-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a new lockbox server that supports Google KMS and Secrets
- Loading branch information
Showing
22 changed files
with
15,920 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Ignore build directory | ||
build/ | ||
|
||
# Ignore CMake generated files | ||
CMakeFiles/ | ||
CMakeCache.txt | ||
cmake_install.cmake | ||
Makefile | ||
|
||
# Ignore compiled binaries and executables | ||
*.out | ||
*.exe | ||
*.dll | ||
*.so | ||
*.dylib | ||
*.a | ||
*.o | ||
*.obj | ||
*.lib | ||
|
||
# Ignore temporary files and editor-specific files | ||
*.tmp | ||
*.swp | ||
*.swo | ||
*~ | ||
*.DS_Store | ||
|
||
# Ignore IDE and editor-specific files | ||
.vscode/ | ||
.idea/ | ||
*.user | ||
*.workspace | ||
|
||
# Ignore logs and other unnecessary files | ||
*.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# Set the minimum required version of CMake | ||
cmake_minimum_required(VERSION 3.15) | ||
|
||
# Define the project name and language | ||
project(MercuryLockbox VERSION 0.1 | ||
DESCRIPTION "Mercury Lockbox" | ||
LANGUAGES C CXX) | ||
|
||
# Add C compiler settings | ||
set(CMAKE_C_STANDARD 11) | ||
set(CMAKE_C_STANDARD_REQUIRED ON) | ||
|
||
# Specify C++ standard | ||
set(CMAKE_CXX_STANDARD 17) | ||
set(CMAKE_CXX_STANDARD_REQUIRED ON) | ||
|
||
# Add the executable and source files | ||
add_executable(MercuryLockbox src/main.cpp) | ||
|
||
# Include directories (e.g., header files in include/) | ||
# target_include_directories(MercuryLockbox PRIVATE include) | ||
|
||
# Add the cmake directory to the module path | ||
list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) | ||
|
||
# Include the secp256k1_zkp configuration | ||
include(secp256k1_zkp) | ||
|
||
add_library(LockboxLibrary | ||
src/server.cpp | ||
src/utils.cpp | ||
src/key_manager.cpp | ||
src/enclave.cpp | ||
src/monocypher.c | ||
src/db_manager.cpp) | ||
|
||
set_source_files_properties(src/monocypher.c PROPERTIES LANGUAGE C) | ||
|
||
target_include_directories(LockboxLibrary PUBLIC include) | ||
|
||
# Ensure proper C/C++ linkage | ||
target_compile_options(LockboxLibrary PRIVATE | ||
$<$<COMPILE_LANGUAGE:C>:-std=c11> | ||
$<$<COMPILE_LANGUAGE:CXX>:-std=c++17>) | ||
|
||
target_link_libraries(LockboxLibrary | ||
Crow::Crow | ||
cpr::cpr | ||
pqxx | ||
tomlplusplus::tomlplusplus | ||
google-cloud-cpp::storage | ||
google-cloud-cpp::kms | ||
google-cloud-cpp::secretmanager | ||
secp256k1_zkp) | ||
|
||
include(FetchContent) | ||
FetchContent_Declare( | ||
tomlplusplus | ||
GIT_REPOSITORY https://github.com/marzer/tomlplusplus.git | ||
GIT_TAG v3.4.0 | ||
) | ||
FetchContent_MakeAvailable(tomlplusplus) | ||
|
||
FetchContent_Declare( | ||
libpqxx | ||
GIT_REPOSITORY https://github.com/jtv/libpqxx.git | ||
GIT_TAG 7.8.1 | ||
) | ||
|
||
FetchContent_MakeAvailable(libpqxx) | ||
|
||
find_package(Crow) | ||
find_package(cpr REQUIRED) | ||
find_package(google_cloud_cpp_storage REQUIRED) | ||
find_package(google_cloud_cpp_kms REQUIRED) | ||
find_package(google_cloud_cpp_secretmanager REQUIRED) | ||
|
||
target_include_directories(MercuryLockbox PRIVATE include) | ||
# Link the library to the main executable | ||
target_link_libraries(MercuryLockbox PRIVATE | ||
LockboxLibrary | ||
Crow::Crow | ||
cpr::cpr | ||
pqxx | ||
tomlplusplus::tomlplusplus | ||
google-cloud-cpp::storage | ||
google-cloud-cpp::kms | ||
google-cloud-cpp::secretmanager | ||
secp256k1_zkp) | ||
|
||
# Copy Settings.toml after building MercuryLockbox | ||
add_custom_command(TARGET MercuryLockbox POST_BUILD | ||
COMMAND ${CMAKE_COMMAND} -E copy_if_different | ||
${CMAKE_SOURCE_DIR}/Settings.toml | ||
$<TARGET_FILE_DIR:MercuryLockbox>/Settings.toml) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"version": 2, | ||
"configurePresets": [ | ||
{ | ||
"name": "vcpkg", | ||
"generator": "Ninja", | ||
"binaryDir": "${sourceDir}/build", | ||
"cacheVariables": { | ||
"CMAKE_TOOLCHAIN_FILE": "$env{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
## Lockbox server | ||
|
||
To run: | ||
|
||
1. Install vcpkg package manager, following the instruction [here](https://learn.microsoft.com/en-us/vcpkg/get_started/get-started?pivots=shell-bash). | ||
2. Install `ninja` build system (`sudo apt-get -y install ninja-build`). | ||
3. Then run the commands below: | ||
|
||
```bash | ||
$ mkdir -p build && cd build | ||
$ cmake --preset=vcpkg .. | ||
$ cmake --build . | ||
``` | ||
|
||
4. Then, to run the server: `./MercuryLockbox` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[general] | ||
database_connection_string = "postgresql://postgres:postgres@localhost/enclave" | ||
server_port = 18080 | ||
replication_server_url = "http://localhost:18082" | ||
seed_dir = "./seed" | ||
[gcloud] | ||
project_id = "mercury-441416" | ||
project_number = "100600525477" | ||
location_id = "global" | ||
[secretmanager] | ||
key_name = "encrypted-key" | ||
[kms] | ||
ring = "enclave" | ||
crypto_key = "sealing" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# cmake/secp256k1_zkp.cmake | ||
include(ExternalProject) | ||
|
||
# Set secp256k1-zkp build directory relative to the main build directory | ||
set(SECP256K1_BUILD_DIR ${CMAKE_BINARY_DIR}/secp256k1-zkp) | ||
set(SECP256K1_INSTALL_DIR ${CMAKE_BINARY_DIR}/secp256k1-zkp-install) | ||
|
||
# Configure and build secp256k1-zkp as an external project | ||
ExternalProject_Add( | ||
secp256k1_zkp_external | ||
GIT_REPOSITORY https://github.com/ssantos21/secp256k1-zkp.git | ||
GIT_TAG blinded-musig-scheme | ||
PREFIX ${SECP256K1_BUILD_DIR} | ||
CONFIGURE_COMMAND | ||
cd <SOURCE_DIR> && | ||
./autogen.sh && | ||
./configure | ||
--prefix=${SECP256K1_INSTALL_DIR} | ||
--enable-module-schnorrsig | ||
--enable-experimental | ||
--enable-module-musig | ||
--enable-benchmark=no | ||
--enable-tests=no | ||
--enable-exhaustive-tests=no | ||
BUILD_COMMAND cd <SOURCE_DIR> && make | ||
BUILD_IN_SOURCE 1 | ||
INSTALL_COMMAND "" | ||
BUILD_BYPRODUCTS | ||
<SOURCE_DIR>/.libs/libsecp256k1.a | ||
) | ||
|
||
# Create an interface library for secp256k1-zkp | ||
add_library(secp256k1_zkp INTERFACE) | ||
add_dependencies(secp256k1_zkp secp256k1_zkp_external) | ||
|
||
# Get the source directory of secp256k1-zkp after it's cloned | ||
ExternalProject_Get_Property(secp256k1_zkp_external SOURCE_DIR) | ||
|
||
# Set include directories and link the static library | ||
target_include_directories(secp256k1_zkp | ||
INTERFACE | ||
${SOURCE_DIR}/include | ||
) | ||
|
||
target_link_libraries(secp256k1_zkp | ||
INTERFACE | ||
${SOURCE_DIR}/.libs/libsecp256k1.a | ||
) |
Oops, something went wrong.