Skip to content

Commit

Permalink
snp: cache amd kds requests
Browse files Browse the repository at this point in the history
  • Loading branch information
3u13r committed Jan 2, 2024
1 parent cf7e2a5 commit ae5a52d
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 1 deletion.
45 changes: 45 additions & 0 deletions internal/attestation/snp/cachedClient.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
package snp

import (
"log/slog"

"github.com/edgelesssys/nunki/internal/memstore"
"github.com/google/go-sev-guest/verify/trust"
)

type cachedKDSHTTPClient struct {
trust.HTTPSGetter
logger *slog.Logger

cache *memstore.Store[string, cacheEntry]
}

func NewCachedKDSHTTPClient(log *slog.Logger) *cachedKDSHTTPClient {
trust.DefaultHTTPSGetter()
return &cachedKDSHTTPClient{
HTTPSGetter: trust.DefaultHTTPSGetter(),
logger: log.WithGroup("cached-kds-http-client"),
cache: memstore.New[string, cacheEntry](),
}
}

func (c *cachedKDSHTTPClient) Get(url string) ([]byte, error) {
if cached, ok := c.cache.Get(url); ok {
c.logger.Debug("Get cached", "url", url)
return cached.data, nil
}

c.logger.Debug("Get not cached", "url", url)
res, err := c.HTTPSGetter.Get(url)
if err != nil {
return nil, err
}
c.cache.Set(url, cacheEntry{
data: res,
})
return res, nil
}

type cacheEntry struct {
data []byte
}
7 changes: 6 additions & 1 deletion internal/attestation/snp/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,13 @@ import (
"github.com/google/go-sev-guest/proto/sevsnp"
"github.com/google/go-sev-guest/validate"
"github.com/google/go-sev-guest/verify"
"github.com/google/go-sev-guest/verify/trust"
)

type Validator struct {
validateOptsGen validateOptsGenerator
callbackers []validateCallbacker
kdsGetter trust.HTTPSGetter
logger *slog.Logger
}

Expand Down Expand Up @@ -53,6 +55,7 @@ func NewValidatorWithCallbacks(optsGen validateOptsGenerator, log *slog.Logger,
return &Validator{
validateOptsGen: optsGen,
callbackers: callbacks,
kdsGetter: NewCachedKDSHTTPClient(log),
logger: log.WithGroup("snp-validator"),
}
}
Expand Down Expand Up @@ -85,7 +88,9 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte

// Report signature verification.

verifyOpts := &verify.Options{}
verifyOpts := &verify.Options{
Getter: v.kdsGetter,
}
attestation, err := verify.GetAttestationFromReport(report, verifyOpts)
if err != nil {
return fmt.Errorf("getting attestation from report: %w", err)
Expand Down

0 comments on commit ae5a52d

Please sign in to comment.