Skip to content

Commit 69eb974

Browse files
ameba23ameba23
committed
Comments
1 parent 98bf7bd commit 69eb974

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

src/attestation/mod.rs

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,19 @@ use x509_parser::prelude::*;
2323
/// For fetching collateral directly from intel, if no PCCS is specified
2424
const PCS_URL: &str = "https://api.trustedservices.intel.com";
2525

26+
/// This is the type sent over the channel to provide an attestation
2627
#[derive(Debug, Serialize, Deserialize, Encode, Decode)]
2728
pub struct AttesationPayload {
29+
/// What CVM platform is used (including none)
2830
pub attestation_type: AttestationType,
31+
/// The attestation evidence as bytes - in the case of DCAP this is a quote
2932
pub attestation: Vec<u8>,
3033
}
3134

3235
impl AttesationPayload {
36+
/// Given an attestation generator (quote generation function for a specific platform)
37+
/// return an attestation
38+
/// This also takes the certificate chain and exporter as they are given as input to the attestation
3339
pub fn from_attestation_generator(
3440
cert_chain: &[CertificateDer<'_>],
3541
exporter: [u8; 32],
@@ -41,6 +47,8 @@ impl AttesationPayload {
4147
})
4248
}
4349

50+
/// Create an empty attestation payload for the case that we are running in a non-confidential
51+
/// environment
4452
pub fn without_attestation() -> Self {
4553
Self {
4654
attestation_type: AttestationType::None,
@@ -81,6 +89,7 @@ impl AttestationType {
8189
}
8290
}
8391

92+
/// Get a quote generator for this type of platform
8493
pub fn get_quote_generator(&self) -> Result<Arc<dyn QuoteGenerator>, AttestationError> {
8594
match self {
8695
AttestationType::None => Ok(Arc::new(NoQuoteGenerator)),
@@ -93,12 +102,14 @@ impl AttestationType {
93102
}
94103
}
95104

105+
/// SCALE encode (used over the wire)
96106
impl Encode for AttestationType {
97107
fn encode(&self) -> Vec<u8> {
98108
self.as_str().encode()
99109
}
100110
}
101111

112+
/// SCALE decode
102113
impl Decode for AttestationType {
103114
fn decode<I: parity_scale_codec::Input>(
104115
input: &mut I,
@@ -127,9 +138,15 @@ pub trait QuoteGenerator: Send + Sync + 'static {
127138
) -> Result<Vec<u8>, AttestationError>;
128139
}
129140

141+
/// Allows remote attestations to be verified
130142
#[derive(Clone, Debug)]
131143
pub struct AttestationVerifier {
144+
/// The measurement values we accept
145+
///
146+
/// If this is empty, anything will be accepted - but measurements are always injected into HTTP
147+
/// headers, so that they can be verified upstream
132148
accepted_measurements: Vec<MeasurementRecord>,
149+
/// A PCCS service to use - defaults to Intel PCS
133150
pccs_url: Option<String>,
134151
}
135152

0 commit comments

Comments
 (0)