Replace secp256k1 -> prime256v1

js/sign/src/utils/utils.ts

@@ -36,23 +36,32 @@ export function parsePemKey(
   });
 }
 
-export function isAsymmetricKeyTypeSupported(key: crypto.KeyObject) {
-  return (
-    key.asymmetricKeyType === 'ed25519' ||
-    (key.asymmetricKeyType === 'ec' &&
-      key.asymmetricKeyDetails?.namedCurve === 'secp256k1')
-  );
+function maybeGetSignatureType(key: crypto.KeyObject): SignatureType | null {
+  switch (key.asymmetricKeyType) {
+    case 'ed25519':
+      return SignatureType.Ed25519;
+    case 'ec':
+      if (key.asymmetricKeyDetails?.namedCurve === 'prime256v1') {
+        return SignatureType.EcdsaP256SHA256;
+      }
+      break;
+    default:
+      break;
+  }
+  return null;
 }
 
-export function getSignatureType(key: crypto.KeyObject) {
+export function isAsymmetricKeyTypeSupported(key: crypto.KeyObject): boolean {
+  return maybeGetSignatureType(key) !== null;
+}
+
+export function getSignatureType(key: crypto.KeyObject): SignatureType {
+  const signatureType = maybeGetSignatureType(key);
   assert(
-    isAsymmetricKeyTypeSupported(key),
+    signatureType !== null,
     'Expected either "Ed25519" or "ECDSA P-256" key.'
   );
-  if (key.asymmetricKeyType === 'ed25519') {
-    return SignatureType.Ed25519;
-  }
-  return SignatureType.EcdsaP256SHA256;
+  return signatureType;
 }
 
 export function getPublicKeyAttributeName(key: crypto.KeyObject) {
@@ -64,19 +73,19 @@ export function getRawPublicKey(publicKey: crypto.KeyObject) {
   switch (getSignatureType(publicKey)) {
     case SignatureType.Ed25519:
       // Currently this is the only way for us to get the raw 32 bytes of the public key.
-      return new Uint8Array(exportedKey.slice(-32));
+      return new Uint8Array(exportedKey.subarray(-32));
     case SignatureType.EcdsaP256SHA256: {
       // The last 65 bytes are the raw bytes of the ECDSA P-256 public key.
       // For the purposes of signing, we'd like to convert it to its compressed form that takes only 33 bytes.
-      const uncompressedHex = exportedKey.slice(-65).toString('hex');
-      const compressedHex = crypto.ECDH.convertKey(
-        uncompressedHex,
-        'secp256k1',
+      const uncompressedKeyHex = exportedKey.subarray(-65).toString('hex');
+      const compressedKeyHex = crypto.ECDH.convertKey(
+        uncompressedKeyHex,
+        'prime256v1',
         'hex',
         'hex',
         'compressed'
       ) as string;
-      return Buffer.from(compressedHex, 'hex');
+      return new Uint8Array(Buffer.from(compressedKeyHex, 'hex'));
     }
   }
 }

js/sign/tests/integrity-block-signer_test.js

@@ -11,19 +11,19 @@ const __dirname = path.dirname(url.fileURLToPath(import.meta.url));
 const TEST_WEB_BUNDLE_HASH =
   '95f8713d382ffefb8f1e4f464e39a2bf18280c8b26434d2fcfc08d7d710c8919ace5a652e25e66f9292cda424f20e4b53bf613bf9488140272f56a455393f7e6';
 const EMPTY_INTEGRITY_BLOCK_HEX = '8348f09f968bf09f93a6443162000080';
-const TEST_ED25519_PRIVATE_KEY =
-  '-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIB8nP5PpWU7HiILHSfh5PYzb5GAcIfHZ+bw6tcd/LZXh\n-----END PRIVATE KEY-----';
+const TEST_ED25519_PRIVATE_KEY = `-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIB8nP5PpWU7HiILHSfh5PYzb5GAcIfHZ+bw6tcd/LZXh
+-----END PRIVATE KEY-----`;
 const TEST_ECDSA_P256_PRIVATE_KEY = `
 -----BEGIN EC PRIVATE KEY-----
-MHQCAQEEINvcyT9OLOgYkdNoyHQiNn3ulwxuksh81C4BAYBig631oAcGBSuBBAAK
-oUQDQgAEcs04XzK1LlJq5/82AhgEQSaHjnBRM1j6yyBcjqMiC1OWqthATgIoGRoI
-n/YZWcvHcYJ8hgm2VLIgZJX7/VfNpg==
+MHcCAQEEIG6HAXvoG+dOP20rbyPuGC21od4DAZCKBkPy/1902xPnoAoGCCqGSM49
+AwEHoUQDQgAEHIIHO9B+7XJoXTXf3aTWC7aoK1PW4Db5Z8gSGXIkHlLrucUI4lyx
+DttYYhi36vrg5nR6zrfdhe7+8F1MoTvLuw==
 -----END EC PRIVATE KEY-----`;
-
 const TEST_ED25519_WEB_BUNDLE_ID =
   '4tkrnsmftl4ggvvdkfth3piainqragus2qbhf7rlz2a3wo3rh4wqaaic';
 const TEST_ECDSA_P256_WEB_BUNDLE_ID =
-  'ajzm2oc7gk2s4utk477tmaqyarasnb4oobitgwh2zmqfzdvdeifvgaacai';
+  'amoiebz32b7o24tilu257xne2yf3nkblkploanxzm7ebeglseqpfeaacai';
 
 const IWA_SCHEME = 'isolated-app://';
 
@@ -75,7 +75,7 @@ describe('Integrity Block Signer', () => {
   it('accepts only selected key types.', () => {
     for (const validKey of [
       { keyType: 'ed25519' },
-      { keyType: 'ec', options: { namedCurve: 'secp256k1' } },
+      { keyType: 'ec', options: { namedCurve: 'prime256v1' } },
     ]) {
       const keypairValid = crypto.generateKeyPairSync(
         validKey.keyType,
@@ -89,7 +89,7 @@ describe('Integrity Block Signer', () => {
     for (const invalidKey of [
       { keyType: 'rsa', options: { modulusLength: 2048 } },
       { keyType: 'dsa', options: { modulusLength: 1024, divisorLength: 224 } },
-      { keyType: 'ec', options: { namedCurve: 'sect239k1' } },
+      { keyType: 'ec', options: { namedCurve: 'secp256k1' } },
       { keyType: 'ed448' },
       { keyType: 'x25519' },
       { keyType: 'x448' },
@@ -130,7 +130,7 @@ describe('Integrity Block Signer', () => {
 
   [
     crypto.generateKeyPairSync('ed25519'),
-    crypto.generateKeyPairSync('ec', { namedCurve: 'secp256k1' }),
+    crypto.generateKeyPairSync('ec', { namedCurve: 'prime256v1' }),
   ].forEach((keypair) => {
     it(`generates the dataToBeSigned correctly with ${createTestSuffix(
       keypair.publicKey
@@ -178,12 +178,11 @@ describe('Integrity Block Signer', () => {
 
   [
     crypto.generateKeyPairSync('ed25519'),
-    crypto.generateKeyPairSync('ec', { namedCurve: 'secp256k1' }),
+    crypto.generateKeyPairSync('ec', { namedCurve: 'prime256v1' }),
   ].forEach((keypair) => {
     it(`generates a valid signature with ${createTestSuffix(
       keypair.publicKey
     )}.`, async () => {
-      const keypair = crypto.generateKeyPairSync('ed25519');
       const signer = initSignerWithTestWebBundleAndKeys(keypair.privateKey);
       const rawPubKey = wbnSign.getRawPublicKey(keypair.publicKey);
       const sigAttr = {