ES256K (secp256k1) signature

[kdimak]

Added ES256K algorithm which uses ECDSA with the secp256k1 curve and the SHA-256 cryptographic hash function.
Fixes #263 in accordance with https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-03 (see comment).

[CLAassistant]

All committers have signed the CLA.

[csstaub]

Is there another package implementing secp256k1 we could use here? I'm a bit wary of having this library depend on the entirety of btcd, it'd be nice if there was just a package for the curve split out somewhere.

[alenhorvat]

What about https://github.com/ethereum/go-ethereum/tree/master/crypto/secp256k1? I used this to extend x509 to support der/pem encoding for secp256k1.

[csstaub]

I think that'd be a better package to use. Requires CGO, so just need to make sure we use build tags to ensure we can still compile with CGO disabled, but I think this is much better than the btcd package.

[csstaub]

Though also again like the btcd version we'd want to pull in only the secp256k1 implementation as a dep, not the whole of go-ethereum.

[alenhorvat]

I agree. You'd need only the secp256k1 part, not the whole go-ethereum lib.

[alenhorvat]

Since this is (at least) a 2nd case where the secp256k1 is needed separately, we could put it in a separate repo -- it would require to follow the new updates on go-ethereum.

[baha-ai]

@csstaub @alenhorvat https://github.com/decred/dcrd has only crypto stuff, not the whole btcd project, this PR has been updated with it.

It's also written 100% in Go, so no C dependencies needed to build it. This is the main reason why we chose this package in this PR. We don't want any external build dependency to ease the building process of go-jose and our projects.

[baha-ai]

or a more proper one would be: https://github.com/btcsuite/btcd

[csstaub]

Hi @kdimak, thanks for the pull request! I have some concerns about depending on btcd for this, because it's quite a large dependency to force on downstream users. Would prefer if we could use a purpose-built package just for secp256k1.

[kdimak]

Hi @csstaub , https://github.com/decred/dcrd/tree/master/dcrec was recommended (btcsuite/btcd#1495 (comment)) as it's "maintained by the original btcsuite authors and it provides a module". I've updated the PR to have a dependency on that library solely, please take a look.

[csstaub]

Rename this import? Since it's not btcec anymore, upstream package name is secp256k1.

[csstaub]

Same comment as above applies here, let's rename the import to secp256k1.

[csstaub]

Again let's rename this import to secp256k1.

[csstaub]

Huh, is this definitely the right string? Maybe add a comment here and quote the appropriate RFC to make sure people reading this code in the future won't be confused about the dissonance.

[kdimak]

Yeah, I will add a reference to https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-03

[csstaub]

Rename to `secp256k1.

[csstaub]

Rename to secp256k1.

[csstaub]

Add comment here, like // sic! maybe. Similar to what we do for the 512/521 bits.

[mozillazg]

BTW, LoadPublicKey and LoadPrivateKey don't support PEM/DER-encoded data for ES256K algorithm yet.

go-jose/jose-util/utils.go

Lines 42 to 43 in 96c7172

	// LoadPublicKey loads a public key from PEM/DER/JWK-encoded data.
	func LoadPublicKey(data []byte) (interface{}, error) {

go-jose/jose-util/utils.go

Lines 70 to 71 in 96c7172

	// LoadPrivateKey loads a private key from PEM/DER/JWK-encoded data.
	func LoadPrivateKey(data []byte) (interface{}, error) {

[marksalpeter]

Thank you @kdimak for this contribution. I've taken out a PR with your commit on new repo here go-jose/go-jose#14. I intend to use this in my project whether or not it gets merged.