Merge pull request #116 from dominic-mulligan-arm/runtime-manager-linux

Ported Veracruz to Linux

.github/workflows/main.yml

@@ -14,10 +14,10 @@ on:
 jobs:
   check-repo-and-compile-sdk:
     runs-on: ubuntu-latest
-    container: 
+    container:
       image: ghcr.io/veracruz-project/veracruz/veracruz:ci
-      volumes: 
-        - ${{ github.workspace }}:/work/veracruz 
+      volumes:
+        - ${{ github.workspace }}:/work/veracruz
 
     steps:
 
@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           submodules: recursive
-      
+
       # Compile all examples and data sources in the sdk
       - name: Compile SDK
         id: sdk
@@ -46,19 +46,19 @@ jobs:
         uses: actions/upload-artifact@v2
         with:
           name: veracruz.tar
-          path: /veracruz.tar 
+          path: /veracruz.tar
           if-no-files-found: error
 
   sgx:
     runs-on: ubuntu-latest
-    container: 
+    container:
       image: ghcr.io/veracruz-project/veracruz/veracruz:ci
-      volumes: 
-        - ${{ github.workspace }}:/work/veracruz 
+      volumes:
+        - ${{ github.workspace }}:/work/veracruz
     needs: [check-repo-and-compile-sdk]
 
     steps:
-        
+
       # Download the artifact containing repo and sdk artifact, using the action from github
       - name: Download veracruz cache artifact
         uses: actions/download-artifact@v2
@@ -73,7 +73,7 @@ jobs:
             mkdir -p /work/veracruz
             tar -C /work/veracruz -xvf veracruz.tar
             rm veracruz.tar
-      
+
       # Run the sgx test
       - name: Running sgx test script
         id: sgx-test
@@ -83,16 +83,17 @@ jobs:
             make sgx-veracruz-server-test-dry-run
             make sgx-veracruz-test-dry-run
             make sgx-veracruz-client-test
+
   tz:
     runs-on: ubuntu-latest
-    container: 
+    container:
       image: ghcr.io/veracruz-project/veracruz/veracruz:ci
-      volumes: 
-        - ${{ github.workspace }}:/work/veracruz 
+      volumes:
+        - ${{ github.workspace }}:/work/veracruz
     needs: [check-repo-and-compile-sdk]
 
     steps:
-        
+
       # Download the artifact containing repo and sdk artifact, using the action from github
       - name: Download veracruz cache artifact
         uses: actions/download-artifact@v2
@@ -107,7 +108,7 @@ jobs:
             mkdir -p /work/veracruz
             tar -C /work/veracruz -xvf veracruz.tar
             rm veracruz.tar
-      
+
       - name: Running trustzone test script
         id: tz-test
         run: |
@@ -119,6 +120,39 @@ jobs:
             make trustzone-veracruz-test
             make trustzone-veracruz-client-test
 
+  linux:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/veracruz-project/veracruz/veracruz:ci
+      volumes:
+        - ${{ github.workspace }}:/work/veracruz
+    needs: [check-repo-and-compile-sdk]
+    steps:
+      # Download the artifact containing repo and sdk artifact, using the action from github
+      - name: Download veracruz cache artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: veracruz.tar
+          path: /
+      # Unpack
+      - name: Unpack veracruz cache artifact
+        id: tz-unpack
+        run: |
+            cd /
+            mkdir -p /work/veracruz
+            mv veracruz.tar /work/veracruz
+            cd /work/veracruz
+            tar -xvf veracruz.tar
+            rm veracruz.tar
+      - name: Running linux test script
+        id: linux-test
+        run: |
+            cd /work/veracruz
+            make linux
+            make linux-veracruz-server-test
+            make linux-veracruz-test
+            make linux-veracruz-client-test
+
   icecap:
     runs-on: ubuntu-latest
     container:
@@ -132,3 +166,7 @@ jobs:
           submodules: recursive
       - name: Build and test Veracruz on IceCap
         run: bash /work/veracruz/icecap/ci/run.sh
+
+
+
+

Makefile

@@ -8,10 +8,9 @@
 #
 # See the `LICENSE_MIT.markdown` file in the Veracruz root directory for licensing
 # and copyright information.
-
-.PHONY: all sdk setup-githooks sgx-veracruz-client-test trustzone-veracruz-client-test nitro-veracruz-client-test sgx trustzone sgx-veracruz-server-test sgx-veracruz-server-performance sgx-veracruz-test sgx-psa-attestation tz-psa-attestationtrustzone-veracruz-server-test-setting  trustzone-veracruz-test-setting trustzone-env sgx-env trustzone-test-env clean clean-cargo-lock fmt 
 
-
+.PHONY: all sdk setup-githooks sgx-veracruz-client-test trustzone-veracruz-client-test nitro-veracruz-client-test sgx trustzone sgx-veracruz-server-test sgx-veracruz-server-performance sgx-veracruz-test sgx-psa-attestation tz-psa-attestationtrustzone-veracruz-server-test-setting trustzone-veracruz-test-setting trustzone-env sgx-env trustzone-test-env clean clean-cargo-lock fmt linux linux-veracruz-server-test linux-veracruz-server-test-dry-run linux-test-collateral linux-veracruz-client-test linux-veracruz-test-dry-run linux-veracruz-test linux-cli
+
 WARNING_COLOR := "\e[1;33m"
 INFO_COLOR := "\e[1;32m"
 RESET_COLOR := "\e[0m"
@@ -22,6 +21,7 @@ OPENSSL_INCLUDE_DIR ?= /usr/include/aarch64-linux-gnu
 OPENSSL_LIB_DIR ?= /usr/lib/aarch64-linux-gnu
 TRUSTZONE_C_INCLUDE_PATH ?= /usr/include/aarch64-linux-gnu:/usr/include
 NITRO_RUST_FLAG ?= ""
+LINUX_RUST_FLAG ?= ""
 BIN_DIR ?= /usr/local/cargo/bin
 
 all:
@@ -42,6 +42,9 @@ sgx-test-collateral:
 trustzone-test-collateral:
 	TEE=tz $(MAKE) -C test-collateral
 
+linux-test-collateral:
+	TEE=linux $(MAKE) -C test-collateral
+
 # Test veracruz-client for sgx, due to the use of a mocked server with a fixed port, these tests must run in a single thread
 sgx-veracruz-client-test: sgx sgx-test-collateral 
 	cd veracruz-client && RUSTFLAGS=$(SGX_RUST_FLAG) cargo test --lib --features "mock sgx" -- --test-threads=1
@@ -53,6 +56,9 @@ trustzone-veracruz-client-test: trustzone trustzone-test-collateral
 nitro-veracruz-client-test: nitro nitro-test-collateral
 	cd veracruz-client && cargo test --lib --features "mock" -- --test-threads=1
 
+linux-veracruz-client-test: linux linux-test-collateral
+	cd veracruz-client && cargo test --lib --features "mock linux" -- --test-threads=1
+
 nitro-test-collateral:
 	TEE=nitro $(MAKE) -C test-collateral
 # Compile for sgx
@@ -108,7 +114,7 @@ trustzone-cli: trustzone-env
 		OPENSSL_INCLUDE_DIR=$(OPENSSL_INCLUDE_DIR) \
 		OPENSSL_LIB_DIR=$(OPENSSL_LIB_DIR) \
 		C_INCLUDE_PATH=$(TRUSTZONE_C_INCLUDE_PATH) \
-		cargo build --target aarch64-unknown-linux-gnu --features psa --features cli
+		cargo build --target aarch64-unknown-linux-gnu --features tz --features cli
 	cd veracruz-server && \
 		CC_aarch64_unknown_linux_gnu=$(AARCH64_GCC) \
 		OPENSSL_INCLUDE_DIR=$(OPENSSL_INCLUDE_DIR) \
@@ -153,6 +159,20 @@ veracruz-test/proxy-attestation-server.db: $(wildcard sgx-root-enclave/css.bin)
 veracruz-server-test/proxy-attestation-server.db: $(wildcard sgx-root-enclave/css.bin)
 	cd veracruz-server-test && \
 		bash ../test-collateral/populate-test-database.sh
+linux: sdk
+	pwd
+	RUSTFLAGS=$(LINUX_RUST_FLAG) $(MAKE) -C runtime-manager linux
+	RUSTFLAGS=$(LINUX_RUST_FLAG) $(MAKE) -C linux-root-enclave linux
+
+linux-cli:
+	# build CLIs in top-level crates
+	cd proxy-attestation-server && RUSTFLAGS=$(LINUX_RUST_FLAG) cargo build --features linux --features cli
+	cd veracruz-server && RUSTFLAGS=$(LINUX_RUST_FLAG) cargo build --features linux --features cli
+	cd veracruz-client && RUSTFLAGS=$(LINUX_RUST_FLAG) cargo build --features linux --features cli
+	# build CLIs in the SDK/test-collateral
+	$(MAKE) -C sdk/freestanding-execution-engine
+	$(MAKE) -C sdk/wasm-checker
+	$(MAKE) -C test-collateral/generate-policy
 
 sgx-veracruz-server-test: sgx sgx-test-collateral veracruz-server-test/proxy-attestation-server.db
 	cd veracruz-server-test \
@@ -209,6 +229,15 @@ nitro-veracruz-server-test: nitro nitro-test-collateral veracruz-server-test/pro
 	cd veracruz-server-test \
 		&& ./nitro-terminate.sh
 
+linux-veracruz-server-test-dry-run: linux linux-test-collateral
+	cd veracruz-server-test \
+		&& RUSTFLAGS=$(LINUX_RUST_FLAG) cargo test --features linux --no-run -- --nocapture
+
+linux-veracruz-server-test: linux linux-test-collateral veracruz-server-test/proxy-attestation-server.db
+	cd veracruz-server-test \
+		&& RUSTFLAGS=$(LINUX_RUST_FLAG) cargo test --features linux -- --test-threads=1 --nocapture \
+		&& RUSTFLAGS=$(LINUX_RUST_FLAG) cargo test test_debug --features linux  -- --ignored --test-threads=1
+
 nitro-veracruz-server-test-dry-run: nitro nitro-test-collateral
 	cd veracruz-server-test \
 		&& RUSTFLAGS=$(NITRO_RUST_FLAG) cargo test --features sgx --no-run
@@ -236,6 +265,14 @@ nitro-veracruz-test: nitro nitro-test-collateral veracruz-test/proxy-attestation
 nitro-psa-attestation:
 	cd psa-attestation && cargo build --features nitro
 
+linux-veracruz-test-dry-run: linux-test-collateral
+	cd veracruz-test \
+		&& RUSTFLAGS=$(LINUX_RUST_FLAG) cargo test --features linux --no-run
+
+linux-veracruz-test: linux-test-collateral linux veracruz-test/proxy-attestation-server.db
+	cd veracruz-test \
+		&& RUSTFLAGS=$(LINUX_RUST_FLAG) cargo test --features linux -- --test-threads=1
+
 trustzone-env:
 	unset CC
 	rustup target add aarch64-unknown-linux-gnu arm-unknown-linux-gnueabihf
@@ -257,14 +294,15 @@ clean:
 	cd proxy-attestation-server && cargo clean
 	cd session-manager && cargo clean
 	cd veracruz-utils && cargo clean
+	cd veracruz-server && cargo clean
 	cd veracruz-server-test && cargo clean
 	cd veracruz-test && cargo clean && rm -f proxy-attestation-server.db
 	$(MAKE) clean -C runtime-manager
 	$(MAKE) clean -C sgx-root-enclave
-	$(MAKE) clean -C veracruz-server
 	$(MAKE) clean -C test-collateral 
 	$(MAKE) clean -C trustzone-root-enclave
 	$(MAKE) clean -C sdk
+	$(MAKE) clean -C linux-root-enclave
 	rm -rf bin
 
 # NOTE: this target deletes ALL cargo.lock.
@@ -304,4 +342,5 @@ fmt:
 	cd veracruz-utils && cargo fmt
 	cd trustzone-root-enclave && cargo fmt
 	cd proxy-attestation-server && cargo fmt
+	cd linux-root-enclave && cargo fmt
 	$(MAKE) -C sdk fmt

io-utils/Cargo.toml

@@ -6,12 +6,22 @@ edition = "2018"
 description = "Common IO-related code used by multiple Veracruz components."
 
 [features]
-nitro = ["serde_json/std", "nix", "byteorder"]
+sgx = ["base64/std"]
+linux = ["bincode", "byteorder", "base64/std"]
+icecap = ["serde/derive", "base64/std"]
+nitro = ["serde_json/std", "base64/std", "nix", "byteorder"]
+tz = ["base64/std"]
 
 [dependencies]
-sgx_tstd = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true }
+bincode = { git= "https://github.com/veracruz-project/bincode.git", branch= "veracruz", default-features = false, optional = true }
 serde = { git = "https://github.com/veracruz-project/serde.git", features=["derive"], branch = "veracruz" }
 serde_json = { git = "https://github.com/veracruz-project/json.git", branch = "veracruz", default-features = false }
 err-derive = "0.2"
 nix = { version = "0.15", optional = true }
 byteorder = { version = "1.3", optional = true }
+log = "=0.4.13"
+curl = "=0.4.35"
+stringreader = "0.1"
+transport-protocol = { path = "../transport-protocol" }
+base64 = { version = "0.13.0", default-features = false, optional = true }
+

io-utils/src/error.rs

@@ -9,7 +9,11 @@
 //! See the `LICENSE_MIT.markdown` file in the Veracruz root directory for
 //! information on licensing and copyright.
 
+#[cfg(feature = "linux")]
+use bincode::Error as BincodeError;
 use err_derive::Error;
+#[cfg(feature = "linux")]
+use std::io::Error as IOError;
 
 ////////////////////////////////////////////////////////////////////////////////
 // Socket-related error types.
@@ -18,7 +22,19 @@ use err_derive::Error;
 /// a enumerated type for Veracruz-specific io errors
 #[derive(Debug, Error)]
 pub enum SocketError {
-    /// An error was returned by nix
+    /// A Bincode-related (de)serialization error occurred.
+    #[cfg(feature = "linux")]
+    #[error(
+        display = "SocketError: a Bincode serialization error occurred: {:?}",
+        _0
+    )]
+    BincodeError(BincodeError),
+    /// An IO error occurred when writing to e.g. an FD.
+    #[cfg(feature = "linux")]
+    #[error(display = "SocketError: an IO error occurred: {:?}.", _0)]
+    IOError(IOError),
+    /// An error was returned by the Unix libraries.
+    #[cfg(feature = "nitro")]
     #[error(display = "SocketError: a Unix error occurred: {:?}", _0)]
     NixError(#[error(source)] nix::Error),
 }

io-utils/src/fd.rs

@@ -0,0 +1,76 @@
+//! Common file descriptor-related material
+//!
+//! # Authors
+//!
+//! The Veracruz Development Team.
+//!
+//! # Copyright and licensing
+//!
+//! See the `LICENSE.markdown` file in the Veracruz root directory for copyright
+//! and licensing information.
+
+use byteorder::{ByteOrder, LittleEndian};
+
+/// Sends a `buffer` of data (by first transmitting an encoded length followed by
+/// the data proper) to the file descriptor `fd`.
+pub fn send_buffer<T>(mut fd: T, buffer: &[u8]) -> Result<(), std::io::Error>
+where
+    T: std::io::Write,
+{
+    let len = buffer.len();
+
+    // 1: Encode the data length and send it.
+    {
+        let mut buff = [0u8; 9];
+        LittleEndian::write_u64(&mut buff, len as u64);
+
+        let mut sent_bytes = 0;
+
+        while sent_bytes < 9 {
+            sent_bytes += fd.write(&buff[sent_bytes..9])?;
+        }
+    }
+
+    // 2. Send the data proper.
+    {
+        let mut sent_bytes = 0;
+
+        while sent_bytes < len {
+            sent_bytes += fd.write(&buffer[sent_bytes..len])?;
+        }
+    }
+
+    Ok(())
+}
+
+/// Reads a buffer of data from a file descriptor `fd` by first reading a length
+/// of data, followed by the data proper.
+pub fn receive_buffer<T>(mut fd: T) -> Result<Vec<u8>, std::io::Error>
+where
+    T: std::io::Read,
+{
+    // 1. First read and decode the length of the data proper.
+    let length = {
+        let mut buff = [0u8; 9];
+        let mut received_bytes = 0;
+
+        while received_bytes < 9 {
+            received_bytes += fd.read(&mut buff[received_bytes..9])?;
+        }
+
+        LittleEndian::read_u64(&buff) as usize
+    };
+
+    // 2. Next, read the data proper.
+    let mut buffer = vec![0u8; length];
+
+    {
+        let mut received_bytes = 0;
+
+        while received_bytes < length {
+            received_bytes += fd.read(&mut buffer[received_bytes..length])?;
+        }
+    }
+
+    Ok(buffer)
+}