Merge pull-request #458

src/integration/Cargo.toml

@@ -15,12 +15,11 @@ qos_p256 = { path = "../qos_p256", features = ["mock"] }
 qos_test_primitives = { path = "../qos_test_primitives" }
 
 tokio = { version = "1.33", features = ["macros", "rt-multi-thread"], default-features = false }
-borsh = { version = "0.10" }
+borsh = { version = "1.0", features = ["std", "derive"] , default-features = false}
 nix = { version = "0.26", features = ["socket"], default-features = false }
 
 [dev-dependencies]
 qos_core = { path = "../qos_core", features = ["mock"], default-features = false }
-borsh = { version = "0.10" }
 aws-nitro-enclaves-nsm-api = { version = "0.3", default-features = false }
 rand = "0.8"
 ureq = { version = "2.9", features = ["json"], default-features = false }

src/integration/src/bin/pivot_socket_stress.rs

@@ -1,6 +1,6 @@
 use core::panic;
 
-use borsh::{BorshDeserialize, BorshSerialize};
+use borsh::BorshDeserialize;
 use integration::PivotSocketStressMsg;
 use qos_core::{
 	io::SocketAddress,
@@ -19,9 +19,10 @@ impl RequestProcessor for Processor {
 			.expect("Received invalid message - test is broken");
 
 		match msg {
-			PivotSocketStressMsg::OkRequest => PivotSocketStressMsg::OkResponse
-				.try_to_vec()
-				.expect("OkResponse is valid borsh"),
+			PivotSocketStressMsg::OkRequest => {
+				borsh::to_vec(&PivotSocketStressMsg::OkResponse)
+					.expect("OkResponse is valid borsh")
+			}
 			PivotSocketStressMsg::PanicRequest => {
 				panic!(
 					"\"socket stress\" pivot app has received a PanicRequest"
@@ -31,8 +32,7 @@ impl RequestProcessor for Processor {
 				std::thread::sleep(std::time::Duration::from_secs(
 					ENCLAVE_APP_SOCKET_CLIENT_TIMEOUT_SECS as u64 + 1,
 				));
-				PivotSocketStressMsg::SlowResponse
-					.try_to_vec()
+				borsh::to_vec(&PivotSocketStressMsg::SlowResponse)
 					.expect("OkResponse is valid borsh")
 			}
 			PivotSocketStressMsg::SlowResponse => {

src/integration/tests/borsh_serialize.rs

@@ -1,15 +1,13 @@
-use borsh::{BorshSerialize, BorshDeserialize};
-
-#[derive(BorshSerialize, BorshDeserialize, Debug, PartialEq)]
-struct TestSerializable {
-    a: u32,
-    b: String,
-    c: Vec<u8>,
-}
-
 #[cfg(test)]
 mod tests {
-    use super::*;
+    use borsh::{BorshSerialize, BorshDeserialize};
+
+    #[derive(BorshSerialize, BorshDeserialize, Debug, PartialEq)]
+    struct TestSerializable {
+        a: u32,
+        b: String,
+        c: Vec<u8>,
+    }
 
     #[test]
     fn test_serializable_to_vec() {
@@ -29,7 +27,7 @@ mod tests {
         ];
 
         // Serialize the instance
-        let serialized = inst.try_to_vec().expect("Serialization failed");
+        let serialized = borsh::to_vec(&inst).expect("Serialization failed");
 
         // Assert that the serialized output matches the expected value
         assert_eq!(serialized, expected_serialized, "Serialized bytes differ from the expected value");

src/integration/tests/enclave_app_client_socket_stress.rs

@@ -1,4 +1,4 @@
-use borsh::{ser::BorshSerialize, BorshDeserialize};
+use borsh::BorshDeserialize;
 use integration::{PivotSocketStressMsg, PIVOT_SOCKET_STRESS_PATH};
 use qos_core::{
 	client::Client,
@@ -93,9 +93,11 @@ fn enclave_app_client_socket_stress() {
 		TimeVal::seconds(ENCLAVE_APP_SOCKET_CLIENT_TIMEOUT_SECS + 1),
 	);
 
-	let app_request = PivotSocketStressMsg::PanicRequest.try_to_vec().unwrap();
+	let app_request =
+		borsh::to_vec(&PivotSocketStressMsg::PanicRequest).unwrap();
 	let request =
-		ProtocolMsg::ProxyRequest { data: app_request }.try_to_vec().unwrap();
+		borsh::to_vec(&ProtocolMsg::ProxyRequest { data: app_request })
+			.unwrap();
 	let raw_response = enclave_client.send(&request).unwrap();
 	let response = ProtocolMsg::try_from_slice(&raw_response).unwrap();
 	assert_eq!(
@@ -109,9 +111,10 @@ fn enclave_app_client_socket_stress() {
 		REAPER_RESTART_DELAY_IN_SECONDS + 1,
 	));
 	// The pivot panicked and should have been restarted.
-	let app_request = PivotSocketStressMsg::OkRequest.try_to_vec().unwrap();
+	let app_request = borsh::to_vec(&PivotSocketStressMsg::OkRequest).unwrap();
 	let request =
-		ProtocolMsg::ProxyRequest { data: app_request }.try_to_vec().unwrap();
+		borsh::to_vec(&ProtocolMsg::ProxyRequest { data: app_request })
+			.unwrap();
 	let raw_response = enclave_client.send(&request).unwrap();
 	let response = {
 		let msg = ProtocolMsg::try_from_slice(&raw_response).unwrap();
@@ -124,9 +127,11 @@ fn enclave_app_client_socket_stress() {
 	assert_eq!(response, PivotSocketStressMsg::OkResponse);
 
 	// Send a request that the app will take too long to respond to
-	let app_request = PivotSocketStressMsg::SlowRequest.try_to_vec().unwrap();
+	let app_request =
+		borsh::to_vec(&PivotSocketStressMsg::SlowRequest).unwrap();
 	let request =
-		ProtocolMsg::ProxyRequest { data: app_request }.try_to_vec().unwrap();
+		borsh::to_vec(&ProtocolMsg::ProxyRequest { data: app_request })
+			.unwrap();
 	let raw_response = enclave_client.send(&request).unwrap();
 	let response = ProtocolMsg::try_from_slice(&raw_response).unwrap();
 	assert_eq!(

src/integration/tests/reaper.rs

@@ -41,7 +41,7 @@ fn reaper_works() {
 		Reaper::execute(
 			&handles,
 			Box::new(MockNsm),
-			SocketAddress::new_unix(&*usock),
+			SocketAddress::new_unix(&usock),
 			SocketAddress::new_unix("./never.sock"),
 			None,
 		)
@@ -92,7 +92,7 @@ fn reaper_handles_non_zero_exits() {
 		Reaper::execute(
 			&handles,
 			Box::new(MockNsm),
-			SocketAddress::new_unix(&*usock),
+			SocketAddress::new_unix(&usock),
 			SocketAddress::new_unix("./never.sock"),
 			None,
 		)
@@ -143,7 +143,7 @@ fn reaper_handles_panic() {
 		Reaper::execute(
 			&handles,
 			Box::new(MockNsm),
-			SocketAddress::new_unix(&*usock),
+			SocketAddress::new_unix(&usock),
 			SocketAddress::new_unix("./never.sock"),
 			None,
 		)

src/integration/tests/simple_socket_stress.rs

@@ -1,6 +1,5 @@
 use std::process::Command;
 
-use borsh::BorshSerialize;
 use integration::{PivotSocketStressMsg, PIVOT_SOCKET_STRESS_PATH};
 use qos_core::{
 	client::{Client, ClientError},
@@ -26,14 +25,16 @@ fn simple_socket_stress() {
 		TimeVal::seconds(ENCLAVE_APP_SOCKET_CLIENT_TIMEOUT_SECS),
 	);
 
-	let app_request = PivotSocketStressMsg::SlowRequest.try_to_vec().unwrap();
+	let app_request =
+		borsh::to_vec(&PivotSocketStressMsg::SlowRequest).unwrap();
 	let err = enclave_client.send(&app_request).unwrap_err();
 	match err {
 		ClientError::IOError(qos_core::io::IOError::RecvTimeout) => (),
 		e => panic!("did not get expected err {:?}", e),
 	};
 
-	let app_request = PivotSocketStressMsg::PanicRequest.try_to_vec().unwrap();
+	let app_request =
+		borsh::to_vec(&PivotSocketStressMsg::PanicRequest).unwrap();
 	let err = enclave_client.send(&app_request).unwrap_err();
 	match err {
 		ClientError::IOError(qos_core::io::IOError::RecvConnectionClosed) => (),
@@ -43,7 +44,7 @@ fn simple_socket_stress() {
 	std::thread::sleep(std::time::Duration::from_secs(1));
 
 	// The app has panic'ed and exited - so any proceeding request should fail.
-	let app_request = PivotSocketStressMsg::OkRequest.try_to_vec().unwrap();
+	let app_request = borsh::to_vec(&PivotSocketStressMsg::OkRequest).unwrap();
 	let err = enclave_client.send(&app_request).unwrap_err();
 	match err {
 		ClientError::IOError(qos_core::io::IOError::ConnectNixError(

src/qos_client/Cargo.toml

@@ -14,7 +14,7 @@ qos_nsm = { path = "../qos_nsm", default-features = false }
 # Third party
 ureq = { version = "2.9", default-features = false }
 aws-nitro-enclaves-nsm-api = { version = "0.3", default-features = false }
-borsh = { version = "0.10", default-features = false }
+borsh = { version = "1.0", features = ["std", "derive"] , default-features = false}
 p256 = { version = "0.12.0", default-features = false }
 rand_core = { version = "0.6", default-features = false }
 zeroize = { version = "1.6", default-features = false }

src/qos_client/src/cli/services.rs

@@ -4,12 +4,11 @@ use std::{
 	io,
 	io::{BufRead, BufReader, Write},
 	mem,
-	ops::Deref,
 	path::{Path, PathBuf},
 };
 
 use aws_nitro_enclaves_nsm_api::api::AttestationDoc;
-use borsh::{BorshDeserialize, BorshSerialize};
+use borsh::BorshDeserialize;
 use qos_core::protocol::{
 	msg::ProtocolMsg,
 	services::{
@@ -141,8 +140,8 @@ pub enum Error {
 	SecretDoesNotMatch,
 }
 
-impl From<borsh::maybestd::io::Error> for Error {
-	fn from(_: borsh::maybestd::io::Error) -> Self {
+impl From<borsh::io::Error> for Error {
+	fn from(_: borsh::io::Error) -> Self {
 		Self::BorshError
 	}
 }
@@ -511,7 +510,7 @@ pub(crate) fn boot_genesis<P: AsRef<Path>>(
 	let genesis_output_path = namespace_dir.as_ref().join(GENESIS_OUTPUT_FILE);
 	write_with_msg(
 		&genesis_output_path,
-		&genesis_output.deref().try_to_vec().unwrap(),
+		&borsh::to_vec(&*genesis_output).unwrap(),
 		"`GenesisOutput`",
 	);
 
@@ -747,7 +746,7 @@ pub(crate) fn generate_manifest<P: AsRef<Path>>(
 
 	write_with_msg(
 		manifest_path.as_ref(),
-		&manifest.try_to_vec().unwrap(),
+		&borsh::to_vec(&manifest).unwrap(),
 		"Manifest",
 	);
 
@@ -766,7 +765,7 @@ fn extract_nitro_config<P: AsRef<Path>>(
 		pcr1,
 		pcr2,
 		pcr3,
-		qos_commit: "".to_string(),
+		qos_commit: String::new(),
 		aws_root_certificate: cert_from_pem(AWS_ROOT_CERT_PEM).unwrap(),
 	}
 }
@@ -850,7 +849,7 @@ pub(crate) fn approve_manifest<P: AsRef<Path>>(
 	));
 	write_with_msg(
 		&approval_path,
-		&approval.try_to_vec().expect("Failed to serialize approval"),
+		&borsh::to_vec(&approval).expect("Failed to serialize approval"),
 		"Manifest Approval",
 	);
 
@@ -988,8 +987,7 @@ pub(crate) fn generate_manifest_envelope<P: AsRef<Path>>(
 	);
 	write_with_msg(
 		&path,
-		&manifest_envelope
-			.try_to_vec()
+		&borsh::to_vec(&manifest_envelope)
 			.expect("Failed to serialize manifest envelope"),
 		"Manifest Envelope",
 	);
@@ -1055,7 +1053,7 @@ pub(crate) fn export_key<P: AsRef<Path>>(
 
 	write_with_msg(
 		encrypted_quorum_key_path.as_ref(),
-		&encrypted_quorum_key.try_to_vec().expect("valid borsh. qed."),
+		&borsh::to_vec(&encrypted_quorum_key).expect("valid borsh. qed."),
 		"Encrypted Quorum Key",
 	);
 
@@ -1178,8 +1176,7 @@ pub(crate) fn get_attestation_doc<P: AsRef<Path>>(
 	);
 	write_with_msg(
 		manifest_envelope_path.as_ref(),
-		&manifest_envelope
-			.try_to_vec()
+		&borsh::to_vec(&manifest_envelope)
 			.expect("manifest enevelope is valid borsh"),
 		"Manifest envelope",
 	);
@@ -1293,13 +1290,12 @@ pub(crate) fn proxy_re_encrypt_share<P: AsRef<Path>>(
 		eph_pub.encrypt(plaintext_share).expect("Envelope encryption error")
 	};
 
-	let approval = Approval {
+	let approval = borsh::to_vec(&Approval {
 		signature: pair
 			.sign(&manifest_envelope.manifest.qos_hash())
 			.expect("Failed to sign"),
 		member,
-	}
-	.try_to_vec()
+	})
 	.expect("Could not serialize Approval");
 
 	write_with_msg(approval_path.as_ref(), &approval, "Share Set Approval");

src/qos_client/src/lib.rs

@@ -13,7 +13,7 @@ pub mod yubikey;
 pub mod request {
 	use std::io::Read;
 
-	use borsh::{BorshDeserialize, BorshSerialize};
+	use borsh::BorshDeserialize;
 	use qos_core::protocol::msg::ProtocolMsg;
 
 	const MAX_SIZE: u64 = u32::MAX as u64;
@@ -24,7 +24,7 @@ pub mod request {
 
 		let response = ureq::post(url)
 			.send_bytes(
-				&msg.try_to_vec()
+				&borsh::to_vec(msg)
 					.expect("ProtocolMsg can always be serialized. qed."),
 			)
 			.map_err(|e| match e {
@@ -33,7 +33,7 @@ pub mod request {
 					format!("http_post error: [url: {url}, status: {code}, body: {body:?}]")
 				}
 				ureq::Error::Transport(e) => {
-					format!("http_post error: transport error: {}", e)
+					format!("http_post error: transport error: {e}")
 				}
 			})?;
 

src/qos_core/Cargo.toml

@@ -12,7 +12,7 @@ qos_nsm = { path = "../qos_nsm", default-features = false }
 
 nix = { version = "0.26", features = ["socket"], default-features = false }
 libc = "=0.2.148"
-borsh = { version = "0.10" }
+borsh = { version = "1.0", features = ["std", "derive"] , default-features = false}
 
 # For AWS Nitro
 aws-nitro-enclaves-nsm-api = { version = "0.3", default-features = false }

src/qos_core/src/client.rs

@@ -8,8 +8,8 @@ use crate::io::{self, SocketAddress, Stream, TimeVal};
 pub enum ClientError {
 	/// [`io::IOError`] wrapper.
 	IOError(io::IOError),
-	/// `borsh::maybestd::io::Error` wrapper.
-	BorshError(borsh::maybestd::io::Error),
+	/// `borsh::io::Error` wrapper.
+	BorshError(borsh::io::Error),
 }
 
 impl From<io::IOError> for ClientError {
@@ -18,8 +18,8 @@ impl From<io::IOError> for ClientError {
 	}
 }
 
-impl From<borsh::maybestd::io::Error> for ClientError {
-	fn from(err: borsh::maybestd::io::Error) -> Self {
+impl From<borsh::io::Error> for ClientError {
+	fn from(err: borsh::io::Error) -> Self {
 		Self::BorshError(err)
 	}
 }

src/qos_core/src/handles.rs

@@ -2,7 +2,7 @@
 
 use std::{fs, os::unix::fs::PermissionsExt, path::Path};
 
-use borsh::{BorshDeserialize, BorshSerialize};
+use borsh::BorshDeserialize;
 use qos_p256::P256Pair;
 
 use crate::protocol::{services::boot::ManifestEnvelope, ProtocolError};
@@ -158,7 +158,7 @@ impl Handles {
 	) -> Result<(), ProtocolError> {
 		Self::write_as_read_only(
 			&self.manifest,
-			&manifest_envelope.try_to_vec()?,
+			&borsh::to_vec(manifest_envelope)?,
 			ProtocolError::FailedToPutManifestEnvelope,
 		)
 	}
@@ -182,7 +182,7 @@ impl Handles {
 			&self.manifest,
 			std::fs::Permissions::from_mode(0o666),
 		)?;
-		fs::write(&self.manifest, manifest_envelope.try_to_vec()?)
+		fs::write(&self.manifest, borsh::to_vec(&manifest_envelope)?)
 			.map_err(|_| ProtocolError::FailedToPutManifestEnvelope)?;
 
 		// Set the permissions back to read only

src/qos_core/src/io/stream.rs

@@ -128,7 +128,7 @@ impl Stream {
 			send_timeout.set(fd, &timeout)?;
 
 			match connect(stream.fd, &*addr.addr()) {
-				Ok(_) => return Ok(stream),
+				Ok(()) => return Ok(stream),
 				Err(e) => err = IOError::ConnectNixError(e),
 			}