fixed ioctl bugs, added docs

2024-09-08 22:21:29 +03:00 · 2024-09-08 22:21:29 +03:00 · 075ccc2607
commit 075ccc2607
parent 924a443998
8 changed files with 66 additions and 21 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,4 +3,6 @@ target
 Cargo.lock
 client_instance
 server_instance
+client.yaml
+server.yaml
 lib
--- a/Cargo.toml
+++ b/Cargo.toml
@ -14,7 +14,7 @@ keywords = ["occlum", "rustls", "ratls"]
 [dependencies]
 rustls = "0.23"
 x509-parser = "0.16"
-occlum-sgx = "0.1" # get/verify quote
+#occlum-sgx = "0.1" # get/verify quote
 ring = "0.17" # hash256
 rcgen = "0.13"
 log = "0.4"
@ -26,13 +26,11 @@ hyper = "1.4.1"
 hyper-util = "0.1.7"
 hyper-rustls = { version = "0.27", features = ["http2"] }
 prost = "0.13"
-#cfg-if = "1.0"
 base64 = "0.22"
 lazy_static = "1.5"

 [dependencies.tonic]
 version = "0.12"
-#features = ["rustls-0_23"]
 optional = true

 [dependencies.actix-web]
--- a/README.md
+++ b/README.md
@ -23,6 +23,55 @@ and use the following command:
 83E8A0C3ED045D9747ADE06C3BFC70FCA661A4A65FF79A800223621162A88B76
 ```

+## Docker Occlum runtime
+
+To run the project in Docker, you need to install the docker first.
+On Ubuntu, you can use the following commands:
+
+```bash
+# Add docker official GPG key
+sudo apt update
+sudo apt install ca-certificates curl
+sudo install -m 0755 -d /etc/apt/keyrings
+sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+sudo chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add docker repository to apt sources
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+sudo apt update
+
+# Install docker packages
+sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+# Add your user to the docker group
+sudo groupadd docker
+sudo usermod -aG docker $USER
+newgrp docker
+```
+
+Next run the occlum image in the docker environment:
+
+```bash
+docker run --rm -it --device /dev/sgx/enclave --device /dev/sgx/provision -v /path/to/occlum-ratls:/root/occlum-ratls occlum/occlum:latest-ubuntu20.04
+
+# Inside the docker container do env preparation
+rustup install stable-x86_64-unknown-linux-gnu
+rustup default stable
+rustup target add x86_64-unknown-linux-musl
+# edit /etc/sgx_default_qcnl.conf, so that the PCCS URL is set correctly
+# "pccs_url": "https://api.trustedservices.intel.com/sgx/certification/v4/"
+
+cd /root/occlum-ratls
+./build_server.sh grpcs --run
+
+# In another terminal exec /bin/bash into the same container
+cd /root/occlum-ratls
+./build_client.sh grpcs --run
+```
+
 ## Running Examples

 Before running make sure you have installed the Occlum and the SGX driver.
@ -30,8 +79,10 @@ You should also have the Occlum Rust toolchain installed to get `occlum-cargo`.
 To test the project just run client and server scripts in different terminals:

 ```
-./build_server.sh
-./build_client.sh
+
+./build_server.sh grpcs --run
+./build_client.sh grpcs --run
+
 ```

 ## Mutual RATLS examples
--- a/build_client.sh
+++ b/build_client.sh
@ -23,6 +23,10 @@ targets:
    copy:
      - files:
        - ../target/x86_64-unknown-linux-musl/release/examples/mratls_${EXAMPLE}_client
+  - target: /lib
+    copy:
+      - files:
+        - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0
 EOF

 rm -rf client_instance && mkdir client_instance && cd client_instance
--- a/build_server.sh
+++ b/build_server.sh
@ -23,6 +23,10 @@ targets:
    copy:
      - files:
        - ../target/x86_64-unknown-linux-musl/release/examples/mratls_${EXAMPLE}_server
+  - target: /lib
+    copy:
+      - files:
+        - /opt/occlum/toolchains/dcap_lib/musl/libocclum_dcap.so.0.1.0
 EOF

 rm -rf server_instance && mkdir server_instance && cd server_instance
--- a/client.yaml
+++ b/client.yaml
@ -1,7 +0,0 @@
-includes:
-  - base.yaml
-targets:
-  - target: /bin
-    copy:
-      - files:
-        - ../target/x86_64-unknown-linux-musl/debug/examples/mratls_https_client
--- a/server.yaml
+++ b/server.yaml
@ -1,7 +0,0 @@
-includes:
-  - base.yaml
-targets:
-  - target: /bin
-    copy:
-      - files:
-        - ../target/x86_64-unknown-linux-musl/debug/examples/server
--- a/src/quote.rs
+++ b/src/quote.rs
@ -164,7 +164,7 @@ impl IoctlClient {
    fn handle(&mut self) -> Result<HandleType, RaTlsError> {
        if self.fd.is_null() {
            let handle = unsafe { dcap_quote_open() };
-            if self.fd.is_null() {
+            if handle.is_null() {
                return Err(RaTlsError::DcapError(
                    "Failed to open DCAP quote device".to_string(),
                ));
@ -176,7 +176,7 @@ impl IoctlClient {

    fn get_quote_size(&mut self) -> Result<u32, RaTlsError> {
        if self.quote_size.is_none() {
-            let size = unsafe { dcap_get_quote_size(self.fd) };
+            let size = unsafe { dcap_get_quote_size(self.handle()?) };
            trace!("DCAP quote size is {}", size);
            self.quote_size = Some(size);
        }