feat: use wasi-crypto as an optionl wasi feature

Signed-off-by: Richard Zak <[email protected]>

Author: rjzak

.cargo/config

@@ -1,5 +1,13 @@
+[env]
+RUST_BACKTRACE = "1"
+WASMTIME_BACKTRACE_DETAILS = "1"
+
+[build]
+target = "wasm32-wasi"
+
 [target.wasm32-wasi]
 rustflags = ["--cfg", "tokio_unstable"]
-runner = ["wasmtime", "run", "--env", "FD_COUNT=4", "--tcplisten", "0.0.0.0:3000", "--"]
+# runner = ["wasmtime", "run", "--env", "FD_COUNT=4", "--tcplisten", "0.0.0.0:3000", "--"]
 # Put this back when Enarx is able to receive TCP configuation from the command line.
 # runner = ["enarx", "run", "--wasmcfgfile", "Enarx.toml"]
+runner = ["/home/rjzak/bin/wasmtime-wasi-crypto", "--wasi-modules", "experimental-wasi-crypto", "--"]

Cargo.lock

@@ -34,6 +34,9 @@ confargs = { version = "^0.1.3", default-features = false }
 [target.'cfg(not(target_os = "wasi"))'.dependencies]
 tokio = { version = "^1.21.2", features = ["rt-multi-thread", "macros"], default-features = false }
 
+[target.'cfg(target_os = "wasi")'.dependencies]
+wasi-crypto-guest = { git = "https://github.com/WebAssembly/wasi-crypto", branch = "main", optional = true }
+
 [dev-dependencies]
 tower = { version = "^0.4.11", features = ["util"], default-features = false }
 axum = { version = "^0.5.17", default-features = false }
@@ -42,6 +45,10 @@ memoffset = { version = "0.7.1", default-features = false }
 rstest = { version = "0.15", default-features = false }
 testaso = { version = "0.1", default-features = false }
 
+[features]
+default = []
+wasi-crypto = ["dep:wasi-crypto-guest"]
+
 [profile.release]
 incremental = false
 codegen-units = 1

Cargo.toml

@@ -0,0 +1,51 @@
+// SPDX-FileCopyrightText: 2022 Profian Inc. <[email protected]>
+// SPDX-License-Identifier: AGPL-3.0-only
+
+use anyhow::Result;
+
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+use anyhow::anyhow;
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+use wasi_crypto_guest::prelude::Hash;
+
+#[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+use sha2::{Digest, Sha256, Sha384};
+
+#[inline]
+pub fn sha256(data: impl AsRef<[u8]>) -> Result<Vec<u8>> {
+    #[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+    return Ok(Hash::hash("SHA-256", data, 32, None).or_else(|_| Err(anyhow!("hash error")))?);
+
+    #[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+    Ok(Sha256::digest(data).as_slice().to_vec())
+}
+
+#[inline]
+pub fn sha384(data: impl AsRef<[u8]>) -> Result<Vec<u8>> {
+    #[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+    return Ok(Hash::hash("SHA-384", data, 48, None).or_else(|_| Err(anyhow!("hash error")))?);
+
+    #[cfg(any(not(target_os = "wasi"), not(feature = "wasi-crypto")))]
+    Ok(Sha384::digest(data).as_slice().to_vec())
+}
+
+#[cfg(all(target_os = "wasi", feature = "wasi-crypto"))]
+#[cfg(test)]
+mod wasi_crypto {
+    use crate::{sha256, sha384};
+    use sha2::Digest;
+
+    const DATA: &[u8] = b"SOME_TEST_DATA";
+
+    #[test]
+    fn test_sha256() {
+        let hash = sha256(DATA).unwrap();
+        assert_eq!(hash, sha2::Sha256::digest(DATA).as_slice());
+    }
+
+    #[test]
+    fn test_sha384() {
+        let hash = sha384(DATA).unwrap();
+        assert_eq!(hash, sha2::Sha384::digest(DATA).as_slice());
+    }
+}

crates/cryptography/src/ext/hashing.rs

@@ -3,10 +3,12 @@
 
 mod cert;
 mod certreq;
+mod hashing;
 mod pki;
 mod spki;
 
 pub use self::cert::TbsCertificateExt;
 pub use self::certreq::{CertReqExt, CertReqInfoExt};
+pub use self::hashing::{sha256, sha384};
 pub use self::pki::PrivateKeyInfoExt;
 pub use self::spki::SubjectPublicKeyInfoExt;