You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/09/30 05:07:08 UTC
[incubator-teaclave] branch master updated: [binder] Add checks and
test case for input/output buffer. (#423)
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new 7f1743b [binder] Add checks and test case for input/output buffer. (#423)
7f1743b is described below
commit 7f1743bece45c3003bdb684c6a74dc0be2ca5714
Author: Zhaofeng Chen <zf...@apache.org>
AuthorDate: Tue Sep 29 22:07:02 2020 -0700
[binder] Add checks and test case for input/output buffer. (#423)
---
binder/Cargo.toml | 1 +
binder/src/binder.rs | 5 +++++
binder/src/ipc/app.rs | 27 +++++++++++++++++++++++++++
binder/src/ipc/mod.rs | 2 +-
binder/src/macros.rs | 9 +++++++--
tests/unit/app/Cargo.toml | 4 ++++
tests/unit/app/src/main.rs | 16 +++++++++++-----
types/src/error.rs | 11 ++++++++---
8 files changed, 64 insertions(+), 11 deletions(-)
diff --git a/binder/Cargo.toml b/binder/Cargo.toml
index 6055ae8..1b4e55d 100644
--- a/binder/Cargo.toml
+++ b/binder/Cargo.toml
@@ -16,6 +16,7 @@ mesalock_sgx = [
"teaclave_config/mesalock_sgx",
]
enclave_unit_test = []
+app_unit_test = []
[dependencies]
cfg-if = { version = "0.1.9" }
diff --git a/binder/src/binder.rs b/binder/src/binder.rs
index baa6593..44838b2 100644
--- a/binder/src/binder.rs
+++ b/binder/src/binder.rs
@@ -80,6 +80,11 @@ impl TeeBinder {
pub unsafe fn destroy(&self) {
let _ = sgx_destroy_enclave(self.enclave.geteid());
}
+
+ #[cfg(feature = "app_unit_test")]
+ pub fn run_app_tests(&self) -> bool {
+ crate::ipc::app::tests::run_tests(self.enclave.geteid())
+ }
}
impl Drop for TeeBinder {
diff --git a/binder/src/ipc/app.rs b/binder/src/ipc/app.rs
index 60c86cc..9220d6f 100644
--- a/binder/src/ipc/app.rs
+++ b/binder/src/ipc/app.rs
@@ -142,3 +142,30 @@ impl IpcSender for ECallChannel {
Ok(response)
}
}
+
+#[cfg(feature = "app_unit_test")]
+pub mod tests {
+ use super::*;
+
+ pub fn run_tests(eid: sgx_enclave_id_t) -> bool {
+ let mut ecall_ret = ECallStatus::default();
+ let mut out_buf = vec![0; 128];
+ let mut out_len = 0usize;
+ let sgx_status = unsafe {
+ ecall_ipc_entry_point(
+ eid,
+ &mut ecall_ret,
+ 0x0000_1003, //cmd,
+ std::ptr::null(), //in_ptr,
+ 128, //in_len,
+ out_buf.as_mut_ptr(),
+ 128,
+ &mut out_len,
+ )
+ };
+ assert_eq!(sgx_status, sgx_status_t::SGX_SUCCESS);
+ assert!(ecall_ret.is_err());
+
+ true
+ }
+}
diff --git a/binder/src/ipc/mod.rs b/binder/src/ipc/mod.rs
index 98d0a36..27a3e26 100644
--- a/binder/src/ipc/mod.rs
+++ b/binder/src/ipc/mod.rs
@@ -59,7 +59,7 @@ pub trait IpcReceiver {
cfg_if::cfg_if! {
if #[cfg(feature = "app")] {
- mod app;
+ pub(crate) mod app;
pub use app::ECallChannel;
} else if #[cfg(feature = "mesalock_sgx")] {
mod enclave;
diff --git a/binder/src/macros.rs b/binder/src/macros.rs
index 0446e47..e199af6 100644
--- a/binder/src/macros.rs
+++ b/binder/src/macros.rs
@@ -91,6 +91,11 @@ macro_rules! register_ecall_handler {
out_max: usize,
out_len: &mut usize,
) -> teaclave_types::ECallStatus {
+ if in_buf.is_null() || out_buf.is_null() {
+ log::error!("tee execute cmd: {:x}, invalid in/out buf.", cmd);
+ return teaclave_types::ECallStatus(teaclave_types::ES_ERR_INVALID_PARAMETER);
+ }
+
// The last argument could be either * mut usize, or &mut usize
let input_buf: &[u8] = unsafe { std::slice::from_raw_parts(in_buf, in_len) };
@@ -101,7 +106,7 @@ macro_rules! register_ecall_handler {
Ok(out) => out,
Err(e) => {
log::error!("tee execute cmd: {:x}, error: {}", cmd, e);
- return teaclave_types::ECallStatus(1);
+ return teaclave_types::ECallStatus(teaclave_types::ES_ERR_GENERAL);
}
}
};
@@ -113,7 +118,7 @@ macro_rules! register_ecall_handler {
if inner_len > out_max {
log::debug!("tee before copy out_buf check: out_max={:x} < inner={:x}", out_max, inner_len);
- return teaclave_types::ECallStatus(0x0000_000c);
+ return teaclave_types::ECallStatus(teaclave_types::ES_ERR_FFI_INSUFFICIENT_OUTBUF_SIZE);
}
// The following lines use a trick of "constructing a mutable slice
diff --git a/tests/unit/app/Cargo.toml b/tests/unit/app/Cargo.toml
index b8279b1..f7b57cb 100644
--- a/tests/unit/app/Cargo.toml
+++ b/tests/unit/app/Cargo.toml
@@ -7,6 +7,9 @@ license = "Apache-2.0"
build = "build.rs"
edition = "2018"
+[features]
+default = ["teaclave_binder/app_unit_test"]
+
[dependencies]
log = { version = "0.4.6", features = ["release_max_level_info"] }
env_logger = { version = "0.7.1" }
@@ -15,5 +18,6 @@ anyhow = { version = "1.0.26" }
teaclave_file_agent = { path = "../../../file_agent" }
teaclave_binder = { path = "../../../binder", features = ["app"] }
teaclave_types = { path = "../../../types" }
+teaclave_test_utils = { path = "../../../tests/utils" }
sgx_types = { version = "1.1.2" }
diff --git a/tests/unit/app/src/main.rs b/tests/unit/app/src/main.rs
index 13b5b12..57f7b93 100644
--- a/tests/unit/app/src/main.rs
+++ b/tests/unit/app/src/main.rs
@@ -18,6 +18,7 @@
use log::error;
use teaclave_binder::proto::{ECallCommand, RunTestInput, RunTestOutput};
use teaclave_binder::TeeBinder;
+use teaclave_test_utils::*;
use teaclave_types::TeeServiceResult;
pub use teaclave_file_agent::ocall_handle_file_request;
@@ -28,13 +29,19 @@ fn main() -> anyhow::Result<()> {
.filter_or("TEACLAVE_LOG", "RUST_LOG")
.write_style_or("TEACLAVE_LOG_STYLE", "RUST_LOG_STYLE"),
);
- let tee = TeeBinder::new(env!("CARGO_PKG_NAME"))?;
- run(&tee)?;
- tee.finalize();
+
+ run_tests!(test_app_and_enclave);
Ok(())
}
+fn test_app_and_enclave() {
+ let tee = TeeBinder::new(env!("CARGO_PKG_NAME")).unwrap();
+ tee.run_app_tests();
+ run_enclave_tests(&tee).unwrap();
+ tee.finalize();
+}
+
fn start_enclave_unit_test_driver(tee: &TeeBinder) -> anyhow::Result<()> {
let cmd = ECallCommand::RunTest;
let input = RunTestInput::default();
@@ -47,8 +54,7 @@ fn start_enclave_unit_test_driver(tee: &TeeBinder) -> anyhow::Result<()> {
Ok(())
}
-fn run(tee: &TeeBinder) -> anyhow::Result<()> {
+fn run_enclave_tests(tee: &TeeBinder) -> anyhow::Result<()> {
start_enclave_unit_test_driver(tee)?;
-
Ok(())
}
diff --git a/types/src/error.rs b/types/src/error.rs
index 9ed5b84..c3e20d9 100644
--- a/types/src/error.rs
+++ b/types/src/error.rs
@@ -24,6 +24,11 @@ use thiserror::Error;
pub type SgxStatus = sgx_types::sgx_status_t;
+pub const ES_OK: u32 = 0;
+pub const ES_ERR_GENERAL: u32 = 0x0000_0001;
+pub const ES_ERR_INVALID_PARAMETER: u32 = 0x0000_0002;
+pub const ES_ERR_FFI_INSUFFICIENT_OUTBUF_SIZE: u32 = 0x0000_000c;
+
/// Status for Ecall
#[repr(C)]
#[derive(Debug, Serialize, Deserialize, Default)]
@@ -31,15 +36,15 @@ pub struct ECallStatus(pub u32);
impl ECallStatus {
pub fn is_err(&self) -> bool {
- self.0 != 0
+ self.0 != ES_OK
}
pub fn is_ok(&self) -> bool {
- self.0 == 0
+ self.0 == ES_OK
}
pub fn is_err_ffi_outbuf(&self) -> bool {
- self.0 == 0x0000_000c
+ self.0 == ES_ERR_FFI_INSUFFICIENT_OUTBUF_SIZE
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org