@super-protocol/addons-tee 0.8.5 → 0.8.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -1
- package/bindings/sgx-native/README.md +1 -1
- package/bindings/sgx-native/build/Release/libcjson.so.1 +0 -0
- package/bindings/sgx-native/build/Release/libmbedcrypto_gramine.so.13 +0 -0
- package/bindings/sgx-native/build/Release/libmbedx509_gramine.so.4 +0 -0
- package/bindings/sgx-native/build/Release/libsgx_dcap_quoteverify.so.1 +0 -0
- package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
- package/dist/quote-validator/index.d.ts +1 -1
- package/dist/quote-validator/index.js +2 -2
- package/dist/quote-validator/{sgx-untrasted-validator.js → sgx-untrusted-validator.js} +1 -1
- package/dist/sgx-native-module/consts.d.ts +9 -0
- package/dist/sgx-native-module/consts.js +8 -2
- package/dist/sgx-native-module/dcap-quote-verify.service.d.ts +1 -1
- package/dist/sgx-native-module/dcap-quote-verify.service.js +8 -4
- package/dist/sgx-native-module/errors.d.ts +5 -0
- package/dist/sgx-native-module/errors.js +18 -5
- package/dist/sgx-native-module/pki.service.d.ts +41 -0
- package/dist/sgx-native-module/pki.service.js +60 -2
- package/package.json +7 -6
- package/bindings/sgx-native/build/Release/libdcap_quoteprov.so.1 +0 -0
- package/bindings/sgx-native/build/Release/libmbedcrypto_gramine.so.6 +0 -0
- package/bindings/sgx-native/build/Release/libmbedx509_gramine.so.1 +0 -0
- package/bindings/sgx-native/build/Release/libsgx_default_qcnl_wrapper.so.1 +0 -0
- package/bindings/sgx-native/build/Release/libsgx_urts.so.1 +0 -0
- package/bindings/sgx-native/build/Release/libsgx_util.so +0 -0
- package/bindings/sgx-native/node.manifest.template +0 -59
- package/bindings/sgx-native/run_tests.sh +0 -10
- package/bindings/sgx-native/test_certs/attestation/cert.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert.pem +0 -124
- package/bindings/sgx-native/test_certs/attestation/cert_maliciously.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert_maliciously.pem +0 -124
- package/bindings/sgx-native/test_certs/attestation/cert_without_quote.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert_without_quote.pem +0 -20
- package/bindings/sgx-native/test_certs/attestation/cert_wrong_hash.der +0 -0
- package/bindings/sgx-native/test_certs/attestation/cert_wrong_hash.pem +0 -124
- package/bindings/sgx-native/test_certs/ssl/expired.pem +0 -68
- package/bindings/sgx-native/test_certs/ssl/hostnameTest.pem +0 -22
- package/bindings/sgx-native/test_certs/ssl/multipleHost.pem +0 -62
- package/bindings/sgx-native/test_certs/ssl/noHost.pem +0 -61
- package/bindings/sgx-native/test_certs/ssl/noIntermidiate.pem +0 -62
- package/bindings/sgx-native/test_certs/ssl/revoked.pem +0 -68
- package/bindings/sgx-native/test_certs/ssl/untrusted.pem +0 -65
- package/bindings/sgx-native/test_certs/ssl/valid.pem +0 -94
- package/dist/quote-validator/sgx-untrasted-validator.spec.d.ts +0 -1
- package/dist/sgx-native-module/dcap-quote-verify.service.spec.d.ts +0 -1
- /package/dist/quote-validator/{sgx-untrasted-validator.d.ts → sgx-untrusted-validator.d.ts} +0 -0
package/README.md
CHANGED
|
@@ -1,4 +1,8 @@
|
|
|
1
|
-
Addons for
|
|
1
|
+
Addons for Trusted Execution Environment
|
|
2
2
|
========================================
|
|
3
3
|
|
|
4
4
|
Use it for low-level actions with SGX things.
|
|
5
|
+
|
|
6
|
+
To build npm package:
|
|
7
|
+
1. Compile "native" part with run bindings/build-sgx-native.sh
|
|
8
|
+
2. npm install && npm run build
|
|
@@ -1 +1 @@
|
|
|
1
|
-
To compile
|
|
1
|
+
To compile just run build-sgx-native.sh from directory above
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export { default as SGXUntrustedValidator } from "./sgx-
|
|
1
|
+
export { default as SGXUntrustedValidator } from "./sgx-untrusted-validator";
|
|
@@ -4,6 +4,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.SGXUntrustedValidator = void 0;
|
|
7
|
-
var
|
|
8
|
-
Object.defineProperty(exports, "SGXUntrustedValidator", { enumerable: true, get: function () { return __importDefault(
|
|
7
|
+
var sgx_untrusted_validator_1 = require("./sgx-untrusted-validator");
|
|
8
|
+
Object.defineProperty(exports, "SGXUntrustedValidator", { enumerable: true, get: function () { return __importDefault(sgx_untrusted_validator_1).default; } });
|
|
9
9
|
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcXVvdGUtdmFsaWRhdG9yL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLHFFQUE2RTtBQUFwRSxpSkFBQSxPQUFPLE9BQXlCIn0=
|
|
@@ -147,4 +147,4 @@ class SGXUntrustedValidator {
|
|
|
147
147
|
}
|
|
148
148
|
}
|
|
149
149
|
exports.default = SGXUntrustedValidator;
|
|
150
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
150
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2d4LXVudHJ1c3RlZC12YWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcXVvdGUtdmFsaWRhdG9yL3NneC11bnRydXN0ZWQtdmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsa0RBQTBCO0FBQzFCLDREQUE4RDtBQUM5RCwyQ0FBbUY7QUFFbkYsNERBQTREO0FBQzVELHFDQUF5QztBQUN6QyxtQ0FBbUM7QUFDbkMsMERBQWlDO0FBRWpDLE1BQU0scUJBQXFCO0lBR3ZCO1FBQ0ksSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLDBDQUFzQixFQUFFLENBQUM7SUFDN0MsQ0FBQztJQUVNLEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBYTtRQUMvQiwyQkFBMkI7UUFDM0IsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUNyRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixFQUFFLFFBQVEsQ0FBQyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFlBQWEsQ0FBQyxDQUFDO1FBRXhGLGdDQUFnQztRQUNoQyxNQUFNLENBQUMsT0FBTyxFQUFFLEVBQUUsZUFBZSxFQUFFLFlBQVksRUFBRSxDQUFDLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDO1lBQ25FLElBQUksQ0FBQyxZQUFZLENBQUMsUUFBUSxDQUFDO1lBQzNCLElBQUksQ0FBQyxvQkFBb0IsRUFBRTtTQUM5QixDQUFDLENBQUM7UUFFSCx5REFBeUQ7UUFDekQsSUFBSSxRQUFRLEtBQUssWUFBWTtZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLENBQUMsQ0FBQztRQUUzRSxvQkFBb0I7UUFDcEIsTUFBTSxjQUFjLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLENBQUM7UUFDckQsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDO1lBQ25DLFlBQVksRUFBRSxPQUFPLEdBQUcsZ0JBQWdCLEdBQUcsUUFBUTtZQUNuRCxvQkFBb0IsRUFBRSxlQUFlO1lBQ3JDLFlBQVksRUFBRSxPQUFPO1lBQ3JCLG9CQUFvQixFQUFFLFFBQVE7WUFDOUIsbUJBQW1CLEVBQUUsY0FBYztTQUN0QyxDQUFDLENBQUM7UUFFSCxtREFBbUQ7UUFDbkQsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVLENBQUMsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFDNUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLE9BQU8sQ0FBQztZQUM3QyxJQUFJLENBQUMsZUFBZSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUM7U0FDMUMsQ0FBQyxDQUFDO1FBRUgsaUJBQWlCO1FBQ2pCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUM7WUFDMUIsS0FBSztZQUNMLGlCQUFpQixFQUFFLE9BQU87WUFDMUIsa0JBQWtCLEVBQUUsZUFBZTtZQUNuQyxXQUFXLEVBQUUsT0FBTztZQUNwQixjQUFjLEVBQUUsVUFBVTtTQUM3QixDQUFDLENBQUM7SUFDUCxDQUFDO0lBRU8sS0FBSyxDQUFDLFlBQVksQ0FBQyxRQUFnQjtRQUN2QyxzQ0FBc0M7UUFDdEMsTUFBTSxjQUFjLEdBQUcsa0JBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0saUJBQWlCLEdBQUcsY0FBYyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFTLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEtBQUssaUNBQXFCLENBQUMsQ0FBQztRQUM1RyxJQUFJLENBQUMsaUJBQWlCO1lBQUUsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQ2pGLElBQUksVUFBVSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWtCLENBQUMsS0FBSyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDbEUsVUFBVSxHQUFHLFVBQVUsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFakYsaUJBQWlCO1FBQ2pCLE1BQU0sYUFBYSxHQUFHLE1BQU0sZUFBSyxDQUFDLEdBQUcsQ0FBQyxVQUFVLEVBQUUsRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUNuRixJQUFJLE9BQU8sR0FBRyxhQUFhLENBQUMsSUFBSSxDQUFDO1FBRWpDLDBCQUEwQjtRQUMxQixPQUFPLEdBQUcsNkJBQTZCLE9BQU87YUFDekMsUUFBUSxDQUFDLFFBQVEsQ0FBQzthQUNsQixLQUFLLENBQUMsVUFBVSxDQUFFO2FBQ2xCLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLENBQUM7UUFFeEMsT0FBTyxPQUFPLENBQUM7SUFDbkIsQ0FBQztJQUVPLEtBQUssQ0FBQyxvQkFBb0I7UUFDOUIsTUFBTSxxQkFBcUIsR0FBRyxNQUFNLGVBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxvQkFBUSxrQ0FBa0MsQ0FBQyxDQUFDO1FBRTdGLG9DQUFvQztRQUNwQyxNQUFNLFNBQVMsR0FBRyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsMEJBQTBCLENBQUMsQ0FBQyxDQUFDO1FBQ2hHLE1BQU0sQ0FBQyxFQUFFLFlBQVksQ0FBQyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUM7UUFFcEQsT0FBTztZQUNILGVBQWUsRUFBRSxxQkFBcUIsQ0FBQyxJQUFJO1lBQzNDLFlBQVk7U0FDZixDQUFDO0lBQ04sQ0FBQztJQUVPLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBZSxFQUFFLFFBQWdCLEVBQUUsT0FBZTtRQUN6RSw4QkFBOEI7UUFDOUIsTUFBTSxhQUFhLEdBQUcsa0JBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBQ2hFLE1BQU0sZUFBZSxHQUFHLGFBQWEsQ0FBQyxVQUFVO2FBQzNDLEdBQUcsQ0FBQyxDQUFDLElBQVMsRUFBRSxFQUFFO1lBQ2YsMkJBQTJCO1lBQzNCLElBQUksK0JBQW1CLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO2dCQUFFLE9BQU8sSUFBSSxDQUFDO1lBRTdELG9CQUFvQjtZQUNwQixNQUFNLFlBQVksR0FBRywrQkFBbUIsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsK0JBQW1CLENBQUMsTUFBTSxDQUFDO2lCQUMxRixLQUFLLENBQUMsR0FBRyxDQUFDO2lCQUNWLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFNUIsK0NBQStDO1lBQy9DLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTTtnQkFBRSxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUM7WUFFNUMsNkJBQTZCO1lBQzdCLElBQUksYUFBYSxHQUFHLG1CQUFRLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNoRCxJQUFJO2dCQUNBLHFDQUFxQztnQkFDckMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ2xGLGtFQUFrRTtnQkFDbEUsT0FBTyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQzthQUMxQztZQUFDLE9BQU8sQ0FBQyxFQUFFO2dCQUNSLE9BQU8sSUFBSSxDQUFDO2FBQ2Y7UUFDTCxDQUFDLENBQUM7YUFDRCxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzVCLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTTtZQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLENBQUMsQ0FBQztRQUNuRixNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUU5RCxrQ0FBa0M7UUFDbEMsTUFBTSxhQUFhLEdBQUcsTUFBTSxlQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsb0JBQVEsY0FBYyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ3hFLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ25ELE1BQU0sWUFBWSxHQUFHLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsMkJBQTJCLENBQUMsQ0FBQyxDQUFDO1FBRTVGLG9CQUFvQjtRQUNwQixNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUNyRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDO1lBQzVCLFdBQVcsRUFBRSxPQUFPO1lBQ3BCLFlBQVksRUFBRSxZQUFZO1lBQzFCLFlBQVksRUFBRSxPQUFPO1lBQ3JCLG9CQUFvQixFQUFFLFFBQVE7WUFDOUIsbUJBQW1CLEVBQUUsY0FBYztTQUN0QyxDQUFDLENBQUM7UUFFSCxPQUFPLE9BQU8sQ0FBQztJQUNuQixDQUFDO0lBRU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxRQUFnQixFQUFFLE9BQWU7UUFDM0QsMENBQTBDO1FBQzFDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxlQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsb0JBQVEsY0FBYyxDQUFDLENBQUM7UUFDcEUsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN6RCxNQUFNLGVBQWUsR0FBRyxrQkFBa0IsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsbUNBQW1DLENBQUMsQ0FBQyxDQUFDO1FBRTFHLDRCQUE0QjtRQUM1QixNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUNyRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsdUJBQXVCLENBQUM7WUFDcEMsbUJBQW1CLEVBQUUsVUFBVTtZQUMvQixZQUFZLEVBQUUsZUFBZTtZQUM3QixZQUFZLEVBQUUsT0FBTztZQUNyQixvQkFBb0IsRUFBRSxRQUFRO1lBQzlCLG1CQUFtQixFQUFFLGNBQWM7U0FDdEMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxVQUFVLENBQUM7SUFDdEIsQ0FBQztJQUVPLFVBQVUsQ0FBQyxLQUFhO1FBQzVCLE9BQU8sS0FBSzthQUNQLEtBQUssQ0FBQyw2QkFBNkIsQ0FBQzthQUNwQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQzthQUN0QixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLDZCQUE2QixHQUFHLElBQUksQ0FBQyxDQUFDO0lBQzdELENBQUM7Q0FDSjtBQUVELGtCQUFlLHFCQUFxQixDQUFDIn0=
|
|
@@ -103,3 +103,12 @@ export declare enum DcapQuoteVerificationStatus {
|
|
|
103
103
|
export declare const DcapQuoteVerificationStatusMap: {
|
|
104
104
|
[key: string]: string;
|
|
105
105
|
};
|
|
106
|
+
export declare enum PckFlag {
|
|
107
|
+
PCK_FLAG_FALSE = 0,
|
|
108
|
+
PCK_FLAG_TRUE = 1,
|
|
109
|
+
PCK_FLAG_UNDEFINED = 2
|
|
110
|
+
}
|
|
111
|
+
export declare type QuoteVerificationResultType = {
|
|
112
|
+
verificationResult: number;
|
|
113
|
+
smtEnabled: PckFlag;
|
|
114
|
+
};
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DcapQuoteVerificationStatusMap = exports.DcapQuoteVerificationStatus = exports.KeyPolicy = exports.KeyType = void 0;
|
|
3
|
+
exports.PckFlag = exports.DcapQuoteVerificationStatusMap = exports.DcapQuoteVerificationStatus = exports.KeyPolicy = exports.KeyType = void 0;
|
|
4
4
|
var KeyType;
|
|
5
5
|
(function (KeyType) {
|
|
6
6
|
// Launch key
|
|
@@ -121,4 +121,10 @@ exports.DcapQuoteVerificationStatusMap = Object.entries(DcapQuoteVerificationSta
|
|
|
121
121
|
obj[key] = value;
|
|
122
122
|
return obj;
|
|
123
123
|
}, {});
|
|
124
|
-
|
|
124
|
+
var PckFlag;
|
|
125
|
+
(function (PckFlag) {
|
|
126
|
+
PckFlag[PckFlag["PCK_FLAG_FALSE"] = 0] = "PCK_FLAG_FALSE";
|
|
127
|
+
PckFlag[PckFlag["PCK_FLAG_TRUE"] = 1] = "PCK_FLAG_TRUE";
|
|
128
|
+
PckFlag[PckFlag["PCK_FLAG_UNDEFINED"] = 2] = "PCK_FLAG_UNDEFINED";
|
|
129
|
+
})(PckFlag = exports.PckFlag || (exports.PckFlag = {}));
|
|
130
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2NvbnN0cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxJQUFZLE9BZVg7QUFmRCxXQUFZLE9BQU87SUFDZixhQUFhO0lBQ2IsNkVBQWlDLENBQUE7SUFFakMsbUJBQW1CO0lBQ25CLDJFQUFnQyxDQUFBO0lBRWhDLHdCQUF3QjtJQUN4QixxRkFBcUMsQ0FBQTtJQUVyQyxhQUFhO0lBQ2IscUVBQTZCLENBQUE7SUFFN0IsV0FBVztJQUNYLGlFQUEyQixDQUFBO0FBQy9CLENBQUMsRUFmVyxPQUFPLEdBQVAsZUFBTyxLQUFQLGVBQU8sUUFlbEI7QUFFRCxJQUFZLFNBa0JYO0FBbEJELFdBQVksU0FBUztJQUNqQiw4REFBOEQ7SUFDOUQsK0VBQWdDLENBQUE7SUFFaEMsNkRBQTZEO0lBQzdELDZFQUErQixDQUFBO0lBRS9CLDZDQUE2QztJQUM3QyxtRkFBa0MsQ0FBQTtJQUVsQyx5Q0FBeUM7SUFDekMsNkVBQStCLENBQUE7SUFFL0IsNENBQTRDO0lBQzVDLG9GQUFrQyxDQUFBO0lBRWxDLDZDQUE2QztJQUM3QyxzRkFBbUMsQ0FBQTtBQUN2QyxDQUFDLEVBbEJXLFNBQVMsR0FBVCxpQkFBUyxLQUFULGlCQUFTLFFBa0JwQjtBQUVELElBQVksMkJBb0dYO0FBcEdELFdBQVksMkJBQTJCO0lBQ25DLHlFQUFNLENBQUE7SUFFTixtSEFBdUIsQ0FBQTtJQUV2QiwyR0FBbUIsQ0FBQTtJQUNuQiwyR0FBbUIsQ0FBQTtJQUNuQixpSUFBOEIsQ0FBQTtJQUM5Qix5SEFBMEIsQ0FBQTtJQUMxQiwrR0FBcUIsQ0FBQTtJQUVyQiwySEFBMkIsQ0FBQTtJQUMzQiwySEFBMkIsQ0FBQTtJQUMzQixpSkFBc0MsQ0FBQTtJQUN0QywwSUFBa0MsQ0FBQTtJQUNsQyw0SEFBMkIsQ0FBQTtJQUUzQixvR0FBZSxDQUFBO0lBQ2Ysb0dBQWUsQ0FBQTtJQUNmLDBIQUEwQixDQUFBO0lBQzFCLGtIQUFzQixDQUFBO0lBQ3RCLG9HQUFlLENBQUE7SUFFZixvSEFBdUIsQ0FBQTtJQUN2Qiw4SEFBNEIsQ0FBQTtJQUU1QixvSUFBK0IsQ0FBQTtJQUMvQiw4R0FBb0IsQ0FBQTtJQUNwQiwwSEFBMEIsQ0FBQTtJQUUxQiw4SEFBNEIsQ0FBQTtJQUM1Qiw4SEFBNEIsQ0FBQTtJQUM1QixvSkFBdUMsQ0FBQTtJQUN2Qyw0SUFBbUMsQ0FBQTtJQUNuQyw4SUFBb0MsQ0FBQTtJQUNwQyw4SEFBNEIsQ0FBQTtJQUU1QiwwSEFBMEIsQ0FBQTtJQUMxQixrSEFBc0IsQ0FBQTtJQUN0QixvR0FBZSxDQUFBO0lBQ2YsMEhBQTBCLENBQUE7SUFDMUIsd0hBQXlCLENBQUE7SUFFekIsa0lBQThCLENBQUE7SUFDOUIsNEdBQW1CLENBQUE7SUFDbkIsMElBQWtDLENBQUE7SUFFbEMsMEdBQWtCLENBQUE7SUFFbEIsc0hBQXdCLENBQUE7SUFDeEIsNEhBQTJCLENBQUE7SUFDM0Isc0dBQWdCLENBQUE7SUFDaEIsd0hBQXlCLENBQUE7SUFDekIsb0dBQWUsQ0FBQTtJQUNmLDRIQUEyQixDQUFBO0lBQzNCLDRGQUFXLENBQUE7SUFDWCx3R0FBaUIsQ0FBQTtJQUNqQixvR0FBZSxDQUFBO0lBQ2YsNEZBQVcsQ0FBQTtJQUNYLHNIQUF3QixDQUFBO0lBQ3hCLDhJQUFvQyxDQUFBO0lBQ3BDLHdHQUFpQixDQUFBO0lBQ2pCLG9IQUF1QixDQUFBO0lBQ3ZCLDhIQUE0QixDQUFBO0lBQzVCLDBJQUFrQyxDQUFBO0lBQ2xDLGtKQUFzQyxDQUFBO0lBQ3RDLHdHQUFpQixDQUFBO0lBQ2pCLDRIQUEyQixDQUFBO0lBQzNCLGtIQUFzQixDQUFBO0lBQ3RCLG9IQUF1QixDQUFBO0lBRXZCLDBJQUFrQyxDQUFBO0lBQ2xDLG9IQUF1QixDQUFBO0lBQ3ZCLHdJQUFpQyxDQUFBO0lBRWpDLGdKQUFxQyxDQUFBO0lBQ3JDLG9KQUF1QyxDQUFBO0lBQ3ZDLDhIQUE0QixDQUFBO0lBQzVCLHNKQUF3QyxDQUFBO0lBQ3hDLHNJQUFnQyxDQUFBO0lBQ2hDLGtKQUFzQyxDQUFBO0lBQ3RDLGtKQUFzQyxDQUFBO0lBQ3RDLGdKQUFxQyxDQUFBO0lBQ3JDLDhJQUFvQyxDQUFBO0lBQ3BDLGdKQUFxQyxDQUFBO0lBQ3JDLGdKQUFxQyxDQUFBO0lBRXJDLGtJQUE4QixDQUFBO0lBQzlCLG9IQUF1QixDQUFBO0lBQ3ZCLDhHQUFvQixDQUFBO0lBQ3BCLDhHQUFvQixDQUFBO0lBQ3BCLGtKQUFzQyxDQUFBO0lBQ3RDLHdHQUFpQixDQUFBO0lBQ2pCLDBIQUEwQixDQUFBO0lBQzFCLG9HQUFlLENBQUE7SUFDZixrSUFBOEIsQ0FBQTtJQUM5Qiw4SEFBNEIsQ0FBQTtJQUM1QixvSEFBdUIsQ0FBQTtJQUN2Qix3SkFBeUMsQ0FBQTtJQUN6Qyx3SUFBaUMsQ0FBQTtBQUNyQyxDQUFDLEVBcEdXLDJCQUEyQixHQUEzQixtQ0FBMkIsS0FBM0IsbUNBQTJCLFFBb0d0QztBQUVZLFFBQUEsOEJBQThCLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQywyQkFBMkIsQ0FBQyxDQUFDLE1BQU0sQ0FDNUYsQ0FBQyxHQUE4QixFQUFFLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxFQUFFLEVBQUU7SUFDN0MsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEtBQUssQ0FBQztJQUVqQixPQUFPLEdBQUcsQ0FBQztBQUNmLENBQUMsRUFDRCxFQUFFLENBQ0wsQ0FBQztBQUVGLElBQVksT0FJWDtBQUpELFdBQVksT0FBTztJQUNmLHlEQUFrQixDQUFBO0lBQ2xCLHVEQUFhLENBQUE7SUFDYixpRUFBa0IsQ0FBQTtBQUN0QixDQUFDLEVBSlcsT0FBTyxHQUFQLGVBQU8sS0FBUCxlQUFPLFFBSWxCIn0=
|
|
@@ -5,7 +5,7 @@ export declare class DcapQuoteVerifyService {
|
|
|
5
5
|
constructor();
|
|
6
6
|
static checkErrorOrThrow(result: DcapQuoteVerificationStatus): void;
|
|
7
7
|
extractQuoteFromCert(pemOrDerCert: Buffer): Promise<Buffer>;
|
|
8
|
-
validateQuoteVerifierEnclave(quote: Buffer): Promise<void>;
|
|
8
|
+
validateQuoteVerifierEnclave(quote: Buffer, checkSecurity?: boolean): Promise<void>;
|
|
9
9
|
validateQuote({ quote, pemPckCertificate, pemIntermediateCrl, tcbInfoJson, qeIdentityJson, }: {
|
|
10
10
|
quote: Buffer;
|
|
11
11
|
pemPckCertificate: string;
|
|
@@ -19,13 +19,17 @@ class DcapQuoteVerifyService {
|
|
|
19
19
|
}
|
|
20
20
|
return this.quoteVerifier.extractQuoteFromCert(pemOrDerCert);
|
|
21
21
|
}
|
|
22
|
-
async validateQuoteVerifierEnclave(quote) {
|
|
22
|
+
async validateQuoteVerifierEnclave(quote, checkSecurity) {
|
|
23
|
+
checkSecurity = checkSecurity ?? false;
|
|
23
24
|
if (!quote?.length) {
|
|
24
25
|
throw new errors_1.AttestationDcapQuoteVerifyEnclaveError("empty quote");
|
|
25
26
|
}
|
|
26
27
|
const verifyResult = this.quoteVerifier.verifyQuoteDcap(quote);
|
|
27
|
-
if (verifyResult
|
|
28
|
-
throw new errors_1.
|
|
28
|
+
if (checkSecurity && verifyResult.smtEnabled === consts_1.PckFlag.PCK_FLAG_TRUE) {
|
|
29
|
+
throw new errors_1.QuoteSecurityValidationError(verifyResult);
|
|
30
|
+
}
|
|
31
|
+
if (verifyResult.verificationResult !== 0) {
|
|
32
|
+
throw new errors_1.QuoteValidationError(verifyResult.verificationResult);
|
|
29
33
|
}
|
|
30
34
|
}
|
|
31
35
|
async validateQuote({ quote, pemPckCertificate, pemIntermediateCrl, tcbInfoJson, qeIdentityJson, }) {
|
|
@@ -62,4 +66,4 @@ class DcapQuoteVerifyService {
|
|
|
62
66
|
}
|
|
63
67
|
}
|
|
64
68
|
exports.DcapQuoteVerifyService = DcapQuoteVerifyService;
|
|
65
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
69
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGNhcC1xdW90ZS12ZXJpZnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9kY2FwLXF1b3RlLXZlcmlmeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0FBQ3RHLHFDQUtrQjtBQUNsQixxQ0FLa0I7QUFxRGxCLE1BQWEsc0JBQXNCO0lBRy9CO1FBQ0ksSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLHNCQUFzQixFQUFFLENBQUM7SUFDdEQsQ0FBQztJQUVELE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxNQUFtQztRQUN4RCxJQUFJLE1BQU0sS0FBSyxvQ0FBMkIsQ0FBQyxFQUFFLEVBQUU7WUFDM0MsTUFBTSxJQUFJLCtDQUFzQyxDQUFDLHVDQUE4QixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7U0FDNUY7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLG9CQUFvQixDQUFDLFlBQW9CO1FBQzNDLElBQUksQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFO1lBQ3ZCLE1BQU0sSUFBSSwrQ0FBc0MsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1NBQ3pFO1FBRUQsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCLENBQUMsS0FBYSxFQUFFLGFBQXVCO1FBQ3JFLGFBQWEsR0FBRyxhQUFhLElBQUksS0FBSyxDQUFDO1FBRXZDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSwrQ0FBc0MsQ0FBQyxhQUFhLENBQUMsQ0FBQztTQUNuRTtRQUVELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQy9ELElBQUksYUFBYSxJQUFJLFlBQVksQ0FBQyxVQUFVLEtBQUssZ0JBQU8sQ0FBQyxhQUFhLEVBQUU7WUFDcEUsTUFBTSxJQUFJLHFDQUE0QixDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQ3hEO1FBQ0QsSUFBSSxZQUFZLENBQUMsa0JBQWtCLEtBQUssQ0FBQyxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSw2QkFBb0IsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQztTQUNuRTtJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYSxDQUFDLEVBQ2hCLEtBQUssRUFDTCxpQkFBaUIsRUFDakIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEdBT2pCO1FBQ0csc0JBQXNCLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxrQkFBa0IsRUFBRSxXQUFXLEVBQUUsY0FBYyxDQUFDLENBQzVHLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHFCQUFxQixDQUFDLEVBQ3hCLGFBQWEsRUFDYixlQUFlLEdBSWxCO1FBQ0csc0JBQXNCLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxhQUFhLENBQUMsbUJBQW1CLENBQUMsYUFBYSxFQUFFLGVBQWUsQ0FBQyxDQUN6RSxDQUFDO0lBQ04sQ0FBQztJQUVELHdCQUF3QjtRQUNwQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztJQUNsRCxDQUFDO0lBRUQsY0FBYztRQUNWLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUMzQyxDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUFDLEVBQUUsS0FBSyxFQUFxQjtRQUlyRCxNQUFNLENBQUMsTUFBTSxFQUFFLFlBQVksRUFBRSxVQUFVLENBQUMsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTVGLHNCQUFzQixDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRWpELE9BQU87WUFDSCxZQUFZO1lBQ1osVUFBVTtTQUNiLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUFDLEVBQ3pCLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG9CQUFvQixFQUNwQixtQkFBbUIsR0FPdEI7UUFDRyxzQkFBc0IsQ0FBQyxpQkFBaUIsQ0FDcEMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxvQkFBb0IsQ0FDbkMsWUFBWSxFQUNaLENBQUMsWUFBWSxFQUFFLG9CQUFvQixDQUFDLEVBQ3BDLG9CQUFvQixFQUNwQixtQkFBbUIsQ0FDdEIsQ0FDSixDQUFDO0lBQ04sQ0FBQztJQUVELEtBQUssQ0FBQyxlQUFlLENBQUMsRUFDbEIsV0FBVyxFQUNYLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG1CQUFtQixHQU90QjtRQUNHLHNCQUFzQixDQUFDLGlCQUFpQixDQUNwQyxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FDNUIsV0FBVyxFQUNYLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG1CQUFtQixDQUN0QixDQUNKLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHVCQUF1QixDQUFDLEVBQzFCLG1CQUFtQixFQUNuQixZQUFZLEVBQ1osWUFBWSxFQUNaLG9CQUFvQixFQUNwQixtQkFBbUIsR0FPdEI7UUFDRyxzQkFBc0IsQ0FBQyxpQkFBaUIsQ0FDcEMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxxQkFBcUIsQ0FDcEMsbUJBQW1CLEVBQ25CLFlBQVksRUFDWixZQUFZLEVBQ1osb0JBQW9CLEVBQ3BCLG1CQUFtQixDQUN0QixDQUNKLENBQUM7SUFDTixDQUFDO0lBRUQsS0FBSyxDQUFDLHlCQUF5QixDQUFDLEVBQzVCLE1BQU0sRUFDTixjQUFjLEVBQ2Qsb0JBQW9CLEdBS3ZCO1FBQ0csc0JBQXNCLENBQUMsaUJBQWlCLENBQ3BDLElBQUksQ0FBQyxhQUFhLENBQUMsdUJBQXVCLENBQUMsTUFBTSxFQUFFLGNBQWMsRUFBRSxvQkFBb0IsQ0FBQyxDQUMzRixDQUFDO0lBQ04sQ0FBQztDQUNKO0FBN0tELHdEQTZLQyJ9
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { QuoteVerificationResultType } from "./consts";
|
|
1
2
|
export declare class AttestationDcapQuoteVerifyServiceError extends Error {
|
|
2
3
|
constructor(msg?: string);
|
|
3
4
|
}
|
|
@@ -9,6 +10,10 @@ export declare class QuoteValidationError extends AttestationDcapQuoteVerifyEncl
|
|
|
9
10
|
criticalError: boolean;
|
|
10
11
|
constructor(verifyResult: number);
|
|
11
12
|
}
|
|
13
|
+
export declare class QuoteSecurityValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
14
|
+
readonly verifyResult: QuoteVerificationResultType;
|
|
15
|
+
constructor(verifyResult: QuoteVerificationResultType);
|
|
16
|
+
}
|
|
12
17
|
export declare class PkiServiceError extends Error {
|
|
13
18
|
constructor(msg?: string);
|
|
14
19
|
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.PkiServiceError = exports.QuoteValidationError = exports.AttestationDcapQuoteVerifyEnclaveError = exports.AttestationDcapQuoteVerifyServiceError = void 0;
|
|
3
|
+
exports.PkiServiceError = exports.QuoteSecurityValidationError = exports.QuoteValidationError = exports.AttestationDcapQuoteVerifyEnclaveError = exports.AttestationDcapQuoteVerifyServiceError = void 0;
|
|
4
|
+
const consts_1 = require("./consts");
|
|
4
5
|
class AttestationDcapQuoteVerifyServiceError extends Error {
|
|
5
6
|
constructor(msg) {
|
|
6
7
|
super(msg);
|
|
@@ -24,18 +25,18 @@ class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
|
24
25
|
this.criticalError = false;
|
|
25
26
|
switch (verifyResult) {
|
|
26
27
|
case 0xa001:
|
|
27
|
-
this.message = `The SGX platform firmware and SW are at the latest security patching level but there are
|
|
28
|
+
this.message = `The SGX platform firmware and SW are at the latest security patching level but there are
|
|
28
29
|
platform hardware configurations may expose the enclave to vulnerabilities.`;
|
|
29
30
|
break;
|
|
30
31
|
case 0xa002:
|
|
31
32
|
case 0xa003:
|
|
32
33
|
case 0xa004:
|
|
33
|
-
this.message = `The SGX platform firmware and SW are not at the latest security patching level. The
|
|
34
|
+
this.message = `The SGX platform firmware and SW are not at the latest security patching level. The
|
|
34
35
|
platform needs to be patched with firmware and/or software patches.`;
|
|
35
36
|
break;
|
|
36
37
|
case 0xa007:
|
|
37
38
|
case 0xa008:
|
|
38
|
-
this.message = `The SGX platform firmware and SW are at the latest security patching level but there
|
|
39
|
+
this.message = `The SGX platform firmware and SW are at the latest security patching level but there
|
|
39
40
|
are certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
|
|
40
41
|
break;
|
|
41
42
|
default:
|
|
@@ -46,6 +47,18 @@ class QuoteValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
|
46
47
|
}
|
|
47
48
|
}
|
|
48
49
|
exports.QuoteValidationError = QuoteValidationError;
|
|
50
|
+
class QuoteSecurityValidationError extends AttestationDcapQuoteVerifyEnclaveError {
|
|
51
|
+
constructor(verifyResult) {
|
|
52
|
+
super();
|
|
53
|
+
this.verifyResult = verifyResult;
|
|
54
|
+
this.verifyResult = verifyResult;
|
|
55
|
+
this.message = "Invalid CPU settings are being used.";
|
|
56
|
+
if (verifyResult.smtEnabled === consts_1.PckFlag.PCK_FLAG_TRUE) {
|
|
57
|
+
this.message = " HyperThreading (SMT) is enabled. Please disable it in BIOS.";
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
exports.QuoteSecurityValidationError = QuoteSecurityValidationError;
|
|
49
62
|
class PkiServiceError extends Error {
|
|
50
63
|
constructor(msg) {
|
|
51
64
|
super(msg);
|
|
@@ -53,4 +66,4 @@ class PkiServiceError extends Error {
|
|
|
53
66
|
}
|
|
54
67
|
}
|
|
55
68
|
exports.PkiServiceError = PkiServiceError;
|
|
56
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
69
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxxQ0FBZ0U7QUFFaEUsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsc0NBQXVDLFNBQVEsS0FBSztJQUM3RCxZQUFZLEdBQVk7UUFDcEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ1gsSUFBSSxDQUFDLElBQUksR0FBRyxzQ0FBc0MsQ0FBQyxJQUFJLENBQUM7SUFDNUQsQ0FBQztDQUNKO0FBTEQsd0ZBS0M7QUFFRCxNQUFhLG9CQUFxQixTQUFRLHNDQUFzQztJQUU1RSxZQUE0QixZQUFvQjtRQUM1QyxLQUFLLEVBQUUsQ0FBQztRQURnQixpQkFBWSxHQUFaLFlBQVksQ0FBUTtRQUR6QyxrQkFBYSxHQUFHLEtBQUssQ0FBQztRQUd6QixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsYUFBYSxHQUFHLEtBQUssQ0FBQztRQUUzQixRQUFRLFlBQVksRUFBRTtZQUNsQixLQUFLLE1BQU07Z0JBQ1AsSUFBSSxDQUFDLE9BQU8sR0FBRzs0RkFDNkQsQ0FBQztnQkFDN0UsTUFBTTtZQUNWLEtBQUssTUFBTSxDQUFDO1lBQ1osS0FBSyxNQUFNLENBQUM7WUFDWixLQUFLLE1BQU07Z0JBQ1AsSUFBSSxDQUFDLE9BQU8sR0FBRztvRkFDcUQsQ0FBQztnQkFDckUsTUFBTTtZQUNWLEtBQUssTUFBTSxDQUFDO1lBQ1osS0FBSyxNQUFNO2dCQUNQLElBQUksQ0FBQyxPQUFPLEdBQUc7NkhBQzhGLENBQUM7Z0JBQzlHLE1BQU07WUFDVjtnQkFDSSxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQztnQkFDMUIsSUFBSSxDQUFDLE9BQU8sR0FBRyxxREFBcUQsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUN4RyxNQUFNO1NBQ2I7SUFDTCxDQUFDO0NBQ0o7QUE3QkQsb0RBNkJDO0FBRUQsTUFBYSw0QkFBNkIsU0FBUSxzQ0FBc0M7SUFDcEYsWUFBNEIsWUFBeUM7UUFDakUsS0FBSyxFQUFFLENBQUM7UUFEZ0IsaUJBQVksR0FBWixZQUFZLENBQTZCO1FBRWpFLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxPQUFPLEdBQUcsc0NBQXNDLENBQUM7UUFDdEQsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFO1lBQ25ELElBQUksQ0FBQyxPQUFPLEdBQUcsOERBQThELENBQUM7U0FDakY7SUFDTCxDQUFDO0NBQ0o7QUFURCxvRUFTQztBQUVELE1BQWEsZUFBZ0IsU0FBUSxLQUFLO0lBQ3RDLFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLGVBQWUsQ0FBQyxJQUFJLENBQUM7SUFDckMsQ0FBQztDQUNKO0FBTEQsMENBS0MifQ==
|
|
@@ -1,11 +1,52 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
+
export declare type TlsCertResult = {
|
|
3
|
+
key: Buffer;
|
|
4
|
+
cert: Buffer;
|
|
5
|
+
};
|
|
6
|
+
export declare enum CertificateKeyType {
|
|
7
|
+
RSA = "RSA",
|
|
8
|
+
ECP = "ECP"
|
|
9
|
+
}
|
|
2
10
|
export declare enum CertificateFormat {
|
|
3
11
|
PEM = "PEM",
|
|
4
12
|
DER = "DER"
|
|
5
13
|
}
|
|
14
|
+
export declare enum ECPCurve {
|
|
15
|
+
SECP192R1 = "SECP192R1" /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
16
|
+
SECP224R1 = "SECP224R1" /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
17
|
+
SECP256R1 = "SECP256R1" /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
18
|
+
SECP384R1 = "SECP384R1" /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
19
|
+
SECP521R1 = "SECP521R1" /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */,
|
|
20
|
+
BP256R1 = "BP256R1" /*!< Domain parameters for 256-bit Brainpool curve. */,
|
|
21
|
+
BP384R1 = "BP384R1" /*!< Domain parameters for 384-bit Brainpool curve. */,
|
|
22
|
+
BP512R1 = "BP512R1" /*!< Domain parameters for 512-bit Brainpool curve. */,
|
|
23
|
+
SECP192K1 = "SECP192K1" /*!< Domain parameters for 192-bit "Koblitz" curve. */,
|
|
24
|
+
SECP224K1 = "SECP224K1" /*!< Domain parameters for 224-bit "Koblitz" curve. */,
|
|
25
|
+
SECP256K1 = "SECP256K1" /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
|
26
|
+
}
|
|
27
|
+
export declare type TLSCertParams = {
|
|
28
|
+
format?: CertificateFormat;
|
|
29
|
+
subject?: {
|
|
30
|
+
commonName?: string;
|
|
31
|
+
countryName?: string;
|
|
32
|
+
state?: string;
|
|
33
|
+
localityName?: string;
|
|
34
|
+
organizationName?: string;
|
|
35
|
+
organizationUnit?: string;
|
|
36
|
+
};
|
|
37
|
+
keyType?: CertificateKeyType;
|
|
38
|
+
withQuote?: boolean;
|
|
39
|
+
rsaKeyBits?: number;
|
|
40
|
+
ecpCurve?: ECPCurve;
|
|
41
|
+
serialNumber?: string;
|
|
42
|
+
days?: number;
|
|
43
|
+
dnsNames?: string[];
|
|
44
|
+
ips?: string[];
|
|
45
|
+
};
|
|
6
46
|
export declare class PkiService {
|
|
7
47
|
private readonly cryptoPrimitives;
|
|
8
48
|
constructor();
|
|
9
49
|
validateChain(certs: Buffer, format?: CertificateFormat): Promise<boolean>;
|
|
10
50
|
validateHostname(certs: Buffer, hostnameOrIp: string, format?: CertificateFormat): Promise<boolean>;
|
|
51
|
+
generateTlsCertificate(params?: TLSCertParams): Promise<TlsCertResult>;
|
|
11
52
|
}
|
|
@@ -1,12 +1,33 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.PkiService = exports.CertificateFormat = void 0;
|
|
3
|
+
exports.PkiService = exports.ECPCurve = exports.CertificateFormat = exports.CertificateKeyType = void 0;
|
|
4
4
|
const { CryptoPrimitives } = require("../../bindings/sgx-native/build/Release/sgx_native.node");
|
|
5
|
+
var CertificateKeyType;
|
|
6
|
+
(function (CertificateKeyType) {
|
|
7
|
+
CertificateKeyType["RSA"] = "RSA";
|
|
8
|
+
CertificateKeyType["ECP"] = "ECP";
|
|
9
|
+
})(CertificateKeyType = exports.CertificateKeyType || (exports.CertificateKeyType = {}));
|
|
5
10
|
var CertificateFormat;
|
|
6
11
|
(function (CertificateFormat) {
|
|
7
12
|
CertificateFormat["PEM"] = "PEM";
|
|
8
13
|
CertificateFormat["DER"] = "DER";
|
|
9
14
|
})(CertificateFormat = exports.CertificateFormat || (exports.CertificateFormat = {}));
|
|
15
|
+
var ECPCurve;
|
|
16
|
+
(function (ECPCurve) {
|
|
17
|
+
ECPCurve["SECP192R1"] = "SECP192R1"; /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
|
|
18
|
+
ECPCurve["SECP224R1"] = "SECP224R1"; /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
|
|
19
|
+
ECPCurve["SECP256R1"] = "SECP256R1"; /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
|
|
20
|
+
ECPCurve["SECP384R1"] = "SECP384R1"; /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
|
|
21
|
+
ECPCurve["SECP521R1"] = "SECP521R1"; /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
|
|
22
|
+
ECPCurve["BP256R1"] = "BP256R1"; /*!< Domain parameters for 256-bit Brainpool curve. */
|
|
23
|
+
ECPCurve["BP384R1"] = "BP384R1"; /*!< Domain parameters for 384-bit Brainpool curve. */
|
|
24
|
+
ECPCurve["BP512R1"] = "BP512R1"; /*!< Domain parameters for 512-bit Brainpool curve. */
|
|
25
|
+
// @TODO: MBEDTLS NOT SUPPORT EXRPORT CURVE25519 = "CURVE25519", /*!< Domain parameters for Curve25519. */
|
|
26
|
+
ECPCurve["SECP192K1"] = "SECP192K1"; /*!< Domain parameters for 192-bit "Koblitz" curve. */
|
|
27
|
+
ECPCurve["SECP224K1"] = "SECP224K1"; /*!< Domain parameters for 224-bit "Koblitz" curve. */
|
|
28
|
+
ECPCurve["SECP256K1"] = "SECP256K1"; /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
|
29
|
+
// @TODO: MBEDTLS NOT SUPPORT EXRPORT CURVE448 = "CURVE448", /*!< Domain parameters for Curve448. */
|
|
30
|
+
})(ECPCurve = exports.ECPCurve || (exports.ECPCurve = {}));
|
|
10
31
|
class PkiService {
|
|
11
32
|
constructor() {
|
|
12
33
|
this.cryptoPrimitives = new CryptoPrimitives();
|
|
@@ -26,6 +47,43 @@ class PkiService {
|
|
|
26
47
|
}
|
|
27
48
|
return this.cryptoPrimitives.CheckHostnameOrIP(hostnameOrIp, certs, format.toString());
|
|
28
49
|
}
|
|
50
|
+
async generateTlsCertificate(params = {}) {
|
|
51
|
+
const subject = {
|
|
52
|
+
commonName: params.subject?.commonName ?? "localhost",
|
|
53
|
+
countryName: params.subject?.countryName ?? "US",
|
|
54
|
+
state: params.subject?.state ?? "New York",
|
|
55
|
+
localityName: params.subject?.localityName ?? "New York",
|
|
56
|
+
organizationName: params.subject?.organizationName ?? "SuperProtocol",
|
|
57
|
+
organizationUnit: params.subject?.organizationUnit ?? "TEE",
|
|
58
|
+
};
|
|
59
|
+
const format = params.format ?? CertificateFormat.PEM;
|
|
60
|
+
const keyType = params.keyType ?? CertificateKeyType.RSA;
|
|
61
|
+
let rsaKeyBits;
|
|
62
|
+
let ecpCurve;
|
|
63
|
+
if (keyType === CertificateKeyType.RSA) {
|
|
64
|
+
rsaKeyBits = params.rsaKeyBits ?? 3072;
|
|
65
|
+
}
|
|
66
|
+
else if (keyType === CertificateKeyType.ECP) {
|
|
67
|
+
ecpCurve = params.ecpCurve ?? ECPCurve.SECP384R1;
|
|
68
|
+
}
|
|
69
|
+
const withQuote = params.withQuote ?? false;
|
|
70
|
+
const serialNumber = params.serialNumber ?? "01";
|
|
71
|
+
const days = params.days ?? 365;
|
|
72
|
+
const dnsNames = params.dnsNames ?? [];
|
|
73
|
+
const ips = params.ips ?? [];
|
|
74
|
+
return this.cryptoPrimitives.GenerateTlsCertificate({
|
|
75
|
+
format,
|
|
76
|
+
subject,
|
|
77
|
+
keyType,
|
|
78
|
+
withQuote,
|
|
79
|
+
rsaKeyBits,
|
|
80
|
+
ecpCurve,
|
|
81
|
+
serialNumber,
|
|
82
|
+
days,
|
|
83
|
+
dnsNames,
|
|
84
|
+
ips,
|
|
85
|
+
});
|
|
86
|
+
}
|
|
29
87
|
}
|
|
30
88
|
exports.PkiService = PkiService;
|
|
31
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
89
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvcGtpLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFPaEcsSUFBWSxrQkFHWDtBQUhELFdBQVksa0JBQWtCO0lBQzFCLGlDQUFXLENBQUE7SUFDWCxpQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGtCQUFrQixHQUFsQiwwQkFBa0IsS0FBbEIsMEJBQWtCLFFBRzdCO0FBRUQsSUFBWSxpQkFHWDtBQUhELFdBQVksaUJBQWlCO0lBQ3pCLGdDQUFXLENBQUE7SUFDWCxnQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGlCQUFpQixHQUFqQix5QkFBaUIsS0FBakIseUJBQWlCLFFBRzVCO0FBRUQsSUFBWSxRQWNYO0FBZEQsV0FBWSxRQUFRO0lBQ2hCLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLDBHQUEwRztJQUMxRyxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSwyR0FBMkc7QUFDL0csQ0FBQyxFQWRXLFFBQVEsR0FBUixnQkFBUSxLQUFSLGdCQUFRLFFBY25CO0FBNEJELE1BQWEsVUFBVTtJQUduQjtRQUNJLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxJQUFJLGdCQUFnQixFQUFFLENBQUM7SUFDbkQsQ0FBQztJQUVELEtBQUssQ0FBQyxhQUFhLENBQUMsS0FBYSxFQUFFLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxHQUFHO1FBQzdELElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEdBQUcsRUFBRTtZQUNsQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7U0FDdkQ7YUFBTTtZQUNILElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7U0FDMUU7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxZQUFvQixFQUFFLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxHQUFHO1FBQ3RGLElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEdBQUcsRUFBRTtZQUNsQyxPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLEVBQUUsS0FBSyxDQUFDLENBQUM7U0FDdkU7UUFFRCxPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLEVBQUUsS0FBSyxFQUFFLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO0lBQzNGLENBQUM7SUFFRCxLQUFLLENBQUMsc0JBQXNCLENBQUMsU0FBd0IsRUFBRTtRQUNuRCxNQUFNLE9BQU8sR0FBRztZQUNaLFVBQVUsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFVBQVUsSUFBSSxXQUFXO1lBQ3JELFdBQVcsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFdBQVcsSUFBSSxJQUFJO1lBQ2hELEtBQUssRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLEtBQUssSUFBSSxVQUFVO1lBQzFDLFlBQVksRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFlBQVksSUFBSSxVQUFVO1lBQ3hELGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxPQUFPLEVBQUUsZ0JBQWdCLElBQUksZUFBZTtZQUNyRSxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixJQUFJLEtBQUs7U0FDOUQsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksaUJBQWlCLENBQUMsR0FBRyxDQUFDO1FBQ3RELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxPQUFPLElBQUksa0JBQWtCLENBQUMsR0FBRyxDQUFDO1FBRXpELElBQUksVUFBOEIsQ0FBQztRQUNuQyxJQUFJLFFBQThCLENBQUM7UUFFbkMsSUFBSSxPQUFPLEtBQUssa0JBQWtCLENBQUMsR0FBRyxFQUFFO1lBQ3BDLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxJQUFJLElBQUksQ0FBQztTQUMxQzthQUFNLElBQUksT0FBTyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsRUFBRTtZQUMzQyxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxRQUFRLENBQUMsU0FBUyxDQUFDO1NBQ3BEO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUM7UUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxJQUFJLENBQUM7UUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksSUFBSSxHQUFHLENBQUM7UUFDaEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDdkMsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFFN0IsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDaEQsTUFBTTtZQUNOLE9BQU87WUFDUCxPQUFPO1lBQ1AsU0FBUztZQUNULFVBQVU7WUFDVixRQUFRO1lBQ1IsWUFBWTtZQUNaLElBQUk7WUFDSixRQUFRO1lBQ1IsR0FBRztTQUNOLENBQUMsQ0FBQztJQUNQLENBQUM7Q0FDSjtBQWxFRCxnQ0FrRUMifQ==
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@super-protocol/addons-tee",
|
|
3
|
-
"version": "0.8.
|
|
3
|
+
"version": "0.8.7",
|
|
4
4
|
"description": "The TEE trusted loader addons",
|
|
5
5
|
"tags": [
|
|
6
6
|
"tee"
|
|
@@ -25,8 +25,8 @@
|
|
|
25
25
|
"lib": "dist"
|
|
26
26
|
},
|
|
27
27
|
"scripts": {
|
|
28
|
-
"build": "tsc -p tsconfig.json",
|
|
29
|
-
"build:clean": "rm -rf ./dist && tsc -p tsconfig.json",
|
|
28
|
+
"build": "tsc -p tsconfig.build.json",
|
|
29
|
+
"build:clean": "rm -rf ./dist && tsc -p tsconfig.build.json",
|
|
30
30
|
"lint": "eslint --ext .ts src",
|
|
31
31
|
"lint:fix": "eslint --ext .ts src --fix",
|
|
32
32
|
"start": "yarn build",
|
|
@@ -43,17 +43,18 @@
|
|
|
43
43
|
"axios": "^0.24.0"
|
|
44
44
|
},
|
|
45
45
|
"devDependencies": {
|
|
46
|
-
"@
|
|
46
|
+
"@peculiar/x509": "^1.9.3",
|
|
47
|
+
"@types/jest": "^27.5.2",
|
|
47
48
|
"@types/node": "^17.0.0",
|
|
48
49
|
"@typescript-eslint/eslint-plugin": "^5.8.0",
|
|
49
50
|
"@typescript-eslint/parser": "^5.8.0",
|
|
50
51
|
"eslint": "^8.5.0",
|
|
51
52
|
"eslint-config-prettier": "^8.3.0",
|
|
52
53
|
"eslint-plugin-prettier": "^4.0.0",
|
|
53
|
-
"jest": "^27.
|
|
54
|
+
"jest": "^27.5.1",
|
|
54
55
|
"nodemon": "^2.0.15",
|
|
55
56
|
"prettier": "^2.5.1",
|
|
56
|
-
"ts-jest": "^27.1.
|
|
57
|
+
"ts-jest": "^27.1.5",
|
|
57
58
|
"typescript": "^4.5.4"
|
|
58
59
|
},
|
|
59
60
|
"jest": {
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -1,59 +0,0 @@
|
|
|
1
|
-
# node manifest template
|
|
2
|
-
|
|
3
|
-
loader.preload = "file:{{ gramine.libos }}" # for compatibility with v1.0
|
|
4
|
-
|
|
5
|
-
loader.entrypoint = "file:{{ gramine.libos }}"
|
|
6
|
-
libos.entrypoint = "/usr/bin/node"
|
|
7
|
-
loader.log_level = "{{ log_level }}"
|
|
8
|
-
loader.argv0_override = "node"
|
|
9
|
-
loader.insecure__use_cmdline_argv = true
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
loader.env.LD_LIBRARY_PATH = "/lib:/lib/x86_64-linux-gnu/"
|
|
13
|
-
|
|
14
|
-
fs.mount.lib.type = "chroot"
|
|
15
|
-
fs.mount.lib.path = "/lib"
|
|
16
|
-
fs.mount.lib.uri = "file:{{ gramine.runtimedir() }}"
|
|
17
|
-
|
|
18
|
-
fs.mount.usr.type = "chroot"
|
|
19
|
-
fs.mount.usr.path = "/usr"
|
|
20
|
-
fs.mount.usr.uri = "file:/usr"
|
|
21
|
-
|
|
22
|
-
fs.mount.lib2.type = "chroot"
|
|
23
|
-
fs.mount.lib2.path = "/lib/x86_64-linux-gnu"
|
|
24
|
-
fs.mount.lib2.uri = "file:/lib/x86_64-linux-gnu"
|
|
25
|
-
|
|
26
|
-
fs.mount.etc.type = "chroot"
|
|
27
|
-
fs.mount.etc.path = "/etc"
|
|
28
|
-
fs.mount.etc.uri = "file:/etc"
|
|
29
|
-
|
|
30
|
-
sys.insecure__allow_eventfd = true
|
|
31
|
-
|
|
32
|
-
sgx.debug = true
|
|
33
|
-
sgx.nonpie_binary = true
|
|
34
|
-
sgx.thread_num = 256
|
|
35
|
-
sgx.enclave_size = "8G"
|
|
36
|
-
sgx.remote_attestation = true
|
|
37
|
-
|
|
38
|
-
sgx.trusted_files = [
|
|
39
|
-
"file:{{ gramine.libos }}",
|
|
40
|
-
"file:/usr/bin/node",
|
|
41
|
-
"file:{{ gramine.runtimedir() }}/",
|
|
42
|
-
"file:/lib/x86_64-linux-gnu/",
|
|
43
|
-
"file:./",
|
|
44
|
-
]
|
|
45
|
-
|
|
46
|
-
sgx.allowed_files = [
|
|
47
|
-
"file:/etc/nsswitch.conf",
|
|
48
|
-
"file:/etc/host.conf",
|
|
49
|
-
"file:/etc/resolv.conf",
|
|
50
|
-
"file:/etc/ethers",
|
|
51
|
-
"file:/etc/hosts",
|
|
52
|
-
"file:/etc/group",
|
|
53
|
-
"file:/etc/passwd",
|
|
54
|
-
"file:/etc/gai.conf",
|
|
55
|
-
"file:/etc/ssl/certs/ca-certificates.crt",
|
|
56
|
-
"file:/etc/sgx_default_qcnl.conf",
|
|
57
|
-
"file:/etc/ssl/certs/"
|
|
58
|
-
]
|
|
59
|
-
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
#!/bin/sh -ex
|
|
2
|
-
|
|
3
|
-
# Before run test generate or specify another enclave-key.pem manually
|
|
4
|
-
npm install binding
|
|
5
|
-
|
|
6
|
-
gramine-manifest -Dlog_level=error node.manifest.template > node.manifest
|
|
7
|
-
gramine-sgx-sign --manifest node.manifest --output node.manifest.sgx
|
|
8
|
-
gramine-sgx-get-token --output node.token --sig node.sig
|
|
9
|
-
|
|
10
|
-
gramine-sgx node test.js
|
|
Binary file
|