This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new 4898d0a [Add] Support AES-GCM output files. (#629)
4898d0a is described below
commit 4898d0a44e7a7bfde0485c93e98a578f2e4c144f
Author: Zhaofeng Chen <[email protected]>
AuthorDate: Sun Feb 27 12:55:07 2022 -0800
[Add] Support AES-GCM output files. (#629)
---
.../execution/enclave/src/task_file_manager.rs | 42 ++++++++++--------
types/src/staged_file.rs | 50 ++++++++++++++++++----
2 files changed, 65 insertions(+), 27 deletions(-)
diff --git a/services/execution/enclave/src/task_file_manager.rs
b/services/execution/enclave/src/task_file_manager.rs
index 8c0d19a..ea71c2b 100644
--- a/services/execution/enclave/src/task_file_manager.rs
+++ b/services/execution/enclave/src/task_file_manager.rs
@@ -226,22 +226,10 @@ impl InterOutput {
fn convert_to_upload_file(&self) -> Result<FileAuthTag> {
let dest = &self.upload_path;
- let outfile = match self.file.crypto_info {
- FileCrypto::TeaclaveFile128(crypto) => {
- self.staged_info.convert_file(dest, crypto.to_owned())?
- }
-
- FileCrypto::AesGcm128(_) => {
- anyhow::bail!("OutputFile: unsupported type");
- }
- FileCrypto::AesGcm256(_) => {
- anyhow::bail!("OutputFile: unsupported type");
- }
- FileCrypto::Raw => {
- anyhow::bail!("OutputFile: unsupported type");
- }
- };
- Ok(outfile.cmac)
+ let cmac = self
+ .staged_info
+ .convert_for_uploading(dest, self.file.crypto_info.to_owned())?;
+ Ok(cmac)
}
}
@@ -337,8 +325,14 @@ pub mod tests {
.unwrap();
let tag =
FileAuthTag::from_hex("592f1e607649d89ff2aa8a2841a57cad").unwrap();
let input_file = FunctionInputFile::new(input_url, tag, crypto);
+
+ let output_url =
+
Url::parse("http://localhost:6789/fixtures/functions/gbdt_training/result.aes_gcm_128";)
+ .unwrap();
+ let output_file = FunctionOutputFile::new(output_url, crypto);
+
let inputs = hashmap!("training_data" => input_file);
- let outputs = hashmap!();
+ let outputs = hashmap!("result" => output_file);
let task_id = Uuid::new_v4();
let file_mgr = TaskFileManager::new(
@@ -349,7 +343,17 @@ pub mod tests {
&outputs.into(),
)
.unwrap();
- file_mgr.prepare_staged_inputs().unwrap();
- file_mgr.prepare_staged_outputs().unwrap();
+
+ let input_files = file_mgr.prepare_staged_inputs().unwrap();
+ let output_files = file_mgr.prepare_staged_outputs().unwrap();
+ // sin_file has random key1
+ let sin_file = input_files.get("training_data").unwrap();
+ // sout_file has random key2
+ let sout_file = output_files.get("result").unwrap();
+ // convert sin_file to sout_file to simulate the executor's behavior
+ sin_file
+ .convert_to_teaclave_file(&sout_file.path, sout_file.crypto_info)
+ .unwrap();
+ file_mgr.upload_outputs().unwrap();
}
}
diff --git a/types/src/staged_file.rs b/types/src/staged_file.rs
index 1a5e430..9d11f43 100644
--- a/types/src/staged_file.rs
+++ b/types/src/staged_file.rs
@@ -27,6 +27,7 @@ use std::prelude::v1::*;
use std::untrusted::fs::File;
use crate::FileAuthTag;
+use crate::FileCrypto;
use anyhow::Context;
use protected_fs::ProtectedFile;
@@ -64,15 +65,48 @@ impl StagedFileInfo {
Ok(Box::new(f))
}
- pub fn convert_file(
+ pub fn convert_for_uploading(
+ &self,
+ dst: impl AsRef<Path>,
+ crypto_info: FileCrypto,
+ ) -> anyhow::Result<FileAuthTag> {
+ match crypto_info {
+ FileCrypto::TeaclaveFile128(cipher) => {
+ self.convert_to_teaclave_file(dst, cipher.to_owned())
+ }
+ FileCrypto::AesGcm128(cipher) => {
+ let mut src_file = ProtectedFile::open_ex(&self.path,
&self.crypto_info.key)
+ .context("Convert aes-gcm-128: failed to open src file")?;
+ let mut buffer = Vec::new();
+ src_file.read_to_end(&mut buffer)?;
+ let cmac = cipher.encrypt(&mut buffer)?;
+ let mut file = File::create(dst)?;
+ file.write_all(&buffer)?;
+ FileAuthTag::from_bytes(&cmac)
+ }
+ FileCrypto::AesGcm256(cipher) => {
+ let mut src_file = ProtectedFile::open_ex(&self.path,
&self.crypto_info.key)
+ .context("Convert aes-gcm-256: failed to open src file")?;
+ let mut buffer = Vec::new();
+ src_file.read_to_end(&mut buffer)?;
+ let cmac = cipher.encrypt(&mut buffer)?;
+ let mut file = File::create(dst)?;
+ file.write_all(&buffer)?;
+ FileAuthTag::from_bytes(&cmac)
+ }
+ FileCrypto::Raw => anyhow::bail!("OutputFile: unsupported type"),
+ }
+ }
+
+ pub fn convert_to_teaclave_file(
&self,
dst: impl AsRef<Path>,
crypto: TeaclaveFile128Key,
- ) -> anyhow::Result<StagedFileInfo> {
+ ) -> anyhow::Result<FileAuthTag> {
let src_file = ProtectedFile::open_ex(&self.path,
&self.crypto_info.key)
- .context("Convert: failed to open src file")?;
+ .context("Convert teaclave_file: failed to open src file")?;
let mut dest_file = ProtectedFile::create_ex(dst.as_ref(), &crypto.key)
- .context("Convert: failed to create dst file")?;
+ .context("Convert teaclave_file: failed to create dst file")?;
let mut reader = BufReader::with_capacity(4096, src_file);
loop {
@@ -92,11 +126,11 @@ impl StagedFileInfo {
}
dest_file
.flush()
- .context("Convert: dst_file flush failed")?;
- let tag = dest_file
+ .context("Convert teaclave_file: dst_file flush failed")?;
+ let mac = dest_file
.current_meta_gmac()
- .context("Convert: cannot get dst_file gmac")?;
- Ok(StagedFileInfo::new(dst, crypto, tag))
+ .context("Convert teaclave_file: cannot get dst_file gmac")?;
+ FileAuthTag::from_bytes(&mac)
}
#[cfg(test_mode)]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
