Merge pull request #6233 from oasisprotocol/kostko/feature/sgx-pcs-tcb-evalnums-cache

kostko · web-flow · commit 0268ef87509a · 2025-06-19T21:29:28.000+02:00
go/common/sgx: Also cache TCB evaluation data numbers
diff --git a/.changelog/6233.trivial.md b/.changelog/6233.trivial.md
diff --git a/go/common/sgx/pcs/cache.go b/go/common/sgx/pcs/cache.go
@@ -11,12 +11,21 @@ import (
 )
 
 const (
-	tcbCacheKey = "tcb_bundle_cache"
+	tcbBundleCacheKeyPrefix                = "tcb_bundle_cache"
+	tcbEvaluationDataNumbersCacheKeyPrefix = "tcb_evaluation_data_numbers_cache"
 
 	tcbCacheRefreshThreshold    = 14 * 24 * time.Hour
 	tcbCacheSlowRefreshInterval = 24 * time.Hour
 )
 
+func tcbBundleCacheKey(teeType TeeType) []byte {
+	return []byte(fmt.Sprintf("%s.%d", tcbBundleCacheKeyPrefix, teeType))
+}
+
+func tcbEvaluationDataNumbersCacheKey(teeType TeeType) []byte {
+	return []byte(fmt.Sprintf("%s.%d", tcbEvaluationDataNumbersCacheKeyPrefix, teeType))
+}
+
 func readBundleMinTimestamp(bundle *TCBBundle) (time.Time, error) {
 	var err error
 	var info TCBInfo
@@ -50,18 +59,57 @@ type tcbBundleCache struct {
 	LastUpdate     time.Time  `json:"last_update"`
 }
 
+type tcbEvaluationDataNumbersCache struct {
+	Numbers    []uint32  `json:"numbers"`
+	LastUpdate time.Time `json:"last_update"`
+}
+
 type tcbCache struct {
 	serviceStore *persistent.ServiceStore
 	logger       *logging.Logger
 	now          func() time.Time
 }
 
-func (tc *tcbCache) check(fmspc []byte) (*TCBBundle, bool) {
+func (tc *tcbCache) checkEvaluationDataNumbers(teeType TeeType) ([]uint32, bool) {
+	var stored tcbEvaluationDataNumbersCache
+	switch err := tc.serviceStore.GetCBOR(tcbEvaluationDataNumbersCacheKey(teeType), &stored); err {
+	case nil:
+		// No error, continues below.
+	case persistent.ErrNotFound:
+		// Not cached yet. Not an error, but needs refresh.
+		return nil, true
+	default:
+		// Can't get it... an error, but we can still try downloading it.
+		tc.logger.Warn("error checking common store for cached TCB evaluation data numbers",
+			"err", err,
+		)
+		return nil, true
+	}
+
+	now := tc.now()
+	delta := now.Sub(stored.LastUpdate)
+	refresh := delta > tcbCacheSlowRefreshInterval
+	return stored.Numbers, refresh
+}
+
+func (tc *tcbCache) cacheEvaluationDataNumbers(teeType TeeType, numbers []uint32) {
+	cached := tcbEvaluationDataNumbersCache{
+		Numbers:    numbers,
+		LastUpdate: tc.now(),
+	}
+	if err := tc.serviceStore.PutCBOR(tcbEvaluationDataNumbersCacheKey(teeType), cached); err != nil {
+		tc.logger.Error("could not store new TCB evaluation data numbers to cache, ignoring",
+			"err", err,
+		)
+	}
+}
+
+func (tc *tcbCache) checkBundle(teeType TeeType, fmspc []byte) (*TCBBundle, bool) {
 	var err error
 
 	// Check if we have a copy in the local store.
 	var stored tcbBundleCache
-	switch err = tc.serviceStore.GetCBOR([]byte(tcbCacheKey), &stored); err {
+	switch err = tc.serviceStore.GetCBOR(tcbBundleCacheKey(teeType), &stored); err {
 	case nil:
 		// No error, continues below.
 	case persistent.ErrNotFound:
@@ -97,7 +145,7 @@ func (tc *tcbCache) check(fmspc []byte) (*TCBBundle, bool) {
 	return stored.Bundle, refresh
 }
 
-func (tc *tcbCache) cache(tcbBundle *TCBBundle, fmspc []byte) {
+func (tc *tcbCache) cacheBundle(teeType TeeType, tcbBundle *TCBBundle, fmspc []byte) {
 	expectedExpiry, err := readBundleMinTimestamp(tcbBundle)
 	if err != nil {
 		tc.logger.Error("could not determine next update timestamp from TCB bundle",
@@ -112,25 +160,42 @@ func (tc *tcbCache) cache(tcbBundle *TCBBundle, fmspc []byte) {
 		ExpectedExpiry: expectedExpiry,
 		LastUpdate:     tc.now(),
 	}
-	if err = tc.serviceStore.PutCBOR([]byte(tcbCacheKey), cached); err != nil {
+	if err = tc.serviceStore.PutCBOR(tcbBundleCacheKey(teeType), cached); err != nil {
 		tc.logger.Error("could not store new TCB bundle to cache, ignoring",
 			"err", err,
 		)
 	}
 }
 
+func (tc *tcbCache) migrate() {
+	// Migrate any old (without TEE type) cached entries.
+	var stored tcbBundleCache
+	switch err := tc.serviceStore.GetCBOR([]byte(tcbBundleCacheKeyPrefix), &stored); err {
+	case nil:
+		// No error, migrate. Any errors during migration are ignored as this is a cache.
+		_ = tc.serviceStore.PutCBOR(tcbBundleCacheKey(TeeTypeSGX), stored)
+		_ = tc.serviceStore.Delete([]byte(tcbBundleCacheKeyPrefix))
+	default:
+		// No migration needed.
+	}
+}
+
 func newTcbCache(serviceStore *persistent.ServiceStore, logger *logging.Logger) *tcbCache {
-	return &tcbCache{
+	tc := &tcbCache{
 		serviceStore: serviceStore,
 		logger:       logger,
 		now:          time.Now,
 	}
+	tc.migrate()
+	return tc
 }
 
 func newMockTcbCache(serviceStore *persistent.ServiceStore, logger *logging.Logger, now func() time.Time) *tcbCache {
-	return &tcbCache{
+	tc := &tcbCache{
 		serviceStore: serviceStore,
 		logger:       logger,
 		now:          now,
 	}
+	tc.migrate()
+	return tc
 }
diff --git a/go/common/sgx/pcs/cache_test.go b/go/common/sgx/pcs/cache_test.go
@@ -25,12 +25,17 @@ func (ft *fakeTime) get() time.Time {
 func testStorageRoundtrip(t *testing.T, store *persistent.ServiceStore, bundle *TCBBundle) {
 	require := require.New(t)
 	fmspc := []byte("fmspc")
+	numbers := []uint32{17, 18, 19}
 
 	tcbCache := newMockTcbCache(store, logging.GetLogger(loggerModule), time.Now)
-	tcbCache.cache(bundle, fmspc)
+	tcbCache.cacheBundle(TeeTypeSGX, bundle, fmspc)
+	tcbCache.cacheEvaluationDataNumbers(TeeTypeSGX, numbers)
 
-	cached, _ := tcbCache.check(fmspc)
-	require.EqualValues(cached, bundle, "tcbCache.check")
+	cachedBundle, _ := tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.EqualValues(cachedBundle, bundle, "tcbCache.checkBundle")
+
+	cachedNumbers, _ := tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.EqualValues(cachedNumbers, numbers, "tcbCache.checkEvaluationDataNumbers")
 }
 
 func testFMSPCInvalidation(t *testing.T, store *persistent.ServiceStore, bundle *TCBBundle) {
@@ -47,18 +52,18 @@ func testFMSPCInvalidation(t *testing.T, store *persistent.ServiceStore, bundle
 	var refresh bool
 
 	// Cache initial and check.
-	tcbCache.cache(bundle, fmspc)
-	cached, refresh = tcbCache.check(fmspc)
+	tcbCache.cacheBundle(TeeTypeSGX, bundle, fmspc)
+	cached, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
 	require.NotNil(cached, "tcbCache.check 1")
 	require.False(refresh, "tcbCache.check 1")
 
 	// Check again with bogus fmspc; shouldn't return anything
 	// but should still be available.
-	cached, refresh = tcbCache.check([]byte("different"))
+	cached, refresh = tcbCache.checkBundle(TeeTypeSGX, []byte("different"))
 	require.Nil(cached, "tcbCache.check 2")
 	require.True(refresh, "tcbCache.check 2")
 
-	cached, refresh = tcbCache.check(fmspc)
+	cached, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
 	require.NotNil(cached, "tcbCache.check 3")
 	require.False(refresh, "tcbCache.check 3")
 }
@@ -75,54 +80,81 @@ func testCheckIntervals(t *testing.T, store *persistent.ServiceStore, bundle *TC
 	tcbCache := newMockTcbCache(store, logging.GetLogger(loggerModule), timer.get)
 
 	// Initially, always needs to be refreshed.
-	cache, refresh := tcbCache.check(fmspc)
-	require.Nil(cache, "tcbCache.check pre-cache")
-	require.True(refresh, "tcbCache.check pre-cache")
+	cache, refresh := tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.Nil(cache, "tcbCache.checkBundle pre-cache")
+	require.True(refresh, "tcbCache.checkBundle pre-cache")
+
+	cachedNumbers, refresh := tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.Nil(cachedNumbers, "tcbCache.checkEvaluationDataNumbers pre-cache")
+	require.True(refresh, "tcbCache.checkEvaluationDataNumbers pre-cache")
 
 	// Cache it, pretend it's a day before the first check will need to be performed.
 	timer.now = expiryTime.Add(-(tcbCacheRefreshThreshold + 24*time.Hour))
-	tcbCache.cache(bundle, fmspc)
+	tcbCache.cacheBundle(TeeTypeSGX, bundle, fmspc)
+	tcbCache.cacheEvaluationDataNumbers(TeeTypeSGX, []uint32{17, 18, 19})
 
 	// An hour after the initial cache, shouldn't be refreshed.
 	timer.now = timer.now.Add(time.Hour)
-	cache, refresh = tcbCache.check(fmspc)
-	require.NotNil(cache, "tcbCache.check 1")
-	require.False(refresh, "tcbCache.check 1")
+	cache, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.NotNil(cache, "tcbCache.checkBundle 1")
+	require.False(refresh, "tcbCache.checkBundle 1")
+
+	cachedNumbers, refresh = tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.NotNil(cachedNumbers, "tcbCache.checkEvaluationDataNumbers 1")
+	require.False(refresh, "tcbCache.checkEvaluationDataNumbers 1")
 
 	// Another day later, we're in the slow refresh cycle. First check should refresh.
 	// Advance by 25 hours, because 24 would still be within the slow refresh interval.
 	timer.now = timer.now.Add(25 * time.Hour)
-	cache, refresh = tcbCache.check(fmspc)
-	require.NotNil(cache, "tcbCache.check 2")
-	require.True(refresh, "tcbCache.check 2")
-	tcbCache.cache(bundle, fmspc)
+	cache, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.NotNil(cache, "tcbCache.checkBundle 2")
+	require.True(refresh, "tcbCache.checkBundle 2")
+	tcbCache.cacheBundle(TeeTypeSGX, bundle, fmspc)
+
+	cachedNumbers, refresh = tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.NotNil(cachedNumbers, "tcbCache.checkEvaluationDataNumbers 2")
+	require.True(refresh, "tcbCache.checkEvaluationDataNumbers 2")
+	tcbCache.cacheEvaluationDataNumbers(TeeTypeSGX, []uint32{17, 18, 19})
 
 	// An hour later, don't check again.
 	timer.now = timer.now.Add(time.Hour)
-	cache, refresh = tcbCache.check(fmspc)
-	require.NotNil(cache, "tcbCache.check 3")
-	require.False(refresh, "tcbCache.check 3")
+	cache, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.NotNil(cache, "tcbCache.checkBundle 3")
+	require.False(refresh, "tcbCache.checkBundle 3")
+
+	cachedNumbers, refresh = tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.NotNil(cachedNumbers, "tcbCache.checkEvaluationDataNumbers 3")
+	require.False(refresh, "tcbCache.checkEvaluationDataNumbers 3")
 
 	// 22 hours later, still don't check (within slow refresh interval).
 	// Two hours after that, do check.
 	timer.now = timer.now.Add(22 * time.Hour)
-	cache, refresh = tcbCache.check(fmspc)
-	require.NotNil(cache, "tcbCache.check 4")
-	require.False(refresh, "tcbCache.check 4")
+	cache, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.NotNil(cache, "tcbCache.checkBundle 4")
+	require.False(refresh, "tcbCache.checkBundle 4")
+
+	cachedNumbers, refresh = tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.NotNil(cachedNumbers, "tcbCache.checkEvaluationDataNumbers 4")
+	require.False(refresh, "tcbCache.checkEvaluationDataNumbers 4")
 
 	timer.now = timer.now.Add(2 * time.Hour)
-	cache, refresh = tcbCache.check(fmspc)
-	require.NotNil(cache, "tcbCache.check 5")
-	require.True(refresh, "tcbCache.check 5")
-	tcbCache.cache(bundle, fmspc)
+	cache, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
+	require.NotNil(cache, "tcbCache.checkBundle 5")
+	require.True(refresh, "tcbCache.checkBundle 5")
+	tcbCache.cacheBundle(TeeTypeSGX, bundle, fmspc)
+
+	cachedNumbers, refresh = tcbCache.checkEvaluationDataNumbers(TeeTypeSGX)
+	require.NotNil(cachedNumbers, "tcbCache.checkEvaluationDataNumbers 5")
+	require.True(refresh, "tcbCache.checkEvaluationDataNumbers 5")
+	tcbCache.cacheEvaluationDataNumbers(TeeTypeSGX, []uint32{17, 18, 19})
 
 	// After the bundle expires, check all the time.
 	timer.now = expiryTime
 	for i := 0; i < 4; i++ {
-		cache, refresh = tcbCache.check(fmspc)
-		require.NotNil(cache, "tcbCache.check loop")
-		require.True(refresh, "tcbCache.check loop")
-		tcbCache.cache(bundle, fmspc)
+		cache, refresh = tcbCache.checkBundle(TeeTypeSGX, fmspc)
+		require.NotNil(cache, "tcbCache.checkBundle loop")
+		require.True(refresh, "tcbCache.checkBundle loop")
+		tcbCache.cacheBundle(TeeTypeSGX, bundle, fmspc)
 		timer.now = timer.now.Add(time.Hour)
 	}
 }
@@ -169,7 +201,8 @@ func TestTCBCache(t *testing.T) {
 	} {
 		t.Run(name, func(t *testing.T) {
 			fun(t, store, &tcbBundle)
-			_ = store.Delete([]byte(tcbCacheKey))
+			_ = store.Delete(tcbBundleCacheKey(TeeTypeSGX))
+			_ = store.Delete(tcbEvaluationDataNumbersCacheKey(TeeTypeSGX))
 		})
 	}
 }
diff --git a/go/common/sgx/pcs/service.go b/go/common/sgx/pcs/service.go
@@ -100,21 +100,23 @@ func (qs *cachingQuoteService) ResolveQuote(ctx context.Context, rawQuote []byte
 		return nil, fmt.Errorf("PCK verification failed: %w", err)
 	}
 
+	teeType := quote.Header().TeeType()
+
 	// Verify the quote so we can catch errors early (the runtime and later consensus layer will
 	// also do their own verification).
 	getTcbBundle := func(tcbEvaluationDataNumber uint32) (*TCBBundle, error) {
 		var fresh *TCBBundle
 
-		cached, refresh := qs.cache.check(pckInfo.FMSPC)
+		cached, refresh := qs.cache.checkBundle(teeType, pckInfo.FMSPC)
 		if refresh {
-			if fresh, err = qs.client.GetTCBBundle(ctx, quote.Header().TeeType(), pckInfo.FMSPC, tcbEvaluationDataNumber); err != nil {
+			if fresh, err = qs.client.GetTCBBundle(ctx, teeType, pckInfo.FMSPC, tcbEvaluationDataNumber); err != nil {
 				qs.logger.Warn("error downloading TCB refresh",
 					"err", err,
 					"tcb_evaluation_data_number", tcbEvaluationDataNumber,
 				)
 			}
 			if err = qs.verifyBundle(quote, quotePolicy, fresh, "fresh"); err == nil {
-				qs.cache.cache(fresh, pckInfo.FMSPC)
+				qs.cache.cacheBundle(teeType, fresh, pckInfo.FMSPC)
 				return fresh, nil
 			}
 			qs.logger.Warn("error verifying downloaded TCB refresh",
@@ -137,7 +139,7 @@ func (qs *cachingQuoteService) ResolveQuote(ctx context.Context, rawQuote []byte
 		}
 
 		// If not downloaded yet this time round, try forcing. Any errors are fatal.
-		if fresh, err = qs.client.GetTCBBundle(ctx, quote.Header().TeeType(), pckInfo.FMSPC, tcbEvaluationDataNumber); err != nil {
+		if fresh, err = qs.client.GetTCBBundle(ctx, teeType, pckInfo.FMSPC, tcbEvaluationDataNumber); err != nil {
 			qs.logger.Warn("error downloading TCB",
 				"err", err,
 				"tcb_evaluation_data_number", tcbEvaluationDataNumber,
@@ -147,15 +149,22 @@ func (qs *cachingQuoteService) ResolveQuote(ctx context.Context, rawQuote []byte
 		if err = qs.verifyBundle(quote, quotePolicy, fresh, "downloaded"); err != nil {
 			return nil, err
 		}
-		qs.cache.cache(fresh, pckInfo.FMSPC)
+		qs.cache.cacheBundle(teeType, fresh, pckInfo.FMSPC)
 		return fresh, nil
 	}
 
 	// Fetch a list of all available TCB evaluation data numbers and try one by one.
-	var tcbEvaluationDataNumbers []uint32
-	tcbEvaluationDataNumbers, err = qs.client.GetTCBEvaluationDataNumbers(ctx, quote.Header().TeeType())
-	if err != nil {
-		return nil, err
+	tcbEvaluationDataNumbers, refresh := qs.cache.checkEvaluationDataNumbers(teeType)
+	if refresh {
+		tcbEvaluationDataNumbers, err = qs.client.GetTCBEvaluationDataNumbers(ctx, teeType)
+		switch err {
+		case nil:
+			qs.cache.cacheEvaluationDataNumbers(teeType, tcbEvaluationDataNumbers)
+		default:
+			qs.logger.Warn("error downloading TCB evaluation data numbers",
+				"err", err,
+			)
+		}
 	}
 	// Ensure they are sorted from highest to lowest.
 	slices.SortFunc(tcbEvaluationDataNumbers, func(a, b uint32) int {
@@ -171,6 +180,9 @@ func (qs *cachingQuoteService) ResolveQuote(ctx context.Context, rawQuote []byte
 	if err != nil {
 		return nil, err
 	}
+	if tcbBundle == nil {
+		return nil, fmt.Errorf("failed to fetch any valid TCB bundles")
+	}
 
 	// Prepare quote structure.
 	return &QuoteBundle{
