🐛 Bug Report — Runtime APIs node:crypto 'Unrecognized or unimplemented EC curve "id-ecPublicKey" requested.'

[1yasa]

Unrecognized or unimplemented EC curve \"id-ecPublicKey\" requested when use crypto with compatibility_flags = ["nodejs_compat_v2"] & wrangler v3.78.7.

Here is the error source:

https://github.com/agisboye/app-store-server-api/blob/main/src/Decoding.ts#L47

Here is the error detail:

So my question is, the X509 implemented by workerd seems to be completely unusable when using the decodeJWS function of /app-store-server-api.

Did I make a mistake, or does the X509 implementation in workerd indeed throw an error when trying to get the public key with cert.publicKey? Below is my business code (for reproduction):

const app_store_api = getAppStoreApi()
const res_subscription = await app_store_api.getSubscriptionStatuses(tid!)

const item = res_subscription.data[0].lastTransactions.find(item => item.originalTransactionId === tid)!

const res_transaction = await decodeTransaction(item.signedTransactionInfo)

[1yasa]

any progress？

[jasnell]

The runtime has a much more limited set of curves that it supports than Node.js and id-ec-PublicKey is not on that list.

From: src/workerd/api/crypto/ec.c++ ...

EllipticCurveInfo lookupEllipticCurve(kj::StringPtr curveName) {
  static const std::map<kj::StringPtr, EllipticCurveInfo, CiLess> registeredCurves{
    {"P-256", {"P-256", NID_X9_62_prime256v1, 32}},
    {"P-384", {"P-384", NID_secp384r1, 48}},
    {"P-521", {"P-521", NID_secp521r1, 66}},
  };

  auto iter = registeredCurves.find(curveName);
  JSG_REQUIRE(iter != registeredCurves.end(), DOMNotSupportedError,
      "Unrecognized or unimplemented EC curve \"", curveName, "\" requested.");
  return iter->second;
}

The node:crypto implementation is still an active WIP so some functionality may still be limited or missing.

[1yasa]

The runtime has a much more limited set of curves that it supports than Node.js and id-ec-PublicKey is not on that list.

From: src/workerd/api/crypto/ec.c++ ...

EllipticCurveInfo lookupEllipticCurve(kj::StringPtr curveName) {
  static const std::map<kj::StringPtr, EllipticCurveInfo, CiLess> registeredCurves{
    {"P-256", {"P-256", NID_X9_62_prime256v1, 32}},
    {"P-384", {"P-384", NID_secp384r1, 48}},
    {"P-521", {"P-521", NID_secp521r1, 66}},
  };

  auto iter = registeredCurves.find(curveName);
  JSG_REQUIRE(iter != registeredCurves.end(), DOMNotSupportedError,
      "Unrecognized or unimplemented EC curve \"", curveName, "\" requested.");
  return iter->second;
}

The node:crypto implementation is still an active WIP so some functionality may still be limited or missing.

Get.

[1yasa]

any time support id-ec-PublicKey?

[aspirin2d]

Apple App Store Server API needs this feature to verify it's signed objects.

[ricky0603]

Apple App Store Server API needs this feature to verify it's signed objects.

haha, met the same problems.

[jasnell]

Marking as a feature request. Will investigate.