tee

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2025 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrTEENotEnabled            = errors.New("TEE is not enabled")
	ErrInvalidAttestationReport = errors.New("invalid attestation report")
	ErrSecureExecutionFailed    = errors.New("secure execution failed")
	ErrMemoryLimitExceeded      = errors.New("memory limit exceeded")
	ErrExecutionTimeout         = errors.New("execution timeout")
)

Common errors

Functions

func ExecuteJavaScriptSimulation 

func ExecuteJavaScriptSimulation(code string, params map[string]interface{}) (interface{}, error)

ExecuteJavaScriptSimulation simulates JS execution for testing

Types

type AuditEntry 

type AuditEntry struct {
	Timestamp  time.Time `json:"timestamp"`
	UserID     int       `json:"user_id"`
	SecretName string    `json:"secret_name"`
	Action     string    `json:"action"` // "create", "read", "update", "delete"
	Success    bool      `json:"success"`
}

AuditEntry represents an audit log entry for secret access

type BasicMemoryLimiter 

type BasicMemoryLimiter struct {
	// contains filtered or unexported fields
}

BasicMemoryLimiter implements the MemoryLimiter interface

func NewBasicMemoryLimiter 

func NewBasicMemoryLimiter(limitMB int64) *BasicMemoryLimiter

NewBasicMemoryLimiter creates a new memory limiter with the specified limit in MB

func (*BasicMemoryLimiter) Allocate 

func (l *BasicMemoryLimiter) Allocate(size int) error

Allocate checks if the allocation would exceed the limit

func (*BasicMemoryLimiter) CurrentUsage 

func (l *BasicMemoryLimiter) CurrentUsage() int64

CurrentUsage returns the current memory usage

func (*BasicMemoryLimiter) Limit 

func (l *BasicMemoryLimiter) Limit() int64

Limit returns the memory limit

func (*BasicMemoryLimiter) Release 

func (l *BasicMemoryLimiter) Release(size int)

Release decrements the allocated memory counter

func (*BasicMemoryLimiter) Reset 

func (l *BasicMemoryLimiter) Reset()

Reset resets the memory usage counter

type EncryptedSecret 

type EncryptedSecret struct {
	EncryptedData []byte         `json:"encrypted_data"`
	IV            []byte         `json:"iv"`
	KeyID         string         `json:"key_id"`
	Metadata      SecretMetadata `json:"metadata"`
}

EncryptedSecret represents an encrypted secret with metadata

type EnhancedSecretStore 

type EnhancedSecretStore struct {
	// contains filtered or unexported fields
}

EnhancedSecretStore provides a secure secret store with encryption

func NewEnhancedSecretStore 

func NewEnhancedSecretStore(masterKeyBase64 string) (*EnhancedSecretStore, error)

NewEnhancedSecretStore creates a new enhanced secret store

func (*EnhancedSecretStore) DeleteSecret 

func (s *EnhancedSecretStore) DeleteSecret(ctx context.Context, userID int, name string) error

DeleteSecret deletes a secret for a user

func (*EnhancedSecretStore) ExportSecrets 

func (s *EnhancedSecretStore) ExportSecrets(ctx context.Context, userID int) ([]byte, error)

ExportSecrets exports all secrets for a user

func (*EnhancedSecretStore) GetAuditLog 

func (s *EnhancedSecretStore) GetAuditLog(ctx context.Context, userID int, limit int) ([]AuditEntry, error)

GetAuditLog gets the audit log for a user

func (*EnhancedSecretStore) GetInternalSecretsForTesting 

func (s *EnhancedSecretStore) GetInternalSecretsForTesting() map[int]map[string]EncryptedSecret

GetInternalSecretsForTesting returns the internal secrets map for testing

func (*EnhancedSecretStore) GetSecret 

func (s *EnhancedSecretStore) GetSecret(ctx context.Context, userID int, name string) (string, error)

GetSecret retrieves a secret for a user

func (*EnhancedSecretStore) GetSecretMetadata 

func (s *EnhancedSecretStore) GetSecretMetadata(ctx context.Context, userID int, name string) (*SecretMetadata, error)

GetSecretMetadata gets metadata for a secret

func (*EnhancedSecretStore) ImportSecrets 

func (s *EnhancedSecretStore) ImportSecrets(ctx context.Context, userID int, data []byte) error

ImportSecrets imports secrets for a user

func (*EnhancedSecretStore) ListSecrets 

func (s *EnhancedSecretStore) ListSecrets(ctx context.Context, userID int) ([]string, error)

ListSecrets lists all secrets for a user

func (*EnhancedSecretStore) SetKeyRotationInterval 

func (s *EnhancedSecretStore) SetKeyRotationInterval(interval time.Duration)

SetKeyRotationInterval sets the key rotation interval for testing

func (*EnhancedSecretStore) SetSecret 

func (s *EnhancedSecretStore) SetSecret(ctx context.Context, userID int, name, value string) error

SetSecret sets a secret for a user

func (*EnhancedSecretStore) UpdateSecretTags 

func (s *EnhancedSecretStore) UpdateSecretTags(ctx context.Context, userID int, name string, tags []string) error

UpdateSecretTags updates tags for a secret

type EnhancedSecretStoreInterface 

type EnhancedSecretStoreInterface interface {
	SecretStore // Embed the basic SecretStore interface

	// Additional methods for enhanced secret store
	DeleteSecret(ctx context.Context, userID int, name string) error
	ListSecrets(ctx context.Context, userID int) ([]string, error)
	GetSecretMetadata(ctx context.Context, userID int, name string) (*SecretMetadata, error)
	UpdateSecretTags(ctx context.Context, userID int, name string, tags []string) error
	GetAuditLog(ctx context.Context, userID int, limit int) ([]AuditEntry, error)
	ExportSecrets(ctx context.Context, userID int) ([]byte, error)
	ImportSecrets(ctx context.Context, userID int, data []byte) error
	SetSecret(ctx context.Context, userID int, name, value string) error
}

EnhancedSecretStore provides advanced secret management capabilities

type FunctionExecutionContext 

type FunctionExecutionContext struct {
	FunctionID  string
	UserID      int
	ExecutionID string
}

FunctionExecutionContext contains context information for a function execution

type InterruptHandler 

type InterruptHandler struct {
	// contains filtered or unexported fields
}

InterruptHandler handles the interruption of JavaScript execution

func NewInterruptHandler 

func NewInterruptHandler(runtime *JSRuntime) *InterruptHandler

NewInterruptHandler creates a new interrupt handler

func (*InterruptHandler) CreateTimeoutDetails 

func (h *InterruptHandler) CreateTimeoutDetails() *TimeoutDetails

CreateTimeoutDetails creates a new timeout details object

func (*InterruptHandler) GetLoopCount 

func (h *InterruptHandler) GetLoopCount() int64

GetLoopCount returns the current loop count

func (*InterruptHandler) Reset 

func (h *InterruptHandler) Reset()

Reset resets the interrupt handler state

func (*InterruptHandler) Setup 

func (h *InterruptHandler) Setup()

Setup initializes the interrupt handler

func (*InterruptHandler) StartInterruptChecker 

func (h *InterruptHandler) StartInterruptChecker(ctx context.Context)

StartInterruptChecker starts a goroutine to check for timeouts

func (*InterruptHandler) StopInterruptChecker 

func (h *InterruptHandler) StopInterruptChecker()

StopInterruptChecker stops the interrupt checker and cleans up

type IsolationManager 

type IsolationManager struct {
	// contains filtered or unexported fields
}

IsolationManager handles function isolation between executions

func NewIsolationManager 

func NewIsolationManager(runtime *JSRuntime) *IsolationManager

NewIsolationManager creates a new isolation manager

func (*IsolationManager) CleanupAfterExecution 

func (im *IsolationManager) CleanupAfterExecution(ctx context.Context)

CleanupAfterExecution performs cleanup after function execution

func (*IsolationManager) CreateExecutionContextObject 

func (im *IsolationManager) CreateExecutionContextObject() *goja.Object

CreateExecutionContextObject creates a JavaScript object with execution context

func (*IsolationManager) GetExecutionContext 

func (im *IsolationManager) GetExecutionContext() *FunctionExecutionContext

GetExecutionContext gets the current execution context

func (*IsolationManager) ResetState 

func (im *IsolationManager) ResetState()

ResetState resets the isolation manager state between executions

func (*IsolationManager) SetExecutionContext 

func (im *IsolationManager) SetExecutionContext(functionID string, userID int, executionID string)

SetExecutionContext sets the current execution context

func (*IsolationManager) Setup 

func (im *IsolationManager) Setup() error

Setup initializes the isolation manager

type JSRuntime 

type JSRuntime struct {
	// contains filtered or unexported fields
}

JSRuntime provides a JavaScript runtime environment within the TEE

func NewJSRuntime 

func NewJSRuntime(memoryLimit int64, timeoutLimit int, secretStore SecretStore) *JSRuntime

NewJSRuntime creates a new JavaScript runtime

func (*JSRuntime) ExecuteFunction 

func (r *JSRuntime) ExecuteFunction(ctx context.Context, function *models.Function, params map[string]interface{}, userID int) (*models.ExecutionResult, error)

ExecuteFunction executes a JavaScript function within the TEE

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages the TEE environment

func New 

func New(cfg *config.TEEConfig, log *logger.Logger) (*Manager, error)

New creates a new TEE manager

func NewManager 

func NewManager(config *config.Config) *Manager

NewManager creates a new TEE manager

func (*Manager) Close 

func (m *Manager) Close() error

Close closes the TEE manager

func (*Manager) DeleteSecret 

func (m *Manager) DeleteSecret(ctx context.Context, userID int, secretName string) error

DeleteSecret deletes a secret from the TEE

func (*Manager) ExecuteFunction 

func (m *Manager) ExecuteFunction(ctx context.Context, function *models.Function, params map[string]interface{}, secretNames []string) (*models.ExecutionResult, error)

ExecuteFunction executes a JavaScript function in the TEE

func (*Manager) ExecuteSecureFunction 

func (m *Manager) ExecuteSecureFunction(ctx context.Context, code string, params map[string]interface{}) (interface{}, error)

ExecuteSecureFunction executes a function in a secure TEE environment

func (*Manager) GetAttestation 

func (m *Manager) GetAttestation(ctx context.Context) ([]byte, error)

GetAttestation gets an attestation report from the TEE

func (*Manager) GetAttestationReport 

func (m *Manager) GetAttestationReport() (string, error)

GetAttestationReport generates an attestation report for the TEE environment

func (*Manager) GetSecret 

func (m *Manager) GetSecret(ctx context.Context, userID int, secretName string) (string, error)

GetSecret retrieves a secret from the TEE

func (*Manager) IsEnabled 

func (m *Manager) IsEnabled() bool

IsEnabled returns whether TEE is enabled

func (*Manager) StoreSecret 

func (m *Manager) StoreSecret(ctx context.Context, secret *models.Secret) error

StoreSecret securely stores a secret in the TEE

func (*Manager) VerifyAttestationReport 

func (m *Manager) VerifyAttestationReport(report string) (bool, error)

VerifyAttestationReport verifies an attestation report

type MemoryLimitedArrayBufferAllocator 

type MemoryLimitedArrayBufferAllocator struct {
	// contains filtered or unexported fields
}

MemoryLimitedArrayBufferAllocator implements Goja's ArrayBufferAllocator interface

func NewMemoryLimitedArrayBufferAllocator 

func NewMemoryLimitedArrayBufferAllocator(limiter MemoryLimiter) *MemoryLimitedArrayBufferAllocator

NewMemoryLimitedArrayBufferAllocator creates a new array buffer allocator with memory limits

func (*MemoryLimitedArrayBufferAllocator) Allocate 

func (a *MemoryLimitedArrayBufferAllocator) Allocate(size int) ([]byte, error)

Allocate attempts to allocate memory, checking against the limit

func (*MemoryLimitedArrayBufferAllocator) Free 

func (a *MemoryLimitedArrayBufferAllocator) Free(buf []byte)

Free releases allocated memory

type MemoryLimiter 

type MemoryLimiter interface {
	// Allocate requests memory allocation and returns error if limit exceeded
	Allocate(size int) error

	// Release notifies the limiter that memory has been freed
	Release(size int)

	// CurrentUsage returns the current memory usage in bytes
	CurrentUsage() int64

	// Limit returns the maximum allowed memory usage in bytes
	Limit() int64

	// Reset resets the memory usage counter
	Reset()
}

MemoryLimiter provides an interface for tracking and limiting memory usage

type ObjectSizeTracker 

type ObjectSizeTracker struct {
	// contains filtered or unexported fields
}

ObjectSizeTracker tracks object allocations and applies memory limits

func NewObjectSizeTracker 

func NewObjectSizeTracker(runtime *JSRuntime) *ObjectSizeTracker

NewObjectSizeTracker creates a new object size tracker

func (*ObjectSizeTracker) Setup 

func (t *ObjectSizeTracker) Setup() error

Setup initializes object tracking hooks

type Provider 

type Provider interface {
	// Initialize initializes the TEE provider
	Initialize() error

	// ExecuteFunction executes a JavaScript function in the TEE
	ExecuteFunction(ctx context.Context, function *models.Function, params map[string]interface{}, secrets map[string]string) (*models.ExecutionResult, error)

	// StoreSecret securely stores a secret in the TEE
	StoreSecret(ctx context.Context, secret *models.Secret) error

	// GetSecret retrieves a secret from the TEE
	GetSecret(ctx context.Context, userID int, secretName string) (string, error)

	// DeleteSecret deletes a secret from the TEE
	DeleteSecret(ctx context.Context, userID int, secretName string) error

	// GetAttestation gets an attestation report from the TEE
	GetAttestation(ctx context.Context) ([]byte, error)

	// Close closes the TEE provider
	Close() error
}

Provider defines the interface for TEE providers

type SecretMetadata 

type SecretMetadata struct {
	CreatedAt  time.Time `json:"created_at"`
	UpdatedAt  time.Time `json:"updated_at"`
	AccessedAt time.Time `json:"accessed_at"`
	Version    int       `json:"version"`
	Tags       []string  `json:"tags"`
}

SecretMetadata contains metadata about a secret

type SecretStore 

type SecretStore interface {
	GetSecret(ctx context.Context, userID int, name string) (string, error)
}

SecretStore provides the interface for accessing secrets

type TimeoutDetails 

type TimeoutDetails struct {
	TimeoutLimit int    `json:"timeout_limit_seconds"`
	LoopCount    int64  `json:"loop_count"`
	Context      string `json:"context,omitempty"`
}

TimeoutDetails contains additional information about a timeout

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.