Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Error: Unknown message digest" caused by crypto.subtle.verify({'name':'ECDSA', 'hash':'SHA-256'}, ...) when bundling via browserify #32

Open
Jonas-Metzger opened this issue Jun 22, 2021 · 2 comments
Open

"Error: Unknown message digest" caused by crypto.subtle.verify({'name':'ECDSA', 'hash':'SHA-256'}, ...) when bundling via browserify #32

Jonas-Metzger opened this issue Jun 22, 2021 · 2 comments

Comments

@Jonas-Metzger
Copy link

I'm trying to bundle the PageSigner pgsg-node.js (written in NodeJS) using browserify, such that I can run it via QuickJS and eventually compile it to WASM. (Not for a browser application however - I need to run it on a WASM VM).

After some necessary edits to the code of pgsg-node.js, I managed to successfully execute both node bundle.js and the QuickJS analogue qjs bundle.js and log the final output to the console. However, that only works if I remove this crucial line:

var result = await crypto.subtle.verify({'name':'ECDSA', 'hash':'SHA-256'}, notary_pk_CryptoKey, ba2ab(sig_p1363), ba2ab(signed_data_ba))

and replace it with var result = true. Otherwise I get the following error after executing node bundle.js:

Error: Unknown message digest
    at new Verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13849:20)
    at Object.createVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13882:10)
    at Function.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33318:51)
    at EcdsaProvider.onVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33496:25)
    at EcdsaProvider.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82175:30)
    at SubtleCrypto.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82832:39)
    at verifyNotarySig (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:2724:39)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async verifyPgsgV4 (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:723:10)
    at async Object.verifyPgsg (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:661:12) Error
(node:7830) UnhandledPromiseRejectionWarning: Error: Unknown message digest
    at new Verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13849:20)
    at Object.createVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13882:10)
    at Function.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33318:51)
    at EcdsaProvider.onVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33496:25)
    at EcdsaProvider.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82175:30)
    at SubtleCrypto.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82832:39)
    at verifyNotarySig (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:2724:39)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async verifyPgsgV4 (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:723:10)
    at async Object.verifyPgsg (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:661:12)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:7830) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:7830) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

What's weird is that at least some of the crypto.subtle functionality works, the line right before

var notary_pk_CryptoKey = await crypto.subtle.importKey(
      "raw", ba2ab(notaryPubkey_ba), {name: 'ECDSA', namedCurve:'P-256'}, true, ["verify"]);

works flawlessly. Also, executing my modified unbundled file node pgsg-node.js does not produce this error.
@microshine
Copy link
Collaborator

You don't need to use @peculiar/webcrypto for the browser. Use global crypto object.

self.crypto.subtle.verify(...);

As I can see it throws exception here. It calls NodeJS Crypto API. But browser doesn't have that API. And looks your bundle file doesn't include that implementation.

@Jonas-Metzger
Copy link
Author

Thank you! As I said, it's not meant to run in a browser (hence I can't rely on the browser's webcrypto api), but on a WASM VM.

Thanks a lot for the pointer, I wasn't expecting it to use the NodeJS crypto module! I am assuming you were referring to analogous line in the verify function rather than the sign function.

I think browserify replaces NodeJS crypto API with crypto-browserify. So probably I should ask them what's going on.

@Jonas-Metzger Jonas-Metzger mentioned this issue Jun 23, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@microshine @Jonas-Metzger