DeTEE SGX library, contains Rust implementations for SGX specific features
| examples | ||
| src | ||
| .gitignore | ||
| build_client.sh | ||
| build_server.sh | ||
| build.rs | ||
| Cargo.toml | ||
| client.yaml | ||
| README.md | ||
| server.yaml | ||
Occlum SGX Remote Attestation integrated in TLS connection
Steps to test the project:
occlum-cargo build --example server --features="occlum,actix-web"
strip -s target/x86_64-unknown-linux-musl/debug/examples/server
./build_server.sh
occlum-cargo build --example client --features="occlum,reqwest"
strip -s target/x86_64-unknown-linux-musl/debug/examples/client
./build_client.sh
Mutual RATLS examples
Examples show how to use the mRATLS (Mutual Remote Attestation TLS) in different situations:
- The first example shows how to create mRATLS HTTPS server and client
- The second example shows how to create mRATLS GRPCs server and client
Both the server and the client must be running inside the enclave. So during the remote attestation peers, acquire their RA certificates. And during the TLS handshake, they verify each other's RA certificates. The config allows to whitelist MRENCLAVE, MRSIGNER, PRODID, SVN of the peer.
RATLS examples
Example shows how to create RATLS HTTPS server and client. The server must be running inside the enclave. The client can be running anywhere. The server config allows to whitelist the public ec25519 key of the client. The client config allows to whitelist MRENCLAVE, MRSIGNER, PRODID, SVN of the server.