Merge pull request #179 from tendermint/yubihsm/v0.21.0-alpha1

Update to yubihsm v0.21.0-alpha1 crate

Cargo.toml

@@ -34,10 +34,10 @@ sha2 = "0.8"
 signal-hook = "0.1.7"
 signatory = { version = "0.11", features = ["ed25519"] }
 signatory-dalek = "0.11"
-signatory-yubihsm = { version = "0.11", optional = true }
 signatory-ledger-tm = { version = "0.11", optional = true }
 subtle-encoding = "0.3"
 tendermint = { version = "0.2", path = "tendermint-rs" }
+yubihsm = { version = "0.21.0-alpha1", features = ["usb"], optional = true }
 
 [dev-dependencies]
 tempfile = "3"
@@ -46,9 +46,8 @@ rand = "0.6"
 [features]
 default = ["softsign"]
 softsign = []
-yubihsm = ["signatory-yubihsm/usb"] # USB only for now
-yubihsm-mock = ["yubihsm", "signatory-yubihsm/mockhsm"]
 ledgertm = ["signatory-ledger-tm"]
+yubihsm-mock = ["yubihsm/mockhsm"]
 
 # Enable integer overflow checks in release builds for security reasons
 [profile.release]

src/commands/mod.rs

@@ -1,10 +1,5 @@
 //! Subcommands of the `tmkms` command-line application
 
-#![allow(unknown_lints, renamed_and_removed_lints, never_loop)]
-
-use abscissa::{Callable, LoadConfig};
-use std::path::PathBuf;
-
 mod help;
 mod keygen;
 mod start;
@@ -18,6 +13,8 @@ pub use self::{
     help::HelpCommand, keygen::KeygenCommand, start::StartCommand, version::VersionCommand,
 };
 use crate::config::{KmsConfig, CONFIG_FILE_NAME};
+use abscissa::{Callable, LoadConfig};
+use std::path::PathBuf;
 
 /// Subcommands of the KMS command-line application
 #[derive(Debug, Options)]

src/commands/version.rs

@@ -1,8 +1,9 @@
 //! The `version` subcommand
 
-use abscissa::{Callable, Command as CommandTrait};
+#![allow(clippy::never_loop)]
 
 use super::KmsCommand;
+use abscissa::{Callable, Command as CommandTrait};
 
 /// The `version` subcommand
 #[derive(Debug, Default, Options)]

src/commands/yubihsm/detect.rs

@@ -1,7 +1,6 @@
 use abscissa::Callable;
 use std::process;
-
-use crate::yubihsm::connector::usb::Devices;
+use yubihsm::connector::usb::Devices;
 
 /// The `yubihsm detect` subcommand
 #[derive(Debug, Default, Options)]

src/commands/yubihsm/help.rs

@@ -1,6 +1,5 @@
-use abscissa::{Callable, Command};
-
 use super::YubihsmCommand;
+use abscissa::{Callable, Command};
 
 /// The `yubihsm help` subcommand
 #[derive(Debug, Default, Options)]

src/commands/yubihsm/keys/generate.rs

@@ -1,9 +1,8 @@
-use abscissa::Callable;
-use std::process;
-
 use super::*;
-use crate::yubihsm;
+use crate::yubihsm::get_hsm_client;
+use abscissa::Callable;
 use signatory::ed25519;
+use std::process;
 use tendermint::public_keys::ConsensusKey;
 
 /// The `yubihsm keys generate` subcommand
@@ -44,11 +43,11 @@ impl Callable for GenerateCommand {
             }
         }
 
-        let mut hsm = yubihsm::get_hsm_client();
+        let mut hsm = get_hsm_client();
 
         for key_id in &self.key_ids {
             let label =
-                yubihsm::ObjectLabel::from(self.label.as_ref().map(|l| l.as_ref()).unwrap_or(""));
+                yubihsm::object::Label::from(self.label.as_ref().map(|l| l.as_ref()).unwrap_or(""));
 
             if let Err(e) = hsm.generate_asymmetric_key(
                 *key_id,

src/commands/yubihsm/keys/help.rs

@@ -1,6 +1,5 @@
-use abscissa::{Callable, Command};
-
 use super::KeysCommand;
+use abscissa::{Callable, Command};
 
 /// The `yubihsm keys help` subcommand
 #[derive(Debug, Default, Options)]

src/commands/yubihsm/keys/import.rs

@@ -1,21 +1,12 @@
-extern crate serde_json;
-
 use super::*;
-
-use std::fs::File;
-use std::io::prelude::*;
-use std::process;
-use std::str;
-
-use crate::yubihsm;
+use crate::yubihsm::get_hsm_client;
 use abscissa::Callable;
+use serde_json::Value;
 use signatory::ed25519;
-use signatory::ed25519::Seed;
+use std::{fs::File, io::prelude::*, process, str};
 use subtle_encoding::base64;
 use tendermint::public_keys::ConsensusKey;
 
-use serde_json::Value;
-
 /// The `yubihsm keys import` subcommand
 #[derive(Debug, Default, Options)]
 pub struct ImportCommand {
@@ -86,15 +77,15 @@ impl Callable for ImportCommand {
                 status_err!("couldn't decode validator private key from config: {}", e);
                 process::exit(1);
             });
-            let seed = Seed::from_keypair(&key_pair).unwrap_or_else(|e| {
+            let seed = ed25519::Seed::from_keypair(&key_pair).unwrap_or_else(|e| {
                 status_err!("invalid key in validator config: {}", e);
                 process::exit(1);
             });
             let key = seed.as_secret_slice();
             let label =
-                yubihsm::ObjectLabel::from(self.label.as_ref().map(|l| l.as_ref()).unwrap_or(""));
+                yubihsm::object::Label::from(self.label.as_ref().map(|l| l.as_ref()).unwrap_or(""));
 
-            let mut hsm = yubihsm::get_hsm_client();
+            let mut hsm = get_hsm_client();
 
             if let Err(e) = hsm.put_asymmetric_key(
                 self.key_id.unwrap(),

src/commands/yubihsm/keys/list.rs

@@ -1,8 +1,7 @@
+use crate::yubihsm::{create_hsm_connector, get_hsm_config};
 use abscissa::Callable;
-use std::process;
-
-use crate::yubihsm;
 use signatory::ed25519;
+use std::process;
 use tendermint::public_keys::ConsensusKey;
 
 /// The `yubihsm keys list` subcommand
@@ -16,14 +15,14 @@ pub struct ListCommand {
 impl Callable for ListCommand {
     /// List all suitable Ed25519 keys in the HSM
     fn call(&self) {
-        let hsm_connector = yubihsm::create_hsm_connector();
+        let hsm_connector = create_hsm_connector();
 
         let serial_number = hsm_connector.serial_number().unwrap_or_else(|e| {
             status_err!("couldn't get YubiHSM serial number: {}", e);
             process::exit(1);
         });
 
-        let credentials = yubihsm::get_config().auth.credentials();
+        let credentials = get_hsm_config().auth.credentials();
 
         let mut hsm = yubihsm::Client::open(hsm_connector, credentials, true).unwrap_or_else(|e| {
             status_err!("error connecting to YubiHSM2: {}", e);
@@ -37,7 +36,7 @@ impl Callable for ListCommand {
 
         let mut keys = objects
             .iter()
-            .filter(|o| o.object_type == yubihsm::ObjectType::AsymmetricKey)
+            .filter(|o| o.object_type == yubihsm::object::Type::AsymmetricKey)
             .collect::<Vec<_>>();
 
         keys.sort_by(|k1, k2| k1.object_id.cmp(&k2.object_id));

src/commands/yubihsm/keys/mod.rs

@@ -3,12 +3,10 @@ mod help;
 mod import;
 mod list;
 
-use crate::yubihsm;
-use abscissa::Callable;
-
 use self::{
     generate::GenerateCommand, help::HelpCommand, import::ImportCommand, list::ListCommand,
 };
+use abscissa::Callable;
 
 /// Default key type to generate
 pub const DEFAULT_KEY_TYPE: &str = "ed25519";

src/config/provider/yubihsm.rs

@@ -1,11 +1,11 @@
 //! Configuration for the `YubiHSM` backend
 
-use crate::yubihsm::{Credentials, HttpConfig, SerialNumber, UsbConfig};
 use abscissa::{
     secrets::{BorrowSecret, DebugSecret, Secret},
     util::Zeroize,
 };
 use std::process;
+use yubihsm::{Credentials, HttpConfig, SerialNumber, UsbConfig};
 
 /// The (optional) `[providers.yubihsm]` config section
 #[derive(Clone, Deserialize, Debug)]

src/error.rs

@@ -1,8 +1,6 @@
 // Error types
 
 use crate::prost;
-#[cfg(feature = "yubihsm")]
-use crate::yubihsm;
 use abscissa::Error;
 use signatory;
 use std::{
@@ -151,7 +149,7 @@ impl From<TmValidationError> for KmsError {
 #[cfg(feature = "yubihsm")]
 impl From<yubihsm::connector::ConnectionError> for KmsError {
     fn from(other: yubihsm::connector::ConnectionError) -> Self {
-        use crate::yubihsm::connector::ConnectionErrorKind;
+        use yubihsm::connector::ConnectionErrorKind;
 
         let kind = match other.kind() {
             ConnectionErrorKind::AddrInvalid => KmsErrorKind::ConfigError,

src/keyring/ed25519/yubihsm.rs

@@ -1,13 +1,11 @@
 //! YubiHSM2-based signer
 
-use signatory::PublicKeyed;
-use signatory_yubihsm::{self, KeyId};
-
 use crate::{
     config::provider::yubihsm::YubihsmConfig,
     error::{KmsError, KmsErrorKind::*},
     keyring::{ed25519::Signer, KeyRing},
 };
+use signatory::PublicKeyed;
 
 /// Label for ed25519-dalek provider
 // TODO: use a non-string type for these, e.g. an enum
@@ -28,11 +26,12 @@ pub fn init(keyring: &mut KeyRing, yubihsm_configs: &[YubihsmConfig]) -> Result<
     }
 
     let yubihsm_config = &yubihsm_configs[0];
-    let connector = signatory_yubihsm::yubihsm::UsbConnector::create(&yubihsm_config.usb_config())?;
-    let session = signatory_yubihsm::Session::create(connector, yubihsm_config.auth.credentials())?;
+    let connector = yubihsm::UsbConnector::create(&yubihsm_config.usb_config())?;
+    let session =
+        yubihsm::signatory::Session::create(connector, yubihsm_config.auth.credentials())?;
 
     for key_config in &yubihsm_config.keys {
-        let provider = Box::new(session.ed25519_signer(KeyId(key_config.key))?);
+        let provider = Box::new(session.ed25519_signer(key_config.key)?);
 
         keyring.add(
             provider.public_key()?,

src/lib.rs

@@ -15,26 +15,12 @@ extern crate prost_amino as prost;
 extern crate abscissa;
 #[macro_use]
 extern crate abscissa_derive;
-extern crate bytes;
-extern crate failure;
 #[macro_use]
 extern crate failure_derive;
 #[macro_use]
 extern crate lazy_static;
-extern crate serde;
 #[macro_use]
 extern crate serde_derive;
-extern crate serde_json;
-extern crate sha2;
-extern crate signal_hook;
-extern crate signatory;
-extern crate signatory_dalek;
-#[cfg(feature = "ledgertm")]
-extern crate signatory_ledger_tm;
-#[cfg(feature = "yubihsm")]
-extern crate signatory_yubihsm;
-extern crate subtle_encoding;
-extern crate tendermint;
 
 #[macro_use]
 mod error;
@@ -50,5 +36,4 @@ mod unix_connection;
 #[cfg(feature = "yubihsm")]
 mod yubihsm;
 
-pub use crate::application::KmsApplication;
-pub use crate::unix_connection::UnixConnection;
+pub use crate::{application::KmsApplication, unix_connection::UnixConnection};

src/yubihsm.rs

@@ -1,10 +1,14 @@
 use crate::config::{provider::yubihsm::YubihsmConfig, KmsConfig};
 use abscissa::GlobalConfig;
-pub use signatory_yubihsm::yubihsm::*;
 use std::{
     process,
     sync::{Mutex, MutexGuard},
 };
+#[cfg(feature = "yubihsm-mock")]
+use yubihsm::MockHsm;
+#[cfg(not(feature = "yubihsm-mock"))]
+use yubihsm::UsbConnector;
+use yubihsm::{Client, Connector};
 
 lazy_static! {
     static ref HSM_CLIENT: Mutex<Client> = Mutex::new(create_hsm_client());
@@ -18,7 +22,7 @@ pub fn get_hsm_client() -> MutexGuard<'static, Client> {
 /// Get a `yubihsm::Client` configured from the global configuration
 fn create_hsm_client() -> Client {
     let connector = create_hsm_connector();
-    let credentials = get_config().auth.credentials();
+    let credentials = get_hsm_config().auth.credentials();
 
     Client::open(connector, credentials, true).unwrap_or_else(|e| {
         status_err!("error connecting to YubiHSM2: {}", e);
@@ -27,7 +31,7 @@ fn create_hsm_client() -> Client {
 }
 
 /// Get the YubiHSM-related configuration
-pub fn get_config() -> YubihsmConfig {
+pub fn get_hsm_config() -> YubihsmConfig {
     let kms_config = KmsConfig::get_global();
     let yubihsm_configs = &kms_config.providers.yubihsm;
 
@@ -46,7 +50,7 @@ pub fn get_config() -> YubihsmConfig {
 #[cfg(not(feature = "yubihsm-mock"))]
 pub fn create_hsm_connector() -> Box<dyn Connector> {
     // TODO: `HttpConnector` support
-    let connector = UsbConnector::create(&get_config().usb_config()).unwrap_or_else(|e| {
+    let connector = UsbConnector::create(&get_hsm_config().usb_config()).unwrap_or_else(|e| {
         status_err!("error opening USB connection to YubiHSM2: {}", e);
         process::exit(1);
     });