Use crypto.subtle for HMAC on Browser WASM

src/libraries/Common/src/Interop/Browser/System.Security.Cryptography.Native.Browser/Interop.Sign.cs

@@ -0,0 +1,22 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+
+internal static partial class Interop
+{
+    internal static partial class BrowserCrypto
+    {
+        [LibraryImport(Libraries.CryptoNative, EntryPoint = "SystemCryptoNativeBrowser_Sign")]
+        internal static unsafe partial int Sign(
+            SimpleDigest hashAlgorithm,
+            byte* key_buffer,
+            int key_len,
+            byte* input_buffer,
+            int input_len,
+            byte* output_buffer,
+            int output_len);
+    }
+}

src/libraries/Common/src/Interop/Browser/System.Security.Cryptography.Native.Browser/Interop.SimpleDigestHash.cs

@@ -18,8 +18,8 @@ internal enum SimpleDigest
             Sha512,
         };
 
-        [LibraryImport(Libraries.CryptoNative, EntryPoint = "SystemCryptoNativeBrowser_CanUseSimpleDigestHash")]
-        internal static partial int CanUseSimpleDigestHash();
+        [LibraryImport(Libraries.CryptoNative, EntryPoint = "SystemCryptoNativeBrowser_CanUseSubtleCryptoImpl")]
+        internal static partial int CanUseSubtleCryptoImpl();
 
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "SystemCryptoNativeBrowser_SimpleDigestHash")]
         internal static unsafe partial int SimpleDigestHash(

src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj

@@ -543,6 +543,8 @@
              Link="Common\System\Sha1ForNonSecretPurposes.cs" />
     <Compile Include="$(CommonPath)Interop\Browser\System.Security.Cryptography.Native.Browser\Interop.SimpleDigestHash.cs"
              Link="Common\Interop\Browser\System.Security.Cryptography.Native.Browser\Interop.SimpleDigestHash.cs" /> 
+    <Compile Include="$(CommonPath)Interop\Browser\System.Security.Cryptography.Native.Browser\Interop.Sign.cs"
+             Link="Common\Interop\Browser\System.Security.Cryptography.Native.Browser\Interop.Sign.cs" /> 
     <Compile Include="System\Security\Cryptography\AesCcm.NotSupported.cs" />
     <Compile Include="System\Security\Cryptography\AesGcm.NotSupported.cs" />
     <Compile Include="System\Security\Cryptography\AesImplementation.NotSupported.cs" />
@@ -559,6 +561,7 @@
     <Compile Include="System\Security\Cryptography\ECDsa.Create.NotSupported.cs" />
     <Compile Include="System\Security\Cryptography\HashProviderDispenser.Browser.cs" />
     <Compile Include="System\Security\Cryptography\HMACHashProvider.Browser.Managed.cs" />
+    <Compile Include="System\Security\Cryptography\HMACHashProvider.Browser.Native.cs" />
     <Compile Include="System\Security\Cryptography\LiteHash.Browser.cs" />
     <Compile Include="System\Security\Cryptography\OidLookup.NoFallback.cs" />
     <Compile Include="System\Security\Cryptography\OpenSsl.NotSupported.cs" />

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/HMACHashProvider.Browser.Native.cs

@@ -0,0 +1,99 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.IO;
+using System.Diagnostics;
+using System.Security.Cryptography;
+
+using SimpleDigest = Interop.BrowserCrypto.SimpleDigest;
+
+namespace System.Security.Cryptography
+{
+    internal sealed class HMACNativeHashProvider : HashProvider
+    {
+        private readonly int _hashSizeInBytes;
+        private readonly SimpleDigest _hashAlgorithm;
+        private readonly byte[] _key;
+        private MemoryStream? _buffer;
+
+        public HMACNativeHashProvider(string hashAlgorithmId, ReadOnlySpan<byte> key)
+        {
+            Debug.Assert(HashProviderDispenser.CanUseSubtleCryptoImpl);
+
+            (_hashAlgorithm, _hashSizeInBytes) = SHANativeHashProvider.HashAlgorithmToPal(hashAlgorithmId);
+            _key = key.ToArray();
+        }
+
+        public override void AppendHashData(ReadOnlySpan<byte> data)
+        {
+            _buffer ??= new MemoryStream(1000);
+            _buffer.Write(data);
+        }
+
+        public override int FinalizeHashAndReset(Span<byte> destination)
+        {
+            int written = GetCurrentHash(destination);
+            _buffer = null;
+
+            return written;
+        }
+
+        public override int GetCurrentHash(Span<byte> destination)
+        {
+            Debug.Assert(destination.Length >= _hashSizeInBytes);
+
+            byte[] srcArray = Array.Empty<byte>();
+            int srcLength = 0;
+            if (_buffer != null)
+            {
+                srcArray = _buffer.GetBuffer();
+                srcLength = (int)_buffer.Length;
+            }
+
+            unsafe
+            {
+                fixed (byte* key = _key)
+                fixed (byte* src = srcArray)
+                fixed (byte* dest = destination)
+                {
+                    int res = Interop.BrowserCrypto.Sign(_hashAlgorithm, key, _key.Length, src, srcLength, dest, destination.Length);
+                    Debug.Assert(res != 0);
+                }
+            }
+
+            return _hashSizeInBytes;
+        }
+
+        public static unsafe int MacDataOneShot(string hashAlgorithmId, ReadOnlySpan<byte> key, ReadOnlySpan<byte> data, Span<byte> destination)
+        {
+            (SimpleDigest hashName, int hashSizeInBytes) = SHANativeHashProvider.HashAlgorithmToPal(hashAlgorithmId);
+            Debug.Assert(destination.Length >= hashSizeInBytes);
+
+            fixed (byte* k = key)
+            fixed (byte* src = data)
+            fixed (byte* dest = destination)
+            {
+                int res = Interop.BrowserCrypto.Sign(hashName, k, key.Length, src, data.Length, dest, destination.Length);
+                Debug.Assert(res != 0);
+            }
+
+            return hashSizeInBytes;
+        }
+
+        public override int HashSizeInBytes => _hashSizeInBytes;
+
+        public override void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                CryptographicOperations.ZeroMemory(_key);
+            }
+         }
+
+        public override void Reset()
+        {
+            _buffer = null;
+        }
+    }
+}

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/HashProviderDispenser.Browser.cs

@@ -1,13 +1,11 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using Internal.Cryptography;
-
 namespace System.Security.Cryptography
 {
     internal static partial class HashProviderDispenser
     {
-        internal static readonly bool CanUseSubtleCryptoImpl = Interop.BrowserCrypto.CanUseSimpleDigestHash() == 1;
+        internal static readonly bool CanUseSubtleCryptoImpl = Interop.BrowserCrypto.CanUseSubtleCryptoImpl() == 1;
 
         public static HashProvider CreateHashProvider(string hashAlgorithmId)
         {
@@ -32,9 +30,16 @@ public static unsafe int MacData(
                 ReadOnlySpan<byte> source,
                 Span<byte> destination)
             {
-                HashProvider provider = CreateMacProvider(hashAlgorithmId, key);
-                provider.AppendHashData(source);
-                return provider.FinalizeHashAndReset(destination);
+                if (CanUseSubtleCryptoImpl)
+                {
+                    return HMACNativeHashProvider.MacDataOneShot(hashAlgorithmId, key, source, destination);
+                }
+                else
+                {
+                    using HashProvider provider = CreateMacProvider(hashAlgorithmId, key);
+                    provider.AppendHashData(source);
+                    return provider.FinalizeHashAndReset(destination);
+                }
             }
 
             public static int HashData(string hashAlgorithmId, ReadOnlySpan<byte> source, Span<byte> destination)
@@ -60,7 +65,9 @@ public static unsafe HashProvider CreateMacProvider(string hashAlgorithmId, Read
                 case HashAlgorithmNames.SHA256:
                 case HashAlgorithmNames.SHA384:
                 case HashAlgorithmNames.SHA512:
-                    return new HMACManagedHashProvider(hashAlgorithmId, key);
+                    return CanUseSubtleCryptoImpl
+                        ? new HMACNativeHashProvider(hashAlgorithmId, key)
+                        : new HMACManagedHashProvider(hashAlgorithmId, key);
             }
             throw new CryptographicException(SR.Format(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmId));
         }

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/SHAHashProvider.Browser.Native.cs

@@ -8,7 +8,7 @@
 
 using SimpleDigest = Interop.BrowserCrypto.SimpleDigest;
 
-namespace Internal.Cryptography
+namespace System.Security.Cryptography
 {
     internal sealed class SHANativeHashProvider : HashProvider
     {
@@ -87,7 +87,7 @@ public override void Reset()
             _buffer = null;
         }
 
-        private static (SimpleDigest, int) HashAlgorithmToPal(string hashAlgorithmId)
+        internal static (SimpleDigest HashName, int HashSizeInBytes) HashAlgorithmToPal(string hashAlgorithmId)
         {
             return hashAlgorithmId switch
             {

src/libraries/System.Security.Cryptography/tests/HmacMD5Tests.cs

@@ -137,6 +137,16 @@ public void HMacMD5_ThrowsArgumentNullForNullConstructorKey()
             AssertExtensions.Throws<ArgumentNullException>("key", () => new HMACMD5(null));
         }
 
+        [Fact]
+        public void HMacMD5_EmptyKey()
+        {
+            VerifyRepeating(
+                input: "Crypto is fun!",
+                1,
+                hexKey: "",
+                output: "7554A8C4641CBA36BE2AC20CACEA1136");
+        }
+
         [Fact]
         public void HmacMD5_Stream_MultipleOf4096()
         {

src/libraries/System.Security.Cryptography/tests/HmacSha1Tests.cs

@@ -112,6 +112,16 @@ public void HmacSha1_ThrowsArgumentNullForNullConstructorKey()
             AssertExtensions.Throws<ArgumentNullException>("key", () => new HMACSHA1(null));
         }
 
+        [Fact]
+        public void HmacSha1_EmptyKey()
+        {
+            VerifyRepeating(
+                input: "Crypto is fun!",
+                1,
+                hexKey: "",
+                output: "C979AD8DE8CC546CF82D948226FDD8024599F6CE");
+        }
+
         [Fact]
         public void HmacSha1_Rfc2202_1()
         {

src/libraries/System.Security.Cryptography/tests/HmacSha256Tests.cs

@@ -124,6 +124,16 @@ public void HmacSha256_ThrowsArgumentNullForNullConstructorKey()
             AssertExtensions.Throws<ArgumentNullException>("key", () => new HMACSHA256(null));
         }
 
+        [Fact]
+        public void HmacSha256_EmptyKey()
+        {
+            VerifyRepeating(
+                input: "Crypto is fun!",
+                1,
+                hexKey: "",
+                output: "DE26DD5A23A91021F61EACF8A8DD324AB5637977486A10D701C4DFA4AE33CB4F");
+        }
+
         [Fact]
         public void HmacSha256_Stream_MultipleOf4096()
         {

src/libraries/System.Security.Cryptography/tests/HmacSha384Tests.cs

@@ -137,6 +137,16 @@ public void HmacSha384_ThrowsArgumentNullForNullConstructorKey()
             AssertExtensions.Throws<ArgumentNullException>("key", () => new HMACSHA384(null));
         }
 
+        [Fact]
+        public void HmacSha384_EmptyKey()
+        {
+            VerifyRepeating(
+                input: "Crypto is fun!",
+                1,
+                hexKey: "",
+                output: "CFEB81812C8DB4EDB385FCC7CB81E4D715685741AAB1E470FB0B395A414F89867E510E4A2BA2F1F11D7005849FA0DF11");
+        }
+
         [Fact]
         public void HmacSha384_Stream_MultipleOf4096()
         {

src/libraries/System.Security.Cryptography/tests/HmacSha512Tests.cs

@@ -137,6 +137,16 @@ public void HmacSha512_ThrowsArgumentNullForNullConstructorKey()
             AssertExtensions.Throws<ArgumentNullException>("key", () => new HMACSHA512(null));
         }
 
+        [Fact]
+        public void HmacSha512_EmptyKey()
+        {
+            VerifyRepeating(
+                input: "Crypto is fun!",
+                1,
+                hexKey: "",
+                output: "0C75CCE182743282AAB081BA12AA6C9DEA44852E567063B4EEBD7B33F940B6C8BC16958F9A23401E6FAA00483962A2A8FC7DE9D8B7A14EDD55B49419A211BC37");
+        }
+
         [Fact]
         public void HmacSha512_Stream_MultipleOf4096()
         {

src/mono/wasm/runtime/cjs/dotnet.cjs.lib.js

@@ -70,8 +70,9 @@ const linked_functions = [
     "mono_wasm_get_icudt_name",
 
     // pal_crypto_webworker.c
+    "dotnet_browser_can_use_subtle_crypto_impl",
     "dotnet_browser_simple_digest_hash",
-    "dotnet_browser_can_use_simple_digest_hash",
+    "dotnet_browser_sign",
 ];
 
 // -- this javascript file is evaluated by emcc during compilation! --

src/mono/wasm/runtime/crypto-worker.ts

@@ -9,7 +9,7 @@ let mono_wasm_crypto: {
     worker: Worker
 } | null = null;
 
-export function dotnet_browser_can_use_simple_digest_hash(): number {
+export function dotnet_browser_can_use_subtle_crypto_impl(): number {
     return mono_wasm_crypto === null ? 0 : 1;
 }
 
@@ -33,6 +33,27 @@ export function dotnet_browser_simple_digest_hash(ver: number, input_buffer: num
     return 1;
 }
 
+export function dotnet_browser_sign(hashAlgorithm: number, key_buffer: number, key_len: number, input_buffer: number, input_len: number, output_buffer: number, output_len: number): number {
+    mono_assert(!!mono_wasm_crypto, "subtle crypto not initialized");
+
+    const msg = {
+        func: "sign",
+        type: hashAlgorithm,
+        key: Array.from(Module.HEAPU8.subarray(key_buffer, key_buffer + key_len)),
+        data: Array.from(Module.HEAPU8.subarray(input_buffer, input_buffer + input_len))
+    };
+
+    const response = mono_wasm_crypto.channel.send_msg(JSON.stringify(msg));
+    const signResult = JSON.parse(response);
+    if (signResult.length > output_len) {
+        console.info("dotnet_browser_sign: about to throw!");
+        throw "SIGN HASH: Sign length exceeds output length: " + signResult.length + " > " + output_len;
+    }
+
+    Module.HEAPU8.set(signResult, output_buffer);
+    return 1;
+}
+
 export function init_crypto(): void {
     if (typeof globalThis.crypto !== "undefined" && typeof globalThis.crypto.subtle !== "undefined"
         && typeof SharedArrayBuffer !== "undefined"

src/mono/wasm/runtime/es6/dotnet.es6.lib.js

@@ -107,8 +107,9 @@ const linked_functions = [
     "mono_wasm_get_icudt_name",
 
     // pal_crypto_webworker.c
+    "dotnet_browser_can_use_subtle_crypto_impl",
     "dotnet_browser_simple_digest_hash",
-    "dotnet_browser_can_use_simple_digest_hash",
+    "dotnet_browser_sign",
 ];
 
 // -- this javascript file is evaluated by emcc during compilation! --

src/mono/wasm/runtime/exports.ts

@@ -69,7 +69,11 @@ import { fetch_like, readAsync_like } from "./polyfills";
 import { EmscriptenModule } from "./types/emscripten";
 import { mono_run_main, mono_run_main_and_exit } from "./run";
 import { diagnostics } from "./diagnostics";
-import { dotnet_browser_can_use_simple_digest_hash, dotnet_browser_simple_digest_hash } from "./crypto-worker";
+import {
+    dotnet_browser_can_use_subtle_crypto_impl,
+    dotnet_browser_simple_digest_hash,
+    dotnet_browser_sign
+} from "./crypto-worker";
 
 const MONO = {
     // current "public" MONO API
@@ -370,8 +374,9 @@ export const __linker_exports: any = {
     mono_wasm_get_icudt_name,
 
     // pal_crypto_webworker.c
+    dotnet_browser_can_use_subtle_crypto_impl,
     dotnet_browser_simple_digest_hash,
-    dotnet_browser_can_use_simple_digest_hash,
+    dotnet_browser_sign
 };
 
 const INTERNAL: any = {