refactor: Support JwsVerificationKey2020 for DID public key

[kdimak]

For linked data signatures with JwsVerificationKey2020 type, it's not enough information to make signature verification based on the public key bytes and a type (JwsVerificationKey2020). We need to know additionally what signature algorithm (and/or curve) was used - e.g. ES256 or EdDSA.
In the case of DID documents, we can read this information from the public key if it's defined as publicKeyJwk.
As a result, we extend PublicKey struct with Curve, Alg and KeyType fields and use them in the signature verifier implementations (e.g. in PublicKeyVerifierEC).

closes #1527, #1513

Signed-off-by: Dmitriy Kinoshenko dkinoshenko@gmail.com

[codecov]

Codecov Report

Merging #1538 into master will increase coverage by 0.09%.
The diff coverage is 95.28%.

@@            Coverage Diff             @@
##           master    #1538      +/-   ##
==========================================
+ Coverage   91.32%   91.42%   +0.09%     
==========================================
  Files         156      156              
  Lines       10633    10752     +119     
==========================================
+ Hits         9711     9830     +119     
+ Misses        518      517       -1     
- Partials      404      405       +1     

Impacted Files	Coverage Δ
pkg/doc/signature/verifier/verifier.go	95.65% <ø> (ø)
pkg/doc/did/doc.go	91.37% <82.05%> (-0.77%)	⬇️
pkg/doc/jose/jwk.go	98.59% <98.33%> (+8.11%)	⬆️
.../suite/jsonwebsignature2020/public_key_verifier.go	95.74% <100.00%> (+4.07%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e17df7e...669dc5b. Read the comment docs.

[baha-ai]

have you tried github.com/btcsuite ? I believe they have secp256k1 alg as well.

[kdimak]

I didn't. github.com/decred was initially added by @sudeshrshetty but I think we can switch to github.com/btcsuite.

[baha-ai]

this doesn't belong to Verify()

create a separate function

probably create a struct keyInfo that has a curve and keySize if needed in more than one place
probably expose it to be used for Sign as well ?

[kdimak]

OK! I will try to simplify it.

[baha-ai]

there's no kid needed?

[kdimak]

It's already there, inside embedded jose.JSONWebKey. x, y, key type, curve are not copied from jose.rawJSONWebKey to jose.JSONWebKey as a result of unmarshalling. That's why I had to add them to JWK struct to support secp256k1 properly.

[baha-ai]

there seems to be duplication of fields with JSONWebKey then.. it's better to remove duplicate fields

[sudeshrshetty]

Why we need to show Alg, Curve & KeyType in exported did.Doc.PublicKey? Why can't we just decode public key internally and stick to old structure?

[kdimak]

I think we can at least make it hidden, why not?

[kdimak]

Those new fields are made private, thank you @sudeshrshetty

[sudeshrshetty]

looks good, but what is the use of those private fields?
As I can see we are setting it from jwk instance but they are not being read anywhere afterwards.

[baha-ai]

usually Curve is exposed (like in ecdsa.PublicKey)

[sudeshrshetty]

Why clients should care about curve? For key type based logics - they should be able to figure out using public key type

[kdimak]

For JsonWebSignature2020, it's not enough to have only type value of the public key. Look at the example:

  "publicKey": [
    {
      "id": "did:example:123#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
      "type": "JwsVerificationKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "crv": "Ed25519",
        "x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
        "kty": "OKP",
        "kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
      }
    },
    {
      "id": "did:example:123#4SZ-StXrp5Yd4_4rxHVTCYTHyt4zyPfN1fIuYsm6k3A",
      "type": "JwsVerificationKey2020",
      "controller": "did:example:123",
      "publicKeyJwk": {
        "crv": "secp256k1",
        "x": "Z4Y3NNOxv0J6tCgqOBFnHnaZhJF6LdulT7z8A-2D5_8",
        "y": "i5a2NtJoUKXkLm6q8nOEu9WOkso1Ag6FTUT6k_LMnGk",
        "kty": "EC",
        "kid": "4SZ-StXrp5Yd4_4rxHVTCYTHyt4zyPfN1fIuYsm6k3A"
      }
    }
  ]

The type is the same and is JwsVerificationKey2020.
We can't deduce is it Ed25519 or secp256k1 etc. We need to extract extra information from publicKeyJwk.
That's the problem solved in this PR.

[baha-ai]

I noticed there are many detailed error messages returned like the above line.

If these messages reveal key details, then it's a security vulnerability. Please review all the returned errors in this document and only return generic messages to the user (or probably log detailed error messages in debug mode only).

[kdimak]

I agree. I changed the detailed error messages to a single generic invalid JWK.

[troyronda]

this would seem like it could be a publicKeyJWK sub struct?

[kdimak]

yes, we can just add publicKeyJwk field of *jose.JWK type.

[kdimak]

I will also update verifier.PublicKey struct.

[kdimak]

Updated.

[troyronda]

what about X25519 / Ed25519?

[kdimak]

Filed #1556.