[dcap] Do not panic in dcap library

2023-05-26 17:14:29 +08:00 · 2023-05-26 17:14:29 +08:00 · 198515ab90
commit 198515ab90
parent 9089764b64
7 changed files with 75 additions and 63 deletions
--- a/demos/remote_attestation/azure_attestation/maa_attestation/azure_att/src/maa.rs
+++ b/demos/remote_attestation/azure_attestation/maa_attestation/azure_att/src/maa.rs
@ -7,8 +7,8 @@ use occlum_dcap::*;
 pub const MAX_REPORT_DATA_SIZE: usize = 64;
 fn maa_get_quote_base64(user_data: &[u8]) -> Result<String, &'static str> {
-    let mut dcap = DcapQuote::new();
+    let mut dcap = DcapQuote::new().unwrap();
-    let quote_size = dcap.get_quote_size();
+    let quote_size = dcap.get_quote_size().unwrap();
    let mut quote_buf: Vec<u8> = vec![0; quote_size as usize];
    let mut report_data = sgx_report_data_t::default();
@ -25,10 +25,13 @@ fn maa_get_quote_base64(user_data: &[u8]) -> Result<String, &'static str> {
        report_data.d[i] = user_data[i];
    }
-    dcap.generate_quote(quote_buf.as_mut_ptr(), &mut report_data).unwrap();
+    let ret = dcap.generate_quote(quote_buf.as_mut_ptr(), &mut report_data).unwrap();
    dcap.close();
-    let quote = base64::encode(&quote_buf);
+    if ret < 0 {
        return Err("DCAP generate quote failed");
    }
    let quote = base64::encode(&quote_buf);
    Ok(quote)
 }
--- a/demos/remote_attestation/azure_attestation/maa_init/init/src/maa.rs
+++ b/demos/remote_attestation/azure_attestation/maa_init/init/src/maa.rs
@ -7,8 +7,8 @@ use occlum_dcap::*;
 pub const MAX_REPORT_DATA_SIZE: usize = 64;
 fn maa_get_quote_base64(user_data: &[u8]) -> Result<String, &'static str> {
-    let mut dcap = DcapQuote::new();
+    let mut dcap = DcapQuote::new().unwrap();
-    let quote_size = dcap.get_quote_size();
+    let quote_size = dcap.get_quote_size().unwrap();
    let mut quote_buf: Vec<u8> = vec![0; quote_size as usize];
    let mut report_data = sgx_report_data_t::default();
@ -25,10 +25,13 @@ fn maa_get_quote_base64(user_data: &[u8]) -> Result<String, &'static str> {
        report_data.d[i] = user_data[i];
    }
-    dcap.generate_quote(quote_buf.as_mut_ptr(), &mut report_data).unwrap();
+    let ret = dcap.generate_quote(quote_buf.as_mut_ptr(), &mut report_data).unwrap();
    dcap.close();
-    let quote = base64::encode(&quote_buf);
+    if ret < 0 {
        return Err("DCAP generate quote failed");
    }
    let quote = base64::encode(&quote_buf);
    Ok(quote)
 }
--- a/demos/remote_attestation/azure_attestation/maa_init/init/src/main.rs
+++ b/demos/remote_attestation/azure_attestation/maa_init/init/src/main.rs
@ -18,14 +18,6 @@ fn main() -> Result<(), Box<dyn Error>> {
    const IMAGE_CONFIG_FILE: &str = "/etc/image_config.json";
    let image_config = load_config(IMAGE_CONFIG_FILE)?;
    // Get the MAC of Occlum.json.protected file
    let occlum_json_mac = {
        let mut mac: sgx_aes_gcm_128bit_tag_t = Default::default();
        parse_str_to_bytes(&image_config.occlum_json_mac, &mut mac)?;
        mac
    };
    let occlum_json_mac_ptr = &occlum_json_mac as *const sgx_aes_gcm_128bit_tag_t;
    // Get the key of FS image if needed
    let key = match &image_config.image_type[..] {
        "encrypted" => {
@ -65,8 +57,9 @@ fn main() -> Result<(), Box<dyn Error>> {
    const SYS_MOUNT_FS: i64 = 363;
    // User can provide valid path for runtime mount and boot
    // Otherwise, just pass null pointer to do general mount and boot
-    let rootfs_config: *const i8 = std::ptr::null();
+    let root_config_path: *const i8 = std::ptr::null();
-    let ret = unsafe { syscall(SYS_MOUNT_FS, key_ptr, rootfs_config) };
+    let ret = unsafe { syscall(
        SYS_MOUNT_FS, key_ptr, root_config_path) };
    if ret < 0 {
        return Err(Box::new(std::io::Error::last_os_error()));
    }
@ -82,13 +75,10 @@ fn main() -> Result<(), Box<dyn Error>> {
 #[allow(non_camel_case_types)]
 type sgx_key_128bit_t = [u8; 16];
 #[allow(non_camel_case_types)]
 type sgx_aes_gcm_128bit_tag_t = [u8; 16];
 #[derive(Deserialize, Debug)]
 #[serde(deny_unknown_fields)]
 struct ImageConfig {
    occlum_json_mac: String,
    image_type: String,
 }
--- a/tools/toolchains/dcap_lib/examples/dcap_test.rs
+++ b/tools/toolchains/dcap_lib/examples/dcap_test.rs
@ -15,9 +15,9 @@ struct DcapDemo {
 impl DcapDemo {
    pub fn new(report_data: &str) -> Self {
-        let mut dcap = DcapQuote::new();
+        let mut dcap = DcapQuote::new().unwrap();
-        let quote_size = dcap.get_quote_size();
+        let quote_size = dcap.get_quote_size().unwrap();
-        let supplemental_size = dcap.get_supplemental_data_size();
+        let supplemental_size = dcap.get_supplemental_data_size().unwrap();
        let quote_buf: Vec<u8> = vec![0; quote_size as usize];
        let suppl_buf: Vec<u8> = vec![0; supplemental_size as usize];
        let mut req_data = sgx_report_data_t::default();
@ -37,12 +37,15 @@ impl DcapDemo {
        }
    }
-    fn dcap_quote_gen(&mut self) -> Result<i32> {
+    fn dcap_quote_gen(&mut self) -> i32 {
-        self.dcap_quote.generate_quote(self.quote_buf.as_mut_ptr(), &mut self.req_data).unwrap();
+        let ret = self.dcap_quote.generate_quote(self.quote_buf.as_mut_ptr(), &mut self.req_data).unwrap();
-
+        if ret < 0 {
            println!("DCAP generate quote failed");
        } else {
            println!("DCAP generate quote successfully");
        }
-        Ok( 0 )
+        ret
    }
    // Quote has type `sgx_quote3_t` and is structured as
@ -68,7 +71,7 @@ impl DcapDemo {
        Ok(report_data_ptr)
    }
-    fn dcap_quote_ver(&mut self) -> Result<sgx_ql_qv_result_t> {
+    fn dcap_quote_verify(&mut self) -> sgx_ql_qv_result_t {
        let mut quote_verification_result = sgx_ql_qv_result_t::SGX_QL_QV_RESULT_UNSPECIFIED;
        let mut status = 1;
@ -81,10 +84,14 @@ impl DcapDemo {
            supplemental_data: self.suppl_buf.as_mut_ptr(),
        };
-        self.dcap_quote.verify_quote(&mut verify_arg).unwrap();
+        let ret = self.dcap_quote.verify_quote(&mut verify_arg).unwrap();
        if ret < 0 {
            println!("DCAP verify quote failed");
        } else {
            println!("DCAP verify quote successfully");
        }
-        Ok( quote_verification_result )
+        quote_verification_result
    }
    fn dcap_dump_quote_info(&mut self) {
@ -137,7 +144,7 @@ fn main() {
    let mut dcap_demo = DcapDemo::new(report_str);
    println!("Generate quote with report data : {}", report_str);
-    dcap_demo.dcap_quote_gen().unwrap();
+    dcap_demo.dcap_quote_gen();
    // compare the report data in quote buffer
    let report_data_ptr = dcap_demo.dcap_quote_get_report_data().unwrap();
@ -151,7 +158,7 @@ fn main() {
    dcap_demo.dcap_dump_quote_info();
-    let result = dcap_demo.dcap_quote_ver().unwrap();
+    let result = dcap_demo.dcap_quote_verify();
    match result {
        sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => {
            println!("Succeed to verify the quote!");
--- a/tools/toolchains/dcap_lib/src/lib.rs
+++ b/tools/toolchains/dcap_lib/src/lib.rs
@ -6,7 +6,11 @@ pub use crate::occlum_dcap::*;
 #[no_mangle]
 pub extern "C" fn dcap_quote_open() -> *mut c_void {
-    Box::into_raw(Box::new(DcapQuote::new())) as *mut c_void
+    if let Ok(fd) = DcapQuote::new() {
        Box::into_raw(Box::new(fd)) as *mut c_void
    } else {
        std::ptr::null_mut::<u8>() as *mut c_void
    }
 }
 #[no_mangle]
@ -19,7 +23,7 @@ pub extern "C" fn dcap_get_quote_size(handle: *mut c_void) -> u32 {
        &mut *(handle as *mut DcapQuote)
    };
-    dcap.get_quote_size()
+    dcap.get_quote_size().unwrap_or(0)
 }
 #[no_mangle]
@ -36,9 +40,7 @@ pub extern "C" fn dcap_generate_quote(
        &mut *(handle as *mut DcapQuote)
    };
-    dcap.generate_quote(quote_buf, report_data).unwrap();
+    dcap.generate_quote(quote_buf, report_data).unwrap_or(-1)
    0
 }
 #[no_mangle]
@ -51,7 +53,7 @@ pub extern "C" fn dcap_get_supplemental_data_size(handle: *mut c_void) -> u32 {
        &mut *(handle as *mut DcapQuote)
    };
-    dcap.get_supplemental_data_size()
+    dcap.get_supplemental_data_size().unwrap_or(0)
 }
 #[no_mangle]
@ -81,9 +83,7 @@ pub extern "C" fn dcap_verify_quote(
        supplemental_data: supplemental_data,
    };
-    dcap.verify_quote(&mut verify_arg).unwrap();
+    dcap.verify_quote(&mut verify_arg).unwrap_or(-1)
    0
 }
--- a/tools/toolchains/dcap_lib/src/occlum_dcap.rs
+++ b/tools/toolchains/dcap_lib/src/occlum_dcap.rs
@ -20,7 +20,6 @@ cfg_if::cfg_if! {
    }
 }
 // Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
 //#[allow(dead_code)]
 #[repr(C)]
@ -49,32 +48,36 @@ pub struct DcapQuote {
 }
 impl DcapQuote {
-    pub fn new() -> Self {
+    pub fn new() -> Result<Self, Error> {
        let path = CString::new("/dev/sgx").unwrap();
        let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) };
        if fd > 0 {
-            Self {
+            Ok(Self {
                fd: fd,
                quote_size: 0,
                supplemental_size: 0,
-            }
+            })
        } else {
-            panic!("Open /dev/sgx failed")
+            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        }
    }
-    pub fn get_quote_size(&mut self) -> u32 {
+    pub fn get_quote_size(&mut self) -> Result<u32, Error> {
        let size: u32 = 0;
        let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_QUOTE_SIZE, &size) };
        if ret < 0 {
-            panic!("IOCTRL IOCTL_GET_DCAP_QUOTE_SIZE failed");
+            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        } else {
            self.quote_size = size;
-            size
+            Ok(size)
        }
    }
-    pub fn generate_quote(&mut self, quote_buf: *mut u8,  report_data: *const sgx_report_data_t) -> Result<i32, &'static str> {
+    pub fn generate_quote(&mut self, quote_buf: *mut u8,  report_data: *const sgx_report_data_t) -> Result<i32, Error> {
        let quote_arg: IoctlGenDCAPQuoteArg = IoctlGenDCAPQuoteArg {
            report_data: report_data,
            quote_size: &mut self.quote_size,
@ -83,30 +86,35 @@ impl DcapQuote {
        let ret = unsafe { libc::ioctl(self.fd, IOCTL_GEN_DCAP_QUOTE, &quote_arg) };
        if ret < 0 {
-            Err("IOCTRL IOCTL_GEN_DCAP_QUOTE failed")
+            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        } else {
-            Ok( 0 )
+            Ok(0)
        }
    }
-    pub fn get_supplemental_data_size(&mut self) -> u32 {
+    pub fn get_supplemental_data_size(&mut self) -> Result<u32, Error> {
        let size: u32 = 0;
        let ret = unsafe { libc::ioctl(self.fd, IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE, &size) };
        if ret < 0 {
-            panic!("IOCTRL IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE failed");
+            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        } else {
            self.supplemental_size = size;
-            size
+            Ok(size)
        }
    }
-    pub fn verify_quote(&mut self, verify_arg: *mut IoctlVerDCAPQuoteArg) -> Result<i32, &'static str> {
+    pub fn verify_quote(&mut self, verify_arg: *mut IoctlVerDCAPQuoteArg) -> Result<i32, Error> {
        let ret = unsafe { libc::ioctl(self.fd, IOCTL_VER_DCAP_QUOTE, verify_arg) };
        if ret < 0 {
-            println!("ret = {}", ret);
+            let os_err = Error::last_os_error();
-            Err("IOCTRL IOCTL_VER_DCAP_QUOTE failed")
+            println!("OS error: {os_err:?}");
            Err(os_err)
        } else {
-            Ok( 0 )
+            Ok(0)
        }
    }
--- a/tools/toolchains/dcap_lib/src/prelude.rs
+++ b/tools/toolchains/dcap_lib/src/prelude.rs
@ -1,4 +1,5 @@
 pub use std::boxed::Box;
 pub use std::io::Error;
 pub use libc::{open, ioctl, close, c_void, c_int, O_RDONLY};
 // Defined in "occlum/deps/rust-sgx-sdk/sgx_types"