From e21fea106b4a4b2b4ab583d8ddf26f1d1020ff5a Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 7 Apr 2019 14:08:22 +0200 Subject: [PATCH] revert: add EC P-256K JWK and ES256K sign/verify support BREAKING CHANGE: removing ES256K alg and EC P-256K crv support until the IETF WG decides on what the final names will be. --- README.md | 2 +- lib/help/ecdsa_signatures.js | 1 - lib/help/key_utils.js | 5 +---- lib/help/node_alg.js | 1 - lib/index.d.ts | 2 +- lib/jwa/ecdh/derive.js | 2 -- lib/jwa/ecdsa.js | 2 +- lib/jwk/key/ec.js | 10 +--------- package.json | 1 - test/fixtures/P-256K.key | 5 ----- test/fixtures/P-256K.pem | 4 ---- test/fixtures/index.js | 12 ------------ test/jwk/ec.test.js | 8 +------- test/jwk/generate.test.js | 7 ------- 14 files changed, 6 insertions(+), 56 deletions(-) delete mode 100644 test/fixtures/P-256K.key delete mode 100644 test/fixtures/P-256K.pem diff --git a/README.md b/README.md index 7058158a67..ae39934ae0 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ Legend: | -- | -- | -- | | RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 | | RSASSA-PSS | ✓ | PS256, PS384, PS512 | -| ECDSA | ✓ | ES256, ES256K, ES384, ES512 | +| ECDSA | ✓ | ES256, ES384, ES512 | | HMAC with SHA-2 | ✓ | HS256, HS384, HS512 | | JWE Key Management Algorithms | Supported || diff --git a/lib/help/ecdsa_signatures.js b/lib/help/ecdsa_signatures.js index ee2e742458..0d08138cdd 100644 --- a/lib/help/ecdsa_signatures.js +++ b/lib/help/ecdsa_signatures.js @@ -10,7 +10,6 @@ const getParamSize = keySize => ((keySize / 8) | 0) + (keySize % 8 === 0 ? 0 : 1 const paramBytesForAlg = { ES256: getParamSize(256), - ES256K: getParamSize(256), ES384: getParamSize(384), ES512: getParamSize(521) } diff --git a/lib/help/key_utils.js b/lib/help/key_utils.js index 2b20dacdae..356c3390d0 100644 --- a/lib/help/key_utils.js +++ b/lib/help/key_utils.js @@ -2,24 +2,21 @@ const base64url = require('./base64url') const errors = require('../errors') const asn1 = require('./asn1') -const EC_CURVES = new Set(['P-256', 'P-256K', 'P-384', 'P-521']) +const EC_CURVES = new Set(['P-256', 'P-384', 'P-521']) const oidHexToCurve = new Map([ ['06082a8648ce3d030107', 'P-256'], - ['06052b8104000a', 'P-256K'], ['06052b81040022', 'P-384'], ['06052b81040023', 'P-521'] ]) const EC_KEY_OID = '1.2.840.10045.2.1'.split('.') const crvToOid = new Map([ ['P-256', '1.2.840.10045.3.1.7'.split('.')], - ['P-256K', '1.3.132.0.10'.split('.')], ['P-384', '1.3.132.0.34'.split('.')], ['P-521', '1.3.132.0.35'.split('.')] ]) const crvToOidBuf = new Map([ ['P-256', Buffer.from('06082a8648ce3d030107', 'hex')], - ['P-256K', Buffer.from('06052b8104000a', 'hex')], ['P-384', Buffer.from('06052b81040022', 'hex')], ['P-521', Buffer.from('06052b81040023', 'hex')] ]) diff --git a/lib/help/node_alg.js b/lib/help/node_alg.js index 0e1ae43c49..f5b95ee267 100644 --- a/lib/help/node_alg.js +++ b/lib/help/node_alg.js @@ -4,7 +4,6 @@ module.exports = (alg) => { case 'PS256': case 'HS256': case 'ES256': - case 'ES256K': return 'sha256' case 'RS384': case 'PS384': diff --git a/lib/index.d.ts b/lib/index.d.ts index 5a7dc710b1..6141b81278 100644 --- a/lib/index.d.ts +++ b/lib/index.d.ts @@ -8,7 +8,7 @@ interface KeyParameters { use?: use kid?: string } -type curve = 'P-256' | 'P-256K' | 'P-384' | 'P-521' +type curve = 'P-256' | 'P-384' | 'P-521' type keyType = 'RSA' | 'EC' | 'oct' type keyOperation = 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'wrapKey' | 'unwrapKey' type asymmetricKeyObjectTypes = 'private' | 'public' diff --git a/lib/jwa/ecdh/derive.js b/lib/jwa/ecdh/derive.js index 22b62e0704..91ff7a17b6 100644 --- a/lib/jwa/ecdh/derive.js +++ b/lib/jwa/ecdh/derive.js @@ -6,8 +6,6 @@ const crvToCurve = (crv) => { switch (crv) { case 'P-256': return 'prime256v1' - case 'P-256K': - return 'secp256k1' case 'P-384': return 'secp384r1' case 'P-521': diff --git a/lib/jwa/ecdsa.js b/lib/jwa/ecdsa.js index d69ecefe4a..80df4b2cd5 100644 --- a/lib/jwa/ecdsa.js +++ b/lib/jwa/ecdsa.js @@ -23,7 +23,7 @@ const verify = (jwaAlg, nodeAlg, { [KEYOBJECT]: keyObject }, payload, signature) } module.exports = (JWA) => { - ['ES256', 'ES384', 'ES512', 'ES256K'].forEach((jwaAlg) => { + ['ES256', 'ES384', 'ES512'].forEach((jwaAlg) => { const nodeAlg = resolveNodeAlg(jwaAlg) assert(!JWA.sign.has(jwaAlg), `sign alg ${jwaAlg} already registered`) diff --git a/lib/jwk/key/ec.js b/lib/jwk/key/ec.js index eeac32a266..60bcd5ec96 100644 --- a/lib/jwk/key/ec.js +++ b/lib/jwk/key/ec.js @@ -3,7 +3,7 @@ const { promisify } = require('util') const { THUMBPRINT_MATERIAL, PUBLIC_MEMBERS, PRIVATE_MEMBERS, JWK_MEMBERS } = require('../../help/symbols') const errors = require('../../errors') -const EC_CURVES = new Set(['P-256', 'P-256K', 'P-384', 'P-521']) +const EC_CURVES = new Set(['P-256', 'P-384', 'P-521']) const Key = require('./base') @@ -20,8 +20,6 @@ const crvToDSA = (crv) => { switch (crv) { case 'P-256': return 'ES256' - case 'P-256K': - return 'ES256K' case 'P-384': return 'ES384' case 'P-521': @@ -104,9 +102,6 @@ class ECKey extends Key { throw new errors.JOSENotSupported(`unsupported EC key curve: ${crv}`) } - if (crv === 'P-256K') { - crv = 'secp256k1' - } const { privateKey, publicKey } = await generateKeyPair('ec', { namedCurve: crv }) return privat ? privateKey : publicKey @@ -117,9 +112,6 @@ class ECKey extends Key { throw new errors.JOSENotSupported(`unsupported EC key curve: ${crv}`) } - if (crv === 'P-256K') { - crv = 'secp256k1' - } const { privateKey, publicKey } = generateKeyPairSync('ec', { namedCurve: crv }) return privat ? privateKey : publicKey diff --git a/package.json b/package.json index f266ee7839..b874ea593c 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,6 @@ "jwks", "jws", "jwt", - "secp256k1", "sign", "verify" ], diff --git a/test/fixtures/P-256K.key b/test/fixtures/P-256K.key deleted file mode 100644 index 149e95c8a3..0000000000 --- a/test/fixtures/P-256K.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgxTAmXNRL8ksBlr+F3yXD -rUdRDn1gyIvY/PC2e/iUK7ehRANCAARVFouq0yOD8lFoPORt+K3vOieQ4YNnjapt -nKWOGqyDdeaoE8aEQH9IScXKYVYNTRPa9F7/hx2clSCcRG6OkgLE ------END PRIVATE KEY----- diff --git a/test/fixtures/P-256K.pem b/test/fixtures/P-256K.pem deleted file mode 100644 index 7affcba985..0000000000 --- a/test/fixtures/P-256K.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEVRaLqtMjg/JRaDzkbfit7zonkOGDZ42q -bZyljhqsg3XmqBPGhEB/SEnFymFWDU0T2vRe/4cdnJUgnERujpICxA== ------END PUBLIC KEY----- diff --git a/test/fixtures/index.js b/test/fixtures/index.js index f1e6a0773b..51cfeba94b 100644 --- a/test/fixtures/index.js +++ b/test/fixtures/index.js @@ -28,14 +28,6 @@ module.exports.JWK = { d: '_i_1Ac5oVmbBxGvEvOEFHMpzMXKZi8voUx8I3Gl6IxY' }, - 'P-256K': { - kty: 'EC', - crv: 'P-256', - x: 'VRaLqtMjg_JRaDzkbfit7zonkOGDZ42qbZyljhqsg3U', - y: '5qgTxoRAf0hJxcphVg1NE9r0Xv-HHZyVIJxEbo6SAsQ', - d: 'xTAmXNRL8ksBlr-F3yXDrUdRDn1gyIvY_PC2e_iUK7c' - }, - 'P-384': { kty: 'EC', crv: 'P-384', @@ -64,10 +56,6 @@ module.exports.PEM = { private: readFileSync(join(__dirname, 'P-256.key')), public: readFileSync(join(__dirname, 'P-256.pem')) }, - 'P-256K': { - private: readFileSync(join(__dirname, 'P-256K.key')), - public: readFileSync(join(__dirname, 'P-256K.pem')) - }, 'P-384': { private: readFileSync(join(__dirname, 'P-384.key')), public: readFileSync(join(__dirname, 'P-384.pem')) diff --git a/test/jwk/ec.test.js b/test/jwk/ec.test.js index 6c7687834a..2f2dc0ab3d 100644 --- a/test/jwk/ec.test.js +++ b/test/jwk/ec.test.js @@ -25,16 +25,10 @@ test('Unusable with unsupported curves', t => { Object.entries({ 'P-256': [256, 'rDd6H6t9-nJUoz72nTpz8tInvypVWhE2iQoPznj8ZY8'], - 'P-256K': [256, 'zZYrH69YCAAihM7ZCoRj90VI55H5MmQscSpf-JuUS50'], 'P-384': [384, '5gebayAhpztJCs4Pxo-z1hhsN0upoyG2NAoKpiiH2b0'], 'P-521': [512, 'BQtkbSY3xgN4M2ZP3IHMLG7-Rp1L29teCMfNqgJHtTY'] }).forEach(([crv, [len, kid]]) => { - let alg - if (crv === 'P-256K') { - alg = 'ES256K' - } else { - alg = `ES${len}` - } + const alg = `ES${len}` // private ;(() => { diff --git a/test/jwk/generate.test.js b/test/jwk/generate.test.js index a7445a7a74..d62e0571b8 100644 --- a/test/jwk/generate.test.js +++ b/test/jwk/generate.test.js @@ -23,13 +23,6 @@ const { JWK: { generate, generateSync }, errors } = require('../..') ['EC', 'P-256', { use: 'enc', alg: 'ECDH-ES' }], ['EC', 'P-256', { alg: 'ES256' }], ['EC', 'P-256', { alg: 'ECDH-ES' }], - ['EC', 'P-256K'], - ['EC', 'P-256K', { use: 'sig' }], - ['EC', 'P-256K', { use: 'enc' }], - ['EC', 'P-256K', { use: 'sig', alg: 'ES256K' }], - ['EC', 'P-256K', { use: 'enc', alg: 'ECDH-ES' }], - ['EC', 'P-256K', { alg: 'ES256K' }], - ['EC', 'P-256K', { alg: 'ECDH-ES' }], ['EC', 'P-384'], ['EC', 'P-384', { use: 'sig' }], ['EC', 'P-384', { use: 'enc' }],