BLD: key exchange + quote (WIP)

.gitignore

@@ -116,4 +116,6 @@ crashlytics-build.properties
 fabric.properties
 
 /target
-**/*.rs.bk
+**/*.rs.bk
+
+enigma-types.h

.gitmodules

@@ -1,4 +0,0 @@
-[submodule "enclave/incubator-teaclave-sgx-sdk"]
-	path = enclave/incubator-teaclave-sgx-sdk
-	url = git@github.com:apache/incubator-teaclave-sgx-sdk.git
-	branch = v1.1.1-testing

api-server/README.md

@@ -69,18 +69,20 @@ The geolocation + datetime data is to be provided in an array in JSON format as
 		"lat": 40.757339,
 		"lng": -73.985992,
 		"startTS": 1583064000,
-		"endTS": 1583067600
+		"endTS": 1583067600,
+		"testResult": false,
 	},
 	{
 		"lat": 40.793840,
 		"lng": -73.956900,
 		"startTS": 1583150400,
-		"endTS": 1583154000
+		"endTS": 1583154000,
+		"testResult": true,
 	},
 
 ]
 ```
-In the example above, the first datapoint is for Times Square in New York City on March 1st, 2020 from 12pm to 1pm, whereas the second data point is somewhere in Central Park the following day March 2nd, 2020 from 12pm to 1pm.
+In the example above, the first datapoint is for Times Square in New York City on March 1st, 2020 from 12pm to 1pm, whereas the second data point is somewhere in Central Park the following day March 2nd, 2020 from 12pm to 1pm. This user did not test positive for Coronavirus the first day, but he tested positive the following day.
 
 
 # Installation

client/data.js

@@ -0,0 +1,33 @@
+module.exports.DataUser1 = [
+  {
+    "lat": 40.757339,
+    "lng": -73.985992,
+    "startTS": 1583064001,
+    "endTS": 1583067601,
+    "testResult": false,
+  },
+  {
+    "lat": 40.793840,
+    "lng": -73.956900,
+    "startTS": 1583150401,
+    "endTS": 1583154001,
+    "testResult": false,
+  },
+]
+
+module.exports.DataUser2 = [
+  {
+    "lat": 41.757339,
+    "lng": -73.985992,
+    "startTS": 1583064000,
+    "endTS": 1583067600,
+    "testResult": true,
+  },
+  {
+    "lat": 40.793840,
+    "lng": -73.956900,
+    "startTS": 1583150400,
+    "endTS": 1583154000,
+    "testResult": true,
+  },
+]

client/index.js

@@ -4,6 +4,7 @@ const EthCrypto = require('eth-crypto');
 const jaysonBrowserClient = require('jayson/lib/client/browser');
 const enigma = require('enigma-js/lib/enigma-js.node');
 const web3utils = require('web3-utils');
+const data = require('./data.js');
 
 
 const JSON_RPC_Server='http://localhost:8080';
@@ -47,15 +48,55 @@ function getClientKeys(seed='') {
   return {privateKey, publicKey};
 }
 
-async function add_data(userId, data){
+async function getEncryptionKey(publicKey) {
+  const getEncryptionKeyResult = await new Promise((resolve, reject) => {
+    client.request('newTaskEncryptionKey', {userPubKey: publicKey},
+        (err, response) => {
+          if (err) {
+            reject(err);
+            return;
+          }
+          resolve(response);
+        });
+    });
+
+  const {result, id} = getEncryptionKeyResult;
+  const {taskPubKey, sig} = result;
+  // ToDo: verify signature
+  return taskPubKey;
+}
+
+function encrypt(taskPubKey, privateKey, variable){
+    // Generate derived key from enclave public encryption key and user's private key
+    const derivedKey = enigma.utils.getDerivedKey(taskPubKey, privateKey);
+    // Encrypt function and ABI-encoded args
+    return enigma.utils.encryptMessage(derivedKey, variable);
+}
+
+function decrypt(taskPubKey, privateKey, enc_variable){
+    // Generate derived key from enclave public encryption key and user's private key
+    const derivedKey = enigma.utils.getDerivedKey(taskPubKey, privateKey);
+    // Decrypt function and ABI-encoded args
+    let outputHex = enigma.utils.decryptMessage(derivedKey, enc_variable);
+    let outputStr = enigma.utils.hexToAscii(outputHex);
+    return JSON.parse(outputStr);
+}
 
-  let {publicKey, privateKey} = getClientKeys();
 
-  console.log(publicKey)
+async function addData(userId, data){
+
+  let {publicKey, privateKey} = getClientKeys();
 
   try {
-    const getWorkerEncryptionKeyResult = await new Promise((resolve, reject) => {
-      client.request('newTaskEncryptionKey', {userPubKey: publicKey},
+    let taskPubKey = await getEncryptionKey(publicKey);
+    let encryptedUserId = encrypt(taskPubKey, privateKey, userId);
+    let encryptedData = encrypt(taskPubKey, privateKey, data);
+
+    const addPersonalDataResult = await new Promise((resolve, reject) => {
+      client.request('addPersonalData', {
+        encryptedUserId: encryptedUserId,
+        encryptedData: encryptedData,
+        userPubKey: publicKey},
           (err, response) => {
             if (err) {
               reject(err);
@@ -65,28 +106,30 @@ async function add_data(userId, data){
           });
       });
 
-    const {result, id} = getWorkerEncryptionKeyResult;
-    const {taskPubKey, sig} = result;
-    // ToDo: verify signature
+      const {addPersonalData} = addPersonalDataResult;
 
-    // Generate derived key from worker's encryption key and user's private key
-    const derivedKey = enigma.utils.getDerivedKey(taskPubKey, privateKey);
-    // Encrypt function and ABI-encoded args
-    const encryptedUserId = enigma.utils.encryptMessage(derivedKey, userId);
-    const encryptedData = enigma.utils.encryptMessage(derivedKey, data);
-    const msg = web3utils.soliditySha3(
-      {t: 'bytes', v: encryptedUserId},
-      {t: 'bytes', v: encryptedData},
-    );
+      if(addPersonalData.status == 0) {
+        console.log('Personal data added successfully to the enclave.');
+      } else {
+        console.log('Something went wrong. Time to debug...')
+      }
+  } catch(err) {
+    console.log(err);
+    // Or throw an error
+  }
+}
 
-    // const a = getClientKeys();
+async function findMatch(userId){
 
-    // console.log(a.publicKey);
+  let {publicKey, privateKey} = getClientKeys();
 
-    const addPersonalDataResult = await new Promise((resolve, reject) => {
-      client.request('addPersonalData', {
+  try {
+    let taskPubKey = await getEncryptionKey(publicKey);
+    let encryptedUserId = encrypt(taskPubKey, privateKey, userId);
+
+    const findMatchResult = await new Promise((resolve, reject) => {
+      client.request('findMatch', {
         encryptedUserId: encryptedUserId, 
-        encryptedData: encryptedData,
         userPubKey: publicKey},
           (err, response) => {
             if (err) {
@@ -97,26 +140,28 @@ async function add_data(userId, data){
           });
       });
 
-    const {addPersonalData} = addPersonalDataResult;
+    if(findMatchResult.findMatch.status == 0) {
+      console.log('Find Match operation successful');
 
-    if(addPersonalData.status == 0) {
-      console.log('Personal data added successfully to the enclave.');
+      let output = decrypt(taskPubKey, privateKey, findMatchResult.findMatch.encryptedOutput);
+
+      if(output.length){
+        console.log('Find matches:');
+        console.log(output);
+      } else {
+        console.log('No matches');
+      }
     } else {
       console.log('Something went wrong. Time to debug...')
     }
-
-
   } catch(err) {
-      console.log(err);
-      // Or Throw an error
+    console.log(err);
+    // Or throw an error
   }
-
 }
 
-add_data('myUserId', 'myDataString')
-
-
-
-let seed = '';
 
+addData('user1', JSON.stringify(data.DataUser1));
+addData('user2', JSON.stringify(data.DataUser2));
 
+findMatch('user1');

enclave/README.md

@@ -24,54 +24,28 @@ This folder contains the code that runs inside the enclave using Intel Secure Gu
 	git clone git@github.com:enigmampc/covid-self-reporting.git
 	```
 
-2. Move into this `enclave` subfolder:
+2. Install the SGX driver and SDK, as per these [instructions](https://github.com/enigmampc/EnigmaBlockchain/blob/master/docs/dev/setup-sgx.md).
 
-    ```bash
-    cd enclave
-    ```
 
-3. Initialize the gitsubmodule:
+3. Move into the `enclave/safetrace` subfolder:
 
     ```bash
-    cd incubator-teaclave-sgx-sdk
-    git submodule init
-    git submodule update
+    cd enclave/safetrac
     ```
 
-4. Install the SGX driver and SDK, as per these [instructions](https://github.com/enigmampc/EnigmaBlockchain/blob/master/docs/dev/setup-sgx.md).
-
-5. A sample code is temporarily included in this repo as a starting point. You can try it out:
+4. Compile the code:
 
     ```bash
-    cd hello-rust
     make
-    cd bin
-    ./app
     ```
 
-    *Note: This code is very particular, and you need to run `./app` from inside the `bin` folder. If you try to run it from anywhere else (e.g. its parent folder, as in `./bin/app`), you will get the following error, because it expects another file in the same folder from where the command is run:* 
+5. Run the enclave code:
 
     ```bash
-    [-] Init Enclave Failed SGX_ERROR_ENCLAVE_FILE_ACCESS!`*
-    ```
-
-    Which should print something similar to this:
-
-    ```bash
-    [+] Init Enclave Successful 2!
-    This is a normal world string passed into Enclave!
-    This is a in-Enclave Rust string!
-    gd: 1 0 0 1 
-    static: 1 eremove: 0 dyn: 0
-    EDMM: 0, feature: 9007268796301311
-    supported sgx
-    [+] say_something success...
+    cd bin
+    ./safetrace-app
     ```
 
 ## ToDo
 
-* Use the `hello-rust` folder and scaffolding for the COVID-19 code
-* Write the actual Rust code for the application
-* Implement Remote Attestation to provide proof of code running in legitimate enclave
-* Implement data sealing and unsealing choosing the right configuration so that data is uniquely assigned to this enclave
 * Sign code and deploy