Unverified Commit bdb3bd1c authored by kladko's avatar kladko

Fixing backup key

parent e815de42
FROM skalenetwork/sgxwallet_base:latest FROM skalenetwork/sgxwallet_base:latest
COPY . /usr/src/sdk COPY . /usr/src/sdk
RUN apt update && apt install -y curl RUN apt update && apt install -y curl secure-delete
WORKDIR /usr/src/sdk WORKDIR /usr/src/sdk
RUN touch /var/hwmode RUN touch /var/hwmode
RUN ./autoconf.bash RUN ./autoconf.bash
......
...@@ -2,7 +2,7 @@ FROM skalenetwork/sgxwallet_base:latest ...@@ -2,7 +2,7 @@ FROM skalenetwork/sgxwallet_base:latest
COPY . /usr/src/sdk COPY . /usr/src/sdk
RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml RUN cp -f secure_enclave/secure_enclave.config.xml.release secure_enclave/secure_enclave.config.xml
RUN apt update && apt install -y curl RUN apt update && apt install -y curl secure-delete
WORKDIR /usr/src/sdk WORKDIR /usr/src/sdk
#Test signing key generation #Test signing key generation
RUN cd scripts && ./generate_signing_key.bash RUN cd scripts && ./generate_signing_key.bash
......
FROM skalenetwork/sgxwallet_base:latest FROM skalenetwork/sgxwallet_base:latest
RUN apt update && apt install -y curl RUN apt update && apt install -y curl secure-delete
RUN ccache -sz RUN ccache -sz
......
...@@ -78,6 +78,9 @@ void create_test_key() { ...@@ -78,6 +78,9 @@ void create_test_key() {
LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data()); LevelDB::getLevelDb() -> writeDataUnique("TEST_KEY", hexEncrKey.data());
} }
#include <experimental/filesystem>
bool check_SEK(const std::string& SEK) { bool check_SEK(const std::string& SEK) {
std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY"); std::shared_ptr <std::string> test_key_ptr = LevelDB::getLevelDb() -> readString("TEST_KEY");
vector<uint8_t> encr_test_key(BUF_LEN, 0); vector<uint8_t> encr_test_key(BUF_LEN, 0);
...@@ -131,7 +134,10 @@ void gen_SEK() { ...@@ -131,7 +134,10 @@ void gen_SEK() {
char SEK[65]; char SEK[65];
memset(SEK, 0, 65); memset(SEK, 0, 65);
spdlog::error("Generating backup key. Will be stored in backup_key.txt ... " );
status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK); status = trustedGenerateSEK(eid, &err_status, errMsg.data(), encr_SEK.data(), &enc_len, SEK);
if ( status != SGX_SUCCESS ) { if ( status != SGX_SUCCESS ) {
throw SGXException(status, errMsg.data()) ; throw SGXException(status, errMsg.data()) ;
} }
...@@ -140,19 +146,28 @@ void gen_SEK() { ...@@ -140,19 +146,28 @@ void gen_SEK() {
throw SGXException(err_status, errMsg.data()) ; throw SGXException(err_status, errMsg.data()) ;
} }
if ( strnlen(SEK,33) != 32) {
throw SGXException(-1, "strnlen(SEK,33) != 32" ) ;
}
vector<char> hexEncrKey(2 * enc_len + 1, 0); vector<char> hexEncrKey(2 * enc_len + 1, 0);
carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data()); carray2Hex(encr_SEK.data(), enc_len, hexEncrKey.data());
std::ofstream sek_file("backup_key.txt"); std::ofstream sek_file("backup_key.txt");
sek_file.clear(); sek_file.clear();
cout << "ATTENTION! YOUR BACKUP KEY WILL BE WRITTEN INTO backup_key.txt.\n" <<
"PLEASE COPY IT TO THE SAFE PLACE AND THEN DELETE THE FILE MANUALLY BY RUNNING THE FOLLOWING COMMAND:\n" <<
"`docker exec -it <SGX_CONTAINER_NAME> bash && apt-get install secure-delete && srm -vz backup_key.txt`" << endl;
sek_file << SEK; sek_file << SEK;
if (!autoconfirm) {
cout << "ATTENTION! YOUR BACKUP KEY HAS BEEN WRITTEN INTO sgx_data/backup_key.txt \n" <<
"PLEASE COPY IT TO THE SAFE PLACE AND THEN DELETE THE FILE MANUALLY BY RUNNING THE FOLLOWING COMMAND:\n" <<
"apt-get install secure-delete && srm -vz sgx_data/backup_key.txt" << endl;
if (!autoconfirm) {
std::string confirm_str = "I confirm"; std::string confirm_str = "I confirm";
std::string buffer; std::string buffer;
do { do {
...@@ -162,6 +177,9 @@ void gen_SEK() { ...@@ -162,6 +177,9 @@ void gen_SEK() {
} while (case_insensitive_match(confirm_str, buffer)); } while (case_insensitive_match(confirm_str, buffer));
} }
LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data()); LevelDB::getLevelDb()->writeDataUnique("SEK", hexEncrKey.data());
create_test_key(); create_test_key();
......
...@@ -228,6 +228,7 @@ void sealHexSEK(int *errStatus, char *errString, ...@@ -228,6 +228,7 @@ void sealHexSEK(int *errStatus, char *errString,
CHECK_STATE(encrypted_sek); CHECK_STATE(encrypted_sek);
CHECK_STATE(sek_hex); CHECK_STATE(sek_hex);
CHECK_STATE(strnlen(sek_hex, 33) == 32)
uint64_t plaintextLen = strlen(sek_hex + 1); uint64_t plaintextLen = strlen(sek_hex + 1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment