One chain account match unique pubkey (crustio#233)

* remove set chain account id * use inner account id
TonyCode2012 · Sep 28, 2020 · 0116569 · 0116569
1 parent 335f1cc
commit 0116569
Show file tree

Hide file tree

Showing 8 changed files with 23 additions and 61 deletions.
diff --git a/src/app/ecalls/ECalls.cpp b/src/app/ecalls/ECalls.cpp
@@ -13,7 +13,6 @@ typedef struct _enclave_task_t {
 std::unordered_map<std::string, int> g_task_priority_um = {
     {"Ecall_restore_metadata", 0},
     {"Ecall_gen_key_pair", 0},
-    {"Ecall_set_chain_account_id", 0},
     {"Ecall_cmp_chain_account_id", 0},
     {"Ecall_get_quote_report", 0},
     {"Ecall_verify_iasreport", 0},
@@ -336,27 +335,6 @@ sgx_status_t Ecall_cmp_chain_account_id(sgx_enclave_id_t eid, crust_status_t *st
     return ret;
 }
 
-/**
- * @description: A wrapper function, Set crust account id
- * @param status -> Pointer to set result status
- * @param account_id (in) -> Pointer to account id
- * @param len -> Account id length
- */
-sgx_status_t Ecall_set_chain_account_id(sgx_enclave_id_t eid, crust_status_t *status, const char *account_id, size_t len)
-{
-    sgx_status_t ret = SGX_SUCCESS;
-    if (SGX_SUCCESS != (ret = try_get_enclave(__FUNCTION__)))
-    {
-        return ret;
-    }
-
-    ret = ecall_set_chain_account_id(eid, status, account_id, len);
-
-    free_enclave(__FUNCTION__);
-
-    return ret;
-}
-
 /**
  * @description: A wrapper function, Get signed validation report
  * @param status -> Pointer to get result status
@@ -381,15 +359,15 @@ sgx_status_t Ecall_get_signed_work_report(sgx_enclave_id_t eid, crust_status_t *
 /**
  * @description: A wrapper function, generate ecc key pair and store it in enclave
  */
-sgx_status_t Ecall_gen_key_pair(sgx_enclave_id_t eid, sgx_status_t *status)
+sgx_status_t Ecall_gen_key_pair(sgx_enclave_id_t eid, sgx_status_t *status, const char *account_id, size_t len)
 {
     sgx_status_t ret = SGX_SUCCESS;
     if (SGX_SUCCESS != (ret = try_get_enclave(__FUNCTION__)))
     {
         return ret;
     }
 
-    ret = ecall_gen_key_pair(eid, status);
+    ret = ecall_gen_key_pair(eid, status, account_id, len);
 
     free_enclave(__FUNCTION__);
 

diff --git a/src/app/ecalls/ECalls.h b/src/app/ecalls/ECalls.h
@@ -44,11 +44,9 @@ sgx_status_t Ecall_srd_set_change(sgx_enclave_id_t eid, long change);
 sgx_status_t Ecall_main_loop(sgx_enclave_id_t eid);
 sgx_status_t Ecall_restore_metadata(sgx_enclave_id_t eid, crust_status_t *status);
 sgx_status_t Ecall_cmp_chain_account_id(sgx_enclave_id_t eid, crust_status_t *status, const char *account_id, size_t len);
-sgx_status_t Ecall_set_chain_account_id(sgx_enclave_id_t eid, crust_status_t *status, const char *account_id, size_t len);
-
 sgx_status_t Ecall_get_signed_work_report(sgx_enclave_id_t eid, crust_status_t *status, const char *block_hash, size_t block_height);
 
-sgx_status_t Ecall_gen_key_pair(sgx_enclave_id_t eid, sgx_status_t *status);
+sgx_status_t Ecall_gen_key_pair(sgx_enclave_id_t eid, sgx_status_t *status, const char *account_id, size_t len);
 sgx_status_t Ecall_get_quote_report(sgx_enclave_id_t eid, sgx_status_t *status, sgx_report_t *report, sgx_target_info_t *target_info);
 sgx_status_t Ecall_gen_sgx_measurement(sgx_enclave_id_t eid, sgx_status_t *status);
 

diff --git a/src/app/process/EntryNetwork.cpp b/src/app/process/EntryNetwork.cpp
@@ -201,7 +201,6 @@ bool entry_network(Config *p_config, std::string &tee_identity_out)
     ias_report.push_back(ias_cer.c_str());
     ias_report.push_back(ias_sig.c_str());
     ias_report.push_back(ias_quote_body.c_str());
-    ias_report.push_back(p_config->chain_account_id.c_str()); //[3]
 
     p_log->debug("\n\n----------IAS Report - JSON - Required Fields----------\n\n");
     json::JSON ias_body_json = json::JSON::Load(ias_res.body());

diff --git a/src/app/process/Process.cpp b/src/app/process/Process.cpp
@@ -204,27 +204,16 @@ int process_run()
     {
         // Restore data failed
         p_log->info("Starting a new enclave...(code:%lx)\n", crust_status);
+
         // Generate ecc key pair
-        if (SGX_SUCCESS != Ecall_gen_key_pair(global_eid, &sgx_status) || SGX_SUCCESS != sgx_status)
+        if (SGX_SUCCESS != Ecall_gen_key_pair(global_eid, &sgx_status, p_config->chain_account_id.c_str(), p_config->chain_account_id.size()) || SGX_SUCCESS != sgx_status)
         {
             p_log->err("Generate key pair failed!\n");
             return_status = -1;
             goto cleanup;
         }
         p_log->info("Generate key pair successfully!\n");
 
-        // Store crust info in enclave
-        // TODO: Get srd from other node
-        crust_status_t crust_status = CRUST_SUCCESS;
-        if (SGX_SUCCESS != Ecall_set_chain_account_id(global_eid, &crust_status,
-                p_config->chain_address.c_str(), p_config->chain_address.size())
-            || CRUST_SUCCESS != crust_status)
-        {
-            p_log->err("Store backup information to enclave failed!Error code:%lx\n", crust_status);
-            return_status = -1;
-            goto cleanup;
-        }
-
         // Send identity to chain and send work report
         if (!offline_chain_mode)
         {
@@ -260,7 +249,7 @@ int process_run()
     {
         // Compare crust account it in configure file and recovered file
         if (SGX_SUCCESS != Ecall_cmp_chain_account_id(global_eid, &crust_status,
-                p_config->chain_address.c_str(), p_config->chain_address.size())
+                p_config->chain_account_id.c_str(), p_config->chain_account_id.size())
             || CRUST_SUCCESS != crust_status)
         {
             p_log->err("Configure chain account id doesn't equal to recovered one!\n");

diff --git a/src/enclave/Enclave.cpp b/src/enclave/Enclave.cpp
@@ -110,17 +110,6 @@ crust_status_t ecall_cmp_chain_account_id(const char *account_id, size_t len)
     return id_cmp_chain_account_id(account_id, len);
 }
 
-/**
- * @description: Set crust account id
- * @param account_id (in) -> Pointer to account id
- * @param len -> Account id length
- * @return: Set status
- */
-crust_status_t ecall_set_chain_account_id(const char *account_id, size_t len)
-{
-    return id_set_chain_account_id(account_id, len);
-}
-
 /**
  * @description: Get signed work report
  * @param block_hash (in) -> block hash
@@ -153,9 +142,9 @@ crust_status_t ecall_get_signed_order_report()
  * @description: Generate ecc key pair and store it in enclave
  * @return: Generate status
  */
-sgx_status_t ecall_gen_key_pair()
+sgx_status_t ecall_gen_key_pair(const char *account_id, size_t len)
 {
-    return id_gen_key_pair();
+    return id_gen_key_pair(account_id, len);
 }
 
 /**

diff --git a/src/enclave/Enclave.edl b/src/enclave/Enclave.edl
@@ -19,15 +19,14 @@ enclave {
 
         public void ecall_main_loop();
         public crust_status_t ecall_cmp_chain_account_id([in, size=len] const char *account_id, size_t len);
-        public crust_status_t ecall_set_chain_account_id([in, size=len] const char *account_id, size_t len);
 
         public crust_status_t ecall_get_signed_work_report([in, string] const char *block_hash, size_t block_height); 
         public crust_status_t ecall_get_signed_order_report();
 
         public crust_status_t ecall_restore_metadata();
 		public sgx_status_t ecall_get_quote_report([out] sgx_report_t *report,[in] sgx_target_info_t *target_info);
 		public sgx_status_t ecall_gen_sgx_measurement();
-        public sgx_status_t ecall_gen_key_pair();
+        public sgx_status_t ecall_gen_key_pair([in, size=len] const char *account_id, size_t len);
         public crust_status_t ecall_verify_iasreport([in, count=len] char ** IASReport, size_t len);
 
         public crust_status_t ecall_seal_file([in, size=tree_len] const char *p_tree, size_t tree_len, [in, size=path_len] const char *path, [out, size=path_len] char *p_new_path , size_t path_len);

diff --git a/src/enclave/identity/Identity.cpp b/src/enclave/identity/Identity.cpp
@@ -377,7 +377,7 @@ crust_status_t id_verify_iasreport(char **IASReport, size_t size)
     X509 *intelRootPemX509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
     vector<string> response(IASReport, IASReport + size);
 
-    string chain_account_id = response[3];
+    string chain_account_id = g_chain_account_id;
     uint8_t *p_account_id_u = hex_string_to_bytes(chain_account_id.c_str(), chain_account_id.size());
     size_t account_id_u_len = chain_account_id.size() / 2;
     uint8_t *org_data, *p_org_data = NULL;
@@ -637,10 +637,13 @@ crust_status_t id_verify_iasreport(char **IASReport, size_t size)
 
 /**
  * @description: Generate ecc key pair and store it in enclave
+ * @param account_id (in) -> Pointer to account id
+ * @param len -> Account id length
  * @return: Generate status
  */
-sgx_status_t id_gen_key_pair()
+sgx_status_t id_gen_key_pair(const char *account_id, size_t len)
 {
+
     if (g_is_set_id_key_pair)
     {
         log_err("Identity key pair has been generated!\n");
@@ -675,8 +678,15 @@ sgx_status_t id_gen_key_pair()
     memcpy(&id_key_pair.pub_key, &pub_key, sizeof(pub_key));
     memcpy(&id_key_pair.pri_key, &pri_key, sizeof(pri_key));
 
-    g_is_set_id_key_pair = true;
+    // Set chain account id
+    crust_status_t crust_status = id_set_chain_account_id(account_id, len);
+    if (crust_status != CRUST_SUCCESS)
+    {
+        log_err("Set chain account id error: %d\n", crust_status);
+        return SGX_ERROR_UNEXPECTED;
+    }
 
+    g_is_set_id_key_pair = true;
     return SGX_SUCCESS;
 }
 

diff --git a/src/enclave/identity/Identity.h b/src/enclave/identity/Identity.h
@@ -58,7 +58,7 @@ X509_STORE * cert_init_ca(X509 *cert);
 char *base64_decode(const char *msg, size_t *sz);
 
 crust_status_t id_verify_iasreport(char ** IASReport, size_t size);
-sgx_status_t id_gen_key_pair();
+sgx_status_t id_gen_key_pair(const char *account_id, size_t len);
 sgx_status_t id_get_quote_report(sgx_report_t *report, sgx_target_info_t *target_info);
 sgx_status_t id_gen_sgx_measurement();
 crust_status_t id_cmp_chain_account_id(const char *account_id, size_t len);