Replace Guardian Key with abstracted Guardian Signer #4120
Conversation
|
Another approach would be to rewrite this function to use the new Guardian signer though it would be a breaking change to modify the function signature. |
pleasew8t
requested review from
bruce-riley,
panoel,
evan-gray,
claudijd,
SEJeff and
djb15
as code owners
| logger.Fatal("Please specify --guardianKey or --guardianSignerUri") | ||
| } | ||
| } else { | ||
| // If guardianKeyPath is set, set guardianSignerUri to the file signer URI, pointing to guardianKeyPath. |
There was a problem hiding this comment.
Shouldn't you throw if both are set?
There was a problem hiding this comment.
So I decided that I would default to using guardianKeyPath, even if the signer URI is set. I don't have any strong feelings about this decision. Do you think it should rather throw if both are set?
| type GeneratedSigner struct { | ||
| privateKey *ecdsa.PrivateKey | ||
| } | ||
|
|
There was a problem hiding this comment.
I know you have a comment in guardianSigner.go about this being for test only, but could you please put something in here as well?
There was a problem hiding this comment.
I added a comment to the struct. I also got paranoid, and moved the GenerateSignerWithPrivatekeyUnsafe function to generatedsigner.go.
| } | ||
| } | ||
|
|
||
| func ParseSignerUri(signerUri string) (signerType SignerType, signerKeyConfig string) { |
There was a problem hiding this comment.
Should this return an error so line 39 could print more details?
There was a problem hiding this comment.
Updated this to return an error.
pleasew8t
force-pushed
the
replace-guardian-key-with-abstracted-guardian-signer
branch
from
8067a94
to
13e82f8
Compare
pleasew8t
force-pushed
the
replace-guardian-key-with-abstracted-guardian-signer
branch
from
13e82f8
to
32fa31d
Compare
This pull request introduces the
GuardianSignerinterface, defined in theguardiansignerpackage, which is meant to replace directly using the guardian key (private key) for data signing. In doing so, it becomes easier to introduce alternative signing mechanisms without too much modification of code outside of the newguardiansignerpackage. Additional signing mechanisms include HSMs or KMS's (such as AWS or GCP).The changes made to the repository are summarised as follows:
guardiansignerpackage, which includes aFileSignerimplementation that works with the current guardian key.--guardianSignerUricommandline argument. Node operators can still make use ofguardianKeyPath, as support is provided to translate the path to the appropriateguardianSignerUri. As additional signer implementations are introduced, more URI schemes will be added. But for now onlyfile://is supported, loading a private key from disk.GuardianSigner.Notable Code Change
One change in the PR that we are not yet certain about is the use of
AddSignaturedefined insdk/vaa/structs.go. The changes innode/pkg/adminrpc/adminserver.goremoved the use ofAddSignatureand adds the signature manually, to make use of aGuardianSigner. There were some alternative ideas surrounding this:An alternative idea was to make
AddSignatureaccept aGuardianSignerinstead of a private key. This did not seem right, as it would create a dependency on thenodepackages that seems unneccessary, and also modify what is defined as an SDK, potentially breaking functionality for other projects that might make use of the SDK.Additional comment by @johnsaigle that is also worth considering: #4120 (comment)