-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: expose KeyObject class #26438
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this touch the docs somewhere? Can you find how the other classes are documented, and duplicate the style for this one? Or are they completely undocumented? That would be unfortunate! The docs will need YAML change markers.
The KeyObject as a Class is already documented, i reworded it a bit to be in line with e.g. |
Thanks for adding the docs. Also, PR should touch the test code. Something like the first test in test/parallel/test-crypto-hmac.js that checks the instanceof should be in test/parallel/test-crypto-key-objects.js (for each key object type). If using new on the class fails, should be a test asserting that, too, though I don't see one for Hmac, so perhaps it doesn't fail, its just a doced "do not do this" restriction, not a runtime restriction. |
I've reflected the previous review notes in the force-pushed f64f682. Looking at the code it's not hard to fool this one. Not sure how the C binding object Hmmm, we could do |
CI ✅ Any further suggestions? |
If the other exposed classes aren't doing something special to make |
The difference is that other classes do not create the handle outside of the constructor. I'd like to keep the check in place, |
@sam-github @tniessen what is the consensus here? @sam-github isn't it a good first step to prevent this class from being instantiated? The other classes could follow if they should not be used in userland. |
So, no, @BridgeAR , IMO it is isn't a good first step, its an idiosyncratic special case. I suggest not doing it in this PR, but would encourage a follow up PR, that changes ALL the classes to consistently make them not instantiable. It could be introduced in this PR, but it doesn't seem related. |
@sam-github while i have my reserves, there, force pushed just the class exposure and removed the tests for blocking, let it be a wild west as-is today. I will try and get a sweeping revision of all exposed crypto classes in the coming days tho. |
To explain my reservation for not having it part of this PR other exports are marked as Classes but aren't e.g. Certificate
or Cipheriv
They all have one It's the fact that an invalid key MAY be instantiated with the class exposed is why i first opened just an |
That's because what you call "classes" is a relatively new concept in ES.
There are two reasons why users shouldn't use
We try to prevent users from making mistakes, but we cannot fully protect users from code with malicious intent. This is not a vulnerability. |
All i'm saying is that by using the other exports today you don't end up with a broken object. Using this one you do and i understand why it wasn't exported in the first place. Here's a branch where you can't. Just played around a bit. It's the fact that this is undocumented and not intended to be used directly, that I find the strive to keep a constructor that's putting potentially broken KeyObjects in place strange. |
I am against adding such checks for (Off topic: You don't need to use an object with a symbol as a key. You can just pass a unique value such as a I'll approve this if there is consensus amongst collaborators that exposing this class is the best way to go. |
@nodejs/crypto @nodejs/collaborators |
So, can we land this? |
PR-URL: #26438 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
PR-URL: nodejs#26438 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
PR-URL: #26438 Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>
This PR exposes the KeyObject class as per #26200 discussion.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes/cc @sam-github @tniessen
Closes #26200