sdk/rust/src/bindings.rs - incubator-teaclave - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 use libc::{c_char, c_int, c_void, malloc, size_t};

 use std::ffi::{CStr, CString};
 use std::{fs, ptr};

 use crate::{
     AuthenticationClient, AuthenticationService, EnclaveInfo, Entry, FrontendClient,
     FrontendService,
 };

 macro_rules! unwrap_or_return_null {
     ( $e:expr ) => {
         match $e {
             Ok(x) => x,
             Err(_) => return ptr::null_mut(),
         }
     };
 }

 macro_rules! unwrap_or_return_one {
     ( $e:expr ) => {
         match $e {
             Ok(x) => x,
             Err(_) => return 1,
         }
     };
 }

 /// Connect to Teaclave Authentication Service.
 ///
 /// This function connects and establishes trusted channel to the remote
 /// authentication service with `address`. The function gets *enclave info* from
 /// the file located in `enclave_info_path`. The file in `as_root_ca_cert_path`
 /// will be used to verify the attestation report from the remote service.
 ///
 /// # Arguments
 ///
 /// * `address`: address of remote services, normally,it's a domain name with port number.
 /// * `enclave_info_path`: file path of the *enclave info* TOML file.
 /// * `as_root_ca_cert_path`: file path of the certificate for remote attestation service.
 ///
 /// # Return
 ///
 /// * The function returns an opaque pointer (handle) of the service. On error,
 /// the function returns NULL.
 ///
 /// # Safety
 ///
 /// `address`, `enclave_info_path`, `as_root_ca_cert_path` should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_connect_authentication_service(
     address: *const c_char,
     enclave_info_path: *const c_char,
     as_root_ca_cert_path: *const c_char,
 ) -> *mut AuthenticationClient {
     if address.is_null() || enclave_info_path.is_null() || as_root_ca_cert_path.is_null() {
         return ptr::null_mut();
     }

     let address = CStr::from_ptr(address).to_string_lossy().into_owned();
     let enclave_info_path = CStr::from_ptr(enclave_info_path)
         .to_string_lossy()
         .into_owned();
     let as_root_ca_cert_path = CStr::from_ptr(as_root_ca_cert_path)
         .to_string_lossy()
         .into_owned();
     let enclave_info = unwrap_or_return_null!(EnclaveInfo::from_file(enclave_info_path));
     let bytes = unwrap_or_return_null!(fs::read(as_root_ca_cert_path));
     let as_root_ca_cert = unwrap_or_return_null!(pem::parse(bytes)).contents;
     let client = unwrap_or_return_null!(AuthenticationService::connect(
         &address,
         &enclave_info,
         &as_root_ca_cert
     ));

     Box::into_raw(Box::new(client))
 }

 /// Close and free the authentication service handle, i.e., the
 /// `AuthenticaionClient` type opaque pointer. The function returns 0 for
 /// success. On error, the function returns 1.
 ///
 /// # Safety
 ///
 /// This function is unsafe because improper use may lead to
 /// memory problems. For example, a double-free may occur if the
 /// function is called twice on the same raw pointer.
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_close_authentication_service(
     client: *mut AuthenticationClient,
 ) -> c_int {
     if client.is_null() {
         return 1;
     }

     let _ = Box::from_raw(client);

     0
 }

 /// Register a new user with `user_id` and `user_password`. The function returns
 /// 0 for success. On error, the function returns 1.
 ///
 /// # Safety
 ///
 /// `user_id`, `user_password`, `role`, `attribute` should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_user_register(
     client: &mut AuthenticationClient,
     user_id: *const c_char,
     user_password: *const c_char,
     role: *const c_char,
     attribute: *const c_char,
 ) -> c_int {
     if (client as *mut AuthenticationClient).is_null()
         || user_id.is_null()
         || user_password.is_null()
     {
         return 1;
     }

     let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
     let user_password = CStr::from_ptr(user_password).to_string_lossy().into_owned();
     let role = CStr::from_ptr(role).to_string_lossy().into_owned();
     let attribute = CStr::from_ptr(attribute).to_string_lossy().into_owned();
     unwrap_or_return_one!(client.user_register(&user_id, &user_password, &role, &attribute));

     0
 }

 /// Login a new user with `user_id` and `user_password`. The login session token
 /// will be save in the `token` buffer, and length will be set in the
 /// `token_len` argument. The function returns 0 for success. On error, the
 /// function returns 1.
 ///
 /// # Safety
 ///
 /// `user_id`, `user_password` should be C string (null terminated), token and token_len should be consistent.
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_user_login(
     client: &mut AuthenticationClient,
     user_id: *const c_char,
     user_password: *const c_char,
     token: *mut c_char,
     token_len: *mut size_t,
 ) -> c_int {
     if (client as *mut AuthenticationClient).is_null()
         || user_id.is_null()
         || user_password.is_null()
         || token.is_null()
         || token_len.is_null()
     {
         return 1;
     }

     let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
     let user_password = CStr::from_ptr(user_password).to_string_lossy().into_owned();

     let token_string = unwrap_or_return_one!(client.user_login(&user_id, &user_password));
     let token_c_string = unwrap_or_return_one!(CString::new(token_string));
     let bytes = token_c_string.as_bytes_with_nul();

     if *token_len < bytes.len() {
         return 1;
     } else {
         ptr::copy_nonoverlapping(bytes.as_ptr(), token as _, bytes.len());
         *token_len = bytes.len();
     }

     0
 }

 /// Connect to Teaclave Frontend Service.
 ///
 /// This function connects and establishes trusted channel to the remote
 /// frontend service with `address`. The function gets *enclave info* from
 /// the file located in `enclave_info_path`. The file in `as_root_ca_cert_path`
 /// will be used to verify the attestation report from the remote service.
 ///
 /// # Arguments
 ///
 /// * `address`: address of remote services, normally,it's a domain name with port number.
 /// * `enclave_info_path`: file path of the *enclave info* TOML file.
 /// * `as_root_ca_cert_path`: file path of the certificate for remote attestation service.
 ///
 /// # Return
 ///
 /// * The function returns an opaque pointer (handle) of the service. On error,
 /// the function returns NULL.
 ///
 /// # Safety
 ///
 /// All arguments should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_connect_frontend_service(
     address: *const c_char,
     enclave_info_path: *const c_char,
     as_root_ca_cert_path: *const c_char,
 ) -> *mut FrontendClient {
     if address.is_null() || enclave_info_path.is_null() || as_root_ca_cert_path.is_null() {
         return ptr::null_mut();
     }

     let address = CStr::from_ptr(address).to_string_lossy().into_owned();
     let enclave_info_path = CStr::from_ptr(enclave_info_path)
         .to_string_lossy()
         .into_owned();
     let as_root_ca_cert_path = CStr::from_ptr(as_root_ca_cert_path)
         .to_string_lossy()
         .into_owned();
     let enclave_info = unwrap_or_return_null!(EnclaveInfo::from_file(enclave_info_path));
     let bytes = unwrap_or_return_null!(fs::read(as_root_ca_cert_path));
     let as_root_ca_cert = unwrap_or_return_null!(pem::parse(bytes)).contents;
     let client = unwrap_or_return_null!(FrontendService::connect(
         &address,
         &enclave_info,
         &as_root_ca_cert
     ));

     Box::into_raw(Box::new(client))
 }

 /// Close and free the frontend service handle, i.e., the `FrontendClient` type
 /// opaque pointer. The function returns 0 for success. On error, the function
 /// returns 1.
 ///
 /// # Safety
 ///
 /// This function is unsafe because improper use may lead to
 /// memory problems. For example, a double-free may occur if the
 /// function is called twice on the same raw pointer.
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_close_frontend_service(client: *mut FrontendClient) -> c_int {
     if client.is_null() {
         return 1;
     }

     let _ = Box::from_raw(client);

     0
 }

 /// Set user's credential with `user_id` and `user_token`. The function returns
 /// 0 for success. On error, the function returns 1.
 ///
 /// # Safety
 ///
 /// `user_id` and `user_token` should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_authentication_set_credential(
     client: &mut AuthenticationClient,
     user_id: *const c_char,
     user_token: *const c_char,
 ) -> c_int {
     if (client as *mut AuthenticationClient).is_null() || user_id.is_null() || user_token.is_null()
     {
         return 1;
     }

     let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
     let user_token = CStr::from_ptr(user_token).to_string_lossy().into_owned();
     client.set_credential(&user_id, &user_token);

     0
 }

 /// Set user's credential with `user_id` and `user_token`. The function returns
 /// 0 for success. On error, the function returns 1.
 ///
 /// # Safety
 ///
 /// `user_id` and `user_token` should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_frontend_set_credential(
     client: &mut FrontendClient,
     user_id: *const c_char,
     user_token: *const c_char,
 ) -> c_int {
     if (client as *mut FrontendClient).is_null() || user_id.is_null() || user_token.is_null() {
         return 1;
     }

     let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
     let user_token = CStr::from_ptr(user_token).to_string_lossy().into_owned();
     client.set_credential(&user_id, &user_token);

     0
 }

 /// Invoke task with `task_id`. The function returns 0 for success. On error,
 /// the function returns 1.
 ///
 /// # Safety
 ///
 /// `task_id` should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_invoke_task(
     client: &mut FrontendClient,
     task_id: *const c_char,
 ) -> c_int {
     if (client as *mut FrontendClient).is_null() || task_id.is_null() {
         return 1;
     }

     let task_id = CStr::from_ptr(task_id).to_string_lossy().into_owned();
     match client.invoke_task(&task_id) {
         Ok(_) => 0,
         Err(_) => 1,
     }
 }

 /// Cancel task with `task_id`. The function returns 0 for success. On error,
 /// the function returns 1.
 ///
 /// # Safety
 ///
 /// `task_id` should be C string (null terminated).
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_cancel_task(
     client: &mut FrontendClient,
     task_id: *const c_char,
 ) -> c_int {
     if (client as *mut FrontendClient).is_null() || task_id.is_null() {
         return 1;
     }

     let task_id = CStr::from_ptr(task_id).to_string_lossy().into_owned();
     match client.cancel_task(&task_id) {
         Ok(_) => 0,
         Err(_) => 1,
     }
 }

 /// Get task result of `task_id`. The result will be save in the `task_result`
 /// buffer, and set corresponding `task_result_len` argument. Note that this is
 /// a blocking function and wait for the return of the task. The function
 /// returns 0 for success. On error, the function returns 1.
 ///
 /// # Safety
 ///
 /// Inconsistent length of allocated buffer may caused overflow.
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_get_task_result(
     client: &mut FrontendClient,
     task_id: *const c_char,
     task_result: *mut c_char,
     task_result_len: *mut size_t,
 ) -> c_int {
     if (client as *mut FrontendClient).is_null() || task_id.is_null() {
         return 1;
     }

     let task_id = CStr::from_ptr(task_id).to_string_lossy().into_owned();
     match client.get_task_result(&task_id) {
         Ok((result, _)) => {
             if *task_result_len < result.len() {
                 return 1;
             } else {
                 ptr::copy_nonoverlapping(result.as_ptr(), task_result as _, result.len());
                 *task_result_len = result.len();
             }
             0
         }
         Err(_) => 1,
     }
 }

 /// Query audit logs according to `query`. `query` is the query statement for tantivy. The result
 /// will be saved in the `log_buffer` buffer with the corresponding `log_len` argument set.
 /// Remember to free the user and message inside c_entry to avoid memory leak.
 ///
 /// The function returns 0 for success. On error, the function returns 1.
 ///
 /// # Safety
 ///
 /// Inconsistent length of allocated buffer may caused overflow.
 #[no_mangle]
 pub unsafe extern "C" fn teaclave_query_audit_logs(
     client: &mut FrontendClient,
     query: *const c_char,
     log_buffer: *mut c_entry,
     log_len: *mut size_t,
 ) -> c_int {
     if (client as *mut FrontendClient).is_null()
         || query.is_null()
         || log_buffer.is_null()
         || log_len.is_null()
         || *log_len == 0
     {
         return 1;
     }

     let query = CStr::from_ptr(query).to_string_lossy().into_owned();
     match client.query_audit_logs(query, *log_len) {
         Ok(audit_logs) => {
             let c_logs: Vec<_> = audit_logs.into_iter().map(c_entry::from).collect();
             let src_logs = c_logs.as_ptr();
             let len = c_logs.len();
             if len > *log_len {
                 return 1;
             }

             unsafe {
                 ptr::copy_nonoverlapping(src_logs, log_buffer, len);
             }

             *log_len = len;
             0
         }
         Err(_) => 1,
     }
 }

 #[repr(C)]
 pub struct c_entry {
     microsecond: i64,
     ip: [u8; 16],
     user: *mut c_void,
     message: *mut c_void,
     result: bool,
 }

 impl From<Entry> for c_entry {
     fn from(entry: Entry) -> Self {
         let user_bytes = CString::new(entry.user()).unwrap().into_bytes_with_nul();
         let len = user_bytes.len();
         let user = unsafe {
             let user = malloc(len);
             ptr::copy_nonoverlapping(user_bytes.as_ptr(), user as *mut u8, len);
             user
         };

         let message_bytes = CString::new(entry.message()).unwrap().into_bytes_with_nul();
         let len = message_bytes.len();
         let message = unsafe {
             let message = malloc(len);
             ptr::copy_nonoverlapping(message_bytes.as_ptr(), message as *mut u8, len);
             message
         };

         Self {
             microsecond: entry.datetime().timestamp_micros(),
             ip: entry.ip().octets(),
             user,
             message,
             result: entry.result(),
         }
     }
 }

 macro_rules! generate_function_serialized {
     ( $client_type:ident, $c_function_name:ident, $rust_function_name:ident) => {
         /// Send JSON serialized request to the service with the `client` and
         /// get the serialized response.
         ///
         /// # Arguments
         ///
         /// * `client`: service client.
         /// * `serialized_request`; JSON serialized request
         /// * `serialized_response`: buffer to store the JSON serialized response.
         /// * `serialized_response_len`: length of the allocated
         ///   `serialized_response`, will be set as the length of
         ///   `serialized_response` when return successfully.
         ///
         /// # Return
         ///
         /// The function returns 0 for success. On error, the function returns 1.
         ///
         /// # Safety
         ///
         /// Inconsistent length of allocated buffer may caused overflow.
         #[no_mangle]
         pub unsafe extern "C" fn $c_function_name(
             client: &mut $client_type,
             serialized_request: *const c_char,
             serialized_response: *mut c_char,
             serialized_response_len: *mut size_t,
         ) -> c_int {
             if (client as *mut $client_type).is_null()
                 || serialized_request.is_null()
                 || serialized_response.is_null()
                 || serialized_response_len.is_null()
             {
                 return 1;
             }

             let serialized_request = CStr::from_ptr(serialized_request)
                 .to_string_lossy()
                 .into_owned();
             let function_id_string =
                 unwrap_or_return_one!(client.$rust_function_name(&serialized_request));
             let function_id_c_string = unwrap_or_return_one!(CString::new(function_id_string));
             let bytes = function_id_c_string.as_bytes_with_nul();

             if *serialized_response_len < bytes.len() {
                 return 1;
             } else {
                 ptr::copy_nonoverlapping(bytes.as_ptr(), serialized_response as _, bytes.len());
                 *serialized_response_len = bytes.len();
             }

             0
         }
     };
 }

 generate_function_serialized!(
     AuthenticationClient,
     teaclave_user_register_serialized,
     user_register_serialized
 );
 generate_function_serialized!(
     AuthenticationClient,
     teaclave_user_login_serialized,
     user_login_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_register_function_serialized,
     register_function_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_get_function_serialized,
     get_function_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_get_function_usage_stats_serialized,
     get_function_usage_stats_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_register_input_file_serialized,
     register_input_file_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_register_output_file_serialized,
     register_output_file_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_create_task_serialized,
     create_task_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_assign_data_serialized,
     assign_data_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_approve_task_serialized,
     approve_task_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_invoke_task_serialized,
     invoke_task_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_cancel_task_serialized,
     cancel_task_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_get_task_serialized,
     get_task_serialized
 );
 generate_function_serialized!(
     FrontendClient,
     teaclave_query_audit_logs_serialized,
     query_audit_logs_serialized
 );
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	use libc::{c_char, c_int, c_void, malloc, size_t};

	use std::ffi::{CStr, CString};
	use std::{fs, ptr};

	use crate::{
	AuthenticationClient, AuthenticationService, EnclaveInfo, Entry, FrontendClient,
	FrontendService,
	};

	macro_rules! unwrap_or_return_null {
	( $e:expr ) => {
	match $e {
	Ok(x) => x,
	Err(_) => return ptr::null_mut(),
	}
	};
	}

	macro_rules! unwrap_or_return_one {
	( $e:expr ) => {
	match $e {
	Ok(x) => x,
	Err(_) => return 1,
	}
	};
	}

	/// Connect to Teaclave Authentication Service.
	///
	/// This function connects and establishes trusted channel to the remote
	/// authentication service with `address`. The function gets enclave info from
	/// the file located in `enclave_info_path`. The file in `as_root_ca_cert_path`
	/// will be used to verify the attestation report from the remote service.
	///
	/// # Arguments
	///
	/// * `address`: address of remote services, normally,it's a domain name with port number.
	/// * `enclave_info_path`: file path of the enclave info TOML file.
	/// * `as_root_ca_cert_path`: file path of the certificate for remote attestation service.
	///
	/// # Return
	///
	/// * The function returns an opaque pointer (handle) of the service. On error,
	/// the function returns NULL.
	///
	/// # Safety
	///
	/// `address`, `enclave_info_path`, `as_root_ca_cert_path` should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_connect_authentication_service(
	address: *const c_char,
	enclave_info_path: *const c_char,
	as_root_ca_cert_path: *const c_char,
	) -> *mut AuthenticationClient {
	if address.is_null() \|\| enclave_info_path.is_null() \|\| as_root_ca_cert_path.is_null() {
	return ptr::null_mut();
	}

	let address = CStr::from_ptr(address).to_string_lossy().into_owned();
	let enclave_info_path = CStr::from_ptr(enclave_info_path)
	.to_string_lossy()
	.into_owned();
	let as_root_ca_cert_path = CStr::from_ptr(as_root_ca_cert_path)
	.to_string_lossy()
	.into_owned();
	let enclave_info = unwrap_or_return_null!(EnclaveInfo::from_file(enclave_info_path));
	let bytes = unwrap_or_return_null!(fs::read(as_root_ca_cert_path));
	let as_root_ca_cert = unwrap_or_return_null!(pem::parse(bytes)).contents;
	let client = unwrap_or_return_null!(AuthenticationService::connect(
	&address,
	&enclave_info,
	&as_root_ca_cert
	));

	Box::into_raw(Box::new(client))
	}

	/// Close and free the authentication service handle, i.e., the
	/// `AuthenticaionClient` type opaque pointer. The function returns 0 for
	/// success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// This function is unsafe because improper use may lead to
	/// memory problems. For example, a double-free may occur if the
	/// function is called twice on the same raw pointer.
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_close_authentication_service(
	client: *mut AuthenticationClient,
	) -> c_int {
	if client.is_null() {
	return 1;
	}

	let _ = Box::from_raw(client);

	0
	}

	/// Register a new user with `user_id` and `user_password`. The function returns
	/// 0 for success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// `user_id`, `user_password`, `role`, `attribute` should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_user_register(
	client: &mut AuthenticationClient,
	user_id: *const c_char,
	user_password: *const c_char,
	role: *const c_char,
	attribute: *const c_char,
	) -> c_int {
	if (client as *mut AuthenticationClient).is_null()
	\|\| user_id.is_null()
	\|\| user_password.is_null()
	{
	return 1;
	}

	let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
	let user_password = CStr::from_ptr(user_password).to_string_lossy().into_owned();
	let role = CStr::from_ptr(role).to_string_lossy().into_owned();
	let attribute = CStr::from_ptr(attribute).to_string_lossy().into_owned();
	unwrap_or_return_one!(client.user_register(&user_id, &user_password, &role, &attribute));

	0
	}

	/// Login a new user with `user_id` and `user_password`. The login session token
	/// will be save in the `token` buffer, and length will be set in the
	/// `token_len` argument. The function returns 0 for success. On error, the
	/// function returns 1.
	///
	/// # Safety
	///
	/// `user_id`, `user_password` should be C string (null terminated), token and token_len should be consistent.
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_user_login(
	client: &mut AuthenticationClient,
	user_id: *const c_char,
	user_password: *const c_char,
	token: *mut c_char,
	token_len: *mut size_t,
	) -> c_int {
	if (client as *mut AuthenticationClient).is_null()
	\|\| user_id.is_null()
	\|\| user_password.is_null()
	\|\| token.is_null()
	\|\| token_len.is_null()
	{
	return 1;
	}

	let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
	let user_password = CStr::from_ptr(user_password).to_string_lossy().into_owned();

	let token_string = unwrap_or_return_one!(client.user_login(&user_id, &user_password));
	let token_c_string = unwrap_or_return_one!(CString::new(token_string));
	let bytes = token_c_string.as_bytes_with_nul();

	if *token_len < bytes.len() {
	return 1;
	} else {
	ptr::copy_nonoverlapping(bytes.as_ptr(), token as _, bytes.len());
	*token_len = bytes.len();
	}

	0
	}

	/// Connect to Teaclave Frontend Service.
	///
	/// This function connects and establishes trusted channel to the remote
	/// frontend service with `address`. The function gets enclave info from
	/// the file located in `enclave_info_path`. The file in `as_root_ca_cert_path`
	/// will be used to verify the attestation report from the remote service.
	///
	/// # Arguments
	///
	/// * `address`: address of remote services, normally,it's a domain name with port number.
	/// * `enclave_info_path`: file path of the enclave info TOML file.
	/// * `as_root_ca_cert_path`: file path of the certificate for remote attestation service.
	///
	/// # Return
	///
	/// * The function returns an opaque pointer (handle) of the service. On error,
	/// the function returns NULL.
	///
	/// # Safety
	///
	/// All arguments should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_connect_frontend_service(
	address: *const c_char,
	enclave_info_path: *const c_char,
	as_root_ca_cert_path: *const c_char,
	) -> *mut FrontendClient {
	if address.is_null() \|\| enclave_info_path.is_null() \|\| as_root_ca_cert_path.is_null() {
	return ptr::null_mut();
	}

	let address = CStr::from_ptr(address).to_string_lossy().into_owned();
	let enclave_info_path = CStr::from_ptr(enclave_info_path)
	.to_string_lossy()
	.into_owned();
	let as_root_ca_cert_path = CStr::from_ptr(as_root_ca_cert_path)
	.to_string_lossy()
	.into_owned();
	let enclave_info = unwrap_or_return_null!(EnclaveInfo::from_file(enclave_info_path));
	let bytes = unwrap_or_return_null!(fs::read(as_root_ca_cert_path));
	let as_root_ca_cert = unwrap_or_return_null!(pem::parse(bytes)).contents;
	let client = unwrap_or_return_null!(FrontendService::connect(
	&address,
	&enclave_info,
	&as_root_ca_cert
	));

	Box::into_raw(Box::new(client))
	}

	/// Close and free the frontend service handle, i.e., the `FrontendClient` type
	/// opaque pointer. The function returns 0 for success. On error, the function
	/// returns 1.
	///
	/// # Safety
	///
	/// This function is unsafe because improper use may lead to
	/// memory problems. For example, a double-free may occur if the
	/// function is called twice on the same raw pointer.
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_close_frontend_service(client: *mut FrontendClient) -> c_int {
	if client.is_null() {
	return 1;
	}

	let _ = Box::from_raw(client);

	0
	}

	/// Set user's credential with `user_id` and `user_token`. The function returns
	/// 0 for success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// `user_id` and `user_token` should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_authentication_set_credential(
	client: &mut AuthenticationClient,
	user_id: *const c_char,
	user_token: *const c_char,
	) -> c_int {
	if (client as *mut AuthenticationClient).is_null() \|\| user_id.is_null() \|\| user_token.is_null()
	{
	return 1;
	}

	let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
	let user_token = CStr::from_ptr(user_token).to_string_lossy().into_owned();
	client.set_credential(&user_id, &user_token);

	0
	}

	/// Set user's credential with `user_id` and `user_token`. The function returns
	/// 0 for success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// `user_id` and `user_token` should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_frontend_set_credential(
	client: &mut FrontendClient,
	user_id: *const c_char,
	user_token: *const c_char,
	) -> c_int {
	if (client as *mut FrontendClient).is_null() \|\| user_id.is_null() \|\| user_token.is_null() {
	return 1;
	}

	let user_id = CStr::from_ptr(user_id).to_string_lossy().into_owned();
	let user_token = CStr::from_ptr(user_token).to_string_lossy().into_owned();
	client.set_credential(&user_id, &user_token);

	0
	}

	/// Invoke task with `task_id`. The function returns 0 for success. On error,
	/// the function returns 1.
	///
	/// # Safety
	///
	/// `task_id` should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_invoke_task(
	client: &mut FrontendClient,
	task_id: *const c_char,
	) -> c_int {
	if (client as *mut FrontendClient).is_null() \|\| task_id.is_null() {
	return 1;
	}

	let task_id = CStr::from_ptr(task_id).to_string_lossy().into_owned();
	match client.invoke_task(&task_id) {
	Ok(_) => 0,
	Err(_) => 1,
	}
	}

	/// Cancel task with `task_id`. The function returns 0 for success. On error,
	/// the function returns 1.
	///
	/// # Safety
	///
	/// `task_id` should be C string (null terminated).
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_cancel_task(
	client: &mut FrontendClient,
	task_id: *const c_char,
	) -> c_int {
	if (client as *mut FrontendClient).is_null() \|\| task_id.is_null() {
	return 1;
	}

	let task_id = CStr::from_ptr(task_id).to_string_lossy().into_owned();
	match client.cancel_task(&task_id) {
	Ok(_) => 0,
	Err(_) => 1,
	}
	}

	/// Get task result of `task_id`. The result will be save in the `task_result`
	/// buffer, and set corresponding `task_result_len` argument. Note that this is
	/// a blocking function and wait for the return of the task. The function
	/// returns 0 for success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// Inconsistent length of allocated buffer may caused overflow.
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_get_task_result(
	client: &mut FrontendClient,
	task_id: *const c_char,
	task_result: *mut c_char,
	task_result_len: *mut size_t,
	) -> c_int {
	if (client as *mut FrontendClient).is_null() \|\| task_id.is_null() {
	return 1;
	}

	let task_id = CStr::from_ptr(task_id).to_string_lossy().into_owned();
	match client.get_task_result(&task_id) {
	Ok((result, _)) => {
	if *task_result_len < result.len() {
	return 1;
	} else {
	ptr::copy_nonoverlapping(result.as_ptr(), task_result as _, result.len());
	*task_result_len = result.len();
	}
	0
	}
	Err(_) => 1,
	}
	}

	/// Query audit logs according to `query`. `query` is the query statement for tantivy. The result
	/// will be saved in the `log_buffer` buffer with the corresponding `log_len` argument set.
	/// Remember to free the user and message inside c_entry to avoid memory leak.
	///
	/// The function returns 0 for success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// Inconsistent length of allocated buffer may caused overflow.
	#[no_mangle]
	pub unsafe extern "C" fn teaclave_query_audit_logs(
	client: &mut FrontendClient,
	query: *const c_char,
	log_buffer: *mut c_entry,
	log_len: *mut size_t,
	) -> c_int {
	if (client as *mut FrontendClient).is_null()
	\|\| query.is_null()
	\|\| log_buffer.is_null()
	\|\| log_len.is_null()
	\|\| *log_len == 0
	{
	return 1;
	}

	let query = CStr::from_ptr(query).to_string_lossy().into_owned();
	match client.query_audit_logs(query, *log_len) {
	Ok(audit_logs) => {
	let c_logs: Vec<_> = audit_logs.into_iter().map(c_entry::from).collect();
	let src_logs = c_logs.as_ptr();
	let len = c_logs.len();
	if len > *log_len {
	return 1;
	}

	unsafe {
	ptr::copy_nonoverlapping(src_logs, log_buffer, len);
	}

	*log_len = len;
	0
	}
	Err(_) => 1,
	}
	}

	#[repr(C)]
	pub struct c_entry {
	microsecond: i64,
	ip: [u8; 16],
	user: *mut c_void,
	message: *mut c_void,
	result: bool,
	}

	impl From<Entry> for c_entry {
	fn from(entry: Entry) -> Self {
	let user_bytes = CString::new(entry.user()).unwrap().into_bytes_with_nul();
	let len = user_bytes.len();
	let user = unsafe {
	let user = malloc(len);
	ptr::copy_nonoverlapping(user_bytes.as_ptr(), user as *mut u8, len);
	user
	};

	let message_bytes = CString::new(entry.message()).unwrap().into_bytes_with_nul();
	let len = message_bytes.len();
	let message = unsafe {
	let message = malloc(len);
	ptr::copy_nonoverlapping(message_bytes.as_ptr(), message as *mut u8, len);
	message
	};

	Self {
	microsecond: entry.datetime().timestamp_micros(),
	ip: entry.ip().octets(),
	user,
	message,
	result: entry.result(),
	}
	}
	}

	macro_rules! generate_function_serialized {
	( $client_type:ident, $c_function_name:ident, $rust_function_name:ident) => {
	/// Send JSON serialized request to the service with the `client` and
	/// get the serialized response.
	///
	/// # Arguments
	///
	/// * `client`: service client.
	/// * `serialized_request`; JSON serialized request
	/// * `serialized_response`: buffer to store the JSON serialized response.
	/// * `serialized_response_len`: length of the allocated
	/// `serialized_response`, will be set as the length of
	/// `serialized_response` when return successfully.
	///
	/// # Return
	///
	/// The function returns 0 for success. On error, the function returns 1.
	///
	/// # Safety
	///
	/// Inconsistent length of allocated buffer may caused overflow.
	#[no_mangle]
	pub unsafe extern "C" fn $c_function_name(
	client: &mut $client_type,
	serialized_request: *const c_char,
	serialized_response: *mut c_char,
	serialized_response_len: *mut size_t,
	) -> c_int {
	if (client as *mut $client_type).is_null()
	\|\| serialized_request.is_null()
	\|\| serialized_response.is_null()
	\|\| serialized_response_len.is_null()
	{
	return 1;
	}

	let serialized_request = CStr::from_ptr(serialized_request)
	.to_string_lossy()
	.into_owned();
	let function_id_string =
	unwrap_or_return_one!(client.$rust_function_name(&serialized_request));
	let function_id_c_string = unwrap_or_return_one!(CString::new(function_id_string));
	let bytes = function_id_c_string.as_bytes_with_nul();

	if *serialized_response_len < bytes.len() {
	return 1;
	} else {
	ptr::copy_nonoverlapping(bytes.as_ptr(), serialized_response as _, bytes.len());
	*serialized_response_len = bytes.len();
	}

	0
	}
	};
	}

	generate_function_serialized!(
	AuthenticationClient,
	teaclave_user_register_serialized,
	user_register_serialized
	);
	generate_function_serialized!(
	AuthenticationClient,
	teaclave_user_login_serialized,
	user_login_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_register_function_serialized,
	register_function_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_get_function_serialized,
	get_function_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_get_function_usage_stats_serialized,
	get_function_usage_stats_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_register_input_file_serialized,
	register_input_file_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_register_output_file_serialized,
	register_output_file_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_create_task_serialized,
	create_task_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_assign_data_serialized,
	assign_data_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_approve_task_serialized,
	approve_task_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_invoke_task_serialized,
	invoke_task_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_cancel_task_serialized,
	cancel_task_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_get_task_serialized,
	get_task_serialized
	);
	generate_function_serialized!(
	FrontendClient,
	teaclave_query_audit_logs_serialized,
	query_audit_logs_serialized
	);