From 95d3d3ac6d530b173ad905ba8131521c0f1d859b Mon Sep 17 00:00:00 2001 From: Ernesto J Ocampo Date: Thu, 28 Dec 2023 12:14:55 +0000 Subject: [PATCH] Move building of proto generated files to their own crates. --- Cargo.lock | 27 ++++++++- Cargo.toml | 2 + enclave_apps/Cargo.lock | 10 +++- fuzz/Cargo.lock | 1 - oak_attestation_verification/Cargo.toml | 4 +- oak_attestation_verification/src/claims.rs | 2 +- .../src/endorsement.rs | 2 +- oak_attestation_verification/src/lib.rs | 18 ------ oak_attestation_verification/src/util.rs | 2 +- oak_attestation_verification/src/verifier.rs | 58 +++++++++---------- .../tests/endorsement_tests.rs | 3 +- .../tests/verifier_tests.rs | 46 +++++++++------ .../examples/benchmark/module/Cargo.toml | 4 +- .../examples/benchmark/module/build.rs | 29 ---------- .../examples/benchmark/module/src/lib.rs | 7 +-- oak_functions/lookup_data_checker/Cargo.toml | 1 + oak_functions/lookup_data_checker/src/main.rs | 6 +- .../lookup_data_generator/Cargo.toml | 1 + .../lookup_data_generator/src/data.rs | 2 +- oak_functions_abi/Cargo.toml | 3 - oak_functions_abi/src/lib.rs | 5 -- oak_functions_containers_launcher/Cargo.toml | 1 + .../src/lookup.rs | 6 +- oak_functions_launcher/Cargo.toml | 1 + oak_functions_launcher/src/lookup.rs | 6 +- oak_functions_service/Cargo.toml | 1 + .../tests/integration_test.rs | 4 +- oak_functions_test_utils/Cargo.toml | 1 + oak_functions_test_utils/src/lib.rs | 3 +- oak_ml_transparency/runner/Cargo.lock | 10 +++- proto/attestation/Cargo.toml | 11 ++++ .../attestation}/build.rs | 0 proto/attestation/src/lib.rs | 32 ++++++++++ proto/oak_functions/Cargo.toml | 11 ++++ .../oak_functions}/build.rs | 15 ++--- proto/oak_functions/src/lib.rs | 36 ++++++++++++ 36 files changed, 234 insertions(+), 137 deletions(-) delete mode 100644 oak_functions/examples/benchmark/module/build.rs create mode 100644 proto/attestation/Cargo.toml rename {oak_attestation_verification => proto/attestation}/build.rs (100%) create mode 100644 proto/attestation/src/lib.rs create mode 100644 proto/oak_functions/Cargo.toml rename {oak_functions_abi => proto/oak_functions}/build.rs (75%) create mode 100644 proto/oak_functions/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index 488eadc1211..a3f0214ef70 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -264,9 +264,9 @@ checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" name = "benchmark" version = "0.1.0" dependencies = [ + "oak_functions_proto", "oak_functions_sdk", "prost", - "prost-build", ] [[package]] @@ -1566,6 +1566,7 @@ dependencies = [ "location_utils", "log", "oak_functions_abi", + "oak_functions_proto", "prost", ] @@ -1579,6 +1580,7 @@ dependencies = [ "location_utils", "multimap", "oak_functions_abi", + "oak_functions_proto", "prost", "rand", "serde", @@ -1854,6 +1856,14 @@ dependencies = [ "libc", ] +[[package]] +name = "oak_attestation_proto" +version = "0.0.1" +dependencies = [ + "prost", + "prost-build", +] + [[package]] name = "oak_attestation_verification" version = "0.1.0" @@ -1863,10 +1873,10 @@ dependencies = [ "coset", "ecdsa", "hex", + "oak_attestation_proto", "oak_dice", "p256", "prost", - "prost-build", "serde", "serde_jcs", "serde_json", @@ -2141,7 +2151,6 @@ version = "0.1.0" dependencies = [ "anyhow", "prost", - "prost-build", "static_assertions", "strum", ] @@ -2208,6 +2217,7 @@ dependencies = [ "oak_functions_abi", "oak_functions_client", "oak_functions_launcher", + "oak_functions_proto", "oak_functions_test_utils", "oak_grpc_utils", "oak_remote_attestation", @@ -2238,6 +2248,7 @@ dependencies = [ "oak_crypto", "oak_functions_abi", "oak_functions_client", + "oak_functions_proto", "oak_functions_test_utils", "oak_grpc_utils", "oak_launcher_utils", @@ -2264,6 +2275,14 @@ dependencies = [ "tokio", ] +[[package]] +name = "oak_functions_proto" +version = "0.0.1" +dependencies = [ + "prost", + "prost-build", +] + [[package]] name = "oak_functions_sdk" version = "0.1.0" @@ -2315,6 +2334,7 @@ dependencies = [ "oak_core", "oak_crypto", "oak_functions_abi", + "oak_functions_proto", "oak_functions_sdk", "oak_functions_test_utils", "oak_remote_attestation", @@ -2337,6 +2357,7 @@ dependencies = [ "nix 0.26.2", "oak_functions_abi", "oak_functions_client", + "oak_functions_proto", "port_check", "prost", "tempfile", diff --git a/Cargo.toml b/Cargo.toml index d7a2dced679..6891da760df 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -99,6 +99,8 @@ oak_grpc_utils = { path = "./oak_grpc_utils" } oak_launcher_utils = { path = "./oak_launcher_utils" } oak_linux_boot_params = { path = "./linux_boot_params" } oak_logger = { path = "./oak_functions/logger" } +oak_attestation_proto = { path = "./proto/attestation" } +oak_functions_proto = { path = "./proto/oak_functions" } oak_remote_attestation = { path = "./oak_remote_attestation" } oak_restricted_kernel_dice = { path = "./oak_restricted_kernel_dice" } oak_restricted_kernel_sdk = { path = "./oak_restricted_kernel_sdk" } diff --git a/enclave_apps/Cargo.lock b/enclave_apps/Cargo.lock index 16bec3571c4..04ed0586be8 100644 --- a/enclave_apps/Cargo.lock +++ b/enclave_apps/Cargo.lock @@ -784,7 +784,6 @@ version = "0.1.0" dependencies = [ "anyhow", "prost", - "prost-build", "static_assertions", "strum", ] @@ -808,6 +807,14 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "oak_functions_proto" +version = "0.0.1" +dependencies = [ + "prost", + "prost-build", +] + [[package]] name = "oak_functions_sdk" version = "0.1.0" @@ -832,6 +839,7 @@ dependencies = [ "oak_core", "oak_crypto", "oak_functions_abi", + "oak_functions_proto", "oak_functions_sdk", "oak_remote_attestation", "prost", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 5a351807274..3d581a17a0c 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -216,7 +216,6 @@ version = "0.1.0" dependencies = [ "anyhow", "prost", - "prost-build", "static_assertions", "strum", ] diff --git a/oak_attestation_verification/Cargo.toml b/oak_attestation_verification/Cargo.toml index d0ccdebe022..51c6c58eae9 100644 --- a/oak_attestation_verification/Cargo.toml +++ b/oak_attestation_verification/Cargo.toml @@ -13,6 +13,7 @@ coset = { version = "*", default-features = false } ecdsa = { version = "*", features = ["pkcs8", "pem"] } hex = "*" oak_dice = { workspace = true } +oak_attestation_proto = { workspace = true } prost = { workspace = true } p256 = { version = "*", features = ["ecdsa-core", "ecdsa", "pem"] } serde = { version = "*", features = ["derive"] } @@ -20,6 +21,3 @@ serde_jcs = "*" serde_json = "*" sha2 = { version = "*", default-features = false } time = { version = "0.3.28", features = ["serde", "parsing", "formatting"] } - -[build-dependencies] -prost-build = { workspace = true } diff --git a/oak_attestation_verification/src/claims.rs b/oak_attestation_verification/src/claims.rs index 29116c71a6d..2a63ef6a21e 100644 --- a/oak_attestation_verification/src/claims.rs +++ b/oak_attestation_verification/src/claims.rs @@ -21,9 +21,9 @@ extern crate alloc; -use crate::proto::oak::HexDigest; use alloc::{collections::BTreeMap, string::String, vec::Vec}; use anyhow::Context; +use oak_attestation_proto::oak::HexDigest; use serde::{Deserialize, Serialize}; use time::OffsetDateTime; diff --git a/oak_attestation_verification/src/endorsement.rs b/oak_attestation_verification/src/endorsement.rs index 760b9f77f5a..015035f793d 100644 --- a/oak_attestation_verification/src/endorsement.rs +++ b/oak_attestation_verification/src/endorsement.rs @@ -21,12 +21,12 @@ use crate::{ get_digest, parse_endorsement_statement, validate_endorsement, verify_validity_duration, EndorsementStatement, }, - proto::oak::HexDigest, rekor::{get_rekor_log_entry_body, verify_rekor_log_entry}, util::{convert_pem_to_raw, equal_keys, is_hex_digest_match, MatchResult}, }; use anyhow::Context; use base64::{prelude::BASE64_STANDARD, Engine as _}; +use oak_attestation_proto::oak::HexDigest; /// Compares the digest contained in the endorsement against the given one. pub fn verify_binary_digest( diff --git a/oak_attestation_verification/src/lib.rs b/oak_attestation_verification/src/lib.rs index 5cf6f591327..c443c654dcf 100644 --- a/oak_attestation_verification/src/lib.rs +++ b/oak_attestation_verification/src/lib.rs @@ -19,24 +19,6 @@ extern crate alloc; -// Inlined from tonic::include_proto in order to cut dependency on tonic. -macro_rules! include_proto { - ($package: tt) => { - include!(concat!(env!("OUT_DIR"), concat!("/", $package, ".rs"))); - }; -} - -pub mod proto { - pub mod oak { - include_proto!("oak"); - pub mod attestation { - pub mod v1 { - include_proto!("oak.attestation.v1"); - } - } - } -} - pub mod claims; pub mod endorsement; pub mod rekor; diff --git a/oak_attestation_verification/src/util.rs b/oak_attestation_verification/src/util.rs index fb150cb1e53..60878fe9615 100644 --- a/oak_attestation_verification/src/util.rs +++ b/oak_attestation_verification/src/util.rs @@ -14,12 +14,12 @@ // limitations under the License. // -use crate::proto::oak::{HexDigest, RawDigest}; use alloc::{string::String, vec::Vec}; use anyhow::Context; use base64::{prelude::BASE64_STANDARD, Engine as _}; use core::{cmp::Ordering, str::FromStr}; use ecdsa::{signature::Verifier, Signature}; +use oak_attestation_proto::oak::{HexDigest, RawDigest}; use p256::ecdsa::VerifyingKey; use sha2::{Digest, Sha256, Sha384, Sha512}; diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs index 611ba1048dc..b2be4f63bbe 100644 --- a/oak_attestation_verification/src/verifier.rs +++ b/oak_attestation_verification/src/verifier.rs @@ -20,20 +20,6 @@ use crate::{ alloc::string::ToString, claims::{get_digest, parse_endorsement_statement}, endorsement::verify_binary_endorsement, - proto::oak::{ - attestation::v1::{ - attestation_results::Status, binary_reference_value, endorsements, reference_values, - ApplicationKeys, ApplicationLayerEndorsements, ApplicationLayerReferenceValues, - AttestationResults, BinaryReferenceValue, CbEndorsements, CbReferenceValues, - ContainerLayerEndorsements, ContainerLayerReferenceValues, Endorsements, Evidence, - KernelLayerEndorsements, KernelLayerReferenceValues, LayerEvidence, - OakContainersEndorsements, OakContainersReferenceValues, - OakRestrictedKernelEndorsements, OakRestrictedKernelReferenceValues, ReferenceValues, - RootLayerEndorsements, RootLayerEvidence, RootLayerReferenceValues, - SystemLayerEndorsements, SystemLayerReferenceValues, TransparentReleaseEndorsement, - }, - RawDigest, - }, util::{ hex_to_raw_digest, is_hex_digest_match, is_raw_digest_match, raw_to_hex_digest, MatchResult, }, @@ -42,6 +28,20 @@ use crate::{ use alloc::vec::Vec; use coset::{cbor::Value, cwt::ClaimsSet, CborSerializable, CoseKey, RegisteredLabelWithPrivate}; use ecdsa::{signature::Verifier, Signature}; +use oak_attestation_proto::oak::{ + attestation::v1::{ + attestation_results::Status, binary_reference_value, endorsements, reference_values, + ApplicationKeys, ApplicationLayerEndorsements, ApplicationLayerReferenceValues, + AttestationResults, BinaryReferenceValue, CbEndorsements, CbReferenceValues, + ContainerLayerEndorsements, ContainerLayerReferenceValues, Endorsements, Evidence, + KernelLayerEndorsements, KernelLayerReferenceValues, LayerEvidence, + OakContainersEndorsements, OakContainersReferenceValues, OakRestrictedKernelEndorsements, + OakRestrictedKernelReferenceValues, ReferenceValues, RootLayerEndorsements, + RootLayerEvidence, RootLayerReferenceValues, SystemLayerEndorsements, + SystemLayerReferenceValues, TransparentReleaseEndorsement, + }, + RawDigest, +}; use oak_dice::cert::{ cose_key_to_hpke_public_key, cose_key_to_verifying_key, get_public_key_from_claims_set, ACPI_MEASUREMENT_ID, CONTAINER_IMAGE_ID, ENCLAVE_APPLICATION_LAYER_ID, INITRD_MEASUREMENT_ID, @@ -58,21 +58,21 @@ pub struct DiceChainResult { signing_public_key: Vec, } -impl From<&anyhow::Result> for AttestationResults { - fn from(value: &anyhow::Result) -> Self { - match value { - Ok(dice_chain_result) => AttestationResults { - status: Status::Success.into(), - encryption_public_key: dice_chain_result.encryption_public_key.clone(), - signing_public_key: dice_chain_result.signing_public_key.clone(), - ..Default::default() - }, - Err(err) => AttestationResults { - status: Status::GenericFailure.into(), - reason: err.to_string(), - ..Default::default() - }, - } +pub fn to_attestation_results( + verify_result: &anyhow::Result, +) -> AttestationResults { + match verify_result { + Ok(dice_chain_result) => AttestationResults { + status: Status::Success.into(), + encryption_public_key: dice_chain_result.encryption_public_key.clone(), + signing_public_key: dice_chain_result.signing_public_key.clone(), + ..Default::default() + }, + Err(err) => AttestationResults { + status: Status::GenericFailure.into(), + reason: err.to_string(), + ..Default::default() + }, } } diff --git a/oak_attestation_verification/tests/endorsement_tests.rs b/oak_attestation_verification/tests/endorsement_tests.rs index 5d7cccb3e06..ac3585f40c1 100644 --- a/oak_attestation_verification/tests/endorsement_tests.rs +++ b/oak_attestation_verification/tests/endorsement_tests.rs @@ -25,11 +25,12 @@ use oak_attestation_verification::{ verify_binary_digest, verify_binary_endorsement, verify_endorsement_statement, verify_endorser_public_key, }, - proto::oak::HexDigest, rekor::{verify_rekor_log_entry, verify_rekor_signature}, util::{convert_pem_to_raw, MatchResult}, }; +use oak_attestation_proto::oak::HexDigest; + const BINARY_DIGEST: &str = "39051983bbb600bbfb91bd22ee4c976420f8f0c6a895fd083dcb0d153ddd5fd6"; const ENDORSEMENT_PATH: &str = "testdata/endorsement.json"; diff --git a/oak_attestation_verification/tests/verifier_tests.rs b/oak_attestation_verification/tests/verifier_tests.rs index 2a988a83d47..d50dbd9e9d5 100644 --- a/oak_attestation_verification/tests/verifier_tests.rs +++ b/oak_attestation_verification/tests/verifier_tests.rs @@ -18,17 +18,17 @@ use prost::Message; use std::fs; use oak_attestation_verification::{ - proto::oak::attestation::v1::{ - attestation_results::Status, AmdSevReferenceValues, AttestationResults, - BinaryReferenceValue, ContainerLayerEndorsements, ContainerLayerReferenceValues, - EndorsementReferenceValue, Endorsements, Evidence, KernelLayerEndorsements, - KernelLayerReferenceValues, OakContainersEndorsements, OakContainersReferenceValues, - ReferenceValues, RootLayerEndorsements, RootLayerReferenceValues, SkipVerification, - StringReferenceValue, SystemLayerEndorsements, SystemLayerReferenceValues, - TransparentReleaseEndorsement, - }, util::convert_pem_to_raw, - verifier::verify, + verifier::{to_attestation_results, verify}, +}; + +use oak_attestation_proto::oak::attestation::v1::{ + attestation_results::Status, AmdSevReferenceValues, BinaryReferenceValue, + ContainerLayerEndorsements, ContainerLayerReferenceValues, EndorsementReferenceValue, + Endorsements, Evidence, KernelLayerEndorsements, KernelLayerReferenceValues, + OakContainersEndorsements, OakContainersReferenceValues, ReferenceValues, + RootLayerEndorsements, RootLayerReferenceValues, SkipVerification, StringReferenceValue, + SystemLayerEndorsements, SystemLayerReferenceValues, TransparentReleaseEndorsement, }; const ENDORSEMENT_PATH: &str = "testdata/endorsement.json"; @@ -87,7 +87,9 @@ fn create_endorsements() -> Endorsements { container_layer: Some(container_layer), }; Endorsements { - r#type: Some(oak_attestation_verification::proto::oak::attestation::v1::endorsements::Type::OakContainers(ends)), + r#type: Some( + oak_attestation_proto::oak::attestation::v1::endorsements::Type::OakContainers(ends), + ), } } @@ -108,10 +110,18 @@ fn create_reference_values() -> ReferenceValues { rekor_public_key, }; let skip = BinaryReferenceValue { - r#type: Some(oak_attestation_verification::proto::oak::attestation::v1::binary_reference_value::Type::Skip(SkipVerification {})), + r#type: Some( + oak_attestation_proto::oak::attestation::v1::binary_reference_value::Type::Skip( + SkipVerification {}, + ), + ), }; let brv = BinaryReferenceValue { - r#type: Some(oak_attestation_verification::proto::oak::attestation::v1::binary_reference_value::Type::Endorsement(erv)), + r#type: Some( + oak_attestation_proto::oak::attestation::v1::binary_reference_value::Type::Endorsement( + erv, + ), + ), }; let srv = StringReferenceValue { values: ["whatever".to_owned()].to_vec(), @@ -150,7 +160,9 @@ fn create_reference_values() -> ReferenceValues { container_layer: Some(container_layer), }; ReferenceValues { - r#type: Some(oak_attestation_verification::proto::oak::attestation::v1::reference_values::Type::OakContainers(vs)), + r#type: Some( + oak_attestation_proto::oak::attestation::v1::reference_values::Type::OakContainers(vs), + ), } } @@ -161,7 +173,7 @@ fn verify_succeeds() { let reference_values = create_reference_values(); let r = verify(NOW_UTC_MILLIS, &evidence, &endorsements, &reference_values); - let p = AttestationResults::from(&r); + let p = to_attestation_results(&r); eprintln!("======================================"); eprintln!("code={} reason={}", p.status as i32, p.reason); @@ -178,7 +190,7 @@ fn verify_fails_with_manipulated_root_public_key() { let reference_values = create_reference_values(); let r = verify(NOW_UTC_MILLIS, &evidence, &endorsements, &reference_values); - let p = AttestationResults::from(&r); + let p = to_attestation_results(&r); eprintln!("======================================"); eprintln!("code={} reason={}", p.status as i32, p.reason); @@ -194,7 +206,7 @@ fn verify_fails_with_empty_args() { let reference_values = ReferenceValues::default(); let r = verify(NOW_UTC_MILLIS, &evidence, &endorsements, &reference_values); - let p = AttestationResults::from(&r); + let p = to_attestation_results(&r); assert!(r.is_err()); assert!(p.status() == Status::GenericFailure); diff --git a/oak_functions/examples/benchmark/module/Cargo.toml b/oak_functions/examples/benchmark/module/Cargo.toml index adf5c7012fd..748194b238b 100644 --- a/oak_functions/examples/benchmark/module/Cargo.toml +++ b/oak_functions/examples/benchmark/module/Cargo.toml @@ -10,7 +10,5 @@ crate-type = ["cdylib", "rlib"] [dependencies] oak_functions_sdk = { workspace = true } +oak_functions_proto = { workspace = true } prost = { workspace = true } - -[build-dependencies] -prost-build = { workspace = true } diff --git a/oak_functions/examples/benchmark/module/build.rs b/oak_functions/examples/benchmark/module/build.rs deleted file mode 100644 index b21694c5159..00000000000 --- a/oak_functions/examples/benchmark/module/build.rs +++ /dev/null @@ -1,29 +0,0 @@ -// -// Copyright 2021 The Project Oak Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -extern crate prost_build; - -fn main() { - let file_paths = ["proto/oak_functions/benchmark.proto"]; - prost_build::compile_protos(&file_paths, &["../../../../"]).expect("proto compilation failed"); - - // Tell cargo to rerun this build script if the proto file has changed. - // https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorerun-if-changedpath - for proto_path in file_paths.iter() { - let file_path = std::path::Path::new(proto_path); - println!("cargo:rerun-if-changed=../../../../{}", file_path.display()); - } -} diff --git a/oak_functions/examples/benchmark/module/src/lib.rs b/oak_functions/examples/benchmark/module/src/lib.rs index 29d6c37bdb0..125279dc6c3 100644 --- a/oak_functions/examples/benchmark/module/src/lib.rs +++ b/oak_functions/examples/benchmark/module/src/lib.rs @@ -15,12 +15,11 @@ // //! Oak Functions benchmark example. -pub mod proto { - include!(concat!(env!("OUT_DIR"), "/oak.functions.benchmark.rs")); -} +use oak_functions_proto::oak::oak_functions::benchmark::{ + benchmark_request::Action, BenchmarkRequest, EchoAndPanicTest, LookupTest, +}; use prost::Message; -use proto::{benchmark_request::Action, BenchmarkRequest, EchoAndPanicTest, LookupTest}; #[cfg_attr(not(test), no_mangle)] pub extern "C" fn main() { diff --git a/oak_functions/lookup_data_checker/Cargo.toml b/oak_functions/lookup_data_checker/Cargo.toml index c33003005f3..c25328e1667 100644 --- a/oak_functions/lookup_data_checker/Cargo.toml +++ b/oak_functions/lookup_data_checker/Cargo.toml @@ -13,4 +13,5 @@ env_logger = "*" location_utils = { workspace = true } log = "*" oak_functions_abi = { workspace = true } +oak_functions_proto = { workspace = true } prost = { workspace = true } diff --git a/oak_functions/lookup_data_checker/src/main.rs b/oak_functions/lookup_data_checker/src/main.rs index 377605bf052..11c5f019173 100644 --- a/oak_functions/lookup_data_checker/src/main.rs +++ b/oak_functions/lookup_data_checker/src/main.rs @@ -39,8 +39,10 @@ pub fn parse_lookup_entries( let mut entries = HashMap::new(); while lookup_data_buffer.has_remaining() { let entry = - oak_functions_abi::proto::Entry::decode_length_delimited(&mut lookup_data_buffer) - .map_err(|err| anyhow::anyhow!("couldn't decode entry: {err}"))?; + oak_functions_proto::oak::oak_functions::lookup_data::Entry::decode_length_delimited( + &mut lookup_data_buffer, + ) + .map_err(|err| anyhow::anyhow!("couldn't decode entry: {err}"))?; entries.insert(entry.key, entry.value); } Ok(entries) diff --git a/oak_functions/lookup_data_generator/Cargo.toml b/oak_functions/lookup_data_generator/Cargo.toml index 60a677d72ed..850a03565dd 100644 --- a/oak_functions/lookup_data_generator/Cargo.toml +++ b/oak_functions/lookup_data_generator/Cargo.toml @@ -12,6 +12,7 @@ clap = { version = "*", features = ["derive"] } location_utils = { workspace = true } multimap = "*" oak_functions_abi = { workspace = true } +oak_functions_proto = { workspace = true } prost = { workspace = true } rand = "*" serde = { version = "*", features = ["derive"] } diff --git a/oak_functions/lookup_data_generator/src/data.rs b/oak_functions/lookup_data_generator/src/data.rs index 5a4df211a23..f34c42f1430 100644 --- a/oak_functions/lookup_data_generator/src/data.rs +++ b/oak_functions/lookup_data_generator/src/data.rs @@ -21,7 +21,7 @@ use location_utils::{ DEFAULT_CUTOFF_RADIUS_RADIANS, S2_DEFAULT_LEVEL, }; use multimap::MultiMap; -use oak_functions_abi::proto::Entry; +use oak_functions_proto::oak::oak_functions::lookup_data::Entry; use prost::Message; use rand::Rng; use serde::Serialize; diff --git a/oak_functions_abi/Cargo.toml b/oak_functions_abi/Cargo.toml index bc32bdbc227..8ab64ca961f 100644 --- a/oak_functions_abi/Cargo.toml +++ b/oak_functions_abi/Cargo.toml @@ -10,6 +10,3 @@ anyhow = { version = "*", default-features = false } prost = { workspace = true } strum = { version = "*", default-features = false, features = ["derive"] } static_assertions = "*" - -[build-dependencies] -prost-build = { workspace = true } diff --git a/oak_functions_abi/src/lib.rs b/oak_functions_abi/src/lib.rs index e2d161228bd..cb1595278b9 100644 --- a/oak_functions_abi/src/lib.rs +++ b/oak_functions_abi/src/lib.rs @@ -23,11 +23,6 @@ extern crate alloc; use alloc::vec::Vec; -pub mod proto { - include!(concat!(env!("OUT_DIR"), "/oak.functions.abi.rs")); - include!(concat!(env!("OUT_DIR"), "/oak.functions.lookup_data.rs")); -} - /// See REQUEST_RESPONSE_ENCODING.MD in the crate root. #[derive(Clone, PartialEq, Debug)] pub struct Request { diff --git a/oak_functions_containers_launcher/Cargo.toml b/oak_functions_containers_launcher/Cargo.toml index 8c0f2cb225a..e6b8812ec21 100644 --- a/oak_functions_containers_launcher/Cargo.toml +++ b/oak_functions_containers_launcher/Cargo.toml @@ -18,6 +18,7 @@ oak_containers_launcher = { workspace = true } oak_crypto = { workspace = true } oak_functions_abi = { workspace = true } oak_functions_launcher = { workspace = true } +oak_functions_proto = { workspace = true } oak_remote_attestation = { workspace = true } prost = "*" tokio = { version = "*", features = ["rt-multi-thread", "macros", "sync"] } diff --git a/oak_functions_containers_launcher/src/lookup.rs b/oak_functions_containers_launcher/src/lookup.rs index f7aa3165dd8..bf6e08cb1c1 100644 --- a/oak_functions_containers_launcher/src/lookup.rs +++ b/oak_functions_containers_launcher/src/lookup.rs @@ -136,8 +136,10 @@ fn parse_lookup_entries( let mut entries = HashMap::new(); while lookup_data_buffer.has_remaining() { let entry = - oak_functions_abi::proto::Entry::decode_length_delimited(&mut lookup_data_buffer) - .context("couldn't decode entry")?; + oak_functions_proto::oak::oak_functions::lookup_data::Entry::decode_length_delimited( + &mut lookup_data_buffer, + ) + .context("couldn't decode entry")?; entries.insert(entry.key, entry.value); } Ok(entries) diff --git a/oak_functions_launcher/Cargo.toml b/oak_functions_launcher/Cargo.toml index 8aa53eb81d3..56d01e1b80f 100644 --- a/oak_functions_launcher/Cargo.toml +++ b/oak_functions_launcher/Cargo.toml @@ -15,6 +15,7 @@ command-fds = { version = "*", features = ["tokio"] } futures = "*" log = "*" env_logger = "*" +oak_functions_proto = { workspace = true } prost = { workspace = true } serde = "*" tokio = { version = "*", features = [ diff --git a/oak_functions_launcher/src/lookup.rs b/oak_functions_launcher/src/lookup.rs index dcdfb790f47..1ea49e2fd3e 100644 --- a/oak_functions_launcher/src/lookup.rs +++ b/oak_functions_launcher/src/lookup.rs @@ -142,8 +142,10 @@ fn parse_lookup_entries( let mut entries = HashMap::new(); while lookup_data_buffer.has_remaining() { let entry = - oak_functions_abi::proto::Entry::decode_length_delimited(&mut lookup_data_buffer) - .context("couldn't decode entry")?; + oak_functions_proto::oak::oak_functions::lookup_data::Entry::decode_length_delimited( + &mut lookup_data_buffer, + ) + .context("couldn't decode entry")?; entries.insert(entry.key, entry.value); } Ok(entries) diff --git a/oak_functions_service/Cargo.toml b/oak_functions_service/Cargo.toml index 2248943c353..991a780745f 100644 --- a/oak_functions_service/Cargo.toml +++ b/oak_functions_service/Cargo.toml @@ -22,6 +22,7 @@ oak_core = { workspace = true } oak_crypto = { workspace = true } oak_functions_abi = { workspace = true } oak_functions_sdk = { workspace = true } +oak_functions_proto = { workspace = true } oak_remote_attestation = { workspace = true } prost = { workspace = true } spinning_top = "*" diff --git a/oak_functions_service/tests/integration_test.rs b/oak_functions_service/tests/integration_test.rs index 4d7fb9fe3bb..4cf44c2aa90 100644 --- a/oak_functions_service/tests/integration_test.rs +++ b/oak_functions_service/tests/integration_test.rs @@ -19,12 +19,14 @@ extern crate alloc; -use benchmark::proto::{benchmark_request::Action, BenchmarkRequest, EchoAndPanicTest}; use core::assert_matches::assert_matches; use oak_crypto::{ encryptor::{ClientEncryptor, EncryptionKeyProvider}, proto::oak::crypto::v1::EncryptedRequest, }; +use oak_functions_proto::oak::oak_functions::benchmark::{ + benchmark_request::Action, BenchmarkRequest, EchoAndPanicTest, +}; use oak_functions_service::{ proto::oak::functions::{ ExtendNextLookupDataRequest, FinishNextLookupDataRequest, InitializeRequest, InvokeRequest, diff --git a/oak_functions_test_utils/Cargo.toml b/oak_functions_test_utils/Cargo.toml index a32db42a0b7..198fc100013 100644 --- a/oak_functions_test_utils/Cargo.toml +++ b/oak_functions_test_utils/Cargo.toml @@ -15,6 +15,7 @@ hyper = { version = "*", features = ["client", "http1", "runtime", "server"] } nix = "*" oak_functions_abi = { workspace = true } oak_functions_client = { workspace = true } +oak_functions_proto = { workspace = true } port_check = "*" prost = { workspace = true } tempfile = "*" diff --git a/oak_functions_test_utils/src/lib.rs b/oak_functions_test_utils/src/lib.rs index 24abc58bdfc..d4f6ba7d52b 100644 --- a/oak_functions_test_utils/src/lib.rs +++ b/oak_functions_test_utils/src/lib.rs @@ -77,7 +77,8 @@ pub fn compile_rust_wasm(manifest_path: &str, release: bool) -> anyhow::Result, Vec>) -> Vec { let mut buf = Vec::new(); for (key, value) in entries.into_iter() { - let entry_proto = oak_functions_abi::proto::Entry { key, value }; + let entry_proto = + oak_functions_proto::oak::oak_functions::lookup_data::Entry { key, value }; entry_proto .encode_length_delimited(&mut buf) .expect("couldn't encode entry as length delimited"); diff --git a/oak_ml_transparency/runner/Cargo.lock b/oak_ml_transparency/runner/Cargo.lock index a857c56b6fa..dae55791519 100644 --- a/oak_ml_transparency/runner/Cargo.lock +++ b/oak_ml_transparency/runner/Cargo.lock @@ -538,9 +538,9 @@ dependencies = [ "ecdsa", "hex", "oak_dice", + "oak_proto", "p256", "prost", - "prost-build", "serde", "serde_jcs", "serde_json", @@ -565,6 +565,14 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "oak_proto" +version = "0.0.1" +dependencies = [ + "prost", + "prost-build", +] + [[package]] name = "once_cell" version = "1.18.0" diff --git a/proto/attestation/Cargo.toml b/proto/attestation/Cargo.toml new file mode 100644 index 00000000000..7a878f657bf --- /dev/null +++ b/proto/attestation/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "oak_attestation_proto" +version = "0.0.1" +edition = "2021" +license = "Apache-2.0" + +[dependencies] +prost = { workspace = true } + +[build-dependencies] +prost-build = { workspace = true } diff --git a/oak_attestation_verification/build.rs b/proto/attestation/build.rs similarity index 100% rename from oak_attestation_verification/build.rs rename to proto/attestation/build.rs diff --git a/proto/attestation/src/lib.rs b/proto/attestation/src/lib.rs new file mode 100644 index 00000000000..824ef5e0d7f --- /dev/null +++ b/proto/attestation/src/lib.rs @@ -0,0 +1,32 @@ +// +// Copyright 2023 The Project Oak Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Inlined from tonic::include_proto in order to cut dependency on tonic. +macro_rules! include_proto { + ($package: tt) => { + include!(concat!(env!("OUT_DIR"), concat!("/", $package, ".rs"))); + }; +} + +pub mod oak { + include_proto!("oak"); + + pub mod attestation { + pub mod v1 { + include_proto!("oak.attestation.v1"); + } + } +} diff --git a/proto/oak_functions/Cargo.toml b/proto/oak_functions/Cargo.toml new file mode 100644 index 00000000000..e05ddbec809 --- /dev/null +++ b/proto/oak_functions/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "oak_functions_proto" +version = "0.0.1" +edition = "2021" +license = "Apache-2.0" + +[dependencies] +prost = { workspace = true } + +[build-dependencies] +prost-build = { workspace = true } diff --git a/oak_functions_abi/build.rs b/proto/oak_functions/build.rs similarity index 75% rename from oak_functions_abi/build.rs rename to proto/oak_functions/build.rs index f8eda6b0508..2548a31e5c4 100644 --- a/oak_functions_abi/build.rs +++ b/proto/oak_functions/build.rs @@ -1,5 +1,5 @@ // -// Copyright 2021 The Project Oak Authors +// Copyright 2023 The Project Oak Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -14,19 +14,20 @@ // limitations under the License. // -extern crate prost_build; - -fn main() { - let file_paths = [ +fn main() -> Result<(), Box> { + let proto_paths = [ "proto/oak_functions/abi.proto", + "proto/oak_functions/benchmark.proto", "proto/oak_functions/lookup_data.proto", ]; - prost_build::compile_protos(&file_paths, &[".."]).expect("proto compilation failed"); + prost_build::compile_protos(&proto_paths, &[".."]).expect("proto compilation failed"); // Tell cargo to rerun this build script if the proto file has changed. // https://doc.rust-lang.org/cargo/reference/build-scripts.html#cargorerun-if-changedpath - for proto_path in file_paths.iter() { + for proto_path in proto_paths.iter() { let file_path = std::path::Path::new(proto_path); println!("cargo:rerun-if-changed=../{}", file_path.display()); } + + Ok(()) } diff --git a/proto/oak_functions/src/lib.rs b/proto/oak_functions/src/lib.rs new file mode 100644 index 00000000000..74e5a1f133f --- /dev/null +++ b/proto/oak_functions/src/lib.rs @@ -0,0 +1,36 @@ +// +// Copyright 2023 The Project Oak Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Inlined from tonic::include_proto in order to cut dependency on tonic. +macro_rules! include_proto { + ($package: tt) => { + include!(concat!(env!("OUT_DIR"), concat!("/", $package, ".rs"))); + }; +} + +pub mod oak { + pub mod oak_functions { + pub mod abi { + include_proto!("oak.functions.abi"); + } + pub mod benchmark { + include_proto!("oak.functions.benchmark"); + } + pub mod lookup_data { + include_proto!("oak.functions.lookup_data"); + } + } +}