Skip to content

Commit

Permalink
runtime-manager-linux: fixed compile issues on Nitro
Browse files Browse the repository at this point in the history
  • Loading branch information
@dominic-mulligan-arm
dominic-mulligan-arm committed Oct 15, 2021
1 parent cd0943c commit 902bc28
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 29 deletions.
15 changes: 10 additions & 5 deletions runtime-manager/src/managers/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,17 @@
use err_derive::Error;
#[cfg(feature = "nitro")]
use nix;
#[cfg(feature = "linux")]
use std::io::Error as IOError;
#[cfg(any(feature = "tz", feature = "linux", feature = "nitro"))]
use std::sync::PoisonError;
#[cfg(feature = "linux")]
use std::io::{Error as IOError};
#[cfg(feature = "sgx")]
use std::sync::PoisonError;

use veracruz_utils::csr::CertError;

#[cfg(feature = "nitro")]
use veracruz_utils::{platform::nitro::nitro::NitroRootEnclaveMessage, io::error::SocketError};
use veracruz_utils::{io::error::SocketError, platform::nitro::nitro::NitroRootEnclaveMessage};

#[derive(Debug, Error)]
pub enum RuntimeManagerError {
Expand Down Expand Up @@ -67,7 +67,7 @@ pub enum RuntimeManagerError {
SocketError(nix::Error),
#[cfg(feature = "nitro")]
#[error(display = "RuntimeManager: Veracruz Socket error: {:?}", _0)]
VeracruzSocketError(VeracruzSocketError),
VeracruzSocketError(SocketError),
#[cfg(any(feature = "linux", feature = "nitro"))]
#[error(display = "RuntimeManager: Bincode error: {:?}", _0)]
BincodeError(bincode::Error),
Expand All @@ -80,7 +80,12 @@ pub enum RuntimeManagerError {
#[cfg(feature = "nitro")]
#[error(display = "RuntimeManager: wrong message type received: {:?}", _0)]
WrongMessageTypeError(NitroRootEnclaveMessage),
#[error(display = "RuntimeManager: Data wrong size for field {:?}. Wanted:{:?}, got:{:?}", _0, _1, _2)]
#[error(
display = "RuntimeManager: Data wrong size for field {:?}. Wanted:{:?}, got:{:?}",
_0,
_1,
_2
)]
DataWrongSizeForField(std::string::String, usize, usize),
#[error(display = "RuntimeManager: RingKeyRejected error:{:?}", _0)]
RingKeyRejected(ring::error::KeyRejected),
Expand Down
63 changes: 39 additions & 24 deletions runtime-manager/src/runtime_manager_nitro.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,12 @@ use nsm_io;
use nsm_lib;
use std::os::unix::io::AsRawFd;
use veracruz_utils::{
io::raw_fd::{receive_buffer, send_buffer}, io::vsocket, platform::nitro::nitro::{NitroRootEnclaveMessage, NitroStatus, RuntimeManagerMessage},
io::raw_fd::{receive_buffer, send_buffer},
io::vsocket,
platform::{
nitro::nitro::{NitroRootEnclaveMessage, RuntimeManagerMessage},
vm::VMStatus,
},
};

use crate::managers;
Expand Down Expand Up @@ -69,40 +74,44 @@ pub fn nitro_main() -> Result<(), RuntimeManagerError> {
let received_message: RuntimeManagerMessage = bincode::deserialize(&received_buffer)
.map_err(|err| RuntimeManagerError::BincodeError(err))?;
let return_message = match received_message {
RuntimeManagerMessage::Attestation(challenge, challenge_id) => attestation(&challenge, challenge_id)?,
RuntimeManagerMessage::Initialize(policy_json, certificate_chain) => initialize(&policy_json, &certificate_chain)?,
RuntimeManagerMessage::Attestation(challenge, challenge_id) => {
attestation(&challenge, challenge_id)?
}
RuntimeManagerMessage::Initialize(policy_json, certificate_chain) => {
initialize(&policy_json, &certificate_chain)?
}
RuntimeManagerMessage::NewTLSSession => {
println!("runtime_manager_nitro::main NewTLSSession");
let ns_result = managers::session_manager::new_session();
let return_message: RuntimeManagerMessage = match ns_result {
Ok(session_id) => RuntimeManagerMessage::TLSSession(session_id),
Err(_) => RuntimeManagerMessage::Status(NitroStatus::Fail),
Err(_) => RuntimeManagerMessage::Status(VMStatus::Fail),
};
return_message
}
RuntimeManagerMessage::CloseTLSSession(session_id) => {
println!("runtime_manager_nitro::main CloseTLSSession");
let cs_result = managers::session_manager::close_session(session_id);
let return_message: RuntimeManagerMessage = match cs_result {
Ok(_) => RuntimeManagerMessage::Status(NitroStatus::Success),
Err(_) => RuntimeManagerMessage::Status(NitroStatus::Fail),
Ok(_) => RuntimeManagerMessage::Status(VMStatus::Success),
Err(_) => RuntimeManagerMessage::Status(VMStatus::Fail),
};
return_message
}
RuntimeManagerMessage::GetTLSDataNeeded(session_id) => {
println!("runtime_manager_nitro::main GetTLSDataNeeded");
let return_message = match managers::session_manager::get_data_needed(session_id) {
Ok(needed) => RuntimeManagerMessage::TLSDataNeeded(needed),
Err(_) => RuntimeManagerMessage::Status(NitroStatus::Fail),
Err(_) => RuntimeManagerMessage::Status(VMStatus::Fail),
};
return_message
}
RuntimeManagerMessage::SendTLSData(session_id, tls_data) => {
println!("runtime_manager_nitro::main SendTLSData");
let return_message =
match managers::session_manager::send_data(session_id, &tls_data) {
Ok(_) => RuntimeManagerMessage::Status(NitroStatus::Success),
Err(_) => RuntimeManagerMessage::Status(NitroStatus::Fail),
Ok(_) => RuntimeManagerMessage::Status(VMStatus::Success),
Err(_) => RuntimeManagerMessage::Status(VMStatus::Fail),
};
return_message
}
Expand All @@ -112,18 +121,18 @@ pub fn nitro_main() -> Result<(), RuntimeManagerError> {
Ok((active, output_data)) => {
RuntimeManagerMessage::TLSData(output_data, active)
}
Err(_) => RuntimeManagerMessage::Status(NitroStatus::Fail),
Err(_) => RuntimeManagerMessage::Status(VMStatus::Fail),
};
return_message
}
RuntimeManagerMessage::ResetEnclave => {
// Do nothing here for now
println!("runtime_manager_nitro::main ResetEnclave");
RuntimeManagerMessage::Status(NitroStatus::Success)
RuntimeManagerMessage::Status(VMStatus::Success)
}
_ => {
println!("runtime_manager_nitro::main Unknown Opcode");
RuntimeManagerMessage::Status(NitroStatus::Unimplemented)
RuntimeManagerMessage::Status(VMStatus::Unimplemented)
}
};
let return_buffer = bincode::serialize(&return_message)
Expand All @@ -137,7 +146,10 @@ pub fn nitro_main() -> Result<(), RuntimeManagerError> {
}
}

fn attestation(challenge: &[u8], challenge_id: i32) -> Result<RuntimeManagerMessage, RuntimeManagerError> {
fn attestation(
challenge: &[u8],
challenge_id: i32,
) -> Result<RuntimeManagerMessage, RuntimeManagerError> {
println!("runtime_manager_nitro::attestation started");
managers::session_manager::init_session_manager()?;
// generate the csr
Expand All @@ -152,15 +164,15 @@ fn attestation(challenge: &[u8], challenge_id: i32) -> Result<RuntimeManagerMess
}
let status = unsafe {
nsm_lib::nsm_get_attestation_doc(
nsm_fd, //fd
csr.as_ptr() as *const u8, // user_data
csr.len() as u32, // user_data_len
challenge.as_ptr(), // nonce_data
challenge.len() as u32, // nonce_len
std::ptr::null() as *const u8, // pub_key_data
0 as u32, // pub_key_len
buffer.as_mut_ptr(), // att_doc_data
&mut buffer_len, // att_doc_len
nsm_fd, //fd
csr.as_ptr() as *const u8, // user_data
csr.len() as u32, // user_data_len
challenge.as_ptr(), // nonce_data
challenge.len() as u32, // nonce_len
std::ptr::null() as *const u8, // pub_key_data
0 as u32, // pub_key_len
buffer.as_mut_ptr(), // att_doc_data
&mut buffer_len, // att_doc_len
)
};
match status {
Expand All @@ -177,10 +189,13 @@ fn attestation(challenge: &[u8], challenge_id: i32) -> Result<RuntimeManagerMess
}

/// Handler for the RuntimeManagerMessage::Initialize message
fn initialize(policy_json: &str, cert_chain: &Vec<Vec<u8>>) -> Result<RuntimeManagerMessage, RuntimeManagerError> {
fn initialize(
policy_json: &str,
cert_chain: &Vec<Vec<u8>>,
) -> Result<RuntimeManagerMessage, RuntimeManagerError> {
managers::session_manager::load_policy(policy_json)?;
println!("runtime_manager_nitro::initialize started");
managers::session_manager::load_cert_chain(cert_chain)?;

return Ok(RuntimeManagerMessage::Status(NitroStatus::Success));
return Ok(RuntimeManagerMessage::Status(VMStatus::Success));
}

0 comments on commit 902bc28

Please sign in to comment.