Attestation Doc Validation

This repo contains several projects relating to the Remote Attestation Protocol used by Evervault Enclaves.

• You can read more about the attestation protocol here.
• attestation-doc-validation contains a rust crate which implements the core logic required for attesting an Enclave (validating certs, and attestation docs)
• node-attestation-bindings contains an npm module which creates bindings for consuming the rust crate from node clients

Note: This crate cannot validate Attestation Documents which use p521r1.

Getting Started

To get up and running with this project you'll need rust, node, clippy, rustfmt, and cargo-make installed.

There is more setup required to work with the python bindings. Please see the python setup guide for details.

Python Setup Guide

The python project requires maturin.

The python project requires the use of virtual environments. To get started, create a virtual env in the python-attestation-bindings directory:

cd python-attestation-bindings ; python -m venv ./venv

Activate the virtual environment:

source ./venv/bin/activate

You can then run a python repl in the venv. First, build the python wheel:

maturin develop

Then start a repl:

python

And import the project:

import python_attestation_bindings

pcrs = python_attestation_bindings.PCRs("<pcr0>","<pcr1>","<pcr2>","<pcr8>")
python_attestation_bindings.attest_connection(<cert>, pcrs)

To run tests

maturin develop && pytest

Makefile

Each project has some useful tasks defined in their Makefile.toml:

Build the Project

cargo make build

Run tests

cargo make test

Format

cargo make format

### Run Clippy

cargo make lint

Additional Notes

• This project uses pedantic clippy, so please run clippy before committing.
• Due to the time sensitive nature of the attestation documents and their signatures, some tests require the use of libfaketime.