SKALE-4262 add -e flag

ServerInit.cpp

@@ -160,7 +160,7 @@ uint64_t initEnclave() {
 }
 
 void initAll(uint32_t _logLevel, bool _checkCert,
-             bool _checkZMQSig, bool _autoSign, bool _generateTestKeys) {
+             bool _checkZMQSig, bool _autoSign, bool _generateTestKeys, bool _checkKeyOwnership) {
 
     static atomic<bool> sgxServerInited(false);
     static mutex initMutex;
@@ -209,7 +209,7 @@ void initAll(uint32_t _logLevel, bool _checkCert,
         SGXRegistrationServer::initRegistrationServer(_autoSign);
         CSRManagerServer::initCSRManagerServer();
         SGXInfoServer::initInfoServer(_logLevel, _checkCert, _autoSign, _generateTestKeys);
-        ZMQServer::initZMQServer(_checkZMQSig, useHTTPS);
+        ZMQServer::initZMQServer(_checkZMQSig, _checkKeyOwnership);
 
         sgxServerInited = true;
     } catch (SGXException &_e) {

ServerInit.h

@@ -32,7 +32,7 @@
 #define EXTERNC
 #endif
 
-EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _checkZMQSig, bool _autoSign, bool _generateTestKeys);
+EXTERNC void initAll(uint32_t  _logLevel, bool _checkCert, bool _checkZMQSig, bool _autoSign, bool _generateTestKeys, bool _checkKeyOwnership);
 
 void exitAll();
 

docker/start.sh

@@ -47,6 +47,6 @@ sleep 5
 ./testw.py
 else
 sleep 3
-./sgxwallet $1 $2 $3 $4 $5
+./sgxwallet $1 $2 $3 $4 $5 $6
 fi
 

run_sgx/docker-compose.yml

@@ -21,7 +21,7 @@ services:
       options:
         max-size: "10m"
         max-file: "4"
-    command: -s -y -d
+    command: -s -y -d -e
     healthcheck:
       test: ["CMD", "ls", "/dev/isgx", "/dev/mei0"]
 

run_sgx_sim/docker-compose.yml

@@ -18,4 +18,4 @@ services:
       options:
         max-size: "10m"
         max-file: "4"
-    command: -s -y
+    command: -s -y -e

sgxwall.cpp

@@ -55,6 +55,7 @@ void SGXWallet::printUsage() {
     cerr << "   -n  Use http instead of https. Default is to use https with a selg-signed server cert.  Insecure! \n";
     cerr << "   -c  Disable client authentication using certificates. Insecure!\n";
     cerr << "   -s  Sign client certificates without human confirmation. Insecure! \n";
+    cerr << "   -e  Only owner of the key can access it.\n";
 }
 
 
@@ -100,6 +101,7 @@ int main(int argc, char *argv[]) {
     bool checkClientCertOption = true;
     bool autoSignClientCertOption = false;
     bool generateTestKeys = false;
+    bool checkKeyOwnership = true;
 
     std::signal(SIGABRT, SGXWallet::signalHandler);
 
@@ -110,7 +112,7 @@ int main(int argc, char *argv[]) {
         exit(-21);
     }
 
-    while ((opt = getopt(argc, argv, "cshd0abyvVnT")) != -1) {
+    while ((opt = getopt(argc, argv, "cshd0abyvVneT")) != -1) {
         switch (opt) {
             case 'h':
                 SGXWallet::printUsage();
@@ -136,6 +138,10 @@ int main(int argc, char *argv[]) {
                 break;
             case 'n':
                 useHTTPSOption = false;
+                checkKeyOwnership = false;
+                break;
+            case 'e':
+                checkKeyOwnership = true;
                 break;
             case 'a':
                 enterBackupKeyOption = false;
@@ -179,7 +185,7 @@ int main(int argc, char *argv[]) {
     }
 
     cerr << "Calling initAll ..." << endl;
-    initAll(enclaveLogLevel, checkClientCertOption, checkClientCertOption, autoSignClientCertOption, generateTestKeys);
+    initAll(enclaveLogLevel, checkClientCertOption, checkClientCertOption, autoSignClientCertOption, generateTestKeys, checkKeyOwnership);
     cerr << "Completed initAll." << endl;
 
     //check if test keys already exist

testw.cpp

@@ -73,7 +73,7 @@ public:
     TestFixture() {
         TestUtils::resetDB();
         setOptions(L_INFO, false, true);
-        initAll(L_INFO, false, false, true, false);
+        initAll(L_INFO, false, false, true, false, false);
     }
 
     ~TestFixture() {
@@ -87,7 +87,7 @@ public:
     TestFixtureHTTPS() {
         TestUtils::resetDB();
         setOptions(L_INFO, true, true);
-        initAll(L_INFO, false, true, true, false);
+        initAll(L_INFO, false, true, true, false, true);
     }
 
     ~TestFixtureHTTPS() {
@@ -101,7 +101,7 @@ public:
     TestFixtureZMQSign() {
         TestUtils::resetDB();
         setOptions(L_INFO, false, true);
-        initAll(L_INFO, false, true, true, false);
+        initAll(L_INFO, false, true, true, false, false);
     }
 
     ~TestFixtureZMQSign() {
@@ -114,7 +114,7 @@ class TestFixtureNoResetFromBackup {
 public:
     TestFixtureNoResetFromBackup() {
         setFullOptions(L_INFO, false, true, true);
-        initAll(L_INFO, false, false, true, false);
+        initAll(L_INFO, false, false, true, false, false);
     }
 
     ~TestFixtureNoResetFromBackup() {
@@ -128,7 +128,7 @@ class TestFixtureNoReset {
 public:
     TestFixtureNoReset() {
         setOptions(L_INFO, false, true);
-        initAll(L_INFO, false, false, true, false);
+        initAll(L_INFO, false, false, true, false, false);
     }
 
     ~TestFixtureNoReset() {

zmq_src/ReqMessage.cpp

@@ -155,7 +155,7 @@ Json::Value createBLSPrivateKeyReqMessage::process() {
     auto secretShare = getStringRapid("secretShare");
     auto t = getInt64Rapid("t");
     auto n = getInt64Rapid("n");
-    if (checkKeyOwnership && !isKeyByOwner(ethKeyName, getStringRapid("cert")) || !isKeyByOwner(polyName, getStringRapid("cert"))) {
+    if (checkKeyOwnership && (!isKeyByOwner(ethKeyName, getStringRapid("cert")) || !isKeyByOwner(polyName, getStringRapid("cert")))) {
         throw std::invalid_argument("Only owner of the key can access it");
     }
     auto result = SGXWalletServer::createBLSPrivateKeyV2Impl(blsKeyName, ethKeyName, polyName, secretShare, t, n);