mobilecoinfoundation · joekottke · Apr 24, 2023 · Jul 13, 2022 · Jun 14, 2022 · Jun 23, 2022
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/fog/api/proto/fog_common.proto b/fog/api/proto/fog_common.proto
@@ -13,3 +13,8 @@ message BlockRange {
     /// One-past-the-end of the range
     uint64 end_block = 2;
 }
+
+message AddShardRequest {
+    // The shard's URI in string format.
+    string shard_uri = 1;
+}
diff --git a/fog/api/proto/ledger.proto b/fog/api/proto/ledger.proto
@@ -8,6 +8,96 @@ import "fog_common.proto";
 package fog_ledger;
 option go_package = "mobilecoin/api";
 
+import "google/protobuf/empty.proto";
+
+////
+// Ledger router API
+////
+
+service LedgerAPI {
+    rpc Request(stream LedgerRequest) returns (stream LedgerResponse) {}
+}
+
+service LedgerRouterAdminAPI {
+    // Adds a shard to the Fog Ledger Router's list of shards to query.
+    rpc AddShard(fog_common.AddShardRequest) returns (google.protobuf.Empty) {}
+}
+
+/// Fulfills requests sent by the Fog Ledger Router. This is not meant to fulfill requests sent directly by the client.
+service KeyImageStoreAPI {
+    /// This is called to perform IX key exchange with the enclave before calling GetOutputs.
+    rpc Auth(attest.AuthMessage) returns (attest.AuthMessage) {}
+    /// Input should be an encrypted MultiKeyImageStoreRequest, result is an encrypted response.
+    rpc MultiKeyImageStoreQuery(MultiKeyImageStoreRequest) returns (MultiKeyImageStoreResponse) {}
+}
+
+message LedgerRequest {
+    oneof request_data { 
+        attest.AuthMessage auth = 1;
+        attest.Message check_key_images = 2;
+        // TODO: Fill in block query service and merkle proof service.
+        // Potentially untrusted_tx_out_service? To be decided.     
+    }
+}
+
+message LedgerResponse {
+    oneof response_data { 
+        attest.AuthMessage auth = 1;
+        attest.Message check_key_image_response = 2;
+        // TODO: Fill in block query service and merkle proof service.
+        // Potentially untrusted_tx_out_service? To be decided.     
+    }
+}
+
+// Identical to FogViewStoreDecryptionError
+message FogLedgerStoreDecryptionError {
+    /// The FogLedgerStoreUri for the specific Fog Ledger Store that
+    /// tried to decrypt the MultiKeyImageStoreRequest and failed.
+    /// The client should subsequently authenticate with the machine
+    /// described by this URI.
+    string store_uri = 1;
+
+    /// An error message that describes the decryption error.
+    string error_message = 2;
+}
+
+// Identical to MultiViewStoreQueryRequest
+message MultiKeyImageStoreRequest {
+    /// A list of queries encrypted for Fog Ledger Stores.
+    repeated attest.NonceMessage queries = 1;
+}
+
+
+/// The status associated with a MultiKeyImageStoreQueryResponse
+enum MultiKeyImageStoreResponseStatus {
+    /// Ensure default value (unfilled status) doesn't falsely appear to be a success 
+    UNKNOWN = 0;
+    /// The Fog Ledger Store successfully fulfilled the request.
+    SUCCESS = 1;
+    /// The Fog Ledger Store is unable to decrypt a query within the MultiKeyImageStoreRequest. It needs to be authenticated
+    /// by the router.
+    AUTHENTICATION_ERROR = 2;
+    /// The Fog Ledger Store is not ready to service a MultiLedgerStoreQueryRequest. This might be because the store has
+    /// not loaded enough blocks yet.
+    NOT_READY = 3;
+}
+
+message MultiKeyImageStoreResponse {
+    /// Optional field that gets set when the Fog Ledger Store is able to decrypt a query
+    /// included in the MultiKeyImageStoreRequest and create a query response for that
+    //  query. This is an encrypted CheckKeyImagesResponse.
+    attest.NonceMessage query_response = 1;
+
+    /// The FogLedgerStore for the specific Fog Ledger Store that
+    /// tried to decrypt the MultiLedgerStoreQueryRequest and failed.
+    /// The client should subsequently authenticate with the machine
+    /// described by this URI.
+    string store_uri = 2;
+
+    /// Status that gets returned when the Fog Ledger Store services a MultiKeyImageStoreRequest.
+    MultiKeyImageStoreResponseStatus status = 3;
+}
+
 ////
 // Merkle proofs
 ////

diff --git a/fog/api/proto/view.proto b/fog/api/proto/view.proto
@@ -20,7 +20,7 @@ service FogViewRouterAPI {
 
 service FogViewRouterAdminAPI {
     // Adds a shard to the Fog View Router's list of shards to query.
-    rpc addShard(AddShardRequest) returns (google.protobuf.Empty) {}
+    rpc addShard(fog_common.AddShardRequest) returns (google.protobuf.Empty) {}
 }
 
 message AddShardRequest {

diff --git a/fog/api/src/conversions.rs b/fog/api/src/conversions.rs
@@ -2,7 +2,9 @@
 //
 // Contains helper methods that enable conversions for Fog Api types.
 
-use crate::{fog_common, ingest_common, view::MultiViewStoreQueryRequest};
+use crate::{
+    fog_common, ingest_common, ledger::MultiKeyImageStoreRequest, view::MultiViewStoreQueryRequest,
+};
 use mc_api::ConversionError;
 use mc_attest_api::attest;
 use mc_attest_enclave_api::{EnclaveMessage, NonceSession};
@@ -30,6 +32,25 @@ impl From<Vec<attest::NonceMessage>> for MultiViewStoreQueryRequest {
     }
 }
 
+impl From<Vec<EnclaveMessage<NonceSession>>> for MultiKeyImageStoreRequest {
+    fn from(enclave_messages: Vec<EnclaveMessage<NonceSession>>) -> MultiKeyImageStoreRequest {
+        enclave_messages
+            .into_iter()
+            .map(|enclave_message| enclave_message.into())
+            .collect::<Vec<attest::NonceMessage>>()
+            .into()
+    }
+}
+
+impl From<Vec<attest::NonceMessage>> for MultiKeyImageStoreRequest {
+    fn from(attested_query_messages: Vec<attest::NonceMessage>) -> MultiKeyImageStoreRequest {
+        let mut multi_key_image_store_request = MultiKeyImageStoreRequest::new();
+        multi_key_image_store_request.set_queries(attested_query_messages.into());
+
+        multi_key_image_store_request
+    }
+}
+
 impl From<&common::BlockRange> for fog_common::BlockRange {
     fn from(common_block_range: &common::BlockRange) -> fog_common::BlockRange {
         let mut proto_block_range = fog_common::BlockRange::new();

diff --git a/fog/ledger/connection/Cargo.toml b/fog/ledger/connection/Cargo.toml
@@ -10,12 +10,17 @@ rust-version = { workspace = true }
 [dependencies]
 # mobilecoin
 mc-api = { path = "../../../api" }
+mc-attest-ake = { path = "../../../attest/ake" }
+mc-attest-core = { path = "../../../attest/core" }
 mc-attest-verifier = { path = "../../../attest/verifier" }
 mc-blockchain-types = { path = "../../../blockchain/types" }
 mc-common = { path = "../../../common", features = ["log"] }
 mc-crypto-keys = { path = "../../../crypto/keys" }
+mc-crypto-noise = { path = "../../../crypto/noise" }
+mc-rand = "1.0"
 mc-transaction-core = { path = "../../../transaction/core" }
 mc-util-grpc = { path = "../../../util/grpc" }
+mc-util-serial = { path = "../../../util/serial" }
 mc-util-uri = { path = "../../../util/uri" }
 
 # fog
@@ -25,10 +30,13 @@ mc-fog-types = { path = "../../types" }
 mc-fog-uri = { path = "../../uri" }
 
 # third-party
+aes-gcm = "0.10.1"
 displaydoc = { version = "0.2", default-features = false }
+futures = "0.3"
 grpcio = "0.12.1"
 protobuf = "2.27.1"
 retry = "2.0"
+sha2 = { version = "0.10", default-features = false }
 
 [dev-dependencies]
 mc-common = { path = "../../../common", features = ["loggers"] }
diff --git a/fog/ledger/connection/src/lib.rs b/fog/ledger/connection/src/lib.rs
@@ -18,3 +18,6 @@ pub use merkle_proof::{FogMerkleProofGrpcClient, OutputError, OutputResultExtens
 
 mod untrusted;
 pub use untrusted::FogUntrustedLedgerGrpcClient;
+
+mod router_client;
+pub use router_client::LedgerGrpcClient;