Merge pull request #100 from registreerocks/feat-channel-sealing-helpers

feat(rtc_tenclave): channel sealing helpers

rtc_tenclave/Cargo.toml

@@ -63,6 +63,7 @@ ring = { version = "0.17.0-alpha.8", default-features = false }
 sodalite = { version = "0.4.0", default-features = false }
 cfg-if = "1.0.0"
 hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
+rkyv = { version = "0.6.6", default_features = false, features = ["const_generics", "strict"] }
 
 [dev-dependencies]
 thiserror_std = { package = "thiserror", version = "1.0.9" }
@@ -74,6 +75,7 @@ once_cell_std = { package = "once_cell", version="1.7.2" }
 
 # Test-only dependencies
 proptest = "1.0.0"
+proptest-derive = "0.3.0"
 tempfile = "3.2.0"
 mockall = { version = "0.9.1", features = ["nightly"] }
 

rtc_tenclave/src/dh/mod.rs

@@ -1,6 +1,7 @@
 //! Support for establishing secure local inter-enclave sessions using [`sgx_tdh`].
 
 mod protected_channel;
+pub mod sealing;
 mod sessions;
 mod types;
 

rtc_tenclave/src/dh/protected_channel.rs

@@ -55,7 +55,7 @@ impl ProtectedChannel {
     pub fn decrypt_message<const MESSAGE_SIZE: usize, const AAD_SIZE: usize>(
         &self,
         message: EncryptedEnclaveMessage<MESSAGE_SIZE, AAD_SIZE>,
-    ) -> Result<[u8; MESSAGE_SIZE], sgx_status_t> {
+    ) -> Result<([u8; MESSAGE_SIZE], [u8; AAD_SIZE]), sgx_status_t> {
         let mut dst = [0_u8; MESSAGE_SIZE];
         rsgx_rijndael128GCM_decrypt(
             self.key.expose_secret().key(),
@@ -65,7 +65,7 @@ impl ProtectedChannel {
             &message.tag,
             &mut dst,
         )?;
-        Ok(dst)
+        Ok((dst, message.aad))
     }
 }