faasm
diff --git a/‎accless/.clang-format‎
Lines changed: 246 additions & 0 deletions b/‎accless/.clang-format‎
Lines changed: 246 additions & 0 deletions
diff --git a/‎accless/CMakeLists.txt‎
Lines changed: 73 additions & 0 deletions b/‎accless/CMakeLists.txt‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎workflows/libs/tless/tless.h‎ ‎accless/include/accless.h‎workflows/libs/tless/tless.h renamed to accless/include/accless.h
Lines changed: 13 additions & 14 deletions b/‎workflows/libs/tless/tless.h‎ ‎accless/include/accless.h‎workflows/libs/tless/tless.h renamed to accless/include/accless.h
Lines changed: 13 additions & 14 deletions
@@ -0,0 +1,246 @@
+---
+Language:        Cpp
+# BasedOnStyle:  LLVM
+AccessModifierOffset: -2
+AlignAfterOpenBracket: Align
+AlignArrayOfStructures: None
+AlignConsecutiveAssignments:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  AlignFunctionPointers: false
+  PadOperators:    true
+AlignConsecutiveBitFields:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  AlignFunctionPointers: false
+  PadOperators:    false
+AlignConsecutiveDeclarations:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  AlignFunctionPointers: false
+  PadOperators:    false
+AlignConsecutiveMacros:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  AlignFunctionPointers: false
+  PadOperators:    false
+AlignConsecutiveShortCaseStatements:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCaseColons: false
+AlignEscapedNewlines: Right
+AlignOperands:   Align
+AlignTrailingComments:
+  Kind:            Always
+  OverEmptyLines:  0
+AllowAllArgumentsOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: true
+AllowBreakBeforeNoexceptSpecifier: Never
+AllowShortBlocksOnASingleLine: Never
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortCompoundRequirementOnASingleLine: true
+AllowShortEnumsOnASingleLine: true
+AllowShortFunctionsOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: Never
+AllowShortLambdasOnASingleLine: All
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: None
+AlwaysBreakAfterReturnType: None
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: MultiLine
+AttributeMacros:
+  - __capability
+BinPackArguments: true
+BinPackParameters: true
+BitFieldColonSpacing: Both
+BraceWrapping:
+  AfterCaseLabel:  false
+  AfterClass:      false
+  AfterControlStatement: Never
+  AfterEnum:       false
+  AfterExternBlock: false
+  AfterFunction:   false
+  AfterNamespace:  false
+  AfterObjCDeclaration: false
+  AfterStruct:     false
+  AfterUnion:      false
+  BeforeCatch:     false
+  BeforeElse:      false
+  BeforeLambdaBody: false
+  BeforeWhile:     false
+  IndentBraces:    false
+  SplitEmptyFunction: true
+  SplitEmptyRecord: true
+  SplitEmptyNamespace: true
+BreakAdjacentStringLiterals: true
+BreakAfterAttributes: Leave
+BreakAfterJavaFieldAnnotations: false
+BreakArrays:     true
+BreakBeforeBinaryOperators: None
+BreakBeforeConceptDeclarations: Always
+BreakBeforeBraces: Attach
+BreakBeforeInlineASMColon: OnlyMultiline
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializers: BeforeColon
+BreakInheritanceList: BeforeColon
+BreakStringLiterals: true
+ColumnLimit:     80
+CommentPragmas:  '^ IWYU pragma:'
+CompactNamespaces: false
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+Cpp11BracedListStyle: true
+DerivePointerAlignment: false
+DisableFormat:   false
+EmptyLineAfterAccessModifier: Never
+EmptyLineBeforeAccessModifier: LogicalBlock
+ExperimentalAutoDetectBinPacking: false
+FixNamespaceComments: true
+ForEachMacros:
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IfMacros:
+  - KJ_IF_MAYBE
+IncludeBlocks:   Preserve
+IncludeCategories:
+  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority:        2
+    SortPriority:    0
+    CaseSensitive:   false
+  - Regex:           '^(<|"(gtest|gmock|isl|json)/)'
+    Priority:        3
+    SortPriority:    0
+    CaseSensitive:   false
+  - Regex:           '.*'
+    Priority:        1
+    SortPriority:    0
+    CaseSensitive:   false
+IncludeIsMainRegex: '(Test)?$'
+IncludeIsMainSourceRegex: ''
+IndentAccessModifiers: false
+IndentCaseBlocks: false
+IndentCaseLabels: false
+IndentExternBlock: AfterExternBlock
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentRequiresClause: true
+IndentWidth:     4
+IndentWrappedFunctionNames: false
+InsertBraces:    false
+InsertNewlineAtEOF: false
+InsertTrailingCommas: None
+IntegerLiteralSeparator:
+  Binary:          0
+  BinaryMinDigits: 0
+  Decimal:         0
+  DecimalMinDigits: 0
+  Hex:             0
+  HexMinDigits:    0
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: true
+KeepEmptyLinesAtEOF: false
+LambdaBodyIndentation: Signature
+LineEnding:      DeriveLF
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto
+ObjCBlockIndentWidth: 2
+ObjCBreakBeforeNestedBlockParam: true
+ObjCSpaceAfterProperty: false
+ObjCSpaceBeforeProtocolList: true
+PackConstructorInitializers: BinPack
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakOpenParenthesis: 0
+PenaltyBreakScopeResolution: 500
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyIndentedWhitespace: 0
+PenaltyReturnTypeOnItsOwnLine: 60
+PointerAlignment: Right
+PPIndentWidth:   -1
+QualifierAlignment: Leave
+ReferenceAlignment: Pointer
+ReflowComments:  true
+RemoveBracesLLVM: false
+RemoveParentheses: Leave
+RemoveSemicolon: false
+RequiresClausePosition: OwnLine
+RequiresExpressionIndentation: OuterScope
+SeparateDefinitionBlocks: Leave
+ShortNamespaceLines: 1
+SkipMacroDefinitionBody: false
+SortIncludes:    CaseSensitive
+SortJavaStaticImport: Before
+SortUsingDeclarations: LexicographicNumeric
+SpaceAfterCStyleCast: false
+SpaceAfterLogicalNot: false
+SpaceAfterTemplateKeyword: true
+SpaceAroundPointerQualifiers: Default
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCaseColon: false
+SpaceBeforeCpp11BracedList: false
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeJsonColon: false
+SpaceBeforeParens: ControlStatements
+SpaceBeforeParensOptions:
+  AfterControlStatements: true
+  AfterForeachMacros: true
+  AfterFunctionDefinitionName: false
+  AfterFunctionDeclarationName: false
+  AfterIfMacros:   true
+  AfterOverloadedOperator: false
+  AfterPlacementOperator: true
+  AfterRequiresInClause: false
+  AfterRequiresInExpression: false
+  BeforeNonEmptyParentheses: false
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceBeforeSquareBrackets: false
+SpaceInEmptyBlock: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  Never
+SpacesInContainerLiterals: true
+SpacesInLineCommentPrefix:
+  Minimum:         1
+  Maximum:         -1
+SpacesInParens:  Never
+SpacesInParensOptions:
+  InCStyleCasts:   false
+  InConditionalStatements: false
+  InEmptyParentheses: false
+  Other:           false
+SpacesInSquareBrackets: false
+Standard:        Latest
+StatementAttributeLikeMacros:
+  - Q_EMIT
+StatementMacros:
+  - Q_UNUSED
+  - QT_REQUIRE_VERSION
+TabWidth:        4
+UseTab:          Never
+VerilogBreakBetweenInstancePorts: true
+WhitespaceSensitiveMacros:
+  - BOOST_PP_STRINGIZE
+  - CF_SWIFT_NAME
+  - NS_SWIFT_NAME
+  - PP_STRINGIZE
+  - STRINGIZE
+...
+
@@ -0,0 +1,73 @@
+# -----------------------------------------------------------------------------
+# Accless access control C++ library
+#
+# This library supports native compilation and cross-compilation to WebAssembly.
+# Each version of the library has slightly different features:
+# - Native:
+#       - library to interact with S3 KV
+#       - library to fetch a cVM's attestation from a vTPM on Azure
+# - WASM:
+# -----------------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 3.8.0)
+project(accless)
+
+set(CMAKE_PROJECT_TARGET accless)
+set(CMAKE_CXX_STANDARD 20)
+set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
+
+add_library(${CMAKE_PROJECT_TARGET}
+    ./src/accless.cpp
+    ./src/dag.cpp
+    ./src/utils.cpp
+)
+
+# TODO: for the time being we need to comment this if out if we want UBENCH
+# in WASM because there is  no easy way to pass CMake vars to `wasm_cmake` in
+# faasmtools
+if (ACCLESS_UBENCH)
+    target_compile_definitions(${CMAKE_PROJECT_TARGET} PUBLIC ACCLESS_UBENCH)
+endif ()
+
+if (CMAKE_SYSTEM_NAME STREQUAL "WASI")
+    # The WASM version of the library relies on a pre-populated sysroot as part
+    # of a Faasm installation
+    set(ACCLESS_LIBRARIES
+        faasm
+        rabe-cpp
+        rabe
+        tless-jwt-cpp
+        tless-jwt
+    )
+
+    set(ACCLESS_HEADERS ${CMAKE_CURRENT_LIST_DIR}/include)
+else ()
+    add_subdirectory(./libs/s3)
+
+    set(ACCLESS_LIBRARIES
+        accless::s3
+        # Order matters: librabe-cpp must preceede librabe
+        "/usr/local/lib/rabe/librabe-cpp.a"
+        "/usr/local/lib/rabe/librabe.a"
+    )
+    set(ACCLESS_HEADERS
+        ${CMAKE_CURRENT_LIST_DIR}/include
+        ${CMAKE_CURRENT_LIST_DIR}/libs
+        "/usr/include/rabe"
+    )
+endif()
+
+target_include_directories(${CMAKE_PROJECT_TARGET} PUBLIC ${ACCLESS_HEADERS})
+target_link_libraries(${CMAKE_PROJECT_TARGET} PUBLIC ${ACCLESS_LIBRARIES})
+
+if (CMAKE_SYSTEM_NAME STREQUAL "WASI")
+    # Manually install the .imports file so that we can link against it
+    add_custom_command(
+        TARGET ${CMAKE_PROJECT_TARGET}
+        POST_BUILD
+        COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_LIST_DIR}/libaccless.imports ${CMAKE_CURRENT_BINARY_DIR}/libaccless.imports
+        COMMENT "Created ${PROJECT_BINARY_DIR}/libaccless.imports"
+    )
+endif ()
+
+add_library(accless::accless ALIAS accless)
@@ -10,16 +10,17 @@
 // mr_enclave in the SGX report has type sgx_measurement_t which is a SHA256
 // digest (see sgx_report.h)
 #define MRENCLAVE_SIZE 32
-#define ATT_PROVIDER_JKU "https://faasmattprov.eus2.attest.azure.net/certs"
+#define ATT_PROVIDER_AUD "accless-attestation-service"
+#define ATT_PROVIDER_SUB "attested-client"
 
 // We define with C-linkage all the external symbols that a TLess ECF needs
 // from the runtime environment. These are implemented by the runtime outside
 // of WASM. For correct WASM linkage, these symbols also need to be listed in
 // workflows/libs/tless/libtless.imports
 extern "C" {
-int32_t __tless_is_enabled();
-void __tless_get_attestation_jwt(char** jwt, int32_t* jwtSize);
-void __tless_get_mrenclave(uint8_t* buf, int32_t bufSize);
+int32_t __accless_is_enabled();
+void __accless_get_attestation_jwt(char **jwt, int32_t *jwtSize);
+void __accless_get_mrenclave(uint8_t *buf, int32_t bufSize);
 }
 #endif
 
@@ -29,26 +30,24 @@ void __tless_get_mrenclave(uint8_t* buf, int32_t bufSize);
  * - Decrypt/Encrypt function input/output
  * - Decrypt/Encrypt S3 input/output
  */
-namespace tless {
+namespace accless {
 // Return whether we must use TLess chaining protection mechanisms or not
 bool on();
 
 // Validate that the attested call chain is consistent with the DAG and with
 // the function we are executing (i.e. us). This method is the main entrypoint
 // implementing the chaining validation protocol from the paper. For a
 // detailed explanation of the protocol, see the comment in the source file
-bool checkChain(const std::string& workflow, const std::string& function, int id);
+bool checkChain(const std::string &workflow, const std::string &function,
+                int id);
 
 // Chain a function by name, and return the function id to wait-on
-int32_t chain(const std::string& workflow,
-              const std::string& parentFuncName,
-              int parentIdx,
-              const std::string& funcName,
-              int idx,
-              const std::string& inputData);
+int32_t chain(const std::string &workflow, const std::string &parentFuncName,
+              int parentIdx, const std::string &funcName, int idx,
+              const std::string &inputData);
 
 #ifdef __faasm
 // Wait for a function by its id, and get its output and return code
-std::pair<int, std::string> wait(int32_t functionId, bool ignoreOutput=false);
+std::pair<int, std::string> wait(int32_t functionId, bool ignoreOutput = false);
 #endif
-}
+} // namespace tless