Add dedicated windows-enclaves crate

[kennykerr]

The Win32 metadata includes some support for Windows virtualization-based security enclaves but these APIs are a little tricky because you need to import the APIs from a different system library depending on whether you are inside or outside of the enclave. This update thus does the following:

• Remaps the general-purpose enclave APIs so that they are imported by default from kernel32.dll for crates like windows and windows-sys.
• Adds a dedicated windows-enclaves crate that provides dedicated bindings for use within an enclave where all of the functions provided by this crate are specifically imported from vertdll.dll.

I'm opening this PR for testing and validation as I am not too familiar with enclaves. Hopefully this will help make using enclaves easier from Rust.

[kennykerr]

I have excluded all Enclave functions exported by vertdll.dll from the windows and windows-sys crates with the exception of CallEnclave and TerminateEnclave. The following Enclave functions remain. The metadata for these all indicate some library other than vertdll.dll.

kernel32.dll:

• CreateEnclave
• InitializeEnclave
• IsEnclaveTypeSupported
• LoadEnclaveData

api-ms-win-core-enclave-l1-1-1.dll:

• DeleteEnclave
• LoadEnclaveImageA
• LoadEnclaveImageW

It seems these should all just be loaded from kernel32.dll.

[riverar]

Not all those APIs are implemented in kernel32 sadly. (Those last three are in kernelbase for example.)

[kennykerr]

Sigh, it looks like various Enclave APIs intended to be called from outside of the Enclave are not exclusively exported from kernel32.dll and thus a simple workaround for the faulty metadata isn't really feasible.

[joshwatson]

Sigh, it looks like various Enclave APIs intended to be called from outside of the Enclave are not exclusively exported from kernel32.dll and thus a simple workaround for the faulty metadata isn't really feasible.

It should only be that CallEnclave needed a workaround; the rest of the host process APIs should already have the correct metadata. The CallEnclave metadata should also be correct now as well, I had the authors update it: https://learn.microsoft.com/en-us/windows/win32/api/enclaveapi/nf-enclaveapi-callenclave

Is the metadata not what the microsoft learn pages are generated from? Is there somewhere else I should just get the metadata updated so that the windows and windows-sys crates generate the right bindings without workarounds?

[kennykerr]

Is the metadata not what the microsoft learn pages are generated from?

Sadly not yet. Hopefully we get to the point of having canonical metadata in future.

https://github.com/microsoft/windows-rs/tree/master/crates/libs/bindgen/default

https://kennykerr.ca/rust-getting-started/how-are-crates-built.html