search

apache / incubator-teaclave-sgx-sdk

Apache Teaclave (incubating) SGX SDK helps developers to write Intel SGX applications in the Rust programming language, and also known as Rust SGX SDK.
https://teaclave.apache.org
Apache License 2.0
1.17k stars 259 forks source link

sgx_crypto_helper: can't find crate for 'std' #92

Closed electronix closed 4 years ago

electronix commented 5 years ago

Hello all,

The sgx_crypto_helper crate throws an error when comiling the enclave code.

The following is used to generate a RSA3072 keypair inside an SGX enclave:

$ less ./enclave/Cargo.toml:

[package]
name = "x"
version = "1.0.0"

[lib]
name = "x"
crate-type = ["staticlib"]

[features]
default = []

[target.'cfg(not(target_env = "sgx"))'.dependencies]
sgx_types = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tseal = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tstd = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_rand = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tcrypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
rust-crypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
rust-base58 = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_crypto_helper = { git = "https://github.com/baidu/rust-sgx-sdk", default-features = false, features = ["enclave_cargo"] }

[target.'cfg(target_env = "sgx")'.dependencies]
sgx_crypto_helper = { git = "https://github.com/baidu/rust-sgx-sdk", default-features = false }

[dependencies]
serde_json = { git = "https://github.com/baidu/rust-sgx-sdk" }

When I compile the code with the default Makefile, I get the following error message crypto_helpers

The toolchain used is nightly-x86_64-unknown-linux-gnu (default)

Any suggestions? Thanks in advance Marcel

dingelish commented 5 years ago

Hey @electronix , could you please try the recent version of this SDK (master branch) with rust compiler nightly-2019-04-26? Thanks!

brenzi commented 5 years ago

I have the same issue. Using git = "https://github.com/baidu/rust-sgx-sdk", tag="v1.0.6" and rustc 1.36.0-nightly (00859e3e6 2019-04-29)

brenzi commented 5 years ago

same when using master branch (2647c31ee40403c8028ef880b6eaede027f71aae)

dingelish commented 5 years ago

Got it. Give me a few minutes :-)

dingelish commented 5 years ago

Oh I find the problem.

To use the crypto helper in an enclave, we need to create a "ghost crate" like this.

Basically, it contains only a Cargo.toml in which the source file is redirected to the real crypto_helper directory. Only in this way could we use the same source codes with different dependencies! This is effective when using serde (serde does not support crate renaming)

dingelish commented 5 years ago

Currently, this is the only way I know to: (1) use the same src (2) two different sets of dependencies. One for the untrusted, and another for the SGX environment. (3) and serde (or other crates which do not support renaming)

brenzi commented 5 years ago

I'm not sure I can follow. how will cargo find that crate if there are two sgx_crypto_helper crates in your git repo? And how are we sure which one it finds?

Or: what will we have to do with our code: https://github.com/scs/substraTEE-worker/tree/brenzi-crypto-helper-fixing

dingelish commented 5 years ago

I guess the ghost crate could be renamed as sgx_crypto_helper_trusted? Let's try!

dingelish commented 5 years ago

f6c6421dc929248de556800d30ed18f3c55f8482

Please check if you can use sgx_crypto_helper_trusted with git = ...

brenzi commented 5 years ago

I did: 

[target.'cfg(not(target_env = "sgx"))'.dependencies]
sgx_types = { git = "https://github.com/baidu/rust-sgx-sdk"}
sgx_tseal = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tstd = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_rand = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tcrypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
rust-crypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
rust-base58 = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_serialize = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_crypto_helper = { package="sgx_crypto_helper_trusted", git = "https://github.com/baidu/rust-sgx-sdk", default-features = false, features = ["enclave_cargo"] }

[target.'cfg(target_env = "sgx")'.dependencies]
sgx_crypto_helper = { git = "https://github.com/baidu/rust-sgx-sdk", default-features = false }

[dependencies]
serde_json = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_serialize_derive = { git = "https://github.com/baidu/rust-sgx-sdk" }

but now I get

   Compiling num-bigint v0.2.0 (https://github.com/baidu/rust-sgx-sdk#f6c6421d)
   Compiling serde_json v1.0.36 (https://github.com/baidu/rust-sgx-sdk#f6c6421d)
   Compiling num v0.1.40 (https://github.com/baidu/rust-sgx-sdk#f6c6421d)
   Compiling rust-base58 v0.0.4 (https://github.com/baidu/rust-sgx-sdk#f6c6421d)
error: duplicate lang item in crate `std`: `f32_runtime`.
  |
  = note: first defined in crate `sgx_tstd`.

error: duplicate lang item in crate `std`: `f64_runtime`.
  |
  = note: first defined in crate `sgx_tstd`.

error: duplicate lang item in crate `std`: `panic_impl`.
  |
  = note: first defined in crate `sgx_tstd`.

error: duplicate lang item in crate `std`: `oom`.
  |
  = note: first defined in crate `sgx_trts`.

error: aborting due to 4 previous errors

error: Could not compile `sgx_crypto_helper_trusted`.
dingelish commented 5 years ago

I think it's a bug of renaming.

Try this in Cargo.toml (if you use cargo)

sgx_crypto_helper_trusted = { git = "https://github.com/baidu/rust-sgx-sdk", default-features = false, features = ["enclave_cargo"] }

In your lib.rs:

extern crate sgx_crypto_helper_trusted as sgx_crypto_helper;
dingelish commented 5 years ago

Attach a patch to hello-rust to show the usage:

diff --git a/samplecode/hello-rust/enclave/Cargo.toml b/samplecode/hello-rust/enclave/Cargo.toml
index ba2cf4c..71bb126 100644
--- a/samplecode/hello-rust/enclave/Cargo.toml
+++ b/samplecode/hello-rust/enclave/Cargo.toml
@@ -11,5 +11,17 @@ crate-type = ["staticlib"]
 default = []

 [target.'cfg(not(target_env = "sgx"))'.dependencies]
-sgx_types = { path = "../../../sgx_types" }
-sgx_tstd = { path = "../../../sgx_tstd" }
+sgx_types = { git = "https://github.com/baidu/rust-sgx-sdk" }
+sgx_tseal = { git = "https://github.com/baidu/rust-sgx-sdk" }
+sgx_tstd = { git = "https://github.com/baidu/rust-sgx-sdk" }
+sgx_rand = { git = "https://github.com/baidu/rust-sgx-sdk" }
+sgx_tcrypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
+sgx_crypto_helper_trusted = { git = "https://github.com/baidu/rust-sgx-sdk", default-features = false, features = ["enclave_cargo"] }
+
+[target.'cfg(target_env = "sgx")'.dependencies]
+sgx_crypto_helper_trusted = { git = "https://github.com/baidu/rust-sgx-sdk", default-features = false }
+
+[dependencies]
+serde_json = { git = "https://github.com/baidu/rust-sgx-sdk" }
+rust-crypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
+rust-base58 = { git = "https://github.com/baidu/rust-sgx-sdk" }
diff --git a/samplecode/hello-rust/enclave/src/lib.rs b/samplecode/hello-rust/enclave/src/lib.rs
index f15f8a9..84ffa2f 100644
--- a/samplecode/hello-rust/enclave/src/lib.rs
+++ b/samplecode/hello-rust/enclave/src/lib.rs
@@ -43,6 +43,8 @@ use std::vec::Vec;
 use std::io::{self, Write};
 use std::slice;

+extern crate sgx_crypto_helper_trusted as sgx_crypto_helper;
+
 #[no_mangle]
 pub extern "C" fn say_something(some_string: *const u8, some_len: usize) -> sgx_status_t {

@@ -72,4 +74,4 @@ pub extern "C" fn say_something(some_string: *const u8, some_len: usize) -> sgx_
     println!("{}", &hello_string);

     sgx_status_t::SGX_SUCCESS
-}
\ No newline at end of file
+}
dingelish commented 5 years ago

I can see that sgx_crypto_helper does have some problems -- will resolve it tomorrow!

electronix commented 5 years ago

I "worked around" the problem by using the crypto_helper from the sample code folder. Not nice but working

dingelish commented 5 years ago

@electronix Yeah I agree with you. Let me work on the helper more :-)

dingelish commented 5 years ago

And thanks!

electronix commented 5 years ago

@dingelish thanks!

brenzi commented 5 years ago

It works, but I think a nicer way would be this:

[target.'cfg(not(target_env = "sgx"))'.dependencies]
sgx_types = { git = "https://github.com/baidu/rust-sgx-sdk"}
sgx_tseal = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tstd = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_rand = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_tcrypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
rust-crypto = { git = "https://github.com/baidu/rust-sgx-sdk" }
rust-base58 = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_serialize = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_crypto_helper = { package="sgx_crypto_helper_trusted", git = "https://github.com/baidu/rust-sgx-sdk", default-features = false, features = ["enclave_cargo"] }

[target.'cfg(target_env = "sgx")'.dependencies]
sgx_crypto_helper = { package="sgx_crypto_helper_trusted", git = "https://github.com/baidu/rust-sgx-sdk", default-features = false }

[dependencies]
serde_json = { git = "https://github.com/baidu/rust-sgx-sdk" }
sgx_serialize_derive = { git = "https://github.com/baidu/rust-sgx-sdk" }

crate renaming works, I just need to do the same on both feature options

dingelish commented 5 years ago

how about this: move sgx_crypto_helper_trusted to the root and rename it as sgx_tcrypto_helper?

brenzi commented 5 years ago

We could live with that.

dingelish commented 5 years ago

@brenzi @electronix Hi there, I just updated the sdk on 515b47b1365dcd86d6c3e629f1658120929bc579.

For @brenzi 's TEE, I created a PR at https://github.com/scs/substraTEE-worker/pull/16

electronix commented 5 years ago

@dingelish Thanks a lot!!

I implemented in the Makefile a way to check if there are new commits on rust-sgx-sdk and update them in our repository. So we (I work together with @brenzi) have an automatic way to get your updates ;)