Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix jwk usage #249

Merged
merged 4 commits into from
Nov 7, 2022
Merged

Fix jwk usage #249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4e57fd4
Separate signer from key and from jwk
decentralgabe Nov 5, 2022
df94d42
add signing and verifying key validation
decentralgabe Nov 5, 2022
2e80142
Update crypto/jwk.go
decentralgabe Nov 7, 2022
0ede2df
key type var
decentralgabe Nov 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 4 additions & 16 deletions credential/exchange/request_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,17 @@ package exchange
import (
"testing"

"github.com/TBD54566975/ssi-sdk/crypto"
"github.com/goccy/go-json"
"github.com/lestrrat-go/jwx/jwk"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/TBD54566975/ssi-sdk/crypto"
)

func TestBuildPresentationRequest(t *testing.T) {
t.Run("JWT Request", func(t *testing.T) {
_, privKey, err := crypto.GenerateEd25519Key()
assert.NoError(t, err)

key, err := jwk.New(privKey)
require.NoError(t, err)

signer, err := crypto.NewJWTSigner("test-id", key)
signer, err := crypto.NewJWTSigner("test-id", privKey)
assert.NoError(t, err)

testDef := getDummyPresentationDefinition()
Expand All @@ -42,10 +36,7 @@ func TestBuildPresentationRequest(t *testing.T) {
_, privKey, err := crypto.GenerateEd25519Key()
assert.NoError(t, err)

key, err := jwk.New(privKey)
require.NoError(t, err)

signer, err := crypto.NewJWTSigner("test-id", key)
signer, err := crypto.NewJWTSigner("test-id", privKey)
assert.NoError(t, err)

testDef := getDummyPresentationDefinition()
Expand All @@ -68,10 +59,7 @@ func TestBuildPresentationRequest(t *testing.T) {
_, privKey, err := crypto.GenerateEd25519Key()
assert.NoError(t, err)

key, err := jwk.New(privKey)
require.NoError(t, err)

signer, err := crypto.NewJWTSigner("test-id", key)
signer, err := crypto.NewJWTSigner("test-id", privKey)
assert.NoError(t, err)

testDef := getDummyPresentationDefinition()
Expand Down
2 changes: 1 addition & 1 deletion credential/exchange/submission_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -791,7 +791,7 @@ func getJWKSignerVerifier(t *testing.T) (*crypto.JWTSigner, *crypto.JWTVerifier)
require.NoError(t, err)

kid := "test-key"
signer, err := crypto.NewJWTSigner(kid, key)
signer, err := crypto.NewJWTSignerFromKey(kid, key)
require.NoError(t, err)

verifier, err := signer.ToVerifier()
Expand Down
5 changes: 1 addition & 4 deletions credential/manifest/validation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"github.com/TBD54566975/ssi-sdk/crypto"
"github.com/TBD54566975/ssi-sdk/cryptosuite"
"github.com/goccy/go-json"
"github.com/lestrrat-go/jwx/jwk"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
Expand Down Expand Up @@ -411,9 +410,7 @@ func getValidTestCredManifestCredApplicationJWTCred(t *testing.T) (CredentialMan
// turn into a jwt
_, privKey, err := crypto.GenerateEd25519Key()
require.NoError(t, err)
key, err := jwk.New(privKey)
require.NoError(t, err)
signer, err := crypto.NewJWTSigner("test-kid", key)
signer, err := crypto.NewJWTSigner("test-kid", privKey)
require.NoError(t, err)
jwt, err := signing.SignVerifiableCredentialJWT(*signer, vc)
require.NoError(t, err)
Expand Down
2 changes: 1 addition & 1 deletion credential/signing/jwt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func getTestVectorKey0Signer(t *testing.T) crypto.JWTSigner {
D: "pLMxJruKPovJlxF3Lu_x9Aw3qe2wcj5WhKUAXYLBjwE",
}

signer, err := crypto.NewJWTSigner(knownJWK.KID, knownJWK)
signer, err := crypto.NewJWTSignerFromJWK(knownJWK.KID, knownJWK)
assert.NoError(t, err)
return *signer
}
2 changes: 1 addition & 1 deletion credential/util/util_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ func TestCredentialsFromInterface(t *testing.T) {
D: "pLMxJruKPovJlxF3Lu_x9Aw3qe2wcj5WhKUAXYLBjwE",
}

signer, err := crypto.NewJWTSigner(knownJWK.KID, knownJWK)
signer, err := crypto.NewJWTSignerFromJWK(knownJWK.KID, knownJWK)
assert.NoError(tt, err)

testCred := getTestCredential()
Expand Down
168 changes: 148 additions & 20 deletions crypto/jwk.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func JWKToPrivateKeyJWK(key jwk.Key) (*PrivateKeyJWK, error) {
return nil, err
}
var privateKeyJWK PrivateKeyJWK
if err := json.Unmarshal(keyBytes, &privateKeyJWK); err != nil {
if err = json.Unmarshal(keyBytes, &privateKeyJWK); err != nil {
return nil, err
}
return &privateKeyJWK, nil
Expand All @@ -70,48 +70,93 @@ func JWKToPublicKeyJWK(key jwk.Key) (*PublicKeyJWK, error) {
return nil, err
}
var pubKeyJWK PublicKeyJWK
if err := json.Unmarshal(keyBytes, &pubKeyJWK); err != nil {
if err = json.Unmarshal(keyBytes, &pubKeyJWK); err != nil {
return nil, err
}
return &pubKeyJWK, nil
}

// PublicKeyToJWK converts a public key to a JWK
func PublicKeyToJWK(key crypto.PublicKey) (jwk.Key, error) {
switch k := key.(type) {
case rsa.PublicKey:
return jwkKeyFromRSAPublicKey(k)
case ed25519.PublicKey:
return jwkKeyFromEd25519PublicKey(k)
case x25519.PublicKey:
return jwkKeyFromX25519PublicKey(k)
case secp256k1.PublicKey:
return jwkKeyFromSECP256k1PublicKey(k)
case ecdsa.PublicKey:
return jwkKeyFromECDSAPublicKey(k)
default:
return nil, fmt.Errorf("unsupported public key type: %T", k)
}
}

// PublicKeyToPublicKeyJWK converts a public key to a PublicKeyJWK
func PublicKeyToPublicKeyJWK(key crypto.PublicKey) (*PublicKeyJWK, error) {
switch key.(type) {
switch k := key.(type) {
case rsa.PublicKey:
return jwkFromRSAPublicKey(key.(rsa.PublicKey))
return jwkFromRSAPublicKey(k)
case ed25519.PublicKey:
return jwkFromEd25519PublicKey(key.(ed25519.PublicKey))
return jwkFromEd25519PublicKey(k)
case x25519.PublicKey:
return jwkFromX25519PublicKey(key.(x25519.PublicKey))
return jwkFromX25519PublicKey(k)
case secp256k1.PublicKey:
return jwkFromSECP256k1PublicKey(key.(secp256k1.PublicKey))
return jwkFromSECP256k1PublicKey(k)
case ecdsa.PublicKey:
return jwkFromECDSAPublicKey(key.(ecdsa.PublicKey))
return jwkFromECDSAPublicKey(k)
default:
return nil, fmt.Errorf("unsupported public key type: %T", k)
}
}

// PrivateKeyToJWK converts a private key to a JWK
func PrivateKeyToJWK(key crypto.PrivateKey) (jwk.Key, error) {
switch k := key.(type) {
case rsa.PrivateKey:
return jwkKeyFromRSAPrivateKey(k)
case ed25519.PrivateKey:
return jwkKeyFromEd25519PrivateKey(k)
case x25519.PrivateKey:
return jwkKeyFromX25519PrivateKey(k)
case secp256k1.PrivateKey:
return jwkKeyFromSECP256k1PrivateKey(k)
case ecdsa.PrivateKey:
return jwkKeyFromECDSAPrivateKey(k)
default:
return nil, fmt.Errorf("unsupported public key type: %T", key)
return nil, fmt.Errorf("unsupported private key type: %T", k)
}
}

// PrivateKeyToPrivateKeyJWK converts a private key to a PrivateKeyJWK
func PrivateKeyToPrivateKeyJWK(key crypto.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error) {
switch key.(type) {
switch k := key.(type) {
case rsa.PrivateKey:
return jwkFromRSAPrivateKey(key.(rsa.PrivateKey))
return jwkFromRSAPrivateKey(k)
case ed25519.PrivateKey:
return jwkFromEd25519PrivateKey(key.(ed25519.PrivateKey))
return jwkFromEd25519PrivateKey(k)
case x25519.PrivateKey:
return jwkFromX25519PrivateKey(key.(x25519.PrivateKey))
return jwkFromX25519PrivateKey(k)
case secp256k1.PrivateKey:
return jwkFromSECP256k1PrivateKey(key.(secp256k1.PrivateKey))
return jwkFromSECP256k1PrivateKey(k)
case ecdsa.PrivateKey:
return jwkFromECDSAPrivateKey(key.(ecdsa.PrivateKey))
return jwkFromECDSAPrivateKey(k)
default:
return nil, nil, fmt.Errorf("unsupported private key type: %T", key)
return nil, nil, fmt.Errorf("unsupported private key type: %T", k)
}
}

// jwkKeyFromRSAPrivateKey converts a RSA private key to a JWK
func jwkKeyFromRSAPrivateKey(key rsa.PrivateKey) (jwk.Key, error) {
rsaJWK := jwk.NewRSAPrivateKey()
if err := rsaJWK.FromRaw(&key); err != nil {
return nil, errors.Wrap(err, "failed to generate rsa jwk")
}
return rsaJWK, nil
}

// jwkFromRSAPrivateKey converts a RSA private key to a JWK
func jwkFromRSAPrivateKey(key rsa.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error) {
rsaJWK := jwk.NewRSAPrivateKey()
Expand Down Expand Up @@ -141,6 +186,15 @@ func jwkFromRSAPrivateKey(key rsa.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, er
return &publicKeyJWK, &privateKeyJWK, nil
}

// jwkKeyFromRSAPublicKey converts a RSA public key to a JWK
func jwkKeyFromRSAPublicKey(key rsa.PublicKey) (jwk.Key, error) {
rsaJWK := jwk.NewRSAPublicKey()
if err := rsaJWK.FromRaw(&key); err != nil {
return nil, errors.Wrap(err, "failed to generate rsa jwk")
}
return rsaJWK, nil
}

// jwkFromRSAPublicKey converts a RSA public key to a JWK
func jwkFromRSAPublicKey(key rsa.PublicKey) (*PublicKeyJWK, error) {
rsaJWK := jwk.NewRSAPublicKey()
Expand All @@ -157,6 +211,15 @@ func jwkFromRSAPublicKey(key rsa.PublicKey) (*PublicKeyJWK, error) {
}, nil
}

// jwkKeyFromEd25519PrivateKey converts a Ed25519 private key to a JWK
func jwkKeyFromEd25519PrivateKey(key ed25519.PrivateKey) (jwk.Key, error) {
ed25519JWK := jwk.NewOKPPrivateKey()
if err := ed25519JWK.FromRaw(key); err != nil {
return nil, errors.Wrap(err, "failed to generate ed25519 jwk")
}
return ed25519JWK, nil
}

// jwkFromEd25519PrivateKey converts a Ed25519 private key to a JWK
func jwkFromEd25519PrivateKey(key ed25519.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error) {
ed25519JWK := jwk.NewOKPPrivateKey()
Expand All @@ -181,6 +244,15 @@ func jwkFromEd25519PrivateKey(key ed25519.PrivateKey) (*PublicKeyJWK, *PrivateKe
return &publicKeyJWK, &privateKeyJWK, nil
}

// jwkKeyFromEd25519PublicKey converts a Ed25519 public key to a JWK
func jwkKeyFromEd25519PublicKey(key ed25519.PublicKey) (jwk.Key, error) {
ed25519JWK := jwk.NewOKPPublicKey()
if err := ed25519JWK.FromRaw(key); err != nil {
return nil, errors.Wrap(err, "failed to generate ed25519 jwk")
}
return ed25519JWK, nil
}

// jwkFromEd25519PublicKey converts a Ed25519 public key to a JWK
func jwkFromEd25519PublicKey(key ed25519.PublicKey) (*PublicKeyJWK, error) {
ed25519JWK := jwk.NewOKPPublicKey()
Expand All @@ -197,22 +269,44 @@ func jwkFromEd25519PublicKey(key ed25519.PublicKey) (*PublicKeyJWK, error) {
}, nil
}

// jwkFromX25519PrivateKey converts a X25519 private key to a JWK
func jwkKeyFromX25519PrivateKey(key x25519.PrivateKey) (jwk.Key, error) {
return jwkKeyFromEd25519PrivateKey(ed25519.PrivateKey(key))
}

// jwkFromX25519PrivateKey converts a X25519 private key to a JWK
func jwkFromX25519PrivateKey(key x25519.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error) {
return jwkFromEd25519PrivateKey(ed25519.PrivateKey(key))
}

// jwkKeyFromX25519PublicKey converts a X25519 public key to a JWK
func jwkKeyFromX25519PublicKey(key x25519.PublicKey) (jwk.Key, error) {
return jwkKeyFromEd25519PublicKey(ed25519.PublicKey(key))
}

// jwkFromX25519PublicKey converts a X25519 public key to a JWK
func jwkFromX25519PublicKey(key x25519.PublicKey) (*PublicKeyJWK, error) {
return jwkFromEd25519PublicKey(ed25519.PublicKey(key))
}

// jwkKeyFromSECP256k1PrivateKey converts a SECP256k1 private key to a JWK
func jwkKeyFromSECP256k1PrivateKey(key secp256k1.PrivateKey) (jwk.Key, error) {
ecdsaPrivKey := key.ToECDSA()
secp256k1JWK := jwk.NewECDSAPrivateKey()
if err := secp256k1JWK.FromRaw(ecdsaPrivKey); err != nil {
err = errors.Wrap(err, "failed to generate secp256k1 jwk")
logrus.WithError(err).Error("could not extract key from raw private key")
return nil, err
}
return secp256k1JWK, nil
}

// jwkFromSECP256k1PrivateKey converts a SECP256k1 private key to a JWK
func jwkFromSECP256k1PrivateKey(key secp256k1.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error) {
ecdsaPrivKey := key.ToECDSA()
secp256k1JWK := jwk.NewECDSAPrivateKey()
if err := secp256k1JWK.FromRaw(ecdsaPrivKey); err != nil {
err := errors.Wrap(err, "failed to generate secp256k1 jwk")
err = errors.Wrap(err, "failed to generate secp256k1 jwk")
logrus.WithError(err).Error("could not extract key from raw private key")
return nil, nil, err
}
Expand All @@ -237,12 +331,24 @@ func jwkFromSECP256k1PrivateKey(key secp256k1.PrivateKey) (*PublicKeyJWK, *Priva
return &publicKeyJWK, &privateKeyJWK, nil
}

// jwkKeyFromSECP256k1PublicKey converts a SECP256k1 public key to a JWK
func jwkKeyFromSECP256k1PublicKey(key secp256k1.PublicKey) (jwk.Key, error) {
ecdsaPubKey := key.ToECDSA()
secp256k1JWK := jwk.NewECDSAPublicKey()
if err := secp256k1JWK.FromRaw(ecdsaPubKey); err != nil {
err = errors.Wrap(err, "failed to generate secp256k1 jwk")
logrus.WithError(err).Error("could not extract key from raw public key")
return nil, err
}
return secp256k1JWK, nil
}

// jwkFromSECP256k1PublicKey converts a SECP256k1 public key to a JWK
func jwkFromSECP256k1PublicKey(key secp256k1.PublicKey) (*PublicKeyJWK, error) {
ecdsaPubKey := key.ToECDSA()
secp256k1JWK := jwk.NewECDSAPublicKey()
if err := secp256k1JWK.FromRaw(ecdsaPubKey); err != nil {
err := errors.Wrap(err, "failed to generate secp256k1 jwk")
err = errors.Wrap(err, "failed to generate secp256k1 jwk")
logrus.WithError(err).Error("could not extract key from raw public key")
return nil, err
}
Expand All @@ -258,11 +364,22 @@ func jwkFromSECP256k1PublicKey(key secp256k1.PublicKey) (*PublicKeyJWK, error) {
}, nil
}

// jwkKeyFromECDSAPrivateKey converts a ECDSA private key to a JWK
func jwkKeyFromECDSAPrivateKey(key ecdsa.PrivateKey) (jwk.Key, error) {
ecdsaKey := jwk.NewECDSAPrivateKey()
if err := ecdsaKey.FromRaw(&key); err != nil {
err = errors.Wrap(err, "failed to generate ecdsa jwk")
logrus.WithError(err).Error("could not extract key from raw private key")
return nil, err
}
return ecdsaKey, nil
}

// jwkFromECDSAPrivateKey converts a ECDSA private key to a JWK
func jwkFromECDSAPrivateKey(key ecdsa.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK, error) {
ecdsaKey := jwk.NewECDSAPrivateKey()
if err := ecdsaKey.FromRaw(&key); err != nil {
err := errors.Wrap(err, "failed to generate ecdsa jwk")
err = errors.Wrap(err, "failed to generate ecdsa jwk")
logrus.WithError(err).Error("could not extract key from raw private key")
return nil, nil, err
}
Expand All @@ -287,11 +404,22 @@ func jwkFromECDSAPrivateKey(key ecdsa.PrivateKey) (*PublicKeyJWK, *PrivateKeyJWK
return &publicKeyJWK, &privateKeyJWK, nil
}

// jwkKeyFromECDSAPublicKey converts a ECDSA public key to a JWK
func jwkKeyFromECDSAPublicKey(key ecdsa.PublicKey) (jwk.Key, error) {
ecdsaKey := jwk.NewECDSAPublicKey()
if err := ecdsaKey.FromRaw(&key); err != nil {
err = errors.Wrap(err, "failed to generate ecdsa jwk")
logrus.WithError(err).Error("could not extract key from raw private key")
return nil, err
}
return ecdsaKey, nil
}

// jwkFromECDSAPublicKey converts a ECDSA public key to a JWK
func jwkFromECDSAPublicKey(key ecdsa.PublicKey) (*PublicKeyJWK, error) {
ecdsaKey := jwk.NewECDSAPublicKey()
if err := ecdsaKey.FromRaw(&key); err != nil {
err := errors.Wrap(err, "failed to generate ecdsa jwk")
err = errors.Wrap(err, "failed to generate ecdsa jwk")
logrus.WithError(err).Error("could not extract key from raw private key")
return nil, err
}
Expand Down
Loading