Refactor v3.2.2

.golangci.yml

@@ -101,6 +101,8 @@ linters-settings:
         alias: mrand
       - pkg: github.com/strangelove-ventures/horcrux/pkg/types
         alias: htypes
+      - pkg: github.com/strangelove-ventures/horcrux/pkg/config
+        alias: cconfig
   maligned:
     suggest-new: true
   govet:

cmd/horcrux/cmd/address.go

@@ -10,7 +10,8 @@ import (
 	cometprivval "github.com/cometbft/cometbft/privval"
 	"github.com/cosmos/cosmos-sdk/types/bech32"
 	"github.com/spf13/cobra"
-	"github.com/strangelove-ventures/horcrux/signer"
+	cconfig "github.com/strangelove-ventures/horcrux/pkg/config"
+	"github.com/strangelove-ventures/horcrux/pkg/tss"
 )
 
 type AddressCmdOutput struct {
@@ -29,12 +30,12 @@ func addressCmd() *cobra.Command {
 		Args:         cobra.RangeArgs(1, 2),
 		RunE: func(cmd *cobra.Command, args []string) error {
 
-			var pubKey crypto.PubKey
+			var pubKey tss.PubKey
 
 			chainID := args[0]
 
 			switch config.Config.SignMode {
-			case signer.SignModeThreshold:
+			case cconfig.SignModeThreshold:
 				err := config.Config.ValidateThresholdModeConfig()
 				if err != nil {
 					return err
@@ -45,13 +46,13 @@ func addressCmd() *cobra.Command {
 					return err
 				}
 
-				key, err := signer.LoadThresholdSignerEd25519Key(keyFile)
+				key, err := tss.LoadVaultKeyFromFile(keyFile)
 				if err != nil {
 					return fmt.Errorf("error reading threshold key: %w, check that key is present for chain id: %s", err, chainID)
 				}
 
-				pubKey = key.PubKey
-			case signer.SignModeSingle:
+				pubKey = key.PubKey.(crypto.PubKey)
+			case cconfig.SignModeSingle:
 				err := config.Config.ValidateSingleSignerConfig()
 				if err != nil {
 					return err
@@ -67,10 +68,10 @@ func addressCmd() *cobra.Command {
 			default:
 				panic(fmt.Errorf("unexpected sign mode: %s", config.Config.SignMode))
 			}
+			pubKeyComet := pubKey.(crypto.PubKey)
+			pubKeyAddress := pubKeyComet.Address()
 
-			pubKeyAddress := pubKey.Address()
-
-			pubKeyJSON, err := signer.PubKey("", pubKey)
+			pubKeyJSON, err := cconfig.PubKey("", pubKeyComet)
 			if err != nil {
 				return err
 			}
@@ -86,7 +87,7 @@ func addressCmd() *cobra.Command {
 					return err
 				}
 				output.ValConsAddress = bech32ValConsAddress
-				pubKeyBech32, err := signer.PubKey(args[1], pubKey)
+				pubKeyBech32, err := cconfig.PubKey(args[1], pubKeyComet)
 				if err != nil {
 					return err
 				}

cmd/horcrux/cmd/config.go

@@ -5,7 +5,7 @@ import (
 	"os"
 
 	"github.com/spf13/cobra"
-	"github.com/strangelove-ventures/horcrux/signer"
+	cconfig "github.com/strangelove-ventures/horcrux/pkg/config"
 )
 
 const (
@@ -48,7 +48,7 @@ for threshold signer mode, --cosigner flags and --threshold flag are required.
 			bare, _ := cmdFlags.GetBool(flagBare)
 			nodes, _ := cmdFlags.GetStringSlice(flagNode)
 
-			cn, err := signer.ChainNodesFromFlag(nodes)
+			cn, err := cconfig.ChainNodesFromFlag(nodes)
 			if err != nil {
 				return err
 			}
@@ -60,7 +60,7 @@ for threshold signer mode, --cosigner flags and --threshold flag are required.
 					config.ConfigFile)
 			}
 
-			var cfg signer.Config
+			var cfg cconfig.Config
 
 			signMode, _ := cmdFlags.GetString(flagSignMode)
 			keyDirFlag, _ := cmdFlags.GetString(flagKeyDir)
@@ -70,21 +70,21 @@ for threshold signer mode, --cosigner flags and --threshold flag are required.
 			}
 			debugAddr, _ := cmdFlags.GetString(flagDebugAddr)
 			grpcAddr, _ := cmdFlags.GetString(flagGRPCAddress)
-			if signMode == string(signer.SignModeThreshold) {
+			if signMode == string(cconfig.SignModeThreshold) {
 				// Threshold Mode Config
 				cosignersFlag, _ := cmdFlags.GetStringSlice(flagCosigner)
 				threshold, _ := cmdFlags.GetInt(flagThreshold)
 				raftTimeout, _ := cmdFlags.GetString(flagRaftTimeout)
 				grpcTimeout, _ := cmdFlags.GetString(flagGRPCTimeout)
-				cosigners, err := signer.CosignersFromFlag(cosignersFlag)
+				cosigners, err := cconfig.CosignersFromFlag(cosignersFlag)
 				if err != nil {
 					return err
 				}
 
-				cfg = signer.Config{
-					SignMode:      signer.SignModeThreshold,
+				cfg = cconfig.Config{
+					SignMode:      cconfig.SignModeThreshold,
 					PrivValKeyDir: keyDir,
-					ThresholdModeConfig: &signer.ThresholdModeConfig{
+					ThresholdModeConfig: &cconfig.ThresholdModeConfig{
 						Threshold:   threshold,
 						Cosigners:   cosigners,
 						GRPCTimeout: grpcTimeout,
@@ -102,8 +102,8 @@ for threshold signer mode, --cosigner flags and --threshold flag are required.
 				}
 			} else {
 				// Single Signer Config
-				cfg = signer.Config{
-					SignMode:      signer.SignModeSingle,
+				cfg = cconfig.Config{
+					SignMode:      cconfig.SignModeSingle,
 					PrivValKeyDir: keyDir,
 					ChainNodes:    cn,
 					DebugAddr:     debugAddr,
@@ -134,10 +134,10 @@ for threshold signer mode, --cosigner flags and --threshold flag are required.
 	}
 
 	f := cmd.Flags()
-	f.StringP(flagSignMode, "m", string(signer.SignModeThreshold),
+	f.StringP(flagSignMode, "m", string(cconfig.SignModeThreshold),
 		`sign mode, "threshold" (recommended) or "single" (unsupported). threshold mode requires --cosigner (multiple) and --threshold`, //nolint
 	)
-	f.StringSliceP(flagNode, "n", []string{}, "chain nodes in format tcp://{node-addr}:{privval-port} \n"+
+	f.StringSliceP(flagNode, "n", []string{}, "chain cosigner in format tcp://{node-addr}:{privval-port} \n"+
 		"(e.g. --node tcp://sentry-1:1234 --node tcp://sentry-2:1234 --node tcp://sentry-3:1234 )")
 
 	f.StringSliceP(flagCosigner, "c", []string{},

cmd/horcrux/cmd/leader_election.go

@@ -5,10 +5,11 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/strangelove-ventures/horcrux/pkg/cosigner/nodesecurity"
+
 	grpcretry "github.com/grpc-ecosystem/go-grpc-middleware/retry"
 	"github.com/spf13/cobra"
 	"github.com/strangelove-ventures/horcrux/client"
-	"github.com/strangelove-ventures/horcrux/signer"
 	"github.com/strangelove-ventures/horcrux/signer/multiresolver"
 	"github.com/strangelove-ventures/horcrux/signer/proto"
 	"google.golang.org/grpc"
@@ -116,14 +117,14 @@ func getLeaderCmd() *cobra.Command {
 					return fmt.Errorf("cosigner encryption keys not found (%s) - (%s): %w", keyFileECIES, keyFileRSA, err)
 				}
 
-				key, err := signer.LoadCosignerRSAKey(keyFileRSA)
+				key, err := nodesecurity.LoadCosignerRSAKey(keyFileRSA)
 				if err != nil {
 					return fmt.Errorf("error reading cosigner key (%s): %w", keyFileRSA, err)
 				}
 
 				id = key.ID
 			} else {
-				key, err := signer.LoadCosignerECIESKey(keyFileECIES)
+				key, err := nodesecurity.LoadCosignerECIESKey(keyFileECIES)
 				if err != nil {
 					return fmt.Errorf("error reading cosigner key (%s): %w", keyFileECIES, err)
 				}

cmd/horcrux/cmd/migrate.go

@@ -8,12 +8,15 @@ import (
 	"os"
 	"path/filepath"
 
+	cconfig "github.com/strangelove-ventures/horcrux/pkg/config"
+	"github.com/strangelove-ventures/horcrux/pkg/cosigner/nodesecurity"
+	"github.com/strangelove-ventures/horcrux/pkg/tss"
+
 	cometcrypto "github.com/cometbft/cometbft/crypto"
 	cometcryptoed25519 "github.com/cometbft/cometbft/crypto/ed25519"
 	cometcryptoencoding "github.com/cometbft/cometbft/crypto/encoding"
 	cometprotocrypto "github.com/cometbft/cometbft/proto/tendermint/crypto"
 	"github.com/spf13/cobra"
-	"github.com/strangelove-ventures/horcrux/signer"
 	amino "github.com/tendermint/go-amino"
 	"gopkg.in/yaml.v2"
 )
@@ -42,7 +45,7 @@ type (
 		ChainID        string              `json:"chain-id" yaml:"chain-id"`
 		PrivValKeyFile *string             `json:"key-file,omitempty" yaml:"key-file,omitempty"`
 		Cosigner       *v2CosignerConfig   `json:"cosigner"  yaml:"cosigner"`
-		ChainNodes     []v2ChainNodeConfig `json:"chain-nodes,omitempty" yaml:"chain-nodes,omitempty"`
+		ChainNodes     []v2ChainNodeConfig `json:"chain-cosigner,omitempty" yaml:"chain-cosigner,omitempty"`
 		DebugAddr      string              `json:"debug-addr,omitempty" yaml:"debug-addr,omitempty"`
 	}
 
@@ -103,7 +106,7 @@ func (key *v2CosignerKey) UnmarshalJSON(data []byte) error {
 
 	// Prior to the tendermint protobuf migration, the public key bytes in key files
 	// were encoded using the go-amino libraries via
-	// cdc.MarshalBinaryBare(CosignerEd25519Key.PubKey)
+	// cdc.MarshalBinaryBare(Ed25519Key.PubKey)
 	//
 	// To support reading the public key bytes from these key files, we fallback to
 	// amino unmarshalling if the protobuf unmarshalling fails
@@ -218,7 +221,7 @@ func migrateCmd() *cobra.Command {
 				return err
 			}
 
-			newEd25519Key := signer.CosignerEd25519Key{
+			newEd25519Key := tss.Ed25519Key{
 				PubKey:       legacyCosignerKey.PubKey,
 				PrivateShard: legacyCosignerKey.ShareKey,
 				ID:           legacyCosignerKey.ID,
@@ -234,7 +237,7 @@ func migrateCmd() *cobra.Command {
 				return fmt.Errorf("failed to write new Ed25519 key to %s: %w", newEd25519Path, err)
 			}
 
-			newRSAKey := signer.CosignerRSAKey{
+			newRSAKey := nodesecurity.CosignerRSAKey{
 				RSAKey:  legacyCosignerKey.RSAKey,
 				ID:      legacyCosignerKey.ID,
 				RSAPubs: legacyCosignerKey.RSAPubs,
@@ -252,42 +255,42 @@ func migrateCmd() *cobra.Command {
 
 			// only attempt config migration if legacy config exists
 			if legacyCfgErr == nil {
-				var migratedNodes signer.ChainNodes
+				var migratedNodes cconfig.ChainNodes
 
 				for _, n := range legacyCfg.ChainNodes {
-					migratedNodes = append(migratedNodes, signer.ChainNode{
+					migratedNodes = append(migratedNodes, cconfig.ChainNode{
 						PrivValAddr: n.PrivValAddr,
 					})
 				}
 
 				config.Config.ChainNodes = migratedNodes
 				config.Config.DebugAddr = legacyCfg.DebugAddr
 
-				signMode := signer.SignModeSingle
+				signMode := cconfig.SignModeSingle
 
 				if legacyCfg.Cosigner != nil {
-					signMode = signer.SignModeThreshold
+					signMode = cconfig.SignModeThreshold
 
-					var migratedCosigners signer.CosignersConfig
+					var migratedCosigners cconfig.CosignersConfig
 
 					if legacyCfg.Cosigner.P2PListen != "" {
 						migratedCosigners = append(
 							migratedCosigners,
-							signer.CosignerConfig{
+							cconfig.CosignerConfig{
 								ShardID: legacyCosignerKey.ID,
 								P2PAddr: legacyCfg.Cosigner.P2PListen,
 							},
 						)
 					}
 
 					for _, c := range legacyCfg.Cosigner.Peers {
-						migratedCosigners = append(migratedCosigners, signer.CosignerConfig{
+						migratedCosigners = append(migratedCosigners, cconfig.CosignerConfig{
 							ShardID: c.ShareID,
 							P2PAddr: c.P2PAddr,
 						})
 					}
 
-					config.Config.ThresholdModeConfig = &signer.ThresholdModeConfig{
+					config.Config.ThresholdModeConfig = &cconfig.ThresholdModeConfig{
 						Threshold:   legacyCfg.Cosigner.Threshold,
 						Cosigners:   migratedCosigners,
 						GRPCTimeout: legacyCfg.Cosigner.Timeout,

cmd/horcrux/cmd/root.go

@@ -8,11 +8,11 @@ import (
 	homedir "github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
-	"github.com/strangelove-ventures/horcrux/signer"
+	cconfig "github.com/strangelove-ventures/horcrux/pkg/config"
 	"gopkg.in/yaml.v2"
 )
 
-var config signer.RuntimeConfig
+var config cconfig.RuntimeConfig
 
 func rootCmd() *cobra.Command {
 	cmd := &cobra.Command{
@@ -74,7 +74,7 @@ func initConfig() {
 	} else {
 		home = config.HomeDir
 	}
-	config = signer.RuntimeConfig{
+	config = cconfig.RuntimeConfig{
 		HomeDir:    home,
 		ConfigFile: filepath.Join(home, "config.yaml"),
 		StateDir:   filepath.Join(home, "state"),

cmd/horcrux/cmd/shards.go

@@ -20,8 +20,10 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/strangelove-ventures/horcrux/pkg/cosigner/nodesecurity"
+	"github.com/strangelove-ventures/horcrux/pkg/tss"
+
 	"github.com/spf13/cobra"
-	"github.com/strangelove-ventures/horcrux/signer"
 )
 
 func createCosignerDirectoryIfNecessary(out string, id int) (string, error) {
@@ -112,7 +114,7 @@ func createCosignerEd25519ShardsCmd() *cobra.Command {
 				return nil
 			}
 
-			csKeys, err := signer.CreateEd25519ThresholdSignShardsFromFile(keyFile, threshold, shards)
+			csKeys, err := tss.CreatePersistentEd25519ThresholdSignShardsFromFile(keyFile, threshold, shards)
 			if err != nil {
 				return err
 			}
@@ -133,7 +135,7 @@ func createCosignerEd25519ShardsCmd() *cobra.Command {
 					return err
 				}
 				filename := filepath.Join(dir, fmt.Sprintf("%s_shard.json", chainID))
-				if err = signer.WriteCosignerEd25519ShardFile(c, filename); err != nil {
+				if err = tss.WriteToFile(c, filename); err != nil {
 					return err
 				}
 				fmt.Fprintf(cmd.OutOrStdout(), "Created Ed25519 Shard %s\n", filename)
@@ -170,7 +172,7 @@ func createCosignerECIESShardsCmd() *cobra.Command {
 				return fmt.Errorf("shards must be greater than zero (%d): %w", shards, err)
 			}
 
-			csKeys, err := signer.CreateCosignerECIESShards(int(shards))
+			csKeys, err := nodesecurity.CreateCosignerECIESShards(int(shards))
 			if err != nil {
 				return err
 			}
@@ -191,7 +193,7 @@ func createCosignerECIESShardsCmd() *cobra.Command {
 					return err
 				}
 				filename := filepath.Join(dir, "ecies_keys.json")
-				if err = signer.WriteCosignerECIESShardFile(c, filename); err != nil {
+				if err = nodesecurity.WriteCosignerECIESShardFile(c, filename); err != nil {
 					return err
 				}
 				fmt.Fprintf(cmd.OutOrStdout(), "Created ECIES Shard %s\n", filename)
@@ -218,7 +220,7 @@ func createCosignerRSAShardsCmd() *cobra.Command {
 				return fmt.Errorf("shards must be greater than zero (%d): %w", shards, err)
 			}
 
-			csKeys, err := signer.CreateCosignerRSAShards(int(shards))
+			csKeys, err := nodesecurity.CreateCosignerRSAShards(int(shards))
 			if err != nil {
 				return err
 			}
@@ -239,7 +241,7 @@ func createCosignerRSAShardsCmd() *cobra.Command {
 					return err
 				}
 				filename := filepath.Join(dir, "rsa_keys.json")
-				if err = signer.WriteCosignerRSAShardFile(c, filename); err != nil {
+				if err = nodesecurity.WriteCosignerRSAShardFile(c, filename); err != nil {
 					return err
 				}
 				fmt.Fprintf(cmd.OutOrStdout(), "Created RSA Shard %s\n", filename)