From 95ce66138f43d0e1363fa954da1d6f26c3e2a4b2 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Thu, 14 Feb 2019 21:39:55 +0100 Subject: [PATCH 1/9] Ledger integration into KMS This PR adds the ledger integration as a backend to the KMS. There is still more work required to ensure that the Ledger application knows how to correctly decode/encode Tendermint votes. --- Cargo.lock | 113 ++++++++++++++++++++++++++++++---- Cargo.toml | 10 ++- src/config/provider/ledger.rs | 7 +++ src/config/provider/mod.rs | 8 +++ src/keyring/ed25519/ledger.rs | 28 +++++++++ src/keyring/ed25519/mod.rs | 2 + src/keyring/mod.rs | 6 ++ src/ledger.rs | 15 +++++ src/lib.rs | 4 ++ src/rpc.rs | 8 +-- src/session.rs | 23 +++++-- 11 files changed, 200 insertions(+), 24 deletions(-) create mode 100644 src/config/provider/ledger.rs create mode 100644 src/keyring/ed25519/ledger.rs create mode 100644 src/ledger.rs diff --git a/Cargo.lock b/Cargo.lock index 4e830c5..cefc6ca 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,3 +1,5 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. [[package]] name = "abscissa" version = "0.0.6" @@ -360,6 +362,18 @@ dependencies = [ "typenum 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "hidapi" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "cc 1.0.29 (registry+https://github.com/rust-lang/crates.io-index)", + "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "failure_derive 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)", + "pkg-config 0.3.14 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "hkdf" version = "0.7.0" @@ -416,6 +430,32 @@ name = "lazy_static" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" +[[package]] +name = "ledger" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "hidapi 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)", + "nix 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "ledger-cosmos" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "ledger 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", + "matches 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)", + "quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "libc" version = "0.2.48" @@ -448,6 +488,23 @@ dependencies = [ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "matches" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "nix" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", + "cc 1.0.29 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)", + "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "num-integer" version = "0.1.39" @@ -516,6 +573,11 @@ dependencies = [ "syn 0.14.9 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "quick-error" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "quote" version = "0.6.11" @@ -761,7 +823,7 @@ dependencies = [ [[package]] name = "signatory" version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" +source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" dependencies = [ "digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "generic-array 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -774,20 +836,31 @@ dependencies = [ [[package]] name = "signatory-dalek" version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" +source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" dependencies = [ "digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "ed25519-dalek 1.0.0-pre.1 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", +] + +[[package]] +name = "signatory-ledger-cosval" +version = "0.11.0" +source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" +dependencies = [ + "lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "ledger-cosmos 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", ] [[package]] name = "signatory-yubihsm" version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" +source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" dependencies = [ - "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", "yubihsm 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -897,8 +970,8 @@ dependencies = [ "serde 1.0.87 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.87 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory-dalek 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory-dalek 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", "subtle-encoding 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "tai64 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "x25519-dalek 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)", @@ -944,9 +1017,10 @@ dependencies = [ "serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "signal-hook 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory-dalek 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory-yubihsm 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory-dalek 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory-ledger-cosval 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory-yubihsm 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", "subtle-encoding 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "tempfile 3.0.6 (registry+https://github.com/rust-lang/crates.io-index)", "tendermint 0.2.0", @@ -983,6 +1057,11 @@ dependencies = [ "rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "void" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "winapi" version = "0.2.8" @@ -1105,6 +1184,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum gaunt 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "0348d3b5fbd30311ea16ce573f137c689e5a3fb2d7b037eefe0a6384143298b6" "checksum generic-array 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3c0f28c2f5bfb5960175af447a2da7c18900693738343dc896ffbcabd9839592" "checksum generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ef25c5683767570c2bbd7deba372926a55eaae9982d7726ee2a1050239d45b9d" +"checksum hidapi 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2511971f82b321b33b8a7695442f59129e2d9bc302302cbcdb962eb739a78cff" "checksum hkdf 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1a89c4638cf4e02d9db29750659d2af13d9001b508716f77d4693ec8a1f8bda8" "checksum hmac 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f127a908633569f208325f86f71255d3363c79721d7f9fe31cd5569908819771" "checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08" @@ -1112,10 +1192,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum itertools 0.7.11 (registry+https://github.com/rust-lang/crates.io-index)" = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" "checksum itoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "1306f3464951f30e30d12373d31c79fbd52d236e5e896fd92f96ec7babbbe60b" "checksum lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a374c89b9db55895453a74c1e38861d9deec0b01b405a82516e9d5de4820dea1" +"checksum ledger 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "d46d0365bcf882794107dca9fb955eaf04475b5a6b5e502acfd9afc15dba6a42" +"checksum ledger-cosmos 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "ed0b81649df987dc5b8f1e3a446a9567c8fda003f424ad4ebfe6754a0fd8c43c" "checksum libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)" = "e962c7641008ac010fa60a7dfdc1712449f29c44ef2d4702394aea943ee75047" "checksum libusb 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5f990ddd929cbe53de4ecd6cf26e1f4e0c5b9796e4c629d9046570b03738aa53" "checksum libusb-sys 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "4c53b6582563d64ad3e692f54ef95239c3ea8069e82c9eb70ca948869a7ad767" "checksum log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c84ec4b527950aa83a329754b01dbe3f58361d1c5efacd1f6d68c494d08a17c6" +"checksum matches 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "7ffc5c5338469d4d3ea17d269fa8ea3512ad247247c30bd2df69e68309ed0a08" +"checksum nix 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)" = "46f0f3210768d796e8fa79ec70ee6af172dacbe7147f5e69be5240a47778302b" "checksum num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)" = "e83d528d2677f0518c570baf2b7abdcf0cd2d248860b68507bdcb3e91d4c0cea" "checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1" "checksum opaque-debug 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "93f5bb2e8e8dec81642920ccff6b61f1eb94fa3020c5a325c9851ff604152409" @@ -1124,6 +1208,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)" = "4d317f9caece796be1980837fd5cb3dfec5613ebdb04ad0956deea83ce168915" "checksum prost-amino 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "04c5c4189b6c3e054c064a0c88d51f9379db268d5f8f6ea6afffd3849aeca1a7" "checksum prost-amino-derive 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6376b995db84c9791ab5d3f7bc3e315f8bc1a55fe139a0a2da24aa24e27de809" +"checksum quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9274b940887ce9addde99c4eee6b5c44cc494b182b97e73dc8ffdcb3397fd3f0" "checksum quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)" = "cdd8e04bd9c52e0342b406469d494fcb033be4bdbe5c606016defbb1681411e1" "checksum rand 0.5.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c618c47cd3ebd209790115ab837de41425723956ad3ce2e6a7f09890947cacb9" "checksum rand 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)" = "6d71dacdc3c88c1fde3885a3be3fbab9f35724e6ce99467f7d9c5026132184ca" @@ -1152,9 +1237,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum sha2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9eb6be24e4c23a84d7184280d2722f7f2731fcdd4a9d886efbfe4413e4847ea0" "checksum sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7b4d8bfd0e469f417657573d8451fb33d16cfe0989359b93baf3a1ffc639543d" "checksum signal-hook 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "1f272d1b7586bec132ed427f532dd418d8beca1ca7f2caf7df35569b1415a4b4" -"checksum signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b2edc08ebe757a7b45352fa63c75c107fb569cc281779b0db0f8d6a384eaddd8" -"checksum signatory-dalek 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9b5ed7678eaeb98cb23e1efdb5e961021b02d3bd9f8bab4d4e30c53ebb3dd50" -"checksum signatory-yubihsm 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b494a76142da87e8952f9135ed9a0acf55b93a1b1f504c7a1ab227f84c395ccc" +"checksum signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" +"checksum signatory-dalek 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" +"checksum signatory-ledger-cosval 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" +"checksum signatory-yubihsm 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" "checksum simplelog 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2e95345f185d5adeb8ec93459d2dc99654e294cc6ccf5b75414d8ea262de9a13" "checksum spin 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "44363f6f51401c34e7be73db0db371c04705d35efbe9f7d6082e03a921a32c55" "checksum subtle 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" @@ -1172,6 +1258,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" "checksum untrusted 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "55cd1f4b4e96b46aeb8d4855db4a7a9bd96eeeb5c6a1ab54593328761642ce2f" "checksum uuid 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0238db0c5b605dd1cf51de0f21766f97fba2645897024461d6a00c036819a768" +"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" "checksum winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a" "checksum winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "92c1eb33641e276cfa214a0522acad57be5c56b10cb348b3c5117db75f3ac4b0" "checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" diff --git a/Cargo.toml b/Cargo.toml index 6d31fb1..f5761b3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,15 +35,23 @@ signal-hook = "0.1.7" signatory = { version = "0.11", features = ["ed25519"] } signatory-dalek = "0.11" signatory-yubihsm = { version = "0.11", optional = true } +signatory-ledger-cosval = { version = "0.11", optional = true } subtle-encoding = "0.3" tendermint = { version = "0.2", path = "tendermint-rs" } +[patch.crates-io] +signatory = { git = "https://github.com/cryptiumlabs/signatory" } +signatory-dalek = { git = "https://github.com/cryptiumlabs/signatory" } +signatory-yubihsm = { git = "https://github.com/cryptiumlabs/signatory" } +signatory-ledger-cosval = { git = "https://github.com/cryptiumlabs/signatory" } + [dev-dependencies] tempfile = "3" rand = "0.6" [features] -default = ["softsign", "yubihsm"] +default = ["softsign"] +ledger = ["signatory-ledger-cosval"] softsign = [] yubihsm = ["signatory-yubihsm/usb"] # USB only for now yubihsm-mock = ["yubihsm", "signatory-yubihsm/mockhsm"] diff --git a/src/config/provider/ledger.rs b/src/config/provider/ledger.rs new file mode 100644 index 0000000..bb52e2c --- /dev/null +++ b/src/config/provider/ledger.rs @@ -0,0 +1,7 @@ +//! Configuration for ledger-backed signer + +/// Ledger signer configuration +#[derive(Clone, Deserialize, Debug)] +pub struct LedgerConfig { + pub active: bool, +} diff --git a/src/config/provider/mod.rs b/src/config/provider/mod.rs index dbf577a..97bb320 100644 --- a/src/config/provider/mod.rs +++ b/src/config/provider/mod.rs @@ -2,11 +2,15 @@ pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; +#[cfg(feature = "ledger")] +pub mod ledger; #[cfg(feature = "softsign")] use self::softsign::SoftSignConfig; #[cfg(feature = "yubihsm")] use self::yubihsm::YubihsmConfig; +#[cfg(feature = "ledger")] +use self::ledger::LedgerConfig; /// Provider configuration #[derive(Clone, Deserialize, Debug)] @@ -20,4 +24,8 @@ pub struct ProviderConfig { #[cfg(feature = "yubihsm")] #[serde(default)] pub yubihsm: Vec, + + #[cfg(feature = "ledger")] + #[serde(default)] + pub ledger: Vec, } diff --git a/src/keyring/ed25519/ledger.rs b/src/keyring/ed25519/ledger.rs new file mode 100644 index 0000000..52f1fe2 --- /dev/null +++ b/src/keyring/ed25519/ledger.rs @@ -0,0 +1,28 @@ +//! Ledger-based signer + +use signatory::PublicKeyed; +use signatory_ledger_cosval::Ed25519CosmosAppSigner; + +use crate::{ + config::provider::ledger::LedgerConfig, + error::KmsError, + keyring::{ed25519::Signer, KeyRing}, +}; + +/// Label for ed25519-dalek provider +// TODO: use a non-string type for these, e.g. an enum +pub const LEDGER_PROVIDER_LABEL: &str = "ledger"; + +// TODO: Maybe make this depend on the app. This may not matter since the Ledger doesn't hold multiple keys. Could work with HD deriv path. +pub const LEDGER_ID: &str = "1"; + +/// Create hardware-backed YubiHSM signer objects from the given configuration +pub fn init(keyring: &mut KeyRing, _ledger_configs: &[LedgerConfig]) -> Result<(), KmsError> { + // TODO: Maybe use the active field from the config. + let provider = Ed25519CosmosAppSigner::connect().unwrap(); + keyring.add( + provider.public_key().unwrap(), + Signer::new(LEDGER_PROVIDER_LABEL, LEDGER_ID.to_owned(), Box::new(provider)), + )?; + Ok(()) +} \ No newline at end of file diff --git a/src/keyring/ed25519/mod.rs b/src/keyring/ed25519/mod.rs index 77859d1..bf3f611 100644 --- a/src/keyring/ed25519/mod.rs +++ b/src/keyring/ed25519/mod.rs @@ -5,5 +5,7 @@ mod signer; pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; +#[cfg(feature = "ledger")] +pub mod ledger; pub use self::signer::Signer; diff --git a/src/keyring/mod.rs b/src/keyring/mod.rs index 5bd4286..b759a7a 100644 --- a/src/keyring/mod.rs +++ b/src/keyring/mod.rs @@ -14,6 +14,8 @@ use crate::{ #[cfg(feature = "yubihsm")] use self::ed25519::yubihsm; +#[cfg(feature = "ledger")] +use self::ed25519::ledger; use self::ed25519::{softsign, Signer}; /// File encoding for software-backed secret keys @@ -42,6 +44,9 @@ impl KeyRing { #[cfg(feature = "yubihsm")] yubihsm::init(&mut keyring, &config.yubihsm)?; + #[cfg(feature = "ledger")] + ledger::init(&mut keyring, &config.ledger)?; + if keyring.0.is_empty() { fail!(ConfigError, "no signing keys configured!") } else { @@ -106,6 +111,7 @@ impl KeyRing { } } }; + debug!("Successfully got signer and now trying to sign message"); signer.sign(msg) } diff --git a/src/ledger.rs b/src/ledger.rs new file mode 100644 index 0000000..d10c031 --- /dev/null +++ b/src/ledger.rs @@ -0,0 +1,15 @@ +use std::sync::Mutex; + +use signatory_ledger_cosval::Ed25519CosmosAppSigner; + +lazy_static! { + static ref HSM_CLIENT: Mutex = Mutex::new(create_hsm_client()); +} + +// pub fn get_hsm_client() -> MutexGuard<'static, Ed25519CosmosAppSigner> { +// HSM_CLIENT.lock().unwrap() +// } + +fn create_hsm_client() -> Ed25519CosmosAppSigner { + Ed25519CosmosAppSigner::connect().unwrap() +} \ No newline at end of file diff --git a/src/lib.rs b/src/lib.rs index 7fe3e4d..baa248c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -33,6 +33,8 @@ extern crate signatory_dalek; extern crate signatory_yubihsm; extern crate subtle_encoding; extern crate tendermint; +#[cfg(feature = "ledger")] +extern crate signatory_ledger_cosval; #[macro_use] mod error; @@ -47,6 +49,8 @@ mod session; mod unix_connection; #[cfg(feature = "yubihsm")] mod yubihsm; +#[cfg(feature = "ledger")] +mod ledger; pub use crate::application::KmsApplication; pub use crate::unix_connection::UnixConnection; diff --git a/src/rpc.rs b/src/rpc.rs index d44b9a5..18db0fa 100644 --- a/src/rpc.rs +++ b/src/rpc.rs @@ -90,12 +90,8 @@ impl Request { let rem = buff.get_ref()[..total_len].to_vec(); match amino_pre { ref vt if *vt == *VOTE_PREFIX => Ok(Request::SignVote(SignVoteRequest::decode(&rem)?)), - ref pr if *pr == *PROPOSAL_PREFIX => { - Ok(Request::SignProposal(SignProposalRequest::decode(&rem)?)) - } - ref pubk if *pubk == *PUBKEY_PREFIX => { - Ok(Request::ShowPublicKey(PubKeyRequest::decode(&rem)?)) - } + ref pr if *pr == *PROPOSAL_PREFIX => Ok(Request::SignProposal(SignProposalRequest::decode(&rem)?)), + ref pubk if *pubk == *PUBKEY_PREFIX => Ok(Request::ShowPublicKey(PubKeyRequest::decode(&rem)?)), ref ping if *ping == *PING_PREFIX => Ok(Request::ReplyPing(PingRequest::decode(&rem)?)), _ => Err(Error::new( ErrorKind::InvalidData, diff --git a/src/session.rs b/src/session.rs index fabd0cf..eb4933e 100644 --- a/src/session.rs +++ b/src/session.rs @@ -95,11 +95,23 @@ where } debug!("started handling request ... "); let response = match Request::read(&mut self.connection)? { - Request::SignProposal(req) => self.sign(req)?, - Request::SignVote(req) => self.sign(req)?, + Request::SignProposal(req) => { + debug!("got sign proposal request"); + self.sign(req)? + }, + Request::SignVote(req) => { + debug!("got sign vote request"); + self.sign(req)? + }, // non-signable requests: - Request::ReplyPing(ref req) => self.reply_ping(req), - Request::ShowPublicKey(ref req) => self.get_public_key(req)?, + Request::ReplyPing(ref req) => { + debug!("got ping request"); + self.reply_ping(req) + }, + Request::ShowPublicKey(ref req) => { + debug!("got pubkey request"); + self.get_public_key(req)? + } }; let mut buf = vec![]; @@ -118,10 +130,12 @@ where /// Perform a digital signature operation fn sign(&mut self, mut request: T) -> Result { + debug!("got sign request"); request.validate()?; let mut to_sign = vec![]; request.sign_bytes(self.chain_id, &mut to_sign)?; + debug!("sign_bytes for request: {:?}", to_sign); // TODO(ismail): figure out which key to use here instead of taking the only key // from keyring here: @@ -140,6 +154,7 @@ where /// Get the public key for (the only) public key in the keyring fn get_public_key(&mut self, _request: &PubKeyRequest) -> Result { + debug!("get_public_key request"); let pubkey = KeyRing::default_pubkey()?; let pubkey_bytes = pubkey.as_bytes(); From f38e57073ea31b46d2a87574e8d61aa567647f7d Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Thu, 14 Feb 2019 21:43:31 +0100 Subject: [PATCH 2/9] Run 'cargo fmt' --- src/config/provider/mod.rs | 8 ++++---- src/keyring/ed25519/ledger.rs | 8 ++++++-- src/keyring/ed25519/mod.rs | 4 ++-- src/keyring/mod.rs | 4 ++-- src/ledger.rs | 2 +- src/lib.rs | 8 ++++---- src/rpc.rs | 8 ++++++-- src/session.rs | 6 +++--- 8 files changed, 28 insertions(+), 20 deletions(-) diff --git a/src/config/provider/mod.rs b/src/config/provider/mod.rs index 97bb320..00b1b62 100644 --- a/src/config/provider/mod.rs +++ b/src/config/provider/mod.rs @@ -1,16 +1,16 @@ +#[cfg(feature = "ledger")] +pub mod ledger; #[cfg(feature = "softsign")] pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; -#[cfg(feature = "ledger")] -pub mod ledger; +#[cfg(feature = "ledger")] +use self::ledger::LedgerConfig; #[cfg(feature = "softsign")] use self::softsign::SoftSignConfig; #[cfg(feature = "yubihsm")] use self::yubihsm::YubihsmConfig; -#[cfg(feature = "ledger")] -use self::ledger::LedgerConfig; /// Provider configuration #[derive(Clone, Deserialize, Debug)] diff --git a/src/keyring/ed25519/ledger.rs b/src/keyring/ed25519/ledger.rs index 52f1fe2..e4597b4 100644 --- a/src/keyring/ed25519/ledger.rs +++ b/src/keyring/ed25519/ledger.rs @@ -22,7 +22,11 @@ pub fn init(keyring: &mut KeyRing, _ledger_configs: &[LedgerConfig]) -> Result<( let provider = Ed25519CosmosAppSigner::connect().unwrap(); keyring.add( provider.public_key().unwrap(), - Signer::new(LEDGER_PROVIDER_LABEL, LEDGER_ID.to_owned(), Box::new(provider)), + Signer::new( + LEDGER_PROVIDER_LABEL, + LEDGER_ID.to_owned(), + Box::new(provider), + ), )?; Ok(()) -} \ No newline at end of file +} diff --git a/src/keyring/ed25519/mod.rs b/src/keyring/ed25519/mod.rs index bf3f611..666de20 100644 --- a/src/keyring/ed25519/mod.rs +++ b/src/keyring/ed25519/mod.rs @@ -1,11 +1,11 @@ pub use signatory::ed25519::{PublicKey, Seed, PUBLIC_KEY_SIZE}; +#[cfg(feature = "ledger")] +pub mod ledger; mod signer; #[cfg(feature = "softsign")] pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; -#[cfg(feature = "ledger")] -pub mod ledger; pub use self::signer::Signer; diff --git a/src/keyring/mod.rs b/src/keyring/mod.rs index b759a7a..5bfea60 100644 --- a/src/keyring/mod.rs +++ b/src/keyring/mod.rs @@ -12,10 +12,10 @@ use crate::{ error::{KmsError, KmsErrorKind::*}, }; -#[cfg(feature = "yubihsm")] -use self::ed25519::yubihsm; #[cfg(feature = "ledger")] use self::ed25519::ledger; +#[cfg(feature = "yubihsm")] +use self::ed25519::yubihsm; use self::ed25519::{softsign, Signer}; /// File encoding for software-backed secret keys diff --git a/src/ledger.rs b/src/ledger.rs index d10c031..104b5fc 100644 --- a/src/ledger.rs +++ b/src/ledger.rs @@ -12,4 +12,4 @@ lazy_static! { fn create_hsm_client() -> Ed25519CosmosAppSigner { Ed25519CosmosAppSigner::connect().unwrap() -} \ No newline at end of file +} diff --git a/src/lib.rs b/src/lib.rs index baa248c..4b4da89 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -29,12 +29,12 @@ extern crate sha2; extern crate signal_hook; extern crate signatory; extern crate signatory_dalek; +#[cfg(feature = "ledger")] +extern crate signatory_ledger_cosval; #[cfg(feature = "yubihsm")] extern crate signatory_yubihsm; extern crate subtle_encoding; extern crate tendermint; -#[cfg(feature = "ledger")] -extern crate signatory_ledger_cosval; #[macro_use] mod error; @@ -44,13 +44,13 @@ mod client; mod commands; mod config; mod keyring; +#[cfg(feature = "ledger")] +mod ledger; mod rpc; mod session; mod unix_connection; #[cfg(feature = "yubihsm")] mod yubihsm; -#[cfg(feature = "ledger")] -mod ledger; pub use crate::application::KmsApplication; pub use crate::unix_connection::UnixConnection; diff --git a/src/rpc.rs b/src/rpc.rs index 18db0fa..d44b9a5 100644 --- a/src/rpc.rs +++ b/src/rpc.rs @@ -90,8 +90,12 @@ impl Request { let rem = buff.get_ref()[..total_len].to_vec(); match amino_pre { ref vt if *vt == *VOTE_PREFIX => Ok(Request::SignVote(SignVoteRequest::decode(&rem)?)), - ref pr if *pr == *PROPOSAL_PREFIX => Ok(Request::SignProposal(SignProposalRequest::decode(&rem)?)), - ref pubk if *pubk == *PUBKEY_PREFIX => Ok(Request::ShowPublicKey(PubKeyRequest::decode(&rem)?)), + ref pr if *pr == *PROPOSAL_PREFIX => { + Ok(Request::SignProposal(SignProposalRequest::decode(&rem)?)) + } + ref pubk if *pubk == *PUBKEY_PREFIX => { + Ok(Request::ShowPublicKey(PubKeyRequest::decode(&rem)?)) + } ref ping if *ping == *PING_PREFIX => Ok(Request::ReplyPing(PingRequest::decode(&rem)?)), _ => Err(Error::new( ErrorKind::InvalidData, diff --git a/src/session.rs b/src/session.rs index eb4933e..c43827e 100644 --- a/src/session.rs +++ b/src/session.rs @@ -98,16 +98,16 @@ where Request::SignProposal(req) => { debug!("got sign proposal request"); self.sign(req)? - }, + } Request::SignVote(req) => { debug!("got sign vote request"); self.sign(req)? - }, + } // non-signable requests: Request::ReplyPing(ref req) => { debug!("got ping request"); self.reply_ping(req) - }, + } Request::ShowPublicKey(ref req) => { debug!("got pubkey request"); self.get_public_key(req)? From 75bdb0b5dd0313e55c273adcf29d6f733ea324c3 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Thu, 14 Feb 2019 22:08:59 +0100 Subject: [PATCH 3/9] Exclude ledger from test harness --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1cfcfbe..5ccd4ee 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,7 +41,7 @@ jobs: command: | rustc --version cargo --version - cargo test --all --all-features + cargo test --all --features "default softsign yubihsm yubihsm-mock" - run: name: audit command: | From 9caeec21e105ee4913b93172d32bc38111c30239 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Fri, 15 Feb 2019 12:10:53 +0100 Subject: [PATCH 4/9] Remove incorrect comment --- src/keyring/ed25519/ledger.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/keyring/ed25519/ledger.rs b/src/keyring/ed25519/ledger.rs index e4597b4..f1916ac 100644 --- a/src/keyring/ed25519/ledger.rs +++ b/src/keyring/ed25519/ledger.rs @@ -16,7 +16,7 @@ pub const LEDGER_PROVIDER_LABEL: &str = "ledger"; // TODO: Maybe make this depend on the app. This may not matter since the Ledger doesn't hold multiple keys. Could work with HD deriv path. pub const LEDGER_ID: &str = "1"; -/// Create hardware-backed YubiHSM signer objects from the given configuration +/// Create hardware-backed Ledger signer object from the given configuration pub fn init(keyring: &mut KeyRing, _ledger_configs: &[LedgerConfig]) -> Result<(), KmsError> { // TODO: Maybe use the active field from the config. let provider = Ed25519CosmosAppSigner::connect().unwrap(); From 7f0e046645173ea2a0f707fc8b263d7dab4a47b5 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Fri, 15 Feb 2019 14:30:17 +0100 Subject: [PATCH 5/9] Update to latest dependencies --- Cargo.lock | 50 +++++++++++++++++------------------ Cargo.toml | 12 ++++----- src/keyring/ed25519/ledger.rs | 4 +-- src/ledger.rs | 8 +++--- src/lib.rs | 2 +- 5 files changed, 38 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cefc6ca..e0b01ac 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -432,7 +432,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] name = "ledger" -version = "0.1.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", @@ -445,13 +445,13 @@ dependencies = [ ] [[package]] -name = "ledger-cosmos" -version = "0.2.1" +name = "ledger-tendermint" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", - "ledger 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", + "ledger 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "matches 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)", "quick-error 1.2.2 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -823,7 +823,7 @@ dependencies = [ [[package]] name = "signatory" version = "0.11.0" -source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" +source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" dependencies = [ "digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "generic-array 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -836,31 +836,31 @@ dependencies = [ [[package]] name = "signatory-dalek" version = "0.11.0" -source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" +source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" dependencies = [ "digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "ed25519-dalek 1.0.0-pre.1 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", ] [[package]] -name = "signatory-ledger-cosval" +name = "signatory-ledger-tm" version = "0.11.0" -source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" +source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" dependencies = [ "lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", - "ledger-cosmos 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", + "ledger-tendermint 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", ] [[package]] name = "signatory-yubihsm" version = "0.11.0" -source = "git+https://github.com/cryptiumlabs/signatory#7701c96db6ced0f3a67fa644411069d077f27a70" +source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" dependencies = [ - "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", "yubihsm 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -970,8 +970,8 @@ dependencies = [ "serde 1.0.87 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.87 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", - "signatory-dalek 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory-dalek 0.11.0 (git+https://github.com/tendermint/signatory.git)", "subtle-encoding 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "tai64 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "x25519-dalek 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1017,10 +1017,10 @@ dependencies = [ "serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "signal-hook 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", - "signatory-dalek 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", - "signatory-ledger-cosval 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", - "signatory-yubihsm 0.11.0 (git+https://github.com/cryptiumlabs/signatory)", + "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory-dalek 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory-ledger-tm 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory-yubihsm 0.11.0 (git+https://github.com/tendermint/signatory.git)", "subtle-encoding 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "tempfile 3.0.6 (registry+https://github.com/rust-lang/crates.io-index)", "tendermint 0.2.0", @@ -1192,8 +1192,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum itertools 0.7.11 (registry+https://github.com/rust-lang/crates.io-index)" = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" "checksum itoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "1306f3464951f30e30d12373d31c79fbd52d236e5e896fd92f96ec7babbbe60b" "checksum lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a374c89b9db55895453a74c1e38861d9deec0b01b405a82516e9d5de4820dea1" -"checksum ledger 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "d46d0365bcf882794107dca9fb955eaf04475b5a6b5e502acfd9afc15dba6a42" -"checksum ledger-cosmos 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "ed0b81649df987dc5b8f1e3a446a9567c8fda003f424ad4ebfe6754a0fd8c43c" +"checksum ledger 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "efbe806baa1f132478c8428aa17da59092b7a73abab0a11b835d4d0dc0b45bc7" +"checksum ledger-tendermint 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "896b75694fcdeefd516962757d53134e53c4dd0d89694321697913bc89a5f604" "checksum libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)" = "e962c7641008ac010fa60a7dfdc1712449f29c44ef2d4702394aea943ee75047" "checksum libusb 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5f990ddd929cbe53de4ecd6cf26e1f4e0c5b9796e4c629d9046570b03738aa53" "checksum libusb-sys 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "4c53b6582563d64ad3e692f54ef95239c3ea8069e82c9eb70ca948869a7ad767" @@ -1237,10 +1237,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum sha2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9eb6be24e4c23a84d7184280d2722f7f2731fcdd4a9d886efbfe4413e4847ea0" "checksum sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7b4d8bfd0e469f417657573d8451fb33d16cfe0989359b93baf3a1ffc639543d" "checksum signal-hook 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "1f272d1b7586bec132ed427f532dd418d8beca1ca7f2caf7df35569b1415a4b4" -"checksum signatory 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" -"checksum signatory-dalek 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" -"checksum signatory-ledger-cosval 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" -"checksum signatory-yubihsm 0.11.0 (git+https://github.com/cryptiumlabs/signatory)" = "" +"checksum signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" +"checksum signatory-dalek 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" +"checksum signatory-ledger-tm 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" +"checksum signatory-yubihsm 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" "checksum simplelog 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2e95345f185d5adeb8ec93459d2dc99654e294cc6ccf5b75414d8ea262de9a13" "checksum spin 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "44363f6f51401c34e7be73db0db371c04705d35efbe9f7d6082e03a921a32c55" "checksum subtle 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" diff --git a/Cargo.toml b/Cargo.toml index f5761b3..6fe00de 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,15 +35,15 @@ signal-hook = "0.1.7" signatory = { version = "0.11", features = ["ed25519"] } signatory-dalek = "0.11" signatory-yubihsm = { version = "0.11", optional = true } -signatory-ledger-cosval = { version = "0.11", optional = true } +signatory-ledger-tm = { version = "0.11", optional = true } subtle-encoding = "0.3" tendermint = { version = "0.2", path = "tendermint-rs" } [patch.crates-io] -signatory = { git = "https://github.com/cryptiumlabs/signatory" } -signatory-dalek = { git = "https://github.com/cryptiumlabs/signatory" } -signatory-yubihsm = { git = "https://github.com/cryptiumlabs/signatory" } -signatory-ledger-cosval = { git = "https://github.com/cryptiumlabs/signatory" } +signatory = { git = "https://github.com/tendermint/signatory.git" } +signatory-dalek = { git = "https://github.com/tendermint/signatory.git" } +signatory-yubihsm = { git = "https://github.com/tendermint/signatory.git" } +signatory-ledger-tm = { git = "https://github.com/tendermint/signatory.git" } [dev-dependencies] tempfile = "3" @@ -51,7 +51,7 @@ rand = "0.6" [features] default = ["softsign"] -ledger = ["signatory-ledger-cosval"] +ledger = ["signatory-ledger-tm"] softsign = [] yubihsm = ["signatory-yubihsm/usb"] # USB only for now yubihsm-mock = ["yubihsm", "signatory-yubihsm/mockhsm"] diff --git a/src/keyring/ed25519/ledger.rs b/src/keyring/ed25519/ledger.rs index f1916ac..a82e911 100644 --- a/src/keyring/ed25519/ledger.rs +++ b/src/keyring/ed25519/ledger.rs @@ -1,7 +1,7 @@ //! Ledger-based signer use signatory::PublicKeyed; -use signatory_ledger_cosval::Ed25519CosmosAppSigner; +use signatory_ledger_tm::Ed25519LedgerTmAppSigner; use crate::{ config::provider::ledger::LedgerConfig, @@ -19,7 +19,7 @@ pub const LEDGER_ID: &str = "1"; /// Create hardware-backed Ledger signer object from the given configuration pub fn init(keyring: &mut KeyRing, _ledger_configs: &[LedgerConfig]) -> Result<(), KmsError> { // TODO: Maybe use the active field from the config. - let provider = Ed25519CosmosAppSigner::connect().unwrap(); + let provider = Ed25519LedgerTmAppSigner::connect().unwrap(); keyring.add( provider.public_key().unwrap(), Signer::new( diff --git a/src/ledger.rs b/src/ledger.rs index 104b5fc..42bd496 100644 --- a/src/ledger.rs +++ b/src/ledger.rs @@ -1,15 +1,15 @@ use std::sync::Mutex; -use signatory_ledger_cosval::Ed25519CosmosAppSigner; +use signatory_ledger_tm::Ed25519LedgerTmAppSigner; lazy_static! { - static ref HSM_CLIENT: Mutex = Mutex::new(create_hsm_client()); + static ref HSM_CLIENT: Mutex = Mutex::new(create_hsm_client()); } // pub fn get_hsm_client() -> MutexGuard<'static, Ed25519CosmosAppSigner> { // HSM_CLIENT.lock().unwrap() // } -fn create_hsm_client() -> Ed25519CosmosAppSigner { - Ed25519CosmosAppSigner::connect().unwrap() +fn create_hsm_client() -> Ed25519LedgerTmAppSigner { + Ed25519LedgerTmAppSigner::connect().unwrap() } diff --git a/src/lib.rs b/src/lib.rs index 4b4da89..d0acc57 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -30,7 +30,7 @@ extern crate signal_hook; extern crate signatory; extern crate signatory_dalek; #[cfg(feature = "ledger")] -extern crate signatory_ledger_cosval; +extern crate signatory_ledger_tm; #[cfg(feature = "yubihsm")] extern crate signatory_yubihsm; extern crate subtle_encoding; From 99b5b271bce68e58ecbf02449eb131f66a789713 Mon Sep 17 00:00:00 2001 From: Juan Leni Date: Fri, 15 Feb 2019 12:44:23 +0100 Subject: [PATCH 6/9] Refactoring and adjusting to new ledger-tm library + Adding a basic command line --- .circleci/config.yml | 2 +- .gitignore | 2 ++ Cargo.lock | 2 -- Cargo.toml | 2 +- src/commands/ledgertm/detect.rs | 16 +++++++++++++++ src/commands/ledgertm/help.rs | 17 ++++++++++++++++ src/commands/ledgertm/mod.rs | 35 +++++++++++++++++++++++++++++++++ src/commands/mod.rs | 13 +++++++++++- src/config/provider/ledger.rs | 7 ------- src/config/provider/ledgertm.rs | 5 +++++ src/config/provider/mod.rs | 13 ++++++------ src/keyring/ed25519/ledger.rs | 32 ------------------------------ src/keyring/ed25519/ledgertm.rs | 22 +++++++++++++++++++++ src/keyring/ed25519/mod.rs | 4 ++-- src/keyring/mod.rs | 11 +++++------ src/{ledger.rs => ledgertm.rs} | 8 ++------ src/lib.rs | 12 +++++------ src/session.rs | 23 ++++------------------ tmkms.toml.example | 2 ++ 19 files changed, 139 insertions(+), 89 deletions(-) create mode 100644 src/commands/ledgertm/detect.rs create mode 100644 src/commands/ledgertm/help.rs create mode 100644 src/commands/ledgertm/mod.rs delete mode 100644 src/config/provider/ledger.rs create mode 100644 src/config/provider/ledgertm.rs delete mode 100644 src/keyring/ed25519/ledger.rs create mode 100644 src/keyring/ed25519/ledgertm.rs rename src/{ledger.rs => ledgertm.rs} (71%) diff --git a/.circleci/config.yml b/.circleci/config.yml index 5ccd4ee..1cfcfbe 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,7 +41,7 @@ jobs: command: | rustc --version cargo --version - cargo test --all --features "default softsign yubihsm yubihsm-mock" + cargo test --all --all-features - run: name: audit command: | diff --git a/.gitignore b/.gitignore index 29c953b..f7b95ee 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ tmkms.toml # Ignore VIM swap files *.swp + +\.idea/ diff --git a/Cargo.lock b/Cargo.lock index e0b01ac..82c7927 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,5 +1,3 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. [[package]] name = "abscissa" version = "0.0.6" diff --git a/Cargo.toml b/Cargo.toml index 6fe00de..7ab72bd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -51,10 +51,10 @@ rand = "0.6" [features] default = ["softsign"] -ledger = ["signatory-ledger-tm"] softsign = [] yubihsm = ["signatory-yubihsm/usb"] # USB only for now yubihsm-mock = ["yubihsm", "signatory-yubihsm/mockhsm"] +ledgertm = ["signatory-ledger-tm"] # Enable integer overflow checks in release builds for security reasons [profile.release] diff --git a/src/commands/ledgertm/detect.rs b/src/commands/ledgertm/detect.rs new file mode 100644 index 0000000..91b5470 --- /dev/null +++ b/src/commands/ledgertm/detect.rs @@ -0,0 +1,16 @@ +use abscissa::Callable; + +/// The `ledgertm detect` subcommand +#[derive(Debug, Default, Options)] +pub struct DetectCommand { + /// Print debugging information + #[options(short = "v", long = "verbose")] + pub verbose: bool, +} + +impl Callable for DetectCommand { + /// Detect all Ledger devices running the Tendermint app + fn call(&self) { + println!("This feature will be soon available"); + } +} diff --git a/src/commands/ledgertm/help.rs b/src/commands/ledgertm/help.rs new file mode 100644 index 0000000..804a99b --- /dev/null +++ b/src/commands/ledgertm/help.rs @@ -0,0 +1,17 @@ +use abscissa::{Callable, Command}; + +use super::LedgertmCommand; + +/// The `ledgertm help` subcommand +#[derive(Debug, Default, Options)] +pub struct HelpCommand { + #[options(free)] + pub args: Vec, +} + +impl Callable for HelpCommand { + /// Print help for the `ledgertm` subcommand + fn call(&self) { + LedgertmCommand::print_usage(self.args.as_slice()); + } +} diff --git a/src/commands/ledgertm/mod.rs b/src/commands/ledgertm/mod.rs new file mode 100644 index 0000000..7d8c920 --- /dev/null +++ b/src/commands/ledgertm/mod.rs @@ -0,0 +1,35 @@ +//! The KMS `ledgertm` subcommand + +use abscissa::Callable; + +mod detect; +mod help; + +pub use self::{ + detect::DetectCommand, + help::HelpCommand +}; + +/// The `ledgertm` subcommand +#[derive(Debug, Options)] +pub enum LedgertmCommand { + #[options(help = "detect connected Ledger devices running the Tendermint app")] + Detect(DetectCommand), + + #[options(help = "show help for the 'ledgertm' subcommand")] + Help(HelpCommand), +} + +impl_command!(LedgertmCommand); + +impl Callable for LedgertmCommand { + /// Call the given command chosen via the CLI + fn call(&self) { + match self { + LedgertmCommand::Detect(detect) => detect.call(), + LedgertmCommand::Help(help) => help.call(), + } + } +} + +impl LedgertmCommand {} diff --git a/src/commands/mod.rs b/src/commands/mod.rs index e016371..0365cc4 100644 --- a/src/commands/mod.rs +++ b/src/commands/mod.rs @@ -11,9 +11,14 @@ mod start; mod version; #[cfg(feature = "yubihsm")] mod yubihsm; - #[cfg(feature = "yubihsm")] pub use self::yubihsm::YubihsmCommand; + +#[cfg(feature = "ledgertm")] +mod ledgertm; +#[cfg(feature = "ledgertm")] +pub use self::ledgertm::LedgertmCommand; + pub use self::{ help::HelpCommand, keygen::KeygenCommand, start::StartCommand, version::VersionCommand, }; @@ -37,6 +42,10 @@ pub enum KmsCommand { #[cfg(feature = "yubihsm")] #[options(help = "subcommands for YubiHSM2")] Yubihsm(YubihsmCommand), + + #[cfg(feature = "ledgertm")] + #[options(help = "subcommands for Ledger Tendermint app")] + Ledgertm(LedgertmCommand), } // TODO: refactor abscissa internally so this is all part of the proc macro @@ -80,6 +89,8 @@ impl Callable for KmsCommand { KmsCommand::Version(version) => version.call(), #[cfg(feature = "yubihsm")] KmsCommand::Yubihsm(yubihsm) => yubihsm.call(), + #[cfg(feature = "ledgertm")] + KmsCommand::Ledgertm(ledgertm) => ledgertm.call(), } } } diff --git a/src/config/provider/ledger.rs b/src/config/provider/ledger.rs deleted file mode 100644 index bb52e2c..0000000 --- a/src/config/provider/ledger.rs +++ /dev/null @@ -1,7 +0,0 @@ -//! Configuration for ledger-backed signer - -/// Ledger signer configuration -#[derive(Clone, Deserialize, Debug)] -pub struct LedgerConfig { - pub active: bool, -} diff --git a/src/config/provider/ledgertm.rs b/src/config/provider/ledgertm.rs new file mode 100644 index 0000000..fbe5fab --- /dev/null +++ b/src/config/provider/ledgertm.rs @@ -0,0 +1,5 @@ +//! Configuration for Ledger Tendermint signer + +/// Ledger Tendermint signer configuration +#[derive(Clone, Deserialize, Debug)] +pub struct LedgerTendermintConfig {} diff --git a/src/config/provider/mod.rs b/src/config/provider/mod.rs index 00b1b62..a4aff89 100644 --- a/src/config/provider/mod.rs +++ b/src/config/provider/mod.rs @@ -1,16 +1,16 @@ -#[cfg(feature = "ledger")] -pub mod ledger; #[cfg(feature = "softsign")] pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; +#[cfg(feature = "ledgertm")] +pub mod ledgertm; -#[cfg(feature = "ledger")] -use self::ledger::LedgerConfig; #[cfg(feature = "softsign")] use self::softsign::SoftSignConfig; #[cfg(feature = "yubihsm")] use self::yubihsm::YubihsmConfig; +#[cfg(feature = "ledgertm")] +use self::ledgertm::LedgerTendermintConfig; /// Provider configuration #[derive(Clone, Deserialize, Debug)] @@ -25,7 +25,8 @@ pub struct ProviderConfig { #[serde(default)] pub yubihsm: Vec, - #[cfg(feature = "ledger")] + /// Map of ledger-tm labels to their configurations + #[cfg(feature = "ledgertm")] #[serde(default)] - pub ledger: Vec, + pub ledgertm: Vec, } diff --git a/src/keyring/ed25519/ledger.rs b/src/keyring/ed25519/ledger.rs deleted file mode 100644 index a82e911..0000000 --- a/src/keyring/ed25519/ledger.rs +++ /dev/null @@ -1,32 +0,0 @@ -//! Ledger-based signer - -use signatory::PublicKeyed; -use signatory_ledger_tm::Ed25519LedgerTmAppSigner; - -use crate::{ - config::provider::ledger::LedgerConfig, - error::KmsError, - keyring::{ed25519::Signer, KeyRing}, -}; - -/// Label for ed25519-dalek provider -// TODO: use a non-string type for these, e.g. an enum -pub const LEDGER_PROVIDER_LABEL: &str = "ledger"; - -// TODO: Maybe make this depend on the app. This may not matter since the Ledger doesn't hold multiple keys. Could work with HD deriv path. -pub const LEDGER_ID: &str = "1"; - -/// Create hardware-backed Ledger signer object from the given configuration -pub fn init(keyring: &mut KeyRing, _ledger_configs: &[LedgerConfig]) -> Result<(), KmsError> { - // TODO: Maybe use the active field from the config. - let provider = Ed25519LedgerTmAppSigner::connect().unwrap(); - keyring.add( - provider.public_key().unwrap(), - Signer::new( - LEDGER_PROVIDER_LABEL, - LEDGER_ID.to_owned(), - Box::new(provider), - ), - )?; - Ok(()) -} diff --git a/src/keyring/ed25519/ledgertm.rs b/src/keyring/ed25519/ledgertm.rs new file mode 100644 index 0000000..68fc97d --- /dev/null +++ b/src/keyring/ed25519/ledgertm.rs @@ -0,0 +1,22 @@ +//! Ledger Tendermint signer + +use signatory::PublicKeyed; +use signatory_ledger_tm::{self, Ed25519LedgerTmAppSigner}; + +use crate::{ + error::KmsError, + config::provider::ledgertm::LedgerTendermintConfig, + keyring::{ed25519::Signer, KeyRing}, +}; + +pub const LEDGER_TM_PROVIDER_LABEL: &str = "ledgertm"; +pub const LEDGER_TM_ID: &str = "ledgertm"; + +/// Create Ledger Tendermint signer object from the given configuration +pub fn init(keyring: &mut KeyRing, _config: &[LedgerTendermintConfig]) -> Result<(), KmsError> { + let provider = Box::new(Ed25519LedgerTmAppSigner::connect()?); + let pk = provider.public_key()?; + let signer = Signer::new(LEDGER_TM_PROVIDER_LABEL, LEDGER_TM_ID.to_string(), provider); + keyring.add(pk, signer)?; + Ok(()) +} diff --git a/src/keyring/ed25519/mod.rs b/src/keyring/ed25519/mod.rs index 666de20..48064f7 100644 --- a/src/keyring/ed25519/mod.rs +++ b/src/keyring/ed25519/mod.rs @@ -1,11 +1,11 @@ pub use signatory::ed25519::{PublicKey, Seed, PUBLIC_KEY_SIZE}; -#[cfg(feature = "ledger")] -pub mod ledger; mod signer; #[cfg(feature = "softsign")] pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; +#[cfg(feature = "ledgertm")] +pub mod ledgertm; pub use self::signer::Signer; diff --git a/src/keyring/mod.rs b/src/keyring/mod.rs index 5bfea60..1b47b89 100644 --- a/src/keyring/mod.rs +++ b/src/keyring/mod.rs @@ -12,11 +12,11 @@ use crate::{ error::{KmsError, KmsErrorKind::*}, }; -#[cfg(feature = "ledger")] -use self::ed25519::ledger; +use self::ed25519::{softsign, Signer}; #[cfg(feature = "yubihsm")] use self::ed25519::yubihsm; -use self::ed25519::{softsign, Signer}; +#[cfg(feature = "ledgertm")] +use self::ed25519::ledgertm; /// File encoding for software-backed secret keys pub type SecretKeyEncoding = subtle_encoding::Base64; @@ -44,8 +44,8 @@ impl KeyRing { #[cfg(feature = "yubihsm")] yubihsm::init(&mut keyring, &config.yubihsm)?; - #[cfg(feature = "ledger")] - ledger::init(&mut keyring, &config.ledger)?; + #[cfg(feature = "ledgertm")] + ledgertm::init(&mut keyring, &config.ledgertm)?; if keyring.0.is_empty() { fail!(ConfigError, "no signing keys configured!") @@ -111,7 +111,6 @@ impl KeyRing { } } }; - debug!("Successfully got signer and now trying to sign message"); signer.sign(msg) } diff --git a/src/ledger.rs b/src/ledgertm.rs similarity index 71% rename from src/ledger.rs rename to src/ledgertm.rs index 42bd496..b28df55 100644 --- a/src/ledger.rs +++ b/src/ledgertm.rs @@ -1,15 +1,11 @@ -use std::sync::Mutex; - use signatory_ledger_tm::Ed25519LedgerTmAppSigner; +use std::sync::Mutex; +// This instance is only used by CLI commands or tests lazy_static! { static ref HSM_CLIENT: Mutex = Mutex::new(create_hsm_client()); } -// pub fn get_hsm_client() -> MutexGuard<'static, Ed25519CosmosAppSigner> { -// HSM_CLIENT.lock().unwrap() -// } - fn create_hsm_client() -> Ed25519LedgerTmAppSigner { Ed25519LedgerTmAppSigner::connect().unwrap() } diff --git a/src/lib.rs b/src/lib.rs index d0acc57..7bd368b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -27,14 +27,14 @@ extern crate serde_derive; extern crate serde_json; extern crate sha2; extern crate signal_hook; +extern crate subtle_encoding; +extern crate tendermint; extern crate signatory; extern crate signatory_dalek; -#[cfg(feature = "ledger")] -extern crate signatory_ledger_tm; #[cfg(feature = "yubihsm")] extern crate signatory_yubihsm; -extern crate subtle_encoding; -extern crate tendermint; +#[cfg(feature = "ledgertm")] +extern crate signatory_ledger_tm; #[macro_use] mod error; @@ -44,13 +44,13 @@ mod client; mod commands; mod config; mod keyring; -#[cfg(feature = "ledger")] -mod ledger; mod rpc; mod session; mod unix_connection; #[cfg(feature = "yubihsm")] mod yubihsm; +#[cfg(feature = "ledgertm")] +mod ledgertm; pub use crate::application::KmsApplication; pub use crate::unix_connection::UnixConnection; diff --git a/src/session.rs b/src/session.rs index c43827e..fabd0cf 100644 --- a/src/session.rs +++ b/src/session.rs @@ -95,23 +95,11 @@ where } debug!("started handling request ... "); let response = match Request::read(&mut self.connection)? { - Request::SignProposal(req) => { - debug!("got sign proposal request"); - self.sign(req)? - } - Request::SignVote(req) => { - debug!("got sign vote request"); - self.sign(req)? - } + Request::SignProposal(req) => self.sign(req)?, + Request::SignVote(req) => self.sign(req)?, // non-signable requests: - Request::ReplyPing(ref req) => { - debug!("got ping request"); - self.reply_ping(req) - } - Request::ShowPublicKey(ref req) => { - debug!("got pubkey request"); - self.get_public_key(req)? - } + Request::ReplyPing(ref req) => self.reply_ping(req), + Request::ShowPublicKey(ref req) => self.get_public_key(req)?, }; let mut buf = vec![]; @@ -130,12 +118,10 @@ where /// Perform a digital signature operation fn sign(&mut self, mut request: T) -> Result { - debug!("got sign request"); request.validate()?; let mut to_sign = vec![]; request.sign_bytes(self.chain_id, &mut to_sign)?; - debug!("sign_bytes for request: {:?}", to_sign); // TODO(ismail): figure out which key to use here instead of taking the only key // from keyring here: @@ -154,7 +140,6 @@ where /// Get the public key for (the only) public key in the keyring fn get_public_key(&mut self, _request: &PubKeyRequest) -> Result { - debug!("get_public_key request"); let pubkey = KeyRing::default_pubkey()?; let pubkey_bytes = pubkey.as_bytes(); diff --git a/tmkms.toml.example b/tmkms.toml.example index 275c73f..c12656b 100644 --- a/tmkms.toml.example +++ b/tmkms.toml.example @@ -17,3 +17,5 @@ adapter = { type = "usb" } auth = { key = 1, password = "password" } # Default YubiHSM admin credentials. Change ASAP! keys = [{ id = "gaia-9000", key = 1 }] #serial_number = "0123456789" # identify serial number of a specific YubiHSM to connect to + +[[providers.ledgertm]] From 47289c0f351cbdf9fb85e508a5b1fd52b5996ade Mon Sep 17 00:00:00 2001 From: Juan Leni Date: Fri, 15 Feb 2019 16:55:29 +0100 Subject: [PATCH 7/9] Upgrading creates + fmt fixes --- Cargo.lock | 36 ++++++++++++++++----------------- Cargo.toml | 6 ------ src/commands/ledgertm/mod.rs | 5 +---- src/config/provider/mod.rs | 8 ++++---- src/keyring/ed25519/ledgertm.rs | 2 +- src/keyring/ed25519/mod.rs | 4 ++-- src/keyring/mod.rs | 6 +++--- src/lib.rs | 12 +++++------ tendermint-rs/Cargo.toml | 2 +- 9 files changed, 36 insertions(+), 45 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 82c7927..5071b32 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -821,7 +821,7 @@ dependencies = [ [[package]] name = "signatory" version = "0.11.0" -source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "generic-array 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -834,31 +834,31 @@ dependencies = [ [[package]] name = "signatory-dalek" version = "0.11.0" -source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "digest 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "ed25519-dalek 1.0.0-pre.1 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] name = "signatory-ledger-tm" version = "0.11.0" -source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "lazy_static 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "ledger-tendermint 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.48 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] name = "signatory-yubihsm" version = "0.11.0" -source = "git+https://github.com/tendermint/signatory.git#6784bbfa691d0122fa650db09d0827d5ff53c03a" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ - "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", "yubihsm 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -968,12 +968,12 @@ dependencies = [ "serde 1.0.87 (registry+https://github.com/rust-lang/crates.io-index)", "serde_derive 1.0.87 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", - "signatory-dalek 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory-dalek 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", "subtle-encoding 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "tai64 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "x25519-dalek 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)", - "zeroize 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", + "zeroize 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -1015,10 +1015,10 @@ dependencies = [ "serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)", "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "signal-hook 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", - "signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)", - "signatory-dalek 0.11.0 (git+https://github.com/tendermint/signatory.git)", - "signatory-ledger-tm 0.11.0 (git+https://github.com/tendermint/signatory.git)", - "signatory-yubihsm 0.11.0 (git+https://github.com/tendermint/signatory.git)", + "signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory-dalek 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory-ledger-tm 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signatory-yubihsm 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", "subtle-encoding 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "tempfile 3.0.6 (registry+https://github.com/rust-lang/crates.io-index)", "tendermint 0.2.0", @@ -1235,10 +1235,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum sha2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9eb6be24e4c23a84d7184280d2722f7f2731fcdd4a9d886efbfe4413e4847ea0" "checksum sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7b4d8bfd0e469f417657573d8451fb33d16cfe0989359b93baf3a1ffc639543d" "checksum signal-hook 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "1f272d1b7586bec132ed427f532dd418d8beca1ca7f2caf7df35569b1415a4b4" -"checksum signatory 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" -"checksum signatory-dalek 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" -"checksum signatory-ledger-tm 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" -"checksum signatory-yubihsm 0.11.0 (git+https://github.com/tendermint/signatory.git)" = "" +"checksum signatory 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b2edc08ebe757a7b45352fa63c75c107fb569cc281779b0db0f8d6a384eaddd8" +"checksum signatory-dalek 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9b5ed7678eaeb98cb23e1efdb5e961021b02d3bd9f8bab4d4e30c53ebb3dd50" +"checksum signatory-ledger-tm 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2633f1e0a241347d31f2031b6053506dd72d9c5dedf06fe231526f049e4d1ed" +"checksum signatory-yubihsm 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b494a76142da87e8952f9135ed9a0acf55b93a1b1f504c7a1ab227f84c395ccc" "checksum simplelog 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2e95345f185d5adeb8ec93459d2dc99654e294cc6ccf5b75414d8ea262de9a13" "checksum spin 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "44363f6f51401c34e7be73db0db371c04705d35efbe9f7d6082e03a921a32c55" "checksum subtle 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2d67a5a62ba6e01cb2192ff309324cb4875d0c451d55fe2319433abe7a05a8ee" diff --git a/Cargo.toml b/Cargo.toml index 7ab72bd..f4969c3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -39,12 +39,6 @@ signatory-ledger-tm = { version = "0.11", optional = true } subtle-encoding = "0.3" tendermint = { version = "0.2", path = "tendermint-rs" } -[patch.crates-io] -signatory = { git = "https://github.com/tendermint/signatory.git" } -signatory-dalek = { git = "https://github.com/tendermint/signatory.git" } -signatory-yubihsm = { git = "https://github.com/tendermint/signatory.git" } -signatory-ledger-tm = { git = "https://github.com/tendermint/signatory.git" } - [dev-dependencies] tempfile = "3" rand = "0.6" diff --git a/src/commands/ledgertm/mod.rs b/src/commands/ledgertm/mod.rs index 7d8c920..f4ac789 100644 --- a/src/commands/ledgertm/mod.rs +++ b/src/commands/ledgertm/mod.rs @@ -5,10 +5,7 @@ use abscissa::Callable; mod detect; mod help; -pub use self::{ - detect::DetectCommand, - help::HelpCommand -}; +pub use self::{detect::DetectCommand, help::HelpCommand}; /// The `ledgertm` subcommand #[derive(Debug, Options)] diff --git a/src/config/provider/mod.rs b/src/config/provider/mod.rs index a4aff89..2768556 100644 --- a/src/config/provider/mod.rs +++ b/src/config/provider/mod.rs @@ -1,16 +1,16 @@ +#[cfg(feature = "ledgertm")] +pub mod ledgertm; #[cfg(feature = "softsign")] pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; -#[cfg(feature = "ledgertm")] -pub mod ledgertm; +#[cfg(feature = "ledgertm")] +use self::ledgertm::LedgerTendermintConfig; #[cfg(feature = "softsign")] use self::softsign::SoftSignConfig; #[cfg(feature = "yubihsm")] use self::yubihsm::YubihsmConfig; -#[cfg(feature = "ledgertm")] -use self::ledgertm::LedgerTendermintConfig; /// Provider configuration #[derive(Clone, Deserialize, Debug)] diff --git a/src/keyring/ed25519/ledgertm.rs b/src/keyring/ed25519/ledgertm.rs index 68fc97d..52de011 100644 --- a/src/keyring/ed25519/ledgertm.rs +++ b/src/keyring/ed25519/ledgertm.rs @@ -4,8 +4,8 @@ use signatory::PublicKeyed; use signatory_ledger_tm::{self, Ed25519LedgerTmAppSigner}; use crate::{ - error::KmsError, config::provider::ledgertm::LedgerTendermintConfig, + error::KmsError, keyring::{ed25519::Signer, KeyRing}, }; diff --git a/src/keyring/ed25519/mod.rs b/src/keyring/ed25519/mod.rs index 48064f7..cce1eab 100644 --- a/src/keyring/ed25519/mod.rs +++ b/src/keyring/ed25519/mod.rs @@ -1,11 +1,11 @@ pub use signatory::ed25519::{PublicKey, Seed, PUBLIC_KEY_SIZE}; +#[cfg(feature = "ledgertm")] +pub mod ledgertm; mod signer; #[cfg(feature = "softsign")] pub mod softsign; #[cfg(feature = "yubihsm")] pub mod yubihsm; -#[cfg(feature = "ledgertm")] -pub mod ledgertm; pub use self::signer::Signer; diff --git a/src/keyring/mod.rs b/src/keyring/mod.rs index 1b47b89..c688bea 100644 --- a/src/keyring/mod.rs +++ b/src/keyring/mod.rs @@ -12,11 +12,11 @@ use crate::{ error::{KmsError, KmsErrorKind::*}, }; -use self::ed25519::{softsign, Signer}; -#[cfg(feature = "yubihsm")] -use self::ed25519::yubihsm; #[cfg(feature = "ledgertm")] use self::ed25519::ledgertm; +#[cfg(feature = "yubihsm")] +use self::ed25519::yubihsm; +use self::ed25519::{softsign, Signer}; /// File encoding for software-backed secret keys pub type SecretKeyEncoding = subtle_encoding::Base64; diff --git a/src/lib.rs b/src/lib.rs index 7bd368b..77f6ece 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -27,14 +27,14 @@ extern crate serde_derive; extern crate serde_json; extern crate sha2; extern crate signal_hook; -extern crate subtle_encoding; -extern crate tendermint; extern crate signatory; extern crate signatory_dalek; -#[cfg(feature = "yubihsm")] -extern crate signatory_yubihsm; #[cfg(feature = "ledgertm")] extern crate signatory_ledger_tm; +#[cfg(feature = "yubihsm")] +extern crate signatory_yubihsm; +extern crate subtle_encoding; +extern crate tendermint; #[macro_use] mod error; @@ -44,13 +44,13 @@ mod client; mod commands; mod config; mod keyring; +#[cfg(feature = "ledgertm")] +mod ledgertm; mod rpc; mod session; mod unix_connection; #[cfg(feature = "yubihsm")] mod yubihsm; -#[cfg(feature = "ledgertm")] -mod ledgertm; pub use crate::application::KmsApplication; pub use crate::unix_connection::UnixConnection; diff --git a/tendermint-rs/Cargo.toml b/tendermint-rs/Cargo.toml index 2e39aa0..93d22d6 100644 --- a/tendermint-rs/Cargo.toml +++ b/tendermint-rs/Cargo.toml @@ -46,7 +46,7 @@ sha2 = { version = "0.8", optional = true, default-features = false } subtle-encoding = { version = "0.3", features = ["bech32-preview"] } tai64 = { version = "1", optional = true, features = ["chrono"] } x25519-dalek = { version = "0.4.4", optional = true, default-features = false, features = ["u64_backend"] } -zeroize = { version = "0.4", optional = true } +zeroize = { version = "0.5.2", optional = true } [features] default = ["secret-connection", "serializers", "tai64"] From 76e054c2812a1e3300dc184ab14724974137c80b Mon Sep 17 00:00:00 2001 From: Juan Leni Date: Fri, 15 Feb 2019 17:32:42 +0100 Subject: [PATCH 8/9] Disabling ledgertm tests until a ledgermock is available --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1cfcfbe..5ccd4ee 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -41,7 +41,7 @@ jobs: command: | rustc --version cargo --version - cargo test --all --all-features + cargo test --all --features "default softsign yubihsm yubihsm-mock" - run: name: audit command: | From 562109d53a530bdf5be84d565f1dfe313cfbb5fa Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Wed, 20 Feb 2019 13:44:50 +0100 Subject: [PATCH 9/9] Add better logging to sign requests --- Cargo.lock | 2 ++ src/session.rs | 81 ++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 74 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5071b32..af55dc8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,3 +1,5 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. [[package]] name = "abscissa" version = "0.0.6" diff --git a/src/session.rs b/src/session.rs index fabd0cf..46d7670 100644 --- a/src/session.rs +++ b/src/session.rs @@ -27,6 +27,8 @@ use crate::{ unix_connection::UnixConnection, }; +use std::time::Instant; + /// Encrypted session with a validator node pub struct Session { /// Chain ID for this session @@ -89,30 +91,88 @@ where /// Handle an incoming request from the validator fn handle_request(&mut self, should_term: &Arc) -> Result { + let start = Instant::now(); if should_term.load(Ordering::Relaxed) { info!("terminate signal received"); return Ok(false); } debug!("started handling request ... "); let response = match Request::read(&mut self.connection)? { - Request::SignProposal(req) => self.sign(req)?, - Request::SignVote(req) => self.sign(req)?, + Request::SignProposal(req) => { + debug!("SignProposal Request"); + let start = Instant::now(); + let res = self.sign(req)?; + let end = start.elapsed().as_millis(); + debug!("SignProposal Request Time: {}", end); + res + }, + Request::SignVote(req) => { + debug!("SignVote Request"); + let start = Instant::now(); + let res = self.sign(req)?; + let end = start.elapsed().as_millis(); + debug!("SignVote Request Time: {}", end); + res + }, // non-signable requests: - Request::ReplyPing(ref req) => self.reply_ping(req), - Request::ShowPublicKey(ref req) => self.get_public_key(req)?, + Request::ReplyPing(ref req) => { + debug!("ReplyPing Request"); + let start = Instant::now(); + let res = self.reply_ping(req); + let end = start.elapsed().as_millis(); + debug!("ReplyPing Request Time: {}", end); + res + }, + Request::ShowPublicKey(ref req) => { + debug!("ShowPublicKey Request"); + let start = Instant::now(); + let res = self.get_public_key(req)?; + let end = start.elapsed().as_millis(); + debug!("ShowPublicKey Request Time: {}", end); + res + }, }; let mut buf = vec![]; match response { - Response::SignedProposal(sp) => sp.encode(&mut buf)?, - Response::SignedVote(sv) => sv.encode(&mut buf)?, - Response::Ping(ping) => ping.encode(&mut buf)?, - Response::PublicKey(pk) => pk.encode(&mut buf)?, + Response::SignedProposal(sp) => { + debug!("Encode SignedProposal"); + let start = Instant::now(); + let res = sp.encode(&mut buf)?; + let end = start.elapsed().as_millis(); + debug!("Encode SignedProposal Time: {}", end); + res + }, + Response::SignedVote(sv) => { + debug!("Encode SignedVote"); + let start = Instant::now(); + let res = sv.encode(&mut buf)?; + let end = start.elapsed().as_millis(); + debug!("Encode SignedVote Time: {}", end); + res + }, + Response::Ping(ping) => { + debug!("Encode Ping"); + let start = Instant::now(); + let res = ping.encode(&mut buf)?; + let end = start.elapsed().as_millis(); + debug!("Encode Ping Time: {}", end); + res + }, + Response::PublicKey(pk) => { + debug!("Encode PublicKey"); + let start = Instant::now(); + let res = pk.encode(&mut buf)?; + let end = start.elapsed().as_millis(); + debug!("Encode PublicKey Time: {}", end); + res + }, } self.connection.write_all(&buf)?; - debug!("... success handling request"); + let end = start.elapsed().as_millis(); + debug!("... success handling request in: {}", end); Ok(true) } @@ -125,7 +185,10 @@ where // TODO(ismail): figure out which key to use here instead of taking the only key // from keyring here: + let start_sign = Instant::now(); let sig = KeyRing::sign(None, &to_sign)?; + let stop_sign = start_sign.elapsed().as_millis(); + debug!("Time to raw sign: {}", stop_sign); request.set_signature(&sig); debug!("successfully signed request:\n {:?}", request);