From 3810fb1feaa2ff24eb2372ba577d3a63f19ab61f Mon Sep 17 00:00:00 2001
From: Herman <herman@registree.io>
Date: Mon, 24 May 2021 13:31:08 +0200
Subject: [PATCH 01/10] feat(auth): add messages used to set access key, use
 rtc_types in protected channel

---
 rtc_tenclave/src/dh/protected_channel.rs | 12 +---
 rtc_types/src/enclave_messages.rs        | 71 ++++++++++++++++++++++++
 rtc_types/src/lib.rs                     |  1 +
 3 files changed, 74 insertions(+), 10 deletions(-)
 create mode 100644 rtc_types/src/enclave_messages.rs

diff --git a/rtc_tenclave/src/dh/protected_channel.rs b/rtc_tenclave/src/dh/protected_channel.rs
index 07a264fd..c41f69c8 100644
--- a/rtc_tenclave/src/dh/protected_channel.rs
+++ b/rtc_tenclave/src/dh/protected_channel.rs
@@ -4,6 +4,8 @@ use secrecy::{ExposeSecret, Secret};
 use sgx_tcrypto::{rsgx_rijndael128GCM_decrypt, rsgx_rijndael128GCM_encrypt};
 use sgx_types::*;
 
+use rtc_types::enclave_messages::{EncryptedEnclaveMessage, RecommendedAesGcmIv};
+
 use super::types::AlignedKey;
 use crate::util::concat_u8;
 
@@ -12,9 +14,6 @@ use super::enclave;
 #[cfg(not(test))]
 use sgx_tstd::enclave;
 
-// NIST AES-GCM recommended IV size
-type RecommendedAesGcmIv = [u8; 12];
-
 pub struct ProtectedChannel {
     iv_constructor: DeterministicAesGcmIvConstructor,
     key: Secret<AlignedKey>,
@@ -70,13 +69,6 @@ impl ProtectedChannel {
     }
 }
 
-pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: usize> {
-    tag: sgx_aes_gcm_128bit_tag_t,
-    ciphertext: [u8; MESSAGE_SIZE],
-    aad: [u8; AAD_SIZE],
-    nonce: RecommendedAesGcmIv,
-}
-
 /// Implement the deterministic construction of AES-GCM IVs, as described in section 8.2.1 of [NIST SP 800-38D],
 /// "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC".
 ///
diff --git a/rtc_types/src/enclave_messages.rs b/rtc_types/src/enclave_messages.rs
new file mode 100644
index 00000000..1c05f29b
--- /dev/null
+++ b/rtc_types/src/enclave_messages.rs
@@ -0,0 +1,71 @@
+use sgx_types::*;
+use std::mem;
+
+use rkyv::{Archive, Deserialize, Serialize};
+
+// NIST AES-GCM recommended IV size
+pub type RecommendedAesGcmIv = [u8; 12];
+
+#[repr(C)]
+pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: usize> {
+    pub tag: sgx_aes_gcm_128bit_tag_t,
+    pub ciphertext: [u8; MESSAGE_SIZE],
+    pub aad: [u8; AAD_SIZE],
+    pub nonce: RecommendedAesGcmIv,
+}
+
+// TODO: Macro?
+pub mod set_access_key {
+    use super::*;
+
+    #[derive(Archive, Deserialize, Serialize, Debug, PartialEq, Clone)]
+    pub struct Request {
+        // XXX: Technically this only needs to be available inside of enclave contexts.
+        //      It might make sense to conditionally export this as public.
+        pub uuid: [u8; 16],       // TODO: Use UUID crate?
+        pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
+    }
+
+    pub const REQUEST_SIZE: usize = mem::size_of::<<Request as Archive>::Archived>();
+
+    pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
+
+    #[derive(Archive, Deserialize, Serialize, Debug, PartialEq)]
+    pub struct Response {
+        pub success: bool,
+    }
+
+    pub const RESPONSE_SIZE: usize = mem::size_of::<<Response as Archive>::Archived>();
+
+    pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>;
+}
+
+#[cfg(test)]
+mod test {
+    use rkyv::{
+        archived_root,
+        ser::{serializers::BufferSerializer, Serializer},
+        Aligned, Deserialize, Infallible,
+    };
+
+    use super::*;
+
+    #[test]
+    fn test_set_access_key_msg() {
+        let request = set_access_key::Request {
+            uuid: [5u8; 16],
+            access_key: [2u8; 24],
+        };
+
+        let mut serializer = BufferSerializer::new(Aligned([0u8; set_access_key::REQUEST_SIZE]));
+        serializer.serialize_value(&request.clone()).unwrap();
+        let buf = serializer.into_inner();
+        let archived = unsafe { archived_root::<set_access_key::Request>(buf.as_ref()) };
+        let deserialized = archived.deserialize(&mut Infallible).unwrap();
+
+        assert_eq!(
+            request, deserialized,
+            "Deserialized request should match initial request"
+        );
+    }
+}
diff --git a/rtc_types/src/lib.rs b/rtc_types/src/lib.rs
index 9cad1da6..9af98c19 100644
--- a/rtc_types/src/lib.rs
+++ b/rtc_types/src/lib.rs
@@ -30,6 +30,7 @@ mod ecall_result;
 pub use ecall_result::*;
 
 pub mod byte_formats;
+pub mod enclave_messages;
 
 #[repr(C)]
 #[derive(Clone, Debug)]

From 1be13ad9865d2737525fb2f8788ae560ad9733ae Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Wed, 9 Jun 2021 18:57:38 +0200
Subject: [PATCH 02/10] refactor(rtc_types): reference ArchivedRequest &
 ArchivedResponse, for simplicity

---
 rtc_types/src/enclave_messages.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rtc_types/src/enclave_messages.rs b/rtc_types/src/enclave_messages.rs
index 1c05f29b..0d5c6a08 100644
--- a/rtc_types/src/enclave_messages.rs
+++ b/rtc_types/src/enclave_messages.rs
@@ -26,7 +26,7 @@ pub mod set_access_key {
         pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
     }
 
-    pub const REQUEST_SIZE: usize = mem::size_of::<<Request as Archive>::Archived>();
+    pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();
 
     pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
 
@@ -35,7 +35,7 @@ pub mod set_access_key {
         pub success: bool,
     }
 
-    pub const RESPONSE_SIZE: usize = mem::size_of::<<Response as Archive>::Archived>();
+    pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>();
 
     pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>;
 }

From d00b4b6fa182abc0f472775bf5a3659c6649f191 Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Tue, 8 Jun 2021 15:11:39 +0200
Subject: [PATCH 03/10] test(rtc_types::enclave_messages): use rkyv_format
 helpers

---
 rtc_types/src/enclave_messages.rs | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/rtc_types/src/enclave_messages.rs b/rtc_types/src/enclave_messages.rs
index 0d5c6a08..47099208 100644
--- a/rtc_types/src/enclave_messages.rs
+++ b/rtc_types/src/enclave_messages.rs
@@ -42,11 +42,7 @@ pub mod set_access_key {
 
 #[cfg(test)]
 mod test {
-    use rkyv::{
-        archived_root,
-        ser::{serializers::BufferSerializer, Serializer},
-        Aligned, Deserialize, Infallible,
-    };
+    use crate::byte_formats::rkyv_format;
 
     use super::*;
 
@@ -57,11 +53,8 @@ mod test {
             access_key: [2u8; 24],
         };
 
-        let mut serializer = BufferSerializer::new(Aligned([0u8; set_access_key::REQUEST_SIZE]));
-        serializer.serialize_value(&request.clone()).unwrap();
-        let buf = serializer.into_inner();
-        let archived = unsafe { archived_root::<set_access_key::Request>(buf.as_ref()) };
-        let deserialized = archived.deserialize(&mut Infallible).unwrap();
+        let buf = rkyv_format::write_array(&request).unwrap();
+        let deserialized = unsafe { rkyv_format::read_array(&buf) };
 
         assert_eq!(
             request, deserialized,

From 21d3492c8ac2f00633bbf57006290516791a0c6f Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Fri, 11 Jun 2021 19:24:15 +0200
Subject: [PATCH 04/10] style(rtc_types::enclave_messages): promote mod to
 directory

---
 rtc_types/src/{enclave_messages.rs => enclave_messages/mod.rs} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename rtc_types/src/{enclave_messages.rs => enclave_messages/mod.rs} (100%)

diff --git a/rtc_types/src/enclave_messages.rs b/rtc_types/src/enclave_messages/mod.rs
similarity index 100%
rename from rtc_types/src/enclave_messages.rs
rename to rtc_types/src/enclave_messages/mod.rs

From 23379e60d905f79c8d9cc24e1d24f2d5dfc867ee Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Fri, 11 Jun 2021 19:37:26 +0200
Subject: [PATCH 05/10] style(rtc_types::enclave_messages): extract mod
 set_access_key to file

---
 rtc_types/src/enclave_messages/mod.rs         | 54 +------------------
 .../src/enclave_messages/set_access_key.rs    | 48 +++++++++++++++++
 2 files changed, 50 insertions(+), 52 deletions(-)
 create mode 100644 rtc_types/src/enclave_messages/set_access_key.rs

diff --git a/rtc_types/src/enclave_messages/mod.rs b/rtc_types/src/enclave_messages/mod.rs
index 47099208..e1c08a30 100644
--- a/rtc_types/src/enclave_messages/mod.rs
+++ b/rtc_types/src/enclave_messages/mod.rs
@@ -1,7 +1,4 @@
-use sgx_types::*;
-use std::mem;
-
-use rkyv::{Archive, Deserialize, Serialize};
+use sgx_types::sgx_aes_gcm_128bit_tag_t;
 
 // NIST AES-GCM recommended IV size
 pub type RecommendedAesGcmIv = [u8; 12];
@@ -14,51 +11,4 @@ pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: us
     pub nonce: RecommendedAesGcmIv,
 }
 
-// TODO: Macro?
-pub mod set_access_key {
-    use super::*;
-
-    #[derive(Archive, Deserialize, Serialize, Debug, PartialEq, Clone)]
-    pub struct Request {
-        // XXX: Technically this only needs to be available inside of enclave contexts.
-        //      It might make sense to conditionally export this as public.
-        pub uuid: [u8; 16],       // TODO: Use UUID crate?
-        pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
-    }
-
-    pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();
-
-    pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
-
-    #[derive(Archive, Deserialize, Serialize, Debug, PartialEq)]
-    pub struct Response {
-        pub success: bool,
-    }
-
-    pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>();
-
-    pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>;
-}
-
-#[cfg(test)]
-mod test {
-    use crate::byte_formats::rkyv_format;
-
-    use super::*;
-
-    #[test]
-    fn test_set_access_key_msg() {
-        let request = set_access_key::Request {
-            uuid: [5u8; 16],
-            access_key: [2u8; 24],
-        };
-
-        let buf = rkyv_format::write_array(&request).unwrap();
-        let deserialized = unsafe { rkyv_format::read_array(&buf) };
-
-        assert_eq!(
-            request, deserialized,
-            "Deserialized request should match initial request"
-        );
-    }
-}
+pub mod set_access_key;
diff --git a/rtc_types/src/enclave_messages/set_access_key.rs b/rtc_types/src/enclave_messages/set_access_key.rs
new file mode 100644
index 00000000..5a4a7831
--- /dev/null
+++ b/rtc_types/src/enclave_messages/set_access_key.rs
@@ -0,0 +1,48 @@
+use core::mem;
+
+use rkyv::{Archive, Deserialize, Serialize};
+
+use crate::enclave_messages::EncryptedEnclaveMessage;
+
+#[derive(Archive, Deserialize, Serialize, Debug, PartialEq, Clone)]
+pub struct Request {
+    // XXX: Technically this only needs to be available inside of enclave contexts.
+    //      It might make sense to conditionally export this as public.
+    pub uuid: [u8; 16],       // TODO: Use UUID crate?
+    pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
+}
+
+pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();
+
+pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
+
+#[derive(Archive, Deserialize, Serialize, Debug, PartialEq)]
+pub struct Response {
+    pub success: bool,
+}
+
+pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>();
+
+pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>;
+
+#[cfg(test)]
+mod test {
+    use crate::byte_formats::rkyv_format;
+    use crate::enclave_messages::*;
+
+    #[test]
+    fn test_set_access_key_msg() {
+        let request = set_access_key::Request {
+            uuid: [5u8; 16],
+            access_key: [2u8; 24],
+        };
+
+        let buf = rkyv_format::write_array(&request).unwrap();
+        let deserialized = unsafe { rkyv_format::read_array(&buf) };
+
+        assert_eq!(
+            request, deserialized,
+            "Deserialized request should match initial request"
+        );
+    }
+}

From 79f4eee83effde94f9dc324ffe8d84fe1c57e0dc Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Fri, 11 Jun 2021 20:09:45 +0200
Subject: [PATCH 06/10] style(rtc_types::enclave_messages): add marker comments
 for FFI types

---
 rtc_types/src/enclave_messages/set_access_key.rs | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/rtc_types/src/enclave_messages/set_access_key.rs b/rtc_types/src/enclave_messages/set_access_key.rs
index 5a4a7831..77cbfd36 100644
--- a/rtc_types/src/enclave_messages/set_access_key.rs
+++ b/rtc_types/src/enclave_messages/set_access_key.rs
@@ -12,19 +12,27 @@ pub struct Request {
     pub access_key: [u8; 24], // [u8; ACCESS_KEY_BYTES]
 }
 
-pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();
-
-pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
-
 #[derive(Archive, Deserialize, Serialize, Debug, PartialEq)]
 pub struct Response {
     pub success: bool,
 }
 
+// Begin FFI types
+
+// FFI type: REQUEST_SIZE
+pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();
+
+// FFI type: EncryptedRequest
+pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
+
+// FFI type: RESPONSE_SIZE
 pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>();
 
+// FFI type: EncryptedResponse
 pub type EncryptedResponse = EncryptedEnclaveMessage<RESPONSE_SIZE, 0>;
 
+// End FFI types
+
 #[cfg(test)]
 mod test {
     use crate::byte_formats::rkyv_format;

From 25b471eb1c9381e74b77de8d525518e99ea84f5a Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Thu, 3 Jun 2021 16:07:29 +0200
Subject: [PATCH 07/10] feat(rtc_types::enclave_messages): add
 ng_set_access_key

Non-generic version of [`set_access_key`], with conversions.

This is a workaround for cbindgen not supporting const generics in
structs yet, and should be removed once cbindgen implements that.

Tracking issue: <https://github.com/eqrion/cbindgen/issues/687>
---
 codegen/auth_enclave/bindings.h               |   4 +
 codegen/data_enclave/bindings.h               |   4 +
 codegen/exec_enclave/bindings.h               |   4 +
 .../enclave_messages/ffi_set_access_key.rs    | 118 ++++++++++++++++++
 rtc_types/src/enclave_messages/mod.rs         |   1 +
 .../src/enclave_messages/set_access_key.rs    |   1 +
 6 files changed, 132 insertions(+)
 create mode 100644 rtc_types/src/enclave_messages/ffi_set_access_key.rs

diff --git a/codegen/auth_enclave/bindings.h b/codegen/auth_enclave/bindings.h
index 37c06b97..eba213e9 100644
--- a/codegen/auth_enclave/bindings.h
+++ b/codegen/auth_enclave/bindings.h
@@ -12,6 +12,10 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+#define SET_ACCESS_KEY_REQUEST_SIZE 40
+
+#define SET_ACCESS_KEY_RESPONSE_SIZE 1
+
 /**
  * FFI safe result type that can be converted to and from a rust result.
  */
diff --git a/codegen/data_enclave/bindings.h b/codegen/data_enclave/bindings.h
index 0e25e5dc..e0c026ed 100644
--- a/codegen/data_enclave/bindings.h
+++ b/codegen/data_enclave/bindings.h
@@ -12,6 +12,10 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+#define SET_ACCESS_KEY_REQUEST_SIZE 40
+
+#define SET_ACCESS_KEY_RESPONSE_SIZE 1
+
 typedef struct DataUploadResponse {
   uint8_t ciphertext[DATA_UPLOAD_RESPONSE_LEN];
   uint8_t nonce[24];
diff --git a/codegen/exec_enclave/bindings.h b/codegen/exec_enclave/bindings.h
index 37c06b97..eba213e9 100644
--- a/codegen/exec_enclave/bindings.h
+++ b/codegen/exec_enclave/bindings.h
@@ -12,6 +12,10 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+#define SET_ACCESS_KEY_REQUEST_SIZE 40
+
+#define SET_ACCESS_KEY_RESPONSE_SIZE 1
+
 /**
  * FFI safe result type that can be converted to and from a rust result.
  */
diff --git a/rtc_types/src/enclave_messages/ffi_set_access_key.rs b/rtc_types/src/enclave_messages/ffi_set_access_key.rs
new file mode 100644
index 00000000..2c7b27b2
--- /dev/null
+++ b/rtc_types/src/enclave_messages/ffi_set_access_key.rs
@@ -0,0 +1,118 @@
+//! FIXME: Non-generic version of [`set_access_key`], with conversions.
+//!
+//! This is a workaround for cbindgen not supporting const generics in structs yet,
+//! and should be removed once cbindgen implements that.
+//!
+//! Tracking issue: <https://github.com/eqrion/cbindgen/issues/687>
+//!
+//! These sizes should match the ones computed in `set_access_key`.
+//! (The Rust compiler should report an error if these don't line up:
+//! this can be used to update these if `set_access_key` changes.)
+
+use sgx_types::sgx_aes_gcm_128bit_tag_t;
+
+use super::{set_access_key, RecommendedAesGcmIv};
+
+// Begin FFI types
+// (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!)
+
+// FFI type: REQUEST_SIZE
+pub const SET_ACCESS_KEY_REQUEST_SIZE: usize = 40;
+
+// FFI type: EncryptedRequest
+#[repr(C)]
+pub struct SetAccessKeyEncryptedRequest {
+    pub tag: sgx_aes_gcm_128bit_tag_t,
+    pub ciphertext: [u8; SET_ACCESS_KEY_REQUEST_SIZE],
+    pub aad: [u8; 0],
+    pub nonce: RecommendedAesGcmIv,
+}
+
+// FFI type: RESPONSE_SIZE
+pub const SET_ACCESS_KEY_RESPONSE_SIZE: usize = 1;
+
+// FFI type: EncryptedResponse
+#[derive(Default)]
+#[repr(C)]
+pub struct SetAccessKeyEncryptedResponse {
+    pub tag: sgx_aes_gcm_128bit_tag_t,
+    pub ciphertext: [u8; SET_ACCESS_KEY_RESPONSE_SIZE],
+    pub aad: [u8; 0],
+    pub nonce: RecommendedAesGcmIv,
+}
+
+// End FFI types
+
+// Boilerplate From implementations:
+
+impl From<set_access_key::EncryptedRequest> for SetAccessKeyEncryptedRequest {
+    fn from(
+        set_access_key::EncryptedRequest {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        }: set_access_key::EncryptedRequest,
+    ) -> Self {
+        return SetAccessKeyEncryptedRequest {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        };
+    }
+}
+
+impl From<SetAccessKeyEncryptedRequest> for set_access_key::EncryptedRequest {
+    fn from(
+        SetAccessKeyEncryptedRequest {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        }: SetAccessKeyEncryptedRequest,
+    ) -> Self {
+        return set_access_key::EncryptedRequest {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        };
+    }
+}
+
+impl From<set_access_key::EncryptedResponse> for SetAccessKeyEncryptedResponse {
+    fn from(
+        set_access_key::EncryptedResponse {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        }: set_access_key::EncryptedResponse,
+    ) -> Self {
+        return SetAccessKeyEncryptedResponse {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        };
+    }
+}
+
+impl From<SetAccessKeyEncryptedResponse> for set_access_key::EncryptedResponse {
+    fn from(
+        SetAccessKeyEncryptedResponse {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        }: SetAccessKeyEncryptedResponse,
+    ) -> Self {
+        return set_access_key::EncryptedResponse {
+            tag,
+            ciphertext,
+            aad,
+            nonce,
+        };
+    }
+}
diff --git a/rtc_types/src/enclave_messages/mod.rs b/rtc_types/src/enclave_messages/mod.rs
index e1c08a30..50dfdf40 100644
--- a/rtc_types/src/enclave_messages/mod.rs
+++ b/rtc_types/src/enclave_messages/mod.rs
@@ -11,4 +11,5 @@ pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: us
     pub nonce: RecommendedAesGcmIv,
 }
 
+pub mod ffi_set_access_key;
 pub mod set_access_key;
diff --git a/rtc_types/src/enclave_messages/set_access_key.rs b/rtc_types/src/enclave_messages/set_access_key.rs
index 77cbfd36..57533669 100644
--- a/rtc_types/src/enclave_messages/set_access_key.rs
+++ b/rtc_types/src/enclave_messages/set_access_key.rs
@@ -18,6 +18,7 @@ pub struct Response {
 }
 
 // Begin FFI types
+// (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!)
 
 // FFI type: REQUEST_SIZE
 pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();

From 576cf49f341ef476e2ed0083ce3c59a13b1b836b Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Fri, 11 Jun 2021 20:16:50 +0200
Subject: [PATCH 08/10] fix(rtc_types::enclave_messages): work around cbindgen
 generic type handling issues

Issues:

* https://github.com/eqrion/cbindgen/issues/7
* https://github.com/eqrion/cbindgen/issues/286
* https://github.com/eqrion/cbindgen/issues/573
---
 rtc_types/src/enclave_messages/mod.rs            | 12 +++++++++++-
 rtc_types/src/enclave_messages/set_access_key.rs |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/rtc_types/src/enclave_messages/mod.rs b/rtc_types/src/enclave_messages/mod.rs
index 50dfdf40..ba12bba5 100644
--- a/rtc_types/src/enclave_messages/mod.rs
+++ b/rtc_types/src/enclave_messages/mod.rs
@@ -11,5 +11,15 @@ pub struct EncryptedEnclaveMessage<const MESSAGE_SIZE: usize, const AAD_SIZE: us
     pub nonce: RecommendedAesGcmIv,
 }
 
-pub mod ffi_set_access_key;
+/// XXX: Ignore this module to work around cbindgen generic type handling
+///
+/// Issues:
+///
+/// * <https://github.com/eqrion/cbindgen/issues/7>
+/// * <https://github.com/eqrion/cbindgen/issues/286>
+/// * <https://github.com/eqrion/cbindgen/issues/573>
+///
+/// cbindgen:ignore
 pub mod set_access_key;
+
+pub mod ffi_set_access_key;
diff --git a/rtc_types/src/enclave_messages/set_access_key.rs b/rtc_types/src/enclave_messages/set_access_key.rs
index 57533669..fdb40a3f 100644
--- a/rtc_types/src/enclave_messages/set_access_key.rs
+++ b/rtc_types/src/enclave_messages/set_access_key.rs
@@ -2,7 +2,7 @@ use core::mem;
 
 use rkyv::{Archive, Deserialize, Serialize};
 
-use crate::enclave_messages::EncryptedEnclaveMessage;
+use crate::enclave_messages::{EncryptedEnclaveMessage, ARCHIVED_ENCLAVE_ID_SIZE};
 
 #[derive(Archive, Deserialize, Serialize, Debug, PartialEq, Clone)]
 pub struct Request {

From e57a54d752375f1872fc3d53bd43951dd4746234 Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Fri, 11 Jun 2021 20:50:16 +0200
Subject: [PATCH 09/10] feat(rtc_types::enclave_messages): add
 ARCHIVED_ENCLAVE_ID_SIZE

---
 rtc_types/src/enclave_messages/mod.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/rtc_types/src/enclave_messages/mod.rs b/rtc_types/src/enclave_messages/mod.rs
index ba12bba5..2e00ab49 100644
--- a/rtc_types/src/enclave_messages/mod.rs
+++ b/rtc_types/src/enclave_messages/mod.rs
@@ -1,4 +1,11 @@
-use sgx_types::sgx_aes_gcm_128bit_tag_t;
+use core::mem;
+
+use rkyv::Archive;
+use sgx_types::{sgx_aes_gcm_128bit_tag_t, sgx_enclave_id_t};
+
+/// Size of [`Archive`] of [`sgx_enclave_id_t`].
+pub const ARCHIVED_ENCLAVE_ID_SIZE: usize =
+    mem::size_of::<<sgx_enclave_id_t as Archive>::Archived>();
 
 // NIST AES-GCM recommended IV size
 pub type RecommendedAesGcmIv = [u8; 12];

From 9c50c82932b41d978900ecd1c48e8bed48000654 Mon Sep 17 00:00:00 2001
From: Pi Delport <pi@registree.io>
Date: Fri, 11 Jun 2021 20:52:19 +0200
Subject: [PATCH 10/10] feat(rtc_types::enclave_messages::set_access_key): add
 enclave ID to EncryptedRequest as AAD

---
 codegen/auth_enclave/bindings.h                      | 2 ++
 codegen/data_enclave/bindings.h                      | 2 ++
 codegen/exec_enclave/bindings.h                      | 2 ++
 rtc_types/src/enclave_messages/ffi_set_access_key.rs | 5 ++++-
 rtc_types/src/enclave_messages/set_access_key.rs     | 2 +-
 5 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/codegen/auth_enclave/bindings.h b/codegen/auth_enclave/bindings.h
index eba213e9..9820e422 100644
--- a/codegen/auth_enclave/bindings.h
+++ b/codegen/auth_enclave/bindings.h
@@ -12,6 +12,8 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+#define ARCHIVED_ENCLAVE_ID_SIZE 8
+
 #define SET_ACCESS_KEY_REQUEST_SIZE 40
 
 #define SET_ACCESS_KEY_RESPONSE_SIZE 1
diff --git a/codegen/data_enclave/bindings.h b/codegen/data_enclave/bindings.h
index e0c026ed..63570f99 100644
--- a/codegen/data_enclave/bindings.h
+++ b/codegen/data_enclave/bindings.h
@@ -12,6 +12,8 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+#define ARCHIVED_ENCLAVE_ID_SIZE 8
+
 #define SET_ACCESS_KEY_REQUEST_SIZE 40
 
 #define SET_ACCESS_KEY_RESPONSE_SIZE 1
diff --git a/codegen/exec_enclave/bindings.h b/codegen/exec_enclave/bindings.h
index eba213e9..9820e422 100644
--- a/codegen/exec_enclave/bindings.h
+++ b/codegen/exec_enclave/bindings.h
@@ -12,6 +12,8 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+#define ARCHIVED_ENCLAVE_ID_SIZE 8
+
 #define SET_ACCESS_KEY_REQUEST_SIZE 40
 
 #define SET_ACCESS_KEY_RESPONSE_SIZE 1
diff --git a/rtc_types/src/enclave_messages/ffi_set_access_key.rs b/rtc_types/src/enclave_messages/ffi_set_access_key.rs
index 2c7b27b2..aed70674 100644
--- a/rtc_types/src/enclave_messages/ffi_set_access_key.rs
+++ b/rtc_types/src/enclave_messages/ffi_set_access_key.rs
@@ -13,6 +13,9 @@ use sgx_types::sgx_aes_gcm_128bit_tag_t;
 
 use super::{set_access_key, RecommendedAesGcmIv};
 
+// See enclave_messages::ARCHIVED_ENCLAVE_ID_SIZE
+pub const ARCHIVED_ENCLAVE_ID_SIZE: usize = 8;
+
 // Begin FFI types
 // (Keep these FFI type comments in sync between set_access_key and ffi_set_access_key, for diffing!)
 
@@ -24,7 +27,7 @@ pub const SET_ACCESS_KEY_REQUEST_SIZE: usize = 40;
 pub struct SetAccessKeyEncryptedRequest {
     pub tag: sgx_aes_gcm_128bit_tag_t,
     pub ciphertext: [u8; SET_ACCESS_KEY_REQUEST_SIZE],
-    pub aad: [u8; 0],
+    pub aad: [u8; ARCHIVED_ENCLAVE_ID_SIZE],
     pub nonce: RecommendedAesGcmIv,
 }
 
diff --git a/rtc_types/src/enclave_messages/set_access_key.rs b/rtc_types/src/enclave_messages/set_access_key.rs
index fdb40a3f..544e2935 100644
--- a/rtc_types/src/enclave_messages/set_access_key.rs
+++ b/rtc_types/src/enclave_messages/set_access_key.rs
@@ -24,7 +24,7 @@ pub struct Response {
 pub const REQUEST_SIZE: usize = mem::size_of::<ArchivedRequest>();
 
 // FFI type: EncryptedRequest
-pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, 0>;
+pub type EncryptedRequest = EncryptedEnclaveMessage<REQUEST_SIZE, ARCHIVED_ENCLAVE_ID_SIZE>;
 
 // FFI type: RESPONSE_SIZE
 pub const RESPONSE_SIZE: usize = mem::size_of::<ArchivedResponse>();