Closed radical closed 2 years ago
Tagging subscribers to 'arch-wasm': @lewing See info in area-owners.md if you want to be subscribed.
Author: | radical |
---|---|
Assignees: | - |
Labels: | `arch-wasm`, `area-VM-meta-mono` |
Milestone: | - |
No rush but.. can someone explain a bit what exactly the intention is here? We found a way to use subtlecrypto without SharedArrayBuffer
?
@vcsjones I've updated the issue title and description to capture what we found we need to do. At a high level, we found the SharedArrayBuffer
bridge to SubtleCrypto was not yielding the end-to-end experience we had relied on being able to achieve.
~@jeffhandley is this specific to AES, or is HMAC / PBKDF2 included as well?~
Never mind I can't read. It's spelled out nicely in the table.
I am curious why AES specifically, when it was my understanding that HMAC and PBKDF were also using the SharedArrayBuffer.
No rush but.. can someone explain a bit what exactly the intention is here? We found a way to use subtlecrypto without
SharedArrayBuffer
?
There is new interop with JavaScript based on [JSImportAttribute]
. It could be used to wrap subtlecrypto's asynchronous API. Applications with requirements to use certified crypto could find a way how to call it asynchronously.
That integration could be independent Nuget package and doesn't have to be in the runtime code. It could also wrap asymmetric algorithms.
I am curious why AES specifically, when it was my understanding that HMAC and PBKDF were also using the SharedArrayBuffer.
Thanks for calling that out, @vcsjones. I've edited the description again to be clearer that what remains supported is now only supported via managed implementations, with that scope being limited to algorithms without known side-channel leaks of keys.
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones See info in area-owners.md if you want to be subscribed.
Author: | radical |
---|---|
Assignees: | eerhardt |
Labels: | `arch-wasm`, `area-System.Security`, `blocking-release` |
Milestone: | 7.0.0 |
Re-opening to backport to 7.0
@eerhardt are we done here now?
Yes, the last task:
Remove js-module-crypto handling in the SDK
was completed this morning when the new dotnet/runtime made its way into dotnet/sdk.
thanks again for all the help
We've concluded that using the
SharedArrayBuffer
approach via a worker is not yielding the end-to-end experience or quality necessary to release this integration. Details and commentary on dotnet/runtime#72810 show some specific challenges that emerged:SharedArrayBuffer
to be available only for cross-origin isolated sites. This will take effect as of Chromium v106.These challenges lead to discussions about how often the managed implementations apply vs. the SubtleCrypto implementations. When we laid out the plan to rely on SubtleCrypto through
SharedArrayBuffer
, we understood this would enable us to use SubtleCrypto in ~90% of scenarios. The plan was to only fall back to managed implementations "on browsers which do not supportSharedArrayBuffer
. However, with the recognition that the default end-to-end experience disallows use ofSharedArrayBuffer
broadly, that changed the picture dramatically. We now find ourselves in the situation where 90% or more of scenarios will be relying on the managed implementations, and customers desiring the native implementations must consider tradeoffs for other behavior changes that will occur in their applications. That's not an acceptable outcome.With these findings and realizations, we're dialing back what we'll be able to support, and we will not rely on a
SharedArrayBuffer
bridge to invoke async SubtleCrypto APIs from synchronous .NET code. Instead, the supported algorithms will be exclusively supported via managed code and scoped to algorithms without known side channel leaks of the key. Per the original design document:Here's the net result of the changes to what will be supported.
We do not have plans to try this integration with SubtleCrypto again. Instead, for customers needing native implementations or unsupported algorithms such as AES, we advise they use JavaScript interop to invoke SubtleCrypto directly. That approach will allow the application to be written such that the call can be made in an asynchronous context.
Tasks
js-module-crypto
inAssetBehaviours
typescryptjs-module-crypto
handling in the SDK (replace it withjs-module-threads
would be useful)cc @pavelsavara @maraf @lambdageek @eerhardt