feat(web service, data upload): pass the auth enclave ID to data enclave

rtc_data_service/src/auth_enclave_actor.rs

@@ -6,16 +6,10 @@
 use std::sync::Arc;
 
 use actix::prelude::*;
-use rtc_uenclave::{AttestationError, EnclaveConfig, RtcAuthEnclave};
+use rtc_uenclave::{EnclaveConfig, RtcAuthEnclave};
+use sgx_types::sgx_enclave_id_t;
 
-#[derive(Default)]
-pub(crate) struct RequestAttestation;
-
-type RequestAttestationResult = Result<String, AttestationError>;
-
-impl Message for RequestAttestation {
-    type Result = RequestAttestationResult;
-}
+use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult};
 
 pub struct AuthEnclaveActor {
     enclave: Option<RtcAuthEnclave<Arc<EnclaveConfig>>>,
@@ -55,6 +49,14 @@ impl Actor for AuthEnclaveActor {
     }
 }
 
+impl Handler<GetEnclaveId> for AuthEnclaveActor {
+    type Result = sgx_enclave_id_t;
+
+    fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result {
+        self.get_enclave().geteid()
+    }
+}
+
 impl Handler<RequestAttestation> for AuthEnclaveActor {
     type Result = RequestAttestationResult;
 

rtc_data_service/src/data_enclave_actor.rs

@@ -6,16 +6,10 @@
 use std::sync::Arc;
 
 use actix::prelude::*;
-use rtc_uenclave::{AttestationError, EnclaveConfig, RtcDataEnclave};
+use rtc_uenclave::{EnclaveConfig, RtcDataEnclave};
+use sgx_types::sgx_enclave_id_t;
 
-#[derive(Default)]
-pub(crate) struct RequestAttestation;
-
-type RequestAttestationResult = Result<String, AttestationError>;
-
-impl Message for RequestAttestation {
-    type Result = RequestAttestationResult;
-}
+use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult};
 
 pub struct DataEnclaveActor {
     enclave: Option<RtcDataEnclave<Arc<EnclaveConfig>>>,
@@ -55,6 +49,14 @@ impl Actor for DataEnclaveActor {
     }
 }
 
+impl Handler<GetEnclaveId> for DataEnclaveActor {
+    type Result = sgx_enclave_id_t;
+
+    fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result {
+        self.get_enclave().geteid()
+    }
+}
+
 impl Handler<RequestAttestation> for DataEnclaveActor {
     type Result = RequestAttestationResult;
 

rtc_data_service/src/data_upload/message.rs

@@ -1,13 +1,26 @@
 use actix::{Handler, Message};
 use rtc_types::{DataUploadError, DataUploadResponse, EcallError, UploadMetadata};
+use sgx_types::sgx_enclave_id_t;
 
 use crate::data_enclave_actor::DataEnclaveActor;
 
-pub struct DataUploadMessage {
+/// Sealed request from a client to upload a new dataset.
+///
+/// See: [`crate::data_upload::service::models::RequestBody`]
+pub struct DataUploadRequest {
     pub metadata: UploadMetadata,
     pub payload: Box<[u8]>,
 }
 
+/// [`Message`]: Process a [`DataUploadRequest`] sealed for [`auth_enclave_id`].
+/// Return a sealed [`DataUploadResponse`].
+///
+/// See: [`rtc_uenclave::enclaves::rtc_data::upload_data`]
+pub struct DataUploadMessage {
+    pub auth_enclave_id: sgx_enclave_id_t,
+    pub request: DataUploadRequest,
+}
+
 impl Message for DataUploadMessage {
     type Result = Result<DataUploadResponse, EcallError<DataUploadError>>;
 }
@@ -17,6 +30,7 @@ impl Handler<DataUploadMessage> for DataEnclaveActor {
     type Result = <DataUploadMessage as Message>::Result;
 
     fn handle(&mut self, msg: DataUploadMessage, _ctx: &mut Self::Context) -> Self::Result {
-        self.get_enclave().upload_data(&msg.payload, msg.metadata)
+        self.get_enclave()
+            .upload_data(&msg.request.payload, msg.request.metadata)
     }
 }

rtc_data_service/src/data_upload/service.rs

@@ -6,8 +6,10 @@ use actix_web::{post, web};
 use models::*;
 use rtc_types::{DataUploadError, DataUploadResponse, EcallError};
 
-use super::DataUploadMessage;
+use crate::auth_enclave_actor::AuthEnclaveActor;
 use crate::data_enclave_actor::DataEnclaveActor;
+use crate::data_upload::{DataUploadMessage, DataUploadRequest};
+use crate::enclave_messages::GetEnclaveId;
 use crate::merge_error::*;
 
 /// Save uploaded data file using a [`DataUploadMessage`] for [`DataEnclaveActor`].
@@ -20,12 +22,22 @@ use crate::merge_error::*;
 #[post("/data/uploads")]
 pub async fn upload_file(
     req_body: web::Json<RequestBody>,
-    enclave: web::Data<Addr<DataEnclaveActor>>,
+    auth_enclave: web::Data<Addr<AuthEnclaveActor>>,
+    data_enclave: web::Data<Addr<DataEnclaveActor>>,
 ) -> actix_web::Result<web::Json<ResponseBody>> {
-    let message: DataUploadMessage = req_body.0.try_into()?;
+    let auth_enclave_id = auth_enclave
+        .send(GetEnclaveId)
+        .await
+        .map_err(ErrorInternalServerError)?;
+
+    let request: DataUploadRequest = req_body.0.try_into()?;
+    let message = DataUploadMessage {
+        auth_enclave_id,
+        request,
+    };
 
     let result: Result<DataUploadResponse, MergedError<EcallError<DataUploadError>, MailboxError>> =
-        enclave.send(message).await.merge_err();
+        data_enclave.send(message).await.merge_err();
 
     match result {
         Ok(resp) => Ok(web::Json(resp.into())),
@@ -40,7 +52,7 @@ pub mod models {
     use rtc_types::{DataUploadResponse, UploadMetadata};
     use serde::{Deserialize, Serialize};
 
-    use crate::data_upload::DataUploadMessage;
+    use crate::data_upload::DataUploadRequest;
     use crate::validation::ValidationError;
     use crate::Base64Standard;
 
@@ -76,7 +88,7 @@ pub mod models {
         }
     }
 
-    impl TryFrom<RequestBody> for DataUploadMessage {
+    impl TryFrom<RequestBody> for DataUploadRequest {
         type Error = ValidationError;
 
         fn try_from(request_body: RequestBody) -> Result<Self, Self::Error> {
@@ -85,7 +97,7 @@ pub mod models {
             let nonce = TryFrom::try_from(request_body.metadata.nonce)
                 .or(Err(ValidationError::new("Invalid nonce")))?;
 
-            Ok(DataUploadMessage {
+            Ok(DataUploadRequest {
                 metadata: UploadMetadata {
                     uploader_pub_key,
                     nonce,

rtc_data_service/src/enclave_messages.rs

@@ -0,0 +1,29 @@
+//! Common message types for the enclave actors.
+
+use actix::Message;
+use rtc_uenclave::AttestationError;
+use sgx_types::sgx_enclave_id_t;
+
+/// [`Message`]: Get the enclave's ID.
+/// Return [`sgx_enclave_id_t`].
+///
+/// See: [`rtc_uenclave::rtc_enclave::geteid`]
+#[derive(Default)]
+pub(crate) struct GetEnclaveId;
+
+impl Message for GetEnclaveId {
+    type Result = sgx_enclave_id_t;
+}
+
+/// [`Message`]: Request enclave attestation.
+/// Return JWT with quote and enclave data.
+///
+/// See: [`rtc_uenclave::rtc_enclave::dcap_attestation_azure`]
+#[derive(Default)]
+pub(crate) struct RequestAttestation;
+
+pub(crate) type RequestAttestationResult = Result<String, AttestationError>;
+
+impl Message for RequestAttestation {
+    type Result = RequestAttestationResult;
+}

rtc_data_service/src/exec_enclave_actor.rs

@@ -6,16 +6,10 @@
 use std::sync::Arc;
 
 use actix::prelude::*;
-use rtc_uenclave::{AttestationError, EnclaveConfig, RtcExecEnclave};
+use rtc_uenclave::{EnclaveConfig, RtcExecEnclave};
+use sgx_types::sgx_enclave_id_t;
 
-#[derive(Default)]
-pub(crate) struct RequestAttestation;
-
-type RequestAttestationResult = Result<String, AttestationError>;
-
-impl Message for RequestAttestation {
-    type Result = RequestAttestationResult;
-}
+use crate::enclave_messages::{GetEnclaveId, RequestAttestation, RequestAttestationResult};
 
 pub struct ExecEnclaveActor {
     enclave: Option<RtcExecEnclave<Arc<EnclaveConfig>>>,
@@ -55,6 +49,14 @@ impl Actor for ExecEnclaveActor {
     }
 }
 
+impl Handler<GetEnclaveId> for ExecEnclaveActor {
+    type Result = sgx_enclave_id_t;
+
+    fn handle(&mut self, _msg: GetEnclaveId, _ctx: &mut Self::Context) -> Self::Result {
+        self.get_enclave().geteid()
+    }
+}
+
 impl Handler<RequestAttestation> for ExecEnclaveActor {
     type Result = RequestAttestationResult;
 

rtc_data_service/src/handlers.rs

@@ -5,9 +5,9 @@ use models::Status;
 
 use crate::auth_enclave_actor::AuthEnclaveActor;
 use crate::data_enclave_actor::DataEnclaveActor;
+use crate::enclave_messages::RequestAttestation;
 use crate::exec_enclave_actor::ExecEnclaveActor;
 use crate::merge_error::*;
-use crate::{auth_enclave_actor, data_enclave_actor, exec_enclave_actor};
 
 pub async fn server_status(_req: HttpRequest) -> HttpResponse {
     HttpResponse::Ok().json(Status {
@@ -21,7 +21,7 @@ pub async fn auth_enclave_attestation(
     enclave: web::Data<Addr<AuthEnclaveActor>>,
 ) -> actix_web::Result<String> {
     let jwt = enclave
-        .send(auth_enclave_actor::RequestAttestation::default())
+        .send(RequestAttestation::default())
         .await
         .merge_err();
     dbg!(&jwt);
@@ -39,7 +39,7 @@ pub async fn data_enclave_attestation(
     enclave: web::Data<Addr<DataEnclaveActor>>,
 ) -> actix_web::Result<String> {
     let jwt = enclave
-        .send(data_enclave_actor::RequestAttestation::default())
+        .send(RequestAttestation::default())
         .await
         .merge_err();
     dbg!(&jwt);
@@ -57,7 +57,7 @@ pub async fn exec_enclave_attestation(
     enclave: web::Data<Addr<ExecEnclaveActor>>,
 ) -> actix_web::Result<String> {
     let jwt = enclave
-        .send(exec_enclave_actor::RequestAttestation::default())
+        .send(RequestAttestation::default())
         .await
         .merge_err();
     dbg!(&jwt);

rtc_data_service/src/lib.rs

@@ -7,6 +7,7 @@ pub mod app_config;
 pub mod auth_enclave_actor;
 pub mod data_enclave_actor;
 pub mod data_upload;
+mod enclave_messages;
 pub mod exec;
 pub mod exec_enclave_actor;
 pub mod exec_token;