Lib.rs

Hardware support
#attestation #tls #clique #generate #sgx #tee #rustls

nightly clique-sibyl-commonlib

Clique Sibyl Common Library, for generating and verifying TEE attestation (Intel SGX, Intel TDX) and providing customized TLS verification with TEE attestation

Owned by clique-crates.

7 stable releases

new 2.5.2 Mar 13, 2025
2.5.0 Mar 6, 2025
2.3.4 Dec 5, 2024
2.3.2 Oct 28, 2024

#626 in Hardware support

Download history 19/week @ 2024-11-20 10/week @ 2024-11-27 296/week @ 2024-12-04 50/week @ 2024-12-11 5/week @ 2024-12-18 4/week @ 2025-01-08 3/week @ 2025-02-05 16/week @ 2025-02-12 14/week @ 2025-02-26 263/week @ 2025-03-05

293 downloads per month
Used in 2 crates (via clique-client-sdk)

Apache-2.0

240KB
2.5K SLoC

clique-sibyl-commonlib

Usage

[dependencies]
clique-sibyl-commonlib = { git = "https://github.com/CliqueOfficial/clique-sibyl-commonlib.git", tag = "v2.5.1" }

Features

Supports four features: rustls-0_20, rustls-0_21, rustls-0_22, rustls-0_23 and wasm. If you need to enable rustls, specify the corresponding feature based on the version of rustls you intend to use.

Currently, only rustls-0_23 is supported fully. rustls-0_20, rustls-0_21, rustls-0_22 are supported partially. Hence, we recommend using rustls-0_23 if you need to use rustls.

# use rustls-0_23
[dependencies]
clique-sibyl-commonlib = { git = "https://github.com/CliqueOfficial/clique-sibyl-commonlib.git", tag = "v2.5.1", features = "rustls-0_23" }

TLS Config

Support creating TLS config for both client and server.

You can use TLS config without client authentication. Or you can use TLS config with client authentication (also known as "mutual TLS" / "mTLS").

This TLS config can help you to verify the attestation in the certificate during TLS handshake.

And you can find examples in ./tests/actix, ./gramine-examples/actix-example, ./gramine-examples/axum-example to see how to integrate this crate with server and client.

Attestation Verifier

You can use clique_sibyl_commonlib::attestation::verify_attestation to verify the attestation.

WASM

Install WASM toolchains:

cargo install wasm-bindgen-cli
rustup target add wasm32-unknown-unknown

Build WASM:

cargo build --target wasm32-unknown-unknown --release --features wasm

# For Node.js CommonJS module
wasm-bindgen target/wasm32-unknown-unknown/release/clique_sibyl_commonlib.wasm --out-dir ./wasm/pkg-node --target nodejs

# For web
wasm-bindgen target/wasm32-unknown-unknown/release/clique_sibyl_commonlib.wasm --out-dir ./wasm/pkg-web --target web

# For Node.js ESM module
wasm-bindgen target/wasm32-unknown-unknown/release/clique_sibyl_commonlib.wasm --out-dir ./wasm/pkg-node-esm --target experimental-nodejs-module

Install node.js:

sudo apt update
sudo apt install nodejs
sudo apt install npm

Test WASM for node.js:

cd wasm/wasm-node-test
node index.js

Tests

cargo t
cargo t actix -- --nocapture
cargo t actix --features "rustls-0_23" -- --nocapture

Examples

You can explore examples located in ./tests/actix, ./gramine-examples/actix-example, ./gramine-examples/axum-example to see how to integrate this crate with Actix server / client, and Axum server / client.

Dependencies

~13–25MB
~371K SLoC