From 66223ce67174b26344de397fa825b185a05ce53b Mon Sep 17 00:00:00 2001 From: brenzi Date: Wed, 6 Dec 2023 16:31:37 +0100 Subject: [PATCH] ensure extrinsic success for enclave RA registration and fix #1515 (#1516) --- .../enclave-api/src/remote_attestation.rs | 25 +++++++++++++++---- service/src/main_impl.rs | 17 ++++++------- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 9aa32cb631..00e98fc492 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -165,7 +165,10 @@ mod impl_ffi { ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - + ensure!( + (unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(), + Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER) + ); Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } fn generate_dcap_ra_extrinsic_from_quote( @@ -194,7 +197,10 @@ mod impl_ffi { ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - + ensure!( + (unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(), + Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER) + ); Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } @@ -274,7 +280,10 @@ mod impl_ffi { ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - + ensure!( + (unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(), + Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER) + ); Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } @@ -307,7 +316,10 @@ mod impl_ffi { free_status == sgx_quote3_error_t::SGX_QL_SUCCESS, Error::SgxQuote(free_status) ); - + ensure!( + (unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(), + Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER) + ); Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } @@ -337,7 +349,10 @@ mod impl_ffi { free_status == sgx_quote3_error_t::SGX_QL_SUCCESS, Error::SgxQuote(free_status) ); - + ensure!( + (unchecked_extrinsic_size as usize) < unchecked_extrinsic.len(), + Error::Sgx(sgx_status_t::SGX_ERROR_INVALID_PARAMETER) + ); Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize])) } diff --git a/service/src/main_impl.rs b/service/src/main_impl.rs index 32891059dd..37842603a3 100644 --- a/service/src/main_impl.rs +++ b/service/src/main_impl.rs @@ -478,11 +478,13 @@ fn start_worker( send_extrinsic(register_xt(), &node_api2, &tee_accountid_clone, is_development_mode) }; - // Todo: Can't unwrap here because the extrinsic is for some reason not found in the block - // even if it was successful: https://github.com/scs/substrate-api-client/issues/624. - let register_enclave_block_hash = send_register_xt(); - let api_register_enclave_xt_header = - integritee_rpc_api.get_header(register_enclave_block_hash).unwrap().unwrap(); + let register_enclave_block_hash = + send_register_xt().expect("enclave RA registration must be successful to continue"); + + let api_register_enclave_xt_header = integritee_rpc_api + .get_header(Some(register_enclave_block_hash)) + .unwrap() + .unwrap(); // TODO: #1451: Fix api-client type hacks let register_enclave_xt_header = @@ -868,8 +870,6 @@ fn send_extrinsic( hex::encode(extrinsic.clone()) ); - // fixme: wait ...until_success doesn't work due to https://github.com/scs/substrate-api-client/issues/624 - // fixme: currently, we don't verify if the extrinsic was a success here match api.submit_and_watch_opaque_extrinsic_until(&extrinsic.into(), XtStatus::Finalized) { Ok(xt_report) => { info!( @@ -879,8 +879,7 @@ fn send_extrinsic( xt_report.block_hash }, Err(e) => { - error!("ExtrinsicFailed {:?}", e); - None + panic!("Extrinsic failed {:?} parentchain genesis: {:?}", e, api.genesis_hash()); }, } }