Move Remote Attestation Session Tracking logic into its own crate #2743
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jul-sh
force-pushed
the
extract-session-logic
branch
from
2807dac to
0ab8ecd
Compare
remove unused deps format oak-prefix crate name for consistency fix typo
jul-sh
force-pushed
the
extract-session-logic
branch
from
0ab8ecd to
7c0b815
Compare
jul-sh
commented
Apr 21, 2022
Comment on lines
+29
to
+95
| pub enum SessionState { | ||
| // Boxed due to large size difference, ref: https://rust-lang.github.io/rust-clippy/master/index.html#large_enum_variant | ||
| HandshakeInProgress(Box<ServerHandshaker>), | ||
| EncryptedMessageExchange(Encryptor), | ||
| } | ||
|
|
||
| /// Maintains remote attestation state for a number of sessions | ||
| pub struct SessionTracker { | ||
| /// PEM encoded X.509 certificate that signs TEE firmware key. | ||
| tee_certificate: Vec<u8>, | ||
| /// Configuration information to provide to the client for the attestation step. | ||
| additional_info: Arc<Vec<u8>>, | ||
| known_sessions: LruCache<SessionId, SessionState>, | ||
| } | ||
|
|
||
| impl SessionTracker { | ||
| pub fn create(cache_size: usize, tee_certificate: Vec<u8>, additional_info: Vec<u8>) -> Self { | ||
| let known_sessions = LruCache::new(cache_size); | ||
| Self { | ||
| tee_certificate, | ||
| additional_info: Arc::new(additional_info), | ||
| known_sessions, | ||
| } | ||
| } | ||
|
|
||
| /// Consumes remote attestation state of an existing session. Creates | ||
| /// initial state if the session is not known. | ||
| /// | ||
| /// Note that getting the remote attestation state of a session always | ||
| /// implicitly removes it from the set of tracked sessions. After | ||
| /// using the state to process a request with this state it must explicitly | ||
| /// be put back into the SessionTracker. This an intentional choice meant | ||
| /// to ensure that faulty state that leads to errors when processing | ||
| /// a request is not persistent. | ||
| pub fn pop_session_state(&mut self, session_id: SessionId) -> anyhow::Result<SessionState> { | ||
| match self.known_sessions.pop(&session_id) { | ||
| None => match AttestationBehavior::create_self_attestation(&self.tee_certificate) { | ||
| Ok(behavior) => Ok(SessionState::HandshakeInProgress(Box::new( | ||
| ServerHandshaker::new(behavior, self.additional_info.clone()), | ||
| ))), | ||
| Err(error) => Err(error.context("Couldn't create self attestation behavior")), | ||
| }, | ||
| Some(SessionState::HandshakeInProgress(handshaker)) => { | ||
| // Completed handshakers are functionally just wrap an | ||
| // encryptor. In that case the underlying handshaker is | ||
| // returned, ensuring consistent state representation. | ||
| match handshaker.is_completed() { | ||
| false => Ok(SessionState::HandshakeInProgress(handshaker)), | ||
| true => match handshaker.get_encryptor() { | ||
| Ok(encryptor) => Ok(SessionState::EncryptedMessageExchange(encryptor)), | ||
| Err(error) => Err(error.context("Couldn't get encryptor")), | ||
| }, | ||
| } | ||
| } | ||
| Some(SessionState::EncryptedMessageExchange(encryptor)) => { | ||
| Ok(SessionState::EncryptedMessageExchange(encryptor)) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| /// Record a session in the tracker. Unlike `pop_session_state` it does not | ||
| /// normalize session state, instead relying on normalization occuring | ||
| /// at retrieval time. | ||
| pub fn put_session_state(&mut self, session_id: SessionId, session_state: SessionState) { | ||
| self.known_sessions.put(session_id, session_state); | ||
| } | ||
| } |
andrisaar
reviewed
Apr 21, 2022
| edition = "2021" | ||
| license = "Apache-2.0" | ||
|
|
||
| [features] |
Collaborator
There was a problem hiding this comment.
I don't think you need this if you're not declaring any features.
andrisaar
approved these changes
Apr 21, 2022
|
Reproducibility Index: Reproducibility Index diff: diff --git a/reproducibility_index b/reproducibility_index
index b08a214..04a8fc0 100644
--- a/reproducibility_index
+++ b/reproducibility_index
@@ -1,2 +1,2 @@
-0553ab40d081e0315c0a93e0876da41cb5268952f3a536cdedf7fd45b34e393e ./target/x86_64-unknown-linux-musl/release/oak_functions_loader_base
-120e2d3443a3c6f2c2e3cc76b59e62ae1e8bdca89546baa305be454b0571bde6 ./target/x86_64-unknown-linux-musl/release/oak_functions_loader_unsafe
+e3b3a415d6c62143e9318e070faf897a276a7f1c3fd95c61ca2244fd1ed6f2ab ./target/x86_64-unknown-linux-musl/release/oak_functions_loader_base
+83d6028b4d04fcf30623dfb6e10eff47a9cd63097c48eca6e6649f9d8ec68213 ./target/x86_64-unknown-linux-musl/release/oak_functions_loader_unsafe
|
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ref: #2741, in preparation for #2742