Skip to content
This repository has been archived by the owner on Jul 21, 2023. It is now read-only.

Commit

Permalink
fix: better error for missing web crypto
Browse files Browse the repository at this point in the history
This PR simply detects missing web crypto and throws an error with an appropriate message.

This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation.

refs #149
refs #150
refs #105
refs ipfs/js-ipfs#2153
refs ipfs/js-ipfs#2017

License: MIT
Signed-off-by: Alan Shaw <alan@tableflip.io>
  • Loading branch information
alanshaw committed Jul 17, 2019
1 parent 2d15e71 commit af9f64c
Show file tree
Hide file tree
Showing 6 changed files with 123 additions and 22 deletions.
23 changes: 22 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,32 @@ This repo contains the JavaScript implementation of the crypto primitives needed
npm install --save libp2p-crypto
```

## Usage

```js
const crypto = require('libp2p-crypto')

// Now available to you:
//
// crypto.aes
// crypto.hmac
// crypto.keys
// etc.
//
// See full API details below...
```

### Web Crypto API

The `libp2p-crypto` library depends on the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) in the browser. Web Crypto is available in all modern browsers, however browsers restrict its usage to [Secure Contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).

**This means you will not be able to use some `libp2p-crypto` functions in the browser when the page is served over HTTP.**

## API

### `crypto.aes`

Expoes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
Exposes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.

This uses `CTR` mode.

Expand Down
6 changes: 3 additions & 3 deletions src/hmac/index-browser.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict'

const webcrypto = require('../webcrypto.js')
const webcrypto = require('../webcrypto')
const lengths = require('./lengths')

const hashTypes = {
Expand All @@ -10,13 +10,13 @@ const hashTypes = {
}

const sign = async (key, data) => {
return Buffer.from(await webcrypto.subtle.sign({ name: 'HMAC' }, key, data))
return Buffer.from(await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data))
}

exports.create = async function (hashType, secret) {
const hash = hashTypes[hashType]

const key = await webcrypto.subtle.importKey(
const key = await webcrypto.get().subtle.importKey(
'raw',
secret,
{
Expand Down
12 changes: 6 additions & 6 deletions src/keys/ecdh-browser.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict'

const webcrypto = require('../webcrypto.js')
const webcrypto = require('../webcrypto')
const BN = require('asn1.js').bignum
const { toBase64, toBn } = require('../util')

Expand All @@ -11,7 +11,7 @@ const bits = {
}

exports.generateEphmeralKeyPair = async function (curve) {
const pair = await webcrypto.subtle.generateKey(
const pair = await webcrypto.get().subtle.generateKey(
{
name: 'ECDH',
namedCurve: curve
Expand All @@ -25,7 +25,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
let privateKey

if (forcePrivate) {
privateKey = await webcrypto.subtle.importKey(
privateKey = await webcrypto.get().subtle.importKey(
'jwk',
unmarshalPrivateKey(curve, forcePrivate),
{
Expand All @@ -40,7 +40,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
}

const keys = [
await webcrypto.subtle.importKey(
await webcrypto.get().subtle.importKey(
'jwk',
unmarshalPublicKey(curve, theirPub),
{
Expand All @@ -53,7 +53,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
privateKey
]

return Buffer.from(await webcrypto.subtle.deriveBits(
return Buffer.from(await webcrypto.get().subtle.deriveBits(
{
name: 'ECDH',
namedCurve: curve,
Expand All @@ -64,7 +64,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
))
}

const publicKey = await webcrypto.subtle.exportKey('jwk', pair.publicKey)
const publicKey = await webcrypto.get().subtle.exportKey('jwk', pair.publicKey)

return {
key: marshalPublicKey(publicKey),
Expand Down
20 changes: 10 additions & 10 deletions src/keys/rsa-browser.js
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
'use strict'

const webcrypto = require('../webcrypto.js')
const webcrypto = require('../webcrypto')
const randomBytes = require('../random-bytes')

exports.utils = require('./rsa-utils')

exports.generateKey = async function (bits) {
const pair = await webcrypto.subtle.generateKey(
const pair = await webcrypto.get().subtle.generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: bits,
Expand All @@ -27,7 +27,7 @@ exports.generateKey = async function (bits) {

// Takes a jwk key
exports.unmarshalPrivateKey = async function (key) {
const privateKey = await webcrypto.subtle.importKey(
const privateKey = await webcrypto.get().subtle.importKey(
'jwk',
key,
{
Expand Down Expand Up @@ -57,7 +57,7 @@ exports.unmarshalPrivateKey = async function (key) {
exports.getRandomValues = randomBytes

exports.hashAndSign = async function (key, msg) {
const privateKey = await webcrypto.subtle.importKey(
const privateKey = await webcrypto.get().subtle.importKey(
'jwk',
key,
{
Expand All @@ -68,7 +68,7 @@ exports.hashAndSign = async function (key, msg) {
['sign']
)

const sig = await webcrypto.subtle.sign(
const sig = await webcrypto.get().subtle.sign(
{ name: 'RSASSA-PKCS1-v1_5' },
privateKey,
Uint8Array.from(msg)
Expand All @@ -78,7 +78,7 @@ exports.hashAndSign = async function (key, msg) {
}

exports.hashAndVerify = async function (key, sig, msg) {
const publicKey = await webcrypto.subtle.importKey(
const publicKey = await webcrypto.get().subtle.importKey(
'jwk',
key,
{
Expand All @@ -89,7 +89,7 @@ exports.hashAndVerify = async function (key, sig, msg) {
['verify']
)

return webcrypto.subtle.verify(
return webcrypto.get().subtle.verify(
{ name: 'RSASSA-PKCS1-v1_5' },
publicKey,
sig,
Expand All @@ -99,13 +99,13 @@ exports.hashAndVerify = async function (key, sig, msg) {

function exportKey (pair) {
return Promise.all([
webcrypto.subtle.exportKey('jwk', pair.privateKey),
webcrypto.subtle.exportKey('jwk', pair.publicKey)
webcrypto.get().subtle.exportKey('jwk', pair.privateKey),
webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
])
}

function derivePublicFromPrivate (jwKey) {
return webcrypto.subtle.importKey(
return webcrypto.get().subtle.importKey(
'jwk',
{
kty: jwKey.kty,
Expand Down
23 changes: 21 additions & 2 deletions src/webcrypto.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,24 @@
/* global self */
/* eslint-env browser */

'use strict'

module.exports = self.crypto || self.msCrypto
// Check native crypto exists and is enabled (In insecure context `self.crypto`
// exists but `self.crypto.subtle` does not).
exports.get = (win = self) => {
const nativeCrypto = win.crypto || win.msCrypto

if (!nativeCrypto || !nativeCrypto.subtle) {
throw Object.assign(
new Error(
'Missing Web Crypto API. ' +
'The most likely cause of this error is that this page is being accessed ' +
'from an insecure context (i.e. not HTTPS). For more information and ' +
'possible resolutions see ' +
'https://github.com/libp2p/js-libp2p-crypto/blob/master/README.md#web-crypto-api'
),
{ code: 'ERR_MISSING_WEB_CRYPTO' }
)
}

return nativeCrypto
}
61 changes: 61 additions & 0 deletions test/browser.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
/* eslint-env mocha */
'use strict'

const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const crypto = require('../')
const webcrypto = require('../src/webcrypto')

async function expectMissingWebCrypto (fn) {
try {
await fn()
} catch (err) {
expect(err.code).to.equal('ERR_MISSING_WEB_CRYPTO')
return
}
throw new Error('Expected missing web crypto error')
}

describe('Missing web crypto', () => {
let webcryptoGet
let rsaPrivateKey

before(async () => {
rsaPrivateKey = await crypto.keys.generateKeyPair('RSA', 512)
})

before(() => {
webcryptoGet = webcrypto.get
webcrypto.get = () => webcryptoGet({})
})

after(() => {
webcrypto.get = webcryptoGet
})

it('should error for hmac create when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.hmac.create('SHA256', Buffer.from('secret')))
})

it('should error for generate ephemeral key pair when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.keys.generateEphemeralKeyPair('P-256'))
})

it('should error for generate rsa key pair when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.keys.generateKeyPair('rsa', 256))
})

it('should error for unmarshal RSA private key when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.keys.unmarshalPrivateKey(crypto.keys.marshalPrivateKey(rsaPrivateKey)))
})

it('should error for sign RSA private key when web crypto is missing', () => {
return expectMissingWebCrypto(() => rsaPrivateKey.sign(Buffer.from('test')))
})

it('should error for verify RSA public key when web crypto is missing', () => {
return expectMissingWebCrypto(() => rsaPrivateKey.public.verify(Buffer.from('test'), Buffer.from('test')))
})
})

0 comments on commit af9f64c

Please sign in to comment.