From 608f78a457da07f736c8b276e345e41588b457e6 Mon Sep 17 00:00:00 2001
From: Herman <herman@registree.io>
Date: Tue, 18 May 2021 13:41:50 +0200
Subject: [PATCH] feat(dh): add to uenclave and basic integration test

---
 Cargo.lock                            |  1 +
 rtc_auth_enclave/src/lib.rs           |  9 +++++----
 rtc_data_service/tests/exec_token.rs  | 24 ++++++++++++++++++++++++
 rtc_udh/src/lib.rs                    |  1 -
 rtc_uenclave/Cargo.toml               |  1 +
 rtc_uenclave/src/enclaves/rtc_auth.rs |  8 ++++++--
 rtc_uenclave/src/enclaves/rtc_data.rs | 26 ++++++++++++++++++++++++++
 rtc_uenclave/src/rtc_enclave.rs       | 17 +++++++++++++----
 8 files changed, 76 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 9bbd5790..b010b9e7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1704,6 +1704,7 @@ dependencies = [
  "rsa",
  "rtc-ecalls",
  "rtc_types",
+ "rtc_udh",
  "serde 1.0.125",
  "serde_json",
  "sgx_types",
diff --git a/rtc_auth_enclave/src/lib.rs b/rtc_auth_enclave/src/lib.rs
index 5e7ea09b..39cc52b1 100644
--- a/rtc_auth_enclave/src/lib.rs
+++ b/rtc_auth_enclave/src/lib.rs
@@ -4,8 +4,9 @@
 #![deny(unsafe_op_in_unsafe_fn)]
 #![deny(clippy::mem_forget)]
 
-use sgx_types::{sgx_report_t, sgx_status_t, sgx_target_info_t};
+#[cfg(not(target_env = "sgx"))]
+#[macro_use]
+extern crate sgx_tstd as std;
 
-use rtc_types::{CreateReportResult, EnclaveHeldData};
-
-use rtc_tenclave::enclave::*;
+pub use rtc_tenclave::dh::*;
+pub use rtc_tenclave::enclave::*;
diff --git a/rtc_data_service/tests/exec_token.rs b/rtc_data_service/tests/exec_token.rs
index bbd60bd0..96c3ce5f 100644
--- a/rtc_data_service/tests/exec_token.rs
+++ b/rtc_data_service/tests/exec_token.rs
@@ -9,6 +9,8 @@ use actix_web::{http, test};
 
 use rtc_data_service::data_enclave_actor::DataEnclaveActor;
 use rtc_data_service::exec_token;
+use rtc_uenclave::EnclaveConfig;
+use sgx_types::sgx_status_t;
 
 #[actix_rt::test]
 async fn data_service_exec_token_ok() {
@@ -65,3 +67,25 @@ async fn data_service_exec_token_ok() {
     };
     assert_eq!(expected, actual)
 }
+
+#[test]
+fn test_local_attestation_success() {
+    let auth_enclave = rtc_uenclave::RtcAuthEnclave::init(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_auth_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    })
+    .unwrap();
+
+    let data_enclave = rtc_uenclave::RtcDataEnclave::init(EnclaveConfig {
+        lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so".to_string(),
+        ..Default::default()
+    })
+    .unwrap();
+
+    let res = data_enclave.local_attestation(auth_enclave.geteid());
+    assert_eq!(res, sgx_status_t::SGX_SUCCESS);
+
+    // TODO: Integration test for message sending
+    // We should consider moving the integration tests for enclave interaction into rtc_uenclave
+    // since these tests does not need anything from the data_service
+}
diff --git a/rtc_udh/src/lib.rs b/rtc_udh/src/lib.rs
index a479160c..bba43649 100644
--- a/rtc_udh/src/lib.rs
+++ b/rtc_udh/src/lib.rs
@@ -2,7 +2,6 @@ mod responder;
 
 use std::{
     collections::HashMap,
-    marker::PhantomData,
     sync::{Arc, Mutex, RwLock},
 };
 
diff --git a/rtc_uenclave/Cargo.toml b/rtc_uenclave/Cargo.toml
index 570d65a6..b4aa1f1a 100644
--- a/rtc_uenclave/Cargo.toml
+++ b/rtc_uenclave/Cargo.toml
@@ -26,6 +26,7 @@ serde_json = "1.0.64"
 data-sys = { path = "./data-sys", optional = true }
 auth-sys = { path = "./auth-sys", optional = true }
 rtc-ecalls = { path = "./rtc-ecalls" }
+rtc_udh = { path = "../rtc_udh" }
 
 [dev-dependencies]
 rand = "0.7.3"
diff --git a/rtc_uenclave/src/enclaves/rtc_auth.rs b/rtc_uenclave/src/enclaves/rtc_auth.rs
index 018cf8c1..8a65ee3d 100644
--- a/rtc_uenclave/src/enclaves/rtc_auth.rs
+++ b/rtc_uenclave/src/enclaves/rtc_auth.rs
@@ -1,10 +1,9 @@
 use std::borrow::Borrow;
 
+use crate::{AttestationError, EnclaveConfig, EnclaveReportResult, RtcEnclave};
 use auth_sys::AuthSys;
 use sgx_types::*;
 
-use crate::{AttestationError, EnclaveConfig, EnclaveReportResult, RtcEnclave};
-
 /// Wraps all the functionality for interacting with the auth enclave
 pub struct RtcAuthEnclave<TCfg>(RtcEnclave<TCfg, AuthSys>)
 where
@@ -43,4 +42,9 @@ where
     pub fn is_initialized(&self) -> bool {
         self.0.is_initialized()
     }
+
+    /// Get the id of this enclave instance
+    pub fn geteid(&self) -> sgx_enclave_id_t {
+        self.0.geteid()
+    }
 }
diff --git a/rtc_uenclave/src/enclaves/rtc_data.rs b/rtc_uenclave/src/enclaves/rtc_data.rs
index ebc66f71..32809e7d 100644
--- a/rtc_uenclave/src/enclaves/rtc_data.rs
+++ b/rtc_uenclave/src/enclaves/rtc_data.rs
@@ -55,6 +55,11 @@ where
         })
     }
 
+    /// Performs local attestation to the destination enclave
+    pub fn local_attestation(&self, dest_enclave_id: sgx_enclave_id_t) -> sgx_status_t {
+        ecalls::local_attestation(self.0.geteid(), dest_enclave_id)
+    }
+
     /// Take ownership of self and drop resources
     pub fn destroy(self) {
         // Take ownership of self and drop
@@ -64,6 +69,11 @@ where
     pub fn is_initialized(&self) -> bool {
         self.0.is_initialized()
     }
+
+    /// Get the id of this enclave instance
+    pub fn geteid(&self) -> sgx_enclave_id_t {
+        self.0.geteid()
+    }
 }
 
 pub mod ecalls {
@@ -89,4 +99,20 @@ pub mod ecalls {
         };
         retval.to_ecall_err(res).into()
     }
+
+    pub fn local_attestation(
+        eid: sgx_enclave_id_t,
+        dest_enclave_id: sgx_enclave_id_t,
+    ) -> sgx_status_t {
+        let mut retval = sgx_status_t::SGX_SUCCESS;
+        let res = unsafe { ffi::rtc_data_local_attestation(eid, &mut retval, dest_enclave_id) };
+
+        match res {
+            sgx_status_t::SGX_SUCCESS => res,
+            err => {
+                println!("local_attestation err, ecall failed: {:?}", err);
+                err
+            }
+        }
+    }
 }
diff --git a/rtc_uenclave/src/rtc_enclave.rs b/rtc_uenclave/src/rtc_enclave.rs
index 416d4202..c20dc6f5 100644
--- a/rtc_uenclave/src/rtc_enclave.rs
+++ b/rtc_uenclave/src/rtc_enclave.rs
@@ -9,7 +9,7 @@ use mockall::predicate::*;
 #[cfg(test)]
 use mockall::*;
 use mockall_double::double;
-use rtc_types::{ExecTokenError, ExecTokenResponse};
+use rtc_udh::{self, ResponderSys};
 use serde::Deserialize;
 use sgx_types::*;
 use thiserror::Error;
@@ -52,7 +52,10 @@ pub struct EnclaveConfig {
 ///
 /// This struct contains the basic functionality required from all RTC enclaves
 #[cfg_attr(not(test), derive(Debug))]
-pub(crate) struct RtcEnclave<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls> {
+pub(crate) struct RtcEnclave<
+    TCfg: Borrow<EnclaveConfig>,
+    TEcalls: RtcEcalls + ResponderSys + 'static,
+> {
     pub(crate) base_enclave: SgxEnclave,
     pub(crate) quoting_enclave: QuotingEnclave,
     pub(crate) attestation_client: AzureAttestationClient<ureq::Agent>,
@@ -60,13 +63,19 @@ pub(crate) struct RtcEnclave<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls> {
     ecalls: TEcalls,
 }
 
-impl<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls> RtcEnclave<TCfg, TEcalls> {
+impl<TCfg: Borrow<EnclaveConfig>, TEcalls: RtcEcalls + ResponderSys + 'static>
+    RtcEnclave<TCfg, TEcalls>
+{
     /// Creates a new enclave instance with the provided configuration
     pub fn init(cfg: TCfg) -> Result<Self, sgx_status_t> {
+        let base_enclave = Self::init_base_enclave(cfg.borrow())?;
+        rtc_udh::set_responder(base_enclave.geteid(), Box::new(TEcalls::default()))
+            .expect("Failed to register enclave as dh responder");
+
         Ok(RtcEnclave {
             attestation_client: Self::init_attestation_client(),
             quoting_enclave: Self::init_quoting_enclave(),
-            base_enclave: Self::init_base_enclave(cfg.borrow())?,
+            base_enclave,
             config: cfg,
             ecalls: TEcalls::default(),
         })