🤖 CNCF LFX Mentorship: From knowing nothing about cryptography to implementing wasi-crypto in WasmEdge

• 6 minutes to read

Author: sonder-joker

WasmEdge is selected for GSoC 2022 through LFX Mentorship. Application open until 19th April, 2022. Come apply now.

I'm a BSc software engineering student who likes open-source, software infrastructure, and challenging work.

I applied for the WasmEdge CNCF LFX Mentorship Fall 2021 to support the WASI-Crypto proposal. The reason why I chose this project was that I wanted to participate in the development of an open-source project for some challenging work. And virtual machine written in native code is a field I like. The LFX Mentorship is a great opportunity to get started with a project.

I hope this article could provide some tips for people who want to join and contribute to open-source projects.

Before the LFX mentorship, I have zero knowledge in the cryptography-related fields. However, after participating in the wasi-crypto implementation, I have learned cryptography programming extensively. Through the LFX mentorship, I am set to be a contributor of the WasmEdge runtime project (My work on this will be merged soon). Even more, I became a collaborator of the wasi-crypto project!

A brief overview of wasi-crypto

Introduction to wasi-crypto

wasi-crypto are portable, modular, runtime-independent, and WebAssembly-native APIs which can be used by WebAssembly code to perform cryptographic operations while preserving the sandboxed nature of WebAssembly.

Why we need wasi-crypto

After WasmEdge provides an experimental API, WASI Socket, for supporting Berkeley Sockets API in Wasm. WasmEdge enables a new way to open a new socket, listen to an existed socket, and send and receive data.

Moreover, it will be nice to do more related features such as SSL support. To achieve this feature, one possible way is to compile the OpenSSL library to Wasm and link it as a library. However, the performance may not be good because all the computation is done at the wasm level. Here is an alternative way, instead of the previous one, we can wrap the OpenSSL library to Wasm external functions. For example, binding ssl_connect to (import "OpenSSL" "ssl_connect" ... ).

Unfortunately, this is not an easy way to do it. To simplify the workload, we decide to implement the WASI-crypto proposal first and then use this proposal to make the above things happen.

How I implemented wasi-crypto

Spilt it into sub-issues

wasi-crypto is a complex project. However, we can break the whole work down into several subtasks.

I divided it based on the modules of wasi-crypto proposal and the needs from WasmEdge.

Choose a wonderful open-source encryption library

It is unrealistic to implement the encryption library from scratch. There is no need to reinvent the wheel. It is easy to find an open-source crypto library as the underlying implementation. There are many crypto related libraries in C/C++. We researched and chose OpenSSL.

The reasons are as the following:

OpenSSL is the best-known cryptographic library. It consists of two parts: libssl and libcrypto. It's strong and safe enough. Also, most Linux distributions have preinstalled OpenSSL package, which can keep the WasmEdge size small in most cases of running WasmEdge on edge devices. The open-source license of OpenSSL doesn't affect WasmEdge's license. It also provides the algorithm we need.

On the downside, the API design of OpenSSL is not developer-friendly, which has been improved in 3.0. But WasmEdge runs under OpenSSL 1.1.1 in most cases.

Besides, the performance of OpenSSL 3.0 is not a satisfactory choice.

So after discussing with my mentor, Hydai, a core WasmEdge Maintainer, we chose OpenSSL v1.1.1.

Record the progress on GitHub

I had weekly meetings with WasmEdge's Hydai to talk about the progress and next steps. After each meeting, I recorded the requirements and compared them with the initial schedule to see if I was able to finish the work on time.

The timeline for my work has changed many times in the ongoing implementation process, but I believe that is inevitable - dynamic adjustment is essential.

Invited to be a maintainer of wasi-crypto

To implement wasi-crypto into WasmEdge, I have read the specification many times. During the learning, I have found several issues in wasi-crypto specification, including typos, the wrong key value of example implementation, and some uncovered cases.

So I created several issues/pull requests to fix them and received a positive response from the wasi-cryotp maintainers.

One day, I received the invitation to be a maintainer to collaborate on the wasi-crypto project. This is really surprising - Open source doesn't require you to have sophisticated expertise; Rather, your need passion. Start with fixing a simple typo, then participate more and make some code suggestions. The community will always welcome you and help you to correct mistakes.

Some issues during open source collaboration

Avoid wrong git logs

At the beginning of the project, I used a few nonsensical git commits logs for convenience. This is because the task is not split with clear-cut borderline, and I did not have quite enough understanding on wasi-crypto. After some refactoring, it's hard to modify the commit, which confuses the reviewer. The lesson is that before writing code, it's essential to figure out how to design everything and what's the better practice. Otherwise, you might waste time on this at a later stage. This was a hard lesson for me.

Write enough unit tests

In most open source projects, tests are indispensable. For example, WasmEdge uses test coverage as a critical indicator for code quality evaluation.

wasi-crypto has a well-defined POSIX-like interface, and it's easy to write unit tests. But I only wrote a few simple unit tests in the early stage, which apparently is not enough.

So when I wrote more unit tests to achieve the requirement, I have found many implementation issues.

From this, I learn the necessity of unit tests and TDD(Test-Driven Development).

What's next

There are still ways to optimize the architecture. I will try to refactor to make better performance.

Though I have already made many tests on the host side, the test from the client-side is also essential. So I will make some .wasm tests and run them in WasmEdge. I will also try to contribute to those test suites as a test of the wasi-crypto projects.


Because I multitasked between this project and my studies and have never learned cryptography systematically before, I did not complete all the tasks during the 3-month mentorship. But I will continue to work on wasi-crypto - I believe I will be able to deliver a good result with the community's help.

Participating in open source project development is an exciting experience, especially on infrastructure work.

I hope this article can help budding devs who want to apply for the LFX mentorship or GSoC-liked program. It's an excellent first step for everyone who wants to participate in an open-source project and try to implement some fantastic work.

Follow WasmEdge and WebAssembly at https://github.com/WasmEdge/WasmEdge.

WebAssemblycontributorC++RustWasm proposal
A high-performance, extensible, and hardware optimized WebAssembly Virtual Machine for automotive, cloud, AI, and blockchain applications