Implement Fog View Router (#3297)

* Fix Fog View Connection Cargo.toml dependencies

* Implement create_multi_view_query_data API for Fog View Router (#2115)

* Implement create_multi_view_store_query_data API

* Address remoun's comments

* Implement MultiViewStoreQuery API for Fog View  (#2133)

* Create MultiViewStoreQuery API for Fog View Store

* Implement multi_view_store_query in Fog View Store

* Use mut_decryption_error

* Implement enclave APIs that facilitate Fog View Router dynamic store discovery (#2200)

* Add client_init and client_connect enclave methods

* Move multiview query construction to ake enclave

* Implement Remoun's suggestions

* Implement second round of remoun's suggestions

* Remove duplicate wasi files

* Re-add older wasi version

* Implement query / dynamic shard component discovery in Fog View Router (#2189)

* Remove FogViewStoreUri

* Implement core Fog Router Service logic

* Refactor module structure and add tests

* Use where clauses

* Implement nick's suggestions

* Implement second round of nick's suggestions

* Implement lint suggestions

* Implement james's suggestions

* Fix naming error

* Fix whitespace

* Split Fog View API into Client-facing and Store (Fog Router) APIs (#2265)

* Add FogViewStoreUri

* Split Fog View API in two and implement

* Implement nick's suggestions

* Create helper methods to obliviously collate shard responses (#2252)

* Create helper methods that obliviously collate shard responses

* Implement chris's suggestions

* Fix error string

* Fix lint

* Sort dependencies

* Run format

* fix newline

* Collate shard response in constant time (obliviously) (#2250)

* Add backend decrypt method to ake enclave

* Add enclave methods for shard response collation

* Refactor response to always include view store uri

* Use shard responses to fill router response

* Implement Nick's suggestions and fix CI errors

* Implement epoch sharding via trait (#2350)

* Use sharding strategy to tell view what blocks to process (#2351)

* Return minimum highest processed block to client (#2387)

* Add config option for sharding strategy (#2352)

* Add readiness API to ShardingStrategy (#2353)

* Add readiness API to ShardingStrategy

* Implement readiness check per ShardingStrategy

* Change MVQR error to accommodate different types

* Set not ready message

* Pull out query processing logic to separate method

* Add report fetching logic to FVR (#2454)

* Fix responder ID usage in FVR (#2446)

* Create different types of View Servers for store and client-facing (#2447)

* Messages for noise protocol exchanges with explicit nonces (#2461)

* attest::NonceMessage, EnclaveNonceMessage, add handling to attest-ake

* Rustfmt fixes

* Minor DRY cleanups around sessions and auth messages (#2462)

* attest::NonceMessage, EnclaveNonceMessage, add handling to attest-ake

* Rustfmt fixes

* Minor DRY cleanups around sessions and auth messages

* Update FVR client for integration test (#2448)

* Create gRPC FogViewRouterAdminAPI (#2360)

* Create FogViewRouterAdminUri (#2361)

* update cargo lock

* Sealed messages for clients with backends (#2449)

* Implement client message to sealed message API for backends

* Update Fog View enclave to build with new AKE enclave API

* Rust type aliases don't protect against passing the aliased type, use a new type instead

* Re-add comment ASCII art

* Additional plumbing of new SealedClientMessage type

* Move SealedClientMessage, finish implementing in fog view router

* Properly update the lockfiles

* Fix clippy lint

* Update lockfiles again after rebase

Co-authored-by: Andrew Wygle <andrew@mobilecoin.com>

* Implement shard management API sans auth (#2354)

* Implement shard management API

* Implement James's suggestions

* Re-apply 2463. (#2547)

* Re-apply PR #2473 (was accidentally removed) (#2548)

* Reapply changes from #2473

* Add inbound frontend connection support crypto-ake-enclave (#2549)

* Add frontends

* Fix traits on NonceSession

* Make constants and comments slightly friendlier/more consistent (#2550)

* Re-apply 2463. (#2547)

* Fix traits on NonceSession

* Minor comment and constant consistency/friendliness changes

* Fix compile error.

* Fix deleted Eq from NonceSession.

* fix cargo lock

* Sort deps

* Fix cargo lock files

* Spurious commit to trigger CI

* Remove `get_nonce` from NonceSession, rename `peek_nonce`->`nonce` (#2638)

Also sort Cargo.toml files due to precommit hook.

* Replace client with nonce paradigm for backends (#2625)

* "Replace client with nonce paradigm for backends"

* Sort cargo deps

* Fix clone

* Fix clippy

* Modify MVQ to use NonceMessage (#2617)

* Fix view proto

* Save work

* Implement nick's suggestions + fix lint

* Fix fog conformance OOM failure by reducing `frontends` allocation (#2660)

* Fix CI and remove Cargo.lock changes

* Fix CI and remove Cargo.lock changes

* Create query_backend enclave methods (#2627)

* Create query_backend enclave methods

* Implement nick's suggestions

* Rename to QueryStore

* Implement nonce based auth for Fog View Store (#2653)

* Implement nonce based auth for Fog View Store

* Implement nonce based auth

* Close gRPC channel when client is dropped (#2692)

* Implement nonce based auth for Fog View Store

* Implement nonce based auth

* Close gRPC channel when client is dropped

* Close gRPC channel when client is dropped (#2694)

* Create fog view router test utils (#2698)

* Create fog view router test utils

* Implement nick's suggestions

* Add block range to MVQ response (#2720)

* Add block range to MVQ response

* Implement James's suggestions

* Update BlockTracker to use ShardingStrategy (#2711)

* Create MVQ internal type (#2721)

* Create MVQ internal type

* Remove explicit vec type

* Add unknown status

* Implement nick's suggestions

* Implement new highest processed block count logic (#2722)

* Implement highest processed block count logic based on gaps

* Implement James's suggestions

* Fix comment

* Set block-related data more accurately (#2726)

* Set block-related data more accurately

* Change last known block logic

* Implement nick's suggested test cases

* Create Fog View Router integration test (#2375)

* Create FVR integration tests

* Implement nick's suggestions

* Calculate last known block txo count and add tests (#2766)

* Calculate last known block txo count and add tests

* Implement Nick's suggestions

* Implement James's suggestions

* Collate remaining QueryResponse fields (#2781)

* Create types module

* Create shared data

* Implement Nick's suggestions

* Implement James's suggestions

* Clean up response creation (#2783)

* Make query batch logic compatible with sharding strategy (#2845)

* Fix DbFetcher logic and modify recovery db method to use BlockRange

* Implement Remoun's suggestions

* Re-submit 2803  (#2866)

* Replace ciphertext delta with explicit length field

* Implement Nick's suggestions

* Make payload_length fixed int

* Make FVR integration test more complex (#2804)

* Make FVR integration test more complex

* Implement Nick's + Andrew's suggestions

* Add unary apis to FogViewRouter (#2839)

* Add unary apis to FogViewRouter

* Implement Nick's suggestions

* Account for epochs in block tracker highest processed block count logic (#2857)

* Account for epochs in block tracker highest processed block count logic

* Create and use block range method for ingress keys

* Skip a key if the shard's epoch doesn't overlap

* Implement Chris's suggestion

* Incorporate missed blocks into calculation for highest processed block count (#2858)

* Incorporate missed blocks into calculation for highest processed block count

* Implement Nick's suggestions

* Fix blank query sealing issue (#2904)

* Fix blank query sealing issue

* Implement Nick's suggestions

* Rename seal message

* Remove FogViewApi from FogViewService (#2852)

* Remove FogViewApi from FogViewService

* Fix tests, parametrize, create util methods

* Remove FogViewRouterAdminUri

* Modify fog conformance and local tests

* Implement Nick's suggestions

* Implement James's suggestions

* Rename tests (#2905)

* Rename tests

* Implement Nick's suggestions

* Implement James's suggestions

* Create InternalTxOutSearchResult (#2880)

* Create FixedTxOutSearchResult

* Replace TxOutSearchResult with FixedTxOutSearchResult

* Implement tx out search result conversion

* Fill TxOutSearchResult field and update tests

* Implement Nick's suggestions

* Implement James's comments

* Fix response processing loop logic (#2946)

* Implement prometheus metrics for FVR (#2976)

* Remove unnecessary logs

* Create helper fn for response status

* Create methods that don't rely on ctx

* Implement correct prometheus metrics for FVR

* Implement nick's suggestions

* implement eran's suggestions

* fix: bump postgresql chart version

* fix: update scheme

* Implement optelemetry tracing for FVR (#2979)

* Implement optelemetry tracing for FVR

* implement eran's suggestions

* Merge master

* Fix lock files

* Ensure shards provide correct blocks (#2981)

* Add sharding_strategies field to config

* Plumb block range from config down to shard processor

* Throw error if block ranges do not match

* Fix python tests

* Implement James's and Andrew's suggestions

* Fix tests

* Run cargo fmt

* Fix python tests

* Fix default parse

* Add admin uri env var

* Fix typo

* Make Fog View Store return externally-addressable URI to Router (#3081)

* Fix store uri by using responder id

* Add log for uri

* Fix query param

* Fix test urls

* Use host and responder id in router service

* Add logging for ResponderId in router and store

* Add more logging

* Add more logging

* Re-add urls push

* Remove logging

* Fix clippy

* Fix clippy

* Fix e_tx_out_store (#3082)

* Fix e_tx_out_store

* Make default payload_length == 0

* Run format

* Fix clippy

* Implement James's suggestions

* Make find_record constant time (#3097)

* Make find_record constant time

* Implement Chris's suggestion

* Improve error logging for epoch sharding parsing (#3141)

* Improve error logging for epoch sharding parsing

* Fix string format

* Fix clippy lint re: expect statement

* Make shard uris delimiter be a comma (#3142)

* Improve error logging for epoch sharding parsing

* Fix string format

* Fix clippy lint re: expect statement

* Make shard uris delimiter be a comma

* Fix clap feature param

* Add uri logging

* Add uri logging

* Fix deps

* Remove custom readiness check

* Fix bad merge

* Use mc-rand

* Re-add edl dep

* Re-add all deps taken out by merge

* Update pem in mc-fog-view-server

* Update cargo lock

* Update Cargo.lock

* Implement Nick's suggestions

* Fix modified test

* Fix lint

* Add MC_SHARDING_STRATEGY env var

---------

Co-authored-by: James Cape <james@mobilecoin.com>
Co-authored-by: awygle <awygle@gmail.com>
Co-authored-by: Andrew Wygle <andrew@mobilecoin.com>
Co-authored-by: Aaron Weisberg <aaronweisberg@gmail.com>
Co-authored-by: Sam Dealy <samdealy@users.noreply.github.com>

.internal-ci/helm/fog-services/templates/supervisord-fog-view-configmap.yaml

@@ -11,7 +11,7 @@ data:
     priority=100
     environment=MC_SENTRY_DSN="%(ENV_FOG_VIEW_SENTRY_DSN)s"
     command=/usr/bin/fog_view_server
-      --client-listen-uri insecure-fog-view://0.0.0.0:3225/
+      --client-listen-uri insecure-fog-view-store://0.0.0.0:3225/
       --client-responder-id "%(ENV_CLIENT_RESPONDER_ID)s"
 {{- if (include "fogServices.clientAuth" .) }}
       --client-auth-token-secret "%(ENV_CLIENT_AUTH_TOKEN_SECRET)s"

Cargo.toml

@@ -105,6 +105,7 @@ members = [
     "fog/view/load-test",
     "fog/view/protocol",
     "fog/view/server",
+    "fog/view/server/test-utils",
     "go-grpc-gateway/testing",
     "ledger/db",
     "ledger/distribution",

api/Cargo.toml

@@ -22,6 +22,7 @@ mc-transaction-extra = { path = "../transaction/extra" }
 mc-transaction-summary = { path = "../transaction/summary" }
 mc-util-repr-bytes = { path = "../util/repr-bytes" }
 mc-util-serial = { path = "../util/serial" }
+mc-util-uri = { path = "../util/uri" }
 mc-watcher-api = { path = "../watcher/api" }
 
 bs58 = "0.4.0"

api/src/convert/error.rs

@@ -3,6 +3,7 @@
 use mc_blockchain_types::{BlockVersionError, ConvertError};
 use mc_crypto_keys::{KeyError, SignatureError};
 use mc_transaction_core::ring_signature::Error as RingSigError;
+use mc_util_uri::{UriConversionError, UriParseError};
 use std::{
     array::TryFromSliceError,
     convert::Infallible,
@@ -22,6 +23,8 @@ pub enum ConversionError {
     KeyCastError,
     MissingField(String),
     NarrowingCastError,
+    UriParse(UriParseError),
+    UriConversion(UriConversionError),
     ObjectMissing,
     Other,
 }
@@ -80,3 +83,15 @@ impl fmt::Display for ConversionError {
         write!(f, "ConversionError")
     }
 }
+
+impl From<UriParseError> for ConversionError {
+    fn from(error: UriParseError) -> Self {
+        Self::UriParse(error)
+    }
+}
+
+impl From<UriConversionError> for ConversionError {
+    fn from(error: UriConversionError) -> Self {
+        Self::UriConversion(error)
+    }
+}

attest/ake/src/event.rs

@@ -351,3 +351,50 @@ impl MealyInput for Ciphertext<'_, '_> {}
 
 /// Our outputs may be simple vectors for the proto-inside-grpc use case.
 impl MealyOutput for Vec<u8> {}
+
+/// A type similar to [`aead::Payload`] used to distinguish writer inputs from
+/// outputs when there's an explicit nonce.
+pub struct NoncePlaintext<'aad, 'msg>(Plaintext<'aad, 'msg>);
+
+impl<'aad, 'msg> NoncePlaintext<'aad, 'msg> {
+    /// Create a new NoncePlaintext object from the given slices.
+    pub fn new(aad: &'aad [u8], msg: &'msg [u8]) -> Self {
+        Self(Plaintext::new(aad, msg))
+    }
+
+    /// Grab a reference to the internal `aad` slice.
+    pub fn aad(&self) -> &[u8] {
+        self.0.aad
+    }
+
+    /// Grab a reference to the internal `msg` slice.
+    pub fn msg(&self) -> &[u8] {
+        self.0.msg
+    }
+}
+
+/// Plaintext may be provided to an FST for encryption into a vector
+impl MealyInput for NoncePlaintext<'_, '_> {}
+
+/// A tuple of bytes and a u64 can be output from an FST for the
+/// encrypt-for-explicit nonce case.
+impl MealyOutput for (Vec<u8>, u64) {}
+
+/// A type similar to [`aead::Payload`] used to distinguish reader inputs from
+/// outputs when there's an explicit nonce.
+pub struct NonceCiphertext<'aad, 'msg> {
+    pub ciphertext: Ciphertext<'aad, 'msg>,
+    pub nonce: u64,
+}
+
+impl<'aad, 'msg> NonceCiphertext<'aad, 'msg> {
+    pub fn new(aad: &'aad [u8], msg: &'msg [u8], nonce: u64) -> Self {
+        Self {
+            ciphertext: Ciphertext::new(aad, msg),
+            nonce,
+        }
+    }
+}
+
+/// Plaintext may be provided to an FST for decryption into a vector
+impl MealyInput for NonceCiphertext<'_, '_> {}

attest/ake/src/shared.rs

@@ -3,7 +3,7 @@
 //! Common transitions between initiator and responder.
 
 use crate::{
-    event::{Ciphertext, Plaintext},
+    event::{Ciphertext, NonceCiphertext, NoncePlaintext, Plaintext},
     mealy::Transition,
     state::Ready,
 };
@@ -46,3 +46,40 @@ where
         Ok((retval, ciphertext))
     }
 }
+
+/// Ready + NonceCiphertext => Ready + Vec
+impl<Cipher> Transition<Ready<Cipher>, NonceCiphertext<'_, '_>, Vec<u8>> for Ready<Cipher>
+where
+    Cipher: NoiseCipher,
+{
+    type Error = CipherError;
+
+    fn try_next<R: CryptoRng + RngCore>(
+        self,
+        _csprng: &mut R,
+        input: NonceCiphertext<'_, '_>,
+    ) -> Result<(Ready<Cipher>, Vec<u8>), Self::Error> {
+        let mut retval = self;
+        let plaintext =
+            retval.decrypt_with_nonce(input.ciphertext.aad, input.ciphertext.msg, input.nonce)?;
+        Ok((retval, plaintext))
+    }
+}
+
+/// Ready + NoncePlaintext => Ready + (Vec, u64)
+impl<Cipher> Transition<Ready<Cipher>, NoncePlaintext<'_, '_>, (Vec<u8>, u64)> for Ready<Cipher>
+where
+    Cipher: NoiseCipher,
+{
+    type Error = CipherError;
+
+    fn try_next<R: CryptoRng + RngCore>(
+        self,
+        _csprng: &mut R,
+        input: NoncePlaintext<'_, '_>,
+    ) -> Result<(Ready<Cipher>, (Vec<u8>, u64)), Self::Error> {
+        let mut retval = self;
+        let output = retval.encrypt_with_nonce(input.aad(), input.msg())?;
+        Ok((retval, output))
+    }
+}

attest/ake/src/state.rs

@@ -74,6 +74,7 @@ where
     pub fn binding(&self) -> &[u8] {
         self.binding.as_ref()
     }
+
     /// Using the writer cipher, encrypt the given plaintext.
     pub fn encrypt(&mut self, aad: &[u8], plaintext: &[u8]) -> Result<Vec<u8>, CipherError> {
         self.writer.encrypt_with_ad(aad, plaintext)
@@ -83,6 +84,29 @@ where
     pub fn decrypt(&mut self, aad: &[u8], ciphertext: &[u8]) -> Result<Vec<u8>, CipherError> {
         self.reader.decrypt_with_ad(aad, ciphertext)
     }
+
+    /// Using the writer cipher, encrypt the given plaintext and return the
+    /// nonce.
+    pub fn encrypt_with_nonce(
+        &mut self,
+        aad: &[u8],
+        plaintext: &[u8],
+    ) -> Result<(Vec<u8>, u64), CipherError> {
+        let nonce = self.writer.next_nonce();
+        let ciphertext = self.encrypt(aad, plaintext)?;
+        Ok((ciphertext, nonce))
+    }
+
+    /// Using the reader cipher, decrypt the provided ciphertext for the nonce.
+    pub fn decrypt_with_nonce(
+        &mut self,
+        aad: &[u8],
+        ciphertext: &[u8],
+        nonce: u64,
+    ) -> Result<Vec<u8>, CipherError> {
+        self.reader.set_nonce(nonce);
+        self.decrypt(aad, ciphertext)
+    }
 }
 
 impl<Cipher> State for Ready<Cipher> where Cipher: NoiseCipher {}