A sample demonstrating canonical EOS signatures in an Intel SGX enclave.
Prerequisites:
- An SGX capable machine.
- Intel SGX SDK 2.5 for Linux installed
- Ubuntu 18.04
- Docker.
Relies on: rust-sgx-sdk v1.0.9
!
- Clone the Rust SGX SDK:
❍ git clone https://github.com/apache/mesatee-sgx.git --branch v1.0.9
- Clone this repo:
❍ git clone https://github.com/gskapka/eos-canonical-signatures-in-enclave.git ./mesatee-sgx/samplecode/
- Pull the correct SGX docker image:
❍ docker pull baiduxlab/sgx-rust-stable:1804-1.0.9
- Start docker container pointing it to the SDK on your machine:
❍ docker run -v /your/path/to/rust-sgx:/root/sgx -ti --device /dev/isgx baiduxlab/sgx-rust
- Start the AESM service inside docker:
❍ LD_LIBRARY_PATH=/opt/intel/libsgx-enclave-common/aesm /opt/intel/libsgx-enclave-common/aesm/aesm_service &
- Enter EOS sample dir:
❍ cd sgx/samplecode/eos-canonical-signatures-in-enclave
- Build!
❍ make
- After the above build, simply:
❍ cd bin && ./app
root@734a3b324bba# cd bin && ./app
✔ Home dir is /root
✘ Open token file /root/enclave.token error! Will create one.
✔ Running canonical signature sample inside enclave...
✔ Private key generated successfully!
✔ Public key generated successfully!
✔ Message generated successfully!
✔ Signing message...
✔ Message signed successfully!
✔ Verifying siganture...
✔ Signature is verified: true
✔ Signature recovery ID: RecoveryId(1)
✔ Signature is canonical: true
✔ Sample finished successfully!
The above build steps are monstrously fragile. Hopefully there's enough version-specific information above plus pinned dependencies inside the example to make it less so.
There are no tests yet! :S
- Tests!
- Use GH repos for sgx-paths in
Cargo.toml
- Extract from the SDK dir structure.