From b08f9f1fdb88a294f6d918f4b3f68d4e905891f9 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Sun, 22 Sep 2024 18:27:46 +0900 Subject: [PATCH] improve error handling of keymanager Signed-off-by: Jun Kimura --- Cargo.lock | 1 + modules/keymanager/Cargo.toml | 1 + modules/keymanager/src/lib.rs | 123 ++++++++++++++++++++++++++++------ 3 files changed, 105 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f5b06ba6..eb3bbabb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2628,6 +2628,7 @@ checksum = "f9b7d56ba4a8344d6be9729995e6b06f928af29998cdf79fe390cbf6b1fee838" name = "keymanager" version = "0.1.0" dependencies = [ + "anyhow", "attestation-report", "chrono", "crypto", diff --git a/modules/keymanager/Cargo.toml b/modules/keymanager/Cargo.toml index d5858015..f4ea957f 100644 --- a/modules/keymanager/Cargo.toml +++ b/modules/keymanager/Cargo.toml @@ -7,6 +7,7 @@ edition = "2021" sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } serde_with = { version = "2.0.1", default-features = false, features = ["alloc", "macros"] } log = "0.4.8" +anyhow = { version = "1.0.56" } flex-error = { version = "0.4.4" } serde = { version = "1.0.184", default-features = false, features = ["alloc"] } serde_json = { version = "1.0", default-features = false, features = ["alloc"] } diff --git a/modules/keymanager/src/lib.rs b/modules/keymanager/src/lib.rs index dd774afb..d4b04bcc 100644 --- a/modules/keymanager/src/lib.rs +++ b/modules/keymanager/src/lib.rs @@ -1,5 +1,6 @@ pub mod errors; pub use crate::errors::Error; +use anyhow::anyhow; use attestation_report::{ReportData, SignedAttestationVerificationReport}; use crypto::{Address, SealedEnclaveKey}; use lcp_types::{ @@ -84,16 +85,38 @@ impl EnclaveKeyManager { address, sealed_ek: SealedEnclaveKey::new_from_bytes(row.get::<_, Vec>(0)?.as_slice()) .map_err(|e| { - rusqlite::Error::FromSqlConversionFailure(0, Type::Blob, e.into()) + rusqlite::Error::FromSqlConversionFailure( + 0, + Type::Blob, + anyhow!("sealed_ek: {:?}", e).into(), + ) + })?, + mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(1)?).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 1, + Type::Text, + anyhow!("mrenclave: {:?}", e).into(), + ) + })?, + report: deserialize_bytes(&row.get::<_, Vec>(2)?).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 2, + Type::Blob, + anyhow!("report: {:?}", e).into(), + ) })?, - mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(1)?).unwrap(), - report: deserialize_bytes(&row.get::<_, Vec>(2)?).unwrap(), signed_avr: match row.get::<_, Option>(3) { Ok(None) => None, - Ok(Some(avr)) => { - Some(SignedAttestationVerificationReport::from_json(&avr).unwrap()) - } - Err(e) => panic!("failed to get signed_avr: {:?}", e), + Ok(Some(avr)) => Some( + SignedAttestationVerificationReport::from_json(&avr).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 3, + Type::Text, + anyhow!("signed_avr: {:?}", e).into(), + ) + })?, + ), + Err(e) => return Err(e), }, }) })?; @@ -166,18 +189,48 @@ impl EnclaveKeyManager { let key_infos = stmt .query_map(params![mrenclave.to_hex_string()], |row| { Ok(SealedEnclaveKeyInfo { - address: Address::from_hex_string(&row.get::<_, String>(0)?).unwrap(), + address: Address::from_hex_string(&row.get::<_, String>(0)?).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 0, + Type::Text, + anyhow!("address: {:?}", e).into(), + ) + })?, sealed_ek: SealedEnclaveKey::new_from_bytes( row.get::<_, Vec>(1)?.as_slice(), ) .map_err(|e| { - rusqlite::Error::FromSqlConversionFailure(1, Type::Blob, e.into()) + rusqlite::Error::FromSqlConversionFailure( + 1, + Type::Blob, + anyhow!("sealed_ek: {:?}", e).into(), + ) + })?, + mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).map_err( + |e| { + rusqlite::Error::FromSqlConversionFailure( + 2, + Type::Text, + anyhow!("mrenclave: {:?}", e).into(), + ) + }, + )?, + report: deserialize_bytes(&row.get::<_, Vec>(3)?).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 3, + Type::Blob, + anyhow!("report: {:?}", e).into(), + ) })?, - mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).unwrap(), - report: deserialize_bytes(&row.get::<_, Vec>(3)?).unwrap(), signed_avr: Some( SignedAttestationVerificationReport::from_json(&row.get::<_, String>(4)?) - .unwrap(), + .map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 4, + Type::Text, + anyhow!("signed_avr: {:?}", e).into(), + ) + })?, ), }) })? @@ -201,21 +254,51 @@ impl EnclaveKeyManager { let key_infos = stmt .query_map(params![], |row| { Ok(SealedEnclaveKeyInfo { - address: Address::from_hex_string(&row.get::<_, String>(0)?).unwrap(), + address: Address::from_hex_string(&row.get::<_, String>(0)?).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 0, + Type::Text, + anyhow!("address: {:?}", e).into(), + ) + })?, sealed_ek: SealedEnclaveKey::new_from_bytes( row.get::<_, Vec>(1)?.as_slice(), ) .map_err(|e| { - rusqlite::Error::FromSqlConversionFailure(1, Type::Blob, e.into()) + rusqlite::Error::FromSqlConversionFailure( + 1, + Type::Blob, + anyhow!("sealed_ek: {:?}", e).into(), + ) + })?, + mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).map_err( + |e| { + rusqlite::Error::FromSqlConversionFailure( + 2, + Type::Text, + anyhow!("mrenclave: {:?}", e).into(), + ) + }, + )?, + report: deserialize_bytes(&row.get::<_, Vec>(3)?).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 3, + Type::Blob, + anyhow!("report: {:?}", e).into(), + ) })?, - mrenclave: Mrenclave::from_hex_string(&row.get::<_, String>(2)?).unwrap(), - report: deserialize_bytes(&row.get::<_, Vec>(3)?).unwrap(), signed_avr: match row.get::<_, Option>(4) { Ok(None) => None, - Ok(Some(avr)) => { - Some(SignedAttestationVerificationReport::from_json(&avr).unwrap()) - } - Err(e) => panic!("failed to get signed_avr: {:?}", e), + Ok(Some(avr)) => Some( + SignedAttestationVerificationReport::from_json(&avr).map_err(|e| { + rusqlite::Error::FromSqlConversionFailure( + 4, + Type::Text, + anyhow!("signed_avr: {:?}", e).into(), + ) + })?, + ), + Err(e) => return Err(e), }, }) })?