expose Crypto.getRandomValues() or nodejs' crypto

[andreiashu]

first of all thanks for building such a great product! really enjoying working with k6 so far.

We need to sign messages using rsa-sha256. I've tried using node-rsa (with browserify) but I'm getting a "Secure random number generation is not supported by this browser." error. This is because at the moment k6 does not expose Crypto.getRandomValues().

It would be great to get access to nodejs' native crypto module (or the equivalent functionality from Go's crypto library) since that would probably be faster.
But at the minimum exposing Crypto.getRandomValues() might just do the trick in the short term.

[na--]

Thanks for mentioning this, we're considering adding a shim layer to support more browserified libraries, this sounds like a good first step

[andreiashu]

thanks for the update @na--
two things I wanted to mention that might or might not help wit h this:

• performance: at least in our case we're happy to just add more nodes running k6 since RSA-SHA256 is slow (ie. we're aware this shim won't provide native / v8 performance levels)
• shim layer: is this plan outlined anywhere? I'd like to see whether I could take a stab at helping out with it (not very experienced with golang though)

[na--]

No, there's no outline anywhere yet, because we're not very familiar with browserify's requirements and first we'll have do a little research. There are also things we have to improve/fix that may be in babel's purview like this one. But hopefully we can greatly increase k6's compatibility with existing JS libraries without tremendous amounts of effort.

Regarding faster crypto, we already expose Go's hashing functions in JS (docs), but as mentioned here, in the future we may actually expose the rest of the Go standard library crypto primitives in k6 as well.

[mxns]

+1 for exposing the Go crypto primitives, that would be awesome!

[mstoykov]

@andreiashu in #922 crypto.randomBytes was added. Is that sufficient for you ?

[mstoykov]

I am closing this as crypto.randomBytes should be sufficient for the concrete use case

[khawarizmus]

@mstoykov i am still having this error Error: crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported which in this case crypto.getRandomValues() seems to be used by uuid which is being imported by a module I am importing currently.

I would appreciate knowing if there is a way to fix this error? a polyfill or exposing the crypto.getRandomValues().

[mstoykov]

@gimyboya as I eluded in the other issue, while @aws-sdk/* might compile and run, will likely need a whole lot of nodejs or web standards, all of which just aren't implemented in k6.

While not impossible(probably) to make it work, you will basically need to do all those polyfills work yourself. You are very welcome to share it afterwords, but it's unlikely that it will be easy, and I don't know of someone who has done this work before.

For this case -yes the k6/crypto is not the crypto web standard one, and you need to import it from the @aws-sdk/* module that use it(crypto is just a global property in browsers) . While the crypto web standards API defines getRandomValues the k6/crypto defines (as mentioned above) randomBytes. But they also have really not all that much in common as far as API goes and k6/crypto is lacking a lot of stuff.

Issue #2248 was made so we discuss if instead of implementing our own k6/crypto we implement (for example) the actual crypto web standard. But none of this has been decided, and it definitely won't happen overnight ;).

Additionally, looking at that API, I would expect that it will also want to make http requests at some point and that will also probably try to use requests from nodejs or the Fetch API, again neither one of those is supported by k6. Depending on your usecase you might be better of trying the PoC awsv4 signing I have written for k6 which ... works, but you will need to implement the actual calls as helpers functions on top. Depending on how many calls you need this will be way faster and also will be way more performant as well.

I would expect you might have more questions, and as the issues here are mostly about bugs and feature requests I would recommend that you use the community forum, where we will also help you, but just won't be around (somewhat) unrelated issues ;)

[p-v-d-Veeken]

For anyone stumbling on this through a Google search or whatever: k6 has now exposed the (experimental) webcrypto module which is compatible with the browser Crypto API. So you can simply do now:

import { crypto } from 'k6/experimental/webcrypto';
import * as uuid from 'uuid';

Object.assign(globalThis, { crypto });

Which works like a charm. :)