Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SubtleCrypto fails to recognise some CryptoKeys #55

Open
gnarea opened this issue Jun 20, 2022 · 6 comments
Open

SubtleCrypto fails to recognise some CryptoKeys #55

gnarea opened this issue Jun 20, 2022 · 6 comments
Assignees
@microshine

Comments

@gnarea
Copy link
Contributor

gnarea commented Jun 20, 2022

The following is failing for me:

webcrypto-core/src/subtle.ts

Lines 244 to 248 in 22c0f0b

protected checkCryptoKey(key: globalThis.CryptoKey): asserts key is CryptoKey {
if (!(key instanceof CryptoKey)) {
throw new TypeError(`Key is not of type 'CryptoKey'`);
}
} 

Error: Error during exporting public key: Key is not of type 'CryptoKey'

    at PublicKeyInfo.importKey (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at Function.issue (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/x509/Certificate.ts:108:5)
    at PublicGatewayManager.generate (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.ts:40:32)
    at Object.<anonymous> (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.spec.ts:67:28)

But it shouldn't be (according to my debugger):

cryptokey-err

I think the issue is analogous to PeculiarVentures/asn1-schema#71. Here some info on the dependency tree:

$ npm list webcrypto-core
@relaycorp/[email protected] /home/gus/repos/relaynet-internet-gateway
└─┬ @relaycorp/[email protected]
  ├─┬ @peculiar/[email protected]
  │ └── [email protected]  deduped
  └── [email protected] 

$ npm list @peculiar/webcrypto
@relaycorp/[email protected] /home/gus/repos/relaynet-internet-gateway
└─┬ @relaycorp/[email protected]
  └── @peculiar/[email protected]

The CryptoKeyPair is generated inside @relaycorp/relaynet-core, using @peculiar/webcrypto, and the resulting key pair is then passed to the root package (relaynet-internet-gateway). Then the root package tries to use that key pair to issue a self-signed certificate using @relaycorp/relaynet-core (which in turn uses PKI.js), but it fails with the error above.

Note that I tried skipping the key instanceof CryptoKey check above, but hit a new error from @peculiar/webcrypto:

Error: Error during exporting public key: Cannot get CryptoKey from secure storage

    at PublicKeyInfo.importKey (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at Function.issue (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/x509/Certificate.ts:108:5)
    at PublicGatewayManager.generate (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.ts:40:32)
    at Object.<anonymous> (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.spec.ts:67:28)
@gnarea gnarea mentioned this issue Jun 20, 2022
Closed
2 tasks
@microshine
Copy link
Contributor

@peculiar/webcrypto use WeakMap to protect private key data. Here is storage implementation. As you can see, getCryptoKey throws Cannot get CryptoKey from secure storage exception.

Sometimes I've got the similar problem with WebCrypto. To fix it, I use resolutions option in package.json for yarn. Try to use overrides option for npm.

One more thought, maybe it's possible to fix the problem by moving @peculiar/webcrypto into peerDependency

@microshine
Copy link
Contributor

/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19

It's interesting. You've got node_modules folder for @relaycorp/relaynet-core.

I bet the problem is in module duplicates

gnarea added a commit to relaycorp/relaynet-core-js that referenced this issue Jun 21, 2022
@gnarea
Add `@peculiar/webcrypto to peerDependencies
031ec6f 
To work around PeculiarVentures/webcrypto-core#55
@gnarea
Copy link
Contributor Author

gnarea commented Jun 21, 2022

Hi @microshine! Thanks for looking into this.

What should I try setting overrides to in package.json? We're already using [email protected] across the board.

I tried adding @peculiar/webcrypto to peerDependencies in @relaycorp/relaynet-core. That makes key instanceof CryptoKey work, but then I hit the WeakMap-related issue:

Error: Error during exporting public key: Key is not of type 'CryptoKey'

    at PublicKeyInfo.importKey (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Function.issue (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/x509/Certificate.ts:108:5)
    at PublicGatewayManager.generate (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.ts:40:32)
    at Object.<anonymous> (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.spec.ts:67:28)

I don't know why I'm hitting this issue, having seen the @peculiar/webcrypto implementation. It should work 🤔 I'll take another look at this tomorrow with fresh eyes.

@microshine
Copy link
Contributor

microshine commented Jun 22, 2022
edited
Loading

Please look at your package-lock.json file

it uses 2 copies of @peculia/webcrypto

https://github.com/relaycorp/relaynet-internet-gateway/blob/master/package-lock.json#L1747
https://github.com/relaycorp/relaynet-internet-gateway/blob/master/package-lock.json#L11339

@microshine
Copy link
Contributor

Looks I was wrong. It's the same dependency for @relaycorp/relaynet-core package.

One more thought. Try to remove package-lock.json and node_modules folder and reinstall dependencies.

The structure of node_modules has been changed

image

gnarea added a commit to relaycorp/relaynet-core-js that referenced this issue Jun 29, 2022
@gnarea
fix(deps): Add `@peculiar/webcrypto to peerDependencies
02204e2 
To try to work around PeculiarVentures/webcrypto-core#55
gnarea added a commit to relaycorp/awala-gateway-internet that referenced this issue Jun 29, 2022
@gnarea
upgrade @relaycorp/relaynet-core and recreate package-lock.json
8925143 
To try to work around PeculiarVentures/webcrypto-core#55
@gnarea
Copy link
Contributor Author

gnarea commented Jun 29, 2022
edited
Loading

Thanks @microshine!

I've now added @peculiar/webcrypto and webcrypto-core (for good measure) to @relaycorp/relaynet-core, and re-created package-lock.json in relaynet-internet-gateway. However, this last change has taken me back to the original problem of Key is not of type 'CryptoKey'.

Note that npm list still shows a single instance of @peculiar/webcrypto and multiple of webcrypto core (though they're all deduped):

$ npm list @peculiar/webcrypto
@relaycorp/[email protected] /home/gus/repos/relaynet-internet-gateway
└─┬ @relaycorp/[email protected]
  └── @peculiar/[email protected]

$ npm list webcrypto-core
@relaycorp/[email protected] /home/gus/repos/relaynet-internet-gateway
├─┬ @relaycorp/[email protected]
│ └── [email protected]
└─┬ @relaycorp/[email protected]
  ├─┬ @peculiar/[email protected]
  │ └── [email protected] deduped
  └── [email protected] deduped

package-lock.json does appear to show two instances of @peculiar/webcrypto if I'm reading it right. That's still the case after deleting package-lock.json and node_modules, and running npm i again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@microshine microshine

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gnarea @microshine