feat: add EC P-256K JWK and ES256K sign/verify support

panva · panva · commit 2e33e1cc2b12 · 2019-03-27T10:35:02.000+01:00
diff --git a/README.md b/README.md
@@ -43,7 +43,7 @@ Legend:
 | -- | -- | -- |
 | RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
 | RSASSA-PSS | ✓ | PS256, PS384, PS512 |
-| ECDSA | ✓ | ES256, ES384, ES512 |
+| ECDSA | ✓ | ES256, ES256K, ES384, ES512 |
 | HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
 
 | JWE Key Management Algorithms | Supported ||
diff --git a/lib/help/asn1/index.js b/lib/help/asn1/index.js
@@ -21,4 +21,3 @@ const RSAPublicKey = asn1.define('RSAPublicKey', require('./rsa_public_key'))
 types.set('RSAPublicKey', RSAPublicKey)
 
 module.exports = types
-module.exports.BN = asn1.bignum
diff --git a/lib/help/ecdsa_signatures.js b/lib/help/ecdsa_signatures.js
@@ -10,6 +10,7 @@ const getParamSize = keySize => ((keySize / 8) | 0) + (keySize % 8 === 0 ? 0 : 1
 
 const paramBytesForAlg = {
   ES256: getParamSize(256),
+  ES256K: getParamSize(256),
   ES384: getParamSize(384),
   ES512: getParamSize(521)
 }
diff --git a/lib/help/key_utils.js b/lib/help/key_utils.js
@@ -2,21 +2,29 @@ const base64url = require('./base64url')
 const errors = require('../errors')
 const asn1 = require('./asn1')
 
-const EC_CURVES = new Set(['P-256', 'P-384', 'P-521'])
+const EC_CURVES = new Set([
+  'P-256',
+  'P-256K',
+  'P-384',
+  'P-521'
+])
 
 const oidHexToCurve = new Map([
   ['06082a8648ce3d030107', 'P-256'],
+  ['06052b8104000a', 'P-256K'],
   ['06052b81040022', 'P-384'],
   ['06052b81040023', 'P-521']
 ])
 const EC_KEY_OID = '1.2.840.10045.2.1'.split('.')
 const crvToOid = new Map([
   ['P-256', '1.2.840.10045.3.1.7'.split('.')],
+  ['P-256K', '1.3.132.0.10'.split('.')],
   ['P-384', '1.3.132.0.34'.split('.')],
   ['P-521', '1.3.132.0.35'.split('.')]
 ])
 const crvToOidBuf = new Map([
   ['P-256', Buffer.from('06082a8648ce3d030107', 'hex')],
+  ['P-256K', Buffer.from('06052b8104000a', 'hex')],
   ['P-384', Buffer.from('06052b81040022', 'hex')],
   ['P-521', Buffer.from('06052b81040023', 'hex')]
 ])
diff --git a/lib/help/node_alg.js b/lib/help/node_alg.js
@@ -4,6 +4,7 @@ module.exports = (alg) => {
     case 'PS256':
     case 'HS256':
     case 'ES256':
+    case 'ES256K':
       return 'sha256'
     case 'RS384':
     case 'PS384':
diff --git a/lib/index.d.ts b/lib/index.d.ts
@@ -8,7 +8,7 @@ interface KeyParameters {
     use?: use
     kid?: string
 }
-type curve = 'P-256' | 'P-384' | 'P-521'
+type curve = 'P-256' | 'P-256K' | 'P-384' | 'P-521'
 type keyType = 'RSA' | 'EC' | 'oct'
 type keyOperation = 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'wrapKey' | 'unwrapKey'
 
diff --git a/lib/jwa/ecdh/derive.js b/lib/jwa/ecdh/derive.js
@@ -6,6 +6,8 @@ const crvToCurve = (crv) => {
   switch (crv) {
     case 'P-256':
       return 'prime256v1'
+    case 'P-256K':
+      return 'secp256k1'
     case 'P-384':
       return 'secp384r1'
     case 'P-521':
diff --git a/lib/jwa/ecdsa.js b/lib/jwa/ecdsa.js
@@ -23,7 +23,7 @@ const verify = (jwaAlg, nodeAlg, { [KEYOBJECT]: keyObject }, payload, signature)
 }
 
 module.exports = (JWA) => {
-  ['ES256', 'ES384', 'ES512'].forEach((jwaAlg) => {
+  ['ES256', 'ES384', 'ES512', 'ES256K'].forEach((jwaAlg) => {
     const nodeAlg = resolveNodeAlg(jwaAlg)
 
     assert(!JWA.sign.has(jwaAlg), `sign alg ${jwaAlg} already registered`)
diff --git a/lib/jwk/key/ec.js b/lib/jwk/key/ec.js
@@ -18,6 +18,8 @@ const crvToDSA = (crv) => {
   switch (crv) {
     case 'P-256':
       return 'ES256'
+    case 'P-256K':
+      return 'ES256K'
     case 'P-384':
       return 'ES384'
     case 'P-521':
@@ -93,12 +95,18 @@ class ECKey extends Key {
   }
 
   static async generate (crv = 'P-256', privat = true) {
+    if (crv === 'P-256K') {
+      crv = 'secp256k1'
+    }
     const { privateKey, publicKey } = await generateKeyPair('ec', { namedCurve: crv })
 
     return privat ? privateKey : publicKey
   }
 
   static generateSync (crv = 'P-256', privat = true) {
+    if (crv === 'P-256K') {
+      crv = 'secp256k1'
+    }
     const { privateKey, publicKey } = generateKeyPairSync('ec', { namedCurve: crv })
 
     return privat ? privateKey : publicKey
diff --git a/test/fixtures/P-256K.key b/test/fixtures/P-256K.key
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgxTAmXNRL8ksBlr+F3yXD
+rUdRDn1gyIvY/PC2e/iUK7ehRANCAARVFouq0yOD8lFoPORt+K3vOieQ4YNnjapt
+nKWOGqyDdeaoE8aEQH9IScXKYVYNTRPa9F7/hx2clSCcRG6OkgLE
+-----END PRIVATE KEY-----
diff --git a/test/fixtures/P-256K.pem b/test/fixtures/P-256K.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVRaLqtMjg/JRaDzkbfit7zonkOGDZ42q
+bZyljhqsg3XmqBPGhEB/SEnFymFWDU0T2vRe/4cdnJUgnERujpICxA==
+-----END PUBLIC KEY-----
diff --git a/test/fixtures/index.js b/test/fixtures/index.js
@@ -28,6 +28,14 @@ module.exports.JWK = {
     d: '_i_1Ac5oVmbBxGvEvOEFHMpzMXKZi8voUx8I3Gl6IxY'
   },
 
+  'P-256K': {
+    kty: 'EC',
+    crv: 'P-256',
+    x: 'VRaLqtMjg_JRaDzkbfit7zonkOGDZ42qbZyljhqsg3U',
+    y: '5qgTxoRAf0hJxcphVg1NE9r0Xv-HHZyVIJxEbo6SAsQ',
+    d: 'xTAmXNRL8ksBlr-F3yXDrUdRDn1gyIvY_PC2e_iUK7c'
+  },
+
   'P-384': {
     kty: 'EC',
     crv: 'P-384',
@@ -56,6 +64,10 @@ module.exports.PEM = {
     private: readFileSync(join(__dirname, 'P-256.key')),
     public: readFileSync(join(__dirname, 'P-256.pem'))
   },
+  'P-256K': {
+    private: readFileSync(join(__dirname, 'P-256K.key')),
+    public: readFileSync(join(__dirname, 'P-256K.pem'))
+  },
   'P-384': {
     private: readFileSync(join(__dirname, 'P-384.key')),
     public: readFileSync(join(__dirname, 'P-384.pem'))
diff --git a/test/help/key_utils.test.js b/test/help/key_utils.test.js
@@ -12,10 +12,10 @@ test('jwkToPem only works for EC and RSA', t => {
   }, { instanceOf: errors.JOSENotSupported, message: 'unsupported key type: OKP' })
 })
 
-test('jwkToPem only does rfc7518 EC', t => {
+test('jwkToPem only handles known curves', t => {
   t.throws(() => {
-    jwkToPem({ kty: 'EC', crv: 'P-256K' })
-  }, { instanceOf: errors.JOSENotSupported, message: 'unsupported EC key curve: P-256K' })
+    jwkToPem({ kty: 'EC', crv: 'foo' })
+  }, { instanceOf: errors.JOSENotSupported, message: 'unsupported EC key curve: foo' })
 })
 
 test('RSA Public key', t => {
diff --git a/test/jwk/ec.test.js b/test/jwk/ec.test.js
@@ -12,10 +12,16 @@ test(`EC key .algorithms invalid operation`, t => {
 
 Object.entries({
   'P-256': [256, 'rDd6H6t9-nJUoz72nTpz8tInvypVWhE2iQoPznj8ZY8'],
+  'P-256K': [256, 'zZYrH69YCAAihM7ZCoRj90VI55H5MmQscSpf-JuUS50'],
   'P-384': [384, '5gebayAhpztJCs4Pxo-z1hhsN0upoyG2NAoKpiiH2b0'],
   'P-521': [512, 'BQtkbSY3xgN4M2ZP3IHMLG7-Rp1L29teCMfNqgJHtTY']
 }).forEach(([crv, [len, kid]]) => {
-  const alg = `ES${len}`
+  let alg
+  if (crv === 'P-256K') {
+    alg = 'ES256K'
+  } else {
+    alg = `ES${len}`
+  }
 
   // private
   ;(() => {
diff --git a/test/jwk/generate.test.js b/test/jwk/generate.test.js
@@ -23,6 +23,13 @@ const { JWK: { generate, generateSync }, errors } = require('../..')
   ['EC', 'P-256', { use: 'enc', alg: 'ECDH-ES' }],
   ['EC', 'P-256', { alg: 'ES256' }],
   ['EC', 'P-256', { alg: 'ECDH-ES' }],
+  ['EC', 'P-256K'],
+  ['EC', 'P-256K', { use: 'sig' }],
+  ['EC', 'P-256K', { use: 'enc' }],
+  ['EC', 'P-256K', { use: 'sig', alg: 'ES256K' }],
+  ['EC', 'P-256K', { use: 'enc', alg: 'ECDH-ES' }],
+  ['EC', 'P-256K', { alg: 'ES256K' }],
+  ['EC', 'P-256K', { alg: 'ECDH-ES' }],
   ['EC', 'P-384'],
   ['EC', 'P-384', { use: 'sig' }],
   ['EC', 'P-384', { use: 'enc' }],

Original file line number	Diff line number	Diff line change
`@@ -21,4 +21,3 @@ const RSAPublicKey = asn1.define('RSAPublicKey', require('./rsa_public_key'))`
`21`	`21`	`types.set('RSAPublicKey', RSAPublicKey)`
`22`	`22`
`23`	`23`	`module.exports = types`
`24`		`-module.exports.BN = asn1.bignum`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ const getParamSize = keySize => ((keySize / 8) \| 0) + (keySize % 8 === 0 ? 0 : 1`
`10`	`10`
`11`	`11`	`const paramBytesForAlg = {`
`12`	`12`	`ES256: getParamSize(256),`
	`13`	`+ ES256K: getParamSize(256),`
`13`	`14`	`ES384: getParamSize(384),`
`14`	`15`	`ES512: getParamSize(521)`
`15`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ interface KeyParameters {`
`8`	`8`	`use?: use`
`9`	`9`	`kid?: string`
`10`	`10`	`}`
`11`		`-type curve = 'P-256' \| 'P-384' \| 'P-521'`
	`11`	`+type curve = 'P-256' \| 'P-256K' \| 'P-384' \| 'P-521'`
`12`	`12`	`type keyType = 'RSA' \| 'EC' \| 'oct'`
`13`	`13`	`type keyOperation = 'encrypt' \| 'decrypt' \| 'sign' \| 'verify' \| 'wrapKey' \| 'unwrapKey'`
`14`	`14`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ const verify = (jwaAlg, nodeAlg, { [KEYOBJECT]: keyObject }, payload, signature)`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`module.exports = (JWA) => {`
`26`		`- ['ES256', 'ES384', 'ES512'].forEach((jwaAlg) => {`
	`26`	`+ ['ES256', 'ES384', 'ES512', 'ES256K'].forEach((jwaAlg) => {`
`27`	`27`	`const nodeAlg = resolveNodeAlg(jwaAlg)`
`28`	`28`
`29`	`29`	assert(!JWA.sign.has(jwaAlg), `sign alg ${jwaAlg} already registered`)