Rename data folder and move all sgx data to it

5d8c0961 · svetaro · 743706c3 · 5d8c0961 · 5d8c0961 · 5d8c0961
Unverified Commit 5d8c0961 authored Jan 21, 2020 by svetaro
10 changed files
--- a/CSRManagerServer.cpp
+++ b/CSRManagerServer.cpp
@@ -60,7 +60,7 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
    }

    if (status == 0) {
-      std::string csr_name = "cert/" + hash + ".csr";
+      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
      std::ofstream outfile(csr_name);
      outfile << *csr_ptr << std::endl;
      outfile.close();
@@ -69,7 +69,7 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }

-      std::string signClientCert = "cd cert && ./create_client_cert " + hash;
+      std::string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;

      if (system(signClientCert.c_str()) == 0) {
        spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");

--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -78,7 +78,7 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
    }

    if (auto_sign) {
-      std::string csr_name = "cert/" + hash + ".csr";
+      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
      std::ofstream outfile(csr_name);
      outfile << csr << std::endl;
      outfile.close();
@@ -86,7 +86,7 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }

-      std::string genCert = "cd cert && ./create_client_cert " + hash;
+      std::string genCert = "cd sgx_data/cert && ./create_client_cert " + hash;

      if (system(genCert.c_str()) == 0){
          spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -130,7 +130,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
    int status = std::atoi(status_str_ptr->c_str());

    if ( status == 0){
-      std::string crt_name = "cert/" + hash + ".crt";
+      std::string crt_name = "sgx_data/cert/" + hash + ".crt";
      //if (access(crt_name.c_str(), F_OK) == 0){
        std::ifstream infile(crt_name);
        if (!infile.is_open()) {
@@ -144,7 +144,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
          cert = ss.str();

          infile.close();
-          std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
+          std::string remove_crt = "cd sgx_data/cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
          if(system(remove_crt.c_str()) == 0){
              //std::cerr << "cert removed" << std::endl;
              spdlog::info(" cert removed ");

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -82,14 +82,14 @@ void debug_print(){

 int init_https_server(bool check_certs) {

-  std::string rootCAPath = "cert/rootCA.pem";
-  std::string keyCAPath = "cert/rootCA.key";
+  std::string rootCAPath = "sgx_data/cert/rootCA.pem";
+  std::string keyCAPath = "sgx_data/cert/rootCA.key";

  if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
    spdlog::info("YOU DO NOT HAVE ROOT CA CERTIFICATE");
    spdlog::info("ROOT CA CERTIFICATE IS GOING TO BE CREATED");

-    std::string genRootCACert = "cd cert && ./create_CA";
+    std::string genRootCACert = "cd sgx_data/cert && ./create_CA";

    if (system(genRootCACert.c_str()) == 0){
      spdlog::info("ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -100,14 +100,14 @@ int init_https_server(bool check_certs) {
    }
  }

-  std::string certPath = "cert/SGXServerCert.crt";
-  std::string keyPath = "cert/SGXServerCert.key";
+  std::string certPath = "sgx_data/cert/SGXServerCert.crt";
+  std::string keyPath = "sgx_data/cert/SGXServerCert.key";

  if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
    spdlog::info("YOU DO NOT HAVE SERVER CERTIFICATE");
    spdlog::info("SERVER CERTIFICATE IS GOING TO BE CREATED");

-    std::string genCert = "cd cert && ./create_server_cert";
+    std::string genCert = "cd sgx_data/cert && ./create_server_cert";

    if (system(genCert.c_str()) == 0){
      spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY GENERATED");

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -65,24 +65,18 @@ void init_daemon() {
    libff::init_alt_bn128_params();

    struct stat info;
-    if (stat("SGXData", &info) !=0 ){
-      spdlog::info("going to create SGXData folder");
-      if (system("mkdir SGXData") == 0){
-        spdlog::info("SGXData folder was created");
-      }
-      else{
-        spdlog::info("creating SGXData folder failed");
+    if (stat("sgx_data", &info) !=0 ){
+        spdlog::info("there is no sgx_data folder");
        exit(-1);
-      }
    }

    static std::string dbName("./" WALLETDB_NAME);
    levelDb = new LevelDB(dbName);

-    static std::string csr_dbname = "SGXData/CSR_DB";
+    static std::string csr_dbname = "sgx_data/CSR_DB";
    csrDb = new LevelDB(csr_dbname);

-    static std::string csr_status_dbname = "SGXData/CSR_STATUS_DB";
+    static std::string csr_status_dbname = "sgx_data/CSR_STATUS_DB";
    csrStatusDb = new LevelDB(csr_status_dbname);

    std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");

--- a/cert/ca.config
+++ b/cert/ca.config
-[ ca ]
-        default_ca             = CA_CLIENT       # При подписи сертификатов
-        # использовать секцию CA_CLIENT
-        
-        [ CA_CLIENT ]
-        dir                    = .            # Каталог для служебных файлов
-        certs                  = $dir/certs      # Каталог для сертификатов
-        new_certs_dir          = $dir/new_certs   # Каталог для новых сертификатов
-
-        database               = $dir/index.txt  # Файл с базой данных
-        # подписанных сертификатов
-        serial                 = $dir/serial     # Файл содержащий серийный номер
-        RANDFILE               = $dir/.rnd
-        # сертификата
-        # (в шестнадцатиричном формате)
-        certificate            = ./rootCA.pem        # Файл сертификата CA
-        private_key            = ./rootCA.key        # Файл закрытого ключа CA
-
-        default_days           = 3650             # Срок действия подписываемого
-        # сертификата
-        default_crl_days       = 7               # Срок действия CRL (см. $4)
-        default_md             = sha256             # Алгоритм подписи
-
-        name_opt               = ca_default
-        cert_opt               = ca_default
-        policy                 = policy_anything # Название секции с описанием
-        # политики в отношении данных
-        # сертификата
-
-        [ policy_anything ]
-        countryName            = optional        # Код страны - не обязателен
-        stateOrProvinceName    = optional        # ......
-        localityName           = optional        # ......
-        organizationName       = optional        # ......
-        organizationalUnitName = optional        # ......
-        commonName             = supplied        # ...... - обязателен
-        emailAddress           = optional        # ......
--- a/cert/create_CA
+++ b/cert/create_CA
-#!/bin/bash
-
-# Generate root CA key
-openssl genrsa -out rootCA.key 2048
-
-# Create an X.509 cert from the CA key
-openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -out rootCA.pem -subj "/CN=SGXCACertificate"
-
-mkdir new_certs
-touch index.txt
-touch index.txt.attr
-echo "01" > serial
-
-
-
--- a/cert/create_client_cert
+++ b/cert/create_client_cert
-#!/bin/bash
-
-#sign csr
-CSREXT=".csr"
-CRTEXT=".crt"
-CSRFILE="$1$CSREXT"
-CRTFILE="$1$CRTEXT" 
-yes | openssl ca -config ca.config -in $CSRFILE -out $CRTFILE
--- a/cert/create_server_cert
+++ b/cert/create_server_cert
-#!/bin/bash
-
-# Generate server key
-openssl genrsa -out "SGXServerCert.key" 2048
-
-# Create server certificate request
-#openssl req -new -key "SGXServer.key" -out "SGXServer.csr" -subj "/CN=SGXCACertificate"
-
-openssl req -new -sha256 -nodes -out "SGXServerCert.csr" -newkey rsa:2048 -keyout "SGXServerCert.key" -subj /CN=SGXServer
-
-# Sign and generate the user certificate from the
-#openssl x509 -req -in "SGXServer.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "SGXServerCertificate.crt" -days 3650
-
-yes | openssl ca -config ca.config -in "SGXServerCert.csr" -out "SGXServerCert.crt"
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -53,7 +53,8 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 #include "../sgxwallet_common.h"

-uint8_t Decrypted_dkg_poly[DKG_BUFER_LENGTH] ;
+uint8_t Decrypted_dkg_poly[DKG_BUFER_LENGTH];
+uint8_t SEK[32];

 void *(*gmp_realloc_func)(void *, size_t, size_t);

@@ -587,7 +588,6 @@ void get_public_shares(int *err_status, char* err_string, uint8_t* encrypted_dkg
 }


-
 void set_encrypted_dkg_poly(int *err_status, char *err_string, uint8_t* encrypted_poly){

  uint32_t decr_len;
@@ -911,7 +911,7 @@ void generate_SEK(int *err_status, char *err_string,

  *enc_len = sealedLen;

-    free(rand_char);
+  free(rand_char);
 }



--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -92,7 +92,7 @@ extern int is_sgx_https;

 #define BASE_PORT 1026

-#define WALLETDB_NAME  "SGXData/sgxwallet.db"//"test_sgxwallet.db"//
+#define WALLETDB_NAME  "sgx_data/sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"