Avoid rooting cryptography through ZipArchive on browser#130688
Avoid rooting cryptography through ZipArchive on browser#130688alinpahontu2912 with Copilot wants to merge 6 commits into
Conversation
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
|
Azure Pipelines: Successfully started running 3 pipeline(s). 12 pipeline(s) were filtered out due to trigger conditions. There may be pipelines that require an authorized user to comment /azp run to run. |
|
Tagging subscribers to 'arch-wasm': @lewing, @pavelsavara |
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
|
Azure Pipelines: Successfully started running 3 pipeline(s). 12 pipeline(s) were filtered out due to trigger conditions. There may be pipelines that require an authorized user to comment /azp run to run. |
There was a problem hiding this comment.
Pull request overview
This PR adjusts System.IO.Compression to avoid pulling in System.Security.Cryptography when using ZipArchive on browser-wasm, by conditionally excluding WinZip AES implementation (unsupported on browser) and removing the cryptography dependency from the ZipCrypto path. It also adds test coverage to help ensure the browser build output no longer shows cryptography-related native interop artifacts.
Changes:
- Add browser-only WinZip AES stubs (throwing
PlatformNotSupportedException) and conditionally exclude the WinZip AES implementation + cryptography project reference for browser builds. - Remove ZipCrypto’s dependency on
System.Security.Cryptography(switch header “randomness” and pooled-buffer clearing implementation). - Add tests validating browser ZipCrypto decryption and asserting the browser wasm build output doesn’t include cryptography-related pinvoke entries.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/mono/wasm/Wasm.Build.Tests/NativeBuildTests.cs | Adds an assertion that the generated pinvoke table doesn’t contain cryptography-related entries for the ZipArchive interop scenario. |
| src/libraries/System.IO.Compression/tests/ZipArchive/zip_ReadTests.cs | Adds a Browser-specific theory to validate ZipCrypto decryption still works on Browser. |
| src/libraries/System.IO.Compression/src/System/IO/Compression/ZipCryptoStream.cs | Removes System.Security.Cryptography usage by changing buffer clearing and header byte generation. |
| src/libraries/System.IO.Compression/src/System/IO/Compression/ZipArchiveEntry.cs | Broadens encryption-stream locals to Stream (supports browser stubbing of WinZip AES type). |
| src/libraries/System.IO.Compression/src/System/IO/Compression/ZipArchiveEntry.Async.cs | Broadens encryption-stream locals to Stream for the same reason in async paths. |
| src/libraries/System.IO.Compression/src/System/IO/Compression/WinZipAes.PlatformNotSupported.cs | Introduces browser-only stubs for WinZip AES APIs that throw PlatformNotSupportedException. |
| src/libraries/System.IO.Compression/src/System.IO.Compression.csproj | Conditions WinZip AES sources + System.Security.Cryptography reference away from browser builds; includes browser stub file. |
| src/libraries/System.IO.Compression/src/Resources/Strings.resx | Minor resource formatting adjustment near the WinZip AES browser PNSE string. |
| namespace System.IO.Compression | ||
| { | ||
| internal readonly struct WinZipAesKeyMaterial; | ||
|
|
||
| internal static class WinZipAesStream | ||
| { |
rzikm
left a comment
There was a problem hiding this comment.
See comment about RNG, I believe we need security/cryptography SMEs to chime in
| <data name="WinZipEncryptionNotSupportedOnBrowser" xml:space="preserve"> | ||
| <value>WinZip AES encryption is not supported on the browser platform.</value> | ||
| </data> | ||
|
|
There was a problem hiding this comment.
This whitespace change should be reverted
| Span<byte> randomBytes = stackalloc byte[16]; | ||
| Guid.NewGuid().TryWriteBytes(randomBytes); | ||
| randomBytes.Slice(0, 10).CopyTo(header); |
There was a problem hiding this comment.
Guid does guarantee uniqueness, not randomness, so I don't think this is good.
Since ZipCrypto is broken anyway, maybe using Random.Shared.NextBytes is good enough here to avoid rooting System.Security.Cryptography dll. Maybe keep using RandomNumberGenerator on non-browser platforms?
cc @bartonjs, @GrabYourPitchforks for opinions.
Using
ZipArchiveon browser-wasm unnecessarily retainedSystem.Security.Cryptography, increasing trimmed application size even though WinZip AES is unsupported there.Changes
PlatformNotSupportedException.Guid.NewGuid().Array.Clear.System.Security.Cryptography.