feat: use wasi-crypto as an optionl wasi feature

Signed-off-by: Richard Zak <[email protected]>
enarx · Dec 23, 2022 · f35243c · f35243c
1 parent 741b2b0
commit f35243c
Show file tree

Hide file tree

Showing 10 changed files with 247 additions and 38 deletions.
diff --git a/.cargo/config b/.cargo/config
@@ -1,5 +1,13 @@
+[env]
+RUST_BACKTRACE = "1"
+WASMTIME_BACKTRACE_DETAILS = "1"
+
+[build]
+target = "wasm32-wasi"
+
 [target.wasm32-wasi]
 rustflags = ["--cfg", "tokio_unstable"]
-runner = ["wasmtime", "run", "--env", "FD_COUNT=4", "--tcplisten", "0.0.0.0:3000", "--"]
+# runner = ["wasmtime", "run", "--env", "FD_COUNT=4", "--tcplisten", "0.0.0.0:3000", "--"]
 # Put this back when Enarx is able to receive TCP configuation from the command line.
 # runner = ["enarx", "run", "--wasmcfgfile", "Enarx.toml"]
+runner = ["/home/rjzak/bin/wasmtime-wasi-crypto", "--wasi-modules", "experimental-wasi-crypto", "--"]
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -65,6 +65,13 @@ tracing = { workspace = true }
 [target.'cfg(not(target_os = "wasi"))'.dependencies]
 tokio = { workspace = true, features = ["rt-multi-thread", "macros"] }
 
+[target.'cfg(target_os = "wasi")'.dependencies]
+wasi-crypto-guest = { git = "https://github.com/WebAssembly/wasi-crypto", branch = "main", optional = true }
+
+[features]
+default = []
+wasi-crypto = ["dep:wasi-crypto-guest"]
+
 [profile.release]
 incremental = false
 codegen-units = 1

diff --git a/crates/attestation/src/crypto/hashing.rs b/crates/attestation/src/crypto/hashing.rs
@@ -0,0 +1,51 @@
+// SPDX-FileCopyrightText: 2022 Profian Inc. <[email protected]>
+// SPDX-License-Identifier: AGPL-3.0-only
+
+use anyhow::Result;
+
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+use anyhow::anyhow;
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+use wasi_crypto_guest::prelude::Hash;
+
+#[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+use sha2::{Digest, Sha256, Sha384};
+
+#[inline]
+pub fn sha256(data: impl AsRef<[u8]>) -> Result<Vec<u8>> {
+    #[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+    return Ok(Hash::hash("SHA-256", data, 32, None).or_else(|_| Err(anyhow!("hash error")))?);
+
+    #[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+    Ok(Sha256::digest(data).as_slice().to_vec())
+}
+
+#[inline]
+pub fn sha384(data: impl AsRef<[u8]>) -> Result<Vec<u8>> {
+    #[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+    return Ok(Hash::hash("SHA-384", data, 48, None).or_else(|_| Err(anyhow!("hash error")))?);
+
+    #[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+    Ok(Sha384::digest(data).as_slice().to_vec())
+}
+
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+#[cfg(test)]
+mod wasi_crypto {
+    use crate::{sha256, sha384};
+    use sha2::Digest;
+
+    const DATA: &[u8] = b"SOME_TEST_DATA";
+
+    #[test]
+    fn test_sha256() {
+        let hash = sha256(DATA).unwrap();
+        assert_eq!(hash, sha2::Sha256::digest(DATA).as_slice());
+    }
+
+    #[test]
+    fn test_sha384() {
+        let hash = sha384(DATA).unwrap();
+        assert_eq!(hash, sha2::Sha384::digest(DATA).as_slice());
+    }
+}
diff --git a/crates/attestation/src/crypto/mod.rs b/crates/attestation/src/crypto/mod.rs
@@ -3,10 +3,12 @@
 
 mod cert;
 mod certreq;
+mod hashing;
 mod pki;
 mod spki;
 
 pub use self::cert::TbsCertificateExt;
 pub use self::certreq::{CertReqExt, CertReqInfoExt};
+pub use self::hashing::{sha256, sha384};
 pub use self::pki::PrivateKeyInfoExt;
 pub use self::spki::SubjectPublicKeyInfoExt;