Add support for Fortanix DSM signer (iqlusioninc#469)

Boblev999 · Apr 28, 2022 · a036b5d · a036b5d
1 parent 6018713
commit a036b5d
Show file tree

Hide file tree

Showing 11 changed files with 505 additions and 10 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,6 +24,7 @@ chrono = "0.4"
 clap = "3"
 cosmrs = "0.5"
 ed25519-dalek = "1"
+elliptic-curve = { version = "0.11.12", features = ["pkcs8"], optional = true }
 eyre = "0.6"
 getrandom = "0.2"
 hkd32 = { version = "0.6", default-features = false, features = ["mnemonic"] }
@@ -39,6 +40,7 @@ prost-amino-derive = "0.6"
 prost-derive = "0.9"
 rand_core = { version = "0.6", features = ["std"] }
 rpassword = { version = "6", optional = true }
+sdkms = { version = "0.4.0", optional = true }
 serde = { version = "1", features = ["serde_derive"] }
 serde_json = "1"
 sha2 = "0.9"
@@ -53,6 +55,8 @@ tendermint-rpc = { version = "0.23.5", optional = true, features = ["http-client
 tendermint-proto = "0.23.5"
 tendermint-p2p = { version = "0.23.5", features = ["amino"] }
 thiserror = "1"
+url = { version = "2.2.2", features = ["serde"], optional = true }
+uuid = { version = "0.8.2", features = ["serde"], optional = true }
 wait-timeout = "0.2"
 yubihsm = { version = "0.40", features = ["secp256k1", "setup", "usb"], optional = true }
 zeroize = "1"
@@ -67,6 +71,7 @@ softsign = []
 tx-signer = ["abscissa_tokio", "hyper", "hyper-rustls", "stdtx", "tendermint-rpc"]
 yubihsm-mock = ["yubihsm/mockhsm"]
 yubihsm-server = ["yubihsm/http-server", "rpassword"]
+fortanixdsm = ["elliptic-curve", "sdkms", "url", "uuid"]
 
 # Enable integer overflow checks in release builds for security reasons
 [profile.release]

diff --git a/src/commands/init/config_builder.rs b/src/commands/init/config_builder.rs
@@ -83,6 +83,9 @@ impl ConfigBuilder {
 
         #[cfg(feature = "softsign")]
         self.add_softsign_provider_config();
+
+        #[cfg(feature = "fortanixdsm")]
+        self.add_fortanixdsm_provider_config();
     }
 
     /// Add `[[validator]]` configurations
@@ -169,6 +172,13 @@ impl ConfigBuilder {
         self.add_template_with_chain_id(include_str!("templates/keyring/softsign_account.toml"));
     }
 
+    /// Add `[[provider.fortanixdsm]]` configuration
+    #[cfg(feature = "fortanixdsm")]
+    fn add_fortanixdsm_provider_config(&mut self) {
+        self.add_str("### Fortanix DSM Signer Configuration\n\n");
+        self.add_template_with_chain_id(include_str!("templates/keyring/fortanixdsm.toml"));
+    }
+
     /// Append a template to the config file, substituting `$KMS_HOME`
     fn add_template(&mut self, template: &str) {
         self.add_str(&format_template(

diff --git a/src/commands/init/templates/keyring/fortanixdsm.toml b/src/commands/init/templates/keyring/fortanixdsm.toml
@@ -0,0 +1,7 @@
+[[providers.fortanixdsm]]
+api_endpoint = "https://sdkms.fortanix.com"
+api_key = "Nzk5MDQ3ZGUtN2Q2NS00OTRjLTgzMDMtNjQwMTlhYzdmOGUzOlF1SU93ZXJsOFU4VUdEWEdQMmx1dFJOVjlvMTRSd3lhNnVDNVNhVkpZOVhzYVgyc0pOVGRQVGJ0RjZJdmVLMy00X05iTEhxMkowamF3UGVPaXJEWEd3"
+signing_keys = [
+    { chain_ids = ["$CHAIN_ID"], type = "account", key_id = "72e9ed9e-9eb4-46bd-a135-e78ed9bfd611" },
+    { chain_ids = ["$CHAIN_ID"], type = "consensus", key_name = "My Key" },
+]