search

denoland / deno

A modern runtime for JavaScript and TypeScript.
https://deno.com
MIT License
95.43k stars 5.3k forks source link

Tracking issue for remaining `node:crypto` APIs #18455

Closed littledivy closed 9 months ago

littledivy commented 1 year ago

Please leave a comment below if you are planning to contribute so we can avoid duplicate work.

Unimplemented

Port polyfill to Rust

OpenSSL-specific

Identified bugs

randomicon00 commented 1 year ago

I would like to start with the first method crypto.verify()

bartlomieju commented 1 year ago

npm:octokit is not working correctly due to jsonwebtoken throwing errors like this:

error: Uncaught Error: secretOrPrivateKey must be an asymmetric key when using RS256
    at Object.module.exports [as sign] (file:///app/node_modules/.deno/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:124:22)
bartlomieju commented 1 year ago

Another one: https://github.com/denoland/deno/issues/19836

littledivy commented 1 year ago

Missing AES-GCM in cipher issues:

mllnd commented 11 months ago

Hey @littledivy, has there been any progress with crypto.Decipheriv.prototype.setAutoPadding? Stumbled upon missing method when using npm:ethereum-cryptography.

https://github.com/ethereum/js-ethereum-cryptography/blob/cbb283febc4641bf1c5c365a2a16037032f2d23e/src/aes.ts#L69-L71

Error: Not implemented: crypto.Cipheriv.prototype.setAutoPadding
    at notImplemented (ext:deno_node/_utils.ts:9:11)
    at Cipheriv.setAutoPadding (ext:deno_node/internal/crypto/cipher.ts:46:9)
adamtaylor13 commented 11 months ago

npm:octokit is not working correctly due to jsonwebtoken throwing errors like this:

error: Uncaught Error: secretOrPrivateKey must be an asymmetric key when using RS256
    at Object.module.exports [as sign] (file:///app/node_modules/.deno/jsonwebtoken@9.0.1/node_modules/jsonwebtoken/sign.js:124:22)

FYI, I wanted to note here for visibility that it seems this issue is fixed in Deno 1.38.1—however, it doesn't appear this is used on Deno Deploy just yet: https://github.com/denoland/deno/issues/20938#issuecomment-1810512827

ayame113 commented 9 months ago

It seems that the error is occurring from verifyIdToken() in npm:firebase-admin because crypto.createPublicKey() is missing.

For anyone who encounters a similar error:

When I validate the JWT using verifyIdToken() in firebase-admin/auth, I get the error below.

[Internal Formatting Error] TypeError: Cannot read properties of undefined (reading 'message')
    at PrefixedFirebaseError.get message (file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/error.js:62:27)
    at PrefixedFirebaseError.toString (<anonymous>)
    at inspectError (ext:deno_console/01_console.js:1535:36)
    at formatRaw (ext:deno_console/01_console.js:902:16)
    at formatValue (ext:deno_console/01_console.js:664:10)
    at formatProperty (ext:deno_console/01_console.js:1663:11)
    at formatRaw (ext:deno_console/01_console.js:982:9)
    at formatValue (ext:deno_console/01_console.js:664:10)
    at inspectArgs (ext:deno_console/01_console.js:3087:17)
    at console.error (ext:deno_console/01_console.js:3206:7)

When I debugged and checked the actual error.message, the content was as follows.

Error: Firebase ID token has invalid signature. See https://firebase.google.com/docs/auth/admin/verify-id-tokens for details on how to retrieve an ID token.
    at FirebaseTokenVerifier.mapJwtErrorToAuthError (file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/auth/token-verifier.js:330:14)
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/auth/token-verifier.js:306:20
    at Object.runMicrotasks (ext:core/01_core.js:820:30)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:53:10)
    at runNextTicks (ext:deno_node/_next_tick.ts:71:3)
    at eventLoopTick (ext:core/01_core.js:188:21)
    at async file:///C:/Users/ayame/work/deno/.../routes/api/[...path].ts:277:23
    at async dispatch (https://deno.land/x/hono@v3.11.12/compose.ts:45:17)
    at async https://deno.land/x/hono@v3.11.12/validator/validator.ts:141:5
    at async dispatch (https://deno.land/x/hono@v3.11.12/compose.ts:45:17)

The above error is wrapped by firebase. The original error was something like this:

Error: secretOrPublicKey must be an asymmetric key when using RS256
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/jwt.js:275:27
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/jsonwebtoken@9.0.2/node_modules/jsonwebtoken/verify.js:194:14
    at file:///C:/Users/ayame/work/deno/.../node_modules/.deno/firebase-admin@12.0.0/node_modules/firebase-admin/lib/utils/jwt.js:232:17
    at Object.runMicrotasks (ext:core/01_core.js:820:30)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:53:10)
    at runNextTicks (ext:deno_node/_next_tick.ts:71:3)
    at eventLoopTick (ext:core/01_core.js:188:21)

This error is actually coming from inside npm:node-jsonwebtoken.

// https://github.com/auth0/node-jsonwebtoken/blob/bc28861f1fa981ed9c009e29c044a19760a0b128/verify.js#L122
      try {
        secretOrPublicKey = createPublicKey(secretOrPublicKey);
      } catch (_) {
        try {
          secretOrPublicKey = createSecretKey(typeof secretOrPublicKey === 'string' ? Buffer.from(secretOrPublicKey) : secretOrPublicKey);
        } catch (_) {
          return done(new JsonWebTokenError('secretOrPublicKey is not valid key material'))
        }
      }

In the end, I found out that the cause of the error was that createPublicKey was not implemented.

littledivy commented 9 months ago

I have converted the pending items into seperate issues. Closing this one.

studiowebux commented 1 day ago

Hello,

I am testing nodejs code that I wrote last year with Deno 2,

I encounter an error when doing the following (I only extracted the errored code)

import { generateKeyPairSync } from "node:crypto";

const passphrase: string = "mypassphrase";
const cipher: string = "aes-256-cbc";
const modulusLength: number = 4096;

const key = generateKeyPairSync("rsa", {
  modulusLength,
  publicKeyEncoding: {
    type: "spki",
    format: "pem",
  },
  privateKeyEncoding: {
    type: "pkcs8",
    format: "pem",
    cipher,
    passphrase,
  },
});

console.log(key);

Error:

error: Uncaught (in promise) Error: PEM error: PEM Base64 error: invalid Base64 length

I see above that the generateKeyPairSync has been implemented, do I need to do something special ? or node:crypto should work as is ?

Thank you !

barthuijgen commented 1 day ago

Can't believe you released Deno 2 without fixing setAutoPadding... Luckily Bun does have it implemented.