mobilecoinfoundation · jcape · Sep 28, 2022 · Sep 16, 2022 · Sep 19, 2022
diff --git a/attest/enclave-api/src/lib.rs b/attest/enclave-api/src/lib.rs
@@ -79,19 +79,6 @@ pub struct EnclaveMessage<S: Session> {
     pub data: Vec<u8>,
 }
 
-/// Inbound and outbound messages to/from an enclave with an explicit nonce.
-#[derive(Clone, Debug, Default, Deserialize, Eq, Hash, Ord, PartialEq, PartialOrd, Serialize)]
-pub struct EnclaveNonceMessage<S: Session> {
-    /// Authenticated data, if any.
-    pub aad: Vec<u8>,
-    /// The channel ID of this message.
-    pub channel_id: S,
-    /// The encrypted payload data of this message.
-    pub data: Vec<u8>,
-    /// The explicit nonce for this message.
-    pub nonce: u64,
-}
-
 /// An EnclaveMessage<ClientSession> sealed for the current enclave
 #[derive(Clone, Debug, Deserialize, Serialize)]
 pub struct SealedClientMessage {
@@ -157,7 +144,7 @@ impl Session for PeerSession {
 
 /// An opaque bytestream used as a session ID for a session which uses explicit
 /// nonces.
-#[derive(Clone, Debug, Default, Deserialize, PartialOrd, Serialize)]
+#[derive(Clone, Debug, Default, Deserialize, Eq, PartialOrd, Serialize)]
 pub struct NonceSession {
     channel_id: Vec<u8>,
     nonce: u64,

diff --git a/crypto/ake/enclave/src/lib.rs b/crypto/ake/enclave/src/lib.rs
@@ -4,7 +4,7 @@
 extern crate alloc;
 
 use aes_gcm::Aes256Gcm;
-use alloc::{string::ToString, vec::Vec};
+use alloc::{borrow::ToOwned, string::ToString, vec::Vec};
 use digest::Digest;
 use mc_attest_ake::{
     AuthPending, AuthRequestOutput, AuthResponseInput, AuthResponseOutput, ClientAuthRequestInput,
@@ -15,8 +15,9 @@ use mc_attest_core::{
     VerificationReport,
 };
 use mc_attest_enclave_api::{
-    ClientAuthRequest, ClientAuthResponse, ClientSession, EnclaveMessage, Error, PeerAuthRequest,
-    PeerAuthResponse, PeerSession, Result, SealedClientMessage,
+    ClientAuthRequest, ClientAuthResponse, ClientSession, EnclaveMessage, Error, NonceAuthRequest,
+    NonceAuthResponse, NonceSession, PeerAuthRequest, PeerAuthResponse, PeerSession, Result,
+    SealedClientMessage,
 };
 use mc_attest_trusted::{EnclaveReport, SealAlgo};
 use mc_attest_verifier::{MrEnclaveVerifier, Verifier, DEBUG_ENCLAVE};
@@ -36,6 +37,9 @@ const MAX_AUTH_PENDING_REQUESTS: usize = 64;
 /// Max number of peer sessions.
 const MAX_PEER_SESSIONS: usize = 64;
 
+/// Maximum number of concurrent sessions to this enclave from router enclaves.
+const MAX_FRONTEND_SESSIONS: usize = 10_000;
+
 /// Max number of backends that this enclave can connect to as a client.
 const MAX_BACKEND_CONNECTIONS: usize = 10000;
 
@@ -94,6 +98,10 @@ pub struct AkeEnclaveState<EI: EnclaveIdentity> {
     /// A map of channel ID to connection state
     clients: Mutex<LruCache<ClientSession, Ready<Aes256Gcm>>>,
 
+    /// A map of inbound session IDs to  connection states, for use by a
+    /// store/router backend
+    frontends: Mutex<LruCache<NonceSession, Ready<Aes256Gcm>>>,
+
     /// A map of ResponderIds for each enclave that serves as a backend to the
     /// current enclave.
     backends: Mutex<LruCache<ResponderId, Ready<Aes256Gcm>>>,
@@ -121,6 +129,7 @@ impl<EI: EnclaveIdentity> AkeEnclaveState<EI> {
             peer_outbound: Mutex::new(LruCache::new(MAX_PEER_SESSIONS)),
             peer_inbound: Mutex::new(LruCache::new(MAX_PEER_SESSIONS)),
             clients: Mutex::new(LruCache::new(MAX_CLIENT_SESSIONS)),
+            frontends: Mutex::new(LruCache::new(MAX_FRONTEND_SESSIONS)),
             backends: Mutex::new(LruCache::new(MAX_BACKEND_CONNECTIONS)),
         }
     }
@@ -185,6 +194,49 @@ impl<EI: EnclaveIdentity> AkeEnclaveState<EI> {
         }
     }
 
+    /// Accept an explicit-nonce session from a frontend service to our client
+    /// responder ID
+    pub fn frontend_accept(
+        &self,
+        req: NonceAuthRequest,
+    ) -> Result<(NonceAuthResponse, NonceSession)> {
+        let local_identity = self.kex_identity.clone();
+        let ias_report = self.get_ias_report()?;
+
+        // Create the state machine
+        let responder = Start::new(self.get_client_self_id()?.to_string());
+
+        // Massage the request message into state machine input
+        let auth_request = {
+            let req: Vec<u8> = req.into();
+            ClientAuthRequestInput::<X25519, Aes256Gcm, Sha512>::new(
+                AuthRequestOutput::from(req),
+                local_identity,
+                ias_report,
+            )
+        };
+
+        // Advance the state machine
+        let mut csprng = McRng::default();
+        let (responder, auth_response) = responder.try_next(&mut csprng, auth_request)?;
+        // For the first message, nonce is a zero
+        let session_id = NonceSession::new(responder.binding().to_owned(), 0);
+
+        // This session is established as far as we are concerned.
+        self.frontends.lock()?.put(session_id.clone(), responder);
+
+        // Massage the state machine output into the response message
+        let auth_response: Vec<u8> = auth_response.into();
+
+        Ok((NonceAuthResponse::from(auth_response), session_id))
+    }
+
+    /// Drops a session from the given frontend router enclave.
+    pub fn frontend_close(&self, channel_id: NonceSession) -> Result<()> {
+        self.frontends.lock()?.pop(&channel_id);
+        Ok(())
+    }
+
     /// Constructs a ClientAuthRequest to be sent to an enclave backend.
     ///
     /// Differs from peer_init in that this enclave does not establish a peer