Make oak_attestation build for no_std with bazel

Bug: 331189639 Bug: 349586828 Change-Id: I894e0e4646035a753e132d9345f7c5075ef2b6d4
project-oak · Jul 15, 2024 · ff34e5d · ff34e5d
1 parent e95a37e
commit ff34e5d
Show file tree

Hide file tree

Showing 14 changed files with 37 additions and 95 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/oak_attestation/BUILD b/oak_attestation/BUILD
@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-load("@rules_rust//cargo:defs.bzl", "cargo_build_script")
 load("@rules_rust//rust:defs.bzl", "rust_library")
+load("//bazel:defs.bzl", "either_platform")
 
 package(
     default_visibility = ["//visibility:public"],
@@ -24,41 +24,35 @@ package(
 rust_library(
     name = "oak_attestation",
     srcs = glob(["src/**"]),
+    target_compatible_with = either_platform([
+        "//:x86_64-linux-setting",
+        "//:x86_64-none-setting",
+    ]),
     deps = [
-        ":build",
         "//micro_rpc",
         "//oak_crypto",
         "//oak_dice",
         "//oak_proto_rust",
-        "@oak_crates_index//:anyhow",
-        "@oak_crates_index//:ciborium",
-        "@oak_crates_index//:coset",
-        "@oak_crates_index//:log",
-        "@oak_crates_index//:p256",
-        "@oak_crates_index//:prost",
-        "@oak_crates_index//:rand_core",
-        "@oak_crates_index//:sha2",
-        "@oak_crates_index//:zeroize",
-    ],
-)
-
-cargo_build_script(
-    name = "build",
-    srcs = [
-        "build.rs",
-    ],
-    build_script_env = {
-        "PROTOC": "$(execpath @com_google_protobuf//:protoc)",
-    },
-    data = [
-        "//proto/attestation:dice_proto",
-        "//proto/attestation:endorsement_proto",
-        "//proto/attestation:evidence_proto",
-        "//proto/session:messages_proto",
-        "@com_google_protobuf//:protoc",
-    ],
-    deps = [
-        "//micro_rpc_build",
-        "@oak_crates_index//:prost-build",
-    ],
+    ] + select({
+        "@platforms//os:none": [
+            "@oak_no_std_crates_index//:anyhow",
+            "@oak_no_std_crates_index//:ciborium",
+            "@oak_no_std_crates_index//:coset",
+            "@oak_no_std_crates_index//:p256",
+            "@oak_no_std_crates_index//:prost",
+            "@oak_no_std_crates_index//:rand_core",
+            "@oak_no_std_crates_index//:sha2",
+            "@oak_no_std_crates_index//:zeroize",
+        ],
+        "//conditions:default": [
+            "@oak_crates_index//:anyhow",
+            "@oak_crates_index//:ciborium",
+            "@oak_crates_index//:coset",
+            "@oak_crates_index//:p256",
+            "@oak_crates_index//:prost",
+            "@oak_crates_index//:rand_core",
+            "@oak_crates_index//:sha2",
+            "@oak_crates_index//:zeroize",
+        ],
+    }),
 )
diff --git a/oak_attestation/Cargo.toml b/oak_attestation/Cargo.toml
@@ -8,7 +8,6 @@ license = "Apache-2.0"
 anyhow = { version = "*", default-features = false }
 ciborium = { version = "*", default-features = false }
 coset = { version = "*", default-features = false }
-log = { version = "*", default-features = false }
 oak_crypto = { workspace = true }
 oak_dice = { workspace = true }
 oak_proto_rust = { workspace = true }

diff --git a/oak_attestation/build.rs b/oak_attestation/build.rs
diff --git a/oak_attestation/src/dice.rs b/oak_attestation/src/dice.rs
@@ -25,13 +25,12 @@ use oak_dice::{
     },
     evidence::Stage0DiceData,
 };
-use p256::ecdsa::{SigningKey, VerifyingKey};
-use zeroize::Zeroize;
-
-use crate::proto::oak::attestation::v1::{
+use oak_proto_rust::oak::attestation::v1::{
     ApplicationKeys, CertificateAuthority, DiceData, Evidence, LayerEvidence, RootLayerEvidence,
     TeePlatform,
 };
+use p256::ecdsa::{SigningKey, VerifyingKey};
+use zeroize::Zeroize;
 
 /// Builds the DICE evidence and certificate authority for the next DICE layer.
 pub struct DiceBuilder {

diff --git a/oak_attestation/src/lib.rs b/oak_attestation/src/lib.rs
@@ -18,17 +18,5 @@
 
 extern crate alloc;
 
-pub mod proto {
-    pub mod oak {
-        pub mod session {
-            pub mod v1 {
-                #![allow(dead_code)]
-                include!(concat!(env!("OUT_DIR"), "/oak.session.v1.rs"));
-            }
-        }
-        pub use oak_proto_rust::oak::{attestation, crypto};
-    }
-}
-
 pub mod dice;
 pub mod handler;
diff --git a/oak_containers_orchestrator/src/dice.rs b/oak_containers_orchestrator/src/dice.rs
@@ -21,11 +21,12 @@ use std::{
 use anyhow::Context;
 use ciborium::Value;
 use coset::cwt::ClaimName;
-use oak_attestation::{dice::DiceBuilder, proto::oak::attestation::v1::DiceData};
+use oak_attestation::dice::DiceBuilder;
 use oak_dice::cert::{
     CONTAINER_IMAGE_LAYER_ID, FINAL_LAYER_CONFIG_MEASUREMENT_ID, LAYER_3_CODE_MEASUREMENT_ID,
     SHA2_256_ID,
 };
+use oak_proto_rust::oak::attestation::v1::DiceData;
 use prost::Message;
 use sha2::{Digest, Sha256};
 use zeroize::Zeroize;

diff --git a/oak_containers_orchestrator/src/lib.rs b/oak_containers_orchestrator/src/lib.rs
@@ -23,7 +23,6 @@ pub mod proto {
                 tonic::include_proto!("oak.containers.v1");
             }
         }
-        pub use oak_attestation::proto::oak::session;
         pub use oak_proto_rust::oak::{attestation, crypto};
         pub mod key_provisioning {
             pub mod v1 {

diff --git a/oak_containers_sdk/BUILD b/oak_containers_sdk/BUILD
@@ -34,7 +34,6 @@ rust_library(
     ],
     deps = [
         ":build",
-        "//oak_attestation",
         "//oak_crypto",
         "//oak_proto_rust",
         "@oak_crates_index//:anyhow",

diff --git a/oak_containers_sdk/Cargo.toml b/oak_containers_sdk/Cargo.toml
@@ -11,7 +11,6 @@ oak_grpc_utils = { workspace = true }
 [dependencies]
 anyhow = "*"
 async-trait = { version = "*", default-features = false }
-oak_attestation = { workspace = true }
 oak_proto_rust = { workspace = true }
 oak_crypto = { workspace = true }
 prost = "*"

diff --git a/oak_containers_sdk/src/lib.rs b/oak_containers_sdk/src/lib.rs
@@ -22,8 +22,7 @@ mod proto {
                 tonic::include_proto!("oak.containers.v1");
             }
         }
-        pub use oak_attestation::proto::oak::attestation;
-        pub use oak_proto_rust::oak::crypto;
+        pub use oak_proto_rust::oak::{attestation, crypto};
     }
 }
 

diff --git a/oak_containers_stage1/src/client.rs b/oak_containers_stage1/src/client.rs
@@ -19,7 +19,7 @@ mod proto {
         pub mod containers {
             tonic::include_proto!("oak.containers");
         }
-        pub use oak_attestation::proto::oak::attestation;
+        pub use oak_proto_rust::oak::attestation;
     }
 }
 

diff --git a/oak_containers_stage1/src/dice.rs b/oak_containers_stage1/src/dice.rs
@@ -21,14 +21,12 @@ use anyhow::Context;
 use ciborium::Value;
 use coset::cwt::ClaimName;
 use nix::sys::mman::{mmap, munmap, MapFlags, ProtFlags};
-use oak_attestation::{
-    dice::{stage0_dice_data_to_proto, DiceBuilder},
-    proto::oak::attestation::v1::DiceData,
-};
+use oak_attestation::dice::{stage0_dice_data_to_proto, DiceBuilder};
 use oak_dice::{
     cert::{LAYER_2_CODE_MEASUREMENT_ID, SHA2_256_ID, SYSTEM_IMAGE_LAYER_ID},
     evidence::{Stage0DiceData, STAGE0_MAGIC},
 };
+use oak_proto_rust::oak::attestation::v1::DiceData;
 use sha2::{Digest, Sha256};
 use x86_64::PhysAddr;
 use zerocopy::FromBytes;

diff --git a/oak_functions_containers_app/src/lib.rs b/oak_functions_containers_app/src/lib.rs
@@ -55,8 +55,7 @@ pub mod proto {
             #![allow(clippy::return_self_not_must_use)]
             tonic::include_proto!("oak.functions");
         }
-        pub use oak_attestation::proto::oak::{attestation, session};
-        pub use oak_proto_rust::oak::crypto;
+        pub use oak_proto_rust::oak::{attestation, crypto, session};
     }
 }