This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new d3c3de5 [examples, sdk] Add the mesapy_echo example and move some
functions into Python SDK (#302)
d3c3de5 is described below
commit d3c3de56e9e72568e755b1de32a77aae324ff01c
Author: Mingshen Sun <[email protected]>
AuthorDate: Mon May 18 17:38:35 2020 -0700
[examples, sdk] Add the mesapy_echo example and move some functions into
Python SDK (#302)
---
cmake/scripts/test.sh | 2 +
docs/my-first-function.md | 2 +-
examples/python/builtin_echo.py | 77 +----------------
.../python/{builtin_echo.py => mesapy_echo.py} | 97 ++++------------------
sdk/python/__init__.py | 0
sdk/python/teaclave.py | 73 ++++++++++++++++
6 files changed, 95 insertions(+), 156 deletions(-)
diff --git a/cmake/scripts/test.sh b/cmake/scripts/test.sh
index a7840cf..653abfe 100755
--- a/cmake/scripts/test.sh
+++ b/cmake/scripts/test.sh
@@ -155,7 +155,9 @@ run_examples() {
sleep 3 # wait for execution services
popd
+ export PYTHONPATH=${TEACLAVE_PROJECT_ROOT}/sdk/python
python3 ${TEACLAVE_PROJECT_ROOT}/examples/python/builtin_echo.py
+ python3 ${TEACLAVE_PROJECT_ROOT}/examples/python/mesapy_echo.py
# kill all background services
cleanup
diff --git a/docs/my-first-function.md b/docs/my-first-function.md
index a377e8f..b6e5268 100644
--- a/docs/my-first-function.md
+++ b/docs/my-first-function.md
@@ -107,7 +107,7 @@ Then, run the echo example:
```
$ cd examples/python
-$ python3 builtin_echo.py 'Hello, Teaclave!'
+$ PYTHONPATH=../../sdk/python python3 builtin_echo.py 'Hello, Teaclave!'
[+] registering user
[+] login
[+] registering function
diff --git a/examples/python/builtin_echo.py b/examples/python/builtin_echo.py
index 7056bce..0a0a76d 100644
--- a/examples/python/builtin_echo.py
+++ b/examples/python/builtin_echo.py
@@ -1,21 +1,12 @@
#!/usr/bin/env python3
import socket
-import struct
import ssl
-import json
-import base64
-import toml
import os
import time
import sys
-from cryptography import x509
-from cryptography.hazmat.backends import default_backend
-
-from OpenSSL.crypto import load_certificate, FILETYPE_PEM, FILETYPE_ASN1
-from OpenSSL.crypto import X509Store, X509StoreContext
-from OpenSSL import crypto
+from teaclave import read_message, write_message, verify_report
HOSTNAME = 'localhost'
AUTHENTICATION_SERVICE_ADDRESS = (HOSTNAME, 7776)
@@ -40,65 +31,6 @@ else:
ENCLAVE_INFO_PATH = "../../release/tests/enclave_info.toml"
-def write_message(sock, message):
- message = json.dumps(message)
- message = message.encode()
- sock.write(struct.pack(">Q", len(message)))
- sock.write(message)
-
-
-def read_message(sock):
- response_len = struct.unpack(">Q", sock.read(8))
- response = sock.read(response_len[0])
- response = json.loads(response)
- return response
-
-
-def verify_report(cert, endpoint_name):
- if os.environ.get('SGX_MODE') == 'SW':
- return
-
- cert = x509.load_der_x509_certificate(cert, default_backend())
- ext = json.loads(cert.extensions[0].value.value)
-
- report = bytes(ext["report"])
- signature = bytes(ext["signature"])
- signing_cert = bytes(ext["signing_cert"])
- signing_cert = load_certificate(FILETYPE_ASN1, signing_cert)
-
- # verify signing cert with AS root cert
- with open(AS_ROOT_CA_CERT_PATH) as f:
- as_root_ca_cert = f.read()
- as_root_ca_cert = load_certificate(FILETYPE_PEM, as_root_ca_cert)
- store = X509Store()
- store.add_cert(as_root_ca_cert)
- store.add_cert(signing_cert)
- store_ctx = X509StoreContext(store, as_root_ca_cert)
- store_ctx.verify_certificate()
-
- # verify report's signature
- crypto.verify(signing_cert, signature, bytes(ext["report"]), 'sha256')
-
- report = json.loads(report)
- quote = report['isvEnclaveQuoteBody']
- quote = base64.b64decode(quote)
-
- # get mr_enclave and mr_signer from the quote
- mr_enclave = quote[112:112+32].hex()
- mr_signer = quote[176:176+32].hex()
-
- # get enclave_info
- enclave_info = toml.load(ENCLAVE_INFO_PATH)
-
- # verify mr_enclave and mr_signer
- enclave_name = "teaclave_" + endpoint_name + "_service"
- if mr_enclave != enclave_info[enclave_name]["mr_enclave"]:
- raise Exception("mr_enclave error")
-
- if mr_signer != enclave_info[enclave_name]["mr_signer"]:
- raise Exception("mr_signer error")
-
-
def user_register(channel, user_id, user_password):
message = {
"request": "user_register",
@@ -223,7 +155,7 @@ class BuiltinEchoExample:
sock = socket.create_connection(AUTHENTICATION_SERVICE_ADDRESS)
channel = CONTEXT.wrap_socket(sock, server_hostname=HOSTNAME)
cert = channel.getpeercert(binary_form=True)
- verify_report(cert, "authentication")
+ verify_report(AS_ROOT_CA_CERT_PATH, ENCLAVE_INFO_PATH, cert,
"authentication")
print("[+] registering user")
user_register(channel, self.user_id, self.user_password)
@@ -234,7 +166,7 @@ class BuiltinEchoExample:
sock = socket.create_connection(FRONTEND_SERVICE_ADDRESS)
channel = CONTEXT.wrap_socket(sock, server_hostname=HOSTNAME)
cert = channel.getpeercert(binary_form=True)
- verify_report(cert, "frontend")
+ verify_report(AS_ROOT_CA_CERT_PATH, ENCLAVE_INFO_PATH, cert,
"frontend")
print("[+] registering function")
function_id = register_function(channel, self.user_id, token)
@@ -242,9 +174,6 @@ class BuiltinEchoExample:
print("[+] creating task")
task_id = create_task(channel, self.user_id,
token, function_id, message)
- print("[+] approving task")
- approve_task(channel, self.user_id, token, task_id)
-
print("[+] invoking task")
invoke_task(channel, self.user_id, token, task_id)
diff --git a/examples/python/builtin_echo.py b/examples/python/mesapy_echo.py
similarity index 65%
copy from examples/python/builtin_echo.py
copy to examples/python/mesapy_echo.py
index 7056bce..313af1c 100644
--- a/examples/python/builtin_echo.py
+++ b/examples/python/mesapy_echo.py
@@ -1,21 +1,12 @@
#!/usr/bin/env python3
import socket
-import struct
import ssl
-import json
-import base64
-import toml
import os
import time
import sys
-from cryptography import x509
-from cryptography.hazmat.backends import default_backend
-
-from OpenSSL.crypto import load_certificate, FILETYPE_PEM, FILETYPE_ASN1
-from OpenSSL.crypto import X509Store, X509StoreContext
-from OpenSSL import crypto
+from teaclave import read_message, write_message, verify_report
HOSTNAME = 'localhost'
AUTHENTICATION_SERVICE_ADDRESS = (HOSTNAME, 7776)
@@ -40,65 +31,6 @@ else:
ENCLAVE_INFO_PATH = "../../release/tests/enclave_info.toml"
-def write_message(sock, message):
- message = json.dumps(message)
- message = message.encode()
- sock.write(struct.pack(">Q", len(message)))
- sock.write(message)
-
-
-def read_message(sock):
- response_len = struct.unpack(">Q", sock.read(8))
- response = sock.read(response_len[0])
- response = json.loads(response)
- return response
-
-
-def verify_report(cert, endpoint_name):
- if os.environ.get('SGX_MODE') == 'SW':
- return
-
- cert = x509.load_der_x509_certificate(cert, default_backend())
- ext = json.loads(cert.extensions[0].value.value)
-
- report = bytes(ext["report"])
- signature = bytes(ext["signature"])
- signing_cert = bytes(ext["signing_cert"])
- signing_cert = load_certificate(FILETYPE_ASN1, signing_cert)
-
- # verify signing cert with AS root cert
- with open(AS_ROOT_CA_CERT_PATH) as f:
- as_root_ca_cert = f.read()
- as_root_ca_cert = load_certificate(FILETYPE_PEM, as_root_ca_cert)
- store = X509Store()
- store.add_cert(as_root_ca_cert)
- store.add_cert(signing_cert)
- store_ctx = X509StoreContext(store, as_root_ca_cert)
- store_ctx.verify_certificate()
-
- # verify report's signature
- crypto.verify(signing_cert, signature, bytes(ext["report"]), 'sha256')
-
- report = json.loads(report)
- quote = report['isvEnclaveQuoteBody']
- quote = base64.b64decode(quote)
-
- # get mr_enclave and mr_signer from the quote
- mr_enclave = quote[112:112+32].hex()
- mr_signer = quote[176:176+32].hex()
-
- # get enclave_info
- enclave_info = toml.load(ENCLAVE_INFO_PATH)
-
- # verify mr_enclave and mr_signer
- enclave_name = "teaclave_" + endpoint_name + "_service"
- if mr_enclave != enclave_info[enclave_name]["mr_enclave"]:
- raise Exception("mr_enclave error")
-
- if mr_signer != enclave_info[enclave_name]["mr_signer"]:
- raise Exception("mr_signer error")
-
-
def user_register(channel, user_id, user_password):
message = {
"request": "user_register",
@@ -123,17 +55,23 @@ def user_login(channel, user_id, user_password):
def register_function(channel, user_id, token):
+ payload = b"""
+def entrypoint(argv):
+ assert argv[0] == 'message'
+ assert argv[1] is not None
+ return argv[1]
+"""
message = {
"metadata": {
"id": user_id,
"token": token
},
"request": "register_function",
- "name": "builtin-echo",
- "description": "Native Echo Function",
- "executor_type": "builtin",
+ "name": "mesapy-echo",
+ "description": "An echo function implemented in Python",
+ "executor_type": "python",
"public": True,
- "payload": [],
+ "payload": list(payload),
"arguments": ["message"],
"inputs": [],
"outputs": [],
@@ -155,7 +93,7 @@ def create_task(channel, user_id, token, function_id,
message):
"function_arguments": {
"message": message,
},
- "executor": "builtin",
+ "executor": "mesapy",
"inputs_ownership": [],
"outputs_ownership": [],
}
@@ -214,7 +152,7 @@ def get_task_result(channel, user_id, token, task_id):
return response["content"]["result"]["result"]["Ok"]["return_value"]
-class BuiltinEchoExample:
+class MesaPyEchoExample:
def __init__(self, user_id, user_password):
self.user_id = user_id
self.user_password = user_password
@@ -223,7 +161,7 @@ class BuiltinEchoExample:
sock = socket.create_connection(AUTHENTICATION_SERVICE_ADDRESS)
channel = CONTEXT.wrap_socket(sock, server_hostname=HOSTNAME)
cert = channel.getpeercert(binary_form=True)
- verify_report(cert, "authentication")
+ verify_report(AS_ROOT_CA_CERT_PATH, ENCLAVE_INFO_PATH, cert,
"authentication")
print("[+] registering user")
user_register(channel, self.user_id, self.user_password)
@@ -234,7 +172,7 @@ class BuiltinEchoExample:
sock = socket.create_connection(FRONTEND_SERVICE_ADDRESS)
channel = CONTEXT.wrap_socket(sock, server_hostname=HOSTNAME)
cert = channel.getpeercert(binary_form=True)
- verify_report(cert, "frontend")
+ verify_report(AS_ROOT_CA_CERT_PATH, ENCLAVE_INFO_PATH, cert,
"frontend")
print("[+] registering function")
function_id = register_function(channel, self.user_id, token)
@@ -242,9 +180,6 @@ class BuiltinEchoExample:
print("[+] creating task")
task_id = create_task(channel, self.user_id,
token, function_id, message)
- print("[+] approving task")
- approve_task(channel, self.user_id, token, task_id)
-
print("[+] invoking task")
invoke_task(channel, self.user_id, token, task_id)
@@ -256,7 +191,7 @@ class BuiltinEchoExample:
def main():
- example = BuiltinEchoExample(USER_ID, USER_PASSWORD)
+ example = MesaPyEchoExample(USER_ID, USER_PASSWORD)
if len(sys.argv) > 1:
message = sys.argv[1]
rt = example.echo(message)
diff --git a/sdk/python/__init__.py b/sdk/python/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/sdk/python/teaclave.py b/sdk/python/teaclave.py
new file mode 100644
index 0000000..c7b7421
--- /dev/null
+++ b/sdk/python/teaclave.py
@@ -0,0 +1,73 @@
+#!/usr/bin/env python3
+
+import struct
+import json
+import base64
+import toml
+import os
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+
+from OpenSSL.crypto import load_certificate, FILETYPE_PEM, FILETYPE_ASN1
+from OpenSSL.crypto import X509Store, X509StoreContext
+from OpenSSL import crypto
+
+
+def write_message(sock, message):
+ message = json.dumps(message)
+ message = message.encode()
+ sock.write(struct.pack(">Q", len(message)))
+ sock.write(message)
+
+
+def read_message(sock):
+ response_len = struct.unpack(">Q", sock.read(8))
+ response = sock.read(response_len[0])
+ response = json.loads(response)
+ return response
+
+
+def verify_report(as_root_ca_cert_path, enclave_info_path, cert,
endpoint_name):
+ if os.environ.get('SGX_MODE') == 'SW':
+ return
+
+ cert = x509.load_der_x509_certificate(cert, default_backend())
+ ext = json.loads(cert.extensions[0].value.value)
+
+ report = bytes(ext["report"])
+ signature = bytes(ext["signature"])
+ signing_cert = bytes(ext["signing_cert"])
+ signing_cert = load_certificate(FILETYPE_ASN1, signing_cert)
+
+ # verify signing cert with AS root cert
+ with open(as_root_ca_cert_path) as f:
+ as_root_ca_cert = f.read()
+ as_root_ca_cert = load_certificate(FILETYPE_PEM, as_root_ca_cert)
+ store = X509Store()
+ store.add_cert(as_root_ca_cert)
+ store.add_cert(signing_cert)
+ store_ctx = X509StoreContext(store, as_root_ca_cert)
+ store_ctx.verify_certificate()
+
+ # verify report's signature
+ crypto.verify(signing_cert, signature, bytes(ext["report"]), 'sha256')
+
+ report = json.loads(report)
+ quote = report['isvEnclaveQuoteBody']
+ quote = base64.b64decode(quote)
+
+ # get mr_enclave and mr_signer from the quote
+ mr_enclave = quote[112:112+32].hex()
+ mr_signer = quote[176:176+32].hex()
+
+ # get enclave_info
+ enclave_info = toml.load(enclave_info_path)
+
+ # verify mr_enclave and mr_signer
+ enclave_name = "teaclave_" + endpoint_name + "_service"
+ if mr_enclave != enclave_info[enclave_name]["mr_enclave"]:
+ raise Exception("mr_enclave error")
+
+ if mr_signer != enclave_info[enclave_name]["mr_signer"]:
+ raise Exception("mr_signer error")
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
