feat: initial version

.gitignore

@@ -0,0 +1,15 @@
+app/Enclave_u.c
+app/Enclave_u.h
+app/Enclave_u.o
+enclave/Enclave_t.c
+enclave/Enclave_t.h
+lib/libEnclave_u.a
+bin/
+app/Cargo.lock
+app/target/
+enclave/Cargo.lock
+enclave/Enclave_t.o
+enclave/enclave.so
+enclave/target/
+lib/libenclave.a
+public/

Makefile

@@ -0,0 +1,146 @@
+######## SGX SDK Settings ########
+SGX_SDK_RUST ?= /root/incubator-teaclave-sgx-sdk/
+SGX_SDK ?= /opt/intel/sgxsdk/sgxsdk/
+SGX_MODE ?= SW
+SGX_ARCH ?= x64
+SGXSSL_INCLUDE_PATH ?= $(SGXSSL_CRYPTO)/include
+SGXSSL_CRYPTO_INCLUDE_PATH ?= $(SGXSSL_CRYPTO)/include/crypto
+SGXSSL_TRUSTED_LIB_PATH ?= $(SGXSSL_CRYPTO)/lib64
+
+TOP_DIR := $(SGX_SDK_RUST)
+include $(TOP_DIR)/buildenv.mk
+
+ifeq ($(shell getconf LONG_BIT), 32)
+	SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+	SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+	SGX_COMMON_CFLAGS := -m32
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
+else
+	SGX_COMMON_CFLAGS := -m64
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ifeq ($(SGX_PRERELEASE), 1)
+$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
+endif
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+	SGX_COMMON_CFLAGS += -O0 -g
+else
+	SGX_COMMON_CFLAGS += -O2
+endif
+
+SGX_COMMON_CFLAGS += -fstack-protector
+
+######## CUSTOM Settings ########
+
+CUSTOM_LIBRARY_PATH := ./lib
+CUSTOM_BIN_PATH := ./bin
+CUSTOM_EDL_PATH := $(SGX_SDK_RUST)/edl
+CUSTOM_COMMON_PATH := $(SGX_SDK_RUST)/common
+######## EDL Settings ########
+
+Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h app/Enclave_u.c app/Enclave_u.h
+
+######## APP Settings ########
+
+App_Rust_Flags := --release
+App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml')
+App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH) -I$(SGXSSL_INCLUDE_PATH)
+App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
+
+App_Rust_Path := ./app/target/release
+App_Enclave_u_Object :=lib/libEnclave_u.a
+App_Name := bin/app
+
+######## Enclave Settings ########
+
+ifneq ($(SGX_MODE), HW)
+	Trts_Library_Name := sgx_trts_sim
+	Service_Library_Name := sgx_tservice_sim
+else
+	Trts_Library_Name := sgx_trts
+	Service_Library_Name := sgx_tservice
+endif
+Crypto_Library_Name := sgx_tcrypto
+KeyExchange_Library_Name := sgx_tkey_exchange
+ProtectedFs_Library_Name := sgx_tprotected_fs
+
+RustEnclave_C_Files := $(wildcard ./enclave/*.c)
+RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o)
+RustEnclave_Include_Paths := -I $(CUSTOM_EDL_PATH) -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_COMMON_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include 
+
+RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) -lenclave
+RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) $(ENCLAVE_CFLAGS) $(RustEnclave_Include_Paths)
+RustEnclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -lsgx_tstdc -l$(Service_Library_Name) -l$(Crypto_Library_Name) $(RustEnclave_Link_Libs) -Wl,--end-group \
+	-Wl,--version-script=enclave/Enclave.lds \
+	$(ENCLAVE_LDFLAGS)
+
+RustEnclave_Name := enclave/enclave.so
+Signed_RustEnclave_Name := bin/enclave.signed.so
+
+.PHONY: all
+all: $(App_Name) $(Signed_RustEnclave_Name)
+
+######## EDL Objects ########
+
+$(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl
+	$(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --trusted-dir enclave
+	$(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --untrusted-dir app
+	@echo "GEN  =>  $(Enclave_EDL_Files)"
+
+######## App Objects ########
+
+app/Enclave_u.o: $(Enclave_EDL_Files)
+	@$(CC) $(App_C_Flags) -c app/Enclave_u.c -o $@
+	@echo "CC   <=  $<"
+
+$(App_Enclave_u_Object): app/Enclave_u.o
+	@mkdir -p lib
+	$(AR) rcsD $@ $^
+
+$(App_Name): $(App_Enclave_u_Object) $(App_SRC_Files)
+	@cd app && SGX_SDK=$(SGX_SDK) cargo build $(App_Rust_Flags)
+	@echo "Cargo  =>  $@"
+	mkdir -p bin
+	cp $(App_Rust_Path)/app ./bin
+
+######## Enclave Objects ########
+
+enclave/Enclave_t.o: $(Enclave_EDL_Files)
+	@echo "making enclave objects"
+	@$(CC) $(RustEnclave_Compile_Flags) -c enclave/Enclave_t.c -o $@
+	@echo "CC   <=  $<"
+
+$(RustEnclave_Name): enclave enclave/Enclave_t.o
+	@echo "linking enclave libs"
+	@$(CXX) enclave/Enclave_t.o -o $@ $(RustEnclave_Link_Flags)
+	@echo "LINK =>  $@"
+
+$(Signed_RustEnclave_Name): $(RustEnclave_Name)
+	mkdir -p bin
+	@$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $(RustEnclave_Name) -out $@ -config enclave/Enclave.config.xml
+	@echo "SIGN =>  $@"
+
+.PHONY: enclave
+enclave:
+	$(MAKE) -C ./enclave/
+
+.PHONY: clean
+clean:
+	@rm -f $(App_Name) $(RustEnclave_Name) $(Signed_RustEnclave_Name) enclave/*_t.* app/*_u.* 
+	@rm -r lib
+	@cd enclave && cargo clean && rm -f Cargo.lock
+	@cd app && cargo clean && rm -f Cargo.lock

README.md

@@ -1 +1 @@
-# dauth-api-backend
+

app/Cargo.toml

@@ -0,0 +1,47 @@
+[package]
+name = "app"
+version = "1.0.0"
+authors = ["The Teaclave Authors"]
+build = "build.rs"
+edition = "2021"
+
+
+[dependencies]
+sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_urts = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+actix-web = { version = "=4.1.0", features = ["openssl"] }
+actix-http = "=3.2.1"
+actix-cors = "=0.6.1"
+cookie = "=0.16.0"
+actix-files = { version = "0.6.0" }
+futures-util = { version = "=0.3.25", default-features = false, features = ["sink"] }
+scoped-tls = "=1.0"
+proc-macro2 = { version = "=1.0.40" }
+quote = { version = "=1.0.21" }
+openssl = "=0.10.40"
+serde_derive = "1.0"
+serde = "1.0"
+serde_json = "1.0"
+serde_urlencoded = "0.7"
+hex = "=0.4.3"
+log = "0.4"
+log4rs = "=1.1.1"
+mysql = "*"
+config = "0.13.1"
+rand = "0.8.5"
+jsonwebtoken = "8"
+web3 = "=0.18.0"
+time= "=0.3.9"
+base64 = "=0.13.0"
+chrono = "=0.4.24"
+http_req = "=0.9.0"
+reqwest = { version = "0.11", features = ["blocking", "json"] }
+rayon = "=1.7.0"
+
+[patch.'https://github.com/apache/teaclave-sgx-sdk.git']
+sgx_types = { path = "../../../sgx_types" }
+sgx_urts = { path = "../../../sgx_urts" }
+
+[profile.release]
+debug = true
+

app/build.rs

@@ -0,0 +1,24 @@
+use std::env;
+
+fn main () {
+
+    let sdk_dir = env::var("SGX_SDK")
+                    .unwrap_or_else(|_| "/opt/intel/sgxsdk/sgxsdk".to_string());
+    let is_sim = env::var("SGX_MODE")
+                    .unwrap_or_else(|_| "HW".to_string());
+    let ssl_dir = env::var("SGXSSL_CRYPTO")
+                    .unwrap_or_else(|_| "/opt/intel/sgxssl/".to_string());
+
+    println!("cargo:rustc-link-search=native=../lib");
+    println!("cargo:rustc-link-lib=static=Enclave_u");
+    println!("cargo:rustc-link-search={}/lib64/", sdk_dir);
+    println!("cargo:rustc-link-search={}/lib64/", ssl_dir);
+    println!("cargo:rustc-link-lib=static=sgx_usgxssl");
+    println!("cargo:rustc-link-search=native={}/lib64", sdk_dir);
+    println!("cargo:include=native={}/include/", ssl_dir);
+    match is_sim.as_ref() {
+        "SW" => println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"),
+        "HW" => println!("cargo:rustc-link-lib=dylib=sgx_urts"),
+        _    => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // Treat undefined as HW
+    }
+}

app/conf.toml

@@ -0,0 +1,12 @@
+env = "dev"
+email_account = "[email protected]"
+email_password = ""
+email_server = ""
+db_host = "127.0.0.1"
+db_user = "ksadmin"
+db_password = "ks123"
+db_port = 12345
+db_name = "keysafe"
+node_api_port = 30000
+secret = "keysafe_password_for_test"
+cru_api_server = ""

app/log4rs.yml

@@ -0,0 +1,37 @@
+# Scan this file for changes every 30 seconds
+refresh_rate: 30 seconds
+
+appenders:
+  # An appender named "requests" that writes to a file with a custom pattern encoder
+  steps:
+    kind: rolling_file
+    path: logs/ks.log
+    policy:
+      trigger:
+        kind: size
+        limit: 10 mb
+      roller:
+        kind: fixed_window
+        pattern: logs/ks_{}.log
+        count: 5
+        base: 1
+    encoder:
+      pattern: "{d(%Y-%m-%d %H:%M:%S)} | {({l}):5.5} | {f}:{L} — {m}{n}"
+
+  # An appender named "requests" that writes to a file with a custom pattern encoder
+  errors:
+    kind: file
+    path: logs/err.log
+    filters:
+      - kind: threshold
+        level: error
+    encoder:
+      pattern: "{d(%Y-%m-%d %H:%M:%S)} | {({l}):5.5} | {f}:{L} — {m}{n}"
+
+
+# Set the default logging level to "warn" and attach the "stdout" appender to the root
+root:
+  level: debug
+  appenders:
+    - steps
+    - errors

app/schema.sql

@@ -0,0 +1,37 @@
+create database dauth3;
+use dauth3;
+
+
+drop table if exists account;
+create table account (
+    acc_hash varchar(128),
+    acc_seal varchar(2048),
+    PRIMARY KEY(acc_hash)
+)
+ROW_FORMAT=COMPRESSED
+CHARACTER set = utf8mb4;
+
+drop table if exists auth;
+create table auth (
+    acc_hash varchar(128),
+    auth_id int not null,  /* auth seq or nonce */
+    auth_type varchar(20),
+    audience varchar(128),
+    auth_datetime datetime,
+    auth_exp SERIAL,
+    INDEX i_date using btree(auth_datetime),
+    INDEX i_account using btree(acc_hash),
+    PRIMARY KEY(acc_hash, auth_id)
+)
+ROW_FORMAT=COMPRESSED
+CHARACTER set = utf8mb4;
+
+
+drop user 'duadmin'@'localhost';
+drop user 'duadmin';
+flush privileges;
+create user 'duadmin'@'localhost' identified by 'ks123';
+create user 'duadmin'@'%' identified by 'ks123';
+grant all on dauth.* to 'duadmin'@'localhost';
+grant all on dauth.* to 'duadmin'@'%';
+flush privileges;