Add support for P-521 curve

Sadly Deno doesn't support it. See: denoland/deno#13449 (comment)
wiktor-k · Mar 6, 2024 · 60a17d1 · 60a17d1
1 parent 65704c7
commit 60a17d1
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/fixtures/p521.txt b/fixtures/p521.txt
@@ -0,0 +1 @@
+Sure, here is P-265 fixture ;)
diff --git a/fixtures/p521.txt.sig b/fixtures/p521.txt.sig
@@ -0,0 +1,10 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAKwAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQAAAI
+UEABon2x0D7m1Dxnfxp9HhV3VddppTwwIpGxjj1u3ukoP/mEsH+LGMTu+ZMacofZpZRiGZ
+5TyghUKep6pErZjffhnwAaMUI1M9kgK/QJVDpqiwiaRjRD4QXzVjxRhIsGPx11bCrxiuHJ
+muoPPo8tibOuq8PHvYB9RIz3IZjy6BrV8w6cqlAAAABGZpbGUAAAAAAAAABnNoYTUxMgAA
+AKcAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAIwAAABCAd0AAb8B0I3EziNuDnVnRKNk4t
+3qtJqQ4w0fZhaguZ3LbSSwj4qAsIytsIdyD8MF04hm6lh+NzJa24Kt5uHSh7PbAAAAQgH+
+fCBwwS5/AWWrtEdrlxK5Tu2pVFLofJRoO5mDn80pHidM8IHQhecJmGY02e/G5dUpSoY/q3
+r6xnimpmfqKKrKUw==
+-----END SSH SIGNATURE-----
diff --git a/formats.ts b/formats.ts
@@ -10,7 +10,7 @@ export type Pubkey = {
   key: Uint8Array;
   toString(): string;
 } | {
-  pk_algo: "ecdsa-sha2-nistp256" | "ecdsa-sha2-nistp384";
+  pk_algo: "ecdsa-sha2-nistp256" | "ecdsa-sha2-nistp384" | "ecdsa-sha2-nistp521";
   curve: string;
   point: Uint8Array;
   toString(): string;
@@ -40,8 +40,7 @@ export function parsePubkey(
       },
     };
   } else if (
-    pk_algo === "ecdsa-sha2-nistp256" || pk_algo === "ecdsa-sha2-nistp384"
-  ) {
+    pk_algo === "ecdsa-sha2-nistp256" || pk_algo === "ecdsa-sha2-nistp384" || pk_algo === "ecdsa-sha2-nistp521"  ) {
     const curve = publickey.readString().toString();
     pubkey = {
       pk_algo,
@@ -92,7 +91,7 @@ export function convertPublicKey(publickey: Pubkey): {
     };
   } else if (
     pk_algo === "ecdsa-sha2-nistp256" || pk_algo === "ecdsa-sha2-nistp384"
-  ) {
+ || pk_algo === "ecdsa-sha2-nistp521"  ) {
     if (publickey.point[0] !== 0x04) {
       throw new Error("Only uncompressed (0x04) format is supported");
     }
@@ -102,8 +101,10 @@ export function convertPublicKey(publickey: Pubkey): {
     let crv;
     if (pk_algo === "ecdsa-sha2-nistp256") {
       crv = "P-256";
-    } else {
+    } else if (pk_algo === "ecdsa-sha2-nistp384") {
       crv = "P-384";
+    } {
+      crv = "P-521";
     }
     return {
       keyData: {
@@ -142,6 +143,12 @@ export function convertAlgorithm(sig_algo: string) {
       namedCurve: "P-384",
       hash: { name: "SHA-384" },
     };
+  }  else if (sig_algo === "ecdsa-sha2-nistp521") {
+    return {
+      name: "ECDSA",
+      namedCurve: "P-521",
+      hash: { name: "SHA-512" },
+    };
   } else {
     throw new Error(`Unsupported algo: ${sig_algo}`);
   }

diff --git a/sig_parser.ts b/sig_parser.ts
@@ -34,7 +34,7 @@ export function parse(signature: DataView | string): Sig {
   let bytes;
   if (
     sig_algo === "ecdsa-sha2-nistp256" || sig_algo === "ecdsa-sha2-nistp384"
-  ) {
+ || sig_algo === "ecdsa-sha2-nistp512"  ) {
     let r = new Uint8Array(sig_bytes.readString().bytes());
     if (r[0] === 0x00 && r.length % 2 == 1) {
       r = r.slice(1);