Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webcrypto: graduate from experimental, expose via crypto #37969

Closed
wants to merge 2 commits into from
Closed

webcrypto: graduate from experimental, expose via crypto #37969

wants to merge 2 commits into from

Conversation

jasnell
Copy link
Member

@jasnell jasnell commented Mar 29, 2021

In the browser, the crypto global exposes subtle and
getRandomValues as properties. In the Node.js impl, those
require an additional indirection via crypto.webcrypto.*.
This commit exposes aliases to promote cross-environment
isomorphism.

Note: In the browser, the CryptoKey object is also exposed
as a global. I decided not to do that here because it requires
a larger change to the internal node_crypto binding because
of the need to register external references. That can be done
in a separate PR but it's a much lower priority.

This also graduates WebCrypto from experimental status.

Signed-off-by: James M Snell [email protected]

@jasnell
crypto: expose subtle and getRandomValues from crypto
05c9362 
In the browser, the `crypto` global exposes `subtle` and
`getRandomValues` as properties. In the Node.js impl, those
require an additional indirection via `crypto.webcrypto.*`.
This commit exposes aliases to promote cross-environment
isomorphism.

Note: In the browser, the `CryptoKey` object is also exposed
as a global. I decided not to do that here because it requires
a larger change to the internal `node_crypto` binding because
of the need to register external references. That can be done
in a separate PR but it's a much lower priority.

Signed-off-by: James M Snell <[email protected]>
@jasnell
crypto: graduate webcrypto to stable
fce125d 
Signed-off-by: James M Snell <[email protected]>
@nodejs-github-bot nodejs-github-bot added crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Mar 29, 2021
@jasnell jasnell added semver-minor PRs that contain new features and should be released in the next minor version. webcrypto and removed needs-ci PRs that need a full CI run. labels Mar 29, 2021
targos
targos requested changes Mar 29, 2021
View reviewed changes
Copy link
Member

@targos targos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crypto is not a global, as the added test shows.

@targos
Copy link
Member

targos commented Mar 29, 2021

This also graduates WebCrypto from experimental status.

I'd be much more comfortable approving this part of the change if we had the WebCryptoAPI WPT in the tree.

@jasnell
Copy link
Member Author

jasnell commented Mar 29, 2021
edited
Loading

crypto is not a global, as the added test shows.

Sorry, I was speaking of it as a global in terms of the repl but wasn't clear. Because it is a global in the repl, making globalThis.crypto == crypto.webcrypto would be problematic since crypto would refer to two entirely different things depending on how you ran Node.js.

@panva
Copy link
Member

panva commented Mar 30, 2021
edited
Loading

I've done interoperability testing on everything defined by Web Cryptography API, but I wouldn't rush calling the Non-standard Node.js extensions as stable just yet, as evidenced by the fact that every time I attempted to use one of them I found a thing to fix. Is there a way for us to call the standard defined algorithms stable but keep the node specific extensions experimental?

We should also take this moment to consider whether we really want to keep those extensions around. This might be the last chance for us to ditch or trim those. Not saying we should, but this is the time to reflect.

This commit exposes aliases to promote cross-environment isomorphism.

I'm also not sure this PR achieves such a thing. For one it's not exposed via globalThis, so one has to write runtime specific code to import crypto anyway. [1], [2]

@targos
Copy link
Member

targos commented Mar 30, 2021

Sorry, I was speaking of it as a global in terms of the repl but wasn't clear. Because it is a global in the repl, making globalThis.crypto == crypto.webcrypto would be problematic since crypto would refer to two entirely different things depending on how you ran Node.js.

I understand. We need to think about this, because one solution could be to make globalThis.crypto a reference to the entire crypto module (along with the change in this PR) (Not saying we should do that).
In the current state, it can also be problematic in the context of the REPL, because modules that check for the presence of globalThis.crypto.subtle will behave differently than in a usual Node.js context.

@jasnell
Copy link
Member Author

jasnell commented Mar 30, 2021

@panva:

Is there a way for us to call the standard defined algorithms stable but keep the node specific extensions experimental?

Yes, absolutely.

We should also take this moment to consider whether we really want to keep those extensions around. This might be the last chance for us to ditch or trim those. Not saying we should, but this is the time to reflect.

I believe there's value in keeping them, but I'm a bit biased since I added them ;-) ... we can absolutely keep those extensions experimental for some time.

@targos:

We need to think about this, because one solution could be to make globalThis.crypto a reference to the entire crypto module (along with the change in this PR) (Not saying we should do that).

I could go either way with it. I'm fine with making it a global, but I'm also fine with keeping it behind the require('crypto') and import ... from 'crypto'

@jasnell jasnell changed the title webcrypto: graduate from experimental, expose via crypto global webcrypto: graduate from experimental, expose via crypto Mar 30, 2021
@tniessen
Copy link
Member

tniessen commented Apr 1, 2021

could be to make globalThis.crypto a reference to the entire crypto module (along with the change in this PR) (Not saying we should do that)

This might lead to problems when Node.js is compiled without OpenSSL and disables lazy loading.

@panva
Copy link
Member

panva commented Apr 1, 2021

#38029 has to land first

@jasnell jasnell marked this pull request as draft April 6, 2021 16:18
@panva
Copy link
Member

panva commented Apr 8, 2021

I believe there's value in keeping them

I'm torn on this one, aside from the Curve25519/448 raw key import which we could just add to crypto.createPublicKey and crypto.createPrivateKey respectively I am lacking the signal that resulted in them being added.

Since these are not portable to other Web Cryptography API implementations if it came down to a decision I'd say remove the Node.js-specific extensions.

I could go either way with it. I'm fine with making it a global, but I'm also fine with keeping it behind the require('crypto') and import ... from 'crypto'

Adding it to global would conflict with crypto in REPL and adding to actual require(crypto) does not help with universal libs. So I'd stick with the current scheme.

@jasnell jasnell closed this May 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@targos targos targos requested changes

Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. semver-minor PRs that contain new features and should be released in the next minor version. webcrypto
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jasnell @targos @panva @tniessen @nodejs-github-bot