diff --git a/build/Makefile b/build/Makefile index c94817dc..d44cde3a 100644 --- a/build/Makefile +++ b/build/Makefile @@ -89,6 +89,7 @@ $(DSTDIR) : @mkdir -p $(DSTDIR)/opt/pdo/etc/keys/sgx @mkdir -p $(DSTDIR)/opt/pdo/etc/keys/ledger @mkdir -p $(DSTDIR)/opt/pdo/keys + @mkdir -p $(DSTDIR)/opt/pdo/lib @mkdir -p $(DSTDIR)/opt/pdo/logs verify-pre-build : diff --git a/build/python_requirements.txt b/build/python_requirements.txt index 00cd3d2a..0335cf5d 100644 --- a/build/python_requirements.txt +++ b/build/python_requirements.txt @@ -1,4 +1,5 @@ build>=0.10.0 +cachetools>=5.5.2 colorlog>=6.7.0 importlib_resources>=6.0.0 lmdb>=1.4.0 @@ -6,7 +7,6 @@ loguru>=0.6.0 mergedeep>=1.3.4 requests>=2.28.2 requests-toolbelt>=0.10.1 -secp256k1==0.13.2 toml>=0.10.2 PyYAML>=6.0 Twisted>=22.10.0 diff --git a/client/pdo/client/builder/shell.py b/client/pdo/client/builder/shell.py index 1384a886..ad97632a 100644 --- a/client/pdo/client/builder/shell.py +++ b/client/pdo/client/builder/shell.py @@ -209,5 +209,6 @@ def run_shell_command(command_name, module_name) : command(state, bindings, args) except Exception as e : builder_command_base.display_error("Command failed: {}".format(str(e))) - logger.exception(e) + if builder_command_base.verbose: + logger.exception(e) sys.exit(-1) diff --git a/eservice/Makefile b/eservice/Makefile index f4171176..186debaf 100644 --- a/eservice/Makefile +++ b/eservice/Makefile @@ -25,7 +25,7 @@ endif EGG_FILE=dist/pdo_eservice-${MOD_VERSION}-py${PY_VERSION}-linux-x86_64.egg -ENCLAVE_LIB=deps/bin/libpdo-enclave.signed.so +ENCLAVE_LIB=deps/bin/libpdo-eservice-enclave.signed.so SWIG_SOURCES = \ pdo_enclave_internal.i\ diff --git a/eservice/lib/libpdo_enclave/CMakeLists.txt b/eservice/lib/libpdo_enclave/CMakeLists.txt index 22dcc8c5..58d1b880 100644 --- a/eservice/lib/libpdo_enclave/CMakeLists.txt +++ b/eservice/lib/libpdo_enclave/CMakeLists.txt @@ -14,7 +14,7 @@ CMAKE_MINIMUM_REQUIRED(VERSION 3.10 FATAL_ERROR) -PROJECT(libpdo-enclave CXX C) +PROJECT(libpdo-eservice-enclave CXX C) # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # Source Code diff --git a/eservice/pdo/eservice/pdo_enclave.py b/eservice/pdo/eservice/pdo_enclave.py index 5b707e97..b218f9af 100644 --- a/eservice/pdo/eservice/pdo_enclave.py +++ b/eservice/pdo/eservice/pdo_enclave.py @@ -66,7 +66,7 @@ # ----------------------------------------------------------------- # ----------------------------------------------------------------- def __find_enclave_library(config) : - enclave_file_name = 'libpdo-enclave.signed.so' + enclave_file_name = 'libpdo-eservice-enclave.signed.so' enclave_file_path = None if config : @@ -78,18 +78,18 @@ def __find_enclave_library(config) : if os.path.exists(filep) : return filep else : + install_directory = os.environ.get('PDO_HOME', '/opt/pdo') script_directory = os.path.abspath(os.path.dirname(os.path.realpath(__file__))) + search_path = [ script_directory, - os.path.abspath(os.path.join(script_directory, '..')), - os.path.abspath(os.path.join(script_directory, '..', 'lib')), - os.path.abspath(os.path.join(script_directory, '..', '..')), - os.path.abspath(os.path.join(script_directory, '..', '..', 'lib')), - os.path.abspath(os.path.join('/usr', 'lib')) + os.path.abspath(os.path.join(install_directory, 'lib')), ] return putils.find_file_in_path(enclave_file_name, search_path) + raise IOError("Could not find enclave shared object: {}".format(enclave_file_name)) + # ----------------------------------------------------------------- # ----------------------------------------------------------------- def update_sig_rl(): @@ -150,6 +150,8 @@ def initialize_with_configuration(config) : ', '.join(sorted(list(missing_keys))))) NumberOfEnclaves = int(config.get('NumberOfEnclaves', 1)) + if NumberOfEnclaves < 1 or NumberOfEnclaves > 16: + raise ValueError("NumberOfEnclaves must be between 1 and 16, found {}".format(NumberOfEnclaves)) try: spid = Path(os.path.join(config['sgx_key_root'], "sgx_spid.txt")).read_text().strip() @@ -158,16 +160,18 @@ def initialize_with_configuration(config) : raise Exception("Unable to access SGX keys: {}".format(str(e))) if not _ias: - _ias = \ - ias_client.IasClient( - IasServer = config['ias_url'], - SpidApiKey = spid_api_key, - Spid = spid) + _ias = ias_client.IasClient(IasServer = config['ias_url'], SpidApiKey = spid_api_key, Spid = spid) if not _pdo: signed_enclave = __find_enclave_library(config) - logger.debug("Attempting to load enclave at: %s", signed_enclave) - _pdo = enclave.pdo_enclave_info(signed_enclave, spid, NumberOfEnclaves) + logger.info("Attempting to load enclave at: %s", signed_enclave) + + try : + _pdo = enclave.pdo_enclave_info(signed_enclave, spid, NumberOfEnclaves) + except Exception as e: + logger.exception(e) + raise e + logger.info("Basename: %s", get_enclave_basename()) logger.info("MRENCLAVE: %s", get_enclave_measurement()) diff --git a/eservice/setup.py b/eservice/setup.py index 96768840..ed32c8b1 100644 --- a/eservice/setup.py +++ b/eservice/setup.py @@ -33,6 +33,7 @@ bin_dir = os.path.join(install_root_dir, "bin") dat_dir = os.path.join(install_root_dir, "data") etc_dir = os.path.join(install_root_dir, "etc") +lib_dir = os.path.join(install_root_dir, "lib") log_dir = os.path.join(install_root_dir, "logs") key_dir = os.path.join(install_root_dir, "keys") @@ -44,11 +45,11 @@ (etc_dir, []), (log_dir, []), (key_dir, []), - ('lib', [ os.path.join(script_dir, 'deps/bin/libpdo-enclave.signed.so')]) + (lib_dir, [ os.path.join(script_dir, 'deps/bin/libpdo-eservice-enclave.signed.so')]) ] ext_deps = [ - 'deps/bin/libpdo-enclave.signed.so' + 'deps/bin/libpdo-eservice-enclave.signed.so' ] ## ----------------------------------------------------------------- diff --git a/pservice/Makefile b/pservice/Makefile index edbc802e..b62945b3 100644 --- a/pservice/Makefile +++ b/pservice/Makefile @@ -25,7 +25,7 @@ endif EGG_FILE=dist/pdo_pservice-${MOD_VERSION}-py${PY_VERSION}-linux-x86_64.egg -ENCLAVE_LIB=deps/bin/libpdo-enclave.signed.so +ENCLAVE_LIB=deps/bin/libpdo-pservice-enclave.signed.so SWIG_SOURCES = \ pdo_enclave_internal.i\ diff --git a/pservice/lib/libpdo_enclave/CMakeLists.txt b/pservice/lib/libpdo_enclave/CMakeLists.txt index 738f21c9..df842eb3 100644 --- a/pservice/lib/libpdo_enclave/CMakeLists.txt +++ b/pservice/lib/libpdo_enclave/CMakeLists.txt @@ -14,7 +14,7 @@ CMAKE_MINIMUM_REQUIRED(VERSION 3.10 FATAL_ERROR) -PROJECT(libpdo-enclave C CXX) +PROJECT(libpdo-pservice-enclave C CXX) # XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # Source Code diff --git a/pservice/pdo/pservice/pdo_enclave.py b/pservice/pdo/pservice/pdo_enclave.py index bdb8e945..d507828b 100644 --- a/pservice/pdo/pservice/pdo_enclave.py +++ b/pservice/pdo/pservice/pdo_enclave.py @@ -25,6 +25,7 @@ from pdo.pservice.utility import ias_client import pdo.common.crypto as crypto +import pdo.common.utility as putils import pdo.pservice.enclave.pdo_enclave_internal as enclave import logging @@ -59,30 +60,29 @@ # ----------------------------------------------------------------- # ----------------------------------------------------------------- def __find_enclave_library(config) : - enclave_file_name = config.get('enclave_library', 'libpdo-enclave.signed.so') - enclave_file_path = config.get('enclave_library_path') + enclave_file_name = 'libpdo-pservice-enclave.signed.so' + enclave_file_path = None + + if config : + enclave_file_name = config.get('enclave_library', enclave_file_name) + enclave_file_path = config.get('enclave_library_path', enclave_file_path) if enclave_file_path : enclave_file = os.path.join(enclave_file_path, enclave_file_name); if os.path.exists(enclave_file) : return enclave_file else : + install_directory = os.environ.get('PDO_HOME', '/opt/pdo') script_directory = os.path.abspath(os.path.dirname(os.path.realpath(__file__))) + search_path = [ script_directory, - os.path.abspath(os.path.join(script_directory, '..')), - os.path.abspath(os.path.join(script_directory, '..', 'lib')), - os.path.abspath(os.path.join(script_directory, '..', '..')), - os.path.abspath(os.path.join(script_directory, '..', '..', 'lib')), - os.path.abspath(os.path.join('/usr', 'lib')) + os.path.abspath(os.path.join(install_directory, 'lib')), ] - for path in search_path : - enclave_file = os.path.join(path, enclave_file_name) - if os.path.exists(enclave_file) : - return enclave_file + return putils.find_file_in_path(enclave_file_name, search_path) - raise IOError("Could not find enclave shared object") + raise IOError("Could not find enclave shared object: {}".format(enclave_file_name)) # ----------------------------------------------------------------- # ----------------------------------------------------------------- @@ -138,11 +138,7 @@ def initialize_with_configuration(config) : missing_keys = valid_keys.difference(found_keys) if missing_keys: - raise \ - ValueError( - 'PDO enclave config file missing the following keys: ' - '{}'.format( - ', '.join(sorted(list(missing_keys))))) + raise ValueError('PDO enclave config file missing the following keys: {}'.format(', '.join(list(missing_keys)))) try: spid = Path(os.path.join(config['sgx_key_root'], "sgx_spid.txt")).read_text().strip() @@ -151,16 +147,18 @@ def initialize_with_configuration(config) : raise Exception("Unable to access SGX keys: {}".format(str(e))) if not _ias: - _ias = \ - ias_client.IasClient( - IasServer = config['ias_url'], - SpidApiKey = spid_api_key, - Spid = spid) + _ias = ias_client.IasClient(IasServer = config['ias_url'], SpidApiKey = spid_api_key, Spid = spid) if not _pdo: signed_enclave = __find_enclave_library(config) - logger.debug("Attempting to load enclave at: %s", signed_enclave) - _pdo = enclave.pdo_enclave_info(signed_enclave, spid) + logger.info("Attempting to load enclave at: %s", signed_enclave) + + try : + _pdo = enclave.pdo_enclave_info(signed_enclave, spid) + except Exception as e: + logger.exception(f'Failed to load enclave; {e}') + raise e + logger.info("Basename: %s", get_enclave_basename()) logger.info("MRENCLAVE: %s", get_enclave_measurement()) diff --git a/pservice/setup.py b/pservice/setup.py index 47f3d9cf..1019a20b 100644 --- a/pservice/setup.py +++ b/pservice/setup.py @@ -33,6 +33,7 @@ bin_dir = os.path.join(install_root_dir, "bin") dat_dir = os.path.join(install_root_dir, "data") etc_dir = os.path.join(install_root_dir, "etc") +lib_dir = os.path.join(install_root_dir, "lib") log_dir = os.path.join(install_root_dir, "logs") key_dir = os.path.join(install_root_dir, "keys") @@ -42,11 +43,11 @@ (etc_dir, [ 'etc/sample_pservice.toml' ]), (log_dir, []), (key_dir, []), - ('lib', [ os.path.join(script_dir, 'deps/bin/libpdo-enclave.signed.so')]) + (lib_dir, [ os.path.join(script_dir, 'deps/bin/libpdo-pservice-enclave.signed.so')]) ] ext_deps = [ - 'deps/bin/libpdo-enclave.signed.so' + 'deps/bin/libpdo-pservice-enclave.signed.so' ] ## ----------------------------------------------------------------- diff --git a/python/pdo/common/keys.py b/python/pdo/common/keys.py index 82ada64c..2a24349b 100644 --- a/python/pdo/common/keys.py +++ b/python/pdo/common/keys.py @@ -22,8 +22,6 @@ logger = logging.getLogger(__name__) import binascii -import secp256k1 - # ----------------------------------------------------------------- # ----------------------------------------------------------------- @@ -49,51 +47,6 @@ def read_transaction_keys_from_file(key_file, search_path, \ return txn_keys -# ----------------------------------------------------------------- -# ----------------------------------------------------------------- -class TransactionKeys(object) : - """ - Wrapper for managing Sawtooth transaction keys - """ - - @classmethod - def read_from_file(cls, file_name, search_path = ['.', './keys']) : - full_file = putils.find_file_in_path(file_name, search_path) - with open(full_file, "r") as ff : - hex_encoded_private_key = ff.read() - - priv = binascii.unhexlify(hex_encoded_private_key) - return cls(secp256k1.PrivateKey(priv)) - - @classmethod - def from_hex(cls, hex_encoded_private_key) : - priv = binascii.unhexlify(hex_encoded_private_key) - return cls(secp256k1.PrivateKey(priv)) - - def __init__(self, private_key = None) : - if private_key == None : - private_key = secp256k1.PrivateKey() - - self.public_key = private_key.pubkey - self.private_key = private_key - - @property - def hashed_identity(self) : - key_byte_array = crypto.string_to_byte_array(self.txn_public) - hashed_txn_key = crypto.compute_message_hash(key_byte_array) - encoded_hashed_key = crypto.byte_array_to_hex(hashed_txn_key) - encoded_hashed_key = encoded_hashed_key.lower() - return encoded_hashed_key - - @property - def txn_private(self) : - return self.private_key.serialize() - - @property - def txn_public(self) : - return self.public_key.serialize().hex() - - # ----------------------------------------------------------------- # ----------------------------------------------------------------- class EnclaveKeys(object) :