Added command in oesign to dump oeinfo and signature information #564 #941
Conversation
CodeMonkeyLeet
added
the
functionality
There was a problem hiding this comment.
We need to design this out a little more before we take this in terms of what groups of data we would like to dump since some of that is changing.
@berinpaul, in the meantime, I would like you to refactor how the command handling is implemented, per the comment for oesign/main.c
| printf("\n"); | ||
|
|
||
| /* Dump the entry point */ | ||
| dump_entry_point(&elf); |
There was a problem hiding this comment.
@mikbras Is this valuable to keep? We use _start now, and we don't expect there to be an explicit flag on the build line to enable this, so I'm not sure if dumping this is useful anymore. This will also end up being something different in PE so I'd like to remove things that have to be supported in different ways on different systems.
| dump_enclave_properties(&props); | ||
|
|
||
| /* Dump the ECALL section */ | ||
| dump_ecall_section(&elf); |
tools/oesign/main.c
Outdated
| @@ -523,7 +524,17 @@ static const char _usage[] = | |||
| " -----BEGIN RSA PRIVATE KEY-----\n" | |||
| "\n" | |||
| " The resulting image is written to <EnclaveImage>.signed.so.\n" | |||
| "\n"; | |||
| "\n" | |||
| " ---- OR-----\n" | |||
There was a problem hiding this comment.
This is an awkward way to express a multifunction CLI tool … we should probably refactor the parameter handling so that it is consolidated across the different sub-functions. This is especially true because as part of supported digest signing for #525, we will also need to add new commands to generate the digest and to inject a signed digest into an enclave sigstruct. To accommodate that I think we will need to standardize the usage format to take an explicit command:
Usage: oesign { sign | hash | info | verify } … <op specific parameters>
berinpaul
force-pushed
the
feature/oedump_into_oesign
branch
2 times, most recently
from
31b98a7
to
e946097
Compare
tools/oesign/main.c
Outdated
| "Usage: %s EnclaveImage ConfigFile KeyFile\n" | ||
| static const char _usage_gen[] = | ||
| "Usage: %s <command> [options]\n" | ||
|
|
There was a problem hiding this comment.
Remove extra whitespace between lines, they're not preserved on print when concatenated anyway.
tools/oesign/main.c
Outdated
|
|
||
| switch (argc) | ||
| { | ||
| case 1: |
There was a problem hiding this comment.
This is not a particularly robust way of enumerating all the cases, consider parsing as a state machine instead of a switch-case predicated on number of arguments, because we may have cases with optional arguments, which this format cannot accommodate (or will be split up across number of arguments as opposed to functional grouping as in sign -? vs. sign … in this case.
tools/oesign/main.c
Outdated
| keyfile = argv[3]; | ||
| /* Collect arguments for signing*/ | ||
| enclave = argv[2]; | ||
| conffile = argv[3]; |
There was a problem hiding this comment.
Please encapsulate the signing-specific codepath into a separate function instead of letting it be a fall-through from arg_handler
berinpaul
force-pushed
the
feature/oedump_into_oesign
branch
4 times, most recently
from
6418c00
to
68f4ee0
Compare
tools/oesign/main.c
Outdated
| "For help with a specific command, enter \"%s <command> -?\"\n"; | ||
|
|
||
| static const char _usage_sign[] = | ||
| "Usage: %s enclave_image sign config_file key_file\n" |
There was a problem hiding this comment.
Incorrect ordering, should be:
"Usage: %s sign enclave_image sign enclave_image config_file key_file\n"
berinpaul
force-pushed
the
feature/oedump_into_oesign
branch
from
68f4ee0
to
327f225
Compare
|
bors try |
tryBuild succeeded |
|
bors r+ |
941: Added command in oesign to dump oeinfo and signature information #564 r=CodeMonkeyLeet a=berinpaul Dump feature added to oesign tool: Usage: `./oesign <command> [options]` Commands: *sign* - Sign the specified enclave. *dump* - Print out the Open Enclave metadata for the specified enclave. For help with a specific command, enter `./oesign <command> -?` Co-authored-by: berinpaul <berin.paul@vvdntech.in>
Build succeeded |
Dump feature added to oesign tool:
Usage:
./oesign <command> [options]Commands:
sign - Sign the specified enclave.
dump - Print out the Open Enclave metadata for the specified enclave.
For help with a specific command, enter
./oesign <command> -?