Skip to content

S
sgxwallet
Unverified Commit 20466b87 authored by kladko's avatar kladko
Browse files
Options

SKALE-3170-backup-keys

parent bdb3bd1c
Show whitespace changes
Inline Side-by-side
Showing with 183 additions and 171 deletions
SEKManager.cpp
View file @ 20466b87
......@@ -37,6 +37,8 @@
#include "ServerDataChecker.h"
#include "third_party/spdlog/spdlog.h"
using namespace std;
bool case_insensitive_match(string s1, string s2) {
//convert s1 and s2 into lower case strings
transform(s1.begin(), s1.end(), s1.begin(), ::tolower);
......@@ -46,23 +48,23 @@ bool case_insensitive_match(string s1, string s2) {
void create_test_key() {
int errStatus = 0;
vector<char> errMsg(1024,0);
vector<char> errMsg(1024, 0);
uint32_t enc_len;
uint8_t encrypted_key[BUF_LEN];
memset(encrypted_key, 0, BUF_LEN);
std::string key = TEST_VALUE;
string key = TEST_VALUE;
status = trustedEncryptKeyAES(eid, &errStatus, errMsg.data(), key.c_str(), encrypted_key, &enc_len);
if ( status != SGX_SUCCESS ) {
std::cerr << "encrypt test key failed with status " << status << std::endl;
throw SGXException(status, errMsg.data()) ;
if (status != SGX_SUCCESS) {
cerr << "encrypt test key failed with status " << status << endl;
throw SGXException(status, errMsg.data());
}
if ( errStatus != 0 ) {
std::cerr << "encrypt test key failed with status " << errStatus << std::endl;
throw SGXException(errStatus, errMsg.data()) ;
if (errStatus != 0) {
cerr << "encrypt test key failed with status " << errStatus << endl;
throw SGXException(errStatus, errMsg.data());
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
......@@ -70,91 +72,91 @@ void create_test_key() {
carray2Hex(encrypted_key, enc_len, hexEncrKey.data());
uint64_t test_len;
vector<uint8_t>test_encr_key(1024, 0);
vector <uint8_t> test_encr_key(1024, 0);
if (!hex2carray(hexEncrKey.data(), &test_len, test_encr_key.data())) {
std::cerr << "wrong encrypted test key" << std::endl;
cerr << "wrong encrypted test key" << endl;
}
LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
LevelDB::getLevelDb()->writeDataUnique("TEST_KEY", hexEncrKey.data());
}
#include <experimental/filesystem>
bool check_SEK(const std::string& SEK) {
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
vector<uint8_t> encr_test_key(BUF_LEN, 0);
bool check_SEK(const string &SEK) {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
vector <uint8_t> encr_test_key(BUF_LEN, 0);
uint64_t len;
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data())) {
spdlog::error("wrong test key" );
spdlog::error("wrong test key");
exit(-1);
}
vector<char> decr_key(1024,0);
vector<char> errMsg(1024,0);
vector<char> decr_key(1024, 0);
vector<char> errMsg(1024, 0);
int err_status = 0;
vector<uint8_t> encr_SEK(1024,0);
vector <uint8_t> encr_SEK(1024, 0);
uint32_t l = len;
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &l, SEK.c_str() );
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &l, SEK.c_str());
if (status != SGX_SUCCESS) {
cerr << "RPCException thrown with status " << status << endl;
throw SGXException(status, errMsg.data());
}
if ( err_status != 0 ) {
if (err_status != 0) {
cerr << "RPCException thrown with status " << err_status << endl;
throw SGXException(err_status, errMsg.data());
}
status = trustedDecryptKeyAES(eid, &err_status, errMsg.data(), encr_test_key.data(), len, decr_key.data());
if (status != SGX_SUCCESS || err_status != 0) {
spdlog::error("failed to decrypt test key" );
spdlog::error("failed to decrypt test key");
spdlog::error(errMsg.data());
exit(-1);
}
std::string test_key = TEST_VALUE;
string test_key = TEST_VALUE;
if (test_key.compare(decr_key.data()) != 0) {
std::cerr << "decrypted key is " << decr_key.data() << std::endl;
spdlog::error("Invalid SEK" );
cerr << "decrypted key is " << decr_key.data() << endl;
spdlog::error("Invalid SEK");
return false;
}
return true;
}
void gen_SEK() {
vector<char> errMsg(1024,0);
vector<char> errMsg(1024, 0);
int err_status = 0;
vector<uint8_t> encr_SEK(1024, 0);
vector <uint8_t> encr_SEK(1024, 0);
uint32_t enc_len = 0;
char SEK[65];
memset(SEK, 0, 65);
spdlog::error("Generating backup key. Will be stored in backup_key.txt ... " );
spdlog::error("Generating backup key. Will be stored in backup_key.txt ... ");
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
if ( status != SGX_SUCCESS ) {
throw SGXException(status, errMsg.data()) ;
if (status != SGX_SUCCESS) {
throw SGXException(status, errMsg.data());
}
if ( err_status != 0 ) {
throw SGXException(err_status, errMsg.data()) ;
if (err_status != 0) {
throw SGXException(err_status, errMsg.data());
}
if ( strnlen(SEK,33) != 32) {
throw SGXException(-1, "strnlen(SEK,33) != 32" ) ;
if (strnlen(SEK, 33) != 32) {
throw SGXException(-1, "strnlen(SEK,33) != 32");
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
std::ofstream sek_file("backup_key.txt");
ofstream sek_file("backup_key.txt");
sek_file.clear();
sek_file << SEK;
......@@ -165,28 +167,24 @@ void gen_SEK() {
"apt-get install secure-delete && srm -vz sgx_data/backup_key.txt" << endl;
if (!autoconfirm) {
std::string confirm_str = "I confirm";
std::string buffer;
string confirm_str = "I confirm";
string buffer;
do {
std::cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
<< std::endl;
std::getline(std::cin, buffer);
cout << " DO YOU CONFIRM THAT YOU COPIED THE KEY? (if you confirm type - I confirm)"
<< endl;
getline(cin, buffer);
} while (case_insensitive_match(confirm_str, buffer));
}
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key();
}
void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK) {
vector<char> errMsg(1024,0);
void trustedSetSEK(shared_ptr <string> hex_encr_SEK) {
vector<char> errMsg(1024, 0);
int err_status = 0;
uint8_t encr_SEK[BUF_LEN];
......@@ -198,60 +196,74 @@ void trustedSetSEK(std::shared_ptr<std::string> hex_encr_SEK) {
throw SGXException(INVALID_HEX, "Invalid encrypted SEK Hex");
}
status = trustedSetSEK(eid, &err_status, errMsg.data(), encr_SEK );
if ( status != SGX_SUCCESS ) {
status = trustedSetSEK(eid, &err_status, errMsg.data(), encr_SEK);
if (status != SGX_SUCCESS) {
cerr << "RPCException thrown" << endl;
throw SGXException(status, errMsg.data()) ;
throw SGXException(status, errMsg.data());
}
if ( err_status != 0 ) {
if (err_status != 0) {
cerr << "RPCException thrown" << endl;
throw SGXException(err_status, errMsg.data()) ;
throw SGXException(err_status, errMsg.data());
}
}
void enter_SEK() {
vector<char> errMsg(1024,0);
vector<char> errMsg(1024, 0);
int err_status = 0;
vector<uint8_t> encr_SEK(BUF_LEN, 0);
vector <uint8_t> encr_SEK(BUF_LEN, 0);
uint32_t enc_len;
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
if (test_key_ptr == nullptr) {
spdlog::error("empty db" );
spdlog::error("empty db");
exit(-1);
}
std::string SEK;
std::cout << "ENTER BACKUP KEY" << std::endl;
std::cin >> SEK;
ifstream sek_file("sgx_data/backup_key.txt");
string SEK;
sek_file >> SEK;
spdlog::info("Reading backup key from file ...");
cin >> SEK;
while (!checkHex(SEK, 16) || !check_SEK(SEK)) {
std::cout << "KEY IS INVALID.TRY ONCE MORE" << std::endl;
SEK = "";
std::cin >> SEK;
spdlog::error("Invalid key");
throw SGXException(-1, "Invalid key");
}
spdlog::info("Setting backup key ...");
status = trustedSetSEK_backup(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK.c_str());
if (status != SGX_SUCCESS) {
cerr << "RPCException thrown with status " << status << endl;
spdlog::error("RPCException thrown with status {}", status);
throw SGXException(status, errMsg.data());
}
if ( err_status != 0 ) {
if (err_status != 0) {
cerr << "RPCException thrown" << endl;
throw SGXException(err_status, errMsg.data()) ;
throw SGXException(err_status, errMsg.data());
}
vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
LevelDB::getLevelDb() -> deleteKey("SEK");
LevelDB::getLevelDb() -> writeDataUnique("SEK", hexEncrKey.data());
spdlog::info("Got sealed storage encryption key.");
LevelDB::getLevelDb()->deleteKey("SEK");
spdlog::info("Storing sealed storage encryption key in LevelDB ...");
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
spdlog::info("Stored storage encryption key in LevelDB.");
}
void initSEK() {
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
shared_ptr <string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (enterBackupKey) {
enter_SEK();
} else {
......
sgxwall.cpp
View file @ 20466b87
......@@ -49,7 +49,7 @@ void SGXWallet::printUsage() {
cerr << " -v Verbose mode: turn on debug output\n";
cerr << " -vv Detailed verbose mode: turn on debug and trace outputs\n";
cerr << "\nBackup, restore, update flags:\n\n";
cerr << " -b Restore from back up or software update. You will need to type in the backup key. \n";
cerr << " -b filename Restore from back up or software update. You will need to put backup key into a file in sgx_data dir. \n";
cerr << " -y Do not ask user to acknowledge receipt of the backup key \n";
cerr << "\nHTTPS flags:\n\n";
cerr << " -n Launch sgxwallet using http. Default is to use https with a selg-signed server cert. \n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment