You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Support the wasi-crypto extension for Wasi in exec-wasmtime, allowing for Steward to run in the Keep enarx/steward#26.
Acceptance Criteria
No response
Suggestions for a technical implementation
A blocking problem is the current wasi-crypto implementation uses old versions for zeroize, rsa, and sha2 crates. The zeroize version isn't compatible with the Drawbridge crates used. However, upgrading zeroize breaks rsa, and upgrading rsa breaks the wasi-crypto code which uses code from sha2.
--> crates/wasi-crypto/spec/implementations/hostcalls/rust/src/signatures/rsa.rs:221:13
|
221 | ::rsa::PaddingScheme::new_pss::<Sha512, _>(SecureRandom::new())
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `digest::FixedOutputReset` is not implemented for `Sha512`
Upgrading both sha2 and rsa causes several variations of:
error[E0277]: the trait bound `CoreWrapper<CtVariableCoreWrapper<Sha512VarCore, sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>>>: FixedOutputDirty` is not satisfied
--> crates/wasi-crypto/spec/implementations/hostcalls/rust/src/symmetric/hmac_sha2.rs:14:12
|
14 | Sha512(Hmac<Sha512>),
| ^^^^^^^^^^^^ the trait `FixedOutputDirty` is not implemented for `CoreWrapper<CtVariableCoreWrapper<Sha512VarCore, sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>>>`
|
= help: the following other types implement trait `FixedOutputDirty`:
Sha512
sha2::sha256::Sha224
sha2::sha256::Sha256
sha2::sha512::Sha384
sha2::sha512::Sha512Trunc224
sha2::sha512::Sha512Trunc256
= note: required because of the requirements on the impl of `curve25519_dalek::digest::FixedOutput` for `CoreWrapper<CtVariableCoreWrapper<Sha512VarCore, sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>>>`
note: required by a bound in `Hmac`
--> /home/rjzak/.cargo/registry/src/github.com-1ecc6299db9ec823/hmac-0.11.0/src/lib.rs:82:30
|
82 | D: Update + BlockInput + FixedOutput + Reset + Default + Clone,
| ^^^^^^^^^^^ required by this bound in `Hmac`
Updating rsa or sha2 will need significant rework of the wasi-crypto code.
The text was updated successfully, but these errors were encountered:
Don't bother updating wasi-crypto, the real solution to this is just to convince rsa to issue a point release which removes the unnecessary upper bound on its zeroize dependency. Tony's on vacation presently, so it might not happen immediately, but once he gets back I'm confident we can convince him that it's worth making a point release for this. In the meantime don't worry about trying to upgrade anything or downgrade anything.
Is there an existing issue for this?
Description
Support the wasi-crypto extension for Wasi in
exec-wasmtime
, allowing for Steward to run in the Keep enarx/steward#26.Acceptance Criteria
No response
Suggestions for a technical implementation
A blocking problem is the current wasi-crypto implementation uses old versions for
zeroize
,rsa
, andsha2
crates. Thezeroize
version isn't compatible with the Drawbridge crates used. However, upgradingzeroize
breaksrsa
, and upgradingrsa
breaks the wasi-crypto code which uses code fromsha2
.Upgrading both
sha2
andrsa
causes several variations of:Updating
rsa
orsha2
will need significant rework of the wasi-crypto code.The text was updated successfully, but these errors were encountered: