Merging existing code into new enarx-wasmldr repo #3
Conversation
MikeCamel
force-pushed
the
https-wasmldr
branch
from
861cb07 to
7330565
Compare
| "filetime", | ||
| "libc", | ||
| "tracing", | ||
| ] |
There was a problem hiding this comment.
Don't delete Cargo.lock. We check in the lockfile for binaries but not for libraries.
There was a problem hiding this comment.
OK. My bad - could you explain why?
| @@ -1,2 +1,4 @@ | |||
| /target | |||
| Cargo.lock | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
I thought there was a failure due to a lack of carriage return in another Cargo.lock file. I'll trim to just one
There was a problem hiding this comment.
Shouldn't the Cargo.lock be removed from .gitignore ??
There was a problem hiding this comment.
@haraldh Yes, probably.
Cargo.toml
Outdated
| serde_yaml = "0.8" | ||
| serde_json = "1.0" | ||
| serde_derive = "1.0" | ||
| openssl = { version = "0.10", features = ["vendored"] } |
There was a problem hiding this comment.
This appears to only be used for certificate generation. However, warp (above) pulls in the rustls crypto chain. I'd prefer not to have two dependencies that do the same thing. So let's avoid using openssl for now.
There was a problem hiding this comment.
I thought we wanted to be using openssl for FIPS futures? The main reason, however, is that I struggled to find instructions for how to generate certificates - the only way I managed to make it work was with openssl. Happy to be given pointers...
There was a problem hiding this comment.
@MikeCamel warp only currently supports the rustls stack. So while FIPS is definitely a future concern, my more immediate concern is the size bloat of having two separate crypto stacks.
As far as certificate generation... there doesn't seem to be a lot of options. The rustls stack uses webpki which only provides validation. The x509-parser project only appears to deserialize the structures.
I see a couple options:
-
Accept multiple crypto stacks. I don't love this option.
-
Use an http framework that supports openssl. There don't seem to be any. One potential route would be to use
hyperdirectly viahyper-tls. However,hyper-tlscurrently only supports the client side. So we'd have to patch it to support the server side.
Thoughts? @ueno Your input is valued here.
There was a problem hiding this comment.
- We could create an X.509 template as bytes that we serialize just key data into. This is lightweight and avoids another crypto library.
Cargo.toml
Outdated
| serde_json = "1.0" | ||
| serde_derive = "1.0" | ||
| openssl = { version = "0.10", features = ["vendored"] } | ||
| reqwest = { version = "0.10.7", features = ["blocking", "json", "native-tls"] } |
There was a problem hiding this comment.
reqwest appears only to be used bin a test binary. The test binary should be built as a test and then this can become a dev-dependency rather than forcing it to be used for all builds.
There was a problem hiding this comment.
It is, yes. Where can I find information on how to do all of this? Agree that it should be changed: are there docs on best practices anywhere?
There was a problem hiding this comment.
https://doc.rust-lang.org/rust-by-example/testing.html
You probably want integration tests. But unit tests are also valuable.
| [[bin]] | ||
| name = "enarx-wasmldr-tester" | ||
| path = "src/enarx-wasmldr-tester.rs" | ||
|
|
There was a problem hiding this comment.
This should be a test rather than a separate binary.
There was a problem hiding this comment.
Question: are tests supposed to be stand-alone (to be run by humans) or integrated (to be auto-run)? I've been doing only the former, so that we can do PoCs - if creating tests copes with both of these cases, I'm cool.
There was a problem hiding this comment.
We always want automated tests. Developers can run them with a simple cargo test. But they also get automatically integrated into our CI.
src/main.rs
Outdated
| Ok(warp::reply::with_status( | ||
| "Payload received", | ||
| warp::http::StatusCode::OK, | ||
| )) |
There was a problem hiding this comment.
I think the flow of this function is wrong. If I'm reading it correctly, it won't respond to the client until the wasm code has finished running.
There was a problem hiding this comment.
I was designing for the single-threaded case, where this is appropriate, I think (though the Result string isn't helpful). That said, I'm not sure that the main code will work single-threaded. This may be beyond my ken - I'll have a look and see if I can work it out.
There was a problem hiding this comment.
It is still wrong even in the single threaded case.
We basically want one set of APIs for adding wasm modules to the Keep and another API to start execution. Adding a module to the keep should parse the modules and make sure they are valid before returning OK. OTOH, the go() API should immediately return OK, tear down all further (external) communication and then start wasm execution.
| fn get_credentials_bytes(listen_addr: &str) -> (Vec<u8>, Vec<u8>) { | ||
| let (key, cert) = match KEY_SOURCE { | ||
| "file-system" => (get_key_bytes_fs(), get_cert_bytes_fs()), | ||
| "generate" => (generate_credentials(&listen_addr)), |
There was a problem hiding this comment.
Excellent! I'll remove all of these. Didn't like them, but thought I'd leave them in for safety.
src/main.rs
Outdated
| } | ||
| }; | ||
| in_contents | ||
| } |
src/main.rs
Outdated
| } | ||
| }; | ||
| in_contents | ||
| } |
| key.private_key_to_pem().unwrap(), | ||
| certificate.to_pem().unwrap(), | ||
| ) | ||
| } |
There was a problem hiding this comment.
Use something other than openssl in this function.
There was a problem hiding this comment.
(We already have a crypto stack via warp.)
Signed-off-by: MikeCamel <[email protected]>
Note that this is not correctly implemented in terms of certificates: FIXME needs addressing.
Signed-off-by: MikeCamel <[email protected]>
Note that this is not correctly implemented in terms of certificates: FIXME needs addressing.
As it's now not in .gitignore
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
Signed-off-by: MikeCamel <[email protected]>
…smldr into https-wasmldr Signed-off-by: MikeCamel <[email protected]>
|
Out of date |
Was in enarx/enarx/keep-runtime.
Fixes #4
Fixes #5