NPE on deriveSecret in wasmJS running in an unsecure context

[adriandieter]

I was getting a NullPointerException when calling deriveSecret on a pbkdf2 secret derivation in an unsecure browser context in wasmJs.

Expectation would have been a meaning full error message that points to the issue. It does work on localhost over http and started to fail when I tried accessing the same site from the local network.

The Stacktrace points to getSubtleCrypto: https://github.com/whyoleg/cryptography-kotlin/blob/186a42095596d697d1bddc7cc7085464ebe24591/cryptography-providers/webcrypto/src/wasmJsMain/kotlin/internal/SubtleCrypto.wasmJs.kt#L49-L62

Since running in the browser, line 57 probably evaluates to undefined from window.crypto.subtle.

Possible solution would be to use the secure context feature detection window.isSecureContext, or to check for undefined before returning and throwing a meaningful exception.

Stacktrace:

kotlin.captureStackTrace@webpack-internal:///./kotlin/-wasm-js.uninstantiated.mjs:20:44
<..>.kotlin.captureStackTrace__externalAdapter@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[10778]:0x16e498
<..>.kotlin.Throwable.<init>@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[10768]:0x16e2f6
<..>.kotlin.Throwable.<init>@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[10771]:0x16e3bb
<..>.kotlin.Exception.<init>@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[11133]:0x17244e
<..>.kotlin.RuntimeException.<init>@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[11123]:0x172270
<..>.kotlin.NullPointerException.<init>@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[11165]:0x1729ee
<..>.kotlin.wasm.internal.THROW_NPE@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[10736]:0x16df55
<..>.dev.whyoleg.cryptography.providers.webcrypto.internal.getSubtleCrypt   o__externalAdapter@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[29280]:0x293e57
<..>.dev.whyoleg.cryptography.providers.webcrypto.internal.WebCrypto.<init>@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[29305]:0x294935
<..>.dev.whyoleg.cryptography.providers.webcrypto.internal.WebCrypto_getInstance@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[29317]:0x294b4d
<..>.dev.whyoleg.cryptography.providers.webcrypto.algorithms.$deriveSecretToByteArrayCOROUTINE$8.doResume@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[29045]:0x291000
<..>.dev.whyoleg.cryptography.providers.webcrypto.algorithms.Pbkdf2SecretDerivation.deriveSecretToByteArray@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[29049]:0x29118b
<..>.dev.whyoleg.cryptography.operations.$deriveSecretCOROUTINE$10.doResume@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[13901]:0x1a5a30
<..>.dev.whyoleg.cryptography.operations.SecretDerivation.deriveSecret@http://192.168.168.90:5173/21db74f57afa5bca9690.wasm:wasm-function[13906]:0x1a5d0f
code calling deriveSecret

Thanks for building cryptography-kotlin! ✨

[whyoleg]

Hey! Thanks for bringing attention to this! I agree, it would be nice to throw better error.