Make mu-ra and untrusted worker url queriable

Cargo.lock

@@ -2375,6 +2375,7 @@ dependencies = [
  "serde_derive 1.0.130",
  "serde_json 1.0.72",
  "sgx_crypto_helper",
+ "thiserror 1.0.30",
  "url 2.2.2",
  "ws",
 ]
@@ -2525,6 +2526,17 @@ dependencies = [
  "sp-std",
 ]
 
+[[package]]
+name = "itp-primitives-cache"
+version = "0.8.0"
+dependencies = [
+ "lazy_static",
+ "log 0.4.14 (registry+https://github.com/rust-lang/crates.io-index)",
+ "sgx_tstd",
+ "thiserror 1.0.30",
+ "thiserror 1.0.9",
+]
+
 [[package]]
 name = "itp-settings"
 version = "0.8.0"

Cargo.toml

@@ -21,6 +21,7 @@ members = [
     "core-primitives/extrinsics-factory",
     "core-primitives/nonce-cache",
     "core-primitives/ocall-api",
+    "core-primitives/primitives-cache",
     "core-primitives/settings",
     "core-primitives/sgx/crypto",
     "core-primitives/sgx/io",

cli/demo_direct_call.sh

@@ -42,7 +42,7 @@ NPORT=${NPORT:-9944}
 RPORT=${RPORT:-2000}
 
 echo "Using node-port ${NPORT}"
-echo "Using worker-rpc-port ${RPORT}"
+echo "Using trusted-worker-port ${RPORT}"
 
 AMOUNTSHIELD=50000000000
 AMOUNTTRANSFER=40000000000

cli/demo_private_tx.sh

@@ -22,7 +22,7 @@ NPORT=${1:-9944}
 RPORT=${3:-2000}
 
 echo "Using node-port ${NPORT}"
-echo "Using worker-rpc-port ${RPORT}"
+echo "Using trusted-worker-port ${RPORT}"
 echo ""
 
 CLIENT="./../bin/integritee-cli -p ${NPORT} -P ${RPORT}"

cli/demo_shielding_unshielding.sh

@@ -42,7 +42,7 @@ NPORT=${NPORT:-9944}
 RPORT=${RPORT:-2000}
 
 echo "Using node-port ${NPORT}"
-echo "Using worker-rpc-port ${RPORT}"
+echo "Using trusted-worker-port ${RPORT}"
 echo ""
 
 AMOUNTSHIELD=50000000000

cli/src/main.rs

@@ -102,9 +102,9 @@ fn main() {
 						.help("worker url"),
 				)
 				.arg(
-					Arg::with_name("worker-rpc-port")
+					Arg::with_name("trusted-worker-port")
 						.short("P")
-						.long("worker-rpc-port")
+						.long("trusted-worker-port")
 						.global(true)
 						.takes_value(true)
 						.value_name("STRING")
@@ -457,10 +457,7 @@ fn get_state(matches: &ArgMatches<'_>, getter: TrustedOperation) -> Option<Vec<u
 
 	let direct_api = get_worker_api_direct(matches);
 	let (sender, receiver) = channel();
-	match direct_api.watch(jsonrpc_call, sender) {
-		Ok(_) => {},
-		Err(_) => panic!("Error when sending direct invocation call"),
-	}
+	direct_api.watch(jsonrpc_call, sender);
 
 	loop {
 		match receiver.recv() {
@@ -494,7 +491,7 @@ fn encode_encrypt<E: Encode>(
 	let worker_api_direct = get_worker_api_direct(matches);
 	let shielding_pubkey: Rsa3072PubKey = match worker_api_direct.get_rsa_pubkey() {
 		Ok(key) => key,
-		Err(err_msg) => return Err(err_msg),
+		Err(err_msg) => return Err(err_msg.to_string()),
 	};
 
 	let encoded = to_encrypt.encode();
@@ -555,7 +552,7 @@ fn get_worker_api_direct(matches: &ArgMatches<'_>) -> DirectWorkerApi {
 	let url = format!(
 		"{}:{}",
 		matches.value_of("worker-url").unwrap(),
-		matches.value_of("worker-rpc-port").unwrap()
+		matches.value_of("trusted-worker-port").unwrap()
 	);
 	info!("Connecting to integritee-service-direct-port on '{}'", url);
 	DirectWorkerApi::new(url)
@@ -606,10 +603,7 @@ fn send_direct_request(
 
 	debug!("setup sender and receiver");
 	let (sender, receiver) = channel();
-	match direct_api.watch(jsonrpc_call, sender) {
-		Ok(_) => {},
-		Err(_) => panic!("Error when sending direct invocation call"),
-	}
+	direct_api.watch(jsonrpc_call, sender);
 
 	debug!("waiting for rpc response");
 	loop {

core-primitives/enclave-api/ffi/src/lib.rs

@@ -4,7 +4,14 @@ use sgx_types::{c_int, sgx_enclave_id_t, sgx_quote_sign_type_t, sgx_status_t};
 
 extern "C" {
 
-	pub fn init(eid: sgx_enclave_id_t, retval: *mut sgx_status_t) -> sgx_status_t;
+	pub fn init(
+		eid: sgx_enclave_id_t,
+		retval: *mut sgx_status_t,
+		mu_ra_addr: *const u8,
+		mu_ra_addr_size: u32,
+		untrusted_worker_addr: *const u8,
+		untrusted_worker_addr_size: u32,
+	) -> sgx_status_t;
 
 	pub fn get_state(
 		eid: sgx_enclave_id_t,

core-primitives/enclave-api/src/enclave_base.rs

@@ -33,7 +33,7 @@ use sp_runtime::traits::Header;
 /// Trait for base/common Enclave API functions
 pub trait EnclaveBase: Send + Sync + 'static {
 	/// Initialize the enclave (needs to be called once at application startup).
-	fn init(&self) -> EnclaveResult<()>;
+	fn init(&self, mu_ra_addr: &str, untrusted_worker_addr: &str) -> EnclaveResult<()>;
 
 	/// Initialize the direct invocation RPC server.
 	fn init_direct_invocation_server(&self, rpc_server_addr: String) -> EnclaveResult<()>;
@@ -63,10 +63,22 @@ pub trait EnclaveBase: Send + Sync + 'static {
 
 /// EnclaveApi implementation for Enclave struct
 impl EnclaveBase for Enclave {
-	fn init(&self) -> EnclaveResult<()> {
+	fn init(&self, mu_ra_addr: &str, untrusted_worker_addr: &str) -> EnclaveResult<()> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 
-		let result = unsafe { ffi::init(self.eid, &mut retval) };
+		let encoded_mu_ra_addr = mu_ra_addr.encode();
+		let encoded_untrusted_worker_addr = untrusted_worker_addr.encode();
+
+		let result = unsafe {
+			ffi::init(
+				self.eid,
+				&mut retval,
+				encoded_mu_ra_addr.as_ptr(),
+				encoded_mu_ra_addr.len() as u32,
+				encoded_untrusted_worker_addr.as_ptr(),
+				encoded_untrusted_worker_addr.len() as u32,
+			)
+		};
 
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));

core-primitives/primitives-cache/Cargo.toml

@@ -0,0 +1,34 @@
+[package]
+name = "itp-primitives-cache"
+version = "0.8.0"
+authors = ["Integritee AG <hello@integritee.network>"]
+edition = "2018"
+resolver = "2"
+
+
+[features]
+default = ["std"]
+std = [
+    "log/std",
+    "thiserror",
+]
+sgx = [
+    "sgx_tstd",
+    "thiserror_sgx",
+]
+
+[dependencies]
+# sgx dependencies
+sgx_tstd = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true }
+
+# local dependencies
+
+# sgx enabled external libraries
+thiserror_sgx = { package = "thiserror", git = "https://github.com/mesalock-linux/thiserror-sgx", tag = "sgx_1.1.3", optional = true }
+
+# std compatible external libraries (make sure these versions match with the sgx-enabled ones above)
+thiserror = { version = "1.0", optional = true }
+
+# no-std dependencies
+log = { version = "0.4", default-features = false }
+lazy_static = { version = "1.1.0", features = ["spin_no_std"] }

core-primitives/primitives-cache/src/error.rs

@@ -0,0 +1,31 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+#[cfg(all(not(feature = "std"), feature = "sgx"))]
+use crate::sgx_reexport_prelude::*;
+
+use std::boxed::Box;
+
+pub type Result<T> = core::result::Result<T, Error>;
+
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+	#[error("Primitives lock is poisoned")]
+	LockPoisoning,
+	#[error(transparent)]
+	Other(#[from] Box<dyn std::error::Error + Sync + Send + 'static>),
+}

core-primitives/primitives-cache/src/lib.rs

@@ -0,0 +1,120 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+//! Stores all primitives of the enclave that do need to be accessed often, but are
+//! not be frequently mutated, such as keys and server urls.
+//!
+//! TODO: For now only the mu-ra server and untrusted wokrer url is stored here. Keys and such could also be stored here.
+
+#![cfg_attr(not(feature = "std"), no_std)]
+#![feature(assert_matches)]
+
+#[cfg(all(feature = "std", feature = "sgx"))]
+compile_error!("feature \"std\" and feature \"sgx\" cannot be enabled at the same time");
+
+#[cfg(all(not(feature = "std"), feature = "sgx"))]
+extern crate sgx_tstd as std;
+
+// Re-export module to properly feature gate sgx and regular std environment.
+#[cfg(all(not(feature = "std"), feature = "sgx"))]
+pub mod sgx_reexport_prelude {
+	pub use thiserror_sgx as thiserror;
+}
+
+#[cfg(feature = "std")]
+use std::sync::RwLockReadGuard;
+#[cfg(feature = "std")]
+use std::sync::RwLockWriteGuard;
+
+#[cfg(all(not(feature = "std"), feature = "sgx"))]
+use std::sync::SgxRwLockReadGuard as RwLockReadGuard;
+#[cfg(all(not(feature = "std"), feature = "sgx"))]
+use std::sync::SgxRwLockWriteGuard as RwLockWriteGuard;
+
+use crate::error::Result;
+use lazy_static::lazy_static;
+use std::{
+	string::{String, ToString},
+	sync::Arc,
+};
+
+pub use primitives_cache::PrimitivesCache;
+
+lazy_static! {
+	/// Global instance of the primitves cache.
+	///
+	/// Concurrent access is managed internally, using RW locks.
+	pub static ref GLOBAL_PRIMITIVES_CACHE: Arc<PrimitivesCache> = Default::default();
+}
+
+pub mod error;
+pub mod primitives_cache;
+
+#[derive(Default, Clone, Debug, Eq, PartialEq, Ord, PartialOrd)]
+pub struct Primitives {
+	mu_ra_url: String,
+	untrusted_worker_url: String,
+}
+
+impl Primitives {
+	pub fn new(mu_ra_url: &str, untrusted_worker_url: &str) -> Primitives {
+		Primitives {
+			mu_ra_url: mu_ra_url.to_string(),
+			untrusted_worker_url: untrusted_worker_url.to_string(),
+		}
+	}
+
+	pub fn mu_ra_url(&self) -> &str {
+		&self.mu_ra_url
+	}
+
+	pub fn untrusted_worker_url(&self) -> &str {
+		&self.untrusted_worker_url
+	}
+}
+
+/// Trait to mutate the primitives.
+///
+/// Used in a combination of loading a lock and then writing the updated
+/// value back, returning the lock again.
+pub trait MutatePrimitives {
+	fn load_for_mutation(&self) -> Result<RwLockWriteGuard<'_, Primitives>>;
+}
+
+/// Trait to get the primitives.
+pub trait GetPrimitives {
+	/// Returns a clone of the full Primitives struct.
+	fn get_primitives(&self) -> Result<RwLockReadGuard<Primitives>>;
+
+	fn get_mu_ra_url(&self) -> Result<String>;
+
+	fn get_untrusted_worker_url(&self) -> Result<String>;
+}
+
+// Helper function to set primitives of a given cache.
+pub fn set_primitives<E: MutatePrimitives>(
+	cache: &E,
+	mu_ra_url: &str,
+	untrusted_worker_url: &str,
+) -> Result<()> {
+	let primitives = Primitives::new(mu_ra_url, untrusted_worker_url);
+	let mut rw_lock = cache.load_for_mutation()?;
+
+	*rw_lock = primitives;
+
+	Ok(())
+}