Skip to content

feat: refactor W3C scenario to support multiple crypto algo settings #1062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 35 commits into from
Jun 20, 2025
Merged

feat: refactor W3C scenario to support multiple crypto algo settings #1062

merged 35 commits into from
Jun 20, 2025

Conversation

jaromil
Copy link
Member

@jaromil jaromil commented May 5, 2025

The statement: create signed selective disclosure of '' with '' is now added to specify a string with name of algo, which is parsed internally with uppercase strings of algos set in sd-jwt structures

@jaromil jaromil mentioned this pull request May 6, 2025
Merged
@jaromil
Copy link
Member Author

jaromil commented May 8, 2025

This is summing up quite some changes to W3C code but will make sure that all tests are passed, the only disruptive change so far is the BEARER schema elision.

It is unfinished since it still needs a rewrite of W3C.create_string_jwk which does some weird encoding in the WHEN phase rather than staying in binary form, it also needs a refactor to support more crypto algos from the IANA register, at least the 4 ones I'm enabling in this PR.

@jaromil jaromil force-pushed the feat/more_algos_sdjwt branch from 8d8b9c8 to eb959e7 Compare May 15, 2025 17:01
@jaromil jaromil changed the title feat: first mod of sd-jwt to support algo setting in sig feat: refactor W3C scenario to support multiple crypto algo settings May 16, 2025
@matteo-cristino
Copy link
Collaborator

matteo-cristino commented May 23, 2025
edited
Loading

We have the transformation zencode keyring to jwks, maybe it can also be usefull to have jwks to zencode keyring/public key 🔐

Let me know if it something that you would like to add to this PR or I should make an issue

@matteo-cristino matteo-cristino force-pushed the feat/more_algos_sdjwt branch from 2a8f536 to aab6c86 Compare June 12, 2025 18:25
jaromil added 24 commits June 19, 2025 11:50
@jaromil
feat: first mod of sd-jwt to support algo setting in sig
7a39efa 
The statement: `create signed selective disclosure of '' with ''` is
now added to specify a string with name of algo, which is parsed
internally with uppercase strings of algos set in sd-jwt structures
@jaromil
test sd-jwt issuer signature with mldsa44
cfcf8a6
@jaromil
small cleanups, const and internal function renaming
8f34b8d
@jaromil
further cleanup in crypto and zencode sd jwt
7c81143
@jaromil
improve sd jwt and reorganize code
da7bdd0
@jaromil
small refactor of w3c scenario code for jwt and jws
5a86f58
@jaromil
init loads more sigs by default, use more require_once
f49cc55
@jaromil
small fix to bitcoin global class use in zencode
4eae02f
@jaromil
fix: zenguard errors print HEAP and TRACE
dda9de0
@jaromil
refactor: streamline jwk export function
c241d7e
@jaromil
refactor: move resolve crypto algo in W3C class
1857fbb
@jaromil
refactor: JSON serialization and JWS creation
e3aa390
@jaromil
test: JOSE serialization (W3C class) test in lua
66b1843
@jaromil
fix: zenroom version in jws proof
e421621
@jaromil
refactor: progress on jws signing pass
8781b1b
@jaromil
fix: support serialized r..s signature in ecdh
c29ba9b
@jaromil
fix: ecdh update to hedley refactor #1011 and avoid warnings
018978c
@jaromil
fix: ecdh serialized signature glitch
bed6254 
when serializing r and s to verify the signature in ECDH,
sometimes (non deterministically) the signature comes 63 bytes long
and does not verify
@jaromil
fix: ecdh signature r..s concatenation fixes
86d6a09 
also fix octet concat, since the milagro primitive seemed to break
something
@jaromil
fix: ecdh verify now accepts all concatenated signatures
662226c 
variable size is tolerated between 62 and 64 bytes for corner cases
@jaromil
fix: ecdh accept 62 <= sigs <= 64
bc26b41
@jaromil
refactor: moving further on jws verification, got ES265K working
9d99fdd
@jaromil
fix: pad r and s to 32 bytes in jws signature when serializing
3c137d7
@jaromil
fix: create jws with given header
96681eb
jaromil added 6 commits June 19, 2025 11:54
@jaromil
refactor: dpop+jwt verification in jws when jwk is detected
3654f8f 
supports verifying jws that carry a jwk with public keys in its header
according to oauth dpop spec 4.2 DPoP Proof JWT Syntax
@jaromil
refactor: rewrite old _verify_jws internal function
1ab70fa
@jaromil
fix: recent glitch in inspect
62124fb
@jaromil
feat: new CRYPTO class with name to func routes with IANA strings
64430fd 
this new class will help resolve the many names given to each
cryptographic algorithm and will take IANA as a main reference for
them, with conversion from any string and to and from key names
already used in zenroom
@jaromil
refactor: new refined crypto loader
1dc61cd 
simplier to use and maintain, CRYPTO.load() is the main entry
@jaromil
refactor: new crypto JOSE module and clean up W3C namespace
f222fc9 
moved de/serialization methods into JSON and jwk/jws into JOSE
@jaromil jaromil force-pushed the feat/more_algos_sdjwt branch from fa56337 to f222fc9 Compare June 19, 2025 09:57
@jaromil jaromil marked this pull request as ready for review June 20, 2025 09:46
@jaromil jaromil merged commit b1f7025 into master Jun 20, 2025
27 checks passed
@jaromil jaromil deleted the feat/more_algos_sdjwt branch June 20, 2025 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jaromil @matteo-cristino