flashbots
diff --git a/‎Cargo.lock‎
Lines changed: 34 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 3 additions & 2 deletions b/‎Cargo.toml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎LICENSE‎
Lines changed: 19 additions & 0 deletions b/‎LICENSE‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎src/attestation/mod.rs‎
Lines changed: 41 additions & 1 deletion b/‎src/attestation/mod.rs‎
Lines changed: 41 additions & 1 deletion
@@ -2,7 +2,7 @@
 name = "attested-tls-proxy"
 version = "0.1.0"
 edition = "2024"
-license = "MIT OR Apache-2.0"
+license = "MIT"
 
 [dependencies]
 tokio = { version = "1.48.0", features = ["full"] }
@@ -20,7 +20,7 @@ configfs-tsm = "0.0.2"
 rand_core = { version = "0.6.4", features = ["getrandom"] }
 dcap-qvl = "0.3.4"
 hex = "0.4.3"
-hyper = { version = "1.7.0", features = ["server"] }
+hyper = { version = "1.7.0", features = ["server", "http2"] }
 hyper-util = "0.1.17"
 http-body-util = "0.1.3"
 bytes = "1.10.1"
@@ -29,6 +29,7 @@ serde_json = "1.0.145"
 serde = "1.0.228"
 tracing = "0.1.41"
 tracing-subscriber = { version = "0.3.20", features = ["env-filter", "json"] }
+parity-scale-codec = "3.7.5"
 
 [dev-dependencies]
 rcgen = "0.14.5"
 
@@ -0,0 +1,19 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -1,6 +1,7 @@
 pub mod measurements;
 
 use measurements::{CvmImageMeasurements, MeasurementRecord, Measurements, PlatformMeasurements};
+use parity_scale_codec::{Decode, Encode};
 use serde::{Deserialize, Serialize};
 use std::{
     fmt::{self, Display, Formatter},
@@ -22,13 +23,19 @@ use x509_parser::prelude::*;
 /// For fetching collateral directly from intel, if no PCCS is specified
 const PCS_URL: &str = "https://api.trustedservices.intel.com";
 
-#[derive(Debug, Serialize, Deserialize)]
+/// This is the type sent over the channel to provide an attestation
+#[derive(Debug, Serialize, Deserialize, Encode, Decode)]
 pub struct AttesationPayload {
+    /// What CVM platform is used (including none)
     pub attestation_type: AttestationType,
+    /// The attestation evidence as bytes - in the case of DCAP this is a quote
     pub attestation: Vec<u8>,
 }
 
 impl AttesationPayload {
+    /// Given an attestation generator (quote generation function for a specific platform)
+    /// return an attestation
+    /// This also takes the certificate chain and exporter as they are given as input to the attestation
     pub fn from_attestation_generator(
         cert_chain: &[CertificateDer<'_>],
         exporter: [u8; 32],
@@ -39,6 +46,15 @@ impl AttesationPayload {
             attestation: attesation_generator.create_attestation(cert_chain, exporter)?,
         })
     }
+
+    /// Create an empty attestation payload for the case that we are running in a non-confidential
+    /// environment
+    pub fn without_attestation() -> Self {
+        Self {
+            attestation_type: AttestationType::None,
+            attestation: Vec::new(),
+        }
+    }
 }
 
 /// Type of attestaion used
@@ -73,6 +89,7 @@ impl AttestationType {
         }
     }
 
+    /// Get a quote generator for this type of platform
     pub fn get_quote_generator(&self) -> Result<Arc<dyn QuoteGenerator>, AttestationError> {
         match self {
             AttestationType::None => Ok(Arc::new(NoQuoteGenerator)),
@@ -85,6 +102,23 @@ impl AttestationType {
     }
 }
 
+/// SCALE encode (used over the wire)
+impl Encode for AttestationType {
+    fn encode(&self) -> Vec<u8> {
+        self.as_str().encode()
+    }
+}
+
+/// SCALE decode
+impl Decode for AttestationType {
+    fn decode<I: parity_scale_codec::Input>(
+        input: &mut I,
+    ) -> Result<Self, parity_scale_codec::Error> {
+        let s: String = String::decode(input)?;
+        serde_json::from_str(&format!("\"{s}\"")).map_err(|_| "Failed to decode enum".into())
+    }
+}
+
 impl Display for AttestationType {
     fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
         f.write_str(self.as_str())
@@ -104,9 +138,15 @@ pub trait QuoteGenerator: Send + Sync + 'static {
     ) -> Result<Vec<u8>, AttestationError>;
 }
 
+/// Allows remote attestations to be verified
 #[derive(Clone, Debug)]
 pub struct AttestationVerifier {
+    /// The measurement values we accept
+    ///
+    /// If this is empty, anything will be accepted - but measurements are always injected into HTTP
+    /// headers, so that they can be verified upstream
     accepted_measurements: Vec<MeasurementRecord>,
+    /// A PCCS service to use - defaults to Intel PCS
     pccs_url: Option<String>,
 }