Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking issue for remaining node:crypto APIs #18455

Closed
34 of 38 tasks
littledivy opened this issue Mar 27, 2023 · 8 comments
Closed
34 of 38 tasks

Tracking issue for remaining node:crypto APIs #18455

littledivy opened this issue Mar 27, 2023 · 8 comments
Assignees
@littledivy
Labels
help wanted community help requested node compat

Comments

@littledivy
Copy link
Member

littledivy commented Mar 27, 2023
edited

Please leave a comment below if you are planning to contribute so we can avoid duplicate work.

Unimplemented

Port polyfill to Rust

OpenSSL-specific

  • crypto.setFips()
  • crypto.setEngine()

Identified bugs
@littledivy littledivy added help wanted community help requested node compat labels Mar 27, 2023
@randomicon00
Copy link
Contributor

I would like to start with the first method crypto.verify()

@bartlomieju bartlomieju mentioned this issue Mar 27, 2023
Closed
This was referenced Mar 27, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Merged
@kt3k kt3k mentioned this issue Mar 28, 2023
Merged
littledivy added a commit that referenced this issue Mar 28, 2023
@littledivy
chore(ext/node): port pbkdf2 to Rust (#18470)
67e21e7 
Towards #18455
littledivy added a commit that referenced this issue Mar 28, 2023
@littledivy
feat(ext/node): add crypto.checkPrime API (#18465)
10012c2 
Towards #18455 

This commit implements `checkPrimeSync` and `checkPrime` in node:crypto
using the Miller-Rabin primality test (fun fact: it actually is a test
for composite numbers)

It first compares the candidate against many known small primes and if
not, proceeds to run the Miller-Rabin primality test.
http://nickle.org/examples/miller-rabin.5c used as reference
implementation.
@GJZwiers GJZwiers mentioned this issue Mar 29, 2023
Closed
mmastrac pushed a commit that referenced this issue Mar 31, 2023
@littledivy @mmastrac
chore(ext/node): port pbkdf2 to Rust (#18470)
2d3be63 
Towards #18455
mmastrac pushed a commit that referenced this issue Mar 31, 2023
@littledivy @mmastrac
feat(ext/node): add crypto.checkPrime API (#18465)
e40f44f 
Towards #18455 

This commit implements `checkPrimeSync` and `checkPrime` in node:crypto
using the Miller-Rabin primality test (fun fact: it actually is a test
for composite numbers)

It first compares the candidate against many known small primes and if
not, proceeds to run the Miller-Rabin primality test.
http://nickle.org/examples/miller-rabin.5c used as reference
implementation.
This was referenced Apr 1, 2023
Closed
Merged
@bartlomieju bartlomieju mentioned this issue Apr 6, 2023
Open
littledivy added a commit that referenced this issue Apr 6, 2023
@littledivy
fix(ext/node): add symmetric keygen (#18609)
3b62a58 
Towards #18455
@littledivy littledivy mentioned this issue Apr 6, 2023
Merged
littledivy added a commit that referenced this issue Apr 6, 2023
@littledivy
fix(ext/node): implement hkdf-expand (#18612)
df72420 
Towards #18455
@ry ry mentioned this issue Apr 7, 2023
Closed
14 tasks
@ry ry pinned this issue Apr 7, 2023
@littledivy littledivy mentioned this issue Apr 7, 2023
Merged
littledivy added a commit that referenced this issue Apr 7, 2023
@littledivy
fix(ext/node): add X509Certificate (#18625)
a0dd0cb 
Towards #18455
@littledivy littledivy mentioned this issue Apr 10, 2023
Merged
levex pushed a commit that referenced this issue Apr 12, 2023
@littledivy @levex
fix(ext/node): add symmetric keygen (#18609)
6345472 
Towards #18455
levex pushed a commit that referenced this issue Apr 12, 2023
@littledivy @levex
fix(ext/node): implement hkdf-expand (#18612)
05bc5e5 
Towards #18455
levex pushed a commit that referenced this issue Apr 12, 2023
@littledivy @levex
fix(ext/node): add X509Certificate (#18625)
f731dbd 
Towards #18455
This was referenced Apr 14, 2023
Merged
Merged
littledivy added a commit that referenced this issue Apr 19, 2023
@littledivy
fix(ext/node): implement asymmetric keygen (#18651)
9496dfc 
Towards #18455 

This commit implements the keypair generation for asymmetric keys for
the `generateKeyPair` API.

See how key material is managed in this implementation:
https://www.notion.so/denolandinc/node-crypto-design-99fc33f568d24e47a5e4b36002c5325d?pvs=4

Private and public key encoding depend on `KeyObject#export` which is
not implemented. I've also skipped ED448 and X448 since we need a crate
for that in WebCrypto too.
bartlomieju pushed a commit to bartlomieju/deno that referenced this issue Apr 20, 2023
@littledivy @bartlomieju
fix(ext/node): implement asymmetric keygen (denoland#18651)
9260505 
Towards denoland#18455 

This commit implements the keypair generation for asymmetric keys for
the `generateKeyPair` API.

See how key material is managed in this implementation:
https://www.notion.so/denolandinc/node-crypto-design-99fc33f568d24e47a5e4b36002c5325d?pvs=4

Private and public key encoding depend on `KeyObject#export` which is
not implemented. I've also skipped ED448 and X448 since we need a crate
for that in WebCrypto too.
@bartlomieju bartlomieju mentioned this issue Apr 25, 2023
Closed
9 tasks
@littledivy littledivy mentioned this issue Apr 26, 2023
Merged
littledivy added a commit that referenced this issue Apr 27, 2023
@littledivy
fix(ext/node): prime generation (#18861)
b0264be 
Towards #18455

`safe`, `add` and `rem` options are not implemented because there is no
rust crate that provides this functionality (except rust-openssl maybe)
and its just not clear if this API is used widely.
@hironichu hironichu mentioned this issue May 2, 2023
Open
@MiguelRipoll23 MiguelRipoll23 mentioned this issue May 5, 2023
Closed
@levex levex mentioned this issue May 15, 2023
Merged
levex added a commit that referenced this issue May 15, 2023
@levex
feat(node/crypto): Builtin Diffie-Hellman Groups (#19137)
1171c54 
Towards #18455
levex added a commit that referenced this issue May 18, 2023
@levex
feat(node/crypto): Builtin Diffie-Hellman Groups (#19137)
4df46b7 
Towards #18455
@rbetts rbetts changed the title Tracking issue for remaning node:crypto APIs Tracking issue for remaining node:crypto APIs Jul 27, 2023
@bartlomieju
Copy link
Member

npm:octokit is not working correctly due to jsonwebtoken throwing errors like this:

error: Uncaught Error: secretOrPrivateKey must be an asymmetric key when using RS256
    at Object.module.exports [as sign] (file:///app/node_modules/.deno/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:124:22)

@bartlomieju
Copy link
Member

Another one: #19836

@littledivy
Copy link
Member Author

Missing AES-GCM in cipher issues:

@chibat chibat mentioned this issue Oct 20, 2023
Open
@littledivy littledivy mentioned this issue Oct 26, 2023
Merged
@mllnd
Copy link

mllnd commented Nov 1, 2023

Hey @littledivy, has there been any progress with crypto.Decipheriv.prototype.setAutoPadding? Stumbled upon missing method when using npm:ethereum-cryptography.

https://github.com/ethereum/js-ethereum-cryptography/blob/cbb283febc4641bf1c5c365a2a16037032f2d23e/src/aes.ts#L69-L71

Error: Not implemented: crypto.Cipheriv.prototype.setAutoPadding
    at notImplemented (ext:deno_node/_utils.ts:9:11)
    at Cipheriv.setAutoPadding (ext:deno_node/internal/crypto/cipher.ts:46:9)

@littledivy littledivy self-assigned this Nov 5, 2023
littledivy added a commit that referenced this issue Nov 9, 2023
@littledivy
fix(node): implement createPrivateKey (#20981)
c4029f6 
Towards #18455
@adamtaylor13
Copy link

npm:octokit is not working correctly due to jsonwebtoken throwing errors like this:

error: Uncaught Error: secretOrPrivateKey must be an asymmetric key when using RS256
    at Object.module.exports [as sign] (file:///app/node_modules/.deno/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:124:22)

FYI, I wanted to note here for visibility that it seems this issue is fixed in Deno 1.38.1—however, it doesn't appear this is used on Deno Deploy just yet: #20938 (comment)

@ayame113
Copy link
Contributor

ayame113 commented Jan 5, 2024

It seems that the error is occurring from verifyIdToken() in npm:firebase-admin because crypto.createPublicKey() is missing.

For anyone who encounters a similar error:

When I validate the JWT using verifyIdToken() in firebase-admin/auth, I get the error below.

[Internal Formatting Error] TypeError: Cannot read properties of undefined (reading 'message')
    at PrefixedFirebaseError.get message (file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/error.js:62:27)
    at PrefixedFirebaseError.toString (<anonymous>)
    at inspectError (ext:deno_console/01_console.js:1535:36)
    at formatRaw (ext:deno_console/01_console.js:902:16)
    at formatValue (ext:deno_console/01_console.js:664:10)
    at formatProperty (ext:deno_console/01_console.js:1663:11)
    at formatRaw (ext:deno_console/01_console.js:982:9)
    at formatValue (ext:deno_console/01_console.js:664:10)
    at inspectArgs (ext:deno_console/01_console.js:3087:17)
    at console.error (ext:deno_console/01_console.js:3206:7)

When I debugged and checked the actual error.message, the content was as follows.

Error: Firebase ID token has invalid signature. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
    at FirebaseTokenVerifier.mapJwtErrorToAuthError (file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/auth/token-verifier.js:330:14)
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/auth/token-verifier.js:306:20
    at Object.runMicrotasks (ext:core/01_core.js:820:30)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:53:10)
    at runNextTicks (ext:deno_node/_next_tick.ts:71:3)
    at eventLoopTick (ext:core/01_core.js:188:21)
    at async file:///C:/Users/ayame/work/deno/.../routes/api/[...path].ts:277:23
    at async dispatch (https://deno.land/x/hono@v3.11.12/compose.ts:45:17)
    at async https://deno.land/x/hono@v3.11.12/validator/validator.ts:141:5
    at async dispatch (https://deno.land/x/hono@v3.11.12/compose.ts:45:17)

The above error is wrapped by firebase. The original error was something like this:

Error: secretOrPublicKey must be an asymmetric key when using RS256
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/jwt.js:275:27
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/verify.js:194:14
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/jwt.js:232:17
    at Object.runMicrotasks (ext:core/01_core.js:820:30)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:53:10)
    at runNextTicks (ext:deno_node/_next_tick.ts:71:3)
    at eventLoopTick (ext:core/01_core.js:188:21)

This error is actually coming from inside npm:node-jsonwebtoken.

// https://github.com/auth0/node-jsonwebtoken/blob/bc28861f1fa981ed9c009e29c044a19760a0b128/verify.js#L122
      try {
        secretOrPublicKey = createPublicKey(secretOrPublicKey);
      } catch (_) {
        try {
          secretOrPublicKey = createSecretKey(typeof secretOrPublicKey === 'string' ? Buffer.from(secretOrPublicKey) : secretOrPublicKey);
        } catch (_) {
          return done(new JsonWebTokenError('secretOrPublicKey is not valid key material'))
        }
      }

In the end, I found out that the cause of the error was that createPublicKey was not implemented.

@littledivy littledivy mentioned this issue Jan 5, 2024
Open
@littledivy
Copy link
Member Author

I have converted the pending items into seperate issues. Closing this one.

@littledivy littledivy unpinned this issue Jan 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@littledivy littledivy

Labels
help wanted community help requested node compat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@adamtaylor13 @mllnd @bartlomieju @randomicon00 @littledivy @ayame113