Use SubtleCrypto API on browser DOM scenarios

[layomia]

Contributes to #40074. For WASM, uses the SubtleCrypto browser-native implementation for the SHA1, SHA256, SHA384, SHA512 algorithms, and adds infrastructure to support using the native implementation. Support for the rest of the algorithms will come in a single follow-up PR.

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

null

Author:	layomia
Assignees:	layomia
Labels:	area-System.Security
Milestone:	7.0.0

[pavelsavara]

I wonder if we should rather add it to main typescript codebase in src\mono\wasm\runtime\, instead of separate src/mono/wasm/runtime/library_channel.js

[layomia]

/azp run runtime-wasm

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[layomia]

I tried it locally, and the tests pass with --web-server-use-cop used instead of the browser-arg.
You might also want to print the hash, and check that, to make sure that everything worked as expected.

Done, this works thanks.

[AaronRobinsonMSFT]

LGTM.

[AaronRobinsonMSFT]

I don't think we want this fallback. I thought it was all or nothing. @bartonjs?

[bartonjs]

All or nothing was the original plan. But since Safari can't (at least, couldn't) do it we got authorization to do native-preferred with managed fallback. (That's why we already have managed SHA1/SHA256/SHA384/SHA512 checked in for wasm)

[AaronRobinsonMSFT]

Safari is always a no, right? The never okay I get and that check is at the top of this method. However, this error callback path seems to imply that if a catastrophic error occurs during a call where the SubtleCrypto libraries are supported, on the next call we will fallback to the managed implementation. The message might be confusing me, but setting mono_wasm_crypto to null after it was set appears we are falling back on a supported platform. Is that fallback also supported?

[bartonjs]

Oooh. Um, no, that probably shouldn't fall back. I think that we're expecting to be able to say "these are the characteristics, and if your browser has them then you get native crypto (which may or may not be FIPS/etc-acceptable) over managed crypto (which never is)". Changing after the first call seems... bad.

@blowdart or @GrabYourPitchforks may wish to disagree and say that if stuff breaks it's OK to fall back to managed... but I think that makes Barry's job harder, so I don't expect they'll feel differently.

[blowdart]

I seem to remember discussing this and talking about addressing it with documentation and no promises ever of fips compliance (I still hate it though). @GrabYourPitchforks does that ring a bell?

[bartonjs]

Because of https://github.com/dotnet/runtime/pull/65966/files#diff-46676f417228802cba4f54049a643b76f11d4b8feb4953f39cb439ecaeba4097R10, I don't think this is a dynamic fallback... just the startup code. But it'd be good to get full closure on this in the fullness of time.

[radical]

shouldn't this be in try/catch block too, so we can send an error response?

[radical]

Should there be a way to indicate that this is returning an error, or that the operation failed? Do IUC, that the caller will get the response, and if the length happens to match the expected one, then it will think that the error response is actually valid?

[radical]

Maybe this should detect that the response was an error, and throw

[bartonjs]

C# LGTM. The JS looks as reasonable as I can assess it to be.

[lewing]

I think we can land it in this state and address any remaining issues in follow up work

[radical]

Browser builds failing with:

  exports.ts → ../../../../artifacts/bin/native/net7.0-Browser-Release-wasm/src/cjs/runtime.cjs.iffe.js, ../../../../artifacts/bin/native/net7.0-Browser-Release-wasm/src/es6/runtime.es6.iffe.js...
  [!] (plugin typescript) Error: @rollup/plugin-typescript TS2305: Module '"./types"' has no exported member 'assert'.
  crypto-worker.ts (5:10)
  
  5 import { assert } from "./types";
             ~~~~~~
  
  Error: @rollup/plugin-typescript TS2305: Module '"./types"' has no exported member 'assert'.
      at error (/__w/1/s/src/mono/wasm/runtime/node_modules/rollup/dist/shared/rollup.js:151:30)
      at throwPluginError (/__w/1/s/src/mono/wasm/runtime/node_modules/rollup/dist/shared/rollup.js:19344:12)
      at Object.error (/__w/1/s/src/mono/wasm/runtime/node_modules/rollup/dist/shared/rollup.js:20013:20)
      at emitDiagnostic (/__w/1/s/src/mono/wasm/runtime/node_modules/@rollup/plugin-typescript/dist/index.js:511:17)
      at reportDiagnostics (/__w/1/s/src/mono/wasm/runtime/node_modules/@rollup/plugin-typescript/dist/index.js:519:9)
      at Array.forEach (<anonymous>)
      at emitFilesAndReportErrors (/__w/1/s/src/mono/wasm/runtime/node_modules/typescript/lib/typescript.js:117783:21)
      at Object.result.afterProgramCreate (/__w/1/s/src/mono/wasm/runtime/node_modules/typescript/lib/typescript.js:117961:13)
      at Object.afterProgramCreate (/__w/1/s/src/mono/wasm/runtime/node_modules/@rollup/plugin-typescript/dist/index.js:674:29)
      at synchronizeProgram (/__w/1/s/src/mono/wasm/runtime/node_modules/typescript/lib/typescript.js:118258:22)
  

[radical]

It was renamed to mono_assert.

[radical]

/azp run runtime-wasm

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[radical]

The wasm/aot test failure is #69681 , and unrelated to this PR.