diff --git a/.buildkite/code.pipeline.yml b/.buildkite/code.pipeline.yml index 6d1ad9a4720..25fcc11253b 100644 --- a/.buildkite/code.pipeline.yml +++ b/.buildkite/code.pipeline.yml @@ -140,15 +140,15 @@ steps: # .buildkite/rust/test_runtime_and_gateway.sh and .buildkite/scripts/download_utils.sh. - label: Build key manager runtime command: - - .buildkite/rust/build_runtime.sh keymanager-runtime + - .buildkite/rust/build_runtime.sh tests/runtimes/simple-keymanager - .buildkite/rust/build_runtime.sh tests/runtimes/simple-keyvalue # Upload the built artifacts. - cd /var/tmp/artifacts/sgx/x86_64-fortanix-unknown-sgx/debug - - buildkite-agent artifact upload oasis-core-keymanager-runtime.sgxs + - buildkite-agent artifact upload simple-keymanager.sgxs - buildkite-agent artifact upload simple-keyvalue.sgxs - cd /var/tmp/artifacts/default/debug - - buildkite-agent artifact upload oasis-core-keymanager-runtime + - buildkite-agent artifact upload simple-keymanager - buildkite-agent artifact upload simple-keyvalue agents: buildkite_agent_size: large diff --git a/.buildkite/longtests.pipeline.yml b/.buildkite/longtests.pipeline.yml index 31b84507851..d65570deb4c 100644 --- a/.buildkite/longtests.pipeline.yml +++ b/.buildkite/longtests.pipeline.yml @@ -79,15 +79,15 @@ steps: - label: Build key manager runtime command: - - .buildkite/rust/build_runtime.sh keymanager-runtime + - .buildkite/rust/build_runtime.sh tests/runtimes/simple-keymanager - .buildkite/rust/build_runtime.sh tests/runtimes/simple-keyvalue # Upload the built artifacts. - cd /var/tmp/artifacts/sgx/x86_64-fortanix-unknown-sgx/debug - - buildkite-agent artifact upload oasis-core-keymanager-runtime.sgxs + - buildkite-agent artifact upload simple-keymanager.sgxs - buildkite-agent artifact upload simple-keyvalue.sgxs - cd /var/tmp/artifacts/default/debug - - buildkite-agent artifact upload oasis-core-keymanager-runtime + - buildkite-agent artifact upload simple-keymanager - buildkite-agent artifact upload simple-keyvalue agents: buildkite_agent_size: large diff --git a/.buildkite/scripts/download_e2e_test_artifacts.sh b/.buildkite/scripts/download_e2e_test_artifacts.sh index e4d3379ada4..596638ac78f 100755 --- a/.buildkite/scripts/download_e2e_test_artifacts.sh +++ b/.buildkite/scripts/download_e2e_test_artifacts.sh @@ -19,9 +19,9 @@ download_artifact oasis-test-runner go/oasis-test-runner 755 download_artifact oasis-remote-signer go/oasis-remote-signer 755 download_artifact oasis-core-runtime-loader target/default/debug 755 -# Key manager runtime. -download_artifact oasis-core-keymanager-runtime.sgxs target/sgx/x86_64-fortanix-unknown-sgx/debug 755 -download_artifact oasis-core-keymanager-runtime target/default/debug 755 +# Simple Key manager runtime. +download_artifact simple-keymanager.sgxs target/sgx/x86_64-fortanix-unknown-sgx/debug 755 +download_artifact simple-keymanager target/default/debug 755 # Test simple-keyvalue runtime and clients. download_artifact test-long-term-client target/default/debug 755 diff --git a/.changelog/2837.internal.md b/.changelog/2837.internal.md new file mode 100644 index 00000000000..60b0b01cf92 --- /dev/null +++ b/.changelog/2837.internal.md @@ -0,0 +1,7 @@ +keyamanger-runtime: replace with test/simple-keymanager + +Common keymanager initalization code is extracted into the keymanager-lib +crate. This enables for the actual key manager implementation to only +provide a set of key manager policy signers. +Aditionally the `keymanager-runtime` crate is removed and replaced with +a test `simple-keymanager` runtime that is used in E2E tests. diff --git a/Cargo.lock b/Cargo.lock index c5619be3af2..43a32f6fafc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -805,23 +805,6 @@ dependencies = [ "tokio-executor 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "oasis-core-keymanager-api" -version = "0.3.0-alpha" -dependencies = [ - "base64 0.10.1 (registry+https://github.com/rust-lang/crates.io-index)", - "failure 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", - "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", - "oasis-core-keymanager-api-common 0.3.0-alpha", - "oasis-core-runtime 0.3.0-alpha", - "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", - "rustc-hex 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)", - "serde 1.0.105 (registry+https://github.com/rust-lang/crates.io-index)", - "serde_bytes 0.10.5 (registry+https://github.com/rust-lang/crates.io-index)", - "serde_derive 1.0.105 (registry+https://github.com/rust-lang/crates.io-index)", - "x25519-dalek 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)", -] - [[package]] name = "oasis-core-keymanager-api-common" version = "0.3.0-alpha" @@ -848,7 +831,7 @@ dependencies = [ "io-context 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "lru 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)", "oasis-core-client 0.3.0-alpha", - "oasis-core-keymanager-api 0.3.0-alpha", + "oasis-core-keymanager-api-common 0.3.0-alpha", "oasis-core-runtime 0.3.0-alpha", ] @@ -871,17 +854,6 @@ dependencies = [ "zeroize 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "oasis-core-keymanager-runtime" -version = "0.3.0-alpha" -dependencies = [ - "failure 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", - "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)", - "oasis-core-keymanager-api 0.3.0-alpha", - "oasis-core-keymanager-lib 0.3.0-alpha", - "oasis-core-runtime 0.3.0-alpha", -] - [[package]] name = "oasis-core-runtime" version = "0.3.0-alpha" @@ -1354,6 +1326,16 @@ dependencies = [ "opaque-debug 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "simple-keymanager" +version = "0.3.0-alpha" +dependencies = [ + "oasis-core-keymanager-api-common 0.3.0-alpha", + "oasis-core-keymanager-lib 0.3.0-alpha", + "oasis-core-runtime 0.3.0-alpha", + "oasis-core-tools 0.3.0-alpha", +] + [[package]] name = "simple-keyvalue" version = "0.3.0-alpha" @@ -1361,7 +1343,7 @@ dependencies = [ "failure 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", "io-context 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "oasis-core-client 0.3.0-alpha", - "oasis-core-keymanager-api 0.3.0-alpha", + "oasis-core-keymanager-api-common 0.3.0-alpha", "oasis-core-keymanager-client 0.3.0-alpha", "oasis-core-runtime 0.3.0-alpha", "oasis-core-tools 0.3.0-alpha", diff --git a/Cargo.toml b/Cargo.toml index f23bebd238d..3747f08b347 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,11 +6,11 @@ members = [ "keymanager-client", "keymanager-api-common", "keymanager-lib", - "keymanager-runtime", "tools", # Test runtimes. "tests/runtimes/simple-keyvalue", + "tests/runtimes/simple-keymanager", # Test clients. "tests/clients/simple-keyvalue", "tests/clients/simple-keyvalue-enc", diff --git a/Makefile b/Makefile index 507497df5f9..b32ef245c9c 100644 --- a/Makefile +++ b/Makefile @@ -3,8 +3,8 @@ include common.mk # List of runtimes to build. -RUNTIMES := keymanager-runtime \ - tests/runtimes/simple-keyvalue +RUNTIMES := tests/runtimes/simple-keyvalue \ + tests/runtimes/simple-keymanager # Set all target as the default target. all: build diff --git a/README.md b/README.md index cd10a3d0ef0..d90bd995ee6 100644 --- a/README.md +++ b/README.md @@ -275,7 +275,7 @@ runtime, do: --net.node.binary go/oasis-node/oasis-node \ --net.runtime.binary target/default/debug/simple-keyvalue \ --net.runtime.loader target/default/debug/oasis-core-runtime-loader \ - --net.keymanager.binary target/default/debug/oasis-core-keymanager-runtime + --net.keymanager.binary target/default/debug/simple-keymanager ``` Wait for the network to start, there should be messages about nodes being @@ -361,7 +361,7 @@ except the `oasis-net-runner` invocation: --net.node.binary go/oasis-node/oasis-node \ --net.runtime.binary target/sgx/x86_64-fortanix-unknown-sgx/debug/simple-keyvalue.sgxs \ --net.runtime.loader target/default/debug/oasis-core-runtime-loader \ - --net.keymanager.binary target/sgx/x86_64-fortanix-unknown-sgx/debug/oasis-core-keymanager-runtime.sgxs + --net.keymanager.binary target/sgx/x86_64-fortanix-unknown-sgx/debug/simple-keymanager.sgxs ``` @@ -408,8 +408,9 @@ For even more output, check the other `*.log` files. * `client`: Client library for talking with the runtimes. * `docker`: Docker environment definitions. * `go`: Oasis node. +* `keymanager-api-common`: Common keymanager code shared between client and lib. * `keymanager-client`: Client crate for the key manager. -* `keymanager-runtime`: (INSECURE) key manager implementation. +* `keymanager-lib`: Keymanager library crate. * `runtime`: The runtime library that simplifies writing SGX and non-SGX runtimes. * `runtime-loader`: The SGX and non-SGX runtime loader process. diff --git a/docker/deployment/Dockerfile b/docker/deployment/Dockerfile index 7346f744db9..de0c526b3cb 100644 --- a/docker/deployment/Dockerfile +++ b/docker/deployment/Dockerfile @@ -14,7 +14,5 @@ LABEL com.oasislabs.oasis-core-build-image-tag="${OASIS_CORE_BUILD_IMAGE_TAG}" COPY go/oasis-node/oasis-node /oasis/bin/oasis-node COPY target/release/oasis-core-runtime-loader /oasis/bin/ -COPY target/release/oasis-core-keymanager-runtime /oasis/lib/ -COPY target/x86_64-fortanix-unknown-sgx/release/oasis-core-keymanager-runtime.sgxs /oasis/lib/ ENV PATH "/oasis/bin:${PATH}" diff --git a/docker/deployment/build_context.sh b/docker/deployment/build_context.sh index 2b888f97f00..8c23000510e 100755 --- a/docker/deployment/build_context.sh +++ b/docker/deployment/build_context.sh @@ -34,6 +34,4 @@ popd tar -czf "$dst" \ go/oasis-node/oasis-node \ target/release/oasis-core-runtime-loader \ - target/release/oasis-core-keymanager-runtime \ - target/x86_64-fortanix-unknown-sgx/release/oasis-core-keymanager-runtime.sgxs \ docker/deployment/Dockerfile diff --git a/go/oasis-net-runner/fixtures/default.go b/go/oasis-net-runner/fixtures/default.go index 5930c7e5940..cd1144d58b7 100644 --- a/go/oasis-net-runner/fixtures/default.go +++ b/go/oasis-net-runner/fixtures/default.go @@ -138,7 +138,7 @@ func init() { Flags.String(cfgRuntimeBinary, "simple-keyvalue", "path to the runtime binary") Flags.String(cfgRuntimeGenesisState, "", "path to the runtime genesis state") Flags.String(cfgRuntimeLoader, "oasis-core-runtime-loader", "path to the runtime loader") - Flags.String(cfgKeymanagerBinary, "oasis-core-keymanager-runtime", "path to the keymanager runtime") + Flags.String(cfgKeymanagerBinary, "simple-keymanager", "path to the keymanager runtime") Flags.String(cfgTEEHardware, "", "TEE hardware to use") Flags.Bool(cfgEpochtimeMock, false, "use mock epochtime") Flags.Uint64(cfgHaltEpoch, math.MaxUint64, "halt epoch height") diff --git a/go/oasis-test-runner/scenario/e2e/common.go b/go/oasis-test-runner/scenario/e2e/common.go index 89bc6b41651..c71553ec50c 100644 --- a/go/oasis-test-runner/scenario/e2e/common.go +++ b/go/oasis-test-runner/scenario/e2e/common.go @@ -61,7 +61,7 @@ func resolveRuntimeBinary(runtimeBinary string) (string, error) { } func resolveDefaultKeyManagerBinary() (string, error) { - return resolveRuntimeBinary("oasis-core-keymanager-runtime") + return resolveRuntimeBinary("simple-keymanager") } func startClient(env *env.Env, net *oasis.Network, binary string, clientArgs []string) (*exec.Cmd, error) { diff --git a/keymanager-api-common/Cargo.toml b/keymanager-api-common/Cargo.toml index 5c1a5a79768..efea7f3f483 100644 --- a/keymanager-api-common/Cargo.toml +++ b/keymanager-api-common/Cargo.toml @@ -5,8 +5,9 @@ authors = ["Oasis Labs Inc. "] edition = "2018" [dependencies] -base64 = "0.10.1" oasis-core-runtime = { path = "../runtime" } + +base64 = "0.10.1" serde = "1.0.71" serde_derive = "1.0" serde_bytes = "~0.10" diff --git a/keymanager-api-common/src/api.rs b/keymanager-api-common/src/api.rs index 0b229b690db..40bcdeda528 100644 --- a/keymanager-api-common/src/api.rs +++ b/keymanager-api-common/src/api.rs @@ -15,7 +15,7 @@ use oasis_core_runtime::{ runtime::RuntimeId, sgx::avr::EnclaveIdentity, }, - impl_bytes, + impl_bytes, runtime_api, }; impl_bytes!(ContractId, 32, "A 256-bit contract identifier."); @@ -248,3 +248,11 @@ impl Default for TrustedPolicySigners { } } } + +runtime_api! { + pub fn get_or_create_keys(RequestIds) -> ContractKey; + + pub fn get_public_key(RequestIds) -> Option; + + pub fn replicate_master_secret(ReplicateRequest) -> ReplicateResponse; +} diff --git a/keymanager-api-common/src/lib.rs b/keymanager-api-common/src/lib.rs index bc12873f6eb..08edff89c6d 100644 --- a/keymanager-api-common/src/lib.rs +++ b/keymanager-api-common/src/lib.rs @@ -1,7 +1,10 @@ //! Key manager API common types and functions. use failure::Fallible; use lazy_static::lazy_static; -use oasis_core_runtime::common::{cbor, crypto::signature::PublicKey as OasisPublicKey}; +use oasis_core_runtime::common::{ + cbor, + crypto::signature::{PrivateKey as OasisPrivateKey, PublicKey as OasisPublicKey}, +}; use std::{ collections::HashSet, sync::{Mutex, Once}, @@ -69,3 +72,28 @@ impl SignedPolicySGX { Ok(self.policy.clone()) } } + +/// Returns the defult set of the trusted policy signers for key manager. +pub fn default_trusted_policy_signers() -> TrustedPolicySigners { + TrustedPolicySigners { + signers: { + let mut set = HashSet::new(); + if option_env!("OASIS_UNSAFE_KM_POLICY_KEYS").is_some() { + for seed in [ + "ekiden key manager test multisig key 0", + "ekiden key manager test multisig key 1", + "ekiden key manager test multisig key 2", + ] + .iter() + { + let private_key = OasisPrivateKey::from_test_seed(seed.to_string()); + set.insert(private_key.public_key()); + } + } + + // TODO: Populate with the production keys as well. + set + }, + threshold: 9001, // TODO: Set this to a real value. + } +} diff --git a/keymanager-client/Cargo.toml b/keymanager-client/Cargo.toml index 5e7fc644909..0f4d032054a 100644 --- a/keymanager-client/Cargo.toml +++ b/keymanager-client/Cargo.toml @@ -7,7 +7,7 @@ edition = "2018" [dependencies] oasis-core-client = { path = "../client" } oasis-core-runtime = { path = "../runtime" } -oasis-core-keymanager-api = { path = "../keymanager-runtime/api" } +oasis-core-keymanager-api-common = { path = "../keymanager-api-common" } failure = "0.1.5" futures = "0.1.25" io-context = "0.2.0" diff --git a/keymanager-client/src/client.rs b/keymanager-client/src/client.rs index 2600531f812..3b360de4699 100644 --- a/keymanager-client/src/client.rs +++ b/keymanager-client/src/client.rs @@ -16,7 +16,7 @@ use std::iter::FromIterator; use oasis_core_runtime::{common::cbor, protocol::ProtocolError, types::Body}; use oasis_core_client::{create_rpc_api_client, BoxFuture, RpcClient}; -use oasis_core_keymanager_api::*; +use oasis_core_keymanager_api_common::*; use oasis_core_runtime::{ common::{runtime::RuntimeId, sgx::avr::EnclaveIdentity}, protocol::Protocol, @@ -94,7 +94,7 @@ impl RemoteClient { keys_cache_sizes: usize, ) -> Self { #[cfg(target_env = "sgx")] - init_trusted_policy_signers(); + set_trusted_policy_signers(default_trusted_policy_signers()); // TODO: configurable? #[cfg(target_env = "sgx")] let enclaves: Option> = match protocol diff --git a/keymanager-client/src/lib.rs b/keymanager-client/src/lib.rs index 8329e981d7e..4f51edd6899 100644 --- a/keymanager-client/src/lib.rs +++ b/keymanager-client/src/lib.rs @@ -7,7 +7,7 @@ use std::sync::Arc; use io_context::Context; use oasis_core_client::BoxFuture; -use oasis_core_keymanager_api; +use oasis_core_keymanager_api_common; /// Key manager client interface. pub trait KeyManagerClient: Send + Sync { @@ -57,4 +57,4 @@ impl KeyManagerClient for Arc { } // Re-exports. -pub use self::{client::RemoteClient, oasis_core_keymanager_api::*}; +pub use self::{client::RemoteClient, oasis_core_keymanager_api_common::*}; diff --git a/keymanager-client/src/mock.rs b/keymanager-client/src/mock.rs index 0cc88e3499c..8f5e03ff6ad 100644 --- a/keymanager-client/src/mock.rs +++ b/keymanager-client/src/mock.rs @@ -4,7 +4,7 @@ use std::{collections::HashMap, sync::Mutex}; use futures::{future, Future}; use io_context::Context; use oasis_core_client::BoxFuture; -use oasis_core_keymanager_api::*; +use oasis_core_keymanager_api_common::*; use oasis_core_runtime::common::crypto::signature::Signature; use super::KeyManagerClient; diff --git a/keymanager-lib/Cargo.toml b/keymanager-lib/Cargo.toml index 077bffacae6..13bb8c8e9bf 100644 --- a/keymanager-lib/Cargo.toml +++ b/keymanager-lib/Cargo.toml @@ -8,6 +8,7 @@ edition = "2018" oasis-core-runtime = { path = "../runtime" } oasis-core-keymanager-api-common = { path = "../keymanager-api-common" } oasis-core-keymanager-client = { path = "../keymanager-client" } + failure = "0.1.5" lazy_static = "1.3.0" lru = "0.1.17" diff --git a/keymanager-runtime/src/main.rs b/keymanager-lib/src/keymanager.rs similarity index 71% rename from keymanager-runtime/src/main.rs rename to keymanager-lib/src/keymanager.rs index c185f307042..a20de3ecdf3 100644 --- a/keymanager-runtime/src/main.rs +++ b/keymanager-lib/src/keymanager.rs @@ -1,22 +1,20 @@ use std::sync::Arc; -mod methods; - use failure::Fallible; -use oasis_core_keymanager_api::*; +use oasis_core_keymanager_api_common::*; use oasis_core_runtime::{ - common::version::Version, + dispatcher::Initializer, rak::RAK, register_runtime_rpc_methods, rpc::{ dispatcher::{Method as RpcMethod, MethodDescriptor as RpcMethodDescriptor}, Context as RpcContext, }, - version_from_cargo, Protocol, RpcDemux, RpcDispatcher, TxnDispatcher, + Protocol, RpcDemux, RpcDispatcher, TxnDispatcher, }; -use oasis_core_keymanager_lib::{context, kdf::Kdf, policy::Policy}; +use crate::{context, kdf::Kdf, policy::Policy}; /// Initialize the Kdf. fn init_kdf(req: &InitRequest, ctx: &mut RpcContext) -> Fallible { @@ -24,15 +22,16 @@ fn init_kdf(req: &InitRequest, ctx: &mut RpcContext) -> Fallible Box { // Initializer. - let init = |protocol: &Arc, - _rak: &Arc, - _rpc_demux: &mut RpcDemux, - rpc: &mut RpcDispatcher| - -> Option> { + let init = move |protocol: &Arc, + _rak: &Arc, + _rpc_demux: &mut RpcDemux, + rpc: &mut RpcDispatcher| + -> Option> { // Initialize the set of trusted policy signers. - init_trusted_policy_signers(); + set_trusted_policy_signers(signers.clone()); // Register RPC methods exposed via EnclaveRPC to remote clients. { @@ -65,6 +64,5 @@ fn main() { None }; - // Start the runtime. - oasis_core_runtime::start_runtime(Box::new(init), version_from_cargo!()); + Box::new(init) } diff --git a/keymanager-lib/src/lib.rs b/keymanager-lib/src/lib.rs index 565677e5f8a..e2169cb85a3 100644 --- a/keymanager-lib/src/lib.rs +++ b/keymanager-lib/src/lib.rs @@ -1,3 +1,5 @@ pub mod context; pub mod kdf; +pub mod keymanager; +mod methods; pub mod policy; diff --git a/keymanager-runtime/src/methods.rs b/keymanager-lib/src/methods.rs similarity index 94% rename from keymanager-runtime/src/methods.rs rename to keymanager-lib/src/methods.rs index 297411460d8..0f61dce0d13 100644 --- a/keymanager-runtime/src/methods.rs +++ b/keymanager-lib/src/methods.rs @@ -1,9 +1,9 @@ //! Methods exported to remote clients via EnclaveRPC. use failure::Fallible; -use oasis_core_keymanager_api::*; +use oasis_core_keymanager_api_common::*; use oasis_core_runtime::rpc::Context as RpcContext; -use oasis_core_keymanager_lib::{kdf::Kdf, policy::Policy}; +use crate::{kdf::Kdf, policy::Policy}; /// See `Kdf::get_or_create_keys`. pub fn get_or_create_keys(req: &RequestIds, ctx: &mut RpcContext) -> Fallible { diff --git a/keymanager-runtime/Cargo.toml b/keymanager-runtime/Cargo.toml deleted file mode 100644 index df318cb93d0..00000000000 --- a/keymanager-runtime/Cargo.toml +++ /dev/null @@ -1,17 +0,0 @@ -[package] -name = "oasis-core-keymanager-runtime" -version = "0.3.0-alpha" -authors = ["Oasis Labs Inc. "] -edition = "2018" - -[package.metadata.fortanix-sgx] -heap-size = 134217728 -stack-size = 2097152 -threads = 2 - -[dependencies] -oasis-core-runtime = { path = "../runtime" } -oasis-core-keymanager-api = { path = "./api" } -oasis-core-keymanager-lib = { path = "../keymanager-lib" } -failure = "0.1.5" -lazy_static = "1.3.0" diff --git a/keymanager-runtime/api/Cargo.toml b/keymanager-runtime/api/Cargo.toml deleted file mode 100644 index ab4540c1f4f..00000000000 --- a/keymanager-runtime/api/Cargo.toml +++ /dev/null @@ -1,18 +0,0 @@ -[package] -name = "oasis-core-keymanager-api" -version = "0.3.0-alpha" -authors = ["Oasis Labs Inc. "] -edition = "2018" - -[dependencies] -base64 = "0.10.1" -oasis-core-keymanager-api-common = { path = "../../keymanager-api-common" } -oasis-core-runtime = { path = "../../runtime" } -serde = "1.0.71" -serde_derive = "1.0" -serde_bytes = "~0.10" -rustc-hex = "2.0.1" -failure = "0.1.5" -lazy_static = "1.3.0" -x25519-dalek = "0.6.0" -rand = "0.7.3" diff --git a/keymanager-runtime/api/src/api.rs b/keymanager-runtime/api/src/api.rs deleted file mode 100644 index 16a85cc7bea..00000000000 --- a/keymanager-runtime/api/src/api.rs +++ /dev/null @@ -1,9 +0,0 @@ -use oasis_core_runtime::runtime_api; - -runtime_api! { - pub fn get_or_create_keys(RequestIds) -> ContractKey; - - pub fn get_public_key(RequestIds) -> Option; - - pub fn replicate_master_secret(ReplicateRequest) -> ReplicateResponse; -} diff --git a/keymanager-runtime/api/src/lib.rs b/keymanager-runtime/api/src/lib.rs deleted file mode 100644 index 482da8b0209..00000000000 --- a/keymanager-runtime/api/src/lib.rs +++ /dev/null @@ -1,35 +0,0 @@ -use std::collections::HashSet; - -use oasis_core_runtime::common::crypto::signature::PrivateKey as OasisPrivateKey; - -#[macro_use] -mod api; - -// Re-exports. -pub use api::*; -pub use oasis_core_keymanager_api_common::*; - -/// Initializes the set of trusted policy signers for this key manager. -pub fn init_trusted_policy_signers() { - set_trusted_policy_signers(TrustedPolicySigners { - signers: { - let mut set = HashSet::new(); - if option_env!("OASIS_UNSAFE_KM_POLICY_KEYS").is_some() { - for seed in [ - "ekiden key manager test multisig key 0", - "ekiden key manager test multisig key 1", - "ekiden key manager test multisig key 2", - ] - .iter() - { - let private_key = OasisPrivateKey::from_test_seed(seed.to_string()); - set.insert(private_key.public_key()); - } - } - - // TODO: Populate with the production keys as well. - set - }, - threshold: 9001, // TODO: Set this to a real value. - }); -} diff --git a/tests/runtimes/simple-keymanager/Cargo.toml b/tests/runtimes/simple-keymanager/Cargo.toml new file mode 100644 index 00000000000..78a7b5d736b --- /dev/null +++ b/tests/runtimes/simple-keymanager/Cargo.toml @@ -0,0 +1,18 @@ +[package] +name = "simple-keymanager" +version = "0.3.0-alpha" +authors = ["Oasis Labs Inc. "] +edition = "2018" + +[package.metadata.fortanix-sgx] +heap-size = 134217728 +stack-size = 2097152 +threads = 2 + +[dependencies] +oasis-core-runtime = { path = "../../../runtime" } +oasis-core-keymanager-lib = { path = "../../../keymanager-lib" } +oasis-core-keymanager-api-common = { path = "../../../keymanager-api-common" } + +[build-dependencies] +oasis-core-tools = { path = "../../../tools" } diff --git a/tests/runtimes/simple-keymanager/src/main.rs b/tests/runtimes/simple-keymanager/src/main.rs new file mode 100644 index 00000000000..ecd6b8e7cbf --- /dev/null +++ b/tests/runtimes/simple-keymanager/src/main.rs @@ -0,0 +1,9 @@ +use oasis_core_keymanager_api_common::*; +use oasis_core_keymanager_lib::keymanager::*; +use oasis_core_runtime::{common::version::Version, version_from_cargo}; + +fn main() { + let init = new_keymanager(default_trusted_policy_signers()); + // Start the runtime. + oasis_core_runtime::start_runtime(init, version_from_cargo!()); +} diff --git a/tests/runtimes/simple-keyvalue/Cargo.toml b/tests/runtimes/simple-keyvalue/Cargo.toml index bfab8d0c89d..2701f6927a6 100644 --- a/tests/runtimes/simple-keyvalue/Cargo.toml +++ b/tests/runtimes/simple-keyvalue/Cargo.toml @@ -13,7 +13,7 @@ threads = 2 oasis-core-runtime = { path = "../../../runtime" } oasis-core-client = { path = "../../../client" } oasis-core-keymanager-client = { path = "../../../keymanager-client" } -oasis-core-keymanager-api = { path = "../../../keymanager-runtime/api" } +oasis-core-keymanager-api-common = { path = "../../../keymanager-api-common" } simple-keyvalue-api = { path = "./api" } failure = "0.1.5" io-context = "0.2.0" diff --git a/tests/runtimes/simple-keyvalue/src/main.rs b/tests/runtimes/simple-keyvalue/src/main.rs index 21baf8e3731..09042e57acf 100644 --- a/tests/runtimes/simple-keyvalue/src/main.rs +++ b/tests/runtimes/simple-keyvalue/src/main.rs @@ -1,6 +1,6 @@ extern crate failure; extern crate io_context; -extern crate oasis_core_keymanager_api; +extern crate oasis_core_keymanager_api_common; extern crate oasis_core_keymanager_client; extern crate oasis_core_runtime; extern crate simple_keyvalue_api;