Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch from Node's crypto to WebCrypto.subtle #27

Merged
merged 3 commits into from
Apr 14, 2023
Merged

Switch from Node's crypto to WebCrypto.subtle #27

merged 3 commits into from
Apr 14, 2023

Conversation

keyz-tk
Copy link
Contributor

@keyz-tk keyz-tk commented Apr 14, 2023

Summary & Motivation

Spiritual successor to #26. See inline comments re: the s u b t l e difference in signature encoding

How I Tested These Changes

  • CI
  • Ran a few examples

@keyz-tk keyz-tk force-pushed the isomorphic-crypto branch from f44a2f5 to 361d31c Compare April 14, 2023 04:08
@keyz-tk keyz-tk merged commit 26319a8 into main Apr 14, 2023
r-n-o
r-n-o reviewed Apr 14, 2023
View reviewed changes
packages/http/src/stamp.ts
key: privateKeyPkcs8Der,
});
return await webcrypto.subtle.importKey(
"pkcs8",
Copy link
Contributor

@r-n-o r-n-o Apr 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

webcrypto.subtle.importKey supports raw as encoding (link to docs). Can we use this instead of pkcs8? That'd be easier to deal with if it works!

Copy link
Contributor Author

@keyz-tk keyz-tk Apr 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unfortunately no -- you'd think that it should work right? Then you see:
image

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😿

Dang it. Well, thanks for checking!

r-n-o
r-n-o reviewed Apr 14, 2023
View reviewed changes
packages/http/src/stamp.ts
Comment on lines +68 to +74
* `SubtleCrypto.sign(...)` outputs signature in IEEE P1363 format:
* - https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa
*
* Turnkey expects the signature encoding to be DER-encoded ASN.1:
* - https://github.com/tkhq/tkcli/blob/7f0159af5a73387ff050647180d1db4d3a3aa033/src/internal/apikey/apikey.go#L149
*
* Code modified from https://github.com/google/tink/blob/6f74b99a2bfe6677e3670799116a57268fd067fa/javascript/subtle/elliptic_curves.ts#L114
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh man. Painful. Thanks for going through this 🎖️

r-n-o
r-n-o reviewed Apr 14, 2023
View reviewed changes
packages/http/src/stamp.ts
* @param ieee the ECDSA signature in IEEE encoding
* @return ECDSA signature in DER encoding
*/
function convertEcdsaIeee1363ToDer(ieee: Uint8Array): Uint8Array {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think some basic tests are in order for this function? I know it's indirectly tested by the high-level "signature is valid" test, but I'd feel better with a few unit tests given this function has pretty complex, hard-to-review-at-a-glance logic.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah good point -- i'll copy some tests over from google's repo (assuming they have good coverage)

This was referenced Apr 18, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r-n-o r-n-o r-n-o left review comments

@MaxBlaushild MaxBlaushild MaxBlaushild approved these changes

@jack-kearney jack-kearney Awaiting requested review from jack-kearney

@andrewkmin andrewkmin Awaiting requested review from andrewkmin

@timurnkey timurnkey Awaiting requested review from timurnkey

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@keyz-tk @MaxBlaushild @r-n-o