Async Crypto Endeavour #12
Conversation
dignifiedquire
force-pushed
the
webcrypto
branch
from
5bf081f
to
eb5de10
Compare
|
Added PKCS#1 handling to ensure interop with go, which made rsa key generation a lot slower. Need to find a faster way to do this. |
Turns out it is not slower, I just misread my stats :) Just a small size increase due to the need to bundle some more JavaScript libraries. |
dignifiedquire
changed the title
|
| "protocol-buffers": "^3.1.6" | ||
| "asn1.js": "^4.8.1", | ||
| "async": "^2.0.1", | ||
| "multihashing-async": "^0.1.0", |
There was a problem hiding this comment.
the "Needs" on #12 (comment) is no longer valid, right?
| - `buf: Buffer` | ||
| - `callback: Function` | ||
|
|
||
| Converts a protobuf serialized private key into its representative object. |
There was a problem hiding this comment.
API should be on the README.md
There was a problem hiding this comment.
It's too long and was moved out, as we did before with very large APIs
There was a problem hiding this comment.
I don't believe that is true, which other modules have an API.md?
| - [`marshalPublicKey(key[, type])`](#marshalpublickeykey-type) | ||
| - [`unmarshalPublicKey(buf)`](#unmarshalpublickeybuf) | ||
| - [`marshalPrivateKey(key[, type])`](#marshalprivatekeykey-type) | ||
| - [`unmarshalPrivateKey(buf)`](#unmarshalprivatekeybuf) |
There was a problem hiding this comment.
Let's continue linking the methods.
| - `buf: Buffer` | ||
|
|
||
| Converts a protobuf serialized private key into its representative object. | ||
| See [API.md](API.md) |
There was a problem hiding this comment.
The API should be on the README, it is how we do it in every other module.
| curves.forEach((curve) => { | ||
| suite.add(`ephemeral key with secrect ${curve}`, (d) => { | ||
| crypto.generateEphemeralKeyPair('P-256', (err, res) => { | ||
| if (err) throw err |
There was a problem hiding this comment.
Is this using latest aegir? Missing the curly
| 'use strict' | ||
|
|
||
| module.exports = function getWebCrypto () { | ||
| const WebCrypto = require('node-webcrypto-ossl') |
There was a problem hiding this comment.
WARNING
At this time this solution should be considered suitable for research and experimentation, further code and security review is needed before utilization in a production application.
This makes the statement that 'using webcrypto is safer' invalid because we know have to trust this shim
There was a problem hiding this comment.
It's a pretty thin wrapper around openssl, so I wouldn't say that this makes it less safe than the current things we have
| if (window.crypto) { | ||
| return window.crypto | ||
| } | ||
| } |
There was a problem hiding this comment.
wait, so, if in browser, we have to use a "webcrypto-shim"?
There was a problem hiding this comment.
webcrypto-shim only helps to fix some differences in api in some browsers, it doesn't actually provide a shim for the apis if they are not available
There was a problem hiding this comment.
- I see, can you add that as a comment?
| } | ||
| } | ||
|
|
||
| throw new Error('Please use an environment with crypto support') |
There was a problem hiding this comment.
If the shim is there, when would this happen?
There was a problem hiding this comment.
see above, in all browsers that don't have webcrypto this will happen
| 'use strict' | ||
|
|
||
| module.exports = function getWebCrypto () { | ||
| if (typeof window !== 'undefined') { |
There was a problem hiding this comment.
No, we don't want to know if we are in node, we explicitly want to know if there is a window object available.
| decrypt (bytes) { | ||
| return this._privateKey.decrypt(bytes, 'RSAES-PKCS1-V1_5') | ||
| decrypt (msg, callback) { | ||
| crypto.decrypt(this._key, msg, callback) |
There was a problem hiding this comment.
what is the difference between bytes and msg? Probably node, why change the name?
There was a problem hiding this comment.
I found msg to better describe what is actually being passed through.
|
This is a giant PR. I didn't see any direct go-ipfs interop tests with regards to crypto. |
They were there before, you can grep for |
|
Needs:
|
| expect(err).to.not.exist | ||
| if (err) { | ||
| return done(err) | ||
| } |
| const curveLengths = { | ||
| 'P-256': 32, | ||
| 'P-384': 48, | ||
| 'P-521': 66 |
There was a problem hiding this comment.
These lengths, are not equal to there lenghts:
| const lengths = { | ||
| 'P-256': 65, | ||
| 'P-384': 97, | ||
| 'P-521': 133 |
There was a problem hiding this comment.
these lengths are not the same as : https://github.com/libp2p/js-libp2p-crypto/pull/12/files#r83008550
| key = crypto.generateKeyPair('RSA', 2048) | ||
| before((done) => { | ||
| crypto.generateKeyPair('RSA', 2048, (err, _key) => { | ||
| if (err) return done(err) |
There was a problem hiding this comment.
Weird that aegir didn't fail to lint this one. It is missing the curly
|
☕️ I am happily awaiting this PR being merged |
daviddias
changed the title
| @@ -44,43 +58,91 @@ npm install --save libp2p-crypto | |||
| ```js | |||
| const crypto = require('libp2p-crypto') | |||
|
|
|||
| var keyPair = crypto.generateKeyPair('RSA', 2048) | |||
| crypto.generateKeyPair('RSA', 2048, (err, key) => { | |||
| }) | |||
There was a problem hiding this comment.
Is it key or keyPair? Wanna show an example of logging out each?
BREAKING CHANGE: generateKeyPair is now async
dignifiedquire
force-pushed
the
webcrypto
branch
from
5fd0a5c
to
b088bab
Compare
|
Stats return a 404 https://github.com/libp2p/js-libp2p-crypto/blob/webcrypto/stats.md |
node-forgeelliptic.js~~Needs https://github.com/multiformats/js-multihashing/pull/12~~ Now
multihashing-asyncStats can be found here: https://github.com/libp2p/js-libp2p-crypto/blob/webcrypto/stats.md