Add support for ECDSA signatures in web editor

Author: lucko

src/socket/worker.js

@@ -12,8 +12,9 @@ const STOP_LISTENING = false;
 let globalSocket;
 
 class SocketInterface {
-  constructor(socket, keys, pluginKey) {
+  constructor(socket, signVerifyAlgorithm, keys, pluginKey) {
     this.socket = socket;
+    this.signVerifyAlgorithm = signVerifyAlgorithm;
     this.keys = keys;
     this.pluginKey = pluginKey;
 
@@ -32,7 +33,7 @@ class SocketInterface {
 
     // sign the message with the editor private key
     const signature = await crypto.subtle.sign(
-      'RSASSA-PKCS1-v1_5',
+      this.signVerifyAlgorithm,
       this.keys.privateKey,
       new TextEncoder().encode(encoded),
     );
@@ -70,7 +71,7 @@ class SocketInterface {
     // verify that the message was sent by the plugin
     // (check it was signed with the plugin public key)
     const verified = await crypto.subtle.verify(
-      'RSASSA-PKCS1-v1_5',
+      this.signVerifyAlgorithm,
       this.pluginKey,
       decode(signature),
       new TextEncoder().encode(encodedMessage),
@@ -95,13 +96,13 @@ class SocketInterface {
 }
 
 // eslint-disable-next-line max-len
-function socketConnect(channelId, sessionId, keys, pluginKey, userAgent, callbacks) {
+function socketConnect(channelId, sessionId, signVerifyAlgorithm, keys, pluginKey, userAgent, callbacks) {
   console.log('[WS] Creating socket...');
 
   // create a websocket
   // important that no async/await occurs between here and the listener registrations
   const socket = new WebSocket(`wss://${config.bytesocks_host}/${channelId}`);
-  const socketInterface = new SocketInterface(socket, keys, pluginKey);
+  const socketInterface = new SocketInterface(socket, signVerifyAlgorithm, keys, pluginKey);
 
   socket.onmessage = (event) => {
     const frame = JSON.parse(event.data);

src/socket/ws.js

@@ -5,16 +5,18 @@ import Worker from 'worker-loader!./worker';
 
 /* eslint-disable no-use-before-define */
 
-export async function socketConnect(channelId, sessionId, pluginPublicKey, callbacks) {
+export async function socketConnect(protocolVersion, channelId, sessionId, pluginPublicKey, callbacks) {
+  const cryptoHelper = new CryptoHelper(protocolVersion);
+
   // generate public/private keypair for the editor
-  const keys = await loadKeys() || await generateKeys();
+  const keys = await cryptoHelper.loadKeys() || await cryptoHelper.generateKeys();
 
   // decode and import the plugin public key
-  const pluginKey = await importKey('spki', pluginPublicKey, ['verify']);
+  const pluginKey = await cryptoHelper.importKey('spki', pluginPublicKey, ['verify']);
 
   const { userAgent } = window.navigator;
   const socket = wrap(new Worker());
-  await socket.socketConnect(channelId, sessionId, keys, pluginKey, userAgent, proxy({
+  await socket.socketConnect(channelId, sessionId, cryptoHelper.signVerifyAlgorithm, keys, pluginKey, userAgent, proxy({
     connect: proxy(() => {
       callbacks.connect({ socket });
     }),
@@ -34,53 +36,85 @@ export async function socketConnect(channelId, sessionId, pluginPublicKey, callb
   return socket;
 }
 
-async function loadKeys() {
-  const encodedPublicKey = localStorage.getItem('editor-public-key');
-  const encodedPrivateKey = localStorage.getItem('editor-private-key');
+class CryptoHelper {
+  constructor(protocolVersion) {
+    if (protocolVersion === 1 ) {
+      this.publicKeyVariable = 'editor-public-key'
+      this.privateKeyVariable = 'editor-private-key'
+      this.importAlgorithm = {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: 'SHA-256',
+      }
+      this.generateAlgorithm = {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: 'SHA-256',
+        modulusLength: 4096,
+        publicExponent: new Uint8Array([1, 0, 1]),
+      }
+      this.signVerifyAlgorithm = {
+        name: 'RSASSA-PKCS1-v1_5',
+      }
+
+    } else if (protocolVersion === 2) {
+      this.publicKeyVariable = 'editor-public-key-v2'
+      this.privateKeyVariable = 'editor-private-key-v2'
+      this.importAlgorithm = {
+        name: 'ECDSA',
+        namedCurve: 'P-256',
+      }
+      this.generateAlgorithm = {
+        name: 'ECDSA',
+        namedCurve: 'P-256',
+      }
+      this.signVerifyAlgorithm = {
+        name: 'ECDSA',
+        hash: 'SHA-256',
+      }
+    } else {
+      throw new Error(`Unsupported protocol version: ${protocolVersion}`);
+    }
+  }
+
+  async loadKeys() {
+    const encodedPublicKey = localStorage.getItem(this.publicKeyVariable);
+    const encodedPrivateKey = localStorage.getItem(this.privateKeyVariable);
+
+    if (encodedPublicKey && encodedPrivateKey) {
+      const publicKey = await this.importKey('spki', encodedPublicKey, []);
+      const privateKey = await this.importKey('pkcs8', encodedPrivateKey, ['sign']);
+      return {
+        publicKey,
+        privateKey,
+        encodedPublicKey,
+        encodedPrivateKey,
+      };
+    }
+
+    return null;
+  }
+
+  importKey(format, encoded, keyUsages) {
+    return crypto.subtle.importKey(format, decode(encoded), this.importAlgorithm, false, keyUsages);
+  }
+
+  async exportKey(format, key, storageKey) {
+    const exported = await crypto.subtle.exportKey(format, key);
+    const encoded = encode(exported);
+    localStorage.setItem(storageKey, encoded);
+    return encoded;
+  }
+
+  async generateKeys() {
+    const { publicKey, privateKey } = await crypto.subtle.generateKey(this.generateAlgorithm, true, ['sign']);
+
+    const encodedPublicKey = await this.exportKey('spki', publicKey, this.publicKeyVariable);
+    const encodedPrivateKey = await this.exportKey('pkcs8', privateKey, this.privateKeyVariable);
 
-  if (encodedPublicKey && encodedPrivateKey) {
-    const publicKey = await importKey('spki', encodedPublicKey, []);
-    const privateKey = await importKey('pkcs8', encodedPrivateKey, ['sign']);
     return {
       publicKey,
       privateKey,
       encodedPublicKey,
       encodedPrivateKey,
     };
   }
-
-  return null;
-}
-
-function importKey(format, encoded, keyUsages) {
-  return crypto.subtle.importKey(format, decode(encoded), {
-    name: 'RSASSA-PKCS1-v1_5',
-    hash: 'SHA-256',
-  }, false, keyUsages);
-}
-
-async function exportKey(format, key, storageKey) {
-  const exported = await crypto.subtle.exportKey(format, key);
-  const encoded = encode(exported);
-  localStorage.setItem(storageKey, encoded);
-  return encoded;
-}
-
-async function generateKeys() {
-  const { publicKey, privateKey } = await crypto.subtle.generateKey({
-    name: 'RSASSA-PKCS1-v1_5',
-    modulusLength: 4096,
-    publicExponent: new Uint8Array([1, 0, 1]),
-    hash: 'SHA-256',
-  }, true, ['sign']);
-
-  const encodedPublicKey = await exportKey('spki', publicKey, 'editor-public-key');
-  const encodedPrivateKey = await exportKey('pkcs8', privateKey, 'editor-private-key');
-
-  return {
-    publicKey,
-    privateKey,
-    encodedPublicKey,
-    encodedPrivateKey,
-  };
 }

src/store/index.js

@@ -577,6 +577,7 @@ export default new Vuex.Store({
 
         if (data.socket?.channelId) {
           socketConnect(
+            data.socket.protocolVersion,
             data.socket.channelId,
             sessionId,
             data.socket.publicKey,