Skip to content
Permalink
Browse files

[keys] Cleanup keys/certs and consolidate keys with auditors (#145)

  • Loading branch information
mssun committed Dec 12, 2019
1 parent b3978e8 commit 86898b6665052599025a36e2cd7729f635a620fb
@@ -1,26 +1,14 @@
**/ias_*
**/Cargo.lock
**/target
**/Enclave_u*
**/Enclave_t*
**/*.o
**/*.pyc
**/*.a
**/*.so
**/*.swp
**/.DS_Store
bin
out
cov.info
cov_report
# Makefile will help use to prepare a proper Cargo.toml and .cargo/config
/Cargo.toml
.cargo
/**/pkg_name
examples/**/*.log
*.sha256
/examples/image_resizing/logo.jpg
/cert/spid.txt
.vscode/*
# ignore the build dir which usually for cmake
/build

This file was deleted.

This file was deleted.

This file was deleted.

@@ -18,7 +18,7 @@ mkdir -p ${MESATEE_OUT_DIR} ${MESATEE_TARGET_DIR} ${MESATEE_SERVICE_INSTALL_DIR}
${MESATEE_EXAMPLE_INSTALL_DIR} ${MESATEE_BIN_INSTALL_DIR} ${MESATEE_LIB_INSTALL_DIR} \
${MESATEE_TEST_INSTALL_DIR} ${MESATEE_AUDITORS_DIR} ${MESATEE_EXAMPLE_AUDITORS_DIR}
# copy auditors to install directory to make it easy to package all built things
cp -RT ${CMAKE_SOURCE_DIR}/auditors/ ${MESATEE_AUDITORS_DIR}/
cp -RT ${CMAKE_SOURCE_DIR}/keys/auditors/ ${MESATEE_AUDITORS_DIR}/
cp ${CMAKE_SOURCE_DIR}/teaclave_config/runtime.config.toml ${MESATEE_SERVICE_INSTALL_DIR}
cp ${CMAKE_SOURCE_DIR}/teaclave_config/runtime.config.toml ${MESATEE_TEST_INSTALL_DIR}
# create the following symlinks to make remapped paths accessible and avoid repeated building
@@ -33,7 +33,7 @@ ${CMAKE_C_COMPILER} libEnclave_t.o -o \
-Wl,--defsym,__ImageBase=0 \
-Wl,--gc-sections \
-Wl,--version-script=${MESATEE_PROJECT_ROOT}/cmake/scripts/Enclave.lds
${SGX_ENCLAVE_SIGNER} sign -key ${MESATEE_PROJECT_ROOT}/cert/Enclave_private.pem \
${SGX_ENCLAVE_SIGNER} sign -key ${MESATEE_PROJECT_ROOT}/keys/enclave_signing_key.pem \
-enclave ${CUR_MODULE_NAME}.enclave.so \
-out ${CUR_INSTALL_DIR}/${CUR_MODULE_NAME}.enclave.signed.so \
-config ${MESATEE_PROJECT_ROOT}/${CUR_MODULE_PATH}/Enclave.config.xml \
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
@@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIYNTGhDVj0XKpNhlaHZhv8R8kZopjQg+3lLUiKWJpe2oAoGCCqGSM49
AwEHoUQDQgAEbVU0oGETuO9OYCGAPIyyN5i3RrFZqWBaBPBCFj8VsjoAMOagumK+
FxY7ULghfAjmAmvEERHmA2U0fcb6rHWU9A==
-----END EC PRIVATE KEY-----
@@ -1,16 +1,16 @@
# Teaclave Build Config

# Service provider's root CA certificate to verify clients
sp_root_ca_cert = { path = "../cert/ca.crt" }
sp_root_ca_cert = { path = "../keys/sp_root_ca_cert.pem" }

# Intel Attestation Service root CA certificate to verify attestation report
ias_root_ca_cert = { path = "../cert/AttestationReportSigningCACert.pem" }
ias_root_ca_cert = { path = "../keys/ias_root_ca_cert.pem" }

# Auditors' public keys to verify their endorsement signatures
auditor_public_keys = [
{ path = "../auditors/godzilla/godzilla.public.der" },
{ path = "../auditors/optimus_prime/optimus_prime.public.der" },
{ path = "../auditors/albus_dumbledore/albus_dumbledore.public.der"},
{ path = "../keys/auditors/godzilla/godzilla.public.der" },
{ path = "../keys/auditors/optimus_prime/optimus_prime.public.der" },
{ path = "../keys/auditors/albus_dumbledore/albus_dumbledore.public.der"},
]

# RPC max message size
@@ -1,6 +1,7 @@
use std::env;
use std::path::Path;
use std::process::Command;
use std::str;

fn main() {
let is_sim = env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string());
@@ -22,5 +23,11 @@ fn main() {
])
.output()
.expect("Cannot generate build_config.rs");
assert!(c.status.success());
if !c.status.success() {
panic!(
"stdout: {:?}, stderr: {:?}",
str::from_utf8(&c.stderr).unwrap(),
str::from_utf8(&c.stderr).unwrap()
);
}
}
@@ -24,7 +24,7 @@ enum ConfigSource {
fn display_config_source(config: &ConfigSource) -> String {
match config {
ConfigSource::Path(p) => {
let content = &fs::read(p).unwrap();
let content = &fs::read(p).expect(&format!("Failed to read file: {}", p.display()));
let mut output = String::new();
output.push_str("&[");
for b in content {
@@ -43,7 +43,7 @@ fn main() {
panic!("Please specify the path of build config toml and output path.");
}
let contents = fs::read_to_string(&args[1]).expect("Something went wrong reading the file");
let config: BuildConfigToml = toml::from_str(&contents).unwrap();
let config: BuildConfigToml = toml::from_str(&contents).expect("Failed to parse the config.");

let sp_root_ca_cert = display_config_source(&config.sp_root_ca_cert);
let ias_root_ca_cert = display_config_source(&config.ias_root_ca_cert);
@@ -81,6 +81,8 @@ fn main() {
));

let dest_path = Path::new(&args[2]);
let mut f = File::create(&dest_path).unwrap();
f.write_all(build_config_generated.as_bytes()).unwrap();
let mut f =
File::create(&dest_path).expect(&format!("Failed to create file: {}", dest_path.display()));
f.write_all(build_config_generated.as_bytes())
.expect(&format!("Failed to write file: {}", dest_path.display()));
}

0 comments on commit 86898b6

Please sign in to comment.
You can’t perform that action at this time.