optee, openenclave: added custom key path parameter

optee, openenclave: added yubikey option to hosts optee, openenclave: added random shared secret for totp optee, openenclave: updated yubikey to optional if auth token is supplied optee, openenclave: updated totp to optional if password is supplied optee, openenclave: updated totp check from string to integer optee: updated delegate key to store and export extended key optee: updated host to prompt as necessary and removed option openenclave: added password as mnemonic passphrase openenclave: added auth token option to host and parameter to enclave openenclave: added oeseal_gcmaes for enclave sealing openenclave: added data_t and updated enclave parameters openenclave: removed simulated oe_seal_wrap and oe_unseal_wrap header: added utils for hex/bin conversion ci: removed patches now applied during make or un-necessary ci: updated to OP-TEE repo and branch to master doc: updated enclaves.md
dogecoinfoundation · Jan 11, 2025 · af83fd8 · af83fd8
1 parent b00701a
commit af83fd8
Show file tree

Hide file tree

Showing 12 changed files with 741 additions and 682 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -383,16 +383,13 @@ jobs:
                     curl https://storage.googleapis.com/git-repo-downloads/repo > /bin/repo && chmod a+x /bin/repo && \
                     mkdir -p optee && \
                     cd optee && \
-                    repo init -u https://github.com/edtubbs/manifest.git -m nanopc-t6.xml -b nanopc-t6 && \
+                    repo init -u https://github.com/OP-TEE/manifest.git -m nanopc-t6.xml -b master && \
                     export FORCE_UNSAFE_CONFIGURE=1 && \
                     repo sync -j\"$(getconf _NPROCESSORS_ONLN)\" && \
                     if [[ "${{ github.ref }}" == refs/tags/* ]]; then \
                       mv /src/rsa_private.pem /src/optee/optee_os/keys/default_ta.pem; \
                     fi && \
                     patch -F 4 /src/optee/build/common.mk < /src/src/optee/common.mk.patch && \
-                    patch /src/optee/build/kconfigs/qemu.conf < /src/src/optee/qemu.conf.patch && \
-                    patch /src/optee/linux/arch/arm64/boot/dts/rockchip/rk3588-nanopi6-common.dtsi < /src/src/optee/rk3588-nanopi6-common.dtsi.patch && \
-                    patch /src/optee/u-boot/include/configs/nanopi6.h < /src/src/optee/nanopi6.h.patch && \
                     cd build && \
                     make toolchains -j\"$(getconf _NPROCESSORS_ONLN)\" && \
                     export CFG_TEE_CORE_LOG_LEVEL=0 && \

diff --git a/doc/enclaves.md b/doc/enclaves.md
diff --git a/include/dogecoin/libdogecoin.h b/include/dogecoin/libdogecoin.h
@@ -291,6 +291,8 @@ dogecoin_bool deriveBIP44ExtendedPublicKey(
 /* utilities */
 uint8_t* utils_hex_to_uint8(const char* str);
 char* utils_uint8_to_hex(const uint8_t* bin, size_t l);
+void utils_hex_to_bin(const char* str, unsigned char* out, size_t inLen, size_t* outLen);
+void utils_bin_to_hex(unsigned char* bin_in, size_t inlen, char* hex_out);
 char* getpass(const char *prompt);
 
 /* Advanced API functions for mnemonic seedphrase generation

diff --git a/src/openenclave/enclave/CMakeLists.txt b/src/openenclave/enclave/CMakeLists.txt
@@ -30,12 +30,15 @@ if (LVI_MITIGATION MATCHES ControlFlow)
   # Link against LVI-mitigated libraries.
   target_link_libraries(
     enclave openenclave::oeenclave-lvi-cfg
+    $<TARGET_OBJECTS:openenclave::oeseal_gcmaes>
     openenclave::oecrypto${OE_CRYPTO_LIB}-lvi-cfg
     "libdogecoin.a" "libevent_core.a" "libunistring.a"
     openenclave::oelibc-lvi-cfg)
 else ()
   target_link_libraries(
-    enclave openenclave::oeenclave openenclave::oecrypto${OE_CRYPTO_LIB}
+    enclave openenclave::oeenclave
+    $<TARGET_OBJECTS:openenclave::oeseal_gcmaes>
+    openenclave::oecrypto${OE_CRYPTO_LIB}
     "libdogecoin.a" "libevent_core.a" "libunistring.a"
     openenclave::oelibc)