def GetIasCertificates(config):
# load, initialize and create signup info the enclave library
# (signup info are not relevant here)
# the creation of signup info includes getting a verification report from IAS
try:
enclave_config = config['EnclaveModule']
pdo_enclave.initialize_with_configuration(enclave_config)
nonce = '{0:016X}'.format(123456789)
enclave_data = pdo_enclave.create_signup_info(nonce, nonce)
except Exception as e:
logger.error("unable to initialize a new enclave; %s", str(e))
sys.exit(-1)
# extract the IAS certificates from proof_data
pd_dict = json.loads(enclave_data.proof_data)
ias_certificates = pd_dict['certificates']
# dump the IAS certificates in the respective files
with open(IasRootCACertificate_FilePath, "w+") as file:
file.write("{0}".format(ias_certificates[1]))
with open(IasAttestationVerificationCertificate_FilePathname,
"w+") as file:
file.write("{0}".format(ias_certificates[0]))
# do a clean shutdown of enclave
pdo_enclave.shutdown()
return
def create_new_enclave(cls, txn_keys=None):
"""create_new_enclave -- create a new enclave
:param txn_keys: object of type TransactionKeys
"""
if txn_keys is None:
txn_keys = keys.TransactionKeys()
nonce = '{0:016X}'.format(random.getrandbits(64))
hashed_identity = txn_keys.hashed_identity
try:
enclave_data = pdo_enclave.create_signup_info(
hashed_identity, nonce)
except:
raise Exception('failed to create enclave signup data')
enclave_info = dict()
enclave_info['nonce'] = nonce
enclave_info['sealed_data'] = enclave_data.sealed_signup_data
enclave_info['verifying_key'] = enclave_data.verifying_key
enclave_info['encryption_key'] = enclave_data.encryption_key
enclave_info['enclave_id'] = enclave_data.verifying_key
enclave_info['proof_data'] = ''
if not pdo_enclave.enclave.is_sgx_simulator():
enclave_info['proof_data'] = enclave_data.proof_data
return cls(enclave_info, txn_keys)
def create_new_enclave(cls, txn_keys=None, block_store=None):
"""create_new_enclave -- create a new enclave
:param txn_keys: Used to sign the register_enclave transaction. For Sawtooth,
this is of type TransactionKeys, while for CCF, this is of type ServiceKeys
"""
if txn_keys is None:
txn_keys = keys.generate_txn_keys()
nonce = '{0:016X}'.format(random.getrandbits(64))
hashed_identity = txn_keys.hashed_identity
logger.debug("tx hashed identity: %s", hashed_identity)
try:
enclave_data = pdo_enclave.create_signup_info(
hashed_identity, nonce)
except:
raise Exception('failed to create enclave signup data')
enclave_info = dict()
enclave_info['nonce'] = nonce
enclave_info['sealed_data'] = enclave_data.sealed_signup_data
enclave_info['interpreter'] = enclave_data.interpreter
enclave_info['verifying_key'] = enclave_data.verifying_key
enclave_info['encryption_key'] = enclave_data.encryption_key
enclave_info['enclave_id'] = enclave_data.verifying_key
enclave_info['proof_data'] = ''
if not pdo_enclave.enclave.is_sgx_simulator():
enclave_info['proof_data'] = enclave_data.proof_data
return cls(enclave_info, txn_keys, block_store)
