Move multiview query construction to ake enclave

mobilecoinfoundation · Jun 27, 2022 · 13eb771 · 13eb771
1 parent b69b4a2
commit 13eb771
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 28 deletions.
diff --git a/crypto/ake/enclave/src/lib.rs b/crypto/ake/enclave/src/lib.rs
@@ -562,6 +562,35 @@ impl<EI: EnclaveIdentity> AkeEnclaveState<EI> {
         Ok(())
     }
 
+    /// Transforms an incoming client message, i.e. a message sent from a client
+    /// to the current enclave, into a list of outbound  messages for
+    /// other enclaves that serve as backends to the current enclave.
+    ///                                 --> Backend Enclave 1
+    ///                               /
+    ///   Client -> Current Enclave ---> Backend Enclave 2
+    ///                              \
+    ///                               \ --> Backend Enclave N
+    pub fn reencrypt_client_message_for_backends(
+        &self,
+        incoming_client_message: EnclaveMessage<ClientSession>,
+    ) -> Result<Vec<EnclaveMessage<ClientSession>>> {
+        let mut backends = self.backends.lock()?;
+        let client_query_bytes: Vec<u8> = self.client_decrypt(incoming_client_message.clone())?;
+        let mut backend_messages = Vec::with_capacity(backends.len());
+        for (_, encryptor) in backends.iter_mut() {
+            let aad = incoming_client_message.aad.clone();
+            let data = encryptor.encrypt(&aad, &client_query_bytes)?;
+            let channel_id = incoming_client_message.channel_id.clone();
+            backend_messages.push(EnclaveMessage {
+                aad,
+                channel_id,
+                data,
+            });
+        }
+
+        Ok(backend_messages)
+    }
+
     //
     // Details
     //

diff --git a/fog/view/enclave/impl/src/lib.rs b/fog/view/enclave/impl/src/lib.rs
@@ -9,10 +9,7 @@ extern crate alloc;
 mod e_tx_out_store;
 use e_tx_out_store::{ETxOutStore, StorageDataSize, StorageMetaSize};
 
-use aes_gcm::Aes256Gcm;
 use alloc::vec::Vec;
-use core::ops::DerefMut;
-use mc_attest_ake::Ready;
 use mc_attest_core::{IasNonce, Quote, QuoteNonce, Report, TargetInfo, VerificationReport};
 use mc_attest_enclave_api::{ClientAuthRequest, ClientAuthResponse, ClientSession, EnclaveMessage};
 use mc_common::{
@@ -45,13 +42,6 @@ where
 
     /// Logger object
     logger: Logger,
-
-    /// Encrypts a QueryRequest for each individual Fog View Store.
-    /// TODO: Use a BTreeMap<FogViewShardLoadBalancerID,
-    /// BTreeMap<FogViewStoreId, Ready<...>>>  when implement the cursoring
-    /// optimization. For right now, it's fine to leave as a Vec because a
-    /// follow up PR will implement cursoring.
-    store_encryptors: Mutex<Vec<Ready<Aes256Gcm>>>,
 }
 
 impl<OSC> ViewEnclave<OSC>
@@ -61,7 +51,6 @@ where
     pub fn new(logger: Logger) -> Self {
         Self {
             e_tx_out_store: Mutex::new(None),
-            store_encryptors: Mutex::new(Vec::new()),
             ake: Default::default(),
             logger,
         }
@@ -206,26 +195,9 @@ where
         &self,
         client_query: EnclaveMessage<ClientSession>,
     ) -> Result<Vec<EnclaveMessage<ClientSession>>> {
-<<<<<<< HEAD
-        let client_query_bytes = self.ake.client_decrypt(client_query.clone())?;
-
-        let mut encryptors = self.store_encryptors.lock()?;
-        let mut results = Vec::with_capacity(encryptors.len());
-        for store_encryptor in encryptors.deref_mut() {
-            let aad = client_query.aad.clone();
-            let data = store_encryptor.encrypt(&aad, &client_query_bytes)?;
-            let channel_id = client_query.channel_id.clone();
-            results.push(EnclaveMessage {
-                aad,
-                channel_id,
-                data,
-            });
-        }
-=======
         Ok(self
             .ake
             .reencrypt_client_message_for_backends(client_query)?)
->>>>>>> 8b34d6bf (Rename)
     }
 
     fn view_store_init(&self, view_store_id: ResponderId) -> Result<ClientAuthRequest> {