This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/develop by this push:
new 28ec484 [attestation] Polishing error handling
28ec484 is described below
commit 28ec484e3e92c87fe5951a541d5da0820755def4
Author: Mingshen Sun <[email protected]>
AuthorDate: Sun Feb 9 17:28:37 2020 -0800
[attestation] Polishing error handling
---
attestation/src/lib.rs | 6 +++--
attestation/src/platform.rs | 60 +++++++++++++++------------------------------
attestation/src/service.rs | 3 ++-
3 files changed, 26 insertions(+), 43 deletions(-)
diff --git a/attestation/src/lib.rs b/attestation/src/lib.rs
index 4952d62..146f596 100644
--- a/attestation/src/lib.rs
+++ b/attestation/src/lib.rs
@@ -26,13 +26,15 @@ use std::prelude::v1::*;
#[derive(thiserror::Error, Debug)]
pub enum AttestationError {
#[error("OCall error")]
- OCallError,
+ OCallError(sgx_types::sgx_status_t),
#[error("Attestation Service error")]
AttestationServiceError,
#[error("Platform error")]
- PlatformError,
+ PlatformError(sgx_types::sgx_status_t),
#[error("Report error")]
ReportError,
+ #[error("Report error")]
+ ConnectionError,
}
pub enum AttestationConfig {
diff --git a/attestation/src/platform.rs b/attestation/src/platform.rs
index 07c8b5d..f1ac40d 100644
--- a/attestation/src/platform.rs
+++ b/attestation/src/platform.rs
@@ -1,13 +1,11 @@
use crate::AttestationError;
-use anyhow::bail;
-use anyhow::Error;
-use anyhow::Result;
+use anyhow::{ensure, Result};
use log::debug;
use sgx_rand::os::SgxRng;
use sgx_rand::Rng;
use sgx_tcrypto::rsgx_sha256_slice;
use sgx_tse::{rsgx_create_report, rsgx_verify_report};
-use sgx_types::sgx_ec256_public_t;
+use sgx_types::sgx_status_t::SGX_SUCCESS;
use sgx_types::*;
use std::prelude::v1::*;
@@ -50,13 +48,8 @@ pub(crate) fn init_sgx_quote() -> Result<(sgx_att_key_id_t,
sgx_target_info_t)>
let res = unsafe { ocall_sgx_init_quote(&mut rt as _, &mut ak_id as _,
&mut ti as _) };
- if res != sgx_status_t::SGX_SUCCESS {
- bail!(AttestationError::OCallError)
- }
-
- if rt != sgx_status_t::SGX_SUCCESS {
- bail!(AttestationError::PlatformError)
- }
+ ensure!(res == SGX_SUCCESS, AttestationError::OCallError(res));
+ ensure!(rt == SGX_SUCCESS, AttestationError::PlatformError(rt));
Ok((ak_id, ti))
}
@@ -74,24 +67,19 @@ pub(crate) fn create_sgx_isv_enclave_report(
report_data.d[..32].clone_from_slice(&pub_k_gx);
report_data.d[32..].clone_from_slice(&pub_k_gy);
- Ok(rsgx_create_report(&target_info, &report_data)
- .map_err(|_| Error::new(AttestationError::PlatformError))
- .unwrap())
+ let report =
+ rsgx_create_report(&target_info,
&report_data).map_err(AttestationError::PlatformError)?;
+ Ok(report)
}
pub(crate) fn get_sgx_quote(ak_id: &sgx_att_key_id_t, report: sgx_report_t) ->
Result<Vec<u8>> {
- let mut rt: sgx_status_t = sgx_status_t::SGX_ERROR_UNEXPECTED;
+ let mut rt = sgx_status_t::SGX_ERROR_UNEXPECTED;
let mut quote_len: u32 = 0;
let res = unsafe { ocall_sgx_get_quote_size(&mut rt as _, ak_id as _, &mut
quote_len as _) };
- if res != sgx_status_t::SGX_SUCCESS {
- bail!(AttestationError::OCallError);
- }
-
- if rt != sgx_status_t::SGX_SUCCESS {
- bail!(AttestationError::PlatformError);
- }
+ ensure!(res == SGX_SUCCESS, AttestationError::OCallError(res));
+ ensure!(rt == SGX_SUCCESS, AttestationError::PlatformError(rt));
let mut qe_report_info = sgx_qe_report_info_t::default();
let mut quote_nonce = sgx_quote_nonce_t::default();
@@ -105,9 +93,7 @@ pub(crate) fn get_sgx_quote(ak_id: &sgx_att_key_id_t,
report: sgx_report_t) -> R
// returned with the quote
let res = unsafe { sgx_self_target(&mut
qe_report_info.app_enclave_target_info as _) };
- if res != sgx_status_t::SGX_SUCCESS {
- bail!(AttestationError::PlatformError);
- }
+ ensure!(res == SGX_SUCCESS, AttestationError::PlatformError(res));
let mut quote = vec![0; quote_len as usize];
@@ -123,14 +109,13 @@ pub(crate) fn get_sgx_quote(ak_id: &sgx_att_key_id_t,
report: sgx_report_t) -> R
)
};
- if res != sgx_status_t::SGX_SUCCESS || rt != sgx_status_t::SGX_SUCCESS {
- bail!(AttestationError::OCallError);
- }
+ ensure!(res == SGX_SUCCESS, AttestationError::OCallError(res));
+ ensure!(rt == SGX_SUCCESS, AttestationError::PlatformError(rt));
debug!("rsgx_verify_report");
let qe_report = qe_report_info.qe_report;
// Perform a check on qe_report to verify if the qe_report is valid.
- rsgx_verify_report(&qe_report).map_err(|_|
Error::new(AttestationError::PlatformError))?;
+ rsgx_verify_report(&qe_report).map_err(AttestationError::PlatformError)?;
// Check qe_report to defend against replay attack. The purpose of
// p_qe_report is for the ISV enclave to confirm the QUOTE it received
@@ -143,13 +128,9 @@ pub(crate) fn get_sgx_quote(ak_id: &sgx_att_key_id_t,
report: sgx_report_t) -> R
let mut rhs_vec: Vec<u8> = quote_nonce.rand.to_vec();
rhs_vec.extend("e);
debug!("rsgx_sha256_slice");
- let rhs_hash = rsgx_sha256_slice(&rhs_vec)
- .map_err(|_| Error::new(AttestationError::PlatformError))
- .expect("sha256 failed");
+ let rhs_hash =
rsgx_sha256_slice(&rhs_vec).map_err(AttestationError::PlatformError)?;
let lhs_hash = &qe_report.body.report_data.d[..32];
- if rhs_hash != lhs_hash {
- bail!(AttestationError::PlatformError);
- }
+ ensure!(rhs_hash == lhs_hash, AttestationError::ReportError);
Ok(quote)
}
@@ -160,9 +141,8 @@ pub(crate) fn get_attestation_service_socket(url: &str) ->
Result<c_int> {
let res =
unsafe { ocall_sgx_get_remote_socket(&mut fd as _,
url.as_bytes().as_ptr(), url.len()) };
- if res != sgx_status_t::SGX_SUCCESS || fd < 0 {
- bail!(AttestationError::OCallError)
- } else {
- Ok(fd)
- }
+ ensure!(res == SGX_SUCCESS, AttestationError::OCallError(res));
+ ensure!(fd > 0, AttestationError::ConnectionError);
+
+ Ok(fd)
}
diff --git a/attestation/src/service.rs b/attestation/src/service.rs
index 8b8a634..6b489b7 100644
--- a/attestation/src/service.rs
+++ b/attestation/src/service.rs
@@ -25,6 +25,7 @@ use anyhow::Result;
use anyhow::{anyhow, bail};
use log::{debug, trace};
use percent_encoding;
+use serde_json::json;
use sgx_types::*;
use std::collections::HashMap;
use std::io::{Read, Write};
@@ -88,7 +89,7 @@ fn get_report(
debug!("get_report");
let report_uri = "/sgx/dev/attestation/v3/report";
let encoded_quote = base64::encode(quote);
- let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n",
encoded_quote);
+ let encoded_json = json!({ "isvEnclaveQuote": encoded_quote }).to_string();
let request = format!(
"POST {} HTTP/1.1\r\n\
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
