GithubHelp home page GithubHelp logo

descrow's Introduction

Data Escrow with Intel SGX

This repository contains the supplementary files for the data escrow project. It assumes a connection from the blockchain, which will trigger the functions within this repo.

This project focuses on implementing secure functions to enable data escrow capability with Intel SGX. We have support for key splits, ethereum keygen, key seal and codebases for TLS CLient and Server within this repositoty.

This repository consists of the following codebase:

  • core: core services for the main data escrow functions (main codebase)
  • tlsserver : TLS Server to be executed by the Authority
  • tlsclient : TLSCLient to be used in the data registration

There are known SDK issues which has been reported in sgx-sdk #224, sgx-sdk #220, and #221. This happened due to an incompatible upgrade of the intel sgx sdk, and the maintainers are fixing the issue.

Since there were issues building the files, the code for tlsclient has been moved to a different subfolder temporarily. The codebase should be able to be built independently. Once the issue is fixed, the tlsclient can be merged into core codebase.

Installation Requirements

This implementation is written in Rust using Rust-SDK.

System requirement:

  • Ubuntu 16.04 or 18.04
  • Intel SGX SDK 2.9.1 for Linux installed
  • Docker (Recommended)

It is recommended to use the docker for building this project. The docker images support both hardware SGX mode and software simulator mode. Users with macbook has to run the code with the software simulator mode enabled.

Configuration

The code comes with docker files for building the project easily. Developers can choose to execute the code through hardware mode and software mode. Software mode uses Intel SGX simulator mode, and is the only way that Mac users and developers without access to intel sgx hardware chip could run the code.

Software Mode (Docker)

Run the following command:

docker run -ti --rm -p 8443:8443 -v /path/to/data-escrow:/root/sgx  baiduxlab/sgx-rust
cd sgx
export SGX_MODE=SW

The Makefile sets the SGX_MODE=HW by default, so failure to change the config through environment variable will result in an error. If you face the following issue, please type export SGX_MODE=SW.

Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.

The -p 8443:8443 specifies the port mapping required for TLS communication. Refer to docker networking for more information.

Hardware Mode

Hardware mode only works for host machine with intel SGX chips. Users have to enable the Intel SGX through BIOS and install the Intel SGX SDK for Linux.

Once the SDK is enabled, the folder /dev/isgx should appear. To start a docker with hardware support, add a --device /dev/isgx flag to the docker run command.

docker run -ti --device /dev/isgx --rm -p 8443:8443 -v /path/to/data-escrow:/root/sgx  baiduxlab/sgx-rust
cd sgx

Running the code

Core

cd sgx/core
make clean; make
cd bin
./app

Running TLSServer and TLSClient

Ensure that the TLSClient and TLSServer are run with the -p configured to map container ports to host port. Example, if your TLSServer uses port 8443, add the flag -p 8443:8443 to the docker image.

To change to a custom port, make the edits into the source code, build the files and run a docker image with the mapping to the correct port.

# running the tlsserver
cd sgx/tlserver
make clean; make
cd sgx/tlsserver/bin
./app

# client
cd sgx/tlsclient
make clean; make
cd bin
./app

Utilities

Basics to Rust and IntelSGX

ECalls and OCalls definition are specified in a *.edl file. For fixed-length array in ECALL/OCALL definition, declare it as an array. For dynamic-length array, use the keyword size= to let the Intel SGX knows how many bytes should be copied.

ECalls must be accompanied by a #[no_mangle] flag.

If a Rust SDK is preceded with unsafe, it means we are explicitly telling the compiler to ignore the memory leak guarantees of rust so we can perform functions that the compiler is unable to do memory check on (e.g. enclave functions). If an enclave function is not preceded with an unsafe keyword, rust compiler will not build the file as the compiler won't be able to access the memory space of the intel sgx during compile time.

Docker networking

Getting IP address from the docker.

docker inspect silly_hellman | grep IPAddress

Acknowledgements

Intel SGX Rust SDK: https://github.com/apache/incubator-teaclave-sgx-sdk

descrow's People

Contributors

edison0xyz avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.