Skip to content

Commit 57c0fcb

Browse files
metachrismetachris
committed
attested-get dcap-tdx support
1 parent 7453ce7 commit 57c0fcb

File tree

1 file changed

+14
-6
lines changed

1 file changed

+14
-6
lines changed

cmd/attested-get/main.go

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ package main
44
// Make a HTTP GET request over a TEE-attested connection (to a server with aTLS support),
55
// and print the verified measurements and the response payload.
66
//
7-
// Currently only works for Azure TDX but is straight-forward to expand.
7+
// Currently supports Azure TDX and DCAP TDX attestation.
88
//
99
// Usage:
1010
//
@@ -47,9 +47,11 @@ import (
4747
azure_tdx "github.com/flashbots/cvm-reverse-proxy/internal/attestation/azure/tdx"
4848
"github.com/flashbots/cvm-reverse-proxy/internal/attestation/measurements"
4949
"github.com/flashbots/cvm-reverse-proxy/internal/attestation/variant"
50+
"github.com/flashbots/cvm-reverse-proxy/internal/cloud/cloudprovider"
5051
"github.com/flashbots/cvm-reverse-proxy/internal/config"
5152
"github.com/flashbots/cvm-reverse-proxy/multimeasurements"
5253
"github.com/flashbots/cvm-reverse-proxy/proxy"
54+
dcap_tdx "github.com/flashbots/cvm-reverse-proxy/tdx"
5355
"github.com/urfave/cli/v2" // imports as package "cli"
5456
)
5557

@@ -70,9 +72,9 @@ var flags []cli.Flag = []cli.Flag{
7072
Usage: "Output file for the response payload",
7173
},
7274
&cli.StringFlag{
73-
Name: "attestation-type", // TODO: Add support for other attestation types
75+
Name: "attestation-type",
7476
Value: string(proxy.AttestationAzureTDX),
75-
Usage: "type of attestation to present (currently only azure-tdx)",
77+
Usage: "type of attestation to present (azure-tdx or dcap-tdx)",
7678
},
7779
&cli.StringFlag{
7880
Name: "expected-measurements",
@@ -145,9 +147,15 @@ func runClient(cCtx *cli.Context) (err error) {
145147
azure_tcbinfo_override.OverrideAzureValidatorsForV6SEAMLoader(log, []atls.Validator{validator})
146148
}
147149
validators = append(validators, validator)
150+
case proxy.AttestationDCAPTDX:
151+
// Prepare a dcap-tdx validator without any required measurements
152+
attConfig := &config.QEMUTDX{Measurements: measurements.DefaultsFor(cloudprovider.QEMU, variant.QEMUTDX{})}
153+
attConfig.SetMeasurements(measurements.M{})
154+
validator := dcap_tdx.NewValidator(attConfig, proxy.AttestationLogger{Log: log})
155+
validators = append(validators, validator)
148156
default:
149-
log.Error("currently only azure-tdx attestation is supported")
150-
return errors.New("currently only azure-tdx attestation is supported")
157+
log.Error("currently only azure-tdx and dcap-tdx attestation is supported")
158+
return errors.New("currently only azure-tdx and dcap-tdx attestation is supported")
151159
}
152160

153161
// Load expected measurements from file or URL (if provided)
@@ -188,7 +196,7 @@ func runClient(cCtx *cli.Context) (err error) {
188196
}
189197

190198
// Extract the aTLS variant and measurements from the TLS connection
191-
atlsVariant, extractedMeasurements, err := proxy.GetMeasurementsFromTLS(resp.TLS.PeerCertificates, []asn1.ObjectIdentifier{variant.AzureTDX{}.OID()})
199+
atlsVariant, extractedMeasurements, err := proxy.GetMeasurementsFromTLS(resp.TLS.PeerCertificates, []asn1.ObjectIdentifier{variant.AzureTDX{}.OID(), variant.QEMUTDX{}.OID()})
192200
if err != nil {
193201
log.Error("Error in getMeasurementsFromTLS", "err", err)
194202
return err

0 commit comments

Comments
 (0)