workerd icon indicating copy to clipboard operation
workerd copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

🐛 Bug Report — Runtime APIs - Incorrect reporting of available crypto modules

Open BjornTheProgrammer opened this issue 1 year ago • 2 comments
trafficstars

The following methods: generateKey, generateKeySync, generateKeyPair, and generateKeyPairSync are all methods that are not implemented. Despite that, cloudflare's docs suggest that all of these methods are supported.

Upon looking at the code base, this is what all of the functions state

export function generateKey(
  _type: SecretKeyType,
  _options: GenerateKeyOptions,
  callback: GenerateKeyCallback
) {
  // We intentionally have not implemented key generation up to this point.
  // The reason is that generation of cryptographically safe keys is a CPU
  // intensive operation that can often exceed limits on the amount of CPU
  // time a worker is allowed.
  callback(new ERR_METHOD_NOT_IMPLEMENTED('crypto.generateKeySync'));
}

Should the docs be updated to reflect this reality?

BjornTheProgrammer avatar Oct 26 '24 23:10 BjornTheProgrammer

@jasnell Could those calls be routed to subtle crypto or are those fundamentally different?

vicb avatar Oct 31 '24 12:10 vicb

I guess probably not after seeing https://github.com/cloudflare/workerd/commit/e7e8f3fb238a697696142cf1db4469b977f7599a

Let me know if I should update crypto.ts and the doc to mark those as throwing unimplemented.

vicb avatar Oct 31 '24 13:10 vicb

They are different. I have been in the process of extracting Node.js' implementation of key generation into a dependency library that we can pull into workerd to ensure that we are compatible with their approach. It is a very slow process given Node.js' requirements around code review, etc, and just the sheer size of the task. tl;dr is this is a work in progress. Eventually we will have a full implementation of the node:crypto module in workerd that does not rely on any polyfills.

jasnell avatar Nov 03 '24 23:11 jasnell

Changing this to a feature request.

jasnell avatar Nov 03 '24 23:11 jasnell

Let me know if I should update crypto.ts and the doc to mark those as throwing unimplemented.

Please do.

jasnell avatar Nov 03 '24 23:11 jasnell

@jasnell Thanks for the feedback, I have sent PRs to workerd and docs to clarify this.

@BjornTheProgrammer I hope this helps, you should look at the Web crypto APIs to generate crypto keys for now.

Thanks!

vicb avatar Nov 04 '24 07:11 vicb

@vicb Thank you for the response!

I was actually concerned about this because I was attempting to implement the createSign function and Sign class, which is a part of node:crypto, but it sounds like that might be part of the node library that @jasnell is working on. Is that true?

If so I might be interested in potentially contributing.

BjornTheProgrammer avatar Nov 04 '24 07:11 BjornTheProgrammer

@BjornTheProgrammer James is indeed working on bringing in the whole node:crypto module:

Eventually we will have a full implementation of the node:crypto module in workerd that does not rely on any polyfills.

This is a long because it requires refactoring Node.js sources:

It is a very slow process given Node.js' requirements around code review, etc, and just the sheer size of the task

James will be able to tell you more about if/how you can help with that

vicb avatar Nov 04 '24 07:11 vicb

hope this can be done soon. Need to implement api encryption on worker.

LennoxSears avatar Dec 05 '24 12:12 LennoxSears

generateKey(...), generateKeySync(...), generateKeyPair(...), and generateKeyPairSync(...) have all been implemented directly in the runtime now.

jasnell avatar Mar 12 '25 16:03 jasnell