-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use crypto.subtle for AES on Browser WASM #71501
Conversation
Implement the browser "native" portion for AES on Browser WASM. There are two issues to solve .NET's Aes API on crypto.subtle: 1. The .NET API supports streaming while crypto.subtle only supports "one shot" APIs. 2. The .NET API supports multiple padding modes while crypto.subtle only supports PKCS7. To solve these issues, we use the following approach: 1. We only invoke crypto.subtle with complete AES "blocks" of data. This allows us to make assumptions about the padding behavior. 2. To implement streaming, remember the last block of the previous cipher text to use as the IV for the next stream of data. 3. When encrypting, since we have a complete block of data and crypto.subtle uses PKCS7 padding, strip off the last block of cipher text which will always be a full block of padding. 4. When decrypting do the inverse of encrypting - append an encrypted block of padding to the cipher text so crypto.subtle will return the full message as plain text. Other changes: - Make a few refactoring / simplifications where necessary. - SubtleCrypto doesn't support 192 bit AES keys, so no longer support AES-192 on Browser. Contributes to dotnet#40074
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones Issue DetailsImplement the browser "native" portion for AES on Browser WASM. There are two issues to solve .NET's Aes API on crypto.subtle:
To solve these issues, we use the following approach:
Other changes:
Contributes to #40074
|
Tagging subscribers to 'arch-wasm': @lewing Issue DetailsImplement the browser "native" portion for AES on Browser WASM. There are two issues to solve .NET's Aes API on crypto.subtle:
To solve these issues, we use the following approach:
Other changes:
Contributes to #40074
|
...m.Security.Cryptography/src/System/Security/Cryptography/AesSubtleCryptoTransform.Browser.cs
Show resolved
Hide resolved
src/libraries/System.Security.Cryptography/tests/AesTests.Browser.cs
Outdated
Show resolved
Hide resolved
...s/System.Security.Cryptography/src/System/Security/Cryptography/AesImplementation.Browser.cs
Show resolved
Hide resolved
Failure is #69832 |
Implement the browser "native" portion for AES on Browser WASM.
There are two issues to solve .NET's Aes API on crypto.subtle:
To solve these issues, we use the following approach:
Other changes:
Contributes to #40074