enclave | A simpler way to compile React applications http | Frontend Framework library
kandi X-RAY | enclave Summary
kandi X-RAY | enclave Summary
An npm module which handles compiling your JSX and ES2015 code into browser-ready JavaScript.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- This function is used to configure the config .
- Prevents a finish operation .
- Error handler .
enclave Key Features
enclave Examples and Code Snippets
Community Discussions
Trending Discussions on enclave
QUESTION
I am developing a C pseudo-API in which Java code calls C code through the JNI, in which it connects to an Intel SGX Enclave. I have a function in which I create an RSA-Key pair to be used further on.
Create RSA Pair:
...ANSWER
Answered 2022-Mar-23 at 12:08Using ocalls to return information is not the way to go for this.
While I had failed previously with this Idea, the way to go is by adding a pointer and its size to a functions arguments in order to copy the results.
so Enclave EDL
QUESTION
I’m working on boost::beast based application on macOS platform, and I wonder how I can provide a client-side certificate to authenticate against the server ?
basically , in macOS the certificates are stored in keychain, and cannot be exported (backed by dedicated hardware called secured-enclave for better security)…
So I wonder if there’s any callback suitable to sign server’s challenge manually with native macOS native code that send the challenge to the keychain/secure-enclave for signing.
basically, I'm looking for a callback that have roughly the following signature :
...ANSWER
Answered 2022-Mar-20 at 17:40There are examples here:
- asio/example/cpp11/ssl/client.cpp
- asio/example/cpp03/ssl/client.cpp
You can see it integrated in Beast's ssl_stream: https://www.boost.org/doc/libs/1_78_0/libs/beast/doc/html/beast/ref/boost__beast__ssl_stream/set_verify_callback/overload2.html
QUESTION
Good evening, I am building a java project in which it communicates with an Intel SGX Enclave via JNI, and sees information it sends sealed by the enclave.
However, decrypting information returns information I cannot understand, and at this point, I believe it to be due to size differences,but I dont exactly understand it.
So, I know that Sizeof(char*) is equivalent to 1 byte, just like sizeof(jbyte). However, sizeof(jchar) is equivalent to 2 bytes.
After acquiring this knowledge, I decided to implement the Sealing (Or encryption) function by having it take a JByteArray in order to circumvent this problem. Should this byte[] be given in UTF-8 or UTF-16? Does it affect the function overall?
Here is an example of what I do:
...ANSWER
Answered 2022-Feb-13 at 16:17You can't convert random bytes (such as produced by encryption) into UTF-8 (or many multi-byte encodings, 8-bit single byte encodings are fine). The String will most likely become corrupted, as there are byte sequences describing illegal characters, they will be replaced with 0xFFFE or � i.e. he unicode replacement character.
So you will need to keep the byte[] around and not convert that to a String until you've decrypted the byte array, not a String.
QUESTION
I wrote two functions in Objective-C to generate a key pair with method SecKeyCreateRandomKey. In one I use the NSDictionary in another CFMutableDictionaryRef.
The function where I use NSDictionary work perfect on iOS 14 and 15. The code is bellow.
...ANSWER
Answered 2022-Feb-02 at 15:24Use kCFTypeDictionaryKeyCallBacks, kCFTypeDictionaryValueCallBacks as parameters while you create CFDictionaryCreateMutable.
QUESTION
I have a car_data df:
...ANSWER
Answered 2022-Jan-20 at 07:59Do not confuse the mean and the median:
the median is the value separating the higher half from the lower half of a population (wikipedia)
QUESTION
I have an app which generates couple of private keys. When user needs to sign data, they have to authenticate with biometrics and Secure Enclave signs it with the proper private key. Simple.
I got a new requirement - the app needs to be able to sign multiple pieces of data as they arrive in the device and user should authenticate only when signing the first piece.
So my questions are:
Is possible to create a private key that stays unlocked for certain amount of time after user authenticates with biometrics? If so, how?
Is possible to create a private key that stays unlocked until program tells Secure Enclave to lock it? If so, how?
I searched documentation and stack overflow thoroughly, but without any luck. Any help is much appreciated!
...ANSWER
Answered 2021-Dec-23 at 09:22Alright, so after a lot of testing I found the answer to my questions. Normally (in my case), user needs to authenticate each time the private key is used.
In order to be able to do batch operations, we need to use LAContext and set reuse duration:
QUESTION
I am working on a project where the data that comes from the customer through a REST API should be encrypted before sending it to the database. To do that, we need to use AWS Nitro Enclave to do the encryption. So Nitro Enclave will receive the data from the parent EC2, talk to KMS to retrieve the encryption key, encrypt the data and send it back to EC2, then EC2 will send it to the database.
The problem is that the data now is exposed in plain text to any one who can access to the EC2 which defeats the whole purpose of securing the data. My question is: Is there anyway that the data will be intercepted by the Enclave itself, in other words, can the TLS terminate in the Enclave? I know that the Enclave does not have any networking capability but I am not sure now how this Enclave solves the issue of securing the personally identifiable information.
Any clarification on this point is much appreciated.
Many thanks! Zak
...ANSWER
Answered 2021-Dec-22 at 13:37TLS terminate in the Enclave?
Sure, you could use vsock-proxy (part of the Nitro Enclaves CLI installation) to pass the traffic (not terminated) directly to the Nitro Enclave, see https://nitro-enclaves.workshop.aws/en/my-first-enclave/secure-local-channel.html
QUESTION
I am trying to use the Fortanix SGX framework to run libdvdcss in an enclave, but having problems with the linker.
I created a simple FFI wrapper around libdvdcss which works fine when executing it normally on Linux (without SGX and with libdvdcss installed globally). It does not work when I run it with the target x86_64-fortanix-unknown-sgx as specified on the Getting started page, because the linker complains about many missing symbols, especially about malloc etc.
From what I understand, the issue is that there is no libc in SGX, therefore I need to include rs-libc manually, which is basically a libc to use in SGX. The rs-libc crate contains C, ASM and also some Rust code (mostly for malloc). Thus my Cargo.toml:
ANSWER
Answered 2021-Dec-01 at 04:41Adding an extern crate rs_libc; to your crate's root should do the trick. It is mandatory that a dependency declared with extern crate must be given to the linker. In rust 2018 and above, an appropriate declaration is implicitly added to your crate by the compiler if and only if you use one or more of that crate's symbols (rust 2015 requires the extern crate be added explicitly). See the section in the rust reference for more information.
QUESTION
The Intel official remote attestation sample code, e.g. https://www.intel.com/content/www/us/en/developer/articles/code-sample/software-guard-extensions-remote-attestation-end-to-end-example.html, describe a model that encalve runs in client and server provides secret data, as the below picture shows.
Intel Remote Attestation Model
But I want implement a service that computes user's secret data in enclave. So there are many clients providing secret data and a server running encalve. The obstacle is that the intel sgx sdk doesn't fit this model. For example, function sgx_init_ra declared in sgx_tkey_exchange.h accepts a public key for later verification, and intel's document recommends hard-coding the public key into the enclave code.
The Service Provider's public key should be hardcoded into the enclave. This, combined with enclave signing, ensures that the key cannot be changed by end users so that the enclave can only communicate with the intended remote service.
This fits intel's remote attestation model, but not mine. Becuase in my model, there are many client(secret data provider), and it's difficult to get the client's public key safely.
So, Is there a method to use intel sgx sdk in this model?
...ANSWER
Answered 2021-Nov-25 at 09:43Intel, for sure, recommends that you hardcode RA server's public key, but it;s not at all mandatory.
I'm working on a research project that implements enclaves that, upon start, contact a key distribution/rotation server. This server holds all the private/public/symmetric keys needed and distributes them in a secure manner.
If you don't want to hardcode the RA server's pubkey in your enclave, then use the untrusted part of your app to contact a server that will provide the key for you. A way to secure the transaction is the use of MRSIGNER as the identity of the enclave.
To sum up, the workflow could be the following:
- APP, UNTRUSTED: contact key server, fetch RA server's pubkey
- APP, UNTRUSTED: create the enclave, provision it with the pubkey
- APP, TRUSTED: complete the attestation process
- and so on.
But to be clear: be aware that the attesation's goal is twofold. The first is to attest an enclave, the second (which may interest you) is to establish a secure communication channel using the session key generated during the RA's DHKE. This is your secure way to exchange info between the RA server and the enclave.
QUESTION
I want to immigrate PageRank algorithm in the sgx enclave. The algorithm uses vector to save the edge relationship and matrix.
...ANSWER
Answered 2021-Sep-21 at 12:06SGX CPUs (before Icelake) have a limited EPC, this is 128M for CPUs like Skylake, but you can also get 256M with Xeon E-2200. This does not mean that your application cannot use more memory, it simply means that the hardware-accelerated memory range is limited. Pages that don't fit into the EPC are swapped to non-EPC memory (at a considerable performance cost), however this is only implemented in the linux driver.
So, you can set the enclave heap to something much larger like 2G. What you'll see is slower startup time (that 2G must be completely initialized), and if your compute's memory access pattern is scattered in that 2G range then you'll see extremely degraded performance. So try to keep your access patterns local, use sequential/scanning like operations etc, the usual considerations for cache-friendly compute.
Regarding your actual issue, it could be that you're running out of the allocated heap, and that vector just happens to be the "last straw". Remember that the heap must contain not only these datastructures but also the code itself. If you're parsing the input from some serialized format then it could be that the serialized bytes are still retained in memory, if you have other state then that also uses memory, there can be many sources of extraneous usage. If you're using the Intel SDK then I'd recommend compiling in simulation mode, or just link your application into a non-SGX ELF and use usual memory debugging tools to track memory usage.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install enclave
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
