Merge pull request #339 from fqutishat/update

feat: add ECDSASecp256k1IEEEP1363 to aws service
trustbloc · Sep 27, 2022 · 412f152 · 412f152
2 parents 06e5709 + 05fc013
commit 412f152
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/pkg/aws/service.go b/pkg/aws/service.go
@@ -73,11 +73,16 @@ func (s *Service) Sign(msg []byte, kh interface{}) ([]byte, error) {
 		return nil, err
 	}
 
+	describeKey, err := s.client.DescribeKey(&kms.DescribeKeyInput{KeyId: &keyID})
+	if err != nil {
+		return nil, err
+	}
+
 	input := &kms.SignInput{
 		KeyId:            aws.String(keyID),
 		Message:          msg,
 		MessageType:      aws.String("RAW"),
-		SigningAlgorithm: aws.String("ECDSA_SHA_256"),
+		SigningAlgorithm: describeKey.KeyMetadata.SigningAlgorithms[0],
 	}
 
 	result, err := s.client.Sign(input)
@@ -158,12 +163,17 @@ func (s *Service) Verify(signature, msg []byte, kh interface{}) error {
 		return err
 	}
 
+	describeKey, err := s.client.DescribeKey(&kms.DescribeKeyInput{KeyId: &keyID})
+	if err != nil {
+		return err
+	}
+
 	input := &kms.VerifyInput{
 		KeyId:            aws.String(keyID),
 		Message:          msg,
 		MessageType:      aws.String("RAW"),
 		Signature:        signature,
-		SigningAlgorithm: aws.String("ECDSA_SHA_256"),
+		SigningAlgorithm: describeKey.KeyMetadata.SigningAlgorithms[0],
 	}
 
 	_, err = s.client.Verify(input)
@@ -184,6 +194,8 @@ func (s *Service) Create(kt arieskms.KeyType) (string, interface{}, error) {
 		keySpec = kms.KeySpecEccNistP384
 	case arieskms.ECDSAP521DER, arieskms.NISTP521ECDHKW:
 		keySpec = kms.KeySpecEccNistP521
+	case arieskms.ECDSASecp256k1IEEEP1363:
+		keySpec = kms.KeySpecEccSecgP256k1
 	default:
 		return "", nil, fmt.Errorf("key not supported %s", kt)
 	}

diff --git a/pkg/aws/service_test.go b/pkg/aws/service_test.go
@@ -38,6 +38,12 @@ func TestSign(t *testing.T) {
 			return &kms.SignOutput{
 				Signature: []byte("data"),
 			}, nil
+		}, describeKeyFunc: func(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) {
+			return &kms.DescribeKeyOutput{
+				KeyMetadata: &kms.KeyMetadata{
+					SigningAlgorithms: []*string{aws.String("ECDSA_SHA_256")},
+				},
+			}, nil
 		}}
 
 		signature, err := svc.Sign([]byte("msg"),
@@ -59,6 +65,12 @@ func TestSign(t *testing.T) {
 
 		svc.client = &mockAWSClient{signFunc: func(input *kms.SignInput) (*kms.SignOutput, error) {
 			return nil, fmt.Errorf("failed to sign")
+		}, describeKeyFunc: func(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) {
+			return &kms.DescribeKeyOutput{
+				KeyMetadata: &kms.KeyMetadata{
+					SigningAlgorithms: []*string{aws.String("ECDSA_SHA_256")},
+				},
+			}, nil
 		}}
 
 		_, err = svc.Sign([]byte("msg"),
@@ -316,6 +328,12 @@ func TestVerify(t *testing.T) {
 
 		svc.client = &mockAWSClient{verifyFunc: func(input *kms.VerifyInput) (*kms.VerifyOutput, error) {
 			return &kms.VerifyOutput{}, nil
+		}, describeKeyFunc: func(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) {
+			return &kms.DescribeKeyOutput{
+				KeyMetadata: &kms.KeyMetadata{
+					SigningAlgorithms: []*string{aws.String("ECDSA_SHA_256")},
+				},
+			}, nil
 		}}
 
 		err = svc.Verify([]byte("sign"), []byte("data"),
@@ -336,6 +354,12 @@ func TestVerify(t *testing.T) {
 
 		svc.client = &mockAWSClient{verifyFunc: func(input *kms.VerifyInput) (*kms.VerifyOutput, error) {
 			return nil, fmt.Errorf("failed to verify")
+		}, describeKeyFunc: func(input *kms.DescribeKeyInput) (*kms.DescribeKeyOutput, error) {
+			return &kms.DescribeKeyOutput{
+				KeyMetadata: &kms.KeyMetadata{
+					SigningAlgorithms: []*string{aws.String("ECDSA_SHA_256")},
+				},
+			}, nil
 		}}
 
 		err = svc.Verify([]byte("data"), []byte("msg"),