envoyproxy/envoy

Wasm module signature verification

Open

#17.220 aperta il 2 lug 2021

Vedi su GitHub
 (5 commenti) (0 reazioni) (0 assegnatari)C++ (5373 fork)batch import
area/securityarea/wasmenhancementhelp wanted

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

Title: Wasm module signature verification

Description: Add the ability to configure verification options to satisfy before executing a Wasm module. This could include checking all/some/at least one signature is present from a list of specified verification keys in the Wasm bytecode according to https://github.com/jedisct1/wasmsign. I propose some kind of VerificationOption struct that contains

  • repeated public keys
  • verification type (at least 'n', ALL)
  • signature type (maybe reference to wasmsign)

If this is something interesting/use-able to others, I am happy to continue implementation.

Relevant Links Draft PR here: https://github.com/envoyproxy/envoy/pull/17221 The change depends on a PR in proxy-wasm-cpp-host: https://github.com/proxy-wasm/proxy-wasm-cpp-host/pull/177

Guida contributor