ironcorelabs / recrypt-wasm-binding Goto Github PK
View Code? Open in Web Editor NEWBindings to be able to use recrypt-rs within a browser via WebAssembly.
License: GNU Affero General Public License v3.0
Bindings to be able to use recrypt-rs within a browser via WebAssembly.
License: GNU Affero General Public License v3.0
Pull in the ironcore-search-helpers
and expose functions. Requires these steps:
generate_hashes_for_string_with_padding
and generate_hashes_for_string
functions, behind a feature flag.GitHub is reporting three vulnerabilities:
lodash critical CVE-2019-10744
mixin-deep high sev CVE-2019-10746
set-value high sev CVE-2019-10747
//Transform the encrypted data (without decrypting it!) so that it can be decrypted with the second key pair
const transformedEncryptedValue = Api256.transform(encryptedValue, userToDeviceTransformKey, signingKeys.privateKey);
I was wondering why this step needs the sigingKeys.privateKey. Doesn't that add the risk that comes with transferring the signignKey privateKey to the device?
I'm not sure which version of wasm-bindgen
is running in CI, but my local attempts with wasm-bindgen 0.2.74 (d1d64200a)
failed to compile.
It looks like there need to be significant reworks in the fixBindgenShim.js
code, as the output of wasm-bindgen
has changed pretty significantly itself.
function removeNodeJSFunctions() {
const shimJS = fs.readFileSync(SOURCE_JS_FILE, "utf8");
//Replace the entire __wbg_require and randomFillSync method that is auto generated in the output.
const codeWithoutNode = shimJS
.replace(/\nexport function __wbg_require_[a-f0-9]*[(]arg0, arg1[)] {[^}]*};\n/, "")
.replace(/\nexport function __wbg_randomFillSync_[a-f0-9]*[(]arg0, arg1, arg2[)] {[^}]*};\n/, "");
if (codeWithoutNode.includes("require(") || codeWithoutNode.includes("randomFillSync")) {
throw new Error("Replacement of NodeJS import and/or randomFillSync functions failed!");
}
fs.writeFileSync(SOURCE_JS_FILE, codeWithoutNode, "utf8");
}
That worked to fix the removeNodeJSFunctions
breakage, but it looks like each of the other replacement functions may have changed as well.
According to https://caniuse.com/cryptography, WebCrypto support in WebWorkers was added to Edge at the end of 2018, we may now be safe to drop all the stuff we're doing in the shim to use Recrypt.setRandomSeed
instead in Edge, which would simplify the shim drastically.
There are several downstream vulnerabilities that could tangentially impact this library, update dependencies.
We need to upgrade to the latest recrypt-rs version which involves some rand changes that we'll need to figure out. In addition we need to expose a function to subtract a private key from another private key in order to do key rotation.
Edge doesn't yet support the PBKDF2 flavor that we've implemented for master private key escrow and the pure-JS polyfill is very slow. To better support Edge we should implement PBKDF2 in wasm so that we get better performance numbers and can call it from IronWeb.
Publish version to match recrypt to designate "production ready" usage.
When transliterate_string(str)
has been added to the search-helpers, expose it along with the other substring search functions.
I found the webpack-usage documentation somewhat confusing, even after trying to eject a create-react-app project. I'm new to wasm+react, but was hoping using the npm module would make it more seamless.
Would love any additional documentation for using this in client-side browser applications.
This build failed in the Get version
step:
Version 'null' in './examples/create-react-app-example/package.json' doesn't match '0.6.24-pre' from others in './Cargo.toml
./examples/create-react-app-example/package.json
./package.json'
The example app has a version that doesn't match the other versions in the repo. The bump-version workflow doesn't know what to do with that.
The current logic for package.json
files is: If package.json
is in the root of the repo, read the version from it. Otherwise, ignore the deeply nested package.json
and read the version from package.json
in the root of the repo, which must exist.
Options:
find . -maxdepth 3
.package.json
completely if there's no root package.json
?Hi,
we still need to support Internet Explorer which does not support WebAssembly.
recrypt with ScalaJS is not an option because decrypting a transformed cipher takes up to 25 seconds with IE.
For a fallback solution I wanted to try asm.js compilation: I changed the target to asmjs-unknown-emscripten
. Then I had to change the crate type to lib
because cdylib
was not supported by asmjs-unknown-emscripten
. However, compilation failed:
Compiling ed25519-dalek v1.0.0-pre.0 (https://github.com/IronCoreLabs/ed25519-dalek?branch=rand-0.6#1132665a)
error[E0277]: the trait bound `rand::distributions::Standard: rand::distributions::Distribution<u128>` is not satisfied
--> /home/dph/.cargo/git/checkouts/ed25519-dalek-ab972af0b2b0a306/1132665/src/ed25519.rs:984:44
|
984 | .map(|_| Scalar::from(thread_rng().gen::<u128>()))
| ^^^ the trait `rand::distributions::Distribution<u128>` is not implemented for `rand::distributions::Standard`
|
= help: the following implementations were found:
<rand::distributions::Standard as rand::distributions::Distribution<()>>
<rand::distributions::Standard as rand::distributions::Distribution<(A, B)>>
<rand::distributions::Standard as rand::distributions::Distribution<(A, B, C)>>
<rand::distributions::Standard as rand::distributions::Distribution<(A, B, C, D)>>
and 58 others
error: aborting due to previous error
For more information about this error, try `rustc --explain E0277`.
error: Could not compile `ed25519-dalek`.
warning: build failed, waiting for other jobs to finish...
error: build failed
Do you have any experience with asm.js compilation of recrypt-rs via emscripten?
The wasm-bindgen shim that gets generated as part of this package includes code that attempts to call the WebCrypto API. When this WASM module is used in a WebWorker, that API is not available in MS Edge which causes errors. We should expose a method in the shim to let users pass in a random value to be used in lieu of calling crypto.getRandomValues
.
Our ed25519 dependency in recrypt supports using a 32-bit backend instead of the default 64 bit. This both improves performance and reduces the file size in the WASM code. We should figure out how to enable that feature at the WASM level to gain these improvements.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.