diff --git a/mobile/tool_jwt.html b/mobile/tool_jwt.html
index bc10a20d..85d1d90f 100755
--- a/mobile/tool_jwt.html
+++ b/mobile/tool_jwt.html
@@ -25,12 +25,13 @@
case 5: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
case 6: _setKey(k1PrvP8PPem, ''); break;
case 7: _setKey(k6PrvP8PPem, ''); break;
- case 8: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
+ case 8: _setKey(k5PrvP8PPem, ''); break;
case 9: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
case 10: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
- case 11: _setKey(z4PrvP5PPem, ''); break;
- case 12: _setKey(z4PrvP8PPem, ''); break;
- case 13: _setKey(z4PrvP8EPem, z4PrvP8EPass); break;
+ case 11: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
+ case 12: _setKey(z4PrvP5PPem, ''); break;
+ case 13: _setKey(z4PrvP8PPem, ''); break;
+ case 14: _setKey(z4PrvP8EPem, z4PrvP8EPass); break;
}
}
@@ -136,9 +137,11 @@
case 2: _setKey2(z4PubP8Pem); break;
case 3: _setKey2(z4CertPem); break;
case 4: _setKey2(k1PubP8Pem); break;
- case 4: _setKey2(k1CertPem); break;
- case 5: _setKey2(k6PubP8Pem); break;
- case 5: _setKey2(k6CertPem); break;
+ case 5: _setKey2(k1CertPem); break;
+ case 6: _setKey2(k6PubP8Pem); break;
+ case 7: _setKey2(k6CertPem); break;
+ case 8: _setKey2(k5PubP8Pem); break;
+ case 9: _setKey2(k5CertPem); break;
}
}
@@ -307,6 +310,16 @@
"6xwFR0yaTivuwoyXC+ScGUnwnpaXmid6UUgw4ypbneHsaKuZ9JLdMAo=\n" +
"-----END PRIVATE KEY-----\n";
+var k5PrvP8PPem = "" +
+"-----BEGIN PRIVATE KEY-----\n" +
+"MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRNEQ8Y1gwDMH8pne\n" +
+"z9uq4ODLE/KTx7eCzMNKlGRIhx/8Mo2+B9ORKPMFk4on0wFW7T+rp7NpXm1wxTOY\n" +
+"HSTf7mWhgYkDgYYABADSmlI0TDURn/W+oZrgkPgC0F/56jGtzDFSTQEodep5E0Sw\n" +
+"KvBrWN48PSbxukE9JdXPm2soe1yc9BC/Km6nrQJhnQDeIhUCoVSA8GTZ0EwL1AcT\n" +
+"5YfKcvwwCdM4lHRU1jYXti4IpC/pggFT3N+IRFmS6M8gTYzvxCZMDUnYHimDB+1p\n" +
+"jw==\n" +
+"-----END PRIVATE KEY-----\n";
+
// PUBLIC KEY
var z4PubP8Pem = "" +
"-----BEGIN PUBLIC KEY-----\n" +
@@ -379,6 +392,30 @@
"2F8=\n" +
"-----END CERTIFICATE-----\n";
+var k5PubP8Pem = "" +
+"-----BEGIN PUBLIC KEY-----\n" +
+"MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0ppSNEw1EZ/1vqGa4JD4AtBf+eox\n" +
+"rcwxUk0BKHXqeRNEsCrwa1jePD0m8bpBPSXVz5trKHtcnPQQvypup60CYZ0A3iIV\n" +
+"AqFUgPBk2dBMC9QHE+WHynL8MAnTOJR0VNY2F7YuCKQv6YIBU9zfiERZkujPIE2M\n" +
+"78QmTA1J2B4pgwftaY8=\n" +
+"-----END PUBLIC KEY-----\n";
+
+var k5CertPem = "" +
+"-----BEGIN CERTIFICATE-----\n" +
+"MIICETCCAXKgAwIBAgIUYcEvdqjSYTHDXGJJMmK76h+q/bYwCgYIKoZIzj0EAwQw\n" +
+"GjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAks1MB4XDTIxMTEyNzEwMzgyMFoXDTQx\n" +
+"MTEyMjEwMzgyMFowGjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAks1MIGbMBAGByqG\n" +
+"SM49AgEGBSuBBAAjA4GGAAQA0ppSNEw1EZ/1vqGa4JD4AtBf+eoxrcwxUk0BKHXq\n" +
+"eRNEsCrwa1jePD0m8bpBPSXVz5trKHtcnPQQvypup60CYZ0A3iIVAqFUgPBk2dBM\n" +
+"C9QHE+WHynL8MAnTOJR0VNY2F7YuCKQv6YIBU9zfiERZkujPIE2M78QmTA1J2B4p\n" +
+"gwftaY+jUzBRMB0GA1UdDgQWBBRlDRyXy9CrDdTZW7gEIWipef3DhzAfBgNVHSME\n" +
+"GDAWgBRlDRyXy9CrDdTZW7gEIWipef3DhzAPBgNVHRMBAf8EBTADAQH/MAoGCCqG\n" +
+"SM49BAMEA4GMADCBiAJCAV4C6IirulahutoguAzYfHsFZieP6Z5tqm0ql/bXsDgd\n" +
+"ZqxlrvTrpbHjSZr8vROiDPWaj9umJz2R8EOGk36vTY0MAkIAo2TRkneSYP3ZDjSh\n" +
+"+29UnKQBS2/JazRBJ5ztk58L+4UkPInmj4lWXk3Rzhi8h2lKWVPK/5oq1KcvvHpd\n" +
+"JPZcEXw=\n" +
+"-----END CERTIFICATE-----\n";
+
@@ -462,6 +499,7 @@ (Step2) Choose issuer key and JWS signing algorithm.
RS512 (SHA512withRSA RSA2048bit:z4) with default private key
ES256 (SHA256withECDSA NIST P-256) with default private key
ES384 (SHA384withECDSA NIST P-384) with default private key
+ ES512 (SHA512withECDSA NIST P-521) with default private key
PS256 (SHA256withRSAandMGF1 RSA2048bit:z4) with default private key
PS384 (SHA384withRSAandMGF1 RSA2048bit:z4) with default private key
PS512 (SHA512withRSAandMGF1 RSA2048bit:z4) with default private key
@@ -521,7 +559,9 @@ (Step2) Choose proper public key or certificate to verify.
default public key for ES256 (SHA256withECDSA NIST P-256 k1)
default X.509 certificate for ES256 (SHA256withECDSA NIST P-256 k1)
default public key for ES384 (SHA384withECDSA NIST P-384 k6)
- default X.509 certificate for ES384 (SHA384withECDSA NIST P-384 k6)
+ default X.509 certificate for ES384 (SHA384withECDSA NIST P-384 k6)
+ default public key for ES512 (SHA512withECDSA NIST P-521 k5)
+ default X.509 certificate for ES512 (SHA512withECDSA NIST P-521 k5)
diff --git a/src/ecdsa-modified-1.0.js b/src/ecdsa-modified-1.0.js
index add95731..727db632 100644
--- a/src/ecdsa-modified-1.0.js
+++ b/src/ecdsa-modified-1.0.js
@@ -753,6 +753,7 @@ KJUR.crypto.ECDSA.parseSigHexInHexRS = function(sigHex) {
* @static
* @param {String} asn1Hex hexadecimal string of ASN.1 encoded ECDSA signature value
* @return {String} r-s concatinated format of ECDSA signature value
+ * @throws Error when signature length is unsupported
* @since ecdsa-modified 1.0.3
*/
KJUR.crypto.ECDSA.asn1SigToConcatSig = function(asn1Sig) {
@@ -760,6 +761,25 @@ KJUR.crypto.ECDSA.asn1SigToConcatSig = function(asn1Sig) {
var hR = pSig.r;
var hS = pSig.s;
+ // P-521 special case (65-66 bytes are allowed)
+ if (hR.length >= 130 && hR.length <= 134) {
+ if (hR.length % 2 != 0) {
+ throw Error(`unknown ECDSA sig r length error (${hR.length} is not a multiple of 2)`);
+ }
+ if (hS.length % 2 != 0) {
+ throw Error(`unknown ECDSA sig s length error (${hS.length} is not a multiple of 2)`);
+ }
+ if (hR.substr(0, 2) == "00") hR = hR.substr(2);
+ if (hS.substr(0, 2) == "00") hS = hS.substr(2);
+
+ // make sure they have the same length
+ var length = Math.max(hR.length, hS.length);
+ hR = ("000000" + hR).slice(- length);
+ hS = ("000000" + hS).slice(- length);
+
+ return hR + hS;
+ }
+
// R and S length is assumed multiple of 128bit(32chars in hex).
// If leading is "00" and modulo of length is 2(chars) then
// leading "00" is for two's complement and will be removed.
@@ -777,9 +797,9 @@ KJUR.crypto.ECDSA.asn1SigToConcatSig = function(asn1Sig) {
// If R and S length is not still multiple of 128bit(32 chars),
// then error
if (hR.length % 32 != 0)
- throw "unknown ECDSA sig r length error";
+ throw Error(`unknown ECDSA sig r length error (${hR.length} is not a multiple of 32)`);
if (hS.length % 32 != 0)
- throw "unknown ECDSA sig s length error";
+ throw Error(`unknown ECDSA sig s length error (${hS.length} is not a multiple of 32)`);
return hR + hS;
};
@@ -792,11 +812,13 @@ KJUR.crypto.ECDSA.asn1SigToConcatSig = function(asn1Sig) {
* @static
* @param {String} concatSig r-s concatinated format of ECDSA signature value
* @return {String} hexadecimal string of ASN.1 encoded ECDSA signature value
+ * @throws Error when signature length is unsupported
* @since ecdsa-modified 1.0.3
*/
KJUR.crypto.ECDSA.concatSigToASN1Sig = function(concatSig) {
- if ((((concatSig.length / 2) * 8) % (16 * 8)) != 0)
- throw "unknown ECDSA concatinated r-s sig length error";
+ if (concatSig.length % 4 != 0) {
+ throw Error(`unknown ECDSA concatinated r-s sig length error (${concatSig.length} is not a multiple of 4)`);
+ }
var hR = concatSig.substr(0, concatSig.length / 2);
var hS = concatSig.substr(concatSig.length / 2);
diff --git a/src/jws-3.3.js b/src/jws-3.3.js
index 21501e07..8b13e68c 100644
--- a/src/jws-3.3.js
+++ b/src/jws-3.3.js
@@ -810,7 +810,7 @@ KJUR.jws.JWS.jwsalg2sigalg = {
"RS512": "SHA512withRSA",
"ES256": "SHA256withECDSA",
"ES384": "SHA384withECDSA",
- //"ES512": "SHA512withECDSA", // unsupported because of jsrsasign's bug
+ "ES512": "SHA512withECDSA",
"PS256": "SHA256withRSAandMGF1",
"PS384": "SHA384withRSAandMGF1",
"PS512": "SHA512withRSAandMGF1",
diff --git a/src/keyutil-1.0.js b/src/keyutil-1.0.js
index 3a769936..c8c87d66 100644
--- a/src/keyutil-1.0.js
+++ b/src/keyutil-1.0.js
@@ -1044,7 +1044,7 @@ KEYUTIL.getKey = function(param, passcode, hextype) {
param.y !== undefined &&
param.d === undefined) {
var ec = new _KJUR_crypto_ECDSA({"curve": param.crv});
- var charlen = ec.ecparams.keylen / 4;
+ var charlen = ec.ecparams.keycharlen;
var hX = ("0000000000" + b64utohex(param.x)).slice(- charlen);
var hY = ("0000000000" + b64utohex(param.y)).slice(- charlen);
var hPub = "04" + hX + hY;
@@ -1059,7 +1059,7 @@ KEYUTIL.getKey = function(param, passcode, hextype) {
param.y !== undefined &&
param.d !== undefined) {
var ec = new _KJUR_crypto_ECDSA({"curve": param.crv});
- var charlen = ec.ecparams.keylen / 4;
+ var charlen = ec.ecparams.keycharlen;
var hX = ("0000000000" + b64utohex(param.x)).slice(- charlen);
var hY = ("0000000000" + b64utohex(param.y)).slice(- charlen);
var hPub = "04" + hX + hY;
@@ -1789,7 +1789,7 @@ KEYUTIL.getJWKFromKey = function(keyObj) {
return jwk;
} else if (keyObj instanceof KJUR.crypto.ECDSA && keyObj.isPrivate) {
var name = keyObj.getShortNISTPCurveName();
- if (name !== "P-256" && name !== "P-384")
+ if (name !== "P-256" && name !== "P-384" && name !== "P-521")
throw new Error("unsupported curve name for JWT: " + name);
var xy = keyObj.getPublicKeyXYHex();
jwk.kty = "EC";
@@ -1800,7 +1800,7 @@ KEYUTIL.getJWKFromKey = function(keyObj) {
return jwk;
} else if (keyObj instanceof KJUR.crypto.ECDSA && keyObj.isPublic) {
var name = keyObj.getShortNISTPCurveName();
- if (name !== "P-256" && name !== "P-384")
+ if (name !== "P-256" && name !== "P-384" && name !== "P-521")
throw new Error("unsupported curve name for JWT: " + name);
var xy = keyObj.getPublicKeyXYHex();
jwk.kty = "EC";
diff --git a/test/qunit-do-ecdsamod-s.html b/test/qunit-do-ecdsamod-s.html
index 222ecd9a..3a3a671c 100755
--- a/test/qunit-do-ecdsamod-s.html
+++ b/test/qunit-do-ecdsamod-s.html
@@ -43,13 +43,80 @@
$(document).ready(function(){
var o = KJUR.crypto.ECDSA;
-test("asn1SigToConcatSig k1.sig.aaa.1", function() {
- equal(o.asn1SigToConcatSig('3045022100f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b0220051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8'), 'f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8', '1');
-});
+const SIGNATURES = {
+ "P-256": [
+ {
+ "asn1":"3045022100f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b0220051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8",
+ "concat":"f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8",
+ "raw": {"r":"f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b","s":"051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8"}
+ },
+ {
+ "asn1":"304502205eb5d99ad13adc09bd6df2105c16d7f7565b768e1e9f2e2b8a5e42bcb5f0f083022100b1d8b2091958df331b700c97698c96e2d4c6aebb2cf7b68fc57901b9794582af",
+ "concat":"5eb5d99ad13adc09bd6df2105c16d7f7565b768e1e9f2e2b8a5e42bcb5f0f083b1d8b2091958df331b700c97698c96e2d4c6aebb2cf7b68fc57901b9794582af",
+ "raw": {"r":"5eb5d99ad13adc09bd6df2105c16d7f7565b768e1e9f2e2b8a5e42bcb5f0f083","s":"b1d8b2091958df331b700c97698c96e2d4c6aebb2cf7b68fc57901b9794582af"}
+ },
+ {
+ "asn1":"3046022100f3ee83e040657dc7228ad28350a512fc48139a5eba421ec8e04c3692d4645cf202210086701829886e409ab81f2388226047453e089090e450e2a9026df52de16dfadf",
+ "concat":"f3ee83e040657dc7228ad28350a512fc48139a5eba421ec8e04c3692d4645cf286701829886e409ab81f2388226047453e089090e450e2a9026df52de16dfadf",
+ "raw": {"r":"f3ee83e040657dc7228ad28350a512fc48139a5eba421ec8e04c3692d4645cf2","s":"86701829886e409ab81f2388226047453e089090e450e2a9026df52de16dfadf"}
+ }
+ ],
+ "P-384": [
+ {
+ "asn1":"3064023030ff2c434742949ef193f00a90c9a4bf8dd99f0442d487502b4fdad4dcbfc44e3164479f9c766dab3e4685dfbff46d3502302f4da9694360b868ffc83763123d82ac6d21bb4d7491e63ead157f8b2d2043e2fbcee860dcdcd3b2401f3004352dd05e",
+ "concat":"30ff2c434742949ef193f00a90c9a4bf8dd99f0442d487502b4fdad4dcbfc44e3164479f9c766dab3e4685dfbff46d352f4da9694360b868ffc83763123d82ac6d21bb4d7491e63ead157f8b2d2043e2fbcee860dcdcd3b2401f3004352dd05e",
+ "raw": {"r":"30ff2c434742949ef193f00a90c9a4bf8dd99f0442d487502b4fdad4dcbfc44e3164479f9c766dab3e4685dfbff46d35","s":"2f4da9694360b868ffc83763123d82ac6d21bb4d7491e63ead157f8b2d2043e2fbcee860dcdcd3b2401f3004352dd05e"}
+ },
+ {
+ "asn1":"3065023042958d6ae304e1acc9414517bc4d90d8d9dea7bb9548a14cc46b86a8614bd3f51737eaf8353a9963856c9d4186e8e46a023100ec025b8368c33facf235541f1f5fcd86049c7f69f9bee67ba905786507e1b016c59aca93ca06535d450c1572d8b4512b",
+ "concat":"42958d6ae304e1acc9414517bc4d90d8d9dea7bb9548a14cc46b86a8614bd3f51737eaf8353a9963856c9d4186e8e46aec025b8368c33facf235541f1f5fcd86049c7f69f9bee67ba905786507e1b016c59aca93ca06535d450c1572d8b4512b",
+ "raw": {"r":"42958d6ae304e1acc9414517bc4d90d8d9dea7bb9548a14cc46b86a8614bd3f51737eaf8353a9963856c9d4186e8e46a","s":"ec025b8368c33facf235541f1f5fcd86049c7f69f9bee67ba905786507e1b016c59aca93ca06535d450c1572d8b4512b"}
+ }
+ ],
+ "P-521": [
+ {
+ "asn1":"308186024164f6b34ba7348a7d987257df7969843925b0716c5b96e5bdbb4eb71bf5f5ddcb3f4cbf7ae6aca31e57e931ef68cd15b5bbac892110f6b48c7d436076b9de4245a5024136f0edafb5c6d78e2dd02bf4c233c3f72401c0da68789a0046f6b971d7ef02a638ec351d2d893edc3ac95ee4e003fd22859100ac5cf56267f1ffe599662307e2e5",
+ "concat":"64f6b34ba7348a7d987257df7969843925b0716c5b96e5bdbb4eb71bf5f5ddcb3f4cbf7ae6aca31e57e931ef68cd15b5bbac892110f6b48c7d436076b9de4245a536f0edafb5c6d78e2dd02bf4c233c3f72401c0da68789a0046f6b971d7ef02a638ec351d2d893edc3ac95ee4e003fd22859100ac5cf56267f1ffe599662307e2e5",
+ "raw": {"r":"64f6b34ba7348a7d987257df7969843925b0716c5b96e5bdbb4eb71bf5f5ddcb3f4cbf7ae6aca31e57e931ef68cd15b5bbac892110f6b48c7d436076b9de4245a5","s":"36f0edafb5c6d78e2dd02bf4c233c3f72401c0da68789a0046f6b971d7ef02a638ec351d2d893edc3ac95ee4e003fd22859100ac5cf56267f1ffe599662307e2e5"}
+ },
+ {
+ "asn1":"308187024103268bca0a5c5fc7b9910efa9f4925d9b1eb411d08bdbf91941c469e4e06fea5b7f6115c67006e836a2f240e057c96d84e10a964e5db87ad281afe59cec1efd609024200fd5d6d9b874fe743cc9cc6ab6b66de667d1c3952e94dffb3d113f8fce92b3f3b419555ed97e54ed038ef091a90242baf84a626d697faf9a169eb75710bdb11b843",
+ "concat":"03268bca0a5c5fc7b9910efa9f4925d9b1eb411d08bdbf91941c469e4e06fea5b7f6115c67006e836a2f240e057c96d84e10a964e5db87ad281afe59cec1efd609fd5d6d9b874fe743cc9cc6ab6b66de667d1c3952e94dffb3d113f8fce92b3f3b419555ed97e54ed038ef091a90242baf84a626d697faf9a169eb75710bdb11b843",
+ "raw": {"r":"03268bca0a5c5fc7b9910efa9f4925d9b1eb411d08bdbf91941c469e4e06fea5b7f6115c67006e836a2f240e057c96d84e10a964e5db87ad281afe59cec1efd609","s":"fd5d6d9b874fe743cc9cc6ab6b66de667d1c3952e94dffb3d113f8fce92b3f3b419555ed97e54ed038ef091a90242baf84a626d697faf9a169eb75710bdb11b843"}
+ },
+ {
+ "asn1":"308188024201e1a66f447ce86608e717f4a66d1ab046a13964e4269daa790922506e594667feafcd89b372525b3c07a7fefc085bea1f3ff50e10687230b27de4d1179a05781930024200f60de78284181ccf85f8ff32a842866a2d0436b9a4da2702c15d2f97194ecf6d880059ba932e2e347be1002b20fa64d9dd46d05f1b8c4b62163eefc583f9bf153c",
+ "concat":"01e1a66f447ce86608e717f4a66d1ab046a13964e4269daa790922506e594667feafcd89b372525b3c07a7fefc085bea1f3ff50e10687230b27de4d1179a0578193000f60de78284181ccf85f8ff32a842866a2d0436b9a4da2702c15d2f97194ecf6d880059ba932e2e347be1002b20fa64d9dd46d05f1b8c4b62163eefc583f9bf153c",
+ "raw": {"r":"01e1a66f447ce86608e717f4a66d1ab046a13964e4269daa790922506e594667feafcd89b372525b3c07a7fefc085bea1f3ff50e10687230b27de4d1179a05781930","s":"f60de78284181ccf85f8ff32a842866a2d0436b9a4da2702c15d2f97194ecf6d880059ba932e2e347be1002b20fa64d9dd46d05f1b8c4b62163eefc583f9bf153c"}
+ }
+ ]
+};
-test("concatSigToASN1Sig k1.sig.aaa.1", function() {
- equal(o.concatSigToASN1Sig('f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8'), '3045022100f729843c8bb5f285380ef5e4d708608d7449dadfa50129112668e972d30f210b0220051c589f0ebdad7a41370e9d9ce405734e854788387f21997028312a305ddae8', '1');
-});
+for (const curve in SIGNATURES) {
+ test(`${curve} asn1SigToConcatSig`, function() {
+ for (let i=0; i
diff --git a/test/qunit-do-ecdsamod.html b/test/qunit-do-ecdsamod.html
index 3149fa06..d02cebf7 100755
--- a/test/qunit-do-ecdsamod.html
+++ b/test/qunit-do-ecdsamod.html
@@ -81,36 +81,36 @@
// OpenSSL generated signature for each key and hash algorithm
var OSSIGHEX = {
- "k2": {
- "sha1": "303402181fe21ea693ae465779a1b57b21aceafe451a85c56b9bee500218345723fd745b3029089d362029fc29f0373cffe8cb7b1eab",
+ "k2": { // P-192
+ "sha1": "303402181fe21ea693ae465779a1b57b21aceafe451a85c56b9bee500218345723fd745b3029089d362029fc29f0373cffe8cb7b1eab",
"sha224": "3035021900dd4496206cc4a37ff8939db80cf296a40c9817956e851bcd02184094ac226c7f50185bcaf1e83155c9462607f1e2bea7728b",
"sha256": "30360219008605679ccb712960cf254f142e9a67e0ad49bb9a4751c41b021900e3d44ea90529cc013be79e25741682ec37d17f4a2d2f78a2",
"sha384": "303402182d59dbed77d07f3cf1382f7c3a18b3643b9b5dcc839b674e02184960dde528f9301d297a20294efae0e95cffad59ab137c40",
"sha512": "3035021826b3ab1d9cf0cece96987785b2912e7f9840be6ee88fcbc9021900faa799af2d26daee0def42df99cee437a54d217098340aec"
},
- "k3": {
- "sha1": "303c021c32545abd1f19d25d7c1a329a0eb5b47cfea2bbafe9ce531e8cfbb586021c4002acfe8351ef3470eb49d3bb8eb6909eb14db048c189b2b2a650b1",
+ "k3": { // P-224
+ "sha1": "303c021c32545abd1f19d25d7c1a329a0eb5b47cfea2bbafe9ce531e8cfbb586021c4002acfe8351ef3470eb49d3bb8eb6909eb14db048c189b2b2a650b1",
"sha224": "303d021c7b9423d241231a44582201beb873dae44070fcd0ca2e29a04e7262d8021d00b7b2cea9741e77d7eba425f415f25a12ba7b717cc73bcc576b9072f2",
"sha256": "303c021c21f90179b90a781acd50be8935c60f21b984d0bb41a1123d3b553975021c22ab92ce4014092c00f3f773f08be8651269fea386a70135428bec7e",
"sha384": "303c021c0b8f57209fe7c53e0ad1f55ee2125085aefed60d43ad8f89f3d47b86021c54132910c796fc319f9c86a7362773b5d4cb372cf07127c2f2213870",
"sha512": "303d021d00820ed0e5e4eaec461ef1e54560a8fc239ee4f29cb4e76e2f93e8235f021c69598c4b5c056579d7bf805204f226a5e20f4321cc085c48e77196a0"
},
- "k5": {
- "sha1": "308186024164f6b34ba7348a7d987257df7969843925b0716c5b96e5bdbb4eb71bf5f5ddcb3f4cbf7ae6aca31e57e931ef68cd15b5bbac892110f6b48c7d436076b9de4245a5024136f0edafb5c6d78e2dd02bf4c233c3f72401c0da68789a0046f6b971d7ef02a638ec351d2d893edc3ac95ee4e003fd22859100ac5cf56267f1ffe599662307e2e5",
+ "k5": { // P-521
+ "sha1": "308186024164f6b34ba7348a7d987257df7969843925b0716c5b96e5bdbb4eb71bf5f5ddcb3f4cbf7ae6aca31e57e931ef68cd15b5bbac892110f6b48c7d436076b9de4245a5024136f0edafb5c6d78e2dd02bf4c233c3f72401c0da68789a0046f6b971d7ef02a638ec351d2d893edc3ac95ee4e003fd22859100ac5cf56267f1ffe599662307e2e5",
"sha224": "308187024200cbc3a03db405928995973ba2e2a33b6f42ecd2992d416cd03beee2bb277d9b610896e06c6104d14010c4d34eb102c90b31723888250398b8602d6bbfc140962121024102f95b9612429d7e975be58ffb6ae163b66e5f69a1e98394291f793d4856cdd2af89c89df91fe717b3bf8c8564040cbba92693fca3f510948fe6ae14f1aa8935cd",
"sha256": "308188024201e1a66f447ce86608e717f4a66d1ab046a13964e4269daa790922506e594667feafcd89b372525b3c07a7fefc085bea1f3ff50e10687230b27de4d1179a05781930024200f60de78284181ccf85f8ff32a842866a2d0436b9a4da2702c15d2f97194ecf6d880059ba932e2e347be1002b20fa64d9dd46d05f1b8c4b62163eefc583f9bf153c",
"sha384": "30818702412c9aec49efcb936d8e20e99f2b6977c6c2c98661cf766508529f6d192e38e64da4a3dec4f5214d00bc6005e635218042376af50fbedd0358be720693b9d00aad210242017af0515664d4bf12e2b3c1b25e13e66714437e2358a2bcab1e95b25687b88343ec2078a44d246c02b33f4cfbbbc4a008e82c4ff35d4105bc3b714bf4f28ff08dff",
"sha512": "308187024103268bca0a5c5fc7b9910efa9f4925d9b1eb411d08bdbf91941c469e4e06fea5b7f6115c67006e836a2f240e057c96d84e10a964e5db87ad281afe59cec1efd609024200fd5d6d9b874fe743cc9cc6ab6b66de667d1c3952e94dffb3d113f8fce92b3f3b419555ed97e54ed038ef091a90242baf84a626d697faf9a169eb75710bdb11b843"
},
- "k6": {
- "sha1": "3065023100a1a8b67c1631d786fdcab40b4056c6d183af65ddadef9d16b2221b3bef28b04ac05ed4668ec5a13917ead8254506772102302104e03b53babfad35ab1533ca10f006be000c9639901613c20187b794b15a64c44b4edc3f949fe6f16e5ee24914e64f",
+ "k6": { // P-384
+ "sha1": "3065023100a1a8b67c1631d786fdcab40b4056c6d183af65ddadef9d16b2221b3bef28b04ac05ed4668ec5a13917ead8254506772102302104e03b53babfad35ab1533ca10f006be000c9639901613c20187b794b15a64c44b4edc3f949fe6f16e5ee24914e64f",
"sha224": "3064023030ff2c434742949ef193f00a90c9a4bf8dd99f0442d487502b4fdad4dcbfc44e3164479f9c766dab3e4685dfbff46d3502302f4da9694360b868ffc83763123d82ac6d21bb4d7491e63ead157f8b2d2043e2fbcee860dcdcd3b2401f3004352dd05e",
"sha256": "3065023100cccd5d3937cd815bc4de89f2f066436118c928a1928ac3d7bba4d585bfd8b143e6bc768b47c77156495ee94074d7caf50230221659eb987e5db5feb858fff51fe4562b48d03343438b79e5dfb8a06402dbb0b95fcf350d636ed88a7b84c98b55c39a",
"sha384": "3065023042958d6ae304e1acc9414517bc4d90d8d9dea7bb9548a14cc46b86a8614bd3f51737eaf8353a9963856c9d4186e8e46a023100ec025b8368c33facf235541f1f5fcd86049c7f69f9bee67ba905786507e1b016c59aca93ca06535d450c1572d8b4512b",
"sha512": "30650231009398b1262ff8aac3796388ed97fc516d9061d2473ec79c95f27694058f781788940bf97a48817ea3a6af214d5625b37e023064ede21a004d7ede2d2357cb2ef2753c3491107957604a4860a825416c20004f39cb58414ff0dfad523e98dac0bd0092"
},
- "k7": {
- "sha1": "3045022100b3a961321a614c9fee6b1a202be63afb93610b34c03dc19bd6f59a76db9f60cd0220416aec2061790e41a5d6b228ea0ff46dc0e2fdda5da9d54b03fba062919845c2",
+ "k7": { // P-256
+ "sha1": "3045022100b3a961321a614c9fee6b1a202be63afb93610b34c03dc19bd6f59a76db9f60cd0220416aec2061790e41a5d6b228ea0ff46dc0e2fdda5da9d54b03fba062919845c2",
"sha224": "3045022100f2383ca9290167e1ec4db408252f8b4ddf94195346de6606aa42588f98d446690220121cf0db718ccf033903b1cf6c2c6109c66c99c4e3d8e47a04d5ebe7a2f567e1",
"sha256": "304502205eb5d99ad13adc09bd6df2105c16d7f7565b768e1e9f2e2b8a5e42bcb5f0f083022100b1d8b2091958df331b700c97698c96e2d4c6aebb2cf7b68fc57901b9794582af",
"sha384": "3045022003af466a49bd70d7e2146a0c04375a5a8a9cfef836c09235643bedcfb2dd1447022100b0512371a5ed5bd8565c95d7c064fcc4d5408e2c27a98b6cb80bf9dfb12db695",
@@ -178,7 +178,7 @@
// === signature generation and validation ====================================
-var keys = ['k7', 'k2', 'k3', 'k6'];
+var keys = ['k7', 'k2', 'k3', 'k6', 'k5'];
var algs = ['sha1', 'sha224', 'sha256', 'sha384', 'sha512'];
for (var i = 0; i < keys.length; i++) {
var key = keys[i];
diff --git a/test/qunit-do-jws-sign.html b/test/qunit-do-jws-sign.html
index bbb74cea..9cc7bf8d 100755
--- a/test/qunit-do-jws-sign.html
+++ b/test/qunit-do-jws-sign.html
@@ -9,9 +9,56 @@
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/test/qunit-do-keyutil-jwk.html b/test/qunit-do-keyutil-jwk.html
index b1b2636e..3b5b9e82 100755
--- a/test/qunit-do-keyutil-jwk.html
+++ b/test/qunit-do-keyutil-jwk.html
@@ -142,6 +142,15 @@
-----END RSA PRIVATE KEY-----
*/}).toString().match(/\/\*([^]*)\*\//)[1];
+// K5
+var prvP521jwk = {
+ "kty": "EC",
+ "crv": "P-521",
+ "d": "AUTREPGNYMAzB_KZ3s_bquDgyxPyk8e3gszDSpRkSIcf_DKNvgfTkSjzBZOKJ9MBVu0_q6ezaV5tcMUzmB0k3-5l",
+ "x": 'ANKaUjRMNRGf9b6hmuCQ-ALQX_nqMa3MMVJNASh16nkTRLAq8GtY3jw9JvG6QT0l1c-bayh7XJz0EL8qbqetAmGd',
+ "y": 'AN4iFQKhVIDwZNnQTAvUBxPlh8py_DAJ0ziUdFTWNhe2LgikL-mCAVPc34hEWZLozyBNjO_EJkwNSdgeKYMH7WmP'
+};
+
test("getKey JWK pubEC1", function() {
var ec = KEYUTIL.getKey(pubEC1);
equal(ec.isPublic, true, "is public key");
@@ -170,6 +179,24 @@
equal(ec.prvKeyHex, "f3bd0c07a81fb932781ed52752f60cc89a6be5e51934fe01938ddb55d8f77801", "d");
});
+test("getKey JWK Private P-521", function() {
+ var ec = KEYUTIL.getKey(prvP521jwk);
+ equal(ec.isPrivate, true, "is private key");
+ equal(ec.isPublic, true, "is public key");
+ equal(ec.curveName, "P-521", "P-521");
+ equal(ec.prvKeyHex, "0144d110f18d60c03307f299decfdbaae0e0cb13f293c7b782ccc34a946448871ffc328dbe07d39128f305938a27d30156ed3faba7b3695e6d70c533981d24dfee65", "d");
+});
+
+test("getKey JWK Public P-521", function() {
+ var pubP521jwk = Object.assign({}, prvP521jwk);
+ delete pubP521jwk.d;
+ var ec = KEYUTIL.getKey(pubP521jwk);
+ equal(ec.isPrivate, false, "is private key");
+ equal(ec.isPublic, true, "is public key");
+ equal(ec.curveName, "P-521", "P-521");
+ equal(ec.pubKeyHex, "0400d29a52344c35119ff5bea19ae090f802d05ff9ea31adcc31524d012875ea791344b02af06b58de3c3d26f1ba413d25d5cf9b6b287b5c9cf410bf2a6ea7ad02619d00de221502a15480f064d9d04c0bd40713e587ca72fc3009d338947454d63617b62e08a42fe9820153dcdf88445992e8cf204d8cefc4264c0d49d81e298307ed698f", "xy");
+});
+
test("getKey JWK prvRSA1", function() {
var k = KEYUTIL.getKey(prvRSA1);
equal(k.isPrivate, true, "is private key");
@@ -225,6 +252,28 @@
equal(jwk.d, "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", "d");
});
+test("getJWKFromKey() - Private P-521", function() {
+ var ec = KEYUTIL.getKey(prvP521jwk);
+ var jwk = KEYUTIL.getJWKFromKey(ec);
+ equal(jwk.kty, "EC", "jwk.kty == EC");
+ equal(jwk.crv, "P-521", "jwk.crv == P-521");
+ equal(jwk.x, prvP521jwk.x, "x");
+ equal(jwk.y, prvP521jwk.y, "y");
+ equal(jwk.d, prvP521jwk.d, "d");
+});
+
+test("getJWKFromKey() - Public P-521", function() {
+ var pubP521jwk = Object.assign({}, prvP521jwk);
+ delete pubP521jwk.d;
+ var ec = KEYUTIL.getKey(pubP521jwk);
+ var jwk = KEYUTIL.getJWKFromKey(ec);
+ equal(jwk.kty, "EC", "jwk.kty == EC");
+ equal(jwk.crv, "P-521", "jwk.crv == P-521");
+ equal(jwk.x, prvP521jwk.x, "x");
+ equal(jwk.y, prvP521jwk.y, "y");
+ equal(jwk.d, undefined, "d");
+});
+
test("getJWKFromKey() - pubRSA1", function() {
var key = KEYUTIL.getKey(pubRSA1);
var jwk = KEYUTIL.getJWKFromKey(key);
diff --git a/test/qunit-do-x509-key.html b/test/qunit-do-x509-key.html
index d053b365..1d8ecbd4 100755
--- a/test/qunit-do-x509-key.html
+++ b/test/qunit-do-x509-key.html
@@ -71,6 +71,22 @@
"HRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQDfAcS/WKBrP6JBgksQVpp4jdq4\n" +
"C53Yu4F5NkaMgthAHgIhANGRdWAP1QdW9l6tiglQwdqJs4T0e8+NYv+RcAb3VYwn\n" +
"-----END CERTIFICATE-----\n";
+
+var k5CertPem = "" +
+"-----BEGIN CERTIFICATE-----\n" +
+"MIICETCCAXKgAwIBAgIUYcEvdqjSYTHDXGJJMmK76h+q/bYwCgYIKoZIzj0EAwQw\n" +
+"GjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAks1MB4XDTIxMTEyNzEwMzgyMFoXDTQx\n" +
+"MTEyMjEwMzgyMFowGjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAks1MIGbMBAGByqG\n" +
+"SM49AgEGBSuBBAAjA4GGAAQA0ppSNEw1EZ/1vqGa4JD4AtBf+eoxrcwxUk0BKHXq\n" +
+"eRNEsCrwa1jePD0m8bpBPSXVz5trKHtcnPQQvypup60CYZ0A3iIVAqFUgPBk2dBM\n" +
+"C9QHE+WHynL8MAnTOJR0VNY2F7YuCKQv6YIBU9zfiERZkujPIE2M78QmTA1J2B4p\n" +
+"gwftaY+jUzBRMB0GA1UdDgQWBBRlDRyXy9CrDdTZW7gEIWipef3DhzAfBgNVHSME\n" +
+"GDAWgBRlDRyXy9CrDdTZW7gEIWipef3DhzAPBgNVHRMBAf8EBTADAQH/MAoGCCqG\n" +
+"SM49BAMEA4GMADCBiAJCAV4C6IirulahutoguAzYfHsFZieP6Z5tqm0ql/bXsDgd\n" +
+"ZqxlrvTrpbHjSZr8vROiDPWaj9umJz2R8EOGk36vTY0MAkIAo2TRkneSYP3ZDjSh\n" +
+"+29UnKQBS2/JazRBJ5ztk58L+4UkPInmj4lWXk3Rzhi8h2lKWVPK/5oq1KcvvHpd\n" +
+"JPZcEXw=\n" +
+"-----END CERTIFICATE-----\n";
test("getPublicKeyFromCertPEM z1CertPEM(RSA)", function() {
var key = X509.getPublicKeyFromCertPEM(z1CertPEM);
@@ -82,9 +98,17 @@
test("getPublicKeyFromCertPEM k1CertPEM(ECC)", function() {
var key = X509.getPublicKeyFromCertPEM(k1CertPEM);
equal(key.type, "EC", "type");
+ equal(key.curveName, "secp256r1", "curveName");
equal(key.pubKeyHex, "04a01532a3c0900053de60fbefefcca58793301598d308b41e6f4e364e388c2711bef432c599148c94143d4ff46c2cb73e3e6a41d7eef23c047ea11e60667de425", "pubKeyHex");
});
+test("getPublicKeyFromCertPEM(ECC P-521)", function() {
+ var key = X509.getPublicKeyFromCertPEM(k5CertPem);
+ equal(key.type, "EC", "type");
+ equal(key.curveName, "secp521r1", "curveName");
+ equal(key.pubKeyHex, "0400d29a52344c35119ff5bea19ae090f802d05ff9ea31adcc31524d012875ea791344b02af06b58de3c3d26f1ba413d25d5cf9b6b287b5c9cf410bf2a6ea7ad02619d00de221502a15480f064d9d04c0bd40713e587ca72fc3009d338947454d63617b62e08a42fe9820153dcdf88445992e8cf204d8cefc4264c0d49d81e298307ed698f", "pubKeyHex");
+});
+
});
diff --git a/tool/tool_jwt.html b/tool/tool_jwt.html
index 617d8efb..9752eb8e 100755
--- a/tool/tool_jwt.html
+++ b/tool/tool_jwt.html
@@ -113,12 +113,13 @@
case 6: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
case 7: _setKey(k1PrvP8PPem, ''); break;
case 8: _setKey(k6PrvP8PPem, ''); break;
- case 9: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
+ case 9: _setKey(k5PrvP8PPem, ''); break;
case 10: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
case 11: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
- case 12: _setKey(z4PrvP5PPem, ''); break;
- case 13: _setKey(z4PrvP8PPem, ''); break;
- case 14: _setKey(z4PrvP8EPem, z4PrvP8EPass); break;
+ case 12: _setKey(z4PrvP5EPem, z4PrvP5EPass); break;
+ case 13: _setKey(z4PrvP5PPem, ''); break;
+ case 14: _setKey(z4PrvP8PPem, ''); break;
+ case 15: _setKey(z4PrvP8EPem, z4PrvP8EPass); break;
}
}
@@ -133,9 +134,11 @@
case 2: _setKey2(z4PubP8Pem); break;
case 3: _setKey2(z4CertPem); break;
case 4: _setKey2(k1PubP8Pem); break;
- case 4: _setKey2(k1CertPem); break;
- case 5: _setKey2(k6PubP8Pem); break;
- case 5: _setKey2(k6CertPem); break;
+ case 5: _setKey2(k1CertPem); break;
+ case 6: _setKey2(k6PubP8Pem); break;
+ case 7: _setKey2(k6CertPem); break;
+ case 8: _setKey2(k5PubP8Pem); break;
+ case 9: _setKey2(k5CertPem); break;
}
}
@@ -279,6 +282,16 @@
"6xwFR0yaTivuwoyXC+ScGUnwnpaXmid6UUgw4ypbneHsaKuZ9JLdMAo=\n" +
"-----END PRIVATE KEY-----\n";
+var k5PrvP8PPem = "" +
+"-----BEGIN PRIVATE KEY-----\n" +
+"MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBRNEQ8Y1gwDMH8pne\n" +
+"z9uq4ODLE/KTx7eCzMNKlGRIhx/8Mo2+B9ORKPMFk4on0wFW7T+rp7NpXm1wxTOY\n" +
+"HSTf7mWhgYkDgYYABADSmlI0TDURn/W+oZrgkPgC0F/56jGtzDFSTQEodep5E0Sw\n" +
+"KvBrWN48PSbxukE9JdXPm2soe1yc9BC/Km6nrQJhnQDeIhUCoVSA8GTZ0EwL1AcT\n" +
+"5YfKcvwwCdM4lHRU1jYXti4IpC/pggFT3N+IRFmS6M8gTYzvxCZMDUnYHimDB+1p\n" +
+"jw==\n" +
+"-----END PRIVATE KEY-----\n";
+
// PUBLIC KEY
var z4PubP8Pem = "" +
"-----BEGIN PUBLIC KEY-----\n" +
@@ -351,6 +364,30 @@
"2F8=\n" +
"-----END CERTIFICATE-----\n";
+var k5PubP8Pem = "" +
+"-----BEGIN PUBLIC KEY-----\n" +
+"MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA0ppSNEw1EZ/1vqGa4JD4AtBf+eox\n" +
+"rcwxUk0BKHXqeRNEsCrwa1jePD0m8bpBPSXVz5trKHtcnPQQvypup60CYZ0A3iIV\n" +
+"AqFUgPBk2dBMC9QHE+WHynL8MAnTOJR0VNY2F7YuCKQv6YIBU9zfiERZkujPIE2M\n" +
+"78QmTA1J2B4pgwftaY8=\n" +
+"-----END PUBLIC KEY-----\n";
+
+var k5CertPem = "" +
+"-----BEGIN CERTIFICATE-----\n" +
+"MIICETCCAXKgAwIBAgIUYcEvdqjSYTHDXGJJMmK76h+q/bYwCgYIKoZIzj0EAwQw\n" +
+"GjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAks1MB4XDTIxMTEyNzEwMzgyMFoXDTQx\n" +
+"MTEyMjEwMzgyMFowGjELMAkGA1UEBhMCVVMxCzAJBgNVBAoMAks1MIGbMBAGByqG\n" +
+"SM49AgEGBSuBBAAjA4GGAAQA0ppSNEw1EZ/1vqGa4JD4AtBf+eoxrcwxUk0BKHXq\n" +
+"eRNEsCrwa1jePD0m8bpBPSXVz5trKHtcnPQQvypup60CYZ0A3iIVAqFUgPBk2dBM\n" +
+"C9QHE+WHynL8MAnTOJR0VNY2F7YuCKQv6YIBU9zfiERZkujPIE2M78QmTA1J2B4p\n" +
+"gwftaY+jUzBRMB0GA1UdDgQWBBRlDRyXy9CrDdTZW7gEIWipef3DhzAfBgNVHSME\n" +
+"GDAWgBRlDRyXy9CrDdTZW7gEIWipef3DhzAPBgNVHRMBAf8EBTADAQH/MAoGCCqG\n" +
+"SM49BAMEA4GMADCBiAJCAV4C6IirulahutoguAzYfHsFZieP6Z5tqm0ql/bXsDgd\n" +
+"ZqxlrvTrpbHjSZr8vROiDPWaj9umJz2R8EOGk36vTY0MAkIAo2TRkneSYP3ZDjSh\n" +
+"+29UnKQBS2/JazRBJ5ztk58L+4UkPInmj4lWXk3Rzhi8h2lKWVPK/5oq1KcvvHpd\n" +
+"JPZcEXw=\n" +
+"-----END CERTIFICATE-----\n";
+
@@ -410,6 +447,7 @@ (Step2) Choose issuer key and JWS signing algorithm.
RS512 (SHA512withRSA RSA2048bit:z4) with default private key
ES256 (SHA256withECDSA NIST P-256:k6) with default private key
ES384 (SHA384withECDSA NIST P-384) with default private key
+ ES512 (SHA512withECDSA NIST P-521) with default private key
PS256 (SHA256withRSAandMGF1 RSA2048bit:z4) with default private key
PS384 (SHA384withRSAandMGF1 RSA2048bit:z4) with default private key
PS512 (SHA512withRSAandMGF1 RSA2048bit:z4) with default private key
@@ -441,7 +479,9 @@ (Step4) Choose proper public key and verify it.
default public key for ES256 (SHA256withECDSA NIST P-256 k1)
default X.509 certificate for ES256 (SHA256withECDSA NIST P-256 k1)
default public key for ES384 (SHA384withECDSA NIST P-384 k6)
- default X.509 certificate for ES384 (SHA384withECDSA NIST P-384 k6)
+ default X.509 certificate for ES384 (SHA384withECDSA NIST P-384 k6)
+ default public key for ES512 (SHA512withECDSA NIST P-521 k5)
+ default X.509 certificate for ES512 (SHA512withECDSA NIST P-521 k5)