Skip to content

make Attest an async trait #360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
iximeow wants to merge 6 commits into
base: main
Choose a base branch
from
Open

make Attest an async trait #360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dd6111a
switch AttestSledAgent to an async trait
iximeow Mar 30, 2026
912dcef
move the rest of it
iximeow Mar 30, 2026
f0bc079
asyncify the rest of it
iximeow Mar 30, 2026
c008287
rustfmtttttt
iximeow Mar 30, 2026
d7c6909
process spawning also should be async
iximeow Mar 30, 2026
1d3084b
review
iximeow Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ resolver = "2"

[workspace.dependencies]
anyhow = { version = "1.0.100", default-features = false }
async-trait = "0.1.89"
attest.path = "attest"
chrono = { version = "0.4.42", default-features=false }
clap = { version = "4.5.51", features = ["derive", "env"] }
Expand Down
1 change: 1 addition & 0 deletions verifier-cli/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ tempfile.workspace = true
dice-verifier.path = "../verifier"
x509-cert = { workspace = true, default-features = true }
serde_json.workspace = true
tokio = { workspace = true, features = ["full"] }

[features]
ipcc = ["dice-verifier/ipcc"]
Expand Down
39 changes: 26 additions & 13 deletions verifier-cli/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ fn get_attest(interface: Interface, log: &Logger) -> Result<Box<dyn Attest>> {
slog::info!(log, "attesting via {interface:?}");
match interface {
#[cfg(feature = "ipcc")]
Interface::Ipcc => Ok(Box::new(AttestIpcc::new()?)),
Interface::Ipcc => Ok(Box::new(AttestIpcc::new())),
Interface::Rot => Ok(Box::new(AttestHiffy::new(AttestTask::Rot))),
#[cfg(feature = "sled-agent")]
Interface::SledAgent(addr) => {
Expand Down Expand Up @@ -205,7 +205,8 @@ impl fmt::Display for Encoding {
}
}

fn main() -> Result<()> {
#[tokio::main(flavor = "current_thread")]
async fn main() -> Result<()> {
let args = Args::parse();

let stderr_decorator = slog_term::TermDecorator::new().build();
Expand Down Expand Up @@ -246,6 +247,7 @@ fn main() -> Result<()> {
Nonce::try_from(nonce).context("Nonce from file contents")?;
let attestation = attest
.attest(&nonce)
.await
.context("Getting attestation with provided Nonce")?;

// serialize attestation to json & write to file
Expand All @@ -261,6 +263,7 @@ fn main() -> Result<()> {
AttestCommand::CertChain => {
let cert_chain = attest
.get_certificates()
.await
.context("Getting attestation certificate chain")?;

for cert in cert_chain {
Expand All @@ -277,6 +280,7 @@ fn main() -> Result<()> {
AttestCommand::Log => {
let log = attest
.get_measurement_log()
.await
.context("Getting attestation measurement log")?;
let mut log = serde_json::to_string(&log)
.context("Encode measurement log as JSON")?;
Expand Down Expand Up @@ -311,13 +315,16 @@ fn main() -> Result<()> {
// Use the directory provided by the caller to hold intermediate
// files, or fall back to a temp dir.
let platform_id = match work_dir {
Some(w) => verify(
attest.as_ref(),
ca_cert.as_deref(),
corpus.as_deref(),
self_signed,
&w,
)?,
Some(w) => {
verify(
attest.as_ref(),
ca_cert.as_deref(),
corpus.as_deref(),
self_signed,
&w,
)
.await?
}
None => {
if corpus.is_none() && !skip_appraisal {
return Err(anyhow!("no corpus provided but not instructed to skip measurement log appraisal"));
Expand All @@ -329,7 +336,8 @@ fn main() -> Result<()> {
corpus.as_deref(),
self_signed,
work_dir.as_ref(),
)?
)
.await?
}
};

Expand Down Expand Up @@ -358,7 +366,7 @@ fn main() -> Result<()> {
verify_measurements(&cert_chain, &log, &corpus)?;
}
AttestCommand::MeasurementSet => {
let set = measurement_set(attest.as_ref())?;
let set = measurement_set(attest.as_ref()).await?;
for item in set.into_iter() {
println!("* {item}");
}
Expand All @@ -368,15 +376,17 @@ fn main() -> Result<()> {
Ok(())
}

fn measurement_set(attest: &dyn Attest) -> Result<MeasurementSet> {
async fn measurement_set(attest: &dyn Attest) -> Result<MeasurementSet> {
info!("getting measurement log");
let log = attest
.get_measurement_log()
.await
.context("Get measurement log from attestor")?;
let mut cert_chain = Vec::new();

let certs = attest
.get_certificates()
.await
.context("Get certificate chain from attestor")?;

for (index, cert) in certs.iter().enumerate() {
Expand Down Expand Up @@ -431,7 +441,7 @@ fn verify_measurements(
.context("Verify measurements")
}

fn verify(
async fn verify(
attest: &dyn Attest,
ca_cert: Option<&Path>,
corpus: Option<&Path>,
Expand All @@ -453,6 +463,7 @@ fn verify(
info!("getting attestation");
let attestation = attest
.attest(&nonce)
.await
.context("Get attestation with nonce")?;

// serialize attestation to json & write to file
Expand All @@ -471,6 +482,7 @@ fn verify(
info!("getting measurement log");
let log = attest
.get_measurement_log()
.await
.context("Get measurement log from attestor")?;
let mut log = serde_json::to_string(&log)
.context("Serialize measurement log to JSON")?;
Expand All @@ -494,6 +506,7 @@ fn verify(

let certs = attest
.get_certificates()
.await
.context("Get certificate chain from attestor")?;

// the first cert in the chain / the leaf cert is the one
Expand Down
5 changes: 3 additions & 2 deletions verifier/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ license = "MPL-2.0"

[dependencies]
attest-data = { path = "../attest-data", features = ["std"] }
async-trait.workspace = true
const-oid.workspace = true
ed25519-dalek = { workspace = true, features = ["std"] }
env_logger.workspace = true
Expand All @@ -20,7 +21,7 @@ sha3.workspace = true
sled-agent-client = { workspace = true, optional = true }
sled-agent-types-versions = { workspace = true, optional = true }
slog.workspace = true
tokio = { workspace = true, features = [ "net", "rt", "time" ], optional = true }
tokio = { workspace = true, features = [ "net", "rt", "time", "process" ] }
tempfile.workspace = true
thiserror.workspace = true
x509-cert = { workspace = true, default-features = true }
Expand All @@ -33,4 +34,4 @@ attest-data = { path = "../attest-data", features = ["std", "testing"] }
testing = []
ipcc = ["libipcc"]
mock = ["ed25519-dalek/pem"]
sled-agent = ["sled-agent-client", "sled-agent-types-versions", "tokio"]
sled-agent = ["sled-agent-client", "sled-agent-types-versions"]
Loading
Loading