diff --git a/node/config.go b/node/config.go index b6b160073..527db592e 100644 --- a/node/config.go +++ b/node/config.go @@ -78,6 +78,7 @@ type Config struct { BLSPublicKeyHex string BLSKeyPassword string BLSSignerTLSCertFilePath string + UseBLSRemoteSigner bool EthClientConfig geth.EthClientConfig LoggerConfig common.LoggerConfig @@ -147,11 +148,14 @@ func NewConfig(ctx *cli.Context) (*Config, error) { ethClientConfig = geth.ReadEthClientConfig(ctx) } + // check if BLS remote signer configuration is provided + useBLSRemoteSigner := ctx.GlobalString(flags.BLSRemoteSignerUrlFlag.Name) != "" && ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name) != "" + // Decrypt BLS key var privateBls string if !testMode { // If remote signer fields are empty then try to read the BLS key from the file - if ctx.GlobalString(flags.BLSRemoteSignerUrlFlag.Name) == "" || ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name) == "" { + if !useBLSRemoteSigner { kp, err := bls.ReadPrivateKeyFromFile(ctx.GlobalString(flags.BlsKeyFileFlag.Name), ctx.GlobalString(flags.BlsKeyPasswordFlag.Name)) if err != nil { return nil, fmt.Errorf("could not read or decrypt the BLS private key: %v", err) @@ -216,5 +220,6 @@ func NewConfig(ctx *cli.Context) (*Config, error) { BLSPublicKeyHex: ctx.GlobalString(flags.BLSPublicKeyHexFlag.Name), BLSKeyPassword: ctx.GlobalString(flags.BlsKeyPasswordFlag.Name), BLSSignerTLSCertFilePath: ctx.GlobalString(flags.BLSSignerCertFileFlag.Name), + UseBLSRemoteSigner: useBLSRemoteSigner, }, nil } diff --git a/node/grpc/server.go b/node/grpc/server.go index 3b30d36a7..47d4f4b56 100644 --- a/node/grpc/server.go +++ b/node/grpc/server.go @@ -26,8 +26,6 @@ import ( "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/wrapperspb" - - blssignerV1 "github.com/Layr-Labs/cerberus-api/pkg/api/v1" ) // Server implements the Node proto APIs. @@ -285,22 +283,9 @@ func (s *Server) AttestBatch(ctx context.Context, in *pb.AttestBatchRequest) (*p if err != nil { return nil, fmt.Errorf("failed to get the batch header hash: %w", err) } - // sig := s.node.KeyPair.SignMessage(batchHeaderHash) - sigResp, err := s.node.BLSSigner.SignGeneric( - ctx, - &blssignerV1.SignGenericRequest{ - PublicKey: s.node.Config.BLSPublicKeyHex, - Password: s.node.Config.BLSKeyPassword, - Data: batchHeaderHash[:], - }, - ) - if err != nil { - return nil, fmt.Errorf("failed to sign batch: %w", err) - } - sig := new(core.Signature) - _, err = sig.Deserialize(sigResp.Signature) + sig, err := s.node.GetSignature(ctx, batchHeaderHash) if err != nil { - return nil, fmt.Errorf("failed to deserialize signature: %w", err) + return nil, fmt.Errorf("failed to sign the batch header: %w", err) } s.node.Logger.Info("AttestBatch complete", "duration", time.Since(start)) diff --git a/node/node.go b/node/node.go index 9902af4de..4c432a2da 100644 --- a/node/node.go +++ b/node/node.go @@ -425,32 +425,41 @@ func (n *Node) ProcessBatch(ctx context.Context, header *core.BatchHeader, blobs // Sign batch header hash if all validation checks pass and data items are written to database. stageTimer = time.Now() - // sig := n.KeyPair.SignMessage(batchHeaderHash) - sigResp, err := n.BLSSigner.SignGeneric( - ctx, - &blssignerV1.SignGenericRequest{ - PublicKey: n.Config.BLSPublicKeyHex, - Password: n.Config.BLSKeyPassword, - Data: batchHeaderHash[:], - }, - ) + signature, err := n.GetSignature(ctx, batchHeaderHash) if err != nil { return nil, fmt.Errorf("failed to sign batch: %w", err) } - sig := new(core.Signature) - g, err := sig.Deserialize(sigResp.Signature) - finalSig := &core.Signature{ - G1Point: g, - } - if err != nil { - return nil, fmt.Errorf("failed to deserialize signature: %w", err) - } n.Metrics.RecordStoreChunksStage("signed", batchSize, time.Since(stageTimer)) log.Debug("Sign batch succeeded", "pubkey", n.Config.BLSPublicKeyHex, "duration", time.Since(stageTimer)) log.Debug("Exiting process batch", "duration", time.Since(start)) - return finalSig, nil + return signature, nil +} + +func (n *Node) GetSignature(ctx context.Context, data [32]byte) (*core.Signature, error) { + if n.Config.UseBLSRemoteSigner { + sigResp, err := n.BLSSigner.SignGeneric( + ctx, + &blssignerV1.SignGenericRequest{ + PublicKey: n.Config.BLSPublicKeyHex, + Password: n.Config.BLSKeyPassword, + Data: data[:], + }, + ) + if err != nil { + return nil, fmt.Errorf("failed to sign data: %w", err) + } + sig := new(core.Signature) + g, err := sig.Deserialize(sigResp.Signature) + if err != nil { + return nil, fmt.Errorf("failed to deserialize signature: %w", err) + } + return &core.Signature{ + G1Point: g, + }, nil + } + return n.KeyPair.SignMessage(data), nil } // ProcessBlobs validates the blobs are correct, stores data into the node's Store, and then returns a signature for each blob. @@ -646,27 +655,11 @@ func (n *Node) SignBlobs(blobs []*core.BlobMessage, referenceBlockNumber uint) ( if err != nil { return nil, fmt.Errorf("failed to get batch header hash: %w", err) } - // sig := n.KeyPair.SignMessage(batchHeaderHash) - sigResp, err := n.BLSSigner.SignGeneric( - context.Background(), - &blssignerV1.SignGenericRequest{ - PublicKey: n.Config.BLSPublicKeyHex, - Password: n.Config.BLSKeyPassword, - Data: batchHeaderHash[:], - }, - ) - if err != nil { - return nil, fmt.Errorf("failed to sign batch: %w", err) - } - sig := new(core.Signature) - g, err := sig.Deserialize(sigResp.Signature) + sig, err := n.GetSignature(context.Background(), batchHeaderHash) if err != nil { - return nil, fmt.Errorf("failed to deserialize signature: %w", err) - } - finalSig := &core.Signature{ - G1Point: g, + return nil, fmt.Errorf("failed to sign blob: %w", err) } - signatures[i] = finalSig + signatures[i] = sig } n.Logger.Debug("SignBlobs completed", "duration", time.Since(start))