-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: Better docs for cases where peer's public key is invalid #16849
Conversation
doc/api/crypto.md
Outdated
@@ -522,6 +522,12 @@ provided, `otherPublicKey` is expected to be a [`Buffer`][], | |||
If `outputEncoding` is given a string is returned; otherwise, a | |||
[`Buffer`][] is returned. | |||
|
|||
*Note*: | |||
|
|||
* The `server.computeSecret` will throw an |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be diffieHellman.computeSecret()
?
Also we can drop 'The' at the beginning.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my mistake :)
already corrected 👍 thanks!
Marking major due to the change in the error message and use of internal/errors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, LGTM modulo nits.
doc/api/crypto.md
Outdated
|
||
* `diffieHellman.computeSecret` will throw an | ||
`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when the provided | ||
public key lies out of the elliptic curve. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/out of/outside/?
doc/api/errors.md
Outdated
|
||
Used when an invalid value for the `key` argument has been passed to the | ||
`crypto.ECDH()` class `computeSecret()` method. It means that the public | ||
key lies out of the elliptic curve. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Likewise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
xD damn!
corrected the 2 occurrences 👍
src/node_crypto.cc
Outdated
if (pub == nullptr) { | ||
args.GetReturnValue().Set( | ||
String::NewFromUtf8(env->isolate(), | ||
"ERR_CRYPTO_ECDH_KEY_FAIL_TRANSLATE")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style nit: can you indent line continuations by four spaces?
Since you're passing a static string, you can use the slightly more efficientFIXED_ONE_BYTE_STRING(env->isolate(), "...")
here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
this also helped me to correct the error code in c++(which was one of the first names i thought but then dropped for ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY
) 👍
Nice!
|
right @Emill ! |
doc/api/crypto.md
Outdated
@@ -668,6 +668,14 @@ provided, `otherPublicKey` is expected to be a [`Buffer`][], `TypedArray`, or | |||
If `outputEncoding` is given a string will be returned; otherwise a | |||
[`Buffer`][] is returned. | |||
|
|||
*Note*: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I'd remove *Note*:
and let the paragraph stand on its own.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
Updating the pr soon.
Thanks!
doc/api/errors.md
Outdated
<a id="ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY"></a> | ||
### ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY | ||
|
||
Used when an invalid value for the `key` argument has been passed to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: There's a PR in to remove Used when
from all these messages. I'd prefer this go in as something like this:
An invalid value for the
key
argument was passed to the...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done :)
But I want to understand the rationale behind the rule. It will help me a lot.
Thanks in advance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's to reduce wordiness and make the document more scannable. There were some pretty egregious examples, like:
The 'ERR_INVALID_CURSOR_POS' is thrown specifically when a cursor on
a given stream is attempted to move to a specified row without a specified
column.
That will be shortened to:
A cursor on a given stream cannot be moved to a specified row without
a specified column.
PR is #16954
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
xD nice example.
Understood.
Not sure but should the documentation include something like "since: node version x"? |
can be: "added: v0.0.0"? |
doc/api/crypto.md
Outdated
@@ -668,6 +668,12 @@ provided, `otherPublicKey` is expected to be a [`Buffer`][], `TypedArray`, or | |||
If `outputEncoding` is given a string will be returned; otherwise a | |||
[`Buffer`][] is returned. | |||
|
|||
* `ecdh.computeSecret` will throw an |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added: v0.0.0
We only use added
for new functions/classes/modules/etc.
What you want is something like this, added to the YAML block for this function:
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/16849
description: The default `computeSecret` option is supported now-
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, wait. I think I misunderstood; can you not make this a list item (not let this start with a *
)?
And I don't think you need a changelog entry if all that changed is the error format.
Looks good with this changed though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what version should be there instead of replace me? Maybe 9?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
forget it, i saw its 10 :)
doc/api/crypto.md
Outdated
@@ -668,6 +668,12 @@ provided, `otherPublicKey` is expected to be a [`Buffer`][], `TypedArray`, or | |||
If `outputEncoding` is given a string will be returned; otherwise a | |||
[`Buffer`][] is returned. | |||
|
|||
* `ecdh.computeSecret` will throw an |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, wait. I think I misunderstood; can you not make this a list item (not let this start with a *
)?
And I don't think you need a changelog entry if all that changed is the error format.
Looks good with this changed though.
changes in c++ are in the computeSecret function, but the thrown exception that was moved to JS land was in BufferToPoint function, here i let the allocation error be thrown so the only value returned is the nullptr that i use later to catch the error in computeSecret, to then construct the exception in JS land. an ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error was added to errors.js and with that, subsequent changes to docs and tests were made. Fixes: #16625 Refs: https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf
Landed in 845633a, thanks for the PR! 🎉 |
changes in c++ are in the computeSecret function, but the thrown exception that was moved to JS land was in BufferToPoint function, here i let the allocation error be thrown so the only value returned is the nullptr that i use later to catch the error in computeSecret, to then construct the exception in JS land. an ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error was added to errors.js and with that, subsequent changes to docs and tests were made. PR-URL: #16849 Refs: https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf Fixes: #16625 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
changes in c++ are in the computeSecret function, but the thrown
exception that was moved to JS land was in BufferToPoint
function, here i let the allocation error be thrown so the only value
returned is the nullptr that i use later to catch the error in
computeSecret, to then construct the exception in JS land.
an ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error was added to errors.js
and with that, subsequent changes to docs and tests were made.
Fixes: #16625
Refs: https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
crypto, doc, test