On Browser DOM scenarios use the SubtleCrypto API

eng/SignCheckExclusionsFile.txt

@@ -13,3 +13,4 @@
 *comhosttemplatecomhostdll.dll;;Template, DO-NOT-SIGN, https://github.com/dotnet/core-setup/pull/7549
 *staticapphosttemplateapphostexe.exe;;Template, DO-NOT-SIGN, https://github.com/dotnet/core-setup/pull/7549
 *dotnet.js;;Workaround, https://github.com/dotnet/core-eng/issues/9933
+*dotnet_crypto_worker.js;;Workaround, https://github.com/dotnet/core-eng/issues/9933

eng/liveBuilds.targets

@@ -169,6 +169,7 @@
  $(LibrariesNativeArtifactsPath)dotnet.js;
  $(LibrariesNativeArtifactsPath)dotnet.wasm;
  $(LibrariesNativeArtifactsPath)dotnet.timezones.blat;
+ $(LibrariesNativeArtifactsPath)dotnet_crypto_worker.js;
  $(LibrariesNativeArtifactsPath)*.dat;"
  IsNative="true" />
  <LibrariesRuntimeFiles Condition="'$(TargetOS)' == 'Browser'"

src/installer/pkg/sfx/Microsoft.NETCore.App/Directory.Build.props

@@ -94,6 +94,7 @@
  <PlatformManifestFileEntry Include="libSystem.Net.Security.Native.so" IsNative="true" />
  <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Apple.a" IsNative="true" />
  <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Apple.dylib" IsNative="true" />
+ <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.Browser.a" IsNative="true" />
  <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.OpenSsl.a" IsNative="true" />
  <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.OpenSsl.dylib" IsNative="true" />
  <PlatformManifestFileEntry Include="libSystem.Security.Cryptography.Native.OpenSsl.so" IsNative="true" />
@@ -201,6 +202,7 @@
  <PlatformManifestFileEntry Include="dotnet.js" IsNative="true" />
  <PlatformManifestFileEntry Include="dotnet.wasm" IsNative="true" />
  <PlatformManifestFileEntry Include="dotnet.timezones.blat" IsNative="true" />
+ <PlatformManifestFileEntry Include="dotnet_crypto_worker.js" IsNative="true" />
  <PlatformManifestFileEntry Include="icudt.dat" IsNative="true" />
  <PlatformManifestFileEntry Include="icudt_no_CJK.dat" IsNative="true" />
  <PlatformManifestFileEntry Include="icudt_CJK.dat" IsNative="true" />
@@ -210,7 +212,9 @@
  <PlatformManifestFileEntry Include="binding_support.js" IsNative="true" />
  <PlatformManifestFileEntry Include="dotnet_support.js" IsNative="true" />
  <PlatformManifestFileEntry Include="library_mono.js" IsNative="true" />
+ <PlatformManifestFileEntry Include="library_channel.js" IsNative="true" />
  <PlatformManifestFileEntry Include="pal_random.js" IsNative="true" />
+ <PlatformManifestFileEntry Include="pal_crypto_webworker.js" IsNative="true" />
  <PlatformManifestFileEntry Include="corebindings.c" IsNative="true" />
  <PlatformManifestFileEntry Include="driver.c" IsNative="true" />
  <PlatformManifestFileEntry Include="pinvoke.c" IsNative="true" />

src/libraries/Common/src/Interop/Browser/Interop.Libraries.cs

@@ -0,0 +1,12 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+internal static partial class Interop
+{
+ internal static partial class Libraries
+ {
+ // Shims
+ internal const string SystemNative = "libSystem.Native";
+ internal const string CryptoNative = "libSystem.Security.Cryptography.Native.Browser";
+ }
+}

src/libraries/Common/src/Interop/Browser/System.Security.Cryptography.Native.Browser/Interop.SimpleDigestHash.cs

@@ -0,0 +1,28 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+internal static partial class Interop
+{
+ internal static partial class BrowserCrypto
+ {
+ internal enum SimpleDigest
+ {
+ Sha1,
+ Sha256,
+ Sha384,
+ Sha512,
+ };
+
+ [DllImport(Libraries.CryptoNative, EntryPoint = "SystemCryptoNativeBrowser_SimpleDigestHash")]
+ internal static extern unsafe int SimpleDigestHash(
+ SimpleDigest hash,
+ byte* input_buffer,
+ int input_len,
+ byte* output_buffer,
+ int output_len);
+ }
+}

src/libraries/Common/tests/TestUtilities/System/PlatformDetection.cs

@@ -62,6 +62,9 @@ public static partial class PlatformDetection
  public static bool IsUsingLimitedCultures => !IsNotMobile;
  public static bool IsNotUsingLimitedCultures => IsNotMobile;
 
+ public static bool IsPlatformCryptoSupported => !IsBrowser || IsBrowserDomSupported;
+ public static bool IsNotPlatformCryptoSupported => !IsPlatformCryptoSupported;
+
  // Please make sure that you have the libgdiplus dependency installed.
  // For details, see https://docs.microsoft.com/dotnet/core/install/dependencies?pivots=os-macos&tabs=netcore31#libgdiplus
  public static bool IsDrawingSupported

src/libraries/Native/AnyOS/System.Security.Cryptography.Native.Browser/pal_browser.h

@@ -0,0 +1,18 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#pragma once
+
+#include <emscripten.h>
+
+#ifndef __EMSCRIPTEN__
+#error Cryptography Native Browser is designed to be compiled with Emscripten.
+#endif // __EMSCRIPTEN__
+
+#ifndef PALEXPORT
+#ifdef TARGET_UNIX
+#define PALEXPORT __attribute__ ((__visibility__ ("default")))
+#else
+#define PALEXPORT __declspec(dllexport)
+#endif
+#endif // PALEXPORT

src/libraries/Native/AnyOS/System.Security.Cryptography.Native.Browser/pal_crypto_webworker.c

@@ -0,0 +1,23 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#include "pal_browser.h"
+#include "pal_crypto_webworker.h"
+
+// Forward declarations
+extern int32_t dotnet_browser_simple_digest_hash(
+ enum simple_digest ver,
+ uint8_t* input_buffer,
+ int32_t input_len,
+ uint8_t* output_buffer,
+ int32_t output_len);
+
+int32_t SystemCryptoNativeBrowser_SimpleDigestHash(
+ enum simple_digest ver,
+ uint8_t* input_buffer,
+ int32_t input_len,
+ uint8_t* output_buffer,
+ int32_t output_len)
+{
+ return dotnet_browser_simple_digest_hash(ver, input_buffer, input_len, output_buffer, output_len);
+}

src/libraries/Native/AnyOS/System.Security.Cryptography.Native.Browser/pal_crypto_webworker.h

@@ -0,0 +1,21 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+#pragma once
+
+#include <stdint.h>
+
+enum simple_digest
+{
+ sd_sha_1,
+ sd_sha_256,
+ sd_sha_384,
+ sd_sha_512,
+};
+
+PALEXPORT int32_t SystemCryptoNativeBrowser_SimpleDigestHash(
+ enum simple_digest ver,
+ uint8_t* input_buffer,
+ int32_t input_len,
+ uint8_t* output_buffer,
+ int32_t output_len);

src/libraries/Native/AnyOS/System.Security.Cryptography.Native.Browser/pal_crypto_webworker.js

@@ -0,0 +1,32 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+var CryptoWebWorkerLib = {
+ $CRYPTOWEBWORKER: {
+ call_digest: function (hash, input_buffer, input_len, output_buffer, output_len) {
+ if (MONO.mono_wasm_crypto.channel === null) {
+ return 0; // Not supported
+ }
+
+ var msg = {
+ func: "digest",
+ type: hash,
+ data: Array.from(Module.HEAPU8.subarray (input_buffer, input_buffer + input_len))
+ };
+ var response = MONO.mono_wasm_crypto.channel.send_msg (JSON.stringify (msg));
+ var digest = JSON.parse (response);
+ if (digest.length > output_len) {
+ throw "DIGEST HASH: Digest length exceeds output length: " + digest.length + " > " + output_len;
+ }
+
+ Module.HEAPU8.set (digest, output_buffer);
+ return 1;
+ }
+ },
+ dotnet_browser_simple_digest_hash: function (hash, input_buffer, input_len, output_buffer, output_len) {
+ return CRYPTOWEBWORKER.call_digest (hash, input_buffer, input_len, output_buffer, output_len);
+ },
+};
+
+autoAddDeps(CryptoWebWorkerLib, '$CRYPTOWEBWORKER')
+mergeInto(LibraryManager.library, CryptoWebWorkerLib)

src/libraries/Native/Unix/CMakeLists.txt

@@ -251,7 +251,7 @@ endif()
 add_subdirectory(System.Native)
 
 if(CLR_CMAKE_TARGET_BROWSER)
- # skip for now
+ add_subdirectory(System.Security.Cryptography.Native.Browser)
 elseif(CLR_CMAKE_TARGET_MACCATALYST)
  add_subdirectory(System.Net.Security.Native)
  # System.Security.Cryptography.Native is intentionally disabled on iOS

src/libraries/Native/Unix/System.Security.Cryptography.Native.Browser/CMakeLists.txt

@@ -0,0 +1,17 @@
+project(System.Security.Cryptography.Native.Browser C)
+
+set(ANYOS_SOURCES_DIR ../../AnyOS/System.Security.Cryptography.Native.Browser)
+include_directories("${ANYOS_SOURCES_DIR}")
+
+set (NATIVE_SOURCES
+ ${ANYOS_SOURCES_DIR}/pal_crypto_webworker.c
+)
+
+add_library (System.Security.Cryptography.Native.Browser-Static
+ STATIC
+ ${NATIVE_SOURCES}
+)
+
+set_target_properties(System.Security.Cryptography.Native.Browser-Static PROPERTIES OUTPUT_NAME System.Security.Cryptography.Native.Browser CLEAN_DIRECT_OUTPUT 1)
+
+install (TARGETS System.Security.Cryptography.Native.Browser-Static DESTINATION ${STATIC_LIB_DESTINATION})