Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make communication between Veracruz client and runtime manager simpler and faster. #558

Open
egrimley-arm opened this issue Nov 7, 2022 · 3 comments
Assignees
Labels
client-code Something related to client code for interacting with Veracruz enhancement New feature or request server Something related to the untrusted Veracruz servers trusted-veracruz-runtime Something related to the trusted Veracruz runtime

Comments

@egrimley-arm
Copy link
Contributor

egrimley-arm commented Nov 7, 2022

The current code seems to be more complex than necessary, for historical reasons, and appears to perform poorly, particularly in terms of latency. Issue #378 has helped a lot, but there is more work to do.

TLS is designed for full-duplex connections, but parts of Veracruz send and receive TLS-encrypted data in a request-response manner, which makes it unclear how to avoid a situation in which both sides are waiting for data from the other side. The Veracruz server should probably operate in a full-duplex way without any such assumptions about the lower-level protocol inside the encrypted packets.

With all of our current platforms, communication with the runtime manager is through something that resembles a socket, so there could be multiple connections to the runtime manager rather than have the Veracruz server multiplex client connections into a single connection into the runtime. (Once an enclave has been established, the Veracruz server would then act rather like multiple instances of socat.)

It may be possible to have a more principled way of detecting when a protocol buffer is complete rather than having our code add length prefixes in an ad hoc way.

@egrimley-arm egrimley-arm added enhancement New feature or request trusted-veracruz-runtime Something related to the trusted Veracruz runtime client-code Something related to client code for interacting with Veracruz server Something related to the untrusted Veracruz servers labels Nov 7, 2022
@egrimley-arm egrimley-arm self-assigned this Nov 7, 2022
@egrimley-arm
Copy link
Contributor Author

PR #552 is a first step in the work for this issue.

@dreemkiller
Copy link
Member

How is this looking now, @egrimley-arm ?

@egrimley-arm
Copy link
Contributor Author

Kyle is working on something closely related to this: #10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
client-code Something related to client code for interacting with Veracruz enhancement New feature or request server Something related to the untrusted Veracruz servers trusted-veracruz-runtime Something related to the trusted Veracruz runtime
Projects
None yet
Development

No branches or pull requests

2 participants