Split micro_rpc generation out of oak_proto_rust

See README.md updates for more info. Change-Id: If2186584e068b121d56ce987b8a680766554218b
project-oak · Jul 22, 2024 · 0c13105 · 0c13105
1 parent 3282852
commit 0c13105
Show file tree

Hide file tree

Showing 59 changed files with 775 additions and 727 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -49,6 +49,7 @@ members = [
   "oak_launcher_utils",
   "oak_proto_rust",
   "oak_proto_rust/grpc",
+  "oak_proto_rust/micro_rpc",
   "oak_restricted_kernel",
   "oak_restricted_kernel_dice",
   "oak_restricted_kernel_interface",
@@ -130,6 +131,7 @@ oak_grpc = { path = "./oak_proto_rust/grpc" }
 oak_launcher_utils = { path = "./oak_launcher_utils" }
 oak_linux_boot_params = { path = "./oak_linux_boot_params" }
 oak_logger = { path = "./oak_functions/logger" }
+oak_micro_rpc = { path = "./oak_proto_rust/micro_rpc" }
 oak_proto_rust = { path = "./oak_proto_rust" }
 oak_restricted_kernel_dice = { path = "./oak_restricted_kernel_dice" }
 oak_restricted_kernel_sdk = { path = "./oak_restricted_kernel_sdk" }

diff --git a/enclave_apps/Cargo.lock b/enclave_apps/Cargo.lock
diff --git a/enclave_apps/Cargo.toml b/enclave_apps/Cargo.toml
@@ -15,5 +15,6 @@ oak_channel = { path = "../oak_channel" }
 oak_dice = { path = "../oak_dice" }
 oak_restricted_kernel_sdk = { path = "../oak_restricted_kernel_sdk" }
 oak_restricted_kernel_interface = { path = "../oak_restricted_kernel_interface" }
+oak_micro_rpc = { path = "../oak_proto_rust/micro_rpc" }
 oak_proto_rust = { path = "../oak_proto_rust" }
 zerocopy = "*"
diff --git a/enclave_apps/oak_functions_enclave_app/BUILD b/enclave_apps/oak_functions_enclave_app/BUILD
@@ -29,7 +29,7 @@ rust_binary(
         "//micro_rpc",
         "//oak_functions_enclave_service:lib",
         "//oak_functions_service:lib",
-        "//oak_proto_rust",
+        "//oak_proto_rust/micro_rpc",
         "//oak_restricted_kernel_sdk",
     ],
 )
diff --git a/enclave_apps/oak_functions_enclave_app/Cargo.toml b/enclave_apps/oak_functions_enclave_app/Cargo.toml
@@ -20,7 +20,7 @@ oak_functions_enclave_service = { path = "../../oak_functions_enclave_service",
 oak_functions_service = { path = "../../oak_functions_service", default-features = false }
 log = "*"
 micro_rpc = { workspace = true }
-oak_proto_rust = { workspace = true }
+oak_micro_rpc = { workspace = true }
 oak_restricted_kernel_sdk = { workspace = true }
 
 [[bin]]

diff --git a/enclave_apps/oak_functions_enclave_app/src/main.rs b/enclave_apps/oak_functions_enclave_app/src/main.rs
@@ -50,7 +50,7 @@ fn main() -> ! {
         None,
         WasmConfig::default(),
     );
-    let server = oak_proto_rust::oak::functions::OakFunctionsServer::new(service);
+    let server = oak_micro_rpc::oak::functions::OakFunctionsServer::new(service);
     start_blocking_server(Box::<FileDescriptorChannel>::default(), server, &mut invocation_stats)
         .expect("server encountered an unrecoverable error");
 }
diff --git a/oak_containers_launcher/src/lib.rs b/oak_containers_launcher/src/lib.rs
@@ -23,11 +23,10 @@ use std::{
 
 use anyhow::Context;
 use clap::{Parser, ValueEnum};
-use oak_grpc::oak::key_provisioning::v1::{
-    key_provisioning_client::KeyProvisioningClient, GetGroupKeysRequest, GetGroupKeysResponse,
-};
+use oak_grpc::oak::key_provisioning::v1::key_provisioning_client::KeyProvisioningClient;
 use oak_proto_rust::oak::{
     attestation::v1::{endorsements, Endorsements, Evidence, OakRestrictedKernelEndorsements},
+    key_provisioning::v1::{GetGroupKeysRequest, GetGroupKeysResponse},
     session::v1::EndorsedEvidence,
 };
 pub use qemu::Params as QemuParams;

diff --git a/oak_containers_launcher/src/server.rs b/oak_containers_launcher/src/server.rs
@@ -22,13 +22,15 @@ use anyhow::anyhow;
 use futures::{FutureExt, Stream};
 use oak_grpc::oak::containers::{
     launcher_server::{Launcher, LauncherServer},
-    v1::{
-        hostlib_key_provisioning_server::{HostlibKeyProvisioning, HostlibKeyProvisioningServer},
-        GetGroupKeysResponse, GetKeyProvisioningRoleResponse, KeyProvisioningRole,
+    v1::hostlib_key_provisioning_server::{HostlibKeyProvisioning, HostlibKeyProvisioningServer},
+};
+use oak_proto_rust::oak::{
+    attestation::v1::Evidence,
+    containers::{
+        v1::{GetGroupKeysResponse, GetKeyProvisioningRoleResponse, KeyProvisioningRole},
+        GetApplicationConfigResponse, GetImageResponse, SendAttestationEvidenceRequest,
     },
-    GetApplicationConfigResponse, GetImageResponse, SendAttestationEvidenceRequest,
 };
-use oak_proto_rust::oak::attestation::v1::Evidence;
 use opentelemetry_proto::tonic::{
     collector::{
         logs::v1::{

diff --git a/oak_containers_orchestrator/BUILD b/oak_containers_orchestrator/BUILD
@@ -79,6 +79,7 @@ rust_binary(
     deps = [
         ":lib",
         "//oak_containers_agent:lib",
+        "//oak_proto_rust",
         "//oak_proto_rust/grpc",
         "@oak_crates_index//:anyhow",
         "@oak_crates_index//:clap",

diff --git a/oak_containers_orchestrator/src/crypto.rs b/oak_containers_orchestrator/src/crypto.rs
@@ -21,14 +21,14 @@ use oak_crypto::{
     encryptor::ServerEncryptor,
 };
 use oak_dice::cert::generate_ecdsa_key_pair;
-use oak_grpc::oak::{
+use oak_grpc::oak::containers::v1::orchestrator_crypto_server::OrchestratorCrypto;
+use oak_proto_rust::oak::{
     containers::v1::{
-        orchestrator_crypto_server::OrchestratorCrypto, DeriveSessionKeysRequest,
-        DeriveSessionKeysResponse, KeyOrigin, SignRequest, SignResponse,
+        DeriveSessionKeysRequest, DeriveSessionKeysResponse, KeyOrigin, SignRequest, SignResponse,
     },
+    crypto::v1::EncryptedRequest,
     key_provisioning::v1::GroupKeys as GroupKeysProto,
 };
-use oak_proto_rust::oak::crypto::v1::EncryptedRequest;
 use tonic::{Request, Response};
 
 pub fn generate_instance_keys() -> (InstanceKeys, InstancePublicKeys) {

diff --git a/oak_containers_orchestrator/src/ipc_server.rs b/oak_containers_orchestrator/src/ipc_server.rs
@@ -19,8 +19,8 @@ use anyhow::Context;
 use oak_grpc::oak::containers::{
     orchestrator_server::{Orchestrator, OrchestratorServer},
     v1::orchestrator_crypto_server::OrchestratorCryptoServer,
-    GetApplicationConfigResponse,
 };
+use oak_proto_rust::oak::containers::GetApplicationConfigResponse;
 use tokio::{fs::set_permissions, net::UnixListener};
 use tokio_stream::wrappers::UnixListenerStream;
 use tokio_util::sync::CancellationToken;

diff --git a/oak_containers_orchestrator/src/key_provisioning.rs b/oak_containers_orchestrator/src/key_provisioning.rs
@@ -16,8 +16,10 @@
 use std::sync::Arc;
 
 use oak_attestation_verification::verifier::verify_dice_chain;
-use oak_grpc::oak::key_provisioning::v1::{
-    key_provisioning_server::{KeyProvisioning, KeyProvisioningServer},
+use oak_grpc::oak::key_provisioning::v1::key_provisioning_server::{
+    KeyProvisioning, KeyProvisioningServer,
+};
+use oak_proto_rust::oak::key_provisioning::v1::{
     GetGroupKeysRequest, GetGroupKeysResponse, GroupKeys as GroupKeysProto,
 };
 use tokio::net::TcpListener;

diff --git a/oak_containers_orchestrator/src/launcher_client.rs b/oak_containers_orchestrator/src/launcher_client.rs
@@ -14,15 +14,15 @@
 // limitations under the License.
 
 use anyhow::Context;
-use oak_grpc::oak::{
-    containers::{
-        launcher_client::LauncherClient as GrpcLauncherClient,
-        v1::{hostlib_key_provisioning_client::HostlibKeyProvisioningClient, KeyProvisioningRole},
-        SendAttestationEvidenceRequest,
-    },
+use oak_grpc::oak::containers::{
+    launcher_client::LauncherClient as GrpcLauncherClient,
+    v1::hostlib_key_provisioning_client::HostlibKeyProvisioningClient,
+};
+use oak_proto_rust::oak::{
+    attestation::v1::Evidence,
+    containers::{v1::KeyProvisioningRole, SendAttestationEvidenceRequest},
     key_provisioning::v1::GroupKeys,
 };
-use oak_proto_rust::oak::attestation::v1::Evidence;
 use opentelemetry_otlp::{TonicExporterBuilder, WithExportConfig};
 use tokio_vsock::{VsockAddr, VsockStream};
 use tonic::transport::Channel;

diff --git a/oak_containers_orchestrator/src/main.rs b/oak_containers_orchestrator/src/main.rs
@@ -21,7 +21,7 @@ use oak_containers_agent::{metrics::MetricsConfig, set_error_handler};
 use oak_containers_orchestrator::{
     crypto::generate_instance_keys, launcher_client::LauncherClient,
 };
-use oak_grpc::oak::containers::v1::KeyProvisioningRole;
+use oak_proto_rust::oak::containers::v1::KeyProvisioningRole;
 use tokio_util::sync::CancellationToken;
 
 #[global_allocator]

diff --git a/oak_containers_sdk/src/crypto.rs b/oak_containers_sdk/src/crypto.rs
@@ -16,11 +16,11 @@
 use anyhow::Context;
 use async_trait::async_trait;
 use oak_crypto::{encryption_key::AsyncEncryptionKeyHandle, hpke::RecipientContext};
-use oak_grpc::oak::containers::v1::{
-    orchestrator_crypto_client::OrchestratorCryptoClient as GrpcOrchestratorCryptoClient,
-    DeriveSessionKeysRequest, KeyOrigin, SignRequest,
+use oak_grpc::oak::containers::v1::orchestrator_crypto_client::OrchestratorCryptoClient as GrpcOrchestratorCryptoClient;
+use oak_proto_rust::oak::{
+    containers::v1::{DeriveSessionKeysRequest, KeyOrigin, SignRequest},
+    crypto::v1::{SessionKeys, Signature},
 };
-use oak_proto_rust::oak::crypto::v1::{SessionKeys, Signature};
 use tonic::transport::{Endpoint, Uri};
 use tower::service_fn;
 

diff --git a/oak_debug_service/BUILD b/oak_debug_service/BUILD
@@ -25,6 +25,7 @@ rust_library(
     name = "oak_debug_service",
     srcs = glob(["src/**"]),
     deps = [
+        "//oak_proto_rust",
         "//oak_proto_rust/grpc",
         "@oak_crates_index//:pprof",
         "@oak_crates_index//:prost",

diff --git a/oak_debug_service/Cargo.toml b/oak_debug_service/Cargo.toml
@@ -9,6 +9,7 @@ oak_grpc_utils = { workspace = true }
 
 [dependencies]
 oak_grpc = { workspace = true }
+oak_proto_rust = { workspace = true }
 pprof = { version = "*", features = ["frame-pointer", "prost-codec"] }
 prost = "*"
 prost-types = "*"

diff --git a/oak_debug_service/src/lib.rs b/oak_debug_service/src/lib.rs
@@ -16,11 +16,9 @@
 
 use std::time::Duration;
 
-use oak_grpc::{
-    oak::debug::{
-        debug_service_server::{DebugService, DebugServiceServer},
-        CpuProfileRequest, CpuProfileResponse,
-    },
+use oak_grpc::oak::debug::debug_service_server::{DebugService, DebugServiceServer};
+use oak_proto_rust::{
+    oak::debug::{CpuProfileRequest, CpuProfileResponse},
     perftools::profiles::Profile,
 };
 use pprof::protos::Message as _;

diff --git a/oak_functions_enclave_service/BUILD b/oak_functions_enclave_service/BUILD
@@ -28,6 +28,7 @@ DEPS = [
     "//oak_core",
     "//oak_crypto",
     "//oak_proto_rust",
+    "//oak_proto_rust/micro_rpc",
     "//oak_restricted_kernel_sdk",
     "@oak_no_std_crates_index//:log",
 ] + select_std_crates([
@@ -82,6 +83,7 @@ rust_test_suite(
         "//oak_functions_service:lib",
         "//oak_functions_test_utils",
         "//oak_proto_rust",
+        "//oak_proto_rust/micro_rpc",
         "//oak_restricted_kernel_sdk",
         "@oak_crates_index//:env_logger",
         "@oak_crates_index//:log",

diff --git a/oak_functions_enclave_service/Cargo.toml b/oak_functions_enclave_service/Cargo.toml
@@ -20,6 +20,7 @@ oak_crypto = { workspace = true }
 oak_dice = { workspace = true }
 oak_restricted_kernel_sdk = { workspace = true }
 oak_functions_service = { workspace = true }
+oak_micro_rpc = { workspace = true }
 oak_proto_rust = { workspace = true }
 log = "*"
 

diff --git a/oak_functions_enclave_service/src/lib.rs b/oak_functions_enclave_service/src/lib.rs
@@ -24,11 +24,12 @@ use oak_attestation::{dice::evidence_to_proto, handler::EncryptionHandler};
 use oak_core::sync::OnceCell;
 use oak_crypto::encryption_key::EncryptionKeyHandle;
 use oak_functions_service::{instance::OakFunctionsInstance, Handler, Observer};
+use oak_micro_rpc::oak::functions::OakFunctions;
 use oak_proto_rust::oak::functions::{
     extend_next_lookup_data_request::Data, AbortNextLookupDataResponse, Empty,
     ExtendNextLookupDataRequest, ExtendNextLookupDataResponse, FinishNextLookupDataRequest,
     FinishNextLookupDataResponse, InitializeRequest, InitializeResponse, InvokeRequest,
-    InvokeResponse, LookupDataChunk, OakFunctions, ReserveRequest, ReserveResponse,
+    InvokeResponse, LookupDataChunk, ReserveRequest, ReserveResponse,
 };
 use prost::Message;
 

diff --git a/oak_functions_enclave_service/tests/integration_test.rs b/oak_functions_enclave_service/tests/integration_test.rs
@@ -26,13 +26,15 @@ use core::assert_matches::assert_matches;
 use oak_client::verifier::extract_encryption_public_key;
 use oak_crypto::encryptor::ClientEncryptor;
 use oak_functions_enclave_service::OakFunctionsService;
+use oak_micro_rpc::oak::functions::{
+    testing::TestModuleClient, OakFunctionsClient, OakFunctionsServer,
+};
 use oak_proto_rust::oak::{
     crypto::v1::EncryptedRequest,
     functions::{
-        extend_next_lookup_data_request::Data,
-        testing::{EchoAndPanicRequest, TestModuleClient},
+        extend_next_lookup_data_request::Data, testing::EchoAndPanicRequest,
         ExtendNextLookupDataRequest, FinishNextLookupDataRequest, InitializeRequest, InvokeRequest,
-        LookupDataChunk, LookupDataEntry, OakFunctionsClient, OakFunctionsServer,
+        LookupDataChunk, LookupDataEntry,
     },
 };
 use prost::Message;

diff --git a/oak_functions_launcher/BUILD b/oak_functions_launcher/BUILD
@@ -37,6 +37,7 @@ rust_library(
         "//oak_launcher_utils",
         "//oak_proto_rust",
         "//oak_proto_rust/grpc",
+        "//oak_proto_rust/micro_rpc",
         "@oak_crates_index//:anyhow",
         "@oak_crates_index//:async-stream",
         "@oak_crates_index//:clap",

diff --git a/oak_functions_launcher/Cargo.toml b/oak_functions_launcher/Cargo.toml
@@ -33,6 +33,7 @@ micro_rpc = { workspace = true }
 oak_channel = { workspace = true, features = ["client"] }
 oak_crypto = { workspace = true }
 oak_grpc = { workspace = true }
+oak_micro_rpc = { workspace = true }
 oak_proto_rust = { workspace = true }
 hashbrown = "*"
 ubyte = "*"