Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion confisum/Dockerfile-to-compile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ FROM golang

WORKDIR /go/src/github.com/san-lab
RUN git clone https://github.com/san-lab/cc2 && git clone https://github.com/san-lab/commongo
RUN cd /go/src/github.com/san-lab/cc2/confisum && rm confisum && go build
RUN cd /go/src/github.com/san-lab/cc2/confisum && rm -f confisum && go build
ENV httpPort "8080"
WORKDIR /go/src/github.com/san-lab/cc2/confisum
CMD ./confisum -httpPort=$httpPort
95 changes: 95 additions & 0 deletions confisum/httpservice/handler.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package httpservice

import (
"context"
"crypto/tls"
"encoding/asn1"
"encoding/hex"
"fmt"
"net/http"
Expand All @@ -9,12 +12,30 @@ import (
"time"

"github.com/btcsuite/btcd/btcec"
"github.com/ibm-developer/ibm-cloud-hyperprotectcrypto/golang/ep11"
pb "github.com/ibm-developer/ibm-cloud-hyperprotectcrypto/golang/grpc"
"github.com/ibm-developer/ibm-cloud-hyperprotectcrypto/golang/util"
"github.com/san-lab/commongo/gohttpservice/templates"
"github.com/san-lab/commongo/jafgoecies/ecies"
uuid "github.com/satori/go.uuid"
grpc "google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)

var InTEE bool

// The following IBM Cloud items need to be changed prior to running the sample program
const address = "url:port" // e.g ep11.us-east.hs-crypto.cloud.ibm.com:9730"

var callOpts = []grpc.DialOption{
grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{})),
grpc.WithPerRPCCredentials(&util.IAMPerRPCCredentials{
APIKey: "<api_key>", // e.g Wpi0NICD8AU5ESG8Uvx3XgjvLUgvZ8zm9HxLiUL40tgE
Endpoint: "https://iam.cloud.ibm.com",
Instance: "<instance>", // e.g 9b12b984-5a41-4323-8a51-c4bc4a223156
}),
}

type myHandler struct {
Renderer *templates.Renderer
chamber *chamber
Expand Down Expand Up @@ -74,6 +95,76 @@ func (mh *myHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}

func genAESPrivateKey() []byte {
conn, err := grpc.Dial(address, callOpts...)
if err != nil {
panic(fmt.Errorf("Could not connect to server: %s", err))
}
defer conn.Close()

cryptoClient := pb.NewCryptoClient(conn)
keyLen := 128
keyTemplate := util.NewAttributeMap(
util.NewAttribute(ep11.CKA_VALUE_LEN, (uint64)(keyLen/8)),
util.NewAttribute(ep11.CKA_WRAP, false),
util.NewAttribute(ep11.CKA_UNWRAP, false),
util.NewAttribute(ep11.CKA_ENCRYPT, true),
util.NewAttribute(ep11.CKA_DECRYPT, true),
util.NewAttribute(ep11.CKA_EXTRACTABLE, false), // set to false!
util.NewAttribute(ep11.CKA_TOKEN, true), // ignored by EP11
)

keygenmsg := &pb.GenerateKeyRequest{
Mech: &pb.Mechanism{Mechanism: ep11.CKM_AES_KEY_GEN},
Template: keyTemplate,
KeyId: uuid.NewV4().String(), // optional
}

generateKeyStatus, err := cryptoClient.GenerateKey(context.Background(), keygenmsg)
if err != nil {
panic(fmt.Errorf("GenerateKey Error: %s", err))
}
fmt.Printf("Generated AES Key %s", hex.EncodeToString(generateKeyStatus.Key))
return generateKeyStatus.Key
}

func genECDSAKeyPair() ([]byte, []byte) {
conn, err := grpc.Dial(address, callOpts...)
if err != nil {
panic(fmt.Errorf("Could not connect to server: %s", err))
}
defer conn.Close()

cryptoClient := pb.NewCryptoClient(conn)

ecParameters, err := asn1.Marshal(util.OIDNamedCurveP256)
if err != nil {
panic(fmt.Errorf("Unable to encode parameter OID: %s", err))
}

publicKeyECTemplate := util.NewAttributeMap(
util.NewAttribute(ep11.CKA_EC_PARAMS, ecParameters),
util.NewAttribute(ep11.CKA_VERIFY, true),
util.NewAttribute(ep11.CKA_EXTRACTABLE, false),
)
privateKeyECTemplate := util.NewAttributeMap(
util.NewAttribute(ep11.CKA_SIGN, true),
util.NewAttribute(ep11.CKA_EXTRACTABLE, false),
)
generateECKeypairRequest := &pb.GenerateKeyPairRequest{
Mech: &pb.Mechanism{Mechanism: ep11.CKM_EC_KEY_PAIR_GEN},
PubKeyTemplate: publicKeyECTemplate,
PrivKeyTemplate: privateKeyECTemplate,
}
generateKeyPairStatus, err := cryptoClient.GenerateKeyPair(context.Background(), generateECKeypairRequest)
if err != nil {
panic(fmt.Errorf("GenerateKeyPair error: %s", err))
}

fmt.Printf("Generated ECDSA PKCS key pair")
return generateKeyPairStatus.PrivKey, generateKeyPairStatus.PubKey
}

func NewChamber(n int) *chamber {
ch := new(chamber)
ch.PlayersCount = n
Expand All @@ -83,6 +174,10 @@ func NewChamber(n int) *chamber {
}
ch.PrivateOutputs = make([]string, n, n)
ch.servkey, _ = btcec.NewPrivateKey(btcec.S256())

privKey, pubKey := genECDSAKeyPair()
fmt.Printf("Priv Key - %s \nPub Key - %s", hex.EncodeToString(privKey), hex.EncodeToString(pubKey))

return ch
}

Expand Down