better align meta to match Go implementation

Cyphrme · Jul 14, 2023 · e12f553 · e12f553
1 parent 02de0bc
commit e12f553
Show file tree

Hide file tree

Showing 14 changed files with 69 additions and 65 deletions.
diff --git a/README.md b/README.md
@@ -17,11 +17,12 @@ If using Go, esbuild can be installed with the following.
 go install github.com/evanw/esbuild/cmd/esbuild@v0.15.8
 ```
 
-[Alternatively, see esbuild's installation instructions][1]
+[Alternatively, see esbuild's installation instructions.][1]
+Also, [Coze JS npm](https://www.npmjs.com/package/coze).  
 
 ##### Create the Coze distribution file. 
 
-(See [join.js](join.js) for more instructions)
+(See [join.js](join.js) for more instructions.)
 ```
 esbuild join.js --bundle --format=esm --minify --outfile=coze.min.js
 cp coze.min.js verifier/coze.min.js

diff --git a/all/coze_all.min.js b/all/coze_all.min.js
diff --git a/all/coze_all.min.js.map b/all/coze_all.min.js.map
diff --git a/coze.js b/coze.js
@@ -184,24 +184,21 @@ async function Meta(coze, alg) {
 	if (isEmpty(coze.pay)) {
 		throw new Error("Meta: coze.pay must exist.")
 	}
+	let meta = {}
+
+	// Alg check section. Assumes later call to CanonicalHas64() errors on bad or empty alg.  
 	if (isEmpty(alg)) {
 		if (isEmpty(coze.pay.alg)) {
 			throw new Error("Meta: either coze.pay.alg or parameter alg must be set.")
 		}
-		alg = coze.pay.alg
+		meta.alg = coze.pay.alg
+	} else {
+		meta.alg = alg
 	}
-	if (!isEmpty(coze.pay.alg) && alg !== coze.pay.alg){
+	if (!isEmpty(coze.pay.alg) && meta.alg !== coze.pay.alg) {
 		throw new Error(`Meta: coze.pay.alg (${coze.pay.alg}) and parameter alg (${alg}) do not match. `)
 	}
 
-	let meta = {}
-	meta.alg = Enum.HashAlg(alg);
-	if (!isEmpty(coze.pay.alg)) {
-		meta.alg = Enum.HashAlg(coze.pay.alg);
-	}
-	if (isEmpty(meta.alg)) {
-		throw new Error("Meta: no alg provided for coze.")
-	}
 	if (!isEmpty(coze.pay.iat)) {
 		meta.iat = coze.pay.iat
 	}
@@ -212,14 +209,14 @@ async function Meta(coze, alg) {
 		meta.typ = coze.pay.typ
 	}
 
-	meta.can = await Can.Canon(coze.pay);
-	meta.cad = await Can.CanonicalHash64(coze.pay, meta.alg);
+	meta.can = await Can.Canon(coze.pay)
+	meta.cad = await Can.CanonicalHash64(coze.pay, Enum.HashAlg(meta.alg));
 	if (!isEmpty(coze.sig)) {
 		meta.sig = coze.sig
 		meta.czd = await Can.CanonicalHash64({
 			cad: meta.cad,
 			sig: meta.sig
-		}, meta.alg);
+		}, Enum.HashAlg(meta.alg));
 	}
 
 	return meta;

diff --git a/coze.min.js b/coze.min.js
diff --git a/coze.min.js.map b/coze.min.js.map
diff --git a/standard/coze_standard.min.js b/standard/coze_standard.min.js
diff --git a/standard/coze_standard.min.js.map b/standard/coze_standard.min.js.map
diff --git a/verifier/coze.min.js b/verifier/coze.min.js
diff --git a/verifier/coze.min.js.map b/verifier/coze.min.js.map
diff --git a/verifier/coze_all.min.js b/verifier/coze_all.min.js
diff --git a/verifier/coze_all.min.js.map b/verifier/coze_all.min.js.map
diff --git a/verifier/test_unit.js b/verifier/test_unit.js
@@ -295,7 +295,7 @@ async function test_Param() {
 // `ExampleCoze_MetaWithAlg`
 async function test_Meta() {
 	let meta = JSON.stringify(await Coze.Meta(GoldenCoze))
-	let goldenMeta = `{"alg":"SHA-256","iat":1623132000,"tmb":"cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk","typ":"cyphr.me/msg","can":["msg","alg","iat","tmb","typ"],"cad":"Ie3xL77AsiCcb4r0pbnZJqMcfSBqg5Lk0npNJyJ9BC4","sig":"Jl8Kt4nznAf0LGgO5yn_9HkGdY3ulvjg-NyRGzlmJzhncbTkFFn9jrwIwGoRAQYhjc88wmwFNH5u_rO56USo_w","czd":"TnRe4DRuGJlw280u3pGhMDOIYM7ii7J8_PhNuSScsIU"}`
+	let goldenMeta = `{"alg":"ES256","iat":1623132000,"tmb":"cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk","typ":"cyphr.me/msg","can":["msg","alg","iat","tmb","typ"],"cad":"Ie3xL77AsiCcb4r0pbnZJqMcfSBqg5Lk0npNJyJ9BC4","sig":"Jl8Kt4nznAf0LGgO5yn_9HkGdY3ulvjg-NyRGzlmJzhncbTkFFn9jrwIwGoRAQYhjc88wmwFNH5u_rO56USo_w","czd":"TnRe4DRuGJlw280u3pGhMDOIYM7ii7J8_PhNuSScsIU"}`
 	if (meta != goldenMeta) {
 		throw new Error("meta and goldenMeta not equal")
 	}
@@ -310,7 +310,7 @@ async function test_Meta() {
     },
     "sig": "reOiKUO--OwgTNlYpKN60_gZARnW5X6PmQw4zWYbz2QryetRg_qS4KvwEVe1aiSAsWlkVA3MqYuaIM5ihY_8NQ"
 }`), "ES256"))
-	goldenMeta = `{"alg":"SHA-256","iat":1623132000,"tmb":"cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk","typ":"cyphr.me/msg","can":["msg","iat","tmb","typ"],"cad":"K6MVyIFqhBhLvNafZ8sMCRpCqR1oeFpowi7j8P1uE0M","sig":"reOiKUO--OwgTNlYpKN60_gZARnW5X6PmQw4zWYbz2QryetRg_qS4KvwEVe1aiSAsWlkVA3MqYuaIM5ihY_8NQ","czd":"g6kRqHesiST6L38eZPcTk4Bq-fCxtbD6jTvRS8LKMv8"}`
+	goldenMeta = `{"alg":"ES256","iat":1623132000,"tmb":"cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk","typ":"cyphr.me/msg","can":["msg","iat","tmb","typ"],"cad":"K6MVyIFqhBhLvNafZ8sMCRpCqR1oeFpowi7j8P1uE0M","sig":"reOiKUO--OwgTNlYpKN60_gZARnW5X6PmQw4zWYbz2QryetRg_qS4KvwEVe1aiSAsWlkVA3MqYuaIM5ihY_8NQ","czd":"g6kRqHesiST6L38eZPcTk4Bq-fCxtbD6jTvRS8LKMv8"}`
 	if (meta != goldenMeta) {
 		throw new Error("meta and goldenMeta not equal")
 	}
@@ -325,7 +325,7 @@ async function test_Meta() {
         "typ": "cyphr.me/msg"
     }
 }`), "ES256"))
-	goldenMeta = `{"alg":"SHA-256","iat":1623132000,"tmb":"cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk","typ":"cyphr.me/msg","can":["msg","iat","tmb","typ"],"cad":"K6MVyIFqhBhLvNafZ8sMCRpCqR1oeFpowi7j8P1uE0M"}`
+	goldenMeta = `{"alg":"ES256","iat":1623132000,"tmb":"cLj8vsYtMBwYkzoFVZHBZo6SNL8wSdCIjCKAwXNuhOk","typ":"cyphr.me/msg","can":["msg","iat","tmb","typ"],"cad":"K6MVyIFqhBhLvNafZ8sMCRpCqR1oeFpowi7j8P1uE0M"}`
 	if (meta != goldenMeta) {
 		throw new Error("meta and goldenMeta not equal")
 	}
@@ -593,13 +593,14 @@ async function test_CozeKeyCorrect() {
 // 6.) CryptoKey.SignBuffer
 // 7.) CryptoKey.VerifyArrayBuffer
 // 8.) CryptoKey.GetSignHashAlgoFromCryptoKey (calls `algFromCrv`)
+// 9.) Importing a bad key.  
 //
 // `SignBuffer` cannot be tested for throwing an error, since we cannot
 // create an invalid cryptokey. The test will fail at `FromCozeKey`.
 async function test_CryptoKeySign() {
 	let msg = "Test Message";
 	let abMsg = await Coze.SToArrayBuffer(msg);
-	let results = [];
+	let testGSHAFCK = [];
 
 	for (const alg of Algs) {
 		let cozeKey = await Coze.NewKey(alg);
@@ -617,19 +618,30 @@ async function test_CryptoKeySign() {
 		sig = await Coze.CryptoKey.SignBuffer(cryptoKey, abMsg);
 		result = await Coze.CryptoKey.VerifyArrayBuffer(alg, pcc, abMsg, sig);
 		if (result !== true) {
+			console.log(`Test failed on ${alg}`);
 			return false
 		}
-		results.push(await Coze.CryptoKey.GetSignHashAlgoFromCryptoKey(cryptoKey));
+		testGSHAFCK.push(await Coze.CryptoKey.GetSignHashAlgoFromCryptoKey(cryptoKey));
 	}
-	if (JSON.stringify(results) !== JSON.stringify([Coze.Algs.SHA256, Coze.Algs.SHA384, Coze.Algs.SHA512])) {
+	console.log(testGSHAFCK);
+	if (JSON.stringify(testGSHAFCK) !== JSON.stringify([Coze.Algs.SHA256, Coze.Algs.SHA384, Coze.Algs.SHA512])) {
 		return false;
 	}
 
-	// Importing an invalid key from `subtle` will throw a DOMException error:
-	// `DOMException: The imported EC key is invalid`
+	// Importing an invalid key from `subtle` should throw a DOMException error:
+	// `DOMException: The imported EC key is invalid` However, it does only on
+	// Chrome and not on Firefox (2023/07/14).  Firefox finally errors on signing.  
 	let e = null;
 	try {
-		await Coze.CryptoKey.FromCozeKey(GoldenBadCozeKey);
+		 // Should error here, but right now (2023/07/14) only Chrome errors here. 
+		let ck = await Coze.CryptoKey.FromCozeKey(GoldenBadCozeKey); 
+
+		// Firefox does not appear to error on bad private keys until signing.  
+		console.log("Import should have errored for this key:", ck);
+
+		// Sign array buffer.  The following should throw an error everywhere (Chrome/Firefox)
+		let _ = await Coze.CryptoKey.VerifyArrayBuffer(ck.alg, pcc, abMsg, await Coze.CryptoKey.SignBuffer(ck, abMsg));
+		return false // Should never get to this line.  
 	} catch (error) {
 		e = error;
 	}

diff --git a/verifier/verifier.js b/verifier/verifier.js
@@ -199,32 +199,26 @@ function Reset() {
 
 async function Meta(coze, key) {
 	console.log(coze, key);
+	let meta = {}
 
 	// Set fields for meta.  May be empty on "contextual" cozies.
-	if (!('alg' in coze.pay) && ('alg' in key)) {
-		coze = await Coze.Meta(coze, key.alg);
+	if ('alg' in key) {
+		meta = await Coze.Meta(coze, key.alg);
 	} else {
-		coze = await Coze.Meta(coze);
+		meta = await Coze.Meta(coze);
 	}
 
-	if (!('alg' in coze.pay) && ('alg' in key)) {
-		console.log(coze);
-		coze.pay.alg = key.alg
-	}
-
-	if (!('tmb' in coze.pay) && ('tmb' in key)) {
-		coze.pay.tmb = key.tmb
-	}
+	console.log(meta)
 
-	MetaAlg.textContent = coze.pay.alg;
-	if (('iat' in coze.pay)) {
-		MetaIat.textContent = coze.pay.iat;
-		MetaIats.textContent = "(" + new Date(coze.pay.iat * 1000).toLocaleString() + ")";
+	MetaAlg.textContent = meta.alg;
+	if (('iat' in meta)) {
+		MetaIat.textContent = meta.iat;
+		MetaIats.textContent = "(" + new Date(meta.iat * 1000).toLocaleString() + ")";
 	}
-	MetaTmb.textContent = coze.pay.tmb;
-	MetaTyp.textContent = coze.pay.typ;
-	MetaCan.textContent = JSON.stringify(coze.can);
-	MetaCad.textContent = coze.cad;
-	MetaSig.textContent = coze.sig;
-	MetaCzd.textContent = coze.czd;
+	MetaTmb.textContent = meta.tmb;
+	MetaTyp.textContent = meta.typ;
+	MetaCan.textContent = JSON.stringify(meta.can);
+	MetaCad.textContent = meta.cad;
+	MetaSig.textContent = meta.sig;
+	MetaCzd.textContent = meta.czd;
 }