You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@teaclave.apache.org by CGair23 <no...@github.com.INVALID> on 2021/04/06 06:57:06 UTC

[apache/incubator-teaclave] run Teaclave in sim_mod (#495)

Run command (cd docker && docker-compose -f docker-compose-ubuntu-1804-sgx-sim-mode.yml up --build)
Results in the error:
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:16:37Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 4
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:16:46Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 5
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:16:55Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 6
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:04Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 7
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:13Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 8
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:22Z DEBUG teaclave_frontend_service_enclave::service] Failed to connect to authentication service, retry 9
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z ERROR teaclave_frontend_service_enclave] Failed to start the service: failed to connect to authentication service
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 69, 114, 114, 34, 58, 34, 83, 101, 114, 118, 105, 99, 101, 69, 114, 114, 111, 114, 34, 125]
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_frontend_service_enclave] handle_invoke
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_service_enclave_utils] Enclave finalizing
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_entry_point OK. App Received Buf: [123, 34, 79, 107, 34, 58, 110, 117, 108, 108, 125]
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_binder::binder] Dropping TeeBinder, start finalize().
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z DEBUG teaclave_binder::ipc::app] ecall_ipc_app_to_tee: 1002, 4 bytes
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z ERROR teaclave_binder::ipc::app] ecall_ipc_entry_point, app sgx_error:SGX_ERROR_INVALID_ENCLAVE_ID
teaclave-frontend-service-sgx-sim-mode          | [2021-04-06T06:17:31Z ERROR teaclave_binder::binder] IpcError(SgxError(SGX_ERROR_INVALID_ENCLAVE_ID))
teaclave-frontend-service-sgx-sim-mode exited with code 0

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/495

Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)

Posted by Mingshen Sun <no...@github.com.INVALID>.

Hi, thanks for your report. I have found the cause.

We defines all container names of services in simulation mode as `xxx-sgx-sim-mode` (e.g., `teaclave-storage-service-sgx-sim-mode`). Therefore, to start the services in sim mode using docker compose. You have to change the `docker/runtime.config.toml` file accordingly by adding the `-sgx-sim-mode` suffix.

Change the `docker/runtime.config.toml` file from:

```
authentication = { listen_address = "0.0.0.0:17776", advertised_address = "teaclave-authentication-service:17776" }
management     = { listen_address = "0.0.0.0:17777", advertised_address = "teaclave-management-service:17777" }
storage        = { listen_address = "0.0.0.0:17778", advertised_address = "teaclave-storage-service:17778" }
access_control = { listen_address = "0.0.0.0:17779", advertised_address = "teaclave-access-control-service:17779" }
execution      = { listen_address = "0.0.0.0:17770", advertised_address = "teaclave-execution-service:17770" }
scheduler      = { listen_address = "0.0.0.0:17780", advertised_address = "teaclave-scheduler-service:17780" }
```

to

```
authentication = { listen_address = "0.0.0.0:17776", advertised_address = "teaclave-authentication-service-sgx-sim-mode:17776" }
management     = { listen_address = "0.0.0.0:17777", advertised_address = "teaclave-management-service-sgx-sim-mode:17777" }
storage        = { listen_address = "0.0.0.0:17778", advertised_address = "teaclave-storage-service-sgx-sim-mode:17778" }
access_control = { listen_address = "0.0.0.0:17779", advertised_address = "teaclave-access-control-service-sgx-sim-mode:17779" }
execution      = { listen_address = "0.0.0.0:17770", advertised_address = "teaclave-execution-service-sgx-sim-mode:17770" }
scheduler      = { listen_address = "0.0.0.0:17780", advertised_address = "teaclave-scheduler-service-sgx-sim-mode:17780" }
```

Then, services in docker can resolve IPs with these advertised addresses.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815347102

Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)

Posted by CGair23 <no...@github.com.INVALID>.

@mssun 
Thank you very much, this really works!

But I was troubled by new problems again. I tried to install the Intel® SGX driver with ECDSA attestation enabled (ubuntu18.04-server, driver 1.36.2, sdk 2.12.100.3) according to this link: https://download.01.org/intel-sgx/sgx-linux/2.12/docs/Intel_SGX_Installation_Guide_Linux_2.12_Open_Source.pdf.

Then I ran Teaclave in simulation mode. The strange thing is that my command is normal, but the following error appears when I run cargo test in sdk/rust/, and the log error is given later.
I believe there is a problem with authentication, but python can run but rust cannot be very puzzling.
```
running 6 tests
test tests::test_approve_task ... FAILED
test tests::test_assign_data ... FAILED
test tests::test_assign_data_err ... FAILED
test tests::test_frontend_service ... FAILED
test tests::test_frontend_service_with_request ... FAILED
test tests::test_authentication_service ... FAILED

failures:

---- tests::test_approve_task stdout ----
thread 'tests::test_approve_task' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:686:63
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- tests::test_assign_data stdout ----
thread 'tests::test_assign_data' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:613:63

---- tests::test_assign_data_err stdout ----
thread 'tests::test_assign_data_err' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:649:63

---- tests::test_frontend_service stdout ----
thread 'tests::test_frontend_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:529:63

---- tests::test_frontend_service_with_request stdout ----
thread 'tests::test_frontend_service_with_request' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:571:63

---- tests::test_authentication_service stdout ----
thread 'tests::test_authentication_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:517:51


failures:
    tests::test_approve_task
    tests::test_assign_data
    tests::test_assign_data_err
    tests::test_authentication_service
    tests::test_frontend_service
    tests::test_frontend_service_with_request

test result: FAILED. 0 passed; 6 failed; 0 ignored; 0 measured; 0 filtered out
```
```
teaclave-authentication-service-sgx-sim-mode    | [2021-04-08T02:45:24Z ERROR rustls::session] TLS alert received: Message {
teaclave-authentication-service-sgx-sim-mode    |         typ: Alert,
teaclave-authentication-service-sgx-sim-mode    |         version: TLSv1_2,
teaclave-authentication-service-sgx-sim-mode    |         payload: Alert(
teaclave-authentication-service-sgx-sim-mode    |             AlertMessagePayload {
teaclave-authentication-service-sgx-sim-mode    |                 level: Fatal,
teaclave-authentication-service-sgx-sim-mode    |                 description: BadCertificate,
teaclave-authentication-service-sgx-sim-mode    |             },
teaclave-authentication-service-sgx-sim-mode    |         ),
teaclave-authentication-service-sgx-sim-mode    |     }
teaclave-authentication-service-sgx-sim-mode    | [2021-04-08T02:45:24Z DEBUG teaclave_rpc::transport] Connection disconnected.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815410272

Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)

Posted by CGair23 <no...@github.com.INVALID>.

Thank you very much, this really works!

But I was troubled by new problems again. I tried to install the Intel® SGX driver with ECDSA attestation enabled (ubuntu18.04-server, driver 1.36.2, sdk 2.12.100.3) according to this link: https://download.01.org/intel-sgx/sgx-linux/2.12/docs/Intel_SGX_Installation_Guide_Linux_2.12_Open_Source.pdf.

Then I ran Teaclave in simulation mode. The strange thing is that my command is normal, but the following error appears when I run cargo test in sdk/rust/, and the log error is given later.
I believe there is a problem with authentication, but python can run but rust cannot be very puzzling.

```
running 6 tests
test tests::test_approve_task ... FAILED
test tests::test_assign_data ... FAILED
test tests::test_assign_data_err ... FAILED
test tests::test_frontend_service ... FAILED
test tests::test_frontend_service_with_request ... FAILED
test tests::test_authentication_service ... FAILED

failures:

---- tests::test_approve_task stdout ----
thread 'tests::test_approve_task' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:686:63
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- tests::test_assign_data stdout ----
thread 'tests::test_assign_data' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:613:63

---- tests::test_assign_data_err stdout ----
thread 'tests::test_assign_data_err' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:649:63

---- tests::test_frontend_service stdout ----
thread 'tests::test_frontend_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:529:63

---- tests::test_frontend_service_with_request stdout ----
thread 'tests::test_frontend_service_with_request' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:571:63

---- tests::test_authentication_service stdout ----
thread 'tests::test_authentication_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:517:51


failures:
    tests::test_approve_task
    tests::test_assign_data
    tests::test_assign_data_err
    tests::test_authentication_service
    tests::test_frontend_service
    tests::test_frontend_service_with_request

test result: FAILED. 0 passed; 6 failed; 0 ignored; 0 measured; 0 filtered out
```

```
teaclave-authentication-service-sgx-sim-mode    | [2021-04-08T02:45:24Z ERROR rustls::session] TLS alert received: Message {
teaclave-authentication-service-sgx-sim-mode    |         typ: Alert,
teaclave-authentication-service-sgx-sim-mode    |         version: TLSv1_2,
teaclave-authentication-service-sgx-sim-mode    |         payload: Alert(
teaclave-authentication-service-sgx-sim-mode    |             AlertMessagePayload {
teaclave-authentication-service-sgx-sim-mode    |                 level: Fatal,
teaclave-authentication-service-sgx-sim-mode    |                 description: BadCertificate,
teaclave-authentication-service-sgx-sim-mode    |             },
teaclave-authentication-service-sgx-sim-mode    |         ),
teaclave-authentication-service-sgx-sim-mode    |     }
teaclave-authentication-service-sgx-sim-mode    | [2021-04-08T02:45:24Z DEBUG teaclave_rpc::transport] Connection disconnected.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815409772

Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)

Posted by CGair23 <no...@github.com.INVALID>.

@mssun
Thank you very much, this really works!

But I was troubled by new problems again. I tried to install the Intel® SGX driver with ECDSA attestation enabled (ubuntu18.04-server, driver 1.36.2, sdk 2.12.100.3) according to this link: https://download.01.org/intel-sgx/sgx-linux/2.12/docs/Intel_SGX_Installation_Guide_Linux_2.12_Open_Source.pdf.

Then I ran Teaclave in simulation mode. The strange thing is that running command: ```SGX_MODE=SW PYTHONPATH=../../sdk/python python3 builtin_echo.py 'Hello, Teaclave!'``` was smooth, but the following error appears when I run ```cargo test``` in sdk/rust/, and the log error is given later.
I believe there is a problem with authentication, but python can run but rust cannot be very puzzling.
```
running 6 tests
test tests::test_approve_task ... FAILED
test tests::test_assign_data ... FAILED
test tests::test_assign_data_err ... FAILED
test tests::test_frontend_service ... FAILED
test tests::test_frontend_service_with_request ... FAILED
test tests::test_authentication_service ... FAILED

failures:

---- tests::test_approve_task stdout ----
thread 'tests::test_approve_task' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:686:63
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- tests::test_assign_data stdout ----
thread 'tests::test_assign_data' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:613:63

---- tests::test_assign_data_err stdout ----
thread 'tests::test_assign_data_err' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:649:63

---- tests::test_frontend_service stdout ----
thread 'tests::test_frontend_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:529:63

---- tests::test_frontend_service_with_request stdout ----
thread 'tests::test_frontend_service_with_request' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:571:63

---- tests::test_authentication_service stdout ----
thread 'tests::test_authentication_service' panicked at 'called `Result::unwrap()` on an `Err` value: Connection error: invalid certificate: ExtensionValueInvalid', src/lib.rs:517:51


failures:
    tests::test_approve_task
    tests::test_assign_data
    tests::test_assign_data_err
    tests::test_authentication_service
    tests::test_frontend_service
    tests::test_frontend_service_with_request

test result: FAILED. 0 passed; 6 failed; 0 ignored; 0 measured; 0 filtered out
```
```
teaclave-authentication-service-sgx-sim-mode    | [2021-04-08T02:45:24Z ERROR rustls::session] TLS alert received: Message {
teaclave-authentication-service-sgx-sim-mode    |         typ: Alert,
teaclave-authentication-service-sgx-sim-mode    |         version: TLSv1_2,
teaclave-authentication-service-sgx-sim-mode    |         payload: Alert(
teaclave-authentication-service-sgx-sim-mode    |             AlertMessagePayload {
teaclave-authentication-service-sgx-sim-mode    |                 level: Fatal,
teaclave-authentication-service-sgx-sim-mode    |                 description: BadCertificate,
teaclave-authentication-service-sgx-sim-mode    |             },
teaclave-authentication-service-sgx-sim-mode    |         ),
teaclave-authentication-service-sgx-sim-mode    |     }
teaclave-authentication-service-sgx-sim-mode    | [2021-04-08T02:45:24Z DEBUG teaclave_rpc::transport] Connection disconnected.
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/495#issuecomment-815411254

Re: [apache/incubator-teaclave] run Teaclave in sim_mod (#495)

Posted by Mingshen Sun <no...@github.com.INVALID>.

Closed #495 via #496.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave/issues/495#event-4576026099