Skip to content

Commit

Permalink
Add ES256K support (#90)
Browse files Browse the repository at this point in the history
  • Loading branch information
imirkin authored Feb 1, 2024
1 parent c1569b7 commit e6a7ae7
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 6 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ José is extensively tested against the RFC test vectors.
| ES256 | YES | Signature | EC |
| ES384 | YES | Signature | EC |
| ES512 | YES | Signature | EC |
| ES256K | YES | Signature | EC |
| PS256 | YES | Signature | RSA |
| PS384 | YES | Signature | RSA |
| PS512 | YES | Signature | RSA |
Expand Down
3 changes: 2 additions & 1 deletion lib/openssl/ec.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,11 @@ jwk_make_execute(jose_cfg_t *cfg, json_t *jwk)
if (json_unpack(jwk, "{s?s}", "crv", &crv) < 0)
return false;

switch (str2enum(crv, "P-256", "P-384", "P-521", NULL)) {
switch (str2enum(crv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
case 0: nid = NID_X9_62_prime256v1; break;
case 1: nid = NID_secp384r1; break;
case 2: nid = NID_secp521r1; break;
case 3: nid = NID_secp256k1; break;
default: return false;
}

Expand Down
29 changes: 25 additions & 4 deletions lib/openssl/ecdsa.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

#include <string.h>

#define NAMES "ES256", "ES384", "ES512"
#define NAMES "ES256", "ES384", "ES512", "ES256K"

typedef struct {
jose_io_t io;
Expand Down Expand Up @@ -137,6 +137,19 @@ alg2crv(const char *alg)
case 0: return "P-256";
case 1: return "P-384";
case 2: return "P-521";
case 3: return "secp256k1";
default: return NULL;
}
}

static const char *
alg2hash(const char *alg)
{
switch (str2enum(alg, NAMES, NULL)) {
case 0: return "S256";
case 1: return "S384";
case 2: return "S512";
case 3: return "S256";
default: return NULL;
}
}
Expand Down Expand Up @@ -200,10 +213,11 @@ alg_sign_sug(const jose_hook_alg_t *alg, jose_cfg_t *cfg, const json_t *jwk)
if (!type || strcmp(type, "EC") != 0)
return NULL;

switch (str2enum(curv, "P-256", "P-384", "P-521", NULL)) {
switch (str2enum(curv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
case 0: return "ES256";
case 1: return "ES384";
case 2: return "ES512";
case 3: return "ES256K";
default: return NULL;
}
}
Expand All @@ -216,7 +230,7 @@ alg_sign_sig(const jose_hook_alg_t *alg, jose_cfg_t *cfg, json_t *jws,
jose_io_auto_t *io = NULL;
io_t *i = NULL;

halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, &alg->name[1]);
halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, alg2hash(alg->name));
if (!halg)
return NULL;

Expand Down Expand Up @@ -248,7 +262,7 @@ alg_sign_ver(const jose_hook_alg_t *alg, jose_cfg_t *cfg, const json_t *jws,
jose_io_auto_t *io = NULL;
io_t *i = NULL;

halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, &alg->name[1]);
halg = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_HASH, alg2hash(alg->name));
if (!halg)
return NULL;

Expand Down Expand Up @@ -302,6 +316,13 @@ constructor(void)
.sign.sug = alg_sign_sug,
.sign.sig = alg_sign_sig,
.sign.ver = alg_sign_ver },
{ .kind = JOSE_HOOK_ALG_KIND_SIGN,
.name = "ES256K",
.sign.sprm = "sign",
.sign.vprm = "verify",
.sign.sug = alg_sign_sug,
.sign.sig = alg_sign_sig,
.sign.ver = alg_sign_ver },
{}
};

Expand Down
4 changes: 3 additions & 1 deletion lib/openssl/jwk.c
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,7 @@ jose_openssl_jwk_from_EC_POINT(jose_cfg_t *cfg, const EC_GROUP *grp,
case NID_X9_62_prime256v1: crv = "P-256"; break;
case NID_secp384r1: crv = "P-384"; break;
case NID_secp521r1: crv = "P-521"; break;
case NID_secp256k1: crv = "secp256k1"; break;
default: return NULL;
}

Expand Down Expand Up @@ -366,10 +367,11 @@ jose_openssl_jwk_to_EC_KEY(jose_cfg_t *cfg, const json_t *jwk)
if (strcmp(kty, "EC") != 0)
return NULL;

switch (str2enum(crv, "P-256", "P-384", "P-521", NULL)) {
switch (str2enum(crv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
case 0: nid = NID_X9_62_prime256v1; break;
case 1: nid = NID_secp384r1; break;
case 2: nid = NID_secp521r1; break;
case 3: nid = NID_secp256k1; break;
default: return NULL;
}

Expand Down
1 change: 1 addition & 0 deletions tests/jose-jwk-gen
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ done
jose jwk gen -i '{ "kty": "EC", "crv": "P-256" }'
jose jwk gen -i '{ "kty": "EC", "crv": "P-384" }'
jose jwk gen -i '{ "kty": "EC", "crv": "P-521" }'
jose jwk gen -i '{ "kty": "EC", "crv": "secp256k1" }'

jose jwk gen -i '{ "kty": "RSA", "bits": 3072 }'
! jose jwk gen -i '{ "kty": "RSA", "bits": 3072, "e": 257 }'
Expand Down

0 comments on commit e6a7ae7

Please sign in to comment.