Module blindai.core

Connect to a BlindAi server.

Args

addr : str

The address of BlindAI server you want to connect to. It can be a domain (such as "example.com" or "localhost") or an IP

unattested_server_port : int, optional

The unattested server port number. Defaults to 9923.

attested_server_port : int, optional

The attested server port number. Defaults to 9924.

model_management_port : int, optional

The model management port. Needs to be specified if the server only accepts model upload/deletion locally. Defaults to 9924.

hazmat_manifest_path : Optional[pathlib.Path], optional

Path to the Manifest.toml which describes which enclave are to be accepted. Defaults to the built-in Manifest.toml provided by Mithril Security as part of the Python package. You can override the default by providing a path to your own Manifest.toml Caution: Changing the manifest can impact the security of the solution.

hazmat_http_on_unattested_port : bool, optional

If set to True, the client will request the attestation elements of the server using a plain HTTP connection instead of a more secure HTTPS connection. Defaults to False. Caution: This parameter should never be set to True in production. Using a HTTPS connection is critical to get a graceful degradation in case of a failure of the Intel SGX attestation.

simulation_mode : bool, optional

If set to True, BlindAI will work in simulation mode. Caution: In simulation, BlindAI does not provide any security since there is no SGX enclave. This mode SHOULD NEVER be enabled in production. Defaults to False (production mode)

Raises: requests.exceptions.RequestException: If a network or server error occurs ValueError: raised when inputs sanity checks fail IdentityError: raised when the enclave signature does not match the enclave signature expected in the manifest EnclaveHeldDataError: raised when the expected enclave held data does not match the one in the quote QuoteValidationError: raised when the returned quote is invalid (TCB outdated, not signed by the hardware provider…). AttestationError: raised when the attestation is not valid (enclave settings mismatching, debug mode unallowed…)

Returns

BlindAiConnection

An object representing an active connection to a BlindAi server

This exception is raised when the attestation is invalid (enclave settings mismatching, debug mode unallowed…).

Used as master exception for all other sub exceptions on the attestation validation

This exception is raised when the enclave held data expected does not match the one in the quote.

The expected enclave held data in BlindAI is an SHA-256 hash of the enclave certificate to avoid man-in-the-middle attacks

Args

expected_hash : str

Enclave held data hash expected

got_hash : str

Enclave held data hash obtained from the quote's report

This exception is raised when the enclave code digest (MRENCLAVE is SGX terminology) does not match the digest provided in the manifest

Args

expected_hash : str

hash from manifest

got_hash : str

hash obtained from the quote's report

An enumeration.

This exception is raised when the returned quote is invalid (TCB outdated, not signed by the hardware provider…).

Used as master exception for all other sub exceptions on the quote validation

RunModelResponse(output: List[blindai.client.Tensor])

Tensor class to convert serialized tensors into convenients objects.

UploadResponse(model_id: str, hash: bytes)