Changing fn fetch_vcek_from_kds() to async

Per Ding's feedback, I'm testing the use of reqwest asynchronously with get instead of the earlier used blocking version. Signed-off-by: Adithya Krishnan Kannan <[email protected]>
confidential-containers · Nov 19, 2024 · 4699c1a · 4699c1a
1 parent 8923b11
commit 4699c1a
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 32 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,7 +36,7 @@ jsonwebtoken = { version = "9", default-features = false }
 log = "0.4.17"
 prost = "0.12"
 regorus = { version = "0.1.5", default-features = false, features = ["regex", "base64", "time"] }
-reqwest = { version = "0.12", default-features = false, features = ["default-tls", "blocking"] }
+reqwest = { version = "0.12", default-features = false, features = ["default-tls"] }
 rstest = "0.18.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.132"

diff --git a/deps/verifier/src/snp/mod.rs b/deps/verifier/src/snp/mod.rs
@@ -14,10 +14,7 @@ use openssl::{
     sha::sha384,
     x509::{self, X509},
 };
-use reqwest::{
-    blocking::{get, Response as ReqwestResponse},
-    StatusCode,
-};
+use reqwest::{get, Response as ReqwestResponse, StatusCode};
 use serde_json::json;
 use sev::firmware::guest::AttestationReport;
 use sev::firmware::host::{CertTableEntry, CertType};
@@ -94,7 +91,7 @@ impl Verifier for Snp {
 
         let cert_chain = match cert_chain {
             Some(chain) if !chain.is_empty() => chain,
-            _ => fetch_vcek_from_kds(report)?,
+            _ => fetch_vcek_from_kds(report).await?,
         };
 
         verify_report_signature(&report, &cert_chain, &self.vendor_certs)?;
@@ -316,8 +313,8 @@ fn get_common_name(cert: &x509::X509) -> Result<String> {
     Ok(e.data().as_utf8()?.to_string())
 }
 
-// Function to request vcek from KDS. Return vcek in der format.
-fn fetch_vcek_from_kds(att_report: AttestationReport) -> Result<Vec<CertTableEntry>> {
+/// Function to request vcek from KDS asynchronously. Return vcek in der format.
+async fn fetch_vcek_from_kds(att_report: AttestationReport) -> Result<Vec<CertTableEntry>> {
     // Use attestation report to get data for URL
     let hw_id: String = hex::encode(att_report.chip_id);
 
@@ -330,12 +327,17 @@ fn fetch_vcek_from_kds(att_report: AttestationReport) -> Result<Vec<CertTableEnt
         att_report.reported_tcb.microcode
     );
     // VCEK in DER format
-    let vcek_rsp: ReqwestResponse = get(vcek_url).context("Unable to send request for VCEK")?;
+    let vcek_rsp: ReqwestResponse = get(vcek_url)
+        .await
+        .context("Unable to send request for VCEK")?;
 
     match vcek_rsp.status() {
         StatusCode::OK => {
-            let vcek_rsp_bytes: Vec<u8> =
-                vcek_rsp.bytes().context("Unable to parse VCEK")?.to_vec();
+            let vcek_rsp_bytes: Vec<u8> = vcek_rsp
+                .bytes()
+                .await
+                .context("Unable to parse VCEK")?
+                .to_vec();
             let key = CertTableEntry {
                 cert_type: CertType::VCEK,
                 data: vcek_rsp_bytes,