Skip to content
This repository has been archived by the owner on May 9, 2022. It is now read-only.

Commit

Permalink
Merge pull request #98 from registreerocks/feat-types-enclave-messages
Browse files Browse the repository at this point in the history
feat(rtc_types): add enclave_messages, with set_access_key
  • Loading branch information
PiDelport authored Jun 15, 2021
2 parents d37170b + 9c50c82 commit 26318d0
Show file tree
Hide file tree
Showing 8 changed files with 231 additions and 10 deletions.
6 changes: 6 additions & 0 deletions codegen/auth_enclave/bindings.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
*/
#define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))

#define ARCHIVED_ENCLAVE_ID_SIZE 8

#define SET_ACCESS_KEY_REQUEST_SIZE 40

#define SET_ACCESS_KEY_RESPONSE_SIZE 1

/**
* FFI safe result type that can be converted to and from a rust result.
*/
Expand Down
6 changes: 6 additions & 0 deletions codegen/data_enclave/bindings.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
*/
#define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))

#define ARCHIVED_ENCLAVE_ID_SIZE 8

#define SET_ACCESS_KEY_REQUEST_SIZE 40

#define SET_ACCESS_KEY_RESPONSE_SIZE 1

typedef struct DataUploadResponse {
uint8_t ciphertext[DATA_UPLOAD_RESPONSE_LEN];
uint8_t nonce[24];
Expand Down
6 changes: 6 additions & 0 deletions codegen/exec_enclave/bindings.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
*/
#define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))

#define ARCHIVED_ENCLAVE_ID_SIZE 8

#define SET_ACCESS_KEY_REQUEST_SIZE 40

#define SET_ACCESS_KEY_RESPONSE_SIZE 1

/**
* FFI safe result type that can be converted to and from a rust result.
*/
Expand Down
12 changes: 2 additions & 10 deletions rtc_tenclave/src/dh/protected_channel.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ use secrecy::{ExposeSecret, Secret};
use sgx_tcrypto::{rsgx_rijndael128GCM_decrypt, rsgx_rijndael128GCM_encrypt};
use sgx_types::*;

use rtc_types::enclave_messages::{EncryptedEnclaveMessage, RecommendedAesGcmIv};

use super::types::AlignedKey;
use crate::util::concat_u8;

Expand All @@ -12,9 +14,6 @@ use super::enclave;
#[cfg(not(test))]
use sgx_tstd::enclave;

// NIST AES-GCM recommended IV size
type RecommendedAesGcmIv = [u8; 12];

pub struct ProtectedChannel {
iv_constructor: DeterministicAesGcmIvConstructor,
key: Secret<AlignedKey>,
Expand Down Expand Up @@ -70,13 +69,6 @@ impl ProtectedChannel {
}
}

pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: usize> {
tag: sgx_aes_gcm_128bit_tag_t,
ciphertext: [u8; MESSAGE_SIZE],
aad: [u8; AAD_SIZE],
nonce: RecommendedAesGcmIv,
}

/// Implement the deterministic construction of AES-GCM IVs, as described in section 8.2.1 of [NIST SP 800-38D],
/// "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC".
///
Expand Down
121 changes: 121 additions & 0 deletions rtc_types/src/enclave_messages/ffi_set_access_key.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
//! FIXME: Non-generic version of [`set_access_key`], with conversions.
//!
//! This is a workaround for cbindgen not supporting const generics in structs yet,
//! and should be removed once cbindgen implements that.
//!
//! Tracking issue: <https://github.com/eqrion/cbindgen/issues/687>
//!
//! These sizes should match the ones computed in `set_access_key`.
//! (The Rust compiler should report an error if these don't line up:
//! this can be used to update these if `set_access_key` changes.)
use sgx_types::sgx_aes_gcm_128bit_tag_t;

use super::{set_access_key, RecommendedAesGcmIv};

// See enclave_messages::ARCHIVED_ENCLAVE_ID_SIZE
pub const ARCHIVED_ENCLAVE_ID_SIZE: usize = 8;

// Begin FFI types
// (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!)

// FFI type: REQUEST_SIZE
pub const SET_ACCESS_KEY_REQUEST_SIZE: usize = 40;

// FFI type: EncryptedRequest
#[repr(C)]
pub struct SetAccessKeyEncryptedRequest {
pub tag: sgx_aes_gcm_128bit_tag_t,
pub ciphertext: [u8; SET_ACCESS_KEY_REQUEST_SIZE],
pub aad: [u8; ARCHIVED_ENCLAVE_ID_SIZE],
pub nonce: RecommendedAesGcmIv,
}

// FFI type: RESPONSE_SIZE
pub const SET_ACCESS_KEY_RESPONSE_SIZE: usize = 1;

// FFI type: EncryptedResponse
#[derive(Default)]
#[repr(C)]
pub struct SetAccessKeyEncryptedResponse {
pub tag: sgx_aes_gcm_128bit_tag_t,
pub ciphertext: [u8; SET_ACCESS_KEY_RESPONSE_SIZE],
pub aad: [u8; 0],
pub nonce: RecommendedAesGcmIv,
}

// End FFI types

// Boilerplate From implementations:

impl From<set_access_key::EncryptedRequest> for SetAccessKeyEncryptedRequest {
fn from(
set_access_key::EncryptedRequest {
tag,
ciphertext,
aad,
nonce,
}: set_access_key::EncryptedRequest,
) -> Self {
return SetAccessKeyEncryptedRequest {
tag,
ciphertext,
aad,
nonce,
};
}
}

impl From<SetAccessKeyEncryptedRequest> for set_access_key::EncryptedRequest {
fn from(
SetAccessKeyEncryptedRequest {
tag,
ciphertext,
aad,
nonce,
}: SetAccessKeyEncryptedRequest,
) -> Self {
return set_access_key::EncryptedRequest {
tag,
ciphertext,
aad,
nonce,
};
}
}

impl From<set_access_key::EncryptedResponse> for SetAccessKeyEncryptedResponse {
fn from(
set_access_key::EncryptedResponse {
tag,
ciphertext,
aad,
nonce,
}: set_access_key::EncryptedResponse,
) -> Self {
return SetAccessKeyEncryptedResponse {
tag,
ciphertext,
aad,
nonce,
};
}
}

impl From<SetAccessKeyEncryptedResponse> for set_access_key::EncryptedResponse {
fn from(
SetAccessKeyEncryptedResponse {
tag,
ciphertext,
aad,
nonce,
}: SetAccessKeyEncryptedResponse,
) -> Self {
return set_access_key::EncryptedResponse {
tag,
ciphertext,
aad,
nonce,
};
}
}
32 changes: 32 additions & 0 deletions rtc_types/src/enclave_messages/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
use core::mem;

use rkyv::Archive;
use sgx_types::{sgx_aes_gcm_128bit_tag_t, sgx_enclave_id_t};

/// Size of [`Archive`] of [`sgx_enclave_id_t`].
pub const ARCHIVED_ENCLAVE_ID_SIZE: usize =
mem::size_of::<<sgx_enclave_id_t as Archive>::Archived>();

// NIST AES-GCM recommended IV size
pub type RecommendedAesGcmIv = [u8; 12];

#[repr(C)]
pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: usize> {
pub tag: sgx_aes_gcm_128bit_tag_t,
pub ciphertext: [u8; MESSAGE_SIZE],
pub aad: [u8; AAD_SIZE],
pub nonce: RecommendedAesGcmIv,
}

/// XXX: Ignore this module to work around cbindgen generic type handling
///
/// Issues:
///
/// * <https://github.com/eqrion/cbindgen/issues/7>
/// * <https://github.com/eqrion/cbindgen/issues/286>
/// * <https://github.com/eqrion/cbindgen/issues/573>
///
/// cbindgen:ignore
pub mod set_access_key;

pub mod ffi_set_access_key;
57 changes: 57 additions & 0 deletions rtc_types/src/enclave_messages/set_access_key.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
use core::mem;

use rkyv::{Archive, Deserialize, Serialize};

use crate::enclave_messages::{EncryptedEnclaveMessage, ARCHIVED_ENCLAVE_ID_SIZE};

#[derive(Archive, Deserialize, Serialize, Debug, PartialEq, Clone)]
pub struct Request {
// XXX: Technically this only needs to be available inside of enclave contexts.
// It might make sense to conditionally export this as public.
pub uuid: [u8; 16], // TODO: Use UUID crate?
pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
}

#[derive(Archive, Deserialize, Serialize, Debug, PartialEq)]
pub struct Response {
pub success: bool,
}

// Begin FFI types
// (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!)

// FFI type: REQUEST_SIZE
pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();

// FFI type: EncryptedRequest
pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, ARCHIVED_ENCLAVE_ID_SIZE>;

// FFI type: RESPONSE_SIZE
pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>();

// FFI type: EncryptedResponse
pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>;

// End FFI types

#[cfg(test)]
mod test {
use crate::byte_formats::rkyv_format;
use crate::enclave_messages::*;

#[test]
fn test_set_access_key_msg() {
let request = set_access_key::Request {
uuid: [5u8; 16],
access_key: [2u8; 24],
};

let buf = rkyv_format::write_array(&request).unwrap();
let deserialized = unsafe { rkyv_format::read_array(&buf) };

assert_eq!(
request, deserialized,
"Deserialized request should match initial request"
);
}
}
1 change: 1 addition & 0 deletions rtc_types/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ mod ecall_result;
pub use ecall_result::*;

pub mod byte_formats;
pub mod enclave_messages;

#[repr(C)]
#[derive(Clone, Debug)]
Expand Down

0 comments on commit 26318d0

Please sign in to comment.