Skip to content

Commit

Permalink
Delete remnants of key synchronization.
Browse files Browse the repository at this point in the history
Veil currently does not support horizontal scaling by synchronizing key
material across enclaves.  This PR deletes all synchronization-related
code remnants.
  • Loading branch information
NullHypothesis committed Nov 12, 2024
1 parent 74348c4 commit 69f3065
Show file tree
Hide file tree
Showing 6 changed files with 3 additions and 291 deletions.
69 changes: 0 additions & 69 deletions internal/enclave/keys.go

This file was deleted.

77 changes: 0 additions & 77 deletions internal/enclave/keys_test.go

This file was deleted.

13 changes: 0 additions & 13 deletions internal/service/handle/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package handle
import (
"crypto/sha256"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
Expand All @@ -17,18 +16,6 @@ import (
"github.com/Amnesic-Systems/veil/internal/util"
)

const (
// The maximum length of the key material (in bytes) that enclave
// applications can PUT to our HTTP API.
maxKeyMaterialLen = 1024 * 1024
)

var (
errFailedReqBody = errors.New("failed to read request body")
errDesignationInProgress = errors.New("leader designation in progress")
errEndpointGone = errors.New("endpoint not meant to be used")
)

// Index informs the visitor that this host runs inside an enclave. This is
// useful for testing.
func Index(cfg *config.Config) http.HandlerFunc {
Expand Down
123 changes: 0 additions & 123 deletions internal/service/handle/state.go

This file was deleted.

3 changes: 0 additions & 3 deletions internal/service/routes.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"net/http/httputil"

"github.com/Amnesic-Systems/veil/internal/config"
"github.com/Amnesic-Systems/veil/internal/enclave"
"github.com/Amnesic-Systems/veil/internal/service/attestation"
"github.com/Amnesic-Systems/veil/internal/service/handle"
"github.com/go-chi/chi/v5"
Expand Down Expand Up @@ -38,7 +37,6 @@ func addExternalPublicRoutes(
func addInternalRoutes(
r *chi.Mux,
config *config.Config,
keys *enclave.Keys,
hashes *attestation.Hashes,
appReady chan struct{},
) {
Expand All @@ -51,5 +49,4 @@ func addInternalRoutes(
}
r.Get("/enclave/hashes", handle.Hashes(hashes))
r.Post("/enclave/hash", handle.AppHash(hashes.SetAppHash))
r.Handle("/enclave/state", handle.NewState(keys))
}
9 changes: 3 additions & 6 deletions internal/service/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,20 +38,18 @@ func Run(
log.Fatalf("Failed to set up system: %v", err)
}

// Initialize the enclave keys for enclave synchronization.
// Create a TLS certificate for the external Web server.
cert, key, err := httputil.CreateCertificate(config.FQDN)
if err != nil {
log.Fatalf("Failed to create certificate: %v", err)
}
keys := new(enclave.Keys)
keys.SetVeilKeys(key, cert)

// Initialize hashes for the attestation document.
hashes := new(attestation.Hashes)
hashes.SetTLSHash(addr.Of(sha256.Sum256(cert)))

// Initialize Web servers.
intSrv := newIntSrv(config, keys, hashes, appReady)
intSrv := newIntSrv(config, hashes, appReady)
builder := attestation.NewBuilder(
attester,
attestation.WithHashes(hashes),
Expand Down Expand Up @@ -143,12 +141,11 @@ func startAllWebSrvs(

func newIntSrv(
config *config.Config,
keys *enclave.Keys,
hashes *attestation.Hashes,
appReady chan struct{},
) *http.Server {
r := chi.NewRouter()
addInternalRoutes(r, config, keys, hashes, appReady)
addInternalRoutes(r, config, hashes, appReady)

return &http.Server{
Addr: net.JoinHostPort("127.0.0.1", config.IntPort),
Expand Down

0 comments on commit 69f3065

Please sign in to comment.