diff --git a/rtc_data_service/src/auth_enclave_actor.rs b/rtc_data_service/src/auth_enclave_actor.rs index 0628e91f..b0098dfd 100644 --- a/rtc_data_service/src/auth_enclave_actor.rs +++ b/rtc_data_service/src/auth_enclave_actor.rs @@ -6,16 +6,10 @@ use std::sync::Arc; use actix::prelude::*; -use rtc_uenclave::{AttestationError, EnclaveConfig, RtcAuthEnclave}; +use rtc_uenclave::{EnclaveConfig, RtcAuthEnclave}; +use sgx_types::sgx_enclave_id_t; -#[derive(Default)] -pub(crate) struct RequestAttestation; - -type RequestAttestationResult = Result; - -impl Message for RequestAttestation { - type Result = RequestAttestationResult; -} +use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult}; pub struct AuthEnclaveActor { enclave: Option>>, @@ -55,6 +49,14 @@ impl Actor for AuthEnclaveActor { } } +impl Handler for AuthEnclaveActor { + type Result = sgx_enclave_id_t; + + fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result { + self.get_enclave().geteid() + } +} + impl Handler for AuthEnclaveActor { type Result = RequestAttestationResult; diff --git a/rtc_data_service/src/data_enclave_actor.rs b/rtc_data_service/src/data_enclave_actor.rs index c8f2fe63..2399e8be 100644 --- a/rtc_data_service/src/data_enclave_actor.rs +++ b/rtc_data_service/src/data_enclave_actor.rs @@ -6,16 +6,10 @@ use std::sync::Arc; use actix::prelude::*; -use rtc_uenclave::{AttestationError, EnclaveConfig, RtcDataEnclave}; +use rtc_uenclave::{EnclaveConfig, RtcDataEnclave}; +use sgx_types::sgx_enclave_id_t; -#[derive(Default)] -pub(crate) struct RequestAttestation; - -type RequestAttestationResult = Result; - -impl Message for RequestAttestation { - type Result = RequestAttestationResult; -} +use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult}; pub struct DataEnclaveActor { enclave: Option>>, @@ -55,6 +49,14 @@ impl Actor for DataEnclaveActor { } } +impl Handler for DataEnclaveActor { + type Result = sgx_enclave_id_t; + + fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result { + self.get_enclave().geteid() + } +} + impl Handler for DataEnclaveActor { type Result = RequestAttestationResult; diff --git a/rtc_data_service/src/data_upload/message.rs b/rtc_data_service/src/data_upload/message.rs index 6ead76c8..a591ade4 100644 --- a/rtc_data_service/src/data_upload/message.rs +++ b/rtc_data_service/src/data_upload/message.rs @@ -1,13 +1,26 @@ use actix::{Handler, Message}; use rtc_types::{DataUploadError, DataUploadResponse, EcallError, UploadMetadata}; +use sgx_types::sgx_enclave_id_t; use crate::data_enclave_actor::DataEnclaveActor; -pub struct DataUploadMessage { +/// Sealed request from a client to upload a new dataset. +/// +/// See: [`crate::data_upload::service::models::RequestBody`] +pub struct DataUploadRequest { pub metadata: UploadMetadata, pub payload: Box<[u8]>, } +/// [`Message`]: Process a [`DataUploadRequest`] sealed for [`auth_enclave_id`]. +/// Return a sealed [`DataUploadResponse`]. +/// +/// See: [`rtc_uenclave::enclaves::rtc_data::upload_data`] +pub struct DataUploadMessage { + pub auth_enclave_id: sgx_enclave_id_t, + pub request: DataUploadRequest, +} + impl Message for DataUploadMessage { type Result = Result>; } @@ -17,6 +30,7 @@ impl Handler for DataEnclaveActor { type Result = ::Result; fn handle(&mut self, msg: DataUploadMessage, _ctx: &mut Self::Context) -> Self::Result { - self.get_enclave().upload_data(&msg.payload, msg.metadata) + self.get_enclave() + .upload_data(&msg.request.payload, msg.request.metadata) } } diff --git a/rtc_data_service/src/data_upload/service.rs b/rtc_data_service/src/data_upload/service.rs index e5988411..3a414c5c 100644 --- a/rtc_data_service/src/data_upload/service.rs +++ b/rtc_data_service/src/data_upload/service.rs @@ -6,8 +6,10 @@ use actix_web::{post, web}; use models::*; use rtc_types::{DataUploadError, DataUploadResponse, EcallError}; -use super::DataUploadMessage; +use crate::auth_enclave_actor::AuthEnclaveActor; use crate::data_enclave_actor::DataEnclaveActor; +use crate::data_upload::{DataUploadMessage, DataUploadRequest}; +use crate::enclave_messages::GetEnclaveId; use crate::merge_error::*; /// Save uploaded data file using a [`DataUploadMessage`] for [`DataEnclaveActor`]. @@ -20,12 +22,22 @@ use crate::merge_error::*; #[post("/data/uploads")] pub async fn upload_file( req_body: web::Json, - enclave: web::Data>, + auth_enclave: web::Data>, + data_enclave: web::Data>, ) -> actix_web::Result> { - let message: DataUploadMessage = req_body.0.try_into()?; + let auth_enclave_id = auth_enclave + .send(GetEnclaveId) + .await + .map_err(ErrorInternalServerError)?; + + let request: DataUploadRequest = req_body.0.try_into()?; + let message = DataUploadMessage { + auth_enclave_id, + request, + }; let result: Result, MailboxError>> = - enclave.send(message).await.merge_err(); + data_enclave.send(message).await.merge_err(); match result { Ok(resp) => Ok(web::Json(resp.into())), @@ -40,7 +52,7 @@ pub mod models { use rtc_types::{DataUploadResponse, UploadMetadata}; use serde::{Deserialize, Serialize}; - use crate::data_upload::DataUploadMessage; + use crate::data_upload::DataUploadRequest; use crate::validation::ValidationError; use crate::Base64Standard; @@ -76,7 +88,7 @@ pub mod models { } } - impl TryFrom for DataUploadMessage { + impl TryFrom for DataUploadRequest { type Error = ValidationError; fn try_from(request_body: RequestBody) -> Result { @@ -85,7 +97,7 @@ pub mod models { let nonce = TryFrom::try_from(request_body.metadata.nonce) .or(Err(ValidationError::new("Invalid nonce")))?; - Ok(DataUploadMessage { + Ok(DataUploadRequest { metadata: UploadMetadata { uploader_pub_key, nonce, diff --git a/rtc_data_service/src/enclave_messages.rs b/rtc_data_service/src/enclave_messages.rs new file mode 100644 index 00000000..ef0a6389 --- /dev/null +++ b/rtc_data_service/src/enclave_messages.rs @@ -0,0 +1,29 @@ +//! Common message types for the enclave actors. + +use actix::Message; +use rtc_uenclave::AttestationError; +use sgx_types::sgx_enclave_id_t; + +/// [`Message`]: Get the enclave's ID. +/// Return [`sgx_enclave_id_t`]. +/// +/// See: [`rtc_uenclave::rtc_enclave::geteid`] +#[derive(Default)] +pub(crate) struct GetEnclaveId; + +impl Message for GetEnclaveId { + type Result = sgx_enclave_id_t; +} + +/// [`Message`]: Request enclave attestation. +/// Return JWT with quote and enclave data. +/// +/// See: [`rtc_uenclave::rtc_enclave::dcap_attestation_azure`] +#[derive(Default)] +pub(crate) struct RequestAttestation; + +pub(crate) type RequestAttestationResult = Result; + +impl Message for RequestAttestation { + type Result = RequestAttestationResult; +} diff --git a/rtc_data_service/src/exec_enclave_actor.rs b/rtc_data_service/src/exec_enclave_actor.rs index 18d46f4e..dcd0f077 100644 --- a/rtc_data_service/src/exec_enclave_actor.rs +++ b/rtc_data_service/src/exec_enclave_actor.rs @@ -6,16 +6,10 @@ use std::sync::Arc; use actix::prelude::*; -use rtc_uenclave::{AttestationError, EnclaveConfig, RtcExecEnclave}; +use rtc_uenclave::{EnclaveConfig, RtcExecEnclave}; +use sgx_types::sgx_enclave_id_t; -#[derive(Default)] -pub(crate) struct RequestAttestation; - -type RequestAttestationResult = Result; - -impl Message for RequestAttestation { - type Result = RequestAttestationResult; -} +use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult}; pub struct ExecEnclaveActor { enclave: Option>>, @@ -55,6 +49,14 @@ impl Actor for ExecEnclaveActor { } } +impl Handler for ExecEnclaveActor { + type Result = sgx_enclave_id_t; + + fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result { + self.get_enclave().geteid() + } +} + impl Handler for ExecEnclaveActor { type Result = RequestAttestationResult; diff --git a/rtc_data_service/src/handlers.rs b/rtc_data_service/src/handlers.rs index 1fcad676..5c03bfe2 100644 --- a/rtc_data_service/src/handlers.rs +++ b/rtc_data_service/src/handlers.rs @@ -5,9 +5,9 @@ use models::Status; use crate::auth_enclave_actor::AuthEnclaveActor; use crate::data_enclave_actor::DataEnclaveActor; +use crate::enclave_messages::RequestAttestation; use crate::exec_enclave_actor::ExecEnclaveActor; use crate::merge_error::*; -use crate::{auth_enclave_actor, data_enclave_actor, exec_enclave_actor}; pub async fn server_status(_req: HttpRequest) -> HttpResponse { HttpResponse::Ok().json(Status { @@ -21,7 +21,7 @@ pub async fn auth_enclave_attestation( enclave: web::Data>, ) -> actix_web::Result { let jwt = enclave - .send(auth_enclave_actor::RequestAttestation::default()) + .send(RequestAttestation::default()) .await .merge_err(); dbg!(&jwt); @@ -39,7 +39,7 @@ pub async fn data_enclave_attestation( enclave: web::Data>, ) -> actix_web::Result { let jwt = enclave - .send(data_enclave_actor::RequestAttestation::default()) + .send(RequestAttestation::default()) .await .merge_err(); dbg!(&jwt); @@ -57,7 +57,7 @@ pub async fn exec_enclave_attestation( enclave: web::Data>, ) -> actix_web::Result { let jwt = enclave - .send(exec_enclave_actor::RequestAttestation::default()) + .send(RequestAttestation::default()) .await .merge_err(); dbg!(&jwt); diff --git a/rtc_data_service/src/lib.rs b/rtc_data_service/src/lib.rs index afcb67b7..2cf7848d 100644 --- a/rtc_data_service/src/lib.rs +++ b/rtc_data_service/src/lib.rs @@ -7,6 +7,7 @@ pub mod app_config; pub mod auth_enclave_actor; pub mod data_enclave_actor; pub mod data_upload; +mod enclave_messages; pub mod exec; pub mod exec_enclave_actor; pub mod exec_token;