Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(crypto): add basic data sealing roundtrip implementation using hpke #16

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

feat(crypto): add basic data sealing roundtrip implementation using hpke #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d8eba96
feat: add Vault CLI & data package library (#1)
PiDelport Apr 28, 2022
a1a57f0
feat: add initial TEE server (#3)
PiDelport Apr 28, 2022
ce07644
feat(crypto): add basic data sealing roundtrip implementation using hpke
longtomjr Apr 29, 2022
a0595e1
feat(data-packages): update implementation with in-place implementati…
longtomjr May 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 162 additions & 0 deletions .github/workflows/rust-sgx-workspace-check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions

name: rust-sgx-workspace (check)

on: push

# Action docs:
# https://github.com/actions/checkout#readme
# https://github.com/actions-rs/toolchain#readme
# https://github.com/Swatinem/rust-cache#readme
# https://github.com/actions-rs/cargo#readme

# NOTE: This uses the <https://github.com/MarcoPolo/cargo> fork to work around <https://github.com/actions-rs/cargo/issues/86>

jobs:

# "cargo fmt" produces no changes
rustfmt-check:
runs-on: ubuntu-latest
steps:
# Checkout the workspace first to prevent temp files from being deleted.
# See: https://github.com/actions/checkout#checkout-multiple-repos-nested
-
uses: actions/checkout@v3
-
name: Checkout rust-sgx-sdk-dev-env
uses: actions/checkout@v3
with:
repository: PiDelport/rust-sgx-sdk-dev-env
path: _temp/rust-sgx-sdk-dev-env
-
name: Prepare SGX environment
working-directory: _temp/rust-sgx-sdk-dev-env
run: |
./prepare-1.1.4-intel-2.15.1.sh
. environment
# Persist environment to following steps.
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >>$GITHUB_ENV
echo "SGX_SDK=$SGX_SDK" >>$GITHUB_ENV
echo "SGX_MODE=$SGX_MODE" >>$GITHUB_ENV
echo "CUSTOM_COMMON_PATH=$CUSTOM_COMMON_PATH" >>$GITHUB_ENV
echo "CUSTOM_EDL_PATH=$CUSTOM_EDL_PATH" >>$GITHUB_ENV
-
uses: actions-rs/toolchain@v1
with:
# Use same toolchain as rust-sgx-workspace/rust-toolchain.toml
toolchain: nightly-2021-11-01
profile: minimal
components: rustfmt
default: true
-
name: cargo fmt
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-sgx-workspace
command: fmt
args: -- --check

# "cargo clippy" produces no errors or warnings
clippy:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
name: Checkout rust-sgx-sdk-dev-env
uses: actions/checkout@v3
with:
repository: PiDelport/rust-sgx-sdk-dev-env
path: _temp/rust-sgx-sdk-dev-env
-
name: Prepare SGX environment
working-directory: _temp/rust-sgx-sdk-dev-env
run: |
./prepare-1.1.4-intel-2.15.1.sh
. environment
# Persist environment to following steps.
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >>$GITHUB_ENV
echo "SGX_SDK=$SGX_SDK" >>$GITHUB_ENV
echo "SGX_MODE=$SGX_MODE" >>$GITHUB_ENV
echo "CUSTOM_COMMON_PATH=$CUSTOM_COMMON_PATH" >>$GITHUB_ENV
echo "CUSTOM_EDL_PATH=$CUSTOM_EDL_PATH" >>$GITHUB_ENV
-
uses: actions-rs/toolchain@v1
with:
# Use same toolchain as rust-sgx-workspace/rust-toolchain.toml
toolchain: nightly-2021-11-01
profile: minimal
components: clippy
default: true
-
uses: Swatinem/rust-cache@v1
with:
working-directory: rust-sgx-workspace
sharedKey: clippy
key: ${{ github.ref }}
-
name: Generate untrusted C EDL static library
working-directory: rust-sgx-workspace/projects/ntc-tee-server/app
run: |
make ../build/lib/libEnclave_u.a
-
name: cargo clippy
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-sgx-workspace
command: clippy
# Do not use --all-targets to prevent enclave builds from failing
args: -- --deny warnings

# "cargo doc" builds cleanly (including private items)
doc-check:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
name: Checkout rust-sgx-sdk-dev-env
uses: actions/checkout@v3
with:
repository: PiDelport/rust-sgx-sdk-dev-env
path: _temp/rust-sgx-sdk-dev-env
-
name: Prepare SGX environment
working-directory: _temp/rust-sgx-sdk-dev-env
run: |
./prepare-1.1.4-intel-2.15.1.sh
. environment
# Persist environment to following steps.
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >>$GITHUB_ENV
echo "SGX_SDK=$SGX_SDK" >>$GITHUB_ENV
echo "SGX_MODE=$SGX_MODE" >>$GITHUB_ENV
echo "CUSTOM_COMMON_PATH=$CUSTOM_COMMON_PATH" >>$GITHUB_ENV
echo "CUSTOM_EDL_PATH=$CUSTOM_EDL_PATH" >>$GITHUB_ENV
-
uses: actions-rs/toolchain@v1
with:
# Use same toolchain as rust-sgx-workspace/rust-toolchain.toml
toolchain: nightly-2021-11-01
profile: minimal
components: rust-docs
default: true
-
uses: Swatinem/rust-cache@v1
with:
working-directory: rust-sgx-workspace
sharedKey: doc-check
key: ${{ github.ref }}
-
name: Generate untrusted C EDL static library
working-directory: rust-sgx-workspace/projects/ntc-tee-server/app
run: |
make ../build/lib/libEnclave_u.a
-
name: cargo doc
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-sgx-workspace
command: doc
args: --no-deps --document-private-items
env:
RUSTDOCFLAGS: --deny warnings
81 changes: 81 additions & 0 deletions .github/workflows/rust-sgx-workspace-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions

name: rust-sgx-workspace (test)

on: push

# Action docs:
# https://github.com/actions/checkout#readme
# https://github.com/actions-rs/toolchain#readme
# https://github.com/Swatinem/rust-cache#readme
# https://github.com/actions-rs/cargo#readme

# NOTE: This uses the <https://github.com/MarcoPolo/cargo> fork to work around <https://github.com/actions-rs/cargo/issues/86>

jobs:

# "cargo build" and "cargo test" pass on all supported Rust toolchain channels.
test:
runs-on: ubuntu-latest
strategy:
# No fail-fast: We want to see test results for all toolchain channels, even if one fails.
fail-fast: false
matrix:
rust:
# Use same toolchain as rust-sgx-workspace/rust-toolchain.toml
- nightly-2021-11-01
steps:
# Checkout the workspace first to prevent temp files from being deleted.
# See: https://github.com/actions/checkout#checkout-multiple-repos-nested
-
uses: actions/checkout@v3
-
name: Checkout rust-sgx-sdk-dev-env
uses: actions/checkout@v3
with:
repository: PiDelport/rust-sgx-sdk-dev-env
path: _temp/rust-sgx-sdk-dev-env
-
name: Prepare SGX environment
working-directory: _temp/rust-sgx-sdk-dev-env
run: |
./prepare-1.1.4-intel-2.15.1.sh
. environment
# Persist environment to following steps.
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >>$GITHUB_ENV
echo "SGX_SDK=$SGX_SDK" >>$GITHUB_ENV
echo "SGX_MODE=$SGX_MODE" >>$GITHUB_ENV
echo "CUSTOM_COMMON_PATH=$CUSTOM_COMMON_PATH" >>$GITHUB_ENV
echo "CUSTOM_EDL_PATH=$CUSTOM_EDL_PATH" >>$GITHUB_ENV
-
uses: actions-rs/toolchain@v1
with:
toolchain: ${{ matrix.rust }}
profile: minimal
default: true
-
uses: Swatinem/rust-cache@v1
with:
working-directory: rust-sgx-workspace
sharedKey: test
key: ${{ github.ref }}
-
name: Generate untrusted C EDL static library
working-directory: rust-sgx-workspace/projects/ntc-tee-server/app
run: |
make ../build/lib/libEnclave_u.a
-
name: cargo build
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-sgx-workspace
command: build
# Do not use --all-targets to prevent enclave builds from failing
args: ${{ matrix.cargo-flags }}
-
name: cargo test
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-sgx-workspace
command: test
args: ${{ matrix.cargo-flags }}
93 changes: 93 additions & 0 deletions .github/workflows/rust-workspace-check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions

name: rust-workspace (check)

on: push

# Action docs:
# https://github.com/actions/checkout#readme
# https://github.com/actions-rs/toolchain#readme
# https://github.com/Swatinem/rust-cache#readme
# https://github.com/actions-rs/cargo#readme

# NOTE: This uses the <https://github.com/MarcoPolo/cargo> fork to work around <https://github.com/actions-rs/cargo/issues/86>

jobs:

# "cargo fmt" produces no changes
rustfmt-check:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
uses: actions-rs/toolchain@v1
with:
# Use nightly toolchain, for unstable features in rustfmt.toml
toolchain: nightly
profile: minimal
components: rustfmt
default: true
-
name: cargo fmt
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-workspace
command: fmt
args: -- --check

# "cargo clippy" produces no errors or warnings (for all targets)
clippy:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimal
components: clippy
default: true
-
uses: Swatinem/rust-cache@v1
with:
working-directory: rust-workspace
sharedKey: clippy
key: ${{ github.ref }}
-
name: cargo clippy
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-workspace
command: clippy
args: --all-targets -- --deny warnings

# "cargo doc" builds cleanly (including private items)
doc-check:
runs-on: ubuntu-latest
steps:
-
uses: actions/checkout@v3
-
uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimal
components: rust-docs
default: true
-
uses: Swatinem/rust-cache@v1
with:
working-directory: rust-workspace
sharedKey: doc-check
key: ${{ github.ref }}
-
name: cargo doc
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-workspace
command: doc
args: --no-deps --document-private-items
env:
RUSTDOCFLAGS: --deny warnings
56 changes: 56 additions & 0 deletions .github/workflows/rust-workspace-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions

name: rust-workspace (test)

on: push

# Action docs:
# https://github.com/actions/checkout#readme
# https://github.com/actions-rs/toolchain#readme
# https://github.com/Swatinem/rust-cache#readme
# https://github.com/actions-rs/cargo#readme

# NOTE: This uses the <https://github.com/MarcoPolo/cargo> fork to work around <https://github.com/actions-rs/cargo/issues/86>

jobs:

# "cargo build" and "cargo test" pass on all supported Rust toolchain channels.
test:
runs-on: ubuntu-latest
strategy:
# No fail-fast: We want to see test results for all toolchain channels, even if one fails.
fail-fast: false
matrix:
rust:
- '1.57' # MSRV
- stable
- nightly
steps:
-
uses: actions/checkout@v3
-
uses: actions-rs/toolchain@v1
with:
toolchain: ${{ matrix.rust }}
profile: minimal
default: true
-
uses: Swatinem/rust-cache@v1
with:
working-directory: rust-workspace
sharedKey: test
key: ${{ github.ref }}
-
name: cargo build
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-workspace
command: build
args: ${{ matrix.cargo-flags }} --all-targets
-
name: cargo test
uses: MarcoPolo/cargo@a527bf4d534717ff4424a84446c5d710f8833139
with:
working-directory: rust-workspace
command: test
args: ${{ matrix.cargo-flags }}
Loading