Add importKey, format code, improve tests

Author: mrkvon

src/algorithms/ECDSA.js

@@ -9,7 +9,7 @@ const crypto = require('isomorphic-webcrypto')
 const TextEncoder = require('../text-encoder')
 
 /**
- * HMAC with SHA-2 Functions
+ * ECDSA with SHA-2 Functions and P Curves
  */
 class ECDSA {
 
@@ -84,6 +84,43 @@ class ECDSA {
       throw new Error('The key is too short.')
     }
   }
+
+  /**
+   * importKey
+   * copied from ./RSASSA-PKCS1-v1_5.js, and it works!
+   *
+   * @param {JWK} key
+   * @returns {Promise}
+   */
+  async importKey (key) {
+    let jwk = Object.assign({}, key)
+    let algorithm = this.params
+    let usages = key['key_ops'] || []
+
+    if (key.use === 'sig') {
+      usages.push('verify')
+    }
+
+    if (key.use === 'enc') {
+      // TODO: handle encryption keys
+      return Promise.resolve(key)
+    }
+
+    if (key.key_ops) {
+      usages = key.key_ops
+    }
+
+    return crypto.subtle
+      .importKey('jwk', jwk, algorithm, true, usages)
+      .then(cryptoKey => {
+        Object.defineProperty(jwk, 'cryptoKey', {
+          enumerable: false,
+          value: cryptoKey
+        })
+
+        return jwk
+      })
+  }
 }
 
 /**

src/algorithms/index.js

@@ -157,6 +157,14 @@ supportedAlgorithms.define('RS512', 'importKey', new RSASSA_PKCS1_v1_5({
   }
 }))
 
+supportedAlgorithms.define('ES256', 'importKey', new ECDSA({
+  name: 'ECDSA',
+  hash: {
+    name: 'SHA-256'
+  },
+  namedCurve: 'P-256'
+}))
+
 /**
  * Export
  */

test/algorithms/ECDSASpec.js

@@ -18,161 +18,20 @@ const ECDSA = require('../../src/algorithms/ECDSA')
 const {TextEncoder} = require('@sinonjs/text-encoding')
 const crypto = require('isomorphic-webcrypto')
 const base64url = require('base64url')
+const { getPublicKey, getPrivateKey } = require('../keys/ES256')
+const { should } = require('chai')
+
+/**
+ * Reused test constants
+ */
+const alg = { name: 'ECDSA', hash: { name: 'SHA-256' }, namedCurve: "P-256" }
+
+const data = 'signed with Chrome generated webcrypto key'
 
-    const  jwkEcdsaKey = {
-    "crv": "P-256",
-    "d": "XX7AP7HV-6zBeUsAIFwBgpqsQf76ebFN1gquG-9wk8Q",
-    "ext": true,
-    "key_ops": [
-        "sign"
-    ],
-    "kty": "EC",
-    "x": "KNeDy7FqchFNXivYDpnNSk0tTvox5cWwJgGoUom24BA",
-    "y": "qlC7dwMwytkZTY8E6s4Fam1JA8D19OhyFKrUM_aRgPo"
-}
-const chromeEcdsaSignature = new Uint8Array([
-    238,
-    23,
-    148,
-    239,
-    242,
-    150,
-    132,
-    224,
-    198,
-    144,
-     143,
-     31,
-     211,
-     82,
-     220,
-     86,
-     193,
-     138,
-     128,
-     199,
-     103,
-     190,
-     187,
-     230,
-     40,
-     4,
-     113,
-     108,
-     163,
-     147,
-     112,
-     70,
-     9,
-     92,
-     99,
-     83,
-     4,
-     222,
-     75,
-     162,
-     21,
-     156,
-     135,
-     201,
-     31,
-     42,
-     209,
-     14,
-     208,
-     206,
-     227,
-     13,
-     160,
-     228,
-     84,
-     73,
-     74,
-     164,
-     83,
-     7,
-     23,
-     184,
-     73,
-     160
-])
-
-const publicKey= new Uint8Array([
-  4,
-  40,
-  215,
-  131,
-  203,
-  177,
-  106,
-  114,
-  17,
-  77,
-   94,
-   43,
-   216,
-   14,
-   153,
-   205,
-   74,
-   77,
-   45,
-   78,
-   250,
-   49,
-   229,
-   197,
-   176,
-   38,
-   1,
-   168,
-   82,
-   137,
-   182,
-   224,
-   16,
-   170,
-   80,
-   187,
-   119,
-   3,
-   48,
-   202,
-   217,
-   25,
-   77,
-   143,
-   4,
-   234,
-   206,
-   5,
-   106,
-   109,
-   73,
-   3,
-   192,
-   245,
-   244,
-   232,
-   114,
-   20,
-   170,
-   212,
-   51,
-   246,
-   145,
-   128,
-   250
-])
-   const   signature = 'YvmWUlEcE3C739KYsNRkykl9roZjr7vn0BHkMt0JZqemnWS3pYUoS7AvFs6D3POPosDEk20GbewTs3Mr/K5pWA=='
-     const alg = { name: 'ECDSA', hash: { name: 'SHA-256' }, namedCurve: "P-256" }
-
-
-     const data = 'signed with Chrome generated webcrypto key'
 /**
  * Tests
  */
-describe.only('ECDSA', () => {
+describe('ECDSA', () => {
 
   /**
    * constructor
@@ -189,65 +48,91 @@ describe.only('ECDSA', () => {
    * sign
    */
   describe('sign', () => {
-    let importedEcdsaKey, importedPublicKey
-
-    before(() => {
+    let importedEcdsaPrivateKey, importedEcdsaPublicKey
 
-      return crypto.subtle
-        .importKey('jwk', jwkEcdsaKey, alg, true, ['sign', 'verify'])
-        .then(cryptoKey => importedEcdsaKey = cryptoKey)
-    })
-
-    before(() => {
-      return crypto.subtle
-        .importKey('raw', publicKey, alg, true, ['verify'])
-        .then(cryptoKey => importedPublicKey = cryptoKey)
+    before(async () => {
+      importedEcdsaPrivateKey = await getPrivateKey()
+      importedEcdsaPublicKey = await getPublicKey()
     })
 
     it('should return a promise', () => {
       let ecdsa = new ECDSA(alg)
-      return ecdsa.sign(importedEcdsaKey, data).should.be.instanceof(Promise)
+      return ecdsa.sign(importedEcdsaPrivateKey, data).should.be.instanceof(Promise)
     })
 
     it('should reject an insufficient key length')
 
-    it('should resolve a base64url encoded value', () => {
-      let ecdsa = new ECDSA(alg)
-      return ecdsa.sign(importedEcdsaKey, data)
-        .then(signature => {
-          // ECDSA is non-deterministic. Therefore we test that the generated signature gets verified with crypto library
-          return crypto.subtle.verify({  name: 'ECDSA', hash: { name: 'SHA-256' }, namedCurve: "P-256"}, importedPublicKey, new TextEncoder().encode(signature), new TextEncoder().encode(data))
-        //  base64url.toBuffer(signature)
-          //  .should.eql(Buffer.from(chromeEcdsaSignature.buffer))
-        })
+    it('should resolve a base64url encoded value and verification should pass', async () => {
+      const ecdsa = new ECDSA(alg)
+      const signature = await ecdsa.sign(importedEcdsaPrivateKey, data)
+
+      // this will fail if signature is anything but base64 string
+      expect(base64url(base64url.toBuffer(signature))).to.equal(signature)
+
+      // ECDSA is non-deterministic. Therefore we test that the generated signature gets verified with crypto library
+      const verified = await crypto.subtle.verify(
+        {
+          name: 'ECDSA',
+          hash: { name: 'SHA-256' },
+          namedCurve: "P-256"
+        },
+        importedEcdsaPublicKey,
+        base64url.toBuffer(signature),
+        new TextEncoder().encode(data)
+      )
+
+      verified.should.eql(true)
     })
   })
 
   /**
    * verify
    */
   describe('verify', () => {
-    let importedEcdsaKey
+    let importedEcdsaPublicKey, signature
 
-    before(() => {
+    before(async () => {
+      /**
+       * This signature was produced in Chromium
+       * deails can be found in comments of ../keys/ES256.js
+       */
+      signature = 'AUNkOnr//z999flIoTMebaf5EQC56WVQizK3GXW/u4EOQBvs9CtvfgWi0pQ3bi0k8p357ajtNvN/dJ1Vr8gbYg=='
 
-      return crypto.subtle
-        .importKey('raw', publicKey, alg, true, ['verify'])
-        .then(cryptoKey => importedEcdsaKey = cryptoKey)
+      importedEcdsaPublicKey = await getPublicKey()
     })
 
     it('should return a promise', () => {
       let ecdsa = new ECDSA(alg)
-      ecdsa.verify(importedEcdsaKey, signature, data).should.be.instanceof(Promise)
+      ecdsa.verify(importedEcdsaPublicKey, signature, data).should.be.instanceof(Promise)
     })
 
-    it('should resolve a boolean', () => {
-      let ecdsa = new ECDSA(alg)
-      return ecdsa.verify(importedEcdsaKey, signature, data)
-        .then(verified => {
-          expect(verified).to.equal(true)
-        })
+    it('should resolve to true', async () => {
+      const ecdsa = new ECDSA(alg)
+      const verified = await ecdsa.verify(importedEcdsaPublicKey, signature, data)
+      expect(verified).to.equal(true)
+    })
+  })
+
+  /**
+   * importKey
+   */
+  describe('importKey', () => {
+    let exampleJwkPublicKey
+
+    before(() => {
+      exampleJwkPublicKey = {
+        crv: 'P-256',
+        kty: 'EC',
+        x: '-c0_z0ly3xRDR0XQuvIirfgal59hq7BzF9ObdUXrgmI',
+        y: '_7QdnDYKrkrkYaCqZko0ebDQ1L1RpHLtzg8YwdT79n8',
+        alg: 'ES256'
+      }
+    })
 
+    it('should successfully import public jwk key', async () => {
+      const ecdsa = new ECDSA(alg)
+      const key = await ecdsa.importKey(exampleJwkPublicKey)
+      key.cryptoKey.constructor.name.should.equal('CryptoKey')
     })
   })
 })