From a3d604845b8230c01815c79fcfe83192b9abd946 Mon Sep 17 00:00:00 2001
From: ghe0 <gheorghe@gheo.tech>
Date: Fri, 21 Mar 2025 03:49:16 +0200
Subject: [PATCH] removed some of the unwraps; more testing required

---
 src/config.rs         | 124 ++++++++++++++++++++++--------------------
 src/sgx/grpc_brain.rs |   2 +-
 src/sgx/grpc_dtpm.rs  |   6 +-
 src/sgx/packaging.rs  |   4 +-
 4 files changed, 72 insertions(+), 64 deletions(-)

diff --git a/src/config.rs b/src/config.rs
index b654437..fb722b7 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -17,7 +17,7 @@ pub struct AccountData {
     wallet_address: String,
     wallet_path: String,
     hratls_pubkey: String,
-    hratls_path: String,
+    hratls_key_path: String,
     mrsigner: String,
     mrsigner_key_path: String,
 }
@@ -43,6 +43,9 @@ impl super::HumanOutput for AccountData {
                 println!("Hop on discord to get an airdrop: https://discord.gg/DcfYczAMtD \n")
             }
         }
+        if !self.mrsigner.is_empty() {
+            println!("The MRSIGNER for apps is: {}", self.mrsigner);
+        }
     }
 }
 
@@ -59,13 +62,19 @@ pub enum Error {
     #[error("Parsing of the yaml config file failed: {0}")]
     YamlFormat(#[from] serde_yaml::Error),
     #[error("The private key of the DeTEE account got corrupted.")]
-    CorruptedKey,
+    CorruptedWalletKey,
+    #[error("The private ED25519 key used for HRATLS got corrupted: {0}")]
+    CorruptedHratlsKey(String),
+    #[error("The MRSIGNER key (used for signing apps) got corrupted: {0}")]
+    CorruptedMrSigner(String),
     #[error("Failed to generate key using openssl: {0}")]
     Openssl(String),
     #[error{"Failed to retrive/download the artefact"}]
     ArtefactError,
     #[error{"SSH key not defined. Run `detee-cli account` for more info."}]
     SshKeyNoDefined,
+    #[error{"RSA Error: {0}"}]
+    RSAError(#[from] openssl::error::ErrorStack),
 }
 
 impl Config {
@@ -227,9 +236,9 @@ impl Config {
         Ok(SigningKey::from_bytes(
             &bs58::decode(std::fs::read_to_string(Self::detee_wallet_key_path()?)?.trim())
                 .into_vec()
-                .map_err(|_| Error::CorruptedKey)?
+                .map_err(|_| Error::CorruptedWalletKey)?
                 .try_into()
-                .map_err(|_| Error::CorruptedKey)?,
+                .map_err(|_| Error::CorruptedWalletKey)?,
         ))
     }
 
@@ -345,103 +354,100 @@ impl Config {
             Err(_) => log::error!("This error should never happen. Please report this bug."),
         }
 
-        // TODO: Also populate these fields:
-        //   hratls_pubkey: String,
-        //   hratls_path: String,
-        //   mrsigner: String,
-        //   signing_key_path: String,
+        match Self::mrsigner_key_path() {
+            Ok(path) => {
+                account_data.mrsigner_key_path = path;
+                match Self::get_mrsigner() {
+                    Ok(mrsigner) => account_data.mrsigner = mrsigner,
+                    Err(e) => {
+                        log::error!("Could not load MRSIGNER key: {e}")
+                    }
+                }
+            }
+            Err(e) => log::error!("Please report this bug. Could not get MRSIGNER path: {e}"),
+        }
+
+        match Self::hratls_key_path() {
+            Ok(path) => {
+                account_data.hratls_key_path = path;
+                match Self::get_hratls_pubkey_hex() {
+                    Ok(pubkey) => account_data.hratls_pubkey = pubkey,
+                    Err(e) => {
+                        log::error!("Could not load HRATLS key: {e}")
+                    }
+                }
+            }
+            Err(e) => log::error!("Please report this bug. Could not get HRATLS key path: {e}"),
+        }
 
         account_data
     }
 }
 
 impl Config {
-    pub fn get_hratls_private_key() -> String {
-        std::fs::read_to_string(Self::hratls_private_key_path())
-            .unwrap_or_else(|_| Self::create_hratls_key().expect("Failed to create HRATLS key"))
-    }
-
-    fn create_hratls_key() -> Result<String, Box<dyn std::error::Error>> {
-        let private_key_path = Self::hratls_private_key_path();
+    pub fn get_hratls_private_key() -> Result<String, Error> {
+        let private_key_path = Self::hratls_key_path()?;
         if Path::new(&private_key_path).exists() {
             log::debug!("Found HRaTLS private key at {private_key_path}");
-            return Err("Key already exists.".into());
+            return Ok(std::fs::read_to_string(private_key_path)
+                .map_err(|e| Error::CorruptedHratlsKey(e.to_string()))?);
         }
         let key = PKey::generate_ed25519()?;
         let mut key_file = File::create(private_key_path)?;
         let pem_pkcs8 = key.private_key_to_pem_pkcs8()?;
         key_file.write_all(&pem_pkcs8)?;
-        Ok(String::from_utf8(pem_pkcs8)?)
+        Ok(String::from_utf8(pem_pkcs8).map_err(|e| Error::CorruptedHratlsKey(e.to_string()))?)
     }
 
-    pub fn get_hratls_pubkey_hex() -> String {
-        let private_key_pem_str = Self::get_hratls_private_key();
-        let private_key = PKey::private_key_from_pem(private_key_pem_str.as_ref()).unwrap();
-        let pubkey = private_key.raw_public_key().unwrap();
-        pubkey.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x))
+    pub fn get_hratls_pubkey_hex() -> Result<String, Error> {
+        let private_key_pem_str = Self::get_hratls_private_key()?;
+        let private_key = PKey::private_key_from_pem(private_key_pem_str.as_ref())?;
+        let pubkey = private_key.raw_public_key()?;
+        Ok(pubkey.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x)))
     }
 
-    pub fn hratls_private_key_path() -> String {
-        Self::path_dir().unwrap() + ("/hratls_private_key.pem")
+    pub fn hratls_key_path() -> Result<String, Error> {
+        Ok(Self::path_dir()? + ("/hratls_private_key.pem"))
     }
 }
 
 impl Config {
-    pub fn get_mrsigner() -> String {
-        let mut signing_key_mod = Self::get_mrsigner_rsa_key().n().to_vec();
+    pub fn get_mrsigner() -> Result<String, Error> {
+        let mut signing_key_mod = Self::get_mrsigner_rsa_key()?.n().to_vec();
         signing_key_mod.reverse(); // make it little endian
 
+        // TODO: double check if hasher can actually fail
         let mut hasher = Hasher::new(MessageDigest::sha256()).unwrap();
         hasher.update(&signing_key_mod).unwrap();
-
         let mr_signer_raw = hasher.finish().unwrap();
 
         let mut mr_signer = [0u8; 32];
         mr_signer.copy_from_slice(&mr_signer_raw[..32]);
 
-        mr_signer.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x))
+        Ok(mr_signer.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x)))
     }
 
-    fn get_mrsigner_rsa_key() -> Rsa<Private> {
-        let signing_key_pem_str = std::fs::read_to_string(Self::mrsigner_key_path())
-            .unwrap_or_else(|_| {
-                Self::create_mrsigner_rsa_key().expect("Failed to create enclave signing key")
-            });
-
-        Rsa::private_key_from_pem(signing_key_pem_str.as_ref()).unwrap()
+    fn get_mrsigner_rsa_key() -> Result<Rsa<Private>, Error> {
+        let signing_key_pem_str = Self::create_mrsigner_rsa_key()?;
+        Ok(Rsa::private_key_from_pem(signing_key_pem_str.as_ref())
+            .map_err(|e| Error::CorruptedMrSigner(e.to_string()))?)
     }
 
-    fn create_mrsigner_rsa_key() -> Result<String, Box<dyn std::error::Error>> {
-        let signing_key_path = Self::mrsigner_key_path();
+    fn create_mrsigner_rsa_key() -> Result<String, Error> {
+        let signing_key_path = Self::mrsigner_key_path()?;
         if Path::new(&signing_key_path).exists() {
             log::debug!("Found signing_key at {signing_key_path}");
-            return Err("Key already exists.".into());
+            return Ok(std::fs::read_to_string(signing_key_path)
+                .map_err(|e| Error::CorruptedMrSigner(e.to_string()))?);
         }
         let key = Rsa::generate_with_e(3072, BigNum::from_u32(3)?.as_ref())?;
         let mut key_file = File::create(signing_key_path)?;
         let pem_pkcs8 = key.private_key_to_pem()?;
         key_file.write_all(&pem_pkcs8)?;
-        Ok(String::from_utf8(pem_pkcs8)?)
+        Ok(String::from_utf8(pem_pkcs8).map_err(|e| Error::CorruptedMrSigner(e.to_string()))?)
     }
 
-    pub fn mrsigner_key_path() -> String {
-        Self::path_dir().unwrap() + ("/app_signing_key.pem")
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_hratls_private_key() {
-        let hratls_private_key = Config::get_hratls_private_key();
-        println!("hratls_private_key:\n{hratls_private_key}");
-    }
-
-    #[test]
-    fn test_mr_signer() {
-        let mr_signer = Config::get_mrsigner();
-        println!("mr_signer: {mr_signer}",);
+    pub fn mrsigner_key_path() -> Result<String, Error> {
+        Ok(Self::path_dir()? + ("/app_signing_key.pem"))
     }
 }
diff --git a/src/sgx/grpc_brain.rs b/src/sgx/grpc_brain.rs
index 5a539df..1d6b4a7 100644
--- a/src/sgx/grpc_brain.rs
+++ b/src/sgx/grpc_brain.rs
@@ -39,7 +39,7 @@ pub async fn new_app(app_deploy_config: AppDeployConfig) -> Result<NewAppRes> {
     req.uuid = "".to_string();
     req.locked_nano = locked_nano;
     req.admin_pubkey = Config::get_detee_wallet()?;
-    req.hratls_pubkey = Config::get_hratls_pubkey_hex();
+    req.hratls_pubkey = Config::get_hratls_pubkey_hex()?;
 
     let mut daemon_serivce = BrainAppCliClient::connect(Config::get_brain_url()).await?;
     let res = daemon_serivce.deploy_app(sign_request(req)?).await?;
diff --git a/src/sgx/grpc_dtpm.rs b/src/sgx/grpc_dtpm.rs
index eff3a1a..c781111 100644
--- a/src/sgx/grpc_dtpm.rs
+++ b/src/sgx/grpc_dtpm.rs
@@ -29,6 +29,8 @@ pub enum Error {
     SgxHRatls(#[from] detee_sgx::error::SgxError),
     #[error("DtpmConfig: {0}")]
     DtpmConfig(String),
+    #[error(transparent)]
+    ConfigError(#[from] crate::config::Error),
 }
 
 type Result<T> = std::result::Result<T, Error>;
@@ -37,9 +39,9 @@ pub async fn connect_dtpm_grpc_client(
     hratls_uri: String,
     package_mr_enclave: Option<[u8; 32]>,
 ) -> Result<DtpmConfigManagerClient<Channel>> {
-    let private_key_pem = Config::get_hratls_private_key();
+    let private_key_pem = Config::get_hratls_private_key()?;
     let mut mr_signer = [0u8; 32];
-    hex::decode_to_slice(Config::get_mrsigner(), &mut mr_signer)?;
+    hex::decode_to_slice(Config::get_mrsigner()?, &mut mr_signer)?;
     let mr_signers = vec![mr_signer];
 
     let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
diff --git a/src/sgx/packaging.rs b/src/sgx/packaging.rs
index a9d1cff..68bfac5 100644
--- a/src/sgx/packaging.rs
+++ b/src/sgx/packaging.rs
@@ -11,8 +11,8 @@ pub fn package_enclave(
         .collect::<Vec<_>>()
         .join(" ");
 
-    let signing_key_path = Config::mrsigner_key_path();
-    let hratls_key_path = Config::hratls_private_key_path();
+    let signing_key_path = Config::mrsigner_key_path()?;
+    let hratls_key_path = Config::hratls_key_path()?;
 
     let docker_package_str = if package_type == "public" {
         format!(