• This repository has been archived on 14/Oct/2023
  • Stars
    star
    274
  • Rank 150,274 (Top 3 %)
  • Language
    Rust
  • License
    GNU Affero Genera...
  • Created almost 5 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Secure Value Recovery Service (Beta)

Building the SGX enclave (optional)

Building reproducibly with Docker

Prerequisites:

  • GNU Make
  • Docker (able to run debian image)
$ make -C <repository_root>/enclave

The default docker-install target will create a reproducible build environment image using enclave/docker/Dockerfile, build the enclave inside a container based on the image, and install the resulting enclave into service/kbupd/res/enclave/. The Dockerfile will download a stock dated-snapshot debian Docker image. The Debian project builds their docker images reproducibly, based on the a snapshot of the debian repos on the date of the build from the Debian Snapshot Project. Make will then be run inside the newly built Docker Debian image as in the Building with Debian section below:

NB: the installed enclave will be signed with the SGX debug flag enabled by an automatically generated signing key. Due to Intel SGX licensing requirements, a debug enclave can currently only be run with SGX debugging enabled, allowing inspection of its encrypted memory, and invalidating its security properties. To use an enclave in production, provide the Intel-whitelisted signing key as enclave/libkbupd_enclave.hardened.key before building. Alternatively, the generated enclave/build/libkbupd_enclave.hardened.signdata file can be signed and saved as enclave/build/libkbupd_enclave.sig with corresponding public key at enclave/libkbupd_enclave.pub, and signed using make sign install.

Building with Debian

Prerequisites:

  • GNU Make
  • cmake
  • ninja-build
  • gcc
  • ocaml-native-compilers
  • ocamlbuild
  • automake/autoconf/libtool/pkg-config
  • libssl-dev
  • libcurl4-openssl-dev
  • protobuf-compiler
  • libprotobuf-dev
  • llvm-dev
  • libclang-dev
  • clang
  • git
  • devscripts/debhelper/fakeroot
  • rust 1.37.0 toolchain from rustup
  • Intel SGX SDK v2.17 SDK build dependencies
$ make -C <repository_root>/enclave debuild install

debuild is a debian tool used to build debian packages after it sanitizes the environment and installs build dependences. The primary advantage of using debian packaging tools in this case is to leverage the Reproducible Builds project. While building a debian package, debuild will record the names and versions of all detected build dependencies into a *.buildinfo file, for future reproducibility debugging.

The debuild target also builds parts needed from the Intel SGX SDK v2.17 after cloning it from github.

The install target copies the enclave to service/kbupd/res/enclave/, which should potentially be checked in to be used with the service.

The sign target may also be used as described in Building reproducibly with Docker to produce a release-mode enclave.

Building without Docker or Debian:

Prerequisites:

  • GNU Make
  • cmake
  • ninja-build
  • gcc
  • ocaml-native-compilers
  • ocamlbuild
  • automake/autoconf/libtool/pkg-config
  • libssl-dev
  • libcurl4-openssl-dev
  • protobuf-compiler
  • libprotobuf-dev
  • llvm-dev
  • libclang-dev
  • clang
  • git
  • rust 1.37.0 toolchain from rustup
  • Intel SGX SDK v2.17 SDK build dependencies
$ make -C <repository_root>/enclave all install

The all target will probably fail to reproduce the same binary as above, but doesn't require Docker or Debian Linux.

The sign target may also be used as described in Building reproducibly with Docker to produce a release-mode enclave.

Building the service

Building with Docker

Prerequisites:

  • GNU Make
  • Docker (able to run ubuntu image)
$ make -C <repository_root>/service docker

Building without Docker

Prerequisites:

  • GNU Make
  • a C compiler
  • rust toolchain (i.e. rustc, cargo)
  • libsgx-enclave-common from source or prebuilt
  • libssl-dev (OpenSSL)
  • libseccomp-dev
  • pkg-config
  • protobuf-compiler
  • Intel SGX SDK SDK headers (common/inc/sgx*.h) installed in a system include directory
$ make -C <repository_root>/service all

Running the service

Runtime requirements:

$ service/build/target/release/kbupd help

More Repositories

1

Signal-Android

A private messenger for Android.
Kotlin
25,358
star
2

Signal-Desktop

A private messenger for Windows, macOS, and Linux.
TypeScript
14,441
star
3

Signal-iOS

A private messenger for iOS.
Swift
10,703
star
4

Signal-Server

Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Java
9,071
star
5

libsignal

Home to the Signal Protocol as well as other cryptographic primitives which make Signal possible.
Rust
3,345
star
6

libsignal-protocol-javascript

This library is no longer maintained. libsignal-protocol-javascript was an implementation of the Signal Protocol, written in JavaScript. It has been replaced by libsignal-client’s typesafe TypeScript API.
JavaScript
1,954
star
7

libsignal-protocol-java

Java
1,823
star
8

libsignal-protocol-c

C
1,404
star
9

BitHub

BTC + BitHub = An experiment in funding privacy OSS.
Java
997
star
10

Signal-TLS-Proxy

Shell
830
star
11

libsignal-service-java

A Java/Android library for communicating with the Signal messaging service.
Java
584
star
12

ringrtc

Rust
538
star
13

Signal-Calling-Service

Forwards media from 1 group call device to N group call devices.
Rust
412
star
14

Flock

Private contact and calendar sync for Android.
Java
358
star
15

ContactDiscoveryService

C
279
star
16

curve25519-java

Pure Java and JNI backed Curve25519 implementation.
C
230
star
17

gradle-witness

A gradle plugin that enables static verification for remote dependencies.
Groovy
229
star
18

SignalProtocolKit

This library is no longer maintained. SignalProtocolKit was an implementation of the Signal Protocol, written in Objective-C. It has been replaced by libsignal-client’s type safe Swift API.
Objective-C
213
star
19

webrtc

C++
140
star
20

PushServer

A microservice for communicating with push gateways.
Java
115
star
21

WhisperYAFFS

Encrypted Filesystem Support For YAFFS2
C
104
star
22

jobmanager

Android library for executing tasks.
Java
103
star
23

WebSocket-Resources

A Dropwizard library that lets you use Jersey-style Resources over WebSockets
Java
91
star
24

better-sqlite3

C++
76
star
25

SignalServiceKit

SignalServiceKit has moved to Signal-iOS. See README.md for details.
Objective-C
68
star
26

libwebrtc-android

Android WebRTC Packages
Java
60
star
27

Signal-Pods

Pods dependency tracker for Signal-iOS
C
57
star
28

signal-ringrtc-node

TypeScript
50
star
29

gcm-sender-async

Asynchronous Google Cloud Messaging (GCM) Library
Java
48
star
30

zkgroup

41
star
31

curve25519-dalek

Rust
37
star
32

SecureValueRecovery2

C++
37
star
33

libsignal-protocol-rust

Rust
37
star
34

Argon2

Java
36
star
35

Signal-Design

A place to archive design assets used by Signal.
35
star
36

SignalCoreKit

Swift
34
star
37

storage-service

Java
34
star
38

signal-webrtc-ios

Python
33
star
39

Signal-FTS5-Extension

A FTS5 extension for signal_tokenizer.
Rust
32
star
40

ContactDiscoveryService-Icelake

C
31
star
41

maven

27
star
42

libpastelog

Java
27
star
43

tus-server

An implementation of the TUS server protocol for resumable uploads
TypeScript
25
star
44

Mock-Signal-Server

TypeScript
24
star
45

registration-service

Registration Service for Signal
Java
23
star
46

dropwizard-simpleauth

Dropwizard library for simple @Auth annotations that support multiple types
Java
22
star
47

CLAServer

GitHub Integration for managing CLA signatures
Java
22
star
48

mio

Rust
20
star
49

AES-GCM-Provider

A BoringSSL-backed AES-GCM provider for Android with support for "incremental" encryption/decryption
Java
20
star
50

libaxolotl-j2me

Axolotl J2ME
Java
17
star
51

Signal-Art-Creator

Sticker Pack Creator Web App
TypeScript
17
star
52

signal-webrtc-ios-artifacts

Objective-C
17
star
53

SQLCipherVsSharedData

Demo Project to demonstrate a bug in SQLCipher
Objective-C
15
star
54

dropwizard-wavefront

Dropwizard Metrics Reporter For Wavefront
Java
14
star
55

sgx_common

Rust
14
star
56

emoji-search-index

Static assets used for to generate a search index for emoji within Signal.
12
star
57

Signal-Carthage

Objective-C
12
star
58

SignalMetadataKit

Swift
12
star
59

libmobilecoin-ios-artifacts

Swift
12
star
60

libsignal-client-node

11
star
61

redis-dispatch

Java
11
star
62

sqlcipher

C
11
star
63

libsignal-metadata-java

Java
11
star
64

mp4san

A Rust MP4 format sanitizer
Rust
10
star
65

poksho

9
star
66

AccountStream

Java
8
star
67

signal-zkgroup-node

TypeScript
8
star
68

s3-upload-maven-plugin

Maven plugin to upload files to s3
Java
7
star
69

jekyll-simple-i18n

Ruby
7
star
70

HsmEnclave

HSM-backed remote-attestable enclave.
C
5
star
71

sqlcipher-android

A light fork of https://github.com/sqlcipher/sqlcipher-android
C
5
star
72

storage-manager

Manage objects inside a cdn
TypeScript
5
star
73

libsignal-ffi

Rust
4
star
74

partial-default

Provides PartialDefault, a Rust trait similar to Default but with fewer guarantees
Rust
4
star
75

signal-zkgroup-swift

Swift
4
star
76

libsignal-protocol-swift

Swift
2
star
77

Signal-Message-Backup-Tests

Signal Message Backup shared client integration test cases
Rust
2
star
78

libmobilecoin-apple-artifacts

C
2
star
79

Signal-Sqlcipher-Extension

A sqlcipher extension for crypto provider.
Rust
1
star