make Attest an async trait (#360)

this was motivated by excising `rt` from `AttestSledAgent`, and after looking at uses of Attest elsewhere I think we don't really have much reason to keep the sync interfaces around. this pairs with a change in `vm-attest`, both end up in propolis.

I haven't actually tried to pull this into sprockets but this makes AttestIpcc now Send so this when this gets crank-turned over in sprockets we can take a swing at `get_attest_data()` over in `tls/src/keys.rs` there!

Author: iximeow

Cargo.lock

@@ -14,6 +14,7 @@ resolver = "2"
 
 [workspace.dependencies]
 anyhow = { version = "1.0.100", default-features = false }
+async-trait = "0.1.89"
 attest.path = "attest"
 chrono = { version = "0.4.42", default-features=false }
 clap = { version = "4.5.51", features = ["derive", "env"] }

Cargo.toml

@@ -26,6 +26,7 @@ tempfile.workspace = true
 dice-verifier.path = "../verifier"
 x509-cert = { workspace = true, default-features = true }
 serde_json.workspace = true
+tokio = { workspace = true, features = ["full"] }
 
 [features]
 ipcc = ["dice-verifier/ipcc"]

verifier-cli/Cargo.toml

@@ -33,7 +33,7 @@ fn get_attest(interface: Interface, log: &Logger) -> Result<Box<dyn Attest>> {
     slog::info!(log, "attesting via {interface:?}");
     match interface {
         #[cfg(feature = "ipcc")]
-        Interface::Ipcc => Ok(Box::new(AttestIpcc::new()?)),
+        Interface::Ipcc => Ok(Box::new(AttestIpcc::new())),
         Interface::Rot => Ok(Box::new(AttestHiffy::new(AttestTask::Rot))),
         #[cfg(feature = "sled-agent")]
         Interface::SledAgent(addr) => {
@@ -205,7 +205,8 @@ impl fmt::Display for Encoding {
     }
 }
 
-fn main() -> Result<()> {
+#[tokio::main(flavor = "current_thread")]
+async fn main() -> Result<()> {
     let args = Args::parse();
 
     let stderr_decorator = slog_term::TermDecorator::new().build();
@@ -246,6 +247,7 @@ fn main() -> Result<()> {
                 Nonce::try_from(nonce).context("Nonce from file contents")?;
             let attestation = attest
                 .attest(&nonce)
+                .await
                 .context("Getting attestation with provided Nonce")?;
 
             // serialize attestation to json & write to file
@@ -261,6 +263,7 @@ fn main() -> Result<()> {
         AttestCommand::CertChain => {
             let cert_chain = attest
                 .get_certificates()
+                .await
                 .context("Getting attestation certificate chain")?;
 
             for cert in cert_chain {
@@ -277,6 +280,7 @@ fn main() -> Result<()> {
         AttestCommand::Log => {
             let log = attest
                 .get_measurement_log()
+                .await
                 .context("Getting attestation measurement log")?;
             let mut log = serde_json::to_string(&log)
                 .context("Encode measurement log as JSON")?;
@@ -311,13 +315,16 @@ fn main() -> Result<()> {
             // Use the directory provided by the caller to hold intermediate
             // files, or fall back to a temp dir.
             let platform_id = match work_dir {
-                Some(w) => verify(
-                    attest.as_ref(),
-                    ca_cert.as_deref(),
-                    corpus.as_deref(),
-                    self_signed,
-                    &w,
-                )?,
+                Some(w) => {
+                    verify(
+                        attest.as_ref(),
+                        ca_cert.as_deref(),
+                        corpus.as_deref(),
+                        self_signed,
+                        &w,
+                    )
+                    .await?
+                }
                 None => {
                     if corpus.is_none() && !skip_appraisal {
                         return Err(anyhow!("no corpus provided but not instructed to skip measurement log appraisal"));
@@ -329,7 +336,8 @@ fn main() -> Result<()> {
                         corpus.as_deref(),
                         self_signed,
                         work_dir.as_ref(),
-                    )?
+                    )
+                    .await?
                 }
             };
 
@@ -358,7 +366,7 @@ fn main() -> Result<()> {
             verify_measurements(&cert_chain, &log, &corpus)?;
         }
         AttestCommand::MeasurementSet => {
-            let set = measurement_set(attest.as_ref())?;
+            let set = measurement_set(attest.as_ref()).await?;
             for item in set.into_iter() {
                 println!("* {item}");
             }
@@ -368,15 +376,17 @@ fn main() -> Result<()> {
     Ok(())
 }
 
-fn measurement_set(attest: &dyn Attest) -> Result<MeasurementSet> {
+async fn measurement_set(attest: &dyn Attest) -> Result<MeasurementSet> {
     info!("getting measurement log");
     let log = attest
         .get_measurement_log()
+        .await
         .context("Get measurement log from attestor")?;
     let mut cert_chain = Vec::new();
 
     let certs = attest
         .get_certificates()
+        .await
         .context("Get certificate chain from attestor")?;
 
     for (index, cert) in certs.iter().enumerate() {
@@ -431,7 +441,7 @@ fn verify_measurements(
         .context("Verify measurements")
 }
 
-fn verify(
+async fn verify(
     attest: &dyn Attest,
     ca_cert: Option<&Path>,
     corpus: Option<&Path>,
@@ -453,6 +463,7 @@ fn verify(
     info!("getting attestation");
     let attestation = attest
         .attest(&nonce)
+        .await
         .context("Get attestation with nonce")?;
 
     // serialize attestation to json & write to file
@@ -471,6 +482,7 @@ fn verify(
     info!("getting measurement log");
     let log = attest
         .get_measurement_log()
+        .await
         .context("Get measurement log from attestor")?;
     let mut log = serde_json::to_string(&log)
         .context("Serialize measurement log to JSON")?;
@@ -494,6 +506,7 @@ fn verify(
 
     let certs = attest
         .get_certificates()
+        .await
         .context("Get certificate chain from attestor")?;
 
     // the first cert in the chain / the leaf cert is the one

verifier-cli/src/main.rs

@@ -7,6 +7,7 @@ license = "MPL-2.0"
 
 [dependencies]
 attest-data = { path = "../attest-data", features = ["std"] }
+async-trait.workspace = true
 const-oid.workspace = true
 ed25519-dalek = { workspace = true, features = ["std"] }
 env_logger.workspace = true
@@ -20,7 +21,7 @@ sha3.workspace = true
 sled-agent-client = { workspace = true, optional = true }
 sled-agent-types-versions = { workspace = true, optional = true }
 slog.workspace = true
-tokio = { workspace = true, features = [ "net", "rt", "time" ], optional = true }
+tokio = { workspace = true, features = [ "net", "rt", "time", "process" ] }
 tempfile.workspace = true
 thiserror.workspace = true
 x509-cert = { workspace = true, default-features = true }
@@ -33,4 +34,4 @@ attest-data = { path = "../attest-data", features = ["std", "testing"] }
 testing = []
 ipcc = ["libipcc"]
 mock = ["ed25519-dalek/pem"]
-sled-agent = ["sled-agent-client", "sled-agent-types-versions", "tokio"]
+sled-agent = ["sled-agent-client", "sled-agent-types-versions"]