From ef5eb29a0fd626935c807ba76308367af887f15f Mon Sep 17 00:00:00 2001
From: Philipp Winter <phw@nymity.ch>
Date: Sun, 27 Oct 2024 13:07:48 -0500
Subject: [PATCH 1/3] Use Nitro attester if it's available.

---
 cmd/veil/main_test.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/veil/main_test.go b/cmd/veil/main_test.go
index 6176805..bf10714 100644
--- a/cmd/veil/main_test.go
+++ b/cmd/veil/main_test.go
@@ -221,6 +221,11 @@ func TestReadyHandler(t *testing.T) {
 func TestAttestation(t *testing.T) {
 	defer stopSvc(startSvc(t, withFlags()))
 
+	var attester enclave.Attester = enclave.NewNitroAttester()
+	if !enclave.IsEnclave() {
+		attester = enclave.NewNoopAttester()
+	}
+
 	cases := []struct {
 		name     string
 		url      string
@@ -261,7 +266,7 @@ func TestAttestation(t *testing.T) {
 			require.NoError(t, json.Unmarshal(body, &a))
 
 			// "Verify" the attestation document using our noop attester.
-			aux, err := enclave.NewNoopAttester().Verify(&a, c.nonce)
+			aux, err := attester.Verify(&a, c.nonce)
 			require.NoError(t, err, errFromBody(t, resp))
 
 			// Ensure that the recovered nonce matches what we sent.

From a6bb8e813dd966be6b43468fb25ecf2f26c01c63 Mon Sep 17 00:00:00 2001
From: Philipp Winter <phw@nymity.ch>
Date: Sun, 27 Oct 2024 13:12:14 -0500
Subject: [PATCH 2/3] Allow for overly long nonces.

---
 internal/nonce/nonce.go      | 2 +-
 internal/nonce/nonce_test.go | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/nonce/nonce.go b/internal/nonce/nonce.go
index 09ec21b..5498ee1 100644
--- a/internal/nonce/nonce.go
+++ b/internal/nonce/nonce.go
@@ -47,7 +47,7 @@ func New() (*Nonce, error) {
 
 // FromSlice turns a byte slice into a nonce.
 func FromSlice(s []byte) (*Nonce, error) {
-	if len(s) != Len {
+	if len(s) < Len {
 		return nil, errs.InvalidLength
 	}
 
diff --git a/internal/nonce/nonce_test.go b/internal/nonce/nonce_test.go
index 037d697..726b2eb 100644
--- a/internal/nonce/nonce_test.go
+++ b/internal/nonce/nonce_test.go
@@ -25,9 +25,9 @@ func TestFromSlice(t *testing.T) {
 			wantErr: errs.InvalidLength,
 		},
 		{
-			name:    "too long",
-			in:      append(validSlice, 0),
-			wantErr: errs.InvalidLength,
+			name: "too long",
+			in:   append(validSlice, 0),
+			want: Nonce{1},
 		},
 		{
 			name:    "valid",

From 1adcf6ad8ed551b482c06fb8c33c7acb1bc5d481 Mon Sep 17 00:00:00 2001
From: Philipp Winter <phw@nymity.ch>
Date: Sun, 27 Oct 2024 13:13:52 -0500
Subject: [PATCH 3/3] Improve error message.

---
 internal/nonce/nonce.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/nonce/nonce.go b/internal/nonce/nonce.go
index 5498ee1..602a7d4 100644
--- a/internal/nonce/nonce.go
+++ b/internal/nonce/nonce.go
@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"errors"
+	"fmt"
 	"net/url"
 
 	"github.com/Amnesic-Systems/veil/internal/errs"
@@ -48,7 +49,8 @@ func New() (*Nonce, error) {
 // FromSlice turns a byte slice into a nonce.
 func FromSlice(s []byte) (*Nonce, error) {
 	if len(s) < Len {
-		return nil, errs.InvalidLength
+		return nil, fmt.Errorf("%w: slice len is %d but need at least %d",
+			errs.InvalidLength, len(s), Len)
 	}
 
 	var n Nonce