feature(measurement): allowing measurements under crypto_nossl feature
#250
Conversation
jakubDoka
requested review from
tylerfanelli,
larrydewey and
DGonzalezVillal
as code owners
|
Also, could you please provide a more in-depth commit title and description, as well as a |
|
Yea, I guess it was exhaustive and not necessary due to the parent module already having the |
Signed-off-by: Jakub Doka <[email protected]> Update src/measurement/sev_hashes.rs Co-authored-by: Tyler Fanelli <[email protected]> Signed-off-by: Jakub Dóka <[email protected]> Update src/measurement/gctx.rs Co-authored-by: Tyler Fanelli <[email protected]> Signed-off-by: Jakub Dóka <[email protected]> Update gctx.rs Signed-off-by: Jakub Dóka <[email protected]> Update sev_hashes.rs Signed-off-by: Jakub Dóka <[email protected]>
|
Could you also enable the measurement testing under the crypto_nossl flag? it should be under tests/measurement.rs. That way we can confirm the tests are passing with the changes you committed. |
| @@ -12,6 +13,14 @@ use crate::{ | |||
| measurement::snp::{SnpLaunchDigest, LD_BYTES}, | |||
| }; | |||
|
|
|||
| #[cfg(all(not(feature = "openssl"), feature = "crypto_nossl"))] | |||
There was a problem hiding this comment.
The library won't compile if both crypto_nossl and openssl are both passed as features, so you can just gate under crypto_nossl
| #[cfg(all(not(feature = "openssl"), feature = "crypto_nossl"))] | |
| #[cfg(feature = "crypto_nossl")] |
There was a problem hiding this comment.
This was my mistake, apologies @jakubDoka
| @@ -18,6 +20,14 @@ use crate::error::*; | |||
|
|
|||
| type Sha256Hash = [u8; 32]; | |||
|
|
|||
| #[cfg(all(not(feature = "openssl"), feature = "crypto_nossl"))] | |||
There was a problem hiding this comment.
Same thing
| #[cfg(all(not(feature = "openssl"), feature = "crypto_nossl"))] | |
| #[cfg(feature = "crypto_nossl")] |
There was a problem hiding this comment.
Again, my mistake. I asked @jakubDoka to add this forgetting that it won't compile with both features.
|
And you still need to sign-off the commit |
tests/measurement.rs
Outdated
| @@ -363,7 +363,7 @@ mod snp_tests { | |||
| } | |||
| } | |||
|
|
|||
| #[cfg(all(target_os = "linux", feature = "sev"))] | |||
| #[cfg(all(target_os = "linux", feature = "sev", feature = "openssl"))] | |||
There was a problem hiding this comment.
Did you only add support for SNP?
There was a problem hiding this comment.
Yes I guess the commit title says otherwise, I can add that too
There was a problem hiding this comment.
Not the biggest deal. Legacy SEV support will be deprecated soon
|
https://github.com/virtee/sev/blob/main/src/lib.rs#L89 here I see you are enforcing xor featuring, that can be incredibly annoying if you use this crate indirectly and other features end up enabled out of your control, the crate features should just work together no matter the combination you choose |
…ng crypto_nossl for sev Signed-off-by: Jakub Doka <[email protected]>
When the crypto_nossl feature was implemented, it essentially just re-wrote functions that used openssl to use an alternative. To avoid redundancy in code the decision was you had to pick if you were going to use openssl or if you were going to use no_ssl, but you can't compile both at the same time. It makes sense although because why would you want 2 features that do the same thing? It also reduces package dependencies at compile time and avoids other issues. What features are being enabled out of your control? |
Let's say you depend on a crate Another scenario where this is annoying is when you have .eg wasm and native crates in your project and since Note: if it's not yet possible to compile this crate to wasm, I have an interest in making that possible, but first things need to not depend on OpenSSL |
|
So you're suggesting that we allow both But I guess this would still break your use case when compiling to wasm as you mentioned above. Is this true? |
|
No, in the case of compiling to the Wasm example, this is only an issue when using a workspace and Rust analyzer. Once you build the Wasm crate, you need to make sure OpenSSL is not enabled, which is the case because you have to compile each architecture separately. It's just that rust-analizer runs |
|
@tylerfanelli In any case, I can still apply the changes @DGonzalezVillal is asking for, xor featuring is not that important, I mainly want to move on with this. I have more PRs planned as I need snp measurement and guest side of attestation to be cross-platform (macOS, Windows, WASM if possible) |
|
Hello! Can you please let us know which modifications are still needed to close this PR? |
| #[cfg(feature = "openssl")] | ||
| { | ||
| Ok(launch_hash.finish()) | ||
| } |
There was a problem hiding this comment.
Attribute macros do not allow you to define scope in this way, so this won't actually work. If you are attempting to check at run-time, you will have to use a declarative function-like macro (cfg!), instead.
| #[cfg(feature = "openssl")] | ||
| { | ||
| Ok(launch_hash.finish()) | ||
| } |
There was a problem hiding this comment.
Same applies here. Attribute macros have no concept of scope in this way.
Make the
measurementmodule compatible with thecrypto_nosslfeature, soopensslfeature is not required.