Skip to content

Commit

Permalink
Add a new lockbox server that supports Google KMS and Secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
ssantos21 committed Nov 28, 2024
1 parent 23c3be9 commit 9e4ba57
Show file tree
Hide file tree
Showing 22 changed files with 15,920 additions and 0 deletions.
35 changes: 35 additions & 0 deletions lockbox/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Ignore build directory
build/

# Ignore CMake generated files
CMakeFiles/
CMakeCache.txt
cmake_install.cmake
Makefile

# Ignore compiled binaries and executables
*.out
*.exe
*.dll
*.so
*.dylib
*.a
*.o
*.obj
*.lib

# Ignore temporary files and editor-specific files
*.tmp
*.swp
*.swo
*~
*.DS_Store

# Ignore IDE and editor-specific files
.vscode/
.idea/
*.user
*.workspace

# Ignore logs and other unnecessary files
*.log
95 changes: 95 additions & 0 deletions lockbox/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# Set the minimum required version of CMake
cmake_minimum_required(VERSION 3.15)

# Define the project name and language
project(MercuryLockbox VERSION 0.1
DESCRIPTION "Mercury Lockbox"
LANGUAGES C CXX)

# Add C compiler settings
set(CMAKE_C_STANDARD 11)
set(CMAKE_C_STANDARD_REQUIRED ON)

# Specify C++ standard
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)

# Add the executable and source files
add_executable(MercuryLockbox src/main.cpp)

# Include directories (e.g., header files in include/)
# target_include_directories(MercuryLockbox PRIVATE include)

# Add the cmake directory to the module path
list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)

# Include the secp256k1_zkp configuration
include(secp256k1_zkp)

add_library(LockboxLibrary
src/server.cpp
src/utils.cpp
src/key_manager.cpp
src/enclave.cpp
src/monocypher.c
src/db_manager.cpp)

set_source_files_properties(src/monocypher.c PROPERTIES LANGUAGE C)

target_include_directories(LockboxLibrary PUBLIC include)

# Ensure proper C/C++ linkage
target_compile_options(LockboxLibrary PRIVATE
$<$<COMPILE_LANGUAGE:C>:-std=c11>
$<$<COMPILE_LANGUAGE:CXX>:-std=c++17>)

target_link_libraries(LockboxLibrary
Crow::Crow
cpr::cpr
pqxx
tomlplusplus::tomlplusplus
google-cloud-cpp::storage
google-cloud-cpp::kms
google-cloud-cpp::secretmanager
secp256k1_zkp)

include(FetchContent)
FetchContent_Declare(
tomlplusplus
GIT_REPOSITORY https://github.com/marzer/tomlplusplus.git
GIT_TAG v3.4.0
)
FetchContent_MakeAvailable(tomlplusplus)

FetchContent_Declare(
libpqxx
GIT_REPOSITORY https://github.com/jtv/libpqxx.git
GIT_TAG 7.8.1
)

FetchContent_MakeAvailable(libpqxx)

find_package(Crow)
find_package(cpr REQUIRED)
find_package(google_cloud_cpp_storage REQUIRED)
find_package(google_cloud_cpp_kms REQUIRED)
find_package(google_cloud_cpp_secretmanager REQUIRED)

target_include_directories(MercuryLockbox PRIVATE include)
# Link the library to the main executable
target_link_libraries(MercuryLockbox PRIVATE
LockboxLibrary
Crow::Crow
cpr::cpr
pqxx
tomlplusplus::tomlplusplus
google-cloud-cpp::storage
google-cloud-cpp::kms
google-cloud-cpp::secretmanager
secp256k1_zkp)

# Copy Settings.toml after building MercuryLockbox
add_custom_command(TARGET MercuryLockbox POST_BUILD
COMMAND ${CMAKE_COMMAND} -E copy_if_different
${CMAKE_SOURCE_DIR}/Settings.toml
$<TARGET_FILE_DIR:MercuryLockbox>/Settings.toml)
13 changes: 13 additions & 0 deletions lockbox/CMakePresets.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"version": 2,
"configurePresets": [
{
"name": "vcpkg",
"generator": "Ninja",
"binaryDir": "${sourceDir}/build",
"cacheVariables": {
"CMAKE_TOOLCHAIN_FILE": "$env{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake"
}
}
]
}
15 changes: 15 additions & 0 deletions lockbox/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
## Lockbox server

To run:

1. Install vcpkg package manager, following the instruction [here](https://learn.microsoft.com/en-us/vcpkg/get_started/get-started?pivots=shell-bash).
2. Install `ninja` build system (`sudo apt-get -y install ninja-build`).
3. Then run the commands below:

```bash
$ mkdir -p build && cd build
$ cmake --preset=vcpkg ..
$ cmake --build .
```

4. Then, to run the server: `./MercuryLockbox`
14 changes: 14 additions & 0 deletions lockbox/Settings.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[general]
database_connection_string = "postgresql://postgres:postgres@localhost/enclave"
server_port = 18080
replication_server_url = "http://localhost:18082"
seed_dir = "./seed"
[gcloud]
project_id = "mercury-441416"
project_number = "100600525477"
location_id = "global"
[secretmanager]
key_name = "encrypted-key"
[kms]
ring = "enclave"
crypto_key = "sealing"
48 changes: 48 additions & 0 deletions lockbox/cmake/secp256k1_zkp.cmake
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# cmake/secp256k1_zkp.cmake
include(ExternalProject)

# Set secp256k1-zkp build directory relative to the main build directory
set(SECP256K1_BUILD_DIR ${CMAKE_BINARY_DIR}/secp256k1-zkp)
set(SECP256K1_INSTALL_DIR ${CMAKE_BINARY_DIR}/secp256k1-zkp-install)

# Configure and build secp256k1-zkp as an external project
ExternalProject_Add(
secp256k1_zkp_external
GIT_REPOSITORY https://github.com/ssantos21/secp256k1-zkp.git
GIT_TAG blinded-musig-scheme
PREFIX ${SECP256K1_BUILD_DIR}
CONFIGURE_COMMAND
cd <SOURCE_DIR> &&
./autogen.sh &&
./configure
--prefix=${SECP256K1_INSTALL_DIR}
--enable-module-schnorrsig
--enable-experimental
--enable-module-musig
--enable-benchmark=no
--enable-tests=no
--enable-exhaustive-tests=no
BUILD_COMMAND cd <SOURCE_DIR> && make
BUILD_IN_SOURCE 1
INSTALL_COMMAND ""
BUILD_BYPRODUCTS
<SOURCE_DIR>/.libs/libsecp256k1.a
)

# Create an interface library for secp256k1-zkp
add_library(secp256k1_zkp INTERFACE)
add_dependencies(secp256k1_zkp secp256k1_zkp_external)

# Get the source directory of secp256k1-zkp after it's cloned
ExternalProject_Get_Property(secp256k1_zkp_external SOURCE_DIR)

# Set include directories and link the static library
target_include_directories(secp256k1_zkp
INTERFACE
${SOURCE_DIR}/include
)

target_link_libraries(secp256k1_zkp
INTERFACE
${SOURCE_DIR}/.libs/libsecp256k1.a
)
Loading

0 comments on commit 9e4ba57

Please sign in to comment.