Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ITA Verifier Client #530

Open
wants to merge 16 commits into
base: tdx_rtmr
Choose a base branch
from
Open

Add ITA Verifier Client #530

wants to merge 16 commits into from

Conversation

jessieqliu
Copy link
Contributor

No description provided.

@jessieqliu jessieqliu changed the base branch from ita to ita_agent January 18, 2025 00:36
@jessieqliu jessieqliu changed the base branch from ita_agent to tdx_rtmr January 23, 2025 00:39
@jessieqliu
Copy link
Contributor Author

/gcbrun

@jessieqliu
Copy link
Contributor Author

/gcbrun

@jessieqliu
Copy link
Contributor Author

/gcbrun

1 similar comment
@jessieqliu
Copy link
Contributor Author

/gcbrun

jkl73
jkl73 reviewed Feb 5, 2025
View reviewed changes
verifier/ita/client.go
InsecureSkipVerify: false,
MinVersion: tls.VersionTLS12,
},
Proxy: http.ProxyFromEnvironment,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need the proxy setting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added this since it was in the example ITA sent me. I can test it out without the setting and remove it if needed.

verifier/ita/client.go
type itaNonce struct {
Val []byte `json:"val"`
Iat []byte `json:"iat"`
Signature []byte `json:"signature"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is verifying the Signature needed? Maybe in createHashedNonce

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to verify the signature - this should be done by ITA. We should - however - pass the nonce object back to ITA when requesting a token.

verifier/ita/client.go Outdated
}

// Do we have anything that needs to be in user data?
// _, err = hash.Write(adapter.uData)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

@jessieqliu
Copy link
Contributor Author

/gcbrun

@jessieqliu
Copy link
Contributor Author

/gcbrun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkl73 jkl73 jkl73 left review comments

@alexmwu alexmwu Awaiting requested review from alexmwu

@JoshuaKrstic JoshuaKrstic Awaiting requested review from JoshuaKrstic

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jessieqliu @jkl73