aljaz/cdk
1
0
Fork 0
mirror of https://github.com/aljazceru/cdk.git synced 2025-12-23 23:55:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
af72d565585cf54e4200c2979f56d3ba87d31158
cdk/crates/cdk-signatory/proto/signatory.proto
C ade48cd8a9 Introduce a SignatoryManager service. (#509) 
* WIP: Introduce a SignatoryManager service.

The SignatoryManager manager provides an API to interact with keysets, private
keys, and all key-related operations, offering segregation between the mint and
the most sensible part of the mind: the private keys.

Although the default signatory runs in memory, it is completely isolated from
the rest of the system and can only be communicated through the interface
offered by the signatory manager. Only messages can be sent from the mintd to
the Signatory trait through the Signatory Manager.

This pull request sets the foundation for eventually being able to run the
Signatory and all the key-related operations in a separate service, possibly in
a foreign service, to offload risks, as described in #476.

The Signatory manager is concurrent and deferred any mechanism needed to handle
concurrency to the Signatory trait.

* Fixed missing default feature for signatory

* Do not read keys from the DB

* Removed KeysDatabase Trait from MintDatabase

All Keys operations should be done through the signatory

* Make sure signatory has all the keys in memory

Drop also foreign constraints on sqlite

* Fix race condition

* Adding debug info to failing test

* Add `sleep` in test

* Fixed issue with active auth keyset

* Fixed dependency

* Move all keys and keysets to an ArcSwap.

Since the keys and keysets exist in RAM, most wrapping functions are infallible
and synchronous, improving performance and adding breaking API changes.

The signatory will provide this information on the boot and update when the
`rotate_keyset` is executed.

Todo: Implement a subscription key to reload the keys when the GRPC server
changes the keys. For the embedded mode, that makes no sense since there is a
single way to rotate keys, and that bit is already covered.

* Implementing https://github.com/cashubtc/nuts/pull/250

* Add CLI for cdk-signatory to spawn an external signatory

Add to the pipeline the external signatory

* Update tests

* Apply suggestions from code review

Co-authored-by: ok300 <106775972+ok300@users.noreply.github.com>
Co-authored-by: thesimplekid <tsk@thesimplekid.com>

* Minor change

* Update proto buf to use the newest format

* Rename binary

* Add instrumentations

* Add more comments

* Use a single database for the signatory

Store all keys, even auth keys, in a single database. Leave the MintAuthDatabse
trait implementation for the CDK but not the signagtory

This commit also moves the cli mod to its own file

* Update dep

* Add `test_mint_keyset_gen` test

---------

Co-authored-by: ok300 <106775972+ok300@users.noreply.github.com>
Co-authored-by: thesimplekid <tsk@thesimplekid.com>
2025-05-28 11:43:30 -04:00

174 lines
3.2 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
package signatory;
service Signatory {
rpc BlindSign(BlindedMessages) returns (BlindSignResponse);
rpc VerifyProofs(Proofs) returns (BooleanResponse);
// returns all the keysets for the mint
rpc Keysets(EmptyRequest) returns (KeysResponse);
// rotates the keysets
rpc RotateKeyset(RotationRequest) returns (KeyRotationResponse);
}
enum Operation {
OPERATION_UNSPECIFIED = 0;
OPERATION_MINT = 1;
OPERATION_MELT = 2;
OPERATION_SWAP = 3;
}
message BlindSignResponse {
Error error = 1;
BlindSignatures sigs = 2;
}
message BlindedMessages {
repeated BlindedMessage blinded_messages = 1;
Operation operation = 2;
string correlation_id = 3;
}
// Represents a blinded message
message BlindedMessage {
uint64 amount = 1;
string keyset_id = 2;
bytes blinded_secret = 3;
}
message BooleanResponse {
Error error = 1;
bool success = 2;
}
message KeyRotationResponse {
Error error = 1;
KeySet keyset = 2;
}
message KeysResponse {
Error error = 1;
SignatoryKeysets keysets = 2;
}
message SignatoryKeysets {
bytes pubkey = 1;
repeated KeySet keysets = 2;
}
message KeySet {
string id = 1;
CurrencyUnit unit = 2;
bool active = 3;
uint64 input_fee_ppk = 4;
Keys keys = 5;
}
message Keys {
map<uint64, bytes> keys = 1;
}
message RotationRequest {
CurrencyUnit unit = 1;
uint64 input_fee_ppk = 2;
uint32 max_order = 3;
}
enum CurrencyUnitType {
CURRENCY_UNIT_TYPE_UNSPECIFIED = 0;
CURRENCY_UNIT_TYPE_SAT = 1;
CURRENCY_UNIT_TYPE_MSAT = 2;
CURRENCY_UNIT_TYPE_USD = 3;
CURRENCY_UNIT_TYPE_EUR = 4;
CURRENCY_UNIT_TYPE_AUTH = 5;
}
message CurrencyUnit {
oneof currency_unit {
CurrencyUnitType unit = 1;
string custom_unit = 2;
}
}
message Proofs {
repeated Proof proof = 1;
Operation operation = 3;
string correlation_id = 4;
}
message Proof {
uint64 amount = 1;
string keyset_id = 2;
bytes secret = 3;
bytes c = 4;
}
message ProofDLEQ {
bytes e = 1;
bytes s = 2;
bytes r = 3;
}
message SigningResponse {
Error error = 1;
BlindSignatures blind_signatures = 2;
}
message BlindSignatures {
repeated BlindSignature blind_signatures = 1;
}
message BlindSignature {
uint64 amount = 1;
string keyset_id = 2;
bytes blinded_secret = 3;
optional BlindSignatureDLEQ dleq = 4;
}
message BlindSignatureDLEQ {
bytes e = 1;
bytes s = 2;
}
// Witness type
message Witness {
oneof witness_type {
P2PKWitness p2pk_witness = 1;
HTLCWitness htlc_witness = 2;
}
}
// P2PKWitness type
message P2PKWitness {
// List of signatures
repeated string signatures = 1;
}
// HTLCWitness type
message HTLCWitness {
// Preimage
string preimage = 1;
// List of signatures
repeated string signatures = 2;
}
enum ErrorCode {
ERROR_CODE_UNSPECIFIED = 0;
ERROR_CODE_AMOUNT_OUTSIDE_LIMIT = 1;
ERROR_CODE_DUPLICATE_INPUTS_PROVIDED = 2;
ERROR_CODE_DUPLICATE_OUTPUTS_PROVIDED = 3;
ERROR_CODE_KEYSET_NOT_KNOWN = 4;
ERROR_CODE_KEYSET_INACTIVE = 5;
ERROR_CODE_MINTING_DISABLED = 6;
ERROR_CODE_COULD_NOT_ROTATE_KEYSET = 7;
ERROR_CODE_INVALID_PROOF = 8;
ERROR_CODE_INVALID_BLIND_MESSAGE = 9;
ERROR_CODE_UNIT_NOT_SUPPORTED = 10;
}
message Error {
ErrorCode code = 1;
string detail = 2;
}
message EmptyRequest {}
Reference in New Issue View Git Blame Copy Permalink