From 1148318c086e09625326e55ebc80916246f15f0c Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 14:55:14 +0200 Subject: [PATCH 1/8] refactor(rtc_data_service::enclave_messages): extract common module for RequestAttestation --- rtc_data_service/src/auth_enclave_actor.rs | 11 ++--------- rtc_data_service/src/data_enclave_actor.rs | 11 ++--------- rtc_data_service/src/enclave_messages.rs | 13 +++++++++++++ rtc_data_service/src/exec_enclave_actor.rs | 11 ++--------- rtc_data_service/src/handlers.rs | 8 ++++---- rtc_data_service/src/lib.rs | 1 + 6 files changed, 24 insertions(+), 31 deletions(-) create mode 100644 rtc_data_service/src/enclave_messages.rs diff --git a/rtc_data_service/src/auth_enclave_actor.rs b/rtc_data_service/src/auth_enclave_actor.rs index 0628e91f..96356f06 100644 --- a/rtc_data_service/src/auth_enclave_actor.rs +++ b/rtc_data_service/src/auth_enclave_actor.rs @@ -6,16 +6,9 @@ use std::sync::Arc; use actix::prelude::*; -use rtc_uenclave::{AttestationError, EnclaveConfig, RtcAuthEnclave}; +use rtc_uenclave::{EnclaveConfig, RtcAuthEnclave}; -#[derive(Default)] -pub(crate) struct RequestAttestation; - -type RequestAttestationResult = Result; - -impl Message for RequestAttestation { - type Result = RequestAttestationResult; -} +use crate::enclave_messages::{RequestAttestation, RequestAttestationResult}; pub struct AuthEnclaveActor { enclave: Option>>, diff --git a/rtc_data_service/src/data_enclave_actor.rs b/rtc_data_service/src/data_enclave_actor.rs index c8f2fe63..64cd1631 100644 --- a/rtc_data_service/src/data_enclave_actor.rs +++ b/rtc_data_service/src/data_enclave_actor.rs @@ -6,16 +6,9 @@ use std::sync::Arc; use actix::prelude::*; -use rtc_uenclave::{AttestationError, EnclaveConfig, RtcDataEnclave}; +use rtc_uenclave::{EnclaveConfig, RtcDataEnclave}; -#[derive(Default)] -pub(crate) struct RequestAttestation; - -type RequestAttestationResult = Result; - -impl Message for RequestAttestation { - type Result = RequestAttestationResult; -} +use crate::enclave_messages::{RequestAttestation, RequestAttestationResult}; pub struct DataEnclaveActor { enclave: Option>>, diff --git a/rtc_data_service/src/enclave_messages.rs b/rtc_data_service/src/enclave_messages.rs new file mode 100644 index 00000000..66fb3f05 --- /dev/null +++ b/rtc_data_service/src/enclave_messages.rs @@ -0,0 +1,13 @@ +//! Common message types for the enclave actors. + +use actix::Message; +use rtc_uenclave::AttestationError; + +#[derive(Default)] +pub(crate) struct RequestAttestation; + +pub(crate) type RequestAttestationResult = Result; + +impl Message for RequestAttestation { + type Result = RequestAttestationResult; +} diff --git a/rtc_data_service/src/exec_enclave_actor.rs b/rtc_data_service/src/exec_enclave_actor.rs index 18d46f4e..c180009a 100644 --- a/rtc_data_service/src/exec_enclave_actor.rs +++ b/rtc_data_service/src/exec_enclave_actor.rs @@ -6,16 +6,9 @@ use std::sync::Arc; use actix::prelude::*; -use rtc_uenclave::{AttestationError, EnclaveConfig, RtcExecEnclave}; +use rtc_uenclave::{EnclaveConfig, RtcExecEnclave}; -#[derive(Default)] -pub(crate) struct RequestAttestation; - -type RequestAttestationResult = Result; - -impl Message for RequestAttestation { - type Result = RequestAttestationResult; -} +use crate::enclave_messages::{RequestAttestation, RequestAttestationResult}; pub struct ExecEnclaveActor { enclave: Option>>, diff --git a/rtc_data_service/src/handlers.rs b/rtc_data_service/src/handlers.rs index 1fcad676..5c03bfe2 100644 --- a/rtc_data_service/src/handlers.rs +++ b/rtc_data_service/src/handlers.rs @@ -5,9 +5,9 @@ use models::Status; use crate::auth_enclave_actor::AuthEnclaveActor; use crate::data_enclave_actor::DataEnclaveActor; +use crate::enclave_messages::RequestAttestation; use crate::exec_enclave_actor::ExecEnclaveActor; use crate::merge_error::*; -use crate::{auth_enclave_actor, data_enclave_actor, exec_enclave_actor}; pub async fn server_status(_req: HttpRequest) -> HttpResponse { HttpResponse::Ok().json(Status { @@ -21,7 +21,7 @@ pub async fn auth_enclave_attestation( enclave: web::Data>, ) -> actix_web::Result { let jwt = enclave - .send(auth_enclave_actor::RequestAttestation::default()) + .send(RequestAttestation::default()) .await .merge_err(); dbg!(&jwt); @@ -39,7 +39,7 @@ pub async fn data_enclave_attestation( enclave: web::Data>, ) -> actix_web::Result { let jwt = enclave - .send(data_enclave_actor::RequestAttestation::default()) + .send(RequestAttestation::default()) .await .merge_err(); dbg!(&jwt); @@ -57,7 +57,7 @@ pub async fn exec_enclave_attestation( enclave: web::Data>, ) -> actix_web::Result { let jwt = enclave - .send(exec_enclave_actor::RequestAttestation::default()) + .send(RequestAttestation::default()) .await .merge_err(); dbg!(&jwt); diff --git a/rtc_data_service/src/lib.rs b/rtc_data_service/src/lib.rs index afcb67b7..2cf7848d 100644 --- a/rtc_data_service/src/lib.rs +++ b/rtc_data_service/src/lib.rs @@ -7,6 +7,7 @@ pub mod app_config; pub mod auth_enclave_actor; pub mod data_enclave_actor; pub mod data_upload; +mod enclave_messages; pub mod exec; pub mod exec_enclave_actor; pub mod exec_token; From 2eabca1dc0ca92d76943df097b7afd6ec19260c9 Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 15:05:19 +0200 Subject: [PATCH 2/8] docs(rtc_data_service::enclave_messages::RequestAttestation): add rustdoc --- rtc_data_service/src/enclave_messages.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rtc_data_service/src/enclave_messages.rs b/rtc_data_service/src/enclave_messages.rs index 66fb3f05..8c364f6c 100644 --- a/rtc_data_service/src/enclave_messages.rs +++ b/rtc_data_service/src/enclave_messages.rs @@ -3,6 +3,10 @@ use actix::Message; use rtc_uenclave::AttestationError; +/// [`Message`]: Request enclave attestation. +/// Return JWT with quote and enclave data. +/// +/// See: [`rtc_uenclave::rtc_enclave::dcap_attestation_azure`] #[derive(Default)] pub(crate) struct RequestAttestation; From f3653e515c83241f8fc6c9402196edd7156189a9 Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 15:18:27 +0200 Subject: [PATCH 3/8] feat(rtc_data_service::enclave_messages): add GetEnclaveId message --- rtc_data_service/src/enclave_messages.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/rtc_data_service/src/enclave_messages.rs b/rtc_data_service/src/enclave_messages.rs index 8c364f6c..ef0a6389 100644 --- a/rtc_data_service/src/enclave_messages.rs +++ b/rtc_data_service/src/enclave_messages.rs @@ -2,6 +2,18 @@ use actix::Message; use rtc_uenclave::AttestationError; +use sgx_types::sgx_enclave_id_t; + +/// [`Message`]: Get the enclave's ID. +/// Return [`sgx_enclave_id_t`]. +/// +/// See: [`rtc_uenclave::rtc_enclave::geteid`] +#[derive(Default)] +pub(crate) struct GetEnclaveId; + +impl Message for GetEnclaveId { + type Result = sgx_enclave_id_t; +} /// [`Message`]: Request enclave attestation. /// Return JWT with quote and enclave data. From 38434f56dae23b637facb4c491e8ffdca80dff56 Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 15:19:41 +0200 Subject: [PATCH 4/8] feat(rtc_data_service): handle GetEnclaveId for the enclave actors --- rtc_data_service/src/auth_enclave_actor.rs | 11 ++++++++++- rtc_data_service/src/data_enclave_actor.rs | 11 ++++++++++- rtc_data_service/src/exec_enclave_actor.rs | 11 ++++++++++- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/rtc_data_service/src/auth_enclave_actor.rs b/rtc_data_service/src/auth_enclave_actor.rs index 96356f06..b0098dfd 100644 --- a/rtc_data_service/src/auth_enclave_actor.rs +++ b/rtc_data_service/src/auth_enclave_actor.rs @@ -7,8 +7,9 @@ use std::sync::Arc; use actix::prelude::*; use rtc_uenclave::{EnclaveConfig, RtcAuthEnclave}; +use sgx_types::sgx_enclave_id_t; -use crate::enclave_messages::{RequestAttestation, RequestAttestationResult}; +use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult}; pub struct AuthEnclaveActor { enclave: Option>>, @@ -48,6 +49,14 @@ impl Actor for AuthEnclaveActor { } } +impl Handler for AuthEnclaveActor { + type Result = sgx_enclave_id_t; + + fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result { + self.get_enclave().geteid() + } +} + impl Handler for AuthEnclaveActor { type Result = RequestAttestationResult; diff --git a/rtc_data_service/src/data_enclave_actor.rs b/rtc_data_service/src/data_enclave_actor.rs index 64cd1631..2399e8be 100644 --- a/rtc_data_service/src/data_enclave_actor.rs +++ b/rtc_data_service/src/data_enclave_actor.rs @@ -7,8 +7,9 @@ use std::sync::Arc; use actix::prelude::*; use rtc_uenclave::{EnclaveConfig, RtcDataEnclave}; +use sgx_types::sgx_enclave_id_t; -use crate::enclave_messages::{RequestAttestation, RequestAttestationResult}; +use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult}; pub struct DataEnclaveActor { enclave: Option>>, @@ -48,6 +49,14 @@ impl Actor for DataEnclaveActor { } } +impl Handler for DataEnclaveActor { + type Result = sgx_enclave_id_t; + + fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result { + self.get_enclave().geteid() + } +} + impl Handler for DataEnclaveActor { type Result = RequestAttestationResult; diff --git a/rtc_data_service/src/exec_enclave_actor.rs b/rtc_data_service/src/exec_enclave_actor.rs index c180009a..dcd0f077 100644 --- a/rtc_data_service/src/exec_enclave_actor.rs +++ b/rtc_data_service/src/exec_enclave_actor.rs @@ -7,8 +7,9 @@ use std::sync::Arc; use actix::prelude::*; use rtc_uenclave::{EnclaveConfig, RtcExecEnclave}; +use sgx_types::sgx_enclave_id_t; -use crate::enclave_messages::{RequestAttestation, RequestAttestationResult}; +use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult}; pub struct ExecEnclaveActor { enclave: Option>>, @@ -48,6 +49,14 @@ impl Actor for ExecEnclaveActor { } } +impl Handler for ExecEnclaveActor { + type Result = sgx_enclave_id_t; + + fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result { + self.get_enclave().geteid() + } +} + impl Handler for ExecEnclaveActor { type Result = RequestAttestationResult; From 69026dc903176981e4ce04fe610eff71f7e89d7f Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 15:44:26 +0200 Subject: [PATCH 5/8] refactor(rtc_data_service::data_upload): split DataUploadRequest from DataUploadMessage --- rtc_data_service/src/data_upload/message.rs | 9 +++++++-- rtc_data_service/src/data_upload/service.rs | 11 ++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/rtc_data_service/src/data_upload/message.rs b/rtc_data_service/src/data_upload/message.rs index 6ead76c8..8665212e 100644 --- a/rtc_data_service/src/data_upload/message.rs +++ b/rtc_data_service/src/data_upload/message.rs @@ -3,11 +3,15 @@ use rtc_types::{DataUploadError, DataUploadResponse, EcallError, UploadMetadata} use crate::data_enclave_actor::DataEnclaveActor; -pub struct DataUploadMessage { +pub struct DataUploadRequest { pub metadata: UploadMetadata, pub payload: Box<[u8]>, } +pub struct DataUploadMessage { + pub request: DataUploadRequest, +} + impl Message for DataUploadMessage { type Result = Result>; } @@ -17,6 +21,7 @@ impl Handler for DataEnclaveActor { type Result = ::Result; fn handle(&mut self, msg: DataUploadMessage, _ctx: &mut Self::Context) -> Self::Result { - self.get_enclave().upload_data(&msg.payload, msg.metadata) + self.get_enclave() + .upload_data(&msg.request.payload, msg.request.metadata) } } diff --git a/rtc_data_service/src/data_upload/service.rs b/rtc_data_service/src/data_upload/service.rs index e5988411..6ec42685 100644 --- a/rtc_data_service/src/data_upload/service.rs +++ b/rtc_data_service/src/data_upload/service.rs @@ -6,8 +6,8 @@ use actix_web::{post, web}; use models::*; use rtc_types::{DataUploadError, DataUploadResponse, EcallError}; -use super::DataUploadMessage; use crate::data_enclave_actor::DataEnclaveActor; +use crate::data_upload::{DataUploadMessage, DataUploadRequest}; use crate::merge_error::*; /// Save uploaded data file using a [`DataUploadMessage`] for [`DataEnclaveActor`]. @@ -22,7 +22,8 @@ pub async fn upload_file( req_body: web::Json, enclave: web::Data>, ) -> actix_web::Result> { - let message: DataUploadMessage = req_body.0.try_into()?; + let request: DataUploadRequest = req_body.0.try_into()?; + let message = DataUploadMessage { request }; let result: Result, MailboxError>> = enclave.send(message).await.merge_err(); @@ -40,7 +41,7 @@ pub mod models { use rtc_types::{DataUploadResponse, UploadMetadata}; use serde::{Deserialize, Serialize}; - use crate::data_upload::DataUploadMessage; + use crate::data_upload::DataUploadRequest; use crate::validation::ValidationError; use crate::Base64Standard; @@ -76,7 +77,7 @@ pub mod models { } } - impl TryFrom for DataUploadMessage { + impl TryFrom for DataUploadRequest { type Error = ValidationError; fn try_from(request_body: RequestBody) -> Result { @@ -85,7 +86,7 @@ pub mod models { let nonce = TryFrom::try_from(request_body.metadata.nonce) .or(Err(ValidationError::new("Invalid nonce")))?; - Ok(DataUploadMessage { + Ok(DataUploadRequest { metadata: UploadMetadata { uploader_pub_key, nonce, From 8d5be4933ad931863a2f5fbc8de38461e8f0ea4f Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 15:49:00 +0200 Subject: [PATCH 6/8] docs(rtc_data_service::data_upload::message): add rustdocs --- rtc_data_service/src/data_upload/message.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rtc_data_service/src/data_upload/message.rs b/rtc_data_service/src/data_upload/message.rs index 8665212e..1969fdfd 100644 --- a/rtc_data_service/src/data_upload/message.rs +++ b/rtc_data_service/src/data_upload/message.rs @@ -3,11 +3,18 @@ use rtc_types::{DataUploadError, DataUploadResponse, EcallError, UploadMetadata} use crate::data_enclave_actor::DataEnclaveActor; +/// Sealed request from a client to upload a new dataset. +/// +/// See: [`crate::data_upload::service::models::RequestBody`] pub struct DataUploadRequest { pub metadata: UploadMetadata, pub payload: Box<[u8]>, } +/// [`Message`]: Process a sealed [`DataUploadRequest`]. +/// Return a sealed [`DataUploadResponse`]. +/// +/// See: [`rtc_uenclave::enclaves::rtc_data::upload_data`] pub struct DataUploadMessage { pub request: DataUploadRequest, } From f151caf1d298414c36753ed197719b2b3a241b8d Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 15:32:48 +0200 Subject: [PATCH 7/8] refactor(rtc_data_service::data_upload): rename (disambiguation) --- rtc_data_service/src/data_upload/service.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rtc_data_service/src/data_upload/service.rs b/rtc_data_service/src/data_upload/service.rs index 6ec42685..2aa40864 100644 --- a/rtc_data_service/src/data_upload/service.rs +++ b/rtc_data_service/src/data_upload/service.rs @@ -20,13 +20,13 @@ use crate::merge_error::*; #[post("/data/uploads")] pub async fn upload_file( req_body: web::Json, - enclave: web::Data>, + data_enclave: web::Data>, ) -> actix_web::Result> { let request: DataUploadRequest = req_body.0.try_into()?; let message = DataUploadMessage { request }; let result: Result, MailboxError>> = - enclave.send(message).await.merge_err(); + data_enclave.send(message).await.merge_err(); match result { Ok(resp) => Ok(web::Json(resp.into())), From 4816cd8c84f6a285cabbc6b9f1b40458f6d2079e Mon Sep 17 00:00:00 2001 From: Pi Delport Date: Wed, 7 Jul 2021 16:09:29 +0200 Subject: [PATCH 8/8] feat(rtc_data_service::data_upload): add auth_enclave_id to DataUploadMessage --- rtc_data_service/src/data_upload/message.rs | 4 +++- rtc_data_service/src/data_upload/service.rs | 13 ++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/rtc_data_service/src/data_upload/message.rs b/rtc_data_service/src/data_upload/message.rs index 1969fdfd..a591ade4 100644 --- a/rtc_data_service/src/data_upload/message.rs +++ b/rtc_data_service/src/data_upload/message.rs @@ -1,5 +1,6 @@ use actix::{Handler, Message}; use rtc_types::{DataUploadError, DataUploadResponse, EcallError, UploadMetadata}; +use sgx_types::sgx_enclave_id_t; use crate::data_enclave_actor::DataEnclaveActor; @@ -11,11 +12,12 @@ pub struct DataUploadRequest { pub payload: Box<[u8]>, } -/// [`Message`]: Process a sealed [`DataUploadRequest`]. +/// [`Message`]: Process a [`DataUploadRequest`] sealed for [`auth_enclave_id`]. /// Return a sealed [`DataUploadResponse`]. /// /// See: [`rtc_uenclave::enclaves::rtc_data::upload_data`] pub struct DataUploadMessage { + pub auth_enclave_id: sgx_enclave_id_t, pub request: DataUploadRequest, } diff --git a/rtc_data_service/src/data_upload/service.rs b/rtc_data_service/src/data_upload/service.rs index 2aa40864..3a414c5c 100644 --- a/rtc_data_service/src/data_upload/service.rs +++ b/rtc_data_service/src/data_upload/service.rs @@ -6,8 +6,10 @@ use actix_web::{post, web}; use models::*; use rtc_types::{DataUploadError, DataUploadResponse, EcallError}; +use crate::auth_enclave_actor::AuthEnclaveActor; use crate::data_enclave_actor::DataEnclaveActor; use crate::data_upload::{DataUploadMessage, DataUploadRequest}; +use crate::enclave_messages::GetEnclaveId; use crate::merge_error::*; /// Save uploaded data file using a [`DataUploadMessage`] for [`DataEnclaveActor`]. @@ -20,10 +22,19 @@ use crate::merge_error::*; #[post("/data/uploads")] pub async fn upload_file( req_body: web::Json, + auth_enclave: web::Data>, data_enclave: web::Data>, ) -> actix_web::Result> { + let auth_enclave_id = auth_enclave + .send(GetEnclaveId) + .await + .map_err(ErrorInternalServerError)?; + let request: DataUploadRequest = req_body.0.try_into()?; - let message = DataUploadMessage { request }; + let message = DataUploadMessage { + auth_enclave_id, + request, + }; let result: Result, MailboxError>> = data_enclave.send(message).await.merge_err();