[demos] Update GRPC RATLS exported APIs names

demos/ra_tls/README.md

@@ -18,7 +18,7 @@
 
 * Server
 ```
-int gr_start_server(
+int grpc_ratls_start_server(
     const char *server_addr, // grpc server address+port, such as "localhost:50051"
     const char *config_json, // ratls handshake config json file
     const char *secret_json  // secret config json file
@@ -27,7 +27,7 @@ int gr_start_server(
 
 * Client
 ```
-int gr_client_get_secret(
+int grpc_ratls_get_secret(
     const char *server_addr, // grpc server address+port, such as "localhost:50051"
     const char *config_json, // ratls handshake config json file
     const char *name, // secret name to be requested

demos/ra_tls/grpc/v1.38.1/examples/cpp/ratls/client.cc

@@ -24,17 +24,17 @@
 
 int main(int argc, char** argv) {
     // Parse arguments
-    if (argc < 3) {
-        printf("[ERROR] At least one argument must be provided\n\n");
-        printf("Usage: client [<request_name>] [<secret_file_to_be_saved>]\n");
+    if (argc < 4) {
+        printf("[ERROR] Three arguments must be provided\n\n");
+        printf("Usage: client <grpc-server addr> <request_name> <secret_file_to_be_saved>\n");
         return -1;
     }
 
-    gr_client_get_secret(
-        "localhost:50051",
-        "dynamic_config.json",
+    grpc_ratls_get_secret(
         argv[1],
-        argv[2]
+        "dynamic_config.json",
+        argv[2],
+        argv[3]
     );
 
     return 0;

demos/ra_tls/grpc/v1.38.1/examples/cpp/ratls/grpc_ratls_client.cc

@@ -115,7 +115,7 @@ void base64_decode(const char *b64input, unsigned char *dest, size_t dest_len) {
     }
 }
 
-int gr_client_get_secret(
+int grpc_ratls_get_secret(
     const char *server_addr,
     const char *config_json,
     const char *name,

demos/ra_tls/grpc/v1.38.1/examples/cpp/ratls/grpc_ratls_client.h

@@ -6,7 +6,7 @@ extern "C" {
 #endif
 
 // client get secret
-extern int gr_client_get_secret(
+extern int grpc_ratls_get_secret(
     const char *server_addr, // grpc server address+port, such as "localhost:50051"
     const char *config_json, // ratls handshake config json file
     const char *name, // secret name to be requested

demos/ra_tls/grpc/v1.38.1/examples/cpp/ratls/grpc_ratls_server.cc

@@ -68,7 +68,7 @@ class GrSecretServiceImpl final: public GrSecret::Service {
 };
 
 
-int gr_start_server(
+int grpc_ratls_start_server(
     const char *server_addr,
     const char *config_json,
     const char *secret_json

demos/ra_tls/grpc/v1.38.1/examples/cpp/ratls/grpc_ratls_server.h

@@ -6,7 +6,7 @@ extern "C" {
 #endif
 
 // start server
-extern int gr_start_server(
+extern int grpc_ratls_start_server(
     const char *server_addr, // grpc server address+port, such as "localhost:50051"
     const char *config_json, // ratls handshake config json file
     const char *secret_json  // secret config json file

demos/ra_tls/grpc/v1.38.1/examples/cpp/ratls/server.cc

@@ -15,12 +15,20 @@
  * limitations under the License.
  *
  */
+#include <stdio.h>
+#include <stdlib.h>
 #include "../grpc_ratls_server.h"
 
 
 int main(int argc, char** argv) {
-    gr_start_server(
-        "localhost:50051",
+    if (argc < 2) {
+        printf("[ERROR] One argument must be provided\n\n");
+        printf("Usage: server <grpc-server addr>\n");
+        return -1;
+    }
+
+    grpc_ratls_start_server(
+        argv[1],
         "dynamic_config.json",
         "secret_config.json"
     );

demos/ra_tls/run.sh

@@ -5,13 +5,20 @@ postfix=$1
 request=$2
 file=${3:-/host/secret}
 
-if [ "$postfix" != "server" ] && [ "$postfix" != "client" ]; then
+GRPC_ADDR="localhost:50051"
+
+if [ "$postfix" == "server" ]; then
+    pushd occlum_server
+    occlum run /bin/server ${GRPC_ADDR}
+    popd
+elif [ "$postfix" == "client" ]; then
+    pushd occlum_client
+    occlum run /bin/client ${GRPC_ADDR} ${request} ${file}
+    popd
+else
     echo "input error args, it should be:" 
     echo "./run.sh server"
-    echo "./run.sh client"
+    echo "./run.sh client request_secret"
     exit 1
 fi
 
-pushd occlum_$postfix
-occlum run /bin/$postfix ${request} ${file}
-popd

demos/remote_attestation/init_ra_flow/README.md

@@ -55,7 +55,7 @@ The `RA Verify Config` JSON records the secrets. Each secret has a name and its
 
 * Starts the Flask-TLS-Infer demo. For every Occlum built application, it starts `init` process first, then starts the real application in RootFS. The default [`init`](../../../tools/init/) process just run RootFS integrity check and then load the RootFS where the real application is located.
 
-For this demo, a modified [`init`](./init_ra/) is used. Besides the general `init` operation, it embeds the `GRPC-RATLS` client API `gr_client_get_secret`, gets the secrets(base64 encoded) from the `GRPC-RATLS server`, does base64 decoding, acquires the real secrets. The `image_key` is used to decrypt the RootFS image. The other two are saved to RootFS. In this example, they are `/etc/flask.crt` and `/etc/flask.key`. Finally, when the Flask-TLS app is running, all secrets are securely obtained already in `init` thus the app runs successfully without RA involvement in this stage.
+For this demo, a modified [`init`](./init_ra/) is used. Besides the general `init` operation, it embeds the `GRPC-RATLS` client API `grpc_ratls_get_secret`, gets the secrets(base64 encoded) from the `GRPC-RATLS server`, does base64 decoding, acquires the real secrets. The `image_key` is used to decrypt the RootFS image. The other two are saved to RootFS. In this example, they are `/etc/flask.crt` and `/etc/flask.key`. Finally, when the Flask-TLS app is running, all secrets are securely obtained already in `init` thus the app runs successfully without RA involvement in this stage.
 
 
 ## How-to build the demo
@@ -72,7 +72,7 @@ occlum_server
 * Starts the GRPC-RATLS server in background.
 ```
 cd occlum_server
-occlum run /bin/server &
+occlum run /bin/server localhost:50051 &
 ```
 
 * Starts the Flask-TLS web portal in backgroud.

demos/remote_attestation/init_ra_flow/build_content.sh

@@ -61,7 +61,7 @@ function build_client_instance()
     # Get server mrsigner.
     # Here client and server use the same signer-key thus using client mrsigner directly.
     jq ' .verify_mr_enclave = "off" |
-        .verify_mr_signer = "off" |
+        .verify_mr_signer = "on" |
         .verify_isv_prod_id = "off" |
         .verify_isv_svn = "off" |
         .verify_enclave_debuggable = "on" |

demos/remote_attestation/init_ra_flow/init_ra/src/main.rs

@@ -15,7 +15,7 @@ use std::os::raw::{c_int, c_char};
 
 #[link(name = "grpc_ratls_client")]
 extern "C" {
-    fn gr_client_get_secret(
+    fn grpc_ratls_get_secret(
         server_addr: *const c_char, // grpc server address+port, such as "localhost:50051"
         config_json: *const c_char, // ratls handshake config json file
         name: *const c_char, // secret name to be requested
@@ -48,7 +48,7 @@ fn main() -> Result<(), Box<dyn Error>> {
             let filename = CString::new("/etc/image_key").unwrap();
 
             let ret = unsafe {
-                gr_client_get_secret(
+                grpc_ratls_get_secret(
                     server_addr.as_ptr(),
                     config_json.as_ptr(),
                     secret.as_ptr(),
@@ -56,7 +56,7 @@ fn main() -> Result<(), Box<dyn Error>> {
             };
 
             if ret != 0 {
-                println!("gr_client_get_secret failed return {}", ret);
+                println!("grpc_ratls_get_secret failed return {}", ret);
                 return Err(Box::new(std::io::Error::last_os_error()));
             }
 
@@ -79,7 +79,7 @@ fn main() -> Result<(), Box<dyn Error>> {
     let filename = CString::new("cert_file").unwrap();
 
     let ret = unsafe {
-        gr_client_get_secret(
+        grpc_ratls_get_secret(
             server_addr.as_ptr(),
             config_json.as_ptr(),
             secret.as_ptr(),
@@ -87,7 +87,7 @@ fn main() -> Result<(), Box<dyn Error>> {
     };
 
     if ret != 0 {
-        println!("gr_client_get_secret failed return {}", ret);
+        println!("grpc_ratls_get_secret failed return {}", ret);
         return Err(Box::new(std::io::Error::last_os_error()));
     }
 
@@ -99,7 +99,7 @@ fn main() -> Result<(), Box<dyn Error>> {
     let filename = CString::new("key_file").unwrap();
 
     let ret = unsafe {
-        gr_client_get_secret(
+        grpc_ratls_get_secret(
             server_addr.as_ptr(),
             config_json.as_ptr(),
             secret.as_ptr(),
@@ -107,7 +107,7 @@ fn main() -> Result<(), Box<dyn Error>> {
     };
 
     if ret != 0 {
-        println!("gr_client_get_secret failed return {}", ret);
+        println!("grpc_ratls_get_secret failed return {}", ret);
         return Err(Box::new(std::io::Error::last_os_error()));
     }
 

demos/remote_attestation/init_ra_flow/run.sh

@@ -1,10 +1,12 @@
 #!/bin/bash
 set -e
 
+GRPC_ADDR="localhost:50051"
+
 echo "Start GRPC server on backgound ..."
 
 pushd occlum_server
-occlum run /bin/server &
+occlum run /bin/server ${GRPC_ADDR} &
 popd
 
 sleep 3

demos/remote_attestation/init_ra_flow/run_till_ready.sh

@@ -9,7 +9,7 @@ FLASK_SERVER_PORT=4996
 echo "Start GRPC server on backgound ..."
 
 pushd occlum_server
-occlum run /bin/server &
+occlum run /bin/server "${GRPC_SERVER_IP}:${GRPC_SERVER_PORT}" &
 popd
 
 while ! nc -z $GRPC_SERVER_IP $GRPC_SERVER_PORT; do