search

inclavare-containers / rats-tls

RATS architecture based TLS using librats
31 stars 33 forks source link

The log option of debug entered in the sample program cannot print out the log during registration #172

Closed houhuiting closed 1 year ago

houhuiting commented 1 year ago

Describe the bug

When the debug log option is entered in the simple program, only the logs in the APIs such as rats_tls_init() can be printed out, but the logs during registration cannot be printed out

root@iZ2ze13x2oa32ucp1crpkkZ:/usr/share/rats-tls/samples# ./rats-tls-server  -l debug
[ERROR] failed to open msr
    - Welcome to RATS-TLS sample server program
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rats_tls_init()@L24: conf 0x7ffc58380930, handle 0x7ffc58380890
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rats_tls_init()@L65: conf->custom_claims: 0x7ffc58380900 conf->custom_claims_length: 2
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rtls_crypto_wrapper_select()@L27: selecting the crypto wrapper '(null)' ...
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] openssl_init()@L16: ctx 0x55aca132e720
[INFO] the crypto wrapper 'openssl' selected
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rtls_attester_select()@L33: selecting the enclave attester '(null)' cert algo '0x1'...
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] init_enclave_attester()@L17: called enclave core ctx: 0x55aca12dc890 enclave attester ctx: 0x55aca1319d00 algo: 1
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] nullattester_init()@L14: ctx 0x55aca1319d00, algo 1
[INFO] the enclave attester 'nullattester' selected
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rtls_verifier_select()@L32: selecting the enclave verifier '(null)' ...
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rtls_verifier_select()@L36: trying to match sgx_ecdsa ...
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] init_enclave_verifier()@L17: init enclave verifier rtls_core_context: 0x55aca12dc890
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] sgx_ecdsa_verifier_init()@L15: ctx 0x55aca1319d90, algo 1
[INFO] the enclave verifier 'sgx_ecdsa' selected
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] rtls_tls_wrapper_select()@L28: selecting the tls wrapper '(null)' ...
Tue Apr 18 07:22:45 UTC 2023: [DEBUG] openssl_tls_init()@L13: ctx 0x55aca12dc9d0
[INFO] the tls wrapper 'openssl' selected

If change RATS_TLS_LOG_LEVEL_DEFAULT in src/include/rats-tls/api.h to RATS_TLS_LOG_LEVEL_DEBUG, and can print out the log during registration.

root@iZ2ze13x2oa32ucp1crpkkZ:/usr/share/rats-tls/samples# ./rats-tls-server -l debug
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] librats_tls_init()@L41: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_crypto_wrapper_load_all()@L34: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_crypto_wrapper_load_single()@L64: loading the crypto wrapper instance 'libcrypto_wrapper_openssl.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libcrypto_wrapper_openssl_init()@L42: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] crypto_wrapper_register()@L18: registering the crypto wrapper 'openssl' ...
[INFO] the crypto wrapper 'openssl' registered
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] openssl_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_crypto_wrapper_load_single()@L94: the crypto wrapper 'openssl' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_crypto_wrapper_load_single()@L64: loading the crypto wrapper instance 'libcrypto_wrapper_nullcrypto.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libcrypto_wrapper_nullcrypto_init()@L42: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] crypto_wrapper_register()@L18: registering the crypto wrapper 'nullcrypto' ...
[INFO] the crypto wrapper 'nullcrypto' registered
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] nullcrypto_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_crypto_wrapper_load_single()@L94: the crypto wrapper 'nullcrypto' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_load_all()@L33: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_load_single()@L63: loading the enclave attester instance 'libattester_nullattester.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libattester_null_init()@L45: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_attester_register()@L19: registering the enclave attester 'nullattester' ...
[INFO] the enclave attester 'nullattester' registered with type 'nullattester'
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] nullattester_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_load_single()@L92: the enclave attester 'nullattester' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_load_single()@L63: loading the enclave attester instance 'libattester_csv.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libattester_csv_init()@L34: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_attester_register()@L19: registering the enclave attester 'csv' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_attester_register()@L54: failed to register the attester '' due to lack of CSV Guest capability
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libattester_csv_init()@L38: failed to register the enclave register 'csv' 0xdffffffc
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_post_init()@L35: the enclave attester 'csv' failed to register
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_load_single()@L63: loading the enclave attester instance 'libattester_sev.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libattester_sev_init()@L34: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_attester_register()@L19: registering the enclave attester 'sev' ...
[ERROR] failed to open msr
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_attester_register()@L44: failed to register the attester '' due to lack of SEV(-ES) Guest capability
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libattester_sev_init()@L38: failed to register the enclave attester 'sev' 0xdffffffc
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_attester_post_init()@L35: the enclave attester 'sev' failed to register
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_all()@L33: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L64: loading the enclave verifier instance 'libverifier_nullverifier.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libverifier_null_init()@L38: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_verifier_register()@L19: registering the enclave verifier 'nullverifier' ...
[INFO] the enclave verifier 'nullverifier' registered with type 'nullverifier'
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] nullverifier_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L93: the enclave verifier 'nullverifier' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L64: loading the enclave verifier instance 'libverifier_sev.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libverifier_sev_init()@L33: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_verifier_register()@L19: registering the enclave verifier 'sev' ...
[INFO] the enclave verifier 'sev' registered with type 'sev'
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] sev_verifier_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L93: the enclave verifier 'sev' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L64: loading the enclave verifier instance 'libverifier_csv.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libverifier_csv_init()@L33: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_verifier_register()@L19: registering the enclave verifier 'csv' ...
[INFO] the enclave verifier 'csv' registered with type 'csv'
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] csv_verifier_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L93: the enclave verifier 'csv' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L64: loading the enclave verifier instance 'libverifier_sgx_ecdsa.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libverifier_sgx_ecdsa_init()@L38: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_verifier_register()@L19: registering the enclave verifier 'sgx_ecdsa' ...
[INFO] the enclave verifier 'sgx_ecdsa' registered with type 'sgx_ecdsa'
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] sgx_ecdsa_verifier_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L93: the enclave verifier 'sgx_ecdsa' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L64: loading the enclave verifier instance 'libverifier_sev_snp.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libverifier_sev_snp_init()@L34: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] enclave_verifier_register()@L19: registering the enclave verifier 'sev_snp' ...
[INFO] the enclave verifier 'sev_snp' registered with type 'sev_snp'
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] sev_snp_verifier_pre_init()@L15: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_enclave_verifier_load_single()@L93: the enclave verifier 'sev_snp' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_tls_wrapper_load_all()@L34: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_tls_wrapper_load_single()@L65: loading the tls wrapper instance 'libtls_wrapper_openssl.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libtls_wrapper_openssl_init()@L45: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] tls_wrapper_register()@L18: registering the tls wrapper 'openssl' ...
[INFO] the tls wrapper 'openssl' registered
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] openssl_tls_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_tls_wrapper_load_single()@L94: the tls wrapper 'openssl' loaded
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_tls_wrapper_load_single()@L65: loading the tls wrapper instance 'libtls_wrapper_nulltls.so' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] libtls_wrapper_nulltls_init()@L41: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] tls_wrapper_register()@L18: registering the tls wrapper 'nulltls' ...
[INFO] the tls wrapper 'nulltls' registered
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] nulltls_pre_init()@L12: called
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_tls_wrapper_load_single()@L94: the tls wrapper 'nulltls' loaded
    - Welcome to RATS-TLS sample server program
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rats_tls_init()@L24: conf 0x7fff0fbf16e0, handle 0x7fff0fbf1640
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rats_tls_init()@L65: conf->custom_claims: 0x7fff0fbf16b0 conf->custom_claims_length: 2
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] rtls_crypto_wrapper_select()@L27: selecting the crypto wrapper '(null)' ...
Tue Apr 18 07:28:33 UTC 2023: [DEBUG] openssl_init()@L16: ctx 0x55d4ad2d9d70
[INFO] the crypto wrapper 'openssl' selected
houhuiting commented 1 year ago

rats-tls divides the workflow into initialization and running phases, see https://github.com/inclavare-containers/rats-tls/blob/master/docs/design/design.md#work-process for details. Register all instances in the initialization phase; select an instance in the running phase, and perform operations such as obtaining verification certificates.

During the initialization (registration) phase, use the environment variable RATS_TLS_GLOBAL_LOG_LEVEL to set the global log_level parameter global_log_level (https://github.com/inclavare-containers/rats-tls/blob/master/src/core/main.c#L43) , such as running export RATS_TLS_GLOBAL_LOG_LEVEL = debug, you can see the log during the initialization (registration) phase.

In the running phase, the log_level obtained by the user through -l <log_level> of rats-tls-server and rats-tls-client will override the global log_level parameter global_log_level set in the initialization phase (https://github.com/inclavare-containers/rats-tls/blob/master/samples/rats-tls-server/server.c#L415). So, -l <log_level> passed in by the user can only change the log type in the running phase.

Therefore, only using -l <log_level> in rats-tls-server and rats-tls-client, it is expected that the log in the registration phase cannot be seen, which needs to be realized by configuring the environment variable RATS_TLS_GLOBAL_LOG_LEVEL.