Open n-prat opened 1 year ago
No worries, I think this is the right location to start such a conversation. You could alternatively also use our element chat https://matrix.to/#/#integritee-watercooler:matrix.org.
So without looking at your code, I think this would be a great enhancement. Currently, rust is only seldom used as a mobile application programming language, but I would not be surprised if this changes anytime soon. Regardless, even without the android deployment I believe that your suggestions increase code quality; hence I am happy to merge your changes. The only thing I would have to carefully review is the crypto stuff, where I can't promise yet that this will be merged. However, the crypto libraries we use are compatible with non SGX crypto stuff. Did you have compatibility issues?
Ok great!
In that case, I will probably do a proper refactor to split the lib
and cli
parts.
[Definitely do not look at the crypto part for now.]
Yes, I had an issue trying to compile outside sgx
because building integritee-cli
pulls everything, including sgx_crypto_helper
and that tries to link with sgx_ucrypto/sgx_tcrypto
.
Maybe there was another way(a proper way?) to do it but I went for the naive approach.
wastime
is a one-line fix so I won't count it as a compatibility issue
Nice, thanks for the extra explanation. I am looking forward to it.
Maybe there was another way(a proper way?) to do it but I went for the naive approach.
I am just wondering, did you only change the crypto in the cli or also inside the enclave?
I am not using the sgx_crypto_helper
fork server side, that way worker
repo is unchanged(cli
and the rest).
Logically, the enclave-runtime
is not used by integritee-cli
right?
But yes, making it work without a [patch."https://github.com/apache/teaclave-sgx-sdk.git"]
on the android side would require more work to make sure nothing is broken in enclave.
At least properly feature-gating the sgx crypto
vs rust crypto
?
Hey @n-prat, we are trying to wrap the rust-cli into python over there: https://github.com/olisystems/BEST-Energy/issues/40
We struggle, however, with the SGX crypto libs, which prevent compilation currently. So I was wondering if you are still using the naive patch approach or if you do now properly feature gate it. We'd definitely be interested in the pure rust crypto version for the CLI.
Right now I am using this https://github.com/apache/incubator-teaclave-sgx-sdk/commits/7c27fe00128e96da734b3ce5fb8056a5f49fee03 [I don't know what I did, but this is not a proper submodule/fork 🤔].
NOTE: previously I had an issue with wasmtime
but since I rebased on a recent branch this is not needed anymore.
Via
[patch."https://github.com/apache/teaclave-sgx-sdk.git"]
# TODO ideally we would directly use this patched version from `integritee-cli`
# but it is quite a mess to make it work both from repo `integritee-worker` and here
sgx_crypto_helper = { path = "./shared/rust/deps/teaclave-sgx-sdk/sgx_crypto_helper/" }
But I would not use this in prod: my goal was just to "make it work" on Android and have the full pipeline running.
Based on cargo tree -i sgx_crypto_helper
from my Android project:
sgx_crypto_helper v1.1.6 (/home/xxx/workspace/interstellar/wallet-app/shared/rust/deps/teaclave-sgx-sdk/sgx_crypto_helper)
├── integritee-cli v0.9.0 (/home/xxx/workspace/interstellar/integritee-worker/cli)
│ └── substrate-client v0.1.0 (/home/xxx/workspace/interstellar/wallet-app/shared/rust/substrate-client)
│ [dev-dependencies]
│ └── renderer v0.1.0 (/home/xxx/workspace/interstellar/wallet-app/shared/rust/renderer)
├── itc-rpc-client v0.9.0 (/home/xxx/workspace/interstellar/integritee-worker/core/rpc-client)
│ └── integritee-cli v0.9.0 (/home/xxx/workspace/interstellar/integritee-worker/cli) (*)
├── itp-sgx-crypto v0.9.0 (/home/xxx/workspace/interstellar/integritee-worker/core-primitives/sgx/crypto)
│ └── integritee-cli v0.9.0 (/home/xxx/workspace/interstellar/integritee-worker/cli) (*)
└── substrate-client v0.1.0 (/home/xxx/workspace/interstellar/wallet-app/shared/rust/substrate-client) (*)
I guess the proper solution would be to do all this work in integritee-cli
, and probably add a something like a rust-crypto
feature? I am really not sure.
Yes, I think so. In our core crypto-libs this should be a feature flag, so that we can choose between that sgx-crypto stuff and the rust one. Of course, noting that the rust-one is experimental.
Alright, your approach looks very promising. I tried to incorporate it, but can you please add your code to some actual repository? I can't fetch it from your source.
Either upstream,your own fork or you can add it here: https://github.com/integritee-network/incubator-teaclave-sgx-sdk
Ah, I found the fork: https://github.com/Interstellar-Network/incubator-teaclave-sgx-sdk/commits/interstellar-direct-client-android Not sure how I messed up the submodule though.
PS: associated PR: https://github.com/Interstellar-Network/incubator-teaclave-sgx-sdk/pull/1
edit: cf https://github.com/olisystems/BEST-Energy/issues/40#issuecomment-1611294460 you need to set the feature crypto_direct
Following up on this after updating everything to branch(es) polkadot-v0.9.39
and corresponding worker
and node-runtime
.
I now need https://github.com/integritee-network/pallets/compare/master...Interstellar-Network:integritee-pallets:sgx-verify-bypass-ring because I had a linker error:
# ld: error: duplicate symbol: GFp_armcap_P
# >>> defined at ring.b410afd7-cgu.15
# >>> ring-84bf46b9fe169040.ring.b410afd7-cgu.15.rcgu.o:(GFp_armcap_P) in archive /home/xxx/target/aarch64-linux-android/release/deps/libring-84bf46b9fe169040.rlib
# >>> defined at ring.ed45c050-cgu.14
# >>> ring-47ab273879fc68e0.ring.ed45c050-cgu.14.rcgu.o:(.bss.GFp_armcap_P+0x0) in archive /home/xxx/target/aarch64-linux-android/release/deps/libring-47ab273879fc68e0.rlib
# clang-12: error: linker command failed with exit code 1 (use -v to see invocation)
#
NOTE: it compiles for aarch64-linux-android
but it is NOT tested
Nice, thanks for the hint, we should probably try to get rid of the node-runtime in the cli. 👍
Hello,
First sorry for opening an Issue, but I did not know where to put the following (no discussion enabled?). I am opening this mostly for tracking, and to maybe help other people find this code in the future.
Long story short: I have been trying to run
integritee-cli
on mobile(ie an Android app), and it seems to be working! [NOTE: WIP, not prod-ready!]. The results are there.It was not too much work:
integritee-cli
to returnResult
everywhereCli
code frommain.rs
tolib.rs
pub enum CliResultOk
andpub enum CliError
perform_trusted_operation
/send_request
/etc to expose anError
instead returningNone
Then on the Android project:
[patch."https://github.com/apache/teaclave-sgx-sdk.git"]
sgx_crypto_helper
Which replacessgx_tcrypto
/sgx_ucrypto
by an impl that usesrsa
+sha2
+rand
cf the fork[NOTE: REALLY WIP][patch.crates-io] wasmtime
and one-liner fix cf this fork[NOTE: REALLY WIP too]Note that both of those are definitely PoC-level; as in "make sure it can run an Android" and I will see later to clean it up.
If you are interested, I could find some time to clean up the code and make a proper PR? Maybe at least for
integritee-cli
at first?