You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2020/06/10 13:44:05 UTC
[GitHub] [incubator-teaclave] renxingliang opened a new pull request #348: Add an example of RSA signature
renxingliang opened a new pull request #348:
URL: https://github.com/apache/incubator-teaclave/pull/348
## Description
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context.
Fixes # (issue)
## Type of change (select or add applied and delete the others)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] API change with a documentation update
- [ ] Additional test coverage
- [ ] Code cleanup or just sync with upstream third-party crates
## How has this been tested?
## Checklist
- [ ] Fork the repo and create your branch from `master`.
- [ ] If you've added code that should be tested, add tests.
- [ ] If you've changed APIs, update the documentation.
- [ ] Ensure the tests pass (see CI results).
- [ ] Make sure your code lints/format.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org
[GitHub] [incubator-teaclave] mssun merged pull request #348: Add an example of RSA signature
Posted by GitBox <gi...@apache.org>.
mssun merged pull request #348:
URL: https://github.com/apache/incubator-teaclave/pull/348
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org
[GitHub] [incubator-teaclave] m4sterchain commented on a change in pull request #348: Add an example of RSA signature
Posted by GitBox <gi...@apache.org>.
m4sterchain commented on a change in pull request #348:
URL: https://github.com/apache/incubator-teaclave/pull/348#discussion_r438470040
##########
File path: examples/python/builtin_rsa.py
##########
@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+
+import sys
+
+from teaclave import (AuthenticationService, FrontendService,
+ AuthenticationClient, FrontendClient, FunctionInput,
+ FunctionOutput, OwnerList, DataMap)
+from utils import (AUTHENTICATION_SERVICE_ADDRESS, FRONTEND_SERVICE_ADDRESS,
+ AS_ROOT_CA_CERT_PATH, ENCLAVE_INFO_PATH, USER_ID,
+ USER_PASSWORD)
+
+
+class BuiltinRsaExample:
+ def __init__(self, user_id, user_password):
+ self.user_id = user_id
+ self.user_password = user_password
+
+ def rsa(self):
+ client = AuthenticationService(
+ AUTHENTICATION_SERVICE_ADDRESS, AS_ROOT_CA_CERT_PATH,
+ ENCLAVE_INFO_PATH).connect().get_client()
+
+ print("[+] registering user")
+ client.user_register(self.user_id, self.user_password)
+
+ print("[+] login")
+ token = client.user_login(self.user_id, self.user_password)
+
+ client = FrontendService(FRONTEND_SERVICE_ADDRESS,
+ AS_ROOT_CA_CERT_PATH,
+ ENCLAVE_INFO_PATH).connect().get_client()
+ metadata = {"id": self.user_id, "token": token}
+ client.metadata = metadata
+
+ print("[+] registering function")
+ function_id = client.register_function(
+ name="builtin-rsa",
+ description="Native Rsa Encrypt Function",
+ executor_type="builtin",
+ payload=list(b"test data"),
+ inputs=[FunctionInput("rsa_key", "Input key file.")])
+
+ print("[+] registering input file")
+ """
+ Commands when encrypting input files:
+ ./teaclave_cli encrypt
+ --algorithm teaclave-file-128
+ --input-file ./tests/fixtures/functions/rsa/key.der
+ --key 00000000000000000000000000000003
+ --output-file ./tests/fixtures/functions/rsa/rsakey.enc
+ --cmac-flag
+ """
+ url = "http://localhost:6789/fixtures/functions/rsa/rsakey.enc"
+ cmac = "4de3bb77327c82923640835c6e5ada66"
+ schema = "teaclave-file-128"
+ key = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
+ iv = []
+ key_data_id = client.register_input_file(url, schema, key, iv,
+ cmac)
+
+ print("[+] creating task")
+ task_id = client.create_task(
+ function_id=function_id,
+ executor="builtin",
+ function_arguments=({}),
+ inputs_ownership=[OwnerList("rsa_key", [self.user_id])])
+
+ print("[+] assigning data to task")
+ client.assign_data_to_task(
+ task_id, [DataMap("rsa_key", key_data_id)], [])
+
+ print("[+] approving task")
+ client.approve_task(task_id)
+
+ print("[+] invoking task")
+ client.invoke_task(task_id)
+
+ print("[+] getting result")
+ result = client.get_task_result(task_id)
+ print("[+] done")
+
+ return bytes(result)
+
+
+def main():
Review comment:
Is there any real world scenario for a single user to use this function? It might make more sense for a two-party task.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org
[GitHub] [incubator-teaclave] m4sterchain commented on a change in pull request #348: Add an example of RSA signature
Posted by GitBox <gi...@apache.org>.
m4sterchain commented on a change in pull request #348:
URL: https://github.com/apache/incubator-teaclave/pull/348#discussion_r438468264
##########
File path: executor/src/builtin.rs
##########
@@ -51,6 +52,8 @@ impl TeaclaveExecutor for BuiltinFunctionExecutor {
}
#[cfg(feature = "builtin_online_decrypt")]
OnlineDecrypt::NAME => OnlineDecrypt::new().run(arguments, runtime),
+ #[cfg(feature = "builtin_rsa")]
+ Rsa::NAME => Rsa::new().run(payload, runtime),
Review comment:
For buildin functions, we only use the arguments and in/out files.
##########
File path: function/src/rsa.rs
##########
@@ -0,0 +1,86 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#[cfg(feature = "mesalock_sgx")]
+use std::prelude::v1::*;
+use std::vec;
+
+use ring::{rand, signature};
+use teaclave_types::FunctionRuntime;
+
+const IN_DATA: &str = "rsa_key";
+
+#[derive(Default)]
+pub struct Rsa;
+
+impl Rsa {
+ pub const NAME: &'static str = "builtin-rsa";
+
+ pub fn new() -> Self {
+ Default::default()
+ }
+
+ pub fn run(
+ &self,
+ payload: String,
+ runtime: FunctionRuntime,
+ ) -> anyhow::Result<String> {
+ let mut key = Vec::new();
+ let mut f = runtime.open_input(IN_DATA)?;
+ f.read_to_end(&mut key)?;
+ let key_pair = signature::RsaKeyPair::from_der(&key)?;
+ let mut sig = vec![0; key_pair.public_modulus_len()];
+ let rng = rand::SystemRandom::new();
+ key_pair
+ .sign(&signature::RSA_PKCS1_SHA256, &rng, payload.as_bytes(), &mut sig)?;
Review comment:
Built-in functions get input either from arguments or input files.
##########
File path: examples/python/builtin_rsa.py
##########
@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+
+import sys
+
+from teaclave import (AuthenticationService, FrontendService,
+ AuthenticationClient, FrontendClient, FunctionInput,
+ FunctionOutput, OwnerList, DataMap)
+from utils import (AUTHENTICATION_SERVICE_ADDRESS, FRONTEND_SERVICE_ADDRESS,
+ AS_ROOT_CA_CERT_PATH, ENCLAVE_INFO_PATH, USER_ID,
+ USER_PASSWORD)
+
+
+class BuiltinRsaExample:
+ def __init__(self, user_id, user_password):
+ self.user_id = user_id
+ self.user_password = user_password
+
+ def rsa(self):
+ client = AuthenticationService(
+ AUTHENTICATION_SERVICE_ADDRESS, AS_ROOT_CA_CERT_PATH,
+ ENCLAVE_INFO_PATH).connect().get_client()
+
+ print("[+] registering user")
+ client.user_register(self.user_id, self.user_password)
+
+ print("[+] login")
+ token = client.user_login(self.user_id, self.user_password)
+
+ client = FrontendService(FRONTEND_SERVICE_ADDRESS,
+ AS_ROOT_CA_CERT_PATH,
+ ENCLAVE_INFO_PATH).connect().get_client()
+ metadata = {"id": self.user_id, "token": token}
+ client.metadata = metadata
+
+ print("[+] registering function")
+ function_id = client.register_function(
+ name="builtin-rsa",
+ description="Native Rsa Encrypt Function",
+ executor_type="builtin",
+ payload=list(b"test data"),
+ inputs=[FunctionInput("rsa_key", "Input key file.")])
+
+ print("[+] registering input file")
+ """
+ Commands when encrypting input files:
+ ./teaclave_cli encrypt
+ --algorithm teaclave-file-128
+ --input-file ./tests/fixtures/functions/rsa/key.der
+ --key 00000000000000000000000000000003
+ --output-file ./tests/fixtures/functions/rsa/rsakey.enc
+ --cmac-flag
+ """
+ url = "http://localhost:6789/fixtures/functions/rsa/rsakey.enc"
+ cmac = "4de3bb77327c82923640835c6e5ada66"
+ schema = "teaclave-file-128"
+ key = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3]
+ iv = []
+ key_data_id = client.register_input_file(url, schema, key, iv,
+ cmac)
+
+ print("[+] creating task")
+ task_id = client.create_task(
+ function_id=function_id,
+ executor="builtin",
+ function_arguments=({}),
+ inputs_ownership=[OwnerList("rsa_key", [self.user_id])])
+
+ print("[+] assigning data to task")
+ client.assign_data_to_task(
+ task_id, [DataMap("rsa_key", key_data_id)], [])
+
+ print("[+] approving task")
+ client.approve_task(task_id)
+
+ print("[+] invoking task")
+ client.invoke_task(task_id)
+
+ print("[+] getting result")
+ result = client.get_task_result(task_id)
+ print("[+] done")
+
+ return bytes(result)
+
+
+def main():
Review comment:
Is there any real world scenario for a single user to use this function? It might make more sense for two party.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org
[GitHub] [incubator-teaclave] mssun commented on pull request #348: Add an example of RSA signature
Posted by GitBox <gi...@apache.org>.
mssun commented on pull request #348:
URL: https://github.com/apache/incubator-teaclave/pull/348#issuecomment-642978327
Merged, thanks. I made some minor changes on the name, and rebase to the latest master to fixed conflicts.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org