Merge pull request #5 from pluots/rustcrypto-dsa

Switch to using rustcrypto for JWK verification DSA
pluots · Nov 14, 2023 · 9a55f69 · 9a55f69
2 parents b78c3b9 + 47be9cb
commit 9a55f69
Show file tree

Hide file tree

Showing 8 changed files with 384 additions and 254 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,9 +18,8 @@ path = "src/main.rs"
 [dependencies]
 clap = { version = "4.4.7", features = ["derive"] }
 env_logger = "0.10.0"
-josekit = "0.8.4"
 log = "0.4.20"
-serde = "1.0.190"
+serde = { version = "1.0.190", features = ["derive"] }
 sha2 = "0.10.8"
 serde_json = { version = "1.0.108", features = ["preserve_order"] }
 ureq = { version = "2.8.0", features = ["json"] }
@@ -35,6 +34,8 @@ elliptic-curve = { version = "0.13.6", features = ["jwk"] }
 primeorder = "0.13.3"
 aead = "0.5.2"
 concat-kdf = "0.1.0"
+ecdsa = "0.16.8"
+zeroize = { version = "1.6.0", features = ["serde"] }
 
 # vsss-rs = "2.7.1"
 

diff --git a/src/error.rs b/src/error.rs
@@ -1,34 +1,36 @@
 use std::{fmt, io, str::Utf8Error};
 
-use josekit::jwk::Jwk;
+use crate::jose::Jwk;
 
 pub type Result<T, E = Error> = core::result::Result<T, E>;
 
 #[derive(Debug)]
 pub enum Error {
     Server(Box<ureq::Error>),
-    Algorithm(Box<str>, &'static str),
+    Algorithm(Box<str>),
     IoError(io::Error),
     MissingKeyOp(Box<str>),
     JsonMissingKey(Box<str>),
     JsonKeyType(Box<str>),
     Utf8(Utf8Error),
     Base64(base64ct::Error),
     Json(serde_json::Error),
-    Jose(josekit::JoseError),
+    // Jose(josekit::JoseError),
     KeyType(Box<str>),
     VerifyKey,
-    InvalidPublicKey(Jwk),
-    EllipitcCurve(elliptic_curve::Error),
+    InvalidPublicKey(Box<Jwk>),
+    EllipitcCurve,
     MissingPublicKey,
     IdentityPointCreated,
+    EcDsa,
+    FailedVerification,
 }
 
 impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             Self::Server(e) => write!(f, "server error: {e}"),
-            Self::Algorithm(v, c) => write!(f, "invalid algorithm {v} for {c}"),
+            Self::Algorithm(v) => write!(f, "unsupported algorithm {v}"),
             Error::IoError(e) => write!(f, "io error {e}"),
             Error::MissingKeyOp(e) => write!(f, "no key operation {e}"),
             Error::Json(e) => write!(f, "json serde error: {e}"),
@@ -38,11 +40,13 @@ impl fmt::Display for Error {
             Error::Base64(e) => write!(f, "base64 error {e}"),
             Self::VerifyKey => write!(f, "missing a key marked 'verify'"),
             Self::KeyType(v) => write!(f, "unsupported key type {v}"),
-            Error::Jose(e) => write!(f, "jose error {e}"),
+            // Error::Jose(e) => write!(f, "jose error {e}"),
             Error::InvalidPublicKey(key) => write!(f, "invalid public key {key}"),
-            Error::EllipitcCurve(_) => write!(f, "elliptic curve cryptography"),
+            Error::EllipitcCurve => write!(f, "elliptic curve cryptography"),
             Error::MissingPublicKey => write!(f, "could not locate a key with the correct key ID"),
             Error::IdentityPointCreated => write!(f, "math resulted an an identity key"),
+            Error::EcDsa => write!(f, "error with verification"),
+            Error::FailedVerification => write!(f, "key verification failed"),
         }
     }
 }
@@ -79,14 +83,14 @@ impl From<serde_json::Error> for Error {
     }
 }
 
-impl From<josekit::JoseError> for Error {
-    fn from(value: josekit::JoseError) -> Self {
-        Self::Jose(value)
+impl From<elliptic_curve::Error> for Error {
+    fn from(_value: elliptic_curve::Error) -> Self {
+        Self::EllipitcCurve
     }
 }
 
-impl From<elliptic_curve::Error> for Error {
-    fn from(value: elliptic_curve::Error) -> Self {
-        Self::EllipitcCurve(value)
+impl From<ecdsa::Error> for Error {
+    fn from(_value: ecdsa::Error) -> Self {
+        Self::EcDsa
     }
 }