Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SubtleCrypto fails to recognise some CryptoKeys #55

Open
gnarea opened this issue Jun 20, 2022 · 6 comments
Open

SubtleCrypto fails to recognise some CryptoKeys #55

gnarea opened this issue Jun 20, 2022 · 6 comments
Assignees

Comments

@gnarea
Copy link
Contributor

gnarea commented Jun 20, 2022

The following is failing for me:

protected checkCryptoKey(key: globalThis.CryptoKey): asserts key is CryptoKey {
if (!(key instanceof CryptoKey)) {
throw new TypeError(`Key is not of type 'CryptoKey'`);
}
}

Error: Error during exporting public key: Key is not of type 'CryptoKey'

    at PublicKeyInfo.importKey (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at Function.issue (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/x509/Certificate.ts:108:5)
    at PublicGatewayManager.generate (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.ts:40:32)
    at Object.<anonymous> (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.spec.ts:67:28)

But it shouldn't be (according to my debugger):

cryptokey-err


I think the issue is analogous to PeculiarVentures/asn1-schema#71. Here some info on the dependency tree:

$ npm list webcrypto-core
@relaycorp/relaynet-internet-gateway@1.0.0 /home/gus/repos/relaynet-internet-gateway
└─┬ @relaycorp/relaynet-core@1.80.2
  ├─┬ @peculiar/webcrypto@1.4.0
  │ └── webcrypto-core@1.7.5  deduped
  └── webcrypto-core@1.7.5 

$ npm list @peculiar/webcrypto
@relaycorp/relaynet-internet-gateway@1.0.0 /home/gus/repos/relaynet-internet-gateway
└─┬ @relaycorp/relaynet-core@1.80.2
  └── @peculiar/webcrypto@1.4.0

The CryptoKeyPair is generated inside @relaycorp/relaynet-core, using @peculiar/webcrypto, and the resulting key pair is then passed to the root package (relaynet-internet-gateway). Then the root package tries to use that key pair to issue a self-signed certificate using @relaycorp/relaynet-core (which in turn uses PKI.js), but it fails with the error above.

Note that I tried skipping the key instanceof CryptoKey check above, but hit a new error from @peculiar/webcrypto:

Error: Error during exporting public key: Cannot get CryptoKey from secure storage

    at PublicKeyInfo.importKey (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at Function.issue (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/x509/Certificate.ts:108:5)
    at PublicGatewayManager.generate (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.ts:40:32)
    at Object.<anonymous> (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.spec.ts:67:28)
@microshine
Copy link
Contributor

@peculiar/webcrypto use WeakMap to protect private key data. Here is storage implementation. As you can see, getCryptoKey throws Cannot get CryptoKey from secure storage exception.

Sometimes I've got the similar problem with WebCrypto. To fix it, I use resolutions option in package.json for yarn. Try to use overrides option for npm.

One more thought, maybe it's possible to fix the problem by moving @peculiar/webcrypto into peerDependency

@microshine
Copy link
Contributor

/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19

It's interesting. You've got node_modules folder for @relaycorp/relaynet-core.

I bet the problem is in module duplicates

gnarea added a commit to relaycorp/relaynet-core-js that referenced this issue Jun 21, 2022
@gnarea
Copy link
Contributor Author

gnarea commented Jun 21, 2022

Hi @microshine! Thanks for looking into this.

What should I try setting overrides to in package.json? We're already using webcrypto-core@1.7.5 across the board.

I tried adding @peculiar/webcrypto to peerDependencies in @relaycorp/relaynet-core. That makes key instanceof CryptoKey work, but then I hit the WeakMap-related issue:

Error: Error during exporting public key: Key is not of type 'CryptoKey'

    at PublicKeyInfo.importKey (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/node_modules/pkijs/build/index.js:3935:19)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Function.issue (/home/gus/repos/relaynet-internet-gateway/node_modules/@relaycorp/relaynet-core/src/lib/crypto_wrappers/x509/Certificate.ts:108:5)
    at PublicGatewayManager.generate (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.ts:40:32)
    at Object.<anonymous> (/home/gus/repos/relaynet-internet-gateway/src/node/PublicGatewayManager.spec.ts:67:28)

I don't know why I'm hitting this issue, having seen the @peculiar/webcrypto implementation. It should work 🤔 I'll take another look at this tomorrow with fresh eyes.

@microshine
Copy link
Contributor

microshine commented Jun 22, 2022

@microshine
Copy link
Contributor

Looks I was wrong. It's the same dependency for @relaycorp/relaynet-core package.

One more thought. Try to remove package-lock.json and node_modules folder and reinstall dependencies.

The structure of node_modules has been changed

image

gnarea added a commit to relaycorp/relaynet-core-js that referenced this issue Jun 29, 2022
gnarea added a commit to relaycorp/awala-gateway-internet that referenced this issue Jun 29, 2022
@gnarea
Copy link
Contributor Author

gnarea commented Jun 29, 2022

Thanks @microshine!

I've now added @peculiar/webcrypto and webcrypto-core (for good measure) to @relaycorp/relaynet-core, and re-created package-lock.json in relaynet-internet-gateway. However, this last change has taken me back to the original problem of Key is not of type 'CryptoKey'.

Note that npm list still shows a single instance of @peculiar/webcrypto and multiple of webcrypto core (though they're all deduped):

$ npm list @peculiar/webcrypto
@relaycorp/relaynet-internet-gateway@1.0.0 /home/gus/repos/relaynet-internet-gateway
└─┬ @relaycorp/relaynet-core@1.81.2
  └── @peculiar/webcrypto@1.4.0

$ npm list webcrypto-core
@relaycorp/relaynet-internet-gateway@1.0.0 /home/gus/repos/relaynet-internet-gateway
├─┬ @relaycorp/awala-keystore-cloud@2.0.0
│ └── webcrypto-core@1.7.5
└─┬ @relaycorp/relaynet-core@1.81.2
  ├─┬ @peculiar/webcrypto@1.4.0
  │ └── webcrypto-core@1.7.5 deduped
  └── webcrypto-core@1.7.5 deduped

package-lock.json does appear to show two instances of @peculiar/webcrypto if I'm reading it right. That's still the case after deleting package-lock.json and node_modules, and running npm i again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants