testnet/detee-cli
3
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

refactor: DTMP grpc connction and methods

Browse Source 
updated Dtpm client connection
remove mr_signer from connetion
reuse dtpm client connection
pure function for grpc methods
some error handling
This commit is contained in:
Noor 2025-04-11 01:58:00 +05:30
parent 4746a31a09
commit d44d256567
Signed by: noormohammedb
GPG Key ID: D83EFB8B3B967146
3 changed files with 71 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/sgx/cli_handler.rs
View File

@ -2,7 +2,7 @@ use crate::config::Config;
use crate::name_generator::random_app_name; use crate::name_generator::random_app_name;
use crate::sgx::config::{validate_yaml, DeteeCliExt}; use crate::sgx::config::{validate_yaml, DeteeCliExt};
use crate::sgx::grpc_brain::{delete_app, list_contracts}; use crate::sgx::grpc_brain::{delete_app, list_contracts};
use crate::sgx::grpc_dtpm::{attest_and_send_config, get_config_from_enclave}; use crate::sgx::grpc_dtpm::{get_config, update_config};
use crate::sgx::packaging::package_enclave; use crate::sgx::packaging::package_enclave;
use crate::sgx::utils::{ use crate::sgx::utils::{
deploy_new_app_and_update_config, fetch_config, override_envs_and_args_launch_config, deploy_new_app_and_update_config, fetch_config, override_envs_and_args_launch_config,
@ -227,7 +227,7 @@ fn handle_config_sub_update(
(update_matche.get_one::<String>("config"), update_matche.get_one::<String>("uuid")) (update_matche.get_one::<String>("config"), update_matche.get_one::<String>("uuid"))
{ {
let loaded_config = validate_yaml(file_path).unwrap(); let loaded_config = validate_yaml(file_path).unwrap();
match block_on(attest_and_send_config(loaded_config, uuid)) { match block_on(update_config(uuid, loaded_config)) {
Ok(_) => Ok(SimpleOutput::from("App launch config updated successfully")), Ok(_) => Ok(SimpleOutput::from("App launch config updated successfully")),
Err(e) => Err(Box::new(std::io::Error::other(format!( Err(e) => Err(Box::new(std::io::Error::other(format!(
"Could not attest and update app launch config due to error: {e}" "Could not attest and update app launch config due to error: {e}"
@ -244,7 +244,7 @@ fn handle_config_sub_get(
if let (Some(file_path_to_save), Some(uuid)) = if let (Some(file_path_to_save), Some(uuid)) =
(get_matche.get_one::<String>("path"), get_matche.get_one::<String>("uuid")) (get_matche.get_one::<String>("path"), get_matche.get_one::<String>("uuid"))
{ {
match block_on(get_config_from_enclave(uuid)) { match block_on(get_config(uuid)) {
Ok(config) => { Ok(config) => {
let config_yaml = serde_yaml::to_string(&config).unwrap(); let config_yaml = serde_yaml::to_string(&config).unwrap();
std::fs::write(file_path_to_save, config_yaml).unwrap(); std::fs::write(file_path_to_save, config_yaml).unwrap();

104
src/sgx/grpc_dtpm.rs
View File

@ -1,5 +1,8 @@
use detee_sgx::{prelude::*, HRaTlsConfigBuilder}; use detee_sgx::{prelude::*, HRaTlsConfigBuilder};
use detee_shared::common_proto::Empty; use detee_shared::{
common_proto::Empty,
sgx::{pb::dtpm_proto::DtpmGetConfigRes, types::dtpm::FileEntry},
};
use hyper_rustls::HttpsConnectorBuilder; use hyper_rustls::HttpsConnectorBuilder;
use rustls::ClientConfig; use rustls::ClientConfig;
use std::sync::{Arc, RwLock}; use std::sync::{Arc, RwLock};
@ -12,8 +15,8 @@ use tonic::{
use detee_shared::sgx::{ use detee_shared::sgx::{
pb::dtpm_proto::{ pb::dtpm_proto::{
dtpm_config_manager_client::DtpmConfigManagerClient, DtpmConfigData, DtpmSetConfigReq, dtpm_config_manager_client::DtpmConfigManagerClient, DtpmSetConfigReq,
FileEntry, FileEntry as FileEntryPb,
}, },
types::dtpm::DtpmConfig, types::dtpm::DtpmConfig,
}; };
@ -33,28 +36,22 @@ pub enum Error {
DiskAccess(#[from] std::io::Error), DiskAccess(#[from] std::io::Error),
#[error("HRatls: {0}")] #[error("HRatls: {0}")]
SgxHRatls(#[from] detee_sgx::error::SgxError), SgxHRatls(#[from] detee_sgx::error::SgxError),
#[error("DtpmConfig: {0}")] #[error("Dtpm: {0}")]
DtpmConfig(String), Dtpm(String),
#[error(transparent)] #[error(transparent)]
ConfigError(#[from] crate::config::Error), ConfigError(#[from] crate::config::Error),
} }
type Result<T> = std::result::Result<T, Error>; type Result<T> = std::result::Result<T, Error>;
pub async fn connect_dtpm_grpc_client( pub async fn connect_app_dtpm_client(app_uuid: &str) -> Result<DtpmConfigManagerClient<Channel>> {
hratls_uri: String,
package_mr_enclave: Option<[u8; 32]>,
) -> Result<DtpmConfigManagerClient<Channel>> {
let private_key_pem = Config::get_hratls_private_key()?; let private_key_pem = Config::get_hratls_private_key()?;
let mut mr_signer = [0u8; 32];
hex::decode_to_slice(Config::get_mrsigner()?, &mut mr_signer)?;
let mr_signers = vec![mr_signer];
let hratls_config = Arc::new(RwLock::new( let (hratls_uri, package_mr_enclave) = hratls_url_and_mr_enclave_from_app_id(app_uuid).await?;
HRaTlsConfig::new() log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &package_mr_enclave);
.allow_instance_measurement(InstanceMeasurement::new().with_mrsigners(mr_signers))
.with_hratls_private_key_pem(private_key_pem), let hratls_config =
)); Arc::new(RwLock::new(HRaTlsConfig::new().with_hratls_private_key_pem(private_key_pem)));
if let Some(mr_enclave) = package_mr_enclave { if let Some(mr_enclave) = package_mr_enclave {
hratls_config.write().unwrap().allow_more_instance_measurement( hratls_config.write().unwrap().allow_more_instance_measurement(
@ -74,60 +71,57 @@ pub async fn connect_dtpm_grpc_client(
Ok(DtpmConfigManagerClient::new(channel).send_compressed(CompressionEncoding::Zstd)) Ok(DtpmConfigManagerClient::new(channel).send_compressed(CompressionEncoding::Zstd))
} }
pub async fn attest_and_send_config(loaded_config: DtpmConfig, uuid: &str) -> Result<()> { pub async fn update_config(app_uuid: &str, config: DtpmConfig) -> Result<()> {
let files = loaded_config.filesystems.clone(); let dtpm_client = connect_app_dtpm_client(app_uuid).await?;
let config_data = Some(DtpmConfigData::from(loaded_config)); upload_files_pb(config.filesystems.clone(), &dtpm_client).await?;
let req_data = DtpmSetConfigReq { config_data, ..Default::default() }; let req = DtpmSetConfigReq { config_data: Some(config.into()), ..Default::default() };
set_config_pb(req, &dtpm_client).await?;
Ok(())
}
log::trace!("Decoded the configuration... {:?}", req_data); pub async fn get_config(app_uuid: &str) -> Result<DtpmConfig> {
let dtpm_client = connect_app_dtpm_client(app_uuid).await?;
let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await; let config_res = get_config_pb(&dtpm_client).await?;
log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave); let config: DtpmConfig =
config_res.config_data.ok_or(Error::Dtpm("config data not found".to_string()))?.into();
let client = connect_dtpm_grpc_client(hratls_uri, mr_enclave).await?; Ok(config)
}
pub async fn upload_files_pb(
reqs: Vec<FileEntry>,
client: &DtpmConfigManagerClient<Channel>,
) -> Result<()> {
let (tx, rx) = mpsc::channel(6); let (tx, rx) = mpsc::channel(6);
tokio::spawn(async move { tokio::spawn(async move {
for file in files { for file in reqs {
let file_pb: FileEntry = file.into(); let file_pb: FileEntryPb = file.into();
let _ = tx.send(file_pb).await; let _ = tx.send(file_pb).await;
} }
}); });
let fs_stream = ReceiverStream::new(rx); let fs_stream = ReceiverStream::new(rx);
let _ = client let _ = client.clone().upload_files(tonic::Request::new(fs_stream)).await?;
.clone()
.max_decoding_message_size(10240000)
.upload_files(tonic::Request::new(fs_stream))
.await?;
let response = client Ok(())
.max_decoding_message_size(10240000) }
.set_config(tonic::Request::new(req_data))
.await?; pub(crate) async fn set_config_pb(
req: DtpmSetConfigReq,
client: &DtpmConfigManagerClient<Channel>,
) -> Result<()> {
let response = client.clone().set_config(tonic::Request::new(req)).await?;
log::trace!("Received respose from the server...{:?}", response.into_inner()); log::trace!("Received respose from the server...{:?}", response.into_inner());
Ok(()) Ok(())
} }
pub async fn get_config_from_enclave(uuid: &str) -> Result<DtpmConfig> { pub(crate) async fn get_config_pb(
let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await; client: &DtpmConfigManagerClient<Channel>,
log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave); ) -> Result<DtpmGetConfigRes> {
let mgr_config_pb =
let client = connect_dtpm_grpc_client(hratls_uri, None).await?; client.clone().get_config(tonic::Request::new(Empty {})).await?.into_inner();
Ok(mgr_config_pb)
let mgr_config_pb = client
.max_decoding_message_size(10240000)
.get_config(tonic::Request::new(Empty {}))
.await?
.into_inner();
let config: DtpmConfig = mgr_config_pb
.config_data
.ok_or(Error::DtpmConfig("config data not found".to_string()))?
.into();
Ok(config)
} }

27
src/sgx/utils.rs
View File

@ -1,9 +1,12 @@
use crate::constants::HRATLS_APP_PORT; use crate::constants::HRATLS_APP_PORT;
use crate::sgx::get_one_contract; use crate::sgx::get_one_contract;
use crate::sgx::grpc_brain::new_app; use crate::sgx::grpc_brain::new_app;
use crate::sgx::grpc_dtpm::attest_and_send_config; use crate::sgx::grpc_dtpm::connect_app_dtpm_client;
use crate::sgx::grpc_dtpm::set_config_pb;
use crate::sgx::grpc_dtpm::upload_files_pb;
use crate::sgx::package_entry_from_name; use crate::sgx::package_entry_from_name;
use detee_shared::app_proto::NewAppRes; use detee_shared::app_proto::NewAppRes;
use detee_shared::sgx::pb::dtpm_proto::DtpmSetConfigReq;
use detee_shared::sgx::types::brain::AppDeployConfig; use detee_shared::sgx::types::brain::AppDeployConfig;
use detee_shared::sgx::types::dtpm::DtpmConfig; use detee_shared::sgx::types::dtpm::DtpmConfig;
use detee_shared::sgx::types::dtpm::EnvironmentEntry; use detee_shared::sgx::types::dtpm::EnvironmentEntry;
@ -17,7 +20,7 @@ pub enum Error {
#[error(transparent)] #[error(transparent)]
Serde(#[from] serde_yaml::Error), Serde(#[from] serde_yaml::Error),
#[error("{0}")] #[error("{0}")]
PublicPackage(std::string::String), Package(std::string::String),
#[error("{0}")] #[error("{0}")]
Brain(#[from] crate::sgx::grpc_brain::Error), Brain(#[from] crate::sgx::grpc_brain::Error),
#[error("{0}")] #[error("{0}")]
@ -26,7 +29,9 @@ pub enum Error {
Deployment(String), Deployment(String),
} }
pub async fn hratls_url_and_mr_enclave_from_app_id(app_id: &str) -> (String, Option<[u8; 32]>) { pub async fn hratls_url_and_mr_enclave_from_app_id(
app_id: &str,
) -> Result<(String, Option<[u8; 32]>), crate::sgx::grpc_dtpm::Error> {
let app_contract = get_one_contract(app_id).await; let app_contract = get_one_contract(app_id).await;
if app_contract.is_err() { if app_contract.is_err() {
eprintln!("Could not find App contract with ID: {}", app_id); eprintln!("Could not find App contract with ID: {}", app_id);
@ -44,15 +49,15 @@ pub async fn hratls_url_and_mr_enclave_from_app_id(app_id: &str) -> (String, Opt
.mapped_ports .mapped_ports
.iter() .iter()
.find(|port| port.app_port == HRATLS_APP_PORT) .find(|port| port.app_port == HRATLS_APP_PORT)
.unwrap() .ok_or(crate::sgx::grpc_dtpm::Error::Dtpm("Could not find DTMP port".to_string()))?
.host_port; .host_port;
(format!("https://{public_ip}:{dtpm_port}"), mr_enclave) Ok((format!("https://{public_ip}:{dtpm_port}"), mr_enclave))
} }
pub async fn fetch_config(package_name: &str) -> Result<DtpmConfig, Error> { pub async fn fetch_config(package_name: &str) -> Result<DtpmConfig, Error> {
let index_package_entry = package_entry_from_name(package_name) let index_package_entry = package_entry_from_name(package_name)
.ok_or(Error::PublicPackage("package not found for ".to_string() + package_name))?; .ok_or(Error::Package("package not found for ".to_string() + package_name))?;
let launch_config_url = index_package_entry.launch_config_url.clone(); let launch_config_url = index_package_entry.launch_config_url.clone();
@ -128,11 +133,17 @@ pub async fn deploy_new_app_and_update_config(
if let Some(launch_config) = launch_config { if let Some(launch_config) = launch_config {
eprintln!("Deploying..."); eprintln!("Deploying...");
tokio::time::sleep(tokio::time::Duration::from_millis(2500)).await; tokio::time::sleep(tokio::time::Duration::from_millis(2500)).await;
Retry::spawn(FixedInterval::from_millis(1000).take(10), || { let dtpm_client = Retry::spawn(FixedInterval::from_millis(1000).take(10), || {
log::debug!("retrying attestation and launch config update"); log::debug!("retrying attestation and launch config update");
attest_and_send_config(launch_config.clone(), &new_app_res.uuid) connect_app_dtpm_client(&new_app_res.uuid)
}) })
.await?; .await?;
upload_files_pb(launch_config.filesystems.clone(), &dtpm_client).await?;
let config_data = Some(launch_config.into());
log::trace!("Decoded the configuration... {:?}", config_data);
let req = DtpmSetConfigReq { config_data, ..Default::default() };
set_config_pb(req, &dtpm_client).await?;
Ok(new_app_res) Ok(new_app_res)
} else { } else {
Ok(new_app_res) Ok(new_app_res)