Remove references to cages in node attestation bindings

evervault · Jan 22, 2024 · f08191c · f08191c
1 parent 30ce8ea
commit f08191c
Show file tree

Hide file tree

Showing 10 changed files with 62 additions and 64 deletions.
diff --git a/Attestation.md b/Attestation.md
diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # Attestation Doc Validation
 
-This repo contains several projects relating to the Remote Attestation Protocol used by Evervault Cages.
+This repo contains several projects relating to the Remote Attestation Protocol used by Evervault Enclaves.
 
-- The [Attestation doc](./Attestation.md) discusses the protocol in depth.
-- [attestation-doc-validation](./attestation-doc-validation/) contains a rust crate which implements the core logic required for attesting a Cage (validating certs, and attestation docs)
+- You can read more about the attestation protocol [here](https://docs.evervault.com/security/enclaves-attestation-in-tls).
+- [attestation-doc-validation](./attestation-doc-validation/) contains a rust crate which implements the core logic required for attesting an Enclave (validating certs, and attestation docs)
 - [node-attestation-bindings](./node-attestation-bindings/) contains an npm module which creates bindings for consuming the rust crate from node clients
 
 **Note: This crate cannot validate Attestation Documents which use p521r1.**

diff --git a/attestation-doc-validation/README.md b/attestation-doc-validation/README.md
@@ -1,6 +1,6 @@
 # Attestation Doc Validation
 
-This library exposes the high level functions required by Evervault Clients to attest a Cage per the defined [Attestation Protocol](../Attestation.md).
+This library exposes the high level functions required by Evervault Clients to attest an Enclave per the defined [Attestation Protocol](../Attestation.md).
 
 The library has been design to allow for bindings to be generated for multiple languages on top of the Rust crate, and should also expose enough logic to be composable for alternative Nitro Enclaves Attestation protocols.
 

diff --git a/attestation-doc-validation/src/lib.rs b/attestation-doc-validation/src/lib.rs
@@ -223,7 +223,7 @@ mod test {
      *
      * The following tests act as integration tests, but require the #[cfg(test)] flag to be set in the cert module, so must be written as unit tests.
      *
-     * Live Cage certs are required to have the public key match with the AD challenge (which in practice prevents MITM)
+     * Live Enclave certs are required to have the public key match with the AD challenge (which in practice prevents MITM)
      * However, this introduces issues when testing. When the certs are more than 3 hours old, they will expire and fail
      * our validity checks. To get around this the tests corresponding to live certs are suffixed with time_sensitive_beta, and
      * only run in CI when the time has been spoofed to match their validity window.

diff --git a/node-attestation-bindings/Cargo.toml b/node-attestation-bindings/Cargo.toml
@@ -3,7 +3,7 @@ edition = "2021"
 name = "node-attestation-bindings"
 version = "0.0.0"
 license = "Apache-2.0"
-description = "A Node library for attesting Nitro Enclaves according to the Evervault Cages attestation protocol."
+description = "A Node library for attesting Nitro Enclaves according to the Evervault Enclaves attestation protocol."
 homepage = "https://github.com/evervault/attestation-doc-validation"
 repository = "https://github.com/evervault/attestation-doc-validation"
 

diff --git a/node-attestation-bindings/index.d.ts b/node-attestation-bindings/index.d.ts
@@ -16,7 +16,7 @@ export interface NodePcRs {
  */
 export function attestConnection(cert: Buffer, expectedPcrsList: Array<NodePcRs>): boolean
 /**
- * a client can call out to `<cage-url>/.well-known/attestation` to fetch the attestation doc from the cage
+ * a client can call out to `<enclave-url>/.well-known/attestation` to fetch the attestation doc from the Enclave
  * The fetched attestation doc will have the public key of the domain's cert embedded inside it along with an expiry
  */
-export function attestCage(cert: Buffer, expectedPcrsList: Array<NodePcRs>, attestationDoc: Buffer): boolean
+export function attestEnclave(cert: Buffer, expectedPcrsList: Array<NodePcRs>, attestationDoc: Buffer): boolean
diff --git a/node-attestation-bindings/index.js b/node-attestation-bindings/index.js
@@ -31,7 +31,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.android-arm64.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-android-arm64')
+            nativeBinding = require('@evervault/attestation-bindings-android-arm64')
           }
         } catch (e) {
           loadError = e
@@ -43,7 +43,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.android-arm-eabi.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-android-arm-eabi')
+            nativeBinding = require('@evervault/attestation-bindings-android-arm-eabi')
           }
         } catch (e) {
           loadError = e
@@ -63,7 +63,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.win32-x64-msvc.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-win32-x64-msvc')
+            nativeBinding = require('@evervault/attestation-bindings-win32-x64-msvc')
           }
         } catch (e) {
           loadError = e
@@ -77,7 +77,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.win32-ia32-msvc.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-win32-ia32-msvc')
+            nativeBinding = require('@evervault/attestation-bindings-win32-ia32-msvc')
           }
         } catch (e) {
           loadError = e
@@ -91,7 +91,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.win32-arm64-msvc.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-win32-arm64-msvc')
+            nativeBinding = require('@evervault/attestation-bindings-win32-arm64-msvc')
           }
         } catch (e) {
           loadError = e
@@ -107,7 +107,7 @@ switch (platform) {
       if (localFileExisted) {
         nativeBinding = require('./evervault-attestation-bindings.darwin-universal.node')
       } else {
-        nativeBinding = require('evervault-attestation-bindings-darwin-universal')
+        nativeBinding = require('@evervault/attestation-bindings-darwin-universal')
       }
       break
     } catch {}
@@ -118,7 +118,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.darwin-x64.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-darwin-x64')
+            nativeBinding = require('@evervault/attestation-bindings-darwin-x64')
           }
         } catch (e) {
           loadError = e
@@ -132,7 +132,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.darwin-arm64.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-darwin-arm64')
+            nativeBinding = require('@evervault/attestation-bindings-darwin-arm64')
           }
         } catch (e) {
           loadError = e
@@ -151,7 +151,7 @@ switch (platform) {
       if (localFileExisted) {
         nativeBinding = require('./evervault-attestation-bindings.freebsd-x64.node')
       } else {
-        nativeBinding = require('evervault-attestation-bindings-freebsd-x64')
+        nativeBinding = require('@evervault/attestation-bindings-freebsd-x64')
       }
     } catch (e) {
       loadError = e
@@ -168,7 +168,7 @@ switch (platform) {
             if (localFileExisted) {
               nativeBinding = require('./evervault-attestation-bindings.linux-x64-musl.node')
             } else {
-              nativeBinding = require('evervault-attestation-bindings-linux-x64-musl')
+              nativeBinding = require('@evervault/attestation-bindings-linux-x64-musl')
             }
           } catch (e) {
             loadError = e
@@ -181,7 +181,7 @@ switch (platform) {
             if (localFileExisted) {
               nativeBinding = require('./evervault-attestation-bindings.linux-x64-gnu.node')
             } else {
-              nativeBinding = require('evervault-attestation-bindings-linux-x64-gnu')
+              nativeBinding = require('@evervault/attestation-bindings-linux-x64-gnu')
             }
           } catch (e) {
             loadError = e
@@ -197,7 +197,7 @@ switch (platform) {
             if (localFileExisted) {
               nativeBinding = require('./evervault-attestation-bindings.linux-arm64-musl.node')
             } else {
-              nativeBinding = require('evervault-attestation-bindings-linux-arm64-musl')
+              nativeBinding = require('@evervault/attestation-bindings-linux-arm64-musl')
             }
           } catch (e) {
             loadError = e
@@ -210,7 +210,7 @@ switch (platform) {
             if (localFileExisted) {
               nativeBinding = require('./evervault-attestation-bindings.linux-arm64-gnu.node')
             } else {
-              nativeBinding = require('evervault-attestation-bindings-linux-arm64-gnu')
+              nativeBinding = require('@evervault/attestation-bindings-linux-arm64-gnu')
             }
           } catch (e) {
             loadError = e
@@ -225,7 +225,7 @@ switch (platform) {
           if (localFileExisted) {
             nativeBinding = require('./evervault-attestation-bindings.linux-arm-gnueabihf.node')
           } else {
-            nativeBinding = require('evervault-attestation-bindings-linux-arm-gnueabihf')
+            nativeBinding = require('@evervault/attestation-bindings-linux-arm-gnueabihf')
           }
         } catch (e) {
           loadError = e
@@ -246,7 +246,7 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { attestConnection, attestCage } = nativeBinding
+const { attestConnection, attestEnclave } = nativeBinding
 
 module.exports.attestConnection = attestConnection
-module.exports.attestCage = attestCage
+module.exports.attestEnclave = attestEnclave
diff --git a/node-attestation-bindings/package.json b/node-attestation-bindings/package.json
@@ -1,6 +1,6 @@
 {
-  "name": "evervault-attestation-bindings",
-  "version": "0.3.2",
+  "name": "@evervault/attestation-bindings",
+  "version": "1.0.0",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -22,8 +22,12 @@
   "license": "MIT",
   "devDependencies": {
     "@napi-rs/cli": "^2.14.3",
+    "@types/node": "^20.11.5",
     "ava": "^5.2.0"
   },
+  "peerDependencies": {
+    "@evervault/sdk": "^6.0.0"
+  },
   "ava": {
     "timeout": "3m"
   },

diff --git a/node-attestation-bindings/src/lib.rs b/node-attestation-bindings/src/lib.rs
@@ -56,7 +56,7 @@ fn attest_connection(cert: JsBuffer, expected_pcrs_list: Vec<NodePCRs>) -> bool
   let validated_attestation_doc = match validate_attestation_doc_in_cert(&parsed_cert) {
     Ok(attestation_doc) => attestation_doc,
     Err(e) => {
-      eprintln!("An error occurred while validating the connection to this Cage: {e}");
+      eprintln!("An error occurred while validating the connection to this Enclave: {e}");
       return false;
     }
   };
@@ -78,10 +78,10 @@ fn attest_connection(cert: JsBuffer, expected_pcrs_list: Vec<NodePCRs>) -> bool
   }
 }
 
-/// a client can call out to `<cage-url>/.well-known/attestation` to fetch the attestation doc from the cage
+/// a client can call out to `<enclave-url>/.well-known/attestation` to fetch the attestation doc from the Enclave
 /// The fetched attestation doc will have the public key of the domain's cert embedded inside it along with an expiry
 #[napi]
-fn attest_cage(
+fn attest_enclave(
   cert: JsBuffer,
   expected_pcrs_list: Vec<NodePCRs>,
   attestation_doc: JsBuffer,
@@ -116,7 +116,7 @@ fn attest_cage(
   ) {
     Ok(attestation_doc) => attestation_doc,
     Err(e) => {
-      eprintln!("An error occur while validating the attestation doc against the Cage connection's cert: {e}");
+      eprintln!("An error occur while validating the attestation doc against the Enclave connection's cert: {e}");
       return false;
     }
   };

diff --git a/node-attestation-bindings/yarn.lock b/node-attestation-bindings/yarn.lock
@@ -5,6 +5,18 @@ __metadata:
   version: 6
   cacheKey: 8
 
+"@evervault/attestation-bindings@workspace:.":
+  version: 0.0.0-use.local
+  resolution: "@evervault/attestation-bindings@workspace:."
+  dependencies:
+    "@napi-rs/cli": ^2.14.3
+    "@types/node": ^20.11.5
+    ava: ^5.2.0
+  peerDependencies:
+    "@evervault/sdk": ^6.0.0
+  languageName: unknown
+  linkType: soft
+
 "@gar/promisify@npm:^1.1.3":
   version: 1.1.3
   resolution: "@gar/promisify@npm:1.1.3"
@@ -75,6 +87,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/node@npm:^20.11.5":
+  version: 20.11.5
+  resolution: "@types/node@npm:20.11.5"
+  dependencies:
+    undici-types: ~5.26.4
+  checksum: a542727de1334ae20a3ca034b0ecf4b464a57ca01efc4f9cf43bd9ab93896125ab3c2de060ecd8f6ae23b86c6bf3463f681b643e69c032c6a662d376c98a6092
+  languageName: node
+  linkType: hard
+
 "abbrev@npm:^1.0.0":
   version: 1.1.1
   resolution: "abbrev@npm:1.1.1"
@@ -710,15 +731,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"evervault-attestation-bindings@workspace:.":
-  version: 0.0.0-use.local
-  resolution: "evervault-attestation-bindings@workspace:."
-  dependencies:
-    "@napi-rs/cli": ^2.14.3
-    ava: ^5.2.0
-  languageName: unknown
-  linkType: soft
-
 "fast-diff@npm:^1.2.0":
   version: 1.2.0
   resolution: "fast-diff@npm:1.2.0"
@@ -1906,6 +1918,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"undici-types@npm:~5.26.4":
+  version: 5.26.5
+  resolution: "undici-types@npm:5.26.5"
+  checksum: 3192ef6f3fd5df652f2dc1cd782b49d6ff14dc98e5dced492aa8a8c65425227da5da6aafe22523c67f035a272c599bb89cfe803c1db6311e44bed3042fc25487
+  languageName: node
+  linkType: hard
+
 "unique-filename@npm:^2.0.0":
   version: 2.0.1
   resolution: "unique-filename@npm:2.0.1"