WIP: Full-duplex experiment.

CLI_QUICKSTART.markdown

@@ -44,7 +44,7 @@ separate binaries:
 - `vc-client`/`veracruz-client` - Communicates with the Veracruz server using
   an identity's certificate to upload/download data and programs for
   computation.
-- `vc-fee`/`freestanding-execution-environment` - Provides a freestanding
+- `vc-fee`/`freestanding-execution-engine` - Provides a freestanding
   execution environment that can be used to test Veracruz programs without
   needing the full attestation/TEE framework.
 - `vc-wc`/`wasm-checker` - Checks that a Veracruz program is able to run in

examples/rust-examples/file-transfer/Cargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "file-transfer"
+version = "0.3.0"
+description = "Generate a large output file"
+authors = ["The Veracruz Development Team"]
+edition = "2018"
+
+[dependencies]
+anyhow = "1.0.14"

examples/rust-examples/file-transfer/src/main.rs

@@ -0,0 +1,12 @@
+//! Generate a large output file.
+
+use std::fs::File;
+use std::io::Write;
+
+fn main() -> anyhow::Result<()> {
+    let mut f = File::create("/output/file.dat")?;
+    let len = 1;
+    let buf = vec![0; len];
+    f.write_all(&buf)?;
+    Ok(())
+}

execution-engine/src/engines/common.rs

@@ -128,6 +128,7 @@ pub enum WasiAPIName {
 #[strum(serialize_all = "lowercase")]
 pub enum VeracruzAPIName {
     FD_CREATE,
+    NANOSLEEP,
 }
 
 ////////////////////////////////////////////////////////////////////////////////

execution-engine/src/engines/wasmi.rs

@@ -401,12 +401,14 @@ impl TypeCheck {
             },
             APIName::VeracruzAPIName(index) => match index {
                 VeracruzAPIName::FD_CREATE => vec![Self::POINTER],
+                VeracruzAPIName::NANOSLEEP => vec![ValueType::I64],
             },
         }
     }
 
     /// Check if the numbers of parameters in `args` is correct against the wasi function call `index`.
     /// Return FatalEngineError::BadArgumentsToHostFunction{ index }, if not.
+    // TODO: Make this also work for VeracruzAPIName.
     pub(crate) fn check_args_number(args: &RuntimeArgs, index: WasiAPIName) -> Result<()> {
         if args.len() == Self::get_params(APIName::WasiAPIName(index)).len() {
             Ok(())
@@ -571,6 +573,7 @@ impl Externals for WASMIRuntimeState {
             },
             APIName::VeracruzAPIName(veracruz_call_index) => match veracruz_call_index {
                 VeracruzAPIName::FD_CREATE => self.veracruz_fd_create(args),
+                VeracruzAPIName::NANOSLEEP => self.veracruz_nanosleep(args),
             },
         }
         .map_err(|e| {
@@ -1291,6 +1294,14 @@ impl WASMIRuntimeState {
         Self::convert_to_errno(self.vfs.fd_create(&mut self.memory()?, address))
     }
 
+    fn veracruz_nanosleep(&mut self, args: RuntimeArgs) -> WasiResult {
+        let x = args.nth_checked::<u64>(0)?;
+        println!("xx wasmi nanosleep({}) begin", x);
+        std::thread::sleep(std::time::Duration::from_nanos(x));
+        println!("xx wasmi nanosleep({}) end", x);
+        Ok(ErrNo::Success)
+    }
+
 }
 
 ////////////////////////////////////////////////////////////////////////////////

execution-engine/src/engines/wasmtime.rs

@@ -474,6 +474,11 @@ impl WasmtimeRuntimeState {
             VeracruzAPIName::FD_CREATE.into(),
             Self::veracruz_si_fd_create,
         )?;
+        linker.func_wrap(
+            WasiWrapper::VERACRUZ_SI_MODULE_NAME,
+            VeracruzAPIName::NANOSLEEP.into(),
+            Self::veracruz_si_nanosleep,
+        )?;
 
         info!("Link external functions.");
 
@@ -1109,6 +1114,13 @@ impl WasmtimeRuntimeState {
         Self::convert_to_errno(vfs.fd_create(&mut caller, address))
     }
 
+    fn veracruz_si_nanosleep(mut _caller: CallerWrapper, x: u64) -> u32 {
+        println!("xx wasmtime nanosleep({}) begin", x);
+        std::thread::sleep(std::time::Duration::from_nanos(x));
+        println!("xx wasmtime nanosleep({}) end", x);
+        Self::convert_to_errno(Err(ErrNo::Success))
+    }
+
 }
 
 /// The `WasmtimeHostProvisioningState` implements everything needed to create a

execution-engine/src/pipeline.rs

@@ -39,7 +39,11 @@ pub fn execute_pipeline(
 ) -> Result<u32> {
     use policy_utils::pipeline::Expr::*;
     match *pipeline {
-        Literal(path_string) => {
+        Literal(mut path_string) => {
+            // Turn a relative path into an absolute path.
+            if &path_string[0..1] != "/" {
+                path_string.insert(0, '/');
+            }
             info!("Literal {:?}", path_string);
             // read and call execute_program
             let binary = caller_filesystem.read_exeutable_by_absolute_path(path_string)?;

measure.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+
+if [ -z "${1+x}" ] ; then
+    echo Give number of bytes as argument, for example $0 100000000
+    exit
+fi
+
+size=$1
+perl -e 'if ($ARGV[0] !~ /^[1-9][0-9]*$/) {
+  die "Argument must be decimal\n"; }' "$size"
+
+set -euxo pipefail
+
+mkdir -p example
+
+head -c $size /dev/zero > example/input.dat
+perl -i -pe 's/ len = \d+/ len = '$size'/;' \
+  examples/rust-examples/file-transfer/src/main.rs
+
+make -C workspaces linux PROFILE=release
+sudo make -C workspaces linux-install PROFILE=release
+
+cargo build --manifest-path=workspaces/applications/Cargo.toml \
+  --target wasm32-wasi --release --package file-transfer
+cp workspaces/applications/target/wasm32-wasi/release/file-transfer.wasm \
+  example/example-binary.wasm
+
+openssl ecparam -name prime256v1 -genkey > example/example-program-key.pem
+openssl req -x509 -days 3650 \
+    -key example/example-program-key.pem \
+    -out example/example-program-cert.pem \
+    -config workspaces/cert.conf
+
+openssl ecparam -name prime256v1 -genkey > example/example-data0-key.pem
+openssl req -x509 -days 3650 \
+    -key example/example-data0-key.pem \
+    -out example/example-data0-cert.pem \
+    -config workspaces/cert.conf
+
+openssl ecparam -name prime256v1 -genkey > example/example-result-key.pem
+openssl req -x509 -days 3650 \
+    -key example/example-result-key.pem \
+    -out example/example-result-cert.pem \
+    -config workspaces/cert.conf
+
+openssl ecparam -name prime256v1 -noout -genkey > example/CAKey.pem
+openssl req -x509 -days 1825 \
+    -subj "/C=Mx/ST=Veracruz/L=Veracruz/O=Veracruz/OU=Proxy/CN=VeracruzProxyServer" \
+    -key example/CAKey.pem \
+    -out example/CACert.pem \
+    -config workspaces/ca-cert.conf
+
+vc-pgen \
+    --proxy-attestation-server-ip 127.0.0.1:3010 \
+    --proxy-attestation-server-cert example/CACert.pem \
+    --veracruz-server-ip 127.0.0.1:3017 \
+    --certificate-expiry "$(date --rfc-2822 -d 'now + 100 days')" \
+    --css-file workspaces/linux-runtime/target/release/runtime_manager_enclave \
+    --certificate example/example-program-cert.pem \
+    --capability "/program/:w" \
+    --certificate example/example-data0-cert.pem \
+    --capability "/input/:w" \
+    --certificate example/example-result-cert.pem \
+    --capability "/program/:x,/output/:r" \
+    --binary /program/example-binary.wasm=example/example-binary.wasm \
+    --capability "/input/:r,/output/:w" \
+    --output-policy-file example/example-policy.json \
+    --max-memory-mib 256
+
+( cd /opt/veraison/vts && /opt/veraison/vts/vts ) &
+( cd /opt/veraison/provisioning && /opt/veraison/provisioning/provisioning ) &
+( cd example && /opt/veraison/proxy_attestation_server -l 127.0.0.1:3010 ) &
+sleep 10
+
+curl -X POST -H 'Content-Type: application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1' --data-binary "@/opt/veraison/psa_corim.cbor" localhost:8888/endorsement-provisioning/v1/submit
+curl -X POST -H 'Content-Type: application/corim-unsigned+cbor; profile=http://aws.com/nitro' --data-binary "@/opt/veraison/nitro_corim.cbor" localhost:8888/endorsement-provisioning/v1/submit
+time vc-server example/example-policy.json &
+sleep 10
+
+vc-client example/example-policy.json \
+  --identity example/example-program-cert.pem \
+  --key example/example-program-key.pem \
+  --program program/example-binary.wasm=example/example-binary.wasm
+
+T0=$(date +%s.%N)
+time vc-client example/example-policy.json \
+  --identity example/example-data0-cert.pem \
+  --key example/example-data0-key.pem \
+  --data input/file.dat=example/input.dat
+
+T1=$(date +%s.%N)
+time vc-client example/example-policy.json \
+  --identity example/example-result-cert.pem \
+  --key example/example-result-key.pem \
+  --compute program/example-binary.wasm \
+  --result output/file.dat=example/output.dat
+
+T2=$(date +%s.%N)
+
+pkill provisioning || true
+pkill proxy_attestati || true
+pkill vc-server || true
+pkill vts || true
+
+perl -i -pe 's/ len = \d+/ len = 1/;' \
+  examples/rust-examples/file-transfer/src/main.rs
+
+sleep 3
+perl -e '@x = @ARGV; $size = $x[3];
+  $in = $size / ($x[1] - $x[0]); $in_mb = int($in / 1e6 + 0.5);
+  $out = $size / ($x[2] - $x[1]); $out_mb = int($out / 1e6 + 0.5);
+  print "\nBytes: $size\n";
+  print "In: $in B/s ($in_mb MB/s)\n";
+  print "Out: $out B/s ($out_mb MB/s)\n\n";' \
+  "$T0" "$T1" "$T2" "$size"

runtime-manager/src/managers/execution_engine_manager.rs

@@ -201,6 +201,6 @@ pub fn dispatch_on_incoming_data(
         Some(REQUEST {
             message_oneof: Some(request),
             ..
-        }) => dispatch_on_request(client_id, request),
+        }) => dispatch_on_request(client_id, request).or(response_invalid_request()),
     }
 }

sdk/rust/libveracruz/src/lib.rs

@@ -15,13 +15,17 @@ mod veracruz_si_import {
     #[link(wasm_import_module = "veracruz_si")]
     extern "C" {
         pub fn fd_create(x: u32) -> u32;
+        pub fn nanosleep(x: u64) -> u32;
     }
 }
 
 mod veracruz_si {
     pub fn fd_create(fd: *mut crate::RawFd) -> u32 {
         unsafe { crate::veracruz_si_import::fd_create(fd as u32) }
     }
+    pub fn nanosleep(x: u64) -> u32 {
+        unsafe { crate::veracruz_si_import::nanosleep(x) }
+    }
 }
 
 /// Return a file descriptor for a newly created temporary file,
@@ -37,3 +41,9 @@ pub fn fd_create() -> std::io::Result<File> {
         panic!("unexpected")
     }
 }
+
+/// Nanosleep added for testing.
+pub fn nanosleep(x: u64) -> std::io::Result<u32> {
+    veracruz_si::nanosleep(x);
+    Ok(0)
+}