std crypto module in WebAssembly?

[chiefbiiko]



How about building a crypto module entirely implemented in WebAssembly?

Benefits would include: good performance, optimal portability

Luckily, we could also get timing safety for WebAssembly by patching V8 to implement CT-Wasm.

[kitsonk]

Really should talk about it in #2372 or #1891 to avoid having loads of issues.

[jorroll]

FYI, this is also being discussed in the context of WASI WebAssembly/WASI#65

[rsp]

Since this is something related to WASI, there is a related issue:

• WASI support for Webassembly WASI support for Webassembly #3005

If Deno supports WASI and if WASI supports cryptography (see comment by @thefliik) then we'll already have cryptography in WASM automatically.

Update: See also: (wrong link)

[tniessen]


Benefits would include: good performance

The performance will likely be much worse than native performance, especially since you lose all hardware features, e.g., hardware-accelerated AES.

... optimal portability

Wouldn't "patching V8 to implement CT-Wasm" diminish the portability aspect since the patch would affect platform-specific bytecode generation?

Also, time-safety might be the most obvious side attack channel, but there are likely others that would make a WebAssembly implemention insecure. (For example, no memory protection, cache statistics, etc.)

[lucacasonato]

Isn't this covered by std/hash + WebCrypto (#1891) support?

[kitsonk]

Yes, I still feel this is a duplicate of #1891