Skip to content

S
sgxwallet
Unverified Commit 325db7d6 authored by svetaro's avatar svetaro
Browse files
Options

Merge branch 'develop' into enhancement/SKALE-2003-Create-backup-key

parents 5aa4500c 0ec388d2
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 878 additions and 1903 deletions
.github/workflows/dockerimagesim.yml
View file @ 325db7d6
......@@ -18,6 +18,10 @@ jobs:
run: git submodule update --init --recursive
- name: Build the Docker image
run: docker build . --file DockerfileSimulation --tag skalenetwork/sgxwalletsim:latest
- name: run docker image
run: docker run -v ${PWD}/sgx_data:/usr/src/sdk/sgx_data -d --network=host skalenetwork/sgxwalletsim:latest
- name: sleep and check
run: sleep 5; scripts/docker_test.py
- name: push docker image
run: docker push skalenetwork/sgxwalletsim:latest
.gitignore
View file @ 325db7d6
# Created by .ignore support plugin (hsz.mobi)
.idea/
sgx-gmp/
gmp-build
tgmp-build
install-sh
......@@ -13,6 +14,10 @@ secure_enclave.edl
am--include-marker
*.o
aclocal.m4
missing
compile
depcomp
ltmain.sh
secure_enclave.signed.so
sgxgmpmath
sgxgmppi
......
BLSCrypto.cpp
View file @ 325db7d6
......@@ -51,6 +51,7 @@
#include "RPCException.h"
#include "spdlog/spdlog.h"
#include "common.h"
int char2int(char _input) {
if (_input >= '0' && _input <= '9')
......@@ -135,11 +136,11 @@ bool hex2carray2(const char * _hex, uint64_t *_bin_len,
bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t _n, size_t _signerIndex,
char* _sig) {
//std::cerr << "ENTER SIGN" << std::endl;
//cerr << "ENTER SIGN" << endl;
auto keyStr = std::make_shared<std::string>(_encryptedKeyHex);
auto keyStr = make_shared<string>(_encryptedKeyHex);
auto hash = std::make_shared<std::array<uint8_t, 32>>();
auto hash = make_shared<array<uint8_t, 32>>();
uint64_t binLen;
......@@ -150,9 +151,9 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
auto keyShare = std::make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
auto keyShare = make_shared<BLSPrivateKeyShareSGX>(keyStr, _t, _n);
//std::cerr << "keyShare created" << std::endl;
//cerr << "keyShare created" << endl;
// {
auto sigShare = keyShare->signWithHelperSGX(hash, _signerIndex);
// }
......@@ -161,14 +162,14 @@ bool sign(const char* _encryptedKeyHex, const char* _hashHex, size_t _t, size_t
strncpy(_sig, sigShareStr->c_str(), BUF_LEN);
//std::string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
//string sigShareStr = keyShare->signWithHelperSGXstr(hash, _signerIndex);
//strncpy(_sig, sigShareStr.c_str(), BUF_LEN);
// std::string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
// auto sig_ptr = std::make_shared<std::string>(test_sig);
// string test_sig = "8175162913343900215959836578795929492705714455632345516427532159927644835012:15265825550804683171644566522808807137117748565649051208189914766494241035855:9810286616503120081238481858289626967170509983220853777870754480048381194141:5";
// auto sig_ptr = make_shared<string>(test_sig);
// strncpy(_sig, sig_ptr->c_str(), BUF_LEN);
//std::cerr<< "sig " << _sig <<std::endl;
//cerr<< "sig " << _sig <<endl;
return true;
......
BLSPrivateKeyShareSGX.cpp
View file @ 325db7d6
......@@ -21,7 +21,7 @@
@date 2019
*/
using namespace std;
#include "BLSSigShare.h"
#include "BLSSignature.h"
......@@ -33,6 +33,7 @@ using namespace std;
#include "BLSCrypto.h"
#include "ServerInit.h"
#include "common.h"
#include "BLSPrivateKeyShareSGX.h"
......
CMakeLists.txt
View file @ 325db7d6
cmake_minimum_required(VERSION 3.12)
project(sgxd)
cmake_minimum_required(VERSION 3.15)
project(sgxwallet)
set(CMAKE_CXX_STANDARD 14)
include_directories(.)
include_directories(libff/libff/algebra/curves/alt_bn128)
include_directories(libff/libff/algebra/curves/bn128)
include_directories(libff/libff/algebra/curves/edwards)
include_directories(libff/libff/algebra/curves/mnt)
include_directories(libff/libff/algebra/curves/mnt/mnt4)
include_directories(libff/libff/algebra/curves/mnt/mnt6)
include_directories(libff/libff/common/default_types)
include_directories(secure_enclave)
include_directories(sgx-software-enable)
include_directories(tgmp-build)
include_directories(tgmp-build/include)
add_custom_target(sgxd COMMAND make all
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
SOURCES
libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.cpp
libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.hpp
libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp
libff/libff/algebra/curves/alt_bn128/alt_bn128_init.hpp
libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.cpp
libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp
libff/libff/algebra/curves/bn128/bn128_g1.cpp
libff/libff/algebra/curves/bn128/bn128_g1.hpp
libff/libff/algebra/curves/bn128/bn128_g2.cpp
libff/libff/algebra/curves/bn128/bn128_g2.hpp
libff/libff/algebra/curves/bn128/bn128_gt.cpp
libff/libff/algebra/curves/bn128/bn128_gt.hpp
libff/libff/algebra/curves/bn128/bn128_init.cpp
libff/libff/algebra/curves/bn128/bn128_init.hpp
libff/libff/algebra/curves/bn128/bn128_pairing.cpp
libff/libff/algebra/curves/bn128/bn128_pairing.hpp
libff/libff/algebra/curves/bn128/bn128_pp.cpp
libff/libff/algebra/curves/bn128/bn128_pp.hpp
libff/libff/algebra/curves/bn128/bn_utils.hpp
libff/libff/algebra/curves/bn128/bn_utils.tcc
libff/libff/algebra/curves/edwards/edwards_g1.cpp
libff/libff/algebra/curves/edwards/edwards_g1.hpp
libff/libff/algebra/curves/edwards/edwards_g2.cpp
libff/libff/algebra/curves/edwards/edwards_g2.hpp
libff/libff/algebra/curves/edwards/edwards_init.cpp
libff/libff/algebra/curves/edwards/edwards_init.hpp
libff/libff/algebra/curves/edwards/edwards_pairing.cpp
libff/libff/algebra/curves/edwards/edwards_pairing.hpp
libff/libff/algebra/curves/edwards/edwards_pp.cpp
libff/libff/algebra/curves/edwards/edwards_pp.hpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_g1.cpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_g1.hpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_g2.cpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_g2.hpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_init.cpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_init.hpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_pairing.cpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_pairing.hpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_pp.cpp
libff/libff/algebra/curves/mnt/mnt4/mnt4_pp.hpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_g1.cpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_g1.hpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_g2.cpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_g2.hpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_init.cpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_init.hpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_pairing.cpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_pairing.hpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_pp.cpp
libff/libff/algebra/curves/mnt/mnt6/mnt6_pp.hpp
libff/libff/algebra/curves/mnt/mnt46_common.cpp
libff/libff/algebra/curves/mnt/mnt46_common.hpp
libff/libff/algebra/curves/tests/test_bilinearity.cpp
libff/libff/algebra/curves/tests/test_groups.cpp
libff/libff/algebra/curves/curve_utils.hpp
libff/libff/algebra/curves/curve_utils.tcc
libff/libff/algebra/curves/public_params.hpp
libff/libff/algebra/exponentiation/exponentiation.hpp
libff/libff/algebra/exponentiation/exponentiation.tcc
libff/libff/algebra/fields/tests/test_fields.cpp
libff/libff/algebra/fields/bigint.hpp
libff/libff/algebra/fields/bigint.tcc
libff/libff/algebra/fields/field_utils.hpp
libff/libff/algebra/fields/field_utils.tcc
libff/libff/algebra/fields/fp.hpp
libff/libff/algebra/fields/fp.tcc
libff/libff/algebra/fields/fp_aux.tcc
libff/libff/algebra/scalar_multiplication/multiexp.hpp
libff/libff/algebra/scalar_multiplication/multiexp.tcc
libff/libff/algebra/scalar_multiplication/multiexp_profile.cpp
libff/libff/algebra/scalar_multiplication/wnaf.hpp
libff/libff/algebra/scalar_multiplication/wnaf.tcc
libff/libff/common/default_types/ec_pp.hpp
libff/libff/common/double.cpp
libff/libff/common/double.hpp
libff/libff/common/profiling.cpp
libff/libff/common/profiling.hpp
libff/libff/common/rng.hpp
libff/libff/common/rng.tcc
libff/libff/common/template_utils.hpp
libff/libff/common/utils.cpp
libff/libff/common/utils.hpp
libff/libff/common/utils.tcc
add_executable(sgxwallet
secure_enclave/AESUtils.c
secure_enclave/AESUtils.h
secure_enclave/BLSEnclave.cpp
secure_enclave/BLSEnclave.h
secure_enclave/curves.c
secure_enclave/curves.h
secure_enclave/DH_dkg.c
secure_enclave/DH_dkg.h
secure_enclave/DKGUtils.cpp
secure_enclave/DKGUtils.h
secure_enclave/domain_parameters.c
secure_enclave/domain_parameters.h
secure_enclave/enclave_common.h
secure_enclave/numbertheory.c
secure_enclave/numbertheory.h
secure_enclave/point.c
secure_enclave/point.h
secure_enclave/secure_enclave.c
secure_enclave/secure_enclave.i
secure_enclave/secure_enclave_t.c
secure_enclave/secure_enclave_t.h
secure_enclave/DKGUtils.h
secure_enclave/DKGUtils.cpp
secure_enclave/signature.c
secure_enclave/signature.h
sgx-software-enable/sgx_capable.h
sgx-software-enable/sgx_enable.c
tgmp-build/include/sgx_tgmp.h
abstractCSRManagerServer.h
abstractregserver.h
abstractstubserver.h
BLSCrypto.cpp
BLSCrypto.h
BLSPrivateKeyShareSGX.cpp
BLSPrivateKeyShareSGX.h
catch.hpp
cert_util.cpp
common.h
create_enclave.c
create_enclave.h
CSRManagerServer.cpp
CSRManagerServer.h
DKGCrypto.cpp
DKGCrypto.h
ECDSACrypto.cpp
ECDSACrypto.h
LevelDB.cpp
LevelDB.h
oc_alloc.c
RPCException.cpp
RPCException.h
secure_enclave_u.c
secure_enclave_u.h
SEKManager.cpp
SEKManager.h
ServerDataChecker.cpp
ServerDataChecker.h
ServerInit.cpp
ServerInit.h
sgx_detect.h
sgx_detect_linux.c
sgx_stub.c
sgx_stub.h
sgx_tgmp.h
SGXRegistrationServer.cpp
SGXRegistrationServer.h
sgxwallet.c
testw.cpp
)
sgxwallet.h
sgxwallet_common.h
SGXWalletServer.cpp
SGXWalletServer.h
SGXWalletServer.hpp
stubclient.cpp
stubclient.h
testw.cpp)
CSRManagerServer.cpp
View file @ 325db7d6
......@@ -12,6 +12,7 @@
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "spdlog/spdlog.h"
#include "common.h"
CSRManagerServer *cs = nullptr;
......@@ -22,20 +23,19 @@ CSRManagerServer::CSRManagerServer(AbstractServerConnector &connector,
serverVersion_t type):abstractCSRManagerServer(connector, type){}
Json::Value GetUnsignedCSRsImpl(){
spdlog::info("Enter GetUnsignedCSRsImpl");
Json::Value getUnsignedCSRsImpl(){
spdlog::info("Enter getUnsignedCSRsImpl");
Json::Value result;
result["status"] = 0;
result["errorMessage"] = "";
//result["hashes"] =;
try{
std::vector<std::string> hashes_vect = csrDb->writeKeysToVector1(MAX_CSR_NUM);
for (int i = 0; i < hashes_vect.size(); i++){
vector<string> hashes_vect = LevelDB::getCsrDb()->writeKeysToVector1(MAX_CSR_NUM);
for (int i = 0; i < (int) hashes_vect.size(); i++){
result["hashes"][i] = hashes_vect.at(i);
}
} catch (RPCException &_e) {
std::cerr << " err str " << _e.errString << std::endl;
cerr << " err str " << _e.errString << endl;
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
......@@ -44,7 +44,7 @@ Json::Value GetUnsignedCSRsImpl(){
return result;
}
Json::Value SignByHashImpl(const std::string& hash, int status){
Json::Value signByHashImpl(const string& hash, int status){
Json::Value result;
result["errorMessage"] = "";
......@@ -53,46 +53,46 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
throw RPCException(-111, "Invalid csr status");
}
std::string csr_db_key = "CSR:HASH:" + hash;
std::shared_ptr<std::string> csr_ptr = csrDb->readString(csr_db_key);
string csr_db_key = "CSR:HASH:" + hash;
shared_ptr<string> csr_ptr = LevelDB::getCsrDb()->readString(csr_db_key);
if (csr_ptr == nullptr){
throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "HASH DOES NOT EXIST IN DB");
}
if (status == 0) {
std::string csr_name = "sgx_data/cert/" + hash + ".csr";
std::ofstream outfile(csr_name);
outfile << *csr_ptr << std::endl;
string csr_name = "sgx_data/cert/" + hash + ".csr";
ofstream outfile(csr_name);
outfile << *csr_ptr << endl;
outfile.close();
if (access(csr_name.c_str(), F_OK) != 0) {
csrDb->deleteKey(csr_db_key);
LevelDB::getCsrDb()->deleteKey(csr_db_key);
throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
}
std::string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;
string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;
if (system(signClientCert.c_str()) == 0) {
spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
} else {
spdlog::info("CLIENT CERTIFICATE GENERATION FAILED");
csrDb->deleteKey(csr_db_key);
std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
csrStatusDb->deleteKey(status_db_key);
csrStatusDb->writeDataUnique(status_db_key, "-1");
LevelDB::getCsrDb()->deleteKey(csr_db_key);
string status_db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, "-1");
throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
//exit(-1);
}
}
csrDb->deleteKey(csr_db_key);
std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
csrStatusDb->deleteKey(status_db_key);
csrStatusDb->writeDataUnique(status_db_key, std::to_string(status));
LevelDB::getCsrDb()->deleteKey(csr_db_key);
string status_db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(status));
result["status"] = status;
} catch (RPCException &_e) {
std::cerr << " err str " << _e.errString << std::endl;
cerr << " err str " << _e.errString << endl;
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
}
......@@ -101,14 +101,14 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
}
Json::Value CSRManagerServer::GetUnsignedCSRs(){
std::lock_guard<std::recursive_mutex> lock(m);
return GetUnsignedCSRsImpl();
Json::Value CSRManagerServer::getUnsignedCSRs(){
lock_guard<recursive_mutex> lock(m);
return getUnsignedCSRsImpl();
}
Json::Value CSRManagerServer::SignByHash(const std::string& hash, int status){
std::lock_guard<std::recursive_mutex> lock(m);
return SignByHashImpl(hash, status);
Json::Value CSRManagerServer::signByHash(const string& hash, int status){
lock_guard<recursive_mutex> lock(m);
return signByHashImpl(hash, status);
}
int init_csrmanager_server(){
......
CSRManagerServer.h
View file @ 325db7d6
......@@ -20,8 +20,8 @@ class CSRManagerServer : public abstractCSRManagerServer {
CSRManagerServer(AbstractServerConnector &connector, serverVersion_t type);
virtual Json::Value GetUnsignedCSRs();
virtual Json::Value SignByHash(const std::string& hash, int status);
virtual Json::Value getUnsignedCSRs();
virtual Json::Value signByHash(const std::string& hash, int status);
};
extern int init_csrmanager_server();
......
DKGCrypto.cpp
View file @ 325db7d6
This diff is collapsed.
DKGCrypto.h
View file @ 325db7d6
......@@ -39,7 +39,7 @@ bool VerifyShares(const char* publicShares, const char* encr_sshare, const char
std::string decrypt_DHKey(const std::string& polyName, int ind);
bool CreateBLSShare( const std::string& BLSKeyName, const char * s_shares, const char * encryptedKeyHex);
bool CreateBLSShare( const std::string& blsKeyName, const char * s_shares, const char * encryptedKeyHex);
std::vector<std::string> GetBLSPubKey(const char * encryptedKeyHex);
......
Dockerfile
View file @ 325db7d6
......@@ -8,7 +8,6 @@ COPY *.c ./
COPY *.am ./
COPY *.hpp ./
COPY *.sh ./
COPY *.m4 ./
COPY *.gmp ./
COPY *.ac ./
COPY *.json ./
......
DockerfileSimulation
View file @ 325db7d6
......@@ -8,7 +8,6 @@ COPY *.c ./
COPY *.am ./
COPY *.hpp ./
COPY *.sh ./
COPY *.m4 ./
COPY *.gmp ./
COPY *.ac ./
COPY *.json ./
......
LevelDB.cpp
View file @ 325db7d6
......@@ -37,24 +37,24 @@
#include "ServerInit.h"
#include "spdlog/spdlog.h"
#include "common.h"
using namespace leveldb;
static WriteOptions writeOptions;
static ReadOptions readOptions;
LevelDB* levelDb = nullptr;
LevelDB* csrDb = nullptr;
LevelDB* csrStatusDb = nullptr;
std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
std::shared_ptr<string> LevelDB::readString(const string &_key) {
std::lock_guard<std::recursive_mutex> lock(mutex);
auto result = std::make_shared<std::string>();
auto result = std::make_shared<string>();
if (db == nullptr) {
throw RPCException(NULL_DATABASE, "Null db");
......@@ -75,7 +75,7 @@ std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
return result;
}
void LevelDB::writeString(const std::string &_key, const std::string &_value) {
void LevelDB::writeString(const string &_key, const string &_value) {
std::lock_guard<std::recursive_mutex> lock(mutex);
......@@ -90,11 +90,11 @@ void LevelDB::writeString(const std::string &_key, const std::string &_value) {
}
void LevelDB::deleteDHDKGKey (const std::string &_key) {
void LevelDB::deleteDHDKGKey (const string &_key) {
std::lock_guard<std::recursive_mutex> lock(mutex);
std::string full_key = "DKG_DH_KEY_" + _key;
string full_key = "DKG_DH_KEY_" + _key;
auto status = db->Delete(writeOptions, Slice(_key));
......@@ -106,11 +106,11 @@ void LevelDB::deleteDHDKGKey (const std::string &_key) {
}
}
void LevelDB::deleteTempNEK(const std::string &_key){
void LevelDB::deleteTempNEK(const string &_key){
std::lock_guard<std::recursive_mutex> lock(mutex);
std::string prefix = _key.substr(0,8);
string prefix = _key.substr(0,8);
if (prefix != "tmp_NEK:") {
return;
}
......@@ -122,7 +122,7 @@ void LevelDB::deleteTempNEK(const std::string &_key){
std::cerr << "key deleted " << _key << std::endl;
}
void LevelDB::deleteKey(const std::string &_key){
void LevelDB::deleteKey(const string &_key){
std::lock_guard<std::recursive_mutex> lock(mutex);
......@@ -149,7 +149,7 @@ void LevelDB::writeByteArray(const char *_key, size_t _keyLen, const char *value
}
void LevelDB::writeByteArray(std::string &_key, const char *value,
void LevelDB::writeByteArray(string &_key, const char *value,
size_t _valueLen) {
std::lock_guard<std::recursive_mutex> lock(mutex);
......@@ -188,13 +188,13 @@ uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVi
return readCounter;
}
std::vector<std::string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
std::vector<string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
uint64_t readCounter = 0;
std::vector<std::string> keys;
std::vector<string> keys;
leveldb::Iterator *it = db->NewIterator(readOptions);
for (it->SeekToFirst(); it->Valid(); it->Next()) {
std::string cur_key(it->key().data(), it->key().size());
string cur_key(it->key().data(), it->key().size());
keys.push_back(cur_key);
// keys.push_back(it->key().data());
readCounter++;
......@@ -208,7 +208,7 @@ std::vector<std::string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
return keys;
}
void LevelDB::writeDataUnique(const std::string & Name, const std::string &value) {
void LevelDB::writeDataUnique(const string & Name, const string &value) {
auto key = Name;
......@@ -226,7 +226,7 @@ void LevelDB::writeDataUnique(const std::string & Name, const std::string &value
}
LevelDB::LevelDB(std::string &filename) {
LevelDB::LevelDB(string &filename) {
leveldb::Options options;
......@@ -243,9 +243,73 @@ LevelDB::LevelDB(std::string &filename) {
}
LevelDB::~LevelDB() {
if (db != nullptr)
delete db;
}
const std::shared_ptr<LevelDB> &LevelDB::getLevelDb() {
CHECK_STATE(levelDb)
return levelDb;
}
const std::shared_ptr<LevelDB> &LevelDB::getCsrDb() {
CHECK_STATE(csrDb)
return csrDb;
}
const std::shared_ptr<LevelDB> &LevelDB::getCsrStatusDb() {
CHECK_STATE(csrStatusDb)
return csrStatusDb;
}
std::shared_ptr<LevelDB> LevelDB::levelDb = nullptr;
std::shared_ptr<LevelDB> LevelDB::csrDb = nullptr;
std::shared_ptr<LevelDB> LevelDB::csrStatusDb = nullptr;
string LevelDB::sgx_data_folder;
bool LevelDB::isInited = false;
void LevelDB::initDataFolderAndDBs() {
if (isInited)
return;
char cwd[PATH_MAX];
if (getcwd(cwd, sizeof(cwd)) == NULL) {
spdlog::error("could not get cwd");
exit(-1);
}
sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
struct stat info;
if (stat(sgx_data_folder.c_str(), &info) !=0 ){
spdlog::info("going to create sgx_data folder");
std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
if (system(make_sgx_data_folder.c_str()) == 0){
spdlog::info("sgx_data folder was created");
}
else{
spdlog::error("creating sgx_data folder failed");
exit(-1);
}
}
auto dbName = sgx_data_folder + WALLETDB_NAME;
levelDb = make_shared<LevelDB>(dbName);
auto csr_dbname = sgx_data_folder + "CSR_DB";
csrDb = make_shared<LevelDB>(csr_dbname);
auto csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
csrStatusDb = make_shared<LevelDB>(csr_status_dbname);
}
const string &LevelDB::getSgxDataFolder() {
return sgx_data_folder;
}
LevelDB.h
View file @ 325db7d6
......@@ -29,7 +29,7 @@
#include <string>
#include <mutex>
#include <vector>
#include "common.h"
namespace leveldb {
class DB;
class Status;
......@@ -38,32 +38,54 @@ namespace leveldb {
class LevelDB {
std::recursive_mutex mutex;
recursive_mutex mutex;
shared_ptr<leveldb::DB> db;
static bool isInited;
static shared_ptr<LevelDB> levelDb;
static shared_ptr<LevelDB> csrDb;
static shared_ptr<LevelDB> csrStatusDb;
static string sgx_data_folder;
leveldb::DB* db;
public:
static void initDataFolderAndDBs();
static const shared_ptr<LevelDB> &getLevelDb();
static const shared_ptr<LevelDB> &getCsrDb();
static const shared_ptr<LevelDB> &getCsrStatusDb();
public:
std::shared_ptr<std::string> readString(const std::string& _key);
shared_ptr<string> readString(const string& _key);
void writeString(const std::string &key1, const std::string &value1);
void writeString(const string &key1, const string &value1);
void writeDataUnique(const std::string & Name, const std::string &value);
void writeDataUnique(const string & Name, const string &value);
void writeByteArray(const char *_key, size_t _keyLen, const char *value,
size_t _valueLen);
void writeByteArray(std::string& _key, const char *value,
void writeByteArray(string& _key, const char *value,
size_t _valueLen);
void deleteDHDKGKey (const std::string &_key);
void deleteDHDKGKey (const string &_key);
void deleteTempNEK (const std::string &_key);
void deleteTempNEK (const string &_key);
void deleteKey(const std::string &_key);
void deleteKey(const string &_key);
public:
......@@ -71,7 +93,7 @@ public:
void throwExceptionOnError(leveldb::Status result);
LevelDB(std::string& filename);
LevelDB(string& filename);
......@@ -79,23 +101,21 @@ public:
class KeyVisitor {
public:
virtual void visitDBKey(const char* _data) = 0;
virtual void writeDBKeysToVector(const char* _data, std::vector<const char*> & keys_vect) {}
virtual void writeDBKeysToVector(const char* _data, vector<const char*> & keys_vect) {}
};
uint64_t visitKeys(KeyVisitor* _visitor, uint64_t _maxKeysToVisit);
std::vector<std::string> writeKeysToVector1(uint64_t _maxKeysToVisit);
vector<string> writeKeysToVector1(uint64_t _maxKeysToVisit);
virtual ~LevelDB();
static const string &getSgxDataFolder();
};
};
extern LevelDB* levelDb;
extern LevelDB* csrDb;
extern LevelDB* csrStatusDb;
#endif
\ No newline at end of file
README.md
View file @ 325db7d6
......@@ -28,6 +28,7 @@ Table of Contents
* [Clone this repository and its submodules](#clone-this-repository-and-its-submodules)
* [Try instantly in simulation mode](#try-instantly-in-simulation-mode)
* [Start, stop and upgrade sgxwallet](#start-stop-and-upgrade-sgxwallet)
* [Configure logging](#configure-logging)
* [Enable SGX on your machine](#enable-sgx-on-your-machine)
* [Enable "software-controlled" SGX](#enable-software-controlled-sgx)
* [Install SGX driver](#install-sgx-driver)
......@@ -80,6 +81,7 @@ sudo docker-compose up
Voila! You should see the "SGX Server started" message.
## Start, stop and upgrade sgxwallet
As any docker-compose application sgxwallet is super easy to use.
......@@ -120,6 +122,19 @@ Note: sgxwallet operates on network ports 1026 (https) and 1027 (http for initia
If you have a firewall on your network, please make sure these ports are open so clients are able to
connect to the server.
## Configure logging
By default, sgxwallet will log into default Docker logs, which are rotated into four files 10M each.
To send logs to an external syslog service, edit docker compose YAML file to specify logging configuration as
```
logging:
driver: syslog
options:
syslog-address: "tcp://SYSLOG_SERVER_IP:PORT"
```
See docker-compose documentation for more options.
## Enable SGX on your machine
......@@ -165,6 +180,7 @@ Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx`
If you do not see the `isgx` device, you need to troubleshoot your driver installation.
## Run sgxwallet in secure SGX mode
Run the latest sgxwallet docker container image in SGX mode
......@@ -176,6 +192,10 @@ sudo docker-compose up -d
You should see "SGX Server started message".
Note: on some machines, the SGX device is not `/dev/mei0` but a different device, such
as "/dev/bs0". In this case please edit `docker-compose.yml` on your machine to specify the correct
device to use.
# Development
## Install Prerequisites
......@@ -229,6 +249,7 @@ Note: to run in simulation mode, add --enable-sgx-simulation flag when you run c
Type:
```bash
source sgx-sdk-build/sgxsdk/environment;
./sgxwallet
```
......@@ -298,7 +319,7 @@ Example:
```bash
export URL_SGX_WALLET="http://127.0.0.1:1027"
curl -X POST --data '{ "jsonrpc": "2.0", "id": 2, "method": "SignCertificate", "params": { "certificate": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSc29tZVZlcnlVbmlxdWVOYW1lMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C4ceRhzMAZnG87PwlkzMROHsm3B\ncPydIeiqs1dieuuvVETJqbXAcOENNsGA+AdXjZwFkDuIS24p2yZ8AwuIMAwdMsGa\n5Hzk0ugOy52iPyGEuooqV94nnL6eWw/zryTvkk7j239wMWn5our5Ia1/CBQlXXo2\n4IWTWfWYOz26SWUh4DuvzMOheMVSxg3KLaxpx7Bq09p32lR9xpl53+HqxSDIMYh9\nC3y3kA6NdkKsGE/Jt4WoZ5S5LlrhYjw+PFTeX2lbGDZpn/sxQIM16Pxo2LCfefIa\nik+aZBEAlpn22ljLZ5sEcVgBmOlL+v3waq9u0AaSYzdGFRA+0ceVwU/QTQIDAQAB\noAAwDQYJKoZIhvcNAQELBQADggEBAJXodL69Q/8zDt24AySXK0ksV3C3l5l10Hno\nfF6zKypsYev33CFbZu6HweSgK2f21+DeI9TsGKJxI7K6MUqyH0pJhwlFSeMB5/qP\nJueqXMuvStZSp0GGTaNy7Al/jzOKYNf0ePsv/Rx8NcOdy7RCZE0gW998B5jKb66x\nPgy6QvD8CkZULiRScYlOC8Ex6nc+1Z54pRC1NFWs/ugGyFgLJHy0J2gNkOv6yfsl\nH3V/ocCYSoF4ToUQAxwx+dcy4PXrL9vKzRNJgWzsI/LzCZkglo8iis9YZQawDOUf\nGmDMDkr0Fx1W1tSEpvkw0flkAXZ8PhIGCC0320jkuPeClt7OWNs=\n-----END CERTIFICATE REQUEST-----\n" } }' -H 'content-type:application/json;' $URL_SGX_WALLET
curl -X POST --data '{ "jsonrpc": "2.0", "id": 2, "method": "signCertificate", "params": { "certificate": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSc29tZVZlcnlVbmlxdWVOYW1lMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C4ceRhzMAZnG87PwlkzMROHsm3B\ncPydIeiqs1dieuuvVETJqbXAcOENNsGA+AdXjZwFkDuIS24p2yZ8AwuIMAwdMsGa\n5Hzk0ugOy52iPyGEuooqV94nnL6eWw/zryTvkk7j239wMWn5our5Ia1/CBQlXXo2\n4IWTWfWYOz26SWUh4DuvzMOheMVSxg3KLaxpx7Bq09p32lR9xpl53+HqxSDIMYh9\nC3y3kA6NdkKsGE/Jt4WoZ5S5LlrhYjw+PFTeX2lbGDZpn/sxQIM16Pxo2LCfefIa\nik+aZBEAlpn22ljLZ5sEcVgBmOlL+v3waq9u0AaSYzdGFRA+0ceVwU/QTQIDAQAB\noAAwDQYJKoZIhvcNAQELBQADggEBAJXodL69Q/8zDt24AySXK0ksV3C3l5l10Hno\nfF6zKypsYev33CFbZu6HweSgK2f21+DeI9TsGKJxI7K6MUqyH0pJhwlFSeMB5/qP\nJueqXMuvStZSp0GGTaNy7Al/jzOKYNf0ePsv/Rx8NcOdy7RCZE0gW998B5jKb66x\nPgy6QvD8CkZULiRScYlOC8Ex6nc+1Z54pRC1NFWs/ugGyFgLJHy0J2gNkOv6yfsl\nH3V/ocCYSoF4ToUQAxwx+dcy4PXrL9vKzRNJgWzsI/LzCZkglo8iis9YZQawDOUf\nGmDMDkr0Fx1W1tSEpvkw0flkAXZ8PhIGCC0320jkuPeClt7OWNs=\n-----END CERTIFICATE REQUEST-----\n" } }' -H 'content-type:application/json;' $URL_SGX_WALLET
```
......
SEKManager.cpp
View file @ 325db7d6
......@@ -29,29 +29,28 @@
#include <iostream>
#include "sgxwallet_common.h"
#include "common.h"
#include "sgxwallet.h"
void generate_SEK(){
char *errMsg = (char *)calloc(1024, 1);
vector<char> errMsg(1024,0);
int err_status = 0;
uint8_t* encr_SEK = (uint8_t *)calloc(1024, 1);
vector<uint8_t> encr_SEK(1024, 0);
uint32_t enc_len = 0;
status = generate_SEK(eid, &err_status, errMsg, encr_SEK, &enc_len);
status = generate_SEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len);
if ( err_status != 0 ){
std::cerr << "RPCException thrown" << std::endl;
throw RPCException(-666, errMsg) ;
cerr << "RPCException thrown" << endl;
throw RPCException(-666, errMsg.data()) ;
}
char *hexEncrKey = (char *) calloc(2*enc_len + 1, 1);
carray2Hex(encr_SEK, enc_len, hexEncrKey);
vector<char> hexEncrKey(2*enc_len + 1, 0);
std::cerr << "key is " << errMsg << std::endl;
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
levelDb->writeDataUnique("SEK", hexEncrKey);
cerr << "key is " << errMsg.data() << endl;
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
free(errMsg);
free(encr_SEK);
free(hexEncrKey);
}
SGXRegistrationServer.cpp
View file @ 325db7d6
......@@ -44,6 +44,7 @@
#include "LevelDB.h"
#include "spdlog/spdlog.h"
#include "common.h"
int DEBUG_PRINT = 0;
int is_sgx_https = 1;
......@@ -64,30 +65,30 @@ SGXRegistrationServer::SGXRegistrationServer(AbstractServerConnector &connector,
: AbstractRegServer(connector, type), is_cert_created(false), cert_auto_sign(auto_sign) {}
Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
Json::Value signCertificateImpl(const string& csr, bool auto_sign = false){
Json::Value result;
result["status"] = 0;
result["errorMessage"] = "";
try{
spdlog::info("enter SignCertificateImpl");
spdlog::info("enter signCertificateImpl");
std::string status = "1";
std::string hash = cryptlite::sha256::hash_hex(csr);
string status = "1";
string hash = cryptlite::sha256::hash_hex(csr);
if ( !auto_sign) {
std::string db_key = "CSR:HASH:" + hash;
csrDb->writeDataUnique(db_key, csr);
string db_key = "CSR:HASH:" + hash;
LevelDB::getCsrStatusDb()->writeDataUnique(db_key, csr);
}
if (auto_sign) {
std::string csr_name = "cert/" + hash + ".csr";
std::ofstream outfile(csr_name);
outfile << csr << std::endl;
string csr_name = "cert/" + hash + ".csr";
ofstream outfile(csr_name);
outfile << csr << endl;
outfile.close();
if (access(csr_name.c_str(), F_OK) != 0) {
throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
}
std::string genCert = "cd cert && ./create_client_cert " + hash;
string genCert = "cd cert && ./create_client_cert " + hash;
if (system(genCert.c_str()) == 0){
spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
......@@ -95,8 +96,8 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
}
else{
spdlog::info("CLIENT CERTIFICATE GENERATION FAILED");
std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
csrStatusDb->writeDataUnique(status_db_key, std::to_string(FAIL_TO_CREATE_CERTIFICATE));
string status_db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FAIL_TO_CREATE_CERTIFICATE));
throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
//exit(-1);
}
......@@ -105,11 +106,11 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
result["result"] = true;
result["hash"] = hash;
std::string db_key = "CSR:HASH:" + hash + "STATUS:";
csrStatusDb->writeDataUnique(db_key, status);
string db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
} catch (RPCException &_e) {
std::cerr << " err str " << _e.errString << std::endl;
cerr << " err str " << _e.errString << endl;
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
result["result"] = false;
......@@ -118,26 +119,26 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
return result;
}
Json::Value GetSertificateImpl(const std::string& hash){
Json::Value GetSertificateImpl(const string& hash){
Json::Value result;
std::string cert;
string cert;
try{
std::string db_key = "CSR:HASH:" + hash + "STATUS:";
std::shared_ptr<string> status_str_ptr = csrStatusDb->readString(db_key);
string db_key = "CSR:HASH:" + hash + "STATUS:";
shared_ptr<string> status_str_ptr = LevelDB::getCsrStatusDb()->readString(db_key);
if (status_str_ptr == nullptr){
throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
}
int status = std::atoi(status_str_ptr->c_str());
int status = atoi(status_str_ptr->c_str());
if ( status == 0){
std::string crt_name = "cert/" + hash + ".crt";
string crt_name = "cert/" + hash + ".crt";
//if (access(crt_name.c_str(), F_OK) == 0){
std::ifstream infile(crt_name);
ifstream infile(crt_name);
if (!infile.is_open()) {
std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
csrStatusDb->deleteKey(status_db_key);
csrStatusDb->writeDataUnique(status_db_key, std::to_string(FILE_NOT_FOUND));
string status_db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FILE_NOT_FOUND));
throw RPCException(FILE_NOT_FOUND, "Certificate does not exist");
} else {
ostringstream ss;
......@@ -145,9 +146,9 @@ Json::Value GetSertificateImpl(const std::string& hash){
cert = ss.str();
infile.close();
std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
if(system(remove_crt.c_str()) == 0){
//std::cerr << "cert removed" << std::endl;
//cerr << "cert removed" << endl;
spdlog::info(" cert removed ");
}
......@@ -162,7 +163,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
result["cert"] = cert;
} catch (RPCException &_e) {
std::cerr << " err str " << _e.errString << std::endl;
cerr << " err str " << _e.errString << endl;
result["status"] = _e.status;
result["errorMessage"] = _e.errString;
}
......@@ -171,13 +172,13 @@ Json::Value GetSertificateImpl(const std::string& hash){
}
Json::Value SGXRegistrationServer::SignCertificate(const std::string& csr){
spdlog::info("Enter SignCertificate ");
Json::Value SGXRegistrationServer::signCertificate(const string& csr){
spdlog::info("Enter signCertificate ");
lock_guard<recursive_mutex> lock(m);
return SignCertificateImpl(csr, cert_auto_sign);
return signCertificateImpl(csr, cert_auto_sign);
}
Json::Value SGXRegistrationServer::GetCertificate(const std::string& hash){
Json::Value SGXRegistrationServer::getCertificate(const string& hash){
lock_guard<recursive_mutex> lock(m);
return GetSertificateImpl(hash);
}
......@@ -191,19 +192,19 @@ void SGXRegistrationServer::set_cert_created(bool b){
int init_registration_server(bool sign_automatically) {
// std::string certPath = "cert/SGXCACertificate.crt";
// std::string keyPath = "cert/SGXCACertificate.key";
// string certPath = "cert/SGXCACertificate.crt";
// string keyPath = "cert/SGXCACertificate.key";
//
// if (access(certPath.c_str(), F_OK) != 0){
// std::cerr << "CERTIFICATE IS GOING TO BE CREATED" << std::endl;
// cerr << "CERTIFICATE IS GOING TO BE CREATED" << endl;
//
// std::string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXCACertificate\" -e=info@skalelabs.com";
// string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXCACertificate\" -e=info@skalelabs.com";
//
// if (system(genCert.c_str()) == 0){
// std::cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
// cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << endl;
// }
// else{
// std::cerr << "CERTIFICATE GENERATION FAILED" << std::endl;
// cerr << "CERTIFICATE GENERATION FAILED" << endl;
// exit(-1);
// }
// }
......
SGXRegistrationServer.h
View file @ 325db7d6
......@@ -44,8 +44,8 @@ public:
void set_cert_created(bool b);
virtual Json::Value SignCertificate(const std::string& csr);
virtual Json::Value GetCertificate(const std::string& hash);
virtual Json::Value signCertificate(const std::string& csr);
virtual Json::Value getCertificate(const std::string& hash);
};
......
SGXWalletServer.cpp
View file @ 325db7d6
This diff is collapsed.
SGXWalletServer.hpp
View file @ 325db7d6
......@@ -56,13 +56,12 @@ public:
virtual Json::Value generateDKGPoly(const std::string& polyName, int t);
virtual Json::Value getVerificationVector(const std::string& polyName, int t, int n);
virtual Json::Value getSecretShare(const std::string& polyName, const Json::Value& publicKeys, int t, int n);
virtual Json::Value DKGVerification(const std::string& publicShares, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index);
virtual Json::Value CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
virtual Json::Value GetBLSPublicKeyShare(const std::string & BLSKeyName);
virtual Json::Value ComplaintResponse(const std::string& polyName, int ind);
virtual Json::Value MultG2(const std::string & x);
virtual Json::Value IsPolyExists(const std::string& polyName);
virtual Json::Value dkgVerification(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index);
virtual Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
virtual Json::Value getBLSPublicKeyShare(const std::string & blsKeyName);
virtual Json::Value complaintResponse(const std::string& polyName, int ind);
virtual Json::Value multG2(const std::string & x);
virtual Json::Value isPolyExists(const std::string& polyName);
virtual Json::Value getServerStatus();
};
......@@ -85,12 +84,12 @@ Json::Value getPublicECDSAKeyImpl(const std::string& keyName);
Json::Value generateDKGPolyImpl(const std::string& polyName, int t);
Json::Value getVerificationVectorImpl(const std::string& polyName, int t, int n);
Json::Value getSecretShareImpl(const std::string& polyName, const Json::Value& publicKeys, int t, int n);
Json::Value DKGVerificationImpl(const std::string& publicShares, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index);
Json::Value CreateBLSPrivateKeyImpl(const std::string & BLSKeyName, const std::string& EthKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
Json::Value GetBLSPublicKeyShareImpl(const std::string & BLSKeyName);
Json::Value ComplaintResponseImpl(const std::string& polyName, int ind);
Json::Value MultG2Impl(const std::string & x);
Json::Value IsPolyExistsImpl(const std::string& polyName);
Json::Value dkgVerificationImpl(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index);
Json::Value createBLSPrivateKeyImpl(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string & SecretShare, int t, int n);
Json::Value getBLSPublicKeyShareImpl(const std::string & blsKeyName);
Json::Value complaintResponseImpl(const std::string& polyName, int ind);
Json::Value multG2Impl(const std::string & x);
Json::Value isPolyExistsImpl(const std::string& polyName);
Json::Value getServerStatusImpl();
......
ServerDataChecker.cpp
View file @ 325db7d6
......@@ -28,14 +28,15 @@
#include <iostream>
#include "spdlog/spdlog.h"
#include "common.h"
std::vector<std::string> SplitString(const std::string& str, const std::string& delim = ":"){
std::vector<std::string> tokens;
vector<string> SplitString(const string& str, const string& delim = ":"){
vector<string> tokens;
size_t prev = 0, pos = 0;
do {
pos = str.find(delim, prev);
if (pos == std::string::npos) pos = str.length();
std::string token = str.substr(prev, pos-prev);
if (pos == string::npos) pos = str.length();
string token = str.substr(prev, pos-prev);
if (!token.empty()) tokens.push_back(token);
prev = pos + delim.length();
} while (pos < str.length() && prev < str.length());
......@@ -43,8 +44,8 @@ std::vector<std::string> SplitString(const std::string& str, const std::string&
return tokens;
}
bool checkECDSAKeyName(const std::string& keyName) {
std::vector<std::string> parts = SplitString(keyName);
bool checkECDSAKeyName(const string& keyName) {
vector<string> parts = SplitString(keyName);
if (parts.size() != 2) {
spdlog::info("ECDSAKeyName num parts != 2");
return false;
......@@ -69,7 +70,7 @@ bool checkECDSAKeyName(const std::string& keyName) {
return true;
}
bool checkHex(const std::string& hex, const uint32_t sizeInBytes){
bool checkHex(const string& hex, const uint32_t sizeInBytes){
if ( hex.length() > sizeInBytes * 2 || hex.length() == 0){
return false;
}
......@@ -86,8 +87,8 @@ bool checkHex(const std::string& hex, const uint32_t sizeInBytes){
return true;
}
bool checkName (const std::string& Name, const std::string& prefix){
std::vector<std::string> parts = SplitString(Name);
bool checkName (const string& Name, const string& prefix){
vector<string> parts = SplitString(Name);
if ( parts.size() != 7) {
spdlog::info("parts.size() != 7");
return false;
......
ServerInit.cpp
View file @ 325db7d6
......@@ -72,37 +72,10 @@ void init_daemon() {
libff::init_alt_bn128_params();
char cwd[PATH_MAX];
if (getcwd(cwd, sizeof(cwd)) == NULL) {
spdlog::error("could not get cwd");
exit(-1);
}
std::string sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
struct stat info;
if (stat(sgx_data_folder.c_str(), &info) !=0 ){
spdlog::info("going to create sgx_data folder");
std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
if (system(make_sgx_data_folder.c_str()) == 0){
spdlog::info("sgx_data folder was created");
}
else{
spdlog::error("creating sgx_data folder failed");
exit(-1);
}
}
static std::string dbName = sgx_data_folder + WALLETDB_NAME;
levelDb = new LevelDB(dbName);
static std::string csr_dbname = sgx_data_folder + "CSR_DB";
csrDb = new LevelDB(csr_dbname);
LevelDB::initDataFolderAndDBs();
static std::string csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
csrStatusDb = new LevelDB(csr_status_dbname);
std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");
std::shared_ptr<std::string> encr_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encr_SEK_ptr == nullptr){
spdlog::info("SEK was not created yet");
generate_SEK();
......@@ -116,9 +89,10 @@ void init_enclave() {
eid = 0;
updated = 0;
unsigned long support;
#ifndef SGX_HW_SIM
unsigned long support;
support = get_sgx_support();
if (!SGX_OK(support)) {
sgx_support_perror(support);
......@@ -170,8 +144,6 @@ void init_all(bool check_cert, bool sign_automatically) {
sgxServerInited = 1;
init_daemon();
if (is_sgx_https) {
init_https_server(check_cert);
init_registration_server(sign_automatically);
......
ServerInit.h
View file @ 325db7d6
......@@ -31,7 +31,6 @@
#endif
EXTERNC void init_all(bool check_cert, bool sign_automatically);
EXTERNC void init_daemon();
......
abstractCSRManagerServer.h
View file @ 325db7d6
......@@ -12,22 +12,22 @@ class abstractCSRManagerServer : public jsonrpc::AbstractServer<abstractCSRManag
public:
abstractCSRManagerServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<abstractCSRManagerServer>(conn, type)
{
this->bindAndAddMethod(jsonrpc::Procedure("GetUnsignedCSRs", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &abstractCSRManagerServer::GetUnsignedCSRsI);
this->bindAndAddMethod(jsonrpc::Procedure("SignByHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, "status", jsonrpc::JSON_INTEGER, NULL), &abstractCSRManagerServer::SignByHashI);
this->bindAndAddMethod(jsonrpc::Procedure("getUnsignedCSRs", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &abstractCSRManagerServer::getUnsignedCSRsI);
this->bindAndAddMethod(jsonrpc::Procedure("signByHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, "status", jsonrpc::JSON_INTEGER, NULL), &abstractCSRManagerServer::signByHashI);
}
inline virtual void GetUnsignedCSRsI(const Json::Value &request, Json::Value &response)
inline virtual void getUnsignedCSRsI(const Json::Value &request, Json::Value &response)
{
(void)request;
response = this->GetUnsignedCSRs();
response = this->getUnsignedCSRs();
}
inline virtual void SignByHashI(const Json::Value &request, Json::Value &response)
inline virtual void signByHashI(const Json::Value &request, Json::Value &response)
{
response = this->SignByHash( request["hash"].asString(), request["status"].asInt());
response = this->signByHash( request["hash"].asString(), request["status"].asInt());
}
virtual Json::Value GetUnsignedCSRs() = 0;
virtual Json::Value SignByHash(const std::string& hash, int status) = 0;
virtual Json::Value getUnsignedCSRs() = 0;
virtual Json::Value signByHash(const std::string& hash, int status) = 0;
};
......
abstractregserver.h
View file @ 325db7d6
......@@ -32,23 +32,23 @@ class AbstractRegServer : public jsonrpc::AbstractServer<AbstractRegServer>
public:
AbstractRegServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<AbstractRegServer>(conn, type)
{
this->bindAndAddMethod(jsonrpc::Procedure("SignCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"certificate",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::SignCertificateI);
this->bindAndAddMethod(jsonrpc::Procedure("GetCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::GetCertificateI);
this->bindAndAddMethod(jsonrpc::Procedure("signCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"certificate",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::signCertificateI);
this->bindAndAddMethod(jsonrpc::Procedure("getCertificate", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, NULL), &AbstractRegServer::getCertificateI);
}
inline virtual void SignCertificateI(const Json::Value &request, Json::Value &response)
inline virtual void signCertificateI(const Json::Value &request, Json::Value &response)
{
std::cerr << "SignCertificateI in abstr server " << std::endl;
response = this->SignCertificate( request["certificate"].asString());
std::cerr << "signCertificateI in abstr server " << std::endl;
response = this->signCertificate( request["certificate"].asString());
}
inline virtual void GetCertificateI(const Json::Value &request, Json::Value &response)
inline virtual void getCertificateI(const Json::Value &request, Json::Value &response)
{
response = this->GetCertificate( request["hash"].asString());
response = this->getCertificate( request["hash"].asString());
}
virtual Json::Value SignCertificate(const std::string& cert) = 0;
virtual Json::Value GetCertificate(const std::string& hash) = 0;
virtual Json::Value signCertificate(const std::string& cert) = 0;
virtual Json::Value getCertificate(const std::string& hash) = 0;
};
......
abstractstubserver.h
View file @ 325db7d6
This diff is collapsed.
aclocal.m4 deleted 100644 → 0
View file @ 5aa4500c
This diff is collapsed.
cert_util.cpp
View file @ 325db7d6
......@@ -13,7 +13,7 @@ int print_hashes(){
jsonrpc::HttpClient client("http://localhost:1028");
StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
std::cout << "Client inited" << std::endl;
std::cout << c.GetUnsignedCSRs() << std::endl;
std::cout << c.getUnsignedCSRs() << std::endl;
exit(0);
}
......@@ -21,7 +21,7 @@ void sign_by_hash(std::string & hash, int status){
jsonrpc::HttpClient client("http://localhost:1028");
StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
std::cout << "Client inited" << std::endl;
std::cout << c.SignByHash(hash, status) << std::endl;
std::cout << c.signByHash(hash, status) << std::endl;
exit(0);
}
......
common.h 0 → 100644
View file @ 325db7d6
//
// Created by kladko on 25.01.20.
//
#ifndef SGXWALLET_COMMON_H
#define SGXWALLET_COMMON_H
using namespace std;
#include <stdlib.h>
#include <iostream>
#include <map>
#include <memory>
#define CHECK_ARGUMENT(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \
auto __msg__ = string("Argument Check failed:") + #_EXPRESSION_ + "\n" + __CLASS_NAME__ + ":" + __FUNCTION__ + \
+ " " + string(__FILE__) + ":" + to_string(__LINE__); \
throw runtime_error(__msg__);}
#define CHECK_STATE(_EXPRESSION_) \
if (!(_EXPRESSION_)) { \
auto __msg__ = string("State check failed::") + #_EXPRESSION_ + " " + string(__FILE__) + ":" + to_string(__LINE__); \
throw runtime_error(__msg__);}
#endif //SGXWALLET_COMMON_H
compile deleted 120000 → 0
View file @ 5aa4500c
/usr/share/automake-1.16/compile
\ No newline at end of file
depcomp deleted 120000 → 0
View file @ 5aa4500c
/usr/share/automake-1.16/depcomp
\ No newline at end of file
install-sh deleted 120000 → 0
View file @ 5aa4500c
/usr/share/automake-1.16/install-sh
\ No newline at end of file
missing deleted 120000 → 0
View file @ 5aa4500c
/usr/share/automake-1.16/missing
\ No newline at end of file
run_sgx/docker-compose.yml
View file @ 325db7d6
......@@ -11,6 +11,11 @@ services:
- "/dev/mei0"
volumes:
- ./sgx_data:/usr/src/sdk/sgx_data
logging:
driver: json-file
options:
max-size: "10m"
max-file: "4"
restart: unless-stopped
command: -s
......
run_sgx_sim/docker-compose.yml
View file @ 325db7d6
......@@ -8,6 +8,11 @@ services:
- "1028:1028"
volumes:
- ./sgx_data:/usr/src/sdk/sgx_data
logging:
driver: json-file
options:
max-size: "10m"
max-file: "4"
restart: unless-stopped
command: -s
command: -s -d
scripts/docker_test.py 0 → 100755
View file @ 325db7d6
#!/usr/bin/env python
#
# @file docker_test.py
# @author Stan Kladko
# @date 2020
#
import sys
import os
import subprocess
import socket
assert os.path.isdir('sgx_data/sgxwallet.db')
assert os.path.isdir('sgx_data/cert_data');
assert os.path.isdir('sgx_data/CSR_DB');
assert os.path.isdir('sgx_data/CSR_STATUS_DB');
assert os.path.isfile('sgx_data/cert_data/SGXServerCert.crt')
assert os.path.isfile('sgx_data/cert_data/SGXServerCert.key')
assert os.path.isfile('sgx_data/cert_data/rootCA.pem')
assert os.path.isfile('sgx_data/cert_data/rootCA.key')
s1 = socket.socket()
s2 = socket.socket()
s3 = socket.socket()
address = '127.0.0.1'
s1.connect((address, 1026))
s2.connect((address, 1027))
s3.connect((address, 1028))
s1.close()
s2.close()
s3.close()
secure_enclave/secure_enclave.c
View file @ 325db7d6
......@@ -598,6 +598,7 @@ void set_encrypted_dkg_poly(int *err_status, char *err_string, uint8_t* encrypte
(const sgx_sealed_data_t *)encrypted_poly, NULL, 0, Decrypted_dkg_poly, &decr_len);
if (status != SGX_SUCCESS) {
*err_status = -1;
snprintf(err_string, BUF_LEN,"sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
......@@ -1301,4 +1302,29 @@ void gen_dkg_secret_aes (int *err_status, char *err_string, uint8_t *encrypted_d
free(dkg_secret);
}
void decrypt_dkg_secret_aes (int *err_status, char* err_string, uint8_t* encrypted_dkg_secret, uint8_t* decrypted_dkg_secret, uint32_t* dec_len){
int status = AES_decrypt(encrypted_dkg_secret, dec_len, decrypted_dkg_secret);
if (status != SGX_SUCCESS) {
snprintf(err_string, BUF_LEN,"aes decrypt data - encrypted_dkg_secret failed with status %d", status);
*err_status = status;
return;
}
//*dec_len = decr_len;
}
void set_encrypted_dkg_poly_aes(int *err_status, char *err_string, uint8_t* encrypted_poly, uint64_t* enc_len){
uint32_t decr_len;
int status = AES_decrypt(encrypted_poly, enc_len, Decrypted_dkg_poly);
if (status != SGX_SUCCESS) {
*err_status = -1;
snprintf(err_string, BUF_LEN,"sgx_unseal_data - encrypted_poly failed with status %d", status);
return;
}
}
secure_enclave/secure_enclave.edl
View file @ 325db7d6
......@@ -221,6 +221,18 @@ enclave {
[user_check] uint32_t * enc_len,
size_t _t);
public void decrypt_dkg_secret_aes (
[user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
[out, count = 2490] uint8_t* decrypted_dkg_secret,
[user_check] uint32_t* dec_len);
public void set_encrypted_dkg_poly_aes( [user_check] int *err_status,
[out, count = 1024] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
[user_check] uint64_t* enc_len);
......
spec.json
View file @ 325db7d6
......@@ -50,8 +50,8 @@
"status": 0,
"errorMessage": "12345",
"encryptedKey": "12345",
"KeyName": "tmp:123",
"PublicKey": "12345"
"keyName": "tmp:123",
"publicKey": "12345"
}
},
......@@ -59,7 +59,7 @@
"name": "renameECDSAKey",
"params": {
"tempKeyName": "key1",
"KeyName": "key2"
"keyName": "key2"
},
"returns": {
"status": 0,
......@@ -75,7 +75,7 @@
"returns": {
"status": 0,
"errorMessage": "12345",
"PublicKey": "12345"
"publicKey": "12345"
}
},
......@@ -132,15 +132,15 @@
"returns": {
"status": 0,
"errorMessage": "12345",
"SecretShare": "123"
"secretShare": "123"
}
},
{
"name": "DKGVerification",
"name": "dkgVerification",
"params": {
"publicShares": "123",
"EthKeyName":"NEK:hex",
"SecretShare": "f_ij",
"ethKeyName":"NEK:hex",
"secretShare": "f_ij",
"n": 3,
"t": 3,
"index" : 2
......@@ -152,36 +152,36 @@
}
},
{
"name": "CreateBLSPrivateKey",
"name": "createBLSPrivateKey",
"params": {
"BLSKeyName": "BLS_KEY:SCHAIN_ID :NODE_ID :DKG_ID: ",
"EthKeyName":"NEK:hex",
"blsKeyName": "BLS_KEY:SCHAIN_ID :NODE_ID :DKG_ID: ",
"ethKeyName":"NEK:hex",
"polyName":"POLY:SCHAIN_ID :NODE_ID :DKG_ID: ",
"SecretShare": "122",
"secretShare": "122",
"n": 3,
"t": 3
},
"returns": {
"status": 0,
"errorMessage": "12345",
"BLSKeyName": "key"
"blsKeyName": "key"
}
},
{
"name": "GetBLSPublicKeyShare",
"name": "getBLSPublicKeyShare",
"params": {
"BLSKeyName": "BLS_KEY:SCHAIN_ID :NODE_ID :DKG_ID"
"blsKeyName": "BLS_KEY:SCHAIN_ID :NODE_ID :DKG_ID"
},
"returns": {
"status": 0,
"errorMessage": "12345",
"BLSPublicKeyShare": []
"blsPublicKeyShare": []
}
},
{
"name": "ComplaintResponse",
"name": "complaintResponse",
"params": {
"polyName": "p1",
"n": 3,
......@@ -192,7 +192,7 @@
"status": 0,
"errorMessage": "12345",
"share*G2": "123",
"DHKey": "123"
"dhKey": "123"
}
},
......
stubclient.h
View file @ 325db7d6
......@@ -68,7 +68,7 @@ class StubClient : public jsonrpc::Client
Json::Value renameECDSAKey(const std::string& KeyName, const std::string& tempKeyName) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["KeyName"] = KeyName;
p["keyName"] = KeyName;
p["tempKeyName"] = tempKeyName;
Json::Value result = this->CallMethod("renameECDSAKey",p);
if (result.isObject())
......@@ -140,80 +140,80 @@ class StubClient : public jsonrpc::Client
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value DKGVerification(const std::string& publicShares, const std::string& EthKeyName, const std::string& SecretShare, int t, int n, int index) throw (jsonrpc::JsonRpcException)
Json::Value dkgVerification(const std::string& publicShares, const std::string& ethKeyName, const std::string& SecretShare, int t, int n, int index) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["EthKeyName"] = EthKeyName;
p["SecretShare"] = SecretShare;
p["ethKeyName"] = ethKeyName;
p["secretShare"] = SecretShare;
p["index"] = index;
p["n"] = n;
p["publicShares"] = publicShares;
p["t"] = t;
Json::Value result = this->CallMethod("DKGVerification",p);
Json::Value result = this->CallMethod("dkgVerification",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value CreateBLSPrivateKey(const std::string & BLSKeyName, const std::string& EthKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n) throw (jsonrpc::JsonRpcException)
Json::Value createBLSPrivateKey(const std::string & blsKeyName, const std::string& ethKeyName, const std::string& polyName, const std::string& SecretShare, int t, int n) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["BLSKeyName"] = BLSKeyName;
p["EthKeyName"] = EthKeyName;
p["blsKeyName"] = blsKeyName;
p["ethKeyName"] = ethKeyName;
p["polyName"] = polyName;
p["SecretShare"] = SecretShare;
p["secretShare"] = SecretShare;
p["n"] = n;
p["t"] = t;
Json::Value result = this->CallMethod("CreateBLSPrivateKey",p);
Json::Value result = this->CallMethod("reateBLSPrivateKey",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value GetBLSPublicKeyShare(const std::string & BLSKeyName) throw (jsonrpc::JsonRpcException)
Json::Value getBLSPublicKeyShare(const std::string & blsKeyName) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["BLSKeyName"] = BLSKeyName;
p["blsKeyName"] = blsKeyName;
Json::Value result = this->CallMethod("GetBLSPublicKeyShare",p);
Json::Value result = this->CallMethod("getBLSPublicKeyShare",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value ComplaintResponse(const std::string& polyName, int ind) throw (jsonrpc::JsonRpcException)
Json::Value complaintResponse(const std::string& polyName, int ind) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["polyName"] = polyName;
p["ind"] = ind;
Json::Value result = this->CallMethod("ComplaintResponse",p);
Json::Value result = this->CallMethod("complaintResponse",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value MultG2(const std::string & x) throw (jsonrpc::JsonRpcException)
Json::Value multG2(const std::string & x) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["x"] = x;
Json::Value result = this->CallMethod("MultG2",p);
Json::Value result = this->CallMethod("multG2",p);
if (result.isObject())
return result;
else
throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
}
Json::Value IsPolyExists(const std::string & polyName) throw (jsonrpc::JsonRpcException)
Json::Value isPolyExists(const std::string & polyName) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["polyName"] = polyName;
Json::Value result = this->CallMethod("IsPolyExists",p);
Json::Value result = this->CallMethod("isPolyExists",p);
if (result.isObject())
return result;
else
......@@ -223,11 +223,11 @@ class StubClient : public jsonrpc::Client
////CSRManagerServer
Json::Value GetUnsignedCSRs() throw (jsonrpc::JsonRpcException)
Json::Value getUnsignedCSRs() throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p = Json::nullValue;
Json::Value result = this->CallMethod("GetUnsignedCSRs",p);
Json::Value result = this->CallMethod("getUnsignedCSRs",p);
if (result.isObject())
return result;
else
......@@ -236,12 +236,12 @@ class StubClient : public jsonrpc::Client
Json::Value SignByHash(const std::string& hash, int status) throw (jsonrpc::JsonRpcException)
Json::Value signByHash(const std::string& hash, int status) throw (jsonrpc::JsonRpcException)
{
Json::Value p;
p["hash"] = hash;
p["status"] = status;
Json::Value result = this->CallMethod("SignByHash",p);
Json::Value result = this->CallMethod("signByHash",p);
if (result.isObject())
return result;
else
......
testw.cpp
View file @ 325db7d6
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment