Sign Soroban auth entries from Ledger identities.

Author: fnando

cmd/soroban-cli/src/commands/contract/arg_parsing.rs

@@ -93,25 +93,25 @@ fn running_cmd() -> String {
     format!("{} --", args.join(" "))
 }
 
-pub async fn build_host_function_parameters(
+pub fn build_host_function_parameters(
     contract_id: &stellar_strkey::Contract,
     slop: &[OsString],
     spec_entries: &[ScSpecEntry],
     config: &config::Args,
 ) -> Result<HostFunctionParameters, Error> {
-    build_host_function_parameters_with_filter(contract_id, slop, spec_entries, config, true).await
+    build_host_function_parameters_with_filter(contract_id, slop, spec_entries, config, true)
 }
 
-pub async fn build_constructor_parameters(
+pub fn build_constructor_parameters(
     contract_id: &stellar_strkey::Contract,
     slop: &[OsString],
     spec_entries: &[ScSpecEntry],
     config: &config::Args,
 ) -> Result<HostFunctionParameters, Error> {
-    build_host_function_parameters_with_filter(contract_id, slop, spec_entries, config, false).await
+    build_host_function_parameters_with_filter(contract_id, slop, spec_entries, config, false)
 }
 
-async fn build_host_function_parameters_with_filter(
+fn build_host_function_parameters_with_filter(
     contract_id: &stellar_strkey::Contract,
     slop: &[OsString],
     spec_entries: &[ScSpecEntry],
@@ -122,7 +122,7 @@ async fn build_host_function_parameters_with_filter(
     let cmd = build_clap_command(&spec, filter_constructor)?;
     let (function, matches_) = parse_command_matches(cmd, slop)?;
     let func = get_function_spec(&spec, &function)?;
-    let (parsed_args, signers) = parse_function_arguments(&func, &matches_, &spec, config).await?;
+    let (parsed_args, signers) = parse_function_arguments(&func, &matches_, &spec, config)?;
     let invoke_args = build_invoke_contract_args(contract_id, &function, parsed_args)?;
 
     Ok((function, spec, invoke_args, signers))
@@ -187,7 +187,7 @@ fn get_function_spec(spec: &Spec, function: &str) -> Result<ScSpecFunctionV0, Er
     })
 }
 
-async fn parse_function_arguments(
+fn parse_function_arguments(
     func: &ScSpecFunctionV0,
     matches_: &clap::ArgMatches,
     spec: &Spec,
@@ -197,13 +197,13 @@ async fn parse_function_arguments(
     let mut signers = Vec::<Signer>::new();
 
     for i in func.inputs.iter() {
-        parse_single_argument(i, matches_, spec, config, &mut signers, &mut parsed_args).await?;
+        parse_single_argument(i, matches_, spec, config, &mut signers, &mut parsed_args)?;
     }
 
     Ok((parsed_args, signers))
 }
 
-async fn parse_single_argument(
+fn parse_single_argument(
     input: &stellar_xdr::curr::ScSpecFunctionInputV0,
     matches_: &clap::ArgMatches,
     spec: &Spec,
@@ -234,7 +234,7 @@ async fn parse_single_argument(
             ScSpecTypeDef::Address | ScSpecTypeDef::MuxedAddress
         ) {
             let trimmed_s = s.trim_matches('"');
-            if let Some(signer) = resolve_signer(trimmed_s, config).await {
+            if let Some(signer) = resolve_signer(trimmed_s, config) {
                 signers.push(signer);
             }
         }
@@ -464,10 +464,10 @@ fn resolve_address(addr_or_alias: &str, config: &config::Args) -> Result<String,
     Ok(account)
 }
 
-async fn resolve_signer(addr_or_alias: &str, config: &config::Args) -> Option<Signer> {
+fn resolve_signer(addr_or_alias: &str, config: &config::Args) -> Option<Signer> {
     let secret = config.locator.get_secret_key(addr_or_alias).ok()?;
     let print = Print::new(false);
-    let signer = secret.signer(config.hd_path(), print).await.ok()?;
+    let signer = secret.signer(config.hd_path(), print).ok()?;
     Some(signer)
 }
 

cmd/soroban-cli/src/commands/contract/deploy/wasm.rs

@@ -384,8 +384,7 @@ impl Cmd {
                         &slop,
                         &entries,
                         config,
-                    )
-                    .await?
+                    )?
                     .2,
                 )
             }

cmd/soroban-cli/src/commands/contract/invoke.rs

@@ -269,7 +269,7 @@ impl Cmd {
 
         if let Some(spec_entries) = &spec_entries {
             // For testing wasm arg parsing
-            build_host_function_parameters(&contract_id, &self.slop, spec_entries, config).await?;
+            build_host_function_parameters(&contract_id, &self.slop, spec_entries, config)?;
         }
 
         let client = network.rpc_client()?;
@@ -294,7 +294,7 @@ impl Cmd {
         .map_err(Error::from)?;
 
         let params =
-            build_host_function_parameters(&contract_id, &self.slop, &spec_entries, config).await?;
+            build_host_function_parameters(&contract_id, &self.slop, &spec_entries, config)?;
 
         let (function, spec, host_function_params, signers) = params;
 

cmd/soroban-cli/src/commands/message/sign.rs

@@ -80,11 +80,11 @@ impl Cmd {
         let secret = self
             .locator
             .get_secret_key_with_hd_path(key_or_name, self.hd_path)?;
-        let signer = secret.signer(self.hd_path, print.clone()).await?;
+        let signer = secret.signer(self.hd_path, print.clone())?;
         let public_key = signer.get_public_key()?;
 
         // Encode signature as base64
-        let signature_base64 = sep_53_sign(&message_bytes, signer)?;
+        let signature_base64 = sep_53_sign(&message_bytes, signer).await?;
 
         print.infoln(format!("Signer: {public_key}"));
         println!("{signature_base64}");
@@ -121,14 +121,14 @@ impl Cmd {
 /// Sign the given message bytes with the provided signer, returning the base64-encoded signature.
 ///
 /// Expects the message bytes to be the raw message (without SEP-53 prefix).
-fn sep_53_sign(message_bytes: &[u8], signer: Signer) -> Result<String, Error> {
+async fn sep_53_sign(message_bytes: &[u8], signer: Signer) -> Result<String, Error> {
     // Create SEP-53 payload
     let mut payload = Vec::with_capacity(SEP53_PREFIX.len() + message_bytes.len());
     payload.extend_from_slice(SEP53_PREFIX.as_bytes());
     payload.extend_from_slice(message_bytes);
     let hash: [u8; 32] = Sha256::digest(&payload).into();
 
-    let signature = signer.sign_payload(hash)?;
+    let signature = signer.sign_payload(hash).await?;
 
     Ok(BASE64.encode(signature.to_bytes()))
 }
@@ -172,8 +172,8 @@ mod tests {
         }
     }
 
-    #[test]
-    fn test_sign_simple() {
+    #[tokio::test]
+    async fn test_sign_simple() {
         // SEP-53 - test case 1
         let message = "Hello, World!".to_string();
         let expected_signature = "fO5dbYhXUhBMhe6kId/cuVq/AfEnHRHEvsP8vXh03M1uLpi5e46yO2Q8rEBzu3feXQewcQE5GArp88u6ePK6BA==";
@@ -189,13 +189,13 @@ mod tests {
         let signer = build_signer_for_test_key();
 
         let message_bytes = cmd.get_message_bytes().unwrap();
-        let signature_base64 = sep_53_sign(&message_bytes, signer).unwrap();
+        let signature_base64 = sep_53_sign(&message_bytes, signer).await.unwrap();
 
         assert_eq!(signature_base64, expected_signature);
     }
 
-    #[test]
-    fn test_sign_japanese() {
+    #[tokio::test]
+    async fn test_sign_japanese() {
         // SEP-53 - test case 2
         let message = "こんにちは、世界！".to_string();
         let expected_signature = "CDU265Xs8y3OWbB/56H9jPgUss5G9A0qFuTqH2zs2YDgTm+++dIfmAEceFqB7bhfN3am59lCtDXrCtwH2k1GBA==";
@@ -211,13 +211,13 @@ mod tests {
         let signer = build_signer_for_test_key();
 
         let message_bytes = cmd.get_message_bytes().unwrap();
-        let signature_base64 = sep_53_sign(&message_bytes, signer).unwrap();
+        let signature_base64 = sep_53_sign(&message_bytes, signer).await.unwrap();
 
         assert_eq!(signature_base64, expected_signature);
     }
 
-    #[test]
-    fn test_sign_base64() {
+    #[tokio::test]
+    async fn test_sign_base64() {
         // SEP-53 - test case 3
         let message = "2zZDP1sa1BVBfLP7TeeMk3sUbaxAkUhBhDiNdrksaFo=".to_string();
         let expected_signature = "VA1+7hefNwv2NKScH6n+Sljj15kLAge+M2wE7fzFOf+L0MMbssA1mwfJZRyyrhBORQRle10X1Dxpx+UOI4EbDQ==";
@@ -233,7 +233,7 @@ mod tests {
         let signer = build_signer_for_test_key();
 
         let message_bytes = cmd.get_message_bytes().unwrap();
-        let signature_base64 = sep_53_sign(&message_bytes, signer).unwrap();
+        let signature_base64 = sep_53_sign(&message_bytes, signer).await.unwrap();
 
         assert_eq!(signature_base64, expected_signature);
     }

cmd/soroban-cli/src/config/mod.rs

@@ -143,12 +143,10 @@ impl Args {
         let client = network.rpc_client()?;
         let latest_ledger = client.get_latest_ledger().await?.sequence;
         let seq_num = latest_ledger + 60; // ~ 5 min
-        Ok(signer::sign_soroban_authorizations(
-            tx,
-            signers,
-            seq_num,
-            &network.network_passphrase,
-        )?)
+        Ok(
+            signer::sign_soroban_authorizations(tx, signers, seq_num, &network.network_passphrase)
+                .await?,
+        )
     }
 
     pub fn get_network(&self) -> Result<Network, Error> {

cmd/soroban-cli/src/config/secret.rs

@@ -6,7 +6,9 @@ use stellar_strkey::ed25519::{PrivateKey, PublicKey};
 
 use crate::{
     print::Print,
-    signer::{self, ledger, secure_store, LocalKey, SecureStoreEntry, Signer, SignerKind},
+    signer::{
+        self, ledger::LedgerEntry, secure_store, LocalKey, SecureStoreEntry, Signer, SignerKind,
+    },
     utils,
 };
 
@@ -207,22 +209,25 @@ impl Secret {
         }
     }
 
-    pub async fn signer(&self, hd_path: Option<usize>, print: Print) -> Result<Signer, Error> {
+    pub fn signer(&self, hd_path: Option<usize>, print: Print) -> Result<Signer, Error> {
         let kind = match self {
             Secret::SecretKey { .. } | Secret::SeedPhrase { .. } => {
                 let key = self.key_pair(hd_path)?;
                 SignerKind::Local(LocalKey { key })
             }
             Secret::Ledger {
                 hardware: HardwareKind::Ledger,
+                public_key,
                 hd_path: cached_hd_path,
-                ..
             } => {
                 let effective = hd_path.or(*cached_hd_path).unwrap_or_default();
                 let hd_path: u32 = effective
                     .try_into()
                     .map_err(|_| Error::HdPathOutOfRange(effective))?;
-                SignerKind::Ledger(ledger::new(hd_path).await?)
+                SignerKind::Ledger(LedgerEntry {
+                    hd_path,
+                    public_key: Some(PublicKey::from_string(public_key)?),
+                })
             }
             Secret::SecureStore {
                 entry_name,

cmd/soroban-cli/src/config/sign_with.rs

@@ -1,7 +1,7 @@
 use crate::{
     config::UnresolvedMuxedAccount,
     print::Print,
-    signer::{self, ledger, Signer, SignerKind},
+    signer::{self, ledger::LedgerEntry, Signer, SignerKind},
     xdr::{self, TransactionEnvelope},
 };
 
@@ -76,15 +76,16 @@ impl Args {
                 print,
             }
         } else if self.sign_with_ledger {
-            let ledger = ledger::new(
-                self.hd_path
-                    .unwrap_or_default()
-                    .try_into()
-                    .unwrap_or_default(),
-            )
-            .await?;
+            let hd_path = self
+                .hd_path
+                .unwrap_or_default()
+                .try_into()
+                .unwrap_or_default();
             Signer {
-                kind: SignerKind::Ledger(ledger),
+                kind: SignerKind::Ledger(LedgerEntry {
+                    hd_path,
+                    public_key: None,
+                }),
                 print,
             }
         } else {
@@ -98,7 +99,7 @@ impl Args {
             };
 
             let secret = locator.get_secret_key_with_hd_path(key_or_name, self.hd_path)?;
-            secret.signer(self.hd_path, print).await?
+            secret.signer(self.hd_path, print)?
         };
         Ok(signer.sign_tx_env(tx, network).await?)
     }