This repository has been archived by the owner on May 9, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #98 from registreerocks/feat-types-enclave-messages
feat(rtc_types): add enclave_messages, with set_access_key
- Loading branch information
Showing
8 changed files
with
231 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
//! FIXME: Non-generic version of [`set_access_key`], with conversions. | ||
//! | ||
//! This is a workaround for cbindgen not supporting const generics in structs yet, | ||
//! and should be removed once cbindgen implements that. | ||
//! | ||
//! Tracking issue: <https://github.com/eqrion/cbindgen/issues/687> | ||
//! | ||
//! These sizes should match the ones computed in `set_access_key`. | ||
//! (The Rust compiler should report an error if these don't line up: | ||
//! this can be used to update these if `set_access_key` changes.) | ||
use sgx_types::sgx_aes_gcm_128bit_tag_t; | ||
|
||
use super::{set_access_key, RecommendedAesGcmIv}; | ||
|
||
// See enclave_messages::ARCHIVED_ENCLAVE_ID_SIZE | ||
pub const ARCHIVED_ENCLAVE_ID_SIZE: usize = 8; | ||
|
||
// Begin FFI types | ||
// (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!) | ||
|
||
// FFI type: REQUEST_SIZE | ||
pub const SET_ACCESS_KEY_REQUEST_SIZE: usize = 40; | ||
|
||
// FFI type: EncryptedRequest | ||
#[repr(C)] | ||
pub struct SetAccessKeyEncryptedRequest { | ||
pub tag: sgx_aes_gcm_128bit_tag_t, | ||
pub ciphertext: [u8; SET_ACCESS_KEY_REQUEST_SIZE], | ||
pub aad: [u8; ARCHIVED_ENCLAVE_ID_SIZE], | ||
pub nonce: RecommendedAesGcmIv, | ||
} | ||
|
||
// FFI type: RESPONSE_SIZE | ||
pub const SET_ACCESS_KEY_RESPONSE_SIZE: usize = 1; | ||
|
||
// FFI type: EncryptedResponse | ||
#[derive(Default)] | ||
#[repr(C)] | ||
pub struct SetAccessKeyEncryptedResponse { | ||
pub tag: sgx_aes_gcm_128bit_tag_t, | ||
pub ciphertext: [u8; SET_ACCESS_KEY_RESPONSE_SIZE], | ||
pub aad: [u8; 0], | ||
pub nonce: RecommendedAesGcmIv, | ||
} | ||
|
||
// End FFI types | ||
|
||
// Boilerplate From implementations: | ||
|
||
impl From<set_access_key::EncryptedRequest> for SetAccessKeyEncryptedRequest { | ||
fn from( | ||
set_access_key::EncryptedRequest { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}: set_access_key::EncryptedRequest, | ||
) -> Self { | ||
return SetAccessKeyEncryptedRequest { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}; | ||
} | ||
} | ||
|
||
impl From<SetAccessKeyEncryptedRequest> for set_access_key::EncryptedRequest { | ||
fn from( | ||
SetAccessKeyEncryptedRequest { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}: SetAccessKeyEncryptedRequest, | ||
) -> Self { | ||
return set_access_key::EncryptedRequest { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}; | ||
} | ||
} | ||
|
||
impl From<set_access_key::EncryptedResponse> for SetAccessKeyEncryptedResponse { | ||
fn from( | ||
set_access_key::EncryptedResponse { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}: set_access_key::EncryptedResponse, | ||
) -> Self { | ||
return SetAccessKeyEncryptedResponse { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}; | ||
} | ||
} | ||
|
||
impl From<SetAccessKeyEncryptedResponse> for set_access_key::EncryptedResponse { | ||
fn from( | ||
SetAccessKeyEncryptedResponse { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}: SetAccessKeyEncryptedResponse, | ||
) -> Self { | ||
return set_access_key::EncryptedResponse { | ||
tag, | ||
ciphertext, | ||
aad, | ||
nonce, | ||
}; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
use core::mem; | ||
|
||
use rkyv::Archive; | ||
use sgx_types::{sgx_aes_gcm_128bit_tag_t, sgx_enclave_id_t}; | ||
|
||
/// Size of [`Archive`] of [`sgx_enclave_id_t`]. | ||
pub const ARCHIVED_ENCLAVE_ID_SIZE: usize = | ||
mem::size_of::<<sgx_enclave_id_t as Archive>::Archived>(); | ||
|
||
// NIST AES-GCM recommended IV size | ||
pub type RecommendedAesGcmIv = [u8; 12]; | ||
|
||
#[repr(C)] | ||
pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: usize> { | ||
pub tag: sgx_aes_gcm_128bit_tag_t, | ||
pub ciphertext: [u8; MESSAGE_SIZE], | ||
pub aad: [u8; AAD_SIZE], | ||
pub nonce: RecommendedAesGcmIv, | ||
} | ||
|
||
/// XXX: Ignore this module to work around cbindgen generic type handling | ||
/// | ||
/// Issues: | ||
/// | ||
/// * <https://github.com/eqrion/cbindgen/issues/7> | ||
/// * <https://github.com/eqrion/cbindgen/issues/286> | ||
/// * <https://github.com/eqrion/cbindgen/issues/573> | ||
/// | ||
/// cbindgen:ignore | ||
pub mod set_access_key; | ||
|
||
pub mod ffi_set_access_key; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
use core::mem; | ||
|
||
use rkyv::{Archive, Deserialize, Serialize}; | ||
|
||
use crate::enclave_messages::{EncryptedEnclaveMessage, ARCHIVED_ENCLAVE_ID_SIZE}; | ||
|
||
#[derive(Archive, Deserialize, Serialize, Debug, PartialEq, Clone)] | ||
pub struct Request { | ||
// XXX: Technically this only needs to be available inside of enclave contexts. | ||
// It might make sense to conditionally export this as public. | ||
pub uuid: [u8; 16], // TODO: Use UUID crate? | ||
pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES] | ||
} | ||
|
||
#[derive(Archive, Deserialize, Serialize, Debug, PartialEq)] | ||
pub struct Response { | ||
pub success: bool, | ||
} | ||
|
||
// Begin FFI types | ||
// (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!) | ||
|
||
// FFI type: REQUEST_SIZE | ||
pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>(); | ||
|
||
// FFI type: EncryptedRequest | ||
pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, ARCHIVED_ENCLAVE_ID_SIZE>; | ||
|
||
// FFI type: RESPONSE_SIZE | ||
pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>(); | ||
|
||
// FFI type: EncryptedResponse | ||
pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>; | ||
|
||
// End FFI types | ||
|
||
#[cfg(test)] | ||
mod test { | ||
use crate::byte_formats::rkyv_format; | ||
use crate::enclave_messages::*; | ||
|
||
#[test] | ||
fn test_set_access_key_msg() { | ||
let request = set_access_key::Request { | ||
uuid: [5u8; 16], | ||
access_key: [2u8; 24], | ||
}; | ||
|
||
let buf = rkyv_format::write_array(&request).unwrap(); | ||
let deserialized = unsafe { rkyv_format::read_array(&buf) }; | ||
|
||
assert_eq!( | ||
request, deserialized, | ||
"Deserialized request should match initial request" | ||
); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters