Assign labels on channel creation #975

tiziano88 · 2020-05-12T13:22:56Z

Expand channel_create host function call to accept a Label parameter,
similar to node_create.

Add Client::new_with_label method to allow creating a gRPC client
pseudo-node at a specific IFC label. This will act as a
declassification, once more IFC rules are implemented in the Runtime.

Update ABI documentation.

Fix aggregator example documentation.

Ref #972 #630

Checklist

Pull request affects core Oak functionality (e.g. runtime, SDK, ABI)
- I have written tests that cover the code changes.
- I have checked that these tests are run by Cloudbuild
- I have updated documentation accordingly.
- I have raised an issue to
  cover any TODOs and/or unfinished work.
Pull request includes prototype/experimental work that is under
construction.

Expand `channel_create` host function call to accept a Label parameter, similar to `node_create`. Add `Client::new_with_label` method to allow creating a gRPC client pseudo-node at a specific IFC label. This will act as a declassification, once more IFC rules are implemented in the Runtime. Update ABI documentation. Fix aggregator example documentation. Ref project-oak#972 project-oak#630

conradgrobler · 2020-05-12T13:56:19Z

oak/server/rust/oak_runtime/src/runtime/tests.rs

-fn create_node_more_public_label() {
-    let secret_label = Label {
+fn create_node_less_secret_label_err() {
+    let initial_label = Label {
        secrecy_tags: vec![oak_abi::label::authorization_bearer_token_hmac_tag(&[


Is there a specific reason for somtimes creating the label explicitly rather than using test_label?

Yes, when I want to make it obvious that there is a relationship between two labels used in the same test case, in which case I prefer having them together and defined locally.

conradgrobler · 2020-05-12T13:57:48Z

oak/server/rust/oak_runtime/src/runtime/tests.rs

        secrecy_tags: vec![oak_abi::label::authorization_bearer_token_hmac_tag(&[
            1, 1, 1,
        ])],
        integrity_tags: vec![],
    };
+    let less_secret_label = Label {
+        secrecy_tags: vec![],


Any reason for not using public_trusted?

Same as the reason above :) I want to be able to see the difference between the two spelled out.

tiziano88 · 2020-05-12T14:53:27Z

oak/server/rust/oak_runtime/src/runtime/tests.rs

+#[ignore]
+#[should_panic]
+fn panic_check() {
+    let label = test_label();
    run_node_body(
-        Label::public_trusted(),
-        Box::new(|runtime| {
+        &label,
+        Box::new(|_runtime| {
+            panic!("testing that panic works");
+        }),
+    );
+}


@daviddrysdale FYI I am adding this (currently ignored) test in this PR, feel free to un-ignore or remove entirely when you get to the bottom of the synchronization issue.

Thanks, I've stolen it for #978

tiziano88 · 2020-05-12T14:54:46Z

examples/aggregator/README.md

@@ -15,24 +15,12 @@ output.
 Build and run the Backend with the following command:

 ```bash
+export RUST_LOG=info


cc @ipetr0v FYI I am making slight changes to these scripts, let me know if you have any comments, I will send you more PRs soon to make this example work with proper labels anyways.

github-actions · 2020-05-12T17:40:42Z

Reproducibility index:

172d711e5a55af5344316474a5ddac752df3f0a37119da92021d32bb89a7003e  ./target/wasm32-unknown-unknown/release/abitest_0_frontend.wasm
6b237a388a32f724f4e6d8a5b0468f641d8cb2506fc578dc7c77b496ff62369e  ./target/wasm32-unknown-unknown/release/abitest_1_backend.wasm
8751bebd9fe5b6ad73a168a067e73a0e3d6a2de73e3e7f9d334895a1ccd59fec  ./target/wasm32-unknown-unknown/release/aggregator.wasm
eda11289a9e128ba20b4920aa2ed8b17d12d707464d56ea2aaae73c7343f25e3  ./target/wasm32-unknown-unknown/release/chat.wasm
1995ff75e523dda9165a1e3749011d05d293c8d8ca05c9f6075d6321471c4ced  ./target/wasm32-unknown-unknown/release/hello_world.wasm
296d669f7d657ade8e8db4a3f2545b4875194babb3b5f88610ee298a4ba8cd62  ./target/wasm32-unknown-unknown/release/machine_learning.wasm
4e71f536b6ea366c1595a96e0c6f3eacd86855cdd2a9c4ea7239843a5af14d1a  ./target/wasm32-unknown-unknown/release/private_set_intersection.wasm
c41676f7c5336807c1fea5616b0eae4705c716abc9e0b056443df671565bbf2b  ./target/wasm32-unknown-unknown/release/running_average.wasm
91f12039c5f7141690ede22a3ae1c6f90dc665e4c6ec867f41238429e9428875  ./target/wasm32-unknown-unknown/release/translator.wasm

tiziano88 requested a review from conradgrobler May 12, 2020 13:22

googlebot added the cla: yes label May 12, 2020

conradgrobler approved these changes May 12, 2020

View reviewed changes

tiziano88 commented May 12, 2020

View reviewed changes

tiziano88 merged commit 612e245 into project-oak:master May 12, 2020

tiziano88 deleted the tzn_agg_labels branch May 12, 2020 16:34

tiziano88 mentioned this pull request Sep 3, 2020

Tracking issue: IFC evolution #1431

Closed

14 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Assign labels on channel creation #975

Assign labels on channel creation #975

tiziano88 commented May 12, 2020

conradgrobler May 12, 2020

tiziano88 May 12, 2020

conradgrobler May 12, 2020

tiziano88 May 12, 2020

tiziano88 May 12, 2020

daviddrysdale May 12, 2020

tiziano88 May 12, 2020

github-actions bot commented May 12, 2020

Assign labels on channel creation #975

Assign labels on channel creation #975

Conversation

tiziano88 commented May 12, 2020

Checklist

conradgrobler May 12, 2020

Choose a reason for hiding this comment

tiziano88 May 12, 2020

Choose a reason for hiding this comment

conradgrobler May 12, 2020

Choose a reason for hiding this comment

tiziano88 May 12, 2020

Choose a reason for hiding this comment

tiziano88 May 12, 2020

Choose a reason for hiding this comment

daviddrysdale May 12, 2020

Choose a reason for hiding this comment

tiziano88 May 12, 2020

Choose a reason for hiding this comment

github-actions bot commented May 12, 2020