I poc

i-poc/README.md

@@ -880,7 +880,7 @@ The tag iotex-demo-v1.3.0 from [veracruz repository](https://github.com/veracruz
 
 ### Hugepages on nitro nodes
 
-* Nitro nodes require higepages enabled in the kernel.
+* Nitro nodes require hugepages enabled in the kernel.
   * Create a file /etc/sysctl.d/99-hugepages.conf with the contents below. The example uses up to 2.2GB (2@MB pages * 1100 pages)
    ```
    vm.nr_hugepages=1100
@@ -925,38 +925,44 @@ The tag iotex-demo-v1.3.0 from [veracruz repository](https://github.com/veracruz
 
 ### Installing Veracruz services on k8s/k3s
 
-1. Clone the repository https://gitlab.com/arm-research/security/i-poc.git 
+1. Clone the repository https://github.com/veracruz-project/veracruz-examples.git
 1. Move to directory i-poc
 
    ```bash
    cd i-poc
    ```
 
-1. Copy file i-poc/main-k3s/config.vars.template to i-poc/i-poc/main-k3s/config.vars and update the values according to your installation
-1. If desired to create the container images locally, execute
+1. Copy file main-k3s/config.vars.template to main-k3s/config.vars and update the values according to your installation and run make
 
    ```bash
-   make images
+   make
    ```
-
-1. The following step create all the keys, certificates and update all the YAML files from the templates and loads them into k8s/k3s
 
-   ```bash
-   make k8s-all
-   ```
+1. Some optional steps:
 
-1. If more control is desired change to directory i-poc/main-k3s
+   1. If desired to create the container images locally, execute (this step is optional since the images are available on the ghcr.io
 
-   ```bash
-   make k8s-smarter-device-manager
-   make k8s-attestation-service
-   make k8s-vaas
-   make k8s-ccfaas
-   make k8s-iotex-s3-app
-   ```
-
-   there is also <entry>-check to verify if the services are running correctly
-
+      ```bash
+      make images
+      ```
+
+   1. The following step create all the keys, certificates and update all the YAML files from the templates and loads them into k8s/k3s
+
+      ```bash
+      make k8s-all
+      ```
+
+   1. If more control is desired change to directory i-poc/main-k3s
+
+      ```bash
+      make k8s-smarter-device-manager
+      make k8s-attestation-service
+      make k8s-vaas
+      make k8s-ccfaas
+      make k8s-iotex-s3-app
+      ```
+
+      there is also <entry>-check to verify if the services are running correctly
 
 #### Smarter-device-manager
 
@@ -1148,7 +1154,7 @@ Even at EKS a new updated configuration of smarter-device-manager need to be be
    replicaset.apps/ccfaas-server-app-XXXXXXXXXX     1         1         1       XX
    ```
 
-## Running applications on Veracruz
+## Running VOD (i-PoC wasm video decoder) on Veracruz
 
 The iotex-user-app directory on the repository will execute the I-PoC example end-to-end according the timeline described above
 
@@ -1168,18 +1174,6 @@ The iotex-user-app directory on the repository will execute the I-PoC example en
     * decryption IV path: path of where to put the decryption key on the enclave
     * S3 authentication>: set of "key=value" that contains the authentication to access the video in S3
 
-1. Edit the file iotex-user-app.sh to set the correct information of the S3 file and S3 authentication to use:
-
-   ```bash
-   export AWS_ACCESS_KEY_ID="<REPLACE WITH AWS_ACCESS_KEY_ID>"
-   export AWS_SECRET_ACCESS_KEY="<REPLACE WITH AWS_SECRET_ACCESS_KEY>"
-
-   S3_REGION="<REPLACE WITH S3 REGION>"
-   S3_BUCKET="<REPLACE WITH S3 BUCKET"
-   S3_FILE="<REPLACE WITH S3 FILE?"
-   ```
-   The script assumes that the file requires authentication to be accessed. All the AWS credentials and S3_REGION are optional and can be removed from the script including the entry on ./iotex-user-app.py line
-
 1. Registering the function in CCFaaS
 
   Two examples are available on [VOD](https://github.com/veracruz-project/video-object-detection.git). The difference between big and small is the size of the model, small being in 30MBs and big being around 300MBs.

i-poc/ccfaas-app/ccfaas-server.sh

@@ -9,6 +9,7 @@
 #
 # See the `LICENSE_MIT.markdown` file in the Veracruz I-PoC
 # example repository root directory for copyright and licensing information.
+#!/bin/bash
 
 export PROGRAM_LOAD_CERTIFICATE="$(cat $1)"
 export PROGRAM_LOAD_CERTIFICATE_FILE=$1

i-poc/ccfaas-app/load_program.sh

@@ -9,6 +9,7 @@
 #
 # See the `LICENSE_MIT.markdown` file in the Veracruz I-PoC
 # example repository root directory for copyright and licensing information.
+#!/bin/bash
 
 VERACRUZ_CLIENT=$(pwd)/veracruz-client
 
@@ -51,24 +52,15 @@ then
 	exit 1
 fi
 
-# Check server availability
-echo "Waiting for server..."
-VERACRUZ_SERVER_URL=$(cat ${POLICY} | grep veracruz_server_url | sed -e 's/^.*": //' -e 's/:/ /' -e 's/"//g')
-for i in $(seq 1 30); do
-	echo "\n" | nc $(echo "${VERACRUZ_SERVER_URL}" | cut -d " " -f 1) $(echo "${VERACRUZ_SERVER_URL}" | cut -d " " -f 2) -w 1 | grep "Bad Request" &>/dev/null && break
-	sleep 1
-done
-echo "Server is available"
-
 while [ $# -gt 0 ]
 do
-	PROGRAM_FILE_BASE64=$1
+	PROGRAM_FILE=$1
 
+        pushd ${PROGRAM_DIR} > /dev/null
 # 	echo "Executing: ${VERACRUZ_CLIENT} ${POLICY} -p ${PROGRAM_FILE} --identity ${CERTIFICATE} --key ${KEY}" >> /tmp/log.txt
-
-    PROGRAM_FILE=$(echo -n "${PROGRAM_FILE_BASE64}" | base64 -d)
-	OUTPUT=$(${VERACRUZ_CLIENT} ${POLICY} --program "${PROGRAM_FILE}=${PROGRAM_DIR}/${PROGRAM_FILE_BASE64}" --identity "${CERTIFICATE}" --key "${KEY}" 2>&1)
+	OUTPUT=$(${VERACRUZ_CLIENT} ${POLICY} -p "${PROGRAM_FILE}" --identity "${CERTIFICATE}" --key "${KEY}" 2>&1)
 	RESULT_CODE=$?
+	popd > /dev/null
 	echo "${OUTPUT}"
 
 	NOK=$(echo "${OUTPUT}" | grep "Error")

i-poc/iotex-s3-app/iotex-s3-app.sh

@@ -9,6 +9,7 @@
 #
 # See the `LICENSE_MIT.markdown` file in the Veracruz I-PoC
 # example repository root directory for copyright and licensing information.
+#!/bin/bash
 
 export FLASK_APP=iotex-s3-app
 flask run --host=0.0.0.0

i-poc/iotex-user-app/execute_program.sh

@@ -9,6 +9,7 @@
 #
 # See the `LICENSE_MIT.markdown` file in the Veracruz I-PoC
 # example repository root directory for copyright and licensing information.
+#!/bin/bash
 
 # echo "$0 $*" > /tmp/log.txt
 
@@ -24,9 +25,9 @@ function check_if_file_exists() {
 
 VERACRUZ_CLIENT=$(pwd)/veracruz-client
 
-if [ $# -lt 6 ]
+if [ $# -lt 5 ]
 then
-	echo "$0: <policy> <certificate file out> <key file out> <output file veracruz> <output file name> <program> <decryption key path> <decryption IV path>"
+	echo "$0: <policy> <certificate file out> <key file out> <output file veracruz> <output file name>"
 	exit 1
 fi
 
@@ -35,14 +36,13 @@ CERTIFICATE_OUT=$2
 KEY_OUT=$3
 OUTPUT_VERACRUZ=$4
 OUTPUT_FILE_NAME=$5
-PROGRAM=$6
-DECRYPTION_KEY_PATH=$7
-DECRYPTION_IV_PATH=$8
 
 check_if_file_exists "${POLICY}" "Policy"
 check_if_file_exists "${CERTIFICATE_OUT}" "Certificate_out"
 check_if_file_exists "${KEY_OUT}" "Key_out"
 
+openssl rsa -in "${KEY_OUT}" -out "${KEY_OUT}.RSA.pem"
+
 VERACRUZ_URL=$(grep veracruz_server_url "${POLICY}" | sed -e 's/^[^:]*: *\"//' -e 's/".*//')
 VERACRUZ_HOST=$(echo "${VERACRUZ_URL}" | cut -d ":" -f 1)
 VERACRUZ_PORT=$(echo "${VERACRUZ_URL}" | cut -d ":" -f 2)
@@ -70,20 +70,9 @@ then
 	exit 1
 fi
 
-# Provision decryption keying material
-echo ${VERACRUZ_CLIENT} ${POLICY} --data /user_input/key=${DECRYPTION_KEY_PATH} --data /user_input/iv=${DECRYPTION_IV_PATH} --identity ${CERTIFICATE_OUT} --key ${KEY_OUT}
-OUTPUT=$(${VERACRUZ_CLIENT} "${POLICY}" --data /user_input/key=${DECRYPTION_KEY_PATH} --data /user_input/iv=${DECRYPTION_IV_PATH} --identity "${CERTIFICATE_OUT}" --key "${KEY_OUT}" 2>&1)
-
-# Request computation
-echo ${VERACRUZ_CLIENT} ${POLICY} --compute ${PROGRAM} --identity ${CERTIFICATE_OUT} --key ${KEY_OUT}
-OUTPUT=$(${VERACRUZ_CLIENT} "${POLICY}" --compute ${PROGRAM} --identity "${CERTIFICATE_OUT}" --key "${KEY_OUT}" 2>&1)
-
-# Request results
-echo ${VERACRUZ_CLIENT} ${POLICY} --result stdout=- --result stderr=- --result "${OUTPUT_VERACRUZ}=${OUTPUT_FILE_NAME}" --identity ${CERTIFICATE_OUT} --key ${KEY_OUT}
-OUTPUT=$(${VERACRUZ_CLIENT} "${POLICY}" --result stdout=- --result stderr=- --result "${OUTPUT_VERACRUZ}=${OUTPUT_FILE_NAME}" --identity "${CERTIFICATE_OUT}" --key "${KEY_OUT}" 2>&1)
-
+echo ${VERACRUZ_CLIENT} ${POLICY} --results "${OUTPUT_VERACRUZ}=${OUTPUT_FILE_NAME}" --identity ${CERTIFICATE_OUT} --key ${KEY_OUT}
+OUTPUT=$(${VERACRUZ_CLIENT} "${POLICY}" --results "${OUTPUT_VERACRUZ}=${OUTPUT_FILE_NAME}" --identity "${CERTIFICATE_OUT}" --key "${KEY_OUT}.RSA.pem" 2>&1)
 echo "${OUTPUT}"
-
 NOK=$(echo "${OUTPUT}" | grep "Error")
 if [ ! -z "${NOK}" ]
 then