diff --git a/Gopkg.lock b/Gopkg.lock index 9876205..7a83c44 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -8,7 +8,6 @@ revision = "67e573d211ace594f1366b4ce9d39726c4b19bd0" [[projects]] - branch = "master" name = "github.com/certusone/yubihsm-go" packages = [ ".", @@ -16,7 +15,8 @@ "connector", "securechannel" ] - revision = "cbe259b1eea4d9429b0d083619a980e581ac59e8" + revision = "2f4bdbb679b59998a67ab3443a896c36211ade80" + version = "v0.1.0" [[projects]] name = "github.com/davecgh/go-spew" @@ -220,6 +220,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "ce36da4f71a430971b68672ab49a690efd7bf70faf8188e3474f0d82af7dd355" + inputs-digest = "67414e714c2545c1a8679288655315fa603e148f48459c727d031bbf164c4d4e" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index 4c99a19..70ba0fe 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -34,7 +34,7 @@ [[constraint]] name = "github.com/certusone/yubihsm-go" - branch = "master" + version = "0.1.0" [prune] go-tests = true diff --git a/hsm.go b/hsm.go index 86f6a69..bba1e5b 100644 --- a/hsm.go +++ b/hsm.go @@ -2,6 +2,7 @@ package aiakos import ( "errors" + "github.com/certusone/yubihsm-go" "github.com/certusone/yubihsm-go/commands" "github.com/certusone/yubihsm-go/connector" @@ -10,17 +11,12 @@ import ( cmn "github.com/tendermint/tendermint/libs/common" "github.com/tendermint/tendermint/libs/log" "github.com/tendermint/tendermint/types" - "time" -) - -const ( - defaultPoolSize = 5 ) type ( // AiakosPV implements PrivValidator using Aiakos AiakosPV struct { - hsmSessionPool *yubihsm.SessionManager + hsmSessionManager *yubihsm.SessionManager hsmURL string authKeyID uint16 @@ -49,26 +45,19 @@ func NewAiakosPV(hsmURL string, signingKeyID uint16, authKeyID uint16, password // OnStart implements cmn.Service. func (a *AiakosPV) OnStart() error { - - sessionPool, err := yubihsm.NewSessionManager(connector.NewHTTPConnector(a.hsmURL), a.authKeyID, a.password, defaultPoolSize) + sessionManager, err := yubihsm.NewSessionManager(connector.NewHTTPConnector(a.hsmURL), a.authKeyID, a.password) if err != nil { return err } - a.hsmSessionPool = sessionPool - select { - case <-sessionPool.Connected: - a.Logger.Info("connected to HSM") - case <-time.After(5 * time.Second): - return errors.New("connection/authentication with the HSM timed out; look at yubihsm logs for more info") - } + a.hsmSessionManager = sessionManager return nil } // OnStop implements cmn.Service. func (a *AiakosPV) OnStop() { - a.hsmSessionPool.Destroy() + a.hsmSessionManager.Destroy() } // GetAddress returns the address of the validator. @@ -84,16 +73,12 @@ func (a *AiakosPV) GetPubKey() crypto.PubKey { if a.cachedPubKey != nil { return a.cachedPubKey } - session, err := a.hsmSessionPool.GetSession() - if err != nil { - panic(err) - } command, err := commands.CreateGetPubKeyCommand(a.signingKeyID) if err != nil { panic(err) } - resp, err := session.SendEncryptedCommand(command) + resp, err := a.hsmSessionManager.SendEncryptedCommand(command) if err != nil { panic(err) } @@ -167,17 +152,15 @@ func (a *AiakosPV) SignHeartbeat(chainID string, heartbeat *types.Heartbeat) err // This fails if the key slot already contains a key. // This should be used for testing purposes only. Wrap and import keys in production. func (a *AiakosPV) ImportKey(keyID uint16, key []byte) error { - session, err := a.hsmSessionPool.GetSession() - if err != nil { - return err - } - command, err := commands.CreatePutAsymmetricKeyCommand(keyID, []byte("imported"), commands.Domain1, commands.CapabilityAsymmetricSignEddsa, commands.AlgorighmED25519, key, []byte{}) - - resp, err := session.SendEncryptedCommand(command) if err != nil { return err } + resp, err := a.hsmSessionManager.SendEncryptedCommand(command) + if err != nil { + return err + } + parsedResp, matched := resp.(*commands.PutAsymmetricKeyResponse) if !matched { a.Logger.Error("invalid response type") @@ -193,16 +176,11 @@ func (a *AiakosPV) ImportKey(keyID uint16, key []byte) error { } func (a *AiakosPV) signBytes(data []byte) ([]byte, error) { - session, err := a.hsmSessionPool.GetSession() - if err != nil { - return nil, err - } - command, err := commands.CreateSignDataEddsaCommand(a.signingKeyID, data) if err != nil { return nil, err } - resp, err := session.SendEncryptedCommand(command) + resp, err := a.hsmSessionManager.SendEncryptedCommand(command) if err != nil { return nil, err }