cleaning

src/cose/Params.ts

@@ -96,7 +96,8 @@ export const Hash = {
 }
 
 export const Signature = {
-  'ES256': -7
+  'ES256': -7,
+  'ES384': -35
 }
 
 
@@ -124,11 +125,13 @@ export const KeyTypes = {
 export const KeyType = 1
 export const KeyAlg = 3
 export const KeyCurve = -1
+export const KeyId = 2
 
 export const Epk = {
   Kty: KeyType,
   Crv: KeyCurve,
-  Alg: KeyAlg
+  Alg: KeyAlg,
+  Kid: KeyId
 }
 
 export const Key = {

src/cose/key/convertJsonWebKeyToCoseKey.ts

@@ -7,7 +7,7 @@ import { IANACOSEAlgorithms } from '../algorithms';
 import { IANACOSEKeyTypeParameters, IANACOSEKeyTypeParameter } from '../key-type-parameters';
 import { IANACOSEKeyTypes } from '../key-type';
 import { IANACOSEEllipticCurves } from '../elliptic-curves';
-import { PublicKeyJwk, SecretKeyJwk } from '../sign1';
+import { PublicKeyJwk, PrivateKeyJwk } from '../sign1';
 
 
 const algorithms = Object.values(IANACOSEAlgorithms)
@@ -40,7 +40,7 @@ const getKeyTypeSpecificLabel = (keyType: 'EC2' | 'OKP', keyTypeParam: string) =
   return label
 }
 
-export const convertJsonWebKeyToCoseKey = async <T>(jwk: PublicKeyJwk | SecretKeyJwk): Promise<T> => {
+export const convertJsonWebKeyToCoseKey = async <T>(jwk: PublicKeyJwk | PrivateKeyJwk): Promise<T> => {
 
   const { kty } = jwk
   let coseKty = `${kty}` as 'OKP' | 'EC' | 'EC2'; // evidence of terrible design.

src/cose/key/index.ts

@@ -1,9 +1,9 @@
 
 
 
-import { PublicKeyJwk, SecretKeyJwk } from '../sign1'
+import { PublicKeyJwk, PrivateKeyJwk } from '../sign1'
 
-export type JsonWebKey = SecretKeyJwk | PublicKeyJwk
+export type JsonWebKey = PrivateKeyJwk | PublicKeyJwk
 
 export type CoseMapKey = string | number
 export type CoseMapValue = Uint8Array | ArrayBuffer | string | number | Map<CoseMapKey, unknown>

src/cose/key/publicFromPrivate.ts

@@ -1,8 +1,8 @@
 import { CoseKey } from ".";
-import { SecretKeyJwk } from "../sign1";
+import { PrivateKeyJwk } from "../sign1";
 
 
-export const extracePublicKeyJwk = (privateKeyJwk: SecretKeyJwk) => {
+export const extractPublicKeyJwk = (privateKeyJwk: PrivateKeyJwk) => {
   if (privateKeyJwk.kty !== 'EC') {
     throw new Error('Only EC keys are supported')
   }
@@ -23,9 +23,9 @@ export const extractPublicCoseKey = (secretKey: CoseKey) => {
   return publicCoseKeyMap
 }
 
-export const publicFromPrivate = <T>(secretKey: SecretKeyJwk | CoseKey) => {
+export const publicFromPrivate = <T>(secretKey: PrivateKeyJwk | CoseKey) => {
   if ((secretKey as any).kty) {
-    return extracePublicKeyJwk(secretKey as SecretKeyJwk) as T
+    return extractPublicKeyJwk(secretKey as PrivateKeyJwk) as T
   }
   return extractPublicCoseKey(secretKey as CoseKey) as T
 }

src/cose/sign1/types.ts

@@ -8,8 +8,8 @@ export type DecodedCoseSign1 = {
   value: CoseSign1Structure
 }
 
-export type SecretKeyJwk = JsonWebKey & { d: string, kid?: string }
-export type PublicKeyJwk = Omit<SecretKeyJwk, 'd'>
+export type PrivateKeyJwk = JsonWebKey & { d: string, kid?: string }
+export type PublicKeyJwk = Omit<PrivateKeyJwk, 'd'>
 
 export type RequestCoseSign1Signer = {
   remote: {

src/crypto/signer.ts

@@ -1,12 +1,12 @@
 
 import { toArrayBuffer } from '../cbor'
-import { SecretKeyJwk } from '../cose/sign1'
+import { PrivateKeyJwk } from '../cose/sign1'
 
 import subtleCryptoProvider from './subtleCryptoProvider'
 
 import getDigestFromVerificationKey from '../cose/sign1/getDigestFromVerificationKey'
 
-const signer = ({ privateKeyJwk }: { privateKeyJwk: SecretKeyJwk }) => {
+const signer = ({ privateKeyJwk }: { privateKeyJwk: PrivateKeyJwk }) => {
   const digest = getDigestFromVerificationKey(`${privateKeyJwk.alg}`)
   return {
     sign: async (toBeSigned: ArrayBuffer): Promise<ArrayBuffer> => {

src/x509/certificate.ts

@@ -5,7 +5,7 @@ import * as x509 from "@peculiar/x509";
 
 import { CoseSignatureAlgorithms } from '../cose/key';
 
-import { IANACOSEAlgorithms, SecretKeyJwk, detached, RequestCoseSign1VerifyDetached } from '..';
+import { IANACOSEAlgorithms, PrivateKeyJwk, detached, RequestCoseSign1VerifyDetached } from '..';
 
 
 import { decodeFirstSync } from '../cbor'
@@ -99,7 +99,7 @@ const pkcs8Signer = async ({ alg, privateKeyPKCS8 }: { alg: number, privateKeyPK
   if (!foundAlgorithm) {
     throw new Error('Could not find algorithm in registry for: ' + alg)
   }
-  const privateKeyJwk = await exportJWK(await importPKCS8(privateKeyPKCS8, `${foundAlgorithm.Name}`)) as SecretKeyJwk
+  const privateKeyJwk = await exportJWK(await importPKCS8(privateKeyPKCS8, `${foundAlgorithm.Name}`)) as PrivateKeyJwk
   privateKeyJwk.alg = foundAlgorithm.Name;
   return detached.signer({
     remote: crypto.signer({

test/fully-specified.test.ts

@@ -0,0 +1,33 @@
+/* eslint-disable @typescript-eslint/no-unused-vars */
+import fs from 'fs'
+import * as cose from '../src'
+const message = '💣 test ✨ mesage 🔥'
+
+
+// https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/
+
+it('sign and verify', async () => {
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
+  const publicKeyJwk = await cose.key.extractPublicKeyJwk(privateKeyJwk)
+  expect(new TextDecoder().decode(await cose.attached
+    .verifier({
+      resolver: {
+        resolve: async () => {
+          return publicKeyJwk
+        }
+      }
+    })
+    .verify({
+      coseSign1: await cose.attached
+        .signer({
+          remote: cose.crypto.signer({
+            privateKeyJwk
+          })
+        })
+        .sign({
+          protectedHeader: new Map([[1, -7]]),
+          unprotectedHeader: new Map(),
+          payload: new TextEncoder().encode(message)
+        })
+    }))).toBe(message)
+})

test/key.test.ts

@@ -3,22 +3,22 @@ import { base64url } from 'jose'
 import * as transmute from '../src'
 
 it('generate cose key', async () => {
-  const secretKeyJwk1 = await transmute.key.generate<transmute.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const secretKeyJwk1 = await transmute.key.generate<transmute.PrivateKeyJwk>('ES256', 'application/jwk+json')
   const secretKeyCose1 = await transmute.key.convertJsonWebKeyToCoseKey<transmute.key.CoseKey>(secretKeyJwk1)
   expect(secretKeyCose1.get(-1)).toBe(1) // crv : P-256
   const secretKeyCose2 = await transmute.key.generate<transmute.key.CoseKey>('ES256', 'application/cose-key')
   expect(secretKeyCose2.get(-1)).toBe(1) // crv : P-256
-  const secretKeyJwk2 = await transmute.key.convertCoseKeyToJsonWebKey<transmute.SecretKeyJwk>(secretKeyCose1)
+  const secretKeyJwk2 = await transmute.key.convertCoseKeyToJsonWebKey<transmute.PrivateKeyJwk>(secretKeyCose1)
   expect(secretKeyJwk2.kid).toBe(secretKeyJwk1.kid) // text identifiers survive key conversion
   expect(secretKeyJwk2.alg).toBe(secretKeyJwk1.alg)
   expect(secretKeyJwk2.kty).toBe(secretKeyJwk1.kty)
   expect(secretKeyJwk2.crv).toBe(secretKeyJwk1.crv)
   expect(secretKeyJwk2.x).toBe(secretKeyJwk1.x)
   expect(secretKeyJwk2.y).toBe(secretKeyJwk1.y)
   expect(secretKeyJwk2.d).toBe(secretKeyJwk1.d)
-  const secretKeyJwk3 = await transmute.key.convertCoseKeyToJsonWebKey<transmute.SecretKeyJwk>(secretKeyCose1)
+  const secretKeyJwk3 = await transmute.key.convertCoseKeyToJsonWebKey<transmute.PrivateKeyJwk>(secretKeyCose1)
   const secretKeyCose3 = await transmute.key.convertJsonWebKeyToCoseKey<transmute.key.CoseKey>(secretKeyJwk3)
-  const secretKeyJwk4 = await transmute.key.convertCoseKeyToJsonWebKey<transmute.SecretKeyJwk>(secretKeyCose3)
+  const secretKeyJwk4 = await transmute.key.convertCoseKeyToJsonWebKey<transmute.PrivateKeyJwk>(secretKeyCose3)
   expect(secretKeyJwk4.kid).toBe(secretKeyJwk3.kid) // text identifiers survive key conversion
 
 })
@@ -45,7 +45,7 @@ it('generate thumbprints', async () => {
 })
 
 it('public from private for JWK and cose key', async () => {
-  const privateKeyJwk = await transmute.key.generate<transmute.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await transmute.key.generate<transmute.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...expectedPublicKeyJwk } = privateKeyJwk
   const publicKeyJwk = transmute.key.publicFromPrivate<transmute.PublicKeyJwk>(privateKeyJwk)

test/readme.test.ts

@@ -2,10 +2,10 @@ import fs from 'fs'
 import * as cose from '../src'
 
 it('readme', async () => {
-  const issuerSecretKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const issuerSecretKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   const issuerPublicKeyJwk = await cose.key.publicFromPrivate<cose.PublicKeyJwk>(issuerSecretKeyJwk)
 
-  const notarySecretKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const notarySecretKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   const notaryPublicKeyJwk = await cose.key.publicFromPrivate<cose.PublicKeyJwk>(notarySecretKeyJwk)
 
   const issuer = cose.detached.signer({

test/receipt.test.ts

@@ -17,7 +17,7 @@ it('issue & verify', async () => {
     }))
 
 
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...publicKeyJwk } = privateKeyJwk
   const signer = cose.detached.signer({
@@ -71,7 +71,7 @@ it('issue & verify', async () => {
 })
 
 it("add / remove from receipts", async () => {
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   const publicKeyJwk = await cose.key.publicFromPrivate<cose.PublicKeyJwk>(privateKeyJwk)
   const signer = cose.detached.signer({
     remote: cose.crypto.signer({

test/sign1.attached.test.ts

@@ -2,7 +2,7 @@ import fs from 'fs'
 import * as cose from '../src'
 
 it('sign and verify', async () => {
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...publicKeyJwk } = privateKeyJwk
   const signer = cose.attached.signer({
@@ -32,7 +32,7 @@ it('sign and verify', async () => {
 })
 
 it('sign and verify large image from file system', async () => {
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...publicKeyJwk } = privateKeyJwk
   const signer = cose.attached.signer({

test/sign1.detached.test.ts

@@ -2,7 +2,7 @@ import fs from 'fs'
 import * as cose from '../src'
 
 it('sign and verify', async () => {
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...publicKeyJwk } = privateKeyJwk
   const signer = cose.detached.signer({
@@ -36,7 +36,7 @@ it('sign and verify', async () => {
 })
 
 it('sign and verify large image from file system', async () => {
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...publicKeyJwk } = privateKeyJwk
   const signer = cose.detached.signer({

test/signer.test.ts

@@ -3,7 +3,7 @@ import * as cose from '../src'
 
 
 it('sign and verify large image from file system', async () => {
-  const privateKeyJwk = await cose.key.generate<cose.SecretKeyJwk>('ES256', 'application/jwk+json')
+  const privateKeyJwk = await cose.key.generate<cose.PrivateKeyJwk>('ES256', 'application/jwk+json')
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   const { d, ...publicKeyJwk } = privateKeyJwk
   const signer = cose.detached.signer({

test/verifiers.test.ts

@@ -8,19 +8,19 @@ it('verify multiple receipts', async () => {
   const notary2SecretKey = await cose.key.generate<cose.key.CoseKey>('ES256', 'application/cose-key')
   const issuerSigner = cose.detached.signer({
     remote: cose.crypto.signer({
-      privateKeyJwk: await cose.key.convertCoseKeyToJsonWebKey<cose.SecretKeyJwk>(issuerSecretKey)
+      privateKeyJwk: await cose.key.convertCoseKeyToJsonWebKey<cose.PrivateKeyJwk>(issuerSecretKey)
     })
 
   })
   const notary1Signer = cose.detached.signer({
     remote: cose.crypto.signer({
-      privateKeyJwk: await cose.key.convertCoseKeyToJsonWebKey<cose.SecretKeyJwk>(notary1SecretKey)
+      privateKeyJwk: await cose.key.convertCoseKeyToJsonWebKey<cose.PrivateKeyJwk>(notary1SecretKey)
     })
 
   })
   const notary2Signer = cose.detached.signer({
     remote: cose.crypto.signer({
-      privateKeyJwk: await cose.key.convertCoseKeyToJsonWebKey<cose.SecretKeyJwk>(notary2SecretKey)
+      privateKeyJwk: await cose.key.convertCoseKeyToJsonWebKey<cose.PrivateKeyJwk>(notary2SecretKey)
     })
   })
   const issuerCkt = await cose.key.thumbprint.calculateCoseKeyThumbprintUri(issuerSecretKey)