[tools/sgx] Install RA-TLS and SecretProv libs properly

This commit splits RA-TLS and SecretProv libs in a more fine-grained manner, suitable for writing external plugins (e.g. with Microsoft Azure Attestation flows). This commit also installs corresponding header files and pkg-config files. Finally, this commit fixes a bug with too-many exported symbols from these libs. The examples `ra-tls-mbedtls` and `ra-tls-secret-prov` are updated to reflect these changes. Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
gramineproject · Jan 11, 2023 · a5eb629 · a5eb629
1 parent d3467cc
commit a5eb629
Show file tree

Hide file tree

Showing 19 changed files with 198 additions and 105 deletions.
diff --git a/CI-Examples/ra-tls-mbedtls/Makefile b/CI-Examples/ra-tls-mbedtls/Makefile
@@ -39,7 +39,10 @@ ssl/server.crt: ssl/ca_config.conf
 
 ######################### CLIENT/SERVER EXECUTABLES ###########################
 
-CFLAGS += $(shell pkg-config --cflags mbedtls_gramine)
+CFLAGS += $(shell pkg-config --cflags mbedtls_gramine) \
+          $(shell pkg-config --cflags ra_tls_gramine)
+
+# no need for `pkg-config --libs ra_tls_gramine` because programs use dlopen
 LDFLAGS += -ldl -Wl,--enable-new-dtags $(shell pkg-config --libs mbedtls_gramine)
 
 server: src/server.c

diff --git a/CI-Examples/ra-tls-mbedtls/src/client.c b/CI-Examples/ra-tls-mbedtls/src/client.c
@@ -34,6 +34,8 @@
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
 
+#include "ra_tls.h"
+
 /* RA-TLS: on client, only need to register ra_tls_verify_callback_der() for cert verification */
 int (*ra_tls_verify_callback_der_f)(uint8_t* der_crt, size_t der_crt_size);
 

diff --git a/CI-Examples/ra-tls-mbedtls/src/server.c b/CI-Examples/ra-tls-mbedtls/src/server.c
@@ -31,9 +31,7 @@
 #include "mbedtls/ssl.h"
 #include "mbedtls/x509.h"
 
-/* RA-TLS: on server, only need ra_tls_create_key_and_crt_der() to create keypair and X.509 cert */
-int (*ra_tls_create_key_and_crt_der_f)(uint8_t** der_key, size_t* der_key_size, uint8_t** der_crt,
-                                       size_t* der_crt_size);
+#include "ra_tls.h"
 
 #define HTTP_RESPONSE                                    \
     "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
@@ -81,7 +79,10 @@ int main(int argc, char** argv) {
     mbedtls_net_context client_fd;
     unsigned char buf[1024];
     const char* pers = "ssl_server";
+
     void* ra_tls_attest_lib;
+    int (*ra_tls_create_key_and_crt_der_f)(uint8_t** der_key, size_t* der_key_size, uint8_t** der_crt,
+                                           size_t* der_crt_size);
 
     uint8_t* der_key = NULL;
     uint8_t* der_crt = NULL;

diff --git a/CI-Examples/ra-tls-secret-prov/Makefile b/CI-Examples/ra-tls-secret-prov/Makefile
@@ -48,13 +48,8 @@ ssl/server.crt: ssl/ca_config.conf
 
 ######################### CLIENT/SERVER EXECUTABLES ###########################
 
-# Use hard-coded GRAMINEDIR because we currently fail to provide secret prov headers in Gramine
-# installation. We also use `mbedtls_gramine` pkg-config because we don't have a secret prov one.
-# TODO: Create a pkg-config file for secretprov_gramine libs, and use it in below
-#       CFLAGS/LDFLAGS lines (via `pkg-config {--cflags|--libs} secretprov_gramine`).
-GRAMINEDIR ?= ../..
-CFLAGS += -Wall -std=c11 -I$(GRAMINEDIR)/tools/sgx/ra-tls
-LDFLAGS += -Wl,--enable-new-dtags $(shell pkg-config --libs mbedtls_gramine)
+CFLAGS += -Wall -std=c11 $(shell pkg-config --cflags secret_prov_gramine)
+LDFLAGS += -Wl,--enable-new-dtags $(shell pkg-config --libs secret_prov_gramine)
 
 %/server_epid: %/server.c
 	$(CC) $< $(CFLAGS) $(LDFLAGS) -lsecret_prov_verify_epid -pthread -o $@

diff --git a/debian/gramine.install b/debian/gramine.install
@@ -15,3 +15,9 @@ usr/lib/${DEB_HOST_MULTIARCH}/libsgx_util.a*
 usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
 usr/include/gramine/mbedtls/*.h
 usr/include/gramine/psa/*.h
+usr/include/gramine/psa/ra_tls.h
+usr/include/gramine/psa/ra_tls_common.h
+usr/include/gramine/psa/secret_prov.h
+usr/include/gramine/psa/secret_prov_common.h
+usr/include/gramine/psa/sgx_arch.h
+usr/include/gramine/psa/sgx_attest.h
diff --git a/pal/src/host/linux-sgx/meson.build b/pal/src/host/linux-sgx/meson.build
@@ -19,6 +19,9 @@ sgx_inc = [
     ),
 ]
 
+# below headers are SGX-infrastructure generic and required by e.g. RA-TLS libs
+install_headers('sgx_arch.h', 'sgx_attest.h', subdir : 'gramine')
+
 cflags_pal_sgx = [
     cflags_pal_common,
     '-DHOST_TYPE=Linux-SGX',

diff --git a/tools/sgx/ra-tls/meson.build b/tools/sgx/ra-tls/meson.build
@@ -2,15 +2,26 @@
 # libraries. This is because they are loaded dynamically to users' software and we don't want our
 # patched mbedtls to collide with libraries the program already uses.
 
+pkgconfig = import('pkgconfig')
+
+install_headers('ra_tls.h', 'ra_tls_common.h', 'secret_prov.h', 'secret_prov_common.h',
+                subdir : 'gramine')
+
 libra_tls_inc = include_directories('.')
 
-ra_tls_args = [
-    '-fvisibility=hidden',
+ra_tls_map = join_paths(meson.current_source_dir(), 'ra_tls.map')
+ra_tls_link_args = [
+    '-Wl,--version-script=@0@'.format(ra_tls_map),
+]
+
+secret_prov_map = join_paths(meson.current_source_dir(), 'secret_prov.map')
+secret_prov_link_args = [
+    '-Wl,--version-script=@0@'.format(secret_prov_map),
 ]
 
 libra_tls_attest = shared_library('ra_tls_attest',
     'ra_tls_attest.c',
-    c_args: ra_tls_args,
+    link_args: ra_tls_link_args,
     include_directories: pal_sgx_inc, # this is only for `sgx_arch.h` and `sgx_attest.h`
     dependencies: [
         mbedtls_static_dep,
@@ -23,12 +34,9 @@ meson.add_install_script('/bin/sh', '-c',
     '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
         get_option('libdir')))
 
-libra_tls_verify_epid = shared_library('ra_tls_verify_epid',
-    'ra_tls_verify_epid.c',
+libra_tls_verify = static_library('ra_tls_verify',
     'ra_tls_verify_common.c',
-    'ra_tls.h',
 
-    c_args: ra_tls_args,
     include_directories: pal_sgx_inc,
     dependencies: [
         sgx_util_dep,
@@ -37,6 +45,24 @@ libra_tls_verify_epid = shared_library('ra_tls_verify_epid',
     install: true,
     install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
 )
+
+libra_tls_verify_dep = declare_dependency(
+    link_with: libra_tls_verify,
+    include_directories: pal_sgx_inc,
+)
+
+libra_tls_verify_epid = shared_library('ra_tls_verify_epid',
+    'ra_tls_verify_epid.c',
+
+    link_args: ra_tls_link_args,
+    dependencies: [
+        libra_tls_verify_dep.as_link_whole(),
+        mbedtls_static_dep,
+        sgx_util_dep,
+    ],
+    install: true,
+    install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
+)
 meson.add_install_script('/bin/sh', '-c',
     'ln -sf ../../../libra_tls_verify_epid.so ' +
     '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
@@ -46,10 +72,8 @@ libsecret_prov_attest = shared_library('secret_prov_attest',
     'secret_prov_attest.c',
     'secret_prov_common.c',
     'ra_tls_attest.c',
-    'ra_tls.h',
-    'secret_prov.h',
 
-    c_args: ra_tls_args,
+    link_args: secret_prov_link_args,
     include_directories: pal_sgx_inc,
     dependencies: [
         mbedtls_static_dep,
@@ -63,20 +87,33 @@ meson.add_install_script('/bin/sh', '-c',
     '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
         get_option('libdir')))
 
-libsecret_prov_verify_epid = shared_library('secret_prov_verify_epid',
-    'ra_tls_verify_epid.c',
-    'ra_tls_verify_common.c',
+libsecret_prov_verify = static_library('secret_prov_verify',
     'secret_prov_verify.c',
     'secret_prov_common.c',
-    'ra_tls.h',
-    'secret_prov.h',
 
-    c_args: ra_tls_args,
-    include_directories: pal_sgx_inc,
     dependencies: [
-        threads_dep,
+        libra_tls_verify_dep,
+        mbedtls_static_dep,
         sgx_util_dep,
+    ],
+    install: true,
+    install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
+)
+
+libsecret_prov_verify_dep = declare_dependency(
+    link_with: libsecret_prov_verify,
+    include_directories: pal_sgx_inc,
+)
+
+libsecret_prov_verify_epid = shared_library('secret_prov_verify_epid',
+    'ra_tls_verify_epid.c',
+
+    link_args: secret_prov_link_args,
+    dependencies: [
+        libsecret_prov_verify_dep.as_link_whole(),
         mbedtls_static_dep,
+        sgx_util_dep,
+        threads_dep,
     ],
     install: true,
     install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
@@ -89,15 +126,13 @@ meson.add_install_script('/bin/sh', '-c',
 if dcap
     libra_tls_verify_dcap = shared_library('ra_tls_verify_dcap',
         'ra_tls_verify_dcap.c',
-        'ra_tls_verify_common.c',
-        'ra_tls.h',
 
-        c_args: ra_tls_args,
-        include_directories: pal_sgx_inc,
+        link_args: ra_tls_link_args,
         dependencies: [
+            libra_tls_verify_dep.as_link_whole(),
+            mbedtls_static_dep,
             sgx_dcap_quoteverify_dep,
             sgx_util_dep,
-            mbedtls_static_dep,
         ],
         install: true,
         install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
@@ -110,15 +145,13 @@ if dcap
     libra_tls_verify_dcap_gramine = shared_library('ra_tls_verify_dcap_gramine',
         'ra_tls_verify_dcap.c',
         'ra_tls_verify_dcap_gramine.c',
-        'ra_tls_verify_common.c',
-        'ra_tls.h',
 
-        c_args: ra_tls_args,
-        include_directories: pal_sgx_inc,
+        link_args: ra_tls_link_args,
         dependencies: [
+            libra_tls_verify_dep.as_link_whole(),
+            mbedtls_static_dep,
             sgx_dcap_quoteverify_dep,
             sgx_util_dep,
-            mbedtls_static_dep,
         ],
         install: true,
         install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
@@ -130,19 +163,15 @@ if dcap
 
     libsecret_prov_verify_dcap = shared_library('secret_prov_verify_dcap',
         'ra_tls_verify_dcap.c',
-        'ra_tls_verify_common.c',
-        'secret_prov_verify.c',
-        'secret_prov_common.c',
-        'ra_tls.h',
-        'secret_prov.h',
 
-        c_args: ra_tls_args,
+        link_args: secret_prov_link_args,
         include_directories: pal_sgx_inc,
         dependencies: [
-            threads_dep,
+            libsecret_prov_verify_dep.as_link_whole(),
+            mbedtls_static_dep,
             sgx_dcap_quoteverify_dep,
             sgx_util_dep,
-            mbedtls_static_dep,
+            threads_dep,
         ],
         install: true,
         install_rpath: join_paths(get_option('prefix'), get_option('libdir')),
@@ -152,3 +181,27 @@ if dcap
         '"$MESON_INSTALL_DESTDIR_PREFIX"/@0@/gramine/runtime/glibc/'.format(
             get_option('libdir')))
 endif
+
+pkgconfig.generate(
+    name: 'ra_tls_gramine',
+    filebase: 'ra_tls_gramine',
+    description: 'RA-TLS (SGX Remote Attestation TLS library) for Gramine',
+    subdirs: 'gramine',
+    libraries: [
+        '-L${libdir}',
+        '-Wl,-rpath,${libdir}',
+        # RA-TLS consists of multiple independent libs, let user decide which to link
+    ],
+)
+
+pkgconfig.generate(
+    name: 'secret_prov_gramine',
+    filebase: 'secret_prov_gramine',
+    description: 'Secret Provisioning library for Gramine',
+    subdirs: 'gramine',
+    libraries: [
+        '-L${libdir}',
+        '-Wl,-rpath,${libdir}',
+        # Secret Prov consists of multiple independent libs, let user decide which to link
+    ],
+)
diff --git a/tools/sgx/ra-tls/ra_tls.h b/tools/sgx/ra-tls/ra_tls.h
@@ -1,14 +1,16 @@
 /* SPDX-License-Identifier: LGPL-3.0-or-later */
-/* Copyright (C) 2020 Intel Labs */
+/* Copyright (C) 2023 Intel Labs */
+
+/*
+ * RA-TLS user API:
+ *   - ra_tls_set_measurement_callback() and ra_tls_verify_callback_der() for verifier side,
+ *   - ra_tls_create_key_and_crt_der() for attester (SGX enclave) side.
+ */
 
 #pragma once
 
-#include <mbedtls/x509_crt.h>
 #include <stdint.h>
 
-#include "sgx_arch.h"
-#include "sgx_attest.h"
-
 #define RA_TLS_EPID_API_KEY "RA_TLS_EPID_API_KEY"
 
 #define RA_TLS_ALLOW_OUTDATED_TCB_INSECURE  "RA_TLS_ALLOW_OUTDATED_TCB_INSECURE"
@@ -26,41 +28,9 @@
 #define RA_TLS_CERT_TIMESTAMP_NOT_BEFORE "RA_TLS_CERT_TIMESTAMP_NOT_BEFORE"
 #define RA_TLS_CERT_TIMESTAMP_NOT_AFTER  "RA_TLS_CERT_TIMESTAMP_NOT_AFTER"
 
-#define SHA256_DIGEST_SIZE       32
-#define PUB_KEY_SIZE_MAX         128 /* enough for the only currently supported algo (ECDSA-384) */
-#define IAS_REQUEST_NONCE_LEN    32
-
-#define OID(N) \
-    { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF8, 0x4D, 0x8A, 0x39, (N) }
-static const uint8_t g_quote_oid[] = OID(0x06);
-static const size_t g_quote_oid_size = sizeof(g_quote_oid);
-
 typedef int (*verify_measurements_cb_t)(const char* mrenclave, const char* mrsigner,
                                         const char* isv_prod_id, const char* isv_svn);
 
-/* internally used functions, not exported */
-__attribute__ ((visibility("hidden")))
-bool getenv_allow_outdated_tcb(void);
-
-__attribute__ ((visibility("hidden")))
-bool getenv_allow_debug_enclave(void);
-
-__attribute__ ((visibility("hidden")))
-int cmp_crt_pk_against_quote_report_data(mbedtls_x509_crt* crt, sgx_quote_t* quote);
-
-__attribute__ ((visibility("hidden")))
-int extract_quote_and_verify_pubkey(mbedtls_x509_crt* crt, sgx_quote_t** out_quote,
-                                    size_t* out_quote_size);
-
-__attribute__ ((visibility("hidden")))
-int verify_quote_body_against_envvar_measurements(const sgx_quote_body_t* quote_body);
-
-__attribute__ ((visibility("hidden")))
-int ra_tls_verify_callback(void* data, mbedtls_x509_crt* crt, int depth, uint32_t* flags);
-
-__attribute__ ((visibility("hidden")))
-int ra_tls_create_key_and_crt(mbedtls_pk_context* key, mbedtls_x509_crt* crt);
-
 /*!
  * \brief Callback for user-specific verification of measurements in SGX quote.
  *
@@ -75,7 +45,6 @@ int ra_tls_create_key_and_crt(mbedtls_pk_context* key, mbedtls_x509_crt* crt);
  * callback is registered (or registered as NULL), then RA-TLS defaults to verifying SGX
  * measurements against `RA_TLS_*` environment variables (if any).
  */
-__attribute__ ((visibility("default")))
 void ra_tls_set_measurement_callback(verify_measurements_cb_t f_cb);
 
 /*!
@@ -92,7 +61,6 @@ void ra_tls_set_measurement_callback(verify_measurements_cb_t f_cb);
  * quote, IAS attestation report verification, and/or DCAP quote verification must be passed in the
  * corresponding RA-TLS environment variables.
  */
-__attribute__ ((visibility("default")))
 int ra_tls_verify_callback_der(uint8_t* der_crt, size_t der_crt_size);
 
 /*!
@@ -112,6 +80,5 @@ int ra_tls_verify_callback_der(uint8_t* der_crt, size_t der_crt_size);
  * embedded. The function allocates memory for key and certificate; user is expected to free them
  * after use.
  */
-__attribute__ ((visibility("default")))
 int ra_tls_create_key_and_crt_der(uint8_t** der_key, size_t* der_key_size, uint8_t** der_crt,
                                   size_t* der_crt_size);
diff --git a/tools/sgx/ra-tls/ra_tls.map b/tools/sgx/ra-tls/ra_tls.map
@@ -0,0 +1,5 @@
+RA_TLS {
+    global: ra_tls_set_measurement_callback; ra_tls_verify_callback_der; ra_tls_create_key_and_crt_der;
+    local: *;
+};
+
diff --git a/tools/sgx/ra-tls/ra_tls_attest.c b/tools/sgx/ra-tls/ra_tls_attest.c
@@ -30,8 +30,7 @@
 #include <mbedtls/x509_crt.h>
 
 #include "ra_tls.h"
-#include "sgx_arch.h"
-#include "sgx_attest.h"
+#include "ra_tls_common.h"
 
 #define CERT_SUBJECT_NAME_VALUES  "CN=RATLS,O=GramineDevelopers,C=US"
 #define CERT_TIMESTAMP_NOT_BEFORE_DEFAULT "20010101000000"