diff --git a/js/sign/signed.swbn b/js/sign/signed.swbn deleted file mode 100644 index 46e18ff9..00000000 Binary files a/js/sign/signed.swbn and /dev/null differ diff --git a/js/sign/src/utils/utils.ts b/js/sign/src/utils/utils.ts index 7a5aa758..bf8c9ca2 100644 --- a/js/sign/src/utils/utils.ts +++ b/js/sign/src/utils/utils.ts @@ -36,23 +36,32 @@ export function parsePemKey( }); } -export function isAsymmetricKeyTypeSupported(key: crypto.KeyObject) { - return ( - key.asymmetricKeyType === 'ed25519' || - (key.asymmetricKeyType === 'ec' && - key.asymmetricKeyDetails?.namedCurve === 'secp256k1') - ); +function maybeGetSignatureType(key: crypto.KeyObject): SignatureType | null { + switch (key.asymmetricKeyType) { + case 'ed25519': + return SignatureType.Ed25519; + case 'ec': + if (key.asymmetricKeyDetails?.namedCurve === 'prime256v1') { + return SignatureType.EcdsaP256SHA256; + } + break; + default: + break; + } + return null; } -export function getSignatureType(key: crypto.KeyObject) { +export function isAsymmetricKeyTypeSupported(key: crypto.KeyObject): boolean { + return maybeGetSignatureType(key) !== null; +} + +export function getSignatureType(key: crypto.KeyObject): SignatureType { + const signatureType = maybeGetSignatureType(key); assert( - isAsymmetricKeyTypeSupported(key), + signatureType !== null, 'Expected either "Ed25519" or "ECDSA P-256" key.' ); - if (key.asymmetricKeyType === 'ed25519') { - return SignatureType.Ed25519; - } - return SignatureType.EcdsaP256SHA256; + return signatureType; } export function getPublicKeyAttributeName(key: crypto.KeyObject) { @@ -64,19 +73,19 @@ export function getRawPublicKey(publicKey: crypto.KeyObject) { switch (getSignatureType(publicKey)) { case SignatureType.Ed25519: // Currently this is the only way for us to get the raw 32 bytes of the public key. - return new Uint8Array(exportedKey.slice(-32)); + return new Uint8Array(exportedKey.subarray(-32)); case SignatureType.EcdsaP256SHA256: { // The last 65 bytes are the raw bytes of the ECDSA P-256 public key. // For the purposes of signing, we'd like to convert it to its compressed form that takes only 33 bytes. - const uncompressedHex = exportedKey.slice(-65).toString('hex'); - const compressedHex = crypto.ECDH.convertKey( - uncompressedHex, - 'secp256k1', + const uncompressedKeyHex = exportedKey.subarray(-65).toString('hex'); + const compressedKeyHex = crypto.ECDH.convertKey( + uncompressedKeyHex, + 'prime256v1', 'hex', 'hex', 'compressed' ) as string; - return Buffer.from(compressedHex, 'hex'); + return new Uint8Array(Buffer.from(compressedKeyHex, 'hex')); } } } diff --git a/js/sign/tests/integrity-block-signer_test.js b/js/sign/tests/integrity-block-signer_test.js index 1ea3cc24..d55918b5 100644 --- a/js/sign/tests/integrity-block-signer_test.js +++ b/js/sign/tests/integrity-block-signer_test.js @@ -11,19 +11,19 @@ const __dirname = path.dirname(url.fileURLToPath(import.meta.url)); const TEST_WEB_BUNDLE_HASH = '95f8713d382ffefb8f1e4f464e39a2bf18280c8b26434d2fcfc08d7d710c8919ace5a652e25e66f9292cda424f20e4b53bf613bf9488140272f56a455393f7e6'; const EMPTY_INTEGRITY_BLOCK_HEX = '8348f09f968bf09f93a6443162000080'; -const TEST_ED25519_PRIVATE_KEY = - '-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIB8nP5PpWU7HiILHSfh5PYzb5GAcIfHZ+bw6tcd/LZXh\n-----END PRIVATE KEY-----'; +const TEST_ED25519_PRIVATE_KEY = `-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIB8nP5PpWU7HiILHSfh5PYzb5GAcIfHZ+bw6tcd/LZXh +-----END PRIVATE KEY-----`; const TEST_ECDSA_P256_PRIVATE_KEY = ` -----BEGIN EC PRIVATE KEY----- -MHQCAQEEINvcyT9OLOgYkdNoyHQiNn3ulwxuksh81C4BAYBig631oAcGBSuBBAAK -oUQDQgAEcs04XzK1LlJq5/82AhgEQSaHjnBRM1j6yyBcjqMiC1OWqthATgIoGRoI -n/YZWcvHcYJ8hgm2VLIgZJX7/VfNpg== +MHcCAQEEIG6HAXvoG+dOP20rbyPuGC21od4DAZCKBkPy/1902xPnoAoGCCqGSM49 +AwEHoUQDQgAEHIIHO9B+7XJoXTXf3aTWC7aoK1PW4Db5Z8gSGXIkHlLrucUI4lyx +DttYYhi36vrg5nR6zrfdhe7+8F1MoTvLuw== -----END EC PRIVATE KEY-----`; - const TEST_ED25519_WEB_BUNDLE_ID = '4tkrnsmftl4ggvvdkfth3piainqragus2qbhf7rlz2a3wo3rh4wqaaic'; const TEST_ECDSA_P256_WEB_BUNDLE_ID = - 'ajzm2oc7gk2s4utk477tmaqyarasnb4oobitgwh2zmqfzdvdeifvgaacai'; + 'amoiebz32b7o24tilu257xne2yf3nkblkploanxzm7ebeglseqpfeaacai'; const IWA_SCHEME = 'isolated-app://'; @@ -75,7 +75,7 @@ describe('Integrity Block Signer', () => { it('accepts only selected key types.', () => { for (const validKey of [ { keyType: 'ed25519' }, - { keyType: 'ec', options: { namedCurve: 'secp256k1' } }, + { keyType: 'ec', options: { namedCurve: 'prime256v1' } }, ]) { const keypairValid = crypto.generateKeyPairSync( validKey.keyType, @@ -89,7 +89,7 @@ describe('Integrity Block Signer', () => { for (const invalidKey of [ { keyType: 'rsa', options: { modulusLength: 2048 } }, { keyType: 'dsa', options: { modulusLength: 1024, divisorLength: 224 } }, - { keyType: 'ec', options: { namedCurve: 'sect239k1' } }, + { keyType: 'ec', options: { namedCurve: 'secp256k1' } }, { keyType: 'ed448' }, { keyType: 'x25519' }, { keyType: 'x448' }, @@ -130,7 +130,7 @@ describe('Integrity Block Signer', () => { [ crypto.generateKeyPairSync('ed25519'), - crypto.generateKeyPairSync('ec', { namedCurve: 'secp256k1' }), + crypto.generateKeyPairSync('ec', { namedCurve: 'prime256v1' }), ].forEach((keypair) => { it(`generates the dataToBeSigned correctly with ${createTestSuffix( keypair.publicKey @@ -178,12 +178,11 @@ describe('Integrity Block Signer', () => { [ crypto.generateKeyPairSync('ed25519'), - crypto.generateKeyPairSync('ec', { namedCurve: 'secp256k1' }), + crypto.generateKeyPairSync('ec', { namedCurve: 'prime256v1' }), ].forEach((keypair) => { it(`generates a valid signature with ${createTestSuffix( keypair.publicKey )}.`, async () => { - const keypair = crypto.generateKeyPairSync('ed25519'); const signer = initSignerWithTestWebBundleAndKeys(keypair.privateKey); const rawPubKey = wbnSign.getRawPublicKey(keypair.publicKey); const sigAttr = {