feat: viem account from gcp hsm

[jeanregisser]

Full working implementation with support for signing transactions, messages and typed data.

Ported from https://github.com/celo-org/developer-tooling/tree/0c61e7e02c741fe10ecd1d733a33692d324cdc82/packages/sdk/wallets/wallet-hsm-gcp

Send script run

❯ GCLOUD_PROJECT=valora-viem-hsm-test yarn ts-node ./scripts/send.ts
yarn run v1.22.21
$ /Users/jean/src/github.com/valora-inc/viem-account-hsm-gcp/node_modules/.bin/ts-node ./scripts/send.ts
Viem HSM Account: 0x6AD01Ac6841b67f27DC1A039FefBF5804003d6a4
Balance: 0.997207 CELO
Sending 0.001 CELO from Viem HSM Account...
Waiting for transaction hash: 0x834f5cfc42ddfe293ec81d5e154c1fac37cf3e5772a6d322e2d99c1b6e503e50
TX status: success
✨  Done in 12.94s.

Next up: add e2e test for CI, README, automated publish to NPM

Fixes RET-1037

[jophish]

So, the KMS client returns the typical human-readable (PEM) public key that we're used to dealing with - this function removes the begin/end statements and trims whitespace, resulting in the base64 representation of the DER format key (the only difference between PEM and DER are presumably the comments present in PEM files). Taking a buffer of the base64 DER key presumably gives you the "canonical" (read: binary) representation of DER keys.

By my understanding, ASN.1 refers to the abstract syntax tree of the underlying data, not its encoding scheme (both PEM and DER are encodings of ASN.1 data, I believe; this article helped clarify). Given that, the name of the function publicKeyFromAsn1 is a bit confusing, since what's really important is the encoding scheme used for the input argument, which in this case is the binary DER encoding. I can't tell from publicKeyFromAsn1 whether the input should be PEM, binary DER, or b64 encoded. Maybe publicKeyFromDer might be more useful?

[jeanregisser]

oh I see, I didn't put much thought to this as this was the name used in the implementation I ported.
Renaming now, makes more sense, thanks.

[jophish]

What format exactly is this resulting public key?

[jophish]

Ah, okay - this is ECDSA public key (just a long hex string), and the eth address is just the hash of the first chunk of it?

[jeanregisser]

Yes that's right.

[jophish]

i can't say i fully understand this, but makes me wonder if there are other transaction types that we need to care about/do special stuff for here? if someone tries to use this for some new TX type from some new EIP down the line that requires special treatment, it seems like this wouldn't necessarily work? i guess there's not much to do about that besides allow-listing a subset of transaction types, but that definitely seems like overkill.

[jeanregisser]

Yes me neither, it's a bit odd it's at this level.
I copied what was done in viem: https://github.com/wevm/viem/blob/e6c47807f32d14ded53c40831177ee80c5a47a10/src/accounts/utils/signTransaction.ts
It feels like this should be put somewhere else in viem so each custom Account implementation doesn't have to deal with this.
I'll give this feedback to the viem authors.

[bakoushin]

🚀 Amazing!

I like how compact it actually is!

[jeanregisser]

I like how compact it actually is!

Yes same, it looks small and simple.

[github-actions]

🎉 This PR is included in version 1.0.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀