Add alloc feature

Previously the x509 certificate logic was always built as part of the `mc-attestation-verifier` crate. Now the x509 certificate logic is guarded by the `alloc` feature so that the crate can still be built in no alloc environments with limited capability.
mobilecoinfoundation · Apr 19, 2023 · 3c7e090 · 3c7e090
1 parent 065bd81
commit 3c7e090
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 9 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -196,7 +196,7 @@ jobs:
         with:
           toolchain: ${{ matrix.rust }}
       - uses: r7kamura/rust-problem-matchers@v1
-      - run: cargo +${{ matrix.rust }} build --release
+      - run: cargo +${{ matrix.rust }} build --release --all-features
 
   test:
     runs-on: ubuntu-22.04
@@ -216,7 +216,7 @@ jobs:
         with:
           toolchain: ${{ matrix.rust }}
       - uses: r7kamura/rust-problem-matchers@v1
-      - run: cargo +${{ matrix.rust }} test --release
+      - run: cargo +${{ matrix.rust }} test --release --all-features
 
   doc:
     runs-on: ubuntu-22.04
@@ -237,7 +237,7 @@ jobs:
         with:
           toolchain: ${{ matrix.rust }}
       - uses: r7kamura/rust-problem-matchers@v1
-      - run: cargo +${{ matrix.rust }} doc --release --no-deps
+      - run: cargo +${{ matrix.rust }} doc --release --no-deps --all-features
 
   coverage:
     runs-on: ubuntu-22.04
@@ -253,11 +253,44 @@ jobs:
       - uses: taiki-e/install-action@v2
         with:
           tool: cargo-llvm-cov
-      - run: cargo llvm-cov --workspace --lcov --output-path lcov.info
+      - run: |
+          cargo llvm-cov --all-features --workspace --lcov \
+            --output-path lcov.info
       - uses: codecov/codecov-action@v3
         with:
           files: lcov.info
 
+  # Ensure that verifier is able to build without alloc.
+  build-no-alloc:
+    runs-on: ubuntu-22.04
+    needs:
+      - lint
+    strategy:
+      matrix:
+        target:
+          - thumbv6m-none-eabi
+          - thumbv7m-none-eabi
+          - thumbv8m.main-none-eabi
+          - aarch64-linux-android
+          - aarch64-apple-ios
+    steps:
+      - uses: actions/checkout@v3
+      # The building of mc-sgx-core-types needs C headers. We leverage the
+      # SGX_SDK to get a somewhat portable version of the C headers.
+      - uses: mobilecoinfoundation/actions/sgxsdk@main
+        with:
+          version: 2.18.100.3
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: nightly-2023-01-04
+          targets: ${{ matrix.target }},x86_64-unknown-linux-gnu
+          components: rust-src
+      - uses: r7kamura/rust-problem-matchers@v1
+      - name: Build no alloc crate on various platfroms
+        run: |
+          CFLAGS="-isystem$SGX_SDK/include/tlibc" cargo +nightly-2023-01-04 \
+            build -Z build-std=core --target ${{ matrix.target }}
+
   notify:
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && failure()

diff --git a/verifier/Cargo.toml b/verifier/Cargo.toml
@@ -3,7 +3,7 @@ name = "mc-attestation-verifier"
 version = "0.1.0"
 authors = { workspace = true }
 # See https://crates.io/category_slugs for valid categories
-categories = ["authentication", "no-std"]
+categories = ["authentication", "no-std", "no-std::no-alloc"]
 description = "SGX Enclave Attestation Report Verification"
 edition = { workspace = true }
 # See https://crates.io/keywords for the common keywords
@@ -13,14 +13,17 @@ readme = "README.md"
 repository = { workspace = true }
 rust-version = { workspace = true }
 
+[features]
+alloc = ["pem-rfc7468/alloc", "dep:const-oid", "dep:p256", "dep:x509-cert"]
+
 [dependencies]
-const-oid = { version = "0.9.2", default-features = false }
+const-oid = { version = "0.9.2", default-features = false, optional = true }
 displaydoc = { version = "0.2.1", default-features = false }
 mc-sgx-core-types = "0.5.0"
-p256 = { version = "0.13.0", default-features = false, features = ["ecdsa"] }
-pem-rfc7468 = { version = "0.7.0", default-features = false, features = ["alloc"] }
+p256 = { version = "0.13.0", default-features = false, features = ["ecdsa"], optional = true }
+pem-rfc7468 = { version = "0.7.0", default-features = false, optional = true }
 subtle = { version = "2.4.0", default-features = false }
-x509-cert = { version = "0.2.0", default-features = false }
+x509-cert = { version = "0.2.0", default-features = false, optional = true }
 
 [dev-dependencies]
 mc-sgx-core-sys-types = "0.5.0"

diff --git a/verifier/src/lib.rs b/verifier/src/lib.rs
@@ -4,6 +4,7 @@
 #![deny(missing_docs, missing_debug_implementations, unsafe_code)]
 #![no_std]
 
+#[cfg(feature = "alloc")]
 mod certs;
 mod report_body;
 mod struct_name;
@@ -14,6 +15,7 @@ pub use report_body::{
     MiscellaneousSelectVerifier, MrEnclaveVerifier, MrSignerVerifier, ReportDataVerifier,
 };
 
+#[cfg(feature = "alloc")]
 pub use certs::{Error as CertificateError, UnverifiedCertificate, VerifiedCertificate};
 
 use core::fmt::{Debug, Display, Formatter};