search

cloudflare / workerd

The JavaScript / Wasm runtime that powers Cloudflare Workers
https://blog.cloudflare.com/workerd-open-source-workers-runtime/
Apache License 2.0
6.25k stars 300 forks source link

🐛 Bug Report — Runtime APIs node:crypto 'Unrecognized or unimplemented EC curve "id-ecPublicKey" requested.' #2768

Open 1yasa opened 1 month ago

1yasa commented 1 month ago
image

Unrecognized or unimplemented EC curve \"id-ecPublicKey\" requested when use crypto with compatibility_flags = ["nodejs_compat_v2"] & wrangler v3.78.7.

Here is the error source:

https://github.com/agisboye/app-store-server-api/blob/main/src/Decoding.ts#L47

截屏2024-09-19 21 16 03

Here is the error detail:

截屏2024-09-19 21 17 04

So my question is, the X509 implemented by workerd seems to be completely unusable when using the decodeJWS function of /app-store-server-api.

Did I make a mistake, or does the X509 implementation in workerd indeed throw an error when trying to get the public key with cert.publicKey? Below is my business code (for reproduction):

const app_store_api = getAppStoreApi()
const res_subscription = await app_store_api.getSubscriptionStatuses(tid!)

const item = res_subscription.data[0].lastTransactions.find(item => item.originalTransactionId === tid)!

const res_transaction = await decodeTransaction(item.signedTransactionInfo)
1yasa commented 1 month ago

any progress?

jasnell commented 1 month ago

The runtime has a much more limited set of curves that it supports than Node.js and id-ec-PublicKey is not on that list.

From: src/workerd/api/crypto/ec.c++ ...

EllipticCurveInfo lookupEllipticCurve(kj::StringPtr curveName) {
  static const std::map<kj::StringPtr, EllipticCurveInfo, CiLess> registeredCurves{
    {"P-256", {"P-256", NID_X9_62_prime256v1, 32}},
    {"P-384", {"P-384", NID_secp384r1, 48}},
    {"P-521", {"P-521", NID_secp521r1, 66}},
  };

  auto iter = registeredCurves.find(curveName);
  JSG_REQUIRE(iter != registeredCurves.end(), DOMNotSupportedError,
      "Unrecognized or unimplemented EC curve \"", curveName, "\" requested.");
  return iter->second;
}

The node:crypto implementation is still an active WIP so some functionality may still be limited or missing.

1yasa commented 1 month ago

The runtime has a much more limited set of curves that it supports than Node.js and id-ec-PublicKey is not on that list.

From: src/workerd/api/crypto/ec.c++ ...

EllipticCurveInfo lookupEllipticCurve(kj::StringPtr curveName) {
  static const std::map<kj::StringPtr, EllipticCurveInfo, CiLess> registeredCurves{
    {"P-256", {"P-256", NID_X9_62_prime256v1, 32}},
    {"P-384", {"P-384", NID_secp384r1, 48}},
    {"P-521", {"P-521", NID_secp521r1, 66}},
  };

  auto iter = registeredCurves.find(curveName);
  JSG_REQUIRE(iter != registeredCurves.end(), DOMNotSupportedError,
      "Unrecognized or unimplemented EC curve \"", curveName, "\" requested.");
  return iter->second;
}

The node:crypto implementation is still an active WIP so some functionality may still be limited or missing.

Get.

1yasa commented 4 weeks ago

any time support id-ec-PublicKey?

aspirin2d commented 17 hours ago

Apple App Store Server API needs this feature to verify it's signed objects.

ricky0603 commented 16 hours ago

Apple App Store Server API needs this feature to verify it's signed objects.

haha, met the same problems.