diff --git a/Cargo.lock b/Cargo.lock index cf4de7cbfd..38cf94d180 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4251,6 +4251,7 @@ dependencies = [ "mc-attest-enclave-api", "mc-common", "mc-crypto-keys", + "mc-crypto-noise", "mc-fog-recovery-db-iface", "mc-fog-types", "mc-sgx-compat", @@ -4272,7 +4273,9 @@ dependencies = [ name = "mc-fog-view-enclave-impl" version = "1.3.0-pre0" dependencies = [ + "aes-gcm", "aligned-cmov", + "mc-attest-ake", "mc-attest-core", "mc-attest-enclave-api", "mc-common", diff --git a/fog/uri/src/lib.rs b/fog/uri/src/lib.rs index 8b87c4bf1b..d213ec791a 100644 --- a/fog/uri/src/lib.rs +++ b/fog/uri/src/lib.rs @@ -198,9 +198,10 @@ mod tests { ); assert!(!uri.use_tls()); - let uri = - FogViewLoadBalancerUri::from_str("insecure-fog-view-load-balancer://node1.test.mobilecoin.com:3225/") - .unwrap(); + let uri = FogViewLoadBalancerUri::from_str( + "insecure-fog-view-load-balancer://node1.test.mobilecoin.com:3225/", + ) + .unwrap(); assert_eq!(uri.addr(), "node1.test.mobilecoin.com:3225"); assert_eq!( uri.responder_id().unwrap(), diff --git a/fog/view/enclave/api/Cargo.toml b/fog/view/enclave/api/Cargo.toml index 09d33f7a7e..bf76efa5f7 100644 --- a/fog/view/enclave/api/Cargo.toml +++ b/fog/view/enclave/api/Cargo.toml @@ -11,6 +11,7 @@ mc-attest-core = { path = "../../../../attest/core", default-features = false } mc-attest-enclave-api = { path = "../../../../attest/enclave-api", default-features = false } mc-common = { path = "../../../../common", default-features = false } mc-crypto-keys = { path = "../../../../crypto/keys", default-features = false } +mc-crypto-noise = { path = "../../../../crypto/noise", default-features = false } mc-sgx-compat = { path = "../../../../sgx/compat", default-features = false } mc-sgx-report-cache-api = { path = "../../../../sgx/report-cache/api" } mc-sgx-types = { path = "../../../../sgx/types", default-features = false } diff --git a/fog/view/enclave/api/src/lib.rs b/fog/view/enclave/api/src/lib.rs index 8cfc2042b1..1bacd25e06 100644 --- a/fog/view/enclave/api/src/lib.rs +++ b/fog/view/enclave/api/src/lib.rs @@ -138,12 +138,11 @@ pub trait ViewEnclaveApi: ReportableEnclave { /// enclave's ORAM fn add_records(&self, records: Vec) -> Result<()>; - /// Transforms a client query request into a list of query requests to be - /// sent to each shard. + /// Transforms a client query request into a list of query request data. /// /// The returned list is meant to be used to construct the - /// MultiViewStoreQuery. - fn create_multi_view_store_query( + /// MultiViewStoreQuery, which is sent to each shard. + fn create_multi_view_store_query_data( &self, client_query: EnclaveMessage, ) -> Result>>; @@ -200,6 +199,8 @@ pub enum Error { Poison, /// Enclave not initialized EnclaveNotInitialized, + /// Cipher encryption failed + Cipher, } impl From for Error { @@ -255,3 +256,9 @@ impl From for Error { Error::AddRecords(src) } } + +impl From for Error { + fn from(_: mc_crypto_noise::CipherError) -> Self { + Error::Cipher + } +} diff --git a/fog/view/enclave/impl/Cargo.toml b/fog/view/enclave/impl/Cargo.toml index 436c34ec9d..0d1ddccc00 100644 --- a/fog/view/enclave/impl/Cargo.toml +++ b/fog/view/enclave/impl/Cargo.toml @@ -7,6 +7,7 @@ license = "GPL-3.0" [dependencies] # mobilecoin +mc-attest-ake = { path = "../../../../attest/ake", default-features = false } mc-attest-core = { path = "../../../../attest/core", default-features = false } mc-attest-enclave-api = { path = "../../../../attest/enclave-api", default-features = false } mc-common = { path = "../../../../common", default-features = false } @@ -28,5 +29,8 @@ mc-fog-recovery-db-iface = { path = "../../../recovery_db_iface" } mc-fog-types = { path = "../../../types" } mc-fog-view-enclave-api = { path = "../api" } +# third-party +aes-gcm = "0.9.4" + [dev-dependencies] mc-common = { path = "../../../../common", features = ["loggers"] } diff --git a/fog/view/enclave/impl/src/lib.rs b/fog/view/enclave/impl/src/lib.rs index 9c11a073df..07f1bcc38d 100644 --- a/fog/view/enclave/impl/src/lib.rs +++ b/fog/view/enclave/impl/src/lib.rs @@ -9,7 +9,10 @@ extern crate alloc; mod e_tx_out_store; use e_tx_out_store::{ETxOutStore, StorageDataSize, StorageMetaSize}; +use aes_gcm::Aes256Gcm; use alloc::vec::Vec; +use core::ops::DerefMut; +use mc_attest_ake::Ready; use mc_attest_core::{IasNonce, Quote, QuoteNonce, Report, TargetInfo, VerificationReport}; use mc_attest_enclave_api::{ClientAuthRequest, ClientAuthResponse, ClientSession, EnclaveMessage}; use mc_common::logger::{log, Logger}; @@ -39,6 +42,9 @@ where /// Logger object logger: Logger, + + /// Encrypts a QueryRequest for each individual Fog View Store. + store_encryptors: Mutex>>, } impl ViewEnclave @@ -48,6 +54,7 @@ where pub fn new(logger: Logger) -> Self { Self { e_tx_out_store: Mutex::new(None), + store_encryptors: Mutex::new(Vec::new()), ake: Default::default(), logger, } @@ -182,15 +189,29 @@ where for rec in records { store.add_record(&rec.search_key, &rec.payload)?; } + Ok(()) } /// Takes in a client's query request and returns a list of query requests /// to be sent off to each Fog View Store shard. - fn create_multi_view_store_query( + fn create_multi_view_store_query_data( &self, - _client_query: EnclaveMessage, + client_query: EnclaveMessage, ) -> Result>> { - todo!() + let client_query_bytes = self.ake.client_decrypt(client_query.clone())?; + + let mut encryptors = self.store_encryptors.lock()?; + let mut results = Vec::new(); + for store_encryptor in encryptors.deref_mut() { + let data = store_encryptor.encrypt(&client_query.aad, &client_query_bytes)?; + results.push(EnclaveMessage { + aad: client_query.clone().aad, + channel_id: client_query.clone().channel_id, + data, + }); + } + + Ok(results) } } diff --git a/fog/view/enclave/src/lib.rs b/fog/view/enclave/src/lib.rs index 3e005e4a4f..31541ea362 100644 --- a/fog/view/enclave/src/lib.rs +++ b/fog/view/enclave/src/lib.rs @@ -180,12 +180,13 @@ impl ViewEnclaveApi for SgxViewEnclave { mc_util_serial::deserialize(&outbuf[..])? } - fn create_multi_view_store_query( + fn create_multi_view_store_query_data( &self, client_query: EnclaveMessage, ) -> Result>> { - let inbuf = - mc_util_serial::serialize(&ViewEnclaveRequest::CreateMultiViewStoreQuery(client_query))?; + let inbuf = mc_util_serial::serialize(&ViewEnclaveRequest::CreateMultiViewStoreQuery( + client_query, + ))?; let outbuf = self.enclave_call(&inbuf)?; mc_util_serial::deserialize(&outbuf[..])? } diff --git a/fog/view/enclave/trusted/Cargo.lock b/fog/view/enclave/trusted/Cargo.lock index efa422c088..2d04ea973c 100644 --- a/fog/view/enclave/trusted/Cargo.lock +++ b/fog/view/enclave/trusted/Cargo.lock @@ -1083,6 +1083,7 @@ dependencies = [ "mc-attest-enclave-api", "mc-common", "mc-crypto-keys", + "mc-crypto-noise", "mc-fog-recovery-db-iface", "mc-fog-types", "mc-sgx-compat", @@ -1104,7 +1105,9 @@ dependencies = [ name = "mc-fog-view-enclave-impl" version = "1.3.0-pre0" dependencies = [ + "aes-gcm", "aligned-cmov", + "mc-attest-ake", "mc-attest-core", "mc-attest-enclave-api", "mc-common", diff --git a/fog/view/enclave/trusted/src/lib.rs b/fog/view/enclave/trusted/src/lib.rs index 1f24878f4b..68d682929e 100644 --- a/fog/view/enclave/trusted/src/lib.rs +++ b/fog/view/enclave/trusted/src/lib.rs @@ -120,7 +120,7 @@ pub fn ecall_dispatcher(inbuf: &[u8]) -> Result, sgx_status_t> { serialize(&ENCLAVE.query(req, untrusted_query_response)) } ViewEnclaveRequest::AddRecords(records) => serialize(&ENCLAVE.add_records(records)), - ViewEnclaveRequest::CreateMultiViewStoreQuery(client_query) => serialize(&ENCLAVE.create_multi_view_store_query(client_query)), + ViewEnclaveRequest::CreateMultiViewStoreQuery(client_query) => serialize(&ENCLAVE.create_multi_view_store_query_data(client_query)), } .or(Err(sgx_status_t::SGX_ERROR_UNEXPECTED)) } diff --git a/fog/view/server/src/fog_view_router_service.rs b/fog/view/server/src/fog_view_router_service.rs index 2a25f6b6eb..25090ca49f 100644 --- a/fog/view/server/src/fog_view_router_service.rs +++ b/fog/view/server/src/fog_view_router_service.rs @@ -2,6 +2,7 @@ use futures::{future::try_join_all, FutureExt, SinkExt, TryFutureExt, TryStreamExt}; use grpcio::{DuplexSink, RequestStream, RpcContext, WriteFlags}; +use mc_attest_api::attest; use mc_common::logger::{log, Logger}; use mc_fog_api::{ view::{FogViewRouterRequest, FogViewRouterResponse}, @@ -95,7 +96,12 @@ async fn handle_request( } } } else if request.has_query() { - log::info!(logger, "Request has query"); + let query: attest::Message = request.take_query(); + // TODO: In the next PR, use this _shard_query_data to construct a + // MultiViewStoreQuery and send it off to the Fog View Load + // Balancers. + let _multi_view_store_query_data = + enclave.create_multi_view_store_query_data(query.into()); let _result = route_query(shards.clone(), logger.clone()).await; let response = FogViewRouterResponse::new();