Move the keys folder to the config directory
diff --git a/.licenserc.yaml b/.licenserc.yaml
index f493fe0..3e314b2 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -38,7 +38,7 @@
- 'build/**'
- 'cmake/tomls/Cargo.*.lock'
- 'common/rusty_leveldb_sgx/**'
- - 'keys'
+ - 'config/keys'
- 'licenses'
- 'release/**'
- 'services/access_control/model.conf'
diff --git a/README.md b/README.md
index 7a6f6e5..9c27090 100644
--- a/README.md
+++ b/README.md
@@ -59,31 +59,6 @@
- [Rust Development Guideline](docs/rust-guideline.md)
- [Development Tips](docs/development-tips.md)
-### Codebase
-
-- [Attestation](attestation)
-- [Binder](binder)
-- [Built-in Functions](function)
-- [Client SDK](sdk)
-- [Command Line Tool](cli)
-- [Common Libraries](common)
-- [Configurations in Teaclave](config)
-- [Crypto Primitives](crypto)
-- [Data Center Attestation Service](dcap)
-- [Dockerfile and Compose File](docker)
-- [Examples](examples)
-- [Executor Runtime](runtime)
-- [File Agent](file_agent)
-- [Function Executors](executor)
-- [Keys and Certificates](keys)
-- [RPC](rpc)
-- [Teaclave Services](services)
-- [Teaclave Worker](worker)
-- [Test Harness and Test Cases](tests)
-- [Third-Party Dependency Vendoring](third_party)
-- [Tools](tools)
-- [Types](types)
-
### API References
- [Teaclave SGX SDK](https://teaclave.apache.org/api-docs/sgx-sdk/)
diff --git a/attestation/src/service.rs b/attestation/src/service.rs
index b69be8e..e65fb40 100644
--- a/attestation/src/service.rs
+++ b/attestation/src/service.rs
@@ -35,7 +35,7 @@
/// Root certification of the DCAP attestation service provider.
#[cfg(dcap)]
-const DCAP_ROOT_CA_CERT: &str = include_str!("../../keys/dcap_root_ca_cert.pem");
+const DCAP_ROOT_CA_CERT: &str = include_str!("../../config/keys/dcap_root_ca_cert.pem");
/// URL path to get the report from the attestation service.
const AS_REPORT_URL: &str = "/sgx/dev/attestation/v4/report";
diff --git a/cmake/scripts/prep.sh b/cmake/scripts/prep.sh
index 050dec7..31b0f8e 100755
--- a/cmake/scripts/prep.sh
+++ b/cmake/scripts/prep.sh
@@ -41,11 +41,11 @@
if [ "$DCAP" == "ON" ]; then
mkdir -p ${TEACLAVE_DCAP_INSTALL_DIR}
cp ${CMAKE_SOURCE_DIR}/dcap/Rocket.toml ${TEACLAVE_DCAP_INSTALL_DIR}/Rocket.toml
- cp ${CMAKE_SOURCE_DIR}/keys/dcap_server_cert.pem ${TEACLAVE_DCAP_INSTALL_DIR}/
- cp ${CMAKE_SOURCE_DIR}/keys/dcap_server_key.pem ${TEACLAVE_DCAP_INSTALL_DIR}/
+ cp ${CMAKE_SOURCE_DIR}/config/keys/dcap_server_cert.pem ${TEACLAVE_DCAP_INSTALL_DIR}/
+ cp ${CMAKE_SOURCE_DIR}/config/keys/dcap_server_key.pem ${TEACLAVE_DCAP_INSTALL_DIR}/
fi
# copy auditors to install directory to make it easy to package all built things
-cp -RT ${CMAKE_SOURCE_DIR}/keys/auditors/ ${TEACLAVE_AUDITORS_DIR}/
+cp -RT ${CMAKE_SOURCE_DIR}/config/keys/auditors/ ${TEACLAVE_AUDITORS_DIR}/
cp ${CMAKE_SOURCE_DIR}/config/runtime.config.toml ${TEACLAVE_SERVICE_INSTALL_DIR}
cp ${CMAKE_SOURCE_DIR}/config/runtime.config.toml ${TEACLAVE_TEST_INSTALL_DIR}
cp -r ${CMAKE_SOURCE_DIR}/tests/fixtures/ ${TEACLAVE_TEST_INSTALL_DIR}
diff --git a/cmake/scripts/sgx_link_sign.sh b/cmake/scripts/sgx_link_sign.sh
index 6718422..2b0225b 100755
--- a/cmake/scripts/sgx_link_sign.sh
+++ b/cmake/scripts/sgx_link_sign.sh
@@ -68,7 +68,7 @@
${CMAKE_C_COMPILER} "lib${edl_lib_name}.o" -o \
${TEACLAVE_OUT_DIR}/${CUR_PKG_NAME}.so ${SGX_COMMON_CFLAGS} \
${ENCLAVE_LINK_FLAGS}
-${SGX_ENCLAVE_SIGNER} sign -key ${TEACLAVE_PROJECT_ROOT}/keys/enclave_signing_key.pem \
+${SGX_ENCLAVE_SIGNER} sign -key ${TEACLAVE_PROJECT_ROOT}/config/keys/enclave_signing_key.pem \
-enclave ${CUR_PKG_NAME}.so \
-out ${CUR_INSTALL_DIR}/${CUR_PKG_NAME}.signed.so \
-config ${TEACLAVE_PROJECT_ROOT}/${CUR_PKG_PATH}/Enclave.config.xml \
diff --git a/config/README.md b/config/README.md
index a44157a..3f27988 100644
--- a/config/README.md
+++ b/config/README.md
@@ -45,3 +45,19 @@
*should not* trust the content and make sure maliciously crafted config from
this file will not break any data confidentiality/integrity. Otherwise, the
configuration must be defined as a build config.
+
+## Keys and Certificates in Teaclave
+
+Directory `keys` contains keys and certificates used in the Teaclave platform.
+Note that these are only for demonstration. *DO NOT use them in production.*
+
+- `enclave_signing_key.pem`: private key to sign SGX enclaves
+- `ias_root_ca_cert.pem`: attestation report root CA certificate for Intel SGX
+ Attestation Service, obtained from the
+ [service website](https://api.portal.trustedservices.intel.com/EPID-attestation)
+- `dcap_root_ca_cert.pem`: root CA certificate used for connecting to the
+ reference DCAP attestation server and verifying ECDSA attestation reports.
+- `dcap_server_cert.pem` and `dcap_server_key.pem`: DCAP attestation server
+ end-entity certificate and private key. Certificate is signed by DCAP root CA.
+- `auditors`: contains auditors' keys to sign the *enclave info* for mutual
+ attestation
diff --git a/config/build.config.toml b/config/build.config.toml
index a4065e5..e4f3c33 100644
--- a/config/build.config.toml
+++ b/config/build.config.toml
@@ -18,15 +18,15 @@
# Teaclave Build Config
# Intel Attestation Service root CA certificate to verify attestation report
-as_root_ca_cert = { path = "keys/ias_root_ca_cert.pem" }
+as_root_ca_cert = { path = "config/keys/ias_root_ca_cert.pem" }
# For DCAP, use the following cert
-# as_root_ca_cert = { path = "keys/dcap_root_ca_cert.pem" }
+# as_root_ca_cert = { path = "config/keys/dcap_root_ca_cert.pem" }
# Auditors' public keys to verify their endorsement signatures
auditor_public_keys = [
- { path = "keys/auditors/godzilla/godzilla.public.pem" },
- { path = "keys/auditors/optimus_prime/optimus_prime.public.pem" },
- { path = "keys/auditors/albus_dumbledore/albus_dumbledore.public.pem"},
+ { path = "config/keys/auditors/godzilla/godzilla.public.pem" },
+ { path = "config/keys/auditors/optimus_prime/optimus_prime.public.pem" },
+ { path = "config/keys/auditors/albus_dumbledore/albus_dumbledore.public.pem"},
]
# RPC max message size
@@ -51,4 +51,4 @@
authentication = ["teaclave_frontend_service"]
storage = ["teaclave_management_service", "teaclave_scheduler_service"]
management = ["teaclave_frontend_service"]
-scheduler = ["teaclave_execution_service"]
\ No newline at end of file
+scheduler = ["teaclave_execution_service"]
diff --git a/keys/auditors/albus_dumbledore/albus_dumbledore.private.pem b/config/keys/auditors/albus_dumbledore/albus_dumbledore.private.pem
similarity index 100%
rename from keys/auditors/albus_dumbledore/albus_dumbledore.private.pem
rename to config/keys/auditors/albus_dumbledore/albus_dumbledore.private.pem
diff --git a/keys/auditors/albus_dumbledore/albus_dumbledore.public.pem b/config/keys/auditors/albus_dumbledore/albus_dumbledore.public.pem
similarity index 100%
rename from keys/auditors/albus_dumbledore/albus_dumbledore.public.pem
rename to config/keys/auditors/albus_dumbledore/albus_dumbledore.public.pem
diff --git a/keys/auditors/godzilla/godzilla.private.pem b/config/keys/auditors/godzilla/godzilla.private.pem
similarity index 100%
rename from keys/auditors/godzilla/godzilla.private.pem
rename to config/keys/auditors/godzilla/godzilla.private.pem
diff --git a/keys/auditors/godzilla/godzilla.public.pem b/config/keys/auditors/godzilla/godzilla.public.pem
similarity index 100%
rename from keys/auditors/godzilla/godzilla.public.pem
rename to config/keys/auditors/godzilla/godzilla.public.pem
diff --git a/keys/auditors/optimus_prime/optimus_prime.private.pem b/config/keys/auditors/optimus_prime/optimus_prime.private.pem
similarity index 100%
rename from keys/auditors/optimus_prime/optimus_prime.private.pem
rename to config/keys/auditors/optimus_prime/optimus_prime.private.pem
diff --git a/keys/auditors/optimus_prime/optimus_prime.public.pem b/config/keys/auditors/optimus_prime/optimus_prime.public.pem
similarity index 100%
rename from keys/auditors/optimus_prime/optimus_prime.public.pem
rename to config/keys/auditors/optimus_prime/optimus_prime.public.pem
diff --git a/keys/dcap_root_ca_cert.pem b/config/keys/dcap_root_ca_cert.pem
similarity index 100%
rename from keys/dcap_root_ca_cert.pem
rename to config/keys/dcap_root_ca_cert.pem
diff --git a/keys/dcap_server_cert.pem b/config/keys/dcap_server_cert.pem
similarity index 100%
rename from keys/dcap_server_cert.pem
rename to config/keys/dcap_server_cert.pem
diff --git a/keys/dcap_server_key.pem b/config/keys/dcap_server_key.pem
similarity index 100%
rename from keys/dcap_server_key.pem
rename to config/keys/dcap_server_key.pem
diff --git a/keys/enclave_signing_key.pem b/config/keys/enclave_signing_key.pem
similarity index 100%
rename from keys/enclave_signing_key.pem
rename to config/keys/enclave_signing_key.pem
diff --git a/keys/ias_root_ca_cert.pem b/config/keys/ias_root_ca_cert.pem
similarity index 100%
rename from keys/ias_root_ca_cert.pem
rename to config/keys/ias_root_ca_cert.pem
diff --git a/docs/mutual-attestation.md b/docs/mutual-attestation.md
index dc67804..75629ac 100644
--- a/docs/mutual-attestation.md
+++ b/docs/mutual-attestation.md
@@ -44,7 +44,7 @@
## In the Repository
-The [keys](https://github.com/apache/incubator-teaclave/tree/master/keys)
+The [keys](https://github.com/apache/incubator-teaclave/tree/master/config/keys)
directory in the source tree contain the key pairs of three fake auditing
parties for PoC purposes. Private keys are also included to deliver a smooth
build and test process. In production, builders of Teaclave should obtain the
diff --git a/examples/c/utils.h b/examples/c/utils.h
index 61f8937..17372ed 100644
--- a/examples/c/utils.h
+++ b/examples/c/utils.h
@@ -22,9 +22,9 @@
const char *frontend_service_address = "https://localhost:7777";
const char *enclave_info_path = "../../release/services/enclave_info.toml";
#ifdef DCAP
-const char *as_root_ca_cert_path = "../../keys/dcap_root_ca_cert.pem";
+const char *as_root_ca_cert_path = "../../config/keys/dcap_root_ca_cert.pem";
#else
-const char *as_root_ca_cert_path = "../../keys/ias_root_ca_cert.pem";
+const char *as_root_ca_cert_path = "../../config/keys/ias_root_ca_cert.pem";
#endif
int user_register(const char* admin_user_id,
diff --git a/examples/python/utils.py b/examples/python/utils.py
index 7011564..98f6217 100644
--- a/examples/python/utils.py
+++ b/examples/python/utils.py
@@ -32,11 +32,11 @@
if os.environ.get('TEACLAVE_PROJECT_ROOT'):
AS_ROOT_CA_CERT_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
- "/keys/" + AS_ROOT_CERT_FILENAME
+ "/config/keys/" + AS_ROOT_CERT_FILENAME
ENCLAVE_INFO_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
"/release/tests/enclave_info.toml"
else:
- AS_ROOT_CA_CERT_PATH = "../../keys/" + AS_ROOT_CERT_FILENAME
+ AS_ROOT_CA_CERT_PATH = "../../config/keys/" + AS_ROOT_CERT_FILENAME
ENCLAVE_INFO_PATH = "../../release/examples/enclave_info.toml"
diff --git a/examples/rust/builtin_echo/src/main.rs b/examples/rust/builtin_echo/src/main.rs
index 6f3d1c1..dd250fe 100644
--- a/examples/rust/builtin_echo/src/main.rs
+++ b/examples/rust/builtin_echo/src/main.rs
@@ -32,9 +32,9 @@
const ENCLAVE_INFO_PATH: &str = "../../../release/services/enclave_info.toml";
#[cfg(dcap)]
-const AS_ROOT_CA_CERT_PATH: &str = "../../../keys/dcap_root_ca_cert.pem";
+const AS_ROOT_CA_CERT_PATH: &str = "../../../config/keys/dcap_root_ca_cert.pem";
#[cfg(not(dcap))]
-const AS_ROOT_CA_CERT_PATH: &str = "../../../keys/ias_root_ca_cert.pem";
+const AS_ROOT_CA_CERT_PATH: &str = "../../../config/keys/ias_root_ca_cert.pem";
const USER_ID: &str = "admin";
const USER_PASSWORD: &str = "teaclave";
diff --git a/examples/rust/builtin_ordered_set_intersect/src/main.rs b/examples/rust/builtin_ordered_set_intersect/src/main.rs
index b09d056..a55706c 100644
--- a/examples/rust/builtin_ordered_set_intersect/src/main.rs
+++ b/examples/rust/builtin_ordered_set_intersect/src/main.rs
@@ -31,9 +31,9 @@
const ENCLAVE_INFO_PATH: &str = "../../../release/services/enclave_info.toml";
#[cfg(dcap)]
-const AS_ROOT_CA_CERT_PATH: &str = "../../../keys/dcap_root_ca_cert.pem";
+const AS_ROOT_CA_CERT_PATH: &str = "../../../config/keys/dcap_root_ca_cert.pem";
#[cfg(not(dcap))]
-const AS_ROOT_CA_CERT_PATH: &str = "../../../keys/ias_root_ca_cert.pem";
+const AS_ROOT_CA_CERT_PATH: &str = "../../../config/keys/ias_root_ca_cert.pem";
struct UserData {
user_id: String,
diff --git a/keys/README.md b/keys/README.md
deleted file mode 100644
index 2973b80..0000000
--- a/keys/README.md
+++ /dev/null
@@ -1,19 +0,0 @@
----
-permalink: /docs/codebase/keys
----
-
-# Keys and Certificates in Teaclave
-
-This directory contains keys and certificates used in the Teaclave platform.
-Note that these are only for demonstration. *DO NOT use them in production.*
-
-- `enclave_signing_key.pem`: private key to sign SGX enclaves
-- `ias_root_ca_cert.pem`: attestation report root CA certificate for Intel SGX
- Attestation Service, obtained from the
- [service website](https://api.portal.trustedservices.intel.com/EPID-attestation)
-- `dcap_root_ca_cert.pem`: root CA certificate used for connecting to the
- reference DCAP attestation server and verifying ECDSA attestation reports.
-- `dcap_server_cert.pem` and `dcap_server_key.pem`: DCAP attestation server
- end-entity certificate and private key. Certificate is signed by DCAP root CA.
-- `auditors`: contains auditors' keys to sign the *enclave info* for mutual
- attestation
diff --git a/sdk/rust/src/lib.rs b/sdk/rust/src/lib.rs
index 0eb466c..752e50f 100644
--- a/sdk/rust/src/lib.rs
+++ b/sdk/rust/src/lib.rs
@@ -583,9 +583,9 @@
const ENCLAVE_INFO_PATH: &str = "../../release/services/enclave_info.toml";
#[cfg(dcap)]
- const AS_ROOT_CA_CERT_PATH: &str = "../../keys/dcap_root_ca_cert.pem";
+ const AS_ROOT_CA_CERT_PATH: &str = "../../config/keys/dcap_root_ca_cert.pem";
#[cfg(not(dcap))]
- const AS_ROOT_CA_CERT_PATH: &str = "../../keys/ias_root_ca_cert.pem";
+ const AS_ROOT_CA_CERT_PATH: &str = "../../config/keys/ias_root_ca_cert.pem";
const USER_ID: &str = "rust_client_sdk_test_user";
const USER_PASSWORD: &str = "test_password";
const ADMIN_ID: &str = "admin";
diff --git a/sdk/swift/TeaclaveClientSDK/TeaclaveClientSDKTests/TeaclaveClientSDKTests.swift b/sdk/swift/TeaclaveClientSDK/TeaclaveClientSDKTests/TeaclaveClientSDKTests.swift
index 413ddb4..f5cca16 100644
--- a/sdk/swift/TeaclaveClientSDK/TeaclaveClientSDKTests/TeaclaveClientSDKTests.swift
+++ b/sdk/swift/TeaclaveClientSDK/TeaclaveClientSDKTests/TeaclaveClientSDKTests.swift
@@ -26,7 +26,7 @@
// Setup enclave info path e.g., /incubator-teaclave/enclave_info.toml
let enclave_info_path = ""
- // Setup AS CA certificate path e.g., /incubator-teaclave/keys/ias_root_ca_cert.pem
+ // Setup AS CA certificate path e.g., /incubator-teaclave/config/keys/ias_root_ca_cert.pem
let as_root_ca_cert_path = ""
func testBuiltinEcho() throws {
diff --git a/tests/scripts/functional_tests.py b/tests/scripts/functional_tests.py
index 04bb223..d751cef 100755
--- a/tests/scripts/functional_tests.py
+++ b/tests/scripts/functional_tests.py
@@ -52,11 +52,11 @@
if os.environ.get('TEACLAVE_PROJECT_ROOT'):
AS_ROOT_CA_CERT_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
- "/keys/" + AS_ROOT_CERT_FILENAME
+ "/config/keys/" + AS_ROOT_CERT_FILENAME
ENCLAVE_INFO_PATH = os.environ['TEACLAVE_PROJECT_ROOT'] + \
"/release/tests/enclave_info.toml"
else:
- AS_ROOT_CA_CERT_PATH = "../../keys/" + AS_ROOT_CERT_FILENAME
+ AS_ROOT_CA_CERT_PATH = "../../config/keys/" + AS_ROOT_CERT_FILENAME
ENCLAVE_INFO_PATH = "../../release/tests/enclave_info.toml"
