search

apache / incubator-teaclave-sgx-sdk

Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.
https://teaclave.apache.org
Apache License 2.0
1.17k stars 262 forks source link

Is it possible to run a http server inside enclave with rust-sgx-sdk ? #133

Open thanksunix opened 5 years ago

thanksunix commented 5 years ago

Dears, I saw asylo support grpc server running inside enclave. Is there a similar demo in rust-sgx-sdk which can run a http/rpc server inside enclave ?

dingelish commented 5 years ago

Hi there, I have a general purpose, static and strong typed Rust RPC framework which works everywhere. For http server, I can provide something like Rust-SGX SimpleHTTPServer this week.

thanksunix commented 5 years ago

Hi there, I have a general purpose, static and strong typed Rust RPC framework which works everywhere. For http server, I can provide something like Rust-SGX SimpleHTTPServer this week.

Thanks @dingelish . Could you provide the links for the rust rpc framework? Also looking forward to the httpserver demo.

dingelish commented 5 years ago

It is not open-sourced yet.

The early version of that RPC is designed for unifying the interface between different TEEs. We currently have TPM/SGX/TrustZone and they have different native interfaces. So this RPC framework is designed to provide a unified remote-attestation based TLS, plus rpc features.

Days later we split it into two tools: IPC and RPC. IPC replaced the current ECALL/OCALL interface of Intel SGX with another abstraction layer. In this layer, one can easily pass Rust types through the ECALL interface, as long as it is serializable by serde. This IPC tool is suitable for TPM/SGX/TrustZone as well.

After that we refined the RPC tool and create another RA crate, which is in charge of doing everything against X509 and gen/verify certificates. It is also designed for all of SGX/TPM/TrustZone.

We include them in our MesaTEE project. And these crates now are tightly embedded. I need to extract them and make them easy to use -- the same thing to sgx_cov.

Please wait for a few more weeks!

dingelish commented 5 years ago

And I want to say that the refined IPC/RPC/RA tools are very robust. The x509 parser is constructed via something like meta-programming using macros only. And we have unified error handling mechanisms and multi-party signing scheme for consensus of MRENCLAVE/MRSIGNER.

thanksunix commented 5 years ago

@dingelish Thank you for detailed response. Looking forward to this awesome RPC frameworks. You talked about a simple https server demo will be available this week. Is it available now? I only found a tls server/client demo in the samplecode.