New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added command in oesign to dump oeinfo and signature information #564 #941
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to design this out a little more before we take this in terms of what groups of data we would like to dump since some of that is changing.
@berinpaul, in the meantime, I would like you to refactor how the command handling is implemented, per the comment for oesign/main.c
printf("\n"); | ||
|
||
/* Dump the entry point */ | ||
dump_entry_point(&elf); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikbras Is this valuable to keep? We use _start
now, and we don't expect there to be an explicit flag on the build line to enable this, so I'm not sure if dumping this is useful anymore. This will also end up being something different in PE so I'd like to remove things that have to be supported in different ways on different systems.
dump_enclave_properties(&props); | ||
|
||
/* Dump the ECALL section */ | ||
dump_ecall_section(&elf); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tools/oesign/main.c
Outdated
@@ -523,7 +524,17 @@ static const char _usage[] = | |||
" -----BEGIN RSA PRIVATE KEY-----\n" | |||
"\n" | |||
" The resulting image is written to <EnclaveImage>.signed.so.\n" | |||
"\n"; | |||
"\n" | |||
" ---- OR-----\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an awkward way to express a multifunction CLI tool … we should probably refactor the parameter handling so that it is consolidated across the different sub-functions. This is especially true because as part of supported digest signing for #525, we will also need to add new commands to generate the digest and to inject a signed digest into an enclave sigstruct. To accommodate that I think we will need to standardize the usage format to take an explicit command:
Usage: oesign { sign | hash | info | verify } … <op specific parameters>
31b98a7
to
e946097
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comments inline … also, the original ask was to accommodate non-positional parameters as well, did you consider implementing that as well? With 3 or more parameters, it will be more difficult for the dev to use correctly based on positional parameters.
tools/oesign/main.c
Outdated
"Usage: %s EnclaveImage ConfigFile KeyFile\n" | ||
static const char _usage_gen[] = | ||
"Usage: %s <command> [options]\n" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove extra whitespace between lines, they're not preserved on print when concatenated anyway.
tools/oesign/main.c
Outdated
|
||
switch (argc) | ||
{ | ||
case 1: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not a particularly robust way of enumerating all the cases, consider parsing as a state machine instead of a switch-case predicated on number of arguments, because we may have cases with optional arguments, which this format cannot accommodate (or will be split up across number of arguments as opposed to functional grouping as in sign -?
vs. sign …
in this case.
tools/oesign/main.c
Outdated
keyfile = argv[3]; | ||
/* Collect arguments for signing*/ | ||
enclave = argv[2]; | ||
conffile = argv[3]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please encapsulate the signing-specific codepath into a separate function instead of letting it be a fall-through from arg_handler
6418c00
to
68f4ee0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor correction to the help documentation
tools/oesign/main.c
Outdated
"For help with a specific command, enter \"%s <command> -?\"\n"; | ||
|
||
static const char _usage_sign[] = | ||
"Usage: %s enclave_image sign config_file key_file\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Incorrect ordering, should be:
"Usage: %s sign enclave_image sign enclave_image config_file key_file\n"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrected.
68f4ee0
to
327f225
Compare
bors try |
tryBuild succeeded |
bors r+ |
941: Added command in oesign to dump oeinfo and signature information #564 r=CodeMonkeyLeet a=berinpaul Dump feature added to oesign tool: Usage: `./oesign <command> [options]` Commands: *sign* - Sign the specified enclave. *dump* - Print out the Open Enclave metadata for the specified enclave. For help with a specific command, enter `./oesign <command> -?` Co-authored-by: berinpaul <berin.paul@vvdntech.in>
Build succeeded |
Dump feature added to oesign tool:
Usage:
./oesign <command> [options]
Commands:
sign - Sign the specified enclave.
dump - Print out the Open Enclave metadata for the specified enclave.
For help with a specific command, enter
./oesign <command> -?