This repository has been archived by the owner on Jun 3, 2020. It is now read-only.
Ledger integration into KMS #172
Merged
liamsi
merged 12 commits into
tendermint:master
from
cryptiumlabs:adrian/ledger_integration
Feb 20, 2019
Merged
Changes from 3 commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
95ce661
Ledger integration into KMS
f38e570
Run 'cargo fmt'
75bdb0b
Exclude ledger from test harness
9caeec2
Remove incorrect comment
7f0e046
Update to latest dependencies
99b5b27
Refactoring and adjusting to new ledger-tm library
jleni f6a9c8f
Merge pull request #1 from ZondaX/zondax/ledger-tm
47289c0
Upgrading creates + fmt fixes
jleni ff43eb5
Merge pull request #2 from ZondaX/ledger_integration
jleni 76e054c
Disabling ledgertm tests until a ledgermock is available
jleni 90e37d5
Merge pull request #4 from ZondaX/ledger_integration
jleni 562109d
Add better logging to sign requests
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,15 +35,23 @@ signal-hook = "0.1.7" | |
signatory = { version = "0.11", features = ["ed25519"] } | ||
signatory-dalek = "0.11" | ||
signatory-yubihsm = { version = "0.11", optional = true } | ||
signatory-ledger-cosval = { version = "0.11", optional = true } | ||
subtle-encoding = "0.3" | ||
tendermint = { version = "0.2", path = "tendermint-rs" } | ||
|
||
[patch.crates-io] | ||
signatory = { git = "https://github.com/cryptiumlabs/signatory" } | ||
signatory-dalek = { git = "https://github.com/cryptiumlabs/signatory" } | ||
signatory-yubihsm = { git = "https://github.com/cryptiumlabs/signatory" } | ||
signatory-ledger-cosval = { git = "https://github.com/cryptiumlabs/signatory" } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. please do not introduce external versions/forks of these crates. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is waiting on the release of the correct upstream crates, specifically the new release of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
|
||
[dev-dependencies] | ||
tempfile = "3" | ||
rand = "0.6" | ||
|
||
[features] | ||
default = ["softsign", "yubihsm"] | ||
default = ["softsign"] | ||
ledger = ["signatory-ledger-cosval"] | ||
softsign = [] | ||
yubihsm = ["signatory-yubihsm/usb"] # USB only for now | ||
yubihsm-mock = ["yubihsm", "signatory-yubihsm/mockhsm"] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
//! Configuration for ledger-backed signer | ||
|
||
/// Ledger signer configuration | ||
#[derive(Clone, Deserialize, Debug)] | ||
pub struct LedgerConfig { | ||
pub active: bool, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
//! Ledger-based signer | ||
|
||
use signatory::PublicKeyed; | ||
use signatory_ledger_cosval::Ed25519CosmosAppSigner; | ||
|
||
use crate::{ | ||
config::provider::ledger::LedgerConfig, | ||
error::KmsError, | ||
keyring::{ed25519::Signer, KeyRing}, | ||
}; | ||
|
||
/// Label for ed25519-dalek provider | ||
// TODO: use a non-string type for these, e.g. an enum | ||
pub const LEDGER_PROVIDER_LABEL: &str = "ledger"; | ||
|
||
// TODO: Maybe make this depend on the app. This may not matter since the Ledger doesn't hold multiple keys. Could work with HD deriv path. | ||
pub const LEDGER_ID: &str = "1"; | ||
|
||
/// Create hardware-backed YubiHSM signer objects from the given configuration | ||
adrianbrink marked this conversation as resolved.
Show resolved
Hide resolved
|
||
pub fn init(keyring: &mut KeyRing, _ledger_configs: &[LedgerConfig]) -> Result<(), KmsError> { | ||
// TODO: Maybe use the active field from the config. | ||
let provider = Ed25519CosmosAppSigner::connect().unwrap(); | ||
keyring.add( | ||
provider.public_key().unwrap(), | ||
Signer::new( | ||
LEDGER_PROVIDER_LABEL, | ||
LEDGER_ID.to_owned(), | ||
Box::new(provider), | ||
), | ||
)?; | ||
Ok(()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
use std::sync::Mutex; | ||
|
||
use signatory_ledger_cosval::Ed25519CosmosAppSigner; | ||
|
||
lazy_static! { | ||
static ref HSM_CLIENT: Mutex<Ed25519CosmosAppSigner> = Mutex::new(create_hsm_client()); | ||
} | ||
|
||
// pub fn get_hsm_client() -> MutexGuard<'static, Ed25519CosmosAppSigner> { | ||
// HSM_CLIENT.lock().unwrap() | ||
// } | ||
|
||
fn create_hsm_client() -> Ed25519CosmosAppSigner { | ||
Ed25519CosmosAppSigner::connect().unwrap() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this change necessary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test harness does not work with the Ledger since I haven't implemented a ledger-mock.