Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tracking issue for remaining node:crypto APIs #18455

Closed
36 of 39 tasks
littledivy opened this issue Mar 27, 2023 · 11 comments
Closed
36 of 39 tasks

Tracking issue for remaining node:crypto APIs #18455

littledivy opened this issue Mar 27, 2023 · 11 comments
Assignees
Labels
help wanted community help requested node compat

Comments

@littledivy
Copy link
Member

littledivy commented Mar 27, 2023

Please leave a comment below if you are planning to contribute so we can avoid duplicate work.

Unimplemented

Port polyfill to Rust

OpenSSL-specific

  • crypto.setFips()
  • crypto.setEngine()

Identified bugs

@littledivy littledivy added help wanted community help requested node compat labels Mar 27, 2023
@randomicon00
Copy link
Contributor

I would like to start with the first method crypto.verify()

littledivy added a commit that referenced this issue Mar 28, 2023
littledivy added a commit that referenced this issue Mar 28, 2023
Towards #18455 

This commit implements `checkPrimeSync` and `checkPrime` in node:crypto
using the Miller-Rabin primality test (fun fact: it actually is a test
for composite numbers)

It first compares the candidate against many known small primes and if
not, proceeds to run the Miller-Rabin primality test.
http://nickle.org/examples/miller-rabin.5c used as reference
implementation.
mmastrac pushed a commit that referenced this issue Mar 31, 2023
mmastrac pushed a commit that referenced this issue Mar 31, 2023
Towards #18455 

This commit implements `checkPrimeSync` and `checkPrime` in node:crypto
using the Miller-Rabin primality test (fun fact: it actually is a test
for composite numbers)

It first compares the candidate against many known small primes and if
not, proceeds to run the Miller-Rabin primality test.
http://nickle.org/examples/miller-rabin.5c used as reference
implementation.
littledivy added a commit that referenced this issue Apr 6, 2023
littledivy added a commit that referenced this issue Apr 6, 2023
@ry ry mentioned this issue Apr 7, 2023
14 tasks
@ry ry pinned this issue Apr 7, 2023
littledivy added a commit that referenced this issue Apr 7, 2023
littledivy added a commit that referenced this issue Apr 19, 2023
Towards #18455 

This commit implements the keypair generation for asymmetric keys for
the `generateKeyPair` API.

See how key material is managed in this implementation:
https://www.notion.so/denolandinc/node-crypto-design-99fc33f568d24e47a5e4b36002c5325d?pvs=4

Private and public key encoding depend on `KeyObject#export` which is
not implemented. I've also skipped ED448 and X448 since we need a crate
for that in WebCrypto too.
bartlomieju pushed a commit to bartlomieju/deno that referenced this issue Apr 20, 2023
Towards denoland#18455 

This commit implements the keypair generation for asymmetric keys for
the `generateKeyPair` API.

See how key material is managed in this implementation:
https://www.notion.so/denolandinc/node-crypto-design-99fc33f568d24e47a5e4b36002c5325d?pvs=4

Private and public key encoding depend on `KeyObject#export` which is
not implemented. I've also skipped ED448 and X448 since we need a crate
for that in WebCrypto too.
littledivy added a commit that referenced this issue Apr 27, 2023
Towards #18455

`safe`, `add` and `rem` options are not implemented because there is no
rust crate that provides this functionality (except rust-openssl maybe)
and its just not clear if this API is used widely.
@rbetts rbetts changed the title Tracking issue for remaning node:crypto APIs Tracking issue for remaining node:crypto APIs Jul 27, 2023
@bartlomieju
Copy link
Member

npm:octokit is not working correctly due to jsonwebtoken throwing errors like this:

error: Uncaught Error: secretOrPrivateKey must be an asymmetric key when using RS256
    at Object.module.exports [as sign] (file:///app/node_modules/.deno/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:124:22)

@bartlomieju
Copy link
Member

Another one: #19836

@littledivy
Copy link
Member Author

Missing AES-GCM in cipher issues:

@mllnd
Copy link

mllnd commented Nov 1, 2023

Hey @littledivy, has there been any progress with crypto.Decipheriv.prototype.setAutoPadding? Stumbled upon missing method when using npm:ethereum-cryptography.

https://github.com/ethereum/js-ethereum-cryptography/blob/cbb283febc4641bf1c5c365a2a16037032f2d23e/src/aes.ts#L69-L71

Error: Not implemented: crypto.Cipheriv.prototype.setAutoPadding
    at notImplemented (ext:deno_node/_utils.ts:9:11)
    at Cipheriv.setAutoPadding (ext:deno_node/internal/crypto/cipher.ts:46:9)

@littledivy littledivy self-assigned this Nov 5, 2023
littledivy added a commit that referenced this issue Nov 9, 2023
@adamtaylor13
Copy link

npm:octokit is not working correctly due to jsonwebtoken throwing errors like this:

error: Uncaught Error: secretOrPrivateKey must be an asymmetric key when using RS256
    at Object.module.exports [as sign] (file:///app/node_modules/.deno/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:124:22)

FYI, I wanted to note here for visibility that it seems this issue is fixed in Deno 1.38.1—however, it doesn't appear this is used on Deno Deploy just yet: #20938 (comment)

@ayame113
Copy link
Contributor

ayame113 commented Jan 5, 2024

It seems that the error is occurring from verifyIdToken() in npm:firebase-admin because crypto.createPublicKey() is missing.

For anyone who encounters a similar error:

When I validate the JWT using verifyIdToken() in firebase-admin/auth, I get the error below.

[Internal Formatting Error] TypeError: Cannot read properties of undefined (reading 'message')
    at PrefixedFirebaseError.get message (file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/error.js:62:27)
    at PrefixedFirebaseError.toString (<anonymous>)
    at inspectError (ext:deno_console/01_console.js:1535:36)
    at formatRaw (ext:deno_console/01_console.js:902:16)
    at formatValue (ext:deno_console/01_console.js:664:10)
    at formatProperty (ext:deno_console/01_console.js:1663:11)
    at formatRaw (ext:deno_console/01_console.js:982:9)
    at formatValue (ext:deno_console/01_console.js:664:10)
    at inspectArgs (ext:deno_console/01_console.js:3087:17)
    at console.error (ext:deno_console/01_console.js:3206:7)

When I debugged and checked the actual error.message, the content was as follows.

Error: Firebase ID token has invalid signature. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
    at FirebaseTokenVerifier.mapJwtErrorToAuthError (file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/auth/token-verifier.js:330:14)
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/auth/token-verifier.js:306:20
    at Object.runMicrotasks (ext:core/01_core.js:820:30)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:53:10)
    at runNextTicks (ext:deno_node/_next_tick.ts:71:3)
    at eventLoopTick (ext:core/01_core.js:188:21)
    at async file:///C:/Users/ayame/work/deno/.../routes/api/[...path].ts:277:23
    at async dispatch (https://deno.land/x/hono@v3.11.12/compose.ts:45:17)
    at async https://deno.land/x/hono@v3.11.12/validator/validator.ts:141:5
    at async dispatch (https://deno.land/x/hono@v3.11.12/compose.ts:45:17)

The above error is wrapped by firebase. The original error was something like this:

Error: secretOrPublicKey must be an asymmetric key when using RS256
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/jwt.js:275:27
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/verify.js:194:14
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/jwt.js:232:17
    at Object.runMicrotasks (ext:core/01_core.js:820:30)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:53:10)
    at runNextTicks (ext:deno_node/_next_tick.ts:71:3)
    at eventLoopTick (ext:core/01_core.js:188:21)

This error is actually coming from inside npm:node-jsonwebtoken.

// https://github.com/auth0/node-jsonwebtoken/blob/bc28861f1fa981ed9c009e29c044a19760a0b128/verify.js#L122
      try {
        secretOrPublicKey = createPublicKey(secretOrPublicKey);
      } catch (_) {
        try {
          secretOrPublicKey = createSecretKey(typeof secretOrPublicKey === 'string' ? Buffer.from(secretOrPublicKey) : secretOrPublicKey);
        } catch (_) {
          return done(new JsonWebTokenError('secretOrPublicKey is not valid key material'))
        }
      }

In the end, I found out that the cause of the error was that createPublicKey was not implemented.

@littledivy
Copy link
Member Author

I have converted the pending items into seperate issues. Closing this one.

@littledivy littledivy unpinned this issue Jan 5, 2024
@studiowebux
Copy link

Hello,

I am testing nodejs code that I wrote last year with Deno 2,

I encounter an error when doing the following (I only extracted the errored code)

import { generateKeyPairSync } from "node:crypto";

const passphrase: string = "mypassphrase";
const cipher: string = "aes-256-cbc";
const modulusLength: number = 4096;

const key = generateKeyPairSync("rsa", {
  modulusLength,
  publicKeyEncoding: {
    type: "spki",
    format: "pem",
  },
  privateKeyEncoding: {
    type: "pkcs8",
    format: "pem",
    cipher,
    passphrase,
  },
});

console.log(key);

Error:

error: Uncaught (in promise) Error: PEM error: PEM Base64 error: invalid Base64 length

I see above that the generateKeyPairSync has been implemented, do I need to do something special ?
or node:crypto should work as is ?

Thank you !

@barthuijgen
Copy link

Can't believe you released Deno 2 without fixing setAutoPadding... Luckily Bun does have it implemented.

@sant123
Copy link

sant123 commented Oct 14, 2024

@barthuijgen it is working on canary now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted community help requested node compat
Projects
None yet
Development

No branches or pull requests

9 participants