Merge branch 'develop' into enhancement/SKALE-2003-Create-backup-key

CSRManagerServer.cpp

@@ -60,7 +60,7 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
     }
 
     if (status == 0) {
-      std::string csr_name = "cert/" + hash + ".csr";
+      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
       std::ofstream outfile(csr_name);
       outfile << *csr_ptr << std::endl;
       outfile.close();
@@ -69,7 +69,7 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
         throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
       }
 
-      std::string signClientCert = "cd cert && ./create_client_cert " + hash;
+      std::string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;
 
       if (system(signClientCert.c_str()) == 0) {
         spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");

SGXWalletServer.cpp

@@ -82,8 +82,8 @@ void debug_print(){
 
 int init_https_server(bool check_certs) {
 
-  std::string rootCAPath = "cert/rootCA.pem";
-  std::string keyCAPath = "cert/rootCA.key";
+  std::string rootCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
+  std::string keyCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.key";
 
   if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
     spdlog::info("YOU DO NOT HAVE ROOT CA CERTIFICATE");
@@ -100,8 +100,8 @@ int init_https_server(bool check_certs) {
     }
   }
 
-  std::string certPath = "cert/SGXServerCert.crt";
-  std::string keyPath = "cert/SGXServerCert.key";
+  std::string certPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.crt";
+  std::string keyPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.key";
 
   if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
     spdlog::info("YOU DO NOT HAVE SERVER CERTIFICATE");

ServerInit.cpp

@@ -66,25 +66,27 @@ void init_daemon() {
 
     libff::init_alt_bn128_params();
 
+    std::string sgx_data_folder = SGXDATA_FOLDER;
     struct stat info;
-    if (stat("SGXData", &info) !=0 ){
-      spdlog::info("going to create SGXData folder");
-      if (system("mkdir SGXData") == 0){
-        spdlog::info("SGXData folder was created");
+    if (stat(sgx_data_folder.c_str(), &info) !=0 ){
+      spdlog::info("going to create sgx_data folder");
+      std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
+      if (system(make_sgx_data_folder.c_str()) == 0){
+        spdlog::info("sgx_data folder was created");
       }
       else{
-        spdlog::info("creating SGXData folder failed");
+        spdlog::info("creating sgx_data folder failed");
         exit(-1);
       }
     }
 
-    static std::string dbName("./" WALLETDB_NAME);
+    static std::string dbName = sgx_data_folder +  WALLETDB_NAME;
     levelDb = new LevelDB(dbName);
 
-    static std::string csr_dbname = "SGXData/CSR_DB";
+    static std::string csr_dbname = sgx_data_folder + "CSR_DB";
     csrDb = new LevelDB(csr_dbname);
 
-    static std::string csr_status_dbname = "SGXData/CSR_STATUS_DB";
+    static std::string csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
     csrStatusDb = new LevelDB(csr_status_dbname);
 
     std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");
@@ -92,7 +94,6 @@ void init_daemon() {
       spdlog::info("SEK was not created yet");
       generate_SEK();
     }
-
 }
 
 

cert/ca.config

@@ -5,16 +5,16 @@
         [ CA_CLIENT ]
         dir                    = .            # Каталог для служебных файлов
         certs                  = $dir/certs      # Каталог для сертификатов
-        new_certs_dir          = $dir/new_certs   # Каталог для новых сертификатов
+        new_certs_dir          = ../sgx_data/cert_data/new_certs   # Каталог для новых сертификатов
 
-        database               = $dir/index.txt  # Файл с базой данных
+        database               = ../sgx_data/cert_data/index.txt  # Файл с базой данных
         # подписанных сертификатов
-        serial                 = $dir/serial     # Файл содержащий серийный номер
+        serial                 = ../sgx_data/cert_data/serial     # Файл содержащий серийный номер
         RANDFILE               = $dir/.rnd
         # сертификата
         # (в шестнадцатиричном формате)
-        certificate            = ./rootCA.pem        # Файл сертификата CA
-        private_key            = ./rootCA.key        # Файл закрытого ключа CA
+        certificate            = ../sgx_data/cert_data/rootCA.pem        # Файл сертификата CA
+        private_key            = ../sgx_data/cert_data/rootCA.key        # Файл закрытого ключа CA
 
         default_days           = 3650             # Срок действия подписываемого
         # сертификата

cert/create_CA

 #!/bin/bash
 
+cd ../sgx_data
+mkdir cert_data
+cd cert_data
+mkdir new_certs
+touch index.txt
+touch index.txt.attr
+echo "01" > serial
+
 # Generate root CA key
 openssl genrsa -out rootCA.key 2048
 
 # Create an X.509 cert from the CA key
 openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -out rootCA.pem -subj "/CN=SGXCACertificate"
 
-mkdir new_certs
-touch index.txt
-touch index.txt.attr
-echo "01" > serial
+
 
 
 

cert/create_server_cert

 #!/bin/bash
 
 # Generate server key
-openssl genrsa -out "SGXServerCert.key" 2048
+openssl genrsa -out ../sgx_data/cert_data/SGXServerCert.key 2048
 
 # Create server certificate request
 #openssl req -new -key "SGXServer.key" -out "SGXServer.csr" -subj "/CN=SGXCACertificate"
 
-openssl req -new -sha256 -nodes -out "SGXServerCert.csr" -newkey rsa:2048 -keyout "SGXServerCert.key" -subj /CN=SGXServer
+openssl req -new -sha256 -nodes -out ../sgx_data/cert_data/SGXServerCert.csr -newkey rsa:2048 -keyout ../sgx_data/cert_data/SGXServerCert.key -subj /CN=SGXServer
 
 # Sign and generate the user certificate from the
 #openssl x509 -req -in "SGXServer.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "SGXServerCertificate.crt" -days 3650
 
-yes | openssl ca -config ca.config -in "SGXServerCert.csr" -out "SGXServerCert.crt"
+yes | openssl ca -config ca.config -in ../sgx_data/cert_data/SGXServerCert.csr -out ../sgx_data/cert_data/SGXServerCert.crt

docker-compose-sim.yml

@@ -9,4 +9,5 @@ services:
     volumes:
       - ./sgx_data:/sgx_data
     restart: unless-stopped
+    command: -s
 

docker-compose.yml

@@ -12,5 +12,6 @@ services:
     volumes:
       - ./sgx_data:/sgx_data
     restart: unless-stopped
+    command: -s
 
 

secure_enclave/secure_enclave.c

@@ -588,7 +588,6 @@ void get_public_shares(int *err_status, char* err_string, uint8_t* encrypted_dkg
 }
 
 
-
 void set_encrypted_dkg_poly(int *err_status, char *err_string, uint8_t* encrypted_poly){
 
   uint32_t decr_len;

sgxwallet_common.h

@@ -92,9 +92,9 @@ extern int is_sgx_https;
 
 #define BASE_PORT 1026
 
-#define WALLETDB_NAME  "SGXData/sgxwallet.db"//"test_sgxwallet.db"//
+#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"
-
+#define SGXDATA_FOLDER "sgx_data/"