mirror of https://github.com/certusone/aiakos.git
Upgrade to yubihsm-go v0.1.0
This commit is contained in:
Hendrik Hofstadt
parent
247a8286ee
commit
4395c53661
|
|
@ -8,7 +8,6 @@
|
|||
revision = "67e573d211ace594f1366b4ce9d39726c4b19bd0"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/certusone/yubihsm-go"
|
||||
packages = [
|
||||
".",
|
||||
|
|
@ -16,7 +15,8 @@
|
|||
"connector",
|
||||
"securechannel"
|
||||
]
|
||||
revision = "cbe259b1eea4d9429b0d083619a980e581ac59e8"
|
||||
revision = "2f4bdbb679b59998a67ab3443a896c36211ade80"
|
||||
version = "v0.1.0"
|
||||
|
||||
[[projects]]
|
||||
name = "github.com/davecgh/go-spew"
|
||||
|
|
@ -220,6 +220,6 @@
|
|||
[solve-meta]
|
||||
analyzer-name = "dep"
|
||||
analyzer-version = 1
|
||||
inputs-digest = "ce36da4f71a430971b68672ab49a690efd7bf70faf8188e3474f0d82af7dd355"
|
||||
inputs-digest = "67414e714c2545c1a8679288655315fa603e148f48459c727d031bbf164c4d4e"
|
||||
solver-name = "gps-cdcl"
|
||||
solver-version = 1
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
[[constraint]]
|
||||
name = "github.com/certusone/yubihsm-go"
|
||||
branch = "master"
|
||||
version = "0.1.0"
|
||||
|
||||
[prune]
|
||||
go-tests = true
|
||||
|
|
|
|||
46
hsm.go
46
hsm.go
|
|
@ -2,6 +2,7 @@ package aiakos
|
|||
|
||||
import (
|
||||
"errors"
|
||||
|
||||
"github.com/certusone/yubihsm-go"
|
||||
"github.com/certusone/yubihsm-go/commands"
|
||||
"github.com/certusone/yubihsm-go/connector"
|
||||
|
|
@ -10,17 +11,12 @@ import (
|
|||
cmn "github.com/tendermint/tendermint/libs/common"
|
||||
"github.com/tendermint/tendermint/libs/log"
|
||||
"github.com/tendermint/tendermint/types"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
defaultPoolSize = 5
|
||||
)
|
||||
|
||||
type (
|
||||
// AiakosPV implements PrivValidator using Aiakos
|
||||
AiakosPV struct {
|
||||
hsmSessionPool *yubihsm.SessionManager
|
||||
hsmSessionManager *yubihsm.SessionManager
|
||||
|
||||
hsmURL string
|
||||
authKeyID uint16
|
||||
|
|
@ -49,26 +45,19 @@ func NewAiakosPV(hsmURL string, signingKeyID uint16, authKeyID uint16, password
|
|||
|
||||
// OnStart implements cmn.Service.
|
||||
func (a *AiakosPV) OnStart() error {
|
||||
|
||||
sessionPool, err := yubihsm.NewSessionManager(connector.NewHTTPConnector(a.hsmURL), a.authKeyID, a.password, defaultPoolSize)
|
||||
sessionManager, err := yubihsm.NewSessionManager(connector.NewHTTPConnector(a.hsmURL), a.authKeyID, a.password)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
a.hsmSessionPool = sessionPool
|
||||
|
||||
select {
|
||||
case <-sessionPool.Connected:
|
||||
a.Logger.Info("connected to HSM")
|
||||
case <-time.After(5 * time.Second):
|
||||
return errors.New("connection/authentication with the HSM timed out; look at yubihsm logs for more info")
|
||||
}
|
||||
a.hsmSessionManager = sessionManager
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// OnStop implements cmn.Service.
|
||||
func (a *AiakosPV) OnStop() {
|
||||
a.hsmSessionPool.Destroy()
|
||||
a.hsmSessionManager.Destroy()
|
||||
}
|
||||
|
||||
// GetAddress returns the address of the validator.
|
||||
|
|
@ -84,16 +73,12 @@ func (a *AiakosPV) GetPubKey() crypto.PubKey {
|
|||
if a.cachedPubKey != nil {
|
||||
return a.cachedPubKey
|
||||
}
|
||||
session, err := a.hsmSessionPool.GetSession()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
command, err := commands.CreateGetPubKeyCommand(a.signingKeyID)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
resp, err := session.SendEncryptedCommand(command)
|
||||
resp, err := a.hsmSessionManager.SendEncryptedCommand(command)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
|
@ -167,17 +152,15 @@ func (a *AiakosPV) SignHeartbeat(chainID string, heartbeat *types.Heartbeat) err
|
|||
// This fails if the key slot already contains a key.
|
||||
// This should be used for testing purposes only. Wrap and import keys in production.
|
||||
func (a *AiakosPV) ImportKey(keyID uint16, key []byte) error {
|
||||
session, err := a.hsmSessionPool.GetSession()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
command, err := commands.CreatePutAsymmetricKeyCommand(keyID, []byte("imported"), commands.Domain1, commands.CapabilityAsymmetricSignEddsa, commands.AlgorighmED25519, key, []byte{})
|
||||
|
||||
resp, err := session.SendEncryptedCommand(command)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
resp, err := a.hsmSessionManager.SendEncryptedCommand(command)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
parsedResp, matched := resp.(*commands.PutAsymmetricKeyResponse)
|
||||
if !matched {
|
||||
a.Logger.Error("invalid response type")
|
||||
|
|
@ -193,16 +176,11 @@ func (a *AiakosPV) ImportKey(keyID uint16, key []byte) error {
|
|||
}
|
||||
|
||||
func (a *AiakosPV) signBytes(data []byte) ([]byte, error) {
|
||||
session, err := a.hsmSessionPool.GetSession()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
command, err := commands.CreateSignDataEddsaCommand(a.signingKeyID, data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp, err := session.SendEncryptedCommand(command)
|
||||
resp, err := a.hsmSessionManager.SendEncryptedCommand(command)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue