From c97df9c8c09e5c009d96d0d0dfff2d8a5aefb951 Mon Sep 17 00:00:00 2001 From: peg Date: Tue, 13 Jan 2026 15:33:05 +0100 Subject: [PATCH 1/2] Improve doccomments --- src/attestation/azure/mod.rs | 3 ++- src/attestation/mod.rs | 48 ++++++++++++++++++++++-------------- src/attested_get.rs | 1 + src/attested_tls.rs | 1 + src/file_server.rs | 1 + src/health_check.rs | 1 + src/lib.rs | 1 + src/test_helpers.rs | 1 + 8 files changed, 37 insertions(+), 20 deletions(-) diff --git a/src/attestation/azure/mod.rs b/src/attestation/azure/mod.rs index 173f95b..6d0cb71 100644 --- a/src/attestation/azure/mod.rs +++ b/src/attestation/azure/mod.rs @@ -1,4 +1,4 @@ -//! Microsoft Azure Attestation (MAA) evidence generation and verification +//! Microsoft Azure vTPM attestation evidence generation and verification mod ak_certificate; mod nv_index; use ak_certificate::{read_ak_certificate_from_tpm, verify_ak_cert_with_azure_roots}; @@ -245,6 +245,7 @@ impl RsaPubKey { } } +/// An error when generating or verifying a Microsoft Azure vTPM attestation #[derive(Error, Debug)] pub enum MaaError { #[error("Report: {0}")] diff --git a/src/attestation/mod.rs b/src/attestation/mod.rs index 4f8cd75..a3df20d 100644 --- a/src/attestation/mod.rs +++ b/src/attestation/mod.rs @@ -1,3 +1,5 @@ +//! CVM attestation generation and verification + #[cfg(feature = "azure")] pub mod azure; pub mod dcap; @@ -122,23 +124,7 @@ pub struct AttestationGenerator { } impl AttestationGenerator { - /// Create an [AttestationGenerator] detecting the attestation type if it is specified as 'auto' - pub async fn new_with_detection( - attestation_type_string: Option, - dummy_dcap_url: Option, - ) -> Result { - let attestation_type_string = attestation_type_string.unwrap_or_else(|| "auto".to_string()); - let attestaton_type = if attestation_type_string == "auto" { - tracing::info!("Doing attestation type detection..."); - AttestationType::detect().await? - } else { - serde_json::from_value(serde_json::Value::String(attestation_type_string))? - }; - tracing::info!("Local platform: {attestaton_type}"); - - Self::new(attestaton_type, dummy_dcap_url) - } - + /// Create an attesation generator with given attestation type pub fn new( attestation_type: AttestationType, dummy_dcap_url: Option, @@ -149,6 +135,13 @@ impl AttestationGenerator { } } + /// Detect what confidential compute platform is present and create the approprate attestation + /// generator + pub async fn detect() -> Result { + Self::new_with_detection(None, None).await + } + + /// Do not generate attestations pub fn with_no_attestation() -> Self { Self { attestation_type: AttestationType::None, @@ -156,6 +149,23 @@ impl AttestationGenerator { } } + /// Create an [AttestationGenerator] detecting the attestation type if it is not given + pub async fn new_with_detection( + attestation_type_string: Option, + dummy_dcap_url: Option, + ) -> Result { + let attestation_type_string = attestation_type_string.unwrap_or_else(|| "auto".to_string()); + let attestaton_type = if attestation_type_string == "auto" { + tracing::info!("Doing attestation type detection..."); + AttestationType::detect().await? + } else { + serde_json::from_value(serde_json::Value::String(attestation_type_string))? + }; + tracing::info!("Local platform: {attestaton_type}"); + + Self::new(attestaton_type, dummy_dcap_url) + } + /// Create an [AttestationGenerator] without a given dummy DCAP url - meaning Dummy attestation /// type will not be possible pub fn new_not_dummy(attestation_type: AttestationType) -> Result { @@ -190,7 +200,7 @@ impl AttestationGenerator { } } - /// Generate an attestation exchange message + /// Generate an attestation exchange message with given input data pub async fn generate_attestation( &self, input_data: [u8; 64], @@ -201,7 +211,7 @@ impl AttestationGenerator { }) } - /// Generate attestation evidence bytes based on attestation type + /// Generate attestation evidence bytes based on attestation type, with given input data async fn generate_attestation_bytes( &self, input_data: [u8; 64], diff --git a/src/attested_get.rs b/src/attested_get.rs index 70e3ee0..036e916 100644 --- a/src/attested_get.rs +++ b/src/attested_get.rs @@ -1,3 +1,4 @@ +//! A one-shot attested TLS proxy client which sends a single GET request and returns the response use crate::{AttestationGenerator, AttestationVerifier, ProxyClient, ProxyError}; use tokio_rustls::rustls::pki_types::CertificateDer; diff --git a/src/attested_tls.rs b/src/attested_tls.rs index c366c8b..da177fc 100644 --- a/src/attested_tls.rs +++ b/src/attested_tls.rs @@ -1,3 +1,4 @@ +//! Attested TLS protocol server and client use crate::{ attestation::{ measurements::MultiMeasurements, AttestationError, AttestationExchangeMessage, diff --git a/src/file_server.rs b/src/file_server.rs index fa2c6d1..39fff19 100644 --- a/src/file_server.rs +++ b/src/file_server.rs @@ -1,3 +1,4 @@ +//! Static HTTP file server provided by an attested TLS proxy server use crate::{AttestationGenerator, AttestationVerifier, ProxyError, ProxyServer, TlsCertAndKey}; use std::{net::SocketAddr, path::PathBuf}; use tokio::net::ToSocketAddrs; diff --git a/src/health_check.rs b/src/health_check.rs index 73063f8..b0f9293 100644 --- a/src/health_check.rs +++ b/src/health_check.rs @@ -1,3 +1,4 @@ +//! Provides health / version details for an attested proxy server or client use axum::{routing::get, Json, Router}; use serde::{Deserialize, Serialize}; use std::net::SocketAddr; diff --git a/src/lib.rs b/src/lib.rs index 327f6ea..86e6e89 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,3 +1,4 @@ +//! An attested TLS protocol and HTTPS proxy pub mod attestation; pub mod attested_get; pub mod attested_tls; diff --git a/src/test_helpers.rs b/src/test_helpers.rs index c7df30e..065f510 100644 --- a/src/test_helpers.rs +++ b/src/test_helpers.rs @@ -1,3 +1,4 @@ +//! Helper functions used in tests use axum::response::IntoResponse; use std::{ collections::HashMap, From f095dd6c652355adc5385eef52e415de676cf074 Mon Sep 17 00:00:00 2001 From: peg Date: Tue, 13 Jan 2026 15:33:25 +0100 Subject: [PATCH 2/2] Improve Cargo.toml --- Cargo.lock | 2 +- Cargo.toml | 5 ++++- dummy-attestation-server/Cargo.toml | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6f72f84..4b97ee2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -137,7 +137,7 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "attested-tls-proxy" -version = "0.1.0" +version = "0.0.1" dependencies = [ "anyhow", "axum", diff --git a/Cargo.toml b/Cargo.toml index bf3d930..a49f7a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,9 +3,12 @@ members = [".", "dummy-attestation-server"] [package] name = "attested-tls-proxy" -version = "0.1.0" +version = "0.0.1" edition = "2024" license = "MIT" +description = "An HTTP attested TLS proxy server and client for secure communication with CVM services" +repository = "https://github.com/flashbots/attested-tls-proxy" +keywords = ["attested-TLS", "CVM", "TDX"] [dependencies] tokio = { version = "1.48.0", features = ["full"] } diff --git a/dummy-attestation-server/Cargo.toml b/dummy-attestation-server/Cargo.toml index bfc75f7..1827347 100644 --- a/dummy-attestation-server/Cargo.toml +++ b/dummy-attestation-server/Cargo.toml @@ -4,6 +4,7 @@ version = "0.1.0" edition = "2024" license = "MIT" publish = false +repository = "https://github.com/flashbots/attested-tls-proxy" [dependencies] attested-tls-proxy = { path = ".." }