From 69c0c8951c37c767f76afe624fe3beadea053454 Mon Sep 17 00:00:00 2001
From: ptrus <peter@u-s.si>
Date: Wed, 8 Jan 2025 13:53:43 +0100
Subject: [PATCH] runtime: Add conditional SGX attestation parsing for
 rofl.Register txs

---
 .changelog/876.feature.md   |  1 +
 analyzer/runtime/extract.go | 39 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/876.feature.md

diff --git a/.changelog/876.feature.md b/.changelog/876.feature.md
new file mode 100644
index 000000000..8b5610953
--- /dev/null
+++ b/.changelog/876.feature.md
@@ -0,0 +1 @@
+runtime: Add conditional SGX attestation parsing for rofl.Register txs
diff --git a/analyzer/runtime/extract.go b/analyzer/runtime/extract.go
index 38441ae2a..e84659ed5 100644
--- a/analyzer/runtime/extract.go
+++ b/analyzer/runtime/extract.go
@@ -17,6 +17,7 @@ import (
 	"github.com/ethereum/go-ethereum/accounts/abi"
 	ethCommon "github.com/ethereum/go-ethereum/common"
 	"github.com/oasisprotocol/oasis-core/go/common/cbor"
+	"github.com/oasisprotocol/oasis-core/go/common/crypto/signature"
 	"github.com/oasisprotocol/oasis-core/go/common/quantity"
 	sdkConfig "github.com/oasisprotocol/oasis-sdk/client-sdk/go/config"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/accounts"
@@ -35,6 +36,7 @@ import (
 	"github.com/oasisprotocol/nexus/analyzer/util/eth"
 	apiTypes "github.com/oasisprotocol/nexus/api/v1/types"
 	"github.com/oasisprotocol/nexus/common"
+	"github.com/oasisprotocol/nexus/coreapi/v24.0/common/node"
 	"github.com/oasisprotocol/nexus/log"
 	"github.com/oasisprotocol/nexus/storage"
 	"github.com/oasisprotocol/nexus/storage/oasis/nodeapi"
@@ -534,7 +536,42 @@ func ExtractRound(blockHeader nodeapi.RuntimeBlockHeader, txrs []nodeapi.Runtime
 					return nil
 				},
 				RoflRegister: func(body *rofl.Register) error {
-					blockTransactionData.Body = body
+					// Serialize the transaction body with enhanced attestation parsing for SGX hardware.
+					// If the CapabilityTEE's hardware type is SGX, attempts to parse the attestation field,
+					// replacing it with a structured SGXAttestation. If parsing fails or the hardware type
+					// is not SGX, the original transaction body is returned unchanged.
+					customSerialize := func(body *rofl.Register) interface{} {
+						// If not SGX attestation, return original body.
+						if uint8(body.EndorsedCapability.CapabilityTEE.Hardware) != uint8(node.TEEHardwareIntelSGX) {
+							return body
+						}
+
+						// Try parsing the SGX Attestation.
+						var sa node.SGXAttestation
+						if err := cbor.Unmarshal(body.EndorsedCapability.CapabilityTEE.Attestation, &sa); err != nil {
+							logger.Error("error unmarshalling SGX attestation", "err", err)
+							return body
+						}
+
+						wrapper := struct {
+							rofl.Register
+							// Override Attestation field.
+							EndorsedCapability struct {
+								CapabilityTEE struct {
+									node.CapabilityTEE
+									Attestation node.SGXAttestation `json:"attestation"`
+								} `json:"capability_tee"`
+								NodeEndorsement signature.Signature `json:"node_endorsement"`
+							} `json:"ect"` //nolint: misspell
+						}{
+							Register: *body,
+						}
+						wrapper.EndorsedCapability.CapabilityTEE.Attestation = sa
+
+						return wrapper
+					}
+
+					blockTransactionData.Body = customSerialize(body)
 					return nil
 				},
 				UnknownMethod: func(methodName string) error {