general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d0f6c9b6b6
occlum/demos/ra_tls
History
Zheng, Qi f4665dac11 Add enclave debuggable verification for ra_tls
2022-03-09 15:53:45 +08:00
..
grpc Add enclave debuggable verification for ra_tls 2022-03-09 15:53:45 +08:00
build_and_install.sh Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00
build_occlum_instance.sh Add enclave debuggable verification for ra_tls 2022-03-09 15:53:45 +08:00
download_and_prepare.sh Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00
env.sh Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00
grpc_ratls_client.yaml Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00
grpc_ratls_server.yaml Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00
ra_config_template.json Add enclave debuggable verification for ra_tls 2022-03-09 15:53:45 +08:00
README.md Add enclave debuggable verification for ra_tls 2022-03-09 15:53:45 +08:00
run.sh Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00
secret_config.json Clean up and update ra_tls demo 2022-03-09 15:53:45 +08:00

README.md

gRPC Package With RA-TLS

Simple GRPC protocol for the demo

  • Server side, holds a json file including secret name and the secret's base64 encoded string.

  • Client side, request the secret by the secret name.

Example libraries/executables in the demo

  • libhw_grpc_proto.so
  • libgrpc_ratls_client.so
  • libgrpc_ratls_server.so
  • client
  • server

APIs defined for sample server and client

  • Server
int gr_start_server(
    const char *server_addr, // grpc server address+port, such as "localhost:50051"
    const char *config_json, // ratls handshake config json file
    const char *secret_json  // secret config json file
);
  • Client
int gr_client_get_secret(
    const char *server_addr, // grpc server address+port, such as "localhost:50051"
    const char *config_json, // ratls handshake config json file
    const char *name, // secret name to be requested
    const char *secret_file // secret file to be saved
);

All source could be found on example

Executing the demo in Occlum

The following command will download prerequisite source and the gRPC source code.

./download_and_prepare.sh

The following command will patch the gRPC source code and do the build and install.

./build_and_install.sh

If musl-libc version is expected.

./build_and_install.sh musl

The following command will generate the client and server occlum images. It automatically parses the mr_enclave and mr_signer of the client, and write the value into dynamic_config.json. If you want to verify the other measurements of client, please modify the ra_config_template.json before run the script.

./build_occlum_instance.sh

If previous build choice is musl.

./build_occlum_instance.sh musl

Run the gRPC server & client in occlum.

./run.sh server &
./run.sh client <request_secret_name> ( cert, key )

Note: 1. The demo runs in the same machine by default. If you want to run server and client in different machines. Please modify the examples/cpp/ratls. 2. If you want to test in your local network with your own PCCS server, you need to modify the /etc/sgx_default_qcnl.conf