feat: support pkcs#11 standard as a signer (#24)

* feat: support pkcs#11 standard as a signer

* fix: clippy

* docs

* fix: windows build

Author: joshstevens19

crates/core/Cargo.toml

@@ -60,3 +60,5 @@ sha2 = "0.10"
 p256 = { version = "0.13", features = ["ecdsa"] }
 tower = "0.5.2"
 subtle = "2.6.1"
+cryptoki = "0.10"
+secrecy = "0.8"

crates/core/src/provider/evm_provider.rs

@@ -1,10 +1,13 @@
 use crate::gas::BLOB_GAS_PER_BLOB;
 use crate::provider::layer_extensions::RpcLoggingLayer;
 use crate::wallet::{
-    AwsKmsWalletManager, CompositeWalletManager, MnemonicWalletManager, PrivateKeyWalletManager,
-    PrivyWalletManager, TurnkeyWalletManager, WalletError, WalletManagerTrait,
+    AwsKmsWalletManager, CompositeWalletManager, MnemonicWalletManager, Pkcs11WalletManager,
+    PrivateKeyWalletManager, PrivyWalletManager, TurnkeyWalletManager, WalletError,
+    WalletManagerTrait,
+};
+use crate::yaml::{
+    AwsKmsSigningProviderConfig, Pkcs11SigningProviderConfig, TurnkeySigningProviderConfig,
 };
-use crate::yaml::{AwsKmsSigningProviderConfig, TurnkeySigningProviderConfig};
 use crate::{
     gas::{
         BaseGasFeeEstimator, BlobGasEstimatorResult, BlobGasPriceResult, GasEstimatorError,
@@ -200,6 +203,15 @@ impl EvmProvider {
         Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
     }
 
+    pub async fn new_with_pkcs11(
+        network_setup_config: &NetworkSetupConfig,
+        pkcs11_config: Pkcs11SigningProviderConfig,
+        gas_estimator: Arc<dyn BaseGasFeeEstimator + Send + Sync>,
+    ) -> Result<Self, EvmProviderNewError> {
+        let wallet_manager = Arc::new(Pkcs11WalletManager::new(pkcs11_config)?);
+        Self::new_internal(network_setup_config, wallet_manager, gas_estimator).await
+    }
+
     pub async fn new_with_composite(
         network_setup_config: &NetworkSetupConfig,
         primary_manager: Arc<dyn WalletManagerTrait>,

crates/core/src/provider/mod.rs

@@ -66,6 +66,7 @@ pub async fn load_providers(
         let has_main_signing_provider = signing_key.privy.is_some()
             || signing_key.aws_kms.is_some()
             || signing_key.turnkey.is_some()
+            || signing_key.pkcs11.is_some()
             || signing_key.raw.is_some();
 
         // If we only have private keys and no main signing provider, use private key manager only
@@ -148,6 +149,25 @@ pub async fn load_providers(
                 )
                 .await?
             }
+        } else if let Some(pkcs11) = &signing_key.pkcs11 {
+            if private_key_strings.is_some() {
+                let pkcs11_manager =
+                    std::sync::Arc::new(crate::wallet::Pkcs11WalletManager::new(pkcs11.clone())?);
+                EvmProvider::new_with_composite(
+                    config,
+                    pkcs11_manager,
+                    private_key_strings,
+                    get_gas_estimator(&config.provider_urls, setup_config, config).await?,
+                )
+                .await?
+            } else {
+                EvmProvider::new_with_pkcs11(
+                    config,
+                    pkcs11.clone(),
+                    get_gas_estimator(&config.provider_urls, setup_config, config).await?,
+                )
+                .await?
+            }
         } else {
             let mnemonic = get_mnemonic_from_signing_key(project_path, signing_key).await?;
 

crates/core/src/startup.rs

@@ -189,6 +189,7 @@ async fn start_api(
                 && signing_provider.privy.is_none()
                 && signing_provider.aws_kms.is_none()
                 && signing_provider.turnkey.is_none()
+                && signing_provider.pkcs11.is_none()
             {
                 Some(network_config.chain_id)
             } else {

crates/core/src/wallet/mod.rs

@@ -24,6 +24,9 @@ pub use turnkey_wallet_manager::TurnkeyWalletManager;
 mod private_key_wallet_manager;
 pub use private_key_wallet_manager::PrivateKeyWalletManager;
 
+mod pkcs11_wallet_manager;
+pub use pkcs11_wallet_manager::Pkcs11WalletManager;
+
 mod composite_wallet_manager;
 pub use composite_wallet_manager::CompositeWalletManager;