npm - @super-protocol/addons-tee - Versions diffs - 0.5.0 - Mend

@super-protocol/addons-tee 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/dist/sgx-native-module/enclave.service.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+/// <reference types="node" />
+import { Readable } from "stream";
+import { KeyType, KeyPolicy } from "./consts";
+export declare type TeeDeviceInfoType = {
+    cpus: Array<{
+        vendorId: string;
+        cpuFamily: number;
+        model: number;
+        modelName: string;
+        physicalCores: number;
+        logicalCores: number;
+        baseFreq: number;
+        maxFreq: number;
+    }>;
+    memSize: number;
+    totalPhysicalCores: number;
+    totalLogicalCores: number;
+};
+export declare type TeeRunCpuBenchmarkType = {
+    cpuScore: number;
+    cpuBenchmark: string;
+    cpuCoresCount: number;
+};
+export declare type TeeRunMemoryBenchmarkType = {
+    memBandwidth: number;
+    memСonfirmedSize: number;
+};
+export declare class EnclaveService {
+    private readonly tmpFolder;
+    private readonly sgx;
+    constructor(tmpFolder?: string);
+    /**
+     * Requests secret keys from cpu.
+     * @param param0
+     * @returns
+     */
+    getSecretKey({ type, policy }: {
+        type: KeyType;
+        policy: KeyPolicy;
+    }): Promise<Buffer>;
+    /**
+     * Returns TEE device information.
+     * @returns
+     */
+    getTeeDeviceInfo(): Promise<TeeDeviceInfoType>;
+    /**
+     * Returns TEE cpu benchmark.
+     * @param deviceInfoMemSize
+     * @returns
+     */
+    getTeeDeviceCpuBenchmark(deviceInfoMemSize: number): Promise<TeeRunCpuBenchmarkType>;
+    /**
+     * Returns TEE memory benchmark.
+     * @param deviceInfoTotalPhysicalCores
+     * @returns
+     */
+    getTeeDeviceMemoryBenchmark(deviceInfoTotalPhysicalCores: number): Promise<TeeRunMemoryBenchmarkType>;
+    /**
+     * Writes input stream to the protected file.
+     * @param inputStream
+     * @param outputStream
+     * @param filepath
+     * @param secretKey
+     */
+    writeGramineProtectedFile(filepath: string, inputStream: Readable, secretKey: Buffer): Promise<{
+        writtenSize: number;
+        filesize: number;
+        filepath: string;
+    }>;
+    /**
+     * Reads protected file and write to output stream.
+     * @param filepath
+     * @param inputStream
+     * @param outputStream
+     * @param secretKey
+     */
+    readGramineProtectedFile(filepath: string, inputStream: Readable, secretKey: Buffer): Promise<{
+        fileStream: Readable;
+        filesize: number;
+        filepath: string;
+    }>;
+}

package/dist/sgx-native-module/enclave.service.js ADDED Viewed

@@ -0,0 +1,194 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnclaveService = void 0;
+const { SgxLowLevel, GramineProtectedFS } = require("../../bindings/sgx-native/build/Release/sgx_native.node");
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const os_1 = require("os");
+const path_1 = require("path");
+const stream_1 = require("stream");
+// @TODO: Read it from nodejs module
+const PF_SIZE = 4096;
+const chunkedTransformer = (chunkSize = PF_SIZE) => {
+    let nextBuffer = Buffer.alloc(0);
+    return new stream_1.Transform({
+        objectMode: true,
+        highWaterMark: PF_SIZE,
+        writableHighWaterMark: PF_SIZE,
+        readableHighWaterMark: PF_SIZE,
+        flush: (callback) => {
+            callback(null, [nextBuffer]);
+            nextBuffer = Buffer.alloc(0);
+        },
+        transform: function (chunk, encoding, callback) {
+            if (nextBuffer.length > 0) {
+                chunk = Buffer.concat([nextBuffer, chunk]);
+            }
+            const chunks = [];
+            while (chunk.length >= chunkSize) {
+                chunks.push(chunk.slice(0, chunkSize));
+                chunk = chunk.slice(chunkSize);
+            }
+            nextBuffer = chunk;
+            callback(null, chunks);
+        },
+    });
+};
+class EnclaveService {
+    constructor(tmpFolder = (0, os_1.tmpdir)()) {
+        this.tmpFolder = tmpFolder;
+        this.sgx = new SgxLowLevel();
+    }
+    /**
+     * Requests secret keys from cpu.
+     * @param param0
+     * @returns
+     */
+    async getSecretKey({ type, policy }) {
+        return this.sgx.getKey(type, policy);
+    }
+    /**
+     * Returns TEE device information.
+     * @returns
+     */
+    async getTeeDeviceInfo() {
+        return this.sgx.getDeviceInfo();
+    }
+    /**
+     * Returns TEE cpu benchmark.
+     * @param deviceInfoMemSize
+     * @returns
+     */
+    async getTeeDeviceCpuBenchmark(deviceInfoMemSize) {
+        return this.sgx.runCpuBenchmark(deviceInfoMemSize);
+    }
+    /**
+     * Returns TEE memory benchmark.
+     * @param deviceInfoTotalPhysicalCores
+     * @returns
+     */
+    async getTeeDeviceMemoryBenchmark(deviceInfoTotalPhysicalCores) {
+        return this.sgx.runMemoryBenchmark(deviceInfoTotalPhysicalCores);
+    }
+    /**
+     * Writes input stream to the protected file.
+     * @param inputStream
+     * @param outputStream
+     * @param filepath
+     * @param secretKey
+     */
+    async writeGramineProtectedFile(filepath, inputStream, secretKey) {
+        const tmpFileName = (0, path_1.join)(this.tmpFolder, "tee-pf-" + (0, crypto_1.randomBytes)(16).toString("hex") + ".tmp");
+        const protectedFsKey = secretKey.length !== 16
+            ? (0, crypto_1.createHash)("sha256", secretKey).update(secretKey).digest().slice(0, 16)
+            : secretKey;
+        const output = null;
+        try {
+            const output = new GramineProtectedFS(tmpFileName, filepath, protectedFsKey, true);
+            let totalSize = 0;
+            let batchChunkIndex = 0;
+            const everyTenFlush = 10;
+            for await (const chunks of inputStream.pipe(chunkedTransformer(PF_SIZE))) {
+                for (const chunk of chunks) {
+                    if (!chunk.length) {
+                        // @TODO: It's may be normal, research
+                        continue;
+                    }
+                    const writtenSize = await output.write(totalSize, chunk);
+                    if (writtenSize !== chunk.length) {
+                        throw new Error(`Fail to write ${chunk.length} to protected file ${filepath}:${tmpFileName}, written only ${writtenSize} bytes`);
+                    }
+                    totalSize += writtenSize;
+                }
+                if (batchChunkIndex && batchChunkIndex++ % everyTenFlush) {
+                    await output.flush();
+                }
+            }
+            await output.close();
+            return {
+                filepath: tmpFileName,
+                filesize: (await fs_1.promises.stat(tmpFileName)).size,
+                writtenSize: totalSize,
+            };
+        }
+        catch (error) {
+            if (output) {
+                await output.close();
+                await fs_1.promises.rm(tmpFileName, {
+                    recursive: true,
+                    force: true,
+                });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Reads protected file and write to output stream.
+     * @param filepath
+     * @param inputStream
+     * @param outputStream
+     * @param secretKey
+     */
+    async readGramineProtectedFile(filepath, inputStream, secretKey) {
+        const tmpFileName = (0, path_1.join)(this.tmpFolder, "tee-pf-" + (0, crypto_1.randomBytes)(16).toString("hex") + ".tmp");
+        const protectedFsKey = secretKey.length !== 16
+            ? (0, crypto_1.createHash)("sha256", secretKey).update(secretKey).digest().slice(0, 16)
+            : secretKey;
+        let input = null;
+        try {
+            const tmpFileStream = (0, fs_1.createWriteStream)(tmpFileName);
+            await stream_1.promises.pipeline(inputStream, tmpFileStream);
+            input = new GramineProtectedFS(tmpFileName, filepath, protectedFsKey, false);
+            const originalFileSize = input.size();
+            const readChunkSize = PF_SIZE * 8;
+            let isFileEnd = false;
+            let cursor = 0;
+            let remainedBuffer = Buffer.alloc(0);
+            const decryptedStream = new stream_1.Readable({
+                read: async function (requestSize) {
+                    if (isFileEnd && !remainedBuffer.length) {
+                        if (input) {
+                            await input.close();
+                        }
+                        return this.push(null);
+                    }
+                    let readBuffer = remainedBuffer;
+                    let remainedReadSize = requestSize - readBuffer.length;
+                    while (!isFileEnd && remainedReadSize > 0) {
+                        const chunk = await input.read(cursor, readChunkSize);
+                        if (!chunk?.length) {
+                            isFileEnd = true;
+                            break;
+                        }
+                        readBuffer = Buffer.concat([readBuffer, chunk]);
+                        cursor += chunk.length;
+                        remainedReadSize -= chunk.length;
+                        if (chunk.length < readChunkSize) {
+                            isFileEnd = true;
+                            break;
+                        }
+                    }
+                    remainedBuffer = readBuffer.slice(requestSize);
+                    this.push(readBuffer.slice(0, requestSize));
+                },
+            });
+            return {
+                filepath: tmpFileName,
+                fileStream: decryptedStream,
+                filesize: originalFileSize,
+            };
+        }
+        catch (error) {
+            await fs_1.promises.rm(tmpFileName, {
+                recursive: true,
+                force: true,
+            });
+            if (input) {
+                await input.close();
+            }
+            throw error;
+        }
+    }
+}
+exports.EnclaveService = EnclaveService;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jbGF2ZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2VuY2xhdmUuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFNLEVBQUUsV0FBVyxFQUFFLGtCQUFrQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFDL0csbUNBQWlEO0FBQ2pELDJCQUF1RTtBQUN2RSwyQkFBNEI7QUFDNUIsK0JBQTRCO0FBQzVCLG1DQUF1RDtBQUd2RCxvQ0FBb0M7QUFDcEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDO0FBNkNyQixNQUFNLGtCQUFrQixHQUFHLENBQUMsU0FBUyxHQUFHLE9BQU8sRUFBYSxFQUFFO0lBQzFELElBQUksVUFBVSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFakMsT0FBTyxJQUFJLGtCQUFTLENBQUM7UUFDakIsVUFBVSxFQUFFLElBQUk7UUFDaEIsYUFBYSxFQUFFLE9BQU87UUFDdEIscUJBQXFCLEVBQUUsT0FBTztRQUM5QixxQkFBcUIsRUFBRSxPQUFPO1FBQzlCLEtBQUssRUFBRSxDQUFDLFFBQVEsRUFBRSxFQUFFO1lBQ2hCLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO1lBQzdCLFVBQVUsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2pDLENBQUM7UUFFRCxTQUFTLEVBQUUsVUFBVSxLQUFLLEVBQUUsUUFBUSxFQUFFLFFBQVE7WUFDMUMsSUFBSSxVQUFVLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtnQkFDdkIsS0FBSyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQzthQUM5QztZQUVELE1BQU0sTUFBTSxHQUFHLEVBQUUsQ0FBQztZQUVsQixPQUFPLEtBQUssQ0FBQyxNQUFNLElBQUksU0FBUyxFQUFFO2dCQUM5QixNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7Z0JBRXZDLEtBQUssR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO2FBQ2xDO1lBRUQsVUFBVSxHQUFHLEtBQUssQ0FBQztZQUVuQixRQUFRLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzNCLENBQUM7S0FDSixDQUFDLENBQUM7QUFDUCxDQUFDLENBQUM7QUFFRixNQUFhLGNBQWM7SUFHdkIsWUFBNkIsWUFBWSxJQUFBLFdBQU0sR0FBRTtRQUFwQixjQUFTLEdBQVQsU0FBUyxDQUFXO1FBQzdDLElBQUksQ0FBQyxHQUFHLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxZQUFZLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUF3QztRQUNyRSxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLGdCQUFnQjtRQUNsQixPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsd0JBQXdCLENBQUMsaUJBQXlCO1FBQ3BELE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxlQUFlLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUN2RCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQywyQkFBMkIsQ0FBQyw0QkFBb0M7UUFDbEUsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDckUsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQyx5QkFBeUIsQ0FDM0IsUUFBZ0IsRUFDaEIsV0FBcUIsRUFDckIsU0FBaUI7UUFFakIsTUFBTSxXQUFXLEdBQUcsSUFBQSxXQUFJLEVBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxTQUFTLEdBQUcsSUFBQSxvQkFBVyxFQUFDLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsR0FBRyxNQUFNLENBQUMsQ0FBQztRQUUvRixNQUFNLGNBQWMsR0FDaEIsU0FBUyxDQUFDLE1BQU0sS0FBSyxFQUFFO1lBQ25CLENBQUMsQ0FBQyxJQUFBLG1CQUFVLEVBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUN6RSxDQUFDLENBQUMsU0FBUyxDQUFDO1FBRXBCLE1BQU0sTUFBTSxHQUErQixJQUFJLENBQUM7UUFFaEQsSUFBSTtZQUNBLE1BQU0sTUFBTSxHQUF3QixJQUFJLGtCQUFrQixDQUFDLFdBQVcsRUFBRSxRQUFRLEVBQUUsY0FBYyxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ3hHLElBQUksU0FBUyxHQUFHLENBQUMsQ0FBQztZQUNsQixJQUFJLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDeEIsTUFBTSxhQUFhLEdBQUcsRUFBRSxDQUFDO1lBRXpCLElBQUksS0FBSyxFQUFFLE1BQU0sTUFBTSxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUMsRUFBRTtnQkFDdEUsS0FBSyxNQUFNLEtBQUssSUFBSSxNQUFNLEVBQUU7b0JBQ3hCLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFO3dCQUNmLHNDQUFzQzt3QkFDdEMsU0FBUztxQkFDWjtvQkFFRCxNQUFNLFdBQVcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO29CQUV6RCxJQUFJLFdBQVcsS0FBSyxLQUFLLENBQUMsTUFBTSxFQUFFO3dCQUM5QixNQUFNLElBQUksS0FBSyxDQUNYLGlCQUFpQixLQUFLLENBQUMsTUFBTSxzQkFBc0IsUUFBUSxJQUFJLFdBQVcsa0JBQWtCLFdBQVcsUUFBUSxDQUNsSCxDQUFDO3FCQUNMO29CQUVELFNBQVMsSUFBSSxXQUFXLENBQUM7aUJBQzVCO2dCQUVELElBQUksZUFBZSxJQUFJLGVBQWUsRUFBRSxHQUFHLGFBQWEsRUFBRTtvQkFDdEQsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7aUJBQ3hCO2FBQ0o7WUFFRCxNQUFNLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUVyQixPQUFPO2dCQUNILFFBQVEsRUFBRSxXQUFXO2dCQUNyQixRQUFRLEVBQUUsQ0FBQyxNQUFNLGFBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJO2dCQUNuRCxXQUFXLEVBQUUsU0FBUzthQUN6QixDQUFDO1NBQ0w7UUFBQyxPQUFPLEtBQUssRUFBRTtZQUNaLElBQUksTUFBTSxFQUFFO2dCQUNSLE1BQU0sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUVyQixNQUFNLGFBQVUsQ0FBQyxFQUFFLENBQUMsV0FBVyxFQUFFO29CQUM3QixTQUFTLEVBQUUsSUFBSTtvQkFDZixLQUFLLEVBQUUsSUFBSTtpQkFDZCxDQUFDLENBQUM7YUFDTjtZQUVELE1BQU0sS0FBSyxDQUFDO1NBQ2Y7SUFDTCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHdCQUF3QixDQUMxQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxLQUFLLEdBQStCLElBQUksQ0FBQztRQUU3QyxJQUFJO1lBQ0EsTUFBTSxhQUFhLEdBQUcsSUFBQSxzQkFBaUIsRUFBQyxXQUFXLENBQUMsQ0FBQztZQUVyRCxNQUFNLGlCQUFRLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxhQUFhLENBQUMsQ0FBQztZQUVwRCxLQUFLLEdBQXdCLElBQUksa0JBQWtCLENBQUMsV0FBVyxFQUFFLFFBQVEsRUFBRSxjQUFjLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFDbEcsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEMsTUFBTSxhQUFhLEdBQUcsT0FBTyxHQUFHLENBQUMsQ0FBQztZQUNsQyxJQUFJLFNBQVMsR0FBRyxLQUFLLENBQUM7WUFDdEIsSUFBSSxNQUFNLEdBQUcsQ0FBQyxDQUFDO1lBQ2YsSUFBSSxjQUFjLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUVyQyxNQUFNLGVBQWUsR0FBRyxJQUFJLGlCQUFRLENBQUM7Z0JBQ2pDLElBQUksRUFBRSxLQUFLLFdBQVcsV0FBbUI7b0JBQ3JDLElBQUksU0FBUyxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sRUFBRTt3QkFDckMsSUFBSSxLQUFLLEVBQUU7NEJBQ1AsTUFBTSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7eUJBQ3ZCO3dCQUVELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztxQkFDMUI7b0JBRUQsSUFBSSxVQUFVLEdBQUcsY0FBYyxDQUFDO29CQUNoQyxJQUFJLGdCQUFnQixHQUFHLFdBQVcsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDO29CQUV2RCxPQUFPLENBQUMsU0FBUyxJQUFJLGdCQUFnQixHQUFHLENBQUMsRUFBRTt3QkFDdkMsTUFBTSxLQUFLLEdBQUcsTUFBTSxLQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQzt3QkFFdkQsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUU7NEJBQ2hCLFNBQVMsR0FBRyxJQUFJLENBQUM7NEJBQ2pCLE1BQU07eUJBQ1Q7d0JBRUQsVUFBVSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQzt3QkFDaEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7d0JBQ3ZCLGdCQUFnQixJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUM7d0JBRWpDLElBQUksS0FBSyxDQUFDLE1BQU0sR0FBRyxhQUFhLEVBQUU7NEJBQzlCLFNBQVMsR0FBRyxJQUFJLENBQUM7NEJBQ2pCLE1BQU07eUJBQ1Q7cUJBQ0o7b0JBRUQsY0FBYyxHQUFHLFVBQVUsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7b0JBRS9DLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQztnQkFDaEQsQ0FBQzthQUNKLENBQUMsQ0FBQztZQUVILE9BQU87Z0JBQ0gsUUFBUSxFQUFFLFdBQVc7Z0JBQ3JCLFVBQVUsRUFBRSxlQUFlO2dCQUMzQixRQUFRLEVBQUUsZ0JBQWdCO2FBQzdCLENBQUM7U0FDTDtRQUFDLE9BQU8sS0FBSyxFQUFFO1lBQ1osTUFBTSxhQUFVLENBQUMsRUFBRSxDQUFDLFdBQVcsRUFBRTtnQkFDN0IsU0FBUyxFQUFFLElBQUk7Z0JBQ2YsS0FBSyxFQUFFLElBQUk7YUFDZCxDQUFDLENBQUM7WUFFSCxJQUFJLEtBQUssRUFBRTtnQkFDUCxNQUFNLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQzthQUN2QjtZQUVELE1BQU0sS0FBSyxDQUFDO1NBQ2Y7SUFDTCxDQUFDO0NBQ0o7QUF6TUQsd0NBeU1DIn0=

package/dist/sgx-native-module/errors.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export declare class AttestationDcapQuoteVerifyServiceError extends Error {
+    constructor(msg?: string);
+}
+export declare class AttestationDcapQuoteVerifyEnclaveError extends Error {
+    constructor(msg?: string);
+}
+export declare class PkiServiceError extends Error {
+    constructor(msg?: string);
+}

package/dist/sgx-native-module/errors.js ADDED Viewed

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PkiServiceError = exports.AttestationDcapQuoteVerifyEnclaveError = exports.AttestationDcapQuoteVerifyServiceError = void 0;
+class AttestationDcapQuoteVerifyServiceError extends Error {
+    constructor(msg) {
+        super(msg);
+        this.name = AttestationDcapQuoteVerifyServiceError.name;
+    }
+}
+exports.AttestationDcapQuoteVerifyServiceError = AttestationDcapQuoteVerifyServiceError;
+class AttestationDcapQuoteVerifyEnclaveError extends Error {
+    constructor(msg) {
+        super(msg);
+        this.name = AttestationDcapQuoteVerifyEnclaveError.name;
+    }
+}
+exports.AttestationDcapQuoteVerifyEnclaveError = AttestationDcapQuoteVerifyEnclaveError;
+class PkiServiceError extends Error {
+    constructor(msg) {
+        super(msg);
+        this.name = PkiServiceError.name;
+    }
+}
+exports.PkiServiceError = PkiServiceError;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFhLHNDQUF1QyxTQUFRLEtBQUs7SUFDN0QsWUFBWSxHQUFZO1FBQ3BCLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNYLElBQUksQ0FBQyxJQUFJLEdBQUcsc0NBQXNDLENBQUMsSUFBSSxDQUFDO0lBQzVELENBQUM7Q0FDSjtBQUxELHdGQUtDO0FBRUQsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsZUFBZ0IsU0FBUSxLQUFLO0lBQ3RDLFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLGVBQWUsQ0FBQyxJQUFJLENBQUM7SUFDckMsQ0FBQztDQUNKO0FBTEQsMENBS0MifQ==

package/dist/sgx-native-module/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from "./consts";
+export * from "./errors";
+export * from "./enclave.service";
+export * from "./dcap-quote-verify.service";
+export * from "./pki.service";

package/dist/sgx-native-module/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./consts"), exports);
+__exportStar(require("./errors"), exports);
+__exportStar(require("./enclave.service"), exports);
+__exportStar(require("./dcap-quote-verify.service"), exports);
+__exportStar(require("./pki.service"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF5QjtBQUN6QiwyQ0FBeUI7QUFDekIsb0RBQWtDO0FBQ2xDLDhEQUE0QztBQUM1QyxnREFBOEIifQ==

package/dist/sgx-native-module/pki.service.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/// <reference types="node" />
+export declare enum CertificateFormat {
+    PEM = "PEM",
+    DER = "DER"
+}
+export declare class PkiService {
+    private readonly cryptoPrimitives;
+    constructor();
+    validateChain(certs: Buffer, format?: CertificateFormat): Promise<boolean>;
+    validateHostname(certs: Buffer, hostnameOrIp: string, format?: CertificateFormat): Promise<boolean>;
+}

package/dist/sgx-native-module/pki.service.js ADDED Viewed

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PkiService = exports.CertificateFormat = void 0;
+const { CryptoPrimitives } = require("../../bindings/sgx-native/build/Release/sgx_native.node");
+var CertificateFormat;
+(function (CertificateFormat) {
+    CertificateFormat["PEM"] = "PEM";
+    CertificateFormat["DER"] = "DER";
+})(CertificateFormat = exports.CertificateFormat || (exports.CertificateFormat = {}));
+class PkiService {
+    constructor() {
+        this.cryptoPrimitives = new CryptoPrimitives();
+    }
+    async validateChain(certs, format = CertificateFormat.PEM) {
+        if (format === CertificateFormat.PEM) {
+            this.cryptoPrimitives.VerifyCertificateChain(certs);
+        }
+        else {
+            this.cryptoPrimitives.VerifyCertificateChain(certs, format.toString());
+        }
+        return true;
+    }
+    async validateHostname(certs, hostnameOrIp, format = CertificateFormat.PEM) {
+        if (format === CertificateFormat.PEM) {
+            return this.cryptoPrimitives.CheckHostnameOrIP(hostnameOrIp, certs);
+        }
+        return this.cryptoPrimitives.CheckHostnameOrIP(hostnameOrIp, certs, format.toString());
+    }
+}
+exports.PkiService = PkiService;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvcGtpLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFRaEcsSUFBWSxpQkFHWDtBQUhELFdBQVksaUJBQWlCO0lBQ3pCLGdDQUFXLENBQUE7SUFDWCxnQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGlCQUFpQixHQUFqQix5QkFBaUIsS0FBakIseUJBQWlCLFFBRzVCO0FBRUQsTUFBYSxVQUFVO0lBR25CO1FBQ0ksSUFBSSxDQUFDLGdCQUFnQixHQUFHLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztJQUNuRCxDQUFDO0lBRUQsS0FBSyxDQUFDLGFBQWEsQ0FBQyxLQUFhLEVBQUUsTUFBTSxHQUFHLGlCQUFpQixDQUFDLEdBQUc7UUFDN0QsSUFBSSxNQUFNLEtBQUssaUJBQWlCLENBQUMsR0FBRyxFQUFFO1lBQ2xDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztTQUN2RDthQUFNO1lBQ0gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLHNCQUFzQixDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztTQUMxRTtRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsZ0JBQWdCLENBQUMsS0FBYSxFQUFFLFlBQW9CLEVBQUUsTUFBTSxHQUFHLGlCQUFpQixDQUFDLEdBQUc7UUFDdEYsSUFBSSxNQUFNLEtBQUssaUJBQWlCLENBQUMsR0FBRyxFQUFFO1lBQ2xDLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLGlCQUFpQixDQUFDLFlBQVksRUFBRSxLQUFLLENBQUMsQ0FBQztTQUN2RTtRQUVELE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLGlCQUFpQixDQUFDLFlBQVksRUFBRSxLQUFLLEVBQUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDM0YsQ0FBQztDQUNKO0FBeEJELGdDQXdCQyJ9

package/package.json ADDED Viewed

@@ -0,0 +1,76 @@
+{
+  "name": "@super-protocol/addons-tee",
+  "version": "0.5.0",
+  "description": "The TEE trusted loader addons",
+  "tags": [
+    "tee"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Super-Protocol/sp-nodejs-addons.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Super-Protocol/sp-nodejs-addons/issues"
+  },
+  "author": "Super Protocol",
+  "license": "ISC",
+  "engines": {
+    "node": ">=14.0",
+    "npm": ">=6.0"
+  },
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "directories": {
+    "lib": "dist"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "build:clean": "rm -rf ./dist && tsc -p tsconfig.json",
+    "lint": "eslint --ext .ts src",
+    "lint:fix": "eslint --ext .ts src --fix",
+    "start": "yarn build",
+    "start:watch": "nodemon",
+    "start:prod": "node --enable-source-maps ./dist/index.js",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:cov": "jest --coverage",
+    "test:debug": "node --inspect-brk node_modules/.bin/jest -i"
+  },
+  "dependencies": {
+    "@fidm/x509": "^1.2.1",
+    "asn1-tree": "^0.1.1",
+    "axios": "^0.24.0"
+  },
+  "devDependencies": {
+    "@types/jest": "^27.0.3",
+    "@types/node": "^17.0.0",
+    "@typescript-eslint/eslint-plugin": "^5.8.0",
+    "@typescript-eslint/parser": "^5.8.0",
+    "eslint": "^8.5.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-prettier": "^4.0.0",
+    "jest": "^27.4.5",
+    "nodemon": "^2.0.15",
+    "prettier": "^2.5.1",
+    "ts-jest": "^27.1.2",
+    "typescript": "^4.5.4"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "js",
+      "json",
+      "ts"
+    ],
+    "rootDir": "src",
+    "testRegex": ".*\\.spec\\.ts$",
+    "transform": {
+      "^.+\\.(t|j)s$": "ts-jest"
+    },
+    "collectCoverageFrom": [
+      "**/*.(t|j)s"
+    ],
+    "coverageDirectory": "../coverage",
+    "testEnvironment": "node"
+  }
+}