Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

use native nodejs webcrypto implementation #81

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

use native nodejs webcrypto implementation #81

wants to merge 1 commit into from
+3 −3

Conversation

ssttevee
Copy link

instead of one that depends on openssl

@ssttevee
use native nodejs webcrypto implementation
961ab62 
instead of one that depends on openssl
@hankjacobs
Copy link
Contributor

hankjacobs commented Apr 21, 2019
edited
Loading

Thanks but it appears that this broke the hmac e2e gets

@hankjacobs
Copy link
Contributor

So this exposed a fundamental flaw with the way things are architected. The TLDR is that libraries used by worker scripts (e.g. anything loaded via the Context) can't used instanceof because the libraries are required in one realm (the original process) but used in another realm (the VM within which the worker script gets executed). This new crypto library uses instanceof and breaks because of that. Adding ArrayBuffer and the like to the context which gets used within the VM helps but there is one failing instanceof Object check that I can't seem to work around (setting Object on the context doesn't work).

@hankjacobs
Copy link
Contributor

hankjacobs commented Apr 22, 2019
edited
Loading

A simplified example of the problem can be seen by running:

vm.runInNewContext("test = {}; test instanceof Object", {Object:Object})

The above returns false when it should return true.

@hankjacobs
Copy link
Contributor

hankjacobs commented Apr 22, 2019
edited
Loading

Here's a better example of the issue. comp returns false when it should return true (at least it should for the new crypto library to function properly).

vm.runInNewContext("comp({})", {comp: (obj) => { return obj instanceof Object }})

@jdanyow
Copy link
Contributor

jdanyow commented May 6, 2019

I think I tried peculiar/webcrypto a while back with some JWT related scenarios and it didn't work well. Would be worth confirming this scenario should this PR proceed.

const password = 'test';
const plainText = 'foo';
const ptUtf8 = new TextEncoder().encode(plainText);
const pwUtf8 = new TextEncoder().encode(password);
const pwHash = await crypto.subtle.digest('SHA-256', pwUtf8);
const iv = crypto.getRandomValues(new Uint8Array(12));
const alg = { name: 'AES-GCM', iv: iv };
const encKey = await crypto.subtle.importKey('raw', pwHash, alg, false, ['encrypt']);
const encBuffer = await crypto.subtle.encrypt(alg, encKey, ptUtf8);
const decKey = await crypto.subtle.importKey('raw', pwHash, alg, false, ['decrypt']);
const ptBuffer = await crypto.subtle.decrypt(alg, decKey, encBuffer);
const plainText2 = new TextDecoder().decode(ptBuffer);
if (plainText !== plainText2) {
  throw new Error(':(');
}

@hankjacobs hankjacobs mentioned this pull request Jun 24, 2019
Closed
@hankjacobs hankjacobs mentioned this pull request Jul 8, 2019
Closed
@hankjacobs hankjacobs mentioned this pull request Jul 17, 2019
Closed
@hankjacobs hankjacobs mentioned this pull request Oct 13, 2019
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ssttevee @hankjacobs @jdanyow