SKALE-4262 add -e flag

8a11d1f9 · Oleh Nikolaiev · 72bb58de · 8a11d1f9 · 8a11d1f9 · 8a11d1f9
Unverified Commit 8a11d1f9 authored Jul 20, 2021 by Oleh Nikolaiev
8 changed files
--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -160,7 +160,7 @@ uint64_t initEnclave() {
 }
 void initAll(uint32_t _logLevel, bool _checkCert,
-             bool _checkZMQSig, bool _autoSign, bool _generateTestKeys) {
+             bool _checkZMQSig, bool _autoSign, bool _generateTestKeys, bool _checkKeyOwnership) {
    static atomic<bool> sgxServerInited(false);
    static mutex initMutex;
@@ -209,7 +209,7 @@ void initAll(uint32_t _logLevel, bool _checkCert,
        SGXRegistrationServer::initRegistrationServer(_autoSign);
        CSRManagerServer::initCSRManagerServer();
        SGXInfoServer::initInfoServer(_logLevel, _checkCert, _autoSign, _generateTestKeys);
-        ZMQServer::initZMQServer(_checkZMQSig, useHTTPS);
+        ZMQServer::initZMQServer(_checkZMQSig, _checkKeyOwnership);
        sgxServerInited = true;
    } catch (SGXException &_e) {

--- a/ServerInit.h
+++ b/ServerInit.h
@@ -32,7 +32,7 @@
 #define EXTERNC
 #endif
-EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _checkZMQSig, bool _autoSign, bool _generateTestKeys);
+EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _checkZMQSig, bool _autoSign, bool _generateTestKeys, bool _checkKeyOwnership);
 void exitAll();

--- a/docker/start.sh
+++ b/docker/start.sh
@@ -47,6 +47,6 @@ sleep 5
 ./testw.py
 else
 sleep 3
-./sgxwallet $1 $2 $3 $4 $5
+./sgxwallet $1 $2 $3 $4 $5 $6
 fi
--- a/run_sgx/docker-compose.yml
+++ b/run_sgx/docker-compose.yml
@@ -21,7 +21,7 @@ services:
      options:
        max-size: "10m"
        max-file: "4"
-    command: -s -y -d
+    command: -s -y -d -e
    healthcheck:
      test: ["CMD", "ls", "/dev/isgx", "/dev/mei0"]
--- a/run_sgx_sim/docker-compose.yml
+++ b/run_sgx_sim/docker-compose.yml
@@ -18,4 +18,4 @@ services:
      options:
        max-size: "10m"
        max-file: "4"
-    command: -s -y
+    command: -s -y -e
--- a/sgxwall.cpp
+++ b/sgxwall.cpp
@@ -55,6 +55,7 @@ void SGXWallet::printUsage() {
    cerr << "   -n  Use http instead of https. Default is to use https with a selg-signed server cert.  Insecure! \n";
    cerr << "   -c  Disable client authentication using certificates. Insecure!\n";
    cerr << "   -s  Sign client certificates without human confirmation. Insecure! \n";
+    cerr << "   -e  Only owner of the key can access it.\n";
 }
@@ -100,6 +101,7 @@ int main(int argc, char *argv[]) {
    bool checkClientCertOption = true;
    bool autoSignClientCertOption = false;
    bool generateTestKeys = false;
+    bool checkKeyOwnership = true;
    std::signal(SIGABRT, SGXWallet::signalHandler);
@@ -110,7 +112,7 @@ int main(int argc, char *argv[]) {
        exit(-21);
    }
-    while ((opt = getopt(argc, argv, "cshd0abyvVnT")) != -1) {
+    while ((opt = getopt(argc, argv, "cshd0abyvVneT")) != -1) {
        switch (opt) {
            case 'h':
                SGXWallet::printUsage();
@@ -136,6 +138,10 @@ int main(int argc, char *argv[]) {
                break;
            case 'n':
                useHTTPSOption = false;
+                checkKeyOwnership = false;
+                break;
+            case 'e':
+                checkKeyOwnership = true;
                break;
            case 'a':
                enterBackupKeyOption = false;
@@ -179,7 +185,7 @@ int main(int argc, char *argv[]) {
    }
    cerr << "Calling initAll ..." << endl;
-    initAll(enclaveLogLevel, checkClientCertOption, checkClientCertOption, autoSignClientCertOption, generateTestKeys);
+    initAll(enclaveLogLevel, checkClientCertOption, checkClientCertOption, autoSignClientCertOption, generateTestKeys, checkKeyOwnership);
    cerr << "Completed initAll." << endl;
    //check if test keys already exist

--- a/testw.cpp
+++ b/testw.cpp
@@ -73,7 +73,7 @@ public:
    TestFixture() {
        TestUtils::resetDB();
        setOptions(L_INFO, false, true);
-        initAll(L_INFO, false, false, true, false);
+        initAll(L_INFO, false, false, true, false, false);
    }
    ~TestFixture() {
@@ -87,7 +87,7 @@ public:
    TestFixtureHTTPS() {
        TestUtils::resetDB();
        setOptions(L_INFO, true, true);
-        initAll(L_INFO, false, true, true, false);
+        initAll(L_INFO, false, true, true, false, true);
    }
    ~TestFixtureHTTPS() {
@@ -101,7 +101,7 @@ public:
    TestFixtureZMQSign() {
        TestUtils::resetDB();
        setOptions(L_INFO, false, true);
-        initAll(L_INFO, false, true, true, false);
+        initAll(L_INFO, false, true, true, false, false);
    }
    ~TestFixtureZMQSign() {
@@ -114,7 +114,7 @@ class TestFixtureNoResetFromBackup {
 public:
    TestFixtureNoResetFromBackup() {
        setFullOptions(L_INFO, false, true, true);
-        initAll(L_INFO, false, false, true, false);
+        initAll(L_INFO, false, false, true, false, false);
    }
    ~TestFixtureNoResetFromBackup() {
@@ -128,7 +128,7 @@ class TestFixtureNoReset {
 public:
    TestFixtureNoReset() {
        setOptions(L_INFO, false, true);
-        initAll(L_INFO, false, false, true, false);
+        initAll(L_INFO, false, false, true, false, false);
    }
    ~TestFixtureNoReset() {

--- a/zmq_src/ReqMessage.cpp
+++ b/zmq_src/ReqMessage.cpp
@@ -155,7 +155,7 @@ Json::Value createBLSPrivateKeyReqMessage::process() {
    auto secretShare = getStringRapid("secretShare");
    auto t = getInt64Rapid("t");
    auto n = getInt64Rapid("n");
-    if (checkKeyOwnership && !isKeyByOwner(ethKeyName, getStringRapid("cert")) || !isKeyByOwner(polyName, getStringRapid("cert"))) {
+    if (checkKeyOwnership && (!isKeyByOwner(ethKeyName, getStringRapid("cert")) || !isKeyByOwner(polyName, getStringRapid("cert")))) {
        throw std::invalid_argument("Only owner of the key can access it");
    }
    auto result = SGXWalletServer::createBLSPrivateKeyV2Impl(blsKeyName, ethKeyName, polyName, secretShare, t, n);