brave · NullHypothesis · May 30, 2023 · May 27, 2023 · May 27, 2023 · May 27, 2023
diff --git a/.gitignore b/.gitignore
@@ -1 +1,3 @@
-cmd/nitriding
+nitriding
+cover.html
+cover.out
diff --git a/Makefile b/Makefile
@@ -1,18 +1,30 @@
-.PHONY: all test lint clean
+binary = nitriding
+godeps = *.go go.mod go.sum
+cover_out = cover.out
+cover_html = cover.html
 
-binary = cmd/nitriding
-godeps = *.go go.mod go.sum cmd/*.go
+all: lint test $(binary)
 
-all: test lint $(binary)
-
-lint:
+.PHONY: lint
+lint: $(godeps)
 	golangci-lint run
 
+.PHONY: test
 test: $(godeps)
-	@go test -cover ./...
+	go test -cover ./...
+
+.PHONY: coverage
+coverage: $(cover_html)
+	${BROWSER} $(cover_html)
+
+$(cover_html): $(cover_out)
+	go test -coverprofile=$(cover_out) .
+	go tool cover -html=$(cover_out) -o $(cover_html)
 
 $(binary): $(godeps)
-	make -C cmd/
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -buildvcs=false -o $(binary)
 
+.PHONY: clean
 clean:
-	make -C cmd/ clean
+	rm -f $(binary)
+	rm -f $(cover_out) $(cover_html)
diff --git a/attestation.go b/attestation.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"bytes"

diff --git a/attestation_test.go b/attestation_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"bytes"

diff --git a/bufferpool.go b/bufferpool.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"sync"

diff --git a/bufferpool_test.go b/bufferpool_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import "testing"
 

diff --git a/cache.go b/cache.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"sync"

diff --git a/cache_test.go b/cache_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"fmt"

diff --git a/certcache.go b/certcache.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"context"

diff --git a/certcache_test.go b/certcache_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"bytes"

diff --git a/cmd/Makefile b/cmd/Makefile
diff --git a/enclave.go b/enclave.go
@@ -1,6 +1,4 @@
-// Package nitriding implements a lightweight framework to build networked
-// Go applications that run in AWS Nitro Enclaves.
-package nitriding
+package main
 
 import (
 	"context"
@@ -15,13 +13,11 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"log"
 	"math/big"
 	"net/http"
 	"net/http/httputil"
 	_ "net/http/pprof"
 	"net/url"
-	"os"
 	"sync"
 	"time"
 
@@ -30,7 +26,6 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 
-	"github.com/brave/nitriding-daemon/randseed"
 	"golang.org/x/crypto/acme/autocert"
 )
 
@@ -58,8 +53,6 @@ const (
 )
 
 var (
-	elog              = log.New(os.Stderr, "nitriding: ", log.Ldate|log.Ltime|log.LUTC|log.Lshortfile)
-	inEnclave         = false
 	errNoKeyMaterial  = errors.New("no key material registered")
 	errCfgMissingFQDN = errors.New("given config is missing FQDN")
 	errCfgMissingPort = errors.New("given config is missing port")
@@ -179,19 +172,6 @@ func (c *Config) String() string {
 	return string(s)
 }
 
-// init is called once, at package initialization time.
-func init() {
-	var err error
-
-	// Determine if we're inside an enclave.  Abort execution in the unexpected
-	// case that we cannot tell.
-	inEnclave, err = randseed.InEnclave()
-	if err != nil {
-		elog.Fatalf("Failed to determine if we're inside an enclave: %v", err)
-	}
-	elog.Printf("We're running inside an enclave: %v", inEnclave)
-}
-
 // NewEnclave creates and returns a new enclave with the given config.
 func NewEnclave(cfg *Config) (*Enclave, error) {
 	if err := cfg.Validate(); err != nil {
@@ -279,8 +259,8 @@ func (e *Enclave) Start() error {
 	var err error
 	errPrefix := "failed to start Nitro Enclave"
 
-	// Set file descriptor limit.  There's no need to exit if this fails.
 	if inEnclave {
+		// Set file descriptor limit.  There's no need to exit if this fails.
 		if err = setFdLimit(e.cfg.FdCur, e.cfg.FdMax); err != nil {
 			elog.Printf("Failed to set new file descriptor limit: %s", err)
 		}
@@ -303,7 +283,7 @@ func (e *Enclave) Start() error {
 		return fmt.Errorf("%s: failed to create certificate: %w", errPrefix, err)
 	}
 
-	if err = startWebServers(e); err != nil {
+	if err = e.startWebServers(); err != nil {
 		return fmt.Errorf("%s: %w", errPrefix, err)
 	}
 
@@ -327,7 +307,7 @@ func (e *Enclave) Stop() error {
 
 // startWebServers starts our public-facing Web server, our enclave-internal
 // Web server, and -- if desired -- a Web server for profiling and/or metrics.
-func startWebServers(e *Enclave) error {
+func (e *Enclave) startWebServers() error {
 	if e.cfg.PrometheusPort > 0 {
 		elog.Printf("Starting Prometheus Web server (%s).", e.promSrv.Addr)
 		go func() {

diff --git a/enclave_test.go b/enclave_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"testing"

diff --git a/handlers.go b/handlers.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"crypto/sha256"

diff --git a/handlers_test.go b/handlers_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"bytes"

diff --git a/keysync_initiator.go b/keysync_initiator.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 // AWS Nitro Enclave attestation documents contain three fields (called
 // "nonce", "user data",  and "public key") that can be set by the requester.

diff --git a/keysync_initiator_test.go b/keysync_initiator_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"encoding/base64"
@@ -117,26 +117,26 @@ var respAttInfo = &remoteAttInfo{
 	},
 	nonce: nonce{},
 	pcr: map[uint][]byte{
-		0: []byte{
+		0: {
 			0xb0, 0x61, 0xbc, 0xe3, 0x1a, 0x85, 0x50, 0xc2, 0x4c, 0xb8,
 			0xc1, 0xdc, 0x0e, 0x53, 0x98, 0xe5, 0xc8, 0x0f, 0xab, 0xa6,
 			0x7f, 0x75, 0xfd, 0x3b, 0x06, 0x21, 0xc0, 0xb8, 0x66, 0x36,
 			0xfc, 0xe0, 0xd6, 0x4c, 0x4d, 0x7d, 0x37, 0x47, 0x89, 0x08,
 			0xe1, 0xf8, 0xfc, 0xe9, 0xdf, 0x66, 0xe1, 0xb9},
-		1: []byte{
+		1: {
 			0xbc, 0xdf, 0x05, 0xfe, 0xfc, 0xca, 0xa8, 0xe5, 0x5b, 0xf2,
 			0xc8, 0xd6, 0xde, 0xe9, 0xe7, 0x9b, 0xbf, 0xf3, 0x1e, 0x34,
 			0xbf, 0x28, 0xa9, 0x9a, 0xa1, 0x9e, 0x6b, 0x29, 0xc3, 0x7e,
 			0xe8, 0x0b, 0x21, 0x4a, 0x41, 0x4b, 0x76, 0x07, 0x23, 0x6e,
 			0xdf, 0x26, 0xfc, 0xb7, 0x86, 0x54, 0xe6, 0x3f},
-		2: []byte{
+		2: {
 			0x6a, 0xe6, 0x79, 0x76, 0xd7, 0x40, 0x38, 0x0d, 0x50, 0x64,
 			0x36, 0x91, 0xac, 0x3a, 0xae, 0xbb, 0xa6, 0x0f, 0x27, 0xd7,
 			0xb8, 0xa0, 0xe1, 0xa9, 0xea, 0xf2, 0x38, 0x6d, 0x25, 0xee,
 			0xab, 0x88, 0x1c, 0x09, 0xac, 0xc5, 0xc8, 0x09, 0xeb, 0xec,
 			0xf9, 0x9b, 0x49, 0x71, 0x05, 0xf6, 0xcb, 0x5b},
 		3: null,
-		4: []byte{
+		4: {
 			0xd8, 0xa8, 0xe8, 0xee, 0xe9, 0x6d, 0x81, 0xb7, 0x7a, 0x25,
 			0x14, 0x10, 0xb7, 0xa9, 0xb1, 0x80, 0x78, 0x76, 0x53, 0xf1,
 			0x25, 0xd1, 0xdb, 0xca, 0x79, 0x68, 0x5c, 0x93, 0xfb, 0x88,

diff --git a/keysync_responder.go b/keysync_responder.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	cryptoRand "crypto/rand"

diff --git a/keysync_responder_test.go b/keysync_responder_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"bytes"

diff --git a/keysync_shared.go b/keysync_shared.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	cryptoRand "crypto/rand"

diff --git a/keysync_shared_test.go b/keysync_shared_test.go
@@ -1,4 +1,4 @@
-package nitriding
+package main
 
 import (
 	"crypto/rand"