ensure extrinsic success for enclave RA registration and fix #1515 (#…

…1516)
integritee-network · Dec 6, 2023 · 66223ce · 66223ce
1 parent e40355f
commit 66223ce
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 14 deletions.
diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs
@@ -165,7 +165,10 @@ mod impl_ffi {
 
 			ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 			ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
-
+			ensure!(
+				(unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(),
+				Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)
+			);
 			Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 		}
 		fn generate_dcap_ra_extrinsic_from_quote(
@@ -194,7 +197,10 @@ mod impl_ffi {
 
 			ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 			ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
-
+			ensure!(
+				(unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(),
+				Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)
+			);
 			Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 		}
 
@@ -274,7 +280,10 @@ mod impl_ffi {
 
 			ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 			ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
-
+			ensure!(
+				(unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(),
+				Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)
+			);
 			Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 		}
 
@@ -307,7 +316,10 @@ mod impl_ffi {
 				free_status == sgx_quote3_error_t::SGX_QL_SUCCESS,
 				Error::SgxQuote(free_status)
 			);
-
+			ensure!(
+				(unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(),
+				Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)
+			);
 			Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 		}
 
@@ -337,7 +349,10 @@ mod impl_ffi {
 				free_status == sgx_quote3_error_t::SGX_QL_SUCCESS,
 				Error::SgxQuote(free_status)
 			);
-
+			ensure!(
+				(unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(),
+				Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)
+			);
 			Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 		}
 

diff --git a/service/src/main_impl.rs b/service/src/main_impl.rs
@@ -478,11 +478,13 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 		send_extrinsic(register_xt(), &node_api2, &tee_accountid_clone, is_development_mode)
 	};
 
-	// Todo: Can't unwrap here because the extrinsic is for some reason not found in the block
-	// even if it was successful: https://github.com/scs/substrate-api-client/issues/624.
-	let register_enclave_block_hash = send_register_xt();
-	let api_register_enclave_xt_header =
-		integritee_rpc_api.get_header(register_enclave_block_hash).unwrap().unwrap();
+	let register_enclave_block_hash =
+		send_register_xt().expect("enclave RA registration must be successful to continue");
+
+	let api_register_enclave_xt_header = integritee_rpc_api
+		.get_header(Some(register_enclave_block_hash))
+		.unwrap()
+		.unwrap();
 
 	// TODO: #1451: Fix api-client type hacks
 	let register_enclave_xt_header =
@@ -868,8 +870,6 @@ fn send_extrinsic(
 		hex::encode(extrinsic.clone())
 	);
 
-	// fixme: wait ...until_success doesn't work due to https://github.com/scs/substrate-api-client/issues/624
-	// fixme: currently, we don't verify if the extrinsic was a success here
 	match api.submit_and_watch_opaque_extrinsic_until(&extrinsic.into(), XtStatus::Finalized) {
 		Ok(xt_report) => {
 			info!(
@@ -879,8 +879,7 @@ fn send_extrinsic(
 			xt_report.block_hash
 		},
 		Err(e) => {
-			error!("ExtrinsicFailed {:?}", e);
-			None
+			panic!("Extrinsic failed {:?} parentchain genesis: {:?}", e, api.genesis_hash());
 		},
 	}
 }