Feat: move HMAC verification into enclave

intel / ehsm

An End-to-End Distributed and Scalable Cloud KMS (Key Management System) built on top of Intel SGX enclave-based HSM (Hardware Security Module), aka eHSM.

https://community.intel.com/t5/Blogs/Tech-Innovation/open-intel/An-Intel-SGX-based-Hardware-Security-Module-backed-Key/post/1360130?wapkw=eHSM

BSD 3-Clause "New" or "Revised" License

165 stars 51 forks source link

Feat: move HMAC verification into enclave #296

Closed truc0 closed 1 year ago

truc0 commented 1 year ago

add gen_hmac_safe() function in functions.js and use it for verifying signature of incoming request
add EH_GEN_HMAC action and ffi_generateHmac() handler
add enclave_generate_hmac() function to enclave part of core app for handling HMAC generation in enclave
the original gen_hmac() function is still kept since verifyQuote() depends on this function

close #274

yang8621 commented 1 year ago

Integrate into one commit.