Refactor crates build and fix linter settings for enclave-modules

.github/workflows/test.yml

@@ -23,6 +23,8 @@ jobs:
             ./enclave
           cache-directories: |
             ~/.cargo/registry/src/**/librocksdb-sys-*
+      - run: cargo check -r
+        working-directory: enclave-modules
       - run: make lint-tools
       - run: make lint
 

Cargo.toml

@@ -27,11 +27,6 @@ members = [
 ]
 exclude = [
     "enclave",
-    "enclave-modules/runtime",
-    "enclave-modules/environment",
-    "enclave-modules/store",
-    "enclave-modules/utils",
-    "enclave-modules/host-api",
-    "enclave-modules/ecall-handler",
+    "enclave-modules",
     "proto-compiler"
 ]

Makefile

@@ -49,7 +49,6 @@ endif
 
 SGX_COMMON_CFLAGS += -fstack-protector
 
-ENCLAVE_CARGO_FEATURES = --features=default
 APP_CARGO_FEATURES     = --features=default
 ifeq ($(SGX_PRODUCTION), 1)
 	SGX_ENCLAVE_MODE = "Production Mode"
@@ -60,7 +59,6 @@ else
 	SGX_ENCLAVE_CONFIG = "enclave/Enclave.config.xml"
 	SGX_SIGN_KEY = "enclave/Enclave_private.pem"
 	ifneq ($(SGX_MODE), HW)
-		ENCLAVE_CARGO_FEATURES = --features=default
 		APP_CARGO_FEATURES     = --features=default,sgx-sw
 	endif
 endif
@@ -127,8 +125,9 @@ all: $(App_Path) $(Signed_RustEnclave_Name)
 .PHONY: clean
 clean:
 	@rm -f $(App_Dir)/* $(RustEnclave_Name) $(Signed_RustEnclave_Name) enclave/*_t.* app/*_u.* lib/*.a
-	@cd enclave && cargo clean && rm -f Cargo.lock
-	@cargo clean && rm -f Cargo.lock
+	@cargo clean
+	@cd enclave && cargo clean
+	@cd enclave-modules && cargo clean
 
 ######## EDL Objects ########
 
@@ -169,7 +168,7 @@ $(Signed_RustEnclave_Name): $(RustEnclave_Name)
 
 .PHONY: enclave
 enclave:
-	@cd enclave && RUSTFLAGS=$(RUSTFLAGS) cargo build $(CARGO_TARGET) $(ENCLAVE_CARGO_FEATURES)
+	@cd enclave && RUSTFLAGS=$(RUSTFLAGS) cargo build $(CARGO_TARGET)
 	@cp enclave/target/$(OUTPUT_PATH)/libproxy_enclave.a ./lib/libenclave.a
 
 ######## Code generator ########
@@ -187,12 +186,15 @@ lint-tools:
 
 .PHONY: fmt
 fmt:
-	@cargo fmt --all $(CARGO_FMT_OPT) && cd ./enclave && cargo fmt --all $(CARGO_FMT_OPT)
+	@cargo fmt --all $(CARGO_FMT_OPT)
+	@$(TEST_ENCLAVE_CARGO) fmt --all $(CARGO_FMT_OPT)
+	@cd ./enclave && cargo fmt --all $(CARGO_FMT_OPT)
 
 .PHONY: lint
 lint:
 	@$(MAKE) CARGO_FMT_OPT=--check fmt
 	@cargo clippy --locked --tests $(CARGO_TARGET) -- -D warnings
+	@$(TEST_ENCLAVE_CARGO) clippy --locked --tests $(CARGO_TARGET) -- -D warnings
 	@cargo machete
 
 .PHONY: udeps
@@ -208,9 +210,18 @@ nodes-runner:
 
 ######## Tests ########
 
+TEST_ENCLAVE_RUSTFLAGS="-L $(SGX_SDK)/lib64"
+TEST_ENCLAVE_CARGO=RUSTFLAGS=$(TEST_ENCLAVE_RUSTFLAGS) cargo -Z unstable-options -C enclave-modules
+TEST_ENCLAVE_CARGO_TEST=$(TEST_ENCLAVE_CARGO) test $(CARGO_TARGET)
+
 .PHONY: test
 test:
 	@cargo test $(CARGO_TARGET) --lib --workspace --exclude integration-test
+	@$(TEST_ENCLAVE_CARGO_TEST) -p ecall-handler
+	@$(TEST_ENCLAVE_CARGO_TEST) -p enclave-environment
+	@$(TEST_ENCLAVE_CARGO_TEST) -p host-api
+	@$(TEST_ENCLAVE_CARGO_TEST) -p enclave-runtime
+	@$(TEST_ENCLAVE_CARGO_TEST) -p enclave-utils
 
 .PHONY: integration-test
 integration-test: $(Signed_RustEnclave_Name) bin/gaiad

app/Cargo.toml

@@ -19,13 +19,11 @@ serde = { version = "1.0.184", default-features = false, features = ["alloc"] }
 serde_json = { version = "1.0", default-features = false, features = ["alloc", "preserve_order"] }
 
 lcp-types = { path = "../modules/types" }
-host = { path = "../modules/host" }
-host-environment = { path = "../modules/host-environment" }
+host = { path = "../modules/host", features = ["rocksdb"] }
+enclave-api = { path = "../modules/enclave-api", features = ["rocksdb"] }
 service = { path = "../modules/service" }
-enclave-api = { path = "../modules/enclave-api" }
 ecall-commands = { path = "../modules/ecall-commands" }
 crypto = { path = "../modules/crypto" }
-store = { path = "../modules/store", features = ["rocksdbstore"] }
 keymanager = { path = "../modules/keymanager" }
 remote-attestation = { path = "../modules/remote-attestation" }
 

app/build.rs

@@ -1,30 +1,9 @@
 use git2::{DescribeOptions, Repository};
-use std::env;
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-    let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/sgxsdk".to_string());
-    let sgx_mode = env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string());
     let mut opts = DescribeOptions::new();
     opts.describe_tags().show_commit_oid_as_fallback(true);
     let version = Repository::discover(".")?.describe(&opts)?.format(None)?;
     println!("cargo:rustc-env=LCP_VERSION={}", version);
-    println!("cargo:rustc-link-search=native=./lib");
-    println!("cargo:rustc-link-lib=static=Enclave_u");
-    println!("cargo:rustc-link-search=native={}/lib64", sdk_dir);
-
-    match sgx_mode.as_ref() {
-        "SW" => {
-            println!("cargo:rustc-link-lib=dylib=sgx_urts_sim");
-            println!("cargo:rustc-link-lib=dylib=sgx_uae_service_sim");
-        }
-        "HW" => {
-            println!("cargo:rustc-link-lib=dylib=sgx_urts");
-            println!("cargo:rustc-link-lib=dylib=sgx_uae_service");
-        }
-        _ => {
-            println!("cargo:rustc-link-lib=dylib=sgx_urts");
-            println!("cargo:rustc-link-lib=dylib=sgx_uae_service");
-        }
-    }
     Ok(())
 }

app/src/commands.rs

@@ -2,9 +2,9 @@ use self::{attestation::AttestationCmd, elc::ELCCmd, enclave::EnclaveCmd, servic
 use crate::{enclave::build_enclave_loader, opts::Opts};
 use anyhow::Result;
 use clap::Parser;
-use host_environment::Environment;
+use host::environment::store::{host::HostStore, rocksdb::RocksDBStore};
+use host::environment::Environment;
 use std::sync::{Arc, RwLock};
-use store::{host::HostStore, rocksdb::RocksDBStore};
 
 mod attestation;
 mod elc;

app/src/commands/attestation.rs

@@ -6,9 +6,9 @@ use anyhow::{bail, Result};
 use clap::Parser;
 use crypto::Address;
 use enclave_api::{Enclave, EnclaveCommandAPI, EnclaveProtoAPI};
+use host::store::transaction::CommitStore;
 use log::info;
 use remote_attestation::{ias, IASMode};
-use store::transaction::CommitStore;
 
 /// `attestation` subcommand
 #[allow(clippy::upper_case_acronyms)]

app/src/commands/elc.rs

@@ -5,9 +5,9 @@ use crate::{
 use anyhow::Result;
 use clap::Parser;
 use enclave_api::{Enclave, EnclaveProtoAPI};
+use host::store::transaction::CommitStore;
 use serde::de::DeserializeOwned;
 use std::path::PathBuf;
-use store::transaction::CommitStore;
 
 // `client` subcommand
 #[derive(Debug, Parser)]

app/src/commands/enclave.rs

@@ -7,10 +7,10 @@ use clap::Parser;
 use crypto::Address;
 use ecall_commands::GenerateEnclaveKeyInput;
 use enclave_api::{Enclave, EnclaveCommandAPI, EnclaveProtoAPI};
+use host::store::transaction::CommitStore;
 use lcp_types::Mrenclave;
 use log::*;
 use serde_json::json;
-use store::transaction::CommitStore;
 
 // `enclave` subcommand
 #[derive(Debug, Parser)]

app/src/commands/service.rs

@@ -3,10 +3,10 @@ use crate::opts::{EnclaveOpts, Opts};
 use anyhow::Result;
 use clap::Parser;
 use enclave_api::{Enclave, EnclaveProtoAPI};
+use host::store::transaction::CommitStore;
 use log::*;
 use service::{run_service, AppService};
 use std::sync::Arc;
-use store::transaction::CommitStore;
 use tokio::runtime::Builder;
 
 // `service` subcommand

app/src/enclave.rs

@@ -1,9 +1,9 @@
 use crate::opts::Opts;
 use anyhow::{bail, Result};
 use enclave_api::{Enclave, EnclaveProtoAPI};
+use host::store::transaction::CommitStore;
 use keymanager::EnclaveKeyManager;
 use std::path::PathBuf;
-use store::transaction::CommitStore;
 
 pub trait EnclaveLoader<S: CommitStore> {
     fn load(&self, opts: &Opts, path: Option<&PathBuf>, debug: bool) -> Result<Enclave<S>>;

enclave-modules/.gitignore

@@ -0,0 +1,2 @@
+/Cargo.lock
+/target

enclave-modules/Cargo.toml

@@ -0,0 +1,9 @@
+[workspace]
+resolver = "2"
+members = [
+    "ecall-handler",
+    "environment",
+    "host-api",
+    "runtime",
+    "utils"
+]

enclave-modules/ecall-handler/src/light_client/init_client.rs

@@ -4,7 +4,7 @@ use context::Context;
 use core::str::FromStr;
 use crypto::Signer;
 use ecall_commands::{InitClientInput, InitClientResponse, LightClientResponse};
-use lcp_types::{Any, ClientId};
+use lcp_types::ClientId;
 use light_client::commitments::{prove_commitment, CommitmentProof};
 use light_client::{ClientKeeper, ClientReader, LightClientResolver};
 use store::KVStore;
@@ -15,14 +15,20 @@ pub fn init_client<R: LightClientResolver, S: KVStore, K: Signer>(
 ) -> Result<LightClientResponse, Error> {
     ctx.set_timestamp(input.current_timestamp);
 
-    let any_client_state: Any = input.any_client_state.into();
-    let any_consensus_state: Any = input.any_consensus_state.into();
-    let lc = match ctx.get_light_client(&any_client_state.type_url) {
+    let lc = match ctx.get_light_client(&input.any_client_state.type_url) {
         Some(lc) => lc,
-        None => return Err(Error::invalid_argument(any_client_state.type_url.clone())),
+        None => {
+            return Err(Error::invalid_argument(
+                input.any_client_state.type_url.clone(),
+            ))
+        }
     };
     let ek = ctx.get_enclave_key();
-    let res = lc.create_client(ctx, any_client_state.clone(), any_consensus_state.clone())?;
+    let res = lc.create_client(
+        ctx,
+        input.any_client_state.clone(),
+        input.any_consensus_state.clone(),
+    )?;
     let client_type = lc.client_type();
     let client_id = ClientId::from_str(&input.client_id)?;
     client_id.validate(&client_type)?;
@@ -31,8 +37,8 @@ pub fn init_client<R: LightClientResolver, S: KVStore, K: Signer>(
         return Err(Error::client_already_exists(client_id.to_string()));
     }
     ctx.store_client_type(client_id.clone(), client_type)?;
-    ctx.store_any_client_state(client_id.clone(), any_client_state)?;
-    ctx.store_any_consensus_state(client_id.clone(), res.height, any_consensus_state)?;
+    ctx.store_any_client_state(client_id.clone(), input.any_client_state)?;
+    ctx.store_any_consensus_state(client_id.clone(), res.height, input.any_consensus_state)?;
 
     let proof = if res.prove {
         prove_commitment(ek, res.message)?

enclave-modules/ecall-handler/src/light_client/registry.rs

@@ -6,6 +6,7 @@ use lcp_types::ClientId;
 use light_client::{ClientReader, LightClient, LightClientResolver, RegistryError};
 use store::KVStore;
 
+#[allow(clippy::borrowed_box)]
 pub fn get_light_client_by_client_id<'a, R: LightClientResolver, S: KVStore, K: Signer>(
     ctx: &'a Context<R, S, K>,
     client_id: &ClientId,

enclave-modules/ecall-handler/src/light_client/update_client.rs

@@ -16,7 +16,7 @@ pub fn update_client<R: LightClientResolver, S: KVStore, K: Signer>(
 
     let lc = get_light_client_by_client_id(ctx, &input.client_id)?;
     let ek = ctx.get_enclave_key();
-    match lc.update_client(ctx, input.client_id.clone(), input.any_header.into())? {
+    match lc.update_client(ctx, input.client_id.clone(), input.any_header)? {
         UpdateClientResult::UpdateState(mut data) => {
             let message: ProxyMessage = {
                 if input.include_state && data.message.emitted_states.is_empty() {

enclave-modules/environment/src/environment_impl.rs

@@ -10,7 +10,12 @@ pub struct Environment {
 
 impl Environment {
     pub fn new(lc_registry: MapLightClientRegistry) -> Self {
+        if !lc_registry.is_sealed() {
+            panic!("Light client registry must be sealed before creating an environment");
+        }
         Self {
+            // Thread-safe: `lc_registry` is sealed and immutable after initialization
+            #[allow(clippy::arc_with_non_send_sync)]
             lc_registry: Arc::new(lc_registry),
         }
     }

enclave-modules/host-api/Cargo.toml

@@ -11,3 +11,8 @@ bincode = { version = "2.0.0-rc.3", default-features = false, features = ["serde
 flex-error = { version = "0.4.4", default-features = false }
 ocall-commands = { path = "../../modules/ocall-commands", default-features = false }
 store = { path = "../../modules/store", default-features = false }
+
+[dev-dependencies]
+tempfile = "3"
+host = { path = "../../modules/host", default-features = false, features = ["test"] }
+enclave-api = { path = "../../modules/enclave-api", default-features = false }