Merge pull request #638 from fortanix/ns/RTE-127

Use updated em-client
fortanix · Sep 3, 2024 · 9bcd71b · 9bcd71b
2 parents 650da2f + e6da699
commit 9bcd71b
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 6 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -54,3 +54,4 @@ nix = { git = "https://github.com/fortanix/nix.git", branch = "raoul/fortanixvme
 rustc-serialize = { git = "https://github.com/fortanix/rustc-serialize.git", branch = "portability" }
 serde = { git = "https://github.com/fortanix/serde.git", branch = "master" }
 vsock = { git = "https://github.com/fortanix/vsock-rs.git", branch = "fortanixvme" }
+em-client = { git = "https://github.com/fortanix/em-client-rust" }
diff --git a/em-app/Cargo.toml b/em-app/Cargo.toml
@@ -11,7 +11,7 @@ keywords = [ "sgx" ]
 
 [dependencies]
 b64-ct = "0.1.0"
-em-client = { version = "3.0.0", default-features = false, features = ["client"] }
+em-client = { version = "4.0.0", default-features = false, features = ["client"] }
 em-node-agent-client = "1.0.0"
 hyper = { version = "0.10", default-features = false }
 mbedtls = { version = "0.12", default-features = false, features = ["rdrand", "std", "ssl"] }

diff --git a/em-app/src/utils.rs b/em-app/src/utils.rs
@@ -16,6 +16,7 @@ use mbedtls::pk::Pk;
 use mbedtls::ssl::Config;
 use mbedtls::ssl::config::{Endpoint, Preset, Transport, AuthMode, Version};
 use mbedtls::x509::{Certificate, Crl};
+use mbedtls::hash::{Md, Type};
 use sdkms::api_model::Blob;
 use uuid::Uuid;
 use url::Url;
@@ -28,13 +29,23 @@ pub fn convert_uuid(api_uuid: Uuid) -> SdkmsUuid {
     SdkmsUuid::from_bytes(*api_uuid.as_bytes())
 }
 
+/// Computes a Sha256 hash of an input
+pub fn compute_sha256(input: &[u8]) -> Result<[u8; 32], String> {
+    let mut digest = [0; 32];
+    Md::hash(Type::Sha256, input, &mut digest)
+        .map_err(|e| format!("Error in calculating digest: {:?}", e))?;
+
+    Ok(digest)
+}
+
 pub fn get_runtime_configuration(
     server: &str,
     port: u16,
     cert: Arc<MbedtlsList<Certificate>>,
     key: Arc<Pk>,
     ca_cert_list: Option<Arc<MbedtlsList<Certificate>>>,
-    ca_crl: Option<Arc<Crl>>
+    ca_crl: Option<Arc<Crl>>,
+    expected_hash: &[u8; 32]
 ) -> Result<models::RuntimeAppConfig, String> {
 
     let mut config = Config::new(Endpoint::Client, Transport::Stream, Preset::Default);
@@ -54,7 +65,7 @@ pub fn get_runtime_configuration(
     let ssl = MbedSSLClient::new_with_sni(Arc::new(config), true, Some(format!("nodes.{}", server)));
     let connector = HttpsConnector::new(ssl);
     let client = Client::try_new_with_connector(&format!("https://{}:{}/v1/runtime/app_configs", server, port), None, connector).map_err(|e| format!("EM SaaS request failed: {:?}", e))?;
-    let response = client.get_runtime_application_config().map_err(|e| format!("Failed requesting workflow config response: {:?}", e))?;
+    let response = client.get_runtime_application_config(expected_hash).map_err(|e| format!("Failed requesting workflow config response: {:?}", e))?;
 
     Ok(response)
 }