Open tomtau opened 2 years ago
CC @marbar3778 @tony-iqlusion
This is definitely something I'm interested in, although there is presently no integration with tonic
whatsoever in tendermint-proto
, and nearly no gRPC support (aside from this).
The work here depends on https://github.com/cometbft/cometbft/issues/476 right?
that's right
Version(s) of tendermint-rs: v0.24.0-pre.2
Description
"privval" is an interface used by a Tendermint process (on validator nodes) to communicate with a signing backend (e.g. YubiHSM). Previously, "privval" was over a custom socket protocol (implemented e.g. in tmkms) that leveraged Unix domain sockets or Tendermint P2P over TCP where Tendermint acted as a server, and a signing backend connected to it as a client. In Tendermint 0.35, a new method for "privval" was introduced: the signer is a standard gRPC server/service, and Tendermint connects to it as a client. In Tendermint 0.36, we expect the old "privval" custom socket protocol will be removed and only the gRPC-based "privval" interface will be provided.
Given these circumstances, I think it makes sense for tendermint-rs to support this interface via the following features:
build_server(true)
in tonic_build, probably via a feature-flag (as not every usage of tendermint-proto needs it)update_consensus_state
in tmkms https://github.com/iqlusioninc/tmkms/blob/main/src/chain/state.rs#L66 )Here's a sketch of the potential interface:
load_state
andpersist_state
could potentially be in a separate trait, so that one can e.g. have a default file-based state persistence, but different signer backends are free to implement what makes sense in their context (e.g. write to CPU monotonic counters or an external service).Definition of "done"
PrivValidatorApi
,PrivValidatorApiServer
...): https://github.com/informalsystems/tendermint-rs/pull/1137PrivValidatorApi
implementation (validation of types via domain types, basic double signing checking, chain-id verification) with basic common constructors or configurations (e.g. to load the certificates for TLS) and an extensible way to plug in different signer providers (with a software signer given as a sample implementation)Related issues: