Check if binary is running inside enclave; Minor wording and code change

richardfan1126 · Nov 16, 2023 · 532ccab · 532ccab
1 parent ed59afe
commit 532ccab
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -4,5 +4,5 @@
 !Cargo.toml
 !Cargo.lock
 
-# For example server to build successfully
+# For the example server to build successfully
 !example/
diff --git a/src/main.rs b/src/main.rs
@@ -1,7 +1,7 @@
 use clap::{Parser, Subcommand};
 use serde_bytes::ByteBuf;
 use aws_nitro_enclaves_nsm_api::api::{Request, Response};
-use aws_nitro_enclaves_nsm_api::driver::{nsm_init, nsm_exit, nsm_process_request};
+use aws_nitro_enclaves_nsm_api::driver::{nsm_init as native_nsm_init, nsm_exit, nsm_process_request};
 
 #[derive(Parser)]
 struct Cli {
@@ -46,13 +46,24 @@ enum Commands {
     }
 }
 
+fn nsm_init() -> i32 {
+    let nsm_fd = native_nsm_init();
+
+    if nsm_fd == -1 {
+        eprintln!("nsm-cli must be run inside Nitro Enclave");
+        std::process::exit(1)
+    }
+
+    return nsm_fd;
+}
+
 fn attest(public_key: Option<ByteBuf>, user_data: Option<ByteBuf>, nonce: Option<ByteBuf>) {
     let nsm_fd = nsm_init();
 
     let request = Request::Attestation {
-        public_key: public_key,
-        user_data: user_data,
-        nonce: nonce,
+        public_key,
+        user_data,
+        nonce,
     };
 
     let response = nsm_process_request(nsm_fd, request);