diff --git a/src/signature.ts b/src/signature.ts new file mode 100644 index 0000000..94cfbd0 --- /dev/null +++ b/src/signature.ts @@ -0,0 +1,67 @@ +import {Result} from 'rust' +import logger from 'log' + +export type PrivKey = CryptoKey +export type PubKey = CryptoKey +export type KeyPair = [PrivKey, PubKey] + +const algorithm: EcdsaParams = { + name: "ECDSA", + hash: {name: "SHA-512"}, +} +const log = logger('crypto:signature') + +/** + * Create a new keypair for signing + * @param extractable if the keys must be extractable or not + * @return [privkey, pubkey] keys + */ +export async function gen_keypair(extractable: boolean = false) : Promise { + log.trace('Generating keypair') + log.debug('Extractable :', extractable ? 'yes' : 'no') + + let key = await window.crypto.subtle.generateKey( + { + name: "ECDSA", + namedCurve: "P-521" + } as EcKeyGenParams, + extractable, + ['sign', 'verify'] + ) + + return [key.privateKey, key.publicKey] +} +export async function sign(privkey: PrivKey, message: Uint8Array) : Promise> { + log.trace('sign') + + try { + return Result.ok(await window.crypto.subtle.sign( + algorithm, + privkey, + message, + )) + } catch(e) { + log.warn('Signature failed') + log.debug(`Error : ${e}`) + } + + return Result.error([]) +} + +export async function verify(pubkey: PubKey, message: Uint8Array, signature: ArrayBuffer): Promise { + log.trace('Verify signature') + + try { + return await window.crypto.subtle.verify( + algorithm, + pubkey, + signature, + message + ); + } catch (e) { + log.warn('Verification failed') + log.debug(`Error : ${e}`) + } + + return false; +} diff --git a/test/signature.test.ts b/test/signature.test.ts new file mode 100644 index 0000000..f80e84d --- /dev/null +++ b/test/signature.test.ts @@ -0,0 +1,57 @@ +import {test, expect} from 'bun:test' + +import {signature} from '../index' + +test('base case', async () => { + let keypair = await signature.gen_keypair() + let data = new TextEncoder().encode("Message 123 !") + + const sig = (await signature.sign(keypair[0], data)).expect("Should sign the message") + let verification = await signature.verify(keypair[1], data, sig) + + expect(verification).toBe(true) +}) + +test('inverted keys', async () => { + let keypair = await signature.gen_keypair() + let data = new TextEncoder().encode("Message 123 !") + + ;(await signature.sign(keypair[1], data)).expect_err("Shouldn't sign the message with the wrong key") + + const sig = (await signature.sign(keypair[0], data)).expect("Should sign the message") + let verification = await signature.verify(keypair[0], data, sig) + expect(verification).toBe(false) +}) + +test('tampered message', async () => { + let keypair = await signature.gen_keypair() + let data1 = new TextEncoder().encode("Message 123 !") + let data2 = new TextEncoder().encode("Message 321 !") + expect(data1).not.toEqual(data2) + + const sig = (await signature.sign(keypair[0], data1)).expect("Should sign the message") + let verification = await signature.verify(keypair[1], data2, sig) + + expect(verification).toBe(false) +}) + +test('different keypair', async () => { + const keypair = await signature.gen_keypair() + const keypair2 = await signature.gen_keypair() + let data = new TextEncoder().encode("Message 123 !") + + const sig = (await signature.sign(keypair[0], data)).expect("Should sign the message") + let verification = await signature.verify(keypair2[1], data, sig) + + expect(verification).toBe(false) +}) + +test('tampered signature', async () => { + let keypair = await signature.gen_keypair() + let data = new TextEncoder().encode("Message 123 !") + + const sig = (await signature.sign(keypair[0], data)).expect("Should sign the message") + let verification = await signature.verify(keypair[1], data, sig.slice(0, -1)) + + expect(verification).toBe(false) +})