feat(dh): add to uenclave and basic integration test

rtc_auth_enclave/src/lib.rs

@@ -4,8 +4,9 @@
 #![deny(unsafe_op_in_unsafe_fn)]
 #![deny(clippy::mem_forget)]
 
-use sgx_types::{sgx_report_t, sgx_status_t, sgx_target_info_t};
+#[cfg(not(target_env = "sgx"))]
+#[macro_use]
+extern crate sgx_tstd as std;
 
-use rtc_types::{CreateReportResult, EnclaveHeldData};
-
-use rtc_tenclave::enclave::*;
+pub use rtc_tenclave::dh::*;
+pub use rtc_tenclave::enclave::*;

rtc_data_service/tests/exec_token.rs

@@ -9,6 +9,8 @@ use actix_web::{http, test};
 
 use rtc_data_service::data_enclave_actor::DataEnclaveActor;
 use rtc_data_service::exec_token;
+use rtc_uenclave::EnclaveConfig;
+use sgx_types::sgx_status_t;
 
 #[actix_rt::test]
 async fn data_service_exec_token_ok() {
@@ -65,3 +67,25 @@ async fn data_service_exec_token_ok() {
     };
     assert_eq!(expected, actual)
 }
+
+#[test]
+fn test_local_attestation_success() {
+    let auth_enclave = rtc_uenclave::RtcAuthEnclave::init(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_auth_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    })
+    .unwrap();
+
+    let data_enclave = rtc_uenclave::RtcDataEnclave::init(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    })
+    .unwrap();
+
+    let res = data_enclave.local_attestation(auth_enclave.geteid());
+    assert_eq!(res, sgx_status_t::SGX_SUCCESS);
+
+    // TODO: Integration test for message sending
+    // We should consider moving the integration tests for enclave interaction into rtc_uenclave
+    // since these tests does not need anything from the data_service
+}

rtc_udh/src/lib.rs

@@ -2,7 +2,6 @@ mod responder;
 
 use std::{
     collections::HashMap,
-    marker::PhantomData,
     sync::{Arc, Mutex, RwLock},
 };
 

rtc_uenclave/Cargo.toml

@@ -26,6 +26,7 @@ serde_json = "1.0.64"
 data-sys = { path = "./data-sys", optional = true }
 auth-sys = { path = "./auth-sys", optional = true }
 rtc-ecalls = { path = "./rtc-ecalls" }
+rtc_udh = { path = "../rtc_udh" }
 
 [dev-dependencies]
 rand = "0.7.3"

rtc_uenclave/src/enclaves/rtc_auth.rs

@@ -1,10 +1,9 @@
 use std::borrow::Borrow;
 
+use crate::{AttestationError, EnclaveConfig, EnclaveReportResult, RtcEnclave};
 use auth_sys::AuthSys;
 use sgx_types::*;
 
-use crate::{AttestationError, EnclaveConfig, EnclaveReportResult, RtcEnclave};
-
 /// Wraps all the functionality for interacting with the auth enclave
 pub struct RtcAuthEnclave<TCfg>(RtcEnclave<TCfg, AuthSys>)
 where
@@ -43,4 +42,9 @@ where
     pub fn is_initialized(&self) -> bool {
         self.0.is_initialized()
     }
+
+    /// Get the id of this enclave instance
+    pub fn geteid(&self) -> sgx_enclave_id_t {
+        self.0.geteid()
+    }
 }

rtc_uenclave/src/enclaves/rtc_data.rs

@@ -55,6 +55,11 @@ where
         })
     }
 
+    /// Performs local attestation to the destination enclave
+    pub fn local_attestation(&self, dest_enclave_id: sgx_enclave_id_t) -> sgx_status_t {
+        ecalls::local_attestation(self.0.geteid(), dest_enclave_id)
+    }
+
     /// Take ownership of self and drop resources
     pub fn destroy(self) {
         // Take ownership of self and drop
@@ -64,6 +69,11 @@ where
     pub fn is_initialized(&self) -> bool {
         self.0.is_initialized()
     }
+
+    /// Get the id of this enclave instance
+    pub fn geteid(&self) -> sgx_enclave_id_t {
+        self.0.geteid()
+    }
 }
 
 pub mod ecalls {
@@ -89,4 +99,20 @@ pub mod ecalls {
         };
         retval.to_ecall_err(res).into()
     }
+
+    pub fn local_attestation(
+        eid: sgx_enclave_id_t,
+        dest_enclave_id: sgx_enclave_id_t,
+    ) -> sgx_status_t {
+        let mut retval = sgx_status_t::SGX_SUCCESS;
+        let res = unsafe { ffi::rtc_data_local_attestation(eid, &mut retval, dest_enclave_id) };
+
+        match res {
+            sgx_status_t::SGX_SUCCESS => res,
+            err => {
+                println!("local_attestation err, ecall failed: {:?}", err);
+                err
+            }
+        }
+    }
 }

rtc_uenclave/src/rtc_enclave.rs

@@ -9,7 +9,7 @@ use mockall::predicate::*;
 #[cfg(test)]
 use mockall::*;
 use mockall_double::double;
-use rtc_types::{ExecTokenError, ExecTokenResponse};
+use rtc_udh::{self, ResponderSys};
 use serde::Deserialize;
 use sgx_types::*;
 use thiserror::Error;
@@ -52,21 +52,30 @@ pub struct EnclaveConfig {
 ///
 /// This struct contains the basic functionality required from all RTC enclaves
 #[cfg_attr(not(test), derive(Debug))]
-pub(crate) struct RtcEnclave<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls> {
+pub(crate) struct RtcEnclave<
+    TCfg: Borrow<EnclaveConfig>,
+    TEcalls: RtcEcalls + ResponderSys + 'static,
+> {
     pub(crate) base_enclave: SgxEnclave,
     pub(crate) quoting_enclave: QuotingEnclave,
     pub(crate) attestation_client: AzureAttestationClient<ureq::Agent>,
     pub(crate) config: TCfg,
     ecalls: TEcalls,
 }
 
-impl<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls> RtcEnclave<TCfg, TEcalls> {
+impl<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls + ResponderSys + 'static>
+    RtcEnclave<TCfg, TEcalls>
+{
     /// Creates a new enclave instance with the provided configuration
     pub fn init(cfg: TCfg) -> Result<Self, sgx_status_t> {
+        let base_enclave = Self::init_base_enclave(cfg.borrow())?;
+        rtc_udh::set_responder(base_enclave.geteid(), Box::new(TEcalls::default()))
+            .expect("Failed to register enclave as dh responder");
+
         Ok(RtcEnclave {
             attestation_client: Self::init_attestation_client(),
             quoting_enclave: Self::init_quoting_enclave(),
-            base_enclave: Self::init_base_enclave(cfg.borrow())?,
+            base_enclave,
             config: cfg,
             ecalls: TEcalls::default(),
         })