chore: async verification

Signed-off-by: Thomas Fossati <[email protected]>
veraison · Jan 16, 2025 · 2817681 · 2817681
1 parent f851340
commit 2817681
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 24 deletions.
diff --git a/rust-keybroker/keybroker-server/src/main.rs b/rust-keybroker/keybroker-server/src/main.rs
@@ -119,26 +119,23 @@ async fn submit_evidence(
     let reference_values = data.args.reference_values.clone();
     let verbosity = data.args.verbosity;
 
-    // We are in an async context, but the verifier client is synchronous, so spawn
-    // it as a blocking task.
-    let handle = task::spawn_blocking(move || {
-        // TODO: In theory, this unwrap() could fail and panic if there are non-printing characters in the content type header.
-        let content_type_str = content_type.to_str().unwrap();
-
-        // TODO: Blind pass-through of content type here. Ideally we should do a friendly check against the set that Veraison supports.
-        verifier::verify_with_veraison_instance(
-            &verifier,
-            content_type_str,
-            &challenge.challenge_id,
-            &challenge.challenge_value,
-            &evidence_bytes,
-            &reference_values,
-            &CcaDiagnostics::new(verbosity),
-        )
-    });
-    let result = handle.await.unwrap();
-
-    match result {
+    // TODO: In theory, this unwrap() could fail and panic if there are non-printing characters in the content type header.
+    let content_type_str = content_type.to_str().unwrap();
+
+    let cca_diagnostic = CcaDiagnostics::new(verbosity);
+
+    // TODO: Blind pass-through of content type here. Ideally we should do a friendly check against the set that Veraison supports.
+    let result = verifier::verify_with_veraison_instance(
+        &verifier,
+        content_type_str,
+        &challenge.challenge_id,
+        &challenge.challenge_value,
+        &evidence_bytes,
+        &reference_values,
+        &cca_diagnostic,
+    );
+
+    match result.await {
         Ok(verified) => {
             // Switch on whether the evidence was successfully verified or not.
             if verified {

diff --git a/rust-keybroker/keybroker-server/src/verifier.rs b/rust-keybroker/keybroker-server/src/verifier.rs
@@ -64,7 +64,7 @@ pub struct Verifier {
     pub root_certificate: Option<PathBuf>,
 }
 
-pub fn verify_with_veraison_instance<DE: EmitDiagnostic>(
+pub async fn verify_with_veraison_instance<DE: EmitDiagnostic>(
     verifier: &Verifier,
     media_type: &str,
     challenge_id: &u32,
@@ -83,7 +83,7 @@ pub fn verify_with_veraison_instance<DE: EmitDiagnostic>(
     let discovery_endpoint = discovery.build()?;
 
     // Quiz the discovery endpoint for the verification endpoint
-    let verification_api = discovery_endpoint.get_verification_api()?;
+    let verification_api = discovery_endpoint.get_verification_api().await?;
 
     // Get the challenge-response endpoint from the verification endpoint
     let relative_endpoint = verification_api.get_api_endpoint("newChallengeResponseSession");
@@ -110,10 +110,12 @@ pub fn verify_with_veraison_instance<DE: EmitDiagnostic>(
 
     let nonce = Nonce::Value(challenge.to_vec());
 
-    let (session_url, _session) = cr.new_session(&nonce)?;
+    let (session_url, _session) = cr.new_session(&nonce).await?;
 
     // Run the challenge-response session
-    let ear_string = cr.challenge_response(evidence, media_type, &session_url)?;
+    let ear_string = cr
+        .challenge_response(evidence, media_type, &session_url)
+        .await?;
 
     // EARs are signed by Veraison. The public verification key is conveyed within the
     // endpoint descriptor that we pulled from the discovery API before. We can grab this