-
Notifications
You must be signed in to change notification settings - Fork 52
Async Crypto Endeavour #12
Conversation
5bf081f
to
eb5de10
Compare
Added PKCS#1 handling to ensure interop with go, which made rsa key generation a lot slower. Need to find a faster way to do this. |
Turns out it is not slower, I just misread my stats :) Just a small size increase due to the need to bundle some more JavaScript libraries. |
|
"protocol-buffers": "^3.1.6" | ||
"asn1.js": "^4.8.1", | ||
"async": "^2.0.1", | ||
"multihashing-async": "^0.1.0", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the "Needs" on #12 (comment) is no longer valid, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
- `buf: Buffer` | ||
- `callback: Function` | ||
|
||
Converts a protobuf serialized private key into its representative object. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API should be on the README.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's too long and was moved out, as we did before with very large APIs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't believe that is true, which other modules have an API.md?
- [`marshalPublicKey(key[, type])`](#marshalpublickeykey-type) | ||
- [`unmarshalPublicKey(buf)`](#unmarshalpublickeybuf) | ||
- [`marshalPrivateKey(key[, type])`](#marshalprivatekeykey-type) | ||
- [`unmarshalPrivateKey(buf)`](#unmarshalprivatekeybuf) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why stop linking to things?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's continue linking the methods.
- `buf: Buffer` | ||
|
||
Converts a protobuf serialized private key into its representative object. | ||
See [API.md](API.md) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The API should be on the README, it is how we do it in every other module.
curves.forEach((curve) => { | ||
suite.add(`ephemeral key with secrect ${curve}`, (d) => { | ||
crypto.generateEphemeralKeyPair('P-256', (err, res) => { | ||
if (err) throw err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this using latest aegir
? Missing the curly
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
'use strict' | ||
|
||
module.exports = function getWebCrypto () { | ||
const WebCrypto = require('node-webcrypto-ossl') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WARNING
At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
This makes the statement that 'using webcrypto is safer' invalid because we know have to trust this shim
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a pretty thin wrapper around openssl, so I wouldn't say that this makes it less safe than the current things we have
if (window.crypto) { | ||
return window.crypto | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wait, so, if in browser, we have to use a "webcrypto-shim"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
webcrypto-shim only helps to fix some differences in api in some browsers, it doesn't actually provide a shim for the apis if they are not available
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I see, can you add that as a comment?
} | ||
} | ||
|
||
throw new Error('Please use an environment with crypto support') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the shim is there, when would this happen?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see above, in all browsers that don't have webcrypto this will happen
'use strict' | ||
|
||
module.exports = function getWebCrypto () { | ||
if (typeof window !== 'undefined') { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use detect-node
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, we don't want to know if we are in node, we explicitly want to know if there is a window
object available.
decrypt (bytes) { | ||
return this._privateKey.decrypt(bytes, 'RSAES-PKCS1-V1_5') | ||
decrypt (msg, callback) { | ||
crypto.decrypt(this._key, msg, callback) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is the difference between bytes and msg? Probably node, why change the name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found msg
to better describe what is actually being passed through.
This is a giant PR. I didn't see any direct go-ipfs interop tests with regards to crypto. |
They were there before, you can grep for |
Needs:
|
expect(err).to.not.exist | ||
if (err) { | ||
return done(err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- No need for this check
const curveLengths = { | ||
'P-256': 32, | ||
'P-384': 48, | ||
'P-521': 66 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These lengths, are not equal to there lenghts:
const lengths = { | ||
'P-256': 65, | ||
'P-384': 97, | ||
'P-521': 133 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these lengths are not the same as : https://github.com/libp2p/js-libp2p-crypto/pull/12/files#r83008550
key = crypto.generateKeyPair('RSA', 2048) | ||
before((done) => { | ||
crypto.generateKeyPair('RSA', 2048, (err, _key) => { | ||
if (err) return done(err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Weird that aegir didn't fail to lint this one. It is missing the curly
☕️ I am happily awaiting this PR being merged |
@@ -44,43 +58,91 @@ npm install --save libp2p-crypto | |||
```js | |||
const crypto = require('libp2p-crypto') | |||
|
|||
var keyPair = crypto.generateKeyPair('RSA', 2048) | |||
crypto.generateKeyPair('RSA', 2048, (err, key) => { | |||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it key
or keyPair
? Wanna show an example of logging out each?
BREAKING CHANGE: generateKeyPair is now async
5fd0a5c
to
b088bab
Compare
Stats return a 404 https://github.com/libp2p/js-libp2p-crypto/blob/webcrypto/stats.md |
node-forge
elliptic.js
~~Needs https://github.com/multiformats/js-multihashing/pull/12~~ Now
multihashing-async
Stats can be found here: https://github.com/libp2p/js-libp2p-crypto/blob/webcrypto/stats.md