@super-protocol/addons-tee 0.8.4 → 0.8.6

package/bindings/build-sgx-native.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+
+docker run --rm --entrypoint /bin/bash -v $PWD/sgx-native:/app/src gramineproject/gramine:v1.3.1 /app/src/docker_build.sh
+if [ $? -eq 0 ]; then
+    echo -e '\033[0;32mBUILD SUCCESS'
+else
+    echo -e '\033[0;31mBUILD FAILED'
+fi

package/bindings/sgx-native/docker_build.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+set -e
+
+# Install deps
+apt update
+DEBIAN_FRONTEND=noninteractive apt install -y git wget make gcc g++ curl cmake clang meson libssl-dev libsgx-dcap-quote-verify-dev libcurl4-openssl-dev
+
+# Download and install Intel SDK
+cd /opt/intel
+wget https://download.01.org/intel-sgx/sgx-linux/2.18/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.18.100.3.bin
+chmod +x sgx_linux_x64_sdk_2.18.100.3.bin
+echo yes | ./sgx_linux_x64_sdk_2.18.100.3.bin
+rm -f sgx_linux_x64_sdk_2.18.100.3.bin
+
+# Clone and Build QVL
+cd /app
+git clone --single-branch -b DCAP_1.15 https://github.com/intel/SGXDataCenterAttestationPrimitives.git
+cd /app/SGXDataCenterAttestationPrimitives/QuoteVerification/QVL/Src
+./release
+
+# Clone and Download mbedtls lib
+cd /app
+git clone --single-branch -b v1.3.1 https://github.com/gramineproject/gramine.git
+cd /app/gramine
+meson subprojects download
+
+# Clone and Build NAPI Stubs
+cd /app
+git clone --single-branch -b main https://github.com/napi-bindings/node-api-stub.git
+cd /app/node-api-stub
+git checkout a253cf6
+mkdir ./build
+cmake -DCMAKE_BUILD_TYPE=Release -G "Unix Makefiles" -S ./ -B ./build
+cmake --build ./build
+
+# Install nodejs
+curl -sL https://deb.nodesource.com/setup_16.x | bash -
+DEBIAN_FRONTEND=noninteractive apt install -y nodejs
+
+# Build addon
+cd /app/src/
+export GRAMINE_PATH=/app/gramine
+export SGX_PRIMITIVES=/app/SGXDataCenterAttestationPrimitives
+export NODE_API_STUB=/app/node-api-stub/build
+
+npm i -g node-addon-api node-gyp nan
+MBEDTLS=$(find ${GRAMINE_PATH}/subprojects/mbedtls* -maxdepth 0 -type d)
+if [ $? -eq 0 ]; then
+    MBEDTLS=$(find ${MBEDTLS}/mbedtls* -maxdepth 0 -type d)
+    if [ $? -eq 0 ]; then
+    echo "MBEDTLS found in ${MBEDTLS}"
+    export MBEDTLS=${MBEDTLS}
+    else
+        echo "MBEDTLS not found"
+        exit 1
+    fi
+else
+    echo "MBEDTLS not found"
+    exit 1
+fi
+
+export NODE_PATH=$(npm root -g)
+
+rm -rf /app/src/build
+npx node-gyp configure build
+strip ./build/Release/sgx_native.node
+
+BUILD_DIR=/app/src/build/Release
+cp /usr/lib/x86_64-linux-gnu/libmbedcrypto_gramine.so.12 ${BUILD_DIR}
+cp /usr/lib/x86_64-linux-gnu/libmbedx509_gramine.so.4 ${BUILD_DIR}
+cp /usr/lib/x86_64-linux-gnu/libsgx_dcap_quoteverify.so.1 ${BUILD_DIR}
+cp /usr/lib/x86_64-linux-gnu/libsgx_util.so ${BUILD_DIR}
+cp /usr/lib/x86_64-linux-gnu/libcjson.so.1 ${BUILD_DIR} #only for tests
+
+# libsgx_default_qcnl_wrapper.so.1 and libdcap_quoteprov.so.1 installed with the package libsgx_dcap_default_qpl
+
+#TODO: CHECK NEXT LIBS
+#libsgx_urts.so.1

package/dist/sgx-native-module/errors.js

@@ -20,6 +20,29 @@ class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
         super();
         this.verifyResult = verifyResult;
         this.criticalError = false;
+        this.verifyResult = verifyResult;
+        this.criticalError = false;
+        switch (verifyResult) {
+            case 0xa001:
+                this.message = `The SGX platform firmware and SW are at the latest security patching level but there are 
+                platform hardware configurations may expose the enclave to vulnerabilities.`;
+                break;
+            case 0xa002:
+            case 0xa003:
+            case 0xa004:
+                this.message = `The SGX platform firmware and SW are not at the latest security patching level. The 
+                platform needs to be patched with firmware and/or software patches.`;
+                break;
+            case 0xa007:
+            case 0xa008:
+                this.message = `The SGX platform firmware and SW are at the latest security patching level but there 
+                are certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
+                break;
+            default:
+                this.criticalError = true;
+                this.message = `Quote verification failed. Verification result: 0x${Number(verifyResult).toString(16)}`;
+                break;
+        }
     }
 }
 exports.QuoteValidationError = QuoteValidationError;
@@ -30,4 +53,4 @@ class PkiServiceError extends Error {
     }
 }
 exports.PkiServiceError = PkiServiceError;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFhLHNDQUF1QyxTQUFRLEtBQUs7SUFDN0QsWUFBWSxHQUFZO1FBQ3BCLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNYLElBQUksQ0FBQyxJQUFJLEdBQUcsc0NBQXNDLENBQUMsSUFBSSxDQUFDO0lBQzVELENBQUM7Q0FDSjtBQUxELHdGQUtDO0FBRUQsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsb0JBQXFCLFNBQVEsc0NBQXNDO0lBRTVFLFlBQTRCLFlBQW9CO1FBQzVDLEtBQUssRUFBRSxDQUFDO1FBRGdCLGlCQUFZLEdBQVosWUFBWSxDQUFRO1FBRHpDLGtCQUFhLEdBQUcsS0FBSyxDQUFDO0lBRzdCLENBQUM7Q0FDSjtBQUxELG9EQUtDO0FBRUQsTUFBYSxlQUFnQixTQUFRLEtBQUs7SUFDdEMsWUFBWSxHQUFZO1FBQ3BCLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNYLElBQUksQ0FBQyxJQUFJLEdBQUcsZUFBZSxDQUFDLElBQUksQ0FBQztJQUNyQyxDQUFDO0NBQ0o7QUFMRCwwQ0FLQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFhLHNDQUF1QyxTQUFRLEtBQUs7SUFDN0QsWUFBWSxHQUFZO1FBQ3BCLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNYLElBQUksQ0FBQyxJQUFJLEdBQUcsc0NBQXNDLENBQUMsSUFBSSxDQUFDO0lBQzVELENBQUM7Q0FDSjtBQUxELHdGQUtDO0FBRUQsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsb0JBQXFCLFNBQVEsc0NBQXNDO0lBRTVFLFlBQTRCLFlBQW9CO1FBQzVDLEtBQUssRUFBRSxDQUFDO1FBRGdCLGlCQUFZLEdBQVosWUFBWSxDQUFRO1FBRHpDLGtCQUFhLEdBQUcsS0FBSyxDQUFDO1FBR3pCLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxhQUFhLEdBQUcsS0FBSyxDQUFDO1FBRTNCLFFBQVEsWUFBWSxFQUFFO1lBQ2xCLEtBQUssTUFBTTtnQkFDUCxJQUFJLENBQUMsT0FBTyxHQUFHOzRGQUM2RCxDQUFDO2dCQUM3RSxNQUFNO1lBQ1YsS0FBSyxNQUFNLENBQUM7WUFDWixLQUFLLE1BQU0sQ0FBQztZQUNaLEtBQUssTUFBTTtnQkFDUCxJQUFJLENBQUMsT0FBTyxHQUFHO29GQUNxRCxDQUFDO2dCQUNyRSxNQUFNO1lBQ1YsS0FBSyxNQUFNLENBQUM7WUFDWixLQUFLLE1BQU07Z0JBQ1AsSUFBSSxDQUFDLE9BQU8sR0FBRzs2SEFDOEYsQ0FBQztnQkFDOUcsTUFBTTtZQUNWO2dCQUNJLElBQUksQ0FBQyxhQUFhLEdBQUcsSUFBSSxDQUFDO2dCQUMxQixJQUFJLENBQUMsT0FBTyxHQUFHLHFEQUFxRCxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hHLE1BQU07U0FDYjtJQUNMLENBQUM7Q0FDSjtBQTdCRCxvREE2QkM7QUFFRCxNQUFhLGVBQWdCLFNBQVEsS0FBSztJQUN0QyxZQUFZLEdBQVk7UUFDcEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ1gsSUFBSSxDQUFDLElBQUksR0FBRyxlQUFlLENBQUMsSUFBSSxDQUFDO0lBQ3JDLENBQUM7Q0FDSjtBQUxELDBDQUtDIn0=

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@super-protocol/addons-tee",
-  "version": "0.8.4",
+  "version": "0.8.6",
   "description": "The TEE trusted loader addons",
   "tags": [
     "tee"