From c3f22606315641968245564aad0895ecac73018f Mon Sep 17 00:00:00 2001 From: Arnaud Brousseau Date: Mon, 11 Nov 2024 17:05:50 -0600 Subject: [PATCH] Fix Makefile to call the same lints, remove old helper script which does not compile --- Makefile | 4 +- src/Makefile | 4 ++ src/integration/src/bin/gen_att_doc.rs | 79 -------------------------- src/qos_crypto/src/shamir.rs | 2 + src/qos_net/src/proxy_stream.rs | 6 +- 5 files changed, 11 insertions(+), 84 deletions(-) delete mode 100644 src/integration/src/bin/gen_att_doc.rs diff --git a/Makefile b/Makefile index 91e4dac9..fce3b90d 100644 --- a/Makefile +++ b/Makefile @@ -18,11 +18,11 @@ test: out/.common-loaded .PHONY: lint lint: out/.common-loaded - $(call run,cargo clippy -- -D warnings) + $(call run,make -C src lint) .PHONY: format format: out/.common-loaded - $(call run,rustfmt) + $(call run,make -C src fmt) .PHONY: docs docs: out/.common-loaded diff --git a/src/Makefile b/src/Makefile index f4d53eab..c171fbab 100644 --- a/src/Makefile +++ b/src/Makefile @@ -144,6 +144,10 @@ lint: .PHONY: clippy clippy: + cargo clippy -- -D warnings + +.PHONY: clippy-fix +clippy-fix: cargo clippy --fix --allow-dirty .PHONY: fmt diff --git a/src/integration/src/bin/gen_att_doc.rs b/src/integration/src/bin/gen_att_doc.rs deleted file mode 100644 index 6853b698..00000000 --- a/src/integration/src/bin/gen_att_doc.rs +++ /dev/null @@ -1,79 +0,0 @@ -//! Helper script to generate a mock attestation document that works for the -//! boot_e2e. -//! -//! Rough use instructions: -//! -//! 1) On the aws host run `make image`, `build-enclave` and then run the -//! enclave, ensuring that debug mode is not enabled. Debug mode will lead to -//! the PCRs being zeroed out. -//! -//! 2) Take the PCRs output from `build-enclave` and update the hardcoded values -//! in the boot e2e test. -//! -//! 3) Run the test and log the value of the manifest hash. -//! -//! 4) Update `MOCK_USER_DATA_NSM_ATTESTATION_DOCUMENT` with the manifest hash. -//! -//! 5) Run this script (the enclave should be running from step 1). -//! -//! 6) Commit the updated files. - -#[tokio::main] -async fn main() { - #[cfg(feature = "mock")] - { - use std::{fs, path::Path}; - - use qos_client::request; - use qos_core::{hex, protocol::msg::ProtocolMsg}; - use qos_crypto::RsaPair; - use qos_nsm::{ - mock::MOCK_USER_DATA_NSM_ATTESTATION_DOCUMENT, - types::{NsmRequest, NsmResponse}, - }; - - const EPHEMERAL_KEY_RELATIVE_PATH: &str = - "./qos_core/src/protocol/attestor/static/boot_e2e_mock_eph.secret"; - - let uri = "http://127.0.0.1:3000/message"; - - let eph_path = Path::new(EPHEMERAL_KEY_RELATIVE_PATH); - // Create / read in mock ephemeral key - let eph_pair = if eph_path.exists() { - RsaPair::from_pem_file(&eph_path).unwrap() - } else { - let pair = RsaPair::generate().unwrap(); - fs::write(&eph_path, pair.private_key_to_pem().unwrap()).unwrap(); - - pair - }; - - // Create an nsm attestation request - let manifest_hash = - hex::decode(MOCK_USER_DATA_NSM_ATTESTATION_DOCUMENT).unwrap(); - let nsm_request = NsmRequest::Attestation { - user_data: Some(manifest_hash), - nonce: None, - public_key: Some(eph_pair.public_key_to_pem().unwrap()), - }; - let req = ProtocolMsg::NsmRequest { nsm_request }; - - println!("Making request to {uri} ..."); - let cose_sign1 = match request::post(uri, &req).unwrap() { - ProtocolMsg::NsmResponse { - nsm_response: NsmResponse::Attestation { document }, - } => document, - r => panic!("Unexpected response: {:?}", r), - }; - - let att_path = - "./qos_core/src/protocol/attestor/static/boot_e2e_mock_attestation_doc"; - fs::write(&att_path, cose_sign1).unwrap(); - - println!("Done"); - } - #[cfg(not(feature = "mock"))] - { - panic!("qos_test's \"mock\" feature must be enabled to run this binary") - } -} diff --git a/src/qos_crypto/src/shamir.rs b/src/qos_crypto/src/shamir.rs index 38c379e4..95e3f43d 100644 --- a/src/qos_crypto/src/shamir.rs +++ b/src/qos_crypto/src/shamir.rs @@ -1,3 +1,5 @@ +//! Shamir Secret Sharing module. We use the [`vsss-rs`](https://crates.io/crates/vsss-rs) + use rand_core::OsRng; use vsss_rs::Gf256; diff --git a/src/qos_net/src/proxy_stream.rs b/src/qos_net/src/proxy_stream.rs index 81b7fee4..9c7e7631 100644 --- a/src/qos_net/src/proxy_stream.rs +++ b/src/qos_net/src/proxy_stream.rs @@ -31,10 +31,10 @@ impl ProxyStream { /// # Arguments /// /// * `addr` - the USOCK or VSOCK to connect to (this socket should be bound - /// to a qos_net proxy) `timeout` is the timeout applied to the socket + /// to a qos_net proxy) `timeout` is the timeout applied to the socket /// * `timeout` - the timeout to connect with /// * `hostname` - the hostname to connect to (the remote qos_net proxy will - /// resolve DNS) + /// resolve DNS) /// * `port` - the port the remote qos_net proxy should connect to /// (typically: 80 or 443 for http/https) /// * `dns_resolvers` - array of resolvers to use to resolve `hostname` @@ -80,7 +80,7 @@ impl ProxyStream { /// /// # Arguments /// * `addr` - the USOCK or VSOCK to connect to (this socket should be bound - /// to a qos_net proxy) `timeout` is the timeout applied to the socket + /// to a qos_net proxy) `timeout` is the timeout applied to the socket /// * `timeout` - the timeout to connect with /// * `ip` - the IP the remote qos_net proxy should connect to /// * `port` - the port the remote qos_net proxy should connect to