Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add KMS support to crypto pseudo-Node #1846

Merged
merged 4 commits into from Feb 5, 2021
Merged

Add KMS support to crypto pseudo-Node #1846

merged 4 commits into from Feb 5, 2021

Conversation

daviddrysdale
Copy link
Contributor

@daviddrysdale daviddrysdale commented Jan 23, 2021
edited

Checklist

  • Pull request affects core Oak functionality (e.g. runtime, SDK, ABI)
    • I have written tests that cover the code changes.
    • I have checked that these tests are run by
      Cloudbuild
    • I have updated documentation accordingly.
    • I have raised an issue to
      cover any TODOs and/or unfinished work.
  • Pull request includes prototype/experimental work that is under
    construction.

@google-cla google-cla bot added the cla: yes label Jan 23, 2021
@jul-sh jul-sh mentioned this pull request Feb 3, 2021
Merged
6 tasks
conradgrobler
conradgrobler reviewed Feb 4, 2021
View reviewed changes
oak_runtime/Cargo.toml Outdated
@@ -53,7 +53,10 @@ serde_json = "*"
sha2 = "^0.9.1"
tink-core = { version = "^0.1", features = ["json"] }
tink-aead = "^0.1"
tink-awskms = "^0.1"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it feasible to make KMS support feature-gated? These KMS support dependencies worry me, and I would prefer to not always include it in the TCB unless someone really wants to use KMS integration.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, will do.

@daviddrysdale
ci: add build variant that includes KMS support
accc19a 
Not ideal because different features can't be specified independently,
but that's a bigger/different change.
conradgrobler
conradgrobler approved these changes Feb 5, 2021
View reviewed changes
oak_runtime/src/node/crypto/tinkwrap.rs
"retrieve KMS client for {} using credentials in {:?}",
key_uri, self.kms_credentials
);
#[cfg(feature = "awskms")]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. I like how locally contained the feature scoping ended up being.

@daviddrysdale daviddrysdale merged commit 7fef98d into project-oak:main Feb 5, 2021
@github-actions
Copy link

github-actions bot commented Feb 5, 2021

Reproducibility Index:

6f651fd0da154010969d3dbac57a7880c2ed2a91d8246484c7247be7c4db4667  ./examples/abitest/bin/abitest_0_frontend.wasm
f7ac0a621db5c53b3f86f77238f4df1ed5c6af09a63bf674a746678f2cb0644c  ./examples/abitest/bin/abitest_1_backend.wasm
9c108f615413aa114e68438d0f902b502e6c1c5e7d4fe7bb8bc7b750d4def60e  ./examples/aggregator/bin/aggregator.wasm
3105aacfdb98ef516ec58497acfb72a3af591a67faffd6c2a2aa7df98409e68d  ./examples/chat/bin/chat.wasm
1a8257aed76024e8a5c1f400a9657402b46ace69fc26bb4849f87c38ea2b2e96  ./examples/hello_world/bin/hello_world.wasm
8c97d83fe6aa157dbbb01b0931e206bc4d9da058adfc2e0df46a7d1979c495c2  ./examples/hello_world/bin/translator.wasm
00dc476d438a40e46fd5827bfc9e553d1074d3224117f4cb47057f099cb1ca56  ./examples/http_server/bin/http_server.wasm
b43a49ae8e06e165e282ed877050f1ab61ac84ffed8d04011c5dfbd9ea79b5e6  ./examples/injection/bin/injection.wasm
3d525c7bf98f76a3ac545ecd14722d900a804c91c69f04afd33b2e41a7e8a32a  ./examples/private_set_intersection/bin/private_set_intersection.wasm
e7baa8bbf76625baa88769d8a31e250886ad5ab527a7af0f0474400b278e5530  ./examples/private_set_intersection/bin/private_set_intersection_handler.wasm
8c97d83fe6aa157dbbb01b0931e206bc4d9da058adfc2e0df46a7d1979c495c2  ./examples/translator/bin/translator.wasm
281511f222523d02d7a369d6b00c8f4e80d3ad6754af29a04e8b4864fbc1a2bc  ./examples/trusted_database/bin/trusted_database.wasm
7d2ab6e28054bc5a697a46e6b5acf9cf3d2a618db92212f19038fc0e402c275f  ./oak_loader/bin/oak_loader

Reproducibility Index diff:

diff --git a/reproducibility_index b/reproducibility_index
index d2bd887..5f21d35 100644
--- a/reproducibility_index
+++ b/reproducibility_index
@@ -10,4 +10,4 @@ b43a49ae8e06e165e282ed877050f1ab61ac84ffed8d04011c5dfbd9ea79b5e6  ./examples/inj
 e7baa8bbf76625baa88769d8a31e250886ad5ab527a7af0f0474400b278e5530  ./examples/private_set_intersection/bin/private_set_intersection_handler.wasm
 8c97d83fe6aa157dbbb01b0931e206bc4d9da058adfc2e0df46a7d1979c495c2  ./examples/translator/bin/translator.wasm
 281511f222523d02d7a369d6b00c8f4e80d3ad6754af29a04e8b4864fbc1a2bc  ./examples/trusted_database/bin/trusted_database.wasm
-f7f13572ca737e414e848807894b40f6bf8e1cb5d4d742986b40b85c4feac1b8  ./oak_loader/bin/oak_loader
+7d2ab6e28054bc5a697a46e6b5acf9cf3d2a618db92212f19038fc0e402c275f  ./oak_loader/bin/oak_loader

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conradgrobler conradgrobler conradgrobler approved these changes

@tiziano88 tiziano88 Awaiting requested review from tiziano88

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@daviddrysdale @conradgrobler