Add PathInitializer to mc-sgx-dcap-ql

Add a `PathInitializer` struct to `mc-sgx-dcap-ql` to ensure that the necessary DCAP quote library paths are set prior to making quote library calls. As well as ensuring that the paths are only initialized once.
mobilecoinfoundation · Oct 12, 2022 · ef0e235 · ef0e235
1 parent b001476
commit ef0e235
Show file tree

Hide file tree

Showing 5 changed files with 458 additions and 76 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/dcap/ql/Cargo.toml b/dcap/ql/Cargo.toml
@@ -13,12 +13,14 @@ categories = ["api-bindings", "hardware-support"]
 keywords = ["sgx"]
 
 [dependencies]
+displaydoc = { version = "0.2.3", default-features = false }
 mc-sgx-core-sys-types = { path = "../../core/sys/types", version = "=0.2.1-pre" }
 mc-sgx-core-types = { path = "../../core/types", version = "=0.2.1-pre" }
 mc-sgx-dcap-ql-sys = { path = "sys", version = "=0.2.1-pre" }
 mc-sgx-dcap-ql-types = { path = "types", version = "=0.2.1-pre" }
 mc-sgx-dcap-types = { path = "../types", version = "=0.2.1-pre", features = ["alloc"] }
 mc-sgx-util = { path = "../../util", version = "=0.2.1-pre" }
+once_cell = "1.15.0"
 
 [features]
 default = []
@@ -27,5 +29,6 @@ default = []
 sim = []
 
 [dev-dependencies]
+serial_test = { version = "0.9.0", default-features = false }
 tempfile = "3.3.0"
 yare = "1.0.1"
diff --git a/dcap/ql/src/lib.rs b/dcap/ql/src/lib.rs
@@ -8,5 +8,24 @@ extern crate alloc;
 mod quote3;
 mod quote_enclave;
 
+use mc_sgx_dcap_types::Quote3Error;
 pub use quote3::TryFromReport;
-pub use quote_enclave::{load_policy, set_path, QeTargetInfo};
+pub use quote_enclave::{load_policy, PathInitializer, QeTargetInfo};
+
+/// Errors interacting with quote library functions
+#[derive(Clone, Debug, displaydoc::Display, Eq, Hash, PartialEq, PartialOrd, Ord)]
+#[non_exhaustive]
+pub enum Error {
+    /// Paths have already been initialized
+    PathsInitialized,
+    /// Error from SGX quoting library function: {0}
+    Sgx(Quote3Error),
+    /// Failed ot convert a path to a string.  Path {0}
+    PathStringConversion(String),
+}
+
+impl From<Quote3Error> for Error {
+    fn from(src: Quote3Error) -> Self {
+        Self::Sgx(src)
+    }
+}
diff --git a/dcap/ql/src/quote3.rs b/dcap/ql/src/quote3.rs
@@ -5,17 +5,30 @@
 //! This functionality requires HW SGX to work correctly otherwise all
 //! functionality will return errors.
 
+use crate::Error;
 use mc_sgx_core_types::Report;
-use mc_sgx_dcap_types::{Quote3, Quote3Error};
+use mc_sgx_dcap_types::Quote3;
 use mc_sgx_util::ResultInto;
 
 /// Create a Quote3 from a Report
 pub trait TryFromReport {
     /// Try to create a [`Quote3`] from the provided [`Report`]
     ///
+    /// Note: This will initialized the
+    ///   [`PathInitializer`](crate::PathInitializer) to the defaults if the
+    ///   [`PathInitializer`](crate::PathInitializer) has not been initialized
+    ///   yet. Calling
+    ///   [`PathInitializer::with_paths()`](crate::PathInitializer::with_paths)
+    ///   after calling this function will result in an error.
+    ///
     /// # Arguments
     /// * `report` - The report to build the quote from
-    fn try_from_report(report: Report) -> Result<Quote3<Vec<u8>>, Quote3Error> {
+    ///
+    /// # Errors
+    /// Will return an [`Error::Sgx`] if there is a failure from the SGX SDK
+    fn try_from_report(report: Report) -> Result<Quote3<Vec<u8>>, Error> {
+        crate::PathInitializer::ensure_initialized()?;
+
         let mut size = 0;
         unsafe { mc_sgx_dcap_ql_sys::sgx_qe_get_quote_size(&mut size) }.into_result()?;
 
@@ -37,35 +50,17 @@ impl TryFromReport for Quote3<Vec<u8>> {}
 #[cfg(all(test, not(feature = "sim")))]
 mod test {
     use super::*;
-    use crate::{set_path, QeTargetInfo};
+    use crate::QeTargetInfo;
     use mc_sgx_core_types::TargetInfo;
-    use mc_sgx_dcap_ql_types::PathKind::{
-        IdEnclave, ProvisioningCertificateEnclave, QuotingEnclave,
-    };
 
     #[test]
     fn get_quote() {
-        set_path(
-            ProvisioningCertificateEnclave,
-            "/usr/lib/x86_64-linux-gnu/libsgx_pce.signed.so.1",
-        )
-        .unwrap();
-        set_path(
-            QuotingEnclave,
-            "/usr/lib/x86_64-linux-gnu/libsgx_qe3.signed.so.1",
-        )
-        .unwrap();
-        set_path(
-            IdEnclave,
-            "/usr/lib/x86_64-linux-gnu/libsgx_id_enclave.signed.so.1",
-        )
-        .unwrap();
         // Target info must be gotten first in order to initialize sgx
         let _ = TargetInfo::for_quoting_enclave();
         let report = Report::default();
         assert_eq!(
             Quote3::try_from_report(report),
-            Err(Quote3Error::InvalidReport)
+            Err(Error::Sgx(Quote3Error::InvalidReport))
         );
     }
 }