feat: add secp256k1 EC Key curve and ES256K

This is as per
- https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-01
- https://mailarchive.ietf.org/arch/msg/cose/91MouVA43DefbpQOB7l5daCEeIc

Author: panva

CHANGELOG.md

@@ -30,7 +30,7 @@ calculation loop when the private key's private exponent was outright
 invalid or tampered with.
 
 The new methods still allow to import private RSA keys with these
-optimization key parameters missing but its disabled by default and one
+optimization key parameters missing but it is disabled by default and one
 should choose to enable it when working with keys from trusted sources
 
 It is recommended not to use @panva/jose versions with this feature in

P-256K/index.js

@@ -0,0 +1,6 @@
+// rename 'secp256k1' to 'P-256K'
+
+const { rename } = require('../lib/jwk/key/secp256k1_crv')
+rename('P-256K')
+
+module.exports = require('../lib')

README.md

@@ -18,6 +18,7 @@ The following specifications are implemented by @panva/jose
 - JSON Web Key Thumbprint - [RFC7638][spec-thumbprint]
 - JWS Unencoded Payload Option - [RFC7797][spec-b64]
 - CFRG Elliptic Curve Signatures (EdDSA) - [RFC8037][spec-okp]
+- secp256k1 curve EC Key support - [JOSE Registrations for WebAuthn Algorithms][draft-secp256k1]
 
 The test suite utilizes examples defined in [RFC7520][spec-cookbook] to confirm its JOSE
 implementation is correct.
@@ -47,7 +48,7 @@ Legend:
 | -- | -- | -- |
 | RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
 | RSASSA-PSS | ✓ | PS256, PS384, PS512 |
-| ECDSA | ✓ | ES256, ES384, ES512 |
+| ECDSA | ✓ | ES256, ES256K, ES384, ES512 |
 | Edwards-curve DSA | ✓ | EdDSA |
 | HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
 
@@ -247,6 +248,32 @@ jose.JWE.decrypt(
 )
 ```
 
+#### secp256k1
+
+Note: the secp256k1 JOSE parameters registration and the RFC is still in a draft state. If the WG
+draft changes its mind about the parameter names again the new values will be propagated as a MINOR
+library version.
+
+When you require `@panva/jose` you can work with `secp256k1` EC keys right away, the EC JWK `crv`
+used is as per the specification `secp256k1`.
+
+```js
+const jose = require('@panva/jose')
+let key = jose.JWK.generateSync('EC', 'secp256k1')
+key = jose.JWK.asKey(fs.readFileSync('path/to/key/file'))
+key.crv === 'secp256k1'
+```
+
+For legacy reasons the unregistered EC JWK `crv` value `P-256K` is also supported but you must
+require `@panva/jose` like so to use it:
+
+```js
+const jose = require('@panva/jose/P-256K')
+let key = jose.JWK.generateSync('EC', 'P-256K')
+key = jose.JWK.asKey(fs.readFileSync('path/to/key/file'))
+key.crv === 'P-256K'
+```
+
 ## FAQ
 
 #### Semver?
@@ -315,6 +342,7 @@ in terms of performance and API (not having well defined errors).
 [spec-jws]: https://tools.ietf.org/html/rfc7515
 [spec-jwt]: https://tools.ietf.org/html/rfc7519
 [spec-okp]: https://tools.ietf.org/html/rfc8037
+[draft-secp256k1]: https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-01
 [spec-thumbprint]: https://tools.ietf.org/html/rfc7638
 [suggest-feature]: https://github.com/panva/jose/issues/new?labels=enhancement&template=feature-request.md&title=proposal%3A+
 [support-patreon]: https://www.patreon.com/panva

lib/help/consts.js

@@ -1,3 +1,5 @@
+const { name: secp256k1 } = require('../jwk/key/secp256k1_crv')
+
 module.exports.KEYOBJECT = Symbol('KEYOBJECT')
 module.exports.PRIVATE_MEMBERS = Symbol('PRIVATE_MEMBERS')
 module.exports.PUBLIC_MEMBERS = Symbol('PUBLIC_MEMBERS')
@@ -18,7 +20,7 @@ module.exports.OPS = OPS
 module.exports.USES = USES
 
 module.exports.OKP_CURVES = new Set(['Ed25519', 'Ed448', 'X25519', 'X448'])
-module.exports.EC_CURVES = new Set(['P-256', 'P-384', 'P-521'])
+module.exports.EC_CURVES = new Set(['P-256', secp256k1, 'P-384', 'P-521'])
 module.exports.ECDH_ALGS = ['ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW']
 
 module.exports.KEYLENGTHS = {

lib/help/ecdsa_signatures.js

@@ -10,6 +10,7 @@ const getParamSize = keySize => ((keySize / 8) | 0) + (keySize % 8 === 0 ? 0 : 1
 
 const paramBytesForAlg = {
   ES256: getParamSize(256),
+  ES256K: getParamSize(256),
   ES384: getParamSize(384),
   ES512: getParamSize(521)
 }

lib/help/key_utils.js

@@ -1,24 +1,29 @@
 const { createPublicKey } = require('crypto')
 
-const base64url = require('./base64url')
+const { name: secp256k1 } = require('../jwk/key/secp256k1_crv')
 const errors = require('../errors')
+
+const base64url = require('./base64url')
 const asn1 = require('./asn1')
 const computePrimes = require('./rsa_primes')
 const { OKP_CURVES, EC_CURVES } = require('./consts')
 
 const oidHexToCurve = new Map([
   ['06082a8648ce3d030107', 'P-256'],
+  ['06052b8104000a', secp256k1],
   ['06052b81040022', 'P-384'],
   ['06052b81040023', 'P-521']
 ])
 const EC_KEY_OID = '1.2.840.10045.2.1'.split('.')
 const crvToOid = new Map([
   ['P-256', '1.2.840.10045.3.1.7'.split('.')],
+  [secp256k1, '1.3.132.0.10'.split('.')],
   ['P-384', '1.3.132.0.34'.split('.')],
   ['P-521', '1.3.132.0.35'.split('.')]
 ])
 const crvToOidBuf = new Map([
   ['P-256', Buffer.from('06082a8648ce3d030107', 'hex')],
+  [secp256k1, Buffer.from('06052b8104000a', 'hex')],
   ['P-384', Buffer.from('06052b81040022', 'hex')],
   ['P-521', Buffer.from('06052b81040023', 'hex')]
 ])

lib/help/node_alg.js

@@ -1 +1 @@
-module.exports = alg => `sha${alg.substr(-3)}`
+module.exports = alg => `sha${alg.substr(2, 3)}`

lib/index.d.ts

@@ -15,7 +15,7 @@ interface KeyParameters extends BasicParameters {
     x5t?: string
     'x5t#S256'?: string
 }
-type ECCurve = 'P-256' | 'P-384' | 'P-521'
+type ECCurve = 'P-256' | 'secp256k1' | 'P-384' | 'P-521'
 type OKPCurve = 'Ed25519' | 'Ed448' | 'X25519' | 'X448'
 type keyType = 'RSA' | 'EC' | 'OKP' | 'oct'
 type asymmetricKeyObjectTypes = 'private' | 'public'

lib/jwa/ecdh/derive.js

@@ -1,6 +1,7 @@
 const { createECDH, createHash, constants: { POINT_CONVERSION_UNCOMPRESSED } } = require('crypto')
 
 const base64url = require('../../help/base64url')
+const { name: secp256k1 } = require('../../jwk/key/secp256k1_crv')
 
 const crvToCurve = (crv) => {
   switch (crv) {
@@ -10,9 +11,12 @@ const crvToCurve = (crv) => {
       return 'secp384r1'
     case 'P-521':
       return 'secp521r1'
+    case 'secp256k1':
     case 'X448':
     case 'X25519':
       return crv
+    case secp256k1:
+      return 'secp256k1'
   }
 }
 

lib/jwa/ecdsa.js

@@ -18,7 +18,7 @@ const verify = (jwaAlg, nodeAlg, { [KEYOBJECT]: keyObject }, payload, signature)
 }
 
 module.exports = (JWA) => {
-  ['ES256', 'ES384', 'ES512'].forEach((jwaAlg) => {
+  ['ES256', 'ES384', 'ES512', 'ES256K'].forEach((jwaAlg) => {
     const nodeAlg = resolveNodeAlg(jwaAlg)
 
     assert(!JWA.sign.has(jwaAlg), `sign alg ${jwaAlg} already registered`)