lssa/wallet/src/signing.rs

use anyhow::Result;
use keycard_wallet::{KeycardWallet, python_path};
use nssa::{AccountId, PrivateKey, PublicKey, Signature};

use crate::{WalletCore, cli::CliAccountMention};

/// Groups transaction signers by type to minimise Python GIL acquisition.
///
/// Local signers are signed in pure Rust; all keycard signers share a single Python session
/// with one `connect` / `close_session` pair.
#[derive(Default)]
pub struct SigningGroups {
    local: Vec<(AccountId, PrivateKey)>,
    keycard: Vec<(AccountId, String)>,
}

impl SigningGroups {
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }

    /// Add a sender. Keycard paths are queued for the hardware session; local accounts
    /// have their signing key resolved eagerly. Errors if no key is found.
    pub fn add_sender(
        &mut self,
        mention: &CliAccountMention,
        account_id: AccountId,
        wallet_core: &WalletCore,
    ) -> Result<()> {
        if let CliAccountMention::KeyPath(path) = mention {
            self.keycard.push((account_id, path.clone()));
            return Ok(());
        }
        let key = wallet_core
            .storage()
            .key_chain()
            .pub_account_signing_key(account_id)
            .ok_or_else(|| anyhow::anyhow!("signing key not found for account {account_id}"))?
            .clone();
        self.local.push((account_id, key));
        Ok(())
    }

    /// Add a recipient. Same as [`add_sender`] but silently skips accounts with no local
    /// key and no keycard path — they are foreign and require neither a signature nor a nonce.
    pub fn add_recipient(
        &mut self,
        mention: &CliAccountMention,
        account_id: AccountId,
        wallet_core: &WalletCore,
    ) -> Result<()> {
        if let CliAccountMention::KeyPath(path) = mention {
            self.keycard.push((account_id, path.clone()));
            return Ok(());
        }
        if let Some(key) = wallet_core
            .storage()
            .key_chain()
            .pub_account_signing_key(account_id)
        {
            self.local.push((account_id, key.clone()));
        }
        Ok(())
    }

    /// Returns `true` when a PIN is required (at least one keycard signer is present).
    #[must_use]
    pub const fn needs_pin(&self) -> bool {
        !self.keycard.is_empty()
    }

    /// Account IDs that require a nonce (every non-foreign signer).
    #[must_use]
    pub fn signing_ids(&self) -> Vec<AccountId> {
        self.local
            .iter()
            .map(|(id, _)| *id)
            .chain(self.keycard.iter().map(|(id, _)| *id))
            .collect()
    }

    /// Sign `hash` for every account in the group.
    ///
    /// Local accounts are signed in pure Rust. Keycard accounts share one Python session.
    pub fn sign_all(&self, hash: &[u8; 32], pin: &str) -> Result<Vec<(Signature, PublicKey)>> {
        let mut sigs: Vec<(Signature, PublicKey)> = self
            .local
            .iter()
            .map(|(_, key)| {
                (
                    Signature::new(key, hash),
                    PublicKey::new_from_private_key(key),
                )
            })
            .collect();

        if !self.keycard.is_empty() {
            pyo3::Python::with_gil(|py| -> pyo3::PyResult<()> {
                python_path::add_python_path(py)?;
                let wallet = KeycardWallet::new(py)?;
                wallet.connect(py, pin)?;
                for (_, path) in &self.keycard {
                    sigs.push(wallet.sign_message_for_path(py, path, hash)?);
                }
                drop(wallet.close_session(py));
                Ok(())
            })
            .map_err(anyhow::Error::from)?;
        }

        Ok(sigs)
    }
}
feat(wallet): add keycard support for public tx for auth-transfer (#451) * feat: add basic commands for communicating with keycard * initialize changes * reorganization * add script file for easier wallet access * update commands * fixes * fixed load for non continuous run * Updates for signatures with keycard * fix BIP-340 signatures for fixed sized messages * fmt * refactor and add pin support to program facades * fix unit test * fixes * Revert "fixes" This reverts commit 41f34f4ff4145b7abb60fd9bec168ae4b60f23b4. * fixes * fixes * Removed privacy keycard calls * Revert "Removed privacy keycard calls" This reverts commit d70ef505a1f40b87159099761f5fce5a31e3f17b. * Add domain separators * Removed privacy txs for keycard * CI fixes * CI fixes * addressed some comments * fix ci * ci fixes * fix integration test issue and updated keycard firmware * addressed more comments * fixed deny * remove keycard-py * fixed from earlier merge * add hash_message tests * add test * fix deny * CI fixes * fixed integration tests * Update public.rs * update artifacts * ci and comments * addressed comments * comment fixes * fixes from merging main * first round of comments * Revert "Merge branch 'main' into marvin/keycard-commands" This reverts commit 3fce53f663a3996938dddf77680854570063ca21, reversing changes made to e7b42a5177641455a8917bd2e29db20afd9690e5. * python comments * addressed comments * compile error fixed * fix artifacts * fix main merge error * adjust signer logic workflow * fmt * merge main and shift keycard tests * deny fix * artifacts fix * remove keycard scripts from root * tps fix * fmt 2026-05-21 20:46:13 -04:00			`use anyhow::Result;`
			`use keycard_wallet::{KeycardWallet, python_path};`
			`use nssa::{AccountId, PrivateKey, PublicKey, Signature};`

			`use crate::{WalletCore, cli::CliAccountMention};`

			`/// Groups transaction signers by type to minimise Python GIL acquisition.`
			`///`
			`/// Local signers are signed in pure Rust; all keycard signers share a single Python session`
			/// with one `connect` / `close_session` pair.
			`#[derive(Default)]`
			`pub struct SigningGroups {`
			`local: Vec<(AccountId, PrivateKey)>,`
			`keycard: Vec<(AccountId, String)>,`
			`}`

			`impl SigningGroups {`
			`#[must_use]`
			`pub fn new() -> Self {`
			`Self::default()`
			`}`

			`/// Add a sender. Keycard paths are queued for the hardware session; local accounts`
			`/// have their signing key resolved eagerly. Errors if no key is found.`
			`pub fn add_sender(`
			`&mut self,`
			`mention: &CliAccountMention,`
			`account_id: AccountId,`
			`wallet_core: &WalletCore,`
			`) -> Result<()> {`
			`if let CliAccountMention::KeyPath(path) = mention {`
			`self.keycard.push((account_id, path.clone()));`
			`return Ok(());`
			`}`
			`let key = wallet_core`
			`.storage()`
			`.key_chain()`
			`.pub_account_signing_key(account_id)`
			`.ok_or_else(\|\| anyhow::anyhow!("signing key not found for account {account_id}"))?`
			`.clone();`
			`self.local.push((account_id, key));`
			`Ok(())`
			`}`

			/// Add a recipient. Same as [`add_sender`] but silently skips accounts with no local
			`/// key and no keycard path — they are foreign and require neither a signature nor a nonce.`
			`pub fn add_recipient(`
			`&mut self,`
			`mention: &CliAccountMention,`
			`account_id: AccountId,`
			`wallet_core: &WalletCore,`
			`) -> Result<()> {`
			`if let CliAccountMention::KeyPath(path) = mention {`
			`self.keycard.push((account_id, path.clone()));`
			`return Ok(());`
			`}`
			`if let Some(key) = wallet_core`
			`.storage()`
			`.key_chain()`
			`.pub_account_signing_key(account_id)`
			`{`
			`self.local.push((account_id, key.clone()));`
			`}`
			`Ok(())`
			`}`

			/// Returns `true` when a PIN is required (at least one keycard signer is present).
			`#[must_use]`
			`pub const fn needs_pin(&self) -> bool {`
			`!self.keycard.is_empty()`
			`}`

			`/// Account IDs that require a nonce (every non-foreign signer).`
			`#[must_use]`
			`pub fn signing_ids(&self) -> Vec<AccountId> {`
			`self.local`
			`.iter()`
			`.map(\|(id, _)\| *id)`
			`.chain(self.keycard.iter().map(\|(id, _)\| *id))`
			`.collect()`
			`}`

			/// Sign `hash` for every account in the group.
			`///`
			`/// Local accounts are signed in pure Rust. Keycard accounts share one Python session.`
			`pub fn sign_all(&self, hash: &[u8; 32], pin: &str) -> Result<Vec<(Signature, PublicKey)>> {`
			`let mut sigs: Vec<(Signature, PublicKey)> = self`
			`.local`
			`.iter()`
			`.map(\|(_, key)\| {`
			`(`
			`Signature::new(key, hash),`
			`PublicKey::new_from_private_key(key),`
			`)`
			`})`
			`.collect();`

			`if !self.keycard.is_empty() {`
			`pyo3::Python::with_gil(\|py\| -> pyo3::PyResult<()> {`
			`python_path::add_python_path(py)?;`
			`let wallet = KeycardWallet::new(py)?;`
			`wallet.connect(py, pin)?;`
			`for (_, path) in &self.keycard {`
			`sigs.push(wallet.sign_message_for_path(py, path, hash)?);`
			`}`
			`drop(wallet.close_session(py));`
			`Ok(())`
			`})`
			`.map_err(anyhow::Error::from)?;`
			`}`

			`Ok(sigs)`
			`}`
			`}`