envoyproxy/envoy

Wasm module signature verification

Open

#17,220 创建于 2021年7月2日

在 GitHub 查看
 (5 评论) (0 反应) (0 负责人)C++ (5,373 fork)batch import
area/securityarea/wasmenhancementhelp wanted

仓库指标

Star
 (27,997 star)
PR 合并指标
 (平均合并 8天) (30 天内合并 378 个 PR)

描述

Title: Wasm module signature verification

Description: Add the ability to configure verification options to satisfy before executing a Wasm module. This could include checking all/some/at least one signature is present from a list of specified verification keys in the Wasm bytecode according to https://github.com/jedisct1/wasmsign. I propose some kind of VerificationOption struct that contains

  • repeated public keys
  • verification type (at least 'n', ALL)
  • signature type (maybe reference to wasmsign)

If this is something interesting/use-able to others, I am happy to continue implementation.

Relevant Links Draft PR here: https://github.com/envoyproxy/envoy/pull/17221 The change depends on a PR in proxy-wasm-cpp-host: https://github.com/proxy-wasm/proxy-wasm-cpp-host/pull/177

贡献者指南