Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mic.jan03.ias certificates #458

Closed

Conversation

cmickeyb
Copy link
Contributor

@cmickeyb cmickeyb commented Jan 4, 2024

No description provided.

cmickeyb and others added 13 commits December 18, 2023 15:46
Added a verbose flag to the cmake project variables in order to make
finding errors in the build output a little easier. When true (which
is the default), the setting will ensure that all warning messages are
generated. An environment variable allows for override.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Update the default (very simple) builtin untrusted logger
to send output to stderr and then flush. This is mostly
the result of lost logging that happens when abnormal
termination occurs (precisely the time when you want
accurate and complete logs).

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Add a new contructor for the sig_private class that takes a curve
identifier and a byte array with the bignum encoding of the private
key.

Push the new constructor through to the contract interpreter. This
should enable construction of BIP32 extended keys.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
We had definitions for memory safe pointers in several files. This
moves all of those definitions into a single file.

Add a ResetKey() method for the sig_public and sig_private classes
to manage memory allocation and resetting the pointer appropriately.
Note that there is a behavior change. The key is reset prior to
attempts to update it. This means that the key will be unset if
there is, for example, an error deserializing a key. The tests must
be updated for this (they assumed that the key was still valid after
an invalid attempt to update).

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Removed/consolidated code for deserializing ecdsa public and
private keys from a string.

Simplify and consolidate the constructors.

Use the common error handling functions.  A lot of the code in the
crypto classes predates the logging and error processing functions
that were added later. This PR updates at least the ones in the crypto
signature classes.

And... this fixes a few memory leaks and potential issues with memory
corruption during creation & assignment of keys.

Removed the XY serialization functions from the sig public class.

Added a boolean operator that can be used to test whether a key is initialized.

Cleaned up a lot of the exception generation. Attempted to use MemoryError when
it appears that memory allocation failed and CryptoError any time an OpenSSL
call fails unexpectedly.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Add constructors for public and private ECDSA keys for numeric
keys represented by octets stored in a ByteArray.

Add methods to retrieve the numeric keys from the classes.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Moved the signature tests into a separate file. Added a bunch of new
signature tests to ensure that uninitialized keys are handled correctly.
Removed signature tests for functions that no longer exist.

Introduced some macros that make it a little easier to make writing
and intepreting test failures a little easier.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Co-authored-by: Bruno Vavala <bruno.vavala@intel.com>
Signed-off-by: Mic Bowman <cmickeyb@gmail.com>
Co-authored-by: Bruno Vavala <bruno.vavala@intel.com>
Signed-off-by: Mic Bowman <cmickeyb@gmail.com>
Fix the error strings in sig_public_key.cpp to reflect
that the errors are in the public key, not the private key.

Replace the typedefs for bignumbers in the crypto extenions
with the existing definitions from the crypto library. Not
sure the shared header file should be universally visible
but it is for now.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Signed-off-by: Mic Bowman <mic.bowman@intel.com>
Replace the template expansion that is causing
periodic file corruption errors with a more resilient
method for downloading the IAS certificate. This
approach removes the template completely and uses
a file system move to atomically update the certificate
file.

Also uses the cmake clean to remove any generated
files. We were leaving extra files in the common
directory tree.

Signed-off-by: Mic Bowman <mic.bowman@intel.com>
@cmickeyb cmickeyb closed this Jan 4, 2024
@cmickeyb cmickeyb deleted the mic.jan03.ias_certificates branch January 16, 2024 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant