Ledger router server prototype (#2612)

* Create helper methods to obliviously collate shard responses (#2252) * Create helper methods that obliviously collate shard responses * Implement chris's suggestions * Fix error string * Fix lint * Sort dependencies * Run format * fix newline * Collate shard response in constant time (obliviously) (#2250) * Add backend decrypt method to ake enclave * Add enclave methods for shard response collation * Refactor response to always include view store uri * Use shard responses to fill router response * Implement Nick's suggestions and fix CI errors * Implement epoch sharding via trait (#2350) * Use sharding strategy to tell view what blocks to process (#2351) * Return minimum highest processed block to client (#2387) * Add config option for sharding strategy (#2352) * Add readiness API to ShardingStrategy (#2353) * Add readiness API to ShardingStrategy * Implement readiness check per ShardingStrategy * Change MVQR error to accommodate different types * Set not ready message * Pull out query processing logic to separate method * Add report fetching logic to FVR (#2454) * Fix responder ID usage in FVR (#2446) * Create different types of View Servers for store and client-facing (#2447) * Messages for noise protocol exchanges with explicit nonces (#2461) * attest::NonceMessage, EnclaveNonceMessage, add handling to attest-ake * Rustfmt fixes * Minor DRY cleanups around sessions and auth messages (#2462) * attest::NonceMessage, EnclaveNonceMessage, add handling to attest-ake * Rustfmt fixes * Minor DRY cleanups around sessions and auth messages * Update FVR client for integration test (#2448) * Create gRPC FogViewRouterAdminAPI (#2360) * Create FogViewRouterAdminUri (#2361) * Add NonceAuthRequest, NonceAuthResponse, NonceSession (#2463) * Add NonceAuthRequest, NonceAuthResponse, NonceSession * Remove EnclaveNonceMessage in favor of EnclaveMessage<NonceSession> * Manually implement Hash to resolve clippy warning * Implement client message to sealed message API for backends * Update Fog View enclave to build with new AKE enclave API * Rust type aliases don't protect against passing the aliased type, use a new type instead * Re-add comment ASCII art * Additional plumbing of new SealedClientMessage type * Move SealedClientMessage, finish implementing in fog view router * Properly update the lockfiles * Fix clippy lint * Starting branch for ledger router service. * Adapted more of fog view router code for ledger router. * Revert mistake in shard_responses_processor.rs * Adapting copied fog view router code, continuing to fill in a first draft. * Ledger router bin improvements. * EnclaveCall changes * Adding ledger_store_server and service * Adding new enclave methods to ecall_dispatcher() * Clarifying names * Further disentangling of parts of the ledger, plus filling out more enclave-related code * More reorganization * Rewrite create_key_image_store_query to use sealed messages (without changing logic) * Plumb decrypt_and_seal_query enclave call * Enable enclave call for multi-query creation * Implement shard response processing as in Fog View Router * Enable store authentication from router * Implement retry logic * First-pass implementation of response collation Co-authored-by: Sam Dealy <33067698+samdealy@users.noreply.github.com> Co-authored-by: James Cape <james@mobilecoin.com> Co-authored-by: Millie C <gyro@pop-os.localdomain> Co-authored-by: NotGyro <gyrocoder@gmail.com>
mobilecoinfoundation · Sep 27, 2022 · 65452bb · 65452bb
1 parent af5eb34
commit 65452bb
Show file tree

Hide file tree

Showing 58 changed files with 2,792 additions and 522 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/attest/ake/src/event.rs b/attest/ake/src/event.rs
@@ -351,3 +351,37 @@ impl MealyInput for Ciphertext<'_, '_> {}
 
 /// Our outputs may be simple vectors for the proto-inside-grpc use case.
 impl MealyOutput for Vec<u8> {}
+
+/// A type similar to [`aead::Payload`] used to distinguish writer inputs from
+/// outputs when there's an explicit nonce.
+pub struct NoncePlaintext<'aad, 'msg> {
+    pub aad: &'aad [u8],
+    pub msg: &'msg [u8],
+    pub nonce: u64,
+}
+
+impl<'aad, 'msg> NoncePlaintext<'aad, 'msg> {
+    pub fn new(aad: &'aad [u8], msg: &'msg [u8], nonce: u64) -> Self {
+        Self { aad, msg, nonce }
+    }
+}
+
+/// Plaintext may be provided to an FST for encryption into a vector
+impl MealyInput for NoncePlaintext<'_, '_> {}
+
+/// A type similar to [`aead::Payload`] used to distinguish reader inputs from
+/// outputs when there's an explicit nonce.
+pub struct NonceCiphertext<'aad, 'msg> {
+    pub aad: &'aad [u8],
+    pub msg: &'msg [u8],
+    pub nonce: u64,
+}
+
+impl<'aad, 'msg> NonceCiphertext<'aad, 'msg> {
+    pub fn new(aad: &'aad [u8], msg: &'msg [u8], nonce: u64) -> Self {
+        Self { aad, msg, nonce }
+    }
+}
+
+/// Plaintext may be provided to an FST for encryption into a vector
+impl MealyInput for NonceCiphertext<'_, '_> {}
diff --git a/attest/ake/src/shared.rs b/attest/ake/src/shared.rs
@@ -3,7 +3,7 @@
 //! Common transitions between initiator and responder.
 
 use crate::{
-    event::{Ciphertext, Plaintext},
+    event::{Ciphertext, NonceCiphertext, NoncePlaintext, Plaintext},
     mealy::Transition,
     state::Ready,
 };
@@ -46,3 +46,39 @@ where
         Ok((retval, ciphertext))
     }
 }
+
+/// Ready + NonceCiphertext => Ready + Vec
+impl<Cipher> Transition<Ready<Cipher>, NonceCiphertext<'_, '_>, Vec<u8>> for Ready<Cipher>
+where
+    Cipher: NoiseCipher,
+{
+    type Error = CipherError;
+
+    fn try_next<R: CryptoRng + RngCore>(
+        self,
+        _csprng: &mut R,
+        input: NonceCiphertext<'_, '_>,
+    ) -> Result<(Ready<Cipher>, Vec<u8>), Self::Error> {
+        let mut retval = self;
+        let plaintext = retval.decrypt_with_nonce(input.aad, input.msg, input.nonce)?;
+        Ok((retval, plaintext))
+    }
+}
+
+/// Ready + NoncePlaintext => Ready + Vec
+impl<Cipher> Transition<Ready<Cipher>, NoncePlaintext<'_, '_>, Vec<u8>> for Ready<Cipher>
+where
+    Cipher: NoiseCipher,
+{
+    type Error = CipherError;
+
+    fn try_next<R: CryptoRng + RngCore>(
+        self,
+        _csprng: &mut R,
+        input: NoncePlaintext<'_, '_>,
+    ) -> Result<(Ready<Cipher>, Vec<u8>), Self::Error> {
+        let mut retval = self;
+        let ciphertext = retval.encrypt_with_nonce(input.aad, input.msg, input.nonce)?;
+        Ok((retval, ciphertext))
+    }
+}
diff --git a/attest/ake/src/state.rs b/attest/ake/src/state.rs
@@ -74,6 +74,7 @@ where
     pub fn binding(&self) -> &[u8] {
         self.binding.as_ref()
     }
+
     /// Using the writer cipher, encrypt the given plaintext.
     pub fn encrypt(&mut self, aad: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, CipherError> {
         self.writer.encrypt_with_ad(aad, plaintext)
@@ -83,6 +84,28 @@ where
     pub fn decrypt(&mut self, aad: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>, CipherError> {
         self.reader.decrypt_with_ad(aad, ciphertext)
     }
+
+    /// Using the writer cipher, encrypt the given plaintext for the nonce.
+    pub fn encrypt_with_nonce(
+        &mut self,
+        aad: &[u8],
+        plaintext: &[u8],
+        nonce: u64,
+    ) -> Result<Vec<u8>, CipherError> {
+        self.writer.set_nonce(nonce);
+        self.encrypt(aad, plaintext)
+    }
+
+    /// Using the reader cipher, decrypt the provided ciphertext for the nonce.
+    pub fn decrypt_with_nonce(
+        &mut self,
+        aad: &[u8],
+        ciphertext: &[u8],
+        nonce: u64,
+    ) -> Result<Vec<u8>, CipherError> {
+        self.reader.set_nonce(nonce);
+        self.decrypt(aad, ciphertext)
+    }
 }
 
 impl<Cipher> State for Ready<Cipher> where Cipher: NoiseCipher {}
diff --git a/attest/api/proto/attest.proto b/attest/api/proto/attest.proto
@@ -48,3 +48,20 @@ message Message {
         /// for use in the enclave.
         bytes data = 3;
 }
+
+/// An AEAD message with an explicit nonce.
+///
+/// This message is technically compatible with [`Message`], but exists to
+// ensure generated code doesn't use Message.
+message NonceMessage {
+        /// A byte array containing plaintext authenticated data.
+        bytes aad = 1;
+        /// An byte array containing the channel ID this message is
+        /// associated with. A zero-length channel ID is not valid.
+        bytes channel_id = 2;
+        /// A potentially encrypted bytestream containing opaque data intended
+        /// for use in the enclave.
+        bytes data = 3;
+        /// The explicit nonce.
+        fixed64 nonce = 4;
+}
diff --git a/attest/api/src/conversions.rs b/attest/api/src/conversions.rs
@@ -2,11 +2,11 @@
 
 //! Conversions from gRPC message types into consensus_enclave_api types.
 
-use crate::attest::{AuthMessage, Message};
+use crate::attest::{AuthMessage, Message, NonceMessage};
 use mc_attest_ake::{AuthRequestOutput, AuthResponseOutput};
 use mc_attest_enclave_api::{
-    ClientAuthRequest, ClientAuthResponse, EnclaveMessage, PeerAuthRequest, PeerAuthResponse,
-    Session,
+    ClientAuthRequest, ClientAuthResponse, EnclaveMessage, NonceSession, PeerAuthRequest,
+    PeerAuthResponse, Session,
 };
 use mc_crypto_keys::Kex;
 use mc_crypto_noise::{HandshakePattern, NoiseCipher, NoiseDigest};
@@ -103,7 +103,31 @@ impl<S: Session> From<EnclaveMessage<S>> for Message {
     fn from(src: EnclaveMessage<S>) -> Message {
         let mut retval = Message::default();
         retval.set_aad(src.aad);
-        retval.set_channel_id(src.channel_id.clone().into());
+        retval.set_channel_id(src.channel_id.into());
+        retval.set_data(src.data);
+        retval
+    }
+}
+
+impl From<NonceMessage> for EnclaveMessage<NonceSession> {
+    fn from(src: NonceMessage) -> Self {
+        let channel_id = NonceSession::new(src.channel_id, src.nonce);
+        Self {
+            aad: src.aad,
+            channel_id,
+            data: src.data,
+        }
+    }
+}
+
+impl From<EnclaveMessage<NonceSession>> for NonceMessage {
+    fn from(src: EnclaveMessage<NonceSession>) -> NonceMessage {
+        let mut retval = NonceMessage::default();
+        retval.set_aad(src.aad);
+        // it doesn't matter if we don't bump the nonce when retrieving it,
+        // src.channel_id will be discarded anyways.
+        retval.set_nonce(src.channel_id.peek_nonce());
+        retval.set_channel_id(src.channel_id.into());
         retval.set_data(src.data);
         retval
     }

diff --git a/attest/enclave-api/src/error.rs b/attest/enclave-api/src/error.rs
@@ -5,7 +5,7 @@
 use core::result::Result as StdResult;
 use displaydoc::Display;
 use mc_attest_ake::Error as AkeError;
-use mc_attest_core::{NonceError, QuoteError, SgxError};
+use mc_attest_core::{IntelSealingError, NonceError, ParseSealedError, QuoteError, SgxError};
 use mc_attest_verifier::Error as VerifierError;
 use mc_crypto_noise::CipherError;
 use mc_sgx_compat::sync::PoisonError;
@@ -50,6 +50,12 @@ pub enum Error {
     /// Another thread crashed while holding a lock
     Poison,
 
+    /// An error occurred during a sealing operation
+    Seal(IntelSealingError),
+
+    /// An error occurred during an unsealing operation
+    Unseal(ParseSealedError),
+
     /**
      * Invalid state for call
      *
@@ -109,3 +115,15 @@ impl From<VerifierError> for Error {
         Error::Verify(src)
     }
 }
+
+impl From<IntelSealingError> for Error {
+    fn from(src: IntelSealingError) -> Error {
+        Error::Seal(src)
+    }
+}
+
+impl From<ParseSealedError> for Error {
+    fn from(src: ParseSealedError) -> Error {
+        Error::Unseal(src)
+    }
+}