fix(misc): code quality and security improvements, comments added, do…

…cumentation updated. 1. add missing error handling code. 2. move `Vec` instead of raw ptr while spawning a async block task 3. add comments explaining the reason for implementing `Send` to tls `Client` `Server` 4. document update about cargo building package from `--bin` to `-p`
inclavare-containers · Oct 12, 2024 · 25a123d · 25a123d
1 parent a6568e1
commit 25a123d
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 16 deletions.
diff --git a/docs/how-to-build.md b/docs/how-to-build.md
@@ -159,7 +159,7 @@ docker build --tag rats-rs:master .
 4. （可选）构建样例程序
 
     ```sh
-    cargo build --bin spdm
+    cargo build -p spdm
     ```
 
-    对于如何运行样例程序，请参考examples目录下的[例子](/examples/spdm)。
+    对于如何运行样例程序，请参考examples目录下的[例子](/examples/spdm)。
diff --git a/examples/spdm/README.md b/examples/spdm/README.md
@@ -11,7 +11,7 @@
 
 接下来，使用如下命令构建本样例程序
 ```sh
-cargo build --bin spdm
+cargo build -p spdm
 ```
 
 可以使用`target/debug/spdm --help`命令查看该样例程序的命令行参数

diff --git a/justfile b/justfile
@@ -8,11 +8,11 @@ prepare-repo:
   cd deps/spdm-rs && sh_script/pre-build.sh
 
 run-in-occlum *args:
-  cargo build --bin spdm
+  cargo build -p spdm
   scripts/run_exe_in_occlum.sh target/debug/spdm {{args}}
 
 run-in-host *args:
-  cargo build --bin spdm
+  cargo build -p spdm
   target/debug/spdm {{args}}
 
 run-test-in-occlum *args:

diff --git a/rats-rs/Cargo.toml b/rats-rs/Cargo.toml
@@ -49,8 +49,8 @@ crypto-rustcrypto = ["dep:x509-cert", "dep:sha2", "dep:p256", "dep:rsa", "dep:pk
 base = ["crypto-rustcrypto", "attester-sgx-dcap-occlum", "verifier-sgx-dcap", "attester-tdx", "verifier-tdx"]
 default = ["base", "is-sync"]
 is-sync = ["maybe-async/is_sync", "spdmlib/is_sync"]
-transport-spdm = ["dep:spdmlib", "dep:codec", "dep:ring", "is-sync"]
-transport-tls = ["dep:openssl-sys", "dep:libc", "is-sync"]
+transport-spdm = ["dep:spdmlib", "dep:codec", "dep:ring"]
+transport-tls = ["dep:openssl-sys", "dep:libc"]
 transport-rustls = ["dep:tokio-rustls", "async-tokio"]
 attester-sgx-dcap = ["dep:intel-dcap"]
 attester-sgx-dcap-occlum = ["attester-sgx-dcap", "dep:occlum_dcap"]

diff --git a/rats-rs/src/tee/sgx_dcap/attester.rs b/rats-rs/src/tee/sgx_dcap/attester.rs
@@ -38,28 +38,30 @@ impl GenericAttester for SgxDcapAttester {
             let mut sgx_report_data = sgx_report_data_t::default();
             sgx_report_data.d[..report_data.len()].clone_from_slice(report_data);
 
-            let ptr = occlum_quote.as_mut_ptr() as usize;
-
             #[cfg(feature = "async-tokio")]
             {
-                task::spawn_blocking(move || {
+                let handle = task::spawn_blocking(move || {
                     handler
                         .generate_quote(
-                            ptr as *mut u8,
+                            occlum_quote.as_mut_ptr(),
                             &sgx_report_data as *const sgx_report_data_t,
                         )
                         .kind(ErrorKind::SgxDcapAttesterGenerateQuoteFailed)
-                        .context("failed at generate_quote()");
-                })
-                .await?;
+                        .context("failed at generate_quote()")
+                        .map(|_| occlum_quote)
+                });
+                occlum_quote = handle.await.context("the quote generation task panics")??;
             }
 
             #[cfg(not(feature = "async-tokio"))]
             {
                 handler
-                    .generate_quote(ptr as *mut u8, &sgx_report_data as *const sgx_report_data_t)
+                    .generate_quote(
+                        occlum_quote.as_mut_ptr(),
+                        &sgx_report_data as *const sgx_report_data_t,
+                    )
                     .kind(ErrorKind::SgxDcapAttesterGenerateQuoteFailed)
-                    .context("failed at generate_quote()");
+                    .context("failed at generate_quote()")?;
             }
 
             SgxDcapEvidence::new_from_checked(occlum_quote)

diff --git a/rats-rs/src/transport/tls/client.rs b/rats-rs/src/transport/tls/client.rs
@@ -37,6 +37,9 @@ pub struct Client {
     attest_self: bool,
 }
 
+// `Client` is not 'Send' because it contains raw pointer which doesn't impl `Send`
+// async methods capturing `&mut Client` need `Send` trait for `Client`, so we impl here.
+#[cfg(feature = "async-tokio")]
 unsafe impl Send for Client {}
 
 pub struct TlsClientBuilder {

diff --git a/rats-rs/src/transport/tls/server.rs b/rats-rs/src/transport/tls/server.rs
@@ -32,6 +32,9 @@ pub struct Server {
     stream: Box<dyn GetFd>,
 }
 
+// `Server` is not 'Send' because it contains raw pointer which doesn't impl `Send`
+// async methods capturing `&mut Server` need `Send` trait for `Server`, so we impl here.
+#[cfg(feature = "async-tokio")]
 unsafe impl Send for Server {}
 
 // TODO: use typestate design pattern?