@super-protocol/addons-tee 0.8.7 → 0.8.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bindings/sgx-native/build/Release/libsgx_dcap_quoteverify.so.1 +0 -0
- package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
- package/dist/sgx-native-module/enclave.service.d.ts +16 -6
- package/dist/sgx-native-module/enclave.service.js +19 -5
- package/dist/sgx-native-module/sgx-tests.d.ts +1 -0
- package/dist/sgx-native-module/sgx-tests.js +82 -0
- package/package.json +1 -1
- package/test_sgx_env/Dockerfile +16 -0
- package/test_sgx_env/build-and-run-tests.sh +29 -0
- package/test_sgx_env/gsc-config.yaml +14 -0
- package/test_sgx_env/node16-base.manifest +13 -0
- package/test_sgx_env/sgx_default_qcnl.conf +20 -0
|
Binary file
|
|
Binary file
|
|
@@ -25,19 +25,29 @@ export declare type TeeRunMemoryBenchmarkType = {
|
|
|
25
25
|
memBandwidth: number;
|
|
26
26
|
memСonfirmedSize: number;
|
|
27
27
|
};
|
|
28
|
+
export declare type TeeGetKeyResult = {
|
|
29
|
+
key: Buffer;
|
|
30
|
+
request: Buffer;
|
|
31
|
+
};
|
|
28
32
|
export declare class EnclaveService {
|
|
29
33
|
private readonly tmpFolder;
|
|
30
34
|
private readonly sgx;
|
|
31
35
|
constructor(tmpFolder?: string);
|
|
32
36
|
/**
|
|
33
37
|
* Requests secret keys from cpu.
|
|
34
|
-
* @param
|
|
35
|
-
* @
|
|
38
|
+
* @param type Value from enum @type KeyType
|
|
39
|
+
* @param policy Value from enum @type KeyPolicy
|
|
40
|
+
* @param previousRequest Request, for example received in a previous call to this method,
|
|
41
|
+
* can be undefined - this way a new request will be generated
|
|
42
|
+
* @returns Key and request, generated by method.
|
|
43
|
+
*/
|
|
44
|
+
getSecretKey(type: KeyType, policy: KeyPolicy, previousRequest?: Buffer): Promise<TeeGetKeyResult>;
|
|
45
|
+
/**
|
|
46
|
+
* Determines whether the request to obtain the key is outdated, for example, cpu_svn or isv_svn were updated
|
|
47
|
+
* @param previousRequest - Key Request
|
|
48
|
+
* @returns True if the request is outdated, false - the request is up to date
|
|
36
49
|
*/
|
|
37
|
-
|
|
38
|
-
type: KeyType;
|
|
39
|
-
policy: KeyPolicy;
|
|
40
|
-
}): Promise<Buffer>;
|
|
50
|
+
isOutdatedRequest(previousRequest: Buffer): Promise<boolean>;
|
|
41
51
|
/**
|
|
42
52
|
* Returns TEE device information.
|
|
43
53
|
* @returns
|
|
@@ -42,11 +42,25 @@ class EnclaveService {
|
|
|
42
42
|
}
|
|
43
43
|
/**
|
|
44
44
|
* Requests secret keys from cpu.
|
|
45
|
-
* @param
|
|
46
|
-
* @
|
|
45
|
+
* @param type Value from enum @type KeyType
|
|
46
|
+
* @param policy Value from enum @type KeyPolicy
|
|
47
|
+
* @param previousRequest Request, for example received in a previous call to this method,
|
|
48
|
+
* can be undefined - this way a new request will be generated
|
|
49
|
+
* @returns Key and request, generated by method.
|
|
50
|
+
*/
|
|
51
|
+
async getSecretKey(type, policy, previousRequest) {
|
|
52
|
+
if (!previousRequest) {
|
|
53
|
+
previousRequest = Buffer.alloc(0);
|
|
54
|
+
}
|
|
55
|
+
return this.sgx.getKey(type, policy, previousRequest);
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Determines whether the request to obtain the key is outdated, for example, cpu_svn or isv_svn were updated
|
|
59
|
+
* @param previousRequest - Key Request
|
|
60
|
+
* @returns True if the request is outdated, false - the request is up to date
|
|
47
61
|
*/
|
|
48
|
-
async
|
|
49
|
-
return this.sgx.
|
|
62
|
+
async isOutdatedRequest(previousRequest) {
|
|
63
|
+
return this.sgx.isOutdatedRequest(previousRequest);
|
|
50
64
|
}
|
|
51
65
|
/**
|
|
52
66
|
* Returns TEE device information.
|
|
@@ -194,4 +208,4 @@ class EnclaveService {
|
|
|
194
208
|
}
|
|
195
209
|
}
|
|
196
210
|
exports.EnclaveService = EnclaveService;
|
|
197
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
211
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jbGF2ZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2VuY2xhdmUuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFNLEVBQUUsV0FBVyxFQUFFLGtCQUFrQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFDL0csbUNBQWlEO0FBQ2pELDJCQUF1RTtBQUN2RSwyQkFBNEI7QUFDNUIsK0JBQTRCO0FBQzVCLG1DQUF1RDtBQUd2RCxvQ0FBb0M7QUFDcEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDO0FBbURyQixNQUFNLGtCQUFrQixHQUFHLENBQUMsU0FBUyxHQUFHLE9BQU8sRUFBYSxFQUFFO0lBQzFELE1BQU0sYUFBYSxHQUFHO1FBQ2xCLEdBQUcsRUFBRSxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUM1QixPQUFPLEVBQUUsQ0FBQztLQUNiLENBQUM7SUFFRixPQUFPLElBQUksa0JBQVMsQ0FBQztRQUNqQixVQUFVLEVBQUUsS0FBSztRQUVqQixLQUFLLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFBRTtZQUNoQixRQUFRLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNyRSxhQUFhLENBQUMsR0FBRyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEMsYUFBYSxDQUFDLE9BQU8sR0FBRyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELFNBQVMsRUFBRSxVQUFVLEtBQUssRUFBRSxRQUFRLEVBQUUsUUFBUTtZQUMxQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLE9BQU8sR0FBRyxTQUFTLEVBQUU7Z0JBQ2xELE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEdBQUcsRUFBRSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ3BFLGFBQWEsQ0FBQyxPQUFPLElBQUksTUFBTSxDQUFDO2FBQ25DO2lCQUFNO2dCQUNILE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7Z0JBQy9GLGFBQWEsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO2dCQUMxQixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO2FBQ3hCO1lBQ0QsUUFBUSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN6QixDQUFDO0tBQ0osQ0FBQyxDQUFDO0FBQ1AsQ0FBQyxDQUFDO0FBRUYsTUFBYSxjQUFjO0lBR3ZCLFlBQTZCLFlBQVksSUFBQSxXQUFNLEdBQUU7UUFBcEIsY0FBUyxHQUFULFNBQVMsQ0FBVztRQUM3QyxJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSCxLQUFLLENBQUMsWUFBWSxDQUFDLElBQWEsRUFBRSxNQUFpQixFQUFFLGVBQXdCO1FBQ3pFLElBQUksQ0FBQyxlQUFlLEVBQUU7WUFDbEIsZUFBZSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDckM7UUFFRCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLEVBQVUsZUFBZSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsZUFBdUI7UUFDM0MsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsZ0JBQWdCO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxpQkFBeUI7UUFDcEQsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLDJCQUEyQixDQUFDLDRCQUFvQztRQUNsRSxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QixDQUMzQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxNQUFNLEdBQStCLElBQUksQ0FBQztRQUU5QyxJQUFJO1lBQ0EsTUFBTSxHQUF3QixJQUFJLGtCQUFrQixDQUFDLFdBQVcsRUFBRSxRQUFRLEVBQUUsY0FBYyxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQ2xHLElBQUksU0FBUyxHQUFHLENBQUMsQ0FBQztZQUNsQixJQUFJLFdBQVcsR0FBRyxPQUFPLENBQUM7WUFDMUIsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLDJDQUEyQyxDQUFDLEVBQUU7Z0JBQzFELFdBQVcsR0FBRyxRQUFRLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQ0FBMkMsQ0FBQyxDQUFDLENBQUM7YUFDcEY7WUFDRCxJQUFJLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDeEIsTUFBTSxhQUFhLEdBQUcsRUFBRSxDQUFDO1lBRXpCLElBQUksS0FBSyxFQUFFLE1BQU0sS0FBSyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUMsRUFBRTtnQkFDekUsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUU7b0JBQ2Ysc0NBQXNDO29CQUN0QyxTQUFTO2lCQUNaO2dCQUVELE1BQU0sV0FBVyxHQUFHLE1BQU0sTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7Z0JBRXpELElBQUksV0FBVyxLQUFLLEtBQUssQ0FBQyxNQUFNLEVBQUU7b0JBQzlCLE1BQU0sSUFBSSxLQUFLLENBQ1gsaUJBQWlCLEtBQUssQ0FBQyxNQUFNLHNCQUFzQixRQUFRLElBQUksV0FBVyxrQkFBa0IsV0FBVyxRQUFRLENBQ2xILENBQUM7aUJBQ0w7Z0JBRUQsU0FBUyxJQUFJLFdBQVcsQ0FBQztnQkFFekIsSUFBSSxlQUFlLElBQUksZUFBZSxFQUFFLEdBQUcsYUFBYSxFQUFFO29CQUN0RCxNQUFNLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztpQkFDeEI7YUFDSjtZQUVELE1BQU0sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBRXJCLE9BQU87Z0JBQ0gsUUFBUSxFQUFFLFdBQVc7Z0JBQ3JCLFFBQVEsRUFBRSxDQUFDLE1BQU0sYUFBVSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLElBQUk7Z0JBQ25ELFdBQVcsRUFBRSxTQUFTO2FBQ3pCLENBQUM7U0FDTDtRQUFDLE9BQU8sS0FBSyxFQUFFO1lBQ1osSUFBSSxNQUFNLEVBQUU7Z0JBQ1IsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBRXJCLE1BQU0sYUFBVSxDQUFDLEVBQUUsQ0FBQyxXQUFXLEVBQUU7b0JBQzdCLFNBQVMsRUFBRSxJQUFJO29CQUNmLEtBQUssRUFBRSxJQUFJO2lCQUNkLENBQUMsQ0FBQzthQUNOO1lBRUQsTUFBTSxLQUFLLENBQUM7U0FDZjtJQUNMLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxLQUFLLENBQUMsd0JBQXdCLENBQzFCLFFBQWdCLEVBQ2hCLFdBQXFCLEVBQ3JCLFNBQWlCO1FBRWpCLE1BQU0sV0FBVyxHQUFHLElBQUEsV0FBSSxFQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsU0FBUyxHQUFHLElBQUEsb0JBQVcsRUFBQyxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFFL0YsTUFBTSxjQUFjLEdBQ2hCLFNBQVMsQ0FBQyxNQUFNLEtBQUssRUFBRTtZQUNuQixDQUFDLENBQUMsSUFBQSxtQkFBVSxFQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDekUsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUVwQixJQUFJLEtBQUssR0FBK0IsSUFBSSxDQUFDO1FBRTdDLElBQUk7WUFDQSxNQUFNLGFBQWEsR0FBRyxJQUFBLHNCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXJELE1BQU0saUJBQVEsQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBRXBELEtBQUssR0FBd0IsSUFBSSxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUNsRyxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN0QyxNQUFNLGFBQWEsR0FBRyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ2xDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztZQUN0QixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7WUFDZixJQUFJLGNBQWMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRXJDLE1BQU0sZUFBZSxHQUFHLElBQUksaUJBQVEsQ0FBQztnQkFDakMsSUFBSSxFQUFFLEtBQUssV0FBVyxXQUFtQjtvQkFDckMsSUFBSSxTQUFTLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFO3dCQUNyQyxJQUFJLEtBQUssRUFBRTs0QkFDUCxNQUFNLEtBQUssQ0FBQyxLQUFLLEVBQUUsQ0FBQzt5QkFDdkI7d0JBRUQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO3FCQUMxQjtvQkFFRCxJQUFJLFVBQVUsR0FBRyxjQUFjLENBQUM7b0JBQ2hDLElBQUksZ0JBQWdCLEdBQUcsV0FBVyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUM7b0JBRXZELE9BQU8sQ0FBQyxTQUFTLElBQUksZ0JBQWdCLEdBQUcsQ0FBQyxFQUFFO3dCQUN2QyxNQUFNLEtBQUssR0FBRyxNQUFNLEtBQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLGFBQWEsQ0FBQyxDQUFDO3dCQUV2RCxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRTs0QkFDaEIsU0FBUyxHQUFHLElBQUksQ0FBQzs0QkFDakIsTUFBTTt5QkFDVDt3QkFFRCxVQUFVLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO3dCQUNoRCxNQUFNLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQzt3QkFDdkIsZ0JBQWdCLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQzt3QkFFakMsSUFBSSxLQUFLLENBQUMsTUFBTSxHQUFHLGFBQWEsRUFBRTs0QkFDOUIsU0FBUyxHQUFHLElBQUksQ0FBQzs0QkFDakIsTUFBTTt5QkFDVDtxQkFDSjtvQkFFRCxjQUFjLEdBQUcsVUFBVSxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztvQkFFL0MsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFDO2dCQUNoRCxDQUFDO2FBQ0osQ0FBQyxDQUFDO1lBRUgsT0FBTztnQkFDSCxRQUFRLEVBQUUsV0FBVztnQkFDckIsVUFBVSxFQUFFLGVBQWU7Z0JBQzNCLFFBQVEsRUFBRSxnQkFBZ0I7YUFDN0IsQ0FBQztTQUNMO1FBQUMsT0FBTyxLQUFLLEVBQUU7WUFDWixNQUFNLGFBQVUsQ0FBQyxFQUFFLENBQUMsV0FBVyxFQUFFO2dCQUM3QixTQUFTLEVBQUUsSUFBSTtnQkFDZixLQUFLLEVBQUUsSUFBSTthQUNkLENBQUMsQ0FBQztZQUVILElBQUksS0FBSyxFQUFFO2dCQUNQLE1BQU0sS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDO2FBQ3ZCO1lBRUQsTUFBTSxLQUFLLENBQUM7U0FDZjtJQUNMLENBQUM7Q0FDSjtBQTNORCx3Q0EyTkMifQ==
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
const SgxNative = __importStar(require("../sgx-native-module"));
|
|
30
|
+
const assert_1 = __importDefault(require("assert"));
|
|
31
|
+
const dcapVerifyService = new SgxNative.DcapQuoteVerifyService();
|
|
32
|
+
const pkiService = new SgxNative.PkiService();
|
|
33
|
+
const enclaveService = new SgxNative.EnclaveService();
|
|
34
|
+
async function GenCertWithQouteTest() {
|
|
35
|
+
const res = await pkiService.generateTlsCertificate({
|
|
36
|
+
days: 14,
|
|
37
|
+
dnsNames: ["superprotocol.com", "sp.com"],
|
|
38
|
+
ips: ["1.2.3.4", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"],
|
|
39
|
+
format: SgxNative.CertificateFormat.DER,
|
|
40
|
+
keyType: SgxNative.CertificateKeyType.ECP,
|
|
41
|
+
ecpCurve: SgxNative.ECPCurve.SECP384R1,
|
|
42
|
+
subject: {
|
|
43
|
+
commonName: "localhost",
|
|
44
|
+
},
|
|
45
|
+
serialNumber: "12345",
|
|
46
|
+
withQuote: true,
|
|
47
|
+
});
|
|
48
|
+
try {
|
|
49
|
+
const quote = await dcapVerifyService.extractQuoteFromCert(res.cert);
|
|
50
|
+
await dcapVerifyService.validateQuoteVerifierEnclave(quote);
|
|
51
|
+
}
|
|
52
|
+
catch (error) {
|
|
53
|
+
if (error instanceof SgxNative.QuoteValidationError) {
|
|
54
|
+
assert_1.default.equal(error.criticalError, false);
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
(0, assert_1.default)(false);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
console.log("GenCertWithQouteTest: Success");
|
|
61
|
+
}
|
|
62
|
+
async function GetKeyTest() {
|
|
63
|
+
const key = await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRSIGNER);
|
|
64
|
+
const key2 = await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRSIGNER, key.request);
|
|
65
|
+
const key3 = await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRSIGNER);
|
|
66
|
+
(0, assert_1.default)(Buffer.compare(key.key, key2.key) === 0);
|
|
67
|
+
(0, assert_1.default)(Buffer.compare(key.key, key3.key) !== 0);
|
|
68
|
+
await assert_1.default.rejects(async () => {
|
|
69
|
+
await enclaveService.getSecretKey(SgxNative.KeyType.SGX_KEYSELECT_SEAL, SgxNative.KeyPolicy.SGX_KEYPOLICY_MRENCLAVE, key.request);
|
|
70
|
+
}, {
|
|
71
|
+
name: "TypeError",
|
|
72
|
+
message: "The previous request parameters do not match the request name or policy",
|
|
73
|
+
});
|
|
74
|
+
const outDated = await enclaveService.isOutdatedRequest(key.request);
|
|
75
|
+
(0, assert_1.default)(outDated === false);
|
|
76
|
+
console.log("GetKeyTest: Success");
|
|
77
|
+
}
|
|
78
|
+
(async () => {
|
|
79
|
+
await GenCertWithQouteTest();
|
|
80
|
+
await GetKeyTest();
|
|
81
|
+
})();
|
|
82
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2d4LXRlc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL3NneC10ZXN0cy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsZ0VBQWtEO0FBQ2xELG9EQUE0QjtBQUU1QixNQUFNLGlCQUFpQixHQUFHLElBQUksU0FBUyxDQUFDLHNCQUFzQixFQUFFLENBQUM7QUFDakUsTUFBTSxVQUFVLEdBQUcsSUFBSSxTQUFTLENBQUMsVUFBVSxFQUFFLENBQUM7QUFDOUMsTUFBTSxjQUFjLEdBQUcsSUFBSSxTQUFTLENBQUMsY0FBYyxFQUFFLENBQUM7QUFFdEQsS0FBSyxVQUFVLG9CQUFvQjtJQUMvQixNQUFNLEdBQUcsR0FBRyxNQUFNLFVBQVUsQ0FBQyxzQkFBc0IsQ0FBQztRQUNoRCxJQUFJLEVBQUUsRUFBRTtRQUNSLFFBQVEsRUFBRSxDQUFDLG1CQUFtQixFQUFFLFFBQVEsQ0FBQztRQUN6QyxHQUFHLEVBQUUsQ0FBQyxTQUFTLEVBQUUseUNBQXlDLENBQUM7UUFDM0QsTUFBTSxFQUFFLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHO1FBQ3ZDLE9BQU8sRUFBRSxTQUFTLENBQUMsa0JBQWtCLENBQUMsR0FBRztRQUN6QyxRQUFRLEVBQUUsU0FBUyxDQUFDLFFBQVEsQ0FBQyxTQUFTO1FBQ3RDLE9BQU8sRUFBRTtZQUNMLFVBQVUsRUFBRSxXQUFXO1NBQzFCO1FBQ0QsWUFBWSxFQUFFLE9BQU87UUFDckIsU0FBUyxFQUFFLElBQUk7S0FDbEIsQ0FBQyxDQUFDO0lBQ0gsSUFBSTtRQUNBLE1BQU0sS0FBSyxHQUFHLE1BQU0saUJBQWlCLENBQUMsb0JBQW9CLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3JFLE1BQU0saUJBQWlCLENBQUMsNEJBQTRCLENBQUMsS0FBSyxDQUFDLENBQUM7S0FDL0Q7SUFBQyxPQUFPLEtBQUssRUFBRTtRQUNaLElBQUksS0FBSyxZQUFZLFNBQVMsQ0FBQyxvQkFBb0IsRUFBRTtZQUNqRCxnQkFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsYUFBYSxFQUFFLEtBQUssQ0FBQyxDQUFDO1NBQzVDO2FBQU07WUFDSCxJQUFBLGdCQUFNLEVBQUMsS0FBSyxDQUFDLENBQUM7U0FDakI7S0FDSjtJQUNELE9BQU8sQ0FBQyxHQUFHLENBQUMsK0JBQStCLENBQUMsQ0FBQztBQUNqRCxDQUFDO0FBRUQsS0FBSyxVQUFVLFVBQVU7SUFDckIsTUFBTSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUN6QyxTQUFTLENBQUMsT0FBTyxDQUFDLGtCQUFrQixFQUNwQyxTQUFTLENBQUMsU0FBUyxDQUFDLHNCQUFzQixDQUM3QyxDQUFDO0lBRUYsTUFBTSxJQUFJLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUMxQyxTQUFTLENBQUMsT0FBTyxDQUFDLGtCQUFrQixFQUNwQyxTQUFTLENBQUMsU0FBUyxDQUFDLHNCQUFzQixFQUMxQyxHQUFHLENBQUMsT0FBTyxDQUNkLENBQUM7SUFFRixNQUFNLElBQUksR0FBRyxNQUFNLGNBQWMsQ0FBQyxZQUFZLENBQzFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLEVBQ3BDLFNBQVMsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLENBQzdDLENBQUM7SUFFRixJQUFBLGdCQUFNLEVBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNoRCxJQUFBLGdCQUFNLEVBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUVoRCxNQUFNLGdCQUFNLENBQUMsT0FBTyxDQUNoQixLQUFLLElBQUksRUFBRTtRQUNQLE1BQU0sY0FBYyxDQUFDLFlBQVksQ0FDN0IsU0FBUyxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsRUFDcEMsU0FBUyxDQUFDLFNBQVMsQ0FBQyx1QkFBdUIsRUFDM0MsR0FBRyxDQUFDLE9BQU8sQ0FDZCxDQUFDO0lBQ04sQ0FBQyxFQUNEO1FBQ0ksSUFBSSxFQUFFLFdBQVc7UUFDakIsT0FBTyxFQUFFLHlFQUF5RTtLQUNyRixDQUNKLENBQUM7SUFFRixNQUFNLFFBQVEsR0FBRyxNQUFNLGNBQWMsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDckUsSUFBQSxnQkFBTSxFQUFDLFFBQVEsS0FBSyxLQUFLLENBQUMsQ0FBQztJQUUzQixPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7QUFDdkMsQ0FBQztBQUVELENBQUMsS0FBSyxJQUFJLEVBQUU7SUFDUixNQUFNLG9CQUFvQixFQUFFLENBQUM7SUFDN0IsTUFBTSxVQUFVLEVBQUUsQ0FBQztBQUN2QixDQUFDLENBQUMsRUFBRSxDQUFDIn0=
|
package/package.json
CHANGED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
FROM node:16-buster-slim
|
|
2
|
+
|
|
3
|
+
RUN apt update && apt install -y libcurl4 libcjson1 curl gnupg2 && rm -rf /var/lib/apt/lists/*
|
|
4
|
+
RUN curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - \
|
|
5
|
+
&& echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' >> /etc/apt/sources.list.d/intel-sgx.list \
|
|
6
|
+
&& apt-get update \
|
|
7
|
+
&& apt install libsgx-dcap-default-qpl libsgx-urts -y
|
|
8
|
+
|
|
9
|
+
COPY ./sgx_default_qcnl.conf /etc/sgx_default_qcnl.conf
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
RUN mkdir -p /sp/run
|
|
13
|
+
|
|
14
|
+
WORKDIR /sp/run
|
|
15
|
+
|
|
16
|
+
ENTRYPOINT ["/usr/local/bin/node", "/sp/run/dist/sgx-native-module/sgx-tests.js"]
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
set -e
|
|
3
|
+
SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )"
|
|
4
|
+
|
|
5
|
+
GSC_FIXED_COMMIT="v1.4"
|
|
6
|
+
BASE_IMAGE_NAME="node16-sgx-tests"
|
|
7
|
+
|
|
8
|
+
docker rmi gsc-${BASE_IMAGE_NAME} -f
|
|
9
|
+
docker rmi gsc-${BASE_IMAGE_NAME}-unsigned -f
|
|
10
|
+
docker rmi ${BASE_IMAGE_NAME} -f
|
|
11
|
+
|
|
12
|
+
docker build -t ${BASE_IMAGE_NAME} --rm .
|
|
13
|
+
|
|
14
|
+
rm -f enclave-key.pem
|
|
15
|
+
openssl genrsa -3 -out enclave-key.pem 3072
|
|
16
|
+
|
|
17
|
+
rm -rf ./gsc
|
|
18
|
+
git clone https://github.com/gramineproject/gsc && cd gsc && git reset --hard "${GSC_FIXED_COMMIT}" && git config user.email "super@user.com" && git config user.name "SuperUser" && git cherry-pick 4bf7976
|
|
19
|
+
curl https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key -o ./keys/intel-sgx-deb.key
|
|
20
|
+
sed -i 's/\(gramine-sgx \/gramine\/app_files\/entrypoint\)/exec \1/g; s/\(gramine-direct \/gramine\/app_files\/entrypoint\)/exec \1/g' ./templates/apploader.common.template
|
|
21
|
+
|
|
22
|
+
./gsc build ${BASE_IMAGE_NAME} ../node16-base.manifest -c ../gsc-config.yaml
|
|
23
|
+
./gsc sign-image ${BASE_IMAGE_NAME} ../enclave-key.pem -c ../gsc-config.yaml
|
|
24
|
+
|
|
25
|
+
pushd ${SCRIPT_DIR}/..
|
|
26
|
+
npm install && npm run build
|
|
27
|
+
popd
|
|
28
|
+
|
|
29
|
+
docker run --rm -it --device=/dev/sgx_enclave -v /dev/sgx:/dev/sgx -v ${SCRIPT_DIR}/../:/sp/run -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket gsc-${BASE_IMAGE_NAME}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Specify the OS distro. Currently tested distros are Ubuntu 18.04 and Ubuntu 20.04.
|
|
2
|
+
Distro: "ubuntu:20.04"
|
|
3
|
+
|
|
4
|
+
# If you're using your own fork and branch of Gramine, specify the GitHub link and the branch name
|
|
5
|
+
# below; typically, you want to keep the default values though
|
|
6
|
+
Gramine:
|
|
7
|
+
Repository: "https://github.com/Super-Protocol/sp-gramine.git"
|
|
8
|
+
Branch: "v1.4-sp"
|
|
9
|
+
|
|
10
|
+
# Specify the Intel SGX driver installed on your machine (more specifically, on the machine where
|
|
11
|
+
# the graminized Docker container will run); there are several variants of the SGX driver:
|
|
12
|
+
SGXDriver:
|
|
13
|
+
Repository: "https://github.com/intel/SGXDataCenterAttestationPrimitives.git"
|
|
14
|
+
Branch: "DCAP_1.12 && cp -r driver/linux/* ."
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
sgx.nonpie_binary = true
|
|
2
|
+
sgx.enclave_size = "1G"
|
|
3
|
+
sgx.max_threads = 64
|
|
4
|
+
|
|
5
|
+
sys.enable_sigterm_injection = true
|
|
6
|
+
sys.insecure__allow_eventfd = true
|
|
7
|
+
|
|
8
|
+
sgx.allowed_files = [
|
|
9
|
+
"file:/sp/run/",
|
|
10
|
+
]
|
|
11
|
+
|
|
12
|
+
sgx.remote_attestation = "dcap"
|
|
13
|
+
sgx.isvsvn = 0
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# PCCS server address
|
|
2
|
+
PCCS_URL=https://intelpccs.svc:8081/sgx/certification/v3/
|
|
3
|
+
|
|
4
|
+
# To accept insecure HTTPS certificate, set this option to FALSE
|
|
5
|
+
USE_SECURE_CERT=TRUE
|
|
6
|
+
|
|
7
|
+
# You can use Intel PCS to get quote verification collateral
|
|
8
|
+
COLLATERAL_SERVICE=https://api.trustedservices.intel.com/sgx/certification/v3/
|
|
9
|
+
|
|
10
|
+
# If you use PCCS service to get quote verification collateral, you can specify which API version is to be used
|
|
11
|
+
# The legacy 3.0 API will return CRLs in HEX encoded DER format, while the new 3.1 API will return raw DER format
|
|
12
|
+
PCCS_API_VERSION=3.1
|
|
13
|
+
|
|
14
|
+
# Maximum retry times for QCNL. If RETRY is not defined or set to 0, no retry will be performed.
|
|
15
|
+
# It will first wait one second and then for all forthcoming retries it will double the waiting time
|
|
16
|
+
# By using RETRY_DELAY you disable this exponential backoff algorithm
|
|
17
|
+
#RETRY_TIMES=6
|
|
18
|
+
|
|
19
|
+
# Sleep this amount of seconds before each retry when a transfer has failed with a transient error
|
|
20
|
+
#RETRY_DELAY=10
|