Skip to content

S
sgxwallet
Unverified Commit 70b2aef9 authored by Chadwick Strange's avatar Chadwick Strange Committed by GitHub
Browse files
Options

Merge pull request #22 from skalenetwork/fix-readme 

Update README.md
parents 5544e74f 08dd6615
Hide whitespace changes
Inline Side-by-side
Showing with 49 additions and 28 deletions
README.md
View file @ 70b2aef9
...@@ -14,8 +14,9 @@ This sgxwallet library is still in active development and therefore should be re ...@@ -14,8 +14,9 @@ This sgxwallet library is still in active development and therefore should be re
## Install Prerequisites ## Install Prerequisites
``` ```bash
sudo apt-get install build-essential make cmake gcc g++ yasm python libprotobuf10 flex bison automake libtool texinfo libgcrypt20-dev libgnutls28-dev sudo apt-get install build-essential make cmake gcc g++ yasm python libprotobuf10 flex bison automake libtool texinfo libgcrypt20-dev libgnutls28-dev
``` ```
## Clone this repository and its submodules ## Clone this repository and its submodules
...@@ -41,8 +42,9 @@ To enable SGX using a software utility: ...@@ -41,8 +42,9 @@ To enable SGX using a software utility:
## Install SGX driver ## Install SGX driver
``` ```bash
cd scripts; sudo ./sgx_linux_x64_driver_2.5.0_2605efa.bin; cd .. cd scripts; sudo ./sgx_linux_x64_driver_2.5.0_2605efa.bin; cd ..
``` ```
Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed. Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed.
...@@ -50,28 +52,32 @@ If you do not see the `isgx` device, you need to troubleshoot your driver instal ...@@ -50,28 +52,32 @@ If you do not see the `isgx` device, you need to troubleshoot your driver instal
## Install SGX sdk ## Install SGX sdk
``` ```bash
cd scripts; sudo ./sgx_linux_x64_sdk_2.5.100.49891.bin; cd .. cd scripts; sudo ./sgx_linux_x64_sdk_2.5.100.49891.bin; cd ..
``` ```
## Install required debian packages ## Install required debian packages
``` ```bash
cd scripts; sudo ./install_packages.sh; cd .. cd scripts; sudo ./install_packages.sh; cd ..
``` ```
## Build dependencies ## Build dependencies
Dependencies only need to be built once. Dependencies only need to be built once.
``` ```bash
cd scripts; ./build.py; cd .. cd scripts; ./build.py; cd ..
``` ```
## Configure and build ## Configure and build
Go to the project's top directory, then run Go to the project's top directory, then run
```bash
libtoolize --force libtoolize --force
aclocal aclocal
autoheader autoheader
...@@ -79,21 +85,26 @@ automake --force-missing --add-missing ...@@ -79,21 +85,26 @@ automake --force-missing --add-missing
autoconf autoconf
./configure ./configure
make make
``` ```
## Running sgxwallet ## Running sgxwallet
Type: Type:
``` ```bash
`./sgxwallet` `./sgxwallet`
``` ```
## Build Docker container ## Build Docker container
sudo apt-get install -y docker.io; ```bash
cd docker; sudo apt-get install -y docker.io;
sudo docker build -t sgxcontainer . cd docker;
sudo docker build -t sgxcontainer .
```
## Run Docker container ## Run Docker container
...@@ -101,7 +112,10 @@ Enable SGX and install SGX driver on the host machine as described above. ...@@ -101,7 +112,10 @@ Enable SGX and install SGX driver on the host machine as described above.
Then run Then run
sudo docker run -di --network host --device /dev/isgx --device /dev/mei0 --name sgxwallet sgxcontainer ./start.sh ```bash
sudo docker run -di --network host --device /dev/isgx --device /dev/mei0 --name sgxwallet sgxcontainer ./start.sh
```
This will run the server in a Docker container named sgxwallet This will run the server in a Docker container named sgxwallet
...@@ -109,8 +123,11 @@ You can check that the server is running by doing ...@@ -109,8 +123,11 @@ You can check that the server is running by doing
You can start and stop running sgxwallet container by doing You can start and stop running sgxwallet container by doing
docker stop sgxwallet ```bash
docker start sgxwallet docker stop sgxwallet
docker start sgxwallet
```
## Development ## Development
...@@ -121,12 +138,11 @@ To add new source and include files to app and enclave, edit the corresponding * ...@@ -121,12 +138,11 @@ To add new source and include files to app and enclave, edit the corresponding *
If you change **.edl** file, you need to re-run configure too. If you change **.edl** file, you need to re-run configure too.
## Example of client certificate instantiation ## Example of client certificate instantiation
Go to the project's top directory, then run Go to the project's top directory, then run
``` ```bash
export CSR_FILE=a.csr export CSR_FILE=a.csr
export KEY_FILE=k.key export KEY_FILE=k.key
export CERT_NAME_UNIQUE=someVeryUniqueName export CERT_NAME_UNIQUE=someVeryUniqueName
...@@ -136,24 +152,29 @@ cat $KEY_FILE ...@@ -136,24 +152,29 @@ cat $KEY_FILE
export KEY_PEM_FILE=k.pem export KEY_PEM_FILE=k.pem
openssl rsa -in $KEY_FILE -text > $KEY_PEM_FILE openssl rsa -in $KEY_FILE -text > $KEY_PEM_FILE
cat $KEY_PEM_FILE cat $KEY_PEM_FILE
``` ```
Next, send content of `a.csr` as single line (by replacing real end of lines with `\n`) to port `1027`: Next, send content of `a.csr` as single line (by replacing real end of lines with `\n`) to port `1027`.
``` Example:
```bash
export URL_SGX_WALLET="http://127.0.0.1:1027" export URL_SGX_WALLET="http://127.0.0.1:1027"
curl -X POST --data '{ "jsonrpc": "2.0", "id": 2, "method": "SignCertificate", "params": { "certificate": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSc29tZVZlcnlVbmlxdWVOYW1lMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C4ceRhzMAZnG87PwlkzMROHsm3B\ncPydIeiqs1dieuuvVETJqbXAcOENNsGA+AdXjZwFkDuIS24p2yZ8AwuIMAwdMsGa\n5Hzk0ugOy52iPyGEuooqV94nnL6eWw/zryTvkk7j239wMWn5our5Ia1/CBQlXXo2\n4IWTWfWYOz26SWUh4DuvzMOheMVSxg3KLaxpx7Bq09p32lR9xpl53+HqxSDIMYh9\nC3y3kA6NdkKsGE/Jt4WoZ5S5LlrhYjw+PFTeX2lbGDZpn/sxQIM16Pxo2LCfefIa\nik+aZBEAlpn22ljLZ5sEcVgBmOlL+v3waq9u0AaSYzdGFRA+0ceVwU/QTQIDAQAB\noAAwDQYJKoZIhvcNAQELBQADggEBAJXodL69Q/8zDt24AySXK0ksV3C3l5l10Hno\nfF6zKypsYev33CFbZu6HweSgK2f21+DeI9TsGKJxI7K6MUqyH0pJhwlFSeMB5/qP\nJueqXMuvStZSp0GGTaNy7Al/jzOKYNf0ePsv/Rx8NcOdy7RCZE0gW998B5jKb66x\nPgy6QvD8CkZULiRScYlOC8Ex6nc+1Z54pRC1NFWs/ugGyFgLJHy0J2gNkOv6yfsl\nH3V/ocCYSoF4ToUQAxwx+dcy4PXrL9vKzRNJgWzsI/LzCZkglo8iis9YZQawDOUf\nGmDMDkr0Fx1W1tSEpvkw0flkAXZ8PhIGCC0320jkuPeClt7OWNs=\n-----END CERTIFICATE REQUEST-----\n" } }' -H 'content-type:application/json;' $URL_SGX_WALLET curl -X POST --data '{ "jsonrpc": "2.0", "id": 2, "method": "SignCertificate", "params": { "certificate": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSc29tZVZlcnlVbmlxdWVOYW1lMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C4ceRhzMAZnG87PwlkzMROHsm3B\ncPydIeiqs1dieuuvVETJqbXAcOENNsGA+AdXjZwFkDuIS24p2yZ8AwuIMAwdMsGa\n5Hzk0ugOy52iPyGEuooqV94nnL6eWw/zryTvkk7j239wMWn5our5Ia1/CBQlXXo2\n4IWTWfWYOz26SWUh4DuvzMOheMVSxg3KLaxpx7Bq09p32lR9xpl53+HqxSDIMYh9\nC3y3kA6NdkKsGE/Jt4WoZ5S5LlrhYjw+PFTeX2lbGDZpn/sxQIM16Pxo2LCfefIa\nik+aZBEAlpn22ljLZ5sEcVgBmOlL+v3waq9u0AaSYzdGFRA+0ceVwU/QTQIDAQAB\noAAwDQYJKoZIhvcNAQELBQADggEBAJXodL69Q/8zDt24AySXK0ksV3C3l5l10Hno\nfF6zKypsYev33CFbZu6HweSgK2f21+DeI9TsGKJxI7K6MUqyH0pJhwlFSeMB5/qP\nJueqXMuvStZSp0GGTaNy7Al/jzOKYNf0ePsv/Rx8NcOdy7RCZE0gW998B5jKb66x\nPgy6QvD8CkZULiRScYlOC8Ex6nc+1Z54pRC1NFWs/ugGyFgLJHy0J2gNkOv6yfsl\nH3V/ocCYSoF4ToUQAxwx+dcy4PXrL9vKzRNJgWzsI/LzCZkglo8iis9YZQawDOUf\nGmDMDkr0Fx1W1tSEpvkw0flkAXZ8PhIGCC0320jkuPeClt7OWNs=\n-----END CERTIFICATE REQUEST-----\n" } }' -H 'content-type:application/json;' $URL_SGX_WALLET
``` ```
Above produces on success: The above example produces on success:
``` ```
{"id":2,"jsonrpc":"2.0","result":{"errorMessage":"","result":true,"status":0}} {"id":2,"jsonrpc":"2.0","result":{"errorMessage":"","result":true,"status":0}}
``` ```
Next, generate client certificate signed by root ones: Next, generate the client certificate signed by root ones:
``` ```bash
cd cert cd cert
./create_client_cert ./create_client_cert
ls -1 ls -1
...@@ -161,26 +182,27 @@ cat client.crt ...@@ -161,26 +182,27 @@ cat client.crt
openssl x509 -inform PEM -in client.crt > client.pem openssl x509 -inform PEM -in client.crt > client.pem
cat client.pem cat client.pem
cd .. cd ..
``` ```
Finally, do a test call such as importing BLS key: Finally, execute a test call such as importing BLS key.
``` Example:
```bash
export URL_SGX_WALLET="https://127.0.0.1:1026" export URL_SGX_WALLET="https://127.0.0.1:1026"
curl \ curl \
-X POST --data '{ "jsonrpc": "2.0", "id": 1, "method": "importBLSKeyShare", "params": { "keyShareName": "nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C4ceRhzMAZnG87PwlkzMROHsm3B", "n": 2, "t": 2, "index" : 1, "keyShare": "21043165427057050523208250969869713544622230829814517880078280390613973680760" } }' -H 'content-type:application/json;' \ -X POST --data '{ "jsonrpc": "2.0", "id": 1, "method": "importBLSKeyShare", "params": { "keyShareName": "nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3C4ceRhzMAZnG87PwlkzMROHsm3B", "n": 2, "t": 2, "index" : 1, "keyShare": "21043165427057050523208250969869713544622230829814517880078280390613973680760" } }' -H 'content-type:application/json;' \
-v --cacert ./cert/rootCA.pem --key $KEY_PEM_FILE --cert ./cert/client.pem $URL_SGX_WALLET -k -v --cacert ./cert/rootCA.pem --key $KEY_PEM_FILE --cert ./cert/client.pem $URL_SGX_WALLET -k
```
Above produces on success:
``` ```
{"id":1,"jsonrpc":"2.0","result":{"encryptedKeyShare":"0400020000000000040effffff02000000000000000000000b000000000000ff0000000000000000cecb5d7bd507cb936464fdb6b88cfe80e38eae963af6a39b6b05cdfba5521c60000000f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000080000000000000000000000000000000875c0520e8d6739c440e0e5073633861769fc1d31d627e9a72c66d43871c62bce2cc48e821341e10784242c4c8aad6ca73a491cbf7453c2ff012b6b3d9d96823c0256992d9792ea60269789b2d51ae87c75fe522dbcb8053458c1bca421cbc57f4a58e4e5689d534ca0303db83c7a9e88cd23afe3a39e1a3801371c95e7ffa54e834c6be8853983dcaa1fa9f5e6959a5","errorMessage":"","status":0}}
```
The above example produces on success:
```
{"id":1,"jsonrpc":"2.0","result":{"encryptedKeyShare":"0400020000000000040effffff02000000000000000000000b000000000000ff0000000000000000cecb5d7bd507cb936464fdb6b88cfe80e38eae963af6a39b6b05cdfba5521c60000000f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000080000000000000000000000000000000875c0520e8d6739c440e0e5073633861769fc1d31d627e9a72c66d43871c62bce2cc48e821341e10784242c4c8aad6ca73a491cbf7453c2ff012b6b3d9d96823c0256992d9792ea60269789b2d51ae87c75fe522dbcb8053458c1bca421cbc57f4a58e4e5689d534ca0303db83c7a9e88cd23afe3a39e1a3801371c95e7ffa54e834c6be8853983dcaa1fa9f5e6959a5","errorMessage":"","status":0}}
```
If you change .edl file, you need to re-run configure too. If you change .edl file, you need to re-run configure too.
...@@ -201,4 +223,3 @@ If you change .edl file, you need to re-run configure too. ...@@ -201,4 +223,3 @@ If you change .edl file, you need to re-run configure too.
All contributions to sgxwallet are made under the [GNU Affero General Public License v3](https://www.gnu.org/licenses/agpl-3.0.en.html). See [LICENSE](LICENSE). All contributions to sgxwallet are made under the [GNU Affero General Public License v3](https://www.gnu.org/licenses/agpl-3.0.en.html). See [LICENSE](LICENSE).
Copyright (C) 2019-Present SKALE Labs. Copyright (C) 2019-Present SKALE Labs.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment