"Error: Unknown message digest" caused by crypto.subtle.verify({'name':'ECDSA', 'hash':'SHA-256'}, ...) when bundling via browserify

Question

"Error: Unknown message digest" caused by crypto.subtle.verify({'name':'ECDSA', 'hash':'SHA-256'}, ...) when bundling via browserify

Jonas-Metzger opened this issue 4 years ago · 2 comments

I'm trying to bundle the PageSigner pgsg-node.js (written in NodeJS) using browserify, such that I can run it via QuickJS and eventually compile it to WASM. (Not for a browser application however - I need to run it on a WASM VM).

After some necessary edits to the code of pgsg-node.js, I managed to successfully execute both node bundle.js and the QuickJS analogue qjs bundle.js and log the final output to the console. However, that only works if I remove this crucial line:

var result = await crypto.subtle.verify({'name':'ECDSA', 'hash':'SHA-256'}, notary_pk_CryptoKey, ba2ab(sig_p1363), ba2ab(signed_data_ba))

and replace it with var result = true. Otherwise I get the following error after executing node bundle.js:

Error: Unknown message digest
    at new Verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13849:20)
    at Object.createVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13882:10)
    at Function.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33318:51)
    at EcdsaProvider.onVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33496:25)
    at EcdsaProvider.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82175:30)
    at SubtleCrypto.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82832:39)
    at verifyNotarySig (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:2724:39)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async verifyPgsgV4 (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:723:10)
    at async Object.verifyPgsg (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:661:12) Error
(node:7830) UnhandledPromiseRejectionWarning: Error: Unknown message digest
    at new Verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13849:20)
    at Object.createVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:13882:10)
    at Function.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33318:51)
    at EcdsaProvider.onVerify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:33496:25)
    at EcdsaProvider.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82175:30)
    at SubtleCrypto.verify (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:82832:39)
    at verifyNotarySig (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:2724:39)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async verifyPgsgV4 (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:723:10)
    at async Object.verifyPgsg (/home/metzgerj/CoaseContract/pagesigner/webextension/content/pgsg-node/bundle.js:661:12)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:7830) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:7830) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

What's weird is that at least some of the crypto.subtle functionality works, the line right before

var notary_pk_CryptoKey = await crypto.subtle.importKey(
      "raw", ba2ab(notaryPubkey_ba), {name: 'ECDSA', namedCurve:'P-256'}, true, ["verify"]);

works flawlessly. Also, executing my modified unbundled file node pgsg-node.js does not produce this error.

Answer 1 · 2021-06-22T23:10:41.000Z

You don't need to use @peculiar/webcrypto for the browser. Use global crypto object.

self.crypto.subtle.verify(...);

As I can see it throws exception here. It calls NodeJS Crypto API. But browser doesn't have that API. And looks your bundle file doesn't include that implementation.

Answer 2 · 2021-06-23T01:25:27.000Z

Thank you! As I said, it's not meant to run in a browser (hence I can't rely on the browser's webcrypto api), but on a WASM VM.

Thanks a lot for the pointer, I wasn't expecting it to use the NodeJS crypto module! I am assuming you were referring to analogous line in the verify function rather than the sign function.

I think browserify replaces NodeJS crypto API with crypto-browserify. So probably I should ask them what's going on.