ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-28 07:04:12 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Address comments #2

Browse Source
This commit is contained in:
Andras Slemmer 2017-06-15 12:04:59 +01:00
parent 904252c0bb
commit 4e38d45a41
5 changed files with 41 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.idea/compiler.xml generated
View File

@ -75,6 +75,8 @@
<module name="samples_test" target="1.8" /> <module name="samples_test" target="1.8" />
<module name="sandbox_main" target="1.8" /> <module name="sandbox_main" target="1.8" />
<module name="sandbox_test" target="1.8" /> <module name="sandbox_test" target="1.8" />
<module name="sgx-jvm_hsm-tool_main" target="1.8" />
<module name="sgx-jvm_hsm-tool_test" target="1.8" />
<module name="sgx-jvm_main" target="1.8" /> <module name="sgx-jvm_main" target="1.8" />
<module name="sgx-jvm_sgx-signtool_main" target="1.8" /> <module name="sgx-jvm_sgx-signtool_main" target="1.8" />
<module name="sgx-jvm_sgx-signtool_test" target="1.8" /> <module name="sgx-jvm_sgx-signtool_test" target="1.8" />

18
sgx-jvm/hsm-tool/src/main/kotlin/com/r3cev/sgx/config/ToolConfig.kt
View File

@ -10,7 +10,7 @@ import java.nio.file.Paths
import kotlin.system.exitProcess import kotlin.system.exitProcess
enum class Mode { enum class Mode {
GenerateKey, GenerateSgxKey,
Sign Sign
} }
@ -33,6 +33,7 @@ data class ToolConfig(val config: Config) {
} catch (e: Exception) { } catch (e: Exception) {
println(e.message) println(e.message)
parser.printHelpOn(System.out) parser.printHelpOn(System.out)
printModeHelp()
exitProcess(1) exitProcess(1)
} }
@ -93,7 +94,10 @@ data class ToolConfig(val config: Config) {
requireNotNull(signatureOutputPath) requireNotNull(signatureOutputPath)
requireNotNull(publicKeyOutputPath) requireNotNull(publicKeyOutputPath)
} }
Mode.GenerateKey -> { Mode.GenerateSgxKey -> {
require(sourcePath == null)
require(signatureOutputPath == null)
require(publicKeyOutputPath == null)
} }
} }
} }
@ -113,3 +117,13 @@ data class ToolConfig(val config: Config) {
} }
} }
fun printModeHelp() {
val message = listOf(
"This tool may be run in two modes, --mode=GenerateSgxKey and --mode=Sign.",
"Both may take --profile as an argument to indicate what HSM profile to use (see sgxtool.cfg)",
"--mode=Sign expects --sourcePath={path to blob to sign}, --signatureOutputPath={path to result signature} and --publicKeyOutputPath={path to output public key}.",
"Providing any of these arguments in --mode=GenerateSgxKey results in an error."
)
println(message.joinToString("\n"))
}

4
sgx-jvm/hsm-tool/src/main/kotlin/com/r3cev/sgx/hsmtool/Main.kt
View File

@ -47,7 +47,7 @@ fun sign(config: ToolConfig) {
} }
} }
fun generateKey(config: ToolConfig) { fun generateSgxKey(config: ToolConfig) {
val generateFlag = if (config.overwriteKey) { val generateFlag = if (config.overwriteKey) {
println("!!! WARNING: OVERWRITING KEY NAMED ${config.keyName} !!!") println("!!! WARNING: OVERWRITING KEY NAMED ${config.keyName} !!!")
CryptoServerCXI.FLAG_OVERWRITE CryptoServerCXI.FLAG_OVERWRITE
@ -102,7 +102,7 @@ fun main(args: Array<String>) {
try { try {
when (config.mode) { when (config.mode) {
Mode.Sign -> sign(config) Mode.Sign -> sign(config)
Mode.GenerateKey -> generateKey(config) Mode.GenerateSgxKey -> generateSgxKey(config)
} }
println("Done!") println("Done!")
} catch (exception: Throwable) { } catch (exception: Throwable) {

2
sgx-jvm/noop-enclave/CMakeLists.txt
View File

@ -142,7 +142,7 @@ add_custom_target(signed-hsm DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNE
# HSM KEY # HSM KEY
add_custom_command( add_custom_command(
OUTPUT __generate-key-hsm-dummy__ OUTPUT __generate-key-hsm-dummy__
COMMAND java -jar ${HSM_SGX_TOOL} --mode=GenerateKey --profile=\${PROFILE} \$\(shell bash -c '[[ \${OVERWRITE} = "true" ]] && echo "--overwriteKey"' \) COMMAND java -jar ${HSM_SGX_TOOL} --mode=GenerateSgxKey --profile=\${PROFILE} \$\(shell bash -c '[[ \${OVERWRITE} = "true" ]] && echo "--overwriteKey"' \)
) )
add_custom_target(generate-key-hsm DEPENDS __generate-key-hsm-dummy__) add_custom_target(generate-key-hsm DEPENDS __generate-key-hsm-dummy__)
# /HSM KEY # /HSM KEY

29
sgx-jvm/noop-enclave/README.md
View File

@ -10,17 +10,28 @@ How to run
The following Makefile targets execute different steps in the signing process and output into build/ The following Makefile targets execute different steps in the signing process and output into build/
`make unsigned` will build the unsigned enclave (noop\_enclave.unsigned.so).
* `make unsigned` will build the unsigned enclave (noop\_enclave.unsigned.so).
The following targets use OpenSSL instead of the HSM: The following targets use OpenSSL instead of the HSM:
`make signed-openssl` will sign the unsigned enclave with openssl using selfsigning.pem (noop\_enclave.signed.openssl.so).
`make sigstruct-openssl` will extract the SIGSTRUCT into a blob as well as a pretty printed txt from the openssl signed enclave (noop\_enclave.sigstruct.openssl.bin, noop\_enclave.sigstruct-pretty.openssl.txt). * `make signed-openssl` will sign the unsigned enclave with openssl using selfsigning.pem (noop\_enclave.signed.openssl.so).
* `make sigstruct-openssl` will extract the SIGSTRUCT into a blob as well as a pretty printed txt from the openssl signed enclave (noop\_enclave.sigstruct.openssl.bin, noop\_enclave.sigstruct-pretty.openssl.txt).
The following targets use the HSM. They require an extra `PROFILE=[dev|prod]` argument to indicate whether to use a local HSM simulator or the real thing. The following targets use the HSM. They require an extra `PROFILE=[dev|prod]` argument to indicate whether to use a local HSM simulator or the real thing.
`make generate-key-hsm PROFILE=[dev|prod] [OVERWRITE=true]` will generate a fresh key for the profile. By default this will not overwrite an existing key, for that pass in MODE=overwrite.
`make signed-hsm PROFILE=[dev|prod]` will sign the unsigned enclave with the HSM. This target requires authentication (noop\_enclave.signed.hsm.so).
`make sigstruct-hsm PROFILE=[dev|prod]` will extract the SIGSTRUCT into a blob as well as a pretty printed txt from the HSM signed enclave (noop\_enclave.sigstruct.hsm.bin, noop\_enclave.sigstruct-pretty.hsm.txt).
`make noop_test` will create a test binary that loads an enclave and runs the noop ECALL inside it. For example: * `make generate-key-hsm PROFILE=[dev|prod] [OVERWRITE=true]` will generate a fresh key for the profile. By default this will not overwrite an existing key, for that pass in OVERWRITE=true.
`./build/noop_test ./build/noop_enclave.signed.openssl.so`
will run the noop ECALL using the openssl signed enclave. * `make signed-hsm PROFILE=[dev|prod]` will sign the unsigned enclave with the HSM. This target requires authentication (noop\_enclave.signed.hsm.so).
* `make sigstruct-hsm PROFILE=[dev|prod]` will extract the SIGSTRUCT into a blob as well as a pretty printed txt from the HSM signed enclave (noop\_enclave.sigstruct.hsm.bin, noop\_enclave.sigstruct-pretty.hsm.txt).
* `make noop_test` will create a test binary that loads an enclave and runs the noop ECALL inside it. For example:
`./build/noop_test ./build/noop_enclave.signed.openssl.so`
will run the noop ECALL using the openssl signed enclave.