feat(#2): implementation fixes, readme updates

Author: stevencedro

README.md

@@ -62,11 +62,33 @@ func main() {
 	// generate a new ECDSA key
 	key, err := webcrypto.Subtle().GenerateKey(
 		&ecdsa.Algorithm{
-			NamedCurve: "P-256"
+			NamedCurve: "P-256",
 		}, true, webcrypto.Sign, webcrypto.Verify)
 	if err != nil {
 		panic(err)
 	}
+
+	ckp := key.(webcrypto.CryptoKeyPair)
+
+	// sign some data with the private key
+	sig, err := webcrypto.Subtle().Sign(&ecdsa.Algorithm{
+		Hash: "SHA-256",
+	}, ckp.PrivateKey(), []byte("test"))
+	if err != nil {
+		panic(err)
+	}
+
+	// verify the signature with the public key
+	ok, err := webcrypto.Subtle().Verify(&ecdsa.Algorithm{
+		Hash: "SHA-256",
+	}, ckp.PublicKey(), sig, []byte("test"))
+	if err != nil {
+		panic(err)
+	}
+
+	if !ok {
+		// didn't verify - do something
+	}
 }
 ```
 
@@ -85,6 +107,12 @@ import (
 func main() {
 	// Generate a new key. A *hmac.CryptoKey is returned which implements webcrypto.CryptoKey
 	key, err := webcrypto.Subtle().GenerateKey(
+		&Algorithm{
+			Name: "ECDSA",
+			Params: ecdsa.KeyGenParams{
+
+			}
+		}
 		&hmac.Algorithm{
 			KeyGenParams: &hmac.KeyGenParams{
 				Hash: "SHA-256",

algorithm.go

@@ -14,6 +14,8 @@
 
 package webcrypto
 
+import "fmt"
+
 var algorithms = map[string]func() SubtleCrypto{}
 
 // Algorithm implements the Algorithm dictionary type as specified at
@@ -33,6 +35,10 @@ type KeyAlgorithm interface {
 // RegisterAlgorithm will register SubtleCrypto implementations referenced by the algorithm
 // name provided. When fn gets called, it should return a NEW instance of the implementation.
 func RegisterAlgorithm(name string, fn func() SubtleCrypto) {
+	_, ok := algorithms[name]
+	if ok {
+		panic(fmt.Sprintf("%s algorithm already registered", name))
+	}
 	algorithms[name] = fn
 }
 

algorithms/ecdsa/ecdsa.go

@@ -17,7 +17,6 @@
 package ecdsa
 
 import (
-	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
@@ -74,8 +73,6 @@ func (c *CryptoKey) Usages() []webcrypto.KeyUsage {
 	return c.usages
 }
 
-// KeyGenParams represents the parameters available for key generation as specified at
-// §23.4 https://www.w3.org/TR/WebCryptoAPI/#dfn-EcKeyGenParams
 type Algorithm struct {
 	Hash       string
 	NamedCurve string
@@ -172,6 +169,9 @@ func (s *subtleCrypto) WrapKey(format webcrypto.KeyFormat, key webcrypto.CryptoK
 }
 
 func exportKey(format webcrypto.KeyFormat, key webcrypto.CryptoKey) (any, error) {
+	if !key.Extractable() {
+		return nil, webcrypto.NewError(webcrypto.ErrInvalidAccessError, "key not extractable")
+	}
 	ckp, ok := key.(*CryptoKey)
 	if !ok {
 		return nil, webcrypto.NewError(webcrypto.ErrDataError, "key must be *ecdsa.CryptoKey")
@@ -201,15 +201,15 @@ func exportKeyJwk(key *CryptoKey) (*webcrypto.JsonWebKey, error) {
 	jwk := &webcrypto.JsonWebKey{
 		Kty:    "EC",
 		Ext:    key.ext,
-		KeyOps: key.usages,
-		Use:    "sig",
 		Crv:    key.alg.namedCurve,
-		X:      util.Encoding().EncodeToString(key.pub.Y.Bytes()),
+		KeyOps: []webcrypto.KeyUsage{webcrypto.Verify},
+		X:      util.Encoding().EncodeToString(key.pub.X.Bytes()),
 		Y:      util.Encoding().EncodeToString(key.pub.Y.Bytes()),
 	}
 
 	if key.isPrivate {
 		jwk.D = util.Encoding().EncodeToString(key.priv.D.Bytes())
+		jwk.KeyOps = []webcrypto.KeyUsage{webcrypto.Sign}
 	}
 
 	return jwk, nil
@@ -361,14 +361,6 @@ func importKeyJwk(keyData *webcrypto.JsonWebKey, algorithm *Algorithm, extractab
 		return nil, webcrypto.NewError(webcrypto.ErrDataError, "invalid kty")
 	}
 
-	// If usages is non-empty and the "use" field of jwk is present and is
-	// not a case-sensitive string match to "sig", then throw a DataError.
-	if len(keyUsages) > 0 {
-		if keyData.Use != "sig" {
-			return nil, webcrypto.NewError(webcrypto.ErrDataError, "invalid use")
-		}
-	}
-
 	// the 'crv' in the jwk must match the named curve in the provided algorithm
 	if keyData.Crv != algorithm.NamedCurve {
 		return nil, webcrypto.NewError(webcrypto.ErrDataError, "crv mismatch")
@@ -434,9 +426,13 @@ func importKeyJwk(keyData *webcrypto.JsonWebKey, algorithm *Algorithm, extractab
 	// If the "key_ops" field of jwk is present, and is invalid according to the requirements
 	// of JSON Web Key or does not contain all of the specified usages values, then throw
 	// a DataError.
-	if len(keyData.KeyOps) > 0 {
-		if err := util.AreUsagesValid(keyUsages, keyData.KeyOps); err != nil {
-			return nil, err
+	if ck.isPrivate {
+		if len(keyData.KeyOps) != 1 || keyData.KeyOps[0] != webcrypto.Sign {
+			return nil, webcrypto.NewError(webcrypto.ErrSyntaxError, "invalid key use")
+		}
+	} else {
+		if len(keyData.KeyOps) != 1 || keyData.KeyOps[0] != webcrypto.Verify {
+			return nil, webcrypto.NewError(webcrypto.ErrSyntaxError, "invalid key use")
 		}
 	}
 
@@ -450,6 +446,9 @@ func importKeyJwk(keyData *webcrypto.JsonWebKey, algorithm *Algorithm, extractab
 }
 
 func sign(algorithm webcrypto.Algorithm, key webcrypto.CryptoKey, data []byte) ([]byte, error) {
+	if key.Type() != webcrypto.Private {
+		return nil, webcrypto.NewError(webcrypto.ErrInvalidAccessError, "key must be an *ecdsa.CryptoKey private key")
+	}
 	// ensure its the correct algorithm
 	alg, err := getAlgorithm(algorithm)
 	if err != nil {
@@ -478,15 +477,19 @@ func sign(algorithm webcrypto.Algorithm, key webcrypto.CryptoKey, data []byte) (
 
 	digest := hash.Sum(nil)
 
-	b, err := pk.priv.Sign(rand.Reader, digest, crypto.SHA256)
+	// We concat both r and s - https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa
+	r, s, err := ecdsa.Sign(rand.Reader, pk.priv, digest)
 	if err != nil {
 		return nil, webcrypto.NewError(webcrypto.ErrOperationError, fmt.Sprintf("failed to sign: %s", err.Error()))
 	}
 
-	return b, nil
+	return append(r.Bytes(), s.Bytes()...), nil
 }
 
 func verify(algorithm webcrypto.Algorithm, key webcrypto.CryptoKey, signature []byte, data []byte) (bool, error) {
+	if key.Type() != webcrypto.Public {
+		return false, webcrypto.NewError(webcrypto.ErrInvalidAccessError, "key must be an *ecdsa.CryptoKey public key")
+	}
 	// ensure its the correct algorithm
 	alg, err := getAlgorithm(algorithm)
 	if err != nil {
@@ -512,7 +515,9 @@ func verify(algorithm webcrypto.Algorithm, key webcrypto.CryptoKey, signature []
 
 	digest := hash.Sum(nil)
 
-	return ecdsa.VerifyASN1(pk.pub, digest, signature), nil
+	r := signature[0:32]
+	s := signature[32:64]
+	return ecdsa.Verify(pk.pub, digest, big.NewInt(0).SetBytes(r), big.NewInt(0).SetBytes(s)), nil
 }
 
 func getAlgorithm(a webcrypto.Algorithm) (*Algorithm, error) {

algorithms/ecdsa/ecdsa_test.go

@@ -17,8 +17,11 @@
 package ecdsa
 
 import (
+	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"os"
 	"testing"
 
 	"github.com/armortal/webcrypto-go"
@@ -125,47 +128,174 @@ func Test_SignAndVerify(t *testing.T) {
 	}
 	ckp := k.(webcrypto.CryptoKeyPair)
 
+	signAndVerify(t, ckp.PrivateKey(), ckp.PublicKey(), "SHA-1", []byte("Hello, world!"))
+	signAndVerify(t, ckp.PrivateKey(), ckp.PublicKey(), "SHA-256", []byte("Hello, world!"))
+	signAndVerify(t, ckp.PrivateKey(), ckp.PublicKey(), "SHA-384", []byte("Hello, world!"))
+	signAndVerify(t, ckp.PrivateKey(), ckp.PublicKey(), "SHA-512", []byte("Hello, world!"))
+}
+
+func signAndVerify(t *testing.T, priv webcrypto.CryptoKey, pub webcrypto.CryptoKey, hashFn string, data []byte) {
 	b, err := subtle.Sign(&Algorithm{
-		Hash: "SHA-256",
-	}, ckp.PrivateKey(), []byte("Hello, World!"))
+		Hash: hashFn,
+	}, priv, data)
 	if err != nil {
 		t.Error(err)
 	}
 
 	ok, err := subtle.Verify(&Algorithm{
-		Hash: "SHA-256",
-	}, ckp.PublicKey(), b, []byte("Hello, World!"))
+		Hash: hashFn,
+	}, pub, b, data)
+	if err != nil {
+		t.Error(err)
+	}
+	if !ok {
+		t.Error("sig mismatch")
+	}
+
+	// test inputting and public into sign() and private key into verify()
+	_, err = subtle.Sign(&Algorithm{
+		Hash: hashFn,
+	}, pub, data)
+	if err == nil {
+		t.Error("public key should not be allowed in sign()")
+	}
+
+	ok, err = subtle.Verify(&Algorithm{
+		Hash: hashFn,
+	}, priv, b, data)
+	if err == nil {
+		t.Error("private key should not be allowed in verify()")
+	}
+
+	if ok {
+		t.Error("false should have been returned")
+	}
+}
+
+func Test_testData(t *testing.T) {
+	b, err := os.ReadFile("testdata/data.json")
+	if err != nil {
+		t.Error(err)
+	}
+	var m map[string]any
+	if err := json.Unmarshal(b, &m); err != nil {
+		t.Error(err)
+	}
+
+	b, err = json.Marshal(m["publicKey"])
+	if err != nil {
+		t.Error(err)
+	}
+
+	var jwk webcrypto.JsonWebKey
+	if err := json.Unmarshal(b, &jwk); err != nil {
+		t.Error(err)
+	}
+
+	k, err := subtle.ImportKey(webcrypto.Jwk, &jwk, &Algorithm{NamedCurve: P256}, true, webcrypto.Verify)
 	if err != nil {
 		t.Error(err)
 	}
 
+	sig, err := base64.StdEncoding.DecodeString(m["signature"].(string))
+	if err != nil {
+		t.Error(err)
+	}
+
+	ok, err := subtle.Verify(&Algorithm{
+		Hash: m["hash"].(string),
+	}, k, sig, []byte("test"))
+	if err != nil {
+		t.Error(err)
+	}
 	if !ok {
-		t.FailNow()
+		t.Error("verify failed")
 	}
-	fmt.Printf("%x", b)
 }
 
-func Test_ExportAndImportKey(t *testing.T) {
+func Test_ExportAndImportJsonWebKey(t *testing.T) {
 	k, err := subtle.GenerateKey(&Algorithm{
 		NamedCurve: P256,
-	}, false, webcrypto.Sign)
+	}, true, webcrypto.Sign)
 	if err != nil {
 		t.Error(err)
 	}
 
-	jwk, err := subtle.ExportKey(webcrypto.Jwk, k.(webcrypto.CryptoKeyPair).PrivateKey())
+	// lets sign a message that we'll verify after importing
+	data := []byte("Hello, world!")
+	sig, err := subtle.Sign(&Algorithm{
+		Hash: "SHA-256",
+	}, k.(webcrypto.CryptoKeyPair).PrivateKey(), data)
 	if err != nil {
 		t.Error(err)
 	}
 
-	// b, err := json.Marshal(jwk.(*webcrypto.JsonWebKey))
-	// if err != nil {
-	// 	t.Error(err)
-	// }
+	// export the private key and verify the jwk
+	priv, err := subtle.ExportKey(webcrypto.Jwk, k.(webcrypto.CryptoKeyPair).PrivateKey())
+	if err != nil {
+		t.Error(err)
+	}
+
+	jwk := priv.(*webcrypto.JsonWebKey)
+	if jwk.Crv != "P-256" {
+		t.Error("invalid crv")
+	}
+	if jwk.Kty != "EC" {
+		t.Error("invalid kty")
+	}
+	if jwk.Y == "" || jwk.X == "" || jwk.D == "" {
+		t.Error("invalid y|x|d")
+	}
+	if len(jwk.KeyOps) != 1 || jwk.KeyOps[0] != webcrypto.Sign {
+		t.Error("invalid key_ops")
+	}
+	if !jwk.Ext {
+		t.Error("invalid ext")
+	}
 
-	_, err = subtle.ImportKey(webcrypto.Jwk, jwk, &Algorithm{NamedCurve: P256}, false, webcrypto.Sign)
+	// export the public key and verify the jwk
+	pub, err := subtle.ExportKey(webcrypto.Jwk, k.(webcrypto.CryptoKeyPair).PublicKey())
 	if err != nil {
 		t.Error(err)
 	}
 
+	jwk = pub.(*webcrypto.JsonWebKey)
+	if jwk.Crv != "P-256" {
+		t.Error("invalid crv")
+	}
+	if jwk.Kty != "EC" {
+		t.Error("invalid kty")
+	}
+	if jwk.Y == "" || jwk.X == "" {
+		t.Error("invalid x|y")
+	}
+	if len(jwk.KeyOps) != 1 || jwk.KeyOps[0] != webcrypto.Verify {
+		t.Error("invalid key_ops")
+	}
+	if !jwk.Ext {
+		t.Error("invalid ext")
+	}
+
+	// import the key
+	imp, err := subtle.ImportKey(webcrypto.Jwk, jwk, &Algorithm{NamedCurve: P256}, true, webcrypto.Verify)
+	if err != nil {
+		t.Error(err)
+	}
+
+	ok, err := subtle.Verify(&Algorithm{
+		Hash: "SHA-256",
+	}, imp, sig, data)
+	if err != nil {
+		t.Error(err)
+	}
+
+	if !ok {
+		t.Error("verify failed")
+	}
+
+	// export the key and verify the jwk
+	_, err = subtle.ExportKey(webcrypto.PKCS8, k.(webcrypto.CryptoKeyPair).PrivateKey())
+	if err != nil {
+		t.Error(err)
+	}
 }