1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

//! Oasis Core runtime SDK.
//!
//! # Examples
//!
//! To create a minimal runtime that doesn't expose any APIs to the
//! outside world, you need to call the `start_runtime` function:
//! ```rust,ignore
//! oasis_core_runtime::start_runtime(Some(Box::new(reg)), config);
//! ```
//!
//! This will start the required services needed to communicate with
//! the worker host.
#![feature(test)]
#![feature(arbitrary_self_types)]

use lazy_static::lazy_static;
#[cfg(target_env = "sgx")]
use sgx_isa::{AttributesFlags, Report};

#[cfg_attr(test, macro_use)]
extern crate base64_serde;

#[macro_use]
pub mod common;
mod attestation;
pub mod cache;
pub mod config;
pub mod consensus;
pub mod dispatcher;
pub mod enclave_rpc;
pub mod future;
pub mod host;
pub mod identity;
pub mod init;
pub mod macros;
pub mod policy;
pub mod protocol;
pub mod storage;
pub mod transaction;
pub mod types;

use crate::common::version::{Version, PROTOCOL_VERSION};

#[cfg(target_env = "sgx")]
use self::common::sgx::{EnclaveIdentity, MrSigner};

lazy_static! {
    pub static ref BUILD_INFO: BuildInfo = {
        // Non-SGX builds are insecure by definition.
        #[cfg(not(target_env = "sgx"))]
        let is_secure = false;

        // SGX build security depends on how it was built.
        #[cfg(target_env = "sgx")]
        let is_secure = {
            // Optimistically start out as "it could be secure", and any single
            // insecure build time option will propagate failure.
            let maybe_secure = true;

            // AVR signature verification MUST be enabled.
            let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_SKIP_AVR_VERIFY").is_none();

            // Disallow debug enclaves MUST be enabled.
            let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES").is_none();

            // IAS `GROUP_OUT_OF_DATE` and `CONFIGRUATION_NEEDED` responses
            // MUST count as IAS failure.
            //
            // Rationale: This is how IAS signifies that the host environment
            // is insecure (eg: SMT is enabled when it should not be).
            let maybe_secure = maybe_secure && option_env!("OASIS_UNSAFE_LAX_AVR_VERIFY").is_none();

            // The enclave MUST NOT be a debug one.
            let maybe_secure = maybe_secure && !Report::for_self().attributes.flags.contains(AttributesFlags::DEBUG);

            // The enclave MUST NOT be signed by a test key,
            let enclave_identity = EnclaveIdentity::current().unwrap();
            let fortanix_mrsigner = MrSigner::from("9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a");
            let maybe_secure = maybe_secure && (enclave_identity.mr_signer != fortanix_mrsigner);

            maybe_secure
        };

        BuildInfo {
            protocol_version: PROTOCOL_VERSION,
            is_secure,
        }
    };
}

/// Runtime build information.
pub struct BuildInfo {
    /// Supported runtime protocol version.
    pub protocol_version: Version,
    /// True iff the build can provide integrity and confidentiality.
    pub is_secure: bool,
}

// Re-exports.
pub use self::{
    enclave_rpc::{demux::Demux as RpcDemux, dispatcher::Dispatcher as RpcDispatcher},
    init::start_runtime,
    protocol::Protocol,
    transaction::dispatcher::Dispatcher as TxnDispatcher,
};

// Re-export the cbor crate.
pub use cbor;