UNPKG

@tacoinfra/tezos-kms

Version:

Utilize AWS KMS Keys to work with the Tezos blockchain.

github.com/tacoinfra/tezos-kms

tacoinfra/tezos-kms

74 lines 3.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const prefixes_1 = __importDefault(require("./prefixes")); const asn1_1 = __importDefault(require("./asn1")); const aws_sdk_1 = require("aws-sdk"); const utils_1 = __importDefault(require("./utils")); const SIGNING_ALGORITHM = 'ECDSA_SHA_256'; const DIGEST_LENGTH = 32; const PUBLIC_KEY_HASH_LENGTH = 20; class TezosKmsClient { constructor(kmsKeyId, region) { this.kms = new aws_sdk_1.KMS({ region, }); this.kmsKeyId = kmsKeyId; } async getPublicKey() { const publicKeyResponse = await this.kms .getPublicKey({ KeyId: this.kmsKeyId, }) .promise(); const publicKeyDer = publicKeyResponse.PublicKey; if (publicKeyDer === undefined) { throw new Error("Couldn't retreive key from AWS KMS"); } const decodedPublicKey = asn1_1.default.decode(publicKeyDer); const publicKeyHex = decodedPublicKey.sub[1].toHexStringContent(); const uncompressedPublicKeyBytes = utils_1.default.hexToBytes(publicKeyHex); const publicKeyBytes = utils_1.default.compressKey(uncompressedPublicKeyBytes); return utils_1.default.base58CheckEncode(publicKeyBytes, prefixes_1.default.secp256k1PublicKey); } async getPublicKeyHash() { const publicKeyResponse = await this.kms .getPublicKey({ KeyId: this.kmsKeyId, }) .promise(); const publicKeyDer = publicKeyResponse.PublicKey; if (publicKeyDer === undefined) { throw new Error("Couldn't retreive key from AWS KMS"); } const decodedPublicKey = asn1_1.default.decode(publicKeyDer); const publicKeyHex = decodedPublicKey.sub[1].toHexStringContent(); const uncompressedPublicKeyBytes = utils_1.default.hexToBytes(publicKeyHex); const publicKeyBytes = utils_1.default.compressKey(uncompressedPublicKeyBytes); return utils_1.default.base58CheckEncode(utils_1.default.blake2b(publicKeyBytes, PUBLIC_KEY_HASH_LENGTH), prefixes_1.default.secp256k1PublicKeyHash); } async signOperation(bytes) { const digest = utils_1.default.blake2b(bytes, DIGEST_LENGTH); const params = { KeyId: this.kmsKeyId, Message: digest, SigningAlgorithm: SIGNING_ALGORITHM, MessageType: 'DIGEST', }; const { Signature: derSignature } = await this.kms.sign(params).promise(); if (!(derSignature instanceof Uint8Array)) { throw new Error('Unexpected response from KMS'); } const rawSignature = utils_1.default.derSignatureToRaw(derSignature); const normalizedSignature = utils_1.default.normalizeSignature(rawSignature); return Buffer.from(normalizedSignature); } async signOperationBase58(bytes) { const signatureBytes = await this.signOperation(bytes); return utils_1.default.base58CheckEncode(signatureBytes, prefixes_1.default.secp256k1signature); } } exports.default = TezosKmsClient; //# sourceMappingURL=tezos-kms-client.js.map