├── .asf.yaml ├── .dockerignore ├── .drone.yml ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── blank_issue.md │ ├── config.yml │ ├── feature_request.md │ ├── question.md │ └── report_bug.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── ci.yml │ ├── codeql-analysis.yml │ ├── doc.yml │ ├── docker.yml │ ├── ubuntu1804-test.yml │ └── ubuntu2004-test.yml ├── .gitignore ├── .gitmodules ├── .licenserc.yaml ├── .rustfmt.toml ├── CMakeLists.txt ├── CONTRIBUTING.md ├── DISCLAIMER ├── KEYS ├── LICENSE ├── NOTICE ├── README.md ├── SECURITY.md ├── attestation ├── Cargo.toml ├── README.md └── src │ ├── attestation.rs │ ├── cert.rs │ ├── key.rs │ ├── lib.rs │ ├── platform │ ├── libos │ │ ├── mod.rs │ │ └── occlum.rs │ ├── mod.rs │ └── sgx.rs │ ├── report.rs │ ├── service.rs │ └── verifier.rs ├── binder ├── Cargo.toml ├── README.md ├── attribute │ ├── Cargo.toml │ └── src │ │ └── lib.rs ├── build.rs └── src │ ├── binder.rs │ ├── error.rs │ ├── ipc │ ├── app.rs │ ├── enclave.rs │ └── mod.rs │ ├── lib.rs │ ├── macros.rs │ ├── ocall.rs │ └── proto.rs ├── cli ├── Cargo.toml ├── README.md └── src │ └── main.rs ├── cmake ├── TeaclaveGenVars.cmake ├── TeaclaveUtils.cmake ├── UtilTargets.cmake ├── scripts │ ├── Enclave.lds │ ├── build_in_ci.sh │ ├── build_occlum_instance.sh │ ├── cargo_build_ex.sh │ ├── cc_wrapper.sh │ ├── gen_cov.sh │ ├── gen_enclave_info_toml.py │ ├── gen_enclave_sig.sh │ ├── lcov_realpath.py │ ├── llvm-gcov.sh │ ├── parse_cargo_packages.py │ ├── prep.sh │ ├── rustc_wrapper.sh │ ├── setup_cmake_tomls.py │ ├── sgx_link_sign.sh │ └── test.sh └── tomls │ ├── Cargo.sgx_trusted_lib.lock │ ├── Cargo.sgx_trusted_lib.toml │ ├── Cargo.sgx_untrusted_app.lock │ ├── Cargo.sgx_untrusted_app.toml │ ├── Cargo.unix_app.lock │ └── Cargo.unix_app.toml ├── common ├── README.md └── rusty_leveldb_sgx │ ├── Cargo.toml │ ├── LICENSE │ ├── README.md │ └── src │ ├── block.rs │ ├── block_builder.rs │ ├── blockhandle.rs │ ├── cache.rs │ ├── cmp.rs │ ├── db_impl.rs │ ├── db_iter.rs │ ├── disk_env.rs │ ├── env.rs │ ├── env_common.rs │ ├── error.rs │ ├── filter.rs │ ├── filter_block.rs │ ├── infolog.rs │ ├── key_types.rs │ ├── lib.rs │ ├── log.rs │ ├── mem_env.rs │ ├── memtable.rs │ ├── merging_iter.rs │ ├── options.rs │ ├── skipmap.rs │ ├── snapshot.rs │ ├── table_block.rs │ ├── table_builder.rs │ ├── table_cache.rs │ ├── table_reader.rs │ ├── test_util.rs │ ├── types.rs │ ├── version.rs │ ├── version_edit.rs │ ├── version_set.rs │ └── write_batch.rs ├── config ├── Cargo.lock ├── Cargo.toml ├── README.md ├── build.config.toml ├── build.rs ├── config_gen │ ├── Cargo.lock │ ├── Cargo.toml │ ├── main.rs │ └── templates │ │ └── config.j2 ├── keys │ ├── auditors │ │ ├── albus_dumbledore │ │ │ ├── albus_dumbledore.private.pem │ │ │ └── albus_dumbledore.public.pem │ │ ├── godzilla │ │ │ ├── godzilla.private.pem │ │ │ └── godzilla.public.pem │ │ └── optimus_prime │ │ │ ├── optimus_prime.private.pem │ │ │ └── optimus_prime.public.pem │ ├── dcap_root_ca_cert.pem │ ├── dcap_server_cert.pem │ ├── dcap_server_key.pem │ ├── enclave_signing_key.pem │ └── ias_root_ca_cert.pem ├── runtime.config.toml └── src │ ├── build.rs │ ├── lib.rs │ └── runtime.rs ├── crypto ├── Cargo.toml ├── README.md └── src │ └── lib.rs ├── dcap ├── Cargo.toml ├── README.md ├── Rocket.toml └── src │ └── main.rs ├── docker ├── README.md ├── build.ubuntu-1804-sgx-2.17.1.Dockerfile ├── build.ubuntu-1804-sgx-dcap-1.14.Dockerfile ├── build.ubuntu-2004-sgx-2.17.1.Dockerfile ├── build.ubuntu-2004-sgx-dcap-1.14.Dockerfile ├── docker-compose-aesm-socket.override.yml ├── docker-compose-aesm-vol.override.yml ├── docker-compose-dcap-dev.override.yml ├── docker-compose-isgx-dev.override.yml ├── docker-compose-ubuntu-1804.yml ├── docker-compose-ubuntu-2004.yml ├── run-teaclave-services.sh ├── runtime.config.toml ├── teaclave-rt.ubuntu-1804.Dockerfile └── teaclave-rt.ubuntu-2004.Dockerfile ├── docs ├── README.md ├── access-control.md ├── adding-executors.md ├── azure-confidential-computing.md ├── build-system.md ├── builtin-functions.md ├── development-tips.md ├── executing-in-occlum.md ├── executing-wasm.md ├── functions-in-python.md ├── inference-with-tvm.md ├── mutual-attestation.md ├── my-first-function.md ├── papers-talks.md ├── release-guide.md ├── rust-guideline.md ├── service-internals.md └── threat-model.md ├── edl ├── Enclave_common.edl └── Enclave_fa.edl ├── examples ├── README.md ├── c │ ├── .clang-format │ ├── Makefile │ ├── builtin_echo.c │ ├── builtin_ordered_set_intersect.c │ └── utils.h ├── python │ ├── builtin_echo.py │ ├── builtin_face_detection.py │ ├── builtin_gbdt_train.py │ ├── builtin_online_decrypt.py │ ├── builtin_ordered_set_intersect.py │ ├── builtin_password_check.py │ ├── builtin_private_join_and_compute.py │ ├── builtin_rsa_sign.py │ ├── mesapy_deadloop_cancel.py │ ├── mesapy_deadloop_payload.py │ ├── mesapy_echo.py │ ├── mesapy_echo_payload.py │ ├── mesapy_logistic_reg.py │ ├── mesapy_logistic_reg_payload.py │ ├── mesapy_optional_files.py │ ├── mesapy_optional_files_payload.py │ ├── requirements.txt │ ├── test_disable_function.py │ ├── utils.py │ ├── wasm_c_millionaire_problem_payload │ │ ├── Makefile │ │ └── millionaire_problem.c │ ├── wasm_c_simple_add.py │ ├── wasm_c_simple_add_payload │ │ ├── Makefile │ │ └── simple_add.c │ ├── wasm_rust_psi.py │ ├── wasm_rust_psi_payload │ │ ├── Cargo.lock │ │ ├── Cargo.toml │ │ ├── Makefile │ │ └── src │ │ │ └── lib.rs │ ├── wasm_tvm_mnist.py │ └── wasm_tvm_mnist_payload │ │ ├── .cargo │ │ └── config │ │ ├── .gitignore │ │ ├── Cargo.toml │ │ ├── Makefile │ │ ├── build.rs │ │ ├── build_lib.py │ │ ├── data │ │ └── img_10.jpg │ │ ├── mnist-8.onnx │ │ ├── src │ │ ├── lib.rs │ │ ├── types.rs │ │ └── utils.rs │ │ └── test_lib.py └── rust │ ├── builtin_echo │ ├── Cargo.lock │ ├── Cargo.toml │ └── src │ │ └── main.rs │ ├── builtin_ordered_set_intersect │ ├── Cargo.lock │ ├── Cargo.toml │ └── src │ │ └── main.rs │ └── sequential_functions │ ├── Cargo.lock │ ├── Cargo.toml │ └── src │ └── main.rs ├── executor ├── Cargo.toml ├── README.md ├── context │ ├── Cargo.toml │ └── src │ │ ├── context.rs │ │ └── lib.rs └── src │ ├── builtin.rs │ ├── lib.rs │ ├── mesapy.rs │ └── wamr.rs ├── file_agent ├── Cargo.toml ├── README.md └── src │ ├── agent.rs │ └── lib.rs ├── function ├── Cargo.toml ├── README.md └── src │ ├── echo.rs │ ├── face_detection.rs │ ├── gbdt_predict.rs │ ├── gbdt_train.rs │ ├── lib.rs │ ├── logistic_regression_predict.rs │ ├── logistic_regression_train.rs │ ├── online_decrypt.rs │ ├── ordered_set_intersect.rs │ ├── ordered_set_join.rs │ ├── password_check.rs │ ├── principal_components_analysis.rs │ ├── private_join_and_compute.rs │ └── rsa_sign.rs ├── licenses ├── LICENSE-ios-cmake.txt ├── LICENSE-mesapy.txt ├── LICENSE-rusty-leveldb.txt └── LICENSE-wasm-micro-runtime.txt ├── logger ├── Cargo.toml ├── README.md └── src │ ├── lib.rs │ └── task_logger.rs ├── rpc ├── Cargo.toml ├── README.md └── src │ ├── config.rs │ ├── interceptor.rs │ ├── lib.rs │ └── macros.rs ├── runtime ├── Cargo.toml ├── README.md └── src │ ├── default.rs │ ├── lib.rs │ └── raw_io.rs ├── sdk ├── README.md ├── c │ ├── Makefile │ ├── cbindgen.toml │ └── teaclave_client_sdk.h ├── payload │ └── wasm │ │ ├── cbindgen.toml │ │ ├── teaclave_context.h │ │ └── teaclave_context │ │ ├── Cargo.toml │ │ └── src │ │ └── lib.rs ├── python │ ├── __init__.py │ └── teaclave.py ├── rust │ ├── Cargo.lock │ ├── Cargo.toml │ └── src │ │ ├── bindings.rs │ │ └── lib.rs └── swift │ ├── README.md │ └── TeaclaveClientSDK │ ├── .gitignore │ ├── External │ └── teaclave_client_sdk.h │ ├── TeaclaveClientSDK.podspec │ ├── TeaclaveClientSDK.xcodeproj │ ├── project.pbxproj │ ├── project.xcworkspace │ │ ├── contents.xcworkspacedata │ │ └── xcshareddata │ │ │ ├── IDEWorkspaceChecks.plist │ │ │ └── swiftpm │ │ │ └── Package.resolved │ └── xcshareddata │ │ └── xcschemes │ │ ├── TeaclaveClientSDK.xcscheme │ │ └── TeaclaveClientSDKTests.xcscheme │ ├── TeaclaveClientSDK │ ├── Info.plist │ ├── TeaclaveClientSDK.h │ ├── TeaclaveClientSDK.modulemap │ └── TeaclaveClientSDK.swift │ └── TeaclaveClientSDKTests │ ├── Info.plist │ └── TeaclaveClientSDKTests.swift ├── services ├── README.md ├── access_control │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ ├── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ │ ├── acs.rs │ │ │ ├── error.rs │ │ │ ├── lib.rs │ │ │ └── service.rs │ ├── model.conf │ └── policy.csv ├── authentication │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── api_service.rs │ │ ├── error.rs │ │ ├── internal_service.rs │ │ ├── lib.rs │ │ ├── user_db.rs │ │ └── user_info.rs ├── execution │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── ecall.rs │ │ ├── file_handler.rs │ │ ├── lib.rs │ │ ├── service.rs │ │ └── task_file_manager.rs ├── frontend │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── audit.rs │ │ ├── error.rs │ │ ├── lib.rs │ │ └── service.rs ├── management │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── audit │ │ ├── auditor.rs │ │ ├── db_directory.rs │ │ ├── mod.rs │ │ └── tests.rs │ │ ├── error.rs │ │ ├── lib.rs │ │ └── service.rs ├── proto │ ├── Cargo.toml │ ├── build.rs │ └── src │ │ ├── lib.rs │ │ ├── macros.rs │ │ ├── proto │ │ ├── teaclave_access_control_service.proto │ │ ├── teaclave_authentication_service.proto │ │ ├── teaclave_common.proto │ │ ├── teaclave_frontend_service.proto │ │ ├── teaclave_management_service.proto │ │ ├── teaclave_scheduler_service.proto │ │ └── teaclave_storage_service.proto │ │ ├── teaclave_access_control_service.rs │ │ ├── teaclave_authentication_service.rs │ │ ├── teaclave_common.rs │ │ ├── teaclave_frontend_service.rs │ │ ├── teaclave_management_service.rs │ │ ├── teaclave_scheduler_service.rs │ │ └── teaclave_storage_service.rs ├── scheduler │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── error.rs │ │ ├── lib.rs │ │ ├── publisher.rs │ │ └── service.rs ├── storage │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── error.rs │ │ ├── lib.rs │ │ ├── proxy.rs │ │ └── service.rs └── utils │ ├── service_app_utils │ ├── Cargo.toml │ └── src │ │ └── lib.rs │ └── service_enclave_utils │ ├── Cargo.toml │ └── src │ ├── lib.rs │ └── macros.rs ├── tests ├── README.md ├── fixtures │ ├── auditors │ │ ├── albus_dumbledore.sign.sha256 │ │ ├── godzilla.sign.sha256 │ │ └── optimus_prime.sign.sha256 │ ├── ca_cert.pem │ ├── dcap_root_ca_cert.der │ ├── enclave_info.toml │ ├── end_fullchain.pem │ ├── end_key.pem │ ├── functions │ │ ├── face_detection │ │ │ ├── input.jpg │ │ │ └── output.jpg │ │ ├── gbdt_prediction │ │ │ ├── expected_result.txt │ │ │ ├── model.txt │ │ │ └── test_data.txt │ │ ├── gbdt_training │ │ │ ├── expected_model.txt │ │ │ ├── train.aes_gcm_128 │ │ │ ├── train.enc │ │ │ └── train.txt │ │ ├── logistic_regression_prediction │ │ │ ├── expected_result.txt │ │ │ ├── model.txt │ │ │ └── predict_input.txt │ │ ├── logistic_regression_training │ │ │ ├── expected_model.txt │ │ │ └── train.txt │ │ ├── mesapy │ │ │ ├── input.txt │ │ │ └── output.txt │ │ ├── ordered_set_intersect │ │ │ ├── psi0.txt │ │ │ ├── psi0.txt.enc │ │ │ ├── psi1.txt │ │ │ └── psi1.txt.enc │ │ ├── ordered_set_join │ │ │ ├── join0.csv │ │ │ ├── join0.csv.enc │ │ │ ├── join1.csv │ │ │ └── join1.csv.enc │ │ ├── password_check │ │ │ ├── exposed_passwords.txt │ │ │ ├── exposed_passwords.txt.enc │ │ │ └── password.txt │ │ ├── princopal_components_analysis │ │ │ ├── expected_result.txt │ │ │ └── input.txt │ │ ├── private_join_and_compute │ │ │ └── three_party_data │ │ │ │ ├── bank_a.enc │ │ │ │ ├── bank_a.txt │ │ │ │ ├── bank_b.enc │ │ │ │ ├── bank_b.txt │ │ │ │ ├── bank_c.enc │ │ │ │ └── bank_c.txt │ │ ├── py_logistic_reg │ │ │ ├── predict.enc │ │ │ ├── predict.txt │ │ │ ├── py_result.txt │ │ │ ├── train.enc │ │ │ └── train.txt │ │ ├── rsa_sign │ │ │ ├── expected_rsasign.txt │ │ │ ├── key.der │ │ │ └── rsakey.enc │ │ ├── wamr_c_millionaire_problem │ │ │ ├── expected_output.txt │ │ │ ├── input_a.txt │ │ │ └── input_b.txt │ │ ├── wamr_rust_psi │ │ │ ├── psi0.txt │ │ │ ├── psi0.txt.enc │ │ │ ├── psi1.txt │ │ │ └── psi1.txt.enc │ │ └── wamr_tvm_mnist │ │ │ ├── img_10.jpg │ │ │ └── img_10.jpg.enc │ ├── fusion │ │ ├── input1.txt │ │ └── input2.txt │ ├── ias_root_ca_cert.der │ ├── tls_ra_cert_v3.der │ └── tls_ra_cert_v4.der ├── functional │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── access_control_service.rs │ │ ├── authentication_service.rs │ │ ├── end_to_end │ │ ├── builtin_echo.rs │ │ ├── builtin_gbdt_train.rs │ │ ├── mesapy_data_fusion.rs │ │ ├── mesapy_echo.rs │ │ └── mod.rs │ │ ├── execution_service.rs │ │ ├── frontend_service.rs │ │ ├── lib.rs │ │ ├── management_service.rs │ │ ├── scheduler_service.rs │ │ ├── storage_service.rs │ │ └── utils.rs ├── integration │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ ├── main.rs │ │ │ └── teaclave_config_tests.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ ├── lib.rs │ │ ├── rusty_leveldb_sgx.rs │ │ └── teaclave_worker.rs ├── scripts │ ├── functional_tests.py │ └── simple_http_server.py ├── unit │ ├── app │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── enclave │ │ ├── Cargo.toml │ │ ├── Enclave.config.xml │ │ └── src │ │ └── lib.rs └── utils │ ├── Cargo.toml │ ├── proc_macro │ ├── Cargo.toml │ └── src │ │ └── lib.rs │ └── src │ └── lib.rs ├── third_party ├── README.md └── wamr.patch ├── tools ├── README.md ├── scripts │ └── ide.sh └── sgx_tool │ ├── README.md │ ├── app │ ├── Cargo.toml │ ├── build.rs │ └── src │ │ └── main.rs │ └── enclave │ ├── Cargo.toml │ ├── Enclave.config.xml │ └── src │ └── lib.rs ├── types ├── Cargo.toml ├── README.md └── src │ ├── attestation.rs │ ├── audit.rs │ ├── crypto.rs │ ├── error.rs │ ├── file.rs │ ├── file_agent.rs │ ├── function.rs │ ├── lib.rs │ ├── macros.rs │ ├── staged_file.rs │ ├── staged_function.rs │ ├── staged_task.rs │ ├── storage.rs │ ├── task.rs │ ├── task_state.rs │ ├── user.rs │ └── worker.rs └── worker ├── Cargo.toml ├── README.md └── src ├── lib.rs └── worker.rs /.asf.yaml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | github: 17 | description: "Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple." 18 | homepage: https://teaclave.apache.org 19 | labels: 20 | - universal-secure-computing 21 | - confidential-computing 22 | - trusted-execution-environment 23 | - function-as-a-service 24 | - secure-multiparty-computation 25 | - tee 26 | - sgx 27 | - trustzone 28 | - faas 29 | - rust 30 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Ignore everything 17 | ** 18 | 19 | # Allow 20 | !/release/services/** 21 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Normalize endings to LF 2 | * text=auto 3 | 4 | # All known text filetypes 5 | *.md text 6 | *.rs text 7 | *.sh text eol=lf 8 | *.toml text 9 | *.txt text 10 | *.yml text 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/blank_issue.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Blank Issue 3 | about: Create a blank issue. 4 | --- 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: true 2 | contact_links: 3 | - name: Security Issue 4 | url: https://teaclave.apache.org/community/#reporting-a-vulnerability 5 | about: Please report security issues to our private mailing list first 6 | before disclosing them in a public forum. 7 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature Request 3 | about: Suggest an idea for Teaclave. 4 | labels: feature 5 | --- 6 | 10 | 11 | ### Motivation & problem statement 12 | 13 | 16 | 17 | (Please describe the problem you are trying to solve.) 18 | 19 | ### Proposed solution 20 | 21 | 24 | 25 | (Describe the solution or desired behavior you'd like here.) 26 | 27 | ### Describe alternatives you've considered 28 | 29 | 32 | 33 | (Write your answer here.) 34 | 35 | ### Additional context 36 | 37 | 41 | 42 | (Write your answer here.) 43 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/question.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Question 3 | about: Ask questions about Teaclave. 4 | labels: question 5 | --- 6 | 14 | 15 | (Write your question here.) 16 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/report_bug.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Create a bug report for Teaclave. 4 | labels: bug 5 | --- 6 | 10 | 11 | I tried to build, execute, deploy, and use Teaclave like this: 12 | 13 | ``` 14 | 15 | ``` 16 | 17 | I expected to see this happen: *explanation* 18 | 19 | Instead, this happened: *explanation* 20 | 21 | ### Meta 22 | 26 |
Logs of Services 27 |

28 | 29 | ``` 30 | 31 | ``` 32 | 33 |

34 |
35 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | 3 | Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. 4 | 5 | Fixes # (issue) 6 | 7 | ## Type of change (select or add applied and delete the others) 8 | 9 | - [ ] Bug fix (non-breaking change which fixes an issue) 10 | - [ ] New feature (non-breaking change which adds functionality) 11 | - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) 12 | - [ ] API change with a documentation update 13 | - [ ] Additional test coverage 14 | - [ ] Code cleanup or just sync with upstream third-party crates 15 | 16 | ## How has this been tested? 17 | 18 | ## Checklist 19 | 20 | - [ ] Fork the repo and create your branch from `master`. 21 | - [ ] If you've added code that should be tested, add tests. 22 | - [ ] If you've changed APIs, update the documentation. 23 | - [ ] Ensure the tests pass (see CI results). 24 | - [ ] Make sure your code lints/format. 25 | -------------------------------------------------------------------------------- /.github/workflows/doc.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | name: Doc-ubuntu-20.04 19 | on: [push, workflow_dispatch] 20 | defaults: 21 | run: 22 | shell: bash 23 | 24 | env: 25 | DOC: 1 26 | 27 | jobs: 28 | doc: 29 | runs-on: ubuntu-20.04 30 | container: teaclave/teaclave-build-ubuntu-2004-sgx-2.17.1:0.2.0 31 | steps: 32 | - uses: actions/checkout@v3 33 | - name: Build 34 | run: | 35 | . cmake/scripts/build_in_ci.sh 36 | -------------------------------------------------------------------------------- /.github/workflows/ubuntu1804-test.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | name: Test-ubuntu-18.04 19 | on: 20 | schedule: 21 | - cron: '36 22 * * 3' 22 | workflow_dispatch: 23 | 24 | defaults: 25 | run: 26 | shell: bash 27 | 28 | jobs: 29 | sim-debug-all: 30 | runs-on: ubuntu-20.04 31 | container: teaclave/teaclave-build-ubuntu-1804-sgx-2.17.1:0.2.0 32 | steps: 33 | - uses: actions/checkout@v3 34 | - name: Build 35 | run: | 36 | . cmake/scripts/build_in_ci.sh 37 | - name: Run tests and examples 38 | run: | 39 | export AS_SPID="00000000000000000000000000000000" && 40 | export AS_KEY="00000000000000000000000000000000" && 41 | export AS_ALGO="sgx_epid" && 42 | export AS_URL="https://api.trustedservices.intel.com:443" && 43 | . ~/.cargo/env && 44 | cd build && 45 | make run-tests 46 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | **/target 17 | **/*.o 18 | **/*.pyc 19 | **/*.a 20 | **/*.so 21 | **/*.swp 22 | **/*.wasm 23 | **/.DS_Store 24 | cov.info 25 | cov_report 26 | /**/pkg_name 27 | .vscode/* 28 | # ignore the build dir which usually for cmake 29 | /build 30 | /release 31 | # ignore intermediate assets during building and testing 32 | examples/c/builtin_echo 33 | examples/c/builtin_ordered_set_intersect 34 | examples/python/out.jpg 35 | # ignore grpc files during building and testing 36 | sdk/python/*_pb2.py 37 | sdk/python/*_grpc.py 38 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "third_party/rust-sgx-sdk"] 2 | path = third_party/rust-sgx-sdk 3 | url = https://github.com/apache/incubator-teaclave-sgx-sdk.git 4 | [submodule "third_party/wasm-micro-runtime"] 5 | path = third_party/wasm-micro-runtime 6 | url = https://github.com/bytecodealliance/wasm-micro-runtime 7 | ignore = dirty 8 | -------------------------------------------------------------------------------- /.licenserc.yaml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | header: 19 | license: 20 | spdx-id: Apache-2.0 21 | copyright-owner: Apache Software Foundation 22 | 23 | paths-ignore: 24 | - '**/*.csv' 25 | - '**/*.txt' 26 | - '**/*.md' 27 | - '**/*.pem' 28 | - '**/*.sha256' 29 | - '**/*.xcodeproj/**' 30 | - '**/Cargo.lock' 31 | - '**/target/**' 32 | - '.gitattributes' 33 | - '.github/ISSUE_TEMPLATE/**' 34 | - '.gitmodules' 35 | - 'DISCLAIMER*' 36 | - 'KEYS' 37 | - 'LICENSE' 38 | - 'NOTICE' 39 | - 'build/**' 40 | - 'cmake/tomls/Cargo.*.lock' 41 | - 'common/rusty_leveldb_sgx/**' 42 | - 'config/keys' 43 | - 'licenses' 44 | - 'release/**' 45 | - 'services/access_control/model.conf' 46 | - 'tests/fixtures/enclave_info.toml' 47 | - 'third_party/**' 48 | -------------------------------------------------------------------------------- /.rustfmt.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one or more 2 | # contributor license agreements. See the NOTICE file distributed with 3 | # this work for additional information regarding copyright ownership. 4 | # The ASF licenses this file to You under the Apache License, Version 2.0 5 | # (the "License"); you may not use this file except in compliance with 6 | # the License. You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | edition = "2021" 17 | use_field_init_shorthand = true 18 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /contributing 3 | --- 4 | 5 | # Contributing to Teaclave 6 | 7 | As an open-source community, we welcome all kinds of contributions. You can 8 | contribute to Teaclave in many ways: reporting issues, requesting new features, 9 | proposing better designs, fixing bugs, implementing functions, improving 10 | documents, trying novel research ideas or even by simply using and promoting 11 | this project. 12 | 13 | ## Submit Issues 14 | 15 | We prefer to use GitHub issues for almost everything about the project 16 | development such as issues tracking, features, design proposals, announcements, 17 | community communications, etc. Free feel to open an issue if you meet bugs or 18 | want to propose features. 19 | 20 | ## Send Pull Requests 21 | 22 | This is a basic instruction to send a pull request to Teaclave. 23 | 24 | 1. Fork the repository on GitHub. 25 | 2. Create a new branch for the feature or bugfix. 26 | 3. Make changes. 27 | 4. Test. The `make run-tests` command will run all test case. 28 | 5. Make sure to format and lint the code. You can use `make format` to format 29 | code inplace, and `make CLI=1` to lint Rust code with Rust clippy. 30 | 6. Commit/push the changes and send a pull request on GitHub. Please kindly 31 | write some background and details for this PR (we also provide a PR template 32 | to guild you with writing a high-quality pull request). 33 | -------------------------------------------------------------------------------- /DISCLAIMER: -------------------------------------------------------------------------------- 1 | Apache Teaclave (incubating) is an effort undergoing incubation at The Apache 2 | Software Foundation (ASF), sponsored by the Apache Incubator. 3 | Incubation is required of all newly accepted projects until a further review 4 | indicates that the infrastructure, communications, and decision making process 5 | have stabilized in a manner consistent with other successful ASF projects. 6 | While incubation status is not necessarily a reflection of the completeness or 7 | stability of the code, it does indicate that the project has yet to be fully 8 | endorsed by the ASF. 9 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Apache Teaclave (incubating) 2 | Copyright 2019-2023 The Apache Software Foundation 3 | 4 | This product includes software developed at 5 | The Apache Software Foundation (http://www.apache.org/). 6 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Reporting a Vulnerability 4 | 5 | We take a very active stance in eliminating security problems in Teaclave. We 6 | strongly encourage folks to report such problems to our private mailing list 7 | first (private@teaclave.apache.org), before disclosing them in a public forum. 8 | 9 | -------------------------------------------------------------------------------- /attestation/src/platform/libos/mod.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | pub(crate) mod occlum; 19 | // TODO gramine or other LibOS 20 | 21 | #[derive(thiserror::Error, Debug)] 22 | pub enum PlatformError { 23 | #[error("Failed to call {0}: {1}")] 24 | Ioctl(String, i32), 25 | #[error("Failed to get quote: {0}")] 26 | GetQuote(String), 27 | #[error("Failed to use SGX rng to generate random number: {0}")] 28 | RngError(std::io::Error), 29 | } 30 | -------------------------------------------------------------------------------- /attestation/src/platform/mod.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #[cfg(feature = "libos")] 19 | pub(crate) mod libos; 20 | pub(crate) mod sgx; 21 | #[cfg(all(feature = "libos", feature = "mesalock_sgx"))] 22 | compile_error!("feature \"mesalock_sgx\" and feature \"libos\" cannot be enabled at the same time"); 23 | 24 | #[cfg(feature = "libos")] 25 | pub(crate) use libos::{ 26 | occlum::{create_sgx_report_data, get_sgx_dcap_quote, get_sgx_epid_quote}, 27 | PlatformError, 28 | }; 29 | #[cfg(feature = "mesalock_sgx")] 30 | pub(crate) use sgx::{create_sgx_isv_enclave_report, get_sgx_quote, init_sgx_quote, PlatformError}; 31 | 32 | type Result = std::result::Result; 33 | 34 | #[cfg(all(feature = "enclave_unit_test", feature = "mesalock_sgx"))] 35 | pub mod tests { 36 | use super::*; 37 | pub use sgx::tests::*; 38 | } 39 | -------------------------------------------------------------------------------- /binder/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/binder 3 | --- 4 | 5 | # Binder 6 | 7 | The binder library provides communication interfaces between TEE's app/enclave 8 | worlds. More specific, the binder implements a message passing protocol for 9 | intra-procedure communication. The protocol provides a secure and (type) safe 10 | channel to pass information. For example, in Teaclave, we use the binder library 11 | to launch Teaclave services and pass runtime configurations to trusted enclaves. 12 | -------------------------------------------------------------------------------- /binder/attribute/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_binder_attribute" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Macros for binder" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [lib] 27 | proc-macro = true 28 | 29 | [dependencies] 30 | quote = "0.6" 31 | syn = { version = "0.15", features = ["full"] } 32 | -------------------------------------------------------------------------------- /binder/src/error.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #![allow(clippy::nonstandard_macro_braces)] 19 | #![allow(clippy::enum_variant_names)] 20 | 21 | use teaclave_types::{ECallStatus, SgxStatus}; 22 | use thiserror::Error; 23 | 24 | #[cfg(feature = "app")] 25 | #[derive(Error, Debug)] 26 | pub enum TeeBinderError { 27 | #[error("failed to invoke IPC")] 28 | IpcError(IpcError), 29 | #[error("found SGX error: {0}")] 30 | SgxError(SgxStatus), 31 | } 32 | 33 | #[derive(Error, Debug)] 34 | pub enum IpcError { 35 | #[error("found SGX error: {0}")] 36 | SgxError(SgxStatus), 37 | #[error("ECall returns error code: {0}")] 38 | ECallError(ECallStatus), 39 | #[error("cannot serialize or deserialize IPC messages")] 40 | SerdeError, 41 | } 42 | 43 | impl From for IpcError { 44 | fn from(_: serde_json::error::Error) -> Self { 45 | IpcError::SerdeError 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /binder/src/ipc/enclave.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use crate::ipc::{IpcReceiver, IpcService}; 19 | 20 | // Implementation of Receiver 21 | // The receiver is TEE, the sender is App 22 | pub struct ECallReceiver; 23 | 24 | impl IpcReceiver for ECallReceiver { 25 | fn dispatch(input_payload: &[u8], x: X) -> anyhow::Result> 26 | where 27 | U: for<'de> serde::Deserialize<'de>, 28 | V: serde::Serialize, 29 | X: IpcService, 30 | { 31 | let input: U = serde_json::from_slice(input_payload)?; 32 | let response: Result = x.handle_invoke(input); 33 | let response_payload = serde_json::to_vec(&response)?; 34 | 35 | Ok(response_payload) 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /binder/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | mod error; 19 | pub mod ipc; 20 | pub mod proto; 21 | 22 | cfg_if::cfg_if! { 23 | if #[cfg(feature = "app")] { 24 | mod binder; 25 | mod ocall; 26 | pub use binder::TeeBinder; 27 | } else if #[cfg(feature = "mesalock_sgx")] { 28 | mod macros; 29 | pub use teaclave_binder_attribute::handle_ecall; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /cli/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_cli" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave command line tool" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [dependencies] 27 | anyhow = { version = "1.0.26" } 28 | env_logger = { version = "0.7.1" } 29 | hex = { version = "0.4.0" } 30 | http = { version = "0.2" } 31 | pem = { version = "0.7.0" } 32 | rustls = { version = "0.21.0", features = ["dangerous_configuration"] } 33 | rustls-webpki = { version = "0.100.0" } 34 | structopt = { version = "0.3" } 35 | webpki-roots = { version = "0.23.0" } 36 | 37 | teaclave_attestation = { path = "../attestation" } 38 | teaclave_crypto = { path = "../crypto" } 39 | teaclave_types = { path = "../types", features = ["app"] } 40 | 41 | 42 | -------------------------------------------------------------------------------- /cmake/scripts/Enclave.lds: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | enclave.so 21 | { 22 | global: 23 | g_global_data_sim; 24 | g_global_data; 25 | g_peak_heap_used; 26 | g_peak_rsrv_mem_committed; 27 | enclave_entry; 28 | local: 29 | *; 30 | }; 31 | -------------------------------------------------------------------------------- /cmake/scripts/build_in_ci.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | set -e 21 | 22 | # Setting up $HOME 23 | cp /root/.bashrc $HOME/.bashrc 24 | ln -sf /root/.rustup ~/.rustup 25 | ln -sf /root/.cargo ~/.cargo 26 | 27 | ## workaround permission issue 28 | git config --global --add safe.directory /__w/incubator-teaclave/incubator-teaclave 29 | 30 | # Build 31 | . /opt/sgxsdk/environment && . ~/.cargo/env && \ 32 | mkdir -p build && pushd build && \ 33 | cmake -DCMAKE_BUILD_TYPE=Release -DSGX_SIM_MODE=ON -DTEST_MODE=ON .. && \ 34 | VERBOSE=1 make -j && rm -rf target 35 | -------------------------------------------------------------------------------- /cmake/scripts/cargo_build_ex.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | set -e 21 | # extended cargo build script 22 | 23 | # if MT_RUSTC_WRAPPER is not empty, use it as rustc 24 | RUSTC="${MT_RUSTC_WRAPPER:-${RUSTC}}" 25 | 26 | if [ ! -z "${MUTE_CARGO}" ]; then 27 | RUSTC="${RUSTC}" cargo build "$@" >/dev/null 2>&1 28 | else 29 | RUSTC="${RUSTC}" cargo build "$@" 30 | fi 31 | 32 | # if CLP is set, run cargo clippy after cargo build 33 | # cannot use MT_RUSTC_WRAPPER for cargo clippy 34 | if [ ! -z "$CLP" ]; then 35 | cargo clippy "$@" -- -D warnings 36 | fi 37 | 38 | # if DOC is set, run cargo doc after cargo build 39 | if [ ! -z "$DOC" ]; then 40 | RUSTDOCFLAGS="--enable-index-page -Zunstable-options $RUSTFLAGS" RUSTC="${RUSTC}" cargo doc "$@" 41 | fi 42 | -------------------------------------------------------------------------------- /cmake/scripts/cc_wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | set -e 21 | REQUIRED_ENVS=("TEACLAVE_PROJECT_ROOT" "TEACLAVE_BUILD_ROOT" "TEACLAVE_SYMLINKS" "CMAKE_C_COMPILER") 22 | for var in "${REQUIRED_ENVS[@]}"; do 23 | [ -z "${!var}" ] && echo "Please set ${var}" && exit -1 24 | done 25 | 26 | # Tell gcc/clang to remap absolute src paths to make enclaves' signature more reproducible 27 | exec "${CMAKE_C_COMPILER}" "$@" -fdebug-prefix-map=${TEACLAVE_PROJECT_ROOT}=${TEACLAVE_SYMLINKS}/teaclave_src -fdebug-prefix-map=${TEACLAVE_BUILD_ROOT}=${TEACLAVE_SYMLINKS}/teaclave_build 28 | -------------------------------------------------------------------------------- /cmake/scripts/gen_enclave_info_toml.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | import sys 21 | 22 | 23 | def find_hex_value(content, section): 24 | index = content.index(section) 25 | # assume each element in content is ending with '\n' 26 | hex_bytes = ''.join(content[index + 1:index + 3]).split() 27 | return ''.join(['%02x' % int(x, 16) for x in hex_bytes]) 28 | 29 | 30 | mr_signer = "mrsigner->value:\n" 31 | mr_enclave = "metadata->enclave_css.body.enclave_hash.m:\n" 32 | 33 | content = sys.stdin.readlines() 34 | 35 | mr_signer_hex = find_hex_value(content, mr_signer) 36 | mr_enclave_hex = find_hex_value(content, mr_enclave) 37 | 38 | sys.stdout.write("""[{}] 39 | mr_enclave = "{}" 40 | mr_signer = "{}" 41 | """.format(sys.argv[1], mr_enclave_hex, mr_signer_hex)) 42 | -------------------------------------------------------------------------------- /cmake/scripts/lcov_realpath.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | import os 21 | import sys 22 | 23 | with open(sys.argv[1]) as f: 24 | for l in f: 25 | if l.startswith("SF:"): 26 | realpath = os.path.realpath(l[3:]) 27 | print("SF:" + realpath, end='') 28 | else: 29 | print(l, end='') 30 | -------------------------------------------------------------------------------- /cmake/scripts/llvm-gcov.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | llvm-cov-11 gcov $* 21 | -------------------------------------------------------------------------------- /cmake/scripts/rustc_wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | set -e 21 | REQUIRED_ENVS=("TEACLAVE_PROJECT_ROOT" "TEACLAVE_BUILD_ROOT" "TEACLAVE_SYMLINKS") 22 | for var in "${REQUIRED_ENVS[@]}"; do 23 | [ -z "${!var}" ] && echo "Please set ${var}" && exit -1 24 | done 25 | 26 | # Tell rustc to remap absolute src paths to make enclaves' signature more reproducible 27 | exec rustc "$@" --remap-path-prefix=${HOME}/.cargo=${TEACLAVE_SYMLINKS}/cargo_home --remap-path-prefix=${TEACLAVE_PROJECT_ROOT}=${TEACLAVE_SYMLINKS}/teaclave_src --remap-path-prefix=${TEACLAVE_BUILD_ROOT}=${TEACLAVE_SYMLINKS}/teaclave_build 28 | -------------------------------------------------------------------------------- /cmake/tomls/Cargo.unix_app.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [workspace] 19 | 20 | # every member should take its own line, 21 | # and for those to exclude from cmake build, just append the '# ignore' 22 | # annotation suffix 23 | members = [ 24 | "dcap", 25 | "cli", 26 | "sdk/rust", # ignore 27 | ] 28 | 29 | exclude = [ 30 | ] 31 | 32 | [patch.crates-io] 33 | tonic = { git = "https://github.com/apache/incubator-teaclave-crates" } 34 | 35 | sgx_cov = { path = "../../../third_party/rust-sgx-sdk/sgx_tests/cov" } 36 | sgx_crypto = { path = "../../../third_party/rust-sgx-sdk/sgx_crypto" } 37 | sgx_rand = { path = "../../../third_party/rust-sgx-sdk/sgx_rand" } 38 | sgx_tprotected_fs = { path = "../../../third_party/rust-sgx-sdk/sgx_protected_fs/tfs" } 39 | sgx_tse = { path = "../../../third_party/rust-sgx-sdk/sgx_tse" } 40 | sgx_trts = { path = "../../../third_party/rust-sgx-sdk/sgx_trts" } 41 | sgx_types = { path = "../../../third_party/rust-sgx-sdk/sgx_types" } 42 | -------------------------------------------------------------------------------- /common/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/common 3 | --- 4 | 5 | # Common Libraries 6 | 7 | This directory contains some supporting libraries such as error handling, file 8 | system, and database for the Teaclave platform, or more general TEE system. 9 | 10 | - `protected_fs_rs`: A userspace file system implementation secured by SGX. 11 | - `rusty_leveldb_sgx`: A LevelDB implementation, making key-value database in 12 | SGX enclave possible. 13 | 14 | -------------------------------------------------------------------------------- /common/rusty_leveldb_sgx/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rusty-leveldb" 3 | version = "1.0.4" 4 | authors = ["Lewin Bormann "] 5 | description = "A compatible re-implementation of LevelDB in Rust" 6 | homepage = "https://github.com/dermesser/leveldb-rs" 7 | repository = "https://github.com/dermesser/leveldb-rs" 8 | readme = "README.md" 9 | keywords = ["LevelDB", "key-value", "database", "SSTable", "Google"] 10 | license = "MIT" 11 | publish = true 12 | edition = "2021" 13 | 14 | [features] 15 | default = ["mesalock_sgx"] 16 | mesalock_sgx = ["sgx_tprotected_fs", "sgx_libc"] 17 | enclave_unit_test = ["teaclave_test_utils/mesalock_sgx"] 18 | 19 | [dependencies] 20 | crc = { version = "2.0" } 21 | rand = { version = "0.8" } 22 | snap = { version = "0.2" } 23 | integer-encoding = { version = "1.0" } 24 | 25 | sgx_tprotected_fs = { version = "2.0.0", optional = true } 26 | teaclave_test_utils = { path = "../../tests/utils", optional = true } 27 | 28 | sgx_libc = { version = "2.0.0", optional = true } 29 | -------------------------------------------------------------------------------- /common/rusty_leveldb_sgx/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Google Inc. (lewinb@google.com) -- though not an official 4 | Google product or in any way related! 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to 8 | deal in the Software without restriction, including without limitation the 9 | rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10 | sell copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22 | IN THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /common/rusty_leveldb_sgx/README.md: -------------------------------------------------------------------------------- 1 | # rusty-leveldb-sgx 2 | [![crates.io](https://img.shields.io/crates/v/rusty-leveldb.svg)](https://crates.io/crates/rusty-leveldb) 3 | 4 | A fully compatible implementation of LevelDB in Rust. (any incompatibility is a 5 | bug!) Be able to run inside SGX. 6 | 7 | The implementation is very close to the original; often, you can see the same 8 | algorithm translated 1:1, and class (struct) and method names are similar or 9 | the same. 10 | 11 | **NOTE: I do not endorse using this library for any data that you care about.** 12 | I do care, however, about bug reports. 13 | 14 | ## Status 15 | 16 | Working well, with a few rare bugs (see leveldb-rs issues). 17 | 18 | ## Goals 19 | 20 | Some of the goals of this implementation are 21 | 22 | * As few copies of data as possible; most of the time, slices of bytes (`&[u8]`) 23 | are used. Owned memory is represented as `Vec` (and then possibly borrowed 24 | as slice). Zero-copy is not always possible, though, and sometimes simplicity is favored. 25 | * Correctness -- self-checking implementation, good test coverage, etc. Just 26 | like the original implementation. 27 | * Clarity; commented code, clear structure (hopefully doing a better job than 28 | the original implementation). 29 | * Coming close-ish to the original implementation; clarifying the translation of 30 | typical C++ constructs to Rust, and doing a better job at helping understand the internals. 31 | -------------------------------------------------------------------------------- /common/rusty_leveldb_sgx/src/env_common.rs: -------------------------------------------------------------------------------- 1 | use std::time; 2 | #[cfg(feature = "mesalock_sgx")] 3 | #[allow(unused_imports)] 4 | use std::untrusted::time::SystemTimeEx; 5 | 6 | pub fn micros() -> u64 { 7 | loop { 8 | let now = time::SystemTime::now().duration_since(time::UNIX_EPOCH); 9 | 10 | match now { 11 | Err(_) => continue, 12 | Ok(dur) => return dur.as_secs() * 1000000 + (dur.subsec_nanos() / 1000) as u64, 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /common/rusty_leveldb_sgx/src/infolog.rs: -------------------------------------------------------------------------------- 1 | use std::io::{self, Write}; 2 | 3 | pub struct Logger(pub Box); 4 | 5 | pub fn stderr() -> Logger { 6 | Logger(Box::new(io::stderr())) 7 | } 8 | 9 | #[macro_export] 10 | macro_rules! log { 11 | ($l:expr) => ($l.as_ref().map(|l| l.borrow_mut().0.write("\n".as_bytes()).is_ok())); 12 | ($l:expr, $fmt:expr) => ( 13 | $l.as_ref().map(|l| l.borrow_mut().0.write(concat!($fmt, "\n").as_bytes()).is_ok())); 14 | ($l:expr, $fmt:expr, $($arg:tt)*) => ( 15 | $l.as_ref().map( 16 | |l| l.borrow_mut().0.write_fmt(format_args!(concat!($fmt, "\n"), $($arg)*)).is_ok())); 17 | } 18 | -------------------------------------------------------------------------------- /config/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_config" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Build and runtime configurations." 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [features] 27 | default = [] 28 | mesalock_sgx = [] 29 | build_config = [] 30 | 31 | [dependencies] 32 | anyhow = { version = "1.0.26" } 33 | log = { version = "0.4.17", features = ["release_max_level_info"] } 34 | serde = { version = "1.0.92", features = ["derive"] } 35 | toml = { version = "0.5.1" } 36 | url = { version = "2.1.1" } 37 | -------------------------------------------------------------------------------- /config/config_gen/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_config_gen" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Generating build config." 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [[bin]] 27 | name = "config_gen" 28 | path = "main.rs" 29 | 30 | [dependencies] 31 | askama = "0.8" 32 | structopt = "0.3" 33 | pem = "0.7.0" 34 | serde = { version = "1.0.92", features = ["derive"] } 35 | toml = "0.5.1" 36 | 37 | [workspace] 38 | -------------------------------------------------------------------------------- /config/keys/auditors/albus_dumbledore/albus_dumbledore.public.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PUBLIC KEY----- 2 | MIICCgKCAgEApdqjkKxTqVOZ/Y+S7cRbyFVKzqNvqddwZ4wezON0gK3Q80OgN6az 3 | q66SRzO+qv9I6uUmhfPXFqX5tstwtTgRVrriezOtUIVv3z/7J4GEZp7et/Oh90sp 4 | NZnQGQsLnaszRxlfNOus8d/4gd8XqgCCWgcDtZ+zxxZuu4TcRevAkYm5fqioV+Ah 5 | tWtu91jxYAk7tiMUKGWyQEbS9Uy2tb46qnhLUeD2cuRbL0wRtSVtPtiSQ+KZWlro 6 | nOOJTrMGoguLzkwOojJR7mR/31aRwwZs0u01akqGlhXDufTAcg78ResRnsdrVp18 7 | jXkYwynMW/8QNWVVyPRUx8DM/1QanKaZmYWylEQv5Twkb+k9PAXzLIVBNjNTExNW 8 | AtW1UV1bZ2rDMZjcqn8ZB9U5sPl5ZrY0bfSAvFqhlMuSJ/0eNYa9nrYQx8n5ZuUf 9 | 0QTtrOzb6+i+EAR84PTo6JqBTL5vzrbNvNT+obSS2eXRyqIm21XDGyuXWPxT+P8S 10 | D6ymmOAR7K/BsVfz15ne/jJ1QkUf8Uzt6zEm0BvxCSuxICOl6R8orYfgPjrioJcT 11 | oAsQT73LQUz4gR4KVSwb69XtI+afDR47o3ezRs0jXx+sPz7lXwzzRvg1JXy3M3wo 12 | 78t8MK+aP2lOwjyjsfnLVjNKKHgI1gs274alKi7upTMwl+J2lJXL2vECAwEAAQ== 13 | -----END RSA PUBLIC KEY----- 14 | -------------------------------------------------------------------------------- /config/keys/auditors/godzilla/godzilla.public.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PUBLIC KEY----- 2 | MIICCgKCAgEAp+6fTyMeiVhcyjdjC43KoUrPLmbt0GJFbMyib+BTp6igqMqxdDQB 3 | moAfYQNVeojLXEu3O9NWga3wEysmxxsjGBbPHLW1LEofnx0AacQpskKTSkAKmaMF 4 | bY1P+WdL1x4NtJFx8lgFW+fPWRJyOeb07hMGbw3tgwTZV7woi8/IiuNbnFaUjGLh 5 | sUE78uChcSl1c0aJ9AKNNf17R5+A2WnwjBdh6hJQWKpqyQb+CjsUi/bbhv9fyMXG 6 | XtcIh1OVzJKeqwQKgPYvkQbk9fOngjSENHRkT+vDbDC3pAjmlXR80YrmcbH7a7LO 7 | YeO42VKGLEgQSkg7vScu4qbKPQGUqwgpPatElnoHwuPrlQum8rrTfK6JPOJfxt8u 8 | ge1hWVHvoH0tQ7nQnyVoG2+RxjnREK5RK5cclpA8k9EEC2McrJJg4fpKKZCX0qVL 9 | 1Olhdtt+FdoLY67ha2Jpyq771LHpSwfw6pKlowJ5zTy1IgKtGm8cVQjHyC4hZf1e 10 | vqQhrBe25AltCQPyxGSJnYCAKoj25zcHp0O9hoTIf0mBvIeQvHVW2ZOojysKX8mI 11 | RvWHqgBWdqdKwQyCQCfpXfoFK6lh/gKnXrX6LUktjl6pz+epyIqbgpxvbDMeJkb4 12 | C5ontLVA+na/sri5mAJS34QtnIMSwxjfMI+yTR0j8r+aP4zYWc7vERECAwEAAQ== 13 | -----END RSA PUBLIC KEY----- 14 | -------------------------------------------------------------------------------- /config/keys/auditors/optimus_prime/optimus_prime.public.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PUBLIC KEY----- 2 | MIICCgKCAgEAx8g4ELFBXr/3vCIt36hF9QvfeQpRZfZ3oIZs48E969meAyBa7WZl 3 | hhsf/L54W/3Lm57/YNeeb7xHlYpkStwOGUib6vYN2sXFOdfvJe6WBsiHf3u/7ADc 4 | SHGnhVTVaHLK968pUSNtqs2DoSGb5lkVPZdBQXjKXNYHOF26rNG4ZWLvFMlqDQEG 5 | 11YBs/BPA5Sz1qlF4NBzPYttjhUWSXKkLA0fFW+yVTCHldbyOLsPLkckCdfbz7sM 6 | fBomYZvceLB/LdJavo3zvQfwC2Ff3gypOOvJxiZUt3ZNg1wdKrBOmsFgs+P04RFz 7 | VDHJmByGaePM5Dz6bO2LA7aimvOqXUHixVEgz5SyvGhdlQ1KXC1OEHuCAPYyObBu 8 | Hnaofl+a+ppd0eHVriBzn4/0TZ+u3qNQtBMWUbAOC4J4jSxRUeVYts08Z/MSaeJp 9 | m+8ZBMAPQK6fbB6oTuLYqCwTo3XJP5HEDrD6ZEwCjhzzEi1H8nakNFMN0KBUYEOm 10 | b2ZBzXDESd0AmKl+Ky5aluIxJnTbw2odTGSDhdC10LrzWrbQ//8HV2pZwgkkMFfv 11 | KYdfOxNACWZcnZUXm+5jcACMsVdfcHo9lCMCN1Uuy9C8576DohV9cqxAZt8bbCOk 12 | OtappiObZRlZK/+1vU4XH/uPF+Ldmm+Rfch/+Cz4KbyurlPfSHVKZk0CAwEAAQ== 13 | -----END RSA PUBLIC KEY----- 14 | -------------------------------------------------------------------------------- /config/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use serde::{Deserialize, Serialize}; 19 | use std::path::PathBuf; 20 | 21 | #[derive(Debug, Serialize, Deserialize, Clone)] 22 | #[serde(rename_all = "snake_case")] 23 | pub(crate) enum ConfigSource { 24 | Path(PathBuf), 25 | } 26 | 27 | #[cfg(feature = "build_config")] 28 | pub mod build; 29 | mod runtime; 30 | 31 | pub use runtime::RuntimeConfig; 32 | -------------------------------------------------------------------------------- /crypto/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_crypto" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave crypto" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [features] 27 | default = [] 28 | app = [ 29 | "sgx_tprotected_fs/ufs", 30 | ] 31 | mesalock_sgx = [ 32 | "sgx_tprotected_fs/tfs", 33 | ] 34 | enclave_unit_test = ["teaclave_test_utils/mesalock_sgx"] 35 | 36 | [dependencies] 37 | 38 | anyhow = { version = "1.0.26" } 39 | rand = { version = "0.8.5" } 40 | serde = { version = "1.0.92", features = ["derive"] } 41 | serde_json = { version = "1.0.39" } 42 | ring = { version = "0.16.5" } 43 | hex = { version = "0.4.0" } 44 | 45 | sgx_tprotected_fs = { version = "2.0.0", default-features = false, optional = true } 46 | teaclave_test_utils = { path = "../tests/utils", optional = true } 47 | -------------------------------------------------------------------------------- /crypto/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/crypto 3 | --- 4 | 5 | # Crypto Primitives 6 | 7 | This directory hosts all the implementations of cryptographic primitives used in 8 | Teaclave for encryption/decryption of registered data. 9 | 10 | Current crypto primitives include: 11 | 12 | - AES GCM: Commonly used symmetric-key cryptographic block ciphers. Supported 13 | key sizes are: 128bits, 256bits. 14 | - Teaclave File Key: Key for Teaclave file system (i.e., protected FS). Only 15 | 128bits key is supported. 16 | -------------------------------------------------------------------------------- /dcap/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/dcap 3 | --- 4 | 5 | # Data Center Attestation Service 6 | 7 | This directory includes a reference implementation of data center attestation 8 | service using 9 | [Intel SGX Data Center Attestation Primitives](https://software.intel.com/en-us/blogs/2019/05/21/intel-sgx-datacenter-attestation-primitives) (DCAP), 10 | which allows third-parties to create their own attestation infrastructure for 11 | the datacenter and cloud. Compared to Intel Attestation Service (IAS), DCAP 12 | Attestation Service is for environment where internet services is not accessible 13 | and entities who are unwilling to outsource trust decisions to third-parties 14 | (like Intel's IAS). 15 | 16 | By default, Intel Attestation Service (IAS) will be used for attestation in 17 | Teaclave. To use DCAP instead of IAS, you have to first build Teaclave with DCAP 18 | enabled (by appending `-DDCAP=ON` option to `cmake`) and deploy in 19 | infrastructure with DCAP supported. 20 | 21 | The Intel's [DCAP Installation Guide](https://download.01.org/intel-sgx/sgx-dcap/1.14/linux/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf) 22 | contains instructions to install essential dependencies for developers. Also, 23 | you need to prepare environment in your infrastructure before deploying a 24 | DCAP-enabled application. 25 | -------------------------------------------------------------------------------- /dcap/Rocket.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [global] 19 | port = 443 20 | 21 | # The certificate is self-signed. DO NOT use in production. 22 | [global.tls] 23 | certs = "dcap_server_cert.pem" 24 | key = "dcap_server_key.pem" 25 | 26 | [global.attestation] 27 | certs = "dcap_server_cert.pem" 28 | key = "dcap_server_key.pem" 29 | -------------------------------------------------------------------------------- /docker/docker-compose-aesm-vol.override.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | version: '3.7' 19 | 20 | volumes: 21 | aesmd-socket: 22 | external: true 23 | 24 | services: 25 | teaclave-authentication-service: 26 | volumes: 27 | - aesmd-socket:/var/run/aesmd 28 | 29 | teaclave-frontend-service: 30 | volumes: 31 | - aesmd-socket:/var/run/aesmd 32 | 33 | teaclave-management-service: 34 | volumes: 35 | - aesmd-socket:/var/run/aesmd 36 | 37 | teaclave-storage-service: 38 | volumes: 39 | - aesmd-socket:/var/run/aesmd 40 | 41 | teaclave-access-control-service: 42 | volumes: 43 | - aesmd-socket:/var/run/aesmd 44 | 45 | teaclave-execution-service: 46 | volumes: 47 | - aesmd-socket:/var/run/aesmd 48 | 49 | teaclave-scheduler-service: 50 | volumes: 51 | - aesmd-socket:/var/run/aesmd 52 | -------------------------------------------------------------------------------- /docker/docker-compose-dcap-dev.override.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | version: '3.7' 19 | 20 | services: 21 | teaclave-authentication-service: 22 | devices: 23 | - /dev/sgx/enclave 24 | - /dev/sgx/provision 25 | 26 | teaclave-frontend-service: 27 | devices: 28 | - /dev/sgx/enclave 29 | - /dev/sgx/provision 30 | 31 | teaclave-management-service: 32 | devices: 33 | - /dev/sgx/enclave 34 | - /dev/sgx/provision 35 | 36 | teaclave-storage-service: 37 | devices: 38 | - /dev/sgx/enclave 39 | - /dev/sgx/provision 40 | 41 | teaclave-access-control-service: 42 | devices: 43 | - /dev/sgx/enclave 44 | - /dev/sgx/provision 45 | 46 | teaclave-execution-service: 47 | devices: 48 | - /dev/sgx/enclave 49 | - /dev/sgx/provision 50 | 51 | teaclave-scheduler-service: 52 | devices: 53 | - /dev/sgx/enclave 54 | - /dev/sgx/provision 55 | -------------------------------------------------------------------------------- /docker/docker-compose-isgx-dev.override.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | version: '3.7' 19 | 20 | services: 21 | teaclave-authentication-service: 22 | devices: 23 | - /dev/isgx 24 | 25 | teaclave-frontend-service: 26 | devices: 27 | - /dev/isgx 28 | 29 | teaclave-management-service: 30 | devices: 31 | - /dev/isgx 32 | 33 | teaclave-storage-service: 34 | devices: 35 | - /dev/isgx 36 | 37 | teaclave-access-control-service: 38 | devices: 39 | - /dev/isgx 40 | 41 | teaclave-execution-service: 42 | devices: 43 | - /dev/isgx 44 | 45 | teaclave-scheduler-service: 46 | devices: 47 | - /dev/isgx 48 | -------------------------------------------------------------------------------- /edl/Enclave_fa.edl: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | enclave { 19 | from "Enclave_common.edl" import *; 20 | untrusted { 21 | uint32_t ocall_handle_file_request([in, size=buf_size] uint8_t *in_buf, uint32_t buf_size); 22 | }; 23 | }; 24 | -------------------------------------------------------------------------------- /examples/c/.clang-format: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | BasedOnStyle: LLVM 19 | IndentWidth: 4 20 | -------------------------------------------------------------------------------- /examples/c/Makefile: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | C_SOURCES :=$(wildcard *.c) 19 | C_OBJECTS :=$(C_SOURCES:.c=.o) 20 | C_EXECUTABLES :=$(C_SOURCES:.c=) 21 | C_RUNNERS :=$(C_SOURCES:.c=_runner) 22 | 23 | CFLAGS := -I../../sdk/c -Ltarget/debug/ -lteaclave_client_sdk 24 | 25 | all: $(C_EXECUTABLES) 26 | 27 | ifeq ($(DCAP),ON) 28 | CFLAGS += -DDCAP 29 | endif 30 | 31 | target/debug/libteaclave_client_sdk.so: 32 | RUSTFLAGS="$(RUSTFLAGS)" cargo build --manifest-path ../../sdk/rust/Cargo.toml --target-dir target 33 | 34 | %.o: %.c 35 | gcc -c $(CFLAGS) $< 36 | 37 | $(C_EXECUTABLES): target/debug/libteaclave_client_sdk.so 38 | gcc -o $@ $@.c $(CFLAGS) 39 | 40 | $(C_RUNNERS): %_runner: % 41 | LD_LIBRARY_PATH=target/debug ./$* 42 | 43 | run: $(C_RUNNERS) 44 | 45 | clean: 46 | @rm -rf target $(C_OBJECTS) $(C_EXECUTABLES) 47 | -------------------------------------------------------------------------------- /examples/python/mesapy_deadloop_payload.py: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | 19 | def entrypoint(argv): 20 | while True: 21 | pass 22 | -------------------------------------------------------------------------------- /examples/python/mesapy_echo_payload.py: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | 19 | def entrypoint(argv): 20 | assert argv[0] == 'message' 21 | assert argv[1] is not None 22 | return argv[1] 23 | -------------------------------------------------------------------------------- /examples/python/mesapy_optional_files_payload.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | 21 | def entrypoint(argv): 22 | try: 23 | f = teaclave_open("input_data1", "rb") 24 | data = f.readlines() 25 | return data[0] 26 | except: 27 | return "input_data1 does not exist" 28 | -------------------------------------------------------------------------------- /examples/python/requirements.txt: -------------------------------------------------------------------------------- 1 | pyopenssl 2 | toml 3 | cryptography 4 | requests 5 | Pillow 6 | grpclib 7 | grpcio 8 | grpcio-tools 9 | -------------------------------------------------------------------------------- /examples/python/wasm_c_millionaire_problem_payload/Makefile: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | TARGET = millionaire_problem.wasm 19 | 20 | # Set CC to your clang with WASM target support or which shipped with wasi-sdk 21 | # This example uses wasi-sdk's clang 22 | CC = /wasi-sdk-20.0/bin/clang 23 | # Notice: if you're using original clang, you may encounter an error that clang 24 | # cannot find `wasm-ld`. You may create a soft link `wasm-ld` pointing to 25 | # `wasm-ld-x`(version number) 26 | 27 | CFLAGS = -nostdlib 28 | # set target if you're using original clang 29 | # CFLAGS += --target=wasm32 30 | 31 | CC_LINKER_FLAGS = -Wl,--export-all \ 32 | -Wl,--allow-undefined \ 33 | -Wl,--no-entry 34 | 35 | INCLUDES := -I../../../sdk/payload/wasm/ 36 | 37 | CFLAGS += $(CC_LINKER_FLAGS) $(INCLUDES) 38 | 39 | all: $(TARGET) 40 | 41 | $(TARGET): millionaire_problem.c 42 | $(CC) $(CFLAGS) -o $@ $< 43 | 44 | clean: 45 | @rm ./*.wasm 46 | -------------------------------------------------------------------------------- /examples/python/wasm_c_simple_add_payload/Makefile: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | TARGET = simple_add.wasm 19 | 20 | # Set CC to your clang with WASM target support or which shipped with wasi-sdk 21 | # This example uses wasi-sdk's clang 22 | CC = /wasi-sdk-20.0/bin/clang 23 | # Notice: if you're using original clang, you may encounter an error that clang 24 | # cannot find `wasm-ld`. You may create a soft link `wasm-ld` pointing to 25 | # `wasm-ld-x`(version number) 26 | 27 | CFLAGS = -nostdlib 28 | # set target if you're using original clang 29 | # CFLAGS += --target=wasm32 30 | 31 | CC_LINKER_FLAGS = -Wl,--export-all \ 32 | -Wl,--allow-undefined \ 33 | -Wl,--no-entry 34 | 35 | INCLUDES := -I../../../sdk/payload/wasm/ 36 | 37 | CFLAGS += $(CC_LINKER_FLAGS) $(INCLUDES) 38 | 39 | all: $(TARGET) 40 | 41 | $(TARGET): simple_add.c 42 | $(CC) $(CFLAGS) -o $@ $< 43 | 44 | clean: 45 | @rm ./*.wasm 46 | -------------------------------------------------------------------------------- /examples/python/wasm_c_simple_add_payload/simple_add.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | * 19 | */ 20 | 21 | int 22 | atoi(const char *str) 23 | { 24 | int result = 0; 25 | int sign = 0; 26 | // proc whitespace characters 27 | while (*str == ' ' || *str == '\t' || *str == '\n') 28 | ++str; 29 | 30 | // proc sign character 31 | if (*str == '-') { 32 | sign = 1; 33 | ++str; 34 | } 35 | else if (*str == '+') { 36 | ++str; 37 | } 38 | 39 | // proc numbers 40 | while (*str >= '0' && *str <= '9') { 41 | result = result * 10 + *str - '0'; 42 | ++str; 43 | } 44 | 45 | // return result 46 | if (sign == 1) 47 | return -result; 48 | else 49 | return result; 50 | } 51 | 52 | int 53 | entrypoint(int argc, char *argv[]) 54 | { 55 | if (argc < 4) { 56 | return -1; 57 | } 58 | 59 | if ((argv[0] == 0) || argv[2] == 0) { 60 | return -1; 61 | } 62 | 63 | return atoi(argv[1]) + atoi(argv[3]); 64 | } 65 | -------------------------------------------------------------------------------- /examples/python/wasm_rust_psi_payload/Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "teaclave_context" 7 | version = "0.6.0" 8 | 9 | [[package]] 10 | name = "wasm_rust_psi_payload" 11 | version = "0.1.0" 12 | dependencies = [ 13 | "teaclave_context", 14 | ] 15 | -------------------------------------------------------------------------------- /examples/python/wasm_rust_psi_payload/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "wasm_rust_psi_payload" 20 | version = "0.1.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave WAMR example payload to solve Private Set Intersection" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [dependencies] 27 | teaclave_context = {path = "../../../sdk/payload/wasm/teaclave_context/"} 28 | 29 | [lib] 30 | crate-type = ["cdylib"] 31 | 32 | [profile.release] 33 | lto = true 34 | opt-level = "s" 35 | -------------------------------------------------------------------------------- /examples/python/wasm_rust_psi_payload/Makefile: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | all: 19 | @RUSTFLAGS='' cargo build --target wasm32-unknown-unknown --release 20 | @wasm-gc target/wasm32-unknown-unknown/release/wasm_rust_psi_payload.wasm 21 | 22 | clean: 23 | @cargo clean 24 | -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/.cargo/config: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [build] 19 | target = "wasm32-unknown-unknown" 20 | rustflags = ["-C", "link-arg=--whole-archive", "-C", "link-arg=-lgraph_wasm32"] 21 | -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/.gitignore: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | /outlib -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "mnist" 20 | version = "0.1.0" 21 | edition = "2021" 22 | license = "Apache-2.0" 23 | 24 | [profile.release] 25 | lto = true 26 | opt-level = 's' 27 | 28 | [lib] 29 | crate-type = ['cdylib'] 30 | 31 | [dependencies] 32 | teaclave_context = {path = "../../../sdk/payload/wasm/teaclave_context/"} 33 | image = "0.24" 34 | ndarray = "0.12" 35 | csv = "1.1" 36 | tvm-sys = { path = "/tvm/rust/tvm-sys" } 37 | tvm-graph-rt = { path = "/tvm/rust/tvm-graph-rt" } 38 | lazy_static = "1.1.1" 39 | -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/Makefile: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | # export TVM_HOME to prebuilt tvm-sys, don't change 19 | export TVM_HOME = /tvm 20 | export PYTHONPATH = $(shell printenv PYTHONPATH):${TVM_HOME}/python 21 | 22 | all: 23 | @rustup default 1.54 24 | @./build_lib.py 25 | @rustup +stable target add wasm32-unknown-unknown 26 | @cargo +stable build --release 27 | # @wasm-gc target/wasm32-unknown-unknown/release/mnist.wasm 28 | 29 | clean: 30 | @cargo clean 31 | @rm ./outlib/* 32 | -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/build.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | fn main() { 21 | let out_dir = concat!(env!("CARGO_MANIFEST_DIR"), "/outlib"); 22 | println!("cargo:rustc-link-search=native={}", out_dir); 23 | } 24 | -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/data/img_10.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/examples/python/wasm_tvm_mnist_payload/data/img_10.jpg -------------------------------------------------------------------------------- /examples/python/wasm_tvm_mnist_payload/mnist-8.onnx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/examples/python/wasm_tvm_mnist_payload/mnist-8.onnx -------------------------------------------------------------------------------- /examples/rust/builtin_echo/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "builtin_echo" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "builtin_echo function example using Teaclave client SDK." 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [dependencies] 27 | anyhow = { version = "1.0.26" } 28 | teaclave_client_sdk = { path = "../../../sdk/rust/" } 29 | pem = "0.7.0" 30 | 31 | [patch.crates-io] 32 | h2 = { git = "https://github.com/hyperium/h2", tag = "v0.3.19" } 33 | tonic = { git = "https://github.com/apache/incubator-teaclave-crates" } 34 | 35 | sgx_tprotected_fs = { path = "../../../third_party/rust-sgx-sdk/sgx_protected_fs/tfs" } 36 | sgx_types = { path = "../../../third_party/rust-sgx-sdk/sgx_types" } 37 | -------------------------------------------------------------------------------- /examples/rust/builtin_ordered_set_intersect/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "builtin_ordered_set_intersect" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "builtin_ordered_set_intersect function example using Teaclave client SDK." 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [dependencies] 27 | teaclave_client_sdk = { path = "../../../sdk/rust/" } 28 | anyhow = { version = "1.0.26" } 29 | pem = "0.7.0" 30 | 31 | [patch.crates-io] 32 | h2 = { git = "https://github.com/hyperium/h2", tag = "v0.3.19" } 33 | tonic = { git = "https://github.com/apache/incubator-teaclave-crates" } 34 | 35 | sgx_tprotected_fs = { path = "../../../third_party/rust-sgx-sdk/sgx_protected_fs/tfs" } 36 | sgx_types = { path = "../../../third_party/rust-sgx-sdk/sgx_types" } 37 | -------------------------------------------------------------------------------- /examples/rust/sequential_functions/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "sequential_functions" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "builtin_ordered_set_join and builtin_gbdt_train functions example using Teaclave client SDK." 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [dependencies] 27 | anyhow = { version = "1.0.26" } 28 | pem = { version = "0.7.0" } 29 | serde_json = { version = "1.0.39" } 30 | teaclave_client_sdk = { path = "../../../sdk/rust/" } 31 | 32 | [patch.crates-io] 33 | h2 = { git = "https://github.com/hyperium/h2", tag = "v0.3.19" } 34 | tonic = { git = "https://github.com/apache/incubator-teaclave-crates" } 35 | 36 | sgx_tprotected_fs = { path = "../../../third_party/rust-sgx-sdk/sgx_protected_fs/tfs" } 37 | sgx_types = { path = "../../../third_party/rust-sgx-sdk/sgx_types" } 38 | -------------------------------------------------------------------------------- /executor/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/executor 3 | --- 4 | 5 | # Function Executors 6 | 7 | Function executor is one of the core component in a FaaS platform to provide 8 | execution runtime for running user-defined functions. In Teaclave, we aim to 9 | provide safe, secure and versatile function executors, which can guarantee the 10 | confidentiality of security-sensitive data during computation, and also support 11 | functions written in different languages. In addition, we are working hard to 12 | achieve better security guarantees such as memory safety. 13 | 14 | In Teaclave, there are three executors to native, Python, and WebAssembly functions. 15 | - **Builtin Executor**: There are many useful built-in functions which are statically 16 | compiled with Teaclave. Normally, these built-in functions are implemented in 17 | Rust, and can provide better (native) performance. The Builtin executor is to 18 | dispatch function invocation requests to corresponding built-in function 19 | implementations. 20 | - **MesaPy Executor**: The MesaPy executor provides a Python interpreter in SGX. 21 | User-defined Python functions can be executed in the MesaPy executor. The 22 | executor also provides interfaces to fetch and store data through the runtime. 23 | - **WAMR Executor**: WebAssembly Micro Runtime (WAMR) is integrated into 24 | Teaclave to provide a interpreter for WebAssembly bytecode. Please refer to 25 | the [WebAssembly Executor Document](../docs/executing-wasm.md) for more 26 | details on its usage. 27 | 28 | To add a new executor, you can implement the `TeaclaveExecutor` trait (basically 29 | implement the `execute` function). Then, register the executor in the Teaclave 30 | worker. At last, the execution service will dispatch functions to the specific 31 | executor. 32 | -------------------------------------------------------------------------------- /executor/context/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #[macro_use] 19 | extern crate log; 20 | 21 | pub mod context; 22 | -------------------------------------------------------------------------------- /executor/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | extern crate log; 19 | extern crate sgx_types; 20 | 21 | #[cfg(executor_builtin)] 22 | mod builtin; 23 | #[cfg(all(executor_mesapy, not(feature = "app")))] 24 | mod mesapy; 25 | #[cfg(executor_wamr)] 26 | mod wamr; 27 | 28 | #[cfg(executor_builtin)] 29 | pub use builtin::BuiltinFunctionExecutor; 30 | #[cfg(all(executor_mesapy, not(feature = "app")))] 31 | pub use mesapy::MesaPy; 32 | #[cfg(executor_wamr)] 33 | pub use wamr::WAMicroRuntime; 34 | 35 | #[cfg(feature = "enclave_unit_test")] 36 | pub mod tests { 37 | use super::*; 38 | 39 | #[allow(clippy::vec_init_then_push)] 40 | pub fn run_tests() -> bool { 41 | let mut v: Vec = Vec::new(); 42 | #[cfg(all(executor_mesapy, not(feature = "app")))] 43 | v.push(mesapy::tests::run_tests()); 44 | #[cfg(executor_builtin)] 45 | v.push(builtin::tests::run_tests()); 46 | #[cfg(executor_wamr)] 47 | v.push(wamr::tests::run_tests()); 48 | v.iter().all(|&x| x) 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /file_agent/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/file-agent 3 | --- 4 | 5 | # File Agent 6 | 7 | The file agent is a component in the execution service. The main function is to 8 | handle file downloading/uploading from and to various storage service providers 9 | (e.g., AWS S3). 10 | 11 | Before executing a task, the execution service will use the file agent to 12 | prepare any registered input files that come with the task. For example, the 13 | registered file input could be a presigned URL from AWS S3. The file agent will 14 | download and prepare the file in local. With these files in the local storage, 15 | the executor can finally invoke the function. Similarly, after the task is 16 | successfully executed, the file agent will help to upload the output files to 17 | a remote file storage like S3. 18 | -------------------------------------------------------------------------------- /file_agent/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #[macro_use] 19 | extern crate log; 20 | 21 | mod agent; 22 | pub use agent::{handle_file_request, ocall_handle_file_request}; 23 | -------------------------------------------------------------------------------- /licenses/LICENSE-ios-cmake.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014, Bogdan Cristea and LTE Engineering Software, 2 | Kitware, Inc., Insight Software Consortium. All rights reserved. 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions 5 | are met: 6 | 1. Redistributions of source code must retain the above copyright 7 | notice, this list of conditions and the following disclaimer. 8 | 9 | 2. Redistributions in binary form must reproduce the above copyright 10 | notice, this list of conditions and the following disclaimer in the 11 | documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 20 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 21 | COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 22 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 23 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 27 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 | POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /licenses/LICENSE-mesapy.txt: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Permission is hereby granted, free of charge, to any person 4 | obtaining a copy of this software and associated documentation 5 | files (the "Software"), to deal in the Software without 6 | restriction, including without limitation the rights to use, 7 | copy, modify, merge, publish, distribute, sublicense, and/or 8 | sell copies of the Software, and to permit persons to whom the 9 | Software is furnished to do so, subject to the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included 12 | in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /licenses/LICENSE-rusty-leveldb.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Google Inc. (lewinb@google.com) -- though not an official 4 | Google product or in any way related! 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to 8 | deal in the Software without restriction, including without limitation the 9 | rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10 | sell copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22 | IN THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /logger/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_logger" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave worker" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [lib] 27 | name = "teaclave_logger" 28 | crate-type = ["staticlib", "rlib"] 29 | 30 | [features] 31 | default = [] 32 | mesalock_sgx = [] 33 | cov = ["sgx_cov"] 34 | enclave_unit_test = ["teaclave_test_utils/mesalock_sgx"] 35 | 36 | [dependencies] 37 | anyhow = { version = "1.0.26" } 38 | log = { version = "0.4.17", features = ["release_max_level_info", "kv_unstable_std"] } 39 | 40 | teaclave_test_utils = { path = "../tests/utils", optional = true } 41 | 42 | sgx_cov = { version = "2.0.0", optional = true } 43 | 44 | [target.'cfg(not(target_vendor = "teaclave"))'.dependencies] 45 | sgx_types = { version = "2.0.0" } 46 | -------------------------------------------------------------------------------- /logger/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/logger 3 | --- 4 | 5 | # Logger 6 | 7 | A logger for Teaclave services. It can collect logs to a buffer. 8 | Logs not saved to buffer can be logged by another logger that 9 | implements `log` trait. 10 | 11 | ## Task logging 12 | 13 | When the logger is imported in the `execution service`, it can send the logs 14 | during a task to a buffer. The `kv_unstable` feature in the `log` crate is used 15 | to pass the pointer to the buffer to the logger. After the buffer is set, the 16 | logger will save logs to the buffer. The logger will drop the task logger after 17 | receiving a null pointer. Another logger which we call `secondary logger` will 18 | handle the logs coming afterwards if it is set. The logs before the task starts 19 | are sent to the secondary logger as well. 20 | -------------------------------------------------------------------------------- /rpc/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_rpc" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave RPC" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [features] 27 | default = [] 28 | app = [ 29 | "teaclave_types/app", 30 | "teaclave_attestation/app" 31 | ] 32 | mesalock_sgx = [ 33 | "teaclave_types/mesalock_sgx", 34 | "teaclave_attestation/mesalock_sgx", 35 | ] 36 | libos = [ 37 | "app", 38 | "teaclave_attestation/libos", 39 | ] 40 | 41 | [dependencies] 42 | anyhow = { version = "1.0.26" } 43 | log = { version = "0.4.17", features = ["release_max_level_info"] } 44 | rustls = { version = "0.21.1", features = ["dangerous_configuration"] } 45 | rustls-webpki = { version = "0.100.0" } 46 | tonic = { version = "0.9.2", features = ["tls", "gzip"] } 47 | 48 | teaclave_types = { path = "../types" } 49 | teaclave_attestation = { path = "../attestation" } 50 | -------------------------------------------------------------------------------- /rpc/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/rpc 3 | --- 4 | 5 | # RPC 6 | 7 | This directory contains TLS configuration over an attested TLS connection, 8 | providing trusted channels to send and handle requests. 9 | 10 | Re-export [Tonic](https://github.com/hyperium/tonic) to support the general 11 | gRPC framework. `Tonic` is a gRPC over HTTP/2 implementation focused on high 12 | performance, interoperability, and flexibility. 13 | 14 | ## Channel and Client 15 | 16 | A channel in gRPC represents a connection to the target service. Clients can 17 | use the channel to send requests. When constructing a client, you can use the 18 | `SgxTrustedTlsClientConfig` to set up TLS and attestation configurations so 19 | that we can establish and attest to a remote connection. For example, to 20 | connect the management service, you need to establish a trusted channel with 21 | the service first. Then, create a client for the management service with the 22 | channel. At last, you can use this client to send requests like `InvokeTask`. 23 | 24 | 25 | ## Server and Service 26 | 27 | A server is an entity that listens to a network address, processes incoming 28 | messages, and forwards requests to certain services. Similar to the client, you 29 | can use `SgxTrustedTlsServerConfig` to set up TLS and attestation 30 | configurations for the channel with clients. 31 | 32 | 33 | ## Interceptor 34 | 35 | In Teaclave, we implement `CredentialService` based on the `Interceptor` trait 36 | to add a credential to the MetadataMap of each request before it is sent, so 37 | servers can check the authentication credential of each request. 38 | -------------------------------------------------------------------------------- /rpc/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | pub mod config; 19 | pub mod interceptor; 20 | mod macros; 21 | 22 | pub use interceptor::{CredentialService, UserCredential}; 23 | 24 | pub use tonic::{ 25 | async_trait, metadata::MetadataMap, service::interceptor::InterceptedService, Code, 26 | IntoRequest, Request, Response, Status, 27 | }; 28 | pub mod transport { 29 | pub use tonic::transport::*; 30 | } 31 | -------------------------------------------------------------------------------- /rpc/src/macros.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #[macro_export] 19 | macro_rules! ensure { 20 | ($cond:expr,$err:expr $(,)?) => { 21 | if !$cond { 22 | return std::result::Result::Err($err.into()); 23 | } 24 | }; 25 | 26 | ($cond:expr,$code:expr,$err:expr $(,)?) => { 27 | if !$cond { 28 | return std::result::Result::Err($crate::Status::new($code, $err.to_string())); 29 | } 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /runtime/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_runtime" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave runtime" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [lib] 27 | name = "teaclave_runtime" 28 | crate-type = ["staticlib", "rlib"] 29 | 30 | [features] 31 | default = [] 32 | app = [ 33 | "teaclave_types/app", 34 | ] 35 | mesalock_sgx = [ 36 | "teaclave_types/mesalock_sgx", 37 | ] 38 | cov = ["sgx_cov"] 39 | enclave_unit_test = ["teaclave_test_utils/mesalock_sgx"] 40 | 41 | [dependencies] 42 | log = { version = "0.4.17", features = ["release_max_level_info"] } 43 | anyhow = { version = "1.0.26" } 44 | 45 | teaclave_types = { path = "../types" } 46 | teaclave_test_utils = { path = "../tests/utils", optional = true } 47 | 48 | sgx_cov = { version = "2.0.0", optional = true } 49 | 50 | [target.'cfg(not(target_vendor = "teaclave"))'.dependencies] 51 | sgx_types = { version = "2.0.0" } 52 | -------------------------------------------------------------------------------- /runtime/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/runtime 3 | --- 4 | 5 | # Executor Runtime 6 | 7 | This directory contains implementations of executor's runtime. The executor 8 | runtime provides interfaces (I/O) between executors (in trusted execution 9 | environment) and external components (in untrusted world like file system). The 10 | interfaces are defined in the `TeaclaveRuntime` traits. Currently, we have two 11 | runtime implementations: `DefaultRuntime` and `RawIoRuntime`. By default, 12 | Teaclave provides a runtime called `DefaultRuntime`, which bridges interfaces to 13 | our secure file system implementation (i.e., *protected file*). While 14 | `RawIoRuntime` is only for debugging, which does not encrypt any I/O. 15 | -------------------------------------------------------------------------------- /runtime/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | extern crate sgx_types; 19 | 20 | mod default; 21 | pub use default::DefaultRuntime; 22 | 23 | #[cfg(any(feature = "enclave_unit_test", test_mode))] 24 | mod raw_io; 25 | #[cfg(any(feature = "enclave_unit_test", test_mode))] 26 | pub use raw_io::RawIoRuntime; 27 | 28 | #[cfg(feature = "enclave_unit_test")] 29 | pub mod tests { 30 | pub fn run_tests() -> bool { 31 | true 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /sdk/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/sdk 3 | --- 4 | 5 | # Client SDK 6 | 7 | This directory provides Teaclave client SDK in different languages. Developers 8 | can uses the SDK to establish trusted channel with Teaclave services, send 9 | requests via RPC, etc. Please refer to the 10 | [document for examples](../examples/README.md) to learn more about the usages. 11 | -------------------------------------------------------------------------------- /sdk/c/Makefile: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | 19 | # It is very slow to use cbindgen crate in sdk/rust/build.rs, 20 | # so we put the generation separately here. 21 | RUST_CLIENT_SDK_SOURCE:=$(wildcard ../rust/src/*.rs) 22 | 23 | all: $(RUST_CLIENT_SDK_SOURCE) 24 | cbindgen ../rust -c cbindgen.toml -o teaclave_client_sdk.h 25 | -------------------------------------------------------------------------------- /sdk/c/cbindgen.toml: -------------------------------------------------------------------------------- 1 | language = "C" 2 | 3 | header = """ 4 | /* 5 | * Licensed to the Apache Software Foundation (ASF) under one 6 | * or more contributor license agreements. See the NOTICE file 7 | * distributed with this work for additional information 8 | * regarding copyright ownership. The ASF licenses this file 9 | * to you under the Apache License, Version 2.0 (the 10 | * "License"); you may not use this file except in compliance 11 | * with the License. You may obtain a copy of the License at 12 | * 13 | * http://www.apache.org/licenses/LICENSE-2.0 14 | * 15 | * Unless required by applicable law or agreed to in writing, 16 | * software distributed under the License is distributed on an 17 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18 | * KIND, either express or implied. See the License for the 19 | * specific language governing permissions and limitations 20 | * under the License. 21 | */ 22 | """ 23 | 24 | autogen_warning = """/* DO NOT MODIFY THIS MANUALLY! This file was generated using cbindgen. 25 | * To generate this file: 26 | * 1. Get the latest cbindgen using `cargo install --force cbindgen` 27 | * 2. Run `cbindgen ../rust -c cbindgen.toml -o 28 | teaclave_client_sdk.h` or `make`. 29 | */""" 30 | 31 | [parse.expand] 32 | crates = ["teaclave_client_sdk"] 33 | -------------------------------------------------------------------------------- /sdk/payload/wasm/cbindgen.toml: -------------------------------------------------------------------------------- 1 | language = "C" 2 | no_includes = true 3 | 4 | header = """ 5 | /* 6 | * Licensed to the Apache Software Foundation (ASF) under one 7 | * or more contributor license agreements. See the NOTICE file 8 | * distributed with this work for additional information 9 | * regarding copyright ownership. The ASF licenses this file 10 | * to you under the Apache License, Version 2.0 (the 11 | * "License"); you may not use this file except in compliance 12 | * with the License. You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, 17 | * software distributed under the License is distributed on an 18 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 | * KIND, either express or implied. See the License for the 20 | * specific language governing permissions and limitations 21 | * under the License. 22 | */ 23 | """ 24 | 25 | autogen_warning = """/* DO NOT MODIFY THIS MANUALLY! This file was generated using cbindgen. 26 | * To generate this file: 27 | * 1. Get the latest cbindgen using `cargo install --force cbindgen` 28 | * 2. Run `rustup run nightly cbindgen ./teaclave_context -c cbindgen.toml -o \ 29 | teaclave_context.h`. 30 | */""" 31 | 32 | [parse.expand] 33 | crates = ["teaclave_wasm_payload_bindings"] 34 | -------------------------------------------------------------------------------- /sdk/payload/wasm/teaclave_context/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_context" 20 | version = "0.6.0" 21 | edition = "2021" 22 | authors = ["Teaclave Contributors "] 23 | description = "Teaclave Contex File interfaces for WASM payloads" 24 | license = "Apache-2.0" 25 | 26 | [dependencies] 27 | -------------------------------------------------------------------------------- /sdk/python/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | -------------------------------------------------------------------------------- /sdk/swift/README.md: -------------------------------------------------------------------------------- 1 | # Teaclave Client SDK (Framework) for iOS 2 | 3 | ## Getting Started with CocoaPods 4 | 5 | Here is the `Podfile` of using the framwork in your app. 6 | 7 | ``` 8 | use_frameworks! 9 | 10 | workspace 'Workspace.xcworkspace' 11 | 12 | target 'Workspace' do 13 | pod 'TeaclaveClientSDK', :path => '/path/to/incubator-teaclave/sdk/swift/TeaclaveClientSDK' 14 | end 15 | ``` 16 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/.gitignore: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | xcuserdata/ 19 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/External/teaclave_client_sdk.h: -------------------------------------------------------------------------------- 1 | ../../../c/teaclave_client_sdk.h -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK.podspec: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | Pod::Spec.new do |s| 19 | s.name = "TeaclaveClientSDK" 20 | s.version = "0.5.1" 21 | s.summary = "Teaclave Client SDK." 22 | s.homepage = "https://teaclave.apache.org" 23 | s.license = "Apache-2.0" 24 | s.author = { "Teaclave Contributors" => "dev@teaclave.apache.org" } 25 | s.ios.deployment_target = '13.0' 26 | s.source = { :git => "https://github.com/apache/incubator-teaclave.git", :tag => "v0.5.1" } 27 | s.source_files = "TeaclaveClietnSDK", "TeaclaveClientSDK/**/*.{h,swift}", "External" 28 | s.module_map = 'TeaclaveClientSDK/TeaclaveClientSDK.modulemap' 29 | s.vendored_libraries= 'External/libteaclave_client_sdk.a' 30 | s.requires_arc = true 31 | s.static_framework = true 32 | s.dependency 'OpenSSL-Universal', '~> 1.0.0' 33 | s.library = 'c++' 34 | end 35 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | IDEDidComputeMac32BitWarning 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved: -------------------------------------------------------------------------------- 1 | { 2 | "object": { 3 | "pins": [ 4 | { 5 | "package": "OpenSSL", 6 | "repositoryURL": "https://github.com/krzyzanowskim/OpenSSL.git", 7 | "state": { 8 | "branch": null, 9 | "revision": "389296819a8d025ac10ddc9f22135a5518991fdc", 10 | "version": "1.1.180" 11 | } 12 | } 13 | ] 14 | }, 15 | "version": 1 16 | } 17 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 21 | 22 | 23 | 24 | CFBundleDevelopmentRegion 25 | $(DEVELOPMENT_LANGUAGE) 26 | CFBundleExecutable 27 | $(EXECUTABLE_NAME) 28 | CFBundleIdentifier 29 | $(PRODUCT_BUNDLE_IDENTIFIER) 30 | CFBundleInfoDictionaryVersion 31 | 6.0 32 | CFBundleName 33 | $(PRODUCT_NAME) 34 | CFBundlePackageType 35 | $(PRODUCT_BUNDLE_PACKAGE_TYPE) 36 | CFBundleShortVersionString 37 | $(MARKETING_VERSION) 38 | CFBundleVersion 39 | $(CURRENT_PROJECT_VERSION) 40 | 41 | 42 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK/TeaclaveClientSDK.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | #import 21 | 22 | //! Project version number for TeaclaveClientSDK. 23 | FOUNDATION_EXPORT double TeaclaveClientSDKVersionNumber; 24 | 25 | //! Project version string for TeaclaveClientSDK. 26 | FOUNDATION_EXPORT const unsigned char TeaclaveClientSDKVersionString[]; 27 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDK/TeaclaveClientSDK.modulemap: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | framework module TeaclaveClientSDK { 21 | umbrella header "TeaclaveClientSDK.h" 22 | 23 | explicit module CTeaclaveClientSDK { 24 | private header "teaclave_client_sdk.h" 25 | } 26 | 27 | export * 28 | } 29 | -------------------------------------------------------------------------------- /sdk/swift/TeaclaveClientSDK/TeaclaveClientSDKTests/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 21 | 22 | 23 | 24 | CFBundleDevelopmentRegion 25 | $(DEVELOPMENT_LANGUAGE) 26 | CFBundleExecutable 27 | $(EXECUTABLE_NAME) 28 | CFBundleIdentifier 29 | $(PRODUCT_BUNDLE_IDENTIFIER) 30 | CFBundleInfoDictionaryVersion 31 | 6.0 32 | CFBundleName 33 | $(PRODUCT_NAME) 34 | CFBundlePackageType 35 | $(PRODUCT_BUNDLE_PACKAGE_TYPE) 36 | CFBundleShortVersionString 37 | 1.0 38 | CFBundleVersion 39 | 1 40 | 41 | 42 | -------------------------------------------------------------------------------- /services/access_control/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_access_control_service" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave Access Control Service" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | env_logger = { version = "0.7.1" } 29 | anyhow = { version = "1.0.26" } 30 | libc = { version = "0.2.66" } 31 | signal-hook = { version = "0.1.13" } 32 | 33 | teaclave_service_app_utils = { path = "../../utils/service_app_utils" } 34 | -------------------------------------------------------------------------------- /services/access_control/app/src/main.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use anyhow::Result; 19 | use teaclave_service_app_utils::launch_teaclave_service; 20 | 21 | const PACKAGE_NAME: &str = env!("CARGO_PKG_NAME"); 22 | 23 | fn main() -> Result<()> { 24 | launch_teaclave_service(PACKAGE_NAME) 25 | } 26 | -------------------------------------------------------------------------------- /services/access_control/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x10000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/access_control/enclave/src/error.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use thiserror::Error; 19 | 20 | #[derive(Error, Debug)] 21 | pub(crate) enum TeaclavAccessControlError { 22 | #[error("access control error")] 23 | AccessControlError, 24 | } 25 | 26 | impl From for teaclave_rpc::Status { 27 | fn from(error: TeaclavAccessControlError) -> Self { 28 | teaclave_rpc::Status::permission_denied(error.to_string()) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /services/access_control/model.conf: -------------------------------------------------------------------------------- 1 | [request_definition] 2 | r = sub, act 3 | 4 | [role_definition] 5 | g = _, _ 6 | 7 | [policy_definition] 8 | p = sub, act 9 | 10 | [policy_effect] 11 | e = some(where (p.eft == allow)) 12 | 13 | [matchers] 14 | m = g(r.sub, p.sub) && r.act == p.act || r.sub == "PlatformAdmin" 15 | -------------------------------------------------------------------------------- /services/access_control/policy.csv: -------------------------------------------------------------------------------- 1 | p,rule_function_owner,register_function 2 | p,rule_function_owner,update_function 3 | p,rule_function_owner,delete_function 4 | p,rule_function_owner,disable_function 5 | p,rule_function_owner,get_function 6 | p,rule_function_owner,list_functions 7 | p,rule_function_owner,get_function_usage_stats 8 | p,rule_data_owner,register_input_file 9 | p,rule_data_owner,register_output_file 10 | p,rule_data_owner,update_input_file 11 | p,rule_data_owner,update_output_file 12 | p,rule_data_owner,register_fusion_output 13 | p,rule_data_owner,register_input_from_output 14 | p,rule_data_owner,get_output_file 15 | p,rule_data_owner,get_input_file 16 | p,rule_data_owner,create_task 17 | p,rule_data_owner,get_task 18 | p,rule_data_owner,assign_data 19 | p,rule_data_owner,approve_task 20 | p,rule_data_owner,invoke_task 21 | p,rule_data_owner,cancel_task 22 | p,rule_data_owner,get_function 23 | p,rule_data_owner,list_functions 24 | p,rule_data_owner,get_function_usage_stats 25 | 26 | g,FunctionOwner,rule_function_owner 27 | g,DataOwnerManager,rule_data_owner 28 | g,DataOwner,rule_data_owner 29 | -------------------------------------------------------------------------------- /services/authentication/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_authentication_service" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave Authentication Service" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | env_logger = { version = "0.7.1" } 29 | anyhow = { version = "1.0.26" } 30 | libc = { version = "0.2.66" } 31 | signal-hook = { version = "0.1.13" } 32 | 33 | teaclave_service_app_utils = { path = "../../utils/service_app_utils" } 34 | -------------------------------------------------------------------------------- /services/authentication/app/src/main.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use anyhow::Result; 19 | use teaclave_service_app_utils::launch_teaclave_service; 20 | 21 | const PACKAGE_NAME: &str = env!("CARGO_PKG_NAME"); 22 | 23 | fn main() -> Result<()> { 24 | launch_teaclave_service(PACKAGE_NAME) 25 | } 26 | -------------------------------------------------------------------------------- /services/authentication/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x10000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/execution/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x30000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/frontend/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_frontend_service" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave Frontend Service" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | env_logger = { version = "0.7.1" } 29 | anyhow = { version = "1.0.26" } 30 | libc = { version = "0.2.66" } 31 | signal-hook = { version = "0.1.13" } 32 | 33 | teaclave_service_app_utils = { path = "../../utils/service_app_utils" } 34 | -------------------------------------------------------------------------------- /services/frontend/app/src/main.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use anyhow::Result; 19 | use teaclave_service_app_utils::launch_teaclave_service; 20 | 21 | const PACKAGE_NAME: &str = env!("CARGO_PKG_NAME"); 22 | 23 | fn main() -> Result<()> { 24 | launch_teaclave_service(PACKAGE_NAME) 25 | } 26 | -------------------------------------------------------------------------------- /services/frontend/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x10000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/management/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_management_service" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave Management Service" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | env_logger = { version = "0.7.1" } 29 | anyhow = { version = "1.0.26" } 30 | libc = { version = "0.2.66" } 31 | signal-hook = { version = "0.1.13" } 32 | 33 | teaclave_service_app_utils = { path = "../../utils/service_app_utils" } 34 | -------------------------------------------------------------------------------- /services/management/app/src/main.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use anyhow::Result; 19 | use teaclave_service_app_utils::launch_teaclave_service; 20 | 21 | const PACKAGE_NAME: &str = env!("CARGO_PKG_NAME"); 22 | 23 | fn main() -> Result<()> { 24 | launch_teaclave_service(PACKAGE_NAME) 25 | } 26 | -------------------------------------------------------------------------------- /services/management/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x30000000 26 | 64 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/management/enclave/src/audit/mod.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | mod auditor; 19 | mod db_directory; 20 | #[cfg(feature = "enclave_unit_test")] 21 | pub mod tests; 22 | 23 | pub use auditor::Auditor; 24 | -------------------------------------------------------------------------------- /services/management/enclave/src/audit/tests.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use super::*; 19 | 20 | use teaclave_types::EntryBuilder; 21 | 22 | pub fn test_entry_doc_conversion() { 23 | let schema = Auditor::log_schema(); 24 | let entry = EntryBuilder::new().microsecond(0).build(); 25 | 26 | let doc = schema 27 | .parse_document( 28 | r#"{ 29 | "date": "1970-01-01T00:00:00.00Z", 30 | "ip": "0000:0000:0000:0000:0000:0000:0000:0000", 31 | "user": "", 32 | "message": "", 33 | "result": false 34 | }"#, 35 | ) 36 | .unwrap(); 37 | 38 | assert_eq!(entry, Auditor::try_convert_to_entry(doc.clone()).unwrap()); 39 | assert_eq!(Auditor::convert_to_doc(entry), doc); 40 | } 41 | -------------------------------------------------------------------------------- /services/proto/src/proto/teaclave_access_control_service.proto: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | * 19 | */ 20 | 21 | syntax = "proto3"; 22 | 23 | package teaclave_access_control_service_proto; 24 | 25 | message AuthorizeApiRequest { 26 | string user_role = 1; 27 | string api = 2; 28 | } 29 | 30 | message AuthorizeApiResponse { 31 | bool accept = 1; 32 | } 33 | 34 | service TeaclaveAccessControl { 35 | rpc AuthorizeApi (AuthorizeApiRequest) returns (AuthorizeApiResponse); 36 | } 37 | -------------------------------------------------------------------------------- /services/proto/src/teaclave_access_control_service.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use crate::teaclave_access_control_service_proto as proto; 19 | pub use proto::teaclave_access_control_client::TeaclaveAccessControlClient; 20 | pub use proto::teaclave_access_control_server::{ 21 | TeaclaveAccessControl, TeaclaveAccessControlServer, 22 | }; 23 | pub use proto::*; 24 | 25 | impl_custom_server!(TeaclaveAccessControlServer, TeaclaveAccessControl); 26 | impl_custom_client!(TeaclaveAccessControlClient); 27 | -------------------------------------------------------------------------------- /services/scheduler/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_scheduler_service" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave worker." 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | env_logger = { version = "0.7.1" } 29 | anyhow = { version = "1.0.26" } 30 | libc = { version = "0.2.66" } 31 | signal-hook = { version = "0.1.13" } 32 | 33 | teaclave_service_app_utils = { path = "../../utils/service_app_utils" } 34 | -------------------------------------------------------------------------------- /services/scheduler/app/src/main.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use anyhow::Result; 19 | use teaclave_service_app_utils::launch_teaclave_service; 20 | 21 | const PACKAGE_NAME: &str = env!("CARGO_PKG_NAME"); 22 | 23 | fn main() -> Result<()> { 24 | launch_teaclave_service(PACKAGE_NAME) 25 | } 26 | -------------------------------------------------------------------------------- /services/scheduler/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x30000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/scheduler/enclave/src/error.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use teaclave_rpc::{Code, Status}; 19 | use thiserror::Error; 20 | #[derive(Error, Debug)] 21 | pub enum SchedulerServiceError { 22 | #[error("service internal error")] 23 | Service(#[from] anyhow::Error), 24 | #[error("task to pull has been canceled")] 25 | TaskCanceled, 26 | #[error("task queue is empty")] 27 | TaskQueueEmpty, 28 | #[error("storage service error")] 29 | StorageError, 30 | } 31 | 32 | impl From for Status { 33 | fn from(error: SchedulerServiceError) -> Self { 34 | log::debug!("SchedulerServiceError: {:?}", error); 35 | let msg = error.to_string(); 36 | let code = match error { 37 | SchedulerServiceError::Service(_) => Code::Internal, 38 | _ => Code::Unknown, 39 | }; 40 | Status::new(code, msg) 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /services/storage/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_storage_service" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave Storage Service" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | env_logger = { version = "0.7.1" } 29 | anyhow = { version = "1.0.26" } 30 | libc = { version = "0.2.66" } 31 | signal-hook = { version = "0.1.13" } 32 | 33 | teaclave_service_app_utils = { path = "../../utils/service_app_utils" } 34 | -------------------------------------------------------------------------------- /services/storage/app/src/main.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use anyhow::Result; 19 | use teaclave_service_app_utils::launch_teaclave_service; 20 | 21 | const PACKAGE_NAME: &str = env!("CARGO_PKG_NAME"); 22 | 23 | fn main() -> Result<()> { 24 | launch_teaclave_service(PACKAGE_NAME) 25 | } 26 | -------------------------------------------------------------------------------- /services/storage/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x400000 25 | 0x30000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /services/storage/enclave/src/error.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | use teaclave_rpc::{Code, Status}; 19 | use thiserror::Error; 20 | 21 | #[derive(Error, Debug)] 22 | pub(crate) enum StorageServiceError { 23 | #[error("none")] 24 | None, 25 | #[error("leveldb error")] 26 | Database(#[from] rusty_leveldb::Status), 27 | #[error("service internal error")] 28 | Service(#[from] anyhow::Error), 29 | } 30 | 31 | impl From for teaclave_rpc::Status { 32 | fn from(error: StorageServiceError) -> Self { 33 | log::debug!("StorageServiceError: {:?}", error); 34 | let msg = error.to_string(); 35 | let code = match error { 36 | StorageServiceError::Service(_) => Code::Internal, 37 | _ => Code::Unknown, 38 | }; 39 | Status::new(code, msg) 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /services/utils/service_app_utils/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_service_app_utils" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave service app utils" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | 27 | [dependencies] 28 | ctrlc = { version = "3.1.2" } 29 | env_logger = { version = "0.7.1" } 30 | anyhow = { version = "1.0.26" } 31 | log = { version = "0.4.17", features = ["release_max_level_info"] } 32 | libc = { version = "0.2.66" } 33 | signal-hook = { version = "0.1.13" } 34 | 35 | teaclave_binder = { path = "../../../binder", features = ["app"] } 36 | teaclave_config = { path = "../../../config" } 37 | teaclave_types = { path = "../../../types", features = ["app"] } 38 | -------------------------------------------------------------------------------- /services/utils/service_enclave_utils/src/macros.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #[macro_export] 19 | macro_rules! bail { 20 | ($err:expr $(,)?) => { 21 | return std::result::Result::Err($err.into()); 22 | }; 23 | } 24 | 25 | #[macro_export] 26 | macro_rules! ensure { 27 | ($cond:expr, $err:expr $(,)?) => { 28 | if !$cond { 29 | return std::result::Result::Err($err.into()); 30 | } 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /tests/fixtures/auditors/albus_dumbledore.sign.sha256: -------------------------------------------------------------------------------- 1 | albus_dumbledore.sign.sha256 -------------------------------------------------------------------------------- /tests/fixtures/auditors/godzilla.sign.sha256: -------------------------------------------------------------------------------- 1 | godzilla.sign.sha256 -------------------------------------------------------------------------------- /tests/fixtures/auditors/optimus_prime.sign.sha256: -------------------------------------------------------------------------------- 1 | optimus_prime.sign.sha256 -------------------------------------------------------------------------------- /tests/fixtures/dcap_root_ca_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/dcap_root_ca_cert.der -------------------------------------------------------------------------------- /tests/fixtures/enclave_info.toml: -------------------------------------------------------------------------------- 1 | [teaclave_authentication_service] 2 | mr_enclave = "mr_enclave_teaclave_authentication_service" 3 | mr_signer = "mr_signer_teaclave_authentication_service" 4 | -------------------------------------------------------------------------------- /tests/fixtures/end_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDdwbEc6ZKih4mQ 3 | A916JwctBZgnRmzOKERrzlHjfzy8ZfsUJLENQBN8s3RVRwPThReHdp8bpiVRrNmM 4 | RxyXoa5oqxWDjXOu5W4hoISIMbOAq4Kj8G+eS0UKwypKHwJ1aUzEjWQGKxNpIYvc 5 | GqwYpN1Yi1+qTgLg2qw1ENtBhrWHhmQruGqDtQTQLe2tbcOuGhIL0cyWIRtEWHWL 6 | /wb1Akzhm31WQF+mURtYvYonA/Ta7ErONXCxsEXndTR4iT/XognnOhTJ+uIinNwn 7 | 52y9Te7MYix6SDBEVeKZx9v3iOYU81zXf+WaxNqZvTfbPjkLsXiymOgVfGQcO4hi 8 | QeLoJIHXAgMBAAECggEATFl3xWCV3+eScUcjZf8x9UpLzJnutDwg8o0inJUeMC9c 9 | dt77Jni9PN38W7ALnTPhmf45YaeeibRdYnLJYVuFVPwyeAynm7vaYzGE7+9MwixK 10 | 2m7Zv0JjDwWK9eIfUpVinPmhSo5iLHwkTy/PuNxqaSXzVgtt6kTfrZWUJ8ddkL8M 11 | bMQTvSLByspyZq/9n6Xq4cy1kummrYgluGKrh6+b+3/ff4wTfF9txlecM+te0uoI 12 | nu5jTRGGSouKKiOWLLkQNPCqrSmy/VfQLkacs3l8Y89Fo4TlBU6MEb02u+fCQ/58 13 | q1E8Y7J1/Yjv2VTwav9q1EX9/ncA8b2C0K1Ylgh9QQKBgQD2bZwI03z4Zpo1TnxU 14 | d4r0qWVExY7fP9BfJPEn3KE4zlPXbiiNazMprdFoIUEtKNcl77ZYVcvNLCUDOWzj 15 | maYtVJm7wuUPcJQU2becuw6N7yZJd9mfXPOiBWmv8Df5AJJymdUcXqMySi9eFr1m 16 | SwFhrsFRTs8Fo0bGrw8UTMM72QKBgQDmXsHt80+F7YuVUrVMuhTTr/DqwHgqyCQ1 17 | zQXuOeGDaFPSYzgk6XEPPJU+Kil+bFIY7DaMokVHWvJJ9e9iF8fjflSnp2pp1BWa 18 | t3D+I3zfX+SCioD8KXcFiMfoH9bqIfBzaQfeMNgqMbR0fpsf/l0n/cwJRQ4KGU7s 19 | puXqY0aNLwKBgEa2kU3fEj9dgebGDNtYKmGmsk6XujXJ5AtJWIItx327h0eMbsqV 20 | 9mqBXFPbJw7EZ2iVbufORtsrTbutINf24T6kxjCg7oYNshCBoTSyYKzN8VinsaUP 21 | UUIu93LrJcSoK14DUqn/ZikqLIl9UQAnic/0C7k/OhzOC6M73MHgfS2RAoGBAM0O 22 | y9DjI4YzTGw+kuMZQDCuC+TqLgzm2lSJix3ip7oww2wipXc11E2bv7z2Crld8jX9 23 | DRFh4AkEC2eKYusN//+gE/qoKzDId/KgFxQgwqaS1PTeFLJgtnFWr5sPvF3sl/wj 24 | Ib3F/KSSWe7YQ3zXDlTqtRQLQ9P5cydz6HQaqlJBAoGBAL3xNfmStaUFV4moms64 25 | fZ755LqQwN5rwjZLxmRTsOgVI/KPEg44xvbcG885eNW+JhYSPUyvkrP6Qb+I8PEN 26 | qdMPUgTetOrnA4T9yf7+U/xHghDSb3BEQKyGlrbRO2GB/iGa3xHD963WozDzeAfQ 27 | uxrLrUaQjPsf2AEhrHk8slgM 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /tests/fixtures/functions/face_detection/input.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/face_detection/input.jpg -------------------------------------------------------------------------------- /tests/fixtures/functions/face_detection/output.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/face_detection/output.jpg -------------------------------------------------------------------------------- /tests/fixtures/functions/gbdt_prediction/expected_result.txt: -------------------------------------------------------------------------------- 1 | 2.0000000000 2 | 1.0000264645 3 | 1.0000264645 4 | 1.0000264645 5 | 2.0000000000 6 | 2.0000000000 7 | 1.0000264645 8 | 2.0000000000 9 | 2.9999732971 10 | 2.0000000000 11 | 2.9999732971 12 | 2.9999732971 13 | 2.9999732971 14 | 2.9999732971 15 | 2.9999732971 16 | 2.9999732971 17 | 1.0000264645 18 | 1.0000264645 19 | 1.0000264645 20 | 2.0000000000 21 | 1.0000264645 22 | 2.0000000000 23 | 1.0000264645 24 | 2.9999732971 25 | 2.9999732971 26 | 2.0000000000 27 | 1.0000264645 28 | 2.9999732971 29 | 1.0000264645 30 | 2.9999732971 31 | -------------------------------------------------------------------------------- /tests/fixtures/functions/gbdt_prediction/test_data.txt: -------------------------------------------------------------------------------- 1 | 7.7,2.6,6.9,2.3 2 | 6.1,2.9,4.7,1.4 3 | 6.0,2.9,4.5,1.5 4 | 5.8,2.6,4.0,1.2 5 | 7.6,3.0,6.6,2.1 6 | 5.6,2.8,4.9,2.0 7 | 5.5,2.5,4.0,1.3 8 | 7.1,3.0,5.9,2.1 9 | 5.0,3.5,1.6,0.6 10 | 6.7,3.0,5.2,2.3 11 | 4.6,3.4,1.4,0.3 12 | 5.1,3.5,1.4,0.2 13 | 5.4,3.7,1.5,0.2 14 | 5.0,3.4,1.6,0.4 15 | 4.5,2.3,1.3,0.3 16 | 4.9,3.6,1.4,0.1 17 | 7.0,3.2,4.7,1.4 18 | 6.0,2.2,4.0,1.0 19 | 6.0,3.0,4.8,1.8 20 | 6.7,3.1,5.6,2.4 21 | 5.7,2.9,4.2,1.3 22 | 6.1,3.0,4.9,1.8 23 | 6.7,3.1,4.7,1.5 24 | 5.4,3.9,1.3,0.4 25 | 4.8,3.4,1.9,0.2 26 | 6.4,3.2,5.3,2.3 27 | 7.2,3.0,5.8,1.6 28 | 5.0,3.5,1.3,0.3 29 | 6.3,2.5,4.9,1.5 30 | 5.0,3.4,1.5,0.2 31 | -------------------------------------------------------------------------------- /tests/fixtures/functions/gbdt_training/train.aes_gcm_128: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/gbdt_training/train.aes_gcm_128 -------------------------------------------------------------------------------- /tests/fixtures/functions/gbdt_training/train.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/gbdt_training/train.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/logistic_regression_prediction/expected_result.txt: -------------------------------------------------------------------------------- 1 | 0.7530 2 | 0.9163 3 | 0.2041 4 | 0.0094 5 | 0.0426 6 | -------------------------------------------------------------------------------- /tests/fixtures/functions/logistic_regression_prediction/model.txt: -------------------------------------------------------------------------------- 1 | {"alpha":0.3,"iters":100,"parameters":[-0.7217673215572631,1.7917952971098938,0.5160567210379624,1.9611477804952018,-0.06059944514037786,-0.3922383186171758,-0.016518720611358107,0.5544320061020859,-0.0633262139909826,1.411549874207487,0.10834644397882805,0.5745352048596792,0.7267581684630282,0.3591176819552514,0.05218327931711743,0.2311147165162303,0.7200202688528744,-0.11124176185023933,0.20438197304348082,0.5711206726813367,0.4502424746039776,0.49126862948834127,0.5477485136765818,-0.36209384210470386,0.4052930840469643,0.19601629333555373,0.6660457041145031,0.6727318873548752,-0.5311309688412407,0.12945027543784562,0.34113578037675374]} -------------------------------------------------------------------------------- /tests/fixtures/functions/logistic_regression_prediction/predict_input.txt: -------------------------------------------------------------------------------- 1 | 1.5619560125603997,-1.3585291014731475,-1.929064964958864,-0.48811178352065915,-1.6298734512909983,0.8556691653018434,0.3798596856717057,0.5206354603638552,1.4795022936289703,-1.475871675153695,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,1.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0 2 | 0.4317415153486741,-1.2724398149784077,1.2065551475519039,0.30051381061013843,-1.126829867003464,-0.5463861825373719,1.0927733527526797,1.3761579259389451,-1.077581460405606,-0.66117948106943,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0 3 | 0.1831170075985541,0.8266275084009919,-1.6263223984375375,0.22082406698679818,1.1026886446611233,-1.079671043815752,0.6608823735448814,-0.5931674081381179,0.7960784158847922,-0.5670352239419173,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,1.0,0.0,0.0,0.0 4 | -1.7258296754127966,0.3190923551324158,-0.07759090516648384,0.47445362292910587,-0.43834833360941045,0.4858568905058413,-1.029447361090786,-0.6760396593910052,-0.9488385062478163,1.7400447870621698,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0 5 | -1.3273559563065362,1.3048414649869655,-0.5504419191862819,0.48415113906417967,0.6153152869330243,0.5076592437240378,0.9637908015683003,1.0405852286895143,-0.48539483338526546,1.4724927513878685,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0 -------------------------------------------------------------------------------- /tests/fixtures/functions/logistic_regression_training/expected_model.txt: -------------------------------------------------------------------------------- 1 | {"alpha":0.3,"iters":100,"parameters":[-0.7217673215572631,1.7917952971098938,0.5160567210379624,1.9611477804952018,-0.06059944514037786,-0.3922383186171758,-0.016518720611358107,0.5544320061020859,-0.0633262139909826,1.411549874207487,0.10834644397882805,0.5745352048596792,0.7267581684630282,0.3591176819552514,0.05218327931711743,0.2311147165162303,0.7200202688528744,-0.11124176185023933,0.20438197304348082,0.5711206726813367,0.4502424746039776,0.49126862948834127,0.5477485136765818,-0.36209384210470386,0.4052930840469643,0.19601629333555373,0.6660457041145031,0.6727318873548752,-0.5311309688412407,0.12945027543784562,0.34113578037675374]} -------------------------------------------------------------------------------- /tests/fixtures/functions/mesapy/input.txt: -------------------------------------------------------------------------------- 1 | Hello 2 | World -------------------------------------------------------------------------------- /tests/fixtures/functions/mesapy/output.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/mesapy/output.txt -------------------------------------------------------------------------------- /tests/fixtures/functions/ordered_set_intersect/psi0.txt: -------------------------------------------------------------------------------- 1 | 3129a6f57c01547906c4f851de448d4a85716927d9aae5d13955303833dea3be 2 | 3c2ef1901bee3a4866d68e16de37a270e4f16d166132f14da88b5d0bb5c5a369 3 | 699bd76eb9764233eade0f5ca571e86b01b59ef6051e6008f2ab1723b1ba20e8 4 | 6b51d431df5d7f141cbececcf79edf3dd861c3b4069f0b11661a3eefacbba918 5 | 7a90238b179e5d28faa81dcffee49fcd200d591a61f9d0ba9d76eca3cb71a813 6 | fa3cfb3f1bb823aa9501f88f1f95f732ee6fef2c3a48be7f1d38037b216a549f 7 | ffff5954ee15325a8af0a1251b5e6dc255975484df25c5f9f24542479d8d340e -------------------------------------------------------------------------------- /tests/fixtures/functions/ordered_set_intersect/psi0.txt.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/ordered_set_intersect/psi0.txt.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/ordered_set_intersect/psi1.txt: -------------------------------------------------------------------------------- 1 | 35d85143c3bd10badcad7d3e01bdbad074e4d62a9f04f9c8652da5f5259fed7d 2 | 3c2ef1901bee3a4866d68e16de37a270e4f16d166132f14da88b5d0bb5c5a369 3 | 6b51d431df5d7f141cbececcf79edf3dd861c3b4069f0b11661a3eefacbba918 4 | 87e58365cf5292ae0150b97d5bba026158e28a5c2fa32cb04cf4c6a0d0c97111 5 | fa3cfb3f1bb823aa9501f88f1f95f732ee6fef2c3a48be7f1d38037b216a549f -------------------------------------------------------------------------------- /tests/fixtures/functions/ordered_set_intersect/psi1.txt.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/ordered_set_intersect/psi1.txt.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/ordered_set_join/join0.csv.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/ordered_set_join/join0.csv.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/ordered_set_join/join1.csv.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/ordered_set_join/join1.csv.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/password_check/exposed_passwords.txt: -------------------------------------------------------------------------------- 1 | 123456 2 | 123456789 3 | qwerty 4 | password 5 | 1111111 6 | 12345678 7 | abc123 8 | 1234567 9 | password1 10 | 12345 11 | 1234567890 12 | 123123 13 | 000000 14 | Iloveyou 15 | 1234 16 | 1q2w3e4r5t 17 | Qwertyuiop 18 | 123 19 | Monkey 20 | Dragon 21 | -------------------------------------------------------------------------------- /tests/fixtures/functions/password_check/exposed_passwords.txt.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/password_check/exposed_passwords.txt.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/password_check/password.txt: -------------------------------------------------------------------------------- 1 | password 2 | -------------------------------------------------------------------------------- /tests/fixtures/functions/private_join_and_compute/three_party_data/bank_a.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/private_join_and_compute/three_party_data/bank_a.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/private_join_and_compute/three_party_data/bank_a.txt: -------------------------------------------------------------------------------- 1 | b : 2000 2 | a : 100 3 | c : 30000 4 | e : 5000000 5 | d : 400000 6 | -------------------------------------------------------------------------------- /tests/fixtures/functions/private_join_and_compute/three_party_data/bank_b.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/private_join_and_compute/three_party_data/bank_b.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/private_join_and_compute/three_party_data/bank_b.txt: -------------------------------------------------------------------------------- 1 | e : 3000 2 | x : 200 3 | c : 40000 4 | y : 10 5 | a : 5000000 -------------------------------------------------------------------------------- /tests/fixtures/functions/private_join_and_compute/three_party_data/bank_c.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/private_join_and_compute/three_party_data/bank_c.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/private_join_and_compute/three_party_data/bank_c.txt: -------------------------------------------------------------------------------- 1 | e : 30000 2 | x : 200 3 | c : 400000 4 | y : 10 5 | d : 5000000 6 | -------------------------------------------------------------------------------- /tests/fixtures/functions/py_logistic_reg/predict.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/py_logistic_reg/predict.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/py_logistic_reg/predict.txt: -------------------------------------------------------------------------------- 1 | 1.5619560125603997,-1.3585291014731475,-1.929064964958864,-0.48811178352065915,-1.6298734512909983,0.8556691653018434,0.3798596856717057,0.5206354603638552,1.4795022936289703,-1.475871675153695,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,1.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0 2 | 0.4317415153486741,-1.2724398149784077,1.2065551475519039,0.30051381061013843,-1.126829867003464,-0.5463861825373719,1.0927733527526797,1.3761579259389451,-1.077581460405606,-0.66117948106943,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0 3 | 0.1831170075985541,0.8266275084009919,-1.6263223984375375,0.22082406698679818,1.1026886446611233,-1.079671043815752,0.6608823735448814,-0.5931674081381179,0.7960784158847922,-0.5670352239419173,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,1.0,0.0,0.0,0.0 4 | -1.7258296754127966,0.3190923551324158,-0.07759090516648384,0.47445362292910587,-0.43834833360941045,0.4858568905058413,-1.029447361090786,-0.6760396593910052,-0.9488385062478163,1.7400447870621698,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0 5 | -1.3273559563065362,1.3048414649869655,-0.5504419191862819,0.48415113906417967,0.6153152869330243,0.5076592437240378,0.9637908015683003,1.0405852286895143,-0.48539483338526546,1.4724927513878685,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,1.0,0.0 -------------------------------------------------------------------------------- /tests/fixtures/functions/py_logistic_reg/py_result.txt: -------------------------------------------------------------------------------- 1 | [1.0 1.0 0.0 0.0 0.0] 2 | -------------------------------------------------------------------------------- /tests/fixtures/functions/py_logistic_reg/train.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/py_logistic_reg/train.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/rsa_sign/expected_rsasign.txt: -------------------------------------------------------------------------------- 1 | tmgoOYVBmGOQNvb1Rrf13L0bchIlbRx2rFf14udRmZrXzaGrIH3z26tSjD6a3RvKGh/vgW8bjbr7caSdjUxNPI/LJEk/TXX0ilkhfV957fBgtOtB2YFqbKGFR6zoHHC2zgOWDUXidGJqMQFD/SY5tBe0t4bFhHPkxnU/lTTwK+sg8ECNCXTvblUsI7dMVzMHV3q29NwE43DvrM+9pbt9QGm8sGatAnpcK/RVp1nk60FQJvwe0zUQXvpPMpCv8vO+/kKEZkwXw8WwPOvCNI5jE/8gGnQHCH/3UgvZjfgp978htHOky7BNskYIHsc87dClIjMhjfMto5pm14SdCpmmHw== 2 | -------------------------------------------------------------------------------- /tests/fixtures/functions/rsa_sign/key.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/rsa_sign/key.der -------------------------------------------------------------------------------- /tests/fixtures/functions/rsa_sign/rsakey.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/rsa_sign/rsakey.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_c_millionaire_problem/expected_output.txt: -------------------------------------------------------------------------------- 1 | pf_in_a -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_c_millionaire_problem/input_a.txt: -------------------------------------------------------------------------------- 1 | 4211037 -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_c_millionaire_problem/input_b.txt: -------------------------------------------------------------------------------- 1 | 1008611 -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_rust_psi/psi0.txt: -------------------------------------------------------------------------------- 1 | MQVH3WOTTSRUKOA3 2 | 93JM4X46J9DMRSZH 3 | I19L8FHJN3DHVMV5 4 | BJEBUCL2K99EKVS3 5 | AYTYZYYE8ZCZDFKT 6 | DV28FQX19IE5YWB5 7 | LBSC5P29QS6500BL 8 | 1SZAD1OQPELAG5UU 9 | FQDRIBYDHE4SMLT8 10 | T8QW0NJG3F0Y08VP 11 | DZSG168P1F6RI79G 12 | C6TTRETYW9UERIIV 13 | X8EADRYKUYAI32FY 14 | M3AUONYLXUZWS9V2 15 | PU584LA6NBSMEXSD 16 | UYYAL5KKMUCKHSUR 17 | R690DNG6A4OK18V1 18 | P950PQRHNSB0RD13 19 | M5WA0KNAN7BMSAP5 20 | V7QY0KIQ1UYAS19O -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_rust_psi/psi0.txt.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/wamr_rust_psi/psi0.txt.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_rust_psi/psi1.txt: -------------------------------------------------------------------------------- 1 | F4PUDG2YGF9NEWEE 2 | I19L8FHJN3DHVMV5 3 | 4BZF2UI4O6W7IXTK 4 | ALPFZ1ZIOWAIONSM 5 | P950PQRHNSB0RD13 6 | UYYAL5KKMUCKHSUR 7 | 1SZAD1OQPELAG5UU 8 | 9L8G9KIQISXPSNP6 9 | 1HSMCDZHVZP6AOL6 10 | YUUG5LIS624RSH77 11 | DZSG168P1F6RI79G 12 | 3WTHNLCFEEOMN4KL 13 | 0V69ILSCWBZ6WZ11 14 | Z90GOD99P6NT3VDR 15 | M3AUONYLXUZWS9V2 16 | JR1RBS3H59GMBY8T 17 | 8UYKMW69AKJ6X90F 18 | 5FI34757GWD1H3OP 19 | NS0ZCZO3V2UDXND8 -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_rust_psi/psi1.txt.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/wamr_rust_psi/psi1.txt.enc -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_tvm_mnist/img_10.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/wamr_tvm_mnist/img_10.jpg -------------------------------------------------------------------------------- /tests/fixtures/functions/wamr_tvm_mnist/img_10.jpg.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/functions/wamr_tvm_mnist/img_10.jpg.enc -------------------------------------------------------------------------------- /tests/fixtures/fusion/input1.txt: -------------------------------------------------------------------------------- 1 | u1_hello 2 | u1_teaclave -------------------------------------------------------------------------------- /tests/fixtures/fusion/input2.txt: -------------------------------------------------------------------------------- 1 | u2_welcome 2 | u2_to 3 | u2_teaclave -------------------------------------------------------------------------------- /tests/fixtures/ias_root_ca_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/ias_root_ca_cert.der -------------------------------------------------------------------------------- /tests/fixtures/tls_ra_cert_v3.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/tls_ra_cert_v3.der -------------------------------------------------------------------------------- /tests/fixtures/tls_ra_cert_v4.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/apache/incubator-teaclave/cd5d1a874f3e02643ce96268b6f3b146797bbb94/tests/fixtures/tls_ra_cert_v4.der -------------------------------------------------------------------------------- /tests/functional/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_functional_tests" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Enclave test driver" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | log = { version = "0.4.17", features = ["release_max_level_info"] } 29 | env_logger = { version = "0.7.1" } 30 | anyhow = { version = "1.0.26" } 31 | structopt = { version = "0.3" } 32 | 33 | teaclave_binder = { path = "../../../binder", features = ["app"] } 34 | teaclave_types = { path = "../../../types", features = ["app"] } 35 | 36 | sgx_types = { version = "2.0.0" } 37 | -------------------------------------------------------------------------------- /tests/functional/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x1000000 26 | 24 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /tests/integration/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_integration_tests" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Integration tests" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | log = { version = "0.4.17", features = ["release_max_level_info"] } 29 | env_logger = { version = "0.7.1" } 30 | anyhow = { version = "1.0.26" } 31 | 32 | teaclave_binder = { path = "../../../binder", features = ["app"] } 33 | teaclave_config = { path = "../../../config" } 34 | teaclave_test_utils = { path = "../../utils" } 35 | teaclave_types = { path = "../../../types", features = ["app"] } 36 | 37 | sgx_types = { version = "2.0.0" } 38 | -------------------------------------------------------------------------------- /tests/integration/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x900000 25 | 0x2000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /tests/unit/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_unit_tests" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Enclave test driver" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [features] 28 | default = ["teaclave_binder/app_unit_test"] 29 | 30 | [dependencies] 31 | log = { version = "0.4.17", features = ["release_max_level_info"] } 32 | env_logger = { version = "0.7.1" } 33 | anyhow = { version = "1.0.26" } 34 | 35 | teaclave_file_agent = { path = "../../../file_agent" } 36 | teaclave_binder = { path = "../../../binder", features = ["app"] } 37 | teaclave_types = { path = "../../../types", features = ["app"] } 38 | teaclave_test_utils = { path = "../../../tests/utils" } 39 | 40 | sgx_types = { version = "2.0.0" } 41 | -------------------------------------------------------------------------------- /tests/unit/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x8000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /tests/utils/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_test_utils" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave test utility" 23 | license = "Apache-2.0" 24 | edition = "2021" 25 | 26 | [features] 27 | default = [] 28 | mesalock_sgx = [] 29 | 30 | [dependencies] 31 | inventory = { version = "0.1.6" } 32 | teaclave_test_utils_proc_macro = { path = "./proc_macro" } 33 | tokio = { version = "1.0", features = ["rt-multi-thread", "time", "macros"] } 34 | futures = { version = "0.3" } -------------------------------------------------------------------------------- /tests/utils/proc_macro/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_test_utils_proc_macro" 20 | version = "0.0.1" 21 | edition = "2021" 22 | publish = false 23 | 24 | [lib] 25 | proc-macro = true 26 | 27 | [dependencies] 28 | proc-macro2 = "1.0" 29 | quote = "1.0" 30 | syn = { version = "2.0", features = ["full"] } 31 | -------------------------------------------------------------------------------- /third_party/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/third-party 3 | --- 4 | 5 | # Third-Party Dependency Vendoring 6 | 7 | For Teaclave, since all SGX/enclave dependencies are part of trusted computing base (TCB), 8 | in order to ease auditing, ensure product stability, as well as reduce the 9 | possibility of the [supply chain attack](https://en.wikipedia.org/wiki/Supply_chain_attack), 10 | all TEE dependencies should be vendored. Then during the build process, both the 11 | untrusted (i.e., the app part) and trusted components (i.e., the enclave part) 12 | will only consume packages from this designated repository and will not 13 | download any code from external package registry such as 14 | [crates.io](https://crates.io). The vendoring of Rust crates are not done here 15 | for development ease but are recommended for production use. 16 | 17 | Basically, we have these submodules: 18 | - `rust-sgx-sdk`: Teaclave SGX SDK for standard libraries and Rust bindings of 19 | SGX libraries. 20 | - `webassembly-micro-runtime`: A sandboxed runtime to execute(interpret) 21 | WebAssembly bytecode. 22 | -------------------------------------------------------------------------------- /tools/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/tools 3 | --- 4 | 5 | # Tools 6 | 7 | This directory contains help tools: 8 | - scripts: tools in the script form 9 | - sgx_tool: Teaclave SGX Tool 10 | -------------------------------------------------------------------------------- /tools/sgx_tool/README.md: -------------------------------------------------------------------------------- 1 | # Teaclave SGX Tool 2 | 3 | This tool is to dump some SGX related information, e.g., hardware and software 4 | information, remote attestation report. This can help to diagnose some issues 5 | which may caused by the platform settings. 6 | 7 | ## Hardware/Software Status 8 | 9 | To dump the SGX related hardware and software information, you can use this 10 | command: 11 | 12 | ``` 13 | $ ./teaclave_sgx_tool status 14 | Vendor: GenuineIntel 15 | CPU Model: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 | SGX: 17 | Has SGX: true 18 | Has SGX1: true 19 | Has SGX2: false 20 | Supports ENCLV instruction leaves EINCVIRTCHILD, EDECVIRTCHILD, and ESETCONTEXT: false 21 | Supports ENCLS instruction leaves ETRACKC, ERDINFO, ELDBC, and ELDUC: false 22 | Bit vector of supported extended SGX features: 0x00000000 23 | Maximum supported enclave size in non-64-bit mode: 2^31 24 | Maximum supported enclave size in 64-bit mode: 2^36 25 | Bits of SECS.ATTRIBUTES[127:0] set with ECREATE: 0x0000000000000036 (lower) 0x000000000000001F (upper) 26 | EPC physical base: 0x00000000B0200000 27 | EPC size: 0x0000000005D80000 (93M) 28 | Supports flexible launch control: true 29 | 30 | ... 31 | ``` 32 | 33 | ## Remote Attestation Report 34 | 35 | Use the following command to dump remote attestation report and configure the 36 | platform accordingly: 37 | 38 | ``` 39 | $ ./teaclave_sgx_tool attestation --key {as_key} --spid {as_spid} --url {as_url} --algorithm {as_algorithm} 40 | Remote Attestation Report: 41 | { 42 | "advisoryIDs": [ 43 | "INTEL-SA-00161", 44 | "INTEL-SA-00320", 45 | "INTEL-SA-00329", 46 | "INTEL-SA-00220", 47 | "INTEL-SA-00270", 48 | "INTEL-SA-00293", 49 | "INTEL-SA-00233" 50 | ], 51 | "advisoryURL": "https://security-center.intel.com", 52 | ... 53 | } 54 | ``` 55 | -------------------------------------------------------------------------------- /tools/sgx_tool/app/Cargo.toml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | 18 | [package] 19 | name = "teaclave_sgx_tool" 20 | version = "0.6.0" 21 | authors = ["Teaclave Contributors "] 22 | description = "Teaclave SGX Tool" 23 | license = "Apache-2.0" 24 | build = "build.rs" 25 | edition = "2021" 26 | 27 | [dependencies] 28 | log = { version = "0.4.17", features = ["release_max_level_info"] } 29 | env_logger = { version = "0.7.1" } 30 | anyhow = { version = "1.0.26" } 31 | serde = { version = "1.0.92", features = ["derive"] } 32 | serde_json = { version = "1.0.39" } 33 | raw-cpuid = "10.7.0" 34 | structopt = "0.3" 35 | 36 | teaclave_binder = { path = "../../../binder", features = ["app"] } 37 | teaclave_types = { path = "../../../types", features = ["app"] } 38 | 39 | sgx_types = { version = "2.0.0" } 40 | -------------------------------------------------------------------------------- /tools/sgx_tool/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 20 | 21 | 22 | 0 23 | 0 24 | 0x200000 25 | 0x8000000 26 | 22 27 | 0 28 | 0 29 | 0 30 | 0xFFFFFFFF 31 | 32 | -------------------------------------------------------------------------------- /types/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/types 3 | --- 4 | 5 | # Types 6 | 7 | This directory defines common types (useful structs and traits) such as file, 8 | function, and task used in the Teaclave platform. Note that the `teaclave_types` 9 | crate can be used in both app and trusted enclave parts. 10 | -------------------------------------------------------------------------------- /types/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | extern crate sgx_types; 19 | 20 | mod attestation; 21 | mod audit; 22 | mod crypto; 23 | mod error; 24 | mod file; 25 | mod file_agent; 26 | mod function; 27 | mod macros; 28 | mod staged_file; 29 | mod staged_function; 30 | mod staged_task; 31 | mod storage; 32 | mod task; 33 | mod task_state; 34 | mod user; 35 | mod worker; 36 | 37 | pub use attestation::*; 38 | pub use audit::*; 39 | pub use crypto::*; 40 | pub use error::*; 41 | pub use file::*; 42 | pub use file_agent::*; 43 | pub use function::*; 44 | pub use macros::*; 45 | pub use staged_file::*; 46 | pub use staged_function::*; 47 | pub use staged_task::*; 48 | pub use storage::*; 49 | pub use task::*; 50 | pub use task_state::*; 51 | pub use user::*; 52 | pub use worker::*; 53 | 54 | #[cfg(feature = "enclave_unit_test")] 55 | pub mod tests { 56 | use super::*; 57 | 58 | pub fn run_tests() -> bool { 59 | worker::tests::run_tests() 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /types/src/macros.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | #[macro_export] 19 | macro_rules! hashmap { 20 | ($( $key: expr => $value: expr, )+) => { hashmap!($($key => $value),+) }; 21 | ($( $key: expr => $value: expr ),*) => {{ 22 | let mut map = ::std::collections::HashMap::new(); 23 | $( map.insert($key.into(), $value.into()); )* 24 | map 25 | }} 26 | } 27 | -------------------------------------------------------------------------------- /worker/README.md: -------------------------------------------------------------------------------- 1 | --- 2 | permalink: /docs/codebase/worker 3 | --- 4 | 5 | # Teaclave Worker 6 | 7 | The worker layer in Teaclave is a thin layer to manage executors and runtimes. 8 | There are several executors and runtime for different usage scenarios. 9 | Developers can customize and register different executors in a worker. 10 | 11 | This diagram demonstrates the relationship between the execution service, 12 | worker, executor and runtime. 13 | 14 | ``` 15 | +-----------------------------------+ 16 | | Execution Service | 17 | | +-----------------------------+ | 18 | | | Worker | | 19 | | | +----------+ +---------+ | | 20 | | | | Executor | | Runtime | | | 21 | | | +----------+ +---------+ | | 22 | | +-----------------------------+ | 23 | +-----------------------------------+ 24 | ``` 25 | 26 | The execution service is a service instance to maintain communication with other 27 | services through attested RPC, prepare data and related information for function 28 | execution, execute a function with a *worker* and report execution result. The 29 | worker will prepare a proper *executor* and *runtime* combination, and then 30 | dispatch the function to the executor, which will eventually run the function. 31 | At the same time, the runtime will help to manage input and output data of 32 | functions and provide interfaces in executor. 33 | 34 | Currently, there are several executors (e.g., mesapy, builtin) and runtime 35 | (e.g., default, raw-io) are implemented and registered in worker. Please refer 36 | to the docs of executor and runtime for more details. 37 | -------------------------------------------------------------------------------- /worker/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Licensed to the Apache Software Foundation (ASF) under one 2 | // or more contributor license agreements. See the NOTICE file 3 | // distributed with this work for additional information 4 | // regarding copyright ownership. The ASF licenses this file 5 | // to you under the Apache License, Version 2.0 (the 6 | // "License"); you may not use this file except in compliance 7 | // with the License. You may obtain a copy of the License at 8 | // 9 | // http://www.apache.org/licenses/LICENSE-2.0 10 | // 11 | // Unless required by applicable law or agreed to in writing, 12 | // software distributed under the License is distributed on an 13 | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | // KIND, either express or implied. See the License for the 15 | // specific language governing permissions and limitations 16 | // under the License. 17 | 18 | extern crate sgx_types; 19 | 20 | mod worker; 21 | pub use worker::Worker; 22 | 23 | #[cfg(feature = "enclave_unit_test")] 24 | pub mod tests { 25 | pub fn run_tests() -> bool { 26 | true 27 | } 28 | } 29 | --------------------------------------------------------------------------------