Modified as per submission spec

cb13713a · kladko · fd2507a9 · cb13713a · cb13713a
Unverified Commit cb13713a authored Aug 17, 2020 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 14 deletions

generate_signing_key.bash scripts/generate_signing_key.bash +7 -2

sign_enclave.bash scripts/sign_enclave.bash +11 -12

No files found.
--- a/scripts/generate_signing_key.bash
+++ b/scripts/generate_signing_key.bash
 #/bin/bash
 set -x
 set -e
-openssl genrsa -out skale_sgx_insecure_test_private_key1.pem -3 3072
-openssl rsa -in skale_sgx_insecure_test_private_key1.pem -pubout -out skale_sgx_insecure_test_public_key1.pem
+export KEY_VERSION=0;
+mkdir -p ../signedenclaves
+openssl genrsa -out ../signed_enclaves/skale_sgx_private_key${KEY_VERSION}.pem -3 3072
+openssl rsa -in ../signed_enclaves/skale_sgx_private_key${KEY_VERSION}.pem -pubout -out ../signed_enclaves/skale_sgx_public_key${KEY_VERSION}.pem
--- a/scripts/sign_enclave.bash
+++ b/scripts/sign_enclave.bash
@@ -3,26 +3,25 @@ set -x
 set -e
 export ENCLAVE_VERSION=0;
+export KEY_VERSION=0;
+mkdir -p ../signed_enclaves
-rm -f skale_sgx_enclave_hash1.hex skale_sgx_enclave_signature1.hex ../secure_enclave/secure_enclave_signed.so skale_sgx_enclave_metadata_info1.txt 
+rm -f skale_sgx_enclave_hash${ENCLAVE_VERSION}.hex skale_sgx_enclave_signature${ENCLAVE_VERSION}.hex ../signed_enclaves/secure_enclave_signed.so ../signed_enclaves/skale_sgx_enclave_metadata_info${ENCLAVE_VERSION}.txt 
-/opt/intel/sgxsdk/bin/x64/sgx_sign gendata -enclave ../secure_enclave/secure_enclave.so -config ../secure_enclave/secure_enclave.config.xml -out skale_sgx_enclave_hash1.hex
+/opt/intel/sgxsdk/bin/x64/sgx_sign gendata -enclave ../secure_enclave/secure_enclave.so -config ../secure_enclave/secure_enclave.config.xml -out ../signed_enclaves/skale_sgx_enclave_hash${ENCLAVE_VERSION}.hex
-openssl dgst -sha256 -out skale_sgx_enclave_signature1.hex -sign skale_sgx_private_key1.pem -keyform PEM skale_sgx_enclave_hash1.hex
+openssl dgst -sha256 -out ../signed_enclaves/skale_sgx_enclave_signature${ENCLAVE_VERSION}.hex -sign ../signed_enclaves/skale_sgx_private_key${KEY_VERSION}.pem -keyform PEM ../signed_enclaves/skale_sgx_enclave_hash${ENCLAVE_VERSION}.hex
-/opt/intel/sgxsdk/bin/x64/sgx_sign catsig -enclave ../secure_enclave/secure_enclave.so -config ../secure_enclave/secure_enclave.config.xml  -out ../secure_enclave/secure_enclave_signed1.so -key skale_sgx_public_key1.pem -sig skale_sgx_enclave_signature1.hex -unsigned skale_sgx_enclave_hash1.hex
+/opt/intel/sgxsdk/bin/x64/sgx_sign catsig -enclave ../secure_enclave/secure_enclave.so -config ../secure_enclave/secure_enclave.config.xml  -out ../signed_enclaves/secure_enclave_signed${ENCLAVE_VERSION}.so -key ../signed_enclaves/skale_sgx_public_key${ENCLAVE_VERSION}.pem -sig ../signed_enclaves/skale_sgx_enclave_signature${ENCLAVE_VERSION}.hex -unsigned ../signed_enclaves/skale_sgx_enclave_hash${ENCLAVE_VERSION}.hex
+rm -rf ../signed_enclaves/submission${ENCLAVE_VERSION}
+mkdir -p ../signed_enclaves/submission${ENCLAVE_VERSION}
-rm -rf submission
+/opt/intel/sgxsdk/bin/x64/sgx_sign dump -enclave ../signed_enclaves/secure_enclave_signed${ENCLAVE_VERSION}.so -dumpfile ../signed_enclaves/skale_sgx_enclave_metadata_info${ENCLAVE_VERSION}.txt -cssfile ../signed_enclaves/submission${ENCLAVE_VERSION}/nodeanstalt_sgxwallet_PUTWHITELISTENTRYIDHERE_sigstruct.bin
-mkdir -p submission
+tail -n 6 ../signed_enclaves/skale_sgx_enclave_metadata_info${ENCLAVE_VERSION}.txt > ../signed_enclaves/submission${ENCLAVE_VERSION}/skale_sgx_enclave_mrsigner${ENCLAVE_VERSION}.txt
+rm -rf ../signed_enclaves/skale_sgx_private_key${ENCLAVE_VERSION}.pem
-/opt/intel/sgxsdk/bin/x64/sgx_sign dump -enclave ../secure_enclave/secure_enclave_signed1.so -dumpfile skale_sgx_enclave_metadata_info1.txt -cssfile submission/nodeanstalt_sgxwallet_PUTWHITELISTENTRYIDHERE_sigstruct.bin
-tail skale_sgx_enclave_metadata_info1.txt > submission/skale_sgx_enclave_mrsigner1.txt
-rm -rf skale_sgx_private_key1.pem