diff --git a/tee-worker/core-primitives/enclave-api/ffi/src/lib.rs b/tee-worker/core-primitives/enclave-api/ffi/src/lib.rs index feca3c6143..df1af938aa 100644 --- a/tee-worker/core-primitives/enclave-api/ffi/src/lib.rs +++ b/tee-worker/core-primitives/enclave-api/ffi/src/lib.rs @@ -15,7 +15,8 @@ extern "C" { quote: *const u8, quote_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t; pub fn init( @@ -127,7 +128,8 @@ extern "C" { w_url: *const u8, w_url_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, skip_ra: c_int, ) -> sgx_status_t; @@ -137,7 +139,8 @@ extern "C" { w_url: *const u8, w_url_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, skip_ra: c_int, quoting_enclave_target_info: Option<&sgx_target_info_t>, quote_size: Option<&u32>, @@ -158,7 +161,8 @@ extern "C" { retval: *mut sgx_status_t, collateral: *const sgx_ql_qve_collateral_t, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t; pub fn generate_register_tcb_info_extrinsic( @@ -166,7 +170,8 @@ extern "C" { retval: *mut sgx_status_t, collateral: *const sgx_ql_qve_collateral_t, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t; pub fn dump_ias_ra_cert_to_disk( @@ -206,7 +211,8 @@ extern "C" { fiat_currency: *const u8, fiat_currency_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t; pub fn update_weather_data_xt( @@ -217,7 +223,8 @@ extern "C" { weather_info_latitude: *const u8, weather_info_latitude_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t; pub fn run_state_provisioning_server( diff --git a/tee-worker/core-primitives/enclave-api/src/remote_attestation.rs b/tee-worker/core-primitives/enclave-api/src/remote_attestation.rs index e4f3fca190..9f76eaf4f1 100644 --- a/tee-worker/core-primitives/enclave-api/src/remote_attestation.rs +++ b/tee-worker/core-primitives/enclave-api/src/remote_attestation.rs @@ -136,8 +136,9 @@ impl RemoteAttestation for Enclave { let mut retval = sgx_status_t::SGX_SUCCESS; let mut unchecked_extrinsic: Vec = vec![0u8; EXTRINSIC_MAX_SIZE]; + let mut unchecked_extrinsic_size: u32 = 0; - trace!("Generating dcap_ra_extrinsic with URL: {}", w_url); + trace!("Generating ias_ra_extrinsic with URL: {}", w_url); let url = w_url.encode(); @@ -149,6 +150,7 @@ impl RemoteAttestation for Enclave { url.len() as u32, unchecked_extrinsic.as_mut_ptr(), unchecked_extrinsic.len() as u32, + &mut unchecked_extrinsic_size as *mut u32, skip_ra.into(), ) }; @@ -156,7 +158,7 @@ impl RemoteAttestation for Enclave { ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - Ok(unchecked_extrinsic) + Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } fn generate_dcap_ra_extrinsic_from_quote( &self, @@ -165,6 +167,7 @@ impl RemoteAttestation for Enclave { ) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; let mut unchecked_extrinsic: Vec = vec![0u8; EXTRINSIC_MAX_SIZE]; + let mut unchecked_extrinsic_size: u32 = 0; let url = url.encode(); let result = unsafe { @@ -177,13 +180,14 @@ impl RemoteAttestation for Enclave { quote.len() as u32, unchecked_extrinsic.as_mut_ptr(), unchecked_extrinsic.len() as u32, + &mut unchecked_extrinsic_size as *mut u32, ) }; ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - Ok(unchecked_extrinsic.to_vec()) + Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } fn generate_dcap_ra_quote(&self, skip_ra: bool) -> EnclaveResult> { @@ -242,7 +246,7 @@ impl RemoteAttestation for Enclave { trace!("Generating dcap_ra_extrinsic with URL: {}", w_url); let mut unchecked_extrinsic: Vec = vec![0u8; EXTRINSIC_MAX_SIZE]; - + let mut unchecked_extrinsic_size: u32 = 0; let url = w_url.encode(); let result = unsafe { @@ -253,6 +257,7 @@ impl RemoteAttestation for Enclave { url.len() as u32, unchecked_extrinsic.as_mut_ptr(), unchecked_extrinsic.len() as u32, + &mut unchecked_extrinsic_size as *mut u32, skip_ra.into(), quoting_enclave_target_info.as_ref(), quote_size.as_ref(), @@ -262,12 +267,13 @@ impl RemoteAttestation for Enclave { ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - Ok(unchecked_extrinsic) + Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } fn generate_register_quoting_enclave_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; let mut unchecked_extrinsic: Vec = vec![0u8; EXTRINSIC_MAX_SIZE]; + let mut unchecked_extrinsic_size: u32 = 0; trace!("Generating register quoting enclave"); @@ -280,6 +286,7 @@ impl RemoteAttestation for Enclave { collateral_ptr, unchecked_extrinsic.as_mut_ptr(), unchecked_extrinsic.len() as u32, + &mut unchecked_extrinsic_size as *mut u32, ) }; let free_status = unsafe { sgx_ql_free_quote_verification_collateral(collateral_ptr) }; @@ -287,12 +294,13 @@ impl RemoteAttestation for Enclave { ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); ensure!(free_status == sgx_quote3_error_t::SGX_QL_SUCCESS, Error::SgxQuote(free_status)); - Ok(unchecked_extrinsic) + Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } fn generate_register_tcb_info_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; let mut unchecked_extrinsic: Vec = vec![0u8; EXTRINSIC_MAX_SIZE]; + let mut unchecked_extrinsic_size: u32 = 0; trace!("Generating tcb_info registration"); @@ -305,6 +313,7 @@ impl RemoteAttestation for Enclave { collateral_ptr, unchecked_extrinsic.as_mut_ptr(), unchecked_extrinsic.len() as u32, + &mut unchecked_extrinsic_size as *mut u32, ) }; let free_status = unsafe { sgx_ql_free_quote_verification_collateral(collateral_ptr) }; @@ -312,7 +321,7 @@ impl RemoteAttestation for Enclave { ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); ensure!(free_status == sgx_quote3_error_t::SGX_QL_SUCCESS, Error::SgxQuote(free_status)); - Ok(unchecked_extrinsic) + Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } fn dump_ias_ra_cert_to_disk(&self) -> EnclaveResult<()> { diff --git a/tee-worker/core-primitives/enclave-api/src/teeracle_api.rs b/tee-worker/core-primitives/enclave-api/src/teeracle_api.rs index 54165fd3ec..3d67a57413 100644 --- a/tee-worker/core-primitives/enclave-api/src/teeracle_api.rs +++ b/tee-worker/core-primitives/enclave-api/src/teeracle_api.rs @@ -45,8 +45,9 @@ impl TeeracleApi for Enclave { crypto_currency, fiat_currency ); let mut retval = sgx_status_t::SGX_SUCCESS; - let response_len = 8192; - let mut response: Vec = vec![0u8; response_len as usize]; + let response_max_len = 8192; + let mut response: Vec = vec![0u8; response_max_len as usize]; + let mut response_len: u32 = 0; let crypto_curr = crypto_currency.encode(); let fiat_curr = fiat_currency.encode(); @@ -60,14 +61,15 @@ impl TeeracleApi for Enclave { fiat_curr.as_ptr(), fiat_curr.len() as u32, response.as_mut_ptr(), - response_len, + response_max_len, + &mut response_len as *mut u32, ) }; ensure!(res == sgx_status_t::SGX_SUCCESS, Error::Sgx(res)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - Ok(response) + Ok(Vec::from(&response[..response_len as usize])) } fn update_weather_data_xt(&self, longitude: &str, latitude: &str) -> EnclaveResult> { info!( @@ -75,8 +77,9 @@ impl TeeracleApi for Enclave { latitude, longitude ); let mut retval = sgx_status_t::SGX_SUCCESS; - let response_len = 8192; - let mut response: Vec = vec![0u8; response_len as usize]; + let response_max_len = 8192; + let mut response: Vec = vec![0u8; response_max_len as usize]; + let mut response_len: u32 = 0; let longitude_encoded: Vec = longitude.encode(); let latitude_encoded: Vec = latitude.encode(); @@ -90,12 +93,13 @@ impl TeeracleApi for Enclave { latitude_encoded.as_ptr(), latitude_encoded.len() as u32, response.as_mut_ptr(), - response_len, + response_max_len, + &mut response_len as *mut u32, ) }; ensure!(res == sgx_status_t::SGX_SUCCESS, Error::Sgx(res)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - Ok(response) + Ok(Vec::from(&response[..response_len as usize])) } } diff --git a/tee-worker/core-primitives/utils/src/buffer.rs b/tee-worker/core-primitives/utils/src/buffer.rs index 304c0ce947..605ac19367 100644 --- a/tee-worker/core-primitives/utils/src/buffer.rs +++ b/tee-worker/core-primitives/utils/src/buffer.rs @@ -24,10 +24,12 @@ use std::vec::Vec; use crate::sgx_reexport_prelude::thiserror; /// Fills a given buffer with data and the left over buffer space with white spaces. +/// Throw an error if the buffer size is not enough to hold `data`, +/// return the length of `data` otherwise. pub fn write_slice_and_whitespace_pad( writable: &mut [u8], data: Vec, -) -> Result<(), BufferError> { +) -> Result { ensure!( data.len() <= writable.len(), BufferError::InsufficientBufferSize(writable.len(), data.len()) @@ -36,10 +38,10 @@ pub fn write_slice_and_whitespace_pad( left.clone_from_slice(&data); // fill the right side with whitespace right.iter_mut().for_each(|x| *x = 0x20); - Ok(()) + Ok(data.len()) } -#[derive(Debug, thiserror::Error)] +#[derive(Debug, PartialEq, Eq, thiserror::Error)] pub enum BufferError { #[error("Insufficient buffer size. Actual: {0}, required: {1}")] InsufficientBufferSize(usize, usize), @@ -49,6 +51,15 @@ pub enum BufferError { mod tests { use super::*; + #[test] + fn write_slice_and_whitespace_pad_works() { + let mut writable = vec![0; 32]; + let data = vec![1; 30]; + assert_eq!(write_slice_and_whitespace_pad(&mut writable, data), Ok(30)); + assert_eq!(&writable[..30], vec![1; 30]); + assert_eq!(&writable[30..], vec![0x20; 2]); + } + #[test] fn write_slice_and_whitespace_pad_returns_error_if_buffer_too_small() { let mut writable = vec![0; 32]; diff --git a/tee-worker/enclave-runtime/Enclave.edl b/tee-worker/enclave-runtime/Enclave.edl index d2b415f150..1949e0ca73 100644 --- a/tee-worker/enclave-runtime/Enclave.edl +++ b/tee-worker/enclave-runtime/Enclave.edl @@ -95,7 +95,8 @@ enclave { public sgx_status_t generate_ias_ra_extrinsic( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size, + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size, int skip_ra ); public sgx_status_t generate_dcap_ra_quote( @@ -108,12 +109,14 @@ enclave { public sgx_status_t generate_dcap_ra_extrinsic_from_quote( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, [in, size=quote_size] uint8_t* quote, uint32_t quote_size, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size ); public sgx_status_t generate_dcap_ra_extrinsic( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size, + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size, int skip_ra, [in] const sgx_target_info_t* quoting_enclave_target_info, [in] uint32_t* quote_size @@ -121,24 +124,28 @@ enclave { public sgx_status_t generate_register_quoting_enclave_extrinsic( [in] const sgx_ql_qve_collateral_t *p_quote_collateral, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size ); public sgx_status_t generate_register_tcb_info_extrinsic( [in] const sgx_ql_qve_collateral_t *p_quote_collateral, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size ); public sgx_status_t update_market_data_xt( [in, size=crypto_currency_size] uint8_t* crypto_currency, uint32_t crypto_currency_size, [in, size=fiat_currency_size] uint8_t* fiat_currency, uint32_t fiat_currency_size, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size ); public sgx_status_t update_weather_data_xt( [in, size=weather_info_logitude_size] uint8_t* weather_info_logitude, uint32_t weather_info_logitude_size, [in, size=weather_info_latitude_size] uint8_t* weather_info_latitude, uint32_t weather_info_latitude_size, - [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size + [out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size, + [out] uint32_t* unchecked_extrinsic_size ); public sgx_status_t dump_ias_ra_cert_to_disk(); diff --git a/tee-worker/enclave-runtime/src/attestation.rs b/tee-worker/enclave-runtime/src/attestation.rs index 4d3a5f7f21..20698f9880 100644 --- a/tee-worker/enclave-runtime/src/attestation.rs +++ b/tee-worker/enclave-runtime/src/attestation.rs @@ -134,7 +134,8 @@ pub unsafe extern "C" fn generate_ias_ra_extrinsic( w_url: *const u8, w_url_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, skip_ra: c_int, ) -> sgx_status_t { if w_url.is_null() || unchecked_extrinsic.is_null() { @@ -147,17 +148,18 @@ pub unsafe extern "C" fn generate_ias_ra_extrinsic( return EnclaveError::Other("Could not decode url slice to a valid String".into()).into(), }; let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); let extrinsic = match generate_ias_ra_extrinsic_internal(url, skip_ra == 1) { Ok(xt) => xt, Err(e) => return e.into(), }; - if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { - return EnclaveError::Other(Box::new(e)).into() - }; - + *unchecked_extrinsic_size = + match write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { + Ok(l) => l as u32, + Err(e) => return EnclaveError::BufferError(e).into(), + }; sgx_status_t::SGX_SUCCESS } @@ -166,7 +168,8 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic( w_url: *const u8, w_url_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, skip_ra: c_int, quoting_enclave_target_info: Option<&sgx_target_info_t>, quote_size: Option<&u32>, @@ -181,7 +184,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic( return EnclaveError::Other("Could not decode url slice to a valid String".into()).into(), }; let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); let extrinsic = match generate_dcap_ra_extrinsic_internal( url, @@ -193,9 +196,11 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic( Err(e) => return e.into(), }; - if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { - return EnclaveError::Other(Box::new(e)).into() - }; + *unchecked_extrinsic_size = + match write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { + Ok(l) => l as u32, + Err(e) => return EnclaveError::BufferError(e).into(), + }; sgx_status_t::SGX_SUCCESS } @@ -275,7 +280,8 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote( quote: *const u8, quote_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t { if w_url.is_null() || unchecked_extrinsic.is_null() { return sgx_status_t::SGX_ERROR_INVALID_PARAMETER @@ -288,7 +294,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote( }; let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); let quote_slice = slice::from_raw_parts(quote, quote_size as usize); @@ -297,9 +303,11 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote( Err(e) => return e.into(), }; - if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { - return EnclaveError::Other(Box::new(e)).into() - }; + *unchecked_extrinsic_size = + match write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { + Ok(l) => l as u32, + Err(e) => return EnclaveError::BufferError(e).into(), + }; sgx_status_t::SGX_SUCCESS } @@ -431,13 +439,14 @@ fn create_extrinsics(call: OpaqueCall) -> EnclaveResult { pub unsafe extern "C" fn generate_register_quoting_enclave_extrinsic( collateral: *const sgx_ql_qve_collateral_t, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t { if unchecked_extrinsic.is_null() || collateral.is_null() { return sgx_status_t::SGX_ERROR_INVALID_PARAMETER } let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); let collateral = SgxQlQveCollateral::from_c_type(&*collateral); let collateral_data = match collateral.get_quoting_enclave_split() { Some(d) => d, @@ -445,30 +454,31 @@ pub unsafe extern "C" fn generate_register_quoting_enclave_extrinsic( }; let call_index_getter = |m: &NodeMetadata| m.register_quoting_enclave_call_indexes(); - let extrinsic = generate_generic_register_collateral_extrinsic( + *unchecked_extrinsic_size = match generate_generic_register_collateral_extrinsic( call_index_getter, extrinsic_slice, &collateral_data.0, &collateral_data.1, &collateral.qe_identity_issuer_chain, - ); - match extrinsic { - Ok(_) => sgx_status_t::SGX_SUCCESS, - Err(e) => e.into(), - } + ) { + Ok(l) => l as u32, + Err(e) => return e.into(), + }; + sgx_status_t::SGX_SUCCESS } #[no_mangle] pub unsafe extern "C" fn generate_register_tcb_info_extrinsic( collateral: *const sgx_ql_qve_collateral_t, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t { if unchecked_extrinsic.is_null() || collateral.is_null() { return sgx_status_t::SGX_ERROR_INVALID_PARAMETER } let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); let collateral = SgxQlQveCollateral::from_c_type(&*collateral); let collateral_data = match collateral.get_tcb_info_split() { Some(d) => d, @@ -476,17 +486,17 @@ pub unsafe extern "C" fn generate_register_tcb_info_extrinsic( }; let call_index_getter = |m: &NodeMetadata| m.register_tcb_info_call_indexes(); - let extrinsic = generate_generic_register_collateral_extrinsic( + *unchecked_extrinsic_size = match generate_generic_register_collateral_extrinsic( call_index_getter, extrinsic_slice, &collateral_data.0, &collateral_data.1, &collateral.tcb_info_issuer_chain, - ); - match extrinsic { - Ok(_) => sgx_status_t::SGX_SUCCESS, - Err(e) => e.into(), - } + ) { + Ok(l) => l as u32, + Err(e) => return e.into(), + }; + sgx_status_t::SGX_SUCCESS } pub fn generate_generic_register_collateral_extrinsic( @@ -495,12 +505,10 @@ pub fn generate_generic_register_collateral_extrinsic( collateral_data: &str, data_signature: &[u8], issuer_chain: &[u8], -) -> EnclaveResult<()> +) -> EnclaveResult where F: Fn(&NodeMetadata) -> Result<[u8; 2], MetadataError>, { - let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?; - let node_metadata_repo = get_node_metadata_repository_from_integritee_solo_or_parachain()?; let call_ids = node_metadata_repo .get_from_metadata(getter)? @@ -508,16 +516,10 @@ where info!(" [Enclave] Compose register collateral call: {:?}", call_ids); let call = OpaqueCall::from_tuple(&(call_ids, collateral_data, data_signature, issuer_chain)); - let extrinsic = extrinsics_factory.create_extrinsics(&[call], None)?; - match extrinsic.get(0) { - Some(xt) => { - if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, xt.encode()) { - return EnclaveError::Other(Box::new(e)).into() - }; - Ok(()) - }, - None => Err(EnclaveError::Other("Could not create extrinsic".into())), - } + let xt = create_extrinsics(call)?; + + write_slice_and_whitespace_pad(extrinsic_slice, xt.encode()) + .map_err(|e| EnclaveError::Other(Box::new(e))) } #[no_mangle] diff --git a/tee-worker/enclave-runtime/src/empty_impls.rs b/tee-worker/enclave-runtime/src/empty_impls.rs index d05c6a8366..e401fa8d05 100644 --- a/tee-worker/enclave-runtime/src/empty_impls.rs +++ b/tee-worker/enclave-runtime/src/empty_impls.rs @@ -33,7 +33,8 @@ pub unsafe extern "C" fn update_market_data_xt( _fiat_currency_ptr: *const u8, _fiat_currency_size: u32, _unchecked_extrinsic: *mut u8, - _unchecked_extrinsic_size: u32, + _unchecked_extrinsic_max_size: u32, + _unchecked_extrinsic_size: *mut u32, ) -> sgx_types::sgx_status_t { unreachable!("Cannot update market data, teeracle feature is not enabled.") } @@ -48,7 +49,8 @@ pub unsafe extern "C" fn update_weather_data_xt( _weather_info_latitude: *const u8, _weather_info_latitude_size: u32, _unchecked_extrinsic: *mut u8, - _unchecked_extrinsic_size: u32, + _unchecked_extrinsic_max_size: u32, + _unchecked_extrinsic_size: *mut u32, ) -> sgx_types::sgx_status_t { unreachable!("Cannot update weather data, teeracle feature is not enabled.") } diff --git a/tee-worker/enclave-runtime/src/teeracle/mod.rs b/tee-worker/enclave-runtime/src/teeracle/mod.rs index 8338f028e3..2f17598a62 100644 --- a/tee-worker/enclave-runtime/src/teeracle/mod.rs +++ b/tee-worker/enclave-runtime/src/teeracle/mod.rs @@ -107,7 +107,8 @@ pub unsafe extern "C" fn update_weather_data_xt( weather_info_latitude: *const u8, weather_info_latitude_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t { let mut weather_info_longitude_slice = slice::from_raw_parts(weather_info_longitude, weather_info_longitude_size as usize); @@ -141,13 +142,17 @@ pub unsafe extern "C" fn update_weather_data_xt( }; let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); // Save created extrinsic as slice in the return value unchecked_extrinsic. - if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsics.encode()) { - error!("Copying encoded extrinsics into return slice failed: {:?}", e); - return sgx_status_t::SGX_ERROR_UNEXPECTED - } + *unchecked_extrinsic_size = + match write_slice_and_whitespace_pad(extrinsic_slice, extrinsics.encode()) { + Ok(l) => l as u32, + Err(e) => { + error!("Copying encoded extrinsics into return slice failed: {:?}", e); + return sgx_status_t::SGX_ERROR_UNEXPECTED + }, + }; sgx_status_t::SGX_SUCCESS } @@ -160,7 +165,8 @@ pub unsafe extern "C" fn update_market_data_xt( fiat_currency_ptr: *const u8, fiat_currency_size: u32, unchecked_extrinsic: *mut u8, - unchecked_extrinsic_size: u32, + unchecked_extrinsic_max_size: u32, + unchecked_extrinsic_size: *mut u32, ) -> sgx_status_t { let mut crypto_currency_slice = slice::from_raw_parts(crypto_currency_ptr, crypto_currency_size as usize); @@ -185,13 +191,17 @@ pub unsafe extern "C" fn update_market_data_xt( return sgx_status_t::SGX_ERROR_UNEXPECTED } let extrinsic_slice = - slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_max_size as usize); // Save created extrinsic as slice in the return value unchecked_extrinsic. - if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsics.encode()) { - error!("Copying encoded extrinsics into return slice failed: {:?}", e); - return sgx_status_t::SGX_ERROR_UNEXPECTED - } + *unchecked_extrinsic_size = + match write_slice_and_whitespace_pad(extrinsic_slice, extrinsics.encode()) { + Ok(l) => l as u32, + Err(e) => { + error!("Copying encoded extrinsics into return slice failed: {:?}", e); + return sgx_status_t::SGX_ERROR_UNEXPECTED + }, + }; sgx_status_t::SGX_SUCCESS } diff --git a/tee-worker/service/src/main.rs b/tee-worker/service/src/main.rs index 9650b266b6..824eeb55fa 100644 --- a/tee-worker/service/src/main.rs +++ b/tee-worker/service/src/main.rs @@ -1160,7 +1160,11 @@ fn send_extrinsic( } info!("[>] send extrinsic"); - trace!(" encoded extrinsic: 0x{:}", hex::encode(extrinsic.clone())); + trace!( + " encoded extrinsic len: {}, payload: 0x{:}", + extrinsic.len(), + hex::encode(extrinsic.clone()) + ); // fixme: wait ...until_success doesn't work due to https://github.com/scs/substrate-api-client/issues/624 // fixme: currently, we don't verify if the extrinsic was a success here