attestation: add attestation & userdata generation middleware

Author: patrislav

attestation/context.go

@@ -0,0 +1,16 @@
+package attestation
+
+import (
+	"context"
+
+	"github.com/0xsequence/nitrocontrol/enclave"
+)
+
+type contextKeyType string
+
+var contextKey = contextKeyType("attestation")
+
+func FromContext(ctx context.Context) *enclave.Attestation {
+	v, _ := ctx.Value(contextKey).(*enclave.Attestation)
+	return v
+}

attestation/middleware.go

@@ -0,0 +1,138 @@
+package attestation
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+
+	"github.com/0xsequence/nitrocontrol/enclave"
+	"github.com/0xsequence/nitrocontrol/tracing"
+	"github.com/go-chi/chi/v5/middleware"
+)
+
+// Middleware is an HTTP middleware that issues an attestation document request to the enclave's NSM.
+// The result wrapped in the Attestation type is then set in the context available to subsequent handlers.
+// It also sets the X-Attestation-Document HTTP header to the Base64-encoded representation of the document.
+//
+// If the HTTP request includes an X-Attestation-Nonce header, its value is sent to the NSM and included in
+// the final attestation document.
+func Middleware(enc *enclave.Enclave, errorFn func(http.ResponseWriter, error), loggerFromContextFn func(context.Context) *slog.Logger) func(http.Handler) http.Handler {
+	runPreMiddleware := func(r *http.Request) (ctx context.Context, cancelFunc func(), err error) {
+		ctx, span := tracing.Trace(r.Context(), "attestation.Middleware")
+		defer func() {
+			span.RecordError(err)
+			span.End()
+		}()
+
+		log := loggerFromContextFn(ctx)
+		att, err := enc.GetAttestation(ctx, nil, nil)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		cancelFunc = func() {
+			if err := att.Close(); err != nil {
+				log.Error("failed to close attestation", "error", err)
+				return
+			}
+		}
+
+		return context.WithValue(r.Context(), contextKey, att), cancelFunc, nil
+	}
+
+	runPostMiddleware := func(w http.ResponseWriter, r *http.Request, body []byte, nonce []byte) (err error) {
+		log := loggerFromContextFn(r.Context())
+		ctx, span := tracing.Trace(r.Context(), "attestation.Middleware")
+		defer func() {
+			span.RecordError(err)
+			span.End()
+		}()
+
+		userData, err := generateUserData(r, body)
+		if err != nil {
+			return err
+		}
+
+		att, err := enc.GetAttestation(ctx, nonce, userData)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			if err := att.Close(); err != nil {
+				log.Error("failed to close attestation", "error", err)
+				return
+			}
+		}()
+
+		w.Header().Set("X-Attestation-Document", base64.StdEncoding.EncodeToString(att.Document()))
+		return nil
+	}
+
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			reqBody, err := io.ReadAll(r.Body)
+			if err != nil {
+				errorFn(w, fmt.Errorf("failed to read request body: %w", err))
+				return
+			}
+			r.Body = io.NopCloser(bytes.NewBuffer(reqBody))
+
+			var nonce []byte
+			if nonceVal := r.Header.Get("X-Attestation-Nonce"); nonceVal != "" {
+				if len(nonceVal) > 32 {
+					errorFn(w, fmt.Errorf("X-Attestation-Nonce value cannot be longer than 32"))
+					return
+				}
+				if !isNonceValid(nonceVal) {
+					errorFn(w, fmt.Errorf("X-Attestation-Nonce value contains invalid characters"))
+					return
+				}
+
+				nonce = []byte(nonceVal)
+			}
+
+			ctx, cancel, err := runPreMiddleware(r)
+			if err != nil {
+				errorFn(w, err)
+				return
+			}
+			defer cancel()
+
+			var body bytes.Buffer
+			ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
+			ww.Tee(&body)
+			ww.Discard()
+
+			next.ServeHTTP(ww, r.WithContext(ctx))
+
+			r.Body = io.NopCloser(bytes.NewBuffer(reqBody))
+			if err := runPostMiddleware(ww, r, body.Bytes(), nonce); err != nil {
+				errorFn(w, err)
+				return
+			}
+
+			w.WriteHeader(ww.Status())
+			if _, err := body.WriteTo(w); err != nil {
+				errorFn(w, err)
+			}
+		})
+	}
+}
+
+func isNonceValid(s string) bool {
+	for i := 0; i < len(s); i++ {
+		c := s[i]
+		if (c >= 'a' && c <= 'z') ||
+			(c >= 'A' && c <= 'Z') ||
+			(c >= '0' && c <= '9') ||
+			c == '.' || c == '_' || c == '-' || c == '/' || c == '+' || c == '=' {
+			continue
+		}
+		return false
+	}
+	return true
+}

attestation/middleware_test.go

@@ -0,0 +1,103 @@
+package attestation_test
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"log/slog"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/0xsequence/nitrocontrol/attestation"
+	"github.com/0xsequence/nitrocontrol/enclave"
+	"github.com/stretchr/testify/require"
+)
+
+func TestMiddleware(t *testing.T) {
+	enc, err := enclave.New(context.Background(), enclave.DummyProvider(nil), nil)
+	require.NoError(t, err)
+
+	errorFn := func(w http.ResponseWriter, err error) {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(err.Error()))
+	}
+	loggerFromContextFn := func(ctx context.Context) *slog.Logger {
+		return slog.New(slog.DiscardHandler)
+	}
+
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	})
+	srv := httptest.NewServer(attestation.Middleware(enc, errorFn, loggerFromContextFn)(handler))
+	defer srv.Close()
+
+	tests := map[string]struct {
+		request     func() (http.Header, []byte)
+		wantStatus  int
+		wantErrText string
+	}{
+		"NoNonce": {
+			wantStatus: http.StatusOK,
+			request: func() (http.Header, []byte) {
+				return http.Header{}, []byte("test")
+			},
+		},
+		"ValidNonce": {
+			wantStatus: http.StatusOK,
+			request: func() (http.Header, []byte) {
+				return http.Header{
+					"X-Attestation-Nonce": []string{"test"},
+				}, []byte("test")
+			},
+		},
+		"InvalidNonce": {
+			wantStatus:  http.StatusBadRequest,
+			wantErrText: "X-Attestation-Nonce value contains invalid characters",
+			request: func() (http.Header, []byte) {
+				return http.Header{
+					"X-Attestation-Nonce": []string{"!@#$%^&*()"},
+				}, []byte("test")
+			},
+		},
+		"LongNonce": {
+			wantStatus:  http.StatusBadRequest,
+			wantErrText: "X-Attestation-Nonce value cannot be longer than 32",
+			request: func() (http.Header, []byte) {
+				return http.Header{
+					"X-Attestation-Nonce": []string{"test-123456789012345678901234567890123"},
+				}, []byte("test")
+			},
+		},
+		"WhitespaceNonce": {
+			wantStatus:  http.StatusBadRequest,
+			wantErrText: "X-Attestation-Nonce value contains invalid characters",
+			request: func() (http.Header, []byte) {
+				return http.Header{
+					"X-Attestation-Nonce": []string{"   \t a  a \t  "},
+				}, []byte("test")
+			},
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			header, reqBody := test.request()
+			req, err := http.NewRequest("POST", srv.URL, bytes.NewBuffer(reqBody))
+			require.NoError(t, err)
+			req.Header = header
+
+			resp, err := srv.Client().Do(req)
+			require.NoError(t, err)
+			defer func() {
+				require.NoError(t, resp.Body.Close())
+			}()
+			body, _ := io.ReadAll(resp.Body)
+
+			require.Equal(t, test.wantStatus, resp.StatusCode, string(body))
+			if test.wantErrText != "" {
+				require.Contains(t, string(body), test.wantErrText)
+			}
+		})
+	}
+}

attestation/userdata.go

@@ -0,0 +1,51 @@
+package attestation
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+)
+
+const (
+	_UserDataPrefix  = "Sequence"
+	_UserDataVersion = 1
+)
+
+type userData struct {
+	Prefix  string
+	Version int
+	Hash    []byte
+}
+
+func (u *userData) String() string {
+	return fmt.Sprintf("%s/%d:%s", u.Prefix, u.Version, base64.StdEncoding.EncodeToString(u.Hash))
+}
+
+func generateUserData(r *http.Request, resBody []byte) ([]byte, error) {
+	hasher := sha256.New()
+	hasher.Write([]byte(r.Method + " " + r.URL.Path + "\n"))
+
+	var reqBody []byte
+	var err error
+	if r.Body != nil {
+		reqBody, err = io.ReadAll(r.Body)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read request body: %w", err)
+		}
+		r.Body = io.NopCloser(bytes.NewBuffer(reqBody))
+		hasher.Write(reqBody)
+	}
+	hasher.Write([]byte("\n"))
+	hasher.Write(resBody)
+	hash := hasher.Sum(nil)
+
+	userData := &userData{
+		Prefix:  _UserDataPrefix,
+		Version: _UserDataVersion,
+		Hash:    hash,
+	}
+	return []byte(userData.String()), nil
+}