Introduce a SignatoryManager service.

The SignatoryManager manager provides an API to interact with keysets, private keys, and all key-related operations, offering segregation between the mint and the most sensible part of the mind: the private keys. Although the default signatory runs in memory, it is completely isolated from the rest of the system and can only be communicated through the interface offered by the signatory manager. Only messages can be sent from the mintd to the Signatory trait through the Signatory Manager. This pull request sets the foundation for eventually being able to run the Signatory and all the key-related operations in a separate service, possibly in a foreign service, to offload risks, as described in #476. The Signatory manager is concurrent and deferred any mechanism needed to handle concurrency to the Signatory trait.
cashubtc · Jan 14, 2025 · a8c289e · a8c289e
1 parent 0840dfe
commit a8c289e
Show file tree

Hide file tree

Showing 17 changed files with 883 additions and 516 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/cdk-common/src/error.rs b/crates/cdk-common/src/error.rs
@@ -52,6 +52,14 @@ pub enum Error {
     #[error("Amount Less Invoice is not allowed")]
     AmountLessNotAllowed,
 
+    /// Internal Error - Send error
+    #[error("Internal send error: {0}")]
+    SendError(String),
+
+    /// Internal Error - Recv error
+    #[error("Internal receive error: {0}")]
+    RecvError(String),
+
     // Mint Errors
     /// Minting is disabled
     #[error("Minting is disabled")]

diff --git a/crates/cdk-common/src/lib.rs b/crates/cdk-common/src/lib.rs
@@ -13,6 +13,8 @@ pub mod error;
 pub mod lightning;
 pub mod pub_sub;
 #[cfg(feature = "mint")]
+pub mod signatory;
+#[cfg(feature = "mint")]
 pub mod subscription;
 pub mod ws;
 

diff --git a/crates/cdk-common/src/signatory.rs b/crates/cdk-common/src/signatory.rs
@@ -0,0 +1,50 @@
+//! Signatory mod
+//!
+//! This module abstract all the key related operations, defining an interface for the necessary
+//! operations, to be implemented by the different signatory implementations.
+//!
+//! There is an in memory implementation, when the keys are stored in memory, in the same process,
+//! but it is isolated from the rest of the application, and they communicate through a channel with
+//! the defined API.
+use std::collections::HashMap;
+
+use bitcoin::bip32::DerivationPath;
+use cashu::{
+    BlindSignature, BlindedMessage, CurrencyUnit, Id, KeySet, KeysResponse, KeysetResponse, Proof,
+};
+
+use super::error::Error;
+
+#[async_trait::async_trait]
+/// Signatory trait
+pub trait Signatory {
+    /// Blind sign a message
+    async fn blind_sign(&self, blinded_message: BlindedMessage) -> Result<BlindSignature, Error>;
+
+    /// Verify [`Proof`] meets conditions and is signed
+    async fn verify_proof(&self, proof: Proof) -> Result<(), Error>;
+
+    /// Retrieve a keyset by id
+    async fn keyset(&self, keyset_id: Id) -> Result<Option<KeySet>, Error>;
+
+    /// Retrieve the public keys of a keyset
+    async fn keyset_pubkeys(&self, keyset_id: Id) -> Result<KeysResponse, Error>;
+
+    /// Retrieve the public keys of the active keyset for distribution to wallet
+    /// clients
+    async fn pubkeys(&self) -> Result<KeysResponse, Error>;
+
+    /// Return a list of all supported keysets
+    async fn keysets(&self) -> Result<KeysetResponse, Error>;
+
+    /// Add current keyset to inactive keysets
+    /// Generate new keyset
+    async fn rotate_keyset(
+        &self,
+        unit: CurrencyUnit,
+        derivation_path_index: u32,
+        max_order: u8,
+        input_fee_ppk: u64,
+        custom_paths: HashMap<CurrencyUnit, DerivationPath>,
+    ) -> Result<(), Error>;
+}
diff --git a/crates/cdk-integration-tests/src/init_regtest.rs b/crates/cdk-integration-tests/src/init_regtest.rs
@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use std::env;
 use std::path::PathBuf;
 use std::sync::Arc;
@@ -6,7 +7,7 @@ use anyhow::Result;
 use axum::Router;
 use bip39::Mnemonic;
 use cdk::cdk_database::{self, MintDatabase};
-use cdk::mint::{FeeReserve, MintBuilder, MintMeltLimits};
+use cdk::mint::{FeeReserve, MemorySignatory, MintBuilder, MintMeltLimits};
 use cdk::nuts::{CurrencyUnit, PaymentMethod};
 use cdk_cln::Cln as CdkCln;
 use ln_regtest_rs::bitcoin_client::BitcoinClient;
@@ -152,7 +153,9 @@ where
 
     let mut mint_builder = MintBuilder::new();
 
-    mint_builder = mint_builder.with_localstore(Arc::new(database));
+    let localstore = Arc::new(database);
+
+    mint_builder = mint_builder.with_localstore(localstore.clone());
 
     mint_builder = mint_builder.add_ln_backend(
         CurrencyUnit::Sat,
@@ -163,8 +166,18 @@ where
 
     let mnemonic = Mnemonic::generate(12)?;
 
+    let signatory_manager = MemorySignatory::new(
+        localstore,
+        &mnemonic.to_seed_normalized(""),
+        mint_builder.supported_units.clone(),
+        HashMap::new(),
+    )
+    .await
+    .expect("valid signatory");
+
     mint_builder = mint_builder
         .with_name("regtest mint".to_string())
+        .with_signatory(Arc::new(signatory_manager))
         .with_mint_url(format!("http://{addr}:{port}"))
         .with_description("regtest mint".to_string())
         .with_quote_ttl(10000, 10000)

diff --git a/crates/cdk-integration-tests/src/lib.rs b/crates/cdk-integration-tests/src/lib.rs
@@ -9,7 +9,8 @@ use cdk::amount::{Amount, SplitTarget};
 use cdk::cdk_database::mint_memory::MintMemoryDatabase;
 use cdk::cdk_lightning::MintLightning;
 use cdk::dhke::construct_proofs;
-use cdk::mint::FeeReserve;
+use cdk::mint::signatory::SignatoryManager;
+use cdk::mint::{FeeReserve, MemorySignatory};
 use cdk::mint_url::MintUrl;
 use cdk::nuts::nut00::ProofsMethods;
 use cdk::nuts::nut17::Params;
@@ -76,15 +77,25 @@ pub async fn start_mint(
 
     let quote_ttl = QuoteTTL::new(10000, 10000);
 
+    let localstore = Arc::new(MintMemoryDatabase::default());
+    let signatory_manager = Arc::new(SignatoryManager::new(Arc::new(
+        MemorySignatory::new(
+            localstore.clone(),
+            &mnemonic.to_seed_normalized(""),
+            supported_units,
+            HashMap::new(),
+        )
+        .await
+        .expect("valid signatory"),
+    )));
+
     let mint = Mint::new(
         &get_mint_url(),
-        &mnemonic.to_seed_normalized(""),
         mint_info,
         quote_ttl,
-        Arc::new(MintMemoryDatabase::default()),
+        localstore,
         ln_backends.clone(),
-        supported_units,
-        HashMap::new(),
+        signatory_manager,
     )
     .await?;
 

diff --git a/crates/cdk-integration-tests/tests/integration_tests_pure.rs b/crates/cdk-integration-tests/tests/integration_tests_pure.rs
@@ -10,6 +10,8 @@ mod integration_tests_pure {
     use cdk::amount::SplitTarget;
     use cdk::cdk_database::mint_memory::MintMemoryDatabase;
     use cdk::cdk_database::WalletMemoryDatabase;
+    use cdk::mint::signatory::SignatoryManager;
+    use cdk::mint::MemorySignatory;
     use cdk::nuts::nut00::ProofsMethods;
     use cdk::nuts::{
         CheckStateRequest, CheckStateResponse, CurrencyUnit, Id, KeySet, KeysetResponse,
@@ -164,15 +166,21 @@ mod integration_tests_pure {
         let mint_url = "http://aaa";
 
         let seed = random::<[u8; 32]>();
+
+        let localstore = Arc::new(MintMemoryDatabase::default());
+        let signatory_manager = Arc::new(SignatoryManager::new(Arc::new(
+            MemorySignatory::new(localstore.clone(), &seed, supported_units, HashMap::new())
+                .await
+                .expect("valid signatory"),
+        )));
+
         let mint: Mint = Mint::new(
             mint_url,
-            &seed,
             mint_info,
             quote_ttl,
-            Arc::new(MintMemoryDatabase::default()),
+            localstore,
             create_backends_fake_wallet(),
-            supported_units,
-            HashMap::new(),
+            signatory_manager,
         )
         .await?;
 

diff --git a/crates/cdk-integration-tests/tests/mint.rs b/crates/cdk-integration-tests/tests/mint.rs
@@ -9,7 +9,8 @@ use bip39::Mnemonic;
 use cdk::amount::{Amount, SplitTarget};
 use cdk::cdk_database::mint_memory::MintMemoryDatabase;
 use cdk::dhke::construct_proofs;
-use cdk::mint::MintQuote;
+use cdk::mint::signatory::SignatoryManager;
+use cdk::mint::{MemorySignatory, MintQuote};
 use cdk::nuts::nut00::ProofsMethods;
 use cdk::nuts::{
     CurrencyUnit, Id, MintBolt11Request, MintInfo, NotificationPayload, Nuts, PreMintSecrets,
@@ -45,15 +46,21 @@ async fn new_mint(fee: u64) -> Mint {
 
     let quote_ttl = QuoteTTL::new(10000, 10000);
 
+    let localstore = Arc::new(MintMemoryDatabase::default());
+    let seed = mnemonic.to_seed_normalized("");
+    let signatory_manager = Arc::new(SignatoryManager::new(Arc::new(
+        MemorySignatory::new(localstore.clone(), &seed, supported_units, HashMap::new())
+            .await
+            .expect("valid signatory"),
+    )));
+
     Mint::new(
         MINT_URL,
-        &mnemonic.to_seed_normalized(""),
         mint_info,
         quote_ttl,
-        Arc::new(MintMemoryDatabase::default()),
-        HashMap::new(),
-        supported_units,
+        localstore,
         HashMap::new(),
+        signatory_manager,
     )
     .await
     .unwrap()

diff --git a/crates/cdk-signatory/Cargo.toml b/crates/cdk-signatory/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "cdk-signatory"
+version = "0.6.0"
+edition = "2021"
+description = "CDK signatory default implementation"
+
+[dependencies]
+async-trait = "0.1.83"
+bitcoin = { version = "0.32.2", features = [
+    "base64",
+    "serde",
+    "rand",
+    "rand-std",
+] }
+cdk-common = { path = "../cdk-common", default-features = false, features = [
+    "mint",
+] }
+tracing = "0.1.41"
+tokio = { version = "1.21", features = ["rt", "macros", "sync", "time"] }