From a95bc5b3ae000cd899c7dee06aaf44680e8264e5 Mon Sep 17 00:00:00 2001 From: Warren He Date: Thu, 21 Feb 2019 18:04:00 -0800 Subject: [PATCH 1/2] key-manager: new unsecret signing and keystore encryption key --- Cargo.toml | 2 + key-manager/common/src/lib.rs | 9 +++++ key-manager/dummy/edl/Cargo.toml | 13 ++++++ key-manager/dummy/edl/src/keymanager.edl | 12 ++++++ key-manager/dummy/edl/src/lib.rs | 10 +++++ key-manager/dummy/enclave/Cargo.toml | 2 +- key-manager/dummy/enclave/build.rs | 4 +- key-manager/dummy/enclave/src/key_store.rs | 28 +++++++++---- key-manager/dummy/enclave/src/lib.rs | 45 ++++++++++++++++----- key-manager/dummy/keygen/Cargo.toml | 17 ++++++++ key-manager/dummy/keygen/src/main.rs | 34 ++++++++++++++++ key-manager/dummy/untrusted/Cargo.toml | 1 + key-manager/dummy/untrusted/src/backend.rs | 46 ++++++++++++++++++++-- key-manager/dummy/untrusted/src/lib.rs | 1 + key-manager/node/Cargo.toml | 2 +- key-manager/node/build.rs | 4 +- key-manager/node/src/main.rs | 7 ++++ 17 files changed, 210 insertions(+), 27 deletions(-) create mode 100644 key-manager/dummy/edl/Cargo.toml create mode 100644 key-manager/dummy/edl/src/keymanager.edl create mode 100644 key-manager/dummy/edl/src/lib.rs create mode 100644 key-manager/dummy/keygen/Cargo.toml create mode 100644 key-manager/dummy/keygen/src/main.rs diff --git a/Cargo.toml b/Cargo.toml index bc232c3c5a3..3df78b97546 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -85,7 +85,9 @@ members = [ "key-manager/api", "key-manager/common", "key-manager/client", + "key-manager/dummy/edl", "key-manager/dummy/enclave", + "key-manager/dummy/keygen", "key-manager/dummy/untrusted", "key-manager/node", ] diff --git a/key-manager/common/src/lib.rs b/key-manager/common/src/lib.rs index 7c80536e846..bb53ca8cb15 100644 --- a/key-manager/common/src/lib.rs +++ b/key-manager/common/src/lib.rs @@ -158,3 +158,12 @@ impl ContractKey { } } } + +/// A set of keys for internal use by the dummy key manager. +#[derive(Serialize, Deserialize)] +pub struct DummyInternalKeys { + #[serde(with = "BigArray")] + pub keystore_encryption_key: StateKeyType, + /// Ed25519 keypair in PKCS8 format. + pub signing_key: Vec, +} diff --git a/key-manager/dummy/edl/Cargo.toml b/key-manager/dummy/edl/Cargo.toml new file mode 100644 index 00000000000..da469558d00 --- /dev/null +++ b/key-manager/dummy/edl/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "ekiden-keymanager-edl" +version = "0.2.0-alpha" +authors = ["Oasis Labs Inc. "] +edition = "2018" +description = "EDL additions for the dummy key manager" +keywords = ["ekiden"] +repository = "https://github.com/oasislabs/ekiden" + +[dependencies] +sgx_edl = { git = "https://github.com/oasislabs/rust-sgx-sdk", tag = "v1.0.5-ekiden1" } + +ekiden-edl = { path = "../../../core/edl" } diff --git a/key-manager/dummy/edl/src/keymanager.edl b/key-manager/dummy/edl/src/keymanager.edl new file mode 100644 index 00000000000..067a6535fab --- /dev/null +++ b/key-manager/dummy/edl/src/keymanager.edl @@ -0,0 +1,12 @@ +enclave { + trusted { + /** + * Use the given internal keys, provided as a CBOR-serialized ekiden_keymanager_common::DummyInternalKeys + * structure. + */ + public void set_internal_keys( + [in, size=internal_keys_length] uint8_t *internal_keys, + size_t internal_keys_length + ); + }; +}; diff --git a/key-manager/dummy/edl/src/lib.rs b/key-manager/dummy/edl/src/lib.rs new file mode 100644 index 00000000000..dd9387c0927 --- /dev/null +++ b/key-manager/dummy/edl/src/lib.rs @@ -0,0 +1,10 @@ +extern crate sgx_edl; +use sgx_edl::define_edl; + +extern crate ekiden_edl; + +define_edl! { + use ekiden_edl; + + "keymanager.edl" +} diff --git a/key-manager/dummy/enclave/Cargo.toml b/key-manager/dummy/enclave/Cargo.toml index bb9cbc70840..5cfae2b10e2 100644 --- a/key-manager/dummy/enclave/Cargo.toml +++ b/key-manager/dummy/enclave/Cargo.toml @@ -26,4 +26,4 @@ byteorder = "1" [build-dependencies] ekiden-tools = { path = "../../../tools", version = "0.2.0-alpha" } -ekiden-edl = { path = "../../../core/edl", version = "0.2.0-alpha" } +ekiden-keymanager-edl = { path = "../edl", version = "0.2.0-alpha" } diff --git a/key-manager/dummy/enclave/build.rs b/key-manager/dummy/enclave/build.rs index 3b1c94343d7..f383a056289 100644 --- a/key-manager/dummy/enclave/build.rs +++ b/key-manager/dummy/enclave/build.rs @@ -1,6 +1,6 @@ -extern crate ekiden_edl; +extern crate ekiden_keymanager_edl; extern crate ekiden_tools; fn main() { - ekiden_tools::build_trusted(ekiden_edl::get_edls().unwrap()); + ekiden_tools::build_trusted(ekiden_keymanager_edl::get_edls().unwrap()); } diff --git a/key-manager/dummy/enclave/src/key_store.rs b/key-manager/dummy/enclave/src/key_store.rs index c5f732e742e..7f569c4abca 100644 --- a/key-manager/dummy/enclave/src/key_store.rs +++ b/key-manager/dummy/enclave/src/key_store.rs @@ -16,8 +16,19 @@ use ekiden_keymanager_common::{ }; use ekiden_trusted::db::{Database, DatabaseHandle}; +/// A dummy key for use in tests where confidentiality is not needed. +const UNSECRET_ENCRYPTION_KEY: StateKeyType = [ + 119, 206, 190, 82, 117, 21, 62, 84, 119, 212, 117, 60, 32, 158, 183, 32, 68, 55, 131, 112, 38, + 169, 217, 219, 58, 109, 194, 211, 89, 39, 198, 204, 254, 104, 202, 114, 203, 213, 89, 44, 192, + 168, 42, 136, 220, 230, 66, 74, 197, 220, 22, 146, 84, 121, 175, 216, 144, 182, 40, 179, 6, 73, + 177, 9, +]; + /// Key store, which actually stores the key manager keys. -pub struct KeyStore; +pub struct KeyStore { + /// Dummy encryption key + encryption_key: StateKeyType, +} lazy_static! { // Global key store object. @@ -26,7 +37,9 @@ lazy_static! { impl KeyStore { fn new() -> Self { - let mut key_store = KeyStore; + let mut key_store = KeyStore { + encryption_key: UNSECRET_ENCRYPTION_KEY, + }; // for testing purpose, insert a special key at address 0 key_store .get_or_create_keys(ContractId::from_str(&"0".repeat(64)).unwrap()) @@ -83,11 +96,10 @@ impl KeyStore { /// Dummy encryption key pub fn encryption_key(&self) -> StateKeyType { - [ - 255, 135, 103, 97, 49, 33, 200, 139, 130, 186, 54, 177, 83, 2, 162, 146, 160, 234, 231, - 218, 124, 160, 72, 113, 26, 177, 100, 40, 135, 129, 195, 50, 161, 220, 212, 120, 240, - 163, 240, 23, 9, 74, 150, 87, 253, 60, 105, 170, 133, 134, 109, 248, 100, 43, 4, 19, - 39, 25, 13, 138, 28, 49, 71, 49, - ] + self.encryption_key + } + + pub fn set_encryption_key(&mut self, encryption_key: StateKeyType) { + self.encryption_key = encryption_key; } } diff --git a/key-manager/dummy/enclave/src/lib.rs b/key-manager/dummy/enclave/src/lib.rs index 9676033397f..da84a202a9e 100644 --- a/key-manager/dummy/enclave/src/lib.rs +++ b/key-manager/dummy/enclave/src/lib.rs @@ -5,6 +5,10 @@ extern crate lazy_static; extern crate protobuf; extern crate serde_cbor; extern crate sodalite; +#[cfg(not(target_env = "sgx"))] +use std::sync::Mutex; +#[cfg(target_env = "sgx")] +use std::sync::SgxMutex as Mutex; extern crate ekiden_core; extern crate ekiden_keymanager_api; @@ -104,6 +108,20 @@ pub fn long_term_public_key( Ok(Some(response)) } +/// ECALL, see edl +#[cfg(target_env = "sgx")] +#[no_mangle] +pub extern "C" fn set_internal_keys(internal_keys: *const u8, internal_keys_length: usize) { + let internal_keys_buf = + unsafe { std::slice::from_raw_parts(internal_keys, internal_keys_length) }; + let internal_keys: ekiden_keymanager_common::DummyInternalKeys = + serde_cbor::from_slice(internal_keys_buf).unwrap(); + + key_store::KeyStore::get().set_encryption_key(internal_keys.keystore_encryption_key); + + *(SIGNER_KEY_PKCS8.lock().unwrap()) = internal_keys.signing_key; +} + fn sign_public_key(public_key: PublicKeyType, timestamp: Option) -> Result { let signer = dummy_signer()?; let digest = public_key_digest(public_key, timestamp); @@ -120,21 +138,28 @@ fn public_key_digest(public_key: PublicKeyType, timestamp: Option) -> H256 hash::from_bytes(hash_data.as_slice()) } +/// A dummy key for use in tests where integrity is not needed. +/// Public Key: 0x9d41a874b80e39a40c9644e964f0e4f967100c91654bfd7666435fe906af060f +const UNSECRET_SIGNING_KEY_PKCS8: [u8; 85] = [ + 48, 83, 2, 1, 1, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32, 109, 124, 181, 54, 35, 91, 34, 238, + 29, 127, 17, 115, 64, 41, 135, 165, 19, 211, 246, 106, 37, 136, 149, 157, 187, 145, 157, 192, + 170, 25, 201, 141, 161, 35, 3, 33, 0, 157, 65, 168, 116, 184, 14, 57, 164, 12, 150, 68, 233, + 100, 240, 228, 249, 103, 16, 12, 145, 101, 75, 253, 118, 102, 67, 95, 233, 6, 175, 6, 15, +]; + +lazy_static! { + // Global key store object. + static ref SIGNER_KEY_PKCS8: Mutex> = Mutex::new(UNSECRET_SIGNING_KEY_PKCS8.to_vec()); +} + /// Returns a dummy signer used by the KeyManager to sign public keys. -/// Public Key: 0x51d5e24342ae2c4a951e24a2ba45a68106bcb7986198817331889264fd10f1bf /// /// This should be replaced as part of the following issue: /// https://github.com/oasislabs/ekiden/issues/1291 fn dummy_signer() -> Result { - let pkc8s = [ - 48, 83, 2, 1, 1, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32, 255, 135, 103, 97, 49, 33, 200, - 139, 130, 186, 54, 177, 83, 2, 162, 146, 160, 234, 231, 218, 124, 160, 72, 113, 26, 177, - 100, 40, 135, 129, 195, 50, 161, 35, 3, 33, 0, 81, 213, 226, 67, 66, 174, 44, 74, 149, 30, - 36, 162, 186, 69, 166, 129, 6, 188, 183, 152, 97, 152, 129, 115, 49, 136, 146, 100, 253, - 16, 241, 191, - ]; - let pkc8s_input = untrusted::Input::from(&pkc8s); - let keypair = signature::Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkc8s_input) + let guard = SIGNER_KEY_PKCS8.lock().unwrap(); + let pkcs8_input = untrusted::Input::from(guard.as_slice()); + let keypair = signature::Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkcs8_input) .expect("Should always derive a keypair from the given pkc8s"); Ok(InMemorySigner::new(keypair)) diff --git a/key-manager/dummy/keygen/Cargo.toml b/key-manager/dummy/keygen/Cargo.toml new file mode 100644 index 00000000000..8f7ffd9f8c3 --- /dev/null +++ b/key-manager/dummy/keygen/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "ekiden-keymanager-keygen" +version = "0.2.0-alpha" +authors = ["Oasis Labs Inc. "] +edition = "2018" +description = "A tool for generating a set of internal keys used by the Ekiden dummy key manager" +keywords = ["ekiden"] +repository = "https://github.com/oasislabs/ekiden" + +[dependencies] +protobuf = "~2.0" +ring = { git = "https://github.com/oasislabs/ring", default-features = false, features = ["use_heap"], branch = "0.14.0-ekiden" } +serde_cbor = { git = "https://github.com/oasislabs/cbor", tag = "v0.9.0-ekiden1" } +untrusted = "0.6.2" + +ekiden-keymanager-api = { path = "../../api", version = "0.2.0-alpha" } +ekiden-keymanager-common = { path = "../../common", version = "0.2.0-alpha" } diff --git a/key-manager/dummy/keygen/src/main.rs b/key-manager/dummy/keygen/src/main.rs new file mode 100644 index 00000000000..c6c887e2c43 --- /dev/null +++ b/key-manager/dummy/keygen/src/main.rs @@ -0,0 +1,34 @@ +extern crate ring; +use ring::{rand::SecureRandom, signature::KeyPair}; +extern crate serde_cbor; +extern crate untrusted; + +extern crate ekiden_keymanager_common; + +fn main() { + let rng = ring::rand::SystemRandom::new(); + + // Generate keystore encryption key. + let mut keystore_encryption_sym: ekiden_keymanager_common::StateKeyType = [0; 64]; + rng.fill(&mut keystore_encryption_sym).unwrap(); + println!("keystore encryption {:?}", &keystore_encryption_sym[..]); + + // Generate signing key. + let signing_pkcs8_doc = ring::signature::Ed25519KeyPair::generate_pkcs8(&rng).unwrap(); + println!("signing pkcs8 {:?}", signing_pkcs8_doc.as_ref()); + let signing_pair = ring::signature::Ed25519KeyPair::from_pkcs8(untrusted::Input::from( + signing_pkcs8_doc.as_ref(), + )) + .unwrap(); + let signing_public = signing_pair.public_key(); + println!("signing public {:?}", signing_public.as_ref()); + + let keys = ekiden_keymanager_common::DummyInternalKeys { + keystore_encryption_key: keystore_encryption_sym, + signing_key: signing_pkcs8_doc.as_ref().to_owned(), + }; + println!( + "serialized InternalKeys {:?}", + serde_cbor::to_vec(&keys).unwrap().as_slice() + ); +} diff --git a/key-manager/dummy/untrusted/Cargo.toml b/key-manager/dummy/untrusted/Cargo.toml index 76545dbdd29..0722b7c1db2 100644 --- a/key-manager/dummy/untrusted/Cargo.toml +++ b/key-manager/dummy/untrusted/Cargo.toml @@ -9,6 +9,7 @@ repository = "https://github.com/oasislabs/ekiden" [dependencies] ekiden-common = { path = "../../../common", version = "0.2.0-alpha" } ekiden-core = { path = "../../../core/common", version = "0.2.0-alpha" } +ekiden-keymanager-api = { path = "../../api", version = "0.2.0-alpha" } ekiden-untrusted = { path = "../../../core/untrusted", version = "0.2.0-alpha" } ekiden-db-trusted = { path = "../../../db/trusted", version = "0.2.0-alpha" } ekiden-tools = { path = "../../../tools", version = "0.2.0-alpha" } diff --git a/key-manager/dummy/untrusted/src/backend.rs b/key-manager/dummy/untrusted/src/backend.rs index fa9805d7877..710ded96dd9 100644 --- a/key-manager/dummy/untrusted/src/backend.rs +++ b/key-manager/dummy/untrusted/src/backend.rs @@ -1,6 +1,7 @@ use std::{ borrow::Borrow, fmt::Write, + io::Read, ops::Deref, path::{Path, PathBuf}, sync::{ @@ -61,6 +62,8 @@ pub struct BackendConfiguration { pub storage_backend: Arc, /// Filesystem storage path. Used to locate the roothash db. pub root_hash_path: PathBuf, + /// Path to internal keys if not using the unsecret testing keys. + pub internal_keys_path: Option, } /// Key manager worker which executes commands in secure enclaves. @@ -79,15 +82,27 @@ impl KeyManagerInner { let (command_sender, command_receiver) = channel(); thread::spawn(move || { // Question: when is enclave destroyed? - KeyManagerEnclave::new( + let mut enclave = KeyManagerEnclave::new( &config.enclave_filename, config.ias, config.saved_identity_path, config.storage_backend, config.root_hash_path, ) - .unwrap() - .run(command_receiver); + .unwrap(); + if let Some(internal_keys_path) = config.internal_keys_path { + let mut internal_keys_file = std::fs::File::open(internal_keys_path) + .expect("Couldn't open internal keys file"); + let mut internal_keys_buf = vec![]; + internal_keys_file + .read_to_end(&mut internal_keys_buf) + .expect("Couldn't read internal keys file"); + enclave + .enclave + .set_internal_keys(internal_keys_buf.as_slice()) + .expect("Couldn't set internal keys"); + } + enclave.run(command_receiver); }); Self { @@ -292,3 +307,28 @@ impl KeyManagerEnclave { } } } + +extern "C" { + pub fn set_internal_keys( + eid: sgx_types::sgx_enclave_id_t, + internal_keys: *const u8, + internal_keys_length: usize, + ) -> sgx_types::sgx_status_t; +} + +trait EnclaveDummyKeymanager { + /// ECALL, see edl + fn set_internal_keys(&self, internal_keys: &[u8]) -> Result<()>; +} + +impl EnclaveDummyKeymanager for Enclave { + fn set_internal_keys(&self, internal_keys: &[u8]) -> Result<()> { + let result = unsafe { + set_internal_keys(self.get_id(), internal_keys.as_ptr(), internal_keys.len()) + }; + if result != sgx_types::sgx_status_t::SGX_SUCCESS { + return Err(Error::new(format!("set_internal_keys: {}", result))); + } + Ok(()) + } +} diff --git a/key-manager/dummy/untrusted/src/lib.rs b/key-manager/dummy/untrusted/src/lib.rs index 2dbfec7a828..2eee7edcd18 100644 --- a/key-manager/dummy/untrusted/src/lib.rs +++ b/key-manager/dummy/untrusted/src/lib.rs @@ -10,6 +10,7 @@ extern crate log; extern crate ekiden_common; extern crate ekiden_core; extern crate ekiden_db_trusted; +extern crate ekiden_keymanager_api; extern crate ekiden_rpc_api; extern crate ekiden_storage_base; extern crate ekiden_tools; diff --git a/key-manager/node/Cargo.toml b/key-manager/node/Cargo.toml index 618cd37fd08..d515b8bc7eb 100644 --- a/key-manager/node/Cargo.toml +++ b/key-manager/node/Cargo.toml @@ -38,7 +38,7 @@ thread_local = "0.3.5" [build-dependencies] ekiden-tools = { path = "../../tools", version = "0.2.0-alpha" } -ekiden-edl = { path = "../../core/edl", version = "0.2.0-alpha" } +ekiden-keymanager-edl = { path = "../dummy/edl", version = "0.2.0-alpha" } [[bin]] name = "ekiden-keymanager-test-client" diff --git a/key-manager/node/build.rs b/key-manager/node/build.rs index 856a99077f5..728ad1de83d 100644 --- a/key-manager/node/build.rs +++ b/key-manager/node/build.rs @@ -1,6 +1,6 @@ -extern crate ekiden_edl; +extern crate ekiden_keymanager_edl; extern crate ekiden_tools; fn main() { - ekiden_tools::build_untrusted(ekiden_edl::get_edls().unwrap()); + ekiden_tools::build_untrusted(ekiden_keymanager_edl::get_edls().unwrap()); } diff --git a/key-manager/node/src/main.rs b/key-manager/node/src/main.rs index 2b67901278c..89ba421a385 100644 --- a/key-manager/node/src/main.rs +++ b/key-manager/node/src/main.rs @@ -79,6 +79,12 @@ fn main() { .default_value("km-tls-key.pem") .required(true) ) + .arg( + Arg::with_name("internal-keys") + .long("internal-keys") + .takes_value(true) + .help("Path to internal keys file. Uses built-in unsecret keys if not set") + ) .arg( Arg::with_name("storage-path") .long("storage-path") @@ -127,6 +133,7 @@ fn main() { forwarded_rpc_timeout: None, storage_backend: storage_backend, root_hash_path: root_hash_path, + internal_keys_path: matches.value_of("internal-keys").map(PathBuf::from), } }, environment: environment.grpc(), From e9730f60f6723f7b35728f7cf57140e938b50946 Mon Sep 17 00:00:00 2001 From: Warren He Date: Mon, 25 Feb 2019 18:04:53 -0800 Subject: [PATCH 2/2] ci: separate and extend keymanager tests --- .buildkite/pipeline.yml | 10 ++++ .buildkite/scripts/test_dummy_keymanager.sh | 51 ++++++++++++++++++++ .buildkite/scripts/test_e2e.sh | 12 +---- tests/keymanager/internal-keys.cbor | Bin 0 -> 321 bytes 4 files changed, 62 insertions(+), 11 deletions(-) create mode 100755 .buildkite/scripts/test_dummy_keymanager.sh create mode 100644 tests/keymanager/internal-keys.cbor diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index a0cc793e840..82217d09046 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -178,6 +178,16 @@ steps: ############### # E2E test jobs ############### + - label: Dummy key manager tests + timeout_in_minutes: 5 + command: + - .buildkite/scripts/download_e2e_test_artifacts.sh + - .buildkite/scripts/test_dummy_keymanager.sh + agents: + buildkite_agent_size: large + plugins: + <<: *docker_plugin_configuration + - label: E2E tests (%n) parallelism: 4 timeout_in_minutes: 20 diff --git a/.buildkite/scripts/test_dummy_keymanager.sh b/.buildkite/scripts/test_dummy_keymanager.sh new file mode 100755 index 00000000000..4759cc94c44 --- /dev/null +++ b/.buildkite/scripts/test_dummy_keymanager.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +############################################################ +# This script tests the Ekiden dummy key manager. +# +# Usage: +# test_dummy_keymanager.sh [-w ] +############################################################ + +# Defaults. +WORKDIR=$(pwd) + +######################### +# Process test arguments. +######################### +while getopts 'f:t:' arg +do + case ${arg} in + w) WORKDIR=${OPTARG};; + *) + echo "Usage: $0 [-w ]" + exit 1 + esac +done + +# Helpful tips on writing build scripts: +# https://buildkite.com/docs/pipelines/writing-build-scripts +set -euxo pipefail + +source .buildkite/scripts/common.sh +source .buildkite/scripts/common_e2e.sh +source .buildkite/rust/common.sh + +# Test the key manager node. +test_keymanager() { + sleep 3 + + ${WORKDIR}/target/debug/ekiden-keymanager-test-client \ + --mrenclave $(cat ${WORKDIR}/target/enclave/ekiden-keymanager-trusted.mrenclave) \ + --tls-certificate ${WORKDIR}/tests/keymanager/km.pem +} + +# Test minimal configuration. +run_keymanager_node +test_keymanager +cleanup + +# Test with provided internal keys. +run_keymanager_node --internal-keys "${WORKDIR}/tests/keymanager/internal-keys.cbor" +test_keymanager +cleanup diff --git a/.buildkite/scripts/test_e2e.sh b/.buildkite/scripts/test_e2e.sh index 4c0f514878e..3c76c744e74 100755 --- a/.buildkite/scripts/test_e2e.sh +++ b/.buildkite/scripts/test_e2e.sh @@ -68,15 +68,6 @@ scenario_discrepancy() { set_epoch 1 } -# Test the key manager node. -test_keymanager() { - sleep 3 - - ${WORKDIR}/target/debug/ekiden-keymanager-test-client \ - --mrenclave $(cat ${WORKDIR}/target/enclave/ekiden-keymanager-trusted.mrenclave) \ - --tls-certificate ${WORKDIR}/tests/keymanager/km.pem -} - # Assert that the logger works. assert_logger_works() { assert_basic_success @@ -123,8 +114,7 @@ test_suite() { name="e2e-${backend_name}-basic-db-encryption" \ backend_runner=$backend_runner \ runtime=test-db-encryption \ - client=test-db-encryption \ - post_km_hook=test_keymanager + client=test-db-encryption # Enclave logger test. run_test \ diff --git a/tests/keymanager/internal-keys.cbor b/tests/keymanager/internal-keys.cbor new file mode 100644 index 0000000000000000000000000000000000000000..18f61b5fe4b30fe901e97e9993a201fa58c39bb6 GIT binary patch literal 321 zcmW-cPbfnH9LF~sH5WOoKILNm76&@9^u>_xt&lGI7mLr4yDG)y$Y>C(}m4jLNU5Ht|ZH zb0SP~D)*|HexBLmhD)AM`Cy$Aes9C5*yMozsa@-{7KGT9R(s+_aK)Na2f@ zN5)wq$Q>QxaV9p);um0mFNXLQGD29AgJiw<1ls3U#M)i>98Af+8hvyLUZtCi5SzR) bMh``FkyRTxk(~;+9+7;I853M^NXYXC4MAOo literal 0 HcmV?d00001