From de0d56a74da2e21943ae95bbf942855ceab54c96 Mon Sep 17 00:00:00 2001
From: Philipp Winter <phw@amnesic.systems>
Date: Fri, 20 Dec 2024 06:58:05 -0600
Subject: [PATCH 1/2] Turn `must` into `util` subpackage.

---
 cmd/veil-verify/attestation.go                      |  8 ++++----
 cmd/veil/main_test.go                               | 10 +++++-----
 internal/enclave/nitro/attester_test.go             | 12 ++++++------
 internal/httpx/httpx_test.go                        | 12 ++++++------
 internal/service/attestation/aux_test.go            |  4 ++--
 internal/service/attestation/builder_test.go        |  4 ++--
 internal/service/handle/encode_test.go              |  4 ++--
 internal/service/handle/handlers.go                 |  4 ++--
 internal/service/service.go                         |  4 ++--
 internal/util/common.go                             |  8 --------
 internal/util/must/must.go                          |  9 +++++++++
 internal/util/{common_test.go => must/must_test.go} |  6 +++---
 12 files changed, 43 insertions(+), 42 deletions(-)
 delete mode 100644 internal/util/common.go
 create mode 100644 internal/util/must/must.go
 rename internal/util/{common_test.go => must/must_test.go} (62%)

diff --git a/cmd/veil-verify/attestation.go b/cmd/veil-verify/attestation.go
index 59d0b0a..14bb754 100644
--- a/cmd/veil-verify/attestation.go
+++ b/cmd/veil-verify/attestation.go
@@ -23,7 +23,7 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/httpx"
 	"github.com/Amnesic-Systems/veil/internal/nonce"
 	"github.com/Amnesic-Systems/veil/internal/service"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 )
 
 var (
@@ -165,8 +165,8 @@ func toPCR(jsonMsmts []byte) (_ enclave.PCR, err error) {
 	}
 
 	return enclave.PCR{
-		0: util.Must(hex.DecodeString(m.Measurements.PCR0)),
-		1: util.Must(hex.DecodeString(m.Measurements.PCR1)),
-		2: util.Must(hex.DecodeString(m.Measurements.PCR2)),
+		0: must.Get(hex.DecodeString(m.Measurements.PCR0)),
+		1: must.Get(hex.DecodeString(m.Measurements.PCR1)),
+		2: must.Get(hex.DecodeString(m.Measurements.PCR2)),
 	}, nil
 }
diff --git a/cmd/veil/main_test.go b/cmd/veil/main_test.go
index ebea3fe..b18039e 100644
--- a/cmd/veil/main_test.go
+++ b/cmd/veil/main_test.go
@@ -28,7 +28,7 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/service"
 	"github.com/Amnesic-Systems/veil/internal/service/attestation"
 	"github.com/Amnesic-Systems/veil/internal/testutil"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -166,7 +166,7 @@ func TestPages(t *testing.T) {
 		{
 			name: "config with nonce",
 			url: extSrv(service.PathConfig + "?nonce=" +
-				util.Must(nonce.New()).URLEncode(),
+				must.Get(nonce.New()).URLEncode(),
 			),
 			wantBody: `"Debug":false`,
 		},
@@ -195,7 +195,7 @@ func TestEnclaveCodeURI(t *testing.T) {
 	require.Equal(t, http.StatusOK, resp.StatusCode)
 	defer resp.Body.Close()
 
-	body := util.Must(io.ReadAll(resp.Body))
+	body := must.Get(io.ReadAll(resp.Body))
 	require.Contains(t, string(body), codeURI)
 }
 
@@ -268,7 +268,7 @@ func TestAttestation(t *testing.T) {
 		{
 			name:     "valid attestation request",
 			url:      extSrv(service.PathAttestation),
-			nonce:    util.Must(nonce.New()),
+			nonce:    must.Get(nonce.New()),
 			wantCode: http.StatusOK,
 		},
 	}
@@ -451,7 +451,7 @@ func TestRunApp(t *testing.T) {
 				"https://localhost:%d"+service.PathConfig+"?nonce=%s",
 				fd.Name(),
 				defaultExtPort,
-				util.Must(nonce.New()).URLEncode(),
+				must.Get(nonce.New()).URLEncode(),
 			),
 		},
 	}
diff --git a/internal/enclave/nitro/attester_test.go b/internal/enclave/nitro/attester_test.go
index 0fc6ac5..f3f2f37 100644
--- a/internal/enclave/nitro/attester_test.go
+++ b/internal/enclave/nitro/attester_test.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/Amnesic-Systems/veil/internal/enclave"
 	"github.com/Amnesic-Systems/veil/internal/nonce"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 	"github.com/stretchr/testify/require"
 )
 
@@ -31,7 +31,7 @@ func TestNitroAttest(t *testing.T) {
 		{
 			name: "aux info with nonce",
 			aux: &enclave.AuxInfo{
-				Nonce: util.Must(nonce.New()).ToSlice(),
+				Nonce: must.Get(nonce.New()).ToSlice(),
 			},
 		},
 	}
@@ -59,7 +59,7 @@ func TestNitroVerify(t *testing.T) {
 		require.NoError(t, err)
 		return doc
 	}
-	testNonce := util.Must(nonce.New())
+	testNonce := must.Get(nonce.New())
 
 	cases := []struct {
 		name    string
@@ -86,13 +86,13 @@ func TestNitroVerify(t *testing.T) {
 		},
 		{
 			name:    "nonce mismatch",
-			doc:     getDoc(t, util.Must(nonce.New())),
-			nonce:   util.Must(nonce.New()),
+			doc:     getDoc(t, must.Get(nonce.New())),
+			nonce:   must.Get(nonce.New()),
 			wantErr: true,
 		},
 		{
 			name: "no nonce",
-			doc:  getDoc(t, util.Must(nonce.New())),
+			doc:  getDoc(t, must.Get(nonce.New())),
 		},
 		{
 			name:  "valid document and nonce",
diff --git a/internal/httpx/httpx_test.go b/internal/httpx/httpx_test.go
index 4ae877d..b8f12cb 100644
--- a/internal/httpx/httpx_test.go
+++ b/internal/httpx/httpx_test.go
@@ -12,7 +12,7 @@ import (
 
 	"github.com/Amnesic-Systems/veil/internal/errs"
 	"github.com/Amnesic-Systems/veil/internal/nonce"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 )
 
 func TestWaitForSvc(t *testing.T) {
@@ -68,35 +68,35 @@ func TestExtractNonce(t *testing.T) {
 			name: "invalid form",
 			req: &http.Request{
 				// Semicolons aren't allowed in the query.
-				URL: util.Must(url.Parse("https://example.com/endpoint?;")),
+				URL: must.Get(url.Parse("https://example.com/endpoint?;")),
 			},
 			wantErr: errBadForm,
 		},
 		{
 			name: "no nonce",
 			req: &http.Request{
-				URL: util.Must(url.Parse("https://example.com/endpoint?foo=bar")),
+				URL: must.Get(url.Parse("https://example.com/endpoint?foo=bar")),
 			},
 			wantErr: errNoNonce,
 		},
 		{
 			name: "bad nonce format",
 			req: &http.Request{
-				URL: util.Must(url.Parse("https://example.com/endpoint?nonce=%21")),
+				URL: must.Get(url.Parse("https://example.com/endpoint?nonce=%21")),
 			},
 			wantErr: errBadNonceFormat,
 		},
 		{
 			name: "nonce too short",
 			req: &http.Request{
-				URL: util.Must(url.Parse("https://example.com/endpoint?nonce=AAAAAAAAAAAAAA%3D%3D")),
+				URL: must.Get(url.Parse("https://example.com/endpoint?nonce=AAAAAAAAAAAAAA%3D%3D")),
 			},
 			wantErr: errs.InvalidLength,
 		},
 		{
 			name: "valid nonce",
 			req: &http.Request{
-				URL: util.Must(url.Parse("https://example.com/endpoint?nonce=AAAAAAAAAAAAAAAAAAAAAAAAAAA%3D")),
+				URL: must.Get(url.Parse("https://example.com/endpoint?nonce=AAAAAAAAAAAAAAAAAAAAAAAAAAA%3D")),
 			},
 			wantNonce: &nonce.Nonce{},
 		},
diff --git a/internal/service/attestation/aux_test.go b/internal/service/attestation/aux_test.go
index 7b90a17..df15d48 100644
--- a/internal/service/attestation/aux_test.go
+++ b/internal/service/attestation/aux_test.go
@@ -8,12 +8,12 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/enclave"
 	"github.com/Amnesic-Systems/veil/internal/errs"
 	"github.com/Amnesic-Systems/veil/internal/nonce"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 	"github.com/stretchr/testify/require"
 )
 
 func TestGetters(t *testing.T) {
-	n := util.Must(nonce.New())
+	n := must.Get(nonce.New())
 	s := addr.Of(sha256.Sum256([]byte("foo")))
 	h1 := &Hashes{TlsKeyHash: addr.Of(sha256.Sum256([]byte("foo")))}
 	h2 := &Hashes{
diff --git a/internal/service/attestation/builder_test.go b/internal/service/attestation/builder_test.go
index 4d1ada4..98b66e3 100644
--- a/internal/service/attestation/builder_test.go
+++ b/internal/service/attestation/builder_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/enclave/nitro"
 	"github.com/Amnesic-Systems/veil/internal/enclave/noop"
 	"github.com/Amnesic-Systems/veil/internal/nonce"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 	"github.com/stretchr/testify/require"
 )
 
@@ -18,7 +18,7 @@ func TestBuilder(t *testing.T) {
 	if nitro.IsEnclave() {
 		attester = nitro.NewAttester()
 	}
-	nonce1, nonce2 := util.Must(nonce.New()), util.Must(nonce.New())
+	nonce1, nonce2 := must.Get(nonce.New()), must.Get(nonce.New())
 	sha1, sha2 := sha256.Sum256([]byte("foo")), sha256.Sum256([]byte("bar"))
 	hashes1 := &Hashes{TlsKeyHash: addr.Of(sha256.Sum256([]byte("foo")))}
 	hashes2 := &Hashes{TlsKeyHash: addr.Of(sha256.Sum256([]byte("bar")))}
diff --git a/internal/service/handle/encode_test.go b/internal/service/handle/encode_test.go
index ff56b07..b1bf680 100644
--- a/internal/service/handle/encode_test.go
+++ b/internal/service/handle/encode_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/httperr"
 	"github.com/Amnesic-Systems/veil/internal/nonce"
 	"github.com/Amnesic-Systems/veil/internal/service/attestation"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 )
 
 func TestEncodeAndAttest(t *testing.T) {
@@ -44,7 +44,7 @@ func TestEncodeAndAttest(t *testing.T) {
 		},
 		{
 			name:       "everything valid",
-			nonce:      util.Must(nonce.New()),
+			nonce:      must.Get(nonce.New()),
 			wantStatus: http.StatusOK,
 			body:       httperr.New("random error"),
 			wantBody:   `{"error":"random error"}` + "\n",
diff --git a/internal/service/handle/handlers.go b/internal/service/handle/handlers.go
index ced0618..55d2f17 100644
--- a/internal/service/handle/handlers.go
+++ b/internal/service/handle/handlers.go
@@ -13,7 +13,7 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/httperr"
 	"github.com/Amnesic-Systems/veil/internal/httpx"
 	"github.com/Amnesic-Systems/veil/internal/service/attestation"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 )
 
 // Index informs the visitor that this host runs inside an enclave. This is
@@ -62,7 +62,7 @@ func Hashes(hashes *attestation.Hashes) http.HandlerFunc {
 func AppHash(
 	setAppHash func(*[sha256.Size]byte),
 ) http.HandlerFunc {
-	b := util.Must(json.Marshal(&attestation.Hashes{
+	b := must.Get(json.Marshal(&attestation.Hashes{
 		TlsKeyHash: addr.Of(sha256.Sum256([]byte("foo"))),
 		AppKeyHash: addr.Of(sha256.Sum256([]byte("bar"))),
 	}))
diff --git a/internal/service/service.go b/internal/service/service.go
index d05fcc5..93cc765 100644
--- a/internal/service/service.go
+++ b/internal/service/service.go
@@ -19,7 +19,7 @@ import (
 	"github.com/Amnesic-Systems/veil/internal/service/attestation"
 	"github.com/Amnesic-Systems/veil/internal/system"
 	"github.com/Amnesic-Systems/veil/internal/tunnel"
-	"github.com/Amnesic-Systems/veil/internal/util"
+	"github.com/Amnesic-Systems/veil/internal/util/must"
 	"github.com/go-chi/chi/v5"
 )
 
@@ -58,7 +58,7 @@ func Run(
 	extSrv := newExtSrv(config, builder)
 	extSrv.TLSConfig = &tls.Config{
 		Certificates: []tls.Certificate{
-			util.Must(tls.X509KeyPair(cert, key)),
+			must.Get(tls.X509KeyPair(cert, key)),
 		},
 	}
 
diff --git a/internal/util/common.go b/internal/util/common.go
deleted file mode 100644
index a7ec18c..0000000
--- a/internal/util/common.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package util
-
-func Must[T any](v T, err error) T {
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
diff --git a/internal/util/must/must.go b/internal/util/must/must.go
new file mode 100644
index 0000000..316df74
--- /dev/null
+++ b/internal/util/must/must.go
@@ -0,0 +1,9 @@
+package must
+
+// Get returns the value of v if err is nil and panics otherwise.
+func Get[T any](v T, err error) T {
+	if err != nil {
+		panic(err)
+	}
+	return v
+}
diff --git a/internal/util/common_test.go b/internal/util/must/must_test.go
similarity index 62%
rename from internal/util/common_test.go
rename to internal/util/must/must_test.go
index b3ef445..ff35bac 100644
--- a/internal/util/common_test.go
+++ b/internal/util/must/must_test.go
@@ -1,4 +1,4 @@
-package util
+package must
 
 import (
 	"errors"
@@ -10,8 +10,8 @@ import (
 func TestMust(t *testing.T) {
 	t.Parallel()
 
-	require.Equal(t, 1, Must(1, nil))
+	require.Equal(t, 1, Get(1, nil))
 	require.Panics(t, func() {
-		_ = Must("foo", errors.New("an error"))
+		_ = Get("foo", errors.New("an error"))
 	})
 }

From 19b5a0f66ab4fa5df7baca729d2bb8ac9e57070f Mon Sep 17 00:00:00 2001
From: Philipp Winter <phw@amnesic.systems>
Date: Fri, 20 Dec 2024 06:59:05 -0600
Subject: [PATCH 2/2] Add package comment.

---
 internal/util/must/must.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/util/must/must.go b/internal/util/must/must.go
index 316df74..662fd51 100644
--- a/internal/util/must/must.go
+++ b/internal/util/must/must.go
@@ -1,3 +1,4 @@
+// Package must provides functions to perform an action or panic.
 package must
 
 // Get returns the value of v if err is nil and panics otherwise.