0.8 install fixes (#945)

CMakeLists.txt

@@ -7,7 +7,7 @@ include(${CCF_DIR}/cmake/preproject.cmake)
 
 project(
   ccf
-  VERSION 0.8
+  VERSION 0.8.1
   LANGUAGES C CXX
 )
 
@@ -64,7 +64,6 @@ if("sgx" IN_LIST TARGET)
       $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/include/3rdparty/hacl-star/evercrypt>
       $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/include/3rdparty/hacl-star/evercrypt/kremlin>
       $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/include/3rdparty/hacl-star/evercrypt/kremlin/kremlib>
-      $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/generated>
   )
 
   target_link_libraries(ccf.enclave PUBLIC libbyz.enclave)
@@ -117,7 +116,6 @@ if("virtual" IN_LIST TARGET)
       $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/include/3rdparty/hacl-star/evercrypt>
       $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/include/3rdparty/hacl-star/evercrypt/kremlin>
       $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/include/3rdparty/hacl-star/evercrypt/kremlin/kremlib>
-      $<INSTALL_INTERFACE:${CMAKE_INSTALL_PREFIX}/generated>
   )
 
   target_link_libraries(ccf.virtual PUBLIC libbyz.host)

cmake/ccf_app.cmake

@@ -90,10 +90,6 @@ function(use_oe_mbedtls name)
   )
 endfunction()
 
-if(NOT CCF_GENERATED_DIR)
-  set(CCF_GENERATED_DIR ${CCF_DIR}/generated)
-endif()
-
 # Enclave library wrapper
 function(add_ccf_app name)
 

cmake/common.cmake

@@ -110,7 +110,7 @@ endif()
 enable_language(ASM)
 
 set(CCF_GENERATED_DIR ${CMAKE_CURRENT_BINARY_DIR}/generated)
-include_directories(${CCF_DIR}/src ${CCF_GENERATED_DIR})
+include_directories(${CCF_DIR}/src)
 
 include_directories(
   SYSTEM ${CCF_DIR}/3rdparty ${CCF_DIR}/3rdparty/hacl-star
@@ -247,7 +247,9 @@ if("sgx" IN_LIST TARGET)
     cchost ${CCF_DIR}/src/host/main.cpp ${CCF_GENERATED_DIR}/ccf_u.cpp
   )
   use_client_mbedtls(cchost)
-  target_include_directories(cchost PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+  target_include_directories(
+    cchost PRIVATE ${CMAKE_CURRENT_BINARY_DIR} ${CCF_GENERATED_DIR}
+  )
   add_san(cchost)
 
   target_link_libraries(
@@ -423,9 +425,7 @@ function(add_e2e_test)
     # Make python test client framework importable
     set_property(
       TEST ${PARSED_ARGS_NAME} APPEND
-      PROPERTY
-        ENVIRONMENT
-        "PYTHONPATH=${CCF_DIR}/tests:${CCF_GENERATED_DIR}:$ENV{PYTHONPATH}"
+      PROPERTY ENVIRONMENT "PYTHONPATH=${CCF_DIR}/tests:$ENV{PYTHONPATH}"
     )
     if(${PARSED_ARGS_IS_SUITE})
       set_property(TEST ${PARSED_ARGS_NAME} APPEND PROPERTY LABELS suite)

src/node/networkencryption.h

@@ -2,38 +2,24 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "crypto/cryptobox.h"
 #include "tls/25519.h"
 #include "tls/entropy.h"
 
 namespace ccf
 {
   struct NetworkEncryptionKey
   {
-  private:
-    static constexpr auto KEY_SIZE = crypto::BoxKey::KEY_SIZE;
-
-  public:
     std::vector<uint8_t> private_raw;
 
     bool operator==(const NetworkEncryptionKey& other) const
     {
       return private_raw == other.private_raw;
     }
 
-    NetworkEncryptionKey(bool random = false)
-    {
-      if (random)
-      {
-        private_raw = tls::create_entropy()->random(crypto::BoxKey::KEY_SIZE);
-      }
-    }
+    NetworkEncryptionKey() = default;
 
-    std::vector<uint8_t> get_public_pem()
-    {
-      return tls::PublicX25519::write(
-               crypto::BoxKey::public_from_private(private_raw))
-        .raw();
-    }
+    NetworkEncryptionKey(std::vector<uint8_t>&& private_key_raw) :
+      private_raw(std::move(private_key_raw))
+    {}
   };
 }

src/node/nodestate.h

@@ -271,7 +271,8 @@ namespace ccf
           network.identity =
             std::make_unique<NetworkIdentity>("CN=CCF Network");
           network.ledger_secrets = std::make_shared<LedgerSecrets>(seal);
-          network.encryption_key = std::make_unique<NetworkEncryptionKey>(true);
+          network.encryption_key = std::make_unique<NetworkEncryptionKey>(
+            tls::create_entropy()->random(crypto::BoxKey::KEY_SIZE));
 
           self = 0; // The first node id is always 0
 
@@ -300,7 +301,7 @@ namespace ccf
           return Success<CreateNew::Out>(
             {node_cert,
              network.identity->cert,
-             network.encryption_key->get_public_pem()});
+             get_network_encryption_key_public_pem()});
         }
         case StartType::Join:
         {
@@ -320,7 +321,8 @@ namespace ccf
             std::make_unique<NetworkIdentity>("CN=CCF Network");
           // Create temporary network secrets but do not seal yet
           network.ledger_secrets = std::make_shared<LedgerSecrets>(seal, false);
-          network.encryption_key = std::make_unique<NetworkEncryptionKey>(true);
+          network.encryption_key = std::make_unique<NetworkEncryptionKey>(
+            tls::create_entropy()->random(crypto::BoxKey::KEY_SIZE));
 
           setup_history();
           setup_encryptor(network.consensus_type);
@@ -336,7 +338,7 @@ namespace ccf
           return Success<CreateNew::Out>(
             {node_cert,
              network.identity->cert,
-             network.encryption_key->get_public_pem()});
+             get_network_encryption_key_public_pem()});
         }
         default:
         {
@@ -408,7 +410,7 @@ namespace ccf
             network.ledger_secrets = std::make_shared<LedgerSecrets>(
               std::move(resp.network_info.ledger_secrets), seal);
             network.encryption_key = std::make_unique<NetworkEncryptionKey>(
-              resp.network_info.encryption_key);
+              std::move(resp.network_info.encryption_key));
 
             self = resp.node_id;
 
@@ -1328,6 +1330,13 @@ namespace ccf
       }
     }
 
+    std::vector<uint8_t> get_network_encryption_key_public_pem()
+    {
+      return tls::PublicX25519::write(crypto::BoxKey::public_from_private(
+                                        network.encryption_key->private_raw))
+        .raw();
+    }
+
     void reset_quote()
     {
       quote.clear();