Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ic-agent]async sign function in Identity trait #515

Open
hide-yoshi opened this issue Feb 20, 2024 · 1 comment
Open

[ic-agent]async sign function in Identity trait #515

hide-yoshi opened this issue Feb 20, 2024 · 1 comment

Comments

@hide-yoshi
Copy link

hide-yoshi commented Feb 20, 2024
edited
Loading

async sign function in Identity trait

Identity#sign is a synchronous function, but it should be async.
This is because the function may need to perform I/O operations, such as using AWS KMS or another service to sign the message keeping the private key secure.
Do you think it would be better to make the sign function async?
For example, I'd like to add another implementation of Identity trait for AWS KMS like this:

trait Identity {
    fn sender(&self) -> Result<Principal, String>;
    fn public_key(&self) -> Option<Vec<u8>>;
    async fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error>;
}


#[derive(Clone)]
pub struct KmsIdentity {
    client: Client,
    key_id: String,
    public_key: Vec<u8>,
}

impl KmsIdentity {
    pub async fn new(client: Client, key_id: String) -> Self {
        let public_key = client
            .get_public_key()
            .key_id(key_id.clone())
            .send()
            .await
            .unwrap()
            .public_key
            .unwrap()
            .as_ref()
            .to_vec();
        KmsIdentity {
            client,
            key_id,
            public_key,
        }
    }
}

impl Identity for KmsIdentity {
    fn sender(&self) -> Result<Principal, String> {
        ...
    }

    fn public_key(&self) -> Option<Vec<u8>> {
        Some(self.public_key.clone())
    }

    async fn sign(
        &self,
        content: &ic_agent::agent::EnvelopeContent,
    ) -> Result<ic_agent::Signature, String> {
        let result = self
            .client
            .sign()
            .key_id(self.key_id.clone())
            .signing_algorithm(SigningAlgorithmSpec::EcdsaSha256)
            .message(Blob::new(content.to_request_id().signable()))
            .send().await.map_err(|e| e.to_string())?;
        let public_key = self.public_key().unwrap();
        let sig = Signature {
            delegations: None,
            public_key: Some(public_key),
            signature: Some(result.signature().unwrap().as_ref().to_vec()),
        };
    }
}
@hide-yoshi hide-yoshi changed the title async sign function in Identity trait [ic-agent]async sign function in Identity trait Feb 20, 2024
@hide-yoshi
Copy link
Author

main...hide-yoshi:agent-rs:main
This is the patch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hide-yoshi