attestation: align SNP validator

This aligns the code structure and error messages of the SNP validator to those of the TDX validator.
edgelesssys · Jul 30, 2024 · f8c3549 · f8c3549
1 parent 971a8e1
commit f8c3549
Showing 1 changed file with 14 additions and 12 deletions.
diff --git a/internal/attestation/snp/validator.go b/internal/attestation/snp/validator.go
@@ -65,14 +65,11 @@ func NewValidator(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, lo
 }
 
 // NewValidatorWithCallbacks returns a new Validator with callbacks.
-func NewValidatorWithCallbacks(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, log *slog.Logger, attestataionFailures prometheus.Counter, callbacks ...validateCallbacker) *Validator {
-	return &Validator{
-		validateOptsGen: optsGen,
-		callbackers:     callbacks,
-		kdsGetter:       kdsGetter,
-		logger:          log,
-		metrics:         metrics{attestationFailures: attestataionFailures},
-	}
+func NewValidatorWithCallbacks(optsGen validateOptsGenerator, kdsGetter trust.HTTPSGetter, log *slog.Logger, attestationFailures prometheus.Counter, callbacks ...validateCallbacker) *Validator {
+	v := NewValidator(optsGen, kdsGetter, log)
+	v.callbackers = callbacks
+	v.metrics = metrics{attestationFailures: attestationFailures}
+	return v
 }
 
 // OID returns the OID of the validator.
@@ -96,40 +93,45 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte
 
 	attestation := &sevsnp.Attestation{}
 	if err := proto.Unmarshal(attDocRaw, attestation); err != nil {
-		return fmt.Errorf("unmarshalling attestation: %w", err)
+		return fmt.Errorf("unmarshaling attestation: %w", err)
 	}
 
 	if attestation.Report == nil {
 		return fmt.Errorf("attestation missing report")
 	}
 	reportRaw, err := abi.ReportToAbiBytes(attestation.Report)
 	if err != nil {
-		return fmt.Errorf("converting report to abi: %w", err)
+		return fmt.Errorf("converting report to abi format: %w", err)
 	}
 	v.logger.Info("Report decoded", "reportRaw", hex.EncodeToString(reportRaw))
 
+	// Build the verification options.
+
 	verifyOpts := verify.DefaultOptions()
 	// TODO(Freax13): We won't need this once https://github.com/google/go-sev-guest/pull/127 is merged.
 	verifyOpts.TrustedRoots = trustedRoots()
 	verifyOpts.Product = attestation.Product
 	verifyOpts.CheckRevocations = true
 	verifyOpts.Getter = v.kdsGetter
 
-	// Report signature verification.
+	// Verify the report signature.
 
 	if err := verify.SnpAttestation(attestation, verifyOpts); err != nil {
 		return fmt.Errorf("verifying report: %w", err)
 	}
 	v.logger.Info("Successfully verified report signature")
 
-	// Validate the report data.
+	// Build the validation options.
 
 	reportDataExpected := reportdata.Construct(peerPublicKey, nonce)
 	validateOpts, err := v.validateOptsGen.SNPValidateOpts(attestation.Report)
 	if err != nil {
 		return fmt.Errorf("generating validation options: %w", err)
 	}
 	validateOpts.ReportData = reportDataExpected[:]
+
+	// Validate the report data.
+
 	if err := validate.SnpAttestation(attestation, validateOpts); err != nil {
 		return fmt.Errorf("validating report claims: %w", err)
 	}