├── .bazelversion ├── fcp ├── testing │ ├── testdata │ │ └── verify_baseline_test.baseline │ ├── tracing_schema.fbs │ ├── test_messages.proto │ ├── tracing.h │ └── tracing.cc ├── tracing │ ├── tools │ │ ├── testdata │ │ │ ├── NoTag.fbs │ │ │ ├── NoAttributes.fbs │ │ │ ├── TagTooLong.fbs │ │ │ ├── EmptyTable.fbs │ │ │ ├── OrderWithIds.fbs │ │ │ ├── EnumType.fbs │ │ │ ├── UnsupportedType.fbs │ │ │ ├── TableWithNamespace.fbs │ │ │ ├── DuplicateTags.fbs │ │ │ ├── FieldsOfDifferentTypes.fbs │ │ │ ├── DeprecatedField.fbs │ │ │ ├── NonTableObjectsAreSkipped.fbs │ │ │ ├── NoTag.baseline │ │ │ ├── AllTypes.fbs │ │ │ ├── NoAttributes.baseline │ │ │ ├── TagTooLong.baseline │ │ │ ├── UnsupportedType.baseline │ │ │ └── DuplicateTags.baseline │ │ ├── README.md │ │ └── test_codegen_runner.sh │ ├── test │ │ ├── testdata │ │ │ ├── ChangeThreadLocal1.baseline │ │ │ ├── ChangeThreadLocal2.baseline │ │ │ ├── PerThread1.baseline │ │ │ ├── PerThread2.baseline │ │ │ └── Basic.baseline │ │ └── test_api_message.proto │ ├── tracing_severity.h │ ├── tracing_span_id.cc │ ├── tracing_span_ref.cc │ ├── tracing_schema_common.fbs │ ├── tracing_span_impl.cc │ ├── tracing_tag_test.cc │ ├── text_tracing_span_impl.cc │ ├── tracing_context_utils.cc │ ├── test_tracing_span_impl.cc │ ├── scoped_tracing_recorder.h │ ├── test_tracing_span_impl.h │ └── tracing_span_ref.h ├── client │ ├── engine │ │ ├── data │ │ │ ├── join_model.flatbuffer │ │ │ ├── length_model.flatbuffer │ │ │ ├── README.md │ │ │ └── BUILD │ │ ├── caching_error_reporter_test.cc │ │ ├── caching_error_reporter.h │ │ ├── caching_error_reporter.cc │ │ └── engine.proto │ ├── rust │ │ └── testdata │ │ │ ├── endorsement.json.sig │ │ │ ├── endorser_public_key.pem │ │ │ ├── rekor_public_key.pem │ │ │ ├── BUILD │ │ │ └── endorsement.json │ ├── http │ │ ├── README.md │ │ ├── http_resource_metadata.proto │ │ ├── curl │ │ │ ├── curl_http_response.cc │ │ │ └── curl_http_response.h │ │ └── testing │ │ │ ├── http_test_server.h │ │ │ └── BUILD │ ├── README.md │ ├── tensorflow │ │ ├── tensorflow_runner_factory.cc │ │ ├── tensorflow_runner_impl_registration.cc │ │ └── tensorflow_runner_factory.h │ ├── client_runner_example_data.proto │ ├── simple_task_environment.cc │ ├── parsing_utils.h │ ├── fl_runner_tensorflow_spec_result.proto │ ├── cache │ │ ├── cache_manifest.proto │ │ └── test_helpers.h │ ├── files.h │ ├── runner_common.h │ ├── fake_log_manager.h │ ├── task_result_info.proto │ ├── attestation │ │ ├── test_values.h │ │ └── extract_attestation_records.h │ └── testing │ │ └── BUILD ├── protos │ ├── confidentialcompute │ │ ├── README.md │ │ ├── blob_data.proto │ │ ├── file_info.proto │ │ ├── payload_metadata.proto │ │ ├── message_description.proto │ │ ├── private_logger_uploads_config.proto │ │ ├── data_upload_config.proto │ │ ├── nn_histogram_config.proto │ │ ├── program_worker.proto │ │ ├── computation_delegation.proto │ │ ├── blob_header.proto │ │ └── cbor_ids.md │ └── data_type.proto ├── confidentialcompute │ ├── python │ │ └── constants.py │ ├── private_state.h │ ├── constants.h │ └── payload_transparency │ │ └── rekor.h ├── patches │ ├── tensorflow_zlib.patch │ ├── tensorflow_googleapis_proto_rules.patch │ ├── federated_language_structure_visibility.patch │ ├── tensorflow_tf_gen_op_wrapper_py.patch │ ├── BUILD │ ├── tensorflow_googleapis.patch │ ├── tensorflow_federated_deps.patch │ ├── tensorflow_serving.patch │ ├── tensorflow_federated_executors.patch │ └── tensorflow_llvm_url.patch ├── base │ ├── future.cc │ ├── process_unique_id.cc │ ├── compression.h │ ├── source_location_test.cc │ ├── base_name.h │ ├── process_unique_id.h │ ├── digest.h │ ├── base_name.cc │ ├── compression_test.cc │ ├── status_converters.h │ ├── monitoring.cc │ ├── process_unique_id_test.cc │ ├── tracing_schema.fbs │ ├── simulated_clock.cc │ ├── function_registry_test.cc │ └── move_to_lambda_test.cc ├── config.bzl ├── java_src │ ├── main │ │ └── java │ │ │ └── com │ │ │ └── google │ │ │ └── fcp │ │ │ └── client │ │ │ ├── BUILD │ │ │ └── http │ │ │ └── BUILD │ └── test │ │ └── java │ │ └── com │ │ └── google │ │ └── fcp │ │ └── client │ │ └── http │ │ └── BUILD ├── tensorflow │ ├── pip_tf │ │ ├── README.md │ │ └── BUILD │ ├── tensor_crc32.cc │ ├── tf_py_smoke_test.py │ ├── python │ │ └── BUILD │ ├── tensor_crc32.h │ ├── testing │ │ ├── tf_helper.cc │ │ ├── BUILD │ │ └── tf_helper.h │ ├── tensor_name.py │ ├── crc32.py │ ├── test_selector.proto │ ├── make_slices_selector_example_selector.py │ ├── tracing_schema.fbs │ ├── delete_file.py │ ├── make_slices_selector_example_selector_test.py │ └── host_object.cc ├── secagg │ ├── server │ │ ├── secagg_scheduler.cc │ │ ├── experiments_interface.h │ │ ├── experiments_names.h │ │ ├── send_to_clients_interface.h │ │ ├── ssl_bit_gen.cc │ │ ├── aes │ │ │ └── BUILD │ │ └── secagg_server_messages.proto │ ├── shared │ │ ├── aes_ctr_prng_factory.cc │ │ ├── crypto_rand_prng.cc │ │ ├── crypto_rand_prng.h │ │ ├── input_vector_specification.cc │ │ ├── aes_prng_factory.h │ │ ├── aes_ctr_prng_factory.h │ │ ├── prng.h │ │ ├── aes_gcm_encryption.h │ │ └── key.h │ ├── client │ │ ├── other_client_state.h │ │ ├── send_to_server_interface.h │ │ ├── secagg_client_completed_state.cc │ │ └── secagg_client_aborted_state.cc │ └── testing │ │ ├── mock_send_to_server_interface.h │ │ ├── server │ │ ├── mock_send_to_clients_interface.h │ │ ├── test_async_runner.h │ │ ├── BUILD │ │ └── test_secagg_experiments.h │ │ ├── mock_state_transition_listener.h │ │ ├── fake_prng.h │ │ └── test_matchers.h ├── jni │ └── BUILD └── requirements.in ├── CONTRIBUTING ├── third_party ├── BUILD └── libcppbor.BUILD.bzl └── GETTING_STARTED.md /.bazelversion: -------------------------------------------------------------------------------- 1 | 6.1.1 2 | -------------------------------------------------------------------------------- /fcp/testing/testdata/verify_baseline_test.baseline: -------------------------------------------------------------------------------- 1 | Dies ist ein Test. -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/NoTag.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table NoTag (error) {} -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/NoAttributes.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table NoAttributes {} -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/TagTooLong.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table TagTooLong (tag: "LONGT") {} -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/EmptyTable.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table DoesntContainFields (tag: "EMPT", span) {} -------------------------------------------------------------------------------- /fcp/client/engine/data/join_model.flatbuffer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google-parfait/federated-compute/HEAD/fcp/client/engine/data/join_model.flatbuffer -------------------------------------------------------------------------------- /fcp/client/rust/testdata/endorsement.json.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google-parfait/federated-compute/HEAD/fcp/client/rust/testdata/endorsement.json.sig -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/README.md: -------------------------------------------------------------------------------- 1 | This directory contains protos supporting verifiable federated computations 2 | using confidential computing. 3 | -------------------------------------------------------------------------------- /fcp/client/engine/data/length_model.flatbuffer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google-parfait/federated-compute/HEAD/fcp/client/engine/data/length_model.flatbuffer -------------------------------------------------------------------------------- /fcp/tracing/test/testdata/ChangeThreadLocal1.baseline: -------------------------------------------------------------------------------- 1 | ${TIME} ${ID}: BEGIN 2 | ${TIME} ${ID}: BEGIN SpanWithId { id: 1 } parent: 0 3 | ${TIME} ${ID}: END SpanWithId { id: 1 } 4 | ${TIME} ${ID}: END 5 | -------------------------------------------------------------------------------- /fcp/tracing/test/testdata/ChangeThreadLocal2.baseline: -------------------------------------------------------------------------------- 1 | ${TIME} ${ID}: BEGIN 2 | ${TIME} ${ID}: BEGIN SpanWithId { id: 2 } parent: 0 3 | ${TIME} ${ID}: END SpanWithId { id: 2 } 4 | ${TIME} ${ID}: END 5 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/OrderWithIds.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table OrderWithIds (tag: "ORDI") { 4 | fieldz: int (id: 1); 5 | fieldy: int (id: 2); 6 | fieldx: int (id: 0); 7 | } -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/EnumType.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | enum Color : byte { Red = 0, Green = 1, Blue = 2 } 4 | 5 | table Monster(tag: "MONS") { 6 | hp: int32; 7 | color : Color; 8 | } 9 | -------------------------------------------------------------------------------- /fcp/client/rust/testdata/endorser_public_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESKycnwFAxon7f2cBEqpK2foeJntr 3 | nkNWMCCGLVfGCfOCUi81P3EZT2KUl8OzMXZdwpGqkoLYa1EWcYwykeA52A== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /fcp/client/rust/testdata/rekor_public_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwr 3 | kBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/UnsupportedType.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | struct Vec3 { 4 | x: float; 5 | y: float; 6 | z: float; 7 | } 8 | 9 | table Monster(tag: "MONS") { 10 | hp: int32; 11 | pos: Vec3; 12 | } -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/TableWithNamespace.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | namespace foo.bar; 3 | 4 | enum Color : int { Red = 0, Green = 1, Blue = 2 } 5 | 6 | table TestTable (tag: "TETB", span) { 7 | id: int; 8 | color: Color; 9 | } 10 | -------------------------------------------------------------------------------- /fcp/confidentialcompute/python/constants.py: -------------------------------------------------------------------------------- 1 | """Shared constants for Learning-in-TEEs code.""" 2 | 3 | # Constant to share between data upload task and program's data source. 4 | OUTPUT_TENSOR_NAME = 'output_tensor_name' 5 | 6 | EVENT_TIME_COLUMN_NAME = 'confidential_compute_event_time' 7 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/DuplicateTags.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table TableWithTag (tag: "TTT0") { 4 | field1: int32; 5 | field2: int32; 6 | } 7 | 8 | table TableWithSameTag (tag: "TTT0") { 9 | field1: int32; 10 | field2: string; 11 | } -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/FieldsOfDifferentTypes.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table IntegersOnly (tag: "TTT0") { 4 | field1: int32; 5 | field2: int32; 6 | } 7 | 8 | table IntegersWithString (tag: "TTT1") { 9 | field1: int32; 10 | field2: string; 11 | } 12 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/DeprecatedField.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table DeprecatedInt (tag: "DEPI") { 4 | field1: int32 (deprecated); 5 | field2: int32; 6 | } 7 | 8 | table DeprecatedString (tag: "DEPS") { 9 | field1: string (deprecated); 10 | field2: int32; 11 | } -------------------------------------------------------------------------------- /fcp/client/http/README.md: -------------------------------------------------------------------------------- 1 | # HTTP-related classes and utilities. 2 | 3 | This directory hosts classes supporting the use of the HTTP protocol by the the 4 | rest of the client codebase. E.g. it defines an abstract interface for issuing 5 | HTTP requests, which can be implemented using different HTTP libraries on 6 | different platforms. 7 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/NonTableObjectsAreSkipped.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | attribute "priority"; 4 | 5 | enum Color : byte { Red, Green, Blue } 6 | 7 | struct Vec3 { 8 | x: float; 9 | y: float; 10 | z: float; 11 | } 12 | 13 | table Monster(tag: "MONS") { 14 | hp: int32; 15 | } 16 | -------------------------------------------------------------------------------- /CONTRIBUTING: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This is a copy of Google's internal code, intended to assist developers and 4 | researchers who are interested in the implementation details of Google's 5 | federated compute client. Changes to this code are made by Google first, and 6 | then mirrored to this repository. External contributions are currently not 7 | accepted. 8 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_zlib.patch: -------------------------------------------------------------------------------- 1 | --- third_party/zlib.BUILD 2 | +++ third_party/zlib.BUILD 3 | @@ -31,7 +31,7 @@ 4 | "zutil.c", 5 | "zutil.h", 6 | ], 7 | - hdrs = ["zlib.h"], 8 | + hdrs = ["zconf.h", "zlib.h"], 9 | copts = select({ 10 | "@org_tensorflow//tensorflow/tsl:windows": [], 11 | "//conditions:default": [ 12 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/NoTag.baseline: -------------------------------------------------------------------------------- 1 | ============== NoTag.fbs ============ 2 | include "${DIR}/tracing_schema_common.fbs"; 3 | 4 | table NoTag (error) {} 5 | ============== diagnosis ============ 6 | ERROR: ${DIR}/tools/testdata/NoTag.fbs contains table NoTag without a tag. All tables must have a tag defined. 7 | 8 | ============== result ============ 9 | 10 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/AllTypes.fbs: -------------------------------------------------------------------------------- 1 | include "fcp/tracing/tracing_schema_common.fbs"; 2 | 3 | table AllTypes (tag: "ALLT") { 4 | fieldz: byte; 5 | fieldy: ubyte; 6 | fieldx: bool; 7 | fieldw: short; 8 | fieldv: ushort; 9 | fieldu: int; 10 | fieldt: uint; 11 | fields: float; 12 | fieldr: long; 13 | fieldq: ulong; 14 | fieldp: double; 15 | fieldo: string; 16 | } -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/NoAttributes.baseline: -------------------------------------------------------------------------------- 1 | ============== NoAttributes.fbs ============ 2 | include "${DIR}/tracing_schema_common.fbs"; 3 | 4 | table NoAttributes {} 5 | ============== diagnosis ============ 6 | ERROR: ${DIR}/tools/testdata/NoAttributes.fbs contains table NoAttributes without a tag. All tables must have a tag defined. 7 | 8 | ============== result ============ 9 | 10 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/TagTooLong.baseline: -------------------------------------------------------------------------------- 1 | ============== TagTooLong.fbs ============ 2 | include "${DIR}/tracing_schema_common.fbs"; 3 | 4 | table TagTooLong (tag: "LONGT") {} 5 | ============== diagnosis ============ 6 | ERROR: ${DIR}/tools/testdata/TagTooLong.fbs contains table TagTooLong with tag LONGT of length 5. All tables must have a tag of length 4. 7 | 8 | ============== result ============ 9 | 10 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_googleapis_proto_rules.patch: -------------------------------------------------------------------------------- 1 | --- third_party/googleapis/repository_rules.bzl 2 | +++ third_party/googleapis/repository_rules.patched.bzl 3 | @@ -34,6 +34,8 @@ 4 | switched_rules_by_language( 5 | name = "com_google_googleapis_imports", 6 | cc = True, 7 | grpc = True, 8 | + java = True, 9 | + python = True, 10 | rules_override = { 11 | "cc_proto_library": [ 12 | -------------------------------------------------------------------------------- /fcp/tracing/test/testdata/PerThread1.baseline: -------------------------------------------------------------------------------- 1 | ${TIME} ${ID}: BEGIN 2 | ${TIME} ${ID}: BEGIN SpanWithId { id: 1 } parent: 0 3 | ${TIME} ${ID}: INFO EventFoo{ first: 11, second: 111 } 4 | ${TIME} ${ID}: INFO EventFoo{ first: 11, second: 111 } 5 | ${TIME} ${ID}: INFO EventFoo{ first: 11, second: 111 } 6 | ${TIME} ${ID}: INFO EventFoo{ first: 11, second: 111 } 7 | ${TIME} ${ID}: INFO EventFoo{ first: 11, second: 111 } 8 | ${TIME} ${ID}: END SpanWithId { id: 1 } 9 | ${TIME} ${ID}: END 10 | -------------------------------------------------------------------------------- /fcp/tracing/test/testdata/PerThread2.baseline: -------------------------------------------------------------------------------- 1 | ${TIME} ${ID}: BEGIN 2 | ${TIME} ${ID}: BEGIN SpanWithId { id: 2 } parent: 0 3 | ${TIME} ${ID}: INFO EventFoo{ first: 22, second: 222 } 4 | ${TIME} ${ID}: INFO EventFoo{ first: 22, second: 222 } 5 | ${TIME} ${ID}: INFO EventFoo{ first: 22, second: 222 } 6 | ${TIME} ${ID}: INFO EventFoo{ first: 22, second: 222 } 7 | ${TIME} ${ID}: INFO EventFoo{ first: 22, second: 222 } 8 | ${TIME} ${ID}: END SpanWithId { id: 2 } 9 | ${TIME} ${ID}: END 10 | -------------------------------------------------------------------------------- /fcp/patches/federated_language_structure_visibility.patch: -------------------------------------------------------------------------------- 1 | diff --git federated_language/common_libs/BUILD federated_language/common_libs/BUILD 2 | index 10806a0..cbe2253 100644 3 | --- federated_language/common_libs/BUILD 4 | +++ federated_language/common_libs/BUILD 5 | @@ -94,6 +94,7 @@ py_library( 6 | py_library( 7 | name = "structure", 8 | srcs = ["structure.py"], 9 | + visibility = ["//visibility:public"], 10 | deps = [ 11 | ":py_typecheck", 12 | "@pypi//attrs", 13 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_tf_gen_op_wrapper_py.patch: -------------------------------------------------------------------------------- 1 | --- tensorflow/tensorflow.bzl 2 | +++ tensorflow/tensorflow.bzl 3 | @@ -1473,7 +1473,7 @@ 4 | # Make a py_library out of the generated python file. 5 | if not generated_target_name: 6 | generated_target_name = name 7 | - py_deps = [clean_dep("//tensorflow/python/framework:for_generated_wrappers_v2")] 8 | + py_deps = ["@pypi_tensorflow//:pkg"] 9 | if extra_py_deps: 10 | py_deps += extra_py_deps 11 | py_lib_rule( 12 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/UnsupportedType.baseline: -------------------------------------------------------------------------------- 1 | ============== UnsupportedType.fbs ============ 2 | include "${DIR}/tracing_schema_common.fbs"; 3 | 4 | struct Vec3 { 5 | x: float; 6 | y: float; 7 | z: float; 8 | } 9 | 10 | table Monster(tag: "MONS") { 11 | hp: int32; 12 | pos: Vec3; 13 | } 14 | ============== diagnosis ============ 15 | ERROR: ${DIR}/tools/testdata/UnsupportedType.fbs contains unsupported type Obj for field pos in table Monster 16 | 17 | ============== result ============ 18 | 19 | -------------------------------------------------------------------------------- /fcp/client/engine/data/README.md: -------------------------------------------------------------------------------- 1 | # Simple TfLite models to use in tests. 2 | 3 | This directory contains a couple of simple TfLite models for testing purpose. 4 | 5 | 1. "join_model.flatbuffer": This model takes two input string tensor and 6 | returns the concatenated string in an output string tensor. 7 | 2. "length_model.flatbuffer": This model takes one input string tensor and 8 | returns the length of the string in an int32 tensor. 9 | 10 | These models are generated by using the TfLite converter to convert a TF 11 | function. 12 | -------------------------------------------------------------------------------- /fcp/tracing/tools/testdata/DuplicateTags.baseline: -------------------------------------------------------------------------------- 1 | ============== DuplicateTags.fbs ============ 2 | include "${DIR}/tracing_schema_common.fbs"; 3 | 4 | table TableWithTag (tag: "TTT0") { 5 | field1: int32; 6 | field2: int32; 7 | } 8 | 9 | table TableWithSameTag (tag: "TTT0") { 10 | field1: int32; 11 | field2: string; 12 | } 13 | ============== diagnosis ============ 14 | ERROR: ${DIR}/tools/testdata/DuplicateTags.fbs contains table TableWithTag with tag TTT0 which is already present in the schema. All tags must be unique. 15 | 16 | ============== result ============ 17 | 18 | -------------------------------------------------------------------------------- /fcp/client/rust/testdata/BUILD: -------------------------------------------------------------------------------- 1 | package( 2 | default_visibility = [ 3 | "//fcp:internal", 4 | ], 5 | licenses = ["notice"], # Apache 2.0 6 | ) 7 | 8 | filegroup( 9 | name = "endorsement", 10 | srcs = [ 11 | "endorsement.json", 12 | "endorsement.json.sig", 13 | "logentry.json", 14 | # Oak's tr_test_verifying_key 15 | "endorser_public_key.pem", 16 | # Public key of the Rekor instance hosted by sigstore.dev. It is downloaded 17 | # from https://rekor.sigstore.dev/api/v1/log/publicKey. 18 | "rekor_public_key.pem", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /third_party/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | -------------------------------------------------------------------------------- /fcp/client/rust/testdata/endorsement.json: -------------------------------------------------------------------------------- 1 | { 2 | "_type": "https://in-toto.io/Statement/v1", 3 | "predicateType": "https://project-oak.github.io/oak/tr/endorsement/v1", 4 | "subject": [ 5 | { 6 | "name": "tcp_atomic_counter_enclave_app", 7 | "digest": { 8 | "sha256": "09ab204446287049060482d9f60fb684ff43a5b53acf317a32ac4ebfa6a5ef95" 9 | } 10 | } 11 | ], 12 | "predicate": { 13 | "issuedOn": "2024-10-08T18:06:05.246000Z", 14 | "validity": { 15 | "notBefore": "2024-10-08T18:06:05.246000Z", 16 | "notAfter": "2025-10-08T18:06:05.246000Z" 17 | } 18 | } 19 | } -------------------------------------------------------------------------------- /fcp/base/future.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/base/future.h" 16 | -------------------------------------------------------------------------------- /fcp/patches/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # This empty BUILD file is required to make Bazel treat this directory as a package. 16 | -------------------------------------------------------------------------------- /fcp/testing/tracing_schema.fbs: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | include "fcp/tracing/tracing_schema_common.fbs"; 16 | 17 | table TestError(tag: "TERR", error) { 18 | file_name: string; 19 | line: int32; 20 | } 21 | -------------------------------------------------------------------------------- /fcp/tracing/tools/README.md: -------------------------------------------------------------------------------- 1 | # Tracing Traits Generator 2 | 3 | This directory contains an implementation of a simple codegen tool 4 | `tracing_traits_generator` which uses FlatBuffers reflection to inspect 5 | user-defined tracing schema and produces a C++ header file containing additional 6 | traits needed for `TracingSpan::Log()` and `TracingSpan::CreateChild()` to 7 | function properly. 8 | 9 | These traits allow for compile-time lookup of user-defined tags, additional 10 | attributes needed for tracking backend components to handle the data. 11 | 12 | This tool is automatically invoked during a build process with the help of 13 | `tracing_schema_cc_library` rule in `build/build_defs.bzl`. 14 | 15 | Examples of codegen output for various input FlatBuffers schemas can be found in 16 | `testdata/*.baseline` files. 17 | -------------------------------------------------------------------------------- /fcp/testing/test_messages.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.testing; 18 | 19 | message Foo { 20 | string foo = 1; 21 | } 22 | 23 | message Bar { 24 | int32 bar = 1; 25 | } 26 | -------------------------------------------------------------------------------- /fcp/tracing/test/testdata/Basic.baseline: -------------------------------------------------------------------------------- 1 | ${TIME} 0: BEGIN 2 | ${TIME} 0: INFO EventFoo{ first: 10, second: 20 } 3 | ${TIME} 1: BEGIN SpanWithId { id: 111 } parent: 0 4 | ${TIME} 1: INFO EventFoo{ first: 222, second: 333 } 5 | ${TIME} 1: ERROR ErrorEvent{ cause: "Oops!" } 6 | ${TIME} 2: BEGIN SpanWithId { id: 999 } parent: 1 7 | ${TIME} 2: INFO EventFoo{ first: 555, second: 666 } 8 | ${TIME} 2: END SpanWithId { id: 999 } 9 | ${TIME} 1: END SpanWithId { id: 111 } 10 | ${TIME} 3: BEGIN SpanWithNoData { } parent: 0 11 | ${TIME} 3: WARNING EventWithNoData{ } 12 | ${TIME} 3: END SpanWithNoData { } 13 | ${TIME} 4: BEGIN SpanWithNoData { } parent: 0 14 | ${TIME} 5: BEGIN SpanWithId { id: 222 } parent: 4 15 | ${TIME} 5: INFO EventBar{ first: 333, second: "Hello world!" } 16 | ${TIME} 5: END SpanWithId { id: 222 } 17 | ${TIME} 4: END SpanWithNoData { } 18 | ${TIME} 0: END 19 | -------------------------------------------------------------------------------- /fcp/client/engine/data/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | package( 15 | default_visibility = [ 16 | "//fcp:internal", 17 | ], 18 | licenses = ["notice"], # Apache 2.0 19 | ) 20 | 21 | exports_files([ 22 | "join_model.flatbuffer", 23 | "length_model.flatbuffer", 24 | ]) 25 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_googleapis.patch: -------------------------------------------------------------------------------- 1 | --- tensorflow/workspace2.bzl 2 | +++ tensorflow/workspace2.bzl 3 | @@ -314,7 +314,7 @@ 4 | tf_http_archive( 5 | name = "com_google_googleapis", 6 | build_file = "//third_party/googleapis:googleapis.BUILD", 7 | - sha256 = "249d83abc5d50bf372c35c49d77f900bff022b2c21eb73aa8da1458b6ac401fc", 8 | - strip_prefix = "googleapis-6b3fdcea8bc5398be4e7e9930c693f0ea09316a0", 9 | - urls = tf_mirror_urls("https://github.com/googleapis/googleapis/archive/6b3fdcea8bc5398be4e7e9930c693f0ea09316a0.tar.gz"), 10 | + sha256 = "753983d997503b41fa4ee0a761e91adf2f9de579a6273ed9785be96da87b15ae", 11 | + strip_prefix = "googleapis-738ff24cb9c00be062dc200c10426df7b13d1e65", 12 | + urls = tf_mirror_urls("https://github.com/googleapis/googleapis/archive/738ff24cb9c00be062dc200c10426df7b13d1e65.tar.gz"), 13 | ) 14 | -------------------------------------------------------------------------------- /fcp/config.bzl: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # cc_* rules should include this list in copts. If additional cc_*-wide 16 | # customization appears, we might want to switch to macros. 17 | 18 | """This is the definition site for things we want to keep consistent, like copts.""" 19 | 20 | FCP_COPTS = [ 21 | ] 22 | -------------------------------------------------------------------------------- /fcp/client/README.md: -------------------------------------------------------------------------------- 1 | # Federated Computations Client 2 | 3 | This directory contains the portable client implementation of Google's platform 4 | for federated and local computations. A final build of the client will consist 5 | of 6 | 7 | 1. The portable core functionality provided by this directory - `:fl_runner` 8 | and`:lc_runner` for running federated and local computations. This code 9 | contains the network stack and model / query interpreter. 10 | 1. Platform-dependent implementations of the `:interfaces` target. This allows 11 | to inject dependencies for e.g. telemetry, attestation, flag-guarding, 12 | access to example stores etc. 13 | 14 | The stand-alone binary `:client_runner_main` provides a bare bones example of a 15 | federated computation client. Most practical implementations will wrap the calls 16 | to the client in a scheduler that respects device constraints and the returned 17 | retry window. 18 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_severity.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_TRACING_TRACING_SEVERITY_H_ 18 | #define FCP_TRACING_TRACING_SEVERITY_H_ 19 | 20 | namespace fcp { 21 | enum class TracingSeverity { kInfo, kWarning, kError }; 22 | } // namespace fcp 23 | 24 | #endif // FCP_TRACING_TRACING_SEVERITY_H_ 25 | -------------------------------------------------------------------------------- /fcp/java_src/main/java/com/google/fcp/client/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_java//java:defs.bzl", "java_library") 16 | 17 | package( 18 | default_visibility = [ 19 | "//fcp:internal", 20 | ], 21 | licenses = ["notice"], # Apache 2.0 22 | ) 23 | 24 | java_library( 25 | name = "client", 26 | srcs = [ 27 | "CallFromNativeWrapper.java", 28 | ], 29 | ) 30 | -------------------------------------------------------------------------------- /fcp/tensorflow/pip_tf/README.md: -------------------------------------------------------------------------------- 1 | 2 | When building libraries (such as custom op libraries) against the TensorFlow pip 3 | package, care must be taken to ensure those libraries build against that 4 | package's headers and with the same compiler and linker flags as that package 5 | was compiled with. These utilities help ensure that's the case. 6 | 7 | This package assumes Tensorflow is available in the `@pypi_tensorflow` package, 8 | with the additional build content specified in `TF_ADDITIVE_BUILD_CONTENT`: 9 | 10 | ``` 11 | load("@com_google_fcp//tensorflow/pip_tf:defs.bzl", "TF_ADDITIVE_BUILD_CONTENT") 12 | 13 | pip_parse( 14 | name = "pypi", 15 | annotations = { 16 | "tensorflow": package_annotation( 17 | additive_build_content = TF_ADDITIVE_BUILD_CONTENT, 18 | ), 19 | }, 20 | ... 21 | ) 22 | ``` 23 | 24 | NOTE: The `gpu_srcs` and `gpu_deps` parameters supported by TensorFlow's version 25 | of `tf_custom_op_library` are not supported by this version. 26 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_span_id.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/tracing_span_id.h" 16 | 17 | namespace fcp { 18 | 19 | std::atomic TracingSpanId::id_source = 1; 20 | 21 | TracingSpanId TracingSpanId::NextUniqueId() { 22 | std::int64_t new_id = id_source.fetch_add(1, std::memory_order_seq_cst); 23 | return TracingSpanId(new_id); 24 | } 25 | 26 | } // namespace fcp 27 | -------------------------------------------------------------------------------- /fcp/base/process_unique_id.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/process_unique_id.h" 18 | 19 | namespace fcp { 20 | 21 | namespace { 22 | // This will be zero-initialized. 23 | std::atomic next_id; 24 | } // namespace 25 | 26 | ProcessUniqueId ProcessUniqueId::Next() { 27 | return ProcessUniqueId(next_id.fetch_add(1, std::memory_order_relaxed)); 28 | } 29 | 30 | } // namespace fcp 31 | -------------------------------------------------------------------------------- /fcp/client/tensorflow/tensorflow_runner_factory.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include "fcp/client/tensorflow/tensorflow_runner_factory.h" 17 | 18 | namespace fcp::client { 19 | TensorflowRunnerFactoryRegistry& GetGlobalTensorflowRunnerFactoryRegistry() { 20 | static TensorflowRunnerFactoryRegistry* registry = 21 | new TensorflowRunnerFactoryRegistry(); 22 | return *registry; 23 | } 24 | } // namespace fcp::client 25 | -------------------------------------------------------------------------------- /GETTING_STARTED.md: -------------------------------------------------------------------------------- 1 | # Instructions for getting the Federated Compute Platform code up and running on your own machine. 2 | 3 | ## Download and install build dependencies 4 | 5 | ### Basic tools 6 | 7 | There are some basic tools and packages you will need on your machine: 8 | 9 | * Git 10 | * Java Development Kit (JDK) 11 | * Python 3 12 | * libstdc++ 13 | 14 | For example, on Debian: 15 | 16 | ``` 17 | sudo apt install -y git default-jdk-headless python3 libstdc++-10-dev 18 | ``` 19 | 20 | > ⚠️ The project maintainers internally test with Clang only, so support for 21 | > GCC-based builds is provided only on a best-effort basis and may at times be 22 | > broken. 23 | > 24 | > If using GCC then we recommend using a recent version (e.g., at least as 25 | > recent as what Debian stable uses, preferably newer than that). 26 | 27 | ### Install Bazelisk 28 | 29 | Bazelisk is used to fetch the correct Bazel binaries necessary to build and run 30 | Federated Compute code. 31 | 32 | Please read https://github.com/bazelbuild/bazelisk#installation. 33 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/blob_data.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | import "fcp/protos/confidentialcompute/confidential_transform.proto"; 20 | 21 | // Blob data to be serialized and durably stored. 22 | message BlobData { 23 | // Metadata for the blob being written. 24 | BlobMetadata metadata = 1; 25 | // Data for the blob being written. 26 | bytes data = 2 27 | ; 28 | } 29 | -------------------------------------------------------------------------------- /fcp/testing/tracing.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_TESTING_TRACING_H_ 18 | #define FCP_TESTING_TRACING_H_ 19 | 20 | #include "fcp/base/error.h" 21 | #include "fcp/base/source_location.h" 22 | 23 | namespace fcp { 24 | 25 | // Utility function which creates and traces an instance of test error 26 | Error TraceTestError(SourceLocation loc = SourceLocation::current()); 27 | 28 | } // namespace fcp 29 | 30 | #endif // FCP_TESTING_TRACING_H_ 31 | -------------------------------------------------------------------------------- /fcp/testing/tracing.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/testing/tracing.h" 18 | 19 | #include "fcp/base/error.h" 20 | #include "fcp/base/source_location.h" 21 | #include "fcp/testing/tracing_schema.h" // IWYU pragma: keep 22 | #include "fcp/tracing/tracing_span.h" 23 | 24 | namespace fcp { 25 | 26 | Error TraceTestError(SourceLocation loc) { 27 | return TraceError(loc.file_name(), loc.line()); 28 | } 29 | 30 | } // namespace fcp 31 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/file_info.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2024 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | // Information about a value stored in a filesystem. 20 | message FileInfo { 21 | // The file path that contains the value. 22 | string uri = 1; 23 | 24 | // The key of the value located at the URI. 25 | string key = 2; 26 | 27 | // Whether the value is a client uploaded file or not. 28 | bool client_upload = 3; 29 | } 30 | -------------------------------------------------------------------------------- /fcp/client/client_runner_example_data.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.client; 18 | 19 | // A collection of example data for use with client_runner_main. 20 | message ClientRunnerExampleData { 21 | message ExampleList { 22 | // The serialized examples that will be returned by the ExampleIterator. 23 | repeated bytes examples = 1; 24 | } 25 | 26 | // The list of examples that will be returned for each collection uri. 27 | map examples_by_collection_uri = 1; 28 | } 29 | -------------------------------------------------------------------------------- /fcp/client/http/http_resource_metadata.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.client.http; 18 | 19 | message HttpResourceMetadata { 20 | // The format in which the stored resource is compressed. 21 | ResourceCompressionFormat compression_format = 1; 22 | } 23 | 24 | // Different file formats that may be used to compress resources. 25 | enum ResourceCompressionFormat { 26 | RESOURCE_COMPRESSION_FORMAT_UNSPECIFIED = 0; 27 | // Gzip-compressed data. 28 | RESOURCE_COMPRESSION_FORMAT_GZIP = 1; 29 | } 30 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_federated_deps.patch: -------------------------------------------------------------------------------- 1 | diff --git tensorflow_federated/BUILD tensorflow_federated/BUILD 2 | index ff6bc8e22..bab38b2be 100644 3 | --- tensorflow_federated/BUILD 4 | +++ tensorflow_federated/BUILD 5 | @@ -27,6 +27,24 @@ py_library( 6 | "//tensorflow_federated/python/program", 7 | "//tensorflow_federated/python/simulation", 8 | "@federated_language//federated_language", 9 | + "@pypi_absl_py//:pkg", 10 | + "@pypi_attrs//:pkg", 11 | + "@pypi_cachetools//:pkg", 12 | + "@pypi_dm_tree//:pkg", 13 | + "@pypi_dp_accounting//:pkg", 14 | + "@pypi_google_vizier//:pkg", 15 | + "@pypi_googleapis_common_protos//:pkg", 16 | + "@pypi_grpcio//:pkg", 17 | + "@pypi_jax//:pkg", 18 | + "@pypi_jaxlib//:pkg", 19 | + "@pypi_numpy//:pkg", 20 | + "@pypi_portpicker//:pkg", 21 | + "@pypi_scipy//:pkg", 22 | + "@pypi_tensorflow_model_optimization//:pkg", 23 | + "@pypi_tensorflow_privacy//:pkg", 24 | + "@pypi_tensorflow//:pkg", 25 | + "@pypi_tqdm//:pkg", 26 | + "@pypi_typing_extensions//:pkg", 27 | ], 28 | ) 29 | 30 | -------------------------------------------------------------------------------- /fcp/secagg/server/secagg_scheduler.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/server/secagg_scheduler.h" 18 | 19 | #include 20 | 21 | namespace fcp { 22 | namespace secagg { 23 | 24 | void SecAggScheduler::WaitUntilIdle() { 25 | parallel_scheduler_->WaitUntilIdle(); 26 | sequential_scheduler_->WaitUntilIdle(); 27 | } 28 | 29 | void SecAggScheduler::RunSequential(std::function function) { 30 | sequential_scheduler_->Schedule(function); 31 | } 32 | 33 | } // namespace secagg 34 | } // namespace fcp 35 | -------------------------------------------------------------------------------- /fcp/base/compression.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_BASE_COMPRESSION_H_ 18 | #define FCP_BASE_COMPRESSION_H_ 19 | 20 | #include "absl/status/statusor.h" 21 | #include "absl/strings/cord.h" 22 | #include "absl/strings/string_view.h" 23 | 24 | namespace fcp { 25 | 26 | absl::StatusOr CompressWithGzip( 27 | absl::string_view uncompressed_data); 28 | absl::StatusOr UncompressWithGzip( 29 | absl::string_view compressed_data); 30 | 31 | } // namespace fcp 32 | 33 | #endif // FCP_BASE_COMPRESSION_H_ 34 | -------------------------------------------------------------------------------- /fcp/jni/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 16 | 17 | default_visibility = [ 18 | "//fcp:internal", 19 | ] 20 | 21 | package( 22 | default_visibility = default_visibility, 23 | licenses = ["notice"], # Apache 2.0 24 | ) 25 | 26 | cc_library( 27 | name = "jni_util", 28 | hdrs = ["jni_util.h"], 29 | deps = [ 30 | "//fcp/base", 31 | "@bazel_tools//tools/jdk:jni", 32 | "@com_google_absl//absl/cleanup", 33 | "@com_google_absl//absl/container:fixed_array", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /fcp/protos/data_type.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package google.internal.federated.plan; 18 | 19 | option java_package = "com.google.internal.federated.plan"; 20 | option java_multiple_files = true; 21 | option java_outer_classname = "DataTypeProto"; 22 | 23 | // Supported data types for output vectors in `ExampleQuerySpec` in plan.proto. 24 | enum DataType { 25 | DATA_TYPE_UNSPECIFIED = 0; 26 | INT32 = 1; 27 | INT64 = 2; 28 | BOOL = 3; 29 | FLOAT = 4; 30 | DOUBLE = 5; 31 | BYTES = 6; 32 | STRING = 7; 33 | } 34 | -------------------------------------------------------------------------------- /fcp/tensorflow/pip_tf/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_python//python:defs.bzl", "py_test") 16 | load(":defs.bzl", "PIP_TF_COPTS", "PIP_TF_CXXOPTS", "PIP_TF_LINKOPTS") 17 | 18 | py_test( 19 | name = "pip_tf_flags_test", 20 | srcs = ["pip_tf_flags_test.py"], 21 | args = [ 22 | "--copts=" + ",".join(PIP_TF_COPTS), 23 | "--cxxopts=" + ",".join(PIP_TF_CXXOPTS), 24 | "--linkopts=" + ",".join(PIP_TF_LINKOPTS), 25 | ], 26 | deps = [ 27 | "@pypi_absl_py//:pkg", 28 | "@pypi_tensorflow//:pkg", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /fcp/secagg/shared/aes_ctr_prng_factory.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/shared/aes_ctr_prng_factory.h" 18 | 19 | #include 20 | #include "fcp/secagg/shared/aes_ctr_prng.h" 21 | #include "fcp/secagg/shared/aes_key.h" 22 | #include "fcp/secagg/shared/prng.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | std::unique_ptr AesCtrPrngFactory::MakePrng( 28 | const AesKey& key) const { 29 | return std::unique_ptr(new AesCtrPrng(key)); 30 | } 31 | 32 | } // namespace secagg 33 | } // namespace fcp 34 | -------------------------------------------------------------------------------- /fcp/tensorflow/tensor_crc32.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include "fcp/tensorflow/tensor_crc32.h" 17 | 18 | namespace fcp { 19 | namespace tensorflow { 20 | namespace checksums { 21 | 22 | using ::tensorflow::StringPiece; 23 | using ::tensorflow::Tensor; 24 | using ::tensorflow::crc32c::Value; 25 | 26 | uint32_t TensorToCRC32(const Tensor& tensor) { 27 | StringPiece tensor_data = tensor.tensor_data(); 28 | return Value(tensor_data.data(), tensor_data.size()); 29 | } 30 | 31 | } // namespace checksums 32 | } // namespace tensorflow 33 | } // namespace fcp 34 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_span_ref.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/tracing_span_ref.h" 16 | 17 | #include "fcp/tracing/tracing_recorder_impl.h" 18 | #include "fcp/tracing/tracing_span_impl.h" 19 | 20 | namespace fcp { 21 | 22 | TracingSpanRef fcp::TracingSpanRef::Top() { 23 | tracing_internal::TracingSpanImpl* top = 24 | tracing_internal::TracingSpanImpl::Top(); 25 | return top ? top->Ref() 26 | : tracing_internal::TracingRecorderImpl::GetCurrent() 27 | ->GetRootSpan() 28 | ->Ref(); 29 | } 30 | } // namespace fcp 31 | -------------------------------------------------------------------------------- /third_party/libcppbor.BUILD.bzl: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | """ 16 | A custom build file for libcppbor 17 | """ 18 | 19 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 20 | 21 | licenses(["notice"]) 22 | 23 | exports_files(["LICENSE"]) 24 | 25 | cc_library( 26 | name = "libcppbor", 27 | srcs = glob(["src/*.cpp"]), 28 | hdrs = glob(["include/cppbor/*.h"]), 29 | copts = ["-Iexternal/libcppbor/include/cppbor"], 30 | include_prefix = "libcppbor", 31 | local_defines = ["__TRUSTY__"], 32 | visibility = ["//visibility:public"], 33 | deps = ["@boringssl//:crypto"], 34 | ) 35 | -------------------------------------------------------------------------------- /fcp/tensorflow/tf_py_smoke_test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | from __future__ import absolute_import 18 | from __future__ import division 19 | from __future__ import print_function 20 | 21 | import tensorflow.compat.v2 as tf 22 | tf.enable_v2_behavior() 23 | 24 | 25 | @tf.function 26 | def matmul(a, b): 27 | return tf.matmul(a, b) 28 | 29 | 30 | class TfPySmokeTest(tf.test.TestCase): 31 | 32 | def test_matmul(self): 33 | actual = matmul(tf.constant([[1, 2]]), tf.transpose([[3, 4]])) 34 | self.assertEqual(11, actual) 35 | 36 | 37 | if __name__ == "__main__": 38 | tf.test.main() 39 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/payload_metadata.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | import "fcp/client/event_time_range.proto"; 20 | 21 | option java_package = "com.google.intelligence.fcp.confidentialcompute"; 22 | option java_multiple_files = true; 23 | 24 | // Encapsulates metadata about the payload data to be uploaded to the server. 25 | // This is included in each uploaded data blob header. 26 | message PayloadMetadata { 27 | // The hint of event time range of the SQLite query results. 28 | client.EventTimeRange event_time_range = 1; 29 | } 30 | -------------------------------------------------------------------------------- /fcp/secagg/client/other_client_state.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_CLIENT_OTHER_CLIENT_STATE_H_ 18 | #define FCP_SECAGG_CLIENT_OTHER_CLIENT_STATE_H_ 19 | 20 | namespace fcp { 21 | namespace secagg { 22 | 23 | // Used by descendants of {@link SecAggClientState} to track the state of other 24 | // clients, from the perspective of this client. 25 | 26 | enum class OtherClientState { 27 | kAlive, 28 | kDeadAtRound1, 29 | kDeadAtRound2, 30 | kDeadAtRound3 31 | }; 32 | 33 | } // namespace secagg 34 | } // namespace fcp 35 | 36 | #endif // FCP_SECAGG_CLIENT_OTHER_CLIENT_STATE_H_ 37 | -------------------------------------------------------------------------------- /fcp/tensorflow/python/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # pybind11 bindings for //fcp/tensorflow. 16 | 17 | load("@rules_python//python:defs.bzl", "py_test") 18 | 19 | package( 20 | default_visibility = ["//fcp:internal"], 21 | licenses = ["notice"], # Apache 2.0 22 | ) 23 | 24 | exports_files(["serve_slices_registry.cc"]) 25 | 26 | py_test( 27 | name = "serve_slices_registry_test", 28 | srcs = ["serve_slices_registry_test.py"], 29 | deps = [ 30 | "//fcp/tensorflow:serve_slices_py", 31 | "@pypi_absl_py//:pkg", 32 | "@pypi_numpy//:pkg", 33 | "@pypi_tensorflow//:pkg", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /fcp/base/source_location_test.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/source_location.h" 18 | 19 | #include "gtest/gtest.h" 20 | 21 | namespace fcp { 22 | 23 | SourceLocation Foo() { return SourceLocation::current(); } 24 | 25 | SourceLocation Bar() { return SourceLocation::current(); } 26 | 27 | TEST(SourceLocation, Test) { 28 | EXPECT_EQ(Foo().line(), Foo().line()); 29 | EXPECT_EQ(Bar().line(), Bar().line()); 30 | EXPECT_EQ(Bar().file_name(), Bar().file_name()); 31 | #ifdef FCP_HAS_SOURCE_LOCATION 32 | EXPECT_NE(Foo().line(), Bar().line()); 33 | #endif 34 | } 35 | 36 | } // namespace fcp 37 | -------------------------------------------------------------------------------- /fcp/client/http/curl/curl_http_response.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/client/http/curl/curl_http_response.h" 18 | 19 | #include 20 | 21 | #include "fcp/client/http/http_client.h" 22 | 23 | namespace fcp::client::http::curl { 24 | CurlHttpResponse::CurlHttpResponse(int status_code, HeaderList header_list) 25 | : status_code_(status_code), header_list_(std::move(header_list)) {} 26 | 27 | int CurlHttpResponse::code() const { return status_code_; } 28 | 29 | const HeaderList& CurlHttpResponse::headers() const { return header_list_; } 30 | 31 | } // namespace fcp::client::http::curl 32 | -------------------------------------------------------------------------------- /fcp/tensorflow/tensor_crc32.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef FCP_TENSORFLOW_TENSOR_CRC32_H_ 17 | #define FCP_TENSORFLOW_TENSOR_CRC32_H_ 18 | 19 | #include "tensorflow/core/framework/tensor.h" 20 | #include "tensorflow/core/lib/hash/crc32c.h" 21 | 22 | namespace fcp { 23 | namespace tensorflow { 24 | namespace checksums { 25 | 26 | /* Computes the CRC32c checksum of the in-memory representation of a Tensor. */ 27 | uint32_t TensorToCRC32(const ::tensorflow::Tensor& tensor); 28 | 29 | } // namespace checksums 30 | } // namespace tensorflow 31 | } // namespace fcp 32 | 33 | #endif // FCP_TENSORFLOW_TENSOR_CRC32_H_ 34 | -------------------------------------------------------------------------------- /fcp/tracing/test/test_api_message.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.tracing.test; 18 | 19 | message ApiMessageWithoutContext { 20 | string contents = 1; 21 | } 22 | 23 | message ApiMessageWithContext { 24 | string contents = 1; 25 | string tracing_context = 2; 26 | } 27 | 28 | message ApiMessageWithContextBytes { 29 | string contents = 1; 30 | bytes tracing_context = 2; 31 | } 32 | 33 | message ApiMessageWithContextInt { 34 | string contents = 1; 35 | int32 tracing_context = 2; 36 | } 37 | 38 | message TestTracingContext { 39 | int32 first = 1; 40 | int32 second = 2; 41 | } 42 | -------------------------------------------------------------------------------- /fcp/base/base_name.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_BASE_BASE_NAME_H_ 18 | #define FCP_BASE_BASE_NAME_H_ 19 | 20 | #include 21 | #include "absl/strings/string_view.h" 22 | 23 | namespace fcp { 24 | 25 | /** 26 | * Returns the file base name of a path. 27 | */ 28 | std::string BaseName(const std::string& path); 29 | 30 | inline std::string BaseName(const char* path) { 31 | return BaseName(std::string(path)); 32 | } 33 | 34 | inline std::string BaseName(absl::string_view path) { 35 | return BaseName(std::string(path)); 36 | } 37 | 38 | } // namespace fcp 39 | 40 | #endif // FCP_BASE_BASE_NAME_H_ 41 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_serving.patch: -------------------------------------------------------------------------------- 1 | diff --git a/tensorflow_serving/util/net_http/server/public/BUILD b/tensorflow_serving/util/net_http/server/public/BUILD 2 | index e7f96d98..2ae0530a 100644 3 | --- tensorflow_serving/util/net_http/server/public/BUILD 4 | +++ tensorflow_serving/util/net_http/server/public/BUILD 5 | @@ -34,6 +34,7 @@ cc_library( 6 | hdrs = [ 7 | "httpserver.h", 8 | ], 9 | + visibility = ["//visibility:public"], 10 | deps = [ 11 | ":http_server_api", 12 | "//tensorflow_serving/util/net_http/server/internal:evhttp_server", 13 | diff --git a/tensorflow_serving/workspace.bzl b/tensorflow_serving/workspace.bzl 14 | index 08c3cc28..0803cdf3 100644 15 | --- tensorflow_serving/workspace.bzl 16 | +++ tensorflow_serving/workspace.bzl 17 | @@ -31,7 +31,7 @@ def tf_serving_workspace(): 18 | url = "https://github.com/libevent/libevent/archive/release-2.1.8-stable.zip", 19 | sha256 = "70158101eab7ed44fd9cc34e7f247b3cae91a8e4490745d9d6eb7edc184e4d96", 20 | strip_prefix = "libevent-release-2.1.8-stable", 21 | - build_file = "@//third_party/libevent:BUILD", 22 | + build_file = "@//third_party:event.BUILD.bzl", 23 | ) 24 | 25 | # ===== ICU dependency ===== 26 | -------------------------------------------------------------------------------- /fcp/client/tensorflow/tensorflow_runner_impl_registration.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | 18 | #include "fcp/base/function_registry.h" 19 | #include "fcp/client/tensorflow/tensorflow_runner_factory.h" 20 | #include "fcp/client/tensorflow/tensorflow_runner_impl.h" 21 | 22 | namespace fcp::client { 23 | 24 | // Register the TensorflowRunner implementation. 25 | const auto kUnused = fcp::RegisterOrDie( 26 | GetGlobalTensorflowRunnerFactoryRegistry(), 27 | TensorflowRunnerImplementation::kTensorflowRunnerImpl, 28 | []() { return std::make_unique(); }); 29 | 30 | } // namespace fcp::client 31 | -------------------------------------------------------------------------------- /fcp/tensorflow/testing/tf_helper.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/tensorflow/testing/tf_helper.h" 18 | 19 | #include "gtest/gtest.h" 20 | #include "absl/status/status.h" 21 | #include "absl/strings/cord.h" 22 | #include "tensorflow/cc/framework/scope.h" 23 | 24 | namespace fcp { 25 | 26 | absl::Cord CreateGraph(tensorflow::Scope* root) { 27 | tensorflow::GraphDef def; 28 | absl::Status to_graph_status = root->ToGraphDef(&def); 29 | EXPECT_TRUE(to_graph_status.ok()) << to_graph_status; 30 | // TODO(team): Use SerializeAsCord when available. 31 | return absl::Cord(def.SerializeAsString()); 32 | } 33 | 34 | } // namespace fcp 35 | -------------------------------------------------------------------------------- /fcp/client/simple_task_environment.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include "fcp/client/simple_task_environment.h" 17 | 18 | #include "absl/time/time.h" 19 | 20 | namespace fcp { 21 | namespace client { 22 | 23 | bool SimpleTaskEnvironment::ShouldAbort( 24 | absl::Time current_time, absl::Duration condition_polling_period) { 25 | if (current_time - last_training_conditions_fetch_timestamp_ < 26 | condition_polling_period) { 27 | return false; 28 | } else { 29 | last_training_conditions_fetch_timestamp_ = current_time; 30 | } 31 | return !TrainingConditionsSatisfied(); 32 | } 33 | 34 | } // namespace client 35 | } // namespace fcp 36 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/message_description.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | option java_package = "com.google.intelligence.fcp.confidentialcompute"; 20 | option java_multiple_files = true; 21 | option java_outer_classname = "MessageDescriptionOuterClass"; 22 | 23 | // Description of a proto message. This can be used to parse serialized proto 24 | // messages to generic Messages. 25 | message MessageDescription { 26 | // The FileDescriptorSet bytes for the message. 27 | bytes message_descriptor_set = 1; 28 | 29 | // The fully qualified name of the message. 30 | string message_name = 2; 31 | } 32 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_federated_executors.patch: -------------------------------------------------------------------------------- 1 | # This patch is needed to fix the build error of 2 | # fcp/confidentialcompute/composing_tee_executor.cc: 3 | # "error: ignoring return value of function declared with 'nodiscard' 4 | # attribute [-Werror,-Wunused-result]" 5 | # in the following code: 6 | # thread_pool->Schedule( 7 | # [t = std::make_shared(std::move(task))]() { (*t)(); }); 8 | diff --git tensorflow_federated/cc/core/impl/executors/threading.h tensorflow_federated/cc/core/impl/executors/threading.h 9 | index f7efc6bfa..151837db3 100644 10 | --- tensorflow_federated/cc/core/impl/executors/threading.h 11 | +++ tensorflow_federated/cc/core/impl/executors/threading.h 12 | @@ -104,8 +104,9 @@ std::shared_future ThreadRun(Func lambda, 13 | // be trying to make a _copy_ of the lambda capture values which are not 14 | // always copy constructable (especially in the case of ExecutorValue). 15 | // Wrapping in a `shared_ptr` makes this possible. 16 | - thread_pool->Schedule( 17 | - [t = std::make_shared(std::move(task))]() { (*t)(); }); 18 | + thread_pool 19 | + ->Schedule([t = std::make_shared(std::move(task))]() { (*t)(); }) 20 | + .IgnoreError(); 21 | } else { 22 | std::thread th(std::move(task)); 23 | th.detach(); 24 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/private_logger_uploads_config.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | import "fcp/protos/confidentialcompute/message_description.proto"; 20 | 21 | option java_outer_classname = "PrivateLoggerUploadsConfigOuterClass"; 22 | option java_multiple_files = true; 23 | 24 | // Configuration needed for TEE applications to process uploads from the 25 | // PrivateLogger. 26 | message PrivateLoggerUploadsConfig { 27 | // The description of the proto message logged by the PrivateLogger. 28 | MessageDescription message_description = 1; 29 | 30 | // The name of the on-device query. 31 | string on_device_query_name = 2; 32 | } 33 | -------------------------------------------------------------------------------- /fcp/base/process_unique_id.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_BASE_PROCESS_UNIQUE_ID_H_ 18 | #define FCP_BASE_PROCESS_UNIQUE_ID_H_ 19 | 20 | #include 21 | 22 | namespace fcp { 23 | 24 | // Threadsafe class for creating IDs that are unique per-process. 25 | class ProcessUniqueId { 26 | public: 27 | // Threadsafe method for getting a new unique ID, intended to be cheap. 28 | static ProcessUniqueId Next(); 29 | uint64_t value() { return value_; } 30 | 31 | private: 32 | explicit constexpr ProcessUniqueId(uint64_t value) : value_(value) {} 33 | // Value of the unique ID. 34 | uint64_t value_; 35 | }; 36 | 37 | } // namespace fcp 38 | 39 | #endif // FCP_BASE_PROCESS_UNIQUE_ID_H_ 40 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_schema_common.fbs: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Common tracing schema definitions: 16 | 17 | // The 4 letter tag for this event or operation. All tracing events and 18 | // operations must have a tag and the tag must be unique. 19 | attribute "tag"; 20 | // Log messages for this table should have severity ERROR. Default is INFO. 21 | attribute "error"; 22 | // Log messages for this table should have severity WARNING. Default is INFO. 23 | attribute "warning"; 24 | // This table represents a tracing span within which child spans or events can 25 | // be created. The default is that the table represents an event that can be 26 | // logged but which can not have child spans or events. 27 | attribute "span"; 28 | 29 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_span_impl.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/tracing_span_impl.h" 16 | 17 | #include "fcp/tracing/tracing_recorder_impl.h" 18 | 19 | namespace fcp { 20 | namespace tracing_internal { 21 | 22 | thread_local TracingSpanImpl* TracingSpanImpl::top_tracing_span_ = nullptr; 23 | 24 | TracingSpanImpl* TracingSpanImpl::Top() { return top_tracing_span_; } 25 | 26 | void TracingSpanImpl::Pop() { 27 | FCP_CHECK(top_tracing_span_ == this); 28 | top_tracing_span_ = prev_; 29 | } 30 | 31 | void TracingSpanImpl::Push() { 32 | FCP_CHECK(prev_ == nullptr); 33 | prev_ = top_tracing_span_; 34 | top_tracing_span_ = this; 35 | } 36 | 37 | } // namespace tracing_internal 38 | } // namespace fcp 39 | -------------------------------------------------------------------------------- /fcp/confidentialcompute/private_state.h: -------------------------------------------------------------------------------- 1 | 2 | // Copyright 2025 Google LLC 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | 16 | #ifndef FCP_CONFIDENTIALCOMPUTE_PRIVATE_STATE_H_ 17 | #define FCP_CONFIDENTIALCOMPUTE_PRIVATE_STATE_H_ 18 | 19 | namespace fcp { 20 | namespace confidential_compute { 21 | 22 | // Configuration ID used for private state blobs written in one or more 23 | // WriteConfigurationRequests. See: 24 | // https://github.com/google-parfait/federated-compute/blob/a37f3ed144b93c33b174a26384ba5a0a4c0e5f4d/fcp/protos/confidentialcompute/confidential_transform.proto#L122 25 | constexpr char kPrivateStateConfigId[] = "pipeline_private_state"; 26 | 27 | } // namespace confidential_compute 28 | } // namespace fcp 29 | 30 | #endif // FCP_CONFIDENTIALCOMPUTE_PRIVATE_STATE_H_ 31 | -------------------------------------------------------------------------------- /fcp/base/digest.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_BASE_DIGEST_H_ 18 | #define FCP_BASE_DIGEST_H_ 19 | 20 | #include 21 | 22 | #include "absl/strings/cord.h" 23 | #include "absl/strings/string_view.h" 24 | 25 | namespace fcp { 26 | // Returns the SHA256 hash for the given data. Note that the return value 27 | // contains raw digest bytes, and not a human-readable hex-encoded string. 28 | std::string ComputeSHA256(const absl::Cord& data); 29 | // Returns the SHA256 hash for the given data. Note that the return value 30 | // contains raw digest bytes, and not a human-readable hex-encoded string. 31 | std::string ComputeSHA256(absl::string_view data); 32 | } // namespace fcp 33 | 34 | #endif // FCP_BASE_DIGEST_H_ 35 | -------------------------------------------------------------------------------- /fcp/tensorflow/tensor_name.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Provides the `tensor_name` operation. 15 | 16 | This wraps the generated op and ensures that necessary shared libraries 17 | are loaded. 18 | """ 19 | 20 | import tensorflow as tf 21 | 22 | from fcp.tensorflow import gen_tensor_name_py 23 | 24 | _tensor_name_so = tf.load_op_library( 25 | tf.compat.v1.resource_loader.get_path_to_datafile('./_tensor_name_op.so')) 26 | 27 | 28 | def tensor_name(tensor): 29 | """Returns the final graph name of a tensor as a string tensor.""" 30 | if not tf.is_tensor(tensor): 31 | raise TypeError('`tensor_name` expected a tensor, found object of type ' 32 | f'{type(tensor)}.') 33 | return gen_tensor_name_py.tensor_name(input_tensor=tensor) 34 | -------------------------------------------------------------------------------- /fcp/tracing/tools/test_codegen_runner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eu 2 | # 3 | # Copyright 2021 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | if [ $# -ne 3 ]; then 20 | echo "Usage: $0 " 21 | exit 1; 22 | fi 23 | FBS_FILE=$1 24 | OUT_DIR=$2 25 | HEADER_OUT_DIR=$3 26 | # Running flatc to parse fbs and generate bfbs 27 | external/flatbuffers/flatc -b --schema -o ${OUT_DIR} -I "." ${FBS_FILE} 1>&2 28 | # Flatc should have produced the following files: 29 | BFBS_FILE=$OUT_DIR/$(basename ${FBS_FILE%.fbs}).bfbs 30 | GENERATED_FILE=$HEADER_OUT_DIR/$(basename ${FBS_FILE%.fbs})_generated.h 31 | # Generate header file from bfbs (to stdout) 32 | fcp/tracing/tools/tracing_traits_generator ${GENERATED_FILE} ${BFBS_FILE} ${FBS_FILE} 33 | -------------------------------------------------------------------------------- /fcp/secagg/server/experiments_interface.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SERVER_EXPERIMENTS_INTERFACE_H_ 18 | #define FCP_SECAGG_SERVER_EXPERIMENTS_INTERFACE_H_ 19 | 20 | #include "absl/strings/string_view.h" 21 | 22 | namespace fcp { 23 | namespace secagg { 24 | 25 | // Used to query named flags for experimental features. 26 | class ExperimentsInterface { 27 | public: 28 | // Returns true if the specified experiment is enabled; 29 | // otherwise returns false. 30 | virtual bool IsEnabled(absl::string_view experiment_name) = 0; 31 | 32 | virtual ~ExperimentsInterface() = default; 33 | }; 34 | 35 | } // namespace secagg 36 | } // namespace fcp 37 | 38 | #endif // FCP_SECAGG_SERVER_EXPERIMENTS_INTERFACE_H_ 39 | -------------------------------------------------------------------------------- /fcp/patches/tensorflow_llvm_url.patch: -------------------------------------------------------------------------------- 1 | diff --git third_party/llvm/workspace.bzl third_party/llvm/workspace.bzl 2 | index 038e0ee5fe5..4693f5cfadc 100644 3 | --- third_party/llvm/workspace.bzl 4 | +++ third_party/llvm/workspace.bzl 5 | @@ -5,15 +5,15 @@ load("//third_party:repo.bzl", "tf_http_archive") 6 | def repo(name): 7 | """Imports LLVM.""" 8 | LLVM_COMMIT = "668e33c6401abe7844691fb7d47a3cf2d2012dbc" 9 | - LLVM_SHA256 = "b97fefaa486b106c8dd45b963116ed7684d8f3f55682116d5760b0b60db17702" 10 | + LLVM_SHA256 = "f6659fe4c8bfb271262abbe52f1f1320d12174504202c7c4bc4bce0910511297" 11 | 12 | tf_http_archive( 13 | name = name, 14 | sha256 = LLVM_SHA256, 15 | - strip_prefix = "llvm-project-{commit}".format(commit = LLVM_COMMIT), 16 | + strip_prefix = "llvm-llvm-project-{commit_partial}".format(commit_partial = LLVM_COMMIT[:7]), 17 | urls = [ 18 | "https://storage.googleapis.com/mirror.tensorflow.org/github.com/llvm/llvm-project/archive/{commit}.tar.gz".format(commit = LLVM_COMMIT), 19 | - "https://github.com/llvm/llvm-project/archive/{commit}.tar.gz".format(commit = LLVM_COMMIT), 20 | + "https://api.github.com/repos/llvm/llvm-project/tarball/{commit}".format(commit = LLVM_COMMIT), 21 | ], 22 | build_file = "//third_party/llvm:llvm.BUILD", 23 | patch_file = [ 24 | -------------------------------------------------------------------------------- /fcp/requirements.in: -------------------------------------------------------------------------------- 1 | # Requirements for the Federated Compute Python development environment. 2 | # 3 | # * For packages that have a stable release, we use a version that is 4 | # compatible with that release (e.g. `~=x.y`). See 5 | # https://peps.python.org/pep-0440/#compatible-release for more information. 6 | # * For packages that do not have a stable release, we use a version that 7 | # matches a release that has been tested (e.g. `==x.y.z`). See 8 | # https://peps.python.org/pep-0440/#version-matching for more information. 9 | # 10 | # Note: There is bug in `pip` when multiple packages use the compatible release 11 | # operator `~=` to specify a version and one of those versions ends in `0`. See 12 | # https://github.com/pypa/pip/issues/9613 for more information. In this case, 13 | # use the equivalent clause `>=x.0,==x.*` instead of `~=x.0`. 14 | # 15 | # This assumes that the packages follow Semantic Versioning, see 16 | # https://semver.org/. If a package follows a different versioning scheme or 17 | # requires unique handling, we use a different version specifier and comment the 18 | # versioning scheme or reasoning. 19 | 20 | absl-py~=1.4 21 | attrs~=23.1 22 | dm-tree~=0.1.8 23 | immutabledict==4.2.0 24 | protobuf>=4.23 25 | # The TensorFlow version should match what's specified in the WORKSPACE file for 26 | # C++ targets. 27 | tensorflow==2.14.0 28 | -------------------------------------------------------------------------------- /fcp/secagg/server/experiments_names.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SERVER_EXPERIMENTS_NAMES_H_ 18 | #define FCP_SECAGG_SERVER_EXPERIMENTS_NAMES_H_ 19 | 20 | namespace fcp { 21 | namespace secagg { 22 | 23 | // Names of predefined experiments 24 | static constexpr char kFullgraphSecAggExperiment[] = "FULLGRAPH_SECAGG"; 25 | static constexpr char kForceSubgraphSecAggExperiment[] = 26 | "FORCE_SUBGRAPH_SECAGG_FOR_TEST"; 27 | static constexpr char kSubgraphSecAggCuriousServerExperiment[] = 28 | "SUBGRAPH_SECAGG_CURIOUS_SERVER"; 29 | static constexpr char kSecAggAsyncRound2Experiment[] = "secagg_async_round_2"; 30 | 31 | } // namespace secagg 32 | } // namespace fcp 33 | 34 | #endif // FCP_SECAGG_SERVER_EXPERIMENTS_NAMES_H_ 35 | -------------------------------------------------------------------------------- /fcp/secagg/shared/crypto_rand_prng.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/shared/crypto_rand_prng.h" 18 | 19 | #include 20 | 21 | #include "fcp/base/monitoring.h" 22 | #include "fcp/secagg/shared/prng.h" 23 | #include "openssl/rand.h" 24 | 25 | namespace fcp { 26 | namespace secagg { 27 | 28 | template 29 | static Output Rand() { 30 | Output output; 31 | uint8_t bytes[sizeof(output)]; 32 | FCP_CHECK(RAND_bytes(bytes, sizeof(output))); 33 | memcpy(&output, bytes, sizeof(output)); 34 | return output; 35 | } 36 | 37 | uint8_t CryptoRandPrng::Rand8() { return Rand(); } 38 | uint64_t CryptoRandPrng::Rand64() { return Rand(); } 39 | 40 | } // namespace secagg 41 | } // namespace fcp 42 | -------------------------------------------------------------------------------- /fcp/secagg/testing/mock_send_to_server_interface.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_MOCK_SEND_TO_SERVER_INTERFACE_H_ 18 | #define FCP_SECAGG_TESTING_MOCK_SEND_TO_SERVER_INTERFACE_H_ 19 | 20 | #include "gmock/gmock.h" 21 | #include "fcp/secagg/client/send_to_server_interface.h" 22 | #include "fcp/secagg/shared/secagg_messages.pb.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | // GMock Implementation of SendToServerInterface. 28 | 29 | class MockSendToServerInterface : public SendToServerInterface { 30 | public: 31 | MOCK_METHOD(void, Send, (ClientToServerWrapperMessage * message)); 32 | }; 33 | 34 | } // namespace secagg 35 | } // namespace fcp 36 | 37 | #endif // FCP_SECAGG_TESTING_MOCK_SEND_TO_SERVER_INTERFACE_H_ 38 | -------------------------------------------------------------------------------- /fcp/tensorflow/crc32.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Provides the `crc32` operation. 15 | 16 | This wraps the generated op and ensures that necessary shared libraries 17 | are loaded. 18 | """ 19 | 20 | from typing import Optional 21 | 22 | import tensorflow as tf 23 | 24 | from fcp.tensorflow import gen_crc32_py 25 | 26 | _crc32_so = tf.load_op_library( 27 | tf.compat.v1.resource_loader.get_path_to_datafile('./_crc32_op.so')) 28 | 29 | 30 | def crc32(tensor: tf.Tensor, name: Optional[str] = None) -> tf.Operation: 31 | """Computes the CRC32 checksum of a Tensor. 32 | 33 | Args: 34 | tensor: The input `Tensor`. 35 | name: A name for the operation (optional). 36 | 37 | Returns: 38 | The created `Operation`. 39 | """ 40 | return gen_crc32_py.crc32(tensor, name=name) 41 | -------------------------------------------------------------------------------- /fcp/confidentialcompute/constants.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CONFIDENTIALCOMPUTE_CONSTANTS_H_ 18 | #define FCP_CONFIDENTIALCOMPUTE_CONSTANTS_H_ 19 | 20 | namespace fcp { 21 | namespace confidential_compute { 22 | 23 | inline constexpr char kDirectDataUploadTensorName[] = "output_tensor_name"; 24 | 25 | inline constexpr char kFileInfoKeySeparator[] = "/"; 26 | 27 | inline constexpr char kEventTimeColumnName[] = 28 | "confidential_compute_event_time"; 29 | 30 | inline constexpr char kPrivacyIdColumnName[] = 31 | "confidential_compute_privacy_id"; 32 | 33 | inline constexpr char kPrivateLoggerEntryKey[] = "entry"; 34 | 35 | } // namespace confidential_compute 36 | } // namespace fcp 37 | 38 | #endif // FCP_CONFIDENTIALCOMPUTE_CONSTANTS_H_ 39 | -------------------------------------------------------------------------------- /fcp/base/base_name.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/base_name.h" 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | 24 | namespace fcp { 25 | 26 | #ifdef _WIN32 27 | constexpr char kPathSeparator = '\\'; 28 | #else 29 | constexpr char kPathSeparator = '/'; 30 | #endif 31 | 32 | std::string BaseName(const std::string& path) { 33 | // Note: the code below needs to be compatible with baremetal build with 34 | // nanolibc. Therefore it is implemented via the standard "C" library strrchr. 35 | const char* separator_ptr = strrchr(path.c_str(), kPathSeparator); 36 | if (separator_ptr == nullptr) return path; 37 | 38 | return path.substr((separator_ptr - path.c_str()) + 1); 39 | } 40 | 41 | } // namespace fcp 42 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_tag_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/tracing_tag.h" 16 | 17 | #include "gtest/gtest.h" 18 | #include "absl/hash/hash_testing.h" 19 | 20 | namespace fcp { 21 | namespace { 22 | 23 | TEST(TracingTag, Construction) { EXPECT_EQ(TracingTag("ABCD").str(), "ABCD"); } 24 | 25 | TEST(TracingTag, SupportsAbslHash) { 26 | EXPECT_TRUE(absl::VerifyTypeImplementsAbslHashCorrectly( 27 | {TracingTag("AAAA"), TracingTag("AAAA"), TracingTag("ABCD"), 28 | TracingTag("DCBA")})); 29 | } 30 | 31 | TEST(TracingTag, Comparison) { 32 | TracingTag a1("AAAA"); 33 | TracingTag a2("AAAA"); 34 | TracingTag b("BBBB"); 35 | EXPECT_TRUE(a1 == a2); 36 | EXPECT_FALSE(a1 != a2); 37 | EXPECT_FALSE(a1 == b); 38 | EXPECT_TRUE(a1 != b); 39 | } 40 | 41 | } // namespace 42 | } // namespace fcp 43 | -------------------------------------------------------------------------------- /fcp/secagg/shared/crypto_rand_prng.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SHARED_CRYPTO_RAND_PRNG_H_ 18 | #define FCP_SECAGG_SHARED_CRYPTO_RAND_PRNG_H_ 19 | 20 | #include 21 | 22 | #include "fcp/secagg/shared/prng.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | // A cryptographically strong Pseudorandom Number Generator based on OpenSSL, 28 | // which seeds using /dev/urandom on UNIX-like operating systems, and other 29 | // sources of randomness on Windows. 30 | // 31 | // This class is thread-safe. 32 | 33 | class CryptoRandPrng : public SecurePrng { 34 | public: 35 | CryptoRandPrng() = default; 36 | 37 | uint8_t Rand8() override; 38 | uint64_t Rand64() override; 39 | }; 40 | 41 | } // namespace secagg 42 | } // namespace fcp 43 | #endif // FCP_SECAGG_SHARED_CRYPTO_RAND_PRNG_H_ 44 | -------------------------------------------------------------------------------- /fcp/tensorflow/test_selector.proto: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // Defines TestSelector, TestCriteria and ResumptionToken, for use in 18 | // ExternalDataset and ExampleSelectorFuser testing. 19 | 20 | syntax = "proto3"; 21 | 22 | package fcp; 23 | 24 | message Limit { 25 | int64 value = 1; 26 | } 27 | 28 | // Specifies that examples (int64 scalars) in the range [lower_inclusive, 29 | // upper_inclusive] should be included. 30 | message TestSelector { 31 | Limit lower_inclusive = 1; 32 | Limit upper_inclusive = 2; 33 | } 34 | 35 | // Simple example selection criteria which limits the maximum number of examples 36 | message TestCriteria { 37 | // The max number of examples that should be returned by this query. 38 | int32 max_examples = 1; 39 | } 40 | 41 | message ResumptionToken { 42 | int32 last_index = 1; 43 | } 44 | -------------------------------------------------------------------------------- /fcp/java_src/test/java/com/google/fcp/client/http/BUILD: -------------------------------------------------------------------------------- 1 | load("@rules_java//java:defs.bzl", "java_test") 2 | 3 | # Copyright 2022 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | package( 17 | licenses = ["notice"], # Apache 2.0 18 | ) 19 | 20 | java_test( 21 | name = "HttpClientForNativeImplTest", 22 | size = "small", 23 | srcs = ["HttpClientForNativeImplTest.java"], 24 | deps = [ 25 | "//fcp/client/http/java:jni_java_proto", 26 | "//fcp/java_src/main/java/com/google/fcp/client", 27 | "//fcp/java_src/main/java/com/google/fcp/client/http", 28 | "@com_google_googleapis//google/rpc:rpc_java_proto", 29 | "@com_google_protobuf//:protobuf_java", 30 | "@fcp_maven//:com_google_guava_guava", 31 | "@fcp_maven//:com_google_truth_truth", 32 | "@fcp_maven//:junit_junit", 33 | "@fcp_maven//:org_mockito_mockito_core", 34 | ], 35 | ) 36 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/data_upload_config.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | import "fcp/protos/confidentialcompute/signed_endorsements.proto"; 20 | import "fcp/protos/federatedcompute/confidential_encryption_config.proto"; 21 | 22 | option java_multiple_files = true; 23 | option java_package = "com.google.intelligence.fcp.confidentialcompute"; 24 | 25 | // Configuration for encrypting data uploads and verifying data access policy 26 | // for the task. 27 | message DataUploadConfig { 28 | // The configuration for encrypting data uploads. 29 | google.internal.federatedcompute.v1.ConfidentialEncryptionConfig 30 | confidential_encryption_config = 1; 31 | 32 | // A set of oak SignedEndorsement protos for the task data access policy. 33 | SignedEndorsements signed_endorsement = 2; 34 | } 35 | -------------------------------------------------------------------------------- /fcp/tensorflow/testing/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 16 | load("//fcp:config.bzl", "FCP_COPTS") 17 | 18 | package( 19 | default_visibility = [ 20 | "//fcp:internal", 21 | ], 22 | licenses = ["notice"], # Apache 2.0 23 | ) 24 | 25 | cc_library( 26 | name = "tf_helper", 27 | testonly = 1, 28 | srcs = ["tf_helper.cc"], 29 | hdrs = ["tf_helper.h"], 30 | copts = FCP_COPTS, 31 | deps = [ 32 | "//fcp/base:result", 33 | "//fcp/tensorflow:tf_session", 34 | "@com_google_absl//absl/status", 35 | "@com_google_absl//absl/strings:cord", 36 | "@com_google_googletest//:gtest_main", 37 | "@org_tensorflow//tensorflow/cc:cc_ops", 38 | "@org_tensorflow//tensorflow/cc:scope", 39 | "@org_tensorflow//tensorflow/core:protos_all_cc", 40 | ], 41 | ) 42 | -------------------------------------------------------------------------------- /fcp/tracing/text_tracing_span_impl.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/text_tracing_span_impl.h" 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | #include "flatbuffers/minireflect.h" 22 | 23 | namespace fcp { 24 | namespace tracing_internal { 25 | 26 | using flatbuffers::DetachedBuffer; 27 | 28 | void TextTracingSpanImpl::TraceImpl(DetachedBuffer&& buf, 29 | const TracingTraitsBase& traits) { 30 | recorder_->TraceImpl(id_, std::move(buf), traits); 31 | } 32 | 33 | TextTracingSpanImpl::~TextTracingSpanImpl() { 34 | recorder_->EndSpan(id_, buf_text_.name, buf_text_.text_format); 35 | } 36 | 37 | TracingSpanRef TextTracingSpanImpl::Ref() { 38 | return TracingSpanRef(recorder_->shared_from_this(), id_); 39 | } 40 | 41 | } // namespace tracing_internal 42 | } // namespace fcp 43 | -------------------------------------------------------------------------------- /fcp/secagg/server/send_to_clients_interface.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SERVER_SEND_TO_CLIENTS_INTERFACE_H_ 18 | #define FCP_SECAGG_SERVER_SEND_TO_CLIENTS_INTERFACE_H_ 19 | 20 | #include "fcp/secagg/shared/secagg_messages.pb.h" 21 | 22 | namespace fcp { 23 | namespace secagg { 24 | 25 | // Used to provide a SecAggServer with a private and authenticated channel with 26 | // the clients, which can be used to send protocol buffer messages. 27 | 28 | class SendToClientsInterface { 29 | public: 30 | // Sends a message to a single client. 31 | virtual void Send(uint32_t recipient_id, 32 | const ServerToClientWrapperMessage& message) = 0; 33 | 34 | virtual ~SendToClientsInterface() = default; 35 | }; 36 | 37 | } // namespace secagg 38 | } // namespace fcp 39 | 40 | #endif // FCP_SECAGG_SERVER_SEND_TO_CLIENTS_INTERFACE_H_ 41 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/nn_histogram_config.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; // Our OSS build does not support editions. 16 | 17 | package fcp.confidentialcompute; 18 | 19 | option java_multiple_files = true; 20 | option java_package = "com.google.intelligence.fcp.confidentialcompute"; 21 | option java_outer_classname = "SentenceTransformersConfigProto"; 22 | 23 | // Configures the NNHistogram container initialization. 24 | message NNHistogramContainerInitializeConfiguration { 25 | // The configuration_id for the synthetic data embeddings blob. It should 26 | // match 27 | // StreamInitializeRequest.write_configuration.first_request_metadata.configuration_id 28 | // for the synthetic data embeddings blob. 29 | // The blob is a file containing Embedding proto messages for synthetic data. 30 | string synthetic_data_embeddings_configuration_id = 1; 31 | } 32 | -------------------------------------------------------------------------------- /fcp/tensorflow/testing/tf_helper.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_TENSORFLOW_TESTING_TF_HELPER_H_ 18 | #define FCP_TENSORFLOW_TESTING_TF_HELPER_H_ 19 | 20 | #include 21 | 22 | #include "gtest/gtest.h" 23 | #include "absl/strings/cord.h" 24 | #include "fcp/base/result.h" 25 | #include "fcp/tensorflow/tf_session.h" 26 | #include "tensorflow/cc/framework/scope.h" 27 | #include "tensorflow/cc/ops/array_ops.h" 28 | #include "tensorflow/cc/ops/const_op.h" 29 | #include "tensorflow/cc/ops/io_ops.h" 30 | #include "tensorflow/cc/ops/state_ops.h" 31 | #include "tensorflow/core/protobuf/saver.pb.h" 32 | 33 | namespace fcp { 34 | 35 | /** 36 | * Get a serialized graph with the operations defined on the provided scope. 37 | */ 38 | absl::Cord CreateGraph(tensorflow::Scope* root); 39 | 40 | } // namespace fcp 41 | 42 | #endif // FCP_TENSORFLOW_TESTING_TF_HELPER_H_ 43 | -------------------------------------------------------------------------------- /fcp/secagg/shared/input_vector_specification.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/shared/input_vector_specification.h" 18 | 19 | #include 20 | 21 | #include "fcp/base/monitoring.h" 22 | #include "fcp/secagg/shared/secagg_vector.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | InputVectorSpecification::InputVectorSpecification(const std::string& name, 28 | int length, uint64_t modulus) 29 | : name_(name), length_(length), modulus_(modulus) { 30 | FCP_CHECK(length >= 0) << "Length must be >= 0, given value was" << length; 31 | FCP_CHECK(modulus > 1 && modulus <= SecAggVector::kMaxModulus) 32 | << "The specified modulus is not valid: must be > 1 and <= " 33 | << SecAggVector::kMaxModulus << ", supplied value : " << modulus; 34 | } 35 | 36 | } // namespace secagg 37 | } // namespace fcp 38 | -------------------------------------------------------------------------------- /fcp/secagg/testing/server/mock_send_to_clients_interface.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_SERVER_MOCK_SEND_TO_CLIENTS_INTERFACE_H_ 18 | #define FCP_SECAGG_TESTING_SERVER_MOCK_SEND_TO_CLIENTS_INTERFACE_H_ 19 | 20 | #include "gmock/gmock.h" 21 | #include "fcp/secagg/server/send_to_clients_interface.h" 22 | #include "fcp/secagg/shared/secagg_messages.pb.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | // GMock Implementation of SendToClientsInterface. 28 | 29 | class MockSendToClientsInterface : public SendToClientsInterface { 30 | public: 31 | MOCK_METHOD(void, Send, 32 | (uint32_t recipient_id, 33 | const ServerToClientWrapperMessage& message), 34 | (override)); 35 | }; 36 | 37 | } // namespace secagg 38 | } // namespace fcp 39 | 40 | #endif // FCP_SECAGG_TESTING_SERVER_MOCK_SEND_TO_CLIENTS_INTERFACE_H_ 41 | -------------------------------------------------------------------------------- /fcp/base/compression_test.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/compression.h" 18 | 19 | #include "gmock/gmock.h" 20 | #include "gtest/gtest.h" 21 | #include "fcp/testing/testing.h" 22 | 23 | namespace fcp::base { 24 | namespace { 25 | 26 | TEST(CompressionTest, CompressDecompressEmptyString) { 27 | auto compressed = CompressWithGzip(""); 28 | ASSERT_OK(compressed); 29 | 30 | auto uncompressed = UncompressWithGzip(*compressed); 31 | ASSERT_OK(uncompressed); 32 | 33 | EXPECT_EQ(*uncompressed, ""); 34 | } 35 | 36 | TEST(CompressionTest, CompressDecompressNonEmptyString) { 37 | auto data = "foobar"; 38 | auto compressed = CompressWithGzip(data); 39 | ASSERT_OK(compressed); 40 | 41 | auto uncompressed = UncompressWithGzip(*compressed); 42 | ASSERT_OK(uncompressed); 43 | 44 | EXPECT_EQ(*uncompressed, data); 45 | } 46 | } // namespace 47 | } // namespace fcp::base 48 | -------------------------------------------------------------------------------- /fcp/client/http/curl/curl_http_response.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CLIENT_HTTP_CURL_CURL_HTTP_RESPONSE_H_ 18 | #define FCP_CLIENT_HTTP_CURL_CURL_HTTP_RESPONSE_H_ 19 | 20 | #include "absl/base/attributes.h" 21 | #include "fcp/client/http/http_client.h" 22 | 23 | namespace fcp::client::http::curl { 24 | // A simple http response. This class is thread-safe. 25 | class CurlHttpResponse : public HttpResponse { 26 | public: 27 | CurlHttpResponse(int status_code, HeaderList header_list); 28 | ~CurlHttpResponse() override = default; 29 | 30 | // HttpResponse: 31 | ABSL_MUST_USE_RESULT int code() const override; 32 | ABSL_MUST_USE_RESULT const HeaderList& headers() const override; 33 | 34 | private: 35 | const int status_code_; 36 | const HeaderList header_list_; 37 | }; 38 | } // namespace fcp::client::http::curl 39 | 40 | #endif // FCP_CLIENT_HTTP_CURL_CURL_HTTP_RESPONSE_H_ 41 | -------------------------------------------------------------------------------- /fcp/secagg/testing/mock_state_transition_listener.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_MOCK_STATE_TRANSITION_LISTENER_H_ 18 | #define FCP_SECAGG_TESTING_MOCK_STATE_TRANSITION_LISTENER_H_ 19 | 20 | #include "gmock/gmock.h" 21 | #include "fcp/secagg/client/state_transition_listener_interface.h" 22 | 23 | namespace fcp { 24 | namespace secagg { 25 | 26 | // GMock Implementation of SendToServerInterface. 27 | 28 | class MockStateTransitionListener : public StateTransitionListenerInterface { 29 | public: 30 | MOCK_METHOD(void, Transition, (ClientState state)); 31 | MOCK_METHOD(void, Started, (ClientState state)); 32 | MOCK_METHOD(void, Stopped, (ClientState state)); 33 | MOCK_METHOD(void, set_execution_session_id, (int64_t execution_session_id)); 34 | }; 35 | 36 | } // namespace secagg 37 | } // namespace fcp 38 | 39 | #endif // FCP_SECAGG_TESTING_MOCK_STATE_TRANSITION_LISTENER_H_ 40 | -------------------------------------------------------------------------------- /fcp/base/status_converters.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_BASE_STATUS_CONVERTERS_H_ 18 | #define FCP_BASE_STATUS_CONVERTERS_H_ 19 | 20 | #include "grpcpp/support/status.h" 21 | #include "absl/status/status.h" 22 | #include "fcp/base/monitoring.h" 23 | 24 | namespace fcp { 25 | namespace base { 26 | 27 | /** 28 | * Converts a grpc::StatusCode to an StatusCode. 29 | */ 30 | StatusCode FromGrpcStatusCode(grpc::StatusCode code); 31 | 32 | /** 33 | * Converts grpc::Status to an fcp::Status. 34 | */ 35 | Status FromGrpcStatus(grpc::Status status); 36 | 37 | /** 38 | * Converts an StatusCode to a grpc::StatusCode. 39 | */ 40 | grpc::StatusCode ToGrpcStatusCode(StatusCode code); 41 | 42 | /** 43 | * Converts fcp::Status to grpc::Status. 44 | */ 45 | grpc::Status ToGrpcStatus(Status status); 46 | 47 | } // namespace base 48 | } // namespace fcp 49 | 50 | #endif // FCP_BASE_STATUS_CONVERTERS_H_ 51 | -------------------------------------------------------------------------------- /fcp/client/parsing_utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CLIENT_PARSING_UTILS_H_ 18 | #define FCP_CLIENT_PARSING_UTILS_H_ 19 | 20 | #include 21 | #include 22 | 23 | #include "absl/strings/cord.h" 24 | 25 | namespace fcp { 26 | namespace client { 27 | 28 | // Parses a proto from either an std::string or an absl::Cord. This allows the 29 | // proto data to be provided in either format. 30 | template 31 | bool ParseFromStringOrCord(MessageT& proto, 32 | std::variant data) { 33 | if (std::holds_alternative(data)) { 34 | return proto.ParseFromString(std::get(data)); 35 | } else { 36 | return proto.ParseFromString(std::string(std::get(data))); 37 | } 38 | } 39 | 40 | } // namespace client 41 | } // namespace fcp 42 | 43 | #endif // FCP_CLIENT_PARSING_UTILS_H_ 44 | -------------------------------------------------------------------------------- /fcp/client/http/testing/http_test_server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CLIENT_HTTP_TESTING_HTTP_TEST_SERVER_H_ 18 | #define FCP_CLIENT_HTTP_TESTING_HTTP_TEST_SERVER_H_ 19 | 20 | #include 21 | #include 22 | 23 | #include "absl/status/statusor.h" 24 | #include "tensorflow_serving/util/net_http/server/public/httpserver_interface.h" 25 | 26 | namespace fcp { 27 | namespace client { 28 | namespace http { 29 | // Creates a test server where 30 | // uri: the uri starting with "/" 31 | // port: the port to listen 32 | // num_threads: the number of parallel threads the server has 33 | absl::StatusOr< 34 | std::unique_ptr<::tensorflow::serving::net_http::HTTPServerInterface>> 35 | CreateHttpTestServer(const std::string& uri, int port, int num_threads); 36 | } // namespace http 37 | } // namespace client 38 | } // namespace fcp 39 | 40 | #endif // FCP_CLIENT_HTTP_TESTING_HTTP_TEST_SERVER_H_ 41 | -------------------------------------------------------------------------------- /fcp/tensorflow/make_slices_selector_example_selector.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Provides the `make_slices_selector_example_selector` operation. 15 | 16 | This wraps the generated op and ensures that necessary shared libraries 17 | are loaded. 18 | """ 19 | 20 | import tensorflow as tf 21 | 22 | from fcp.tensorflow import gen_make_slices_selector_example_selector_py 23 | 24 | _make_slices_selector_example_selector_so = tf.load_op_library( 25 | tf.compat.v1.resource_loader.get_path_to_datafile( 26 | './_make_slices_selector_example_selector_op.so')) 27 | 28 | 29 | def make_slices_selector_example_selector(served_at_id, keys): 30 | """Serializes a proto `ExampleSelector` containing a `SlicesSelector`.""" 31 | return gen_make_slices_selector_example_selector_py.make_slices_selector_example_selector( 32 | served_at_id=tf.convert_to_tensor(served_at_id, tf.string), 33 | keys=tf.convert_to_tensor(keys, tf.int32), 34 | ) 35 | -------------------------------------------------------------------------------- /fcp/secagg/client/send_to_server_interface.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_CLIENT_SEND_TO_SERVER_INTERFACE_H_ 18 | #define FCP_SECAGG_CLIENT_SEND_TO_SERVER_INTERFACE_H_ 19 | 20 | #include "fcp/secagg/shared/secagg_messages.pb.h" 21 | 22 | namespace fcp { 23 | namespace secagg { 24 | 25 | // Used to provide a SecAggClient with a private and authenticated channel with 26 | // the server, which can be used to send protocol buffer messages. 27 | 28 | class SendToServerInterface { 29 | public: 30 | // Note: For efficiency, contents may be Swap()'d to default values. In other 31 | // words, consider message to have been "moved from" when Send returns. 32 | virtual void Send(ClientToServerWrapperMessage* message) = 0; 33 | 34 | virtual ~SendToServerInterface() = default; 35 | }; 36 | 37 | } // namespace secagg 38 | } // namespace fcp 39 | 40 | #endif // FCP_SECAGG_CLIENT_SEND_TO_SERVER_INTERFACE_H_ 41 | -------------------------------------------------------------------------------- /fcp/secagg/testing/fake_prng.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_FAKE_PRNG_H_ 18 | #define FCP_SECAGG_TESTING_FAKE_PRNG_H_ 19 | 20 | #include 21 | 22 | #include "fcp/secagg/shared/prng.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | // Fake Implementation of SecurePrng that just returns constantly incrementing 28 | // values. 29 | 30 | class FakePrng : public SecurePrng { 31 | public: 32 | // Returns 1, 2, 3, etc. 33 | FakePrng() = default; 34 | 35 | // Returns the selected value first, and increments by 1 each time from there. 36 | explicit FakePrng(uint64_t value) : value_(value - 1) {} 37 | 38 | uint8_t Rand8() override { return static_cast(++value_); } 39 | uint64_t Rand64() override { return ++value_; } 40 | 41 | private: 42 | uint64_t value_ = 0; 43 | }; 44 | 45 | } // namespace secagg 46 | } // namespace fcp 47 | 48 | #endif // FCP_SECAGG_TESTING_FAKE_PRNG_H_ 49 | -------------------------------------------------------------------------------- /fcp/secagg/server/ssl_bit_gen.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/server/ssl_bit_gen.h" 18 | 19 | #include 20 | 21 | // Thread-safety guarantees only apply in BoringSSL. 22 | #include "fcp/base/monitoring.h" 23 | #include "openssl/is_boringssl.h" 24 | #include "openssl/rand.h" 25 | 26 | namespace fcp { 27 | namespace secagg { 28 | 29 | SslBitGen::result_type SslBitGen::operator()() { 30 | static_assert(std::is_same::value, 31 | "uint8_t being other than unsigned char isn't supported by " 32 | "BoringSSL"); 33 | SslBitGen::result_type random_integer; 34 | int success = RAND_bytes(reinterpret_cast(&random_integer), 35 | sizeof(random_integer)); 36 | // RAND_bytes always returns 1 in BoringSSL 37 | FCP_CHECK(success == 1); 38 | 39 | return random_integer; 40 | } 41 | 42 | } // namespace secagg 43 | } // namespace fcp 44 | -------------------------------------------------------------------------------- /fcp/tensorflow/tracing_schema.fbs: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | include "fcp/tracing/tracing_schema_common.fbs"; 16 | 17 | table RunTfOp(tag: "TFOP", span) { 18 | op: string; 19 | } 20 | 21 | table SaveToCheckpoint(tag: "SCPT", span) { 22 | before_save_op: string; 23 | save_op: string; 24 | after_save_op: string; 25 | } 26 | 27 | table RestoreFromCheckpoint(tag: "RCPT", span) { 28 | before_restore_op: string; 29 | restore_op: string; 30 | after_restore_op: string; 31 | } 32 | 33 | table RestoreFromTensors(tag: "RFTS", span) { 34 | before_restore_op: string; 35 | after_restore_op: string; 36 | } 37 | 38 | table InvalidCheckpointOp (tag: "TFCO", error) { 39 | field: string; // The name of the field in the checkpoint op that is invalid. 40 | message: string; // Information about why the provided value is invalid. 41 | } 42 | 43 | table TmpFileNotDeleted (tag: "TMPD", warning) { 44 | field: string; // The name of the file that could not be deleted successfully. 45 | } -------------------------------------------------------------------------------- /fcp/secagg/shared/aes_prng_factory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SHARED_AES_PRNG_FACTORY_H_ 18 | #define FCP_SECAGG_SHARED_AES_PRNG_FACTORY_H_ 19 | 20 | #include 21 | #include "fcp/secagg/shared/aes_key.h" 22 | #include "fcp/secagg/shared/prng.h" 23 | 24 | namespace fcp { 25 | namespace secagg { 26 | 27 | // Factory interface for AES-based deterministic pseudorandom number generators. 28 | class AesPrngFactory { 29 | public: 30 | virtual ~AesPrngFactory() = default; 31 | virtual std::unique_ptr MakePrng(const AesKey& key) const = 0; 32 | // TODO(team): Remove this when transition to the batch mode of 33 | // SecurePrng is fully done. 34 | // The batch mode allows to retrive a large batch of preuso-random numbers 35 | // in a single call. 36 | virtual bool SupportsBatchMode() const { return false; } 37 | }; 38 | 39 | } // namespace secagg 40 | } // namespace fcp 41 | 42 | #endif // FCP_SECAGG_SHARED_AES_PRNG_FACTORY_H_ 43 | -------------------------------------------------------------------------------- /fcp/client/http/testing/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 16 | 17 | package( 18 | default_visibility = [ 19 | "//fcp:internal", 20 | ], 21 | licenses = ["notice"], # Apache 2.0 22 | ) 23 | 24 | # TODO(team) 25 | 26 | cc_library( 27 | name = "test_helpers", 28 | testonly = True, 29 | srcs = ["test_helpers.cc"], 30 | hdrs = ["test_helpers.h"], 31 | visibility = ["//visibility:public"], 32 | deps = [ 33 | "//fcp/base", 34 | "//fcp/client/http:http_client", 35 | "//fcp/client/http:http_client_util", 36 | "@com_google_absl//absl/base:core_headers", 37 | "@com_google_absl//absl/status", 38 | "@com_google_absl//absl/status:statusor", 39 | "@com_google_absl//absl/strings", 40 | "@com_google_googleapis//google/longrunning:longrunning_cc_proto", 41 | "@com_google_googletest//:gtest_main", 42 | "@com_google_protobuf//:protobuf", 43 | ], 44 | ) 45 | -------------------------------------------------------------------------------- /fcp/base/monitoring.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/monitoring.h" 18 | 19 | #include 20 | #include 21 | 22 | #include "fcp/base/base_name.h" 23 | 24 | namespace fcp { 25 | 26 | namespace internal { 27 | 28 | StatusBuilder::StatusBuilder(StatusCode code, const char* file, int line) 29 | : file_(file), line_(line), code_(code), message_() {} 30 | 31 | StatusBuilder::StatusBuilder(StatusBuilder const& other) 32 | : file_(other.file_), 33 | line_(other.line_), 34 | code_(other.code_), 35 | message_(other.message_.str()) {} 36 | 37 | StatusBuilder::operator Status() { 38 | auto message_str = message_.str(); 39 | if (code_ != OK) { 40 | std::ostringstream status_message; 41 | status_message << "(at " << BaseName(file_) << ":" << line_ << message_str; 42 | message_str = status_message.str(); 43 | } 44 | return Status(code_, message_str); 45 | } 46 | 47 | } // namespace internal 48 | 49 | } // namespace fcp 50 | -------------------------------------------------------------------------------- /fcp/client/fl_runner_tensorflow_spec_result.proto: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | syntax = "proto3"; 17 | 18 | package fcp.client; 19 | 20 | import "fcp/client/engine/engine.proto"; 21 | import "tensorflow/core/framework/tensor.proto"; 22 | 23 | option java_package = "com.google.intelligence.fcp.client"; 24 | option java_multiple_files = true; 25 | 26 | /** 27 | * This protocol buffer is used to pass TensorflowSpec-based plan outputs across 28 | * the JNI boundary so they can be accessed in compatibility tests. 29 | */ 30 | message FLRunnerTensorflowSpecResult { 31 | // The outcome of running the plan. 32 | engine.PhaseOutcome outcome = 1; 33 | // The location of the output checkpoint file, if one was created. 34 | string checkpoint_output_filename = 2; 35 | // A map of output tensor names and values, if any. 36 | map output_tensors = 3 [deprecated = true]; 37 | // The serialized TaskEligibilityInfo proto, if one was created. 38 | bytes task_eligibility_info = 4; 39 | } 40 | -------------------------------------------------------------------------------- /fcp/client/cache/cache_manifest.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.client.cache; 18 | 19 | import "google/protobuf/any.proto"; 20 | import "google/protobuf/timestamp.proto"; 21 | 22 | option java_package = "com.google.intelligence.fcp.client"; 23 | option java_multiple_files = true; 24 | 25 | // Maps cache IDs to CachedResource protos containing metadata and 26 | // the file name of the cached resource. 27 | message CacheManifest { 28 | // A map of `cache_id` to `CachedResource`. 29 | map cache = 1; 30 | } 31 | 32 | message CachedResource { 33 | // Name of the file holding the cached resource. 34 | string file_name = 1; 35 | // Serialized metadata proto. This proto should be small. 36 | google.protobuf.Any metadata = 2; 37 | // Timestamp of when the cached resource should be deleted. 38 | google.protobuf.Timestamp expiry_time = 3; 39 | // Timestamp of when the cached resource was last accessed. 40 | google.protobuf.Timestamp last_accessed_time = 4; 41 | } 42 | -------------------------------------------------------------------------------- /fcp/client/files.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef FCP_CLIENT_FILES_H_ 17 | #define FCP_CLIENT_FILES_H_ 18 | 19 | #include 20 | 21 | #include "absl/status/statusor.h" 22 | 23 | namespace fcp { 24 | namespace client { 25 | 26 | // An interface used by the plan engine for platform-dependent file system 27 | // access. 28 | class Files { 29 | public: 30 | virtual ~Files() = default; 31 | 32 | // Creates a temporary file. The runtime environment (e.g. operating system) 33 | // is expected to clean up these files if necessary, i.e. the engine is not 34 | // responsible for their deletion (but may chose to do so). 35 | // On success, returns a file path. 36 | // On error, returns 37 | // - INTERNAL - unexpected error. 38 | // - INVALID_ARGUMENT - on "expected" errors such as I/O issues. 39 | virtual absl::StatusOr CreateTempFile( 40 | const std::string& prefix, const std::string& suffix) = 0; 41 | }; 42 | 43 | } // namespace client 44 | } // namespace fcp 45 | 46 | #endif // FCP_CLIENT_FILES_H_ 47 | -------------------------------------------------------------------------------- /fcp/base/process_unique_id_test.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/process_unique_id.h" 18 | 19 | #include // NOLINT(build/c++11) 20 | 21 | #include "gtest/gtest.h" 22 | #include "absl/container/flat_hash_set.h" 23 | 24 | namespace fcp { 25 | 26 | TEST(UniqueIdGeneratorTest, CallingNextYieldsDifferentIds) { 27 | uint64_t id1 = ProcessUniqueId::Next().value(); 28 | uint64_t id2 = ProcessUniqueId::Next().value(); 29 | EXPECT_NE(id1, id2); 30 | } 31 | 32 | TEST(UniqueIdGeneratorTest, MultipleThreads) { 33 | const int n = 15; 34 | std::thread threads[n]; 35 | uint64_t ids[n]; 36 | for (int i = 0; i < n; i++) { 37 | threads[i] = 38 | std::thread([&ids, i]() { ids[i] = ProcessUniqueId::Next().value(); }); 39 | } 40 | for (int i = 0; i < n; i++) { 41 | threads[i].join(); 42 | } 43 | absl::flat_hash_set id_set; 44 | for (int i = 0; i < n; i++) { 45 | bool inserted = id_set.insert(ids[i]).second; 46 | EXPECT_TRUE(inserted); 47 | } 48 | } 49 | 50 | } // namespace fcp 51 | -------------------------------------------------------------------------------- /fcp/base/tracing_schema.fbs: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | include "fcp/tracing/tracing_schema_common.fbs"; 16 | 17 | // Keep in sync with absl status in third_party/absl/status/status.h 18 | enum TracingStatusCode : short { 19 | Ok, 20 | Cancelled, 21 | Unknown, 22 | InvalidArgument, 23 | DeadlineExceeded, 24 | NotFound, 25 | AlreadyExists, 26 | PermissionDenied, 27 | ResourceExhausted, 28 | FailedPrecondition, 29 | Aborted, 30 | OutOfRange, 31 | Unimplemented, 32 | Internal, 33 | Unavailable, 34 | DataLoss, 35 | Unauthenticated, 36 | } 37 | 38 | table ResultExpectError (tag: "!EXP", error) { 39 | expectation: string; 40 | file_name: string; 41 | line: int32; 42 | } 43 | 44 | table ResultExpectStatusError (tag: "STAT", error) { 45 | // TODO(team): Pull out status fields into status struct. 46 | expected_code: TracingStatusCode; 47 | actual_code: TracingStatusCode; 48 | message: string; 49 | file_name: string; 50 | line: int32; 51 | } 52 | 53 | table ProtoParseFailure (tag: "PRPR", error) { 54 | type: string; 55 | } 56 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/program_worker.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | import "google/protobuf/any.proto"; 20 | 21 | // API for executing a computation in a federated program worker. 22 | service ProgramWorker { 23 | // Executes a computation in the worker. 24 | // If the server is running in untrusted space, the request will be forwarded 25 | // to the trusted worker application running in the TEE. 26 | // If the server is running in trusted space, the request will be executed 27 | // inside the TEE. 28 | rpc Execute(ComputationRequest) returns (ComputationResponse) {} 29 | } 30 | 31 | // Request providing a computation to execute. 32 | // Next ID: 2 33 | message ComputationRequest { 34 | // The computation to be executed in the worker. 35 | google.protobuf.Any computation = 1; 36 | } 37 | 38 | // Response from executing a computation. 39 | // Next ID: 2 40 | message ComputationResponse { 41 | // The result of the computation execution. 42 | google.protobuf.Any result = 1; 43 | } 44 | -------------------------------------------------------------------------------- /fcp/secagg/client/secagg_client_completed_state.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/client/secagg_client_completed_state.h" 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "fcp/secagg/client/secagg_client_state.h" 24 | #include "fcp/secagg/client/state_transition_listener_interface.h" 25 | 26 | namespace fcp { 27 | namespace secagg { 28 | 29 | SecAggClientCompletedState::SecAggClientCompletedState( 30 | std::unique_ptr sender, 31 | std::unique_ptr transition_listener) 32 | : SecAggClientState(std::move(sender), std::move(transition_listener), 33 | ClientState::COMPLETED) {} 34 | 35 | SecAggClientCompletedState::~SecAggClientCompletedState() = default; 36 | 37 | bool SecAggClientCompletedState::IsCompletedSuccessfully() const { 38 | return true; 39 | } 40 | 41 | std::string SecAggClientCompletedState::StateName() const { 42 | return "COMPLETED"; 43 | } 44 | 45 | } // namespace secagg 46 | } // namespace fcp 47 | -------------------------------------------------------------------------------- /fcp/tensorflow/delete_file.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Provides the `delete_file` operation. 15 | 16 | This wraps the generated ops and ensures that necessary shared libraries 17 | are loaded. 18 | """ 19 | 20 | import tensorflow as tf 21 | 22 | from fcp.tensorflow import gen_delete_file_py 23 | 24 | _delete_file_so = tf.load_op_library( 25 | tf.compat.v1.resource_loader.get_path_to_datafile('./_delete_file_op.so')) 26 | 27 | 28 | def delete_file(filename: tf.Tensor) -> tf.Operation: 29 | """Delete file if the filename exists. 30 | 31 | Args: 32 | filename: The filename to delete. 33 | 34 | Returns: 35 | The created `Operation`. 36 | """ 37 | return gen_delete_file_py.delete_file(filename) 38 | 39 | 40 | def delete_dir(dirname: tf.Tensor, recursively: bool = False) -> tf.Operation: 41 | """Delete directory if the dirname exists. 42 | 43 | Args: 44 | dirname: The directory to delete. 45 | recursively: If true the op attempts to delete also the content. 46 | 47 | Returns: 48 | The created `Operation`. 49 | """ 50 | return gen_delete_file_py.delete_dir(dirname, recursively) 51 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/computation_delegation.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute.outgoing; 18 | 19 | import "google/protobuf/any.proto"; 20 | 21 | // API for a TEE to delegate computation, either to itself or to another TEE 22 | // on a remote worker. 23 | // 24 | // Note: Requests originate from a TEE and responses are sent back to a TEE. 25 | service ComputationDelegation { 26 | // Executes a computation either within the TEE itself or in a TEE on a remote 27 | // worker. 28 | rpc Execute(ComputationRequest) returns (ComputationResponse) {} 29 | } 30 | 31 | // Request providing a computation to execute. 32 | // Next ID: 3 33 | message ComputationRequest { 34 | // The computation to be executed. 35 | google.protobuf.Any computation = 1; 36 | 37 | // The BNS address of the worker to execute the computation. 38 | string worker_bns = 2; 39 | } 40 | 41 | // Response from executing a computation. 42 | // Next ID: 2 43 | message ComputationResponse { 44 | // The result of the computation execution. 45 | google.protobuf.Any result = 1; 46 | } 47 | -------------------------------------------------------------------------------- /fcp/client/runner_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef FCP_CLIENT_RUNNER_COMMON_H_ 17 | #define FCP_CLIENT_RUNNER_COMMON_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "fcp/client/engine/common.h" 23 | namespace fcp::client { 24 | 25 | struct PlanResultAndCheckpointFile { 26 | explicit PlanResultAndCheckpointFile(engine::PlanResult plan_result) 27 | : plan_result(std::move(plan_result)) {} 28 | engine::PlanResult plan_result; 29 | // The name of the output checkpoint file. Empty if the plan did not produce 30 | // an output checkpoint. 31 | std::string checkpoint_filename; 32 | 33 | PlanResultAndCheckpointFile(PlanResultAndCheckpointFile&&) = default; 34 | PlanResultAndCheckpointFile& operator=(PlanResultAndCheckpointFile&&) = 35 | default; 36 | 37 | // Disallow copy and assign. 38 | PlanResultAndCheckpointFile(const PlanResultAndCheckpointFile&) = delete; 39 | PlanResultAndCheckpointFile& operator=(const PlanResultAndCheckpointFile&) = 40 | delete; 41 | }; 42 | 43 | } // namespace fcp::client 44 | 45 | #endif // FCP_CLIENT_RUNNER_COMMON_H_ 46 | -------------------------------------------------------------------------------- /fcp/secagg/server/aes/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Description: 16 | # AES SecAgg server protocol implementation. 17 | 18 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 19 | load("//fcp:config.bzl", "FCP_COPTS") 20 | 21 | package( 22 | default_visibility = ["//fcp:internal"], 23 | licenses = ["notice"], # Apache 2.0 24 | ) 25 | 26 | cc_library( 27 | name = "aes", 28 | srcs = [ 29 | "aes_secagg_server_protocol_impl.cc", 30 | ], 31 | hdrs = [ 32 | "aes_secagg_server_protocol_impl.h", 33 | ], 34 | copts = FCP_COPTS, 35 | deps = [ 36 | "//fcp/base", 37 | "//fcp/secagg/server:experiments_names", 38 | "//fcp/secagg/server:secagg_scheduler", 39 | "//fcp/secagg/server:secagg_server_protocol_impl", 40 | "//fcp/secagg/server:server_cc_proto", 41 | "//fcp/secagg/server:tracing_schema", 42 | "//fcp/secagg/shared", 43 | "//fcp/tracing", 44 | "@com_google_absl//absl/container:flat_hash_map", 45 | "@com_google_absl//absl/container:node_hash_map", 46 | "@com_google_absl//absl/status", 47 | ], 48 | ) 49 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_context_utils.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/tracing_context_utils.h" 16 | 17 | #include 18 | 19 | #include "google/protobuf/descriptor.h" 20 | #include "google/protobuf/message.h" 21 | #include "fcp/base/monitoring.h" 22 | #include "flatbuffers/flatbuffers.h" 23 | 24 | namespace fcp::tracing_internal { 25 | 26 | void SetTracingContextOnMessage(const google::protobuf::Message& context, 27 | google::protobuf::Message& message) { 28 | const google::protobuf::FieldDescriptor* field_descriptor = 29 | message.GetDescriptor()->FindFieldByName(kContextFieldName); 30 | if (field_descriptor == nullptr) { 31 | return; 32 | } 33 | FCP_CHECK(field_descriptor->type() == google::protobuf::FieldDescriptor::TYPE_BYTES || 34 | field_descriptor->type() == google::protobuf::FieldDescriptor::TYPE_STRING) 35 | << kContextWrongTypeMessage; 36 | message.GetReflection()->SetString(&message, field_descriptor, 37 | context.SerializeAsString()); 38 | } 39 | 40 | } // namespace fcp::tracing_internal 41 | -------------------------------------------------------------------------------- /fcp/secagg/server/secagg_server_messages.proto: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | syntax = "proto3"; 18 | 19 | package fcp.secagg; 20 | 21 | import "fcp/secagg/server/secagg_server_enums.proto"; 22 | 23 | option java_package = "fcp.secagg.server"; 24 | option java_multiple_files = true; 25 | 26 | // Specifies the security and robustness requirements for an instance of secure 27 | // aggregation 28 | message SecureAggregationRequirements { 29 | // The adversary class against which to protect. 30 | AdversaryClass adversary_class = 1; 31 | 32 | // Fraction of clients in the population which might be compromised 33 | // by an adversary, expressed as a fraction (between 0.0 and 1.0). 34 | double adversarial_client_rate = 2; 35 | 36 | // Estimated client dropout rate, expressed as a fraction (between 0.0 37 | // and 1.0). 38 | double estimated_dropout_rate = 3; 39 | 40 | // The minimum number of (non-adversarial) users' values that must be 41 | // aggregated together before the server can gain access to the aggregate, 42 | // even transiently (e.g. in RAM). 43 | int32 minimum_clients_in_server_visible_aggregate = 4; 44 | } 45 | -------------------------------------------------------------------------------- /fcp/tracing/test_tracing_span_impl.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "fcp/tracing/test_tracing_span_impl.h" 16 | 17 | #include 18 | #include 19 | 20 | namespace fcp { 21 | namespace tracing_internal { 22 | 23 | using flatbuffers::DetachedBuffer; 24 | 25 | TestTracingSpanImpl::TestTracingSpanImpl( 26 | std::shared_ptr recorder, TracingSpanId id) 27 | : recorder_shared_ptr_(std::move(recorder)), id_(id) { 28 | recorder_ = recorder_shared_ptr_.get(); 29 | } 30 | 31 | TestTracingSpanImpl::TestTracingSpanImpl(TestTracingRecorderImpl* recorder, 32 | TracingSpanId id) 33 | : recorder_(recorder), id_(id) {} 34 | 35 | void TestTracingSpanImpl::TraceImpl(DetachedBuffer&& buf, 36 | const TracingTraitsBase& traits) { 37 | recorder_->TraceImpl(id_, std::move(buf), traits); 38 | } 39 | 40 | TestTracingSpanImpl::~TestTracingSpanImpl() = default; 41 | 42 | TracingSpanRef TestTracingSpanImpl::Ref() { 43 | return TracingSpanRef(recorder_->shared_from_this(), id_); 44 | } 45 | } // namespace tracing_internal 46 | } // namespace fcp 47 | -------------------------------------------------------------------------------- /fcp/client/engine/caching_error_reporter_test.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include "fcp/client/engine/caching_error_reporter.h" 17 | 18 | #include 19 | 20 | #include "gmock/gmock.h" 21 | #include "gtest/gtest.h" 22 | #include "absl/strings/str_cat.h" 23 | #include "tensorflow/lite/core/api/error_reporter.h" 24 | 25 | namespace fcp { 26 | namespace client { 27 | namespace engine { 28 | namespace { 29 | 30 | using ::testing::IsEmpty; 31 | 32 | TEST(CachingErrorReporterTest, CachingMultiple) { 33 | CachingErrorReporter reporter; 34 | std::string first_error = "Op a is not found."; 35 | TF_LITE_REPORT_ERROR(&reporter, "%s%d", first_error.c_str(), 1); 36 | std::string second_error = "Op b is not found."; 37 | TF_LITE_REPORT_ERROR(&reporter, "%s%d", second_error.c_str(), 2); 38 | EXPECT_THAT(reporter.GetFirstErrorMessage(), absl::StrCat(first_error, "1")); 39 | } 40 | 41 | TEST(CachingErrorReporterTest, Empty) { 42 | CachingErrorReporter reporter; 43 | EXPECT_THAT(reporter.GetFirstErrorMessage(), IsEmpty()); 44 | } 45 | 46 | } // anonymous namespace 47 | } // namespace engine 48 | } // namespace client 49 | } // namespace fcp 50 | -------------------------------------------------------------------------------- /fcp/client/fake_log_manager.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CLIENT_FAKE_LOG_MANAGER_H_ 18 | #define FCP_CLIENT_FAKE_LOG_MANAGER_H_ 19 | 20 | #include 21 | #include 22 | 23 | #include "fcp/base/monitoring.h" 24 | #include "fcp/client/diag_codes.pb.h" 25 | #include "fcp/client/engine/engine.pb.h" 26 | #include "fcp/client/histogram_counters.pb.h" 27 | #include "fcp/client/log_manager.h" 28 | 29 | namespace fcp { 30 | namespace client { 31 | 32 | class FakeLogManager : public LogManager { 33 | public: 34 | void LogDiag(ProdDiagCode diagCode) override { FCP_LOG(ERROR) << diagCode; } 35 | 36 | void LogDiag(DebugDiagCode diagCode) override { FCP_LOG(ERROR) << diagCode; } 37 | 38 | void LogToLongHistogram(HistogramCounters histogram_counter, 39 | int execution_index, int epoch_index, 40 | engine::DataSourceType data_source_type, 41 | int64_t value) override {} 42 | 43 | void SetModelIdentifier(const std::string& model_identifier) override {} 44 | }; 45 | 46 | } // namespace client 47 | } // namespace fcp 48 | 49 | #endif // FCP_CLIENT_FAKE_LOG_MANAGER_H_ 50 | -------------------------------------------------------------------------------- /fcp/secagg/shared/aes_ctr_prng_factory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SHARED_AES_CTR_PRNG_FACTORY_H_ 18 | #define FCP_SECAGG_SHARED_AES_CTR_PRNG_FACTORY_H_ 19 | 20 | #include 21 | 22 | #include "fcp/secagg/shared/aes_key.h" 23 | #include "fcp/secagg/shared/aes_prng_factory.h" 24 | #include "fcp/secagg/shared/prng.h" 25 | 26 | namespace fcp { 27 | namespace secagg { 28 | 29 | // Factory for the OpenSSL-based AesCtrPrng. 30 | class AesCtrPrngFactory : public AesPrngFactory { 31 | public: 32 | AesCtrPrngFactory() = default; 33 | 34 | // Creates and returns an instance of AesCtrPrng, given an AES key. 35 | // For security reasons, the key MUST be suitable for immediate use in AES, 36 | // i.e. it must not be a shared ECDH secret that has not yet been hashed. 37 | std::unique_ptr MakePrng(const AesKey& key) const override; 38 | 39 | // TODO(team): Remove this when transition to the batch mode of 40 | // SecurePrng is fully done. 41 | bool SupportsBatchMode() const override { return true; } 42 | }; 43 | 44 | } // namespace secagg 45 | } // namespace fcp 46 | 47 | #endif // FCP_SECAGG_SHARED_AES_CTR_PRNG_FACTORY_H_ 48 | -------------------------------------------------------------------------------- /fcp/client/task_result_info.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.client; 18 | 19 | import "google/protobuf/any.proto"; 20 | import "fcp/client/selector_context.proto"; 21 | 22 | option java_package = "com.google.intelligence.fcp.client"; 23 | option java_multiple_files = true; 24 | 25 | // Describes an example iterator query. 26 | message SingleExampleIteratorQuery { 27 | string collection_uri = 1; 28 | google.protobuf.Any criteria = 2; 29 | int32 example_count = 3; 30 | } 31 | 32 | // Describes the example iterator queries during a task run. 33 | message ExampleIteratorQueries { 34 | fcp.client.SelectorContext selector_context = 1; 35 | repeated SingleExampleIteratorQuery query = 2; 36 | } 37 | 38 | // Results from a task, including whether the task succeeded or not, and 39 | // (optional) the example iterator queries that are used during the task. 40 | message TaskResultInfo { 41 | // Whether the task succeeded or not. 42 | bool result = 1; 43 | // The example iterator queries that were used during the task. 44 | ExampleIteratorQueries example_iterator_queries = 2; 45 | // The name of the task. 46 | string task_name = 3; 47 | } 48 | -------------------------------------------------------------------------------- /fcp/java_src/main/java/com/google/fcp/client/http/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_java//java:defs.bzl", "java_library") 16 | 17 | package( 18 | default_visibility = [ 19 | "//fcp:internal", 20 | ], 21 | licenses = ["notice"], # Apache 2.0 22 | ) 23 | 24 | java_library( 25 | name = "jni_interface", 26 | srcs = [ 27 | "HttpClientForNative.java", 28 | ], 29 | deps = [ 30 | "@fcp_maven//:com_google_errorprone_error_prone_annotations", 31 | ], 32 | ) 33 | 34 | java_library( 35 | name = "http", 36 | srcs = [ 37 | "HttpClientForNativeImpl.java", 38 | "HttpRequestHandleImpl.java", 39 | ], 40 | deps = [ 41 | ":jni_interface", 42 | "//fcp/client/http/java:java_http_client", 43 | "//fcp/client/http/java:jni_java_proto", 44 | "//fcp/java_src/main/java/com/google/fcp/client", 45 | "@com_google_googleapis//google/rpc:rpc_java_proto", 46 | "@com_google_protobuf//:protobuf_java", 47 | "@fcp_maven//:com_google_code_findbugs_jsr305", 48 | "@fcp_maven//:com_google_errorprone_error_prone_annotations", 49 | "@fcp_maven//:com_google_guava_guava", 50 | ], 51 | ) 52 | -------------------------------------------------------------------------------- /fcp/base/simulated_clock.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/simulated_clock.h" 18 | 19 | #include "absl/synchronization/mutex.h" 20 | #include "absl/time/time.h" 21 | 22 | namespace fcp { 23 | 24 | absl::Time SimulatedClock::Now() { 25 | absl::MutexLock lock(mutex()); 26 | return NowLocked(); 27 | } 28 | 29 | absl::Time SimulatedClock::NowLocked() { 30 | mutex()->AssertHeld(); 31 | return now_; 32 | } 33 | 34 | void SimulatedClock::Sleep(absl::Duration d) { 35 | absl::Time current; 36 | { 37 | absl::MutexLock lock(mutex()); 38 | current = now_; 39 | } 40 | absl::Time deadline = current + d; 41 | while (true) { 42 | { 43 | absl::MutexLock lock(mutex()); 44 | current = now_; 45 | } 46 | if (current >= deadline) { 47 | return; 48 | } 49 | } 50 | } 51 | 52 | void SimulatedClock::SetTime(absl::Time t) { 53 | { 54 | absl::MutexLock lock(mutex()); 55 | now_ = t; 56 | } 57 | DispatchWakeups(); 58 | } 59 | 60 | void SimulatedClock::AdvanceTime(absl::Duration d) { 61 | { 62 | absl::MutexLock lock(mutex()); 63 | now_ += d; 64 | } 65 | DispatchWakeups(); 66 | } 67 | 68 | } // namespace fcp 69 | 70 | -------------------------------------------------------------------------------- /fcp/client/attestation/test_values.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // This file hosts utility functions that return known-good values (e.g. an 18 | // encryption config that is known to be correctly rooted in a hardware root of 19 | // trust), for use in tests. 20 | 21 | #ifndef FCP_CLIENT_ATTESTATION_TEST_VALUES_H_ 22 | #define FCP_CLIENT_ATTESTATION_TEST_VALUES_H_ 23 | 24 | #include "fcp/protos/federatedcompute/confidential_encryption_config.pb.h" 25 | #include "proto/attestation/reference_value.pb.h" 26 | 27 | namespace fcp::client::attestation::test_values { 28 | 29 | // Returns a config that is known to be rooted in a hardware root of trust. 30 | google::internal::federatedcompute::v1::ConfidentialEncryptionConfig 31 | GetKnownValidEncryptionConfig(); 32 | 33 | // Returns reference values which should successfully verify the above 34 | // encryption config. 35 | oak::attestation::v1::ReferenceValues GetKnownValidReferenceValues(); 36 | 37 | // Returns reference values which skip all verifications. 38 | oak::attestation::v1::ReferenceValues GetSkipAllReferenceValues(); 39 | 40 | } // namespace fcp::client::attestation::test_values 41 | 42 | #endif // FCP_CLIENT_ATTESTATION_TEST_VALUES_H_ 43 | -------------------------------------------------------------------------------- /fcp/client/tensorflow/tensorflow_runner_factory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef FCP_CLIENT_TENSORFLOW_TENSORFLOW_RUNNER_FACTORY_H_ 17 | #define FCP_CLIENT_TENSORFLOW_TENSORFLOW_RUNNER_FACTORY_H_ 18 | 19 | #include 20 | 21 | #include "fcp/base/function_registry.h" 22 | #include "fcp/client/tensorflow/tensorflow_runner.h" 23 | 24 | namespace fcp::client { 25 | // There's only one TensorflowRunner implementation (the one in this file), 26 | // so we have an enum with only a single entry. 27 | enum class TensorflowRunnerImplementation { 28 | kTensorflowRunnerImpl, 29 | }; 30 | 31 | // A registry of a factory function for creating TensorflowRunner 32 | // instances, allowing us to conditionally link in the TensorflowRunner 33 | // implementation by simply adding a BUILD dep. 34 | using TensorflowRunnerFactoryRegistry = 35 | ::fcp::FunctionRegistry()>; 37 | 38 | // Returns the TensorflowRunner factory. 39 | TensorflowRunnerFactoryRegistry& GetGlobalTensorflowRunnerFactoryRegistry(); 40 | } // namespace fcp::client 41 | 42 | #endif // FCP_CLIENT_TENSORFLOW_TENSORFLOW_RUNNER_FACTORY_H_ 43 | -------------------------------------------------------------------------------- /fcp/client/engine/caching_error_reporter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef FCP_CLIENT_ENGINE_CACHING_ERROR_REPORTER_H_ 17 | #define FCP_CLIENT_ENGINE_CACHING_ERROR_REPORTER_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "absl/base/thread_annotations.h" 24 | #include "absl/synchronization/mutex.h" 25 | #include "tensorflow/lite/core/api/error_reporter.h" 26 | 27 | namespace fcp { 28 | namespace client { 29 | namespace engine { 30 | 31 | // This implementation of ErrorReporter stores all the error messages. 32 | class CachingErrorReporter : public tflite::ErrorReporter { 33 | public: 34 | int Report(const char* format, va_list args) override 35 | ABSL_LOCKS_EXCLUDED(mutex_); 36 | std::string GetFirstErrorMessage() ABSL_LOCKS_EXCLUDED(mutex_); 37 | 38 | private: 39 | absl::Mutex mutex_; 40 | static constexpr int kBufferSize = 1024; 41 | // There could be more than one error messages so we store all of them. 42 | std::vector error_messages_ ABSL_GUARDED_BY(mutex_); 43 | }; 44 | 45 | } // namespace engine 46 | } // namespace client 47 | } // namespace fcp 48 | 49 | #endif // FCP_CLIENT_ENGINE_CACHING_ERROR_REPORTER_H_ 50 | -------------------------------------------------------------------------------- /fcp/secagg/shared/prng.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SHARED_PRNG_H_ 18 | #define FCP_SECAGG_SHARED_PRNG_H_ 19 | 20 | #include 21 | #include 22 | 23 | namespace fcp { 24 | namespace secagg { 25 | 26 | // An interface for a secure pseudo-random number generator. 27 | class SecurePrng { 28 | public: 29 | virtual uint8_t Rand8() = 0; 30 | virtual uint64_t Rand64() = 0; 31 | virtual ~SecurePrng() = default; 32 | }; 33 | 34 | // Extension of SecurePrng interface that supports batch mode - getting multiple 35 | // pseudo-random numbers in a single call. 36 | class SecureBatchPrng : public SecurePrng { 37 | public: 38 | // Get the maximum size of a buffer that can be filled by RandBuffer() in a 39 | // single call. 40 | virtual size_t GetMaxBufferSize() const = 0; 41 | 42 | // Fills the provided buffer with pseudorandom bytes. Returns the number of 43 | // bytes that has been generated, which can be smaller than the requested 44 | // buffer_size if it exceeds the maximum buffer size. 45 | virtual int RandBuffer(uint8_t* buffer, int buffer_size) = 0; 46 | }; 47 | 48 | } // namespace secagg 49 | } // namespace fcp 50 | 51 | #endif // FCP_SECAGG_SHARED_PRNG_H_ 52 | -------------------------------------------------------------------------------- /fcp/tracing/scoped_tracing_recorder.h: -------------------------------------------------------------------------------- 1 | // Copyright 2020 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef FCP_TRACING_SCOPED_TRACING_RECORDER_H_ 16 | #define FCP_TRACING_SCOPED_TRACING_RECORDER_H_ 17 | 18 | #include "fcp/tracing/tracing_recorder.h" 19 | 20 | namespace fcp { 21 | 22 | // This is an utility class that installs a specified tracing recorder as 23 | // thread local and uninstalls it automatically when going out of scope. 24 | class ScopedTracingRecorder { 25 | public: 26 | explicit ScopedTracingRecorder(TracingRecorder* tracing_recorder) 27 | : tracing_recorder_(tracing_recorder) { 28 | tracing_recorder_->InstallAsThreadLocal(); 29 | } 30 | 31 | ~ScopedTracingRecorder() { tracing_recorder_->UninstallAsThreadLocal(); } 32 | 33 | // This class isn't copyable or moveable and can't be created via 34 | // new operator. 35 | ScopedTracingRecorder(const ScopedTracingRecorder& other) = delete; 36 | ScopedTracingRecorder& operator=(const ScopedTracingRecorder& other) = delete; 37 | void* operator new(std::size_t) = delete; 38 | void* operator new[](std::size_t) = delete; 39 | 40 | private: 41 | TracingRecorder* tracing_recorder_; 42 | }; 43 | 44 | } // namespace fcp 45 | 46 | #endif // FCP_TRACING_SCOPED_TRACING_RECORDER_H_ 47 | -------------------------------------------------------------------------------- /fcp/secagg/testing/server/test_async_runner.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_SERVER_TEST_ASYNC_RUNNER_H_ 18 | #define FCP_SECAGG_TESTING_SERVER_TEST_ASYNC_RUNNER_H_ 19 | 20 | #include 21 | #include 22 | 23 | #include "fcp/base/scheduler.h" 24 | #include "fcp/secagg/server/secagg_scheduler.h" 25 | 26 | namespace fcp { 27 | namespace secagg { 28 | 29 | // Defines a scheduler used for testing, owning pointers to underlying 30 | // schedulers in SecAggScheduler 31 | class TestAsyncRunner : public SecAggScheduler { 32 | public: 33 | TestAsyncRunner(std::unique_ptr worker_scheduler, 34 | std::unique_ptr callback_scheduler) 35 | : SecAggScheduler(worker_scheduler.get(), callback_scheduler.get()), 36 | worker_scheduler_(std::move(worker_scheduler)), 37 | callback_scheduler_(std::move(callback_scheduler)) {} 38 | 39 | ~TestAsyncRunner() override { WaitUntilIdle(); } 40 | 41 | private: 42 | std::unique_ptr worker_scheduler_; 43 | std::unique_ptr callback_scheduler_; 44 | }; 45 | 46 | } // namespace secagg 47 | } // namespace fcp 48 | 49 | #endif // FCP_SECAGG_TESTING_SERVER_TEST_ASYNC_RUNNER_H_ 50 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/blob_header.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2023 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.confidentialcompute; 18 | 19 | import "fcp/protos/confidentialcompute/payload_metadata.proto"; 20 | 21 | option java_multiple_files = true; 22 | 23 | // A header included with each uploaded data blob, documenting how it was 24 | // encrypted and how it may be used. 25 | message BlobHeader { 26 | // A unique random identifier for the blob. 27 | bytes blob_id = 1; 28 | 29 | // The identifier for the public key used to encrypt the blob. 30 | fixed32 public_key_id = 2 [deprecated = true]; 31 | 32 | // The COSE "kid" property (RFC 9052) of the asymmetric key used to encrypt 33 | // the blob. 34 | bytes key_id = 5; 35 | 36 | // A SHA-256 hash of the access policy to use for the blob. 37 | bytes access_policy_sha256 = 3; 38 | 39 | // The id of the AccessPolicy node corresponding to this blob. This data will 40 | // only be used by transforms with a matching `src` field. This field should 41 | // be 0 for non-derived blobs. 42 | uint32 access_policy_node_id = 4; 43 | 44 | // The metadata about the data blob to be uploaded to the server. 45 | PayloadMetadata payload_metadata = 7; 46 | 47 | reserved 6; 48 | } 49 | -------------------------------------------------------------------------------- /fcp/client/testing/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 16 | load("@rules_cc//cc:cc_test.bzl", "cc_test") 17 | 18 | package( 19 | default_visibility = [ 20 | "//fcp:internal", 21 | ], 22 | licenses = ["notice"], # Apache 2.0 23 | ) 24 | 25 | cc_library( 26 | name = "utils", 27 | testonly = True, 28 | srcs = ["utils.cc"], 29 | hdrs = ["utils.h"], 30 | deps = [ 31 | "//fcp/base", 32 | "//fcp/client:interfaces", 33 | "//fcp/client:selector_context_cc_proto", 34 | "//fcp/client:simple_task_environment", 35 | "//fcp/protos:federated_api_cc_proto", 36 | "//fcp/protos:plan_proto_cc", 37 | "@com_google_absl//absl/container:flat_hash_map", 38 | "@com_google_absl//absl/status", 39 | "@com_google_absl//absl/status:statusor", 40 | "@com_google_absl//absl/strings", 41 | ], 42 | ) 43 | 44 | cc_test( 45 | name = "utils_test", 46 | size = "small", 47 | srcs = ["utils_test.cc"], 48 | deps = [ 49 | ":utils", 50 | "//fcp/protos:plan_cc_proto", 51 | "//fcp/testing", 52 | "@com_google_absl//absl/status:statusor", 53 | "@com_google_googletest//:gtest_main", 54 | ], 55 | ) 56 | -------------------------------------------------------------------------------- /fcp/client/cache/test_helpers.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef FCP_CLIENT_CACHE_TEST_HELPERS_H_ 16 | #define FCP_CLIENT_CACHE_TEST_HELPERS_H_ 17 | 18 | #include 19 | 20 | #include "google/protobuf/any.pb.h" 21 | #include "gmock/gmock.h" 22 | #include "absl/status/status.h" 23 | #include "absl/status/statusor.h" 24 | #include "absl/strings/cord.h" 25 | #include "absl/strings/string_view.h" 26 | #include "absl/time/time.h" 27 | #include "fcp/client/cache/resource_cache.h" 28 | 29 | namespace fcp { 30 | namespace client { 31 | namespace cache { 32 | 33 | // A mock `ResourceCache` implementation that can be used in tests. 34 | class MockResourceCache : public ResourceCache { 35 | public: 36 | MOCK_METHOD(absl::Status, Put, 37 | (absl::string_view cache_id, const absl::Cord& resource, 38 | const google::protobuf::Any& metadata, absl::Duration max_age), 39 | (override)); 40 | MOCK_METHOD(absl::StatusOr, Get, 41 | (absl::string_view cache_id, 42 | std::optional max_age), 43 | (override)); 44 | }; 45 | 46 | } // namespace cache 47 | } // namespace client 48 | } // namespace fcp 49 | 50 | #endif // FCP_CLIENT_CACHE_TEST_HELPERS_H_q 51 | -------------------------------------------------------------------------------- /fcp/base/function_registry_test.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/function_registry.h" 18 | 19 | #include 20 | #include 21 | 22 | #include "gtest/gtest.h" 23 | #include "absl/strings/string_view.h" 24 | 25 | namespace fcp { 26 | namespace { 27 | 28 | const absl::string_view kKey = "key"; 29 | 30 | TEST(FunctionRegistryTest, RegisterSucceeds) { 31 | FunctionRegistry registry; 32 | EXPECT_TRUE(registry.Register("foo", [] { return 1; })); 33 | RegisterOrDie(registry, "bar", [] { return 2; }); 34 | } 35 | 36 | TEST(FunctionRegistryTest, GetSucceeds) { 37 | // Use a move-only function argument to test forwarding. 38 | FunctionRegistry)> // NOLINT 39 | registry; 40 | ASSERT_TRUE( 41 | registry.Register(kKey, [](std::unique_ptr x) { return *x; })); 42 | 43 | auto function = registry.Get(kKey); 44 | ASSERT_TRUE(function); 45 | EXPECT_EQ(1, function(std::make_unique(1))); 46 | } 47 | 48 | TEST(FunctionRegistryTest, GetFails) { 49 | FunctionRegistry registry; 50 | auto function = registry.Get(kKey); 51 | EXPECT_FALSE(function); 52 | } 53 | 54 | } // namespace 55 | } // namespace fcp 56 | -------------------------------------------------------------------------------- /fcp/protos/confidentialcompute/cbor_ids.md: -------------------------------------------------------------------------------- 1 | # CBOR Ids 2 | 3 | The APIs defined in this directory introduce the following CBOR (RFC 8949) ids 4 | used for CBOR Web Token (CWT; RFC 8392) and CBOR Object Signing and Encryption 5 | (COSE; RFC 9052) objects. 6 | 7 | ## COSE Header Parameters 8 | 9 | label | type | description 10 | ------ | ---- | ----------- 11 | -65537 | bstr | HPKE encapsulated key. Semantics match `ek` in https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/11/. 12 | -65538 | bstr / null | required logical pipeline state in order to decrypt a COSE_Encrypt structure. If null, there must be no existing state. 13 | -65539 | bstr | new logical pipeline state to store when decrypting a COSE_Encrypt structure 14 | 15 | ## COSE Algorithms 16 | 17 | value | description 18 | ------ | --------------------------------------------------------------- 19 | -65537 | HPKE-Base-X25519-SHA256-AES128GCM 20 | -65538 | AEAD_AES_128_GCM_SIV (fixed nonce: x"74DF8FD4BE34AF647F5E54F6") 21 | 22 | ## CWT Claims 23 | 24 | key | type | description 25 | ------ | ---- | ----------- 26 | -65537 | bstr | COSE_Key containing the public key parameters 27 | -65538 | bstr | google.protobuf.Struct containing configuration-derived properties. An absent claim should be treated like an empty Struct. Field names may not contain `.` or `*` characters. 28 | -65539 | tstr | name of the logical pipeline to which a transform belongs 29 | -65540 | bstr | id of the pipeline invocation to which a transform belongs 30 | -65541 | uint | index of the Transform message in an fcp.confidentialcompute.PipelineVariantPolicy that a transform matched 31 | -65542 | [+ uint] | ids of the output nodes a transform is authorized to produce. This matches dst_node_ids in the fcp.confidentialcompute.PipelineVariantPolicy's Transform 32 | -65543 | bstr | SHA-256 hash of the access policy used by the KMS to derive an encryption key 33 | -------------------------------------------------------------------------------- /fcp/confidentialcompute/payload_transparency/rekor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CONFIDENTIALCOMPUTE_PAYLOAD_TRANSPARENCY_REKOR_H_ 18 | #define FCP_CONFIDENTIALCOMPUTE_PAYLOAD_TRANSPARENCY_REKOR_H_ 19 | 20 | #include "absl/status/status.h" 21 | #include "absl/types/span.h" 22 | #include "fcp/confidentialcompute/payload_transparency/signatures.h" 23 | #include "fcp/protos/confidentialcompute/key.pb.h" 24 | #include "fcp/protos/confidentialcompute/payload_transparency.pb.h" 25 | 26 | namespace fcp::confidential_compute::payload_transparency { 27 | 28 | // Verifies that a Rekor log entry is for the provided `signed_data`, signed by 29 | // one of the `verifying_keys`, and included in the Rekor log. The 30 | // `verifying_keys` should be pre-filtered to those that could plausibly verify 31 | // the log entry (e.g. by checking the key id). 32 | absl::Status VerifyRekorLogEntry( 33 | const confidentialcompute::RekorLogEntry& log_entry, 34 | absl::Span verifying_keys, 35 | absl::Span rekor_keys, 36 | SignedData signed_data); 37 | 38 | } // namespace fcp::confidential_compute::payload_transparency 39 | 40 | #endif // FCP_CONFIDENTIALCOMPUTE_PAYLOAD_TRANSPARENCY_REKOR_H_ 41 | -------------------------------------------------------------------------------- /fcp/client/attestation/extract_attestation_records.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_CLIENT_ATTESTATION_EXTRACT_ATTESTATION_RECORDS_H_ 18 | #define FCP_CLIENT_ATTESTATION_EXTRACT_ATTESTATION_RECORDS_H_ 19 | 20 | #include 21 | #include 22 | 23 | #include "absl/functional/function_ref.h" 24 | #include "absl/strings/cord.h" 25 | 26 | namespace fcp::client::attestation { 27 | 28 | // A (serialized) attestation record extracted from an input stream. 29 | struct Record { 30 | // The decompressed record data. 31 | absl::Cord decompressed_record; 32 | // The SHA256 digest of the data (can be used to easily identify identical 33 | // records in an input stream). 34 | std::string digest; 35 | // The start and end line numbers describing where in the input stream the 36 | // record was found. 37 | int start_line = 0; 38 | int end_line = 0; 39 | }; 40 | 41 | // Extracts one or more records from the given input stream. 42 | // 43 | // Returns the number of records that were extracted. 44 | int ExtractRecords(std::istream& input_stream, 45 | absl::FunctionRef record_callback); 46 | 47 | } // namespace fcp::client::attestation 48 | 49 | #endif // FCP_CLIENT_ATTESTATION_EXTRACT_ATTESTATION_RECORDS_H_ 50 | -------------------------------------------------------------------------------- /fcp/secagg/client/secagg_client_aborted_state.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/secagg/client/secagg_client_aborted_state.h" 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "fcp/base/monitoring.h" 24 | #include "fcp/secagg/client/secagg_client_state.h" 25 | #include "fcp/secagg/client/state_transition_listener_interface.h" 26 | 27 | namespace fcp { 28 | namespace secagg { 29 | 30 | SecAggClientAbortedState::SecAggClientAbortedState( 31 | const std::string& reason, std::unique_ptr sender, 32 | std::unique_ptr transition_listener) 33 | : SecAggClientState(std::move(sender), std::move(transition_listener), 34 | ClientState::ABORTED), 35 | reason_(reason) { 36 | FCP_LOG(WARNING) << "Aborting for reason: " << reason_; 37 | } 38 | 39 | SecAggClientAbortedState::~SecAggClientAbortedState() = default; 40 | 41 | bool SecAggClientAbortedState::IsAborted() const { return true; } 42 | 43 | StatusOr SecAggClientAbortedState::ErrorMessage() const { 44 | return reason_; 45 | } 46 | 47 | std::string SecAggClientAbortedState::StateName() const { return "ABORTED"; } 48 | 49 | } // namespace secagg 50 | } // namespace fcp 51 | -------------------------------------------------------------------------------- /fcp/base/move_to_lambda_test.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/base/move_to_lambda.h" 18 | 19 | #include "gmock/gmock.h" 20 | #include "gtest/gtest.h" 21 | #include "fcp/base/unique_value.h" 22 | 23 | namespace fcp { 24 | 25 | using ::testing::Eq; 26 | 27 | TEST(MoveToLambda, Basic) { 28 | auto capture = MoveToLambda(UniqueValue{123}); 29 | auto lambda = [capture]() { 30 | EXPECT_TRUE(capture->has_value()) << "Should have moved the original"; 31 | return **capture; 32 | }; 33 | 34 | int returned = lambda(); 35 | EXPECT_FALSE(capture->has_value()) << "Should have moved the original"; 36 | EXPECT_THAT(returned, Eq(123)); 37 | 38 | int returned_again = lambda(); 39 | EXPECT_THAT(returned_again, Eq(123)) << "Usage shouldn't be destructive"; 40 | } 41 | 42 | TEST(MoveToLambda, Mutable) { 43 | auto capture = MoveToLambda(UniqueValue{0}); 44 | auto counter = [capture]() mutable { 45 | EXPECT_TRUE(capture->has_value()) << "Should have moved the original"; 46 | return (**capture)++; 47 | }; 48 | 49 | EXPECT_FALSE(capture->has_value()) << "Should have moved the original"; 50 | 51 | EXPECT_THAT(counter(), Eq(0)); 52 | EXPECT_THAT(counter(), Eq(1)); 53 | EXPECT_THAT(counter(), Eq(2)); 54 | } 55 | 56 | } // namespace fcp 57 | -------------------------------------------------------------------------------- /fcp/secagg/testing/server/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 16 | load("//fcp:config.bzl", "FCP_COPTS") 17 | 18 | package( 19 | default_visibility = ["//fcp:internal"], 20 | licenses = ["notice"], # Apache 2.0 21 | ) 22 | 23 | cc_library( 24 | name = "server_mocks", 25 | testonly = 1, 26 | hdrs = [ 27 | "mock_secagg_server_metrics_listener.h", 28 | "mock_send_to_clients_interface.h", 29 | ], 30 | copts = FCP_COPTS, 31 | deps = [ 32 | "//fcp/secagg/server:secagg_server_metrics_listener", 33 | "//fcp/secagg/server:send_to_clients_interface", 34 | "//fcp/secagg/server:server_cc_proto", 35 | "//fcp/secagg/shared:cc_proto", 36 | "@com_google_googletest//:gtest_main", 37 | ], 38 | ) 39 | 40 | cc_library( 41 | name = "experiments", 42 | testonly = 1, 43 | hdrs = [ 44 | "test_secagg_experiments.h", 45 | ], 46 | deps = [ 47 | "//fcp/secagg/server:experiments_interface", 48 | ], 49 | ) 50 | 51 | cc_library( 52 | name = "async_runner", 53 | testonly = 1, 54 | hdrs = [ 55 | "test_async_runner.h", 56 | ], 57 | deps = [ 58 | "//fcp/base:scheduler", 59 | "//fcp/secagg/server:secagg_scheduler", 60 | ], 61 | ) 62 | -------------------------------------------------------------------------------- /fcp/secagg/shared/aes_gcm_encryption.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SHARED_AES_GCM_ENCRYPTION_H_ 18 | #define FCP_SECAGG_SHARED_AES_GCM_ENCRYPTION_H_ 19 | 20 | #include 21 | 22 | #include "fcp/base/monitoring.h" 23 | #include "fcp/secagg/shared/aes_key.h" 24 | #include "openssl/evp.h" 25 | 26 | namespace fcp { 27 | namespace secagg { 28 | 29 | // A class to handle encryption and decryption using AES-256-GCM. 30 | // This class is NOT thread-safe. 31 | class AesGcmEncryption { 32 | public: 33 | AesGcmEncryption(); 34 | 35 | // Encrypts the plaintext with the given key, using AES-256-GCM. Prepends an 36 | // IV randomly generated with the given prng to the ciphertext, and appends 37 | // the AES-GCM tag. 38 | std::string Encrypt(const AesKey& key, const std::string& plaintext); 39 | 40 | // Decrypts the plaintext with the given key, using AES-256-GCM. Expects the 41 | // IV to be prepended to the ciphertext, and the tag to be appended. If the 42 | // tag does not authenticate, returns a DATA_LOSS error status. 43 | StatusOr Decrypt(const AesKey& key, 44 | const std::string& ciphertext); 45 | }; 46 | 47 | } // namespace secagg 48 | } // namespace fcp 49 | 50 | #endif // FCP_SECAGG_SHARED_AES_GCM_ENCRYPTION_H_ 51 | -------------------------------------------------------------------------------- /fcp/tensorflow/make_slices_selector_example_selector_test.py: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | """Tests for `make_slices_selector_example_selector` custom op.""" 15 | 16 | import tensorflow as tf 17 | 18 | from fcp.protos import plan_pb2 19 | from fcp.tensorflow import make_slices_selector_example_selector 20 | 21 | 22 | class MakeSlicesSelectorExampleSelectorTest(tf.test.TestCase): 23 | 24 | def test_returns_serialized_proto(self): 25 | served_at_id = 'test_served_at_id' 26 | keys = [1, 3, 5, 20] 27 | serialized_proto_tensor = make_slices_selector_example_selector.make_slices_selector_example_selector( 28 | served_at_id, keys) 29 | self.assertIsInstance(serialized_proto_tensor, tf.Tensor) 30 | self.assertEqual(serialized_proto_tensor.dtype, tf.string) 31 | serialized_proto = serialized_proto_tensor.numpy() 32 | example_selector = plan_pb2.ExampleSelector.FromString(serialized_proto) 33 | self.assertEqual(example_selector.collection_uri, 34 | 'internal:/federated_select') 35 | slices_selector = plan_pb2.SlicesSelector() 36 | self.assertTrue(example_selector.criteria.Unpack(slices_selector)) 37 | self.assertEqual(slices_selector.served_at_id, served_at_id) 38 | self.assertEqual(slices_selector.keys, keys) 39 | 40 | 41 | if __name__ == '__main__': 42 | tf.test.main() 43 | -------------------------------------------------------------------------------- /fcp/secagg/testing/test_matchers.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_TEST_MATCHERS_H_ 18 | #define FCP_SECAGG_TESTING_TEST_MATCHERS_H_ 19 | 20 | #include 21 | #include 22 | #include 23 | 24 | #include "gmock/gmock.h" 25 | #include "absl/container/node_hash_map.h" 26 | #include "fcp/secagg/shared/secagg_vector.h" 27 | 28 | namespace fcp { 29 | namespace secagg { 30 | namespace testing { 31 | 32 | using SecAggVectorData = std::pair >; 33 | using SecAggVectorDataMap = absl::node_hash_map; 34 | 35 | class SecAggVectorMapMatcher { 36 | public: 37 | explicit SecAggVectorMapMatcher(SecAggVectorDataMap expected) 38 | : expected_(expected) {} 39 | // Intentionally allowed to be implicit. 40 | operator ::testing::Matcher() const; // NOLINT 41 | 42 | private: 43 | SecAggVectorDataMap expected_; 44 | }; 45 | 46 | SecAggVectorMapMatcher MatchesSecAggVectorMap(const SecAggVectorMap& expected); 47 | SecAggVectorMapMatcher MatchesSecAggVector(const std::string& name, 48 | const SecAggVector& vector); 49 | 50 | } // namespace testing 51 | } // namespace secagg 52 | } // namespace fcp 53 | 54 | #endif // FCP_SECAGG_TESTING_TEST_MATCHERS_H_ 55 | -------------------------------------------------------------------------------- /fcp/client/engine/caching_error_reporter.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include "fcp/client/engine/caching_error_reporter.h" 17 | 18 | #include 19 | 20 | #include 21 | #include 22 | 23 | #include "absl/synchronization/mutex.h" 24 | 25 | namespace fcp { 26 | namespace client { 27 | namespace engine { 28 | 29 | int CachingErrorReporter::Report(const char* format, va_list args) { 30 | absl::MutexLock lock(&mutex_); 31 | char error_msg[kBufferSize]; 32 | int num_characters = vsnprintf(error_msg, kBufferSize, format, args); 33 | if (num_characters >= 0) { 34 | error_messages_.push_back(std::string(error_msg)); 35 | } else { 36 | // If num_characters is below zero, we can't trust the created string, so we 37 | // push an "Unknown error" to the stored error messages. 38 | // We don't want to crash here, because the TFLite execution will be 39 | // terminated soon. 40 | error_messages_.push_back("Unknown error."); 41 | } 42 | return num_characters; 43 | } 44 | 45 | std::string CachingErrorReporter::GetFirstErrorMessage() { 46 | absl::MutexLock lock(&mutex_); 47 | if (error_messages_.empty()) { 48 | return ""; 49 | } else { 50 | return error_messages_[0]; 51 | } 52 | } 53 | 54 | } // namespace engine 55 | } // namespace client 56 | } // namespace fcp 57 | -------------------------------------------------------------------------------- /fcp/tracing/test_tracing_span_impl.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef FCP_TRACING_TEST_TRACING_SPAN_IMPL_H_ 16 | #define FCP_TRACING_TEST_TRACING_SPAN_IMPL_H_ 17 | 18 | #include "fcp/tracing/test_tracing_recorder_impl.h" 19 | #include "fcp/tracing/tracing_span_impl.h" 20 | 21 | namespace fcp { 22 | namespace tracing_internal { 23 | 24 | class TestTracingSpanImpl : public TracingSpanImpl { 25 | public: 26 | TestTracingSpanImpl(std::shared_ptr recorder, 27 | TracingSpanId id); 28 | TestTracingSpanImpl(TestTracingRecorderImpl* recorder, TracingSpanId id); 29 | ~TestTracingSpanImpl() override; 30 | 31 | void TraceImpl(flatbuffers::DetachedBuffer&& buf, 32 | const TracingTraitsBase& traits) override; 33 | TracingSpanRef Ref() override; 34 | 35 | private: 36 | TestTracingRecorderImpl* recorder_; 37 | 38 | // For non-root span the following keeps recorder alive, if set, 39 | // this holds the same value as recorder_. Since root span is owned directly 40 | // by the recorder we can't store shared_ptr for it here to avoid a loop. 41 | std::shared_ptr recorder_shared_ptr_; 42 | 43 | TracingSpanId id_; 44 | }; 45 | 46 | } // namespace tracing_internal 47 | } // namespace fcp 48 | 49 | #endif // FCP_TRACING_TEST_TRACING_SPAN_IMPL_H_ 50 | -------------------------------------------------------------------------------- /fcp/secagg/shared/key.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_SHARED_KEY_H_ 18 | #define FCP_SECAGG_SHARED_KEY_H_ 19 | 20 | #include 21 | #include 22 | 23 | namespace fcp { 24 | namespace secagg { 25 | // An immutable type that encapsulates a key to be used with OpenSSL. Stores the 26 | // key as std::string, but for better interaction with the OpenSSL API, the Key 27 | // API treats the key as either a string or a const uint8_t*. 28 | // 29 | // Note that this doesn't replace any OpenSSL structure, it simply allows for 30 | // storage of keys at rest without needing to store associated OpenSSL data. 31 | class Key { 32 | public: 33 | Key() : data_("") {} 34 | 35 | Key(const uint8_t* data, int size) 36 | : data_(reinterpret_cast(data), size) {} 37 | 38 | inline const uint8_t* data() const { 39 | return reinterpret_cast(data_.c_str()); 40 | } 41 | 42 | inline int size() const { return data_.size(); } 43 | 44 | inline std::string AsString() const { return data_; } 45 | 46 | friend inline bool operator==(const Key& lhs, const Key& rhs) { 47 | return lhs.data_ == rhs.data_; 48 | } 49 | 50 | private: 51 | std::string data_; // The binary key data. 52 | }; 53 | } // namespace secagg 54 | } // namespace fcp 55 | 56 | #endif // FCP_SECAGG_SHARED_KEY_H_ 57 | -------------------------------------------------------------------------------- /fcp/secagg/testing/server/test_secagg_experiments.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef FCP_SECAGG_TESTING_SERVER_TEST_SECAGG_EXPERIMENTS_H_ 18 | #define FCP_SECAGG_TESTING_SERVER_TEST_SECAGG_EXPERIMENTS_H_ 19 | 20 | #include 21 | #include 22 | 23 | #include "fcp/secagg/server/experiments_interface.h" 24 | 25 | namespace fcp { 26 | namespace secagg { 27 | 28 | // Defines an experiment class to set secagg experiments. 29 | class TestSecAggExperiment : public ExperimentsInterface { 30 | public: 31 | explicit TestSecAggExperiment( 32 | const std::set& enabled_experiment_names) 33 | : enabled_experiment_names_(enabled_experiment_names) {} 34 | explicit TestSecAggExperiment(std::string enabled_experiment_name) { 35 | enabled_experiment_names_ = 36 | std::set({enabled_experiment_name}); 37 | } 38 | explicit TestSecAggExperiment() = default; 39 | bool IsEnabled(absl::string_view experiment_name) override { 40 | return enabled_experiment_names_.find(static_cast( 41 | experiment_name)) != enabled_experiment_names_.end(); 42 | } 43 | 44 | private: 45 | std::set enabled_experiment_names_; 46 | }; 47 | 48 | } // namespace secagg 49 | } // namespace fcp 50 | 51 | #endif // FCP_SECAGG_TESTING_SERVER_TEST_SECAGG_EXPERIMENTS_H_ 52 | -------------------------------------------------------------------------------- /fcp/tracing/tracing_span_ref.h: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef FCP_TRACING_TRACING_SPAN_REF_H_ 16 | #define FCP_TRACING_TRACING_SPAN_REF_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include "fcp/tracing/tracing_span_id.h" 22 | 23 | namespace fcp { 24 | 25 | namespace tracing_internal { 26 | class TracingRecorderImpl; 27 | } 28 | 29 | // Reference to a tracing span. 30 | class TracingSpanRef { 31 | // Reference to the tracing recorder this reference was issued by: 32 | std::shared_ptr recorder_; 33 | // Identifier of the span 34 | TracingSpanId span_id_; 35 | 36 | public: 37 | TracingSpanRef( 38 | std::shared_ptr provider, 39 | TracingSpanId span_id) 40 | : recorder_(std::move(provider)), span_id_(span_id) {} 41 | 42 | std::shared_ptr recorder() { 43 | return recorder_; 44 | } 45 | 46 | TracingSpanId span_id() const { return span_id_; } 47 | 48 | // Returns reference to the top tracing span on the current 49 | // thread/fiber. If there's no tracing span established, a 50 | // reference to the root span of global tracing recorder is returned. 51 | static TracingSpanRef Top(); 52 | }; 53 | 54 | } // namespace fcp 55 | #endif // FCP_TRACING_TRACING_SPAN_REF_H_ 56 | -------------------------------------------------------------------------------- /fcp/client/engine/engine.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2021 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package fcp.client.engine; 18 | 19 | option java_package = "com.google.intelligence.fcp.client.engine"; 20 | option java_multiple_files = true; 21 | option java_outer_classname = "TrainingProto"; 22 | 23 | // A constraint on the task when to run again. 24 | message TaskRetry { 25 | // An opaque context stored between task activations. 26 | string retry_token = 1; 27 | 28 | // The suggested minimal duration after which the client should retry again, 29 | // in milliseconds. 30 | int64 delay_min = 2; 31 | 32 | // The suggested maximal duration before which the client should retry again 33 | // (if conditions allow), in milliseconds. 34 | int64 delay_max = 3; 35 | } 36 | 37 | enum PhaseOutcome { 38 | PHASE_OUTCOME_UNDEFINED = 0; 39 | COMPLETED = 1; 40 | INTERRUPTED = 2; 41 | ERROR = 3; 42 | INSUFFICIENT_DATA = 4; 43 | } 44 | 45 | enum DataSourceType { 46 | // Default value for this enum. 47 | TRAINING_DATA_SOURCE_UNDEFINED = 0; 48 | 49 | // Feed based execution, examples were batched outside of TensorFlow and fed 50 | // into the training session. 51 | FEED = 1; 52 | 53 | // Dataset based execution, TensorFlow was given an ExternalDatasetProvider 54 | // and used it internally to create iterators and pull examples. 55 | DATASET = 2; 56 | } 57 | -------------------------------------------------------------------------------- /fcp/tensorflow/host_object.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "fcp/tensorflow/host_object.h" 18 | 19 | #include 20 | 21 | #include "fcp/base/monitoring.h" 22 | 23 | namespace fcp { 24 | 25 | namespace host_object_internal { 26 | 27 | std::optional> HostObjectRegistryImpl::TryLookup( 28 | RandomToken token) { 29 | std::shared_ptr p = nullptr; 30 | 31 | { 32 | absl::ReaderMutexLock lock{&mutex_}; 33 | auto it = objects_.find(token); 34 | if (it != objects_.end()) { 35 | p = it->second; 36 | } 37 | } 38 | 39 | if (p == nullptr) { 40 | return std::nullopt; 41 | } else { 42 | return p; 43 | } 44 | } 45 | 46 | void HostObjectRegistryImpl::Register(RandomToken token, 47 | std::shared_ptr p) { 48 | absl::WriterMutexLock lock{&mutex_}; 49 | auto r = objects_.insert({token, std::move(p)}); 50 | FCP_CHECK(r.second) 51 | << "An object has already been registered with the provided token"; 52 | } 53 | 54 | void HostObjectRegistryImpl::Unregister(RandomToken token) { 55 | absl::WriterMutexLock lock{&mutex_}; 56 | size_t erased = objects_.erase(token); 57 | FCP_CHECK(erased == 1) 58 | << "An object is not currently registered for the provided token"; 59 | } 60 | 61 | } // namespace host_object_internal 62 | 63 | } // namespace fcp 64 | --------------------------------------------------------------------------------