forked from MixinNetwork/mobilecoin-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fog_c.go
295 lines (259 loc) · 8.28 KB
/
fog_c.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
package api
// #cgo CFLAGS: -I${SRCDIR}/include
// #cgo darwin LDFLAGS: ${SRCDIR}/include/libmobilecoin.a -framework Security -framework Foundation
// #cgo linux LDFLAGS: ${SRCDIR}/include/libmobilecoin_linux.a -lm -ldl
// #include <stdio.h>
// #include <stdlib.h>
// #include <errno.h>
// #include "libmobilecoin.h"
import "C"
import (
"encoding/hex"
"errors"
"fmt"
"net/url"
"strings"
"unsafe"
account "github.com/MixinNetwork/mobilecoin-account"
"github.com/MixinNetwork/mobilecoin-account/types"
"github.com/bwesterb/go-ristretto"
"google.golang.org/protobuf/proto"
)
func ValidateAddress(recipient string) error {
destination, err := account.DecodeB58Code(recipient)
if err != nil {
return err
}
if destination.FogReportUrl == "" {
return nil
}
for _, enclave := range myenclaves {
err = ValidateFogAddressWithEnclave(destination, enclave)
if err != nil {
fmt.Printf("ValidateFogAddressWithEnclave recipient: %s enclave: %s error: %v \n", recipient, enclave, err)
continue
}
return nil
}
return fmt.Errorf("invalid recipient %s", recipient)
}
type FogFullyValidatedPubkey struct {
// Public key in Ristretto format
pubkey ristretto.Point
// The pubkey_expiry value is the latest block that fog-service promises
// that is valid to encrypt fog hints using this key for.
// The client should obey this limit by not setting tombstone block for a
// transaction larger than this limit if the fog pubkey is used.
pubkey_expiry uint64
}
func ValidateFogAddressWithEnclave(recipient *account.PublicAddress, enclave string) error {
mr_enclave_hex, err := fetchValidFogEnclave(recipient.FogReportUrl, enclave)
if err != nil {
return err
}
// Construct a verifier object that is used to verify the report's attestation
mr_enclave_bytes, err := hex.DecodeString(mr_enclave_hex)
if err != nil {
return err
}
c_mr_enclave_bytes := C.CBytes(mr_enclave_bytes)
defer C.free(c_mr_enclave_bytes)
c_mr_enclave := C.McBuffer{
buffer: (*C.uchar)(c_mr_enclave_bytes),
len: C.ulong(len(mr_enclave_bytes)),
}
mr_enclave_verifier, err := C.mc_mr_enclave_verifier_create(&c_mr_enclave)
if err != nil {
return err
}
if mr_enclave_verifier == nil {
return errors.New("mc_mr_enclave_verifier_create failed")
}
defer C.mc_mr_enclave_verifier_free(mr_enclave_verifier)
c_advisory_id := C.CString("INTEL-SA-00334")
defer C.free(unsafe.Pointer(c_advisory_id))
ret, err := C.mc_mr_enclave_verifier_allow_hardening_advisory(mr_enclave_verifier, c_advisory_id)
if err != nil {
return err
}
if ret == false {
return errors.New("mc_mr_enclave_verifier_allow_hardening_advisory INTEL-SA-00334 failed")
}
c_advisory_id_00615 := C.CString("INTEL-SA-00615")
defer C.free(unsafe.Pointer(c_advisory_id_00615))
ret, err = C.mc_mr_enclave_verifier_allow_hardening_advisory(mr_enclave_verifier, c_advisory_id_00615)
if err != nil {
return err
}
if ret == false {
return errors.New("mc_mr_enclave_verifier_allow_hardening_advisory INTEL-SA-00615 failed")
}
c_advisory_id_00657 := C.CString("INTEL-SA-00657")
defer C.free(unsafe.Pointer(c_advisory_id_00657))
ret, err = C.mc_mr_enclave_verifier_allow_hardening_advisory(mr_enclave_verifier, c_advisory_id_00657)
if err != nil {
return err
}
if ret == false {
return errors.New("mc_mr_enclave_verifier_allow_hardening_advisory INTEL-SA-00657 failed")
}
verifier, err := C.mc_verifier_create()
if err != nil {
return err
}
defer C.mc_verifier_free(verifier)
ret, err = C.mc_verifier_add_mr_enclave(verifier, mr_enclave_verifier)
if err != nil {
return err
}
if ret == false {
return errors.New("mc_verifier_add_mr_enclave failed")
}
// Create the FogResolver object that is used to perform report validation using the verifier constructed above
fog_resolver, err := C.mc_fog_resolver_create(verifier)
if err != nil {
return err
}
defer C.mc_fog_resolver_free(fog_resolver)
// Connect to the fog report server and obtain a report
report, err := GetFogReportResponse(recipient.FogReportUrl)
if err != nil {
return err
}
// Convert the report back to protobuf bytes so that it could be handed to libmobilecoin
reportBytes, err := proto.Marshal(report)
if err != nil {
return err
}
// Add the report bytes to the resolver
c_report_buf_bytes := C.CBytes(reportBytes)
defer C.free(c_report_buf_bytes)
report_buf := C.McBuffer{
buffer: (*C.uchar)(c_report_buf_bytes),
len: C.ulong(len(reportBytes)),
}
c_address := C.CString(recipient.FogReportUrl)
defer C.free(unsafe.Pointer(c_address))
// Used for returning errors from libmobilecoin
var mc_error *C.McError
ret, err = C.mc_fog_resolver_add_report_response(
fog_resolver,
c_address,
&report_buf,
&mc_error,
)
if err != nil {
return err
}
if ret == false {
if mc_error == nil {
return errors.New("mc_fog_resolver_add_report_response failed")
} else {
err = fmt.Errorf("mc_fog_resolver_add_report_response failed: [%d] %s", mc_error.error_code, C.GoString(mc_error.error_description))
C.mc_error_free(mc_error)
return err
}
}
// Convert recipient from the Go representation to protobuf bytes
protobufRecipient, err := PublicAddressToProtobuf(recipient)
if err != nil {
return err
}
recipientProtobufBytes, err := proto.Marshal(protobufRecipient)
if err != nil {
return err
}
// Perform the actual validation and key extraction
c_recipient_bytes := C.CBytes(recipientProtobufBytes)
defer C.free(c_recipient_bytes)
c_recipient_buf := C.McBuffer{
buffer: (*C.uchar)(c_recipient_bytes),
len: (C.ulong)(len(recipientProtobufBytes)),
}
fully_validated_fog_pub_key, err := C.mc_fog_resolver_get_fog_pubkey_from_protobuf_public_address(
fog_resolver,
&c_recipient_buf,
&mc_error,
)
if err != nil {
return err
}
if fully_validated_fog_pub_key == nil {
if mc_error == nil {
return errors.New("get_fog_pubkey failed: no error returned?!")
} else {
err = fmt.Errorf("get_fog_pubkey failed: [%d] %s", mc_error.error_code, C.GoString(mc_error.error_description))
C.mc_error_free(mc_error)
return err
}
}
defer C.mc_fully_validated_fog_pubkey_free(fully_validated_fog_pub_key)
// Get the pubkey expiry
_, err = C.mc_fully_validated_fog_pubkey_get_pubkey_expiry(fully_validated_fog_pub_key)
if err != nil {
return err
}
// Get the pubkey
out_buf := C.malloc(32)
defer C.free(out_buf)
mutable_buf := (*C.McMutableBuffer)(C.malloc(C.sizeof_McMutableBuffer))
defer C.free(unsafe.Pointer(mutable_buf))
mutable_buf.buffer = (*C.uchar)(out_buf)
mutable_buf.len = 32
_, err = C.mc_fully_validated_fog_pubkey_get_pubkey(fully_validated_fog_pub_key, mutable_buf)
if err != nil {
return err
}
fog_pubkey_bytes := C.GoBytes(out_buf, 32)
// Convert pubkey bytes to ristretto Point
var fog_pubkey ristretto.Point
err = fog_pubkey.UnmarshalBinary(fog_pubkey_bytes)
if err != nil {
return err
}
return nil
}
// Utility method to convert the internal Go PublicAddress to the external GRPC object
func PublicAddressToProtobuf(addr *account.PublicAddress) (*types.PublicAddress, error) {
view, err := hex.DecodeString(addr.ViewPublicKey)
if err != nil {
return nil, err
}
spend, err := hex.DecodeString(addr.SpendPublicKey)
if err != nil {
return nil, err
}
fog_authority_sig, err := hex.DecodeString(addr.FogAuthoritySig)
if err != nil {
return nil, err
}
protobufObject := &types.PublicAddress{
ViewPublicKey: &types.CompressedRistretto{Data: view},
SpendPublicKey: &types.CompressedRistretto{Data: spend},
FogReportUrl: addr.FogReportUrl,
FogReportId: addr.FogReportId,
FogAuthoritySig: fog_authority_sig,
}
return protobufObject, nil
}
func fetchValidFogEnclave(host, enclave string) (string, error) {
fog_url_to_mr_enclave_hex := map[string]string{
"fog://fog.prod.mobilecoinww.com": enclave,
"fog://service.fog.mob.production.namda.net": enclave,
"fog://fog-rpt-prd.namda.net": enclave,
// "fog://fog.test.mobilecoin.com": enclave,
// "fog://service.fog.mob.staging.namda.net": "a4764346f91979b4906d4ce26102228efe3aba39216dec1e7d22e6b06f919f11",
}
uri, err := url.Parse(host)
if err != nil {
return "", err
}
if uri.Port() != "" {
host = strings.ReplaceAll(host, ":"+uri.Port(), "")
}
mr_enclave_hex, ok := fog_url_to_mr_enclave_hex[host]
if !ok {
return "", errors.New("No enclave hex for Address' fog url")
}
return mr_enclave_hex, nil
}