ehsm

ehsm copied to clipboard

these restful API will be adjusted: POST /ehsm?Action= CreateKey Encrypt Decrypt AsymmetricEncrypt AsymmetricDecrypt Sign Verify GenerateDataKey GenerateDataKeyWithoutPlaintext ExportDataKey test: passed the unittest Signed-off-by: wanghouqi

wanghouqi

How to use EHSM to encrypt a secret data? Is there any relevant document？

3

If I need to enable secret data encryption like KMS，

qihuang0

Reject Restful APIs from the blacklisted callers

yang8621

Change sgx-sdk to sgx-ssl for Cryptographic Functionalities APIs

9

these restful API will be adjusted: POST /ehsm?Action= CreateKey Encrypt Decrypt AsymmetricEncrypt AsymmetricDecrypt Sign Verify GenerateDataKey GenerateDataKeyWithoutPlaintext ExportDataKey test: passed the Python test Signed-off-by: wanghouqi

wanghouqi

remove sgx mounts of k8s, Because K8S natively supports sgx. Signed-off-by: wanghouqi

wanghouqi

- update Kubernetes version to 1.23.5, because 1.19.0 does not support sgx device plugin - add Step 6 for SGX Device Plugin for Kubernetes test passed the K8S cluster Signed-off-by:...

wanghouqi

dkeyserver, dkeycache, kms suport readinessProbe and livenessProbe test passed the K8S Signed-off-by: wanghouqi

wanghouqi

Update docs for k8s deployment

reachal0206

Bugs found in ehsm

23

Hello~ # Heap OOB `enclave_decrypt` defined in EDL set `cmk_size` as `cmk`'s size, but attacker can feed `cmk_size` smaller then `sizeof(ehsm_keyblob_t)`, and TBridge only `malloc` `cmk_size` for it. ```c public...

LeoneChen

syan10