feat: use wasi-crypto as an optionl wasi feature

Signed-off-by: Richard Zak <richard@profian.com>
enarx · Oct 13, 2022 · 047f6d8 · 047f6d8
1 parent 97f363d
commit 047f6d8
Show file tree

Hide file tree

Showing 9 changed files with 227 additions and 32 deletions.
diff --git a/.cargo/config b/.cargo/config
@@ -1,3 +1,11 @@
+[env]
+RUST_BACKTRACE = "1"
+WASMTIME_BACKTRACE_DETAILS = "1"
+
+[build]
+target = "wasm32-wasi"
+
 [target.wasm32-wasi]
 rustflags = ["--cfg", "tokio_unstable"]
-runner = ["enarx", "run", "--wasmcfgfile", "Enarx.toml"]
+# runner = ["./enarx", "run", "--wasmcfgfile", "Enarx.toml"]
+runner = ["/home/rjzak/bin/wasmtime-wasi-crypto", "--wasi-modules", "experimental-wasi-crypto", "--"]
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -43,6 +43,9 @@ confargs = "^0.1.3"
 [target.'cfg(not(target_os = "wasi"))'.dependencies]
 tokio = { version = "^1.21.2", features = ["rt-multi-thread", "macros"] }
 
+[target.'cfg(target_os = "wasi")'.dependencies]
+wasi-crypto-guest = { git = "https://github.com/WebAssembly/wasi-crypto", branch = "main", optional = true }
+
 [dev-dependencies]
 tower = { version = "^0.4.11", features = ["util"] }
 axum = "^0.5.16"
@@ -51,6 +54,10 @@ memoffset = "0.6.4"
 rstest = "0.15"
 testaso = "0.1"
 
+[features]
+default = []
+wasi-crypto = ["dep:wasi-crypto-guest"]
+
 [profile.release]
 incremental = false
 codegen-units = 1

diff --git a/rust-toolchain.toml b/rust-toolchain.toml
@@ -1,5 +1,5 @@
 [toolchain]
-channel = "stable"
+channel = "nightly"
 components = [ "rustfmt", "clippy" ]
 profile = "minimal"
 targets = [ "wasm32-wasi", "x86_64-unknown-linux-musl" ]
diff --git a/src/crypto/hashing.rs b/src/crypto/hashing.rs
@@ -0,0 +1,51 @@
+// SPDX-FileCopyrightText: 2022 Profian Inc. <opensource@profian.com>
+// SPDX-License-Identifier: AGPL-3.0-only
+
+use anyhow::Result;
+
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+use anyhow::anyhow;
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+use wasi_crypto_guest::prelude::Hash;
+
+#[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+use sha2::{Digest, Sha256, Sha384};
+
+#[inline]
+pub fn sha256(data: impl AsRef<[u8]>) -> Result<Vec<u8>> {
+ #[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+ return Ok(Hash::hash("SHA-256", data, 32, None).or_else(|_| Err(anyhow!("hash error")))?);
+
+ #[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+ Ok(Sha256::digest(data).as_slice().to_vec())
+}
+
+#[inline]
+pub fn sha384(data: impl AsRef<[u8]>) -> Result<Vec<u8>> {
+ #[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+ return Ok(Hash::hash("SHA-384", data, 48, None).or_else(|_| Err(anyhow!("hash error")))?);
+
+ #[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+ Ok(Sha384::digest(data).as_slice().to_vec())
+}
+
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+#[cfg(test)]
+mod wasi_crypto {
+ use crate::{sha256, sha384};
+ use sha2::Digest;
+
+ const DATA: &[u8] = b"SOME_TEST_DATA";
+
+ #[test]
+ fn test_sha256() {
+ let hash = sha256(DATA).unwrap();
+ assert_eq!(hash, sha2::Sha256::digest(DATA).as_slice());
+ }
+
+ #[test]
+ fn test_sha384() {
+ let hash = sha384(DATA).unwrap();
+ assert_eq!(hash, sha2::Sha384::digest(DATA).as_slice());
+ }
+}
diff --git a/src/crypto/mod.rs b/src/crypto/mod.rs
@@ -3,10 +3,12 @@
 
 mod cert;
 mod certreq;
+mod hashing;
 mod pki;
 mod spki;
 
 pub use self::cert::TbsCertificateExt;
 pub use self::certreq::{CertReqExt, CertReqInfoExt};
+pub use self::hashing::{sha256, sha384};
 pub use self::pki::PrivateKeyInfoExt;
 pub use self::spki::SubjectPublicKeyInfoExt;