Expand description
A proof of concept implementation of the WebAssembly module signature proposal.
Modules§
- airgapped
- Air-gapped verification for embedded devices
- audit
- Audit logging for security-sensitive operations
- build_
env - Build environment attestation for SLSA provenance
- component
- WASM Component Model section types (informational).
- composition
- Component composition and provenance tracking
- container
- Container image signing via cosign delegation
- dsse
- DSSE (Dead Simple Signing Envelope) implementation
- format
- Format-agnostic artifact signing and verification
- http
- HTTP client abstraction for sync/async support
- intoto
- in-toto Statement v1.0 implementation
- keyless
- metrics
- Metrics collection for signing operations (Issue #3)
- platform
- Platform-specific hardware security integration
- policy
- Supply chain verification policy engine
- pqc
- Post-quantum cryptography support (SLH-DSA / FIPS 205)
- provisioning
- Certificate provisioning for IoT devices
- reexports
- sct
- Signed Certificate Timestamp (SCT) monitoring (Phase 4.2)
- secure_
file - Secure file operations with restrictive permissions
- slsa
- SLSA v1.0 Provenance predicate
- time
- Time validation for offline-first verification
- transcoding
- Transcoding attestation protocol for WASM-to-native compilation
- varint
- Variable-length integer encoding (LEB128)
Structs§
- Custom
Section - A custom section.
- KeyPair
- A key pair.
- Module
- A WebAssembly module.
- Module
Stream Reader - Public
Key - A public key.
- Public
KeySet - A set of multiple public keys.
- Secret
Key - A secret key.
- Sections
Iterator - An iterator over the sections of a WebAssembly module.
- Signature
Data - Signature
ForHashes - Signature
Info - Information about signatures in a WebAssembly module.
- Signed
Hashes - Standard
Section - A standard section.
Enums§
Constants§
- MAX_
HASHES - MAX_
SECTIONS - Maximum number of sections accepted by
SectionsIteratorbefore the parser aborts withWSError::TooManySections. 4096 is generous for any legitimate module (the wasm-tools spec recommends ~100 typical sections; the Component Model adds a handful more) while bounding worst-case work for adversarial inputs that declare millions of empty sections. - MAX_
SIGNATURES - SIGNATURE_
SECTION_ DELIMITER_ NAME - SIGNATURE_
SECTION_ HEADER_ NAME
Traits§
- Section
Like - Common functions for a module section.
Functions§
- new_
delimiter_ section - signature_
info_ from_ detached - Get signature information from a detached signature.
- signature_
info_ from_ file - Get signature information from a WebAssembly module file.
- signature_
info_ from_ reader - Get signature information from a reader in streaming fashion.
Type Aliases§
- Boxed
Predicate - A sized predicate, used to verify a predicate*public_key matrix.
- Header