search

apache / incubator-teaclave

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
https://teaclave.apache.org
Apache License 2.0
763 stars 158 forks source link

sgx_tcrypto_helper crate is incompatible with MesaTEE. #196

Closed hi-T0day closed 4 years ago

hi-T0day commented 4 years ago

Error:

One of the rust-sgx-sdk crates: sgx_tcrypto_helper can not be compiled when I code the sgx_trusted_worker.

step1:

I add this line sgx_tcrypto_help = { version = "1.1.0" } in the file: mesatee_services/fns/sgx_trusted_lib/Cargo.toml. Here is the error:

error: couldn't read /home/t0day/Desktop/mesa-project/incubator-teaclave-12-27/build/cmake_tomls/sgx_trusted_lib/third_party/crates-sgx/vendor/sgx_tcrypto_helper/../sgx_crypto_helper/src/lib.rs: No such file or directory (os error 2)

step2:

So I add sgx_crypto_helper = { git = "https://github.com/apache/teaclave-sgx-sdk", rev = "v1.1.0" } in the file: third_party/crates-sgx/Cargo.toml Next, make all in this folder. An error occurs again:

error: failed to sync

Caused by:
  found duplicate version of package `rdrand v0.6.0` vendored from two sources:

  source 1: https://github.com/mesalock-linux/rust_rdrand-sgx#cc6ba9a3
  source 2: registry `https://github.com/rust-lang/crates.io-index`
Makefile:2: recipe for target 'all' failed
make: *** [all] Error 101
hi-T0day commented 4 years ago

Solution

So I did some tests and got a solution. I rewrite the sgx_tcrypto_helper in rust sgx sdk. Here is the code: My update. I just copy the source code form sgx_crypto_helper into sgx_tcrypto_helper and change the compile path in Cargo.toml.

Result

I add sgx_crypto_helper = { git = "https://github.com/hi-T0day/incubator-teaclave-sgx-sdk" } in the file: third_party/crates-sgx/Cargo.toml.
The compiling and running result show sgx_tcrypto_helper can be used now.

If there is no other solution for this problem. I will pull request this.

dingelish commented 4 years ago

@mssun I think we can do this. how do you think?

mssun commented 4 years ago

Thanks @hi-T0day. The main cause of this problem is that sgx_crypto_helper is not implemented in a way that both app and sgx can use. And I just checked, making it support both targets may introduce a lot of changed on the crypto related libraries. I think your solution can be a temporary work around. If later we can share code in both targets, that will make maintenance more easier, especially for the crypto.

Thanks, please submit PR on your changes. We can later discuss on how to provide a more universal crates.

dingelish commented 4 years ago

@hi-T0day Thanks for contribution!

crates-sgx has been updated with correct sgx_tcrypto_helper https://github.com/mesalock-linux/crates-sgx/commit/466fe3cd1569617ca4cbecff9e3c25b736879abf

Please create a PR to update submodule rust-sgx-sdk and crates-sgx

dingelish commented 4 years ago

btw, i strongly recommend you to sign your commit using GPG like

git commit -S -m "This is the commit message"

and then get your commit "verified" by github.

Please follow these instructions to create a GPG keypair, then upload the public key to Github and sign your commits.

https://help.github.com/en/enterprise/2.17/user/authenticating-to-github/generating-a-new-gpg-key https://help.github.com/en/github/authenticating-to-github/telling-git-about-your-signing-key https://help.github.com/en/github/authenticating-to-github/signing-commits