Pubkey impl

danimhr · danimhr · commit 756c1e6d67a7 · 2025-07-07T12:41:49.000+02:00
diff --git a/src/main.rs b/src/main.rs
@@ -223,7 +223,10 @@ async fn run(run_options: config::RunOptions) {
         })
         .collect();
 
-    let (pubkey, pubkey_evm) = signer.get_public_key().expect("Failed to get public key");
+    let (pubkey, pubkey_evm) = signer
+        .get_public_key()
+        .await
+        .expect("Failed to get public key");
     let evm_encded_public_key = format!("0x{}", hex::encode(pubkey_evm));
     tracing::info!(
         public_key = ?pubkey,
@@ -277,7 +280,10 @@ async fn main() {
             // Generate keypair (secret + public key)
             let (secret_key, _) = secp.generate_keypair(&mut rng);
             let signer = signer::FileSigner { secret_key };
-            let (pubkey, pubkey_evm) = signer.get_public_key().expect("Failed to get public key");
+            let (pubkey, pubkey_evm) = signer
+                .get_public_key()
+                .await
+                .expect("Failed to get public key");
 
             let guardian_key = GuardianKey {
                 data: secret_key.secret_bytes().to_vec(),
@@ -497,8 +503,8 @@ mod tests {
         assert_eq!(result.unwrap_err().to_string(), INVALID_ACCUMULATOR_ADDRESS);
     }
 
-    #[test]
-    fn test_parse_and_verify_proto_guardian_key() {
+    #[tokio::test]
+    async fn test_parse_and_verify_proto_guardian_key() {
         // The content below is generated by keygen script at:
         // https://github.com/wormhole-foundation/wormhole/blob/main/node/cmd/guardiand/keygen.go
         let content = "-----BEGIN WORMHOLE GUARDIAN PRIVATE KEY-----
@@ -523,7 +529,13 @@ mod tests {
             "f2f3127bff540c8441f99763f586858ef340c9962ad62b6181cd77203e81808f",
         );
         assert_eq!(
-            hex::encode(signer.get_public_key().expect("Failed to get public key").1),
+            hex::encode(
+                signer
+                    .get_public_key()
+                    .await
+                    .expect("Failed to get public key")
+                    .1
+            ),
             "30e41be3f10d3ac813f91e49e189bbb948d030be",
         );
     }
diff --git a/src/signer.rs b/src/signer.rs
@@ -14,7 +14,7 @@ use sha3::{Digest, Keccak256};
 #[async_trait]
 pub trait Signer: Send + Sync {
     async fn sign(&self, data: [u8; 32]) -> anyhow::Result<[u8; 65]>;
-    fn get_public_key(&self) -> anyhow::Result<(PublicKey, [u8; 20])>;
+    async fn get_public_key(&self) -> anyhow::Result<(PublicKey, [u8; 20])>;
 }
 
 #[derive(Clone, Debug)]
@@ -73,6 +73,17 @@ impl FileSigner {
     }
 }
 
+fn get_evm_public_key(public_key: &PublicKey) -> anyhow::Result<[u8; 20]> {
+    let pubkey_uncompressed = public_key.serialize_uncompressed();
+    let pubkey_hash: [u8; 32] = Keccak256::new_with_prefix(&pubkey_uncompressed[1..])
+        .finalize()
+        .into();
+    let pubkey_evm: [u8; 20] = pubkey_hash[pubkey_hash.len() - 20..]
+        .try_into()
+        .map_err(|e| anyhow::anyhow!("Failed to convert public key hash to EVM format: {}", e))?;
+    Ok(pubkey_evm)
+}
+
 #[async_trait]
 impl Signer for FileSigner {
     async fn sign(&self, data: [u8; 32]) -> anyhow::Result<[u8; 65]> {
@@ -86,19 +97,10 @@ impl Signer for FileSigner {
         Ok(signature)
     }
 
-    fn get_public_key(&self) -> anyhow::Result<(PublicKey, [u8; 20])> {
+    async fn get_public_key(&self) -> anyhow::Result<(PublicKey, [u8; 20])> {
         let secp = Secp256k1::new();
         let public_key = self.secret_key.public_key(&secp);
-        let pubkey_uncompressed = public_key.serialize_uncompressed();
-        let pubkey_hash: [u8; 32] = Keccak256::new_with_prefix(&pubkey_uncompressed[1..])
-            .finalize()
-            .into();
-        let pubkey_evm: [u8; 20] =
-            pubkey_hash[pubkey_hash.len() - 20..]
-                .try_into()
-                .map_err(|e| {
-                    anyhow::anyhow!("Failed to convert public key hash to EVM format: {}", e)
-                })?;
+        let pubkey_evm = get_evm_public_key(&public_key)?;
         Ok((public_key, pubkey_evm))
     }
 }
@@ -142,7 +144,20 @@ impl Signer for KMSSigner {
             })
     }
 
-    fn get_public_key(&self) -> anyhow::Result<(PublicKey, [u8; 20])> {
-        todo!()
+    async fn get_public_key(&self) -> anyhow::Result<(PublicKey, [u8; 20])> {
+        let result = self
+            .client
+            .get_public_key()
+            .key_id(self.arn.to_string())
+            .send()
+            .await
+            .map_err(|e| anyhow::anyhow!("Failed to get public key from KMS: {}", e))?;
+        let public_key = result
+            .public_key
+            .ok_or(anyhow::anyhow!("KMS did not return a public key"))?;
+        let public_key = PublicKey::from_slice(public_key.as_ref())
+            .map_err(|e| anyhow::anyhow!("Failed to create PublicKey from KMS: {}", e))?;
+        let pubkey_evm = get_evm_public_key(&public_key)?;
+        Ok((public_key, pubkey_evm))
     }
 }
