Skip to content

Commit

Permalink
improve error handling of keymanager
Browse files Browse the repository at this point in the history
Signed-off-by: Jun Kimura <[email protected]>
  • Loading branch information
bluele committed Sep 22, 2024
1 parent dfae15d commit b08f9f1
Show file tree
Hide file tree
Showing 3 changed files with 105 additions and 20 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions modules/keymanager/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ edition = "2021"
sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" }
serde_with = { version = "2.0.1", default-features = false, features = ["alloc", "macros"] }
log = "0.4.8"
anyhow = { version = "1.0.56" }
flex-error = { version = "0.4.4" }
serde = { version = "1.0.184", default-features = false, features = ["alloc"] }
serde_json = { version = "1.0", default-features = false, features = ["alloc"] }
Expand Down
123 changes: 103 additions & 20 deletions modules/keymanager/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
pub mod errors;
pub use crate::errors::Error;
use anyhow::anyhow;
use attestation_report::{ReportData, SignedAttestationVerificationReport};
use crypto::{Address, SealedEnclaveKey};
use lcp_types::{
Expand Down Expand Up @@ -84,16 +85,38 @@ impl EnclaveKeyManager {
address,
sealed_ek: SealedEnclaveKey::new_from_bytes(row.get::<_, Vec<u8>>(0)?.as_slice())
.map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(0, Type::Blob, e.into())
rusqlite::Error::FromSqlConversionFailure(
0,
Type::Blob,
anyhow!("sealed_ek: {:?}", e).into(),
)
})?,
mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(1)?).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
1,
Type::Text,
anyhow!("mrenclave: {:?}", e).into(),
)
})?,
report: deserialize_bytes(&row.get::<_, Vec<u8>>(2)?).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
2,
Type::Blob,
anyhow!("report: {:?}", e).into(),
)
})?,
mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(1)?).unwrap(),
report: deserialize_bytes(&row.get::<_, Vec<u8>>(2)?).unwrap(),
signed_avr: match row.get::<_, Option<String>>(3) {
Ok(None) => None,
Ok(Some(avr)) => {
Some(SignedAttestationVerificationReport::from_json(&avr).unwrap())
}
Err(e) => panic!("failed to get signed_avr: {:?}", e),
Ok(Some(avr)) => Some(
SignedAttestationVerificationReport::from_json(&avr).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
3,
Type::Text,
anyhow!("signed_avr: {:?}", e).into(),
)
})?,
),
Err(e) => return Err(e),
},
})
})?;
Expand Down Expand Up @@ -166,18 +189,48 @@ impl EnclaveKeyManager {
let key_infos = stmt
.query_map(params![mrenclave.to_hex_string()], |row| {
Ok(SealedEnclaveKeyInfo {
address: Address::from_hex_string(&row.get::<_, String>(0)?).unwrap(),
address: Address::from_hex_string(&row.get::<_, String>(0)?).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
0,
Type::Text,
anyhow!("address: {:?}", e).into(),
)
})?,
sealed_ek: SealedEnclaveKey::new_from_bytes(
row.get::<_, Vec<u8>>(1)?.as_slice(),
)
.map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(1, Type::Blob, e.into())
rusqlite::Error::FromSqlConversionFailure(
1,
Type::Blob,
anyhow!("sealed_ek: {:?}", e).into(),
)
})?,
mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).map_err(
|e| {
rusqlite::Error::FromSqlConversionFailure(
2,
Type::Text,
anyhow!("mrenclave: {:?}", e).into(),
)
},
)?,
report: deserialize_bytes(&row.get::<_, Vec<u8>>(3)?).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
3,
Type::Blob,
anyhow!("report: {:?}", e).into(),
)
})?,
mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).unwrap(),
report: deserialize_bytes(&row.get::<_, Vec<u8>>(3)?).unwrap(),
signed_avr: Some(
SignedAttestationVerificationReport::from_json(&row.get::<_, String>(4)?)
.unwrap(),
.map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
4,
Type::Text,
anyhow!("signed_avr: {:?}", e).into(),
)
})?,
),
})
})?
Expand All @@ -201,21 +254,51 @@ impl EnclaveKeyManager {
let key_infos = stmt
.query_map(params![], |row| {
Ok(SealedEnclaveKeyInfo {
address: Address::from_hex_string(&row.get::<_, String>(0)?).unwrap(),
address: Address::from_hex_string(&row.get::<_, String>(0)?).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
0,
Type::Text,
anyhow!("address: {:?}", e).into(),
)
})?,
sealed_ek: SealedEnclaveKey::new_from_bytes(
row.get::<_, Vec<u8>>(1)?.as_slice(),
)
.map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(1, Type::Blob, e.into())
rusqlite::Error::FromSqlConversionFailure(
1,
Type::Blob,
anyhow!("sealed_ek: {:?}", e).into(),
)
})?,
mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).map_err(
|e| {
rusqlite::Error::FromSqlConversionFailure(
2,
Type::Text,
anyhow!("mrenclave: {:?}", e).into(),
)
},
)?,
report: deserialize_bytes(&row.get::<_, Vec<u8>>(3)?).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
3,
Type::Blob,
anyhow!("report: {:?}", e).into(),
)
})?,
mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).unwrap(),
report: deserialize_bytes(&row.get::<_, Vec<u8>>(3)?).unwrap(),
signed_avr: match row.get::<_, Option<String>>(4) {
Ok(None) => None,
Ok(Some(avr)) => {
Some(SignedAttestationVerificationReport::from_json(&avr).unwrap())
}
Err(e) => panic!("failed to get signed_avr: {:?}", e),
Ok(Some(avr)) => Some(
SignedAttestationVerificationReport::from_json(&avr).map_err(|e| {
rusqlite::Error::FromSqlConversionFailure(
4,
Type::Text,
anyhow!("signed_avr: {:?}", e).into(),
)
})?,
),
Err(e) => return Err(e),
},
})
})?
Expand Down

0 comments on commit b08f9f1

Please sign in to comment.