Namespace: WvdS.System.Security.Cryptography.Providers
Provider crittografico basato su JavaScript Interop per Blazor WebAssembly. Comunica tramite IJSRuntime con openssl.wasm.
Il WasmCryptoProvider consente la crittografia Post-Quantum in applicazioni Blazor WebAssembly tramite:
NativeCryptoProviderBlazor WebAssembly
│
▼
┌─────────────────┐
│ WasmCrypto- │
│ Provider │
│ (C#) │
└────────┬────────┘
│ IJSRuntime.InvokeAsync
▼
┌─────────────────┐
│ wvds-crypto.js │
│ (JavaScript) │
└────────┬────────┘
│
▼
┌─────────────────┐
│ openssl.wasm │
│ (WebAssembly) │
└─────────────────┘
| Proprieta | Tipo | Descrizione |
|---|---|---|
Name | string | "WASM (JS Interop)" |
IsAvailable | bool | true se inizializzato |
// Program.cs (Blazor WebAssembly) builder.Services.AddScoped<ICryptoProvider>(sp => new WasmCryptoProvider(sp.GetRequiredService<IJSRuntime>()));
@inject ICryptoProvider CryptoProvider @code { protected override async Task OnInitializedAsync() { await CryptoProvider.InitializeAsync(); if (CryptoProvider.IsAvailable) { var version = CryptoProvider.GetOpenSslVersion(); Console.WriteLine($"OpenSSL WASM: {version}"); } } }
In wwwroot/index.html:
<head> <!-- OpenSSL WASM Module --> <script src="_content/WvdS.Crypto/openssl.js"></script> <!-- WvdS Crypto Wrapper --> <script src="_content/WvdS.Crypto/wvds-crypto.js"></script> </head>
var (publicKey, privateKey) = await provider.GenerateMlDsaKeyPairAsync("ML-DSA-65");
byte[] data = Encoding.UTF8.GetBytes("Dati firmati dal browser"); byte[] signature = await provider.SignMlDsaAsync(data, privateKey);
bool isValid = await provider.VerifyMlDsaAsync(data, signature, publicKey);
var (publicKey, privateKey) = await provider.GenerateMlKemKeyPairAsync("ML-KEM-768");
var (sharedSecret, ciphertext) = await provider.EncapsulateAsync(recipientPublicKey);
byte[] sharedSecret = await provider.DecapsulateAsync(ciphertext, privateKey);
PBKDF2 tramite Web Crypto API.
byte[] salt = await provider.RandomBytesAsync(32); byte[] derivedKey = await provider.Pbkdf2Async( password: "UserPassword", salt: salt, iterations: 100000, outputLength: 32, hash: "SHA-256");
PBKDF2 con Salt rinforzato PQ.
byte[] key = await provider.Pbkdf2WithPqSaltAsync( password: "UserPassword", baseSalt: baseSalt, pqPublicKey: recipientPqPublicKey, iterations: 100000, outputLength: 32);
KDF memory-hard tramite OpenSSL WASM.
byte[] key = await provider.Argon2idAsync( password: passwordBytes, salt: salt, outputLength: 32, iterations: 3, memoryKiB: 65536, parallelism: 4);
Per grandi quantita di dati con elaborazione a chunk.
byte[] key = await provider.RandomBytesAsync(32); // Crittografare byte[] encrypted = await provider.EncryptChunkedAsync( plaintext, key, chunkSize: 65536); // Chunk da 64 KB // Decrittografare byte[] decrypted = await provider.DecryptChunkedAsync(encrypted, key);
Combina ML-KEM Key Exchange con crittografia chunked.
// Crittografare per destinatario var (kemCiphertext, encryptedData) = await provider.EncryptStreamWithPqKeyAsync( plaintext, recipientPublicKey, chunkSize: 65536); // Decrittografare byte[] decrypted = await provider.DecryptStreamWithPqKeyAsync( kemCiphertext, encryptedData, privateKey);
byte[] prk = await provider.HkdfExtractAsync(salt, inputKeyMaterial);
byte[] okm = await provider.HkdfExpandAsync(prk, info, outputLength: 32);
Extract + Expand in un unico passaggio.
byte[] key = await provider.HkdfDeriveKeyAsync( ikm: sharedSecret, length: 32, salt: optionalSalt, info: contextInfo);
Combina secret classico e PQ.
byte[] hybridKey = await provider.DeriveHybridKeyAsync( classicSecret: ecdhSecret, pqSecret: mlKemSecret, outputLength: 32);
Tls13KeyMaterial keys = await provider.DeriveTls13KeysAsync( sharedSecret, clientHello, serverHello); // Accesso ai secrets derivati var clientKey = keys.ClientHandshakeTrafficSecret; var serverKey = keys.ServerHandshakeTrafficSecret;
Crea firma ibrida da firma classica e ML-DSA.
// Creare firma classica (es. ECDSA) byte[] classicSig = CreateEcdsaSignature(data); // Creare firma ibrida byte[] hybridSig = await provider.CreateHybridSignatureAsync( data, classicSig, mlDsaPrivateKey);
Numeri casuali crittograficamente sicuri tramite Web Crypto API.
byte[] random = await provider.RandomBytesAsync(32);
byte[] certBytes = await provider.CreateEphemeralCertificateAsync( "CN=Browser Certificate", TimeSpan.FromHours(1), mlDsaPrivateKey);
byte[] signedCert = await provider.SignCertificateAsync(tbsCertificate, privateKey);
| Metodo | Parametri | Ritorno |
|---|---|---|
GenerateMlDsaKeyPairAsync | string algorithm | Task<(byte[], byte[])> |
SignMlDsaAsync | byte[] data, byte[] privateKey | Task<byte[]> |
VerifyMlDsaAsync | byte[] data, byte[] signature, byte[] publicKey | Task<bool> |
| Metodo | Parametri | Ritorno |
|---|---|---|
GenerateMlKemKeyPairAsync | string algorithm | Task<(byte[], byte[])> |
EncapsulateAsync | byte[] publicKey | Task<(byte[], byte[])> |
DecapsulateAsync | byte[] ciphertext, byte[] privateKey | Task<byte[]> |
| Metodo | Parametri | Ritorno |
|---|---|---|
Pbkdf2Async | string password, byte[] salt, int iterations, int outputLength, string hash | Task<byte[]> |
Pbkdf2WithPqSaltAsync | string password, byte[] baseSalt, byte[] pqPublicKey, int iterations, int outputLength | Task<byte[]> |
Argon2idAsync | byte[]/string password, byte[] salt, int outputLength, int iterations, int memoryKiB, int parallelism | Task<byte[]> |
| Metodo | Parametri | Ritorno |
|---|---|---|
HkdfExtractAsync | byte[] salt, byte[] ikm | Task<byte[]> |
HkdfExpandAsync | byte[] prk, byte[] info, int length | Task<byte[]> |
HkdfDeriveKeyAsync | byte[] ikm, int length, byte[]? salt, byte[]? info | Task<byte[]> |
DeriveHybridKeyAsync | byte[] classicSecret, byte[] pqSecret, int outputLength | Task<byte[]> |
| Metodo | Parametri | Ritorno |
|---|---|---|
EncryptChunkedAsync | byte[] plaintext, byte[] key, int chunkSize | Task<byte[]> |
DecryptChunkedAsync | byte[] ciphertext, byte[] key | Task<byte[]> |
EncryptStreamWithPqKeyAsync | byte[] plaintext, byte[] publicKey, int chunkSize | Task<(byte[], byte[])> |
DecryptStreamWithPqKeyAsync | byte[] kemCiphertext, byte[] encryptedData, byte[] privateKey | Task<byte[]> |
| Metodo | Parametri | Ritorno |
|---|---|---|
RandomBytesAsync | int length | Task<byte[]> |
CreateHybridSignatureAsync | byte[] data, byte[] classicSig, byte[] pqPrivKey | Task<byte[]> |
DeriveTls13KeysAsync | byte[] sharedSecret, byte[] clientHello, byte[] serverHello | Task<Tls13KeyMaterial> |
// Componente Blazor @page "/crypto-demo" @inject ICryptoProvider CryptoProvider <h3>PQ Crypto Demo</h3> <p>Status: @_status</p> @code { private string _status = "Inizializzazione..."; protected override async Task OnInitializedAsync() { try { await CryptoProvider.InitializeAsync(); // Demo Key Exchange var (alicePublic, alicePrivate) = await CryptoProvider.GenerateMlKemKeyPairAsync(); var (sharedSecret, ciphertext) = await CryptoProvider.EncapsulateAsync(alicePublic); var decapsulated = await CryptoProvider.DecapsulateAsync(ciphertext, alicePrivate); bool keysMatch = sharedSecret.SequenceEqual(decapsulated); // Demo firma var (sigPub, sigPriv) = await CryptoProvider.GenerateMlDsaKeyPairAsync(); byte[] message = Encoding.UTF8.GetBytes("Test Message"); byte[] signature = await CryptoProvider.SignMlDsaAsync(message, sigPriv); bool isValid = await CryptoProvider.VerifyMlDsaAsync(message, signature, sigPub); _status = $"Keys match: {keysMatch}, Signature valid: {isValid}"; } catch (Exception ex) { _status = $"Errore: {ex.Message}"; } } }
openssl.wasm e wvds-crypto.js devono essere caricati correttamenteWolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional