Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/7.0-rc1] Remove AES and SubtleCrypto from WASM #74246

Merged
merged 1 commit into from
Aug 20, 2022
Merged

[release/7.0-rc1] Remove AES and SubtleCrypto from WASM #74246

merged 1 commit into from
Aug 20, 2022

Conversation

eerhardt
Copy link
Member

Backport of #73858 to release/7.0-rc1

Customer Impact

We've concluded that using the SharedArrayBuffer approach via a worker is not yielding the end-to-end experience or quality necessary to release this integration.

These challenges lead to discussions about how often the managed implementations apply vs. the SubtleCrypto implementations. When we laid out the plan to rely on SubtleCrypto through SharedArrayBuffer, we understood this would enable us to use SubtleCrypto in ~90% of scenarios. The plan was to only fall back to managed implementations "on browsers which do not support SharedArrayBuffer. However, with the recognition that the default end-to-end experience disallows use of SharedArrayBuffer broadly, that changed the picture dramatically. We now find ourselves in the situation where 90% or more of scenarios will be relying on the managed implementations, and customers desiring the native implementations must consider tradeoffs for other behavior changes that will occur in their applications. That's not an acceptable outcome.

With these findings and realizations, we're dialing back what we'll be able to support, and we will not rely on a SharedArrayBuffer bridge to invoke async SubtleCrypto APIs from synchronous .NET code. Instead, the supported algorithms will be exclusively supported via managed code and scoped to algorithms without known side channel leaks of the key.

Customers needing native implementations or unsupported algorithms such as AES, we advise they use JavaScript interop to invoke SubtleCrypto directly. That approach will allow the application to be written such that the call can be made in an asynchronous context.

Testing

The managed implementations of SHA, HMAC, PBKDF2, and HKDF have automated tests in CI.

Risk

AES encryption was enabled in 7.0-preview7. This is a take-back in functionality for WASM. But given the security implications of using the managed implementation, the risk of breaking WASM apps that worked with 7.0-preview7 is justified.

Fix #73858

@eerhardt
Remove AES and SubtleCrypto from WASM (dotnet#74165)
b3a2a99 
* Revert 6a02d5d

* Revert relevant parts of 4222e69 and AES pieces of 8f75cc9

* Remove Subtle Crypto interop code

Fix dotnet#73858
@eerhardt eerhardt added arch-wasm WebAssembly architecture area-System.Security labels Aug 19, 2022
@dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost ghost assigned eerhardt Aug 19, 2022
@ghost
Copy link

ghost commented Aug 19, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #73858 to release/7.0-rc1

Customer Impact

We've concluded that using the SharedArrayBuffer approach via a worker is not yielding the end-to-end experience or quality necessary to release this integration.

These challenges lead to discussions about how often the managed implementations apply vs. the SubtleCrypto implementations. When we laid out the plan to rely on SubtleCrypto through SharedArrayBuffer, we understood this would enable us to use SubtleCrypto in ~90% of scenarios. The plan was to only fall back to managed implementations "on browsers which do not support SharedArrayBuffer. However, with the recognition that the default end-to-end experience disallows use of SharedArrayBuffer broadly, that changed the picture dramatically. We now find ourselves in the situation where 90% or more of scenarios will be relying on the managed implementations, and customers desiring the native implementations must consider tradeoffs for other behavior changes that will occur in their applications. That's not an acceptable outcome.

With these findings and realizations, we're dialing back what we'll be able to support, and we will not rely on a SharedArrayBuffer bridge to invoke async SubtleCrypto APIs from synchronous .NET code. Instead, the supported algorithms will be exclusively supported via managed code and scoped to algorithms without known side channel leaks of the key.

Customers needing native implementations or unsupported algorithms such as AES, we advise they use JavaScript interop to invoke SubtleCrypto directly. That approach will allow the application to be written such that the call can be made in an asynchronous context.

Testing

The managed implementations of SHA, HMAC, PBKDF2, and HKDF have automated tests in CI.

Risk

AES encryption was enabled in 7.0-preview7. This is a take-back in functionality for WASM. But given the security implications of using the managed implementation, the risk of breaking WASM apps that worked with 7.0-preview7 is justified.

Fix #73858

Author: eerhardt
Assignees: -
Labels:

arch-wasm, area-System.Security
Milestone: -

@eerhardt
Copy link
Member Author

/azp run runtime-wasm

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@lewing lewing requested a review from maraf August 19, 2022 17:24
@lewing lewing changed the title Remove AES and SubtleCrypto from WASM [release/7.0-rc1] Remove AES and SubtleCrypto from WASM Aug 19, 2022
@lewing lewing requested a review from danmoseley August 19, 2022 17:35
@danmoseley
Copy link
Member

Approved as it's key to completing a .NET 7 feature, and removing new code we don't want to support.

@carlossanlop
Copy link
Member

Approved.
Signed off by area owner.
CI failure is a timeout.
Ready to merge.

@carlossanlop carlossanlop merged commit e897e88 into dotnet:release/7.0-rc1 Aug 20, 2022
@rzikm rzikm mentioned this pull request Aug 24, 2022
Merged
@ghost ghost locked as resolved and limited conversation to collaborators Sep 19, 2022
@eerhardt eerhardt deleted the PortSubtleCryptoRemoval branch December 5, 2022 16:52
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lewing lewing lewing approved these changes

@maraf maraf maraf approved these changes

@radical radical Awaiting requested review from radical

@pavelsavara pavelsavara Awaiting requested review from pavelsavara

@marek-safar marek-safar Awaiting requested review from marek-safar

@danmoseley danmoseley Awaiting requested review from danmoseley

Assignees

@eerhardt eerhardt

Labels
arch-wasm WebAssembly architecture area-System.Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@eerhardt @danmoseley @carlossanlop @lewing @maraf