| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| |
| #![feature(concat_idents)] |
| |
| #[cfg(feature = "mesalock_sgx")] |
| extern crate sgx_trts; |
| |
| use anyhow::Result; |
| use log::debug; |
| use log::error; |
| #[cfg(not(feature = "mesalock_sgx"))] |
| use std::fs; |
| use std::path::PathBuf; |
| use std::sync::{Arc, RwLock}; |
| #[cfg(feature = "mesalock_sgx")] |
| use std::untrusted::{fs, path::PathEx}; |
| use teaclave_attestation::verifier::AttestationReportVerificationFn; |
| use teaclave_attestation::AttestedTlsConfig; |
| use teaclave_config::RuntimeConfig; |
| use teaclave_types::{EnclaveInfo, TeeServiceResult}; |
| |
| mod macros; |
| |
| #[cfg(feature = "cov")] |
| #[sgx_macros::global_dtor] |
| fn cov_exit() { |
| println!("sgx_cov finished!"); |
| sgx_cov::cov_writeout(); |
| } |
| |
| extern "C" { |
| pub static g_peak_heap_used: isize; |
| pub static g_peak_rsrv_mem_committed: isize; |
| } |
| |
| pub struct ServiceEnclave; |
| |
| impl ServiceEnclave { |
| pub fn init(_name: &str) -> TeeServiceResult<()> { |
| let env = env_logger::Env::new() |
| .filter_or("TEACLAVE_LOG", "RUST_LOG") |
| .write_style_or("TEACLAVE_LOG_STYLE", "RUST_LOG_STYLE"); |
| let env_logger = env_logger::Builder::from_env(env).build(); |
| teaclave_logger::Builder::new() |
| .secondary_logger(env_logger) |
| .init(); |
| |
| debug!("Enclave initializing"); |
| #[cfg(feature = "mesalock_sgx")] |
| if std::backtrace::enable_backtrace(std::backtrace::PrintFormat::Full).is_err() { |
| error!("Cannot enable backtrace"); |
| return Err(teaclave_types::TeeServiceError::SgxError); |
| } |
| |
| Ok(()) |
| } |
| |
| pub fn finalize() -> TeeServiceResult<()> { |
| debug!("Enclave finalizing"); |
| unsafe { |
| debug!("g_peak_heap_used: {}", g_peak_heap_used); |
| debug!("g_peak_rsrv_mem_committed: {}", g_peak_rsrv_mem_committed); |
| } |
| |
| #[cfg(feature = "cov")] |
| sgx_cov::cov_writeout(); |
| |
| Ok(()) |
| } |
| } |
| |
| pub fn base_dir_for_db(config: &RuntimeConfig) -> Result<PathBuf> { |
| base_dir(config, "database") |
| } |
| |
| pub fn base_dir_for_offload_functions(config: &RuntimeConfig) -> Result<PathBuf> { |
| base_dir(config, "functions") |
| } |
| |
| fn base_dir(config: &RuntimeConfig, sub_name: &str) -> Result<PathBuf> { |
| let fusion_base = config.mount.fusion_base_dir.as_path(); |
| // We only create this base directory in test_mode |
| // This directory should be mounted in release mode |
| #[cfg(test_mode)] |
| fs::create_dir_all(fusion_base)?; |
| if !fusion_base.exists() { |
| error!( |
| "Fusion base directory is not mounted: {}", |
| fusion_base.display() |
| ); |
| anyhow::bail!("fusion_base not mounted"); |
| } |
| |
| let sub_base = fusion_base.join(sub_name); |
| fs::create_dir_all(&sub_base)?; |
| |
| if !sub_base.exists() { |
| error!( |
| "Offload base directory is not mounted: {}", |
| sub_base.display() |
| ); |
| anyhow::bail!("sub_base not mounted"); |
| } |
| Ok(sub_base) |
| } |
| |
| macro_rules! impl_create_trusted_endpoint_fn { |
| ($fn_name:ident, $enclave_attr:literal) => { |
| pub fn $fn_name( |
| advertised_address: &str, |
| enclave_info: &EnclaveInfo, |
| as_root_ca_cert: &[u8], |
| verifier: AttestationReportVerificationFn, |
| attested_tls_config: Arc<RwLock<AttestedTlsConfig>>, |
| ) -> Result<teaclave_rpc::transport::channel::Endpoint> { |
| let service_enclave_attrs = enclave_info |
| .get_enclave_attr($enclave_attr) |
| .expect("enclave attr"); |
| let client_tls_config = |
| teaclave_rpc::config::SgxTrustedTlsClientConfig::from_attested_tls_config( |
| attested_tls_config, |
| )? |
| .attestation_report_verifier(vec![service_enclave_attrs], as_root_ca_cert, verifier) |
| .into(); |
| |
| let dst = advertised_address.parse::<teaclave_rpc::transport::Uri>()?; |
| if dst.scheme().is_none() { |
| anyhow::bail!(format!( |
| "Missing schema in {} advertised address", |
| stringify!($enclave_attr) |
| )); |
| }; |
| let endpoint = teaclave_rpc::transport::Channel::builder(dst) |
| .tls_config(client_tls_config)? |
| .connect_timeout(std::time::Duration::from_secs(30)); |
| Ok(endpoint) |
| } |
| }; |
| } |
| |
| impl_create_trusted_endpoint_fn!(create_trusted_storage_endpoint, "teaclave_storage_service"); |
| impl_create_trusted_endpoint_fn!( |
| create_trusted_authentication_endpoint, |
| "teaclave_authentication_service" |
| ); |
| impl_create_trusted_endpoint_fn!( |
| create_trusted_management_endpoint, |
| "teaclave_management_service" |
| ); |
| impl_create_trusted_endpoint_fn!( |
| create_trusted_scheduler_endpoint, |
| "teaclave_scheduler_service" |
| ); |