def GetIasCertificates(config): # load, initialize and create signup info the enclave library # (signup info are not relevant here) # the creation of signup info includes getting a verification report from IAS try: enclave_config = config['EnclaveModule'] pdo_enclave.initialize_with_configuration(enclave_config) nonce = '{0:016X}'.format(123456789) enclave_data = pdo_enclave.create_signup_info(nonce, nonce) except Exception as e: logger.error("unable to initialize a new enclave; %s", str(e)) sys.exit(-1) # extract the IAS certificates from proof_data pd_dict = json.loads(enclave_data.proof_data) ias_certificates = pd_dict['certificates'] # dump the IAS certificates in the respective files with open(IasRootCACertificate_FilePath, "w+") as file: file.write("{0}".format(ias_certificates[1])) with open(IasAttestationVerificationCertificate_FilePathname, "w+") as file: file.write("{0}".format(ias_certificates[0])) # do a clean shutdown of enclave pdo_enclave.shutdown() return
def create_new_enclave(cls, txn_keys=None): """create_new_enclave -- create a new enclave :param txn_keys: object of type TransactionKeys """ if txn_keys is None: txn_keys = keys.TransactionKeys() nonce = '{0:016X}'.format(random.getrandbits(64)) hashed_identity = txn_keys.hashed_identity try: enclave_data = pdo_enclave.create_signup_info( hashed_identity, nonce) except: raise Exception('failed to create enclave signup data') enclave_info = dict() enclave_info['nonce'] = nonce enclave_info['sealed_data'] = enclave_data.sealed_signup_data enclave_info['verifying_key'] = enclave_data.verifying_key enclave_info['encryption_key'] = enclave_data.encryption_key enclave_info['enclave_id'] = enclave_data.verifying_key enclave_info['proof_data'] = '' if not pdo_enclave.enclave.is_sgx_simulator(): enclave_info['proof_data'] = enclave_data.proof_data return cls(enclave_info, txn_keys)
def create_new_enclave(cls, txn_keys=None, block_store=None): """create_new_enclave -- create a new enclave :param txn_keys: Used to sign the register_enclave transaction. For Sawtooth, this is of type TransactionKeys, while for CCF, this is of type ServiceKeys """ if txn_keys is None: txn_keys = keys.generate_txn_keys() nonce = '{0:016X}'.format(random.getrandbits(64)) hashed_identity = txn_keys.hashed_identity logger.debug("tx hashed identity: %s", hashed_identity) try: enclave_data = pdo_enclave.create_signup_info( hashed_identity, nonce) except: raise Exception('failed to create enclave signup data') enclave_info = dict() enclave_info['nonce'] = nonce enclave_info['sealed_data'] = enclave_data.sealed_signup_data enclave_info['interpreter'] = enclave_data.interpreter enclave_info['verifying_key'] = enclave_data.verifying_key enclave_info['encryption_key'] = enclave_data.encryption_key enclave_info['enclave_id'] = enclave_data.verifying_key enclave_info['proof_data'] = '' if not pdo_enclave.enclave.is_sgx_simulator(): enclave_info['proof_data'] = enclave_data.proof_data return cls(enclave_info, txn_keys, block_store)