Improve install with exported options (#986)

This commit is contained in:
Eddy Ashton 2020-03-25 14:50:30 +00:00 коммит произвёл GitHub
Родитель 68408c81af
Коммит bd8619f2f6
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
14 изменённых файлов: 73 добавлений и 100 удалений

Просмотреть файл

@ -33,7 +33,7 @@ parameters:
common:
cmake_args: '-DCMAKE_C_COMPILER_LAUNCHER="ccache" -DCMAKE_CXX_COMPILER_LAUNCHER="ccache"'
NoSGX:
cmake_args: '-DTARGET=virtual -DCOVERAGE=ON'
cmake_args: '-DCOMPILE_TARGETS=virtual -DCOVERAGE=ON'
SGX:
cmake_args: ''
debug:

Просмотреть файл

@ -42,7 +42,7 @@ option(BUILD_SMALLBANK "Build SmallBank sample app and clients" ON)
# Build common library for CCF enclaves
add_custom_target(ccf ALL)
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
# enclave version
add_library(
ccf.enclave STATIC
@ -94,7 +94,7 @@ if("sgx" IN_LIST TARGET)
add_dependencies(ccf ccf.enclave)
endif()
if("virtual" IN_LIST TARGET)
if("virtual" IN_LIST COMPILE_TARGETS)
# virtual version
add_library(
ccf.virtual STATIC ${CCF_DIR}/src/enclave/main.cpp

Просмотреть файл

@ -2,8 +2,16 @@
# Licensed under the Apache 2.0 License.
set(ALLOWED_TARGETS "sgx;virtual")
set(COMPILE_TARGETS
"sgx;virtual"
CACHE
STRING
"List of target compilation platforms. Choose from: ${ALLOWED_TARGETS}"
)
set(IS_VALID_TARGET "FALSE")
foreach(REQUESTED_TARGET ${TARGET})
foreach(REQUESTED_TARGET ${COMPILE_TARGETS})
if(${REQUESTED_TARGET} IN_LIST ALLOWED_TARGETS)
set(IS_VALID_TARGET "TRUE")
else()
@ -17,10 +25,16 @@ endforeach()
if((NOT ${IS_VALID_TARGET}))
message(
FATAL_ERROR
"Variable list 'TARGET' must include at least one supported target. Choose from: ${ALLOWED_TARGETS}"
"Variable list 'COMPILE_TARGETS' must include at least one supported target. Choose from: ${ALLOWED_TARGETS}"
)
endif()
find_package(OpenEnclave 0.8 CONFIG REQUIRED)
# As well as pulling in openenclave:: targets, this sets variables which can be
# used for our edge cases (eg - for virtual libraries). These do not follow the
# standard naming patterns, for example use OE_INCLUDEDIR rather than
# OpenEnclave_INCLUDE_DIRS
# Sign a built enclave library with oesign
function(sign_app_library name app_oe_conf_path enclave_sign_key_path)
if(TARGET ${name})
@ -100,7 +114,7 @@ function(add_ccf_app name)
add_custom_target(${name} ALL)
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
set(enc_name ${name}.enclave)
add_library(${enc_name} SHARED ${PARSED_ARGS_SRCS})
@ -125,7 +139,7 @@ function(add_ccf_app name)
add_dependencies(${name} ${enc_name})
endif()
if("virtual" IN_LIST TARGET)
if("virtual" IN_LIST COMPILE_TARGETS)
# Build a virtual enclave, loaded as a shared library without OE
set(virt_name ${name}.virtual)

Просмотреть файл

@ -25,29 +25,6 @@ find_package(Threads REQUIRED)
set(PYTHON unbuffer python3)
set(SERVICE_IDENTITY_CURVE_CHOICE
"secp384r1"
CACHE STRING
"One of secp384r1, ed25519, secp256k1_mbedtls, secp256k1_bitcoin"
)
if(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp384r1")
add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_SECP384R1)
set(DEFAULT_PARTICIPANTS_CURVE "secp384r1")
elseif(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "ed25519")
add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_ED25519)
set(DEFAULT_PARTICIPANTS_CURVE "ed25519")
elseif(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp256k1_mbedtls")
add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_MBEDTLS)
set(DEFAULT_PARTICIPANTS_CURVE "secp256k1")
elseif(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp256k1_bitcoin")
add_definitions(-DSERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_BITCOIN)
set(DEFAULT_PARTICIPANTS_CURVE "secp256k1")
else()
message(
FATAL_ERROR "Unsupported curve choice ${SERVICE_IDENTITY_CURVE_CHOICE}"
)
endif()
set(DISTRIBUTE_PERF_TESTS
""
CACHE
@ -72,7 +49,7 @@ endif()
option(VERBOSE_LOGGING "Enable verbose logging" OFF)
set(TEST_HOST_LOGGING_LEVEL "info")
if(VERBOSE_LOGGING)
add_definitions(-DVERBOSE_LOGGING)
add_compile_definitions(VERBOSE_LOGGING)
set(TEST_HOST_LOGGING_LEVEL "debug")
endif()
@ -80,14 +57,14 @@ option(NO_STRICT_TLS_CIPHERSUITES
"Disable strict list of valid TLS ciphersuites" OFF
)
if(NO_STRICT_TLS_CIPHERSUITES)
add_definitions(-DNO_STRICT_TLS_CIPHERSUITES)
add_compile_definitions(NO_STRICT_TLS_CIPHERSUITES)
endif()
option(USE_NULL_ENCRYPTOR "Turn off encryption of ledger updates - debug only"
OFF
)
if(USE_NULL_ENCRYPTOR)
add_definitions(-DUSE_NULL_ENCRYPTOR)
add_compile_definitions(USE_NULL_ENCRYPTOR)
endif()
option(SAN "Enable Address and Undefined Behavior Sanitizers" OFF)
@ -99,12 +76,12 @@ option(DEBUG_CONFIG "Enable non-production options options to aid debugging"
OFF
)
if(DEBUG_CONFIG)
add_definitions(-DDEBUG_CONFIG)
add_compile_definitions(DEBUG_CONFIG)
endif()
option(USE_NLJSON_KV_SERIALISER "Use nlohmann JSON as the KV serialiser" OFF)
if(USE_NLJSON_KV_SERIALISER)
add_definitions(-DUSE_NLJSON_KV_SERIALISER)
add_compile_definitions(USE_NLJSON_KV_SERIALISER)
endif()
enable_language(ASM)
@ -117,21 +94,13 @@ include_directories(
${CCF_DIR}/3rdparty/flatbuffers/include
)
set(TARGET
"sgx;virtual"
CACHE STRING "One of sgx, virtual, or 'sgx;virtual'"
)
find_package(MbedTLS REQUIRED)
set(CLIENT_MBEDTLS_INCLUDE_DIR "${MBEDTLS_INCLUDE_DIRS}")
set(CLIENT_MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARIES}")
find_package(OpenEnclave CONFIG REQUIRED)
# As well as pulling in openenclave:: targets, this sets variables which can be
# used for our edge cases (eg - for virtual libraries). These do not follow the
# standard naming patterns, for example use OE_INCLUDEDIR rather than
# OpenEnclave_INCLUDE_DIRS
include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake)
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake DESTINATION cmake)
add_custom_command(
COMMAND openenclave::oeedger8r ${CCF_DIR}/edl/ccf.edl --trusted --trusted-dir
@ -143,9 +112,6 @@ add_custom_command(
COMMENT "Generating code from EDL, and renaming to .cpp"
)
include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake)
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cmake/ccf_app.cmake DESTINATION cmake)
# Copy utilities from tests directory
set(CCF_UTILITIES tests.sh keygenerator.sh cimetrics_env.sh
upload_pico_metrics.py scurl.sh
@ -164,7 +130,7 @@ install(PROGRAMS ${CCF_DIR}/tests/scurl.sh ${CCF_DIR}/tests/keygenerator.sh
# Install getting_started scripts for VM creation and setup
install(DIRECTORY ${CCF_DIR}/getting_started/ DESTINATION getting_started)
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
# If OE was built with LINK_SGX=1, then we also need to link SGX
if(OE_SGX)
message(STATUS "Linking SGX")
@ -244,7 +210,7 @@ function(add_unit_test name)
set_property(TEST ${name} APPEND PROPERTY LABELS unit_test)
endfunction()
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
# Host Executable
add_executable(
cchost ${CCF_DIR}/src/host/main.cpp ${CCF_GENERATED_DIR}/ccf_u.cpp
@ -272,7 +238,7 @@ if("sgx" IN_LIST TARGET)
install(TARGETS cchost DESTINATION bin)
endif()
if("virtual" IN_LIST TARGET)
if("virtual" IN_LIST COMPILE_TARGETS)
if(SAN)
set(SNMALLOC_LIB)
set(SNMALLOC_CPP)
@ -430,8 +396,7 @@ function(add_e2e_test)
NAME ${PARSED_ARGS_NAME}
COMMAND
${PYTHON} ${PARSED_ARGS_PYTHON_SCRIPT} -b . --label ${PARSED_ARGS_NAME}
${CCF_NETWORK_TEST_ARGS} --participants-curve
${DEFAULT_PARTICIPANTS_CURVE} --consensus ${PARSED_ARGS_CONSENSUS}
${CCF_NETWORK_TEST_ARGS} --consensus ${PARSED_ARGS_CONSENSUS}
${PARSED_ARGS_ADDITIONAL_ARGS}
)
@ -473,7 +438,7 @@ function(add_perf_test)
endif()
set(TESTS_SUFFIX "")
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
set(TESTS_SUFFIX "${TESTS_SUFFIX}_SGX")
endif()
if("raft" STREQUAL ${PARSED_ARGS_CONSENSUS})

Просмотреть файл

@ -16,7 +16,7 @@ file(GLOB_RECURSE EVERCRYPT_SRC "${EVERCRYPT_PREFIX}/*.[cS]")
# We need two versions of EverCrypt, because it depends on libc
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
add_library(evercrypt.enclave STATIC ${EVERCRYPT_SRC})
target_compile_options(
evercrypt.enclave PRIVATE -Wno-implicit-function-declaration
@ -53,7 +53,7 @@ set(CCFCRYPTO_SRC ${CCF_DIR}/src/crypto/hash.cpp
set(CCFCRYPTO_INC ${CCF_DIR}/src/crypto/ ${EVERCRYPT_INC})
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
add_library(ccfcrypto.enclave STATIC ${CCFCRYPTO_SRC})
target_compile_definitions(
ccfcrypto.enclave PRIVATE INSIDE_ENCLAVE _LIBCPP_HAS_THREAD_API_PTHREAD

Просмотреть файл

@ -2,11 +2,11 @@
# Licensed under the Apache 2.0 License.
# PBFT
add_definitions(-DSIGN_BATCH)
add_compile_definitions(SIGN_BATCH)
set(SIGN_BATCH ON)
if(SAN)
add_definitions(-DUSE_STD_MALLOC)
add_compile_definitions(USE_STD_MALLOC)
endif()
set(PBFT_SRC
@ -54,7 +54,7 @@ set(PBFT_SRC
${CMAKE_SOURCE_DIR}/src/consensus/pbft/libbyz/Append_entries.cpp
)
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
add_library(libbyz.enclave STATIC ${PBFT_SRC})
target_compile_options(libbyz.enclave PRIVATE -nostdinc)
target_compile_definitions(
@ -76,7 +76,7 @@ endif()
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
if("virtual" IN_LIST TARGET)
if("virtual" IN_LIST COMPILE_TARGETS)
add_library(libbyz.host STATIC ${PBFT_SRC})
target_compile_options(libbyz.host PRIVATE -stdlib=libc++)

Просмотреть файл

@ -23,7 +23,7 @@ message(STATUS "QuickJS prefix: ${QUICKJS_PREFIX} version: ${QUICKJS_VERSION}")
# We need two versions of libquickjs, because it depends on libc
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
add_library(
quickjs.enclave STATIC ${QUICKJS_SRC} ${CCF_DIR}/3rdparty/stub/stub.c
)

Просмотреть файл

@ -1,7 +1,7 @@
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the Apache 2.0 License.
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
add_library(
secp256k1.enclave STATIC ${CCF_DIR}/3rdparty/secp256k1/src/secp256k1.c
)

Просмотреть файл

@ -11,7 +11,7 @@ set(SSS_SRC ${SSS_PREFIX}/sss.c ${SSS_PREFIX}/hazmat.c
${SSS_PREFIX}/tweetnacl.c
)
if("sgx" IN_LIST TARGET)
if("sgx" IN_LIST COMPILE_TARGETS)
add_library(sss.enclave STATIC ${SSS_SRC})
set_property(TARGET sss.enclave PROPERTY POSITION_INDEPENDENT_CODE ON)
install(

Просмотреть файл

@ -14,17 +14,27 @@ sign_app_library(
${CCF_DIR}/src/apps/sample_key.pem
)
if(${SERVICE_IDENTITY_CURVE_CHOICE} STREQUAL "secp256k1_bitcoin")
set(SMALL_BANK_SIGNED_VERIFICATION_FILE
${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_50k.json
function(get_verification_file iterations output_var)
math(EXPR thousand_iterations "${iterations} / 1000")
set(proposed_name
${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_${thousand_iterations}k.json
)
set(SMALL_BANK_SIGNED_ITERATIONS 50000)
else()
set(SMALL_BANK_SIGNED_VERIFICATION_FILE
${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_2k.json
if(NOT EXISTS "${proposed_name}")
message(
FATAL_ERROR
"Could not find verification file for ${iterations} iterations (looking for ${proposed_name})"
)
endif()
set(${output_var}
${proposed_name}
PARENT_SCOPE
)
set(SMALL_BANK_SIGNED_ITERATIONS 2000)
endif()
endfunction()
set(SMALL_BANK_SIGNED_ITERATIONS 50000)
get_verification_file(
${SMALL_BANK_SIGNED_ITERATIONS} SMALL_BANK_SIGNED_VERIFICATION_FILE
)
if(BUILD_TESTS)
# Small Bank end to end and performance test
@ -32,22 +42,14 @@ if(BUILD_TESTS)
if(${CONSENSUS} STREQUAL pbft)
if(NOT CMAKE_BUILD_TYPE STREQUAL "Debug")
set(SMALL_BANK_VERIFICATION_FILE
${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_50k.json
)
set(SMALL_BANK_ITERATIONS 50000)
else()
set(SMALL_BANK_VERIFICATION_FILE
${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank_2k.json
)
set(SMALL_BANK_ITERATIONS 2000)
endif()
else()
set(SMALL_BANK_VERIFICATION_FILE
${CMAKE_CURRENT_LIST_DIR}/tests/verify_small_bank.json
)
set(SMALL_BANK_ITERATIONS 200000)
endif()
get_verification_file(${SMALL_BANK_ITERATIONS} SMALL_BANK_VERIFICATION_FILE)
add_perf_test(
NAME small_bank_client_test_${CONSENSUS}
@ -103,4 +105,5 @@ if(BUILD_TESTS)
--participants-curve
"secp256k1"
)
endif()

Просмотреть файл

@ -44,8 +44,11 @@ Algorithms and Curves
Authenticated encryption in CCF relies on AES256-GCM. Ledger authentication relies on Merkle trees using SHA2-256. These algorithms are provided by `project Everest <https://project-everest.github.io/>`_.
Public-key certificates, signatures, and ephemeral Diffie-Hellman key exchanges all rely on
elliptic curves. They can be configured to use one of the following implementations:
Public-key certificates, signatures, and ephemeral Diffie-Hellman key exchanges all rely on elliptic curves. The supported curves are listed in `tls/curve.h`:
* secp384r1 from `mbedTLS <https://tls.mbed.org/>`_.
* secp256k1 from `bitcoin core <https://github.com/bitcoin-core/secp256k1>`_.
.. literalinclude:: ../../../src/tls/curve.h
:language: cpp
:start-after: SNIPPET_START: supported_curves
:end-before: SNIPPET_END: supported_curves
The ``service_identity_curve_choice`` determines the curve used by CCF for the service and node identities. User and member certificates do not need to match this, and can be created on any supported curve.

Просмотреть файл

@ -44,11 +44,9 @@ The full list of build switches can be obtained by running:
* **BUILD_TESTS**: Boolean. Build all tests for CCF. Default to ON.
* **BUILD_SMALLBANK**: Boolean. Build SmallBank performance benchmark. Default to OFF.
* **CLIENT_MBEDTLS_PREFIX**: Path. Prefix to mbedtls install to be used by test clients. Default to ``/usr/local``.
* **SERVICE_IDENTITY_CURVE_CHOICE**: String, one of ``secp384r1``, ``secp256k1_mbedtls``, ``secp256k1_bitcoin``. Elliptic curve to use for CCF network and node identities. Defaults to ``secp384r1``.
* **NO_STRICT_TLS_CIPHERSUITES**: Boolean. Relax the list of accepted TLS ciphersuites. Default to OFF.
* **OpenEnclave_DIR**: Path. Open Enclave install directory. Default to ``/opt/openenclave/lib/openenclave/cmake``.
* **SAN**: Boolean. Build unit tests with Address and Undefined behaviour sanitizers enabled. Default to OFF.
* **TARGET**: String, one of ``sgx``, ``virtual``, or ``sgx;virtual``. Defaults to ``sgx;virtual``, which builds both "virtual" enclaves and actual SGX enclaves.
* **COMPILE_TARGETS**: String. List of target compilation platforms. Defaults to ``sgx;virtual``, which builds both "virtual" enclaves and actual SGX enclaves.
* **VERBOSE_LOGGING**: Boolean. Enable all logging levels. Default to OFF.
Running Tests

Просмотреть файл

@ -12,6 +12,7 @@
namespace tls
{
// SNIPPET_START: supported_curves
enum class CurveImpl
{
secp384r1 = 1,
@ -21,20 +22,9 @@ namespace tls
secp256k1_mbedtls = 3,
secp256k1_bitcoin = 4,
#if SERVICE_IDENTITY_CURVE_CHOICE_SECP384R1
service_identity_curve_choice = secp384r1,
#elif SERVICE_IDENTITY_CURVE_CHOICE_ED25519
service_identity_curve_choice = ed25519,
#elif SERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_MBEDTLS
service_identity_curve_choice = secp256k1_mbedtls,
#elif SERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_BITCOIN
service_identity_curve_choice = secp256k1_bitcoin,
#else
# pragma message( \
"No service identity curve specified - defaulting to secp384r1")
service_identity_curve_choice = secp384r1,
#endif
};
// SNIPPET_END: supported_curves
// 2 implementations of secp256k1 are available - mbedtls and bitcoin. Either
// can be asked for explicitly via the CurveImpl enum. For cases where we