Skip to content

Commit a7bd79b

Browse files
vicbvicb
authored
Use the native implementation of crypto APIs (#8568)
1 parent 9609b9f commit a7bd79b

File tree

4 files changed

+40
-136
lines changed

4 files changed

+40
-136
lines changed

.changeset/rotten-monkeys-tan.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"@cloudflare/unenv-preset": minor
3+
---
4+
5+
Use the native implementation of crypto APIs

packages/unenv-preset/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@
5454
},
5555
"peerDependencies": {
5656
"unenv": "2.0.0-rc.15",
57-
"workerd": "^1.20250310.0"
57+
"workerd": "^1.20250311.0"
5858
},
5959
"peerDependenciesMeta": {
6060
"workerd": {

packages/unenv-preset/src/runtime/node/crypto.ts

Lines changed: 32 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -2,95 +2,69 @@
22
// so extract it separately from the other exports
33
import {
44
Cipher,
5-
Cipheriv,
65
constants,
76
createCipher,
8-
createCipheriv,
97
createDecipher,
10-
createDecipheriv,
11-
createECDH,
12-
createSign,
13-
createVerify,
148
Decipher,
15-
Decipheriv,
16-
diffieHellman,
17-
ECDH,
18-
getCipherInfo,
19-
hash,
20-
privateDecrypt,
21-
privateEncrypt,
229
pseudoRandomBytes,
23-
publicDecrypt,
24-
publicEncrypt,
25-
Sign,
26-
sign,
2710
webcrypto as unenvCryptoWebcrypto,
28-
Verify,
29-
verify,
3011
} from "unenv/node/crypto";
3112
import type nodeCrypto from "node:crypto";
3213

33-
export {
34-
Cipher,
35-
Cipheriv,
36-
Decipher,
37-
Decipheriv,
38-
ECDH,
39-
Sign,
40-
Verify,
41-
constants,
42-
createCipheriv,
43-
createDecipheriv,
44-
createECDH,
45-
createSign,
46-
createVerify,
47-
diffieHellman,
48-
getCipherInfo,
49-
hash,
50-
privateDecrypt,
51-
privateEncrypt,
52-
publicDecrypt,
53-
publicEncrypt,
54-
sign,
55-
verify,
56-
} from "unenv/node/crypto";
14+
export { Cipher, constants, Decipher } from "unenv/node/crypto";
5715

5816
const workerdCrypto = process.getBuiltinModule("node:crypto");
5917

60-
// TODO: Ideally this list is not hardcoded but instead is generated when the preset is being generated in the `env()` call
61-
// This generation should use information from https://github.com/cloudflare/workerd/issues/2097
6218
export const {
6319
Certificate,
64-
DiffieHellman,
65-
DiffieHellmanGroup,
66-
Hash,
67-
Hmac,
68-
KeyObject,
69-
X509Certificate,
7020
checkPrime,
7121
checkPrimeSync,
22+
// @ts-expect-error
23+
Cipheriv,
24+
createCipheriv,
25+
createDecipheriv,
7226
createDiffieHellman,
7327
createDiffieHellmanGroup,
28+
createECDH,
7429
createHash,
7530
createHmac,
7631
createPrivateKey,
7732
createPublicKey,
7833
createSecretKey,
34+
createSign,
35+
createVerify,
36+
// @ts-expect-error
37+
Decipheriv,
38+
diffieHellman,
39+
DiffieHellman,
40+
DiffieHellmanGroup,
41+
ECDH,
42+
fips,
7943
generateKey,
8044
generateKeyPair,
8145
generateKeyPairSync,
8246
generateKeySync,
8347
generatePrime,
8448
generatePrimeSync,
49+
getCipherInfo,
8550
getCiphers,
8651
getCurves,
8752
getDiffieHellman,
8853
getFips,
8954
getHashes,
55+
getRandomValues,
56+
hash,
57+
Hash,
9058
hkdf,
9159
hkdfSync,
60+
Hmac,
61+
KeyObject,
9262
pbkdf2,
9363
pbkdf2Sync,
64+
privateDecrypt,
65+
privateEncrypt,
66+
publicDecrypt,
67+
publicEncrypt,
9468
randomBytes,
9569
randomFill,
9670
randomFillSync,
@@ -101,27 +75,24 @@ export const {
10175
secureHeapUsed,
10276
setEngine,
10377
setFips,
78+
sign,
79+
Sign,
10480
subtle,
10581
timingSafeEqual,
82+
verify,
83+
Verify,
84+
X509Certificate,
10685
} = workerdCrypto;
10786

108-
// Special case getRandomValues as it must be bound to the webcrypto object
109-
export const getRandomValues = workerdCrypto.getRandomValues.bind(
110-
workerdCrypto.webcrypto
111-
);
112-
87+
// See https://github.com/cloudflare/workerd/issues/3751
11388
export const webcrypto = {
114-
// @ts-expect-error unenv has unknown type
89+
// @ts-expect-error
11590
CryptoKey: unenvCryptoWebcrypto.CryptoKey,
11691
getRandomValues,
11792
randomUUID,
11893
subtle,
11994
} satisfies typeof nodeCrypto.webcrypto;
12095

121-
// Node.js exposes fips only via the default export 🤷🏼‍♂️
122-
// so extract it separately from the other exports
123-
const fips = workerdCrypto.fips;
124-
12596
export default {
12697
/**
12798
* manually unroll unenv-polyfilled-symbols to make it tree-shakeable
@@ -137,35 +108,21 @@ export default {
137108
X509Certificate,
138109
// @ts-expect-error @types/node is out of date - this is a bug in typings
139110
constants,
140-
// @ts-expect-error unenv has unknown type
141111
createCipheriv,
142-
// @ts-expect-error unenv has unknown type
143112
createDecipheriv,
144-
// @ts-expect-error unenv has unknown type
145113
createECDH,
146-
// @ts-expect-error unenv has unknown type
147114
createSign,
148-
// @ts-expect-error unenv has unknown type
149115
createVerify,
150-
// @ts-expect-error unenv has unknown type
151116
diffieHellman,
152-
// @ts-expect-error unenv has unknown type
153117
getCipherInfo,
154-
// @ts-expect-error unenv has unknown type
155118
hash,
156-
// @ts-expect-error unenv has unknown type
157119
privateDecrypt,
158-
// @ts-expect-error unenv has unknown type
159120
privateEncrypt,
160-
// @ts-expect-error unenv has unknown type
161121
publicDecrypt,
162-
// @ts-expect-error unenv has unknown type
163122
publicEncrypt,
164123
scrypt,
165124
scryptSync,
166-
// @ts-expect-error unenv has unknown type
167125
sign,
168-
// @ts-expect-error unenv has unknown type
169126
verify,
170127

171128
// default-only export from unenv

pnpm-lock.yaml

Lines changed: 2 additions & 60 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)