Problem: anomaly is deprecated (fixes #209)

Solution: switch to flex-error
crypto-com · Apr 1, 2022 · 8b1ee32 · 8b1ee32
1 parent 27e8332
commit 8b1ee32
Show file tree

Hide file tree

Showing 23 changed files with 348 additions and 524 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -3,7 +3,7 @@
 # [Choice] Debian OS version (use bullseye on local arm64/Apple Silicon): buster, bullseye
 ARG VARIANT="buster"
 FROM mcr.microsoft.com/vscode/devcontainers/rust:0-${VARIANT}
-RUN rustup default nightly-2022-02-07 && rustup target add x86_64-fortanix-unknown-sgx && rustup target add x86_64-fortanix-unknown-sgx && rustup target add x86_64-unknown-linux-musl && rustup component add rust-src
+RUN rustup default nightly-2022-02-07 && rustup target add x86_64-fortanix-unknown-sgx && rustup target add x86_64-fortanix-unknown-sgx && rustup target add x86_64-unknown-linux-musl && rustup component add rust-src && rustup component add rustfmt
 # [Optional] Uncomment this section to install additional packages.
-# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-#     && apt-get -y install --no-install-recommends <your-package-list-here>
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+     && apt-get -y install --no-install-recommends protobuf-compiler
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -7,10 +7,11 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-anomaly = "0.2"
 ed25519-dalek = "1"
+flex-error = "0.4"
 prost = "0.9"
 serde = { version = "1", features = ["serde_derive"] }
+serde_json = "1"
 subtle-encoding = { version = "0.5", features = ["bech32-preview"] }
 tendermint = { version = "0.23" }
 tendermint-proto = "0.23"

diff --git a/README.md b/README.md
@@ -20,8 +20,7 @@ The code is based on the [tmkms](https://github.com/iqlusioninc/tmkms) repositor
 
 ## Status
 
-Tendermint KMS Light is still in development (e.g. the SGX signing provider has not
-yet been signed, so that it could be launched in the production mode).
+Tendermint KMS Light is currently *beta quality*.
 In the future, the work developed in this repository may be upstreamed 
 to the original [tmkms](https://github.com/iqlusioninc/tmkms) repository.
 

diff --git a/providers/nitro/nitro-enclave/Cargo.toml b/providers/nitro/nitro-enclave/Cargo.toml
@@ -5,10 +5,10 @@ authors = ["Tomas Tauber <[email protected]>"]
 edition = "2021"
 
 [dependencies]
-anomaly = "0.2"
 aws-ne-sys = "0.4"
 aws-nitro-enclaves-nsm-api = "0.2"
 ed25519-dalek = "1"
+flex-error = "0.4"
 nix = "0.23"
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
 serde_bytes = "0.11"

diff --git a/providers/nitro/nitro-enclave/src/nitro.rs b/providers/nitro/nitro-enclave/src/nitro.rs
@@ -1,7 +1,6 @@
 /// state persistence helper;
 mod state;
 
-use anomaly::format_err;
 use aws_nitro_enclaves_nsm_api::api::{Request, Response};
 use aws_nitro_enclaves_nsm_api::driver::{nsm_exit, nsm_init, nsm_process_request};
 use ed25519_dalek as ed25519;
@@ -18,10 +17,7 @@ use tendermint_p2p::secret_connection::{self, PublicKey, SecretConnection};
 use tmkms_light::chain::state::PersistStateSync;
 use tmkms_light::config::validator::ValidatorConfig;
 use tmkms_light::connection::{Connection, PlainConnection};
-use tmkms_light::error::{
-    Error,
-    ErrorKind::{AccessError, InvalidKey, IoError, ParseError},
-};
+use tmkms_light::error::{io_error_wrap, Error};
 use tmkms_light::utils::{read_u16_payload, write_u16_payload};
 use tmkms_nitro_helper::{
     NitroConfig, NitroKeygenResponse, NitroRequest, NitroResponse, VSOCK_HOST_CID,
@@ -106,8 +102,7 @@ pub fn get_connection(
 /// a simple req-rep handling loop
 pub fn entry(mut stream: VsockStream) -> Result<(), Error> {
     let nsm_fd = nsm_init();
-    let json_raw = read_u16_payload(&mut stream)
-        .map_err(|_e| format_err!(IoError, "failed to read config"))?;
+    let json_raw = read_u16_payload(&mut stream)?;
     let request: Result<NitroRequest, _> = serde_json::from_slice(&json_raw);
     match request {
         Ok(NitroRequest::Start(config)) => {
@@ -119,10 +114,10 @@ pub fn entry(mut stream: VsockStream) -> Result<(), Error> {
                     config.credentials.aws_session_token.as_bytes(),
                     config.sealed_consensus_key.as_ref(),
                 )
-                .map_err(|_e| format_err!(AccessError, "failed to decrypt key"))?,
+                .map_err(|_e| Error::access_error())?,
             );
             let secret = ed25519::SecretKey::from_bytes(&*key_bytes)
-                .map_err(|e| format_err!(InvalidKey, "invalid Ed25519 key: {}", e))?;
+                .map_err(|_e| Error::invalid_key_error())?;
             let public = ed25519::PublicKey::from(&secret);
             let keypair = ed25519::Keypair { secret, public };
             let id_keypair = if let Some(ref ciphertext) = config.sealed_id_key {
@@ -134,10 +129,10 @@ pub fn entry(mut stream: VsockStream) -> Result<(), Error> {
                         config.credentials.aws_session_token.as_bytes(),
                         ciphertext.as_ref(),
                     )
-                    .map_err(|_e| format_err!(AccessError, "failed to decrypt key"))?,
+                    .map_err(|_e| Error::access_error())?,
                 );
                 let id_secret = ed25519::SecretKey::from_bytes(&*id_key_bytes)
-                    .map_err(|e| format_err!(InvalidKey, "invalid Ed25519 key: {}", e))?;
+                    .map_err(|_e| Error::invalid_key_error())?;
                 let id_public = ed25519::PublicKey::from(&id_secret);
                 let id_keypair = ed25519::Keypair {
                     secret: id_secret,
@@ -148,10 +143,10 @@ pub fn entry(mut stream: VsockStream) -> Result<(), Error> {
                 None
             };
             let mut state_holder = state::StateHolder::new(config.enclave_state_port)
-                .map_err(|_e| format_err!(IoError, "failed get state connection"))?;
+                .map_err(|e| Error::io_error("failed get state connection".into(), e))?;
             let state = state_holder
                 .load_state()
-                .map_err(|_e| format_err!(IoError, "failed to load initial state"))?;
+                .map_err(|e| io_error_wrap("failed to load initial state".into(), e))?;
             let conn: Box<dyn Connection> = get_connection(&config, id_keypair.as_ref());
             let mut session = tmkms_light::session::Session::new(
                 ValidatorConfig {
@@ -176,10 +171,10 @@ pub fn entry(mut stream: VsockStream) -> Result<(), Error> {
             let mut keypair = Keypair::generate(&mut csprng);
             let public = keypair.public;
             let pubkeyb64 = String::from_utf8(subtle_encoding::base64::encode(&public))
-                .map_err(|e| format_err!(IoError, "base64 encoding error: {:?}", e))?;
+                .map_err(|e| io_error_wrap("base64 encoding error".into(), e))?;
             let keyidb64 =
                 String::from_utf8(subtle_encoding::base64::encode(&keygen_config.kms_key_id))
-                    .map_err(|e| format_err!(IoError, "base64 encoding error: {:?}", e))?;
+                    .map_err(|e| io_error_wrap("base64 encoding error".into(), e))?;
 
             let claim = format!(
                 "{{\"pubkey\":\"{}\",\"key_id\":\"{}\"}}",
@@ -218,10 +213,9 @@ pub fn entry(mut stream: VsockStream) -> Result<(), Error> {
                 Err(e) => Err(format!("{:?}", e)),
             };
             keypair.secret.zeroize();
-            let json = serde_json::to_string(&response)
-                .map_err(|e| format_err!(ParseError, "serde keygen response error: {:?}", e))?;
+            let json = serde_json::to_string(&response).map_err(Error::serialization_error)?;
             write_u16_payload(&mut stream, json.as_bytes())
-                .map_err(|_e| format_err!(IoError, "failed to send keypair response"))?;
+                .map_err(|e| Error::io_error("failed to send keypair response".into(), e))?;
         }
         Err(e) => {
             error!("config error: {}", e);

diff --git a/providers/nitro/nitro-enclave/src/nitro/state.rs b/providers/nitro/nitro-enclave/src/nitro/state.rs
@@ -1,7 +1,6 @@
-use anomaly::format_err;
 use std::io;
 use std::os::unix::io::AsRawFd;
-use tmkms_light::chain::state::{consensus, PersistStateSync, State, StateError, StateErrorKind};
+use tmkms_light::chain::state::{consensus, PersistStateSync, State, StateError};
 use tmkms_light::utils::{read_u16_payload, write_u16_payload};
 use tmkms_nitro_helper::VSOCK_HOST_CID;
 use tracing::{debug, trace};
@@ -32,9 +31,9 @@ impl PersistStateSync for StateHolder {
     /// loads the initial state
     fn load_state(&mut self) -> Result<State, StateError> {
         let json_raw = read_u16_payload(&mut self.state_conn)
-            .map_err(|e| format_err!(StateErrorKind::SyncError, "error reading state: {}", e))?;
+            .map_err(|e| StateError::sync_other_error(e.to_string()))?;
         let consensus_state: consensus::State = serde_json::from_slice(&json_raw)
-            .map_err(|e| format_err!(StateErrorKind::SyncError, "error parsing state: {}", e))?;
+            .map_err(|e| StateError::sync_enc_dec_error("vsock".into(), e))?;
         Ok(State::from(consensus_state))
     }
 
@@ -44,17 +43,11 @@ impl PersistStateSync for StateHolder {
         trace!("state peer addr: {:?}", self.state_conn.peer_addr());
         trace!("state local addr: {:?}", self.state_conn.local_addr());
         trace!("state fd: {}", self.state_conn.as_raw_fd());
-        let json_raw = serde_json::to_vec(&new_state).map_err(|e| {
-            format_err!(StateErrorKind::SyncError, "error serializing state: {}", e)
-        })?;
+        let json_raw = serde_json::to_vec(&new_state)
+            .map_err(|e| StateError::sync_enc_dec_error("vsock".into(), e))?;
 
-        write_u16_payload(&mut self.state_conn, &json_raw).map_err(|e| {
-            format_err!(
-                StateErrorKind::SyncError,
-                "error state writting to socket {}",
-                e
-            )
-        })?;
+        write_u16_payload(&mut self.state_conn, &json_raw)
+            .map_err(|e| StateError::sync_error("vsock".into(), e))?;
 
         debug!("successfully wrote new consensus state to state connection");
 

diff --git a/providers/nitro/nitro-helper/Cargo.toml b/providers/nitro/nitro-helper/Cargo.toml
@@ -9,12 +9,12 @@ default = ["main"]
 main = ["sysinfo", "reqwest"]
 
 [dependencies]
-anomaly = "0.2"
 bytes = "= 0.5"
 ctrlc = "3"
 chrono = "0.4"
 ed25519 = { version = "1", features = [ "serde" ] }
 ed25519-dalek = "1"
+flex-error = "0.4"
 nix = "0.23"
 rand_core = { version = "0.6", features = [ "std" ] }
 reqwest = { version = "0.11", features = ["blocking", "json"], optional = true}