fix: better error for missing web crypto

This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io>
2025-03-15 15:21:07 +00:00 · 2019-07-17 11:17:18 +01:00 · 2019-07-17 11:17:18 +01:00 · a5e05603ef
commit a5e05603ef
parent 0b686d363c
6 changed files with 123 additions and 23 deletions
--- a/README.md
+++ b/README.md
@ -51,11 +51,32 @@ This repo contains the JavaScript implementation of the crypto primitives needed
 npm install --save libp2p-crypto
 ```

+## Usage
+
+```js
+const crypto = require('libp2p-crypto')
+
+// Now available to you:
+//
+// crypto.aes
+// crypto.hmac
+// crypto.keys
+// etc.
+//
+// See full API details below...
+```
+
+### Web Crypto API
+
+The `libp2p-crypto` library depends on the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) in the browser. Web Crypto is available in all modern browsers, however browsers restrict its usage to [Secure Contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).
+
+**This means you will not be able to use some `libp2p-crypto` functions in the browser when the page is served over HTTP.**
+
 ## API

 ### `crypto.aes`

-Expoes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
+Exposes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.

 This uses `CTR` mode.

--- a/src/hmac/index-browser.js
+++ b/src/hmac/index-browser.js
@ -1,6 +1,6 @@
 'use strict'

-const webcrypto = require('../webcrypto.js')
+const webcrypto = require('../webcrypto')
 const lengths = require('./lengths')

 const hashTypes = {
@ -10,13 +10,13 @@ const hashTypes = {
 }

 const sign = async (key, data) => {
-  return Buffer.from(await webcrypto.subtle.sign({ name: 'HMAC' }, key, data))
+  return Buffer.from(await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data))
 }

 exports.create = async function (hashType, secret) {
  const hash = hashTypes[hashType]

-  const key = await webcrypto.subtle.importKey(
+  const key = await webcrypto.get().subtle.importKey(
    'raw',
    secret,
    {
--- a/src/keys/ecdh-browser.js
+++ b/src/keys/ecdh-browser.js
@ -1,7 +1,7 @@
 'use strict'

 const errcode = require('err-code')
-const webcrypto = require('../webcrypto.js')
+const webcrypto = require('../webcrypto')
 const BN = require('asn1.js').bignum
 const { toBase64, toBn } = require('../util')
 const validateCurveType = require('./validate-curve-type')
@ -14,8 +14,7 @@ const bits = {

 exports.generateEphmeralKeyPair = async function (curve) {
  validateCurveType(Object.keys(bits), curve)
-
-  const pair = await webcrypto.subtle.generateKey(
+  const pair = await webcrypto.get().subtle.generateKey(
    {
      name: 'ECDH',
      namedCurve: curve
@ -29,7 +28,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
    let privateKey

    if (forcePrivate) {
-      privateKey = await webcrypto.subtle.importKey(
+      privateKey = await webcrypto.get().subtle.importKey(
        'jwk',
        unmarshalPrivateKey(curve, forcePrivate),
        {
@ -44,7 +43,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
    }

    const keys = [
-      await webcrypto.subtle.importKey(
+      await webcrypto.get().subtle.importKey(
        'jwk',
        unmarshalPublicKey(curve, theirPub),
        {
@ -57,7 +56,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
      privateKey
    ]

-    return Buffer.from(await webcrypto.subtle.deriveBits(
+    return Buffer.from(await webcrypto.get().subtle.deriveBits(
      {
        name: 'ECDH',
        namedCurve: curve,
@ -68,7 +67,7 @@ exports.generateEphmeralKeyPair = async function (curve) {
    ))
  }

-  const publicKey = await webcrypto.subtle.exportKey('jwk', pair.publicKey)
+  const publicKey = await webcrypto.get().subtle.exportKey('jwk', pair.publicKey)

  return {
    key: marshalPublicKey(publicKey),
--- a/src/keys/rsa-browser.js
+++ b/src/keys/rsa-browser.js
@ -1,12 +1,12 @@
 'use strict'

-const webcrypto = require('../webcrypto.js')
+const webcrypto = require('../webcrypto')
 const randomBytes = require('../random-bytes')

 exports.utils = require('./rsa-utils')

 exports.generateKey = async function (bits) {
-  const pair = await webcrypto.subtle.generateKey(
+  const pair = await webcrypto.get().subtle.generateKey(
    {
      name: 'RSASSA-PKCS1-v1_5',
      modulusLength: bits,
@ -27,7 +27,7 @@ exports.generateKey = async function (bits) {

 // Takes a jwk key
 exports.unmarshalPrivateKey = async function (key) {
-  const privateKey = await webcrypto.subtle.importKey(
+  const privateKey = await webcrypto.get().subtle.importKey(
    'jwk',
    key,
    {
@ -57,7 +57,7 @@ exports.unmarshalPrivateKey = async function (key) {
 exports.getRandomValues = randomBytes

 exports.hashAndSign = async function (key, msg) {
-  const privateKey = await webcrypto.subtle.importKey(
+  const privateKey = await webcrypto.get().subtle.importKey(
    'jwk',
    key,
    {
@ -68,7 +68,7 @@ exports.hashAndSign = async function (key, msg) {
    ['sign']
  )

-  const sig = await webcrypto.subtle.sign(
+  const sig = await webcrypto.get().subtle.sign(
    { name: 'RSASSA-PKCS1-v1_5' },
    privateKey,
    Uint8Array.from(msg)
@ -78,7 +78,7 @@ exports.hashAndSign = async function (key, msg) {
 }

 exports.hashAndVerify = async function (key, sig, msg) {
-  const publicKey = await webcrypto.subtle.importKey(
+  const publicKey = await webcrypto.get().subtle.importKey(
    'jwk',
    key,
    {
@ -89,7 +89,7 @@ exports.hashAndVerify = async function (key, sig, msg) {
    ['verify']
  )

-  return webcrypto.subtle.verify(
+  return webcrypto.get().subtle.verify(
    { name: 'RSASSA-PKCS1-v1_5' },
    publicKey,
    sig,
@ -99,13 +99,13 @@ exports.hashAndVerify = async function (key, sig, msg) {

 function exportKey (pair) {
  return Promise.all([
-    webcrypto.subtle.exportKey('jwk', pair.privateKey),
-    webcrypto.subtle.exportKey('jwk', pair.publicKey)
+    webcrypto.get().subtle.exportKey('jwk', pair.privateKey),
+    webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
  ])
 }

 function derivePublicFromPrivate (jwKey) {
-  return webcrypto.subtle.importKey(
+  return webcrypto.get().subtle.importKey(
    'jwk',
    {
      kty: jwKey.kty,
--- a/src/webcrypto.js
+++ b/src/webcrypto.js
@ -1,5 +1,24 @@
-/* global self */
+/* eslint-env browser */

 'use strict'

-module.exports = self.crypto || self.msCrypto
+// Check native crypto exists and is enabled (In insecure context `self.crypto`
+// exists but `self.crypto.subtle` does not).
+exports.get = (win = self) => {
+  const nativeCrypto = win.crypto || win.msCrypto
+
+  if (!nativeCrypto || !nativeCrypto.subtle) {
+    throw Object.assign(
+      new Error(
+        'Missing Web Crypto API. ' +
+        'The most likely cause of this error is that this page is being accessed ' +
+        'from an insecure context (i.e. not HTTPS). For more information and ' +
+        'possible resolutions see ' +
+        'https://github.com/libp2p/js-libp2p-crypto/blob/master/README.md#web-crypto-api'
+      ),
+      { code: 'ERR_MISSING_WEB_CRYPTO' }
+    )
+  }
+
+  return nativeCrypto
+}
--- a/test/browser.js
+++ b/test/browser.js
@ -0,0 +1,61 @@
+/* eslint-env mocha */
+'use strict'
+
+const chai = require('chai')
+const dirtyChai = require('dirty-chai')
+const expect = chai.expect
+chai.use(dirtyChai)
+const crypto = require('../')
+const webcrypto = require('../src/webcrypto')
+
+async function expectMissingWebCrypto (fn) {
+  try {
+    await fn()
+  } catch (err) {
+    expect(err.code).to.equal('ERR_MISSING_WEB_CRYPTO')
+    return
+  }
+  throw new Error('Expected missing web crypto error')
+}
+
+describe('Missing web crypto', () => {
+  let webcryptoGet
+  let rsaPrivateKey
+
+  before(async () => {
+    rsaPrivateKey = await crypto.keys.generateKeyPair('RSA', 512)
+  })
+
+  before(() => {
+    webcryptoGet = webcrypto.get
+    webcrypto.get = () => webcryptoGet({})
+  })
+
+  after(() => {
+    webcrypto.get = webcryptoGet
+  })
+
+  it('should error for hmac create when web crypto is missing', () => {
+    return expectMissingWebCrypto(() => crypto.hmac.create('SHA256', Buffer.from('secret')))
+  })
+
+  it('should error for generate ephemeral key pair when web crypto is missing', () => {
+    return expectMissingWebCrypto(() => crypto.keys.generateEphemeralKeyPair('P-256'))
+  })
+
+  it('should error for generate rsa key pair when web crypto is missing', () => {
+    return expectMissingWebCrypto(() => crypto.keys.generateKeyPair('rsa', 256))
+  })
+
+  it('should error for unmarshal RSA private key when web crypto is missing', () => {
+    return expectMissingWebCrypto(() => crypto.keys.unmarshalPrivateKey(crypto.keys.marshalPrivateKey(rsaPrivateKey)))
+  })
+
+  it('should error for sign RSA private key when web crypto is missing', () => {
+    return expectMissingWebCrypto(() => rsaPrivateKey.sign(Buffer.from('test')))
+  })
+
+  it('should error for verify RSA public key when web crypto is missing', () => {
+    return expectMissingWebCrypto(() => rsaPrivateKey.public.verify(Buffer.from('test'), Buffer.from('test')))
+  })
+})