Ledger integration into KMS #172
Conversation
This PR adds the ledger integration as a backend to the KMS. There is still more work required to ensure that the Ledger application knows how to correctly decode/encode Tendermint votes.
|
We can update the signatory dependencies as soon as we can release 0.11 of signatory-cosmos-val. |
Cargo.toml
Outdated
| signatory = { git = "https://github.com/cryptiumlabs/signatory" } | ||
| signatory-dalek = { git = "https://github.com/cryptiumlabs/signatory" } | ||
| signatory-yubihsm = { git = "https://github.com/cryptiumlabs/signatory" } | ||
| signatory-ledger-cosval = { git = "https://github.com/cryptiumlabs/signatory" } |
There was a problem hiding this comment.
please do not introduce external versions/forks of these crates.
There was a problem hiding this comment.
This is waiting on the release of the correct upstream crates, specifically the new release of signatory-ledger-cosval.
There was a problem hiding this comment.
| @@ -41,7 +41,7 @@ jobs: | |||
| command: | | |||
| rustc --version | |||
| cargo --version | |||
| cargo test --all --all-features | |||
| cargo test --all --features "default softsign yubihsm yubihsm-mock" | |||
There was a problem hiding this comment.
Why is this change necessary?
There was a problem hiding this comment.
The test harness does not work with the Ledger since I haven't implemented a ledger-mock.
|
@adrianbrink @liamsi @adrianbrink we can work together on this, I can rebase over your PR (so your commits in this PR are not lost) and apply all the other changes that are necessary for the complete integration. Would that make sense? |
|
Let me know what you prefer. In the meantime, I need to wait until tendermint/signatory#141 gets merged. |
|
@jleni merged |
Rebasing sounds fine! |
|
I have multiple changes that will make this PR incompatible, specially once @tony-iqlusion releases the new crates. @adrianbrink I think the best option is that:
agree? |
|
We also need to open a couple of new additional issues to track improvements that need to be made with respect to reconnections, timeout handling, extending command line support, etc. |
That sounds good |
|
@jleni I just tested everything with the latest Ledger application and the updated dependencies and it works :-) |
|
There are several linked issues that are pending. Here is another one: #173 |
|
If you give me write access to I also need to add automatic reconnections in signatory. |
|
I've added you as a contributor to adrianbrink/kms |
+ Adding a basic command line
Refactoring and adjusting to new ledger-tm library
Upgrading crates + cargo fmt fixes
Disabling ledgertm tests until a ledgermock is available
|
@liamsi Any news about this PR? It would be good to integrate this alpha version. |
|
I'll look into it in a bit! |
There was a problem hiding this comment.
The changes look OK. Do we want to include code snippets that aren't currently used though? I would suggest to remove the currently unused boilerplate code and add it together with the functionality that comes with followup PRs.
It is not clear to me what needs to be done to get the ledger sign anything with these changes. Just add [[providers.ledgertm]] to the config and we are done?
| impl Callable for DetectCommand { | ||
| /// Detect all Ledger devices running the Tendermint app | ||
| fn call(&self) { | ||
| println!("This feature will be soon available"); |
There was a problem hiding this comment.
Why include the detect command if it does not do anything yet?
| @@ -17,3 +17,5 @@ adapter = { type = "usb" } | |||
| auth = { key = 1, password = "password" } # Default YubiHSM admin credentials. Change ASAP! | |||
| keys = [{ id = "gaia-9000", key = 1 }] | |||
| #serial_number = "0123456789" # identify serial number of a specific YubiHSM to connect to | |||
|
|
|||
| [[providers.ledgertm]] | |||
There was a problem hiding this comment.
Is this everything that is necessary to get the ledger up and running? If not providing (all) existing options with some exemplary defaults would be cool.
| }; | ||
|
|
||
| pub const LEDGER_TM_PROVIDER_LABEL: &str = "ledgertm"; | ||
| pub const LEDGER_TM_ID: &str = "ledgertm"; |
There was a problem hiding this comment.
Shouldn't the ID come from the config? An ID that is always the same (and the same as the constant LEDGER_TM_PROVIDER_LABEL), feels wrong.
| static ref HSM_CLIENT: Mutex<Ed25519LedgerTmAppSigner> = Mutex::new(create_hsm_client()); | ||
| } | ||
|
|
||
| fn create_hsm_client() -> Ed25519LedgerTmAppSigner { |
There was a problem hiding this comment.
It looks like this is not used anywhere?
| use signatory_ledger_tm::Ed25519LedgerTmAppSigner; | ||
| use std::sync::Mutex; | ||
|
|
||
| // This instance is only used by CLI commands or tests |
There was a problem hiding this comment.
Currently not used anywhere?
|
Thanks a lot @jleni @adrianbrink! I would suggest to apply the following changes to this PR:
I've submitted a follow up PR here which contains all your changes: #176, PTAL @jleni plans to submit a follow up PR which completes this PR and uses completes the commands etc. |
|
Please do use the latest master branch instead of this one. I've removed a bunch of code and fixed other parts in #173. You should still be able to experiment with the ledger integration. |
This PR adds the ledger integration as a backend to the KMS. There is
still more work required to ensure that the Ledger application knows how
to correctly decode/encode Tendermint votes.