Merge #348

348: [plat-182] Inbound connections r=Pagten a=raoulstrackx

Enables the enclave to listen for incoming connections
This PR works together with [this rust PR](fortanix/rust#3)

Co-authored-by: Raoul Strackx <[email protected]>

Author: bors[bot]

Cargo.lock

@@ -3,6 +3,7 @@ members = [
     "fortanix-vme/fortanix-vme-abi",
     "fortanix-vme/fortanix-vme-runner",
     "fortanix-vme/tests/outgoing_connection",
+    "fortanix-vme/tests/incoming_connection",
     "intel-sgx/aesm-client",
     "intel-sgx/dcap-provider",
     "intel-sgx/dcap-ql-sys",

Cargo.toml

@@ -100,7 +100,6 @@ function cargo_test {
             echo "Success"
 	fi
     else
-	${elf} -- --nocapture
 	${elf} -- --nocapture > ${out} 2> ${err}
 
         out=$(cat ${out} | grep -v "#" || true)

fortanix-vme/ci-common.sh

@@ -6,6 +6,7 @@ source ./ci-common.sh
 
 function cleanup {
     stop_runner
+    killall test_interaction
 }
 
 function setup_environment {
@@ -50,7 +51,7 @@ function run_tests {
     fi
 }
 
-run_tests outgoing_connection 
+run_tests outgoing_connection incoming_connection
 
 echo "********************************"
 echo "**    All tests succeeded!    **"

fortanix-vme/ci-fortanixvme.sh

@@ -14,6 +14,7 @@ compiler_builtins = { version = "0.1.0", optional = true }
 serde = { git = "https://github.com/fortanix/serde.git", branch = "master", default-features = false, features = ["derive", "alloc"] }
 
 [features]
-default = []
+std = ["serde/std"]
+default = ["std"]
 docs = []
 rustc-dep-of-std = ["core", "alloc", "compiler_builtins/rustc-dep-of-std", "serde/rustc-dep-of-std"]

fortanix-vme/fortanix-vme-abi/Cargo.toml

@@ -1,8 +1,12 @@
 #![no_std]
 extern crate alloc;
+#[cfg(feature="std")]
+extern crate std;
 
 use alloc::string::String;
 use serde::{Deserialize, Serialize};
+#[cfg(feature="std")]
+use std::net::SocketAddr;
 
 pub const SERVER_PORT: u32 = 10000;
 
@@ -11,11 +15,88 @@ pub enum Request {
     Connect {
         addr: String,
     },
+    Bind {
+        /// The address the listen to in the parent VM
+        addr: String,
+        /// The port the enclave is listening on to receive connections from the parent VM
+        enclave_port: u32,
+    },
+    Accept {
+        fd: i32,
+    }
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum Addr {
+    IPv4 {
+        ip: [u8; 4],
+        port: u16,
+    },
+    IPv6 {
+        ip: [u8; 16],
+        port: u16,
+        flowinfo: u32,
+        scope_id: u32,
+    },
+}
+
+#[cfg(feature="std")]
+impl From<SocketAddr> for Addr {
+    fn from(addr: SocketAddr) -> Addr {
+        match addr {
+            SocketAddr::V4(addr) => {
+                Addr::IPv4 {
+                    ip: addr.ip().octets(),
+                    port: addr.port(),
+                }
+            },
+            SocketAddr::V6(addr) => {
+                Addr::IPv6 {
+                    ip: addr.ip().octets(),
+                    port: addr.port(),
+                    flowinfo: addr.flowinfo(),
+                    scope_id: addr.scope_id(),
+                }
+            }
+        }
+    }
 }
 
 #[derive(Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub enum Response {
     Connected {
         proxy_port: u32,
     },
+    Bound {
+        /// The TCP port the parent VM is listening on
+        port: u16,
+        /// The id used to identify the listener. It can be used for subsequent calls (e.g., to
+        /// accept new incoming connections)
+        fd: i32,
+    },
+    IncomingConnection {
+        /// The address of the remote party
+        peer: Addr,
+        /// The vsock port number the runner will connect to the enclave in order to forward the
+        /// incoming connection
+        proxy_port: u32,
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use std::net::{IpAddr, SocketAddr};
+    use std::str::FromStr;
+    use crate::Addr;
+
+    #[test]
+    fn test_addr() {
+        let sock_addr = SocketAddr::from_str("10.11.12.13:4567").unwrap();
+        if let Addr::IPv4 { port, ip } = sock_addr.into() {
+            assert_eq!(IpAddr::from(ip), sock_addr.ip());   
+            assert_eq!(port, sock_addr.port());
+        } else {
+            panic!("Not IPv4")
+        }
+    }
 }

fortanix-vme/fortanix-vme-abi/src/lib.rs

@@ -5,7 +5,8 @@ edition = "2018"
 authors = ["Fortanix, Inc."]
 
 [dependencies]
-fortanix-vme-abi = { path = "../fortanix-vme-abi" }
+fnv = "1.0.7"
+fortanix-vme-abi = { path = "../fortanix-vme-abi", features = ["std"] }
 nix = "0.22.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_cbor = { version = "0.11" }