manager/src/key_manager_service/mod.rs

@@ -20,6 +20,21 @@
 //  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 //  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+// Note: For help in getting started with diesel as well as how to update the tables look here:
+//       http://diesel.rs/guides/getting-started/
+//   - You also need to ensure that you installed diesel with the sqlite feature flag:
+//     - 'cargo install diesel_cli --no-default-features --features sqlite'
+//   - If you updated the tables the following needs to be run from the base_layer/key_manager/ folder:
+//     - 'diesel setup --database-url test.sqlite3'
+//     - 'diesel migration run --database-url test.sqlite3'
+//   - After running this, make sure that the diesel update did not change BigInt to Integer in 'schema.rs' (check for
+//     any unwanted changes)
+
+use tari_crypto::hash::blake2::Blake256;
+
+/// Specify the Hash function used by the key manager
+pub type KeyDigest = Blake256;
+
 mod error;
 pub use error::KeyManagerServiceError;
 

base_layer/wallet/src/key_manager_service/service.rs → base_layer/key_manager/src/key_manager_service/service.rs

@@ -24,19 +24,20 @@ use std::collections::HashMap;
 use futures::lock::Mutex;
 use log::*;
 use tari_common_types::types::PrivateKey;
-use tari_key_manager::{cipher_seed::CipherSeed, key_manager::KeyManager};
 
 use crate::{
+    cipher_seed::CipherSeed,
+    key_manager::KeyManager,
     key_manager_service::{
         error::KeyManagerServiceError,
         interface::NextKeyResult,
         storage::database::{KeyManagerBackend, KeyManagerDatabase, KeyManagerState},
         AddResult,
+        KeyDigest,
     },
-    types::KeyDigest,
 };
 
-const LOG_TARGET: &str = "wallet::key_manager";
+const LOG_TARGET: &str = "key_manager::key_manager_service";
 const KEY_MANAGER_MAX_SEARCH_DEPTH: u64 = 1_000_000;
 
 pub struct KeyManagerInner<TBackend> {

base_layer/wallet/src/key_manager_service/storage/sqlite_db/key_manager_state.rs → base_layer/key_manager/src/key_manager_service/storage/sqlite_db/key_manager_state.rs

@@ -26,6 +26,7 @@ use chacha20poly1305::XChaCha20Poly1305;
 use chrono::{NaiveDateTime, Utc};
 use diesel::{prelude::*, SqliteConnection};
 use tari_common_sqlite::util::diesel_ext::ExpectedRowsExtension;
+use tari_common_types::encryption::{decrypt_bytes_integral_nonce, encrypt_bytes_integral_nonce};
 use tari_utilities::Hidden;
 
 use crate::{
@@ -34,7 +35,6 @@ use crate::{
         storage::{database::KeyManagerState, sqlite_db::Encryptable},
     },
     schema::key_manager_states,
-    util::encryption::{decrypt_bytes_integral_nonce, encrypt_bytes_integral_nonce},
 };
 
 /// Represents a row in the key_manager_states table.