This is an automated email from the ASF dual-hosted git repository. mssun pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
commit 23fc4d7361c941e50fdb11c10751a14d9f5ab913 Author: Mingshen Sun <[email protected]> AuthorDate: Thu Feb 20 22:24:55 2020 -0800 [services] Polish and cleanup --- binder/src/macros.rs | 1 - binder/src/ocall.rs | 3 + config/config_gen/Cargo.toml | 2 +- rpc/src/request.rs | 6 ++ services/access_control/enclave/src/service.rs | 117 ++++++--------------- services/authentication/enclave/src/api_service.rs | 13 +-- .../authentication/enclave/src/internal_service.rs | 4 +- services/authentication/enclave/src/user_info.rs | 9 +- services/frontend/enclave/src/service.rs | 3 +- services/proto/proto_gen/Cargo.toml | 2 +- services/storage/enclave/src/service.rs | 37 +++---- 11 files changed, 73 insertions(+), 124 deletions(-) diff --git a/binder/src/macros.rs b/binder/src/macros.rs index e4b556a..effb9ee 100644 --- a/binder/src/macros.rs +++ b/binder/src/macros.rs @@ -15,7 +15,6 @@ // specific language governing permissions and limitations // under the License. -// ATTN: Must bring `use ipc::IpcReceiver` into scope when use!! #[cfg(feature = "mesalock_sgx")] #[macro_export] macro_rules! register_ecall_handler { diff --git a/binder/src/ocall.rs b/binder/src/ocall.rs index a179977..f773258 100644 --- a/binder/src/ocall.rs +++ b/binder/src/ocall.rs @@ -25,16 +25,19 @@ extern "C" { att_key_idlist_size: u32, p_att_key_id: *mut sgx_att_key_id_t, ) -> sgx_status_t; + fn sgx_init_quote_ex( p_att_key_id: *const sgx_att_key_id_t, p_qe_target_info: *mut sgx_target_info_t, p_pub_key_id_size: *mut usize, p_pub_key_id: *mut u8, ) -> sgx_status_t; + fn sgx_get_quote_size_ex( p_att_key_id: *const sgx_att_key_id_t, p_quote_size: *mut u32, ) -> sgx_status_t; + fn sgx_get_quote_ex( p_isv_enclave_report: *const sgx_report_t, p_att_key_id: *const sgx_att_key_id_t, diff --git a/config/config_gen/Cargo.toml b/config/config_gen/Cargo.toml index fd7066a..d3426a5 100644 --- a/config/config_gen/Cargo.toml +++ b/config/config_gen/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "config_gen" +name = "teaclave_config_gen" version = "0.1.0" authors = ["Teaclave Contributors <[email protected]>"] description = "Generating build config." diff --git a/rpc/src/request.rs b/rpc/src/request.rs index 47d1976..3b71c32 100644 --- a/rpc/src/request.rs +++ b/rpc/src/request.rs @@ -43,3 +43,9 @@ impl<T> Request<T> { pub trait IntoRequest<T> { fn into_request(self) -> Request<T>; } + +impl<T> IntoRequest<T> for T { + fn into_request(self) -> Request<Self> { + Request::new(self) + } +} diff --git a/services/access_control/enclave/src/service.rs b/services/access_control/enclave/src/service.rs index 9325a7a..72e4f6e 100644 --- a/services/access_control/enclave/src/service.rs +++ b/services/access_control/enclave/src/service.rs @@ -45,7 +45,7 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { EnforceRequest::UserAccessData(request.subject_user_id, request.object_data_id); match self.access_control_module.enforce_request(request) { Ok(accept) => { - let response = AuthorizeDataResponse { accept }; + let response = AuthorizeDataResponse::new(accept); Ok(response) } Err(_) => Err(TeaclavAccessControlError::AccessControlError.into()), @@ -61,7 +61,7 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { EnforceRequest::UserAccessFunction(request.subject_user_id, request.object_function_id); match self.access_control_module.enforce_request(request) { Ok(accept) => { - let response = AuthorizeFunctionResponse { accept }; + let response = AuthorizeFunctionResponse::new(accept); Ok(response) } Err(_) => Err(TeaclavAccessControlError::AccessControlError.into()), @@ -77,7 +77,7 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { EnforceRequest::UserAccessTask(request.subject_user_id, request.object_task_id); match self.access_control_module.enforce_request(request) { Ok(accept) => { - let response = AuthorizeTaskResponse { accept }; + let response = AuthorizeTaskResponse::new(accept); Ok(response) } Err(_) => Err(TeaclavAccessControlError::AccessControlError.into()), @@ -99,7 +99,7 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { { Ok(accept) => { if !accept { - return Ok(AuthorizeStagedTaskResponse { accept: false }); + return Ok(AuthorizeStagedTaskResponse::new(false)); } } Err(_) => return Err(TeaclavAccessControlError::AccessControlError.into()), @@ -115,7 +115,7 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { { Ok(accept) => { if !accept { - return Ok(AuthorizeStagedTaskResponse { accept: false }); + return Ok(AuthorizeStagedTaskResponse::new(false)); } } Err(_) => return Err(TeaclavAccessControlError::AccessControlError.into()), @@ -132,7 +132,7 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { { Ok(accept) => { if !accept { - return Ok(AuthorizeStagedTaskResponse { accept: false }); + return Ok(AuthorizeStagedTaskResponse::new(false)); } } Err(_) => return Err(TeaclavAccessControlError::AccessControlError.into()), @@ -145,50 +145,31 @@ impl TeaclaveAccessControl for TeaclaveAccessControlService { #[cfg(feature = "enclave_unit_test")] pub mod tests { use super::*; + use teaclave_rpc::IntoRequest; pub fn user_access_data() { let service = TeaclaveAccessControlService::new(); - let request = AuthorizeDataRequest { - subject_user_id: "mock_user_a".to_string(), - object_data_id: "mock_data".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeDataRequest::new("mock_user_a", "mock_data").into_request(); let response = service.authorize_data(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeDataRequest { - subject_user_id: "mock_user_b".to_string(), - object_data_id: "mock_data".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeDataRequest::new("mock_user_b", "mock_data").into_request(); let response = service.authorize_data(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeDataRequest { - subject_user_id: "mock_user_c".to_string(), - object_data_id: "mock_data".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeDataRequest::new("mock_user_c", "mock_data").into_request(); let response = service.authorize_data(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeDataRequest { - subject_user_id: "mock_user_d".to_string(), - object_data_id: "mock_data".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeDataRequest::new("mock_user_d", "mock_data").into_request(); let response = service.authorize_data(request); assert!(response.is_ok()); assert!(!response.unwrap().accept); - let request = AuthorizeDataRequest { - subject_user_id: "mock_user_a".to_string(), - object_data_id: "mock_data_b".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeDataRequest::new("mock_user_a", "mock_data_b").into_request(); let response = service.authorize_data(request); assert!(response.is_ok()); assert!(!response.unwrap().accept); @@ -196,38 +177,30 @@ pub mod tests { pub fn user_access_function() { let service = TeaclaveAccessControlService::new(); - let request = AuthorizeFunctionRequest { - subject_user_id: "mock_public_function_owner".to_string(), - object_function_id: "mock_public_function".to_string(), - }; - let request = Request::new(request); + let request = + AuthorizeFunctionRequest::new("mock_public_function_owner", "mock_public_function") + .into_request(); let response = service.authorize_function(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeFunctionRequest { - subject_user_id: "mock_private_function_owner".to_string(), - object_function_id: "mock_private_function".to_string(), - }; - let request = Request::new(request); + let request = + AuthorizeFunctionRequest::new("mock_private_function_owner", "mock_private_function") + .into_request(); let response = service.authorize_function(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeFunctionRequest { - subject_user_id: "mock_private_function_owner".to_string(), - object_function_id: "mock_public_function".to_string(), - }; - let request = Request::new(request); + let request = + AuthorizeFunctionRequest::new("mock_private_function_owner", "mock_public_function") + .into_request(); let response = service.authorize_function(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeFunctionRequest { - subject_user_id: "mock_public_function_owner".to_string(), - object_function_id: "mock_private_function".to_string(), - }; - let request = Request::new(request); + let request = + AuthorizeFunctionRequest::new("mock_public_function_owner", "mock_private_function") + .into_request(); let response = service.authorize_function(request); assert!(response.is_ok()); assert!(!response.unwrap().accept); @@ -235,29 +208,17 @@ pub mod tests { pub fn user_access_task() { let service = TeaclaveAccessControlService::new(); - let request = AuthorizeTaskRequest { - subject_user_id: "mock_participant_a".to_string(), - object_task_id: "mock_task".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeTaskRequest::new("mock_participant_a", "mock_task").into_request(); let response = service.authorize_task(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeTaskRequest { - subject_user_id: "mock_participant_b".to_string(), - object_task_id: "mock_task".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeTaskRequest::new("mock_participant_b", "mock_task").into_request(); let response = service.authorize_task(request); assert!(response.is_ok()); assert!(response.unwrap().accept); - let request = AuthorizeTaskRequest { - subject_user_id: "mock_participant_c".to_string(), - object_task_id: "mock_task".to_string(), - }; - let request = Request::new(request); + let request = AuthorizeTaskRequest::new("mock_participant_c", "mock_task").into_request(); let response = service.authorize_task(request); assert!(response.is_ok()); assert!(!response.unwrap().accept); @@ -267,22 +228,19 @@ pub mod tests { let service = TeaclaveAccessControlService::new(); let mut request = get_correct_authorized_stage_task_req(); request.object_function_id = "mock_staged_allowed_private_function".to_string(); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(response.unwrap().accept); let mut request = get_correct_authorized_stage_task_req(); request.object_function_id = "mock_staged_public_function".to_string(); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(response.unwrap().accept); let mut request = get_correct_authorized_stage_task_req(); request.object_function_id = "mock_staged_disallowed_private_function".to_string(); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(!response.unwrap().accept); } @@ -305,8 +263,7 @@ pub mod tests { } pub fn task_access_data() { let service = TeaclaveAccessControlService::new(); - let request = get_correct_authorized_stage_task_req(); - let request = Request::new(request); + let request = get_correct_authorized_stage_task_req().into_request(); let response = service.authorize_staged_task(request); assert!(response.is_ok()); assert!(response.unwrap().accept); @@ -315,8 +272,7 @@ pub mod tests { request .object_input_data_id_list .push("mock_staged_disallowed_data1".to_string()); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(!response.unwrap().accept); @@ -324,8 +280,7 @@ pub mod tests { request .object_input_data_id_list .push("mock_staged_disallowed_data2".to_string()); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(!response.unwrap().accept); @@ -333,8 +288,7 @@ pub mod tests { request .object_output_data_id_list .push("mock_staged_disallowed_data1".to_string()); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(!response.unwrap().accept); @@ -342,8 +296,7 @@ pub mod tests { request .object_output_data_id_list .push("mock_staged_disallowed_data2".to_string()); - let request = Request::new(request); - let response = service.authorize_staged_task(request); + let response = service.authorize_staged_task(request.into_request()); assert!(response.is_ok()); assert!(!response.unwrap().accept); } diff --git a/services/authentication/enclave/src/api_service.rs b/services/authentication/enclave/src/api_service.rs index b90d3e3..bd0bd2a 100644 --- a/services/authentication/enclave/src/api_service.rs +++ b/services/authentication/enclave/src/api_service.rs @@ -107,6 +107,7 @@ pub mod tests { use crate::user_info::*; use rand::RngCore; use std::vec; + use teaclave_rpc::IntoRequest; fn get_mock_service() -> TeaclaveAuthenticationApiService { let database = Database::open().unwrap(); @@ -120,19 +121,16 @@ pub mod tests { } pub fn test_user_register() { - let request = UserRegisterRequest::new("test_register_id", "test_password"); - let request = Request::new(request); + let request = UserRegisterRequest::new("test_register_id", "test_password").into_request(); let service = get_mock_service(); assert!(service.user_register(request).is_ok()); } pub fn test_user_login() { let service = get_mock_service(); - let request = UserRegisterRequest::new("test_login_id", "test_password"); - let request = Request::new(request); + let request = UserRegisterRequest::new("test_login_id", "test_password").into_request(); assert!(service.user_register(request).is_ok()); - let request = UserLoginRequest::new("test_login_id", "test_password"); - let request = Request::new(request); + let request = UserLoginRequest::new("test_login_id", "test_password").into_request(); let response = service.user_login(request); assert!(response.is_ok()); let token = response.unwrap().token; @@ -140,8 +138,7 @@ pub mod tests { assert!(user.validate_token(&service.jwt_secret, &token)); info!("saved user_info: {:?}", user); - let request = UserLoginRequest::new("test_login_id", "test_password1"); - let request = Request::new(request); + let request = UserLoginRequest::new("test_login_id", "test_password1").into_request(); assert!(service.user_login(request).is_err()); } } diff --git a/services/authentication/enclave/src/internal_service.rs b/services/authentication/enclave/src/internal_service.rs index afaccab..c95589d 100644 --- a/services/authentication/enclave/src/internal_service.rs +++ b/services/authentication/enclave/src/internal_service.rs @@ -52,6 +52,7 @@ pub mod tests { use std::untrusted::time::SystemTimeEx; use std::vec; use teaclave_proto::teaclave_common::UserCredential; + use teaclave_rpc::IntoRequest; fn get_mock_service() -> TeaclaveAuthenticationInternalService { let database = Database::open().unwrap(); @@ -187,8 +188,7 @@ pub mod tests { service: &TeaclaveAuthenticationInternalService, ) -> UserAuthenticateResponse { let credential = UserCredential::new(id, token); - let request = UserAuthenticateRequest::new(credential); - let request = Request::new(request); + let request = UserAuthenticateRequest::new(credential).into_request(); service.user_authenticate(request).unwrap() } diff --git a/services/authentication/enclave/src/user_info.rs b/services/authentication/enclave/src/user_info.rs index aed6643..8e2ae30 100644 --- a/services/authentication/enclave/src/user_info.rs +++ b/services/authentication/enclave/src/user_info.rs @@ -28,9 +28,10 @@ const SALT_LEN: usize = 16; const PASSWORD_DIGEST_LEN: usize = digest::SHA512_OUTPUT_LEN; const PBKDF2_ITERATIONS: u32 = 100_000; static PBKDF2_ALG: pbkdf2::Algorithm = pbkdf2::PBKDF2_HMAC_SHA512; -pub const ISSUER_NAME: &str = "Teaclave"; -pub static JWT_ALG: jwt::Algorithm = jwt::Algorithm::HS512; -pub const JWT_SECRET_LEN: usize = 512; + +pub(crate) const ISSUER_NAME: &str = "Teaclave"; +pub(crate) static JWT_ALG: jwt::Algorithm = jwt::Algorithm::HS512; +pub(crate) const JWT_SECRET_LEN: usize = 512; #[derive(Clone, Serialize, Deserialize, Debug)] pub(crate) struct UserInfo { @@ -40,7 +41,7 @@ pub(crate) struct UserInfo { } #[derive(Debug, Serialize, Deserialize)] -pub struct Claims { +pub(crate) struct Claims { // user id pub sub: String, // issuer diff --git a/services/frontend/enclave/src/service.rs b/services/frontend/enclave/src/service.rs index cc5e80b..f4e50c3 100644 --- a/services/frontend/enclave/src/service.rs +++ b/services/frontend/enclave/src/service.rs @@ -1,6 +1,8 @@ use anyhow::Result; use std::prelude::v1::*; use std::sync::{Arc, SgxMutex as Mutex}; +use thiserror::Error; + use teaclave_proto::teaclave_authentication_service::{ TeaclaveAuthenticationInternalClient, UserAuthenticateRequest, }; @@ -19,7 +21,6 @@ use teaclave_rpc::endpoint::Endpoint; use teaclave_rpc::Request; use teaclave_service_enclave_utils::teaclave_service; use teaclave_types::{TeaclaveServiceResponseError, TeaclaveServiceResponseResult}; -use thiserror::Error; #[derive(Error, Debug)] enum TeaclaveFrontendError { diff --git a/services/proto/proto_gen/Cargo.toml b/services/proto/proto_gen/Cargo.toml index 4745467..32c7cd4 100644 --- a/services/proto/proto_gen/Cargo.toml +++ b/services/proto/proto_gen/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "proto_gen" +name = "teaclave_proto_gen" version = "0.1.0" authors = ["Teaclave Contributors <[email protected]>"] description = "Generating Rust protocols from protobuf." diff --git a/services/storage/enclave/src/service.rs b/services/storage/enclave/src/service.rs index 4e00e76..37d0d48 100644 --- a/services/storage/enclave/src/service.rs +++ b/services/storage/enclave/src/service.rs @@ -231,6 +231,7 @@ mod test_mode { pub mod tests { use super::*; use std::sync::mpsc::channel; + use teaclave_rpc::IntoRequest; fn get_mock_service() -> TeaclaveStorageService { let (_sender, receiver) = channel(); @@ -248,57 +249,45 @@ pub mod tests { pub fn test_get_key() { let service = get_mock_service(); - let request = GetRequest::new("test_get_key"); - let request = Request::new(request); + let request = GetRequest::new("test_get_key").into_request(); assert!(service.get(request).is_ok()); } pub fn test_put_key() { let service = get_mock_service(); - let request = PutRequest::new("test_put_key", "test_put_value"); - let request = Request::new(request); + let request = PutRequest::new("test_put_key", "test_put_value").into_request(); assert!(service.put(request).is_ok()); - let request = GetRequest::new("test_put_key"); - let request = Request::new(request); + let request = GetRequest::new("test_put_key").into_request(); assert!(service.get(request).is_ok()); } pub fn test_delete_key() { let service = get_mock_service(); - let request = DeleteRequest::new("test_delete_key"); - let request = Request::new(request); + let request = DeleteRequest::new("test_delete_key").into_request(); assert!(service.delete(request).is_ok()); - let request = GetRequest::new("test_delete_key"); - let request = Request::new(request); + let request = GetRequest::new("test_delete_key").into_request(); assert!(service.get(request).is_err()); } pub fn test_enqueue() { let service = get_mock_service(); - let request = EnqueueRequest::new("test_enqueue_key", "1"); - let request = Request::new(request); + let request = EnqueueRequest::new("test_enqueue_key", "1").into_request(); assert!(service.enqueue(request).is_ok()); - let request = EnqueueRequest::new("test_enqueue_key", "2"); - let request = Request::new(request); + let request = EnqueueRequest::new("test_enqueue_key", "2").into_request(); assert!(service.enqueue(request).is_ok()); } pub fn test_dequeue() { let service = get_mock_service(); - let request = DequeueRequest::new("test_dequeue_key"); - let request = Request::new(request); + let request = DequeueRequest::new("test_dequeue_key").into_request(); assert!(service.dequeue(request).is_err()); - let request = EnqueueRequest::new("test_dequeue_key", "1"); - let request = Request::new(request); + let request = EnqueueRequest::new("test_dequeue_key", "1").into_request(); assert!(service.enqueue(request).is_ok()); - let request = EnqueueRequest::new("test_dequeue_key", "2"); - let request = Request::new(request); + let request = EnqueueRequest::new("test_dequeue_key", "2").into_request(); assert!(service.enqueue(request).is_ok()); - let request = DequeueRequest::new("test_dequeue_key"); - let request = Request::new(request); + let request = DequeueRequest::new("test_dequeue_key").into_request(); assert_eq!(service.dequeue(request).unwrap().value, b"1"); - let request = DequeueRequest::new("test_dequeue_key"); - let request = Request::new(request); + let request = DequeueRequest::new("test_dequeue_key").into_request(); assert_eq!(service.dequeue(request).unwrap().value, b"2"); } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
