fix(sgx-dcap-quoteverify-rs): don't assert in tee_qv_get_collateral()

haraldh · haraldh · commit 5e4d362c7560 · 2024-02-14T13:54:28.000+01:00
- use `TryFrom&lt;&amp;sgx_ql_qve_collateral_t&gt;` instead of
  `From&lt;sgx_ql_qve_collateral_t&gt;`
  * return an error, if something goes wrong, instead of panic
  * don't take ownership of the memory

- use `Box&lt;[c_char]&gt;` instead of `Vec&lt;c_char&gt;`, because
  the slice is not modified anyway.

Signed-off-by: Harald Hoyer &lt;harald@matterlabs.dev&gt;
diff --git a/QuoteVerification/dcap_quoteverify/sgx-dcap-quoteverify-rs/src/lib.rs b/QuoteVerification/dcap_quoteverify/sgx-dcap-quoteverify-rs/src/lib.rs
@@ -60,43 +60,47 @@ pub struct QuoteCollateral {
     pub major_version: u16,
     pub minor_version: u16,
     pub tee_type: u32,
-    pub pck_crl_issuer_chain: Vec<c_char>,
-    pub root_ca_crl: Vec<c_char>,
-    pub pck_crl: Vec<c_char>,
-    pub tcb_info_issuer_chain: Vec<c_char>,
-    pub tcb_info: Vec<c_char>,
-    pub qe_identity_issuer_chain: Vec<c_char>,
-    pub qe_identity: Vec<c_char>,
+    pub pck_crl_issuer_chain: Box<[c_char]>,
+    pub root_ca_crl: Box<[c_char]>,
+    pub pck_crl: Box<[c_char]>,
+    pub tcb_info_issuer_chain: Box<[c_char]>,
+    pub tcb_info: Box<[c_char]>,
+    pub qe_identity_issuer_chain: Box<[c_char]>,
+    pub qe_identity: Box<[c_char]>,
 }
 
-impl From<sgx_ql_qve_collateral_t> for QuoteCollateral {
-    fn from(collateral: sgx_ql_qve_collateral_t) -> Self {
-        fn raw_ptr_to_vec(data: *mut c_char, len: u32) -> Vec<c_char> {
-            assert!(!data.is_null());
-            unsafe { slice::from_raw_parts(data, len as _) }.to_vec()
+impl TryFrom<&sgx_ql_qve_collateral_t> for QuoteCollateral {
+    type Error = ();
+
+    fn try_from(collateral: &sgx_ql_qve_collateral_t) -> Result<Self, Self::Error> {
+        fn raw_ptr_to_vec(data: *mut c_char, len: u32) -> Result<Box<[c_char]>, ()> {
+            if data.is_null() {
+                return Err(());
+            }
+            Ok(Box::from(unsafe { slice::from_raw_parts(data, len as _) }))
         }
 
-        QuoteCollateral {
+        Ok(QuoteCollateral {
             major_version: unsafe { collateral.__bindgen_anon_1.__bindgen_anon_1.major_version },
             minor_version: unsafe { collateral.__bindgen_anon_1.__bindgen_anon_1.minor_version },
             tee_type: collateral.tee_type,
             pck_crl_issuer_chain: raw_ptr_to_vec(
                 collateral.pck_crl_issuer_chain,
                 collateral.pck_crl_issuer_chain_size,
-            ),
-            root_ca_crl: raw_ptr_to_vec(collateral.root_ca_crl, collateral.root_ca_crl_size),
-            pck_crl: raw_ptr_to_vec(collateral.pck_crl, collateral.pck_crl_size),
+            )?,
+            root_ca_crl: raw_ptr_to_vec(collateral.root_ca_crl, collateral.root_ca_crl_size)?,
+            pck_crl: raw_ptr_to_vec(collateral.pck_crl, collateral.pck_crl_size)?,
             tcb_info_issuer_chain: raw_ptr_to_vec(
                 collateral.tcb_info_issuer_chain,
                 collateral.tcb_info_issuer_chain_size,
-            ),
-            tcb_info: raw_ptr_to_vec(collateral.tcb_info, collateral.tcb_info_size),
+            )?,
+            tcb_info: raw_ptr_to_vec(collateral.tcb_info, collateral.tcb_info_size)?,
             qe_identity_issuer_chain: raw_ptr_to_vec(
                 collateral.qe_identity_issuer_chain,
                 collateral.qe_identity_issuer_chain_size,
-            ),
-            qe_identity: raw_ptr_to_vec(collateral.qe_identity, collateral.qe_identity_size),
-        }
+            )?,
+            qe_identity: raw_ptr_to_vec(collateral.qe_identity, collateral.qe_identity_size)?,
+        })
     }
 }
 
@@ -415,15 +419,17 @@ pub fn tee_qv_get_collateral(quote: &[u8]) -> Result<QuoteCollateral, quote3_err
         qvl_sys::tee_qv_get_collateral(quote.as_ptr(), quote.len() as u32, &mut buf, &mut buf_len)
     } {
         quote3_error_t::SGX_QL_SUCCESS => {
-            assert!(!buf.is_null());
-            assert!(buf_len > 0);
-            assert_eq!(
-                buf.align_offset(mem::align_of::<sgx_ql_qve_collateral_t>()),
-                0
-            );
+            if buf.is_null()
+                || buf_len == 0
+                || buf.align_offset(mem::align_of::<sgx_ql_qve_collateral_t>()) != 0
+            {
+                return Err(quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA);
+            }
 
-            let collateral =
-                QuoteCollateral::from(unsafe { *(buf as *const sgx_ql_qve_collateral_t) });
+            // SAFETY: buf is not null, buf_len is not zero, and buf is aligned.
+            let orig_collateral = &unsafe { *(buf as *const sgx_ql_qve_collateral_t) };
+            let collateral = QuoteCollateral::try_from(orig_collateral)
+                .map_err(|_| quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA)?;
 
             match unsafe { qvl_sys::tee_qv_free_collateral(buf) } {
                 quote3_error_t::SGX_QL_SUCCESS => Ok(collateral),
