lowRISC · mcy · Mar 30, 2022 · Aug 9, 2021 · Aug 9, 2021 · Jan 10, 2022
@@ -30,6 +30,10 @@ version = "0.3"
 optional = true
 features = ["arbitrary-derive"]
 
+[dependencies.log]
+version = "0.4"
+optional = true
+
 [dependencies.ring]
 version = "0.16.11"
 optional = true
@@ -42,13 +46,15 @@ default-features = false
 features = ["derive"]
 
 [dev-dependencies]
+ctor = "0.1"
+env_logger = "0.8"
 pretty_assertions = "0.6.1"
 ring = "0.16.11"
 serde_json = "1.0"
 testutil = { path = "testutil" }
 
 [features]
-default = ["std", "ring"]
+default = ["std", "ring", "log"]
 
 # Enables deriving `arbitrary::Arbitrary` for various manticore types.
 arbitrary-derive = ["libfuzzer-sys", "std"]

@@ -29,6 +29,7 @@ use manticore::protocol::spdm;
 use manticore::server;
 use manticore::server::pa_rot::PaRot;
 use manticore::session::ring::Session;
+use manticore::Result;
 
 use crate::support::fakes;
 use crate::support::tcp;

@@ -47,6 +47,8 @@ use manticore::protocol::wire::WireEnum;
 use manticore::protocol::Command;
 use manticore::protocol::Message;
 use manticore::server;
+use manticore::Result;
+use manticore::{check, fail};
 
 /// Sends `req` to a virtual RoT listening on `localhost:{port}`, using
 /// Cerberus-over-TCP.
@@ -84,7 +86,7 @@ pub fn send_cerberus<
         Ok(Ok(FromWire::from_wire(&mut r, arena)?))
     } else if header.command == cerberus::CommandType::Error {
         log::info!("deserializing {}", type_name::<protocol::Error<'a, Cmd>>());
-        Ok(Err(FromWire::from_wire(&mut r, arena)?))
+        Ok(Err(fail!(FromWire::from_wire(&mut r, arena)?)))
     } else {
         Err(net::Error::BadHeader.into())
     }
@@ -125,7 +127,7 @@ pub fn send_spdm<'a, Cmd: Command<'a, CommandType = spdm::CommandType>>(
         Ok(Ok(FromWire::from_wire(&mut r, arena)?))
     } else if header.command == spdm::CommandType::Error {
         log::info!("deserializing {}", type_name::<protocol::Error<'a, Cmd>>());
-        Ok(Err(FromWire::from_wire(&mut r, arena)?))
+        Ok(Err(fail!(FromWire::from_wire(&mut r, arena)?)))
     } else {
         Err(net::Error::BadHeader.into())
     }
@@ -140,7 +142,7 @@ impl io::Read for TcpReader {
     fn read_bytes(&mut self, out: &mut [u8]) -> Result<(), io::Error> {
         let Self { tcp, len } = self;
         if *len < out.len() {
-            return Err(io::Error::BufferExhausted);
+            return Err(fail!(io::Error::BufferExhausted));
         }
         tcp.read_exact(out).map_err(|e| {
             log::error!("{}", e);
@@ -365,22 +367,22 @@ impl<'req, H: Header + 'req> HostRequest<'req, H> for Inner<H> {
     fn header(&self) -> Result<H, net::Error> {
         if self.output_buffer.is_some() {
             log::error!("header() called out-of-order");
-            return Err(net::Error::OutOfOrder);
+            return Err(fail!(net::Error::OutOfOrder));
         }
         self.stream
             .as_ref()
             .map(|(h, _, _)| *h)
-            .ok_or(net::Error::Disconnected)
+            .ok_or_else(|| fail!(net::Error::Disconnected))
     }
 
     fn payload(&mut self) -> Result<&mut dyn io::ReadZero<'req>, net::Error> {
         if self.stream.is_none() {
             log::error!("payload() called out-of-order");
-            return Err(net::Error::Disconnected);
+            return Err(fail!(net::Error::Disconnected));
         }
         if self.output_buffer.is_some() {
             log::error!("payload() called out-of-order");
-            return Err(net::Error::OutOfOrder);
+            return Err(fail!(net::Error::OutOfOrder));
         }
 
         Ok(self)
@@ -392,11 +394,11 @@ impl<'req, H: Header + 'req> HostRequest<'req, H> for Inner<H> {
     ) -> Result<&mut dyn HostResponse<'req>, net::Error> {
         if self.stream.is_none() {
             log::error!("payload() called out-of-order");
-            return Err(net::Error::Disconnected);
+            return Err(fail!(net::Error::Disconnected));
         }
         if self.output_buffer.is_some() {
             log::error!("payload() called out-of-order");
-            return Err(net::Error::OutOfOrder);
+            return Err(fail!(net::Error::OutOfOrder));
         }
 
         self.output_buffer = Some(Writer::new(header));
@@ -408,13 +410,13 @@ impl<'req, H: Header + 'req> HostResponse<'req> for Inner<H> {
     fn sink(&mut self) -> Result<&mut dyn io::Write, net::Error> {
         if self.stream.is_none() {
             log::error!("sink() called out-of-order");
-            return Err(net::Error::Disconnected);
+            return Err(fail!(net::Error::Disconnected));
         }
 
         self.output_buffer
             .as_mut()
             .map(|w| w as &mut dyn io::Write)
-            .ok_or(net::Error::OutOfOrder)
+            .ok_or_else(|| fail!(net::Error::OutOfOrder))
     }
 
     fn finish(&mut self) -> Result<(), net::Error> {
@@ -434,7 +436,7 @@ impl<'req, H: Header + 'req> HostResponse<'req> for Inner<H> {
                 self.output_buffer = None;
                 Ok(())
             }
-            _ => Err(net::Error::Disconnected),
+            _ => Err(fail!(net::Error::Disconnected)),
         }
     }
 }
@@ -443,9 +445,7 @@ impl<H> io::Read for Inner<H> {
     fn read_bytes(&mut self, out: &mut [u8]) -> Result<(), io::Error> {
         let (_, len, stream) =
             self.stream.as_mut().ok_or(io::Error::Internal)?;
-        if *len < out.len() {
-            return Err(io::Error::BufferExhausted);
-        }
+        check!(*len >= out.len(), io::Error::BufferExhausted);
         stream.read_exact(out).map_err(|e| {
             log::error!("{}", e);
             io::Error::Internal

@@ -13,16 +13,13 @@ use manticore::cert::Cert;
 use manticore::cert::CertFormat;
 use manticore::crypto::sig;
 use manticore::protocol::cerberus::capabilities;
+use manticore::Result;
 
 /// A `Ciphers` that blindly accepts all signatures.
 struct NoVerify;
 
 impl sig::Verify for NoVerify {
-    fn verify(
-        &mut self,
-        _: &[&[u8]],
-        _: &[u8],
-    ) -> Result<(), sig::Error> {
+    fn verify(&mut self, _: &[&[u8]], _: &[u8]) -> Result<(), sig::Error> {
         Ok(())
     }
 }
@@ -39,12 +36,7 @@ impl sig::Ciphers for NoVerify {
 }
 
 fuzz_target!(|data: &[u8]| {
-    let _ = Cert::parse(
-        data,
-        CertFormat::RiotX509,
-        None,
-        &mut NoVerify,
-    );
+    let _ = Cert::parse(data, CertFormat::RiotX509, None, &mut NoVerify);
 
     // NOTE: we might actually succeed at creating a valid cert, so we can't
     // check for is_err() here.

@@ -13,6 +13,7 @@ use crate::cert::Cert;
 use crate::cert::CertFormat;
 use crate::cert::Error;
 use crate::crypto::sig;
+use crate::Result;
 
 /// A trust chain collection.
 ///
@@ -66,9 +67,7 @@ impl<'cert, const LEN: usize> SimpleChain<'cert, LEN> {
         ciphers: &mut impl sig::Ciphers,
         signer: Option<&'cert mut dyn sig::Sign>,
     ) -> Result<Self, Error> {
-        if raw_chain.len() > LEN {
-            return Err(Error::ChainTooLong);
-        }
+        check!(raw_chain.len() <= LEN, Error::ChainTooLong);
 
         let mut chain = ArrayVec::new();
         for (i, &raw_cert) in raw_chain.iter().enumerate() {
@@ -77,26 +76,21 @@ impl<'cert, const LEN: usize> SimpleChain<'cert, LEN> {
             let cert = Cert::parse(raw_cert, format, key, ciphers)?;
 
             let prev = prev.unwrap_or(&cert);
-            if prev.subject() != cert.issuer() {
-                return Err(Error::BadChainLink);
-            }
-            if !prev.supports_cert_signing() {
-                return Err(Error::BadChainLink);
-            }
+            check!(prev.subject() == cert.issuer(), Error::BadChainLink);
+            check!(prev.supports_cert_signing(), Error::BadChainLink);
 
             // None is also ok; it means the format (e.g. CWT) does not support
             // a CA bit.
-            if prev.is_ca_cert() == Some(false) {
-                return Err(Error::BadChainLink);
-            }
+            check!(prev.is_ca_cert() != Some(false), Error::BadChainLink);
 
             // raw_chain.len() - i is the number of certificates that follow
             // `cert`; the path length constraint for `prev` is the number of
             // certs that follow it, except the leaf; these numbers are the
             // same.
-            if !prev.is_within_path_len_constraint(raw_chain.len() - i) {
-                return Err(Error::BadChainLink);
-            }
+            check!(
+                prev.is_within_path_len_constraint(raw_chain.len() - i),
+                Error::BadChainLink
+            );
 
             chain.push(cert);
         }

@@ -10,6 +10,7 @@
 
 use crate::crypto::sig;
 use crate::io;
+use crate::Result;
 
 // Note that all parsers leverage Brian Smith's `untrusted` crate to ensure
 // we don't walk off the end of the buffer. We may wind up building this
@@ -104,6 +105,8 @@ impl From<untrusted::EndOfInput> for Error {
     }
 }
 
+debug_from!(Error => io::Error, untrusted::EndOfInput);
+
 impl<'cert> Cert<'cert> {
     /// Parses `cert`, producing a parsed certificate in the given format.
     ///
@@ -123,6 +126,7 @@ impl<'cert> Cert<'cert> {
             CertFormat::RiotX509 => x509::parse(cert, format, key, ciphers),
             CertFormat::OpenDiceCwt => cwt::parse(cert, key, ciphers),
         }
+        .map_err(|e| fail!(e))
     }
 
     /// Returns the slice this certificate was parsed from.

@@ -4,13 +4,17 @@
 
 //! Cryptographic random numbers.
 
+use crate::Result;
+
 /// An error returned by a CSRNG.
 #[derive(Copy, Clone, PartialEq, Eq, Debug)]
 pub enum Error {
     /// Indicates an unspecified, internal error.
     Unspecified,
 }
 
+debug_from!(Error);
+
 /// A cryptographically-secure random number generator.
 ///
 /// The sole purpose of this type is to fill buffers with random bytes,

@@ -11,6 +11,7 @@
 use crate::mem::Arena;
 use crate::mem::ArenaExt as _;
 use crate::mem::OutOfMemory;
+use crate::Result;
 
 #[cfg(feature = "arbitrary-derive")]
 use libfuzzer_sys::arbitrary::{self, Arbitrary};
@@ -68,6 +69,8 @@ pub enum Error {
     Unspecified,
 }
 
+debug_from!(Error);
+
 /// A hashing engine, which maintains the state for one digest.
 ///
 /// Callers should not use the `raw` API directly; [`Hasher`] is a type-safe

@@ -10,6 +10,7 @@ use ring::rand::SecureRandom as _;
 use ring::rand::SystemRandom;
 
 use crate::crypto::csrng;
+use crate::Result;
 
 #[cfg(doc)]
 use crate::crypto;
@@ -36,6 +37,8 @@ impl Default for Csrng {
 
 impl csrng::Csrng for Csrng {
     fn fill(&mut self, buf: &mut [u8]) -> Result<(), csrng::Error> {
-        self.inner.fill(buf).map_err(|_| csrng::Error::Unspecified)
+        self.inner
+            .fill(buf)
+            .map_err(|_| fail!(csrng::Error::Unspecified))
     }
 }
@@ -10,6 +10,7 @@ use ring::signature::EcdsaVerificationAlgorithm as EcdsaAlgo;
 use ring::signature::VerificationAlgorithm as _;
 
 use crate::crypto::sig;
+use crate::Result;
 
 /// A `ring`-based [`sig::Verify`] for DER-encoded ECDSA using the P-256 curve.
 pub struct VerifyP256 {
@@ -62,7 +63,7 @@ impl sig::Verify for VerifyP256 {
                 message.as_slice().into(),
                 signature.into(),
             )
-            .map_err(|_| sig::Error::Unspecified)
+            .map_err(|_| fail!(sig::Error::Unspecified))
     }
 }
 
@@ -83,7 +84,7 @@ impl SignP256 {
             &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
             pkcs8,
         )
-        .map_err(|_| sig::Error::Unspecified)?;
+        .map_err(|_| fail!(sig::Error::Unspecified))?;
         Ok(Self { keypair })
     }
 
@@ -98,7 +99,7 @@ impl SignP256 {
             &ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING,
             pkcs8,
         )
-        .map_err(|_| sig::Error::Unspecified)?;
+        .map_err(|_| fail!(sig::Error::Unspecified))?;
         Ok(Self { keypair })
     }
 }
@@ -133,7 +134,7 @@ impl sig::Sign for SignP256 {
         let sig = self
             .keypair
             .sign(&rng, &message)
-            .map_err(|_| sig::Error::Unspecified)?;
+            .map_err(|_| fail!(sig::Error::Unspecified))?;
         let signature = signature
             .get_mut(..sig.as_ref().len())
             .ok_or(sig::Error::Unspecified)?;