From 976ee09bf2699d3044bbf952c76efd040b413bc0 Mon Sep 17 00:00:00 2001
From: Waylon Jepsen <waylonjepsen1@gmail.com>
Date: Tue, 11 Mar 2025 12:11:36 -0600
Subject: [PATCH 1/4] chore: return response value for TEE mode

---
 Cargo.lock                   |  8 ++++----
 client/Cargo.toml            |  2 +-
 client_ios/Cargo.toml        |  2 +-
 client_wasm/Cargo.toml       |  2 +-
 notary/Cargo.toml            |  2 +-
 notary/src/tee.rs            | 30 +++++++++++++++++++++++++++---
 web-prover-core/src/proof.rs |  1 +
 7 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 309dd1b21..c878f45bc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1473,7 +1473,7 @@ checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 
 [[package]]
 name = "client"
-version = "0.7.0"
+version = "0.7.1"
 dependencies = [
  "async-tungstenite 0.25.1",
  "base64 0.22.1",
@@ -1582,7 +1582,7 @@ dependencies = [
 
 [[package]]
 name = "client_ios"
-version = "0.7.0"
+version = "0.7.1"
 dependencies = [
  "cargo_metadata",
  "client",
@@ -1596,7 +1596,7 @@ dependencies = [
 
 [[package]]
 name = "client_wasm"
-version = "0.7.0"
+version = "0.7.1"
 dependencies = [
  "cargo_metadata",
  "client",
@@ -4175,7 +4175,7 @@ dependencies = [
 
 [[package]]
 name = "notary"
-version = "0.7.0"
+version = "0.7.1"
 dependencies = [
  "alloy-primitives",
  "async-trait",
diff --git a/client/Cargo.toml b/client/Cargo.toml
index e1730de9f..4de4fa0ec 100644
--- a/client/Cargo.toml
+++ b/client/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="client"
-version="0.7.0"
+version="0.7.1"
 edition="2021"
 build  ="build.rs"
 publish=false
diff --git a/client_ios/Cargo.toml b/client_ios/Cargo.toml
index b1ddb9b87..39e518c1a 100644
--- a/client_ios/Cargo.toml
+++ b/client_ios/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="client_ios"
-version="0.7.0"
+version="0.7.1"
 edition="2021"
 build  ="build.rs"
 publish=false
diff --git a/client_wasm/Cargo.toml b/client_wasm/Cargo.toml
index 4e8a88140..d99bb5964 100644
--- a/client_wasm/Cargo.toml
+++ b/client_wasm/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="client_wasm"
-version="0.7.0"
+version="0.7.1"
 edition="2021"
 build  ="build.rs"
 publish=false
diff --git a/notary/Cargo.toml b/notary/Cargo.toml
index 265ac10da..5b2c54723 100644
--- a/notary/Cargo.toml
+++ b/notary/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name   ="notary"
-version="0.7.0"
+version="0.7.1"
 edition="2021"
 build  ="build.rs"
 
diff --git a/notary/src/tee.rs b/notary/src/tee.rs
index a2aedf1b3..789ba7d1a 100644
--- a/notary/src/tee.rs
+++ b/notary/src/tee.rs
@@ -2,7 +2,7 @@ use std::sync::{Arc, OnceLock};
 
 use axum::{
   extract::{Query, State},
-  response::Response,
+  response::{self, Response},
 };
 #[cfg(feature = "tee-google-confidential-space-token-generator")]
 use caratls_ekm_google_confidential_space_server::GoogleConfidentialSpaceTokenGenerator;
@@ -13,7 +13,7 @@ use client::origo::OrigoSecrets;
 use futures_util::SinkExt;
 use hyper::{body::Bytes, upgrade::Upgraded};
 use hyper_util::rt::TokioIo;
-use serde::Deserialize;
+use serde::{de::value, Deserialize};
 use tokio::{
   io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
   time::{timeout, Duration},
@@ -252,12 +252,36 @@ pub fn create_tee_proof(
     value:    format!("0x{}", hex::encode(manifest_hash)),
     manifest: manifest.clone(),
   };
+
+  // in the reddit example
+  let value_trgt = response.notary_response_body.clone().json.unwrap();
+  // this value is some json that has not been checked to see if our key is in it?
+  // for example if we are looking the key "hello", we do not know if it is there yet.
+  debug!("value_trgt: {:?}", value_trgt);
+
   let signature = sign_verification(to_sign, State(state)).unwrap();
-  let data = TeeProofData { manifest_hash: manifest_hash.to_vec() };
+  let data =
+    TeeProofData { manifest_hash: manifest_hash.to_vec(), value: value_trgt.to_string() };
 
   Ok(TeeProof { data, signature })
 }
 
+// pub struct SignedVerificationReply {
+//   pub merkle_leaves: Vec<String>, // leaves: hash(manifest), hash(value)
+//   pub digest:        String, // digest merkle root
+//   pub signature:     String,
+//   pub signature_r:   String,
+//   pub signature_s:   String,
+//   pub signature_v:   u8,
+//   pub signer:        String,
+// }
+
+struct fulldata {
+  SignedVerificationReply: bool,
+  value:                   String, /* the only real reason we need this is because the users
+                                    * needs to be able see what they are proving. */
+}
+
 /// Check if `manifest`, `request`, and `response` all fulfill requirements necessary for
 /// a proof to be created
 fn validate_notarization_legal(
diff --git a/web-prover-core/src/proof.rs b/web-prover-core/src/proof.rs
index 33d8b5986..12c8ac93d 100644
--- a/web-prover-core/src/proof.rs
+++ b/web-prover-core/src/proof.rs
@@ -33,5 +33,6 @@ impl TryFrom<TeeProof> for Vec<u8> {
 
 #[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct TeeProofData {
+  pub value:         String,
   pub manifest_hash: Vec<u8>,
 }

From 5d07bf6bbc2ad3317aca751a2fa343da57a1c434 Mon Sep 17 00:00:00 2001
From: Waylon Jepsen <waylonjepsen1@gmail.com>
Date: Tue, 11 Mar 2025 12:20:14 -0600
Subject: [PATCH 2/4] chore: clean up

---
 notary/src/tee.rs | 33 ++++-----------------------------
 1 file changed, 4 insertions(+), 29 deletions(-)

diff --git a/notary/src/tee.rs b/notary/src/tee.rs
index 789ba7d1a..ea8038c32 100644
--- a/notary/src/tee.rs
+++ b/notary/src/tee.rs
@@ -245,20 +245,11 @@ pub fn create_tee_proof(
 ) -> Result<TeeProof, NotaryServerError> {
   validate_notarization_legal(manifest, request, response)?;
 
-  let manifest_hash = manifest.to_keccak_digest()?;
-  let to_sign = VerifyOutput {
-    // Using manifest hash as a value here since we are not exposing any values extracted
-    // from the request or response
-    value:    format!("0x{}", hex::encode(manifest_hash)),
-    manifest: manifest.clone(),
-  };
-
-  // in the reddit example
-  let value_trgt = response.notary_response_body.clone().json.unwrap();
-  // this value is some json that has not been checked to see if our key is in it?
-  // for example if we are looking the key "hello", we do not know if it is there yet.
-  debug!("value_trgt: {:?}", value_trgt);
+  let value = response.notary_response_body.clone().json.unwrap();
 
+  let manifest_hash = manifest.to_keccak_digest()?;
+  let to_sign = VerifyOutput { value, manifest: manifest.clone() };
+  debug!("value_trgt: {:?}", value);
   let signature = sign_verification(to_sign, State(state)).unwrap();
   let data =
     TeeProofData { manifest_hash: manifest_hash.to_vec(), value: value_trgt.to_string() };
@@ -266,22 +257,6 @@ pub fn create_tee_proof(
   Ok(TeeProof { data, signature })
 }
 
-// pub struct SignedVerificationReply {
-//   pub merkle_leaves: Vec<String>, // leaves: hash(manifest), hash(value)
-//   pub digest:        String, // digest merkle root
-//   pub signature:     String,
-//   pub signature_r:   String,
-//   pub signature_s:   String,
-//   pub signature_v:   u8,
-//   pub signer:        String,
-// }
-
-struct fulldata {
-  SignedVerificationReply: bool,
-  value:                   String, /* the only real reason we need this is because the users
-                                    * needs to be able see what they are proving. */
-}
-
 /// Check if `manifest`, `request`, and `response` all fulfill requirements necessary for
 /// a proof to be created
 fn validate_notarization_legal(

From 9d701de520075d562b55ee742f993c4bbd069a51 Mon Sep 17 00:00:00 2001
From: Waylon Jepsen <waylonjepsen1@gmail.com>
Date: Tue, 11 Mar 2025 12:36:51 -0600
Subject: [PATCH 3/4] update: lint

---
 notary/src/tee.rs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/notary/src/tee.rs b/notary/src/tee.rs
index ea8038c32..2f5d0264a 100644
--- a/notary/src/tee.rs
+++ b/notary/src/tee.rs
@@ -18,6 +18,7 @@ use tokio::{
   io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
   time::{timeout, Duration},
 };
+use serde_json::Value;
 use tokio_stream::StreamExt;
 use tokio_util::{
   codec::{Framed, LengthDelimitedCodec},
@@ -246,13 +247,13 @@ pub fn create_tee_proof(
   validate_notarization_legal(manifest, request, response)?;
 
   let value = response.notary_response_body.clone().json.unwrap();
-
+  let serialized_value = serde_json::to_string(&value).unwrap();
+  debug!("value: {:?}", value);
   let manifest_hash = manifest.to_keccak_digest()?;
-  let to_sign = VerifyOutput { value, manifest: manifest.clone() };
-  debug!("value_trgt: {:?}", value);
+  let to_sign = VerifyOutput { value: serialized_value, manifest: manifest.clone() };
   let signature = sign_verification(to_sign, State(state)).unwrap();
   let data =
-    TeeProofData { manifest_hash: manifest_hash.to_vec(), value: value_trgt.to_string() };
+    TeeProofData { manifest_hash: manifest_hash.to_vec(), value: value.to_string() };
 
   Ok(TeeProof { data, signature })
 }

From a9901f3d36ccb041416114195c03d0b62baa1c0c Mon Sep 17 00:00:00 2001
From: Waylon Jepsen <waylonjepsen1@gmail.com>
Date: Tue, 11 Mar 2025 12:38:13 -0600
Subject: [PATCH 4/4] fmt

---
 notary/src/tee.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/notary/src/tee.rs b/notary/src/tee.rs
index 2f5d0264a..3efdb2fe1 100644
--- a/notary/src/tee.rs
+++ b/notary/src/tee.rs
@@ -14,11 +14,11 @@ use futures_util::SinkExt;
 use hyper::{body::Bytes, upgrade::Upgraded};
 use hyper_util::rt::TokioIo;
 use serde::{de::value, Deserialize};
+use serde_json::Value;
 use tokio::{
   io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
   time::{timeout, Duration},
 };
-use serde_json::Value;
 use tokio_stream::StreamExt;
 use tokio_util::{
   codec::{Framed, LengthDelimitedCodec},