Use proto request messages for the teeserver (google#723)

alexmwu · web-flow · commit cb37f170f29e · 2026-03-25T15:22:50.000-07:00
diff --git a/launcher/go.mod b/launcher/go.mod
@@ -8,7 +8,7 @@ require (
 	cloud.google.com/go/compute/metadata v0.9.0
 	cloud.google.com/go/logging v1.13.1
 	cos.googlesource.com/cos/tools.git v0.0.0-20250414225215-0cf736c0714c
-	github.com/GoogleCloudPlatform/confidential-space/server v0.0.0-20260307011055-895ec9019dd7
+	github.com/GoogleCloudPlatform/confidential-space/server v0.0.0-20260313232128-53cb34b09004
 	github.com/NVIDIA/go-nvml v0.13.0-1
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/confidentsecurity/go-nvtrust v0.2.2
diff --git a/launcher/go.sum b/launcher/go.sum
@@ -94,8 +94,8 @@ github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo=
-github.com/GoogleCloudPlatform/confidential-space/server v0.0.0-20260307011055-895ec9019dd7 h1:Iz7wjnn93xcmPlUS/9ue7CeyH7yvcxHAXKu+2lE2/is=
-github.com/GoogleCloudPlatform/confidential-space/server v0.0.0-20260307011055-895ec9019dd7/go.mod h1:sNFt/HcARjGxR3/2s7hwlqvHlUzXdaCiS62u7A4rnHg=
+github.com/GoogleCloudPlatform/confidential-space/server v0.0.0-20260313232128-53cb34b09004 h1:KBneM0Z9zFepj+SkNat7z+4+DvB78edk/LIBjlU3xYM=
+github.com/GoogleCloudPlatform/confidential-space/server v0.0.0-20260313232128-53cb34b09004/go.mod h1:sNFt/HcARjGxR3/2s7hwlqvHlUzXdaCiS62u7A4rnHg=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
diff --git a/launcher/teeserver/proto/gen/teeserver/teeserver.pb.go b/launcher/teeserver/proto/gen/teeserver/teeserver.pb.go
diff --git a/launcher/teeserver/proto/gen_teeserver.sh b/launcher/teeserver/proto/gen_teeserver.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+protoc -I. -I../../../ -I../../../proto --go_out=. --go_opt=module=github.com/google/go-tpm-tools/launcher/teeserver/proto  --experimental_allow_proto3_optional teeserver.proto
diff --git a/launcher/teeserver/proto/teeserver.proto b/launcher/teeserver/proto/teeserver.proto
@@ -0,0 +1,16 @@
+syntax = "proto3";
+
+package teeserver;
+
+import "keymanager/km_common/proto/crypto_types.proto";
+
+option go_package = "github.com/google/go-tpm-tools/launcher/teeserver/proto/gen/teeserver";
+
+message GetKeyEndorsementRequest {
+  bytes challenge = 1;
+  keymanager.KeyHandle key_handle = 2;
+}
+
+message GetAttestationEvidenceRequest {
+  bytes challenge = 1;
+}
diff --git a/launcher/teeserver/tee_server.go b/launcher/teeserver/tee_server.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net"
 	"net/http"
 	"strings"
@@ -16,6 +17,7 @@ import (
 	"github.com/google/go-tpm-tools/launcher/agent"
 	"github.com/google/go-tpm-tools/launcher/internal/logging"
 	"github.com/google/go-tpm-tools/launcher/spec"
+	tspb "github.com/google/go-tpm-tools/launcher/teeserver/proto/gen/teeserver"
 	"github.com/google/go-tpm-tools/verifier"
 	"github.com/google/go-tpm-tools/verifier/models"
 	"google.golang.org/grpc/codes"
@@ -162,11 +164,13 @@ func (a *attestHandler) getAttestationEvidence(w http.ResponseWriter, r *http.Re
 		return
 	}
 
-	var req struct {
-		Challenge []byte `json:"challenge"`
+	var req tspb.GetAttestationEvidenceRequest
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		a.logAndWriteHTTPError(w, http.StatusBadRequest, fmt.Errorf("failed to read request body: %v", err))
+		return
 	}
-
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+	if err := protojson.Unmarshal(body, &req); err != nil {
 		a.logAndWriteHTTPError(w, http.StatusBadRequest, fmt.Errorf("failed to decode request: %v", err))
 		return
 	}
@@ -245,14 +249,14 @@ func (a *attestHandler) getKeyEndorsement(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	var req struct {
-		Challenge []byte `json:"challenge"`
-		KeyHandle struct {
-			Handle string `json:"handle"`
-		} `json:"key_handle"`
+	var req tspb.GetKeyEndorsementRequest
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		a.logAndWriteHTTPError(w, http.StatusBadRequest, fmt.Errorf("failed to read request body: %v", err))
+		return
 	}
 
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+	if err := protojson.Unmarshal(body, &req); err != nil {
 		a.logAndWriteHTTPError(w, http.StatusBadRequest, fmt.Errorf("failed to decode request: %v", err))
 		return
 	}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/bash`
	`2`	`+`
	`3`	`+protoc -I. -I../../../ -I../../../proto --go_out=. --go_opt=module=github.com/google/go-tpm-tools/launcher/teeserver/proto --experimental_allow_proto3_optional teeserver.proto`