Server-side WASM support

[BrandonDyer64]

Is your feature request related to a problem? Please describe. I'm not able to compile webauthn-rs due to openssl being included in a non-optional way. Unfortunately, the openssl crate cannot be compiled on wasm-unknown-unknown which is required for my application.

Describe the solution you'd like Use an alternative crypto library that's written in native Rust when compiling to wasm-uknown-unknown.

OpenSSL is the only library I have found that allows us to reconstruct an EC public key from its X/Y points or an RSA public key from its n/e for use with signature verification. Without this, we are not able to parse authenticator credentials to perform authentication.

Is this still true? There must be something out there that can work for authentication. Are aws-lc-rs or ring incompatible?

Describe alternatives you've considered

• An openssl feature enabled by default that can be disabled by users of webauthn-rs
  • If you look at the Platform Support section of rustls you can see they provide a CryptoProvider struct that allows the developer to "replace all cryptography dependencies of rustls. This is a route to being portable to a wider set of architectures and environments, or compliance requirements."

Additional context I'm running my server code in a Cloudflare Worker

[Firstyear]

ring crashes on a lot of platforms so we can't use it. Haven't looked at aws-lc-rs

we are considering moving to he RustCrypto ecosystem.

[BrandonDyer64]

Thank you for your response @Firstyear. Do you know about how long it'll be before that'll be in production? And, is there anything that can be done in the meantime (other libraries, techniques, hacks) that you can think of?

[Firstyear]

I won't be able to get to it for some time - if @micolous has spare time and feels up it to they can.

Otherwise, if you want to help, feel free. I'm starting a "glue" crate because RustCrypto crates are generally a fragmented bunch and the glue is needed. From there we can swap out small parts of the primitives one at a time, and potentially even make the glue crate it's own interface etc.

[yaleman]

Rather than start Yet Another Glue Crate, I'd probably help out rustls and/or implement the crypto::CryptoProvider trait as noted to avoid duplicating work... there was a recent talk saying that they've replaced OpenSSL in some projects recently with it

[Firstyear]

@yaleman that provider is very much aimed at TLS, not general purpose crypto operations.