spark_rust/signer/traits/

mod.rs

//! # Signer Traits for the Spark Wallet SDK
//!
//! This module defines the trait interfaces for the signing system in Spark.
//! The signing system is a critical component that handles all cryptographic
//! operations including key management, ECDSA signing, FROST threshold signing,
//! and secure key derivation.
//!
//! ## Trait Architecture
//!
//! The signer follows a modular trait-based design:
//!
//! - [`SparkSigner`] - The main trait that composes all sub-traits
//! - [`SparkSignerDerivationPath`] - Key derivation path handling using Spark's custom path scheme
//! - [`SparkSignerEcdsa`] - ECDSA signature operations for identity verification
//! - [`SparkSignerEcies`] - Encryption/decryption of secret keys between parties
//! - [`SparkSignerFrost`] - FROST nonce and commitment management for threshold signing
//! - [`SparkSignerFrostSigning`] - FROST threshold signature operations
//! - [`SparkSignerSecp256k1`] - Secp256k1 keypair management
//! - [`SparkSignerShamir`] - Verifiable secret sharing for secure key distribution
//!
//! This design allows for flexible implementation of different signing backends
//! while ensuring all required cryptographic operations are supported.
//!
//! ## Implementation
//!
//! The SDK provides a default implementation [`DefaultSigner`](crate::signer::default_signer::DefaultSigner)
//! that manages keys in memory. Users can implement custom signers for specialized
//! needs such as hardware security modules or remote signing services.

use crate::error::SparkSdkError;

// Signer traits
use crate::signer::traits::derivation_path::SparkSignerDerivationPath;
use crate::signer::traits::ecdsa::SparkSignerEcdsa;
use crate::signer::traits::ecies::SparkSignerEcies;
use crate::signer::traits::frost::SparkSignerFrost;
use crate::signer::traits::frost_signing::SparkSignerFrostSigning;
use crate::signer::traits::secp256k1::SparkSignerSecp256k1;
use crate::signer::traits::shamir::SparkSignerShamir;

use crate::SparkNetwork;

use tonic::async_trait;

pub mod derivation_path;
pub mod ecdsa;
pub mod ecies;
pub mod frost;
pub mod frost_signing;
pub mod secp256k1;
pub mod shamir;

/// The main signer trait that aggregates all cryptographic capabilities required
/// for the Spark wallet.
///
/// This trait is the primary interface for implementing a signer for the Spark Wallet SDK.
/// It combines all the specialized sub-traits that handle different aspects of the
/// cryptographic operations needed in the Spark protocol.
///
/// Implementors must provide all the functionality defined in each sub-trait:
///
/// - [`SparkSignerShamir`]: Verifiable secret sharing operations
/// - [`SparkSignerEcdsa`]: ECDSA signature operations
/// - [`SparkSignerEcies`]: Encryption/decryption of secret keys
/// - [`SparkSignerFrost`]: FROST nonce and commitment management
/// - [`SparkSignerSecp256k1`]: Secp256k1 keypair operations
/// - [`SparkSignerFrostSigning`]: FROST threshold signing operations
/// - [`SparkSignerDerivationPath`]: Key derivation path handling
///
/// # Security Considerations
///
/// The signer implementation is responsible for securely managing private keys
/// and other sensitive cryptographic material. Implementors should:
///
/// - Ensure proper isolation of private key material
/// - Implement secure storage if keys are persisted
/// - Follow best practices for cryptographic operations
/// - Maintain Spark's specific derivation path scheme for compatibility
#[async_trait]
pub trait SparkSigner:
    SparkSignerShamir
    + SparkSignerEcdsa
    + SparkSignerEcies
    + SparkSignerFrost
    + SparkSignerSecp256k1
    + SparkSignerFrostSigning
    + SparkSignerDerivationPath
{
    /// The constructed signer type, wrapped in a thread-safe reference-counted container.
    ///
    /// This associated type allows implementors to define their own wrapped signer type,
    /// which typically is an `Arc<parking_lot::RwLock<Self>>` to enable thread-safe
    /// access and mutation of the signer state.
    type WrappedSigner: Sized;

    /// Creates a new signer instance from a BIP-39 mnemonic phrase.
    ///
    /// This method initializes a signer using a mnemonic phrase, which is converted
    /// to a seed for deriving all necessary keys. This is the recommended way to
    /// create a signer for most applications.
    ///
    /// # Arguments
    /// * `mnemonic` - The BIP-39 mnemonic phrase to derive keys from
    /// * `network` - The Spark network to use (affects key derivation)
    ///
    /// # Returns
    /// A wrapped signer instance or an error if initialization fails
    ///
    /// # Example
    /// ```no_run
    /// # use spark_rust::signer::default_signer::DefaultSigner;
    /// # use spark_rust::SparkNetwork;
    /// # use spark_rust::error::SparkSdkError;
    /// # async fn example() -> Result<(), SparkSdkError> {
    /// let mnemonic = "abandon ability able about above absent absorb abstract absurd abuse access accident";
    /// let signer = DefaultSigner::from_mnemonic(mnemonic, SparkNetwork::Regtest).await?;
    /// # Ok(())
    /// # }
    /// ```
    #[cfg(feature = "self-signing")]
    async fn from_mnemonic(
        mnemonic: &str,
        network: SparkNetwork,
    ) -> Result<Self::WrappedSigner, SparkSdkError>;

    /// Creates a new signer instance from a raw seed.
    ///
    /// This method initializes a signer using a raw seed byte array for deriving keys.
    /// This is an alternative to using a mnemonic phrase when the seed is already available.
    ///
    /// # Arguments
    /// * `master_seed` - The seed bytes to derive keys from
    /// * `network` - The Spark network to use (affects key derivation)
    ///
    /// # Returns
    /// A wrapped signer instance or an error if initialization fails
    #[cfg(feature = "self-signing")]
    async fn from_master_seed(
        master_seed: &[u8],
        network: SparkNetwork,
    ) -> Result<Self::WrappedSigner, SparkSdkError>;

    /// Creates a new signer instance connected to a remote signing service.
    ///
    /// This method initializes a signer that communicates with a remote service
    /// for signing operations rather than managing keys locally. This can be used
    /// for integration with hardware security modules or enterprise key management systems.
    ///
    /// # Arguments
    /// * `signer_url` - The URL of the remote signing service
    /// * `wallet_id` - An identifier for the wallet on the remote service
    /// * `user_public_key_hex` - The user's public key in hexadecimal format
    ///
    /// # Returns
    /// A wrapped signer instance or an error if connection fails
    ///
    /// # Note
    /// This method is only available when the "self-signing" feature is disabled.
    #[cfg(not(feature = "self-signing"))]
    async fn new_remote(
        signer_url: &str,
        wallet_id: &str,
        user_public_key_hex: &str,
    ) -> Result<Self::WrappedSigner, SparkSdkError>;
}