Return encoded extrinsics without padding (#2287)

* Return exact xt length

* fix compile

* fix clippy

* fix test

Author: Kailai-Wang

tee-worker/core-primitives/enclave-api/ffi/src/lib.rs

@@ -15,7 +15,8 @@ extern "C" {
 		quote: *const u8,
 		quote_size: u32,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 	) -> sgx_status_t;
 
 	pub fn init(
@@ -127,7 +128,8 @@ extern "C" {
 		w_url: *const u8,
 		w_url_size: u32,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 		skip_ra: c_int,
 	) -> sgx_status_t;
 
@@ -137,7 +139,8 @@ extern "C" {
 		w_url: *const u8,
 		w_url_size: u32,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 		skip_ra: c_int,
 		quoting_enclave_target_info: Option<&sgx_target_info_t>,
 		quote_size: Option<&u32>,
@@ -158,15 +161,17 @@ extern "C" {
 		retval: *mut sgx_status_t,
 		collateral: *const sgx_ql_qve_collateral_t,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 	) -> sgx_status_t;
 
 	pub fn generate_register_tcb_info_extrinsic(
 		eid: sgx_enclave_id_t,
 		retval: *mut sgx_status_t,
 		collateral: *const sgx_ql_qve_collateral_t,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 	) -> sgx_status_t;
 
 	pub fn dump_ias_ra_cert_to_disk(
@@ -206,7 +211,8 @@ extern "C" {
 		fiat_currency: *const u8,
 		fiat_currency_size: u32,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 	) -> sgx_status_t;
 
 	pub fn update_weather_data_xt(
@@ -217,7 +223,8 @@ extern "C" {
 		weather_info_latitude: *const u8,
 		weather_info_latitude_size: u32,
 		unchecked_extrinsic: *mut u8,
-		unchecked_extrinsic_size: u32,
+		unchecked_extrinsic_max_size: u32,
+		unchecked_extrinsic_size: *mut u32,
 	) -> sgx_status_t;
 
 	pub fn run_state_provisioning_server(

tee-worker/core-primitives/enclave-api/src/remote_attestation.rs

@@ -136,8 +136,9 @@ impl RemoteAttestation for Enclave {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 
 		let mut unchecked_extrinsic: Vec<u8> = vec![0u8; EXTRINSIC_MAX_SIZE];
+		let mut unchecked_extrinsic_size: u32 = 0;
 
-		trace!("Generating dcap_ra_extrinsic with URL: {}", w_url);
+		trace!("Generating ias_ra_extrinsic with URL: {}", w_url);
 
 		let url = w_url.encode();
 
@@ -149,14 +150,15 @@ impl RemoteAttestation for Enclave {
 				url.len() as u32,
 				unchecked_extrinsic.as_mut_ptr(),
 				unchecked_extrinsic.len() as u32,
+				&mut unchecked_extrinsic_size as *mut u32,
 				skip_ra.into(),
 			)
 		};
 
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 
-		Ok(unchecked_extrinsic)
+		Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 	}
 	fn generate_dcap_ra_extrinsic_from_quote(
 		&self,
@@ -165,6 +167,7 @@ impl RemoteAttestation for Enclave {
 	) -> EnclaveResult<Vec<u8>> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 		let mut unchecked_extrinsic: Vec<u8> = vec![0u8; EXTRINSIC_MAX_SIZE];
+		let mut unchecked_extrinsic_size: u32 = 0;
 		let url = url.encode();
 
 		let result = unsafe {
@@ -177,13 +180,14 @@ impl RemoteAttestation for Enclave {
 				quote.len() as u32,
 				unchecked_extrinsic.as_mut_ptr(),
 				unchecked_extrinsic.len() as u32,
+				&mut unchecked_extrinsic_size as *mut u32,
 			)
 		};
 
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 
-		Ok(unchecked_extrinsic.to_vec())
+		Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 	}
 
 	fn generate_dcap_ra_quote(&self, skip_ra: bool) -> EnclaveResult<Vec<u8>> {
@@ -242,7 +246,7 @@ impl RemoteAttestation for Enclave {
 		trace!("Generating dcap_ra_extrinsic with URL: {}", w_url);
 
 		let mut unchecked_extrinsic: Vec<u8> = vec![0u8; EXTRINSIC_MAX_SIZE];
-
+		let mut unchecked_extrinsic_size: u32 = 0;
 		let url = w_url.encode();
 
 		let result = unsafe {
@@ -253,6 +257,7 @@ impl RemoteAttestation for Enclave {
 				url.len() as u32,
 				unchecked_extrinsic.as_mut_ptr(),
 				unchecked_extrinsic.len() as u32,
+				&mut unchecked_extrinsic_size as *mut u32,
 				skip_ra.into(),
 				quoting_enclave_target_info.as_ref(),
 				quote_size.as_ref(),
@@ -262,12 +267,13 @@ impl RemoteAttestation for Enclave {
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 
-		Ok(unchecked_extrinsic)
+		Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 	}
 
 	fn generate_register_quoting_enclave_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult<Vec<u8>> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 		let mut unchecked_extrinsic: Vec<u8> = vec![0u8; EXTRINSIC_MAX_SIZE];
+		let mut unchecked_extrinsic_size: u32 = 0;
 
 		trace!("Generating register quoting enclave");
 
@@ -280,19 +286,21 @@ impl RemoteAttestation for Enclave {
 				collateral_ptr,
 				unchecked_extrinsic.as_mut_ptr(),
 				unchecked_extrinsic.len() as u32,
+				&mut unchecked_extrinsic_size as *mut u32,
 			)
 		};
 		let free_status = unsafe { sgx_ql_free_quote_verification_collateral(collateral_ptr) };
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 		ensure!(free_status == sgx_quote3_error_t::SGX_QL_SUCCESS, Error::SgxQuote(free_status));
 
-		Ok(unchecked_extrinsic)
+		Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 	}
 
 	fn generate_register_tcb_info_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult<Vec<u8>> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 		let mut unchecked_extrinsic: Vec<u8> = vec![0u8; EXTRINSIC_MAX_SIZE];
+		let mut unchecked_extrinsic_size: u32 = 0;
 
 		trace!("Generating tcb_info registration");
 
@@ -305,14 +313,15 @@ impl RemoteAttestation for Enclave {
 				collateral_ptr,
 				unchecked_extrinsic.as_mut_ptr(),
 				unchecked_extrinsic.len() as u32,
+				&mut unchecked_extrinsic_size as *mut u32,
 			)
 		};
 		let free_status = unsafe { sgx_ql_free_quote_verification_collateral(collateral_ptr) };
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 		ensure!(free_status == sgx_quote3_error_t::SGX_QL_SUCCESS, Error::SgxQuote(free_status));
 
-		Ok(unchecked_extrinsic)
+		Ok(Vec::from(&unchecked_extrinsic[..unchecked_extrinsic_size as usize]))
 	}
 
 	fn dump_ias_ra_cert_to_disk(&self) -> EnclaveResult<()> {

tee-worker/core-primitives/enclave-api/src/teeracle_api.rs

@@ -45,8 +45,9 @@ impl TeeracleApi for Enclave {
 			crypto_currency, fiat_currency
 		);
 		let mut retval = sgx_status_t::SGX_SUCCESS;
-		let response_len = 8192;
-		let mut response: Vec<u8> = vec![0u8; response_len as usize];
+		let response_max_len = 8192;
+		let mut response: Vec<u8> = vec![0u8; response_max_len as usize];
+		let mut response_len: u32 = 0;
 
 		let crypto_curr = crypto_currency.encode();
 		let fiat_curr = fiat_currency.encode();
@@ -60,23 +61,25 @@ impl TeeracleApi for Enclave {
 				fiat_curr.as_ptr(),
 				fiat_curr.len() as u32,
 				response.as_mut_ptr(),
-				response_len,
+				response_max_len,
+				&mut response_len as *mut u32,
 			)
 		};
 
 		ensure!(res == sgx_status_t::SGX_SUCCESS, Error::Sgx(res));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 
-		Ok(response)
+		Ok(Vec::from(&response[..response_len as usize]))
 	}
 	fn update_weather_data_xt(&self, longitude: &str, latitude: &str) -> EnclaveResult<Vec<u8>> {
 		info!(
 			"TeeracleApi update_weather_data_xt in with latitude: {}, longitude: {}",
 			latitude, longitude
 		);
 		let mut retval = sgx_status_t::SGX_SUCCESS;
-		let response_len = 8192;
-		let mut response: Vec<u8> = vec![0u8; response_len as usize];
+		let response_max_len = 8192;
+		let mut response: Vec<u8> = vec![0u8; response_max_len as usize];
+		let mut response_len: u32 = 0;
 
 		let longitude_encoded: Vec<u8> = longitude.encode();
 		let latitude_encoded: Vec<u8> = latitude.encode();
@@ -90,12 +93,13 @@ impl TeeracleApi for Enclave {
 				latitude_encoded.as_ptr(),
 				latitude_encoded.len() as u32,
 				response.as_mut_ptr(),
-				response_len,
+				response_max_len,
+				&mut response_len as *mut u32,
 			)
 		};
 
 		ensure!(res == sgx_status_t::SGX_SUCCESS, Error::Sgx(res));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
-		Ok(response)
+		Ok(Vec::from(&response[..response_len as usize]))
 	}
 }

tee-worker/core-primitives/utils/src/buffer.rs

@@ -24,10 +24,12 @@ use std::vec::Vec;
 use crate::sgx_reexport_prelude::thiserror;
 
 /// Fills a given buffer with data and the left over buffer space with white spaces.
+/// Throw an error if the buffer size is not enough to hold `data`,
+/// return the length of `data` otherwise.
 pub fn write_slice_and_whitespace_pad(
 	writable: &mut [u8],
 	data: Vec<u8>,
-) -> Result<(), BufferError> {
+) -> Result<usize, BufferError> {
 	ensure!(
 		data.len() <= writable.len(),
 		BufferError::InsufficientBufferSize(writable.len(), data.len())
@@ -36,10 +38,10 @@ pub fn write_slice_and_whitespace_pad(
 	left.clone_from_slice(&data);
 	// fill the right side with whitespace
 	right.iter_mut().for_each(|x| *x = 0x20);
-	Ok(())
+	Ok(data.len())
 }
 
-#[derive(Debug, thiserror::Error)]
+#[derive(Debug, PartialEq, Eq, thiserror::Error)]
 pub enum BufferError {
 	#[error("Insufficient buffer size. Actual: {0}, required: {1}")]
 	InsufficientBufferSize(usize, usize),
@@ -49,6 +51,15 @@ pub enum BufferError {
 mod tests {
 	use super::*;
 
+	#[test]
+	fn write_slice_and_whitespace_pad_works() {
+		let mut writable = vec![0; 32];
+		let data = vec![1; 30];
+		assert_eq!(write_slice_and_whitespace_pad(&mut writable, data), Ok(30));
+		assert_eq!(&writable[..30], vec![1; 30]);
+		assert_eq!(&writable[30..], vec![0x20; 2]);
+	}
+
 	#[test]
 	fn write_slice_and_whitespace_pad_returns_error_if_buffer_too_small() {
 		let mut writable = vec![0; 32];

tee-worker/enclave-runtime/Enclave.edl

@@ -95,7 +95,8 @@ enclave {
 
 		public sgx_status_t generate_ias_ra_extrinsic(
 			[in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size,
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size,
 			int skip_ra
 		);
 		public sgx_status_t generate_dcap_ra_quote(
@@ -108,37 +109,43 @@ enclave {
 		public sgx_status_t generate_dcap_ra_extrinsic_from_quote(
 			[in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size,
 			[in, size=quote_size] uint8_t* quote, uint32_t quote_size,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size
 		);
 
 		public sgx_status_t generate_dcap_ra_extrinsic(
 			[in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size,
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size,
 			int skip_ra,
 			[in] const sgx_target_info_t* quoting_enclave_target_info,
 			[in] uint32_t* quote_size
 		);
 
 		public sgx_status_t generate_register_quoting_enclave_extrinsic(
 		    [in] const sgx_ql_qve_collateral_t *p_quote_collateral,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size
 		);
 
 		public sgx_status_t generate_register_tcb_info_extrinsic(
 		    [in] const sgx_ql_qve_collateral_t *p_quote_collateral,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size
 		);
 
 		public sgx_status_t update_market_data_xt(
 			[in, size=crypto_currency_size] uint8_t* crypto_currency, uint32_t crypto_currency_size,
 			[in, size=fiat_currency_size] uint8_t* fiat_currency, uint32_t fiat_currency_size,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size
 		);
 
 		public sgx_status_t update_weather_data_xt(
 			[in, size=weather_info_logitude_size] uint8_t* weather_info_logitude, uint32_t weather_info_logitude_size,
 			[in, size=weather_info_latitude_size] uint8_t* weather_info_latitude, uint32_t weather_info_latitude_size,
-			[out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size
+			[out, size=unchecked_extrinsic_max_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_max_size,
+			[out] uint32_t* unchecked_extrinsic_size
 		);
 
 		public sgx_status_t dump_ias_ra_cert_to_disk();