Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sdk): Add WASI and synchronous validation for WASM32 #653

Closed
wants to merge 14 commits into from
Closed

feat(sdk): Add WASI and synchronous validation for WASM32 #653

wants to merge 14 commits into from

Conversation

cdmurph32
Copy link
Collaborator

@cdmurph32 cdmurph32 commented Oct 29, 2024
edited
Loading

Changes in this pull request

  • Add WASI (Wasm System Interface) as a build target.

  • Add synchronous validation for wasm crypto validation and trust handlers. For ECDSA, this means RustCrypto p256 and p284, for both wasi and web. P512 is not supported in the synchronous implementation.

  • Most changes are excluding WASI from tests, as wasm_bindgen does not support WASI.

TODO:

  • Documentation
  • Tests for synchronous validation and WASI. WASI has been manually tested but requires wasmtime to run the tests.
  • sdk/Cargo.toml could be reorganized different ways, with js features targeted explicitly at non-WASI wasm.

Checklist

  • This PR represents a single feature, fix, or change.
  • All applicable changes have been documented.
  • Any TO DO items (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment.

gpeacock
gpeacock reviewed Oct 29, 2024
View reviewed changes
sdk/Cargo.toml Outdated
[target.'cfg(not(target_os = "wasi"))'.dependencies]
chrono = { version = "0.4.38", default-features = false, features = [
"serde",
"wasmbind",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like it makes more sense to add the wasmbind feature only when we are building for wasm.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Makes sense.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

gpeacock
gpeacock reviewed Oct 29, 2024
View reviewed changes
sdk/src/time_stamp.rs
@@ -631,7 +631,21 @@ pub(crate) fn verify_timestamp(ts: &[u8], data: &[u8]) -> Result<TstInfo> {
validator.validate(&sig_val.to_bytes(), &tbs, &signing_key_der)
}

#[cfg(not(feature = "openssl"))]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we still make a regular build without openssl? This needs to work with the c2pa-min repo.

Copy link
Collaborator Author

@cdmurph32 cdmurph32 Oct 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. The build logic for native builds without openssl remains unchanged. I've only added a new section for synchronous calls to verify_timestamp for wasm32. This mirrors the asynchronous logic.

gpeacock
gpeacock reviewed Oct 29, 2024
View reviewed changes
sdk/src/wasm/webpki_trust_handler.rs
certs: &[Vec<u8>],
ee_der: &[u8],
) -> Result<bool> {
#[async_generic]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good to have these work async!

@cdmurph32 cdmurph32 force-pushed the wasm32-wasi_0.36.3_validate branch from 3b8fb7b to 6d3b5b2 Compare October 30, 2024 14:11
@scouten-adobe scouten-adobe changed the title Add wasi and synchronous validation for wasm32 feat(sdk): Add WASI and synchronous validation for WASM32 Nov 7, 2024
@cdmurph32
Build directly to wasip2
93cbd73
@cdmurph32
Support compiling to wasm32-wasip2
920b0a5 
- wasip2 will require +nightly until rust-lang/rust#130323 is resolved and/or std::os::wasip2 is available in stable.
- Support was added to rustix for version 0.38.39 bytecodealliance/rustix#1205
- Support was added to tempfile for version 3.14 Stebalien/tempfile#305
@cdmurph32 cdmurph32 force-pushed the wasm32-wasi_0.36.3_validate branch from 8ece89f to 920b0a5 Compare November 12, 2024 19:47
scouten-adobe
scouten-adobe requested changes Nov 17, 2024
View reviewed changes
sdk/Cargo.toml
thiserror = "1.0.61"
treeline = "0.1.0"
url = "2.5.2"
uuid = { version = "1.10.0", features = ["serde", "v4", "js"] }
url = "2.5.3"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI we can't take the 2.5.3 version of url until we've had Legal review a new license introduced by that version.

scouten-adobe added a commit that referenced this pull request Nov 17, 2024
@scouten-adobe
Add WASM (not WASI) implementation of ES256 and ES384 signatures from #…
9c2fdd1 
…653
@scouten-adobe scouten-adobe mentioned this pull request Nov 18, 2024
Merged
scouten-adobe added a commit that referenced this pull request Nov 18, 2024
@scouten-adobe
Bring over RSA-PSS validators for WASM from #653
2688f3d
@cdmurph32
Copy link
Collaborator Author

Superseded by feat: Wasm32 wasi 0.41.0 #888

@cdmurph32 cdmurph32 closed this Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpeacock gpeacock gpeacock left review comments

@scouten-adobe scouten-adobe scouten-adobe requested changes

Assignees
No one assigned
Labels
safe to test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cdmurph32 @gpeacock @scouten-adobe