-
Notifications
You must be signed in to change notification settings - Fork 684
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace Guardian Key with abstracted Guardian Signer #4120
base: main
Are you sure you want to change the base?
Replace Guardian Key with abstracted Guardian Signer #4120
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one edge case and some small nits
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some minor comments related to naming and clarity. Overall the implementation looks good
Another approach would be to rewrite this function to use the new Guardian signer though it would be a breaking change to modify the function signature. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very cool!
logger.Fatal("Please specify --guardianKey or --guardianSignerUri") | ||
} | ||
} else { | ||
// If guardianKeyPath is set, set guardianSignerUri to the file signer URI, pointing to guardianKeyPath. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't you throw if both are set?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I decided that I would default to using guardianKeyPath
, even if the signer URI is set. I don't have any strong feelings about this decision. Do you think it should rather throw if both are set?
type GeneratedSigner struct { | ||
privateKey *ecdsa.PrivateKey | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know you have a comment in guardianSigner.go
about this being for test only, but could you please put something in here as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a comment to the struct. I also got paranoid, and moved the GenerateSignerWithPrivatekeyUnsafe
function to generatedsigner.go
.
} | ||
} | ||
|
||
func ParseSignerUri(signerUri string) (signerType SignerType, signerKeyConfig string) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this return an error so line 39 could print more details?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated this to return an error.
8067a94
to
13e82f8
Compare
13e82f8
to
32fa31d
Compare
This pull request introduces the
GuardianSigner
interface, defined in theguardiansigner
package, which is meant to replace directly using the guardian key (private key) for data signing. In doing so, it becomes easier to introduce alternative signing mechanisms without too much modification of code outside of the newguardiansigner
package. Additional signing mechanisms include HSMs or KMS's (such as AWS or GCP).The changes made to the repository are summarised as follows:
guardiansigner
package, which includes aFileSigner
implementation that works with the current guardian key.--guardianSignerUri
commandline argument. Node operators can still make use ofguardianKeyPath
, as support is provided to translate the path to the appropriateguardianSignerUri
. As additional signer implementations are introduced, more URI schemes will be added. But for now onlyfile://
is supported, loading a private key from disk.GuardianSigner
.Notable Code Change
One change in the PR that we are not yet certain about is the use of
AddSignature
defined insdk/vaa/structs.go
. The changes innode/pkg/adminrpc/adminserver.go
removed the use ofAddSignature
and adds the signature manually, to make use of aGuardianSigner
. There were some alternative ideas surrounding this:An alternative idea was to make
AddSignature
accept aGuardianSigner
instead of a private key. This did not seem right, as it would create a dependency on thenode
packages that seems unneccessary, and also modify what is defined as an SDK, potentially breaking functionality for other projects that might make use of the SDK.Additional comment by @johnsaigle that is also worth considering: #4120 (comment)