From 05cc0ff898ad0bdc12e66c4e7cd16a68d19f7810 Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Sun, 27 Aug 2023 11:57:03 +0300 Subject: [PATCH 1/8] Refactor random proof creation to be common to both enclaves --- cosmwasm/enclaves/Cargo.lock | 1 + .../enclaves/shared/block-verifier/Cargo.toml | 2 +- .../block-verifier/src/verify/random.rs | 33 ++++--------------- cosmwasm/enclaves/shared/utils/Cargo.toml | 3 ++ cosmwasm/enclaves/shared/utils/src/lib.rs | 3 ++ cosmwasm/enclaves/shared/utils/src/random.rs | 24 ++++++++++++++ 6 files changed, 38 insertions(+), 28 deletions(-) create mode 100644 cosmwasm/enclaves/shared/utils/src/random.rs diff --git a/cosmwasm/enclaves/Cargo.lock b/cosmwasm/enclaves/Cargo.lock index 1e1799b68..688d872bc 100644 --- a/cosmwasm/enclaves/Cargo.lock +++ b/cosmwasm/enclaves/Cargo.lock @@ -705,6 +705,7 @@ name = "enclave_utils" version = "1.6.0" dependencies = [ "enclave-ffi-types", + "enclave_crypto", "lazy_static", "log", "serde 1.0.118", diff --git a/cosmwasm/enclaves/shared/block-verifier/Cargo.toml b/cosmwasm/enclaves/shared/block-verifier/Cargo.toml index ca30422b3..aea4ea30b 100644 --- a/cosmwasm/enclaves/shared/block-verifier/Cargo.toml +++ b/cosmwasm/enclaves/shared/block-verifier/Cargo.toml @@ -6,7 +6,7 @@ edition = "2018" [features] default = ["random"] test = ["base64"] -random = [] +random = ["enclave_utils/random"] production = [] verify-validator-whitelist = [] diff --git a/cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs b/cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs index 38997a6c1..49c6b42d1 100644 --- a/cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs +++ b/cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs @@ -1,34 +1,11 @@ #![cfg(feature = "random")] -use enclave_crypto::{sha_256, SIVEncryptable, KEY_MANAGER}; -use log::{debug, error, trace}; +use enclave_crypto::{SIVEncryptable, KEY_MANAGER}; +use log::{debug, error}; use sgx_types::sgx_status_t; use tendermint::Hash; +use enclave_utils::random::create_random_proof; -pub fn create_proof(height: u64, random: &[u8], block_hash: &[u8]) -> [u8; 32] { - trace!( - "Height: {:?}\nRandom: {:?}\nApphash: {:?}", - height, - random, - block_hash - ); - let irs = KEY_MANAGER.initial_randomness_seed.unwrap(); - - let height_bytes = height.to_be_bytes(); - let irs_bytes = irs.get(); - - let data_len = height_bytes.len() + random.len() + block_hash.len() + irs_bytes.len(); - let mut data = Vec::with_capacity(data_len); - - data.extend_from_slice(&height_bytes); - data.extend_from_slice(random); - data.extend_from_slice(block_hash); - data.extend_from_slice(irs_bytes); - - sha_256(data.as_slice()) -} - -#[cfg(feature = "random")] pub fn validate_encrypted_random( random_and_proof: &[u8], validator_set_hash: Hash, @@ -42,7 +19,9 @@ pub fn validate_encrypted_random( .get(48..) .ok_or(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)?; - let calculated_proof = create_proof(height, encrypted_random_slice, app_hash); + + let irs = KEY_MANAGER.initial_randomness_seed.unwrap(); + let calculated_proof = create_random_proof(&irs, height, encrypted_random_slice, app_hash); if calculated_proof != rand_proof { error!( diff --git a/cosmwasm/enclaves/shared/utils/Cargo.toml b/cosmwasm/enclaves/shared/utils/Cargo.toml index 9789e38b0..3e7d7f68b 100644 --- a/cosmwasm/enclaves/shared/utils/Cargo.toml +++ b/cosmwasm/enclaves/shared/utils/Cargo.toml @@ -6,6 +6,7 @@ edition = "2018" [features] production = [] +random = [] # This annotation is here to trick the IDE into showing us type information about this crate. # We always compile to the "sgx" target, so this will always be false. @@ -28,3 +29,5 @@ serde = { git = "https://github.com/mesalock-linux/serde-sgx", features = [ "derive" ] } serde_json = { git = "https://github.com/mesalock-linux/serde-json-sgx" } + +enclave_crypto = {path = "../crypto"} diff --git a/cosmwasm/enclaves/shared/utils/src/lib.rs b/cosmwasm/enclaves/shared/utils/src/lib.rs index 63449a329..031a51205 100644 --- a/cosmwasm/enclaves/shared/utils/src/lib.rs +++ b/cosmwasm/enclaves/shared/utils/src/lib.rs @@ -17,3 +17,6 @@ mod results; pub mod storage; pub mod tx_bytes; pub mod validator_set; + +#[cfg(feature = "random")] +pub mod random; diff --git a/cosmwasm/enclaves/shared/utils/src/random.rs b/cosmwasm/enclaves/shared/utils/src/random.rs new file mode 100644 index 000000000..26f002c07 --- /dev/null +++ b/cosmwasm/enclaves/shared/utils/src/random.rs @@ -0,0 +1,24 @@ +#![cfg(feature = "random")] + +use enclave_crypto::{AESKey, Hmac}; +use log::{trace}; + +pub fn create_random_proof(key: &AESKey, height: u64, random: &[u8], block_hash: &[u8]) -> [u8; 32] { + trace!( + "Height: {:?}\nRandom: {:?}\nApphash: {:?}", + height, + random, + block_hash + ); + + let height_bytes = height.to_be_bytes(); + + let data_len = height_bytes.len() + random.len() + block_hash.len(); + let mut data = Vec::with_capacity(data_len); + + data.extend_from_slice(&height_bytes); + data.extend_from_slice(random); + data.extend_from_slice(block_hash); + + key.sign_sha_256(&data) +} From 551144d1587f066240310792ead801cb6aaf2060 Mon Sep 17 00:00:00 2001 From: Cashmaney Date: Sun, 27 Aug 2023 18:48:04 +0300 Subject: [PATCH 2/8] Update Dockerfile --- deployment/dockerfiles/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/dockerfiles/Dockerfile b/deployment/dockerfiles/Dockerfile index a40929156..8929e4251 100644 --- a/deployment/dockerfiles/Dockerfile +++ b/deployment/dockerfiles/Dockerfile @@ -77,7 +77,7 @@ ARG FEATURES_U ARG SGX_MODE=${SGX_MODE} ENV FEATURES_U=${FEATURES_U} -RUN git clone --branch v1.9.3 --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git +RUN git clone --branch main --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git WORKDIR tm-secret-enclave From 512d1b326b15e7cae594b443773138834bc6c811 Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Mon, 28 Aug 2023 00:36:36 +0300 Subject: [PATCH 3/8] Bump package versions to 1.11 --- cosmwasm/enclaves/Cargo.lock | 18 +++++++++--------- cosmwasm/enclaves/execute/Cargo.toml | 2 +- .../enclaves/shared/contract-engine/Cargo.toml | 2 +- .../enclaves/shared/cosmos-proto/Cargo.toml | 2 +- .../enclaves/shared/cosmos-types/Cargo.toml | 2 +- .../shared/cosmwasm-types/generic/Cargo.toml | 2 +- .../shared/cosmwasm-types/v0.10/Cargo.toml | 2 +- .../shared/cosmwasm-types/v1.0/Cargo.toml | 2 +- cosmwasm/enclaves/shared/crypto/Cargo.toml | 2 +- cosmwasm/enclaves/shared/utils/Cargo.toml | 2 +- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/cosmwasm/enclaves/Cargo.lock b/cosmwasm/enclaves/Cargo.lock index e92fe2386..e4b9a3776 100644 --- a/cosmwasm/enclaves/Cargo.lock +++ b/cosmwasm/enclaves/Cargo.lock @@ -367,7 +367,7 @@ checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" [[package]] name = "cosmos_proto" -version = "1.6.0" +version = "1.11.0" dependencies = [ "dirs", "protobuf", @@ -450,7 +450,7 @@ dependencies = [ [[package]] name = "cw_types_generic" -version = "1.6.0" +version = "1.11.0" dependencies = [ "base64 0.13.1", "cw_types_v010", @@ -464,7 +464,7 @@ dependencies = [ [[package]] name = "cw_types_v010" -version = "1.6.0" +version = "1.11.0" dependencies = [ "base64 0.13.0 (git+https://github.com/mesalock-linux/rust-base64-sgx?rev=dc7389e10817b078f289386b3b6a852ab6c4c021)", "bech32", @@ -478,7 +478,7 @@ dependencies = [ [[package]] name = "cw_types_v1" -version = "1.6.0" +version = "1.11.0" dependencies = [ "base64 0.13.0 (git+https://github.com/mesalock-linux/rust-base64-sgx?rev=dc7389e10817b078f289386b3b6a852ab6c4c021)", "bech32", @@ -620,7 +620,7 @@ dependencies = [ [[package]] name = "enclave_contract_engine" -version = "1.6.0" +version = "1.11.0" dependencies = [ "base64 0.13.0 (git+https://github.com/mesalock-linux/rust-base64-sgx?rev=dc7389e10817b078f289386b3b6a852ab6c4c021)", "bech32", @@ -659,7 +659,7 @@ dependencies = [ [[package]] name = "enclave_cosmos_types" -version = "1.6.0" +version = "1.11.0" dependencies = [ "cosmos_proto", "cw_types_v010", @@ -678,7 +678,7 @@ dependencies = [ [[package]] name = "enclave_crypto" -version = "1.6.0" +version = "1.11.0" dependencies = [ "aes-siv", "cosmos_proto", @@ -703,7 +703,7 @@ dependencies = [ [[package]] name = "enclave_utils" -version = "1.6.0" +version = "1.11.0" dependencies = [ "enclave-ffi-types", "enclave_crypto", @@ -1480,7 +1480,7 @@ dependencies = [ [[package]] name = "secret-enclave" -version = "1.6.0" +version = "1.11.0" dependencies = [ "base64 0.13.0 (git+https://github.com/mesalock-linux/rust-base64-sgx?rev=dc7389e10817b078f289386b3b6a852ab6c4c021)", "bit-vec", diff --git a/cosmwasm/enclaves/execute/Cargo.toml b/cosmwasm/enclaves/execute/Cargo.toml index 798a8bb37..c65850fb5 100644 --- a/cosmwasm/enclaves/execute/Cargo.toml +++ b/cosmwasm/enclaves/execute/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "secret-enclave" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" description = "An enclave running wasmi, to be used by cosmwasm-sgx-vm" diff --git a/cosmwasm/enclaves/shared/contract-engine/Cargo.toml b/cosmwasm/enclaves/shared/contract-engine/Cargo.toml index 53b8e0cfb..3af063c6f 100644 --- a/cosmwasm/enclaves/shared/contract-engine/Cargo.toml +++ b/cosmwasm/enclaves/shared/contract-engine/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "enclave_contract_engine" -version = "1.6.0" +version = "1.11.0" authors = ["Cashmaney "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/cosmos-proto/Cargo.toml b/cosmwasm/enclaves/shared/cosmos-proto/Cargo.toml index 4fec1ee10..c7d6042b6 100644 --- a/cosmwasm/enclaves/shared/cosmos-proto/Cargo.toml +++ b/cosmwasm/enclaves/shared/cosmos-proto/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cosmos_proto" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/cosmos-types/Cargo.toml b/cosmwasm/enclaves/shared/cosmos-types/Cargo.toml index 3951b84f5..88d0e12ab 100644 --- a/cosmwasm/enclaves/shared/cosmos-types/Cargo.toml +++ b/cosmwasm/enclaves/shared/cosmos-types/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "enclave_cosmos_types" -version = "1.6.0" +version = "1.11.0" authors = ["Cashmaney "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/cosmwasm-types/generic/Cargo.toml b/cosmwasm/enclaves/shared/cosmwasm-types/generic/Cargo.toml index 79c161c0f..7196ad832 100644 --- a/cosmwasm/enclaves/shared/cosmwasm-types/generic/Cargo.toml +++ b/cosmwasm/enclaves/shared/cosmwasm-types/generic/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cw_types_generic" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/cosmwasm-types/v0.10/Cargo.toml b/cosmwasm/enclaves/shared/cosmwasm-types/v0.10/Cargo.toml index 1733f99b4..3f5fc0ec6 100644 --- a/cosmwasm/enclaves/shared/cosmwasm-types/v0.10/Cargo.toml +++ b/cosmwasm/enclaves/shared/cosmwasm-types/v0.10/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cw_types_v010" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/cosmwasm-types/v1.0/Cargo.toml b/cosmwasm/enclaves/shared/cosmwasm-types/v1.0/Cargo.toml index 73e63628f..e6e554463 100644 --- a/cosmwasm/enclaves/shared/cosmwasm-types/v1.0/Cargo.toml +++ b/cosmwasm/enclaves/shared/cosmwasm-types/v1.0/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cw_types_v1" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/crypto/Cargo.toml b/cosmwasm/enclaves/shared/crypto/Cargo.toml index 64d971b88..461ae944e 100644 --- a/cosmwasm/enclaves/shared/crypto/Cargo.toml +++ b/cosmwasm/enclaves/shared/crypto/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "enclave_crypto" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" diff --git a/cosmwasm/enclaves/shared/utils/Cargo.toml b/cosmwasm/enclaves/shared/utils/Cargo.toml index 3e7d7f68b..4621239e9 100644 --- a/cosmwasm/enclaves/shared/utils/Cargo.toml +++ b/cosmwasm/enclaves/shared/utils/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "enclave_utils" -version = "1.6.0" +version = "1.11.0" authors = ["SCRT Labs "] edition = "2018" From b4f460c9a6406cad6f33f9b7460050a310d99757 Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Mon, 28 Aug 2023 00:52:10 +0300 Subject: [PATCH 4/8] Removed seed service - was messing with other packages --- seed-service/.gitignore | 7 - seed-service/Cargo.lock | 2651 ----------------- seed-service/Cargo.toml | 25 - seed-service/Makefile | 108 - seed-service/README.md | 1 - seed-service/rust-toolchain | 1 - seed-service/server.crt | 23 - seed-service/server.key | 27 - seed-service/server_reqout.txt | 18 - seed-service/serverca.crt | 22 - seed-service/serverca.srl | 1 - seed-service/servercakey.pem | 27 - ...singularity_seed_service.manifest.template | 68 - seed-service/src/db.rs | 85 - seed-service/src/enclaves/Cargo.toml | 19 - .../src/enclaves/ffi-types/.gitignore | 1 - .../src/enclaves/ffi-types/Cargo.toml | 16 - seed-service/src/enclaves/ffi-types/build.rs | 45 - .../src/enclaves/ffi-types/cbindgen.toml | 106 - .../src/enclaves/ffi-types/src/error.rs | 995 ------- .../src/enclaves/ffi-types/src/lib.rs | 15 - .../src/enclaves/ffi-types/src/types.rs | 336 --- .../shared/Intel_SGX_Attestation_RootCA.pem | 31 - .../shared/contract-engine/Cargo.toml | 30 - .../shared/contract-engine/src/cert.rs | 56 - .../shared/contract-engine/src/lib.rs | 20 - .../shared/contract-engine/src/report.rs | 928 ------ seed-service/src/main.rs | 463 --- 28 files changed, 6125 deletions(-) delete mode 100644 seed-service/.gitignore delete mode 100644 seed-service/Cargo.lock delete mode 100644 seed-service/Cargo.toml delete mode 100644 seed-service/Makefile delete mode 100644 seed-service/README.md delete mode 100644 seed-service/rust-toolchain delete mode 100644 seed-service/server.crt delete mode 100644 seed-service/server.key delete mode 100644 seed-service/server_reqout.txt delete mode 100644 seed-service/serverca.crt delete mode 100644 seed-service/serverca.srl delete mode 100644 seed-service/servercakey.pem delete mode 100644 seed-service/singularity_seed_service.manifest.template delete mode 100644 seed-service/src/db.rs delete mode 100644 seed-service/src/enclaves/Cargo.toml delete mode 100644 seed-service/src/enclaves/ffi-types/.gitignore delete mode 100644 seed-service/src/enclaves/ffi-types/Cargo.toml delete mode 100644 seed-service/src/enclaves/ffi-types/build.rs delete mode 100644 seed-service/src/enclaves/ffi-types/cbindgen.toml delete mode 100644 seed-service/src/enclaves/ffi-types/src/error.rs delete mode 100644 seed-service/src/enclaves/ffi-types/src/lib.rs delete mode 100644 seed-service/src/enclaves/ffi-types/src/types.rs delete mode 100644 seed-service/src/enclaves/shared/Intel_SGX_Attestation_RootCA.pem delete mode 100644 seed-service/src/enclaves/shared/contract-engine/Cargo.toml delete mode 100644 seed-service/src/enclaves/shared/contract-engine/src/cert.rs delete mode 100644 seed-service/src/enclaves/shared/contract-engine/src/lib.rs delete mode 100644 seed-service/src/enclaves/shared/contract-engine/src/report.rs delete mode 100644 seed-service/src/main.rs diff --git a/seed-service/.gitignore b/seed-service/.gitignore deleted file mode 100644 index 3c7635586..000000000 --- a/seed-service/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -target/ -singularity_seed_service.manifest -singularity_seed_service.manifest.sgx_sk -singularity_seed_service.sig -singularity_seed_service.token -seeds.csv - diff --git a/seed-service/Cargo.lock b/seed-service/Cargo.lock deleted file mode 100644 index 06bdafa82..000000000 --- a/seed-service/Cargo.lock +++ /dev/null @@ -1,2651 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "aead" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c192eb8f11fc081b0fe4259ba5af04217d4e0faddd02417310a927911abd7c8" -dependencies = [ - "crypto-common", - "generic-array", -] - -[[package]] -name = "aes" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "433cfd6710c9986c576a25ca913c39d66a6474107b406f34f91d4a8923395241" -dependencies = [ - "cfg-if 1.0.0", - "cipher", - "cpufeatures", -] - -[[package]] -name = "aes-gcm" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82e1366e0c69c9f927b1fa5ce2c7bf9eafc8f9268c0b9800729e8b267612447c" -dependencies = [ - "aead", - "aes", - "cipher", - "ctr", - "ghash", - "subtle", -] - -[[package]] -name = "aho-corasick" -version = "0.7.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac" -dependencies = [ - "memchr", -] - -[[package]] -name = "android_system_properties" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" -dependencies = [ - "libc", -] - -[[package]] -name = "async-stream" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dad5c83079eae9969be7fadefe640a1c566901f05ff91ab221de4b6f68d9507e" -dependencies = [ - "async-stream-impl", - "futures-core", -] - -[[package]] -name = "async-stream-impl" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10f203db73a71dfa2fb6dd22763990fa26f3d2625a6da2da900d23b87d26be27" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "async-trait" -version = "0.1.61" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "705339e0e4a9690e2908d2b3d049d85682cf19fbd5782494498fbf7003a6a282" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "atomic" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b88d82667eca772c4aa12f0f1348b3ae643424c8876448f3f7bd5787032e234c" -dependencies = [ - "autocfg", -] - -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi 0.1.19", - "libc", - "winapi 0.3.9", -] - -[[package]] -name = "autocfg" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" - -[[package]] -name = "base64" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" - -[[package]] -name = "base64" -version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea22880d78093b0cbe17c89f64a7d457941e65759157ec6cb31a31d652b05e5" - -[[package]] -name = "base64" -version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" - -[[package]] -name = "binascii" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "383d29d513d8764dcdc42ea295d979eb99c3c9f00607b3692cf68a431f7dca72" - -[[package]] -name = "bitflags" -version = "1.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" - -[[package]] -name = "block-buffer" -version = "0.10.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" -dependencies = [ - "generic-array", -] - -[[package]] -name = "bstr" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b45ea9b00a7b3f2988e9a65ad3917e62123c38dba709b666506207be96d1790b" -dependencies = [ - "memchr", - "serde", -] - -[[package]] -name = "bumpalo" -version = "3.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba" - -[[package]] -name = "bytes" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfb24e866b15a1af2a1b663f10c6b6b8f397a84aadb828f12e5b289ec23a3a3c" - -[[package]] -name = "cc" -version = "1.0.78" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d" - -[[package]] -name = "cfg-if" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" - -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "chrono" -version = "0.4.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f" -dependencies = [ - "iana-time-zone", - "num-integer", - "num-traits", - "winapi 0.3.9", -] - -[[package]] -name = "chrono-tz" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29c39203181991a7dd4343b8005bd804e7a9a37afb8ac070e43771e8c820bbde" -dependencies = [ - "chrono", - "chrono-tz-build", - "phf", -] - -[[package]] -name = "chrono-tz-build" -version = "0.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f509c3a87b33437b05e2458750a0700e5bdd6956176773e6c7d6dd15a283a0c" -dependencies = [ - "parse-zoneinfo", - "phf", - "phf_codegen", -] - -[[package]] -name = "cipher" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e" -dependencies = [ - "crypto-common", - "inout", -] - -[[package]] -name = "clap" -version = "3.2.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5" -dependencies = [ - "atty", - "bitflags", - "clap_derive", - "clap_lex", - "indexmap", - "once_cell", - "strsim", - "termcolor", - "textwrap", -] - -[[package]] -name = "clap_derive" -version = "3.2.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea0c8bce528c4be4da13ea6fead8965e95b6073585a2f05204bd8f4119f82a65" -dependencies = [ - "heck", - "proc-macro-error", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "clap_lex" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2850f2f5a82cbf437dd5af4d49848fbdfc27c157c3d010345776f952765261c5" -dependencies = [ - "os_str_bytes", -] - -[[package]] -name = "codespan-reporting" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e" -dependencies = [ - "termcolor", - "unicode-width", -] - -[[package]] -name = "convert_case" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" - -[[package]] -name = "cookie" -version = "0.16.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb" -dependencies = [ - "aes-gcm", - "base64 0.20.0", - "hkdf", - "hmac", - "percent-encoding", - "rand", - "sha2", - "subtle", - "time", - "version_check", -] - -[[package]] -name = "core-foundation" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation-sys" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" - -[[package]] -name = "cpufeatures" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" -dependencies = [ - "libc", -] - -[[package]] -name = "crypto-common" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" -dependencies = [ - "generic-array", - "rand_core", - "typenum", -] - -[[package]] -name = "ctr" -version = "0.9.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" -dependencies = [ - "cipher", -] - -[[package]] -name = "cxx" -version = "1.0.86" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51d1075c37807dcf850c379432f0df05ba52cc30f279c5cfc43cc221ce7f8579" -dependencies = [ - "cc", - "cxxbridge-flags", - "cxxbridge-macro", - "link-cplusplus", -] - -[[package]] -name = "cxx-build" -version = "1.0.86" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5044281f61b27bc598f2f6647d480aed48d2bf52d6eb0b627d84c0361b17aa70" -dependencies = [ - "cc", - "codespan-reporting", - "once_cell", - "proc-macro2", - "quote", - "scratch", - "syn", -] - -[[package]] -name = "cxxbridge-flags" -version = "1.0.86" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61b50bc93ba22c27b0d31128d2d130a0a6b3d267ae27ef7e4fae2167dfe8781c" - -[[package]] -name = "cxxbridge-macro" -version = "1.0.86" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e61fda7e62115119469c7b3591fd913ecca96fb766cfd3f2e2502ab7bc87a5" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "derive_more" -version = "0.99.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321" -dependencies = [ - "convert_case", - "proc-macro2", - "quote", - "rustc_version", - "syn", -] - -[[package]] -name = "deunicode" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "850878694b7933ca4c9569d30a34b55031b9b139ee1fc7b94a527c4ef960d690" - -[[package]] -name = "devise" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c7580b072f1c8476148f16e0a0d5dedddab787da98d86c5082c5e9ed8ab595" -dependencies = [ - "devise_codegen", - "devise_core", -] - -[[package]] -name = "devise_codegen" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "123c73e7a6e51b05c75fe1a1b2f4e241399ea5740ed810b0e3e6cacd9db5e7b2" -dependencies = [ - "devise_core", - "quote", -] - -[[package]] -name = "devise_core" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841ef46f4787d9097405cac4e70fb8644fc037b526e8c14054247c0263c400d0" -dependencies = [ - "bitflags", - "proc-macro2", - "proc-macro2-diagnostics", - "quote", - "syn", -] - -[[package]] -name = "digest" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" -dependencies = [ - "block-buffer", - "crypto-common", - "subtle", -] - -[[package]] -name = "either" -version = "1.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" - -[[package]] -name = "enclave-ffi-types" -version = "0.1.0" -dependencies = [ - "derive_more", -] - -[[package]] -name = "enclave_contract_engine" -version = "1.2.4" -dependencies = [ - "base64 0.13.1", - "enclave-ffi-types", - "hex", - "lazy_static", - "log", - "rustls", - "serde", - "serde_json", - "uuid", - "webpki", - "webpki-roots", -] - -[[package]] -name = "encoding_rs" -version = "0.8.31" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9852635589dc9f9ea1b6fe9f05b50ef208c85c834a562f0c6abb1c475736ec2b" -dependencies = [ - "cfg-if 1.0.0", -] - -[[package]] -name = "fastrand" -version = "1.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" -dependencies = [ - "instant", -] - -[[package]] -name = "figment" -version = "0.10.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e56602b469b2201400dec66a66aec5a9b8761ee97cd1b8c96ab2483fcc16cc9" -dependencies = [ - "atomic", - "pear", - "serde", - "toml", - "uncased", - "version_check", -] - -[[package]] -name = "filetime" -version = "0.2.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e884668cd0c7480504233e951174ddc3b382f7c2666e3b7310b5c4e7b0c37f9" -dependencies = [ - "cfg-if 1.0.0", - "libc", - "redox_syscall", - "windows-sys", -] - -[[package]] -name = "fnv" -version = "1.0.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" - -[[package]] -name = "fsevent" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ab7d1bd1bd33cc98b0889831b72da23c0aa4df9cec7e0702f46ecea04b35db6" -dependencies = [ - "bitflags", - "fsevent-sys", -] - -[[package]] -name = "fsevent-sys" -version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f41b048a94555da0f42f1d632e2e19510084fb8e303b0daa2816e733fb3644a0" -dependencies = [ - "libc", -] - -[[package]] -name = "fuchsia-zircon" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e9763c69ebaae630ba35f74888db465e49e259ba1bc0eda7d06f4a067615d82" -dependencies = [ - "bitflags", - "fuchsia-zircon-sys", -] - -[[package]] -name = "fuchsia-zircon-sys" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dcaa9ae7725d12cdb85b3ad99a434db70b468c09ded17e012d86b5c1010f7a7" - -[[package]] -name = "futures" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38390104763dc37a5145a53c29c63c1290b5d316d6086ec32c293f6736051bb0" -dependencies = [ - "futures-channel", - "futures-core", - "futures-io", - "futures-sink", - "futures-task", - "futures-util", -] - -[[package]] -name = "futures-channel" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52ba265a92256105f45b719605a571ffe2d1f0fea3807304b522c1d778f79eed" -dependencies = [ - "futures-core", - "futures-sink", -] - -[[package]] -name = "futures-core" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04909a7a7e4633ae6c4a9ab280aeb86da1236243a77b694a49eacd659a4bd3ac" - -[[package]] -name = "futures-io" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00f5fb52a06bdcadeb54e8d3671f8888a39697dcb0b81b23b55174030427f4eb" - -[[package]] -name = "futures-sink" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39c15cf1a4aa79df40f1bb462fb39676d0ad9e366c2a33b590d7c66f4f81fcf9" - -[[package]] -name = "futures-task" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ffb393ac5d9a6eaa9d3fdf37ae2776656b706e200c8e16b1bdb227f5198e6ea" - -[[package]] -name = "futures-util" -version = "0.3.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "197676987abd2f9cadff84926f410af1c183608d36641465df73ae8211dc65d6" -dependencies = [ - "futures-channel", - "futures-core", - "futures-io", - "futures-sink", - "futures-task", - "memchr", - "pin-project-lite", - "pin-utils", - "slab", -] - -[[package]] -name = "generator" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d266041a359dfa931b370ef684cceb84b166beb14f7f0421f4a6a3d0c446d12e" -dependencies = [ - "cc", - "libc", - "log", - "rustversion", - "windows", -] - -[[package]] -name = "generic-array" -version = "0.14.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" -dependencies = [ - "typenum", - "version_check", -] - -[[package]] -name = "getrandom" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" -dependencies = [ - "cfg-if 1.0.0", - "libc", - "wasi", -] - -[[package]] -name = "ghash" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" -dependencies = [ - "opaque-debug", - "polyval", -] - -[[package]] -name = "glob" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" - -[[package]] -name = "globset" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "029d74589adefde59de1a0c4f4732695c32805624aec7b68d91503d4dba79afc" -dependencies = [ - "aho-corasick", - "bstr", - "fnv", - "log", - "regex", -] - -[[package]] -name = "globwalk" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93e3af942408868f6934a7b85134a3230832b9977cf66125df2f9edcfce4ddcc" -dependencies = [ - "bitflags", - "ignore", - "walkdir", -] - -[[package]] -name = "h2" -version = "0.3.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f9f29bc9dda355256b2916cf526ab02ce0aeaaaf2bad60d65ef3f12f11dd0f4" -dependencies = [ - "bytes", - "fnv", - "futures-core", - "futures-sink", - "futures-util", - "http", - "indexmap", - "slab", - "tokio", - "tokio-util", - "tracing", -] - -[[package]] -name = "hashbrown" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" - -[[package]] -name = "heck" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9" - -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - -[[package]] -name = "hermit-abi" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7" -dependencies = [ - "libc", -] - -[[package]] -name = "hex" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" - -[[package]] -name = "hkdf" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" -dependencies = [ - "hmac", -] - -[[package]] -name = "hmac" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" -dependencies = [ - "digest", -] - -[[package]] -name = "http" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399" -dependencies = [ - "bytes", - "fnv", - "itoa", -] - -[[package]] -name = "http-body" -version = "0.4.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" -dependencies = [ - "bytes", - "http", - "pin-project-lite", -] - -[[package]] -name = "httparse" -version = "1.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" - -[[package]] -name = "httpdate" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" - -[[package]] -name = "humansize" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02296996cb8796d7c6e3bc2d9211b7802812d36999a51bb754123ead7d37d026" - -[[package]] -name = "hyper" -version = "0.14.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "034711faac9d2166cb1baf1a2fb0b60b1f277f8492fd72176c17f3515e1abd3c" -dependencies = [ - "bytes", - "futures-channel", - "futures-core", - "futures-util", - "h2", - "http", - "http-body", - "httparse", - "httpdate", - "itoa", - "pin-project-lite", - "socket2", - "tokio", - "tower-service", - "tracing", - "want", -] - -[[package]] -name = "iana-time-zone" -version = "0.1.53" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765" -dependencies = [ - "android_system_properties", - "core-foundation-sys", - "iana-time-zone-haiku", - "js-sys", - "wasm-bindgen", - "winapi 0.3.9", -] - -[[package]] -name = "iana-time-zone-haiku" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca" -dependencies = [ - "cxx", - "cxx-build", -] - -[[package]] -name = "ignore" -version = "0.4.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbe7873dab538a9a44ad79ede1faf5f30d49f9a5c883ddbab48bce81b64b7492" -dependencies = [ - "globset", - "lazy_static", - "log", - "memchr", - "regex", - "same-file", - "thread_local", - "walkdir", - "winapi-util", -] - -[[package]] -name = "indexed-line-reader" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34ab5175ff42a25adbea371993059c32dbc872b532b564815969bd22293d9ad7" - -[[package]] -name = "indexmap" -version = "1.9.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399" -dependencies = [ - "autocfg", - "hashbrown", - "serde", -] - -[[package]] -name = "inlinable_string" -version = "0.1.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb" - -[[package]] -name = "inotify" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4816c66d2c8ae673df83366c18341538f234a26d65a9ecea5c348b453ac1d02f" -dependencies = [ - "bitflags", - "inotify-sys", - "libc", -] - -[[package]] -name = "inotify-sys" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e05c02b5e89bff3b946cedeca278abc628fe811e604f027c45a8aa3cf793d0eb" -dependencies = [ - "libc", -] - -[[package]] -name = "inout" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" -dependencies = [ - "generic-array", -] - -[[package]] -name = "instant" -version = "0.1.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" -dependencies = [ - "cfg-if 1.0.0", -] - -[[package]] -name = "iovec" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2b3ea6ff95e175473f8ffe6a7eb7c00d054240321b84c57051175fe3c1e075e" -dependencies = [ - "libc", -] - -[[package]] -name = "itoa" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440" - -[[package]] -name = "js-sys" -version = "0.3.60" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47" -dependencies = [ - "wasm-bindgen", -] - -[[package]] -name = "kernel32-sys" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d" -dependencies = [ - "winapi 0.2.8", - "winapi-build", -] - -[[package]] -name = "lazy_static" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" - -[[package]] -name = "lazycell" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" - -[[package]] -name = "libc" -version = "0.2.139" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79" - -[[package]] -name = "link-cplusplus" -version = "1.0.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5" -dependencies = [ - "cc", -] - -[[package]] -name = "lock_api" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" -dependencies = [ - "autocfg", - "scopeguard", -] - -[[package]] -name = "log" -version = "0.4.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" -dependencies = [ - "cfg-if 1.0.0", -] - -[[package]] -name = "loom" -version = "0.5.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff50ecb28bb86013e935fb6683ab1f6d3a20016f123c76fd4c27470076ac30f5" -dependencies = [ - "cfg-if 1.0.0", - "generator", - "scoped-tls", - "serde", - "serde_json", - "tracing", - "tracing-subscriber", -] - -[[package]] -name = "matchers" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558" -dependencies = [ - "regex-automata", -] - -[[package]] -name = "memchr" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" - -[[package]] -name = "mime" -version = "0.3.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" - -[[package]] -name = "mio" -version = "0.6.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4afd66f5b91bf2a3bc13fad0e21caedac168ca4c707504e75585648ae80e4cc4" -dependencies = [ - "cfg-if 0.1.10", - "fuchsia-zircon", - "fuchsia-zircon-sys", - "iovec", - "kernel32-sys", - "libc", - "log", - "miow", - "net2", - "slab", - "winapi 0.2.8", -] - -[[package]] -name = "mio" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5d732bc30207a6423068df043e3d02e0735b155ad7ce1a6f76fe2baa5b158de" -dependencies = [ - "libc", - "log", - "wasi", - "windows-sys", -] - -[[package]] -name = "mio-extras" -version = "2.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52403fe290012ce777c4626790c8951324a2b9e3316b3143779c72b029742f19" -dependencies = [ - "lazycell", - "log", - "mio 0.6.23", - "slab", -] - -[[package]] -name = "miow" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebd808424166322d4a38da87083bfddd3ac4c131334ed55856112eb06d46944d" -dependencies = [ - "kernel32-sys", - "net2", - "winapi 0.2.8", - "ws2_32-sys", -] - -[[package]] -name = "multer" -version = "2.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ed4198ce7a4cbd2a57af78d28c6fbb57d81ac5f1d6ad79ac6c5587419cbdf22" -dependencies = [ - "bytes", - "encoding_rs", - "futures-util", - "http", - "httparse", - "log", - "memchr", - "mime", - "spin 0.9.4", - "tokio", - "tokio-util", - "version_check", -] - -[[package]] -name = "net2" -version = "0.2.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d0df99cfcd2530b2e694f6e17e7f37b8e26bb23983ac530c0c97408837c631" -dependencies = [ - "cfg-if 0.1.10", - "libc", - "winapi 0.3.9", -] - -[[package]] -name = "normpath" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04aaf5e9cb0fbf883cc0423159eacdf96a9878022084b35c462c428cab73bcaf" -dependencies = [ - "winapi 0.3.9", -] - -[[package]] -name = "notify" -version = "4.0.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae03c8c853dba7bfd23e571ff0cff7bc9dceb40a4cd684cd1681824183f45257" -dependencies = [ - "bitflags", - "filetime", - "fsevent", - "fsevent-sys", - "inotify", - "libc", - "mio 0.6.23", - "mio-extras", - "walkdir", - "winapi 0.3.9", -] - -[[package]] -name = "nu-ansi-term" -version = "0.46.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84" -dependencies = [ - "overload", - "winapi 0.3.9", -] - -[[package]] -name = "num-integer" -version = "0.1.45" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" -dependencies = [ - "autocfg", - "num-traits", -] - -[[package]] -name = "num-traits" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" -dependencies = [ - "autocfg", -] - -[[package]] -name = "num_cpus" -version = "1.15.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b" -dependencies = [ - "hermit-abi 0.2.6", - "libc", -] - -[[package]] -name = "once_cell" -version = "1.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66" - -[[package]] -name = "opaque-debug" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" - -[[package]] -name = "openssl-probe" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" - -[[package]] -name = "os_str_bytes" -version = "6.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee" - -[[package]] -name = "overload" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" - -[[package]] -name = "parking_lot" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" -dependencies = [ - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.9.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba1ef8814b5c993410bb3adfad7a5ed269563e4a2f90c41f5d85be7fb47133bf" -dependencies = [ - "cfg-if 1.0.0", - "libc", - "redox_syscall", - "smallvec", - "windows-sys", -] - -[[package]] -name = "parse-zoneinfo" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c705f256449c60da65e11ff6626e0c16a0a0b96aaa348de61376b249bc340f41" -dependencies = [ - "regex", -] - -[[package]] -name = "pear" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15e44241c5e4c868e3eaa78b7c1848cadd6344ed4f54d029832d32b415a58702" -dependencies = [ - "inlinable_string", - "pear_codegen", - "yansi", -] - -[[package]] -name = "pear_codegen" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82a5ca643c2303ecb740d506539deba189e16f2754040a42901cd8105d0282d0" -dependencies = [ - "proc-macro2", - "proc-macro2-diagnostics", - "quote", - "syn", -] - -[[package]] -name = "percent-encoding" -version = "2.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" - -[[package]] -name = "pest" -version = "2.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4257b4a04d91f7e9e6290be5d3da4804dd5784fafde3a497d73eb2b4a158c30a" -dependencies = [ - "thiserror", - "ucd-trie", -] - -[[package]] -name = "pest_derive" -version = "2.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "241cda393b0cdd65e62e07e12454f1f25d57017dcc514b1514cd3c4645e3a0a6" -dependencies = [ - "pest", - "pest_generator", -] - -[[package]] -name = "pest_generator" -version = "2.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46b53634d8c8196302953c74d5352f33d0c512a9499bd2ce468fc9f4128fa27c" -dependencies = [ - "pest", - "pest_meta", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "pest_meta" -version = "2.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ef4f1332a8d4678b41966bb4cc1d0676880e84183a1ecc3f4b69f03e99c7a51" -dependencies = [ - "once_cell", - "pest", - "sha2", -] - -[[package]] -name = "phf" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "928c6535de93548188ef63bb7c4036bd415cd8f36ad25af44b9789b2ee72a48c" -dependencies = [ - "phf_shared", -] - -[[package]] -name = "phf_codegen" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a56ac890c5e3ca598bbdeaa99964edb5b0258a583a9eb6ef4e89fc85d9224770" -dependencies = [ - "phf_generator", - "phf_shared", -] - -[[package]] -name = "phf_generator" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1181c94580fa345f50f19d738aaa39c0ed30a600d95cb2d3e23f94266f14fbf" -dependencies = [ - "phf_shared", - "rand", -] - -[[package]] -name = "phf_shared" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1fb5f6f826b772a8d4c0394209441e7d37cbbb967ae9c7e0e8134365c9ee676" -dependencies = [ - "siphasher", - "uncased", -] - -[[package]] -name = "pin-project-lite" -version = "0.2.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" - -[[package]] -name = "pin-utils" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" - -[[package]] -name = "polyval" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ef234e08c11dfcb2e56f79fd70f6f2eb7f025c0ce2333e82f4f0518ecad30c6" -dependencies = [ - "cfg-if 1.0.0", - "cpufeatures", - "opaque-debug", - "universal-hash", -] - -[[package]] -name = "ppv-lite86" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" - -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - -[[package]] -name = "proc-macro2" -version = "1.0.49" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "proc-macro2-diagnostics" -version = "0.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bf29726d67464d49fa6224a1d07936a8c08bb3fba727c7493f6cf1616fdaada" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "version_check", - "yansi", -] - -[[package]] -name = "quote" -version = "1.0.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "rand" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" -dependencies = [ - "libc", - "rand_chacha", - "rand_core", -] - -[[package]] -name = "rand_chacha" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" -dependencies = [ - "ppv-lite86", - "rand_core", -] - -[[package]] -name = "rand_core" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" -dependencies = [ - "getrandom", -] - -[[package]] -name = "redox_syscall" -version = "0.2.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" -dependencies = [ - "bitflags", -] - -[[package]] -name = "ref-cast" -version = "1.0.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c78fb8c9293bcd48ef6fce7b4ca950ceaf21210de6e105a883ee280c0f7b9ed" -dependencies = [ - "ref-cast-impl", -] - -[[package]] -name = "ref-cast-impl" -version = "1.0.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f9c0c92af03644e4806106281fe2e068ac5bc0ae74a707266d06ea27bccee5f" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "regex" -version = "1.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733" -dependencies = [ - "aho-corasick", - "memchr", - "regex-syntax", -] - -[[package]] -name = "regex-automata" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" -dependencies = [ - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.6.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" - -[[package]] -name = "remove_dir_all" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" -dependencies = [ - "winapi 0.3.9", -] - -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted", - "web-sys", - "winapi 0.3.9", -] - -[[package]] -name = "rocket" -version = "0.5.0-rc.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "98ead083fce4a405feb349cf09abdf64471c6077f14e0ce59364aa90d4b99317" -dependencies = [ - "async-stream", - "async-trait", - "atomic", - "atty", - "binascii", - "bytes", - "either", - "figment", - "futures", - "indexmap", - "log", - "memchr", - "multer", - "num_cpus", - "parking_lot", - "pin-project-lite", - "rand", - "ref-cast", - "rocket_codegen", - "rocket_http", - "serde", - "serde_json", - "state", - "tempfile", - "time", - "tokio", - "tokio-stream", - "tokio-util", - "ubyte", - "version_check", - "yansi", -] - -[[package]] -name = "rocket_codegen" -version = "0.5.0-rc.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6aeb6bb9c61e9cd2c00d70ea267bf36f76a4cc615e5908b349c2f9d93999b47" -dependencies = [ - "devise", - "glob", - "indexmap", - "proc-macro2", - "quote", - "rocket_http", - "syn", - "unicode-xid", -] - -[[package]] -name = "rocket_dyn_templates" -version = "0.1.0-rc.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bab13df598440527c200f46fb944dc55d8d67a1818b617eb5a3981dcd8b63fd2" -dependencies = [ - "glob", - "normpath", - "notify", - "rocket", - "tera", -] - -[[package]] -name = "rocket_http" -version = "0.5.0-rc.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ded65d127954de3c12471630bf4b81a2792f065984461e65b91d0fdaafc17a2" -dependencies = [ - "cookie", - "either", - "futures", - "http", - "hyper", - "indexmap", - "log", - "memchr", - "pear", - "percent-encoding", - "pin-project-lite", - "ref-cast", - "serde", - "smallvec", - "stable-pattern", - "state", - "time", - "tokio", - "uncased", -] - -[[package]] -name = "rustc_version" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" -dependencies = [ - "semver", -] - -[[package]] -name = "rustls" -version = "0.20.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f" -dependencies = [ - "log", - "ring", - "sct", - "webpki", -] - -[[package]] -name = "rustls-native-certs" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50" -dependencies = [ - "openssl-probe", - "rustls-pemfile", - "schannel", - "security-framework", -] - -[[package]] -name = "rustls-pemfile" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b" -dependencies = [ - "base64 0.21.0", -] - -[[package]] -name = "rustversion" -version = "1.0.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5583e89e108996506031660fe09baa5011b9dd0341b89029313006d1fb508d70" - -[[package]] -name = "ryu" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b4b9743ed687d4b4bcedf9ff5eaa7398495ae14e61cba0a295704edbc7decde" - -[[package]] -name = "same-file" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" -dependencies = [ - "winapi-util", -] - -[[package]] -name = "schannel" -version = "0.1.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "713cfb06c7059f3588fb8044c0fad1d09e3c01d225e25b9220dbfdcf16dbb1b3" -dependencies = [ - "windows-sys", -] - -[[package]] -name = "scoped-tls" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" - -[[package]] -name = "scopeguard" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" - -[[package]] -name = "scratch" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2" - -[[package]] -name = "sct" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" -dependencies = [ - "ring", - "untrusted", -] - -[[package]] -name = "security-framework" -version = "2.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bc1bb97804af6631813c55739f771071e0f2ed33ee20b68c86ec505d906356c" -dependencies = [ - "bitflags", - "core-foundation", - "core-foundation-sys", - "libc", - "security-framework-sys", -] - -[[package]] -name = "security-framework-sys" -version = "2.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0160a13a177a45bfb43ce71c01580998474f556ad854dcbca936dd2841a5c556" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "semver" -version = "1.0.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58bc9567378fc7690d6b2addae4e60ac2eeea07becb2c64b9f218b53865cba2a" - -[[package]] -name = "serde" -version = "1.0.152" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.152" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "serde_json" -version = "1.0.91" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "877c235533714907a8c2464236f5c4b2a17262ef1bd71f38f35ea592c8da6883" -dependencies = [ - "itoa", - "ryu", - "serde", -] - -[[package]] -name = "sha2" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" -dependencies = [ - "cfg-if 1.0.0", - "cpufeatures", - "digest", -] - -[[package]] -name = "sharded-slab" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31" -dependencies = [ - "lazy_static", -] - -[[package]] -name = "signal-hook-registry" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51e73328dc4ac0c7ccbda3a494dfa03df1de2f46018127f60c693f2648455b0" -dependencies = [ - "libc", -] - -[[package]] -name = "singularity_seed_service" -version = "0.1.0" -dependencies = [ - "base64 0.13.1", - "clap", - "enclave_contract_engine", - "futures-util", - "hyper", - "indexed-line-reader", - "lazy_static", - "rand_core", - "rocket", - "rocket_dyn_templates", - "rustls", - "rustls-native-certs", - "rustls-pemfile", - "serde", - "serde_derive", - "serde_json", - "tokio", - "tokio-rustls", -] - -[[package]] -name = "siphasher" -version = "0.3.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de" - -[[package]] -name = "slab" -version = "0.4.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef" -dependencies = [ - "autocfg", -] - -[[package]] -name = "slug" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3bc762e6a4b6c6fcaade73e77f9ebc6991b676f88bb2358bddb56560f073373" -dependencies = [ - "deunicode", -] - -[[package]] -name = "smallvec" -version = "1.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" - -[[package]] -name = "socket2" -version = "0.4.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" -dependencies = [ - "libc", - "winapi 0.3.9", -] - -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - -[[package]] -name = "spin" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f6002a767bff9e83f8eeecf883ecb8011875a21ae8da43bffb817a57e78cc09" - -[[package]] -name = "stable-pattern" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4564168c00635f88eaed410d5efa8131afa8d8699a612c80c455a0ba05c21045" -dependencies = [ - "memchr", -] - -[[package]] -name = "state" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbe866e1e51e8260c9eed836a042a5e7f6726bb2b411dffeaa712e19c388f23b" -dependencies = [ - "loom", -] - -[[package]] -name = "strsim" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" - -[[package]] -name = "subtle" -version = "2.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" - -[[package]] -name = "syn" -version = "1.0.107" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "tempfile" -version = "3.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4" -dependencies = [ - "cfg-if 1.0.0", - "fastrand", - "libc", - "redox_syscall", - "remove_dir_all", - "winapi 0.3.9", -] - -[[package]] -name = "tera" -version = "1.17.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3df578c295f9ec044ff1c829daf31bb7581d5b3c2a7a3d87419afe1f2531438c" -dependencies = [ - "chrono", - "chrono-tz", - "globwalk", - "humansize", - "lazy_static", - "percent-encoding", - "pest", - "pest_derive", - "rand", - "regex", - "serde", - "serde_json", - "slug", - "unic-segment", -] - -[[package]] -name = "termcolor" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" -dependencies = [ - "winapi-util", -] - -[[package]] -name = "textwrap" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" - -[[package]] -name = "thiserror" -version = "1.0.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0" -dependencies = [ - "thiserror-impl", -] - -[[package]] -name = "thiserror-impl" -version = "1.0.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "thread_local" -version = "1.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5516c27b78311c50bf42c071425c560ac799b11c30b31f87e3081965fe5e0180" -dependencies = [ - "once_cell", -] - -[[package]] -name = "time" -version = "0.3.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a561bf4617eebd33bca6434b988f39ed798e527f51a1e797d0ee4f61c0a38376" -dependencies = [ - "itoa", - "serde", - "time-core", - "time-macros", -] - -[[package]] -name = "time-core" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd" - -[[package]] -name = "time-macros" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d967f99f534ca7e495c575c62638eebc2898a8c84c119b89e250477bc4ba16b2" -dependencies = [ - "time-core", -] - -[[package]] -name = "tokio" -version = "1.24.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d9f76183f91ecfb55e1d7d5602bd1d979e38a3a522fe900241cf195624d67ae" -dependencies = [ - "autocfg", - "bytes", - "libc", - "memchr", - "mio 0.8.5", - "num_cpus", - "parking_lot", - "pin-project-lite", - "signal-hook-registry", - "socket2", - "tokio-macros", - "windows-sys", -] - -[[package]] -name = "tokio-macros" -version = "1.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d266c00fde287f55d3f1c3e96c500c362a2b8c695076ec180f27918820bc6df8" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "tokio-rustls" -version = "0.23.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" -dependencies = [ - "rustls", - "tokio", - "webpki", -] - -[[package]] -name = "tokio-stream" -version = "0.1.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d660770404473ccd7bc9f8b28494a811bc18542b915c0855c51e8f419d5223ce" -dependencies = [ - "futures-core", - "pin-project-lite", - "tokio", -] - -[[package]] -name = "tokio-util" -version = "0.7.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb2e075f03b3d66d8d8785356224ba688d2906a371015e225beeb65ca92c740" -dependencies = [ - "bytes", - "futures-core", - "futures-sink", - "pin-project-lite", - "tokio", - "tracing", -] - -[[package]] -name = "toml" -version = "0.5.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1333c76748e868a4d9d1017b5ab53171dfd095f70c712fdb4653a406547f598f" -dependencies = [ - "serde", -] - -[[package]] -name = "tower-service" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" - -[[package]] -name = "tracing" -version = "0.1.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" -dependencies = [ - "cfg-if 1.0.0", - "pin-project-lite", - "tracing-attributes", - "tracing-core", -] - -[[package]] -name = "tracing-attributes" -version = "0.1.23" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "tracing-core" -version = "0.1.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" -dependencies = [ - "once_cell", - "valuable", -] - -[[package]] -name = "tracing-log" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922" -dependencies = [ - "lazy_static", - "log", - "tracing-core", -] - -[[package]] -name = "tracing-subscriber" -version = "0.3.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6176eae26dd70d0c919749377897b54a9276bd7061339665dd68777926b5a70" -dependencies = [ - "matchers", - "nu-ansi-term", - "once_cell", - "regex", - "sharded-slab", - "smallvec", - "thread_local", - "tracing", - "tracing-core", - "tracing-log", -] - -[[package]] -name = "try-lock" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" - -[[package]] -name = "typenum" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" - -[[package]] -name = "ubyte" -version = "0.10.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c81f0dae7d286ad0d9366d7679a77934cfc3cf3a8d67e82669794412b2368fe6" -dependencies = [ - "serde", -] - -[[package]] -name = "ucd-trie" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e79c4d996edb816c91e4308506774452e55e95c3c9de07b6729e17e15a5ef81" - -[[package]] -name = "uncased" -version = "0.9.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09b01702b0fd0b3fadcf98e098780badda8742d4f4a7676615cad90e8ac73622" -dependencies = [ - "serde", - "version_check", -] - -[[package]] -name = "unic-char-property" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8c57a407d9b6fa02b4795eb81c5b6652060a15a7903ea981f3d723e6c0be221" -dependencies = [ - "unic-char-range", -] - -[[package]] -name = "unic-char-range" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0398022d5f700414f6b899e10b8348231abf9173fa93144cbc1a43b9793c1fbc" - -[[package]] -name = "unic-common" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80d7ff825a6a654ee85a63e80f92f054f904f21e7d12da4e22f9834a4aaa35bc" - -[[package]] -name = "unic-segment" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4ed5d26be57f84f176157270c112ef57b86debac9cd21daaabbe56db0f88f23" -dependencies = [ - "unic-ucd-segment", -] - -[[package]] -name = "unic-ucd-segment" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2079c122a62205b421f499da10f3ee0f7697f012f55b675e002483c73ea34700" -dependencies = [ - "unic-char-property", - "unic-char-range", - "unic-ucd-version", -] - -[[package]] -name = "unic-ucd-version" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96bd2f2237fe450fcd0a1d2f5f4e91711124f7857ba2e964247776ebeeb7b0c4" -dependencies = [ - "unic-common", -] - -[[package]] -name = "unicode-ident" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc" - -[[package]] -name = "unicode-width" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" - -[[package]] -name = "unicode-xid" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" - -[[package]] -name = "universal-hash" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d3160b73c9a19f7e2939a2fdad446c57c1bbbbf4d919d3213ff1267a580d8b5" -dependencies = [ - "crypto-common", - "subtle", -] - -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - -[[package]] -name = "uuid" -version = "1.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "422ee0de9031b5b948b97a8fc04e3aa35230001a722ddd27943e0be31564ce4c" - -[[package]] -name = "valuable" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" - -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "walkdir" -version = "2.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "808cf2735cd4b6866113f648b791c6adc5714537bc222d9347bb203386ffda56" -dependencies = [ - "same-file", - "winapi 0.3.9", - "winapi-util", -] - -[[package]] -name = "want" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0" -dependencies = [ - "log", - "try-lock", -] - -[[package]] -name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" - -[[package]] -name = "wasm-bindgen" -version = "0.2.83" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268" -dependencies = [ - "cfg-if 1.0.0", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.83" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.83" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.83" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.83" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f" - -[[package]] -name = "web-sys" -version = "0.3.60" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "webpki" -version = "0.22.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd" -dependencies = [ - "ring", - "untrusted", -] - -[[package]] -name = "webpki-roots" -version = "0.22.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87" -dependencies = [ - "webpki", -] - -[[package]] -name = "winapi" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a" - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-build" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d315eee3b34aca4797b2da6b13ed88266e6d612562a0c46390af8299fc699bc" - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-util" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" -dependencies = [ - "winapi 0.3.9", -] - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - -[[package]] -name = "windows" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1c4bd0a50ac6020f65184721f758dba47bb9fbc2133df715ec74a237b26794a" -dependencies = [ - "windows_aarch64_msvc 0.39.0", - "windows_i686_gnu 0.39.0", - "windows_i686_msvc 0.39.0", - "windows_x86_64_gnu 0.39.0", - "windows_x86_64_msvc 0.39.0", -] - -[[package]] -name = "windows-sys" -version = "0.42.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7" -dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc 0.42.1", - "windows_i686_gnu 0.42.1", - "windows_i686_msvc 0.42.1", - "windows_x86_64_gnu 0.42.1", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc 0.42.1", -] - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c9864e83243fdec7fc9c5444389dcbbfd258f745e7853198f365e3c4968a608" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec7711666096bd4096ffa835238905bb33fb87267910e154b18b44eaabb340f2" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c8b1b673ffc16c47a9ff48570a9d85e25d265735c503681332589af6253c6c7" - -[[package]] -name = "windows_i686_gnu" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "763fc57100a5f7042e3057e7e8d9bdd7860d330070251a73d003563a3bb49e1b" - -[[package]] -name = "windows_i686_gnu" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3887528ad530ba7bdbb1faa8275ec7a1155a45ffa57c37993960277145d640" - -[[package]] -name = "windows_i686_msvc" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bc7cbfe58828921e10a9f446fcaaf649204dcfe6c1ddd712c5eebae6bda1106" - -[[package]] -name = "windows_i686_msvc" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf4d1122317eddd6ff351aa852118a2418ad4214e6613a50e0191f7004372605" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6868c165637d653ae1e8dc4d82c25d4f97dd6605eaa8d784b5c6e0ab2a252b65" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1040f221285e17ebccbc2591ffdc2d44ee1f9186324dd3e84e99ac68d699c45" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "628bfdf232daa22b0d64fdb62b09fcc36bb01f05a3939e20ab73aaf9470d0463" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e4d40883ae9cae962787ca76ba76390ffa29214667a111db9e0a1ad8377e809" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.42.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "447660ad36a13288b1db4d4248e857b510e8c3a225c822ba4fb748c0aafecffd" - -[[package]] -name = "ws2_32-sys" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d59cefebd0c892fa2dd6de581e937301d8552cb44489cdff035c6187cb63fa5e" -dependencies = [ - "winapi 0.2.8", - "winapi-build", -] - -[[package]] -name = "yansi" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec" diff --git a/seed-service/Cargo.toml b/seed-service/Cargo.toml deleted file mode 100644 index dc819a349..000000000 --- a/seed-service/Cargo.toml +++ /dev/null @@ -1,25 +0,0 @@ -[package] -name = "singularity_seed_service" -version = "0.1.0" -edition = "2021" - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html -[dependencies] -tokio = { version = "1", features = ["full"] } -serde = "^1.0.34" -serde_json = "^1.0.34" -serde_derive = "^1.0.34" -rocket = { version = "0.5.0-rc.2", features = ["json"] } -rocket_dyn_templates = { version = "0.1.0-rc.2", features = ["tera"] } -clap = { version = "3", features = ["derive"] } -hyper = "0.14.20" -tokio-rustls = { version = "0.23", default-features = false } -rustls-native-certs = { version = "0.6", optional = true } -futures-util = { version = "0.3.1", default-features = false } -lazy_static = "1.4.0" -rustls = { version = "0.20.1", default-features = false, features = ["tls12"] } -rustls-pemfile = "1.0.0" -indexed-line-reader = "0.2.1" -rand_core = "0.6.4" -base64 = "0.13.0" -enclave_contract_engine = { path = "./src/enclaves/shared/contract-engine" } diff --git a/seed-service/Makefile b/seed-service/Makefile deleted file mode 100644 index 780115103..000000000 --- a/seed-service/Makefile +++ /dev/null @@ -1,108 +0,0 @@ -BUILD_PROFILE ?= release -FEATURES ?= -FEATURES_U += $(FEATURES) -FEATURES_U += backtraces -FEATURES_U := $(strip $(FEATURES_U)) - -DLL_EXT = "" -ifeq ($(OS),Windows_NT) - DLL_EXT = dll -else - UNAME_S := $(shell uname -s) - ifeq ($(UNAME_S),Linux) - DLL_EXT = so - endif - ifeq ($(UNAME_S),Darwin) - DLL_EXT = dylib - endif -endif - - -ARCH_LIBDIR ?= /lib/$(shell $(CC) -dumpmachine) - -SELF_EXE = target/release/singularity_seed_service - -.PHONY: all -# all: vendor $(SELF_EXE) singularity_seed_service.manifest -all: $(SELF_EXE) singularity_seed_service.manifest -ifeq ($(SGX),1) -all: singularity_seed_service.manifest.sgx singularity_seed_service.sig singularity_seed_service.token -endif - -ifeq ($(DEBUG),1) -GRAMINE_LOG_LEVEL = debug -else -GRAMINE_LOG_LEVEL = error -endif - -# move the secretNetwork parts to another Makefile. but call vendor here. -# then make SGX=1 and see if good. -# then add what's needed in ./Cargo.toml (regarding the enclave-ffi-types and sgx_types. (do i need xargo for sgx_types?? - check sgx-vm (i think not, but maybe it's dependant on compiling first 'enclaves/execute'))) -vendor: - cargo vendor third_party/vendor --manifest-path third_party/build/Cargo.toml - # $(MAKE) -C ./src all - -# Note that we're compiling in release mode regardless of the DEBUG setting passed -# to Make, as compiling in debug mode results in an order of magnitude's difference in -# performance that makes testing by running a benchmark with ab painful. The primary goal -# of the DEBUG setting is to control Gramine's loglevel. --include $(SELF_EXE).d # See also: .cargo/config.toml -$(SELF_EXE): Cargo.toml src/main.rs src/db.rs - cargo build --release - - -singularity_seed_service.manifest: singularity_seed_service.manifest.template - gramine-manifest \ - -Dlog_level=$(GRAMINE_LOG_LEVEL) \ - -Darch_libdir=$(ARCH_LIBDIR) \ - -Dself_exe=$(SELF_EXE) \ - $< $@ - -# Make on Ubuntu <= 20.04 doesn't support "Rules with Grouped Targets" (`&:`), -# see the helloworld example for details on this workaround. -singularity_seed_service.manifest.sgx singularity_seed_service.sig: sgx_sign - @: - -.INTERMEDIATE: sgx_sign -sgx_sign: singularity_seed_service.manifest $(SELF_EXE) - gramine-sgx-sign \ - --manifest $< \ - --output $<.sgx - -singularity_seed_service.token: singularity_seed_service.sig - gramine-sgx-get-token \ - --output $@ --sig $< - -ifeq ($(SGX),) -GRAMINE = gramine-direct -else -GRAMINE = gramine-sgx -endif - -.PHONY: start-gramine-server -start-gramine-server: all - $(GRAMINE) singularity_seed_service - -.PHONY: clean -clean: - $(RM) -rf *.token *.sig *.manifest.sgx *.manifest result-* OUTPUT - -rm -rf /tmp/SecretNetwork - -rm -f ./secretcli* - -rm -f ./secretd* - -find -name '*.so' -delete - -rm -f ./enigma-blockchain*.deb - -rm -f ./SHA256SUMS* - -rm -rf ./third_party/vendor/ - -rm -rf ./.sgx_secrets/* - -rm -rf ./x/compute/internal/keeper/.sgx_secrets/* - -rm -rf ./*.der - -rm -rf ./x/compute/internal/keeper/*.der - -rm -rf ./cmd/secretd/ias_bin* - -rm ./Cargo.lock - -rm -rf ./target - #-rm ./src/enclaves/Cargo.lock - #$(MAKE) -C ./src clean-all - -.PHONY: distclean -distclean: clean - $(RM) -rf target/ Cargo.lock diff --git a/seed-service/README.md b/seed-service/README.md deleted file mode 100644 index 7e2143102..000000000 --- a/seed-service/README.md +++ /dev/null @@ -1 +0,0 @@ -Please note that the private keys taht are in this directory are for tests - In production we have another set of keys diff --git a/seed-service/rust-toolchain b/seed-service/rust-toolchain deleted file mode 100644 index a8bc49958..000000000 --- a/seed-service/rust-toolchain +++ /dev/null @@ -1 +0,0 @@ -nightly-2023-01-15 \ No newline at end of file diff --git a/seed-service/server.crt b/seed-service/server.crt deleted file mode 100644 index 42d9f03d0..000000000 --- a/seed-service/server.crt +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDvzCCAqegAwIBAgIUdOm/HCpjtj6ol0gJ54hDHBa7wOgwDQYJKoZIhvcNAQEL -BQAwbDELMAkGA1UEBhMCSUwxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM -CVNDUlQgTGFiczESMBAGA1UEAwwJU0NSVCBMYWJzMSAwHgYJKoZIhvcNAQkBFhFp -bmZvQHNjcnRsYWJzLmNvbTAeFw0yMjExMjkwOTMxMjJaFw0yNTAzMDMwOTMxMjJa -MGwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlT -Q1JUIExhYnMxEjAQBgNVBAMMCVNDUlQgTGFiczEgMB4GCSqGSIb3DQEJARYRaW5m -b0BzY3J0bGFicy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt -88wpPGxXmyoGxS7MbKhIDJgo2sd2Cbc7cEVxV/aaGZXodEfrhOZ+YnqKO6gg/f3q -ulj6fd65udhjVDAPiRtd/bqkdNC7BJhttc0IHSavuf3Yo0iTFnDR+KVT3p4PGuka -fMl6Yh3QCLo4KG3h8XzXwOGRdk9zjxV/CLCF7iOFBHYE7Vdq2nn9I8HQNpEJnRfu -xU+gnwYtYrpN0kZWUzEqzPNHgguvUbhUyyOtOhQn/s+wDTtE/tpImMlK6pGQS2aW -KzHzvNGDgZK/eTQeRhe91NOdQeoKpkLLKmPlAR/J1W5xhZzc6RGWfs9btpjzbbum -nKyGiPEVJtE0WPTpu7K1AgMBAAGjWTBXMB8GA1UdIwQYMBaAFEkUmTu47rcK9eav -9qcll57Yx6sjMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMBwGA1UdEQQVMBOCEXNz -c2Quc2NydGxhYnMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCUTxPbPqSGz6i9BO1+ -fWFFLTtVkfJidcyb1L7nwTwjaTv2E/Oo5kM+0M3YkAqhgt0kc0OWdBntYd9voMlF -Jpk607eVib4CzLPm7UU2ZZF2KWQxMpjAbcGkSHnA5pnlHkMND7SpzqTOjwqd7crC -6MTwvWpJ+O01sbbp467Q0YYa4AyxXtk4MljbNSEl4bDXDrOzsXEgd+YrKX4Pn37T -sttwzrrbRI3Xm62u4aC5vHOSsAtobbe0aKFhf1+FYqYGOHd3TvPY8p/nAfIR3HJx -Xa7t8B+5KL9nWg7Nv342xkECCm3/a8zkBhCFIPFF+iIRo1tsTERdJG5EPFRa80hq -ep4+ ------END CERTIFICATE----- diff --git a/seed-service/server.key b/seed-service/server.key deleted file mode 100644 index 1f24eb1ee..000000000 --- a/seed-service/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEArfPMKTxsV5sqBsUuzGyoSAyYKNrHdgm3O3BFcVf2mhmV6HRH -64TmfmJ6ijuoIP396rpY+n3eubnYY1QwD4kbXf26pHTQuwSYbbXNCB0mr7n92KNI -kxZw0filU96eDxrpGnzJemId0Ai6OCht4fF818DhkXZPc48Vfwiwhe4jhQR2BO1X -atp5/SPB0DaRCZ0X7sVPoJ8GLWK6TdJGVlMxKszzR4ILr1G4VMsjrToUJ/7PsA07 -RP7aSJjJSuqRkEtmlisx87zRg4GSv3k0HkYXvdTTnUHqCqZCyypj5QEfydVucYWc -3OkRln7PW7aY8227ppyshojxFSbRNFj06buytQIDAQABAoIBAGMUt5hRS2DHB7Qd -gl98EIohalXy76PDOvQHKfa6ZMM3iZSDDygOZf9c9nFgM46/PW8Cv4XGRiPBwIgr -PsjKjqUFzda4lt+/aVcsM2HIwO1c4kMQFll5cb+Xggv4hE0URewJYfVsh5CkN/We -yZ/lnfeCbLkfC3hF6reV6n4Ou3qatC6hbBWKG+t7sXXDS1eW/BzH5hBU05gaT4hF -go/pHl+2GLJJF439U88qhLO5xRsjSplNYp/xBcBbKNYCu2nEnA3ei7Ss8S4IlhU1 -KD0JBxXZ5LJADwdsOClTDjHPAvdn0ef01iTSXe+q+KaoegsdfaWOn4mrf3cQzutx -tgqNxq0CgYEA3eiHmuXuF2+VxlzZKx3cl5HzxX1ngBZ3kNdrHpruweUrZi5nypmY -6hyzWQzFnGcnACvSZlH1riyanoeeEJ9OCxM9DvgmeuWF7TXGGy499MjDWEWnCwgY -ou592ZtfphdXmnNXKZUdCZZ+Aps9vd8glZX500Wl4+HyD4MCbtugiesCgYEAyK0y -2jpj1VnM53opqT7/jGngPnxuvND9JV8GIVZnjZXTFxH/ymFWnW2odew2HBV3nblL -8WFQXBzBMtqlbzzTGZ35TCSBDyTTTPLNf1bL0fWB4TIBK0mbS5E99Y94eSqTU1ps -KEjNNmTLfalqMg+z7+aRU3I6w4AxAWM1QKFf7d8CgYBU4jbFBMEPi+qB51BXEuQn -wne6Cp9FutJfwFdEbMV5u9zfCE9Bi4GXxATCwoTwr/CWOy0PYLiWuI8opv3Ko/Vp -fSF1EW0+w394XoJ6MTUX5pf6syITsTQjVxEi5TEwSmuDNC2aRWTHHx7yhkmW0LwZ -HDZlH5Y2Vl6OmnGa0D5XowKBgQChcIyveTflZIfuVJ39dRv65xYqzsn7hpmQngB9 -g1htU/Hs5mMEeghHP/e9XlktgKupLG+G8YXHhK58bd+XPLSLMEZlVhyphTOj/NUL -M1VnRH3HIAZGv8F6Ko9Q5KnDuFerP9wxEFhfAPmfz1IKkg1s2u1g102lB5TlC93E -b86PuwKBgB3xhuafa/68l8Ud0th+zeFGBoXY6WSpVQ5oqfglUePZtXNl80TuQ6oS -Nb6h26IxnfqGfpsecD9EseyUkTfdwrYMaO053atknq5PM6Lee9pmY7kZrq71hnql -mg+9CjYQYHdf/03Uc1ALA3M6Ah22jT7DmqJPTtL5SrtzlD7p3ars ------END RSA PRIVATE KEY----- diff --git a/seed-service/server_reqout.txt b/seed-service/server_reqout.txt deleted file mode 100644 index 17ba63721..000000000 --- a/seed-service/server_reqout.txt +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICzjCCAbYCAQAwYTELMAkGA1UEBhMCSUwxCzAJBgNVBAgMAklMMQswCQYDVQQH -DAJJTDELMAkGA1UECgwCSUwxCzAJBgNVBAsMAklMMQswCQYDVQQDDAJJTDERMA8G -CSqGSIb3DQEJARYCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC -fJkxyn5/Ru08c1MaYzdRGCg5FutHRlFaQfr1DOI/GRSjE6UgrCJNomK1opUEaGk0 -76tPGHpcWqyT5VjuVMVaoJKCfF84w7+XmPoWuFmt3oiCCmFu/hKw2zCN6M5h9eYt -8NBtygJtBgS4DJ/nQZNrsuzYup7HAO1n4cd5GudRDwIRyBodhFKciErJPZvZswgX -hJ0NVC68XuJmNb7kiXOk9JuGgE7XRr3hOtqvFsd3YlAa4YfeQRw+rNbLq9Il2QPR -39LfRiV12uiT/5h61XZl88gCBCMqS+/8hWzsxa9Ns5zi/o/G2HuOAUaC4Spbx6Ri -qvdakX4R4TDtJakXkfTrAgMBAAGgKDARBgkqhkiG9w0BCQIxBAwCSUwwEwYJKoZI -hvcNAQkHMQYMBElMSUwwDQYJKoZIhvcNAQELBQADggEBAIyzqZCwh294fV0dqF/O -isiPeF2cpgqnrGsSiBMMH+pNjhonm6nf57PAvitrsTSlUJ+rVhLtyWbsgDX04aBr -egPpxUhmGEjtLFP6QxEX+iC9+nKToD4W3vCfkZlaHs2bg/24mKDJnC+5c7Qxppba -tc58yAOYv1X2+Bga9QnYTzmWpygOlV5/UQ1pCg6gHKPapUhRjq/ZWzXOU+P6wf5B -IzCEb2sTVc+EOFw01y3dpMghDu9L0URAok0XAhOHO1expDzAHA9OeI2MiO7C/aR8 -TL1QVlOBIzB9ny+42sBzQHs6MaUMV/TNg0LIuJL/6vKCG1P39UI1FsQ6NRDCasRy -gfk= ------END CERTIFICATE REQUEST----- diff --git a/seed-service/serverca.crt b/seed-service/serverca.crt deleted file mode 100644 index 747b09ca4..000000000 --- a/seed-service/serverca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDozCCAougAwIBAgIUAjrxJK+s+eSnVyjQzFME/UaL3NowDQYJKoZIhvcNAQEL -BQAwYTELMAkGA1UEBhMCSUwxCzAJBgNVBAgMAklMMQswCQYDVQQHDAJJTDELMAkG -A1UECgwCSUwxCzAJBgNVBAsMAklMMQswCQYDVQQDDAJJTDERMA8GCSqGSIb3DQEJ -ARYCSUwwHhcNMjIxMDIwMDU0MDAzWhcNMjIxMTE5MDU0MDAzWjBhMQswCQYDVQQG -EwJJTDELMAkGA1UECAwCSUwxCzAJBgNVBAcMAklMMQswCQYDVQQKDAJJTDELMAkG -A1UECwwCSUwxCzAJBgNVBAMMAklMMREwDwYJKoZIhvcNAQkBFgJJTDCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBANd5EsLdZlbL+ko9lCNAdXMhkuleC9SW -c6AZgn6QlEiJZV9bHyvsWteDCGyzXq36sbUvwi+tLw1rxgPJy4Ug13HsVIUT1+8u -bFX92HZ0rrTDcqSNWsyr22cQAfv3K77M9UAbqqvMYJAA+SLsnKCxJ8+ZQGrti8hW -h025NBocenh+B9VNcefsyrAxOrIZ5DX8YpKLOrFbHIIXHAOlycRpsQIXhesGJWxb -n2PAT+3plDzoW3nUuUteCnyTkDvIYww/Wksa4dwFukeFF+U+13ZJ6Rrej7btirTW -L7vDM1QW+sXWN4fYRLjHHEdtN96SkJ059NWMlxRvj2JKklWQqKp234kCAwEAAaNT -MFEwHQYDVR0OBBYEFMQKVpBI/oQsks3E4ylpCNT5Q0XBMB8GA1UdIwQYMBaAFMQK -VpBI/oQsks3E4ylpCNT5Q0XBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAMfmXa1//CZX8uZFB/w+kRFwkyr/GHkJzZvsZ039oBfsHo6Ag86GQ4Bw -5bQNc2hMgrdx3PGTTnQZ6/fD/Wa0YLm/NiWEqg0xzXiQ38qFClTNQorocaxoXd9l -bIIJQHM1jZXbAbBGnKwUtou4kcpYJUUYjGnfeS8IHOZ7Ryl/Nyzs9scVfZQ4ZHPT -b8HWIuWcATiH1mY3S3uy12jbYrR+HNMGADAOP0FR/r5P4FYEUs3T3NbZVqsT+XoE -dnVnULWL/s7euch+byqMptWcLQwbPZHxiYKX0VPDWDE5TdLOHSYAi6k2+kUSOJXg -SoVTUMkXaMjj+wxz+bofhwIGuOVP09Q= ------END CERTIFICATE----- diff --git a/seed-service/serverca.srl b/seed-service/serverca.srl deleted file mode 100644 index b54c04e5d..000000000 --- a/seed-service/serverca.srl +++ /dev/null @@ -1 +0,0 @@ -6E2F1A99095A12DBF0DFD5536DE19BBC90DCE3F0 diff --git a/seed-service/servercakey.pem b/seed-service/servercakey.pem deleted file mode 100644 index 37f534214..000000000 --- a/seed-service/servercakey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA13kSwt1mVsv6Sj2UI0B1cyGS6V4L1JZzoBmCfpCUSIllX1sf -K+xa14MIbLNerfqxtS/CL60vDWvGA8nLhSDXcexUhRPX7y5sVf3YdnSutMNypI1a -zKvbZxAB+/crvsz1QBuqq8xgkAD5IuycoLEnz5lAau2LyFaHTbk0Ghx6eH4H1U1x -5+zKsDE6shnkNfxikos6sVscghccA6XJxGmxAheF6wYlbFufY8BP7emUPOhbedS5 -S14KfJOQO8hjDD9aSxrh3AW6R4UX5T7XdknpGt6Ptu2KtNYvu8MzVBb6xdY3h9hE -uMccR2033pKQnTn01YyXFG+PYkqSVZCoqnbfiQIDAQABAoIBAG/+Ftk/l+R/Kn0R -2oAkDaekiKZQ4ldBR6GsAJ5l6Rx2hUD1rJL4yxJ+oY9V/1zwExN4WjbLjcws+wOX -C/gK5M/qpNdyQ+amO1rKkIqpBPEhMOIEMnB01pmPwWhDxPHrt4D1oFSg6oOObe9Q -Ceyfh3CoV8n7445iIvsryr/Tk3gyHRGhuAouZfgas77VFQq4gTqLEKbk4YoHzKLW -07KMg/rN3zjiK3TIJlI5nW6p2LLsQ1nSla395V4tdUcGFKln0KShVsMZjHd3mqYj -epHfpDj0u83S5kZCGTcuiBrTnFFw2T3kFw+po6i1l+OZLP1d5SbstbLJM54MQCt6 -malnIj0CgYEA71olk+TMZ0YlsOO5jo5QFzXKerOlc2bEAh/0wS3g+vxSoMdvFrPL -zfkZ6H6SsCD1KKg8teaV5GHNgALGnd2U/M5Kokq5akR1kDKYxpP0iFTvUDaV9Zzf -dcP7wSboXttpXJDHyT5Gl+PEBfQaM0zHT5aS8swuO7ZNBHIG/bmwZnMCgYEA5nW9 -GOG7Xx5+jnJbpVfY0QZeI0dIPzL9A4S+sz8x6SP1vttixviRDqwpuYZEXsN+Ndyi -cOPVlXYDU4FVUJNsCfUEK3ufAE12pEQh7GD12RObgTpDL0Pdzx1Gl0FVTiFLZhYS -Hv6r7oNKrPzxWCl9CRcwcKHRZze97S/tSNF9ZxMCgYEAly52e9LRtQ2esvsz8jI7 -rl1gll4wTBMGDV2H6BkFeSK1Qi6WIV3RhjkoPyzrlGpMz7BsIG0UElwgRBH8yCv0 -djYK+DWApfm11C3RR+SeWRpkymKgF7JNhwISW28q6PdntnsQZjF6v2ezIhuMDQka -/09ZZBjJvxenz/4CInMOU7cCgYAesgXqv34ucChZHsA4KJg3VwrI1iC4UjlC87ZW -t48VR3Xe4ueoKslfU+0GyexnVtCDqgx0ztPO4XYV9D8ByXD1bo4MoJ2P88FepbiC -/HMiY6stri3uqLJteK/DS69qBaM+SKhHOpJ55UDYA6S9omEGCfGovtTeU51Xby/C -qCx0wwKBgQDp+jJwAqFSqUyGniztKKb8AdSWYGmDBbwIQedqQI1hS/en2hBQ9Qag -bSvscxvj3N4qHVCHOW5hdjIgoOBtIPbXbiWOmhEBtKDpGyYwK+q8/P+04+VkOOZf -2ZJV89CzfvN0nRU8UPtZ01PiT80ZBrceMlu/3m85Nei/xlNtCHVAiw== ------END RSA PRIVATE KEY----- diff --git a/seed-service/singularity_seed_service.manifest.template b/seed-service/singularity_seed_service.manifest.template deleted file mode 100644 index a7cdf5410..000000000 --- a/seed-service/singularity_seed_service.manifest.template +++ /dev/null @@ -1,68 +0,0 @@ -# Rust manifest example - -loader.entrypoint = "file:{{ gramine.libos }}" -libos.entrypoint = "{{ self_exe }}" -loader.log_level = "{{ log_level }}" -loader.argv0_override = "{{ self_exe }}" - -loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}" - -# See https://gramine.readthedocs.io/en/latest/devel/performance.html#glibc-malloc-tuning -loader.env.MALLOC_ARENA_MAX = "1" - -# For easier debugging — not strictly required to run this workload -loader.env.RUST_BACKTRACE = "full" - - -loader.env.ROCKET_WORKERS = "8" -loader.env.ROCKET_PORT = "9005" -loader.env.ROCKET_ADDRESS = "0.0.0.0" - - -fs.mounts = [ - { path = "/lib", uri = "file:{{ gramine.runtimedir() }}" }, - { path = "{{ arch_libdir }}", uri = "file:{{ arch_libdir }}" }, - { path = "/tmp", uri = "file:/tmp", type = "chroot" }, - { type = "encrypted", path = "/home/bob/enc", uri = "file:/home/bob/enc", key_name = "default" }, - -] - -# Unfortunately, non-SGX Gramine cannot use special keys such as "_sgx_mrenclave", so for this -# example to work on both non-SGX and SGX versions we hardcode a dummy key. In SGX production case, -# it is recommended to remove this insecure key and instead use "_sgx_mrenclave"/"_sgx_mrsigner". -fs.insecure__keys.default = "ffeeddccbbaa99887766554433221100" - -sgx.debug = true -sgx.nonpie_binary = true -sgx.remote_attestation = "epid" - - -sgx.trusted_files = [ - "file:server.key", - "file:serverca.crt", - "file:server.crt", - "file:{{ gramine.libos }}", - "file:{{ self_exe }}", - "file:{{ gramine.runtimedir() }}/", - "file:{{ arch_libdir }}/", - "file:/tmp/", -] - -sgx.allowed_files = [ - "file:/tmp/rst.sock", -] - -# The Tokio runtime requires eventfd, and the Gramine implementation -# currently relies on the host in an insecure manner. This setting isn't -# suitable for production deployment, but works well as a stopgap during -# development while a proper implementation in Gramine is being worked on. -sys.insecure__allow_eventfd = true - -# The maximum number of threads in a single process needs to be declared in advance. -# You need to account for: -# - one main thread -# - the tokio worker threads -# - any threads and threadpools you might be starting -# - helper threads internal to Gramine — see: -# https://gramine.readthedocs.io/en/latest/manifest-syntax.html#number-of-threads -sgx.thread_num = 12 diff --git a/seed-service/src/db.rs b/seed-service/src/db.rs deleted file mode 100644 index 584accac9..000000000 --- a/seed-service/src/db.rs +++ /dev/null @@ -1,85 +0,0 @@ -extern crate indexed_line_reader; - -use indexed_line_reader::*; - -use std::io::Write; -use std::num::ParseIntError; -use std::path::Path; -use std::{ - fs::{File, OpenOptions}, - io::{self, BufRead, Seek}, - io::{BufReader, SeekFrom}, -}; - -const DB_PATH: &str = "/home/bob/enc/seed.csv"; - -fn error(err: String) -> io::Error { - io::Error::new(io::ErrorKind::Other, err) -} - -pub fn get_seed_count() -> io::Result { - let file = BufReader::new(File::open(DB_PATH).expect("Unable to open file")); - let mut cnt = 0; - - for _ in file.lines() { - cnt += 1; - } - - Ok(cnt) -} - -pub fn get_seed_from_db(idx: u64) -> io::Result<[u8; 32]> { - let file_reader = BufReader::new( - OpenOptions::new() - .read(true) - .open(DB_PATH) - .expect("Unable to open file reader"), - ); - let indexed_line_reader = &mut IndexedLineReader::new(file_reader, 32); - - indexed_line_reader - .seek(SeekFrom::Start(idx - 1)) - .map_err(|e| error(format!("Seed not found {}", e)))?; - - let mut str = "".to_string(); - indexed_line_reader.read_line(&mut str)?; - - from_string(str) -} - -pub fn to_string(bs: &[u8]) -> String { - let mut visible = String::new(); - for &b in bs { - visible.push_str(format!("{:02X}", b).as_str()); - } - - visible -} - -pub fn decode_hex(s: &str) -> Result, ParseIntError> { - (0..s.len() - 1) - .step_by(2) - .map(|i| u8::from_str_radix(&s[i..i + 2], 16)) - .collect() -} - -pub fn from_string(s: String) -> io::Result<[u8; 32]> { - let v = decode_hex(s.as_str()) - .map_err(|e| error(format!("Failed to parse seed from db {} {}", s, e)))?; - v.try_into() - .map_err(|_| error(format!("Failed to parse seed from db"))) -} -pub fn write_seed(seed: [u8; 32]) -> io::Result<()> { - let mut file = OpenOptions::new().append(true).open(DB_PATH).unwrap(); - file.seek(SeekFrom::End(0))?; - writeln!(file, "{}", to_string(&seed)) -} - -pub fn is_db_exists() -> bool { - Path::new(DB_PATH).exists() -} - -pub fn create_db() -> io::Result<()> { - OpenOptions::new().create(true).write(true).open(DB_PATH)?; - Ok(()) -} diff --git a/seed-service/src/enclaves/Cargo.toml b/seed-service/src/enclaves/Cargo.toml deleted file mode 100644 index 6b9aff8c8..000000000 --- a/seed-service/src/enclaves/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[workspace] -members = ["ffi-types", "shared/*"] - -[profile.release] -opt-level = 3 -debug = false -debug-assertions = false -overflow-checks = false -lto = false -panic = 'unwind' -incremental = false -codegen-units = 16 -rpath = false - -[patch.crates-io] -rand_core = { git = "https://github.com/mesalock-linux/rand-sgx", default-features = false, features = [ - "mesalock_sgx", -] } -zeroize = { rev = "b8488228e3fdacbfdb3ea8a6117919871637d111", git = "https://github.com/enigmampc/zeroize" } diff --git a/seed-service/src/enclaves/ffi-types/.gitignore b/seed-service/src/enclaves/ffi-types/.gitignore deleted file mode 100644 index 03314f77b..000000000 --- a/seed-service/src/enclaves/ffi-types/.gitignore +++ /dev/null @@ -1 +0,0 @@ -Cargo.lock diff --git a/seed-service/src/enclaves/ffi-types/Cargo.toml b/seed-service/src/enclaves/ffi-types/Cargo.toml deleted file mode 100644 index 7d9de5490..000000000 --- a/seed-service/src/enclaves/ffi-types/Cargo.toml +++ /dev/null @@ -1,16 +0,0 @@ -[package] -name = "enclave-ffi-types" -version = "0.1.0" -authors = ["Reuven Podmazo "] -edition = "2021" - -[features] -default = [] -build_headers = ["cbindgen", "thiserror"] - -[dependencies] -derive_more = "0.99" - -[build-dependencies] -cbindgen = { version = "0.13", optional = true } -thiserror = { version = "1", optional = true } diff --git a/seed-service/src/enclaves/ffi-types/build.rs b/seed-service/src/enclaves/ffi-types/build.rs deleted file mode 100644 index 1c92b48b8..000000000 --- a/seed-service/src/enclaves/ffi-types/build.rs +++ /dev/null @@ -1,45 +0,0 @@ -#[cfg(feature = "build_headers")] -use std::env; -#[cfg(feature = "build_headers")] -use std::path::PathBuf; - -#[cfg(feature = "build_headers")] -use thiserror::Error; - -#[cfg(feature = "build_headers")] -#[derive(Debug, Error)] -enum Error { - #[error(transparent)] - CBindgenError { - #[from] - source: cbindgen::Error, - }, - #[error("{path}")] - BadOutDir { path: PathBuf }, -} -#[cfg(feature = "build_headers")] -fn main() -> Result<(), Error> { - let crate_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); - // This is a directory under the `target` directory of the crate building us. - let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); - // This path will point to a file under the `target/headers` directory of whoever's building us. - let header_path = { - let mut path = out_dir.clone(); - while path.file_name() != Some(&std::ffi::OsString::from("target")) { - // If for some reason we scanned the entire path and failed to find the `target` directory, return an error - if !path.pop() { - return Err(Error::BadOutDir { path: out_dir }); - } - } - path.push("headers"); - path.push("enclave-ffi-types.h"); // This should always equal the crate name - path - }; - - cbindgen::generate(crate_dir)?.write_to_file(header_path); - - Ok(()) -} - -#[cfg(not(feature = "build_headers"))] -fn main() {} diff --git a/seed-service/src/enclaves/ffi-types/cbindgen.toml b/seed-service/src/enclaves/ffi-types/cbindgen.toml deleted file mode 100644 index e9ece37df..000000000 --- a/seed-service/src/enclaves/ffi-types/cbindgen.toml +++ /dev/null @@ -1,106 +0,0 @@ -# This is a template cbindgen.toml file with all of the default values. -# Some values are commented out because their absence is the real default. -# -# See https://github.com/eqrion/cbindgen/blob/master/docs.md#cbindgentoml -# for detailed documentation of every option here. -language = "C" -############## Options for Wrapping the Contents of the Header ################# -# header = "/* Text to put at the beginning of the generated file. Probably a license. */" -# trailer = "/* Text to put at the end of the generated file */" -include_guard = "enclave_ffi_types_h" -autogen_warning = "/* Warning, this file is autogenerated by cbindgen. Don't modify this manually. */" -include_version = false -# namespace = "my_namespace" -namespaces = [] -using_namespaces = [] -sys_includes = [] -includes = [] -no_includes = false -############################ Code Style Options ################################ -braces = "SameLine" -line_length = 100 -tab_width = 4 -documentation_style = "auto" -############################# Codegen Options ################################## -style = "both" - -[defines] - -# "target_os = freebsd" = "DEFINE_FREEBSD" -# "feature = serde" = "DEFINE_SERDE" -[export] -include = [ - "UserSpaceBuffer", - "EnclaveBuffer", - "NodeAuthResult", - "Ctx", - "InitResult", - "HandleResult", - "QueryResult", - "OcallReturn", - "HealthCheckResult", - "RuntimeConfiguration", - "sgx_status_t", -] -exclude = [] -prefix = "" -item_types = [] -renaming_overrides_prefixing = false - -[export.rename] - -[export.body] - -[fn] -rename_args = "None" -# must_use = "MUST_USE_FUNC" -# prefix = "START_FUNC" -# postfix = "END_FUNC" -args = "auto" -sort_by = "Name" - -[struct] -rename_fields = "None" -# must_use = "MUST_USE_STRUCT" -derive_constructor = false -derive_eq = false -derive_neq = false -derive_lt = false -derive_lte = false -derive_gt = false -derive_gte = false - -[enum] -rename_variants = "None" -# must_use = "MUST_USE_ENUM" -add_sentinel = false -prefix_with_name = false -derive_helper_methods = false -derive_const_casts = false -derive_mut_casts = false -# cast_assert_name = "ASSERT" -derive_tagged_enum_destructor = false -derive_tagged_enum_copy_constructor = false -enum_class = true -private_default_tagged_enum_constructor = false - -[const] -allow_static_const = true -allow_constexpr = false - -[macro_expansion] -bitflags = false - -############## Options for How Your Rust library Should Be Parsed ############## -[parse] -parse_deps = false -# include = [] -exclude = [] -clean = false -extra_bindings = [] - -[parse.expand] -crates = [] -all_features = false -default_features = true -features = [] diff --git a/seed-service/src/enclaves/ffi-types/src/error.rs b/seed-service/src/enclaves/ffi-types/src/error.rs deleted file mode 100644 index 94b18fce2..000000000 --- a/seed-service/src/enclaves/ffi-types/src/error.rs +++ /dev/null @@ -1,995 +0,0 @@ -#![allow(unused)] -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License.. - -pub type int32_t = i32; -use core::fmt; -use core::result; -#[macro_export] -macro_rules! impl_enum { - ( - #[repr($repr:ident)] - #[derive($($derive:meta),*)] - pub enum $name:ident { - $key:ident = $val:expr, - $($keys:ident = $vals:expr,)* - } - ) => ( - #[repr($repr)] - #[derive($($derive),*)] - pub enum $name { - $key = $val, - $($keys = $vals,)* - } - - impl Default for $name { - fn default() -> $name { - $name::$key - } - } - - impl $name { - pub fn from_repr(v: $repr) -> Option { - match v { - $val => Some($name::$key), - $($vals => Some($name::$keys),)* - _ => None, - } - } - - pub fn from_key(self) -> $repr { - match self { - $name::$key => $val, - $($name::$keys => $vals,)* - } - } - } - ) -} - -// -// sgx_error.h -// - -impl_enum! { - #[repr(u16)] - #[derive(Copy, Clone, PartialEq, Eq, Ord, PartialOrd, Debug)] - pub enum sgx_status_t { - SGX_SUCCESS = 0x0000_0000, - - SGX_ERROR_UNEXPECTED = 0x0000_0001, /* Unexpected error */ - SGX_ERROR_INVALID_PARAMETER = 0x0000_0002, /* The parameter is incorrect */ - SGX_ERROR_OUT_OF_MEMORY = 0x0000_0003, /* Not enough memory is available to complete this operation */ - SGX_ERROR_ENCLAVE_LOST = 0x0000_0004, /* Enclave lost after power transition or used in child process created by linux:fork() */ - SGX_ERROR_INVALID_STATE = 0x0000_0005, /* SGX API is invoked in incorrect order or state */ - SGX_ERROR_FEATURE_NOT_SUPPORTED = 0x0000_0008, /* Feature is not supported on this platform */ - SGX_PTHREAD_EXIT = 0x0000_0009, /* Enclave is exited with pthread_exit() */ - - SGX_ERROR_INVALID_FUNCTION = 0x0000_1001, /* The ecall/ocall index is invalid */ - SGX_ERROR_OUT_OF_TCS = 0x0000_1003, /* The enclave is out of TCS */ - SGX_ERROR_ENCLAVE_CRASHED = 0x0000_1006, /* The enclave is crashed */ - SGX_ERROR_ECALL_NOT_ALLOWED = 0x0000_1007, /* The ECALL is not allowed at this time, e.g. ecall is blocked by the dynamic entry table, or nested ecall is not allowed during initialization */ - SGX_ERROR_OCALL_NOT_ALLOWED = 0x0000_1008, /* The OCALL is not allowed at this time, e.g. ocall is not allowed during exception handling */ - SGX_ERROR_STACK_OVERRUN = 0x0000_1009, /* The enclave is running out of stack */ - - SGX_ERROR_UNDEFINED_SYMBOL = 0x0000_2000, /* The enclave image has undefined symbol. */ - SGX_ERROR_INVALID_ENCLAVE = 0x0000_2001, /* The enclave image is not correct. */ - SGX_ERROR_INVALID_ENCLAVE_ID = 0x0000_2002, /* The enclave id is invalid */ - SGX_ERROR_INVALID_SIGNATURE = 0x0000_2003, /* The signature is invalid */ - SGX_ERROR_NDEBUG_ENCLAVE = 0x0000_2004, /* The enclave is signed as product enclave, and can not be created as debuggable enclave. */ - SGX_ERROR_OUT_OF_EPC = 0x0000_2005, /* Not enough EPC is available to load the enclave */ - SGX_ERROR_NO_DEVICE = 0x0000_2006, /* Can't open SGX device */ - SGX_ERROR_MEMORY_MAP_CONFLICT = 0x0000_2007, /* Page mapping failed in driver */ - SGX_ERROR_INVALID_METADATA = 0x0000_2009, /* The metadata is incorrect. */ - SGX_ERROR_DEVICE_BUSY = 0x0000_200c, /* Device is busy, mostly EINIT failed. */ - SGX_ERROR_INVALID_VERSION = 0x0000_200d, /* Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform. */ - SGX_ERROR_MODE_INCOMPATIBLE = 0x0000_200e, /* The target enclave 32/64 bit mode or sim/hw mode is incompatible with the mode of current uRTS. */ - SGX_ERROR_ENCLAVE_FILE_ACCESS = 0x0000_200f, /* Can't open enclave file. */ - SGX_ERROR_INVALID_MISC = 0x0000_2010, /* The MiscSelct/MiscMask settings are not correct.*/ - SGX_ERROR_INVALID_LAUNCH_TOKEN = 0x0000_2011, /* The launch token is not correct.*/ - - SGX_ERROR_MAC_MISMATCH = 0x0000_3001, /* Indicates verification error for reports, sealed datas, etc */ - SGX_ERROR_INVALID_ATTRIBUTE = 0x0000_3002, /* The enclave is not authorized, e.g., requesting invalid attribute or launch key access on legacy SGX platform without FLC. */ - SGX_ERROR_INVALID_CPUSVN = 0x0000_3003, /* The cpu svn is beyond platform's cpu svn value */ - SGX_ERROR_INVALID_ISVSVN = 0x0000_3004, /* The isv svn is greater than the enclave's isv svn */ - SGX_ERROR_INVALID_KEYNAME = 0x0000_3005, /* The key name is an unsupported value */ - - SGX_ERROR_SERVICE_UNAVAILABLE = 0x0000_4001, /* Indicates aesm didn't respond or the requested service is not supported */ - SGX_ERROR_SERVICE_TIMEOUT = 0x0000_4002, /* The request to aesm timed out */ - SGX_ERROR_AE_INVALID_EPIDBLOB = 0x0000_4003, /* Indicates epid blob verification error */ - SGX_ERROR_SERVICE_INVALID_PRIVILEGE = 0x0000_4004, /* Enclave not authorized to run, .e.g. provisioning enclave hosted in an app without access rights to /dev/sgx_provision */ - SGX_ERROR_EPID_MEMBER_REVOKED = 0x0000_4005, /* The EPID group membership is revoked. */ - SGX_ERROR_UPDATE_NEEDED = 0x0000_4006, /* SGX needs to be updated */ - SGX_ERROR_NETWORK_FAILURE = 0x0000_4007, /* Network connecting or proxy setting issue is encountered */ - SGX_ERROR_AE_SESSION_INVALID = 0x0000_4008, /* Session is invalid or ended by server */ - SGX_ERROR_BUSY = 0x0000_400a, /* The requested service is temporarily not availabe */ - SGX_ERROR_MC_NOT_FOUND = 0x0000_400c, /* The Monotonic Counter doesn't exist or has been invalided */ - SGX_ERROR_MC_NO_ACCESS_RIGHT = 0x0000_400d, /* Caller doesn't have the access right to specified VMC */ - SGX_ERROR_MC_USED_UP = 0x0000_400e, /* Monotonic counters are used out */ - SGX_ERROR_MC_OVER_QUOTA = 0x0000_400f, /* Monotonic counters exceeds quota limitation */ - SGX_ERROR_KDF_MISMATCH = 0x0000_4011, /* Key derivation function doesn't match during key exchange */ - SGX_ERROR_UNRECOGNIZED_PLATFORM = 0x0000_4012, /* EPID Provisioning failed due to platform not recognized by backend server*/ - SGX_ERROR_UNSUPPORTED_CONFIG = 0x0000_4013, /* The config for trigging EPID Provisiong or PSE Provisiong<P is invalid*/ - - SGX_ERROR_NO_PRIVILEGE = 0x0000_5002, /* Not enough privilege to perform the operation */ - - /* SGX Protected Code Loader Error codes*/ - SGX_ERROR_PCL_ENCRYPTED = 0x0000_6001, /* trying to encrypt an already encrypted enclave */ - SGX_ERROR_PCL_NOT_ENCRYPTED = 0x0000_6002, /* trying to load a plain enclave using sgx_create_encrypted_enclave */ - SGX_ERROR_PCL_MAC_MISMATCH = 0x0000_6003, /* section mac result does not match build time mac */ - SGX_ERROR_PCL_SHA_MISMATCH = 0x0000_6004, /* Unsealed key MAC does not match MAC of key hardcoded in enclave binary */ - SGX_ERROR_PCL_GUID_MISMATCH = 0x0000_6005, /* GUID in sealed blob does not match GUID hardcoded in enclave binary */ - - /* SGX errors are only used in the file API when there is no appropriate EXXX (EINVAL, EIO etc.) error code */ - SGX_ERROR_FILE_BAD_STATUS = 0x0000_7001, /* The file is in bad status, run sgx_clearerr to try and fix it */ - SGX_ERROR_FILE_NO_KEY_ID = 0x0000_7002, /* The Key ID field is all zeros, can't re-generate the encryption key */ - SGX_ERROR_FILE_NAME_MISMATCH = 0x0000_7003, /* The current file name is different then the original file name (not allowed, substitution attack) */ - SGX_ERROR_FILE_NOT_SGX_FILE = 0x0000_7004, /* The file is not an SGX file */ - SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE = 0x0000_7005, /* A recovery file can't be opened, so flush operation can't continue (only used when no EXXX is returned) */ - SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE = 0x0000_7006, /* A recovery file can't be written, so flush operation can't continue (only used when no EXXX is returned) */ - SGX_ERROR_FILE_RECOVERY_NEEDED = 0x0000_7007, /* When openeing the file, recovery is needed, but the recovery process failed */ - SGX_ERROR_FILE_FLUSH_FAILED = 0x0000_7008, /* fflush operation (to disk) failed (only used when no EXXX is returned) */ - SGX_ERROR_FILE_CLOSE_FAILED = 0x0000_7009, /* fclose operation (to disk) failed (only used when no EXXX is returned) */ - - SGX_ERROR_UNSUPPORTED_ATT_KEY_ID = 0x0000_8001, /* platform quoting infrastructure does not support the key.*/ - SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE = 0x0000_8002, /* Failed to generate and certify the attestation key.*/ - SGX_ERROR_ATT_KEY_UNINITIALIZED = 0x0000_8003, /* The platform quoting infrastructure does not have the attestation key available to generate quote.*/ - SGX_ERROR_INVALID_ATT_KEY_CERT_DATA = 0x0000_8004, /* TThe data returned by the platform library's sgx_get_quote_config() is invalid.*/ - SGX_ERROR_PLATFORM_CERT_UNAVAILABLE = 0x0000_8005, /* The PCK Cert for the platform is not available.*/ - - SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED = 0x0000_F001, /* The ioctl for enclave_create unexpectedly failed with EINTR. */ - - // SGX_ERROR_WASM_BUFFER_TOO_SHORT = 0x0F00_F001, /* sgxwasm output buffer not long enough */ - // SGX_ERROR_WASM_INTERPRETER_ERROR = 0x0F00_F002, /* sgxwasm interpreter error */ - // SGX_ERROR_WASM_LOAD_MODULE_ERROR = 0x0F00_F003, /* sgxwasm loadmodule error */ - // SGX_ERROR_WASM_TRY_LOAD_ERROR = 0x0F00_F004, /* sgxwasm tryload error */ - // SGX_ERROR_WASM_REGISTER_ERROR = 0x0F00_F005, /* sgxwasm register error */ - // SGX_ERROR_FAAS_BUFFER_TOO_SHORT = 0x0F00_E001, /* faas output buffer not long enough */ - // SGX_ERROR_FAAS_INTERNAL_ERROR = 0x0F00_E002, /* faas exec internal error */ - } -} - -impl sgx_status_t { - pub fn __description(&self) -> &str { - match *self { - sgx_status_t::SGX_SUCCESS => "Success.", - sgx_status_t::SGX_ERROR_UNEXPECTED => "Unexpected error occurred.", - sgx_status_t::SGX_ERROR_INVALID_PARAMETER => "The parameter is incorrect.", - sgx_status_t::SGX_ERROR_OUT_OF_MEMORY => "Not enough memory is available to complete this operation.", - sgx_status_t::SGX_ERROR_ENCLAVE_LOST => "Enclave lost after power transition or used in child process created.", - sgx_status_t::SGX_ERROR_INVALID_STATE => "SGX API is invoked in incorrect order or state.", - sgx_status_t::SGX_ERROR_FEATURE_NOT_SUPPORTED => "Feature is not supported on this platform.", - sgx_status_t::SGX_PTHREAD_EXIT => "Enclave is exited with pthread_exit.", - - sgx_status_t::SGX_ERROR_INVALID_FUNCTION => "The ecall/ocall index is invalid.", - sgx_status_t::SGX_ERROR_OUT_OF_TCS => "The enclave is out of TCS.", - sgx_status_t::SGX_ERROR_ENCLAVE_CRASHED => "The enclave is crashed.", - sgx_status_t::SGX_ERROR_ECALL_NOT_ALLOWED => "The ECALL is not allowed at this time.", - sgx_status_t::SGX_ERROR_OCALL_NOT_ALLOWED => "The OCALL is not allowed at this time.", - sgx_status_t::SGX_ERROR_STACK_OVERRUN => "The enclave is running out of stack.", - - sgx_status_t::SGX_ERROR_UNDEFINED_SYMBOL => "The enclave image has undefined symbol.", - sgx_status_t::SGX_ERROR_INVALID_ENCLAVE => "The enclave image is not correct.", - sgx_status_t::SGX_ERROR_INVALID_ENCLAVE_ID => "The enclave id is invalid.", - sgx_status_t::SGX_ERROR_INVALID_SIGNATURE => "The signature is invalid.", - sgx_status_t::SGX_ERROR_NDEBUG_ENCLAVE => "The enclave can not be created as debuggable enclave.", - sgx_status_t::SGX_ERROR_OUT_OF_EPC => "Not enough EPC is available to load the enclave.", - sgx_status_t::SGX_ERROR_NO_DEVICE => "Can't open SGX device.", - sgx_status_t::SGX_ERROR_MEMORY_MAP_CONFLICT => "Page mapping failed in driver.", - sgx_status_t::SGX_ERROR_INVALID_METADATA => "The metadata is incorrect.", - sgx_status_t::SGX_ERROR_DEVICE_BUSY => "Device is busy, mostly EINIT failed.", - sgx_status_t::SGX_ERROR_INVALID_VERSION => "Enclave version was invalid.", - sgx_status_t::SGX_ERROR_MODE_INCOMPATIBLE => "The target enclave mode is incompatible with the mode of current uRTS.", - sgx_status_t::SGX_ERROR_ENCLAVE_FILE_ACCESS => "Can't open enclave file.", - sgx_status_t::SGX_ERROR_INVALID_MISC => "The MiscSelct/MiscMask settings are not correct.", - sgx_status_t::SGX_ERROR_INVALID_LAUNCH_TOKEN => "The launch token is not correct.", - - sgx_status_t::SGX_ERROR_MAC_MISMATCH => "Indicates verification error for reports, sealed datas, etc.", - sgx_status_t::SGX_ERROR_INVALID_ATTRIBUTE => "The enclave is not authorized.", - sgx_status_t::SGX_ERROR_INVALID_CPUSVN => "The cpu svn is beyond platform's cpu svn value.", - sgx_status_t::SGX_ERROR_INVALID_ISVSVN => "The isv svn is greater than the enclave's isv svn.", - sgx_status_t::SGX_ERROR_INVALID_KEYNAME => "The key name is an unsupported value.", - - sgx_status_t::SGX_ERROR_SERVICE_UNAVAILABLE => "Indicates aesm didn't response or the requested service is not supported.", - sgx_status_t::SGX_ERROR_SERVICE_TIMEOUT => "The request to aesm time out.", - sgx_status_t::SGX_ERROR_AE_INVALID_EPIDBLOB => "Indicates epid blob verification error.", - sgx_status_t::SGX_ERROR_SERVICE_INVALID_PRIVILEGE => "Enclave has no privilege to get launch token.", - sgx_status_t::SGX_ERROR_EPID_MEMBER_REVOKED => "The EPID group membership is revoked.", - sgx_status_t::SGX_ERROR_UPDATE_NEEDED => "SGX needs to be updated.", - sgx_status_t::SGX_ERROR_NETWORK_FAILURE => "Network connecting or proxy setting issue is encountered.", - sgx_status_t::SGX_ERROR_AE_SESSION_INVALID => "Session is invalid or ended by server.", - sgx_status_t::SGX_ERROR_BUSY => "The requested service is temporarily not availabe.", - sgx_status_t::SGX_ERROR_MC_NOT_FOUND => "The Monotonic Counter doesn't exist or has been invalided.", - sgx_status_t::SGX_ERROR_MC_NO_ACCESS_RIGHT => "Caller doesn't have the access right to specified VMC.", - sgx_status_t::SGX_ERROR_MC_USED_UP => "Monotonic counters are used out.", - sgx_status_t::SGX_ERROR_MC_OVER_QUOTA => "Monotonic counters exceeds quota limitation.", - sgx_status_t::SGX_ERROR_KDF_MISMATCH => "Key derivation function doesn't match during key exchange.", - sgx_status_t::SGX_ERROR_UNRECOGNIZED_PLATFORM => "EPID Provisioning failed due to platform not recognized by backend server.", - sgx_status_t::SGX_ERROR_UNSUPPORTED_CONFIG => "The config for trigging EPID Provisiong or PSE Provisiong<P is invalid.", - sgx_status_t::SGX_ERROR_NO_PRIVILEGE => "Not enough privilege to perform the operation.", - - sgx_status_t::SGX_ERROR_PCL_ENCRYPTED => "Trying to encrypt an already encrypted enclave.", - sgx_status_t::SGX_ERROR_PCL_NOT_ENCRYPTED => "Trying to load a plain enclave using sgx_create_encrypted_enclave.", - sgx_status_t::SGX_ERROR_PCL_MAC_MISMATCH => "Section mac result does not match build time mac.", - sgx_status_t::SGX_ERROR_PCL_SHA_MISMATCH => "Unsealed key MAC does not match MAC of key hardcoded in enclave binary.", - sgx_status_t::SGX_ERROR_PCL_GUID_MISMATCH => "GUID in sealed blob does not match GUID hardcoded in enclave binary.", - - sgx_status_t::SGX_ERROR_FILE_BAD_STATUS => "The file is in bad status.", - sgx_status_t::SGX_ERROR_FILE_NO_KEY_ID => "The Key ID field is all zeros, can't regenerate the encryption key.", - sgx_status_t::SGX_ERROR_FILE_NAME_MISMATCH => "The current file name is different then the original file name.", - sgx_status_t::SGX_ERROR_FILE_NOT_SGX_FILE => "The file is not an SGX file.", - sgx_status_t::SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE => "A recovery file can't be opened, so flush operation can't continue.", - sgx_status_t::SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE => "A recovery file can't be written, so flush operation can't continue.", - sgx_status_t::SGX_ERROR_FILE_RECOVERY_NEEDED => "When openeing the file, recovery is needed, but the recovery process failed.", - sgx_status_t::SGX_ERROR_FILE_FLUSH_FAILED => "fflush operation failed.", - sgx_status_t::SGX_ERROR_FILE_CLOSE_FAILED => "fclose operation failed.", - - sgx_status_t::SGX_ERROR_UNSUPPORTED_ATT_KEY_ID => "platform quoting infrastructure does not support the key.", - sgx_status_t::SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE => "Failed to generate and certify the attestation key.", - sgx_status_t::SGX_ERROR_ATT_KEY_UNINITIALIZED => "The platform quoting infrastructure does not have the attestation key available to generate quote.", - sgx_status_t::SGX_ERROR_INVALID_ATT_KEY_CERT_DATA => "The data returned by the platform library is invalid.", - sgx_status_t::SGX_ERROR_PLATFORM_CERT_UNAVAILABLE => "The PCK Cert for the platform is not available.", - - sgx_status_t::SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED => "The ioctl for enclave_create unexpectedly failed with EINTR.", - - // sgx_status_t::SGX_ERROR_WASM_BUFFER_TOO_SHORT => "sgx wasm output buffer too small.", - // sgx_status_t::SGX_ERROR_WASM_INTERPRETER_ERROR => "sgx wasm interpreter error.", - // sgx_status_t::SGX_ERROR_WASM_LOAD_MODULE_ERROR => "sgxwasm loadmodule error.", - // sgx_status_t::SGX_ERROR_WASM_TRY_LOAD_ERROR => "sgxwasm tryload error.", - // sgx_status_t::SGX_ERROR_WASM_REGISTER_ERROR => "sgxwasm register error.", - // sgx_status_t::SGX_ERROR_FAAS_BUFFER_TOO_SHORT => "faas output buffer too short.", - // sgx_status_t::SGX_ERROR_FAAS_INTERNAL_ERROR => "faas exec internal error.", - } - } - - pub fn as_str(&self) -> &str { - match *self { - sgx_status_t::SGX_SUCCESS => "SGX_SUCCESS.", - sgx_status_t::SGX_ERROR_UNEXPECTED => "SGX_ERROR_UNEXPECTED", - sgx_status_t::SGX_ERROR_INVALID_PARAMETER => "SGX_ERROR_INVALID_PARAMETER", - sgx_status_t::SGX_ERROR_OUT_OF_MEMORY => "SGX_ERROR_OUT_OF_MEMORY", - sgx_status_t::SGX_ERROR_ENCLAVE_LOST => "SGX_ERROR_ENCLAVE_LOST", - sgx_status_t::SGX_ERROR_INVALID_STATE => "SGX_ERROR_INVALID_STATE", - sgx_status_t::SGX_ERROR_FEATURE_NOT_SUPPORTED => "SGX_ERROR_FEATURE_NOT_SUPPORTED", - sgx_status_t::SGX_PTHREAD_EXIT => "SGX_PTHREAD_EXIT", - - sgx_status_t::SGX_ERROR_INVALID_FUNCTION => "SGX_ERROR_INVALID_FUNCTION", - sgx_status_t::SGX_ERROR_OUT_OF_TCS => "SGX_ERROR_OUT_OF_TCS", - sgx_status_t::SGX_ERROR_ENCLAVE_CRASHED => "SGX_ERROR_ENCLAVE_CRASHED", - sgx_status_t::SGX_ERROR_ECALL_NOT_ALLOWED => "SGX_ERROR_ECALL_NOT_ALLOWED", - sgx_status_t::SGX_ERROR_OCALL_NOT_ALLOWED => "SGX_ERROR_OCALL_NOT_ALLOWED", - sgx_status_t::SGX_ERROR_STACK_OVERRUN => "SGX_ERROR_STACK_OVERRUN", - - sgx_status_t::SGX_ERROR_UNDEFINED_SYMBOL => "SGX_ERROR_UNDEFINED_SYMBOL", - sgx_status_t::SGX_ERROR_INVALID_ENCLAVE => "SGX_ERROR_INVALID_ENCLAVE", - sgx_status_t::SGX_ERROR_INVALID_ENCLAVE_ID => "SGX_ERROR_INVALID_ENCLAVE_ID", - sgx_status_t::SGX_ERROR_INVALID_SIGNATURE => "SGX_ERROR_INVALID_SIGNATURE", - sgx_status_t::SGX_ERROR_NDEBUG_ENCLAVE => "SGX_ERROR_NDEBUG_ENCLAVE", - sgx_status_t::SGX_ERROR_OUT_OF_EPC => "SGX_ERROR_OUT_OF_EPC", - sgx_status_t::SGX_ERROR_NO_DEVICE => "SGX_ERROR_NO_DEVICE", - sgx_status_t::SGX_ERROR_MEMORY_MAP_CONFLICT => "SGX_ERROR_MEMORY_MAP_CONFLICT", - sgx_status_t::SGX_ERROR_INVALID_METADATA => "SGX_ERROR_INVALID_METADATA", - sgx_status_t::SGX_ERROR_DEVICE_BUSY => "SGX_ERROR_DEVICE_BUSY", - sgx_status_t::SGX_ERROR_INVALID_VERSION => "SGX_ERROR_INVALID_VERSION", - sgx_status_t::SGX_ERROR_MODE_INCOMPATIBLE => "SGX_ERROR_MODE_INCOMPATIBLE", - sgx_status_t::SGX_ERROR_ENCLAVE_FILE_ACCESS => "SGX_ERROR_ENCLAVE_FILE_ACCESS", - sgx_status_t::SGX_ERROR_INVALID_MISC => "SGX_ERROR_INVALID_MISC", - sgx_status_t::SGX_ERROR_INVALID_LAUNCH_TOKEN => "SGX_ERROR_INVALID_LAUNCH_TOKEN", - - sgx_status_t::SGX_ERROR_MAC_MISMATCH => "SGX_ERROR_MAC_MISMATCH", - sgx_status_t::SGX_ERROR_INVALID_ATTRIBUTE => "SGX_ERROR_INVALID_ATTRIBUTE", - sgx_status_t::SGX_ERROR_INVALID_CPUSVN => "SGX_ERROR_INVALID_CPUSVN", - sgx_status_t::SGX_ERROR_INVALID_ISVSVN => "SGX_ERROR_INVALID_ISVSVN", - sgx_status_t::SGX_ERROR_INVALID_KEYNAME => "SGX_ERROR_INVALID_KEYNAME", - - sgx_status_t::SGX_ERROR_SERVICE_UNAVAILABLE => "SGX_ERROR_SERVICE_UNAVAILABLE", - sgx_status_t::SGX_ERROR_SERVICE_TIMEOUT => "SGX_ERROR_SERVICE_TIMEOUT", - sgx_status_t::SGX_ERROR_AE_INVALID_EPIDBLOB => "SGX_ERROR_AE_INVALID_EPIDBLOB", - sgx_status_t::SGX_ERROR_SERVICE_INVALID_PRIVILEGE => { - "SGX_ERROR_SERVICE_INVALID_PRIVILEGE" - } - sgx_status_t::SGX_ERROR_EPID_MEMBER_REVOKED => "SGX_ERROR_EPID_MEMBER_REVOKED", - sgx_status_t::SGX_ERROR_UPDATE_NEEDED => "SGX_ERROR_UPDATE_NEEDED", - sgx_status_t::SGX_ERROR_NETWORK_FAILURE => "SGX_ERROR_NETWORK_FAILURE", - sgx_status_t::SGX_ERROR_AE_SESSION_INVALID => "SGX_ERROR_AE_SESSION_INVALID", - sgx_status_t::SGX_ERROR_BUSY => "SGX_ERROR_BUSY", - sgx_status_t::SGX_ERROR_MC_NOT_FOUND => "SGX_ERROR_MC_NOT_FOUND", - sgx_status_t::SGX_ERROR_MC_NO_ACCESS_RIGHT => "SGX_ERROR_MC_NO_ACCESS_RIGHT", - sgx_status_t::SGX_ERROR_MC_USED_UP => "SGX_ERROR_MC_USED_UP", - sgx_status_t::SGX_ERROR_MC_OVER_QUOTA => "SGX_ERROR_MC_OVER_QUOTA", - sgx_status_t::SGX_ERROR_KDF_MISMATCH => "SGX_ERROR_KDF_MISMATCH", - sgx_status_t::SGX_ERROR_UNRECOGNIZED_PLATFORM => "SGX_ERROR_UNRECOGNIZED_PLATFORM", - sgx_status_t::SGX_ERROR_UNSUPPORTED_CONFIG => "SGX_ERROR_UNSUPPORTED_CONFIG", - sgx_status_t::SGX_ERROR_NO_PRIVILEGE => "SGX_ERROR_NO_PRIVILEGE", - - sgx_status_t::SGX_ERROR_PCL_ENCRYPTED => "SGX_ERROR_PCL_ENCRYPTED", - sgx_status_t::SGX_ERROR_PCL_NOT_ENCRYPTED => "SGX_ERROR_PCL_NOT_ENCRYPTED", - sgx_status_t::SGX_ERROR_PCL_MAC_MISMATCH => "SGX_ERROR_PCL_MAC_MISMATCH", - sgx_status_t::SGX_ERROR_PCL_SHA_MISMATCH => "SGX_ERROR_PCL_SHA_MISMATCH", - sgx_status_t::SGX_ERROR_PCL_GUID_MISMATCH => "SGX_ERROR_PCL_GUID_MISMATCH", - - sgx_status_t::SGX_ERROR_FILE_BAD_STATUS => "SGX_ERROR_FILE_BAD_STATUS", - sgx_status_t::SGX_ERROR_FILE_NO_KEY_ID => "SGX_ERROR_FILE_NO_KEY_ID", - sgx_status_t::SGX_ERROR_FILE_NAME_MISMATCH => "SGX_ERROR_FILE_NAME_MISMATCH", - sgx_status_t::SGX_ERROR_FILE_NOT_SGX_FILE => "SGX_ERROR_FILE_NOT_SGX_FILE", - sgx_status_t::SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE => { - "SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE" - } - sgx_status_t::SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE => { - "SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE" - } - sgx_status_t::SGX_ERROR_FILE_RECOVERY_NEEDED => "SGX_ERROR_FILE_RECOVERY_NEEDED", - sgx_status_t::SGX_ERROR_FILE_FLUSH_FAILED => "SGX_ERROR_FILE_FLUSH_FAILED", - sgx_status_t::SGX_ERROR_FILE_CLOSE_FAILED => "SGX_ERROR_FILE_CLOSE_FAILED", - - sgx_status_t::SGX_ERROR_UNSUPPORTED_ATT_KEY_ID => "SGX_ERROR_UNSUPPORTED_ATT_KEY_ID", - sgx_status_t::SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE => { - "SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE" - } - sgx_status_t::SGX_ERROR_ATT_KEY_UNINITIALIZED => "SGX_ERROR_ATT_KEY_UNINITIALIZED", - sgx_status_t::SGX_ERROR_INVALID_ATT_KEY_CERT_DATA => { - "SGX_ERROR_INVALID_ATT_KEY_CERT_DATA" - } - sgx_status_t::SGX_ERROR_PLATFORM_CERT_UNAVAILABLE => { - "SGX_ERROR_PLATFORM_CERT_UNAVAILABLE" - } - - sgx_status_t::SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED => { - "SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED" - } - - // sgx_status_t::SGX_ERROR_WASM_BUFFER_TOO_SHORT => "SGX_ERROR_WASM_BUFFER_TOO_SHORT", - // sgx_status_t::SGX_ERROR_WASM_INTERPRETER_ERROR => "SGX_ERROR_WASM_INTERPRETER_ERROR", - // sgx_status_t::SGX_ERROR_WASM_LOAD_MODULE_ERROR => "SGX_ERROR_WASM_LOAD_MODULE_ERROR", - // sgx_status_t::SGX_ERROR_WASM_TRY_LOAD_ERROR => "SGX_ERROR_WASM_TRY_LOAD_ERROR", - // sgx_status_t::SGX_ERROR_WASM_REGISTER_ERROR => "SGX_ERROR_WASM_REGISTER_ERROR", - // sgx_status_t::SGX_ERROR_FAAS_BUFFER_TOO_SHORT => "SGX_ERROR_FAAS_BUFFER_TOO_SHORT", - // sgx_status_t::SGX_ERROR_FAAS_INTERNAL_ERROR => "SGX_ERROR_FAAS_INTERNAL_ERROR", - } - } -} - -impl fmt::Display for sgx_status_t { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.as_str()) - } -} - -impl_enum! { - #[repr(u32)] - #[derive(Copy, Clone, PartialEq, Eq, Ord, PartialOrd, Debug)] - pub enum sgx_pce_error_t { - SGX_PCE_SUCCESS = 0x0000_F000, - SGX_PCE_UNEXPECTED = 0x0000_F001, - SGX_PCE_INVALID_PARAMETER = 0x0000_F002, - SGX_PCE_OUT_OF_EPC = 0x0000_F003, - SGX_PCE_INTERFACE_UNAVAILABLE = 0x0000_F004, - SGX_PCE_INVALID_REPORT = 0x0000_F005, - SGX_PCE_CRYPTO_ERROR = 0x0000_F006, - SGX_PCE_INVALID_PRIVILEGE = 0x0000_F007, - SGX_PCE_INVALID_TCB = 0x0000_F008, - } -} - -impl sgx_pce_error_t { - pub fn __description(&self) -> &str { - match *self { - sgx_pce_error_t::SGX_PCE_SUCCESS => "Success.", - sgx_pce_error_t::SGX_PCE_UNEXPECTED => "Unexpected error.", - sgx_pce_error_t::SGX_PCE_INVALID_PARAMETER => "The parameter is incorrect.", - sgx_pce_error_t::SGX_PCE_OUT_OF_EPC => { - "Not enough memory is available to complete this operation." - } - sgx_pce_error_t::SGX_PCE_INTERFACE_UNAVAILABLE => "SGX API is unavailable.", - sgx_pce_error_t::SGX_PCE_INVALID_REPORT => "The report cannot be verified.", - sgx_pce_error_t::SGX_PCE_CRYPTO_ERROR => "Cannot decrypt or verify ciphertext.", - sgx_pce_error_t::SGX_PCE_INVALID_PRIVILEGE => { - "Not enough privilege to perform the operation." - } - sgx_pce_error_t::SGX_PCE_INVALID_TCB => "PCE could not sign at the requested TCB.", - } - } - - pub fn as_str(&self) -> &str { - match *self { - sgx_pce_error_t::SGX_PCE_SUCCESS => "SGX_PCE_SUCCESS.", - sgx_pce_error_t::SGX_PCE_UNEXPECTED => "SGX_PCE_UNEXPECTED", - sgx_pce_error_t::SGX_PCE_INVALID_PARAMETER => "SGX_PCE_INVALID_PARAMETER", - sgx_pce_error_t::SGX_PCE_OUT_OF_EPC => "SGX_PCE_OUT_OF_EPC", - sgx_pce_error_t::SGX_PCE_INTERFACE_UNAVAILABLE => "SGX_PCE_INTERFACE_UNAVAILABLE", - sgx_pce_error_t::SGX_PCE_INVALID_REPORT => "SGX_PCE_INVALID_REPORT", - sgx_pce_error_t::SGX_PCE_CRYPTO_ERROR => "SGX_PCE_CRYPTO_ERROR", - sgx_pce_error_t::SGX_PCE_INVALID_PRIVILEGE => "SGX_PCE_INVALID_PRIVILEGE", - sgx_pce_error_t::SGX_PCE_INVALID_TCB => "SGX_PCE_INVALID_TCB", - } - } -} - -impl fmt::Display for sgx_pce_error_t { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.as_str()) - } -} - -impl_enum! { - #[repr(u32)] - #[derive(Copy, Clone, PartialEq, Eq, Ord, PartialOrd, Debug)] - pub enum sgx_quote3_error_t { - SGX_QL_SUCCESS = 0x0000_0000, -// SGX_QL_ERROR_MIN = 0x0000_E001, - SGX_QL_ERROR_UNEXPECTED = 0x0000_E001, - SGX_QL_ERROR_INVALID_PARAMETER = 0x0000_E002, - SGX_QL_ERROR_OUT_OF_MEMORY = 0x0000_E003, - SGX_QL_ERROR_ECDSA_ID_MISMATCH = 0x0000_E004, - SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR = 0x0000_E005, - SGX_QL_FILE_ACCESS_ERROR = 0x0000_E006, - SGX_QL_ERROR_STORED_KEY = 0x0000_E007, - SGX_QL_ERROR_PUB_KEY_ID_MISMATCH = 0x0000_E008, - SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME = 0x0000_E009, - SGX_QL_ATT_KEY_BLOB_ERROR = 0x0000_E00A, - SGX_QL_UNSUPPORTED_ATT_KEY_ID = 0x0000_E00B, - SGX_QL_UNSUPPORTED_LOADING_POLICY = 0x0000_E00C, - SGX_QL_INTERFACE_UNAVAILABLE = 0x0000_E00D, - SGX_QL_PLATFORM_LIB_UNAVAILABLE = 0x0000_E00E, - SGX_QL_ATT_KEY_NOT_INITIALIZED = 0x0000_E00F, - SGX_QL_ATT_KEY_CERT_DATA_INVALID = 0x0000_E010, - SGX_QL_NO_PLATFORM_CERT_DATA = 0x0000_E011, - SGX_QL_OUT_OF_EPC = 0x0000_E012, - SGX_QL_ERROR_REPORT = 0x0000_E013, - SGX_QL_ENCLAVE_LOST = 0x0000_E014, - SGX_QL_INVALID_REPORT = 0x0000_E015, - SGX_QL_ENCLAVE_LOAD_ERROR = 0x0000_E016, - SGX_QL_UNABLE_TO_GENERATE_QE_REPORT = 0x0000_E017, - SGX_QL_KEY_CERTIFCATION_ERROR = 0x0000_E018, - SGX_QL_NETWORK_ERROR = 0x0000_E019, - SGX_QL_MESSAGE_ERROR = 0x0000_E01A, -// SGX_QL_ERROR_INVALID_PRIVILEGE = 0x0000_E01B, dcap 1.3 define 0xE035 - SGX_QL_NO_QUOTE_COLLATERAL_DATA = 0x0000_E01B, - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED = 0x0000_E01C, - SGX_QL_QUOTE_FORMAT_UNSUPPORTED = 0x0000_E01D, - SGX_QL_UNABLE_TO_GENERATE_REPORT = 0x0000_E01E, - SGX_QL_QE_REPORT_INVALID_SIGNATURE = 0x0000_E01F, - SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT = 0x0000_E020, - SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT = 0x0000_E021, - SGX_QL_PCK_CERT_CHAIN_ERROR = 0x0000_E022, - SGX_QL_TCBINFO_UNSUPPORTED_FORMAT = 0x0000_E023, - SGX_QL_TCBINFO_MISMATCH = 0x0000_E024, - SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT = 0x0000_E025, - SGX_QL_QEIDENTITY_MISMATCH = 0x0000_E026, - SGX_QL_TCB_OUT_OF_DATE = 0x0000_E027, - SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED = 0x0000_E028, - SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE = 0x0000_E029, - SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE = 0x0000_E02A, - SGX_QL_QE_IDENTITY_OUT_OF_DATE = 0x0000_E02B, - SGX_QL_SGX_TCB_INFO_EXPIRED = 0x0000_E02C, - SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED = 0x0000_E02D, - SGX_QL_SGX_CRL_EXPIRED = 0x0000_E02E, - SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED = 0x0000_E02F, - SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED = 0x0000_E030, - SGX_QL_PCK_REVOKED = 0x0000_E031, - SGX_QL_TCB_REVOKED = 0x0000_E032, - SGX_QL_TCB_CONFIGURATION_NEEDED = 0x0000_E033, - SGX_QL_UNABLE_TO_GET_COLLATERAL = 0x0000_E034, - SGX_QL_ERROR_INVALID_PRIVILEGE = 0x0000_E035, - SGX_QL_NO_QVE_IDENTITY_DATA = 0x0000_E037, - SGX_QL_CRL_UNSUPPORTED_FORMAT = 0x0000_E038, - SGX_QL_QEIDENTITY_CHAIN_ERROR = 0x0000_E039, - SGX_QL_TCBINFO_CHAIN_ERROR = 0x0000_E03A, - SGX_QL_ERROR_QVL_QVE_MISMATCH = 0x0000_E03B, - SGX_QL_TCB_SW_HARDENING_NEEDED = 0x0000_E03C, - SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED = 0x0000_E03D, - SGX_QL_UNSUPPORTED_MODE = 0x0000_E03E, - SGX_QL_NO_DEVICE = 0x0000_E03F, - SGX_QL_SERVICE_UNAVAILABLE = 0x0000_E040, - SGX_QL_NETWORK_FAILURE = 0x0000_E041, - SGX_QL_SERVICE_TIMEOUT = 0x0000_E042, - SGX_QL_ERROR_BUSY = 0x0000_E043, - SGX_QL_UNKNOWN_MESSAGE_RESPONSE = 0x0000_E044, - SGX_QL_PERSISTENT_STORAGE_ERROR = 0x0000_E045, - SGX_QL_ERROR_MESSAGE_PARSING_ERROR = 0x0000_E046, - SGX_QL_PLATFORM_UNKNOWN = 0x0000_E047, - SGX_QL_UNKNOWN_API_VERSION = 0x0000_E048, - SGX_QL_CERTS_UNAVAILABLE = 0x0000_E049, - SGX_QL_QVEIDENTITY_MISMATCH = 0x0000_E050, - SGX_QL_QVE_OUT_OF_DATE = 0x0000_E051, - SGX_QL_PSW_NOT_AVAILABLE = 0x0000_E052, - SGX_QL_ERROR_MAX = 0x0000_E0FF, - } -} - -impl sgx_quote3_error_t { - pub fn __description(&self) -> &str { - match *self { - sgx_quote3_error_t::SGX_QL_SUCCESS => "Success.", - // sgx_quote3_error_t::SGX_QL_ERROR_MIN => "Indicate min error to allow better translation.", - sgx_quote3_error_t::SGX_QL_ERROR_UNEXPECTED => "Unexpected error.", - sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PARAMETER => "The parameter is incorrect", - sgx_quote3_error_t::SGX_QL_ERROR_OUT_OF_MEMORY => { - "Not enough memory is available to complete this operation." - } - sgx_quote3_error_t::SGX_QL_ERROR_ECDSA_ID_MISMATCH => { - "Expected ECDSA_ID does not match the value stored in the ECDSA Blob." - } - sgx_quote3_error_t::SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR => { - "The ECDSA blob pathname is too large." - } - sgx_quote3_error_t::SGX_QL_FILE_ACCESS_ERROR => "Error accessing ECDSA blob.", - sgx_quote3_error_t::SGX_QL_ERROR_STORED_KEY => "Cached ECDSA key is invalid.", - sgx_quote3_error_t::SGX_QL_ERROR_PUB_KEY_ID_MISMATCH => { - "Cached ECDSA key does not match requested key." - } - sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME => { - "PCE use the incorrect signature scheme." - } - sgx_quote3_error_t::SGX_QL_ATT_KEY_BLOB_ERROR => { - "There is a problem with the attestation key blob." - } - sgx_quote3_error_t::SGX_QL_UNSUPPORTED_ATT_KEY_ID => "Unsupported attestation key ID.", - sgx_quote3_error_t::SGX_QL_UNSUPPORTED_LOADING_POLICY => { - "Unsupported enclave loading policy." - } - sgx_quote3_error_t::SGX_QL_INTERFACE_UNAVAILABLE => "Unable to load the QE enclave.", - sgx_quote3_error_t::SGX_QL_PLATFORM_LIB_UNAVAILABLE => { - "Unable to find the platform library with the dependent APIs." - } - sgx_quote3_error_t::SGX_QL_ATT_KEY_NOT_INITIALIZED => { - "The attestation key doesn't exist or has not been certified." - } - sgx_quote3_error_t::SGX_QL_ATT_KEY_CERT_DATA_INVALID => { - "The certification data retrieved from the platform library is invalid." - } - sgx_quote3_error_t::SGX_QL_NO_PLATFORM_CERT_DATA => { - "The platform library doesn't have any platfrom cert data." - } - sgx_quote3_error_t::SGX_QL_OUT_OF_EPC => { - "Not enough memory in the EPC to load the enclave." - } - sgx_quote3_error_t::SGX_QL_ERROR_REPORT => { - "There was a problem verifying an SGX REPORT." - } - sgx_quote3_error_t::SGX_QL_ENCLAVE_LOST => { - "Interfacing to the enclave failed due to a power transition." - } - sgx_quote3_error_t::SGX_QL_INVALID_REPORT => { - "Error verifying the application enclave's report." - } - sgx_quote3_error_t::SGX_QL_ENCLAVE_LOAD_ERROR => "Unable to load the enclaves.", - sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_QE_REPORT => { - "The QE was unable to generate its own report targeting the application enclave." - } - sgx_quote3_error_t::SGX_QL_KEY_CERTIFCATION_ERROR => { - "Caused when the provider library returns an invalid TCB." - } - sgx_quote3_error_t::SGX_QL_NETWORK_ERROR => "Network error when retrieving PCK certs.", - sgx_quote3_error_t::SGX_QL_MESSAGE_ERROR => "Message error when retrieving PCK certs.", - sgx_quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA => { - "The platform does not have the quote verification collateral data available." - } - sgx_quote3_error_t::SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED => "", - sgx_quote3_error_t::SGX_QL_QUOTE_FORMAT_UNSUPPORTED => "", - sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_REPORT => "", - sgx_quote3_error_t::SGX_QL_QE_REPORT_INVALID_SIGNATURE => "", - sgx_quote3_error_t::SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT => "", - sgx_quote3_error_t::SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT => "", - sgx_quote3_error_t::SGX_QL_PCK_CERT_CHAIN_ERROR => "", - sgx_quote3_error_t::SGX_QL_TCBINFO_UNSUPPORTED_FORMAT => "", - sgx_quote3_error_t::SGX_QL_TCBINFO_MISMATCH => "", - sgx_quote3_error_t::SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT => "", - sgx_quote3_error_t::SGX_QL_QEIDENTITY_MISMATCH => "", - sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE => "", - sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED => "", - sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE => "", - sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE => "", - sgx_quote3_error_t::SGX_QL_QE_IDENTITY_OUT_OF_DATE => "", - sgx_quote3_error_t::SGX_QL_SGX_TCB_INFO_EXPIRED => "", - sgx_quote3_error_t::SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED => "", - sgx_quote3_error_t::SGX_QL_SGX_CRL_EXPIRED => "", - sgx_quote3_error_t::SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED => "", - sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED => "", - sgx_quote3_error_t::SGX_QL_PCK_REVOKED => "", - sgx_quote3_error_t::SGX_QL_TCB_REVOKED => "", - sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_NEEDED => "", - sgx_quote3_error_t::SGX_QL_UNABLE_TO_GET_COLLATERAL => "", - sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PRIVILEGE => { - "No enough privilege to perform the operation." - } - sgx_quote3_error_t::SGX_QL_NO_QVE_IDENTITY_DATA => { - "The platform does not have the QVE identity data available." - } - sgx_quote3_error_t::SGX_QL_CRL_UNSUPPORTED_FORMAT => "", - sgx_quote3_error_t::SGX_QL_QEIDENTITY_CHAIN_ERROR => "", - sgx_quote3_error_t::SGX_QL_TCBINFO_CHAIN_ERROR => "", - sgx_quote3_error_t::SGX_QL_ERROR_QVL_QVE_MISMATCH => { - "QvE returned supplemental data version mismatched between QVL and QvE." - } - sgx_quote3_error_t::SGX_QL_TCB_SW_HARDENING_NEEDED => { - "TCB up to date but SW Hardening needed." - } - sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED => { - "TCB up to date but Configuration and SW Hardening needed." - } - sgx_quote3_error_t::SGX_QL_UNSUPPORTED_MODE => "", - sgx_quote3_error_t::SGX_QL_NO_DEVICE => "", - sgx_quote3_error_t::SGX_QL_SERVICE_UNAVAILABLE => "", - sgx_quote3_error_t::SGX_QL_NETWORK_FAILURE => "", - sgx_quote3_error_t::SGX_QL_SERVICE_TIMEOUT => "", - sgx_quote3_error_t::SGX_QL_ERROR_BUSY => "", - sgx_quote3_error_t::SGX_QL_UNKNOWN_MESSAGE_RESPONSE => { - "Unexpected error from the cache service." - } - sgx_quote3_error_t::SGX_QL_PERSISTENT_STORAGE_ERROR => { - "Error storing the retrieved cached data in persistent memory." - } - sgx_quote3_error_t::SGX_QL_ERROR_MESSAGE_PARSING_ERROR => "Message parsing error.", - sgx_quote3_error_t::SGX_QL_PLATFORM_UNKNOWN => "Platform was not found in the cache", - sgx_quote3_error_t::SGX_QL_UNKNOWN_API_VERSION => { - "The current PCS API version configured is unknown." - } - sgx_quote3_error_t::SGX_QL_CERTS_UNAVAILABLE => { - "Certificates are not available for this platform" - } - sgx_quote3_error_t::SGX_QL_QVEIDENTITY_MISMATCH => { - "QvE Identity is NOT match to Intel signed QvE identity." - } - sgx_quote3_error_t::SGX_QL_QVE_OUT_OF_DATE => { - "QvE ISVSVN is smaller then the ISVSVN threshold." - } - sgx_quote3_error_t::SGX_QL_PSW_NOT_AVAILABLE => { - "SGX PSW library cannot be loaded, could be due to file I/O error." - } - sgx_quote3_error_t::SGX_QL_ERROR_MAX => { - "Indicate max error to allow better translation." - } - } - } - - pub fn as_str(&self) -> &str { - match *self { - sgx_quote3_error_t::SGX_QL_SUCCESS => "SGX_QL_SUCCESS", - // sgx_quote3_error_t::SGX_QL_ERROR_MIN => "SGX_QL_ERROR_MIN", - sgx_quote3_error_t::SGX_QL_ERROR_UNEXPECTED => "SGX_QL_ERROR_UNEXPECTED", - sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PARAMETER => "SGX_QL_ERROR_INVALID_PARAMETER", - sgx_quote3_error_t::SGX_QL_ERROR_OUT_OF_MEMORY => "SGX_QL_ERROR_OUT_OF_MEMORY", - sgx_quote3_error_t::SGX_QL_ERROR_ECDSA_ID_MISMATCH => "SGX_QL_ERROR_ECDSA_ID_MISMATCH", - sgx_quote3_error_t::SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR => { - "SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR" - } - sgx_quote3_error_t::SGX_QL_FILE_ACCESS_ERROR => "SGX_QL_FILE_ACCESS_ERROR", - sgx_quote3_error_t::SGX_QL_ERROR_STORED_KEY => "SGX_QL_ERROR_STORED_KEY", - sgx_quote3_error_t::SGX_QL_ERROR_PUB_KEY_ID_MISMATCH => { - "SGX_QL_ERROR_PUB_KEY_ID_MISMATCH" - } - sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME => { - "SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME" - } - sgx_quote3_error_t::SGX_QL_ATT_KEY_BLOB_ERROR => "SGX_QL_ATT_KEY_BLOB_ERROR", - sgx_quote3_error_t::SGX_QL_UNSUPPORTED_ATT_KEY_ID => "SGX_QL_UNSUPPORTED_ATT_KEY_ID", - sgx_quote3_error_t::SGX_QL_UNSUPPORTED_LOADING_POLICY => { - "SGX_QL_UNSUPPORTED_LOADING_POLICY" - } - sgx_quote3_error_t::SGX_QL_INTERFACE_UNAVAILABLE => "SGX_QL_INTERFACE_UNAVAILABLE", - sgx_quote3_error_t::SGX_QL_PLATFORM_LIB_UNAVAILABLE => { - "SGX_QL_PLATFORM_LIB_UNAVAILABLE" - } - sgx_quote3_error_t::SGX_QL_ATT_KEY_NOT_INITIALIZED => "SGX_QL_ATT_KEY_NOT_INITIALIZED", - sgx_quote3_error_t::SGX_QL_ATT_KEY_CERT_DATA_INVALID => { - "SGX_QL_ATT_KEY_CERT_DATA_INVALID" - } - sgx_quote3_error_t::SGX_QL_NO_PLATFORM_CERT_DATA => "SGX_QL_NO_PLATFORM_CERT_DATA", - sgx_quote3_error_t::SGX_QL_OUT_OF_EPC => "SGX_QL_OUT_OF_EPC", - sgx_quote3_error_t::SGX_QL_ERROR_REPORT => "SGX_QL_ERROR_REPORT", - sgx_quote3_error_t::SGX_QL_ENCLAVE_LOST => "SGX_QL_ENCLAVE_LOST", - sgx_quote3_error_t::SGX_QL_INVALID_REPORT => "SGX_QL_INVALID_REPORT", - sgx_quote3_error_t::SGX_QL_ENCLAVE_LOAD_ERROR => "SGX_QL_ENCLAVE_LOAD_ERROR", - sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_QE_REPORT => { - "SGX_QL_UNABLE_TO_GENERATE_QE_REPORT" - } - sgx_quote3_error_t::SGX_QL_KEY_CERTIFCATION_ERROR => "SGX_QL_KEY_CERTIFCATION_ERROR", - sgx_quote3_error_t::SGX_QL_NETWORK_ERROR => "SGX_QL_NETWORK_ERROR", - sgx_quote3_error_t::SGX_QL_MESSAGE_ERROR => "SGX_QL_MESSAGE_ERROR", - sgx_quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA => { - "SGX_QL_NO_QUOTE_COLLATERAL_DATA" - } - sgx_quote3_error_t::SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED => { - "SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED" - } - sgx_quote3_error_t::SGX_QL_QUOTE_FORMAT_UNSUPPORTED => { - "SGX_QL_QUOTE_FORMAT_UNSUPPORTED" - } - sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_REPORT => { - "SGX_QL_UNABLE_TO_GENERATE_REPORT" - } - sgx_quote3_error_t::SGX_QL_QE_REPORT_INVALID_SIGNATURE => { - "SGX_QL_QE_REPORT_INVALID_SIGNATURE" - } - sgx_quote3_error_t::SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT => { - "SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT" - } - sgx_quote3_error_t::SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT => { - "SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT" - } - sgx_quote3_error_t::SGX_QL_PCK_CERT_CHAIN_ERROR => "SGX_QL_PCK_CERT_CHAIN_ERROR", - sgx_quote3_error_t::SGX_QL_TCBINFO_UNSUPPORTED_FORMAT => { - "SGX_QL_TCBINFO_UNSUPPORTED_FORMAT" - } - sgx_quote3_error_t::SGX_QL_TCBINFO_MISMATCH => "SGX_QL_TCBINFO_MISMATCH", - sgx_quote3_error_t::SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT => { - "SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT" - } - sgx_quote3_error_t::SGX_QL_QEIDENTITY_MISMATCH => "SGX_QL_QEIDENTITY_MISMATCH", - sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE => "SGX_QL_TCB_OUT_OF_DATE", - sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED => { - "SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED" - } - sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE => { - "SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE" - } - sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE => { - "SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE" - } - sgx_quote3_error_t::SGX_QL_QE_IDENTITY_OUT_OF_DATE => "SGX_QL_QE_IDENTITY_OUT_OF_DATE", - sgx_quote3_error_t::SGX_QL_SGX_TCB_INFO_EXPIRED => "SGX_QL_SGX_TCB_INFO_EXPIRED", - sgx_quote3_error_t::SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED => { - "SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED" - } - sgx_quote3_error_t::SGX_QL_SGX_CRL_EXPIRED => "SGX_QL_SGX_CRL_EXPIRED", - sgx_quote3_error_t::SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED => { - "SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED" - } - sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED => { - "SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED" - } - sgx_quote3_error_t::SGX_QL_PCK_REVOKED => "SGX_QL_PCK_REVOKED", - sgx_quote3_error_t::SGX_QL_TCB_REVOKED => "SGX_QL_TCB_REVOKED", - sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_NEEDED => { - "SGX_QL_TCB_CONFIGURATION_NEEDED" - } - sgx_quote3_error_t::SGX_QL_UNABLE_TO_GET_COLLATERAL => { - "SGX_QL_UNABLE_TO_GET_COLLATERAL" - } - sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PRIVILEGE => "SGX_QL_ERROR_INVALID_PRIVILEGE", - sgx_quote3_error_t::SGX_QL_NO_QVE_IDENTITY_DATA => "SGX_QL_NO_QVE_IDENTITY_DATA", - sgx_quote3_error_t::SGX_QL_CRL_UNSUPPORTED_FORMAT => "SGX_QL_CRL_UNSUPPORTED_FORMAT", - sgx_quote3_error_t::SGX_QL_QEIDENTITY_CHAIN_ERROR => "SGX_QL_QEIDENTITY_CHAIN_ERROR", - sgx_quote3_error_t::SGX_QL_TCBINFO_CHAIN_ERROR => "SGX_QL_TCBINFO_CHAIN_ERROR", - sgx_quote3_error_t::SGX_QL_ERROR_QVL_QVE_MISMATCH => "SGX_QL_ERROR_QVL_QVE_MISMATCH", - sgx_quote3_error_t::SGX_QL_TCB_SW_HARDENING_NEEDED => "SGX_QL_TCB_SW_HARDENING_NEEDED", - sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED => { - "SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED" - } - sgx_quote3_error_t::SGX_QL_UNSUPPORTED_MODE => "SGX_QL_UNSUPPORTED_MODE", - sgx_quote3_error_t::SGX_QL_NO_DEVICE => "SGX_QL_NO_DEVICE", - sgx_quote3_error_t::SGX_QL_SERVICE_UNAVAILABLE => "SGX_QL_SERVICE_UNAVAILABLE", - sgx_quote3_error_t::SGX_QL_NETWORK_FAILURE => "SGX_QL_NETWORK_FAILURE", - sgx_quote3_error_t::SGX_QL_SERVICE_TIMEOUT => "SGX_QL_SERVICE_TIMEOUT", - sgx_quote3_error_t::SGX_QL_ERROR_BUSY => "SGX_QL_ERROR_BUSY", - sgx_quote3_error_t::SGX_QL_UNKNOWN_MESSAGE_RESPONSE => { - "SGX_QL_UNKNOWN_MESSAGE_RESPONSE" - } - sgx_quote3_error_t::SGX_QL_PERSISTENT_STORAGE_ERROR => { - "SGX_QL_PERSISTENT_STORAGE_ERROR" - } - sgx_quote3_error_t::SGX_QL_ERROR_MESSAGE_PARSING_ERROR => { - "SGX_QL_ERROR_MESSAGE_PARSING_ERROR" - } - sgx_quote3_error_t::SGX_QL_PLATFORM_UNKNOWN => "SGX_QL_PLATFORM_UNKNOWN", - sgx_quote3_error_t::SGX_QL_UNKNOWN_API_VERSION => "SGX_QL_UNKNOWN_API_VERSION", - sgx_quote3_error_t::SGX_QL_CERTS_UNAVAILABLE => "SGX_QL_CERTS_UNAVAILABLE", - sgx_quote3_error_t::SGX_QL_QVEIDENTITY_MISMATCH => "SGX_QL_QVEIDENTITY_MISMATCH", - sgx_quote3_error_t::SGX_QL_QVE_OUT_OF_DATE => "SGX_QL_QVE_OUT_OF_DATE", - sgx_quote3_error_t::SGX_QL_PSW_NOT_AVAILABLE => "SGX_QL_PSW_NOT_AVAILABLE", - sgx_quote3_error_t::SGX_QL_ERROR_MAX => "SGX_QL_ERROR_MAX", - } - } -} - -impl fmt::Display for sgx_quote3_error_t { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.as_str()) - } -} - -impl_enum! { - #[repr(u32)] - #[derive(Copy, Clone, PartialEq, Eq, Ord, PartialOrd, Debug)] - pub enum sgx_qcnl_error_t { - SGX_QCNL_SUCCESS = 0x0000_0000, - SGX_QCNL_UNEXPECTED_ERROR = 0x0000_B001, - SGX_QCNL_INVALID_PARAMETER = 0x0000_B002, - SGX_QCNL_NETWORK_ERROR = 0x0000_B003, - SGX_QCNL_NETWORK_PROXY_FAIL = 0x0000_B004, - SGX_QCNL_NETWORK_HOST_FAIL = 0x0000_B005, - SGX_QCNL_NETWORK_COULDNT_CONNECT = 0x0000_B006, - SGX_QCNL_NETWORK_HTTP2_ERROR = 0x0000_B007, - SGX_QCNL_NETWORK_WRITE_ERROR = 0x0000_B008, - SGX_QCNL_NETWORK_OPERATION_TIMEDOUT = 0x0000_B009, - SGX_QCNL_NETWORK_HTTPS_ERROR = 0x0000_B00A, - SGX_QCNL_NETWORK_UNKNOWN_OPTION = 0x0000_B00B, - SGX_QCNL_NETWORK_INIT_ERROR = 0x0000_B00C, - SGX_QCNL_MSG_ERROR = 0x0000_B00D, - SGX_QCNL_OUT_OF_MEMORY = 0x0000_B00E, - SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA = 0x0000_B00F, - SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN = 0x0000_B010, - SGX_QCNL_ERROR_STATUS_UNEXPECTED = 0x0000_B011, - SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE = 0x0000_B012, - } -} - -impl sgx_qcnl_error_t { - pub fn __description(&self) -> &str { - match *self { - sgx_qcnl_error_t::SGX_QCNL_SUCCESS => "Success.", - sgx_qcnl_error_t::SGX_QCNL_UNEXPECTED_ERROR => "Unexpected error.", - sgx_qcnl_error_t::SGX_QCNL_INVALID_PARAMETER => "The parameter is incorrect.", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_ERROR => "Network error.", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_PROXY_FAIL => { - "Network error : Couldn't resolve proxy." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_HOST_FAIL => { - "Network error : Couldn't resolve host." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_COULDNT_CONNECT => { - "Network error : Failed to connect() to host or proxy." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTP2_ERROR => { - "Network error : A problem was detected in the HTTP2 framing layer." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_WRITE_ERROR => { - "Network error : an error was returned to libcurl from a write callback." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_OPERATION_TIMEDOUT => { - "Network error : Operation timeout." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTPS_ERROR => { - "Network error : A problem occurred somewhere in the SSL/TLS handshake." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_UNKNOWN_OPTION => { - "Network error : An option passed to libcurl is not recognized/known." - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_INIT_ERROR => "Failed to initialize CURL library.", - sgx_qcnl_error_t::SGX_QCNL_MSG_ERROR => "HTTP message error.", - sgx_qcnl_error_t::SGX_QCNL_OUT_OF_MEMORY => "Out of memory error.", - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA => "No cache data.", - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN => "Platform unknown.", - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_UNEXPECTED => "Unexpected cache error", - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE => "Certs not available", - } - } - - pub fn as_str(&self) -> &str { - match *self { - sgx_qcnl_error_t::SGX_QCNL_SUCCESS => "SGX_QCNL_SUCCESS.", - sgx_qcnl_error_t::SGX_QCNL_UNEXPECTED_ERROR => "SGX_QCNL_UNEXPECTED_ERROR", - sgx_qcnl_error_t::SGX_QCNL_INVALID_PARAMETER => "SGX_QCNL_INVALID_PARAMETER", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_ERROR => "SGX_QCNL_NETWORK_ERROR", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_PROXY_FAIL => "SGX_QCNL_NETWORK_PROXY_FAIL", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_HOST_FAIL => "SGX_QCNL_NETWORK_HOST_FAIL", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_COULDNT_CONNECT => { - "SGX_QCNL_NETWORK_COULDNT_CONNECT" - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTP2_ERROR => "SGX_QCNL_NETWORK_HTTP2_ERROR", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_WRITE_ERROR => "SGX_QCNL_NETWORK_WRITE_ERROR", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_OPERATION_TIMEDOUT => { - "SGX_QCNL_NETWORK_OPERATION_TIMEDOUT" - } - sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTPS_ERROR => "SGX_QCNL_NETWORK_HTTPS_ERROR", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_UNKNOWN_OPTION => "SGX_QCNL_NETWORK_UNKNOWN_OPTION", - sgx_qcnl_error_t::SGX_QCNL_NETWORK_INIT_ERROR => "SGX_QCNL_NETWORK_INIT_ERROR", - sgx_qcnl_error_t::SGX_QCNL_MSG_ERROR => "SGX_QCNL_MSG_ERROR", - sgx_qcnl_error_t::SGX_QCNL_OUT_OF_MEMORY => "SGX_QCNL_OUT_OF_MEMORY", - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA => { - "SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA" - } - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN => { - "SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN" - } - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_UNEXPECTED => { - "SGX_QCNL_ERROR_STATUS_UNEXPECTED" - } - sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE => { - "SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE" - } - } - } -} - -impl fmt::Display for sgx_qcnl_error_t { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.as_str()) - } -} - -impl_enum! { - #[repr(u32)] - #[derive(Copy, Clone, PartialEq, Eq, Ord, PartialOrd, Debug)] - pub enum sgx_ql_qv_result_t { - SGX_QL_QV_RESULT_OK = 0x0000_0000, - // SGX_QL_QV_RESULT_MIN = 0x0000_A001, - SGX_QL_QV_RESULT_CONFIG_NEEDED = 0x0000_A001, - SGX_QL_QV_RESULT_OUT_OF_DATE = 0x0000_A002, - SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = 0x0000_A003, - SGX_QL_QV_RESULT_INVALID_SIGNATURE = 0x0000_A004, - SGX_QL_QV_RESULT_REVOKED = 0x0000_A005, - SGX_QL_QV_RESULT_UNSPECIFIED = 0x0000_A006, - SGX_QL_QV_RESULT_SW_HARDENING_NEEDED = 0x0000_A007, - SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED = 0x0000_A008, - SGX_QL_QV_RESULT_MAX = 0x0000_A0FF, - } -} - -impl sgx_ql_qv_result_t { - pub fn __description(&self) -> &str { - match *self { - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => "The Quote verification passed and is at the latest TCB level.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_NEEDED => "The Quote verification passed and the platform is patched to the latest TCB level but additional configuration of the SGX platform may be needed.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE => "The Quote is good but TCB level of the platform is out of date, The platform needs patching to be at the latest TCB level.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED => "The Quote is good but the TCB level of the platform is out of date and additional configuration of the SGX Platform at its current patching level may be needed. The platform needs patching to be at the latest TCB level.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_INVALID_SIGNATURE => "The signature over the application report is invalid.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_REVOKED => "The attestation key or platform has been revoked.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_UNSPECIFIED => "The Quote verification failed due to an error in one of the input.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_SW_HARDENING_NEEDED => "The TCB level of the platform is up to date, but SGX SW Hardening is needed.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED => "The TCB level of the platform is up to date, but additional configuration of the platform at its current patching level may be needed. Moreove, SGX SW Hardening is also needed.", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_MAX => "Indicate max result to allow better translation.", - } - } - - pub fn as_str(&self) -> &str { - match *self { - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => "SGX_QL_QV_RESULT_OK", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_NEEDED => "SGX_QL_QV_RESULT_CONFIG_NEEDED", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE => "SGX_QL_QV_RESULT_OUT_OF_DATE", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED => { - "SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED" - } - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_INVALID_SIGNATURE => { - "SGX_QL_QV_RESULT_INVALID_SIGNATURE" - } - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_REVOKED => "SGX_QL_QV_RESULT_REVOKED", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_UNSPECIFIED => "SGX_QL_QV_RESULT_UNSPECIFIED", - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_SW_HARDENING_NEEDED => { - "SGX_QL_QV_RESULT_SW_HARDENING_NEEDED" - } - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED => { - "SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED" - } - sgx_ql_qv_result_t::SGX_QL_QV_RESULT_MAX => "SGX_QL_QV_RESULT_MAX", - } - } -} - -impl fmt::Display for sgx_ql_qv_result_t { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.as_str()) - } -} - -pub type sys_error_t = int32_t; - -// pub type SgxResult = result::Result; -// pub type SgxError = result::Result<(), sgx_status_t>; - -pub type SgxPceResult = result::Result; -pub type SgxPceError = result::Result<(), sgx_pce_error_t>; - -pub type SgxQuote3Result = result::Result; -pub type SgxQuote3Error = result::Result<(), sgx_quote3_error_t>; - -pub type SgxQcnlResult = result::Result; -pub type SgxQcnlError = result::Result<(), sgx_qcnl_error_t>; - -pub type SysResult = result::Result; -pub type SysError = result::Result<(), sys_error_t>; diff --git a/seed-service/src/enclaves/ffi-types/src/lib.rs b/seed-service/src/enclaves/ffi-types/src/lib.rs deleted file mode 100644 index bfed15b47..000000000 --- a/seed-service/src/enclaves/ffi-types/src/lib.rs +++ /dev/null @@ -1,15 +0,0 @@ -#![no_std] -#![allow(unused)] - -// pub mod errors; -mod error; -pub use error::sgx_status_t; -mod types; -pub use types::{ - Ctx, EnclaveBuffer, EnclaveError, HandleResult, HealthCheckResult, InitResult, NodeAuthResult, - OcallReturn, QueryResult, RuntimeConfiguration, SgxError, SgxResult, UntrustedVmError, - UserSpaceBuffer, -}; - -pub const ENCRYPTED_SEED_SIZE: usize = 48; -pub const PUBLIC_KEY_SIZE: usize = 32; diff --git a/seed-service/src/enclaves/ffi-types/src/types.rs b/seed-service/src/enclaves/ffi-types/src/types.rs deleted file mode 100644 index 6b4c5e8f8..000000000 --- a/seed-service/src/enclaves/ffi-types/src/types.rs +++ /dev/null @@ -1,336 +0,0 @@ -#![allow(unused)] - -use core::ffi::c_void; -use core::result; -use derive_more::Display; - -/// This type represents an opaque pointer to a memory address in normal user space. -#[repr(C)] -pub struct UserSpaceBuffer { - pub ptr: *mut c_void, -} - -/// This type represents an opaque pointer to a memory address inside the enclave. -#[repr(C)] -pub struct EnclaveBuffer { - pub ptr: *mut c_void, -} - -impl EnclaveBuffer { - /// # Safety - /// Very unsafe. Much careful - pub unsafe fn unsafe_clone(&self) -> Self { - EnclaveBuffer { ptr: self.ptr } - } -} - -/// This is safe because `Vec`s are `Send` -unsafe impl Send for EnclaveBuffer {} - -impl Default for EnclaveBuffer { - fn default() -> Self { - Self { - ptr: core::ptr::null_mut(), - } - } -} - -/// This type describes parameters of the runtime that the node can configure for itself. -#[repr(C)] -pub struct RuntimeConfiguration { - /// The amount of wasmi modules cached in an LRU cache inside the enclave. - /// This speeds up the execution of recently used modules, but has a significant - /// memory overhead. - pub module_cache_size: u8, -} - -/// This struct holds a pointer to memory in userspace, that contains the storage -#[repr(C)] -pub struct Ctx { - pub data: *mut c_void, -} - -impl Ctx { - /// # Safety - /// Very unsafe. Much careful - pub unsafe fn unsafe_clone(&self) -> Self { - Self { data: self.data } - } -} - -/// This type represents the possible error conditions that can be encountered in the enclave -/// cbindgen:prefix-with-name -#[repr(C)] -#[derive(Debug, Display)] -pub enum EnclaveError { - /// An ocall failed to execute. This can happen because of three scenarios: - /// 1. A VmError was thrown during the execution of the ocall. In this case, `vm_error` will be non-null. - /// 2. An error happened that prevented the ocall from running correctly. This can happen because of - /// caught memory-handling issues, or a failed ecall during an ocall. `vm_error` will be null. - /// 3. We failed to call the ocall due to an SGX fault. `vm_error` will be null. - // TODO should we split these three cases for better diagnostics? - #[display(fmt = "failed to execute ocall")] - FailedOcall { vm_error: UntrustedVmError }, - #[display(fmt = "failed to validate transaction")] - ValidationFailure, - // Problems with the module binary - /// The WASM code was invalid and could not be loaded. - #[display(fmt = "tried to load invalid wasm code")] - InvalidWasm, - #[display(fmt = "failed to initialize wasm memory")] - CannotInitializeWasmMemory, - /// The WASM module contained a start section, which is not allowed. - WasmModuleWithStart, - /// The WASM module contained floating point operations, which is not allowed. - #[display(fmt = "found floating point operation in module code")] - WasmModuleWithFP, - /// Fail to inject gas metering - #[display(fmt = "failed to inject gas metering")] - FailedGasMeteringInjection, - #[display(fmt = "internal error during execution")] - InternalError, - // runtime issues with the module - /// Ran out of gas - #[display(fmt = "execution ran out of gas")] - OutOfGas, - /// Calling a function in the contract failed. - #[display(fmt = "calling a function in the contract failed for an unexpected reason")] - FailedFunctionCall, - // These variants mimic the variants of `wasmi::TrapKind` - /// The contract panicked during execution. - #[display(fmt = "the contract panicked")] - ContractPanicUnreachable, - /// The contract tried to access memory out of bounds. - #[display(fmt = "the contract tried to access memory out of bounds")] - ContractPanicMemoryAccessOutOfBounds, - /// The contract tried to access a nonexistent resource. - #[display(fmt = "the contract tried to access a nonexistent resource")] - ContractPanicTableAccessOutOfBounds, - /// The contract tried to access an uninitialized resource. - #[display(fmt = "the contract tried to access an uninitialized resource")] - ContractPanicElemUninitialized, - /// The contract tried to divide by zero. - #[display(fmt = "the contract tried to divide by zero")] - ContractPanicDivisionByZero, - /// The contract tried to perform an invalid conversion to an integer. - #[display(fmt = "the contract tried to perform an invalid conversion to an integer")] - ContractPanicInvalidConversionToInt, - /// The contract has run out of space on the stack. - #[display(fmt = "the contract has run out of space on the stack")] - ContractPanicStackOverflow, - /// The contract tried to call a function but expected an incorrect function signature. - #[display( - fmt = "the contract tried to call a function but expected an incorrect function signature" - )] - ContractPanicUnexpectedSignature, - - // Errors in contract ABI: - /// Failed to seal data - #[display(fmt = "failed to seal data")] - FailedSeal, - #[display(fmt = "failed to unseal data")] - FailedUnseal, - #[display(fmt = "failed to authenticate secret contract")] - FailedContractAuthentication, - #[display(fmt = "failed to deserialize data")] - FailedToDeserialize, - #[display(fmt = "failed to serialize data")] - FailedToSerialize, - #[display(fmt = "failed to encrypt data")] - EncryptionError, - #[display(fmt = "failed to decrypt data")] - DecryptionError, - #[display(fmt = "failed to allocate memory")] - MemoryAllocationError, - #[display(fmt = "failed to allocate minimal safety buffer")] - MemorySafetyAllocationError, - #[display(fmt = "failed to read memory")] - MemoryReadError, - #[display(fmt = "failed to write memory")] - MemoryWriteError, - #[display(fmt = "function not implemented")] - NotImplemented, - #[display(fmt = "failed to verify transaction signature")] - FailedTxVerification, - #[display(fmt = "contract tried to write to storage during a query")] - UnauthorizedWrite, - - // serious issues - /// The host was caught trying to disrupt the enclave. - /// This can happen if e.g. the host provides invalid pointers as responses from ocalls. - #[display(fmt = "communication with the enclave's host failed")] - HostMisbehavior, - #[display(fmt = "panicked due to unexpected behavior")] - Panic, - #[display(fmt = "enclave ran out of heap memory")] - OutOfMemory, - #[display(fmt = "depth of nested contract calls exceeded")] - ExceededRecursionLimit, - /// Unexpected Error happened, no more details available - #[display(fmt = "unknown error")] - Unknown, -} - -/// This type represents the possible error conditions that can be encountered in the -/// enclave while authenticating a new node in the network. -/// cbindgen:prefix-with-name -#[repr(C)] -#[derive(Debug, Display, PartialEq, Eq)] -pub enum NodeAuthResult { - #[display(fmt = "Enclave quote is valid")] - Success, - #[display(fmt = "Enclave quote status was GROUP_OUT_OF_DATE which is not allowed")] - GroupOutOfDate, - #[display(fmt = "Enclave quote status was SIGNATURE_INVALID which is not allowed")] - SignatureInvalid, - #[display(fmt = "Enclave quote status was SIGNATURE_REVOKED which is not allowed")] - SignatureRevoked, - #[display(fmt = "Enclave quote status was GROUP_REVOKED which is not allowed")] - GroupRevoked, - #[display(fmt = "Enclave quote status was KEY_REVOKED which is not allowed")] - KeyRevoked, - #[display(fmt = "Enclave quote status was SIGRL_VERSION_MISMATCH which is not allowed")] - SigrlVersionMismatch, - #[display(fmt = "Enclave quote status was CONFIGURATION_NEEDED which is not allowed")] - ConfigurationNeeded, - #[display( - fmt = "Enclave quote status was CONFIGURATION_AND_SW_HARDENING_NEEDED which is not allowed" - )] - SwHardeningAndConfigurationNeeded, - #[display(fmt = "Enclave quote status invalid")] - BadQuoteStatus, - #[display(fmt = "Enclave version mismatch. Registering enclave had different code signature")] - MrEnclaveMismatch, - #[display(fmt = "Enclave version mismatch. Registering enclave had different signer")] - MrSignerMismatch, - #[display(fmt = "Enclave received invalid inputs")] - InvalidInput, - #[display(fmt = "The provided certificate was invalid")] - InvalidCert, - #[display(fmt = "Writing to file system from the enclave failed")] - CantWriteToStorage, - #[display(fmt = "The public key in the certificate appears to be malformed")] - MalformedPublicKey, - #[display(fmt = "Encrypting the seed failed")] - SeedEncryptionFailed, - #[display(fmt = "failed to allocate minimal safety buffer")] - MemorySafetyAllocationError, - #[display( - fmt = "Unexpected panic during node authentication. Certificate may be malformed or invalid" - )] - Panic, -} - -/// This type represents the possible error conditions that can be encountered in the -/// enclave while authenticating a new node in the network. -/// cbindgen:prefix-with-name -#[repr(C)] -#[derive(Debug, Display, PartialEq, Eq)] -pub enum HealthCheckResult { - Success, -} - -impl Default for HealthCheckResult { - fn default() -> Self { - HealthCheckResult::Success - } -} -pub type SgxResult = result::Result; -pub type SgxError = result::Result<(), HealthCheckResult>; - -/// This type holds a pointer to a VmError that is boxed on the untrusted side -// `VmError` is the standard error type for the `cosmwasm-sgx-vm` layer. -// During an ocall, we call into the original implementation of `db_read`, `db_write`, and `db_remove`. -// These call out all the way to the Go side. They return `VmError` when something goes wrong in this process. -// These errors need to be propagated back into and out of the enclave, and then bacl into the `cosmwasm-sgx-vm` layer. -// There is never anything we can do with these errors inside the enclave, so instead of converting `VmError` -// to a type that the enclave can understand, we just box it bedore returning from the enclave, store the heap pointer -// in an instance of `UntrustedVmError`, propagate this error all the way back to the point that called -// into the enclave, and then finally unwrap the `VmError`, which gets propagated up the normal stack. -// -// For a more detailed discussion, see: -// https://github.com/enigmampc/SecretNetwork/pull/307#issuecomment-651157410 -#[repr(C)] -#[derive(Debug, Display)] -#[display(fmt = "VmError")] -pub struct UntrustedVmError { - pub ptr: *mut c_void, -} - -impl UntrustedVmError { - pub fn new(ptr: *mut c_void) -> Self { - Self { ptr } - } -} - -impl Default for UntrustedVmError { - fn default() -> Self { - Self { - ptr: core::ptr::null_mut(), - } - } -} - -// These implementations are safe because we know that it will only ever be a Box, -// which also has these traits. -unsafe impl Send for UntrustedVmError {} -unsafe impl Sync for UntrustedVmError {} - -/// This type represent return statuses from ocalls. -/// -/// cbindgen:prefix-with-name -#[repr(C)] -#[derive(Debug, Display)] -pub enum OcallReturn { - /// Ocall returned successfully. - Success, - /// Ocall failed for some reason. - /// error parameters may be passed as out parameters. - Failure, - /// A panic happened during the ocall. - Panic, -} - -/// This struct is returned from ecall_init. -/// cbindgen:prefix-with-name -#[repr(C)] -pub enum InitResult { - Success { - /// A pointer to the output of the calculation - output: UserSpaceBuffer, - /// The contract_key for this contract. - contract_key: [u8; 64], - }, - Failure { - /// The error that happened in the enclave - err: EnclaveError, - }, -} - -/// This struct is returned from ecall_handle. -/// cbindgen:prefix-with-name -#[repr(C)] -pub enum HandleResult { - Success { - /// A pointer to the output of the calculation - output: UserSpaceBuffer, - }, - Failure { - /// The error that happened in the enclave - err: EnclaveError, - }, -} - -/// This struct is returned from ecall_query. -/// cbindgen:prefix-with-name -#[repr(C)] -pub enum QueryResult { - Success { - /// A pointer to the output of the calculation - output: UserSpaceBuffer, - }, - Failure { - /// The error that happened in the enclave - err: EnclaveError, - }, -} diff --git a/seed-service/src/enclaves/shared/Intel_SGX_Attestation_RootCA.pem b/seed-service/src/enclaves/shared/Intel_SGX_Attestation_RootCA.pem deleted file mode 100644 index 948b4c0cd..000000000 --- a/seed-service/src/enclaves/shared/Intel_SGX_Attestation_RootCA.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV -BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0 -YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy -MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL -U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD -DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e -LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh -rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT -L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe -NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ -byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H -afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf -6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM -RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX -MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50 -L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW -BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr -NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq -hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir -IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ -sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi -zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra -Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA -152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB -3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O -DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv -DaVzWh5aiEx+idkSGMnX ------END CERTIFICATE----- diff --git a/seed-service/src/enclaves/shared/contract-engine/Cargo.toml b/seed-service/src/enclaves/shared/contract-engine/Cargo.toml deleted file mode 100644 index b82339068..000000000 --- a/seed-service/src/enclaves/shared/contract-engine/Cargo.toml +++ /dev/null @@ -1,30 +0,0 @@ -[package] -name = "enclave_contract_engine" -version = "1.2.4" -authors = ["Cashmaney "] -edition = "2021" - -[features] -debug-print = [] -test = [] - -# This annotation is here to trick the IDE into showing us type information about this crate. -# We always compile to the "sgx" target, so this will always be false. -# when compiling to the "sgx" target, we pull this from the target root with an "extern crate" directive -# [target.'cfg(not(target_env = "sgx"))'.dependencies] -# sgx_tstd = { rev = "a37ffb9449ba6d5b6e4a9d586bbab864ae732269", git = "https://github.com/apache/teaclave-sgx-sdk.git", features = [ -# "backtrace" -# ] } -# sgx_types = { rev = "a37ffb9449ba6d5b6e4a9d586bbab864ae732269", git = "https://github.com/apache/teaclave-sgx-sdk.git" } -[dependencies] -enclave-ffi-types = { path = "../../ffi-types" } -rustls = "0.20.6" -webpki = "0.22.0" -webpki-roots = "0.22.4" -uuid = "1.1.2" -base64 = "0.13.0" -serde = "1.0.144" -serde_json = "1.0.85" -log = "0.4.17" -hex = "0.4.3" -lazy_static = "1.4.0" diff --git a/seed-service/src/enclaves/shared/contract-engine/src/cert.rs b/seed-service/src/enclaves/shared/contract-engine/src/cert.rs deleted file mode 100644 index 3625792e1..000000000 --- a/seed-service/src/enclaves/shared/contract-engine/src/cert.rs +++ /dev/null @@ -1,56 +0,0 @@ -use std::io::BufReader; - -pub enum Error { - GenericError, -} - -pub const IAS_REPORT_CA: &[u8] = include_bytes!("../../Intel_SGX_Attestation_RootCA.der"); - -pub fn get_netscape_comment(cert_der: &[u8]) -> Result, Error> { - // Search for Netscape Comment OID - let ns_cmt_oid = &[ - 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x0D, - ]; - extract_asn1_value(cert_der, ns_cmt_oid) -} - -fn extract_asn1_value(cert: &[u8], oid: &[u8]) -> Result, Error> { - let mut offset = match cert.windows(oid.len()).position(|window| window == oid) { - Some(size) => size, - None => { - return Err(Error::GenericError); - } - }; - - offset += 12; // 11 + TAG (0x04) - - if offset + 2 >= cert.len() { - return Err(Error::GenericError); - } - - // Obtain Netscape Comment length - let mut len = cert[offset] as usize; - if len > 0x80 { - len = (cert[offset + 1] as usize) * 0x100 + (cert[offset + 2] as usize); - offset += 2; - } - - // Obtain Netscape Comment - offset += 1; - - if offset + len >= cert.len() { - return Err(Error::GenericError); - } - - let payload = cert[offset..offset + len].to_vec(); - - Ok(payload) -} - -// pub fn get_ias_auth_config() -> (webpki::) { -// let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()]; -// let anchors = webpki::TLSServerTrustAnchors(&anchors); -// -// -// (ias_cert_dec, root_store) -// } diff --git a/seed-service/src/enclaves/shared/contract-engine/src/lib.rs b/seed-service/src/enclaves/shared/contract-engine/src/lib.rs deleted file mode 100644 index 56bc54617..000000000 --- a/seed-service/src/enclaves/shared/contract-engine/src/lib.rs +++ /dev/null @@ -1,20 +0,0 @@ -// Trick to get the IDE to use sgx_tstd even when it doesn't know we're targeting SGX -// use std::ffi::c_void; -// use std::panic; -// use std::sync::SgxMutex; - -// use lazy_static::lazy_static; -// use log::*; - -// use sgx_types::sgx_status_t; -pub mod report; -pub mod cert; - -use enclave_ffi_types::HealthCheckResult; -use report::AttestationReport; -/// # Safety -/// Always use protection -#[no_mangle] -pub unsafe extern "C" fn ecall_health_check() -> HealthCheckResult { - HealthCheckResult::Success -} diff --git a/seed-service/src/enclaves/shared/contract-engine/src/report.rs b/seed-service/src/enclaves/shared/contract-engine/src/report.rs deleted file mode 100644 index c760337bd..000000000 --- a/seed-service/src/enclaves/shared/contract-engine/src/report.rs +++ /dev/null @@ -1,928 +0,0 @@ -// Apache Teaclave (incubating) -// Copyright 2019-2020 The Apache Software Foundation -// -// This product includes software developed at -// The Apache Software Foundation (http://www.apache.org/). -//! Types that contain information about attestation report. -//! The implementation is based on Attestation Service API version 4. -//! https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf - -use std::array::TryFromSliceError; -use std::collections::HashMap; -use std::convert::TryFrom; - -use log::*; - -use lazy_static::lazy_static; -use serde::{Deserialize, Deserializer, Serialize, Serializer}; -use serde_json::Value; -use uuid::Uuid; - -use enclave_ffi_types::NodeAuthResult; -use webpki::TrustAnchor; - -use super::cert::{get_netscape_comment, IAS_REPORT_CA}; - -#[derive(Debug)] -pub enum Error { - ReportParseError, - ReportValidationError, -} - -impl From for Error { - fn from(_: TryFromSliceError) -> Self { - Error::ReportParseError - } -} - -impl From for Error { - fn from(_: serde_json::error::Error) -> Self { - Error::ReportParseError - } -} - -/// AttestationReport can be endorsed by either the Intel Attestation Service -/// using EPID or Data Center Attestation -/// Service (platform dependent) using ECDSA. -#[derive(Default, Serialize, Deserialize)] -pub struct EndorsedAttestationReport { - /// Attestation report generated by the hardware - #[serde(serialize_with = "as_base64", deserialize_with = "from_base64")] - pub report: Vec, - /// Singature of the report - #[serde(serialize_with = "as_base64", deserialize_with = "from_base64")] - pub signature: Vec, - /// Certificate matching the signing key of the signature - #[serde(serialize_with = "as_base64", deserialize_with = "from_base64")] - pub signing_cert: Vec, -} - -fn as_base64(key: &[u8], serializer: S) -> Result -where - S: Serializer, -{ - serializer.serialize_str(&base64::encode(&key[..])) -} - -fn from_base64<'de, D>(deserializer: D) -> Result, D::Error> -where - D: Deserializer<'de>, -{ - struct Base64Visitor; - - impl<'de> serde::de::Visitor<'de> for Base64Visitor { - type Value = Vec; - - fn expecting(&self, formatter: &mut ::std::fmt::Formatter) -> std::fmt::Result { - write!(formatter, "base64 ASCII text") - } - - fn visit_str(self, v: &str) -> Result - where - E: serde::de::Error, - { - base64::decode(v).map_err(E::custom) - } - } - deserializer.deserialize_str(Base64Visitor) -} - -type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm]; -static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ - &webpki::ECDSA_P256_SHA256, - &webpki::ECDSA_P256_SHA384, - &webpki::ECDSA_P384_SHA256, - &webpki::ECDSA_P384_SHA384, - &webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - &webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - &webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - &webpki::RSA_PKCS1_2048_8192_SHA256, - &webpki::RSA_PKCS1_2048_8192_SHA384, - &webpki::RSA_PKCS1_2048_8192_SHA512, - &webpki::RSA_PKCS1_3072_8192_SHA384, -]; - -/// A report generated by an enclave that contains measurement, identity and -/// other data related to enclave. -/// -/// # Note -/// -/// Do not confuse `SgxEnclaveReport` with `AttestationReport`. -/// `SgxEnclaveReport` is generated by SGX hardware and endorsed by Quoting -/// Enclave through local attestation. The endorsed `SgxEnclaveReport` is an -/// `SgxQuote`. The quote is then sent to some attestation service (IAS or -/// DCAP-based AS). The endorsed `SgxQuote` is an attestation report signed by -/// attestation service's private key, a.k.a., `EndorsedAttestationReport`. -pub struct SgxEnclaveReport { - /// Security version number of host system's CPU - pub cpu_svn: [u8; 16], - /// Misc select bits for the target enclave. Reserved for future function - /// extension. - pub misc_select: u32, - /// Attributes of the enclave, for example, whether the enclave is running - /// in debug mode. - pub attributes: [u8; 16], - /// Measurement value of the enclave. See - /// [`EnclaveMeasurement`](../types/struct.EnclaveMeasurement.html) - pub mr_enclave: [u8; 32], - /// Measurement value of the public key that verified the enclave. See - /// [`EnclaveMeasurement`](../types/struct.EnclaveMeasurement.html) - pub mr_signer: [u8; 32], - /// Product ID of the enclave - pub isv_prod_id: u16, - /// Security version number of the enclave - pub isv_svn: u16, - /// Set of data used for communication between enclave and target enclave - pub report_data: [u8; 64], -} - -impl std::fmt::Debug for SgxEnclaveReport { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - writeln!(f, "cpu_svn: {:?}", self.cpu_svn)?; - writeln!(f, "misc_select: {:?}", self.misc_select)?; - writeln!(f, "attributes: {:?}", self.attributes)?; - writeln!(f, "mr_enclave: {:?}", self.mr_enclave)?; - writeln!(f, "mr_signer: {:?}", self.mr_signer)?; - writeln!(f, "isv_prod_id: {}", self.isv_prod_id)?; - writeln!(f, "isv_svn: {}", self.isv_svn)?; - writeln!(f, "report_data: {:?}", &self.report_data.to_vec()) - } -} - -impl SgxEnclaveReport { - /// Parse bytes of report into `SgxEnclaveReport`. - pub fn parse_from<'a>(bytes: &'a [u8]) -> Result { - let mut pos: usize = 0; - let mut take = |n: usize| -> Result<&'a [u8], Error> { - if n > 0 && bytes.len() >= pos + n { - let ret = &bytes[pos..pos + n]; - pos += n; - Ok(ret) - } else { - error!("Enclave report parsing error - bad report size"); - Err(Error::ReportParseError) - } - }; - - // Start parsing report by bytes following specifications. Don't - // transmute directly, since there may cause endianness issue. - // off 48, size 16 - let cpu_svn = <[u8; 16]>::try_from(take(16)?)?; - - // off 64, size 4 - let misc_select = u32::from_le_bytes(<[u8; 4]>::try_from(take(4)?)?); - - // off 68, size 28 - let _reserved = take(28)?; - - // off 96, size 16 - let attributes = <[u8; 16]>::try_from(take(16)?)?; - - // off 112, size 32 - let mr_enclave = <[u8; 32]>::try_from(take(32)?)?; - - // off 144, size 32 - let _reserved = take(32)?; - - // off 176, size 32 - let mr_signer = <[u8; 32]>::try_from(take(32)?)?; - - // off 208, size 96 - let _reserved = take(96)?; - - // off 304, size 2 - let isv_prod_id = u16::from_le_bytes(<[u8; 2]>::try_from(take(2)?)?); - - // off 306, size 2 - let isv_svn = u16::from_le_bytes(<[u8; 2]>::try_from(take(2)?)?); - - // off 308, size 60 - let _reserved = take(60)?; - - // off 368, size 64 - let mut report_data = [0u8; 64]; - let _report_data = take(64)?; - let mut _it = _report_data.iter(); - for i in report_data.iter_mut() { - *i = *_it.next().ok_or(Error::ReportParseError)?; - } - - if pos != bytes.len() { - warn!("Enclave report parsing error."); - return Err(Error::ReportParseError); - }; - - Ok(SgxEnclaveReport { - cpu_svn, - misc_select, - attributes, - mr_enclave, - mr_signer, - isv_prod_id, - isv_svn, - report_data, - }) - } -} - -/// SGX Quote structure version -#[derive(Debug, PartialEq)] -#[allow(dead_code)] -pub enum SgxQuoteVersion { - /// EPID quote version - V1(SgxEpidQuoteSigType), - /// EPID quote version - V2(SgxEpidQuoteSigType), - /// ECDSA quote version - V3(SgxEcdsaQuoteAkType), -} - -/// Intel EPID attestation signature type -#[derive(Debug, PartialEq)] -#[allow(dead_code)] -pub enum SgxEpidQuoteSigType { - Unlinkable, - Linkable, -} - -/// ECDSA attestation key type -#[derive(Debug, PartialEq)] -pub enum SgxEcdsaQuoteAkType { - /// ECDSA-256-with-P-256 curve - P256_256, - /// ECDSA-384-with-P-384 curve - P384_384, -} - -/// SGX Quote status -#[derive(PartialEq, Debug)] -pub enum SgxQuoteStatus { - /// EPID signature of the ISV enclave QUOTE was verified correctly and the - /// TCB level of the SGX platform is up-to-date. - OK, - /// EPID signature of the ISV enclave QUOTE was invalid. The content of the - /// QUOTE is not trustworthy. - /// - /// For DCAP, the signature over the application report is invalid. - SignatureInvalid, - /// The EPID group has been revoked. When this value is returned, the - /// revocation Reason field of the Attestation Verification Report will - /// contain revocation reason code for this EPID group as reported in the - /// EPID Group CRL. The content of the QUOTE is not trustworthy. - GroupRevoked, - /// The EPID private key used to sign the QUOTE has been revoked by - /// signature. The content of the QUOTE is not trustworthy. - SignatureRevoked, - /// The EPID private key used to sign the QUOTE has been directly revoked - /// (not by signature). The content of the QUOTE is not trustworthy. - /// - /// For DCAP, the attestation key or platform has been revoked. - KeyRevoked, - /// SigRL version in ISV enclave QUOTE does not match the most recent - /// version of the SigRL. In rare situations, after SP retrieved the SigRL - /// from IAS and provided it to the platform, a newer version of the SigRL - /// is madeavailable. As a result, the Attestation Verification Report will - /// indicate SIGRL_VERSION_MISMATCH. SP can retrieve the most recent version - /// of SigRL from the IAS and request the platform to perform remote - /// attestation again with the most recent version of SigRL. If the platform - /// keeps failing to provide a valid QUOTE matching with the most recent - /// version of the SigRL, the content of the QUOTE is not trustworthy. - SigrlVersionMismatch, - /// The EPID signature of the ISV enclave QUOTE has been verified correctly, - /// but the TCB level of SGX platform is outdated (for further details see - /// Advisory IDs). The platform has not been identified as compromised and - /// thus it is not revoked. It is up to the Service Provider to decide - /// whether or not to trust the content of the QUOTE, andwhether or not to - /// trust the platform performing the attestation to protect specific - /// sensitive information. - GroupOutOfDate, - /// The EPID signature of the ISV enclave QUOTE has been verified correctly, - /// but additional configuration of SGX platform may be needed(for further - /// details see Advisory IDs). The platform has not been identified as - /// compromised and thus it is not revoked. It is up to the Service Provider - /// to decide whether or not to trust the content of the QUOTE, and whether - /// or not to trust the platform performing the attestation to protect - /// specific sensitive information. - /// - /// For DCAP, The Quote verification passed and the platform is patched to - /// the latest TCB level but additional configuration of the SGX - /// platform may be needed. - ConfigurationNeeded, - /// The EPID signature of the ISV enclave QUOTE has been verified correctly - /// but due to certain issues affecting the platform, additional SW - /// Hardening in the attesting SGX enclaves may be needed.The relying party - /// should evaluate the potential risk of an attack leveraging the relevant - /// issues on the attesting enclave, and whether the attesting enclave - /// employs adequate software hardening to mitigate the risk. - SwHardeningNeeded, - /// The EPID signature of the ISV enclave QUOTE has been verified correctly - /// but additional configuration for the platform and SW Hardening in the - /// attesting SGX enclaves may be needed. The platform has not been - /// identified as compromised and thus it is not revoked. It is up to the - /// Service Provider to decide whether or not to trust the content of the - /// QUOTE. The relying party should also evaluate the potential risk of an - /// attack leveraging the relevant issues on the attestation enclave, and - /// whether the attesting enclave employs adequate software hardening to - /// mitigate the risk. - ConfigurationAndSwHardeningNeeded, - /// DCAP specific quote status. The Quote is good but TCB level of the - /// platform is out of date. The platform needs patching to be at the latest - /// TCB level. - OutOfDate, - /// DCAP specific quote status. The Quote is good but the TCB level of the - /// platform is out of date and additional configuration of the SGX Platform - /// at its current patching level may be needed. The platform needs patching - /// to be at the latest TCB level. - OutOfDateConfigurationNeeded, - /// Other unknown bad status. - UnknownBadStatus, -} - -impl From<&SgxQuoteStatus> for NodeAuthResult { - fn from(status: &SgxQuoteStatus) -> Self { - match status { - SgxQuoteStatus::ConfigurationAndSwHardeningNeeded => { - NodeAuthResult::SwHardeningAndConfigurationNeeded - } - SgxQuoteStatus::ConfigurationNeeded => NodeAuthResult::ConfigurationNeeded, - SgxQuoteStatus::GroupOutOfDate => NodeAuthResult::GroupOutOfDate, - SgxQuoteStatus::KeyRevoked => NodeAuthResult::KeyRevoked, - SgxQuoteStatus::SigrlVersionMismatch => NodeAuthResult::SigrlVersionMismatch, - SgxQuoteStatus::SignatureRevoked => NodeAuthResult::SignatureRevoked, - SgxQuoteStatus::GroupRevoked => NodeAuthResult::GroupRevoked, - _ => NodeAuthResult::BadQuoteStatus, - } - } -} - -impl From<&str> for SgxQuoteStatus { - /// Convert from str status from the report to enum. - fn from(status: &str) -> Self { - match status { - "OK" => SgxQuoteStatus::OK, - "SIGNATURE_INVALID" => SgxQuoteStatus::SignatureInvalid, - "GROUP_REVOKED" => SgxQuoteStatus::GroupRevoked, - "SIGNATURE_REVOKED" => SgxQuoteStatus::SignatureRevoked, - "KEY_REVOKED" => SgxQuoteStatus::KeyRevoked, - "SIGRL_VERSION_MISMATCH" => SgxQuoteStatus::SigrlVersionMismatch, - "GROUP_OUT_OF_DATE" => SgxQuoteStatus::GroupOutOfDate, - "OUT_OF_DATE" => SgxQuoteStatus::OutOfDate, - "OUT_OF_DATE_CONFIGURATION_NEEDED" => SgxQuoteStatus::OutOfDateConfigurationNeeded, - "CONFIGURATION_NEEDED" => SgxQuoteStatus::ConfigurationNeeded, - "SW_HARDENING_NEEDED" => SgxQuoteStatus::SwHardeningNeeded, - "CONFIGURATION_AND_SW_HARDENING_NEEDED" => { - SgxQuoteStatus::ConfigurationAndSwHardeningNeeded - } - _ => SgxQuoteStatus::UnknownBadStatus, - } - } -} - -/// An application that hosts an enclave can ask the enclave to produce a report -/// (`SgxEnclaveReport`) and then pass this report to a platform service -/// (Quoting Enclave) to produce a type of credential that reflects the enclave -/// and platform state. The quote can be passed to entities off the platform, -/// and verified using Intel EPID signature verification techniques. -pub struct SgxQuote { - /// Version of the quote structure - pub version: SgxQuoteVersion, - /// ID of the Intel EPID group of the platform belongs to - pub gid: u32, - /// Security version number of Quoting Enclave - pub isv_svn_qe: u16, - /// Security version number of PCE - pub isv_svn_pce: u16, - /// Vendor ID of Quoting Enclave - pub qe_vendor_id: Uuid, - /// User data - pub user_data: [u8; 20], - /// Report generated by the enclave - pub isv_enclave_report: SgxEnclaveReport, -} - -impl std::fmt::Debug for SgxQuote { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - writeln!(f, "version: {:?}", self.version)?; - writeln!(f, "gid: {}", self.gid)?; - writeln!(f, "isv_svn_qe: {}", self.isv_svn_qe)?; - writeln!(f, "isv_svn_pce: {}", self.isv_svn_pce)?; - writeln!(f, "qe_vendor_id: {}", self.qe_vendor_id)?; - writeln!(f, "user_data: {:?}", &self.user_data)?; - writeln!(f, "isv_enclave_report: \n{:?}", self.isv_enclave_report) - } -} - -impl SgxQuote { - /// Parse from bytes to `SgxQuote`. - // just unused in SW mode - #[allow(dead_code)] - fn parse_from<'a>(bytes: &'a [u8]) -> Result { - let mut pos: usize = 0; - let mut take = |n: usize| -> Result<&'a [u8], Error> { - if n > 0 && bytes.len() >= pos + n { - let ret = &bytes[pos..pos + n]; - pos += n; - Ok(ret) - } else { - warn!("Quote parsing error."); - Err(Error::ReportParseError) - } - }; - - // Parse by bytes according to specifications. - // off 0, size 2 + 2 - let version = match u16::from_le_bytes(<[u8; 2]>::try_from(take(2)?)?) { - 1 => { - let signature_type = match u16::from_le_bytes(<[u8; 2]>::try_from( - take(2).map_err(|_| Error::ReportParseError)?, - )?) { - 0 => SgxEpidQuoteSigType::Unlinkable, - 1 => SgxEpidQuoteSigType::Linkable, - _ => { - warn!("Invalid v1 quote signature type"); - return Err(Error::ReportParseError); - } - }; - SgxQuoteVersion::V1(signature_type) - } - 2 => { - let signature_type = match u16::from_le_bytes(<[u8; 2]>::try_from( - take(2).map_err(|_| Error::ReportParseError)?, - )?) { - 0 => SgxEpidQuoteSigType::Unlinkable, - 1 => SgxEpidQuoteSigType::Linkable, - _ => { - warn!("Invalid v2 quote signature type"); - return Err(Error::ReportParseError); - } - }; - SgxQuoteVersion::V2(signature_type) - } - 3 => { - let attestation_key_type = match u16::from_le_bytes(<[u8; 2]>::try_from( - take(2).map_err(|_| Error::ReportParseError)?, - )?) { - 2 => SgxEcdsaQuoteAkType::P256_256, - 3 => SgxEcdsaQuoteAkType::P384_384, - _ => { - warn!("Quote parsing error - ecdsa quote type invalid"); - return Err(Error::ReportParseError); - } - }; - SgxQuoteVersion::V3(attestation_key_type) - } - _ => { - warn!("Quote parsing error - Unknown quote version"); - return Err(Error::ReportParseError); - } - }; - - // off 4, size 4 - let gid = u32::from_le_bytes(<[u8; 4]>::try_from(take(4).map_err(|_| { - warn!("Failed to parse quote gid"); - Error::ReportParseError - })?)?); - - // off 8, size 2 - let isv_svn_qe = u16::from_le_bytes(<[u8; 2]>::try_from(take(2).map_err(|_| { - warn!("Failed to parse quote isv svn qe"); - Error::ReportParseError - })?)?); - - // off 10, size 2 - let isv_svn_pce = u16::from_le_bytes(<[u8; 2]>::try_from(take(2).map_err(|_| { - warn!("Failed to parse quote isv svn"); - Error::ReportParseError - })?)?); - - // off 12, size 16 - let qe_vendor_id_raw = - <[u8; 16]>::try_from(take(16).map_err(|_| Error::ReportParseError)?)?; - let qe_vendor_id = Uuid::from_slice(&qe_vendor_id_raw).map_err(|_| { - warn!("Failed to parse quote vendor id"); - Error::ReportParseError - })?; - - // off 28, size 20 - let user_data = <[u8; 20]>::try_from(take(20).map_err(|_| { - warn!("Failed to parse quote user data"); - Error::ReportParseError - })?)?; - - // off 48, size 384 - let isv_enclave_report = SgxEnclaveReport::parse_from(take(384).map_err(|_| { - warn!("Failed to parse enclave report"); - Error::ReportParseError - })?)?; - - if pos != bytes.len() { - warn!("Quote parsing error - Quote size different from expected"); - return Err(Error::ReportParseError); - }; - - Ok(Self { - version, - gid, - isv_svn_qe, - isv_svn_pce, - qe_vendor_id, - user_data, - isv_enclave_report, - }) - } -} - -// #[cfg(all(feature = "SGX_MODE_HW", not(feature = "production")))] -// const WHITELISTED_ADVISORIES: &[&str] = &["INTEL-SA-00334", "INTEL-SA-00219"]; -// -// #[cfg(all(feature = "SGX_MODE_HW", feature = "production"))] -// const WHITELISTED_ADVISORIES: &[&str] = &["INTEL-SA-00334", "INTEL-SA-00219"]; -// -// const INTEL_SA_00334: &str = "INTEL-SA-00334"; -// -// lazy_static! { -// static ref ADVISORY_DESC: HashMap<&'static str, &'static str> = [ -// ( -// "INTEL-SA-00161", -// "You must disable hyperthreading in the BIOS" -// ), -// ( -// "INTEL-SA-00289", -// "You must disable overclocking/undervolting in the BIOS" -// ), -// ] -// .iter() -// .copied() -// .collect(); -// } - -#[derive(Debug)] -pub struct AdvisoryIDs(pub Vec); - -const WHITELISTED_ADVISORIES: &[&str] = &[ - "INTEL-SA-00334", - "INTEL-SA-00219", - "INTEL-SA-00615", - "INTEL-SA-00657", - "INTEL-SA-00767", -]; - -lazy_static! { - static ref ADVISORY_DESC: HashMap<&'static str, &'static str> = [ - ( - "INTEL-SA-00161", - "You must disable hyperthreading in the BIOS" - ), - ( - "INTEL-SA-00289", - "You must disable overclocking/undervolting in the BIOS" - ), - ] - .iter() - .copied() - .collect(); -} - -impl AdvisoryIDs { - pub fn vulnerable(&self) -> Vec { - let mut vulnerable: Vec = vec![]; - for i in self.0.iter() { - if !WHITELISTED_ADVISORIES.contains(&i.as_str()) { - vulnerable.push(i.clone()); - if let Some(v) = ADVISORY_DESC.get(&i.as_str()) { - vulnerable.push((*v).to_string()) - } - } - } - vulnerable - } -} - -/// A report that can be signed by Intel EPID (which generates -/// `EndorsedAttestationReport`) and then sent off of the platform to be -/// verified by remote client. -#[derive(Debug)] -pub struct AttestationReport { - /// The freshness of the report, i.e., elapsed time after acquiring the - /// report in seconds. - // pub freshness: Duration, - /// Quote status - pub sgx_quote_status: SgxQuoteStatus, - /// Content of the quote - pub sgx_quote_body: SgxQuote, - pub platform_info_blob: Option>, - pub advisory_ids: AdvisoryIDs, -} - -impl AttestationReport { - /// Construct a AttestationReport from a X509 certificate and verify - /// attestation report with the report_ca_cert which is from the attestation - /// service provider. - // just unused in SW mode - #[allow(dead_code)] - pub fn from_cert(cert: &[u8]) -> Result { - // Before we reach here, Webpki already verifed the cert is properly signed. - - let payload = get_netscape_comment(cert).map_err(|_err| { - error!("Failed to get netscape comment"); - Error::ReportParseError - })?; - - // Convert to endorsed report - let report: EndorsedAttestationReport = serde_json::from_slice(&payload)?; - - // Verify report's signature - aka intel's signing cert - let signing_cert = webpki::EndEntityCert::try_from(report.signing_cert.as_slice()) - .map_err(|_err| { - error!("Failed to validate signature"); - Error::ReportParseError - })?; - - let anchors = vec![webpki::TrustAnchor::try_from_cert_der(IAS_REPORT_CA).unwrap()]; - let anchors = webpki::TlsServerTrustAnchors(&anchors); - - // set as 04.11.23(dd.mm.yy) - should be valid for the foreseeable future, and not rely on SystemTime - #[allow(clippy::unreadable_literal)] - let time_stamp = webpki::Time::from_seconds_since_unix_epoch(1_699_088_856); - - // note: there's no way to not validate the time, and we don't want to write this code - // ourselves. We also can't just ignore the error message, since that means that the rest of - // the validation didn't happen (time is validated early on) - match signing_cert.verify_is_valid_tls_server_cert( - SUPPORTED_SIG_ALGS, - &anchors, - &[IAS_REPORT_CA], - time_stamp, - ) { - Ok(_) => info!("Certificate verified successfully"), - Err(e) => { - error!("Certificate verification error {:?}", e); - return Err(Error::ReportValidationError); - } - }; - - // Verify the signature against the signing cert - match signing_cert.verify_signature( - &webpki::RSA_PKCS1_2048_8192_SHA256, - &report.report, - &report.signature, - ) { - Ok(_) => info!("Signature verified successfully"), - Err(e) => { - warn!("Signature verification error {:?}", e); - return Err(Error::ReportParseError); - } - } - - // Verify and extract information from attestation report - let attn_report: Value = serde_json::from_slice(&report.report)?; - trace!("attn_report: {}", attn_report); - - // Verify API version is supported - let version = attn_report["version"] - .as_u64() - .ok_or(Error::ReportParseError)?; - - if version != 5 { - warn!("API version incompatible"); - return Err(Error::ReportParseError); - }; - - let mut platform_info_blob = None; - if let Some(blob) = attn_report["platformInfoBlob"].as_str() { - let as_binary = hex::decode(blob).map_err(|_| { - warn!("Error parsing platform info"); - Error::ReportParseError - })?; - platform_info_blob = Some(as_binary) - } - - // Get quote status - let sgx_quote_status = { - let status_string = attn_report["isvEnclaveQuoteStatus"] - .as_str() - .ok_or_else(|| { - warn!("Error parsing enclave quote status"); - Error::ReportParseError - })?; - SgxQuoteStatus::from(status_string) - }; - - // Get quote body - let sgx_quote_body = { - let quote_encoded = attn_report["isvEnclaveQuoteBody"].as_str().ok_or_else(|| { - warn!("Error unpacking enclave quote body"); - Error::ReportParseError - })?; - let quote_raw = base64::decode("e_encoded.as_bytes()).map_err(|_| { - warn!("Error decoding encoded quote body"); - Error::ReportParseError - })?; - SgxQuote::parse_from(quote_raw.as_slice())? - }; - - let advisories: Vec = if let Some(raw) = attn_report.get("advisoryIDs") { - serde_json::from_value(raw.clone()).map_err(|_| { - warn!("Failed to decode advisories"); - Error::ReportParseError - })? - } else { - vec![] - }; - - // We don't actually validate the public key, since we use ephemeral certificates, - // and all we really care about that the report is valid and the key that is saved in the - // report_data field - - Ok(Self { - sgx_quote_status, - sgx_quote_body, - platform_info_blob, - advisory_ids: AdvisoryIDs(advisories), - }) - } -} - -#[cfg(feature = "test")] -pub mod tests { - use serde_json::json; - use std::io::Read; - use std::untrusted::fs::File; - - use super::*; - - fn tls_ra_cert_der_test() -> Vec { - let mut cert = vec![]; - let mut f = - File::open("../execute/src/registration/fixtures/attestation_cert_hw_invalid_test.der") - .unwrap(); - f.read_to_end(&mut cert).unwrap(); - - cert - } - - fn tls_ra_cert_der_v3() -> Vec { - let mut cert = vec![]; - let mut f = File::open("../execute/src/registration/fixtures/tls_ra_cert_v3.der").unwrap(); - f.read_to_end(&mut cert).unwrap(); - - cert - } - - fn tls_ra_cert_der_v4() -> Vec { - let mut cert = vec![]; - let mut f = - File::open("../execute/src/registration/fixtures/attestation_cert_out_of_date.der") - .unwrap(); - f.read_to_end(&mut cert).unwrap(); - - cert - } - - fn _test_aes_encrypttls_ra_cert_der_out_of_date() -> Vec { - let mut cert = vec![]; - let mut f = File::open( - "../execute/src/registration/fixtures/attestation_cert_sw_config_needed.der", - ) - .unwrap(); - f.read_to_end(&mut cert).unwrap(); - - cert - } - - fn _ias_root_ca_cert_der() -> Vec { - let mut cert = vec![]; - let mut f = - File::open("../execute/src/registration/fixtures/ias_root_ca_cert.der").unwrap(); - f.read_to_end(&mut cert).unwrap(); - - cert - } - - fn attesation_report() -> Value { - let report = json!({ - "version": 3, - "timestamp": "2020-02-11T22:25:59.682915", - "platformInfoBlob": "1502006504000900000D0D02040180030000000000000000000\ - A00000B000000020000000000000B2FE0AE0F7FD4D552BF7EF4\ - C938D44E349F1BD0E76F041362DC52B43B7B25994978D792137\ - 90362F6DAE91797ACF5BD5072E45F9A60795D1FFB10140421D8\ - 691FFD", - "isvEnclaveQuoteStatus": "GROUP_OUT_OF_DATE", - "isvEnclaveQuoteBody": "AgABAC8LAAAKAAkAAAAAAK1zRQOIpndiP4IhlnW2AkwAAAAA\ - AAAAAAAAAAAAAAAABQ4CBf+AAAAAAAAAAAAAAAAAAAAAAAAA\ - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAA\ - AAAAADMKqRCjd2eA4gAmrj2sB68OWpMfhPH4MH27hZAvWGlT\ - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACD1xnn\ - ferKFHD2uvYqTXdDA8iZ22kCD5xw7h38CMfOngAAAAAAAAAA\ - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\ - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\ - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\ - AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\ - AAAAAAAAAADYIY9k0MVmCdIDUuFLf/2bGIHAfPjO9nvC7fgz\ - rQedeA3WW4dFeI6oe+RCLdV3XYD1n6lEZjITOzPPLWDxulGz", - "id": "53530608302195762335736519878284384788", - "epidPseudonym": "NRksaQej8R/SyyHpZXzQGNBXqfrzPy5KCxcmJrEjupXrq3xrm2y2+J\ - p0IBVtcW15MCekYs9K3UH82fPyj6F5ciJoMsgEMEIvRR+csX9uyd54\ - p+m+/RVyuGYhWbhUcpJigdI5Q3x04GG/A7EP10j/zypwqhYLQh0qN1\ - ykYt1N1P0=" - }); - - report - } - - pub fn test_sgx_quote_parse_from() { - let attn_report = attesation_report(); - let sgx_quote_body_encoded = attn_report["isvEnclaveQuoteBody"].as_str().unwrap(); - let quote_raw = base64::decode(&sgx_quote_body_encoded.as_bytes()).unwrap(); - let sgx_quote = SgxQuote::parse_from(quote_raw.as_slice()).unwrap(); - - assert_eq!( - sgx_quote.version, - SgxQuoteVersion::V2(SgxEpidQuoteSigType::Linkable) - ); - assert_eq!(sgx_quote.gid, 2863); - assert_eq!(sgx_quote.isv_svn_qe, 10); - assert_eq!(sgx_quote.isv_svn_pce, 9); - assert_eq!( - sgx_quote.qe_vendor_id, - Uuid::parse_str("00000000-ad73-4503-88a6-77623f822196").unwrap() - ); - assert_eq!( - sgx_quote.user_data, - [117, 182, 2, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - ); - - let isv_enclave_report = sgx_quote.isv_enclave_report; - assert_eq!( - isv_enclave_report.cpu_svn, - [5, 14, 2, 5, 255, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - ); - assert_eq!(isv_enclave_report.misc_select, 0); - assert_eq!( - isv_enclave_report.attributes, - [7, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0] - ); - assert_eq!( - isv_enclave_report.mr_enclave, - [ - 51, 10, 169, 16, 163, 119, 103, 128, 226, 0, 38, 174, 61, 172, 7, 175, 14, 90, 147, - 31, 132, 241, 248, 48, 125, 187, 133, 144, 47, 88, 105, 83 - ] - ); - assert_eq!( - isv_enclave_report.mr_signer, - [ - 131, 215, 25, 231, 125, 234, 202, 20, 112, 246, 186, 246, 42, 77, 119, 67, 3, 200, - 153, 219, 105, 2, 15, 156, 112, 238, 29, 252, 8, 199, 206, 158 - ] - ); - assert_eq!(isv_enclave_report.isv_prod_id, 0); - assert_eq!(isv_enclave_report.isv_svn, 0); - assert_eq!( - isv_enclave_report.report_data.to_vec(), - [ - 216, 33, 143, 100, 208, 197, 102, 9, 210, 3, 82, 225, 75, 127, 253, 155, 24, 129, - 192, 124, 248, 206, 246, 123, 194, 237, 248, 51, 173, 7, 157, 120, 13, 214, 91, - 135, 69, 120, 142, 168, 123, 228, 66, 45, 213, 119, 93, 128, 245, 159, 169, 68, - 102, 50, 19, 59, 51, 207, 45, 96, 241, 186, 81, 179 - ] - .to_vec() - ); - } - - pub fn test_attestation_report_from_cert() { - let tls_ra_cert = tls_ra_cert_der_v4(); - let report = AttestationReport::from_cert(&tls_ra_cert); - assert!(report.is_ok()); - - let report = report.unwrap(); - assert_eq!(report.sgx_quote_status, SgxQuoteStatus::GroupOutOfDate); - } - - pub fn test_attestation_report_from_cert_invalid() { - let tls_ra_cert = tls_ra_cert_der_v4(); - let report = AttestationReport::from_cert(&tls_ra_cert); - assert!(report.is_ok()); - - let report = report.unwrap(); - assert_eq!(report.sgx_quote_status, SgxQuoteStatus::GroupOutOfDate); - } - - pub fn test_attestation_report_from_cert_api_version_not_compatible() { - let tls_ra_cert = tls_ra_cert_der_v3(); - let report = AttestationReport::from_cert(&tls_ra_cert); - assert!(report.is_err()); - } - - pub fn test_attestation_report_test() { - let tls_ra_cert = tls_ra_cert_der_test(); - let report = AttestationReport::from_cert(&tls_ra_cert); - - if report.is_err() { - println!("err: {:?}", report) - } - - assert!(report.is_ok()); - } -} diff --git a/seed-service/src/main.rs b/seed-service/src/main.rs deleted file mode 100644 index 0ca5bbbf9..000000000 --- a/seed-service/src/main.rs +++ /dev/null @@ -1,463 +0,0 @@ -#![feature(slice_as_chunks)] -mod db; - -use rand_core::{OsRng, RngCore}; -use std::sync::RwLock; - -use crate::db::{create_db, get_seed_count, get_seed_from_db, is_db_exists, write_seed}; -use core::task::{Context, Poll}; -use futures_util::ready; -use hyper::server::accept::Accept; -//use hyper::server::conn::http1; -use hyper::server::conn::{AddrIncoming, AddrStream}; -use hyper::service::{make_service_fn, service_fn}; -use hyper::{Body, Request, Response, Server}; -use std::convert::Infallible; -use std::future::Future; -//use std::net::SocketAddr; -use enclave_contract_engine::report::{AdvisoryIDs, AttestationReport, SgxQuoteStatus}; -use std::collections::HashMap; -use std::pin::Pin; -use std::sync::Arc; -use std::{fs, io, sync}; -use tokio::io::{AsyncRead, AsyncWrite, ReadBuf}; -//use tokio::net::TcpListener; -use lazy_static::lazy_static; -use tokio_rustls::rustls::ServerConfig; - -lazy_static! { - static ref DB_RW_LOCK: RwLock = RwLock::new(0); - static ref CR_RW_LOCK: RwLock, String>> = RwLock::new(HashMap::new()); -} - -enum State { - Handshaking(tokio_rustls::Accept), - Streaming(tokio_rustls::server::TlsStream), -} - -pub struct TlsStream { - state: State, -} - -impl TlsStream { - fn new(stream: AddrStream, config: Arc) -> TlsStream { - let accept = tokio_rustls::TlsAcceptor::from(config).accept(stream); - TlsStream { - state: State::Handshaking(accept), - } - } -} - -const WHITELIST_FROM_FILE: &str = include_str!("../../cosmwasm/enclaves/execute/whitelist.txt"); - -impl AsyncRead for TlsStream { - fn poll_read( - self: Pin<&mut Self>, - cx: &mut Context, - buf: &mut ReadBuf, - ) -> Poll> { - let pin = self.get_mut(); - match pin.state { - State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) { - Ok(mut stream) => { - let result = Pin::new(&mut stream).poll_read(cx, buf); - pin.state = State::Streaming(stream); - result - } - Err(err) => Poll::Ready(Err(err)), - }, - State::Streaming(ref mut stream) => Pin::new(stream).poll_read(cx, buf), - } - } -} - -impl AsyncWrite for TlsStream { - fn poll_write( - self: Pin<&mut Self>, - cx: &mut Context<'_>, - buf: &[u8], - ) -> Poll> { - let pin = self.get_mut(); - match pin.state { - State::Handshaking(ref mut accept) => match ready!(Pin::new(accept).poll(cx)) { - Ok(mut stream) => { - let result = Pin::new(&mut stream).poll_write(cx, buf); - pin.state = State::Streaming(stream); - result - } - Err(err) => Poll::Ready(Err(err)), - }, - State::Streaming(ref mut stream) => Pin::new(stream).poll_write(cx, buf), - } - } - - fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll> { - match self.state { - State::Handshaking(_) => Poll::Ready(Ok(())), - State::Streaming(ref mut stream) => Pin::new(stream).poll_flush(cx), - } - } - - fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll> { - match self.state { - State::Handshaking(_) => Poll::Ready(Ok(())), - State::Streaming(ref mut stream) => Pin::new(stream).poll_shutdown(cx), - } - } -} - -pub struct TlsAcceptor { - config: Arc, - incoming: AddrIncoming, -} - -impl TlsAcceptor { - pub fn new(config: Arc, incoming: AddrIncoming) -> TlsAcceptor { - TlsAcceptor { config, incoming } - } -} - -impl Accept for TlsAcceptor { - type Conn = TlsStream; - type Error = io::Error; - - fn poll_accept( - self: Pin<&mut Self>, - cx: &mut Context<'_>, - ) -> Poll>> { - let pin = self.get_mut(); - match ready!(Pin::new(&mut pin.incoming).poll_accept(cx)) { - Some(Ok(sock)) => Poll::Ready(Some(Ok(TlsStream::new(sock, pin.config.clone())))), - Some(Err(e)) => Poll::Ready(Some(Err(e))), - None => Poll::Ready(None), - } - } -} - -async fn get_seed(idx: u64) -> io::Result<[u8; 32]> { - if idx == 0 { - return Err(error("Unknown seed requested".to_string())); - } - - if idx == 1 { - return Err(error( - "Genesis seed is not stored in the service".to_string(), - )); - } - - println!("Requested seed {}", idx); - let seed_count = get_seed_count()?; - - // Someone is requesting a seed that shouldn't be present - if idx > seed_count { - return Err(error("Failed to fetch the requested seed".to_string())); - } - - if idx + 3 >= seed_count { - generate_seeds(10).await?; - } - - let _unused = DB_RW_LOCK - .read() - .map_err(|e| error(format!("Failed to acquire read lock {}", e)))?; - - // The function that we need the lock for - get_seed_from_db(idx) -} - -async fn generate_seeds(count: u8) -> io::Result<()> { - let _unused = DB_RW_LOCK - .write() - .map_err(|e| error(format!("Failed to acquire write lock {}", e)))?; - - for _ in 1..count + 1 { - let mut seed = [0u8; 32]; - OsRng.fill_bytes(&mut seed); - write_seed(seed)?; - } - - Ok(()) -} - -async fn get_body_as_string(req: Request) -> Result { - let body_bytes = hyper::body::to_bytes(req.into_body()).await; - match body_bytes { - Err(err) => Err(format!("Failed to read request body: {}", err).to_string()), - Ok(body) => match String::from_utf8(body.to_vec()) { - Err(err) => Err(format!("Failed to parse body as string: {}", err).to_string()), - Ok(str) => Ok(str), - }, - } -} - -fn parse_attestation_report(report: String) -> Result { - let decoded_cert = base64::decode(report) - .map_err(|e| format!("Failed to decode base64: {:?}", e).to_string())?; - - AttestationReport::from_cert(&decoded_cert) - .map_err(|e| format!("Failed to decode report: {:?}", e).to_string()) -} - -pub fn verify_quote_status( - quote_status: &SgxQuoteStatus, - advisories: &AdvisoryIDs, -) -> Result<(), String> { - match quote_status { - SgxQuoteStatus::OK => Ok(()), - SgxQuoteStatus::SwHardeningNeeded => Ok(()), - SgxQuoteStatus::ConfigurationAndSwHardeningNeeded => { - let vulnerable = advisories.vulnerable(); - if vulnerable.is_empty() { - Ok(()) - } else { - Err(format!("Platform is updated but requires further BIOS configuration. The following vulnerabilities must be mitigated: {:?}", vulnerable)) - } - } - _ => Err(format!( - "Invalid attestation quote status - cannot verify remote node: {:?} Adv {:?}", - quote_status, advisories - )), - } -} - -fn validate_attestation_report(cert: String) -> Result { - // Validate Intel's cert - let report = match parse_attestation_report(cert) { - Err(err_str) => Err(format!("Failed to validate Intel's cert: {}", err_str).to_string()), - Ok(report) => Ok(report), - }?; - - // Validate challenge - { - let pub_key = get_pub_key_from_report(&report); - let mut cr_store = CR_RW_LOCK - .write() - .map_err(|e| format!("Failed to acquire read lock {}", e))?; - - match cr_store.get(&pub_key) { - None => { - return Err("Got response when no challenge sent".to_string()); - } - Some(challenge) => { - if challenge != &base64::encode(get_response_from_report(&report).as_slice()) { - return Err("Failed to validate response".to_string()); - } - } - } - - cr_store.remove(&pub_key); - } - - if !check_epid_gid_is_whitelisted(&report.sgx_quote_body.gid) { - return Err(format!( - "Platform verification error: quote status {:?}", - &report.sgx_quote_body.gid - )); - } - - verify_quote_status(&report.sgx_quote_status, &report.advisory_ids)?; - - Ok(report) -} - -fn get_response_from_report(report: &AttestationReport) -> Vec { - report.sgx_quote_body.isv_enclave_report.report_data[32..36].to_vec() -} - -fn get_pub_key_from_report(report: &AttestationReport) -> Vec { - report.sgx_quote_body.isv_enclave_report.report_data[0..32].to_vec() -} - -fn get_challenge_for_report(body: String) -> Result { - let mut random_challenge = [0u8; 4]; - OsRng.fill_bytes(&mut random_challenge); - - let serialized_challenge = base64::encode(&random_challenge); - let report = parse_attestation_report(body)?; - - let pub_key = get_pub_key_from_report(&report); - println!( - "Challenged {:?} with {:?}", - get_pub_key_from_report(&report), - random_challenge.clone() - ); - - { - let mut cr_store = CR_RW_LOCK - .write() - .map_err(|e| format!("Failed to acquire write lock {}", e))?; - - cr_store.insert(pub_key, serialized_challenge.clone()); - } - - Ok(serialized_challenge) -} - -async fn handle(req: Request) -> Result, Infallible> { - if req.method().as_str() != "GET" { - return Ok(Response::builder().status(406).body(Body::empty()).unwrap()); - } - - let path = req.uri().path(); - let response = if path == "/" { - Response::new(Body::from("Hello World")) - } else if let Some(idx) = path.strip_prefix("/seed/") { - let parsed_idx = idx.parse::(); - if let Some(err) = parsed_idx.clone().err() { - return Ok(Response::builder() - .status(403) - .body(Body::from(format!( - "Failed to parse index as number: {}", - err - ))) - .unwrap()); - } - - match get_body_as_string(req).await { - Err(err_str) => Response::builder() - .status(403) - .body(Body::from(err_str)) - .unwrap(), - Ok(report) => match validate_attestation_report(report) { - Ok(_) => match get_seed(parsed_idx.unwrap()).await { - Err(e) => { - println!("Failed to get a seed: {}", e); - Response::builder() - .status(403) - .body(Body::from(format!("Failed to fetch seed: {}", e))) - .unwrap() - } - Ok(seed) => Response::new(Body::from(base64::encode(&seed))), - }, - Err(e) => { - println!("Failed to validate attestation report: {}", e); - Response::builder() - .status(403) - .body(Body::from(format!( - "Failed to validate attestation report: {}", - e - ))) - .unwrap() - } - }, - } - } else if path == "/authenticate" { - match get_body_as_string(req).await { - Err(err_str) => Response::builder() - .status(403) - .body(Body::from(err_str)) - .unwrap(), - Ok(body) => match get_challenge_for_report(body) { - Err(err_str) => Response::builder() - .status(403) - .body(Body::from(err_str)) - .unwrap(), - Ok(challenge) => Response::new(Body::from(challenge)), - }, - } - } else { - Response::builder().status(404).body(Body::empty()).unwrap() - }; - - Ok(response) -} - -fn error(err: String) -> io::Error { - io::Error::new(io::ErrorKind::Other, err) -} - -fn check_epid_gid_is_whitelisted(epid_gid: &u32) -> bool { - let decoded = base64::decode(WHITELIST_FROM_FILE.trim()).unwrap(); //will never fail since data is constant - - decoded.as_chunks::<4>().0.iter().any(|&arr| { - if epid_gid == &u32::from_be_bytes(arr) { - return true; - } - false - }) -} - -// Load public certificate from file. -fn load_certs(filename: &str) -> io::Result> { - // Open certificate file. - let certfile = fs::File::open(filename) - .map_err(|e| error(format!("failed to open {}: {}", filename, e)))?; - let mut reader = io::BufReader::new(certfile); - - // Load and return certificate. - let certs = rustls_pemfile::certs(&mut reader) - .map_err(|_| error("failed to load certificate".into()))?; - Ok(certs.into_iter().map(rustls::Certificate).collect()) -} - -// Load private key from file. -fn load_private_key(filename: &str) -> io::Result { - // Open keyfile. - let keyfile = fs::File::open(filename) - .map_err(|e| error(format!("failed to open {}: {}", filename, e)))?; - let mut reader = io::BufReader::new(keyfile); - - // Load and return a single private key. - let keys = rustls_pemfile::rsa_private_keys(&mut reader) - .map_err(|_| error("failed to load private key".into()))?; - if keys.len() != 1 { - return Err(error( - format!("expected a single private key {}", keys.len()).into(), - )); - } - - Ok(rustls::PrivateKey(keys[0].clone())) -} - -fn main() { - if let Err(e) = run_server() { - eprintln!("FAILED: {}", e); - std::process::exit(1); - } -} - -#[tokio::main(worker_threads = 4)] -async fn run_server() -> Result<(), Box> { - let port = "4487"; - let addr = format!("0.0.0.0:{}", port).parse()?; - - if !is_db_exists() { - create_db()?; - generate_seeds(100) - .await - .map_err(|e| error(format!("Failed to generate seeds: {}", e)))?; - } - - let tls_cfg = { - // Load public certificate. - let certs = load_certs("/server.crt")?; - // Load private key. - let key = load_private_key("/server.key")?; - // Do not use client certificate authentication. - let mut cfg = rustls::ServerConfig::builder() - .with_safe_defaults() - .with_no_client_auth() - .with_single_cert(certs, key) - .map_err(|e| error(format!("{}", e)))?; - // Configure ALPN to accept HTTP/2, HTTP/1.1 in that order. - cfg.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()]; - sync::Arc::new(cfg) - }; - - // Create a TCP listener via tokio. - let incoming = AddrIncoming::bind(&addr)?; - - let service = - make_service_fn(move |_| async { Ok::<_, io::Error>(service_fn(move |req| handle(req))) }); - let server = Server::builder(TlsAcceptor::new(tls_cfg, incoming)).serve(service); - - // Run the future, keep going until an error occurs. - println!("Starting to serve on https://{}.", addr); - server.await.map_err(|e| { - error(format!( - "Failed to instantiate a server with addr: {}. error: {}", - addr, e - )) - })?; - Ok(()) -} From 3594a9800dfd30641967c88d69dfad94fc55f7fa Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Mon, 28 Aug 2023 03:42:33 +0300 Subject: [PATCH 5/8] Let's see if this builds --- deployment/dockerfiles/Dockerfile | 86 +++++++++++++++---------------- 1 file changed, 41 insertions(+), 45 deletions(-) diff --git a/deployment/dockerfiles/Dockerfile b/deployment/dockerfiles/Dockerfile index f524b73bb..1c5a8b4b9 100644 --- a/deployment/dockerfiles/Dockerfile +++ b/deployment/dockerfiles/Dockerfile @@ -24,19 +24,7 @@ ENV PATH="/root/.cargo/bin:$PATH" # Set working directory for the build WORKDIR /go/src/github.com/enigmampc/SecretNetwork/ -COPY rust-toolchain rust-toolchain -RUN rustup component add rust-src -RUN cargo install xargo --version 0.3.25 - -# Add submodules -COPY third_party third_party - -# Add source files -COPY go-cosmwasm go-cosmwasm/ -COPY cosmwasm cosmwasm/ - # ***************** COMPILE ENCLAVE ************** # - FROM prepare-compile-enclave AS compile-enclave ARG BUILD_VERSION="v0.0.0" @@ -51,10 +39,6 @@ ENV FEATURES=${FEATURES} ENV FEATURES_U=${FEATURES_U} ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} -COPY rust-toolchain rust-toolchain -RUN rustup component add rust-src -RUN cargo install xargo --version 0.3.25 - # Add submodules COPY third_party third_party @@ -62,6 +46,11 @@ COPY third_party third_party COPY go-cosmwasm go-cosmwasm/ COPY cosmwasm cosmwasm/ +COPY rust-toolchain rust-toolchain +RUN rustup component add rust-src +RUN cargo install xargo --version 0.3.25 + + WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm RUN . /opt/sgxsdk/environment && env \ @@ -71,11 +60,17 @@ ENTRYPOINT ["/bin/bash"] FROM prepare-compile-enclave AS compile-tendermint-enclave +ARG BUILD_VERSION="v0.0.0" ARG SGX_MODE=SW +ARG FEATURES ARG FEATURES_U +ARG MITIGATION_CVE_2020_0551=LOAD -ARG SGX_MODE=${SGX_MODE} +ENV VERSION=${BUILD_VERSION} +ENV SGX_MODE=${SGX_MODE} +ENV FEATURES=${FEATURES} ENV FEATURES_U=${FEATURES_U} +ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} RUN git clone --branch main --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git @@ -85,8 +80,9 @@ RUN git submodule init RUN git submodule update --remote RUN rustup component add rust-src +RUN cargo install xargo --version 0.3.25 -RUN . /opt/sgxsdk/environment && env && MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} SGX_MODE=${SGX_MODE} FEATURES_U="$(echo \"${FEATURES_U}\" | perl -pe 's/go-tests|debug-print//g')" make build +RUN . /opt/sgxsdk/environment && env && LD_LIBRARY_PATH=/opt/sgxsdk/lib64 FEATURES=${FEATURES} MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} SGX_MODE=${SGX_MODE} FEATURES_U="$(echo \"${FEATURES_U}\" | perl -pe 's/go-tests|debug-print//g')" make build # ***************** COMPILE SECRETD ************** # FROM $SCRT_BASE_IMAGE_ENCLAVE AS compile-secretd @@ -137,7 +133,6 @@ RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/relea COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so -# COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy @@ -188,7 +183,6 @@ ENV SCRT_ENCLAVE_DIR=/usr/lib/ # workaround because paths seem kind of messed up RUN ln -s /opt/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/x86_64-linux-gnu/libsgx_urts_sim.so RUN ln -s /opt/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service_sim.so - # Install ca-certificates WORKDIR /root @@ -211,32 +205,34 @@ RUN chmod +x bootstrap_init.sh RUN chmod +x startup.sh RUN chmod +x node_init.sh -RUN secretd completion > /root/secretd_completion - -# RUN echo "SECRET_NODE_TYPE=${SECRET_NODE_TYPE}" >> ~/.bashrc -RUN echo 'source /root/secretd_completion' >> ~/.bashrc - -RUN mkdir -p /root/.secretd/.compute/ -RUN mkdir -p /opt/secret/.sgx_secrets/ -RUN mkdir -p /root/.secretd/.node/ -RUN mkdir -p /root/config/ - - -####### Node parameters -ARG MONIKER=default -ARG CHAINID=secretdev-1 -ARG GENESISPATH=https://raw.githubusercontent.com/enigmampc/SecretNetwork/master/secret-testnet-genesis.json -ARG PERSISTENT_PEERS=201cff36d13c6352acfc4a373b60e83211cd3102@bootstrap.southuk.azure.com:26656 - -ENV GENESISPATH="${GENESISPATH}" -ENV CHAINID="${CHAINID}" -ENV MONIKER="${MONIKER}" -ENV PERSISTENT_PEERS="${PERSISTENT_PEERS}" - -#ENV LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ +ENTRYPOINT ["/bin/bash"] -# Run secretd by default, omit entrypoint to ease using container with secretcli -ENTRYPOINT ["/bin/bash", "startup.sh"] +#RUN LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ secretd completion > /root/secretd_completion +# +## RUN echo "SECRET_NODE_TYPE=${SECRET_NODE_TYPE}" >> ~/.bashrc +#RUN echo 'source /root/secretd_completion' >> ~/.bashrc +# +#RUN mkdir -p /root/.secretd/.compute/ +#RUN mkdir -p /opt/secret/.sgx_secrets/ +#RUN mkdir -p /root/.secretd/.node/ +#RUN mkdir -p /root/config/ +# +# +######## Node parameters +#ARG MONIKER=default +#ARG CHAINID=secretdev-1 +#ARG GENESISPATH=https://raw.githubusercontent.com/enigmampc/SecretNetwork/master/secret-testnet-genesis.json +#ARG PERSISTENT_PEERS=201cff36d13c6352acfc4a373b60e83211cd3102@bootstrap.southuk.azure.com:26656 +# +#ENV GENESISPATH="${GENESISPATH}" +#ENV CHAINID="${CHAINID}" +#ENV MONIKER="${MONIKER}" +#ENV PERSISTENT_PEERS="${PERSISTENT_PEERS}" +# +##ENV LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ +# +## Run secretd by default, omit entrypoint to ease using container with secretcli +#ENTRYPOINT ["/bin/bash", "startup.sh"] # ***************** MAINNET UPGRADE ************** # From ed9a7359647e7de30247f697c4521d390b102f2e Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Mon, 28 Aug 2023 10:00:52 +0300 Subject: [PATCH 6/8] Revert dockerfile changes --- deployment/dockerfiles/Dockerfile | 55 +++++++++++++++---------------- 1 file changed, 26 insertions(+), 29 deletions(-) diff --git a/deployment/dockerfiles/Dockerfile b/deployment/dockerfiles/Dockerfile index 1c5a8b4b9..ba4cc52ef 100644 --- a/deployment/dockerfiles/Dockerfile +++ b/deployment/dockerfiles/Dockerfile @@ -56,8 +56,6 @@ WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm RUN . /opt/sgxsdk/environment && env \ && MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust -ENTRYPOINT ["/bin/bash"] - FROM prepare-compile-enclave AS compile-tendermint-enclave ARG BUILD_VERSION="v0.0.0" @@ -205,34 +203,33 @@ RUN chmod +x bootstrap_init.sh RUN chmod +x startup.sh RUN chmod +x node_init.sh -ENTRYPOINT ["/bin/bash"] -#RUN LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ secretd completion > /root/secretd_completion -# -## RUN echo "SECRET_NODE_TYPE=${SECRET_NODE_TYPE}" >> ~/.bashrc -#RUN echo 'source /root/secretd_completion' >> ~/.bashrc -# -#RUN mkdir -p /root/.secretd/.compute/ -#RUN mkdir -p /opt/secret/.sgx_secrets/ -#RUN mkdir -p /root/.secretd/.node/ -#RUN mkdir -p /root/config/ -# -# -######## Node parameters -#ARG MONIKER=default -#ARG CHAINID=secretdev-1 -#ARG GENESISPATH=https://raw.githubusercontent.com/enigmampc/SecretNetwork/master/secret-testnet-genesis.json -#ARG PERSISTENT_PEERS=201cff36d13c6352acfc4a373b60e83211cd3102@bootstrap.southuk.azure.com:26656 -# -#ENV GENESISPATH="${GENESISPATH}" -#ENV CHAINID="${CHAINID}" -#ENV MONIKER="${MONIKER}" -#ENV PERSISTENT_PEERS="${PERSISTENT_PEERS}" -# -##ENV LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ -# -## Run secretd by default, omit entrypoint to ease using container with secretcli -#ENTRYPOINT ["/bin/bash", "startup.sh"] +RUN secretd completion > /root/secretd_completion + +# RUN echo "SECRET_NODE_TYPE=${SECRET_NODE_TYPE}" >> ~/.bashrc +RUN echo 'source /root/secretd_completion' >> ~/.bashrc + +RUN mkdir -p /root/.secretd/.compute/ +RUN mkdir -p /opt/secret/.sgx_secrets/ +RUN mkdir -p /root/.secretd/.node/ +RUN mkdir -p /root/config/ + + +####### Node parameters +ARG MONIKER=default +ARG CHAINID=secretdev-1 +ARG GENESISPATH=https://raw.githubusercontent.com/enigmampc/SecretNetwork/master/secret-testnet-genesis.json +ARG PERSISTENT_PEERS=201cff36d13c6352acfc4a373b60e83211cd3102@bootstrap.southuk.azure.com:26656 + +ENV GENESISPATH="${GENESISPATH}" +ENV CHAINID="${CHAINID}" +ENV MONIKER="${MONIKER}" +ENV PERSISTENT_PEERS="${PERSISTENT_PEERS}" + +#ENV LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/:/opt/sgxsdk/lib64/ + +# Run secretd by default, omit entrypoint to ease using container with secretcli +ENTRYPOINT ["/bin/bash", "startup.sh"] # ***************** MAINNET UPGRADE ************** # From 4c144349897a2e1284e59dae5c9131d04dd2225b Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Mon, 28 Aug 2023 16:59:29 +0300 Subject: [PATCH 7/8] Should compile now --- cosmwasm/enclaves/shared/utils/Cargo.toml | 2 +- go-cosmwasm/Cargo.lock | 12 ++++++------ go-cosmwasm/build.rs | 3 +-- go.mod | 8 ++++---- go.sum | 4 ++-- 5 files changed, 14 insertions(+), 15 deletions(-) diff --git a/cosmwasm/enclaves/shared/utils/Cargo.toml b/cosmwasm/enclaves/shared/utils/Cargo.toml index 4621239e9..e08e3e9c4 100644 --- a/cosmwasm/enclaves/shared/utils/Cargo.toml +++ b/cosmwasm/enclaves/shared/utils/Cargo.toml @@ -30,4 +30,4 @@ serde = { git = "https://github.com/mesalock-linux/serde-sgx", features = [ ] } serde_json = { git = "https://github.com/mesalock-linux/serde-json-sgx" } -enclave_crypto = {path = "../crypto"} +enclave_crypto = { path = "../crypto" } diff --git a/go-cosmwasm/Cargo.lock b/go-cosmwasm/Cargo.lock index 38449a0b5..e5ab06e3d 100644 --- a/go-cosmwasm/Cargo.lock +++ b/go-cosmwasm/Cargo.lock @@ -367,9 +367,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.19" +version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "memmap" @@ -582,9 +582,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.183" +version = "1.0.188" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32ac8da02677876d532745a130fc9d8e6edfa81a269b107c5b00829b91d8eb3c" +checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" dependencies = [ "serde_derive", ] @@ -600,9 +600,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.183" +version = "1.0.188" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aafe972d60b0b9bee71a91b92fee2d4fb3c9d7e8f6b179aa99f27203d99a4816" +checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ "proc-macro2", "quote", diff --git a/go-cosmwasm/build.rs b/go-cosmwasm/build.rs index a0109e7a0..2fb21f6b7 100644 --- a/go-cosmwasm/build.rs +++ b/go-cosmwasm/build.rs @@ -21,13 +21,12 @@ fn main() { match is_sim.as_ref() { "SW" => { println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"); - println!("cargo:rustc-link-lib=dylib=sgx_uae_service_sim"); + println!("cargo:rustc-link-lib=dylib=sgx_epid_sim"); } // Treat undefined as HW _ => { println!("cargo:rustc-link-lib=dylib=sgx_urts"); println!("cargo:rustc-link-lib=dylib=sgx_epid"); - println!("cargo:rustc-link-lib=dylib=sgx_uae_service"); } } } diff --git a/go.mod b/go.mod index d3abe1bca..73e844308 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,9 @@ module github.com/scrtlabs/SecretNetwork -go 1.19 +go 1.20 replace ( github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52 - // dragonberry github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8.0 // last-marker-in-baseapp branch @@ -15,7 +14,8 @@ replace ( // Fix OSX Ledger Connection Issues - Premerged https://github.com/cosmos/ledger-cosmos-go/pull/36/files github.com/cosmos/ledger-cosmos-go => github.com/chillyvee/ledger-cosmos-go v0.12.2 github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1 - github.com/scrtlabs/tm-secret-enclave => github.com/scrtlabs/tm-secret-enclave v1.9.6 + + github.com/scrtlabs/tm-secret-enclave => github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0 github.com/tendermint/tendermint => github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52 // enforce grpc version @@ -37,7 +37,7 @@ require ( github.com/rakyll/statik v0.1.7 github.com/regen-network/cosmos-proto v0.3.1 github.com/rs/zerolog v1.30.0 - github.com/scrtlabs/tm-secret-enclave v1.7.2-0.20230314102956-8a5bb4f4529d + github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0 github.com/spf13/cast v1.5.0 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 62746f376..d76d8ba14 100644 --- a/go.sum +++ b/go.sum @@ -899,8 +899,8 @@ github.com/scrtlabs/cosmos-sdk v0.45.13-0.20230802150248-ea64f27dc58d h1:J52TETA github.com/scrtlabs/cosmos-sdk v0.45.13-0.20230802150248-ea64f27dc58d/go.mod h1:kOvNW8eRcR6zcO9yEfDa+iexTXdb+/QxHL1OqSEqfAo= github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52 h1:25rvoh2dQgzOOGPj/t1tPKApeeRrcUZtQXZ6wu6mE54= github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52/go.mod h1:H9SALxhCLtq/RwZLDUo/A7q7ri4GSDeZzJDx/mqA23E= -github.com/scrtlabs/tm-secret-enclave v1.9.6 h1:pTQpq1jEU/6m+jThuxl8RFggsG83qLPG/1R8TEI62AE= -github.com/scrtlabs/tm-secret-enclave v1.9.6/go.mod h1:qdFKkARpxJArJ6QiJiJFDu2LWl88hcSPuz6oOgq+cKQ= +github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0 h1:5Ju/+PQRlv2LrY4TtTW2H1zM8miDGEHajotkAi41aJY= +github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= github.com/segmentio/kafka-go v0.1.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo= From 27bda33a1b396f6da122b94b34b7fc1f199afbe1 Mon Sep 17 00:00:00 2001 From: Itzik Grossman Date: Mon, 28 Aug 2023 18:21:25 +0300 Subject: [PATCH 8/8] Change to v1.11.1 tag (no actual code changes) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 73e844308..b4931c1c7 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ replace ( github.com/cosmos/ledger-cosmos-go => github.com/chillyvee/ledger-cosmos-go v0.12.2 github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1 - github.com/scrtlabs/tm-secret-enclave => github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0 + github.com/scrtlabs/tm-secret-enclave => github.com/scrtlabs/tm-secret-enclave v1.11.1 github.com/tendermint/tendermint => github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52 // enforce grpc version diff --git a/go.sum b/go.sum index d76d8ba14..9e7ebca7a 100644 --- a/go.sum +++ b/go.sum @@ -899,8 +899,8 @@ github.com/scrtlabs/cosmos-sdk v0.45.13-0.20230802150248-ea64f27dc58d h1:J52TETA github.com/scrtlabs/cosmos-sdk v0.45.13-0.20230802150248-ea64f27dc58d/go.mod h1:kOvNW8eRcR6zcO9yEfDa+iexTXdb+/QxHL1OqSEqfAo= github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52 h1:25rvoh2dQgzOOGPj/t1tPKApeeRrcUZtQXZ6wu6mE54= github.com/scrtlabs/tendermint v1.9.0-scrt.0.20230802144651-d62916253d52/go.mod h1:H9SALxhCLtq/RwZLDUo/A7q7ri4GSDeZzJDx/mqA23E= -github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0 h1:5Ju/+PQRlv2LrY4TtTW2H1zM8miDGEHajotkAi41aJY= -github.com/scrtlabs/tm-secret-enclave v1.11.1-0.20230828132205-561238bf33c0/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= +github.com/scrtlabs/tm-secret-enclave v1.11.1 h1:UFPMS8XGrgx0SVTcHF0JmM/7nw17sQRMJ3PCg6rlGQA= +github.com/scrtlabs/tm-secret-enclave v1.11.1/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= github.com/segmentio/kafka-go v0.1.0/go.mod h1:X6itGqS9L4jDletMsxZ7Dz+JFWxM6JHfPOCvTvk+EJo=