Add explicit curve params support

[li0ard]

Hi, can you add support for explicit curve parameters? I know that explicit params must not be used in PKIX, but i need it for verifying MRTD PKI (Document Signers certs, Countries CA's), because their structure described by ICAO 9303 p.12:

Those issuing States or organizations implementing ECDSA for signature generation or verification SHALL use [X9.62]
or [ISO/IEC 15946]. The elliptic curve domain parameters used to generate the ECDSA key pair MUST be described
explicitly in the parameters of the public key, i.e. parameters MUST be of type ECParameters (no named curves, no
implicit parameters) and MUST include the optional co-factor. ECPoints MUST be in uncompressed format.

OpenSSL seems support conversion between explicit and names parameters.

[li0ard]

I write some sketch for this schema

export class FieldID {
    @AsnProp({ type: AsnPropTypes.ObjectIdentifier })
    public fieldType: string = ""

    @AsnProp({ type: AsnPropTypes.Integer })
    public curveP: string = "";
}

export class Curve {
    @AsnProp({ type: AsnPropTypes.OctetString })
    public a: ArrayBuffer = new ArrayBuffer(0)

    @AsnProp({ type: AsnPropTypes.OctetString })
    public b: ArrayBuffer = new ArrayBuffer(0)

    @AsnProp({ type: AsnPropTypes.BitString, optional: true })
    public seed?: ArrayBuffer = new ArrayBuffer(0)
}

export class SpecifiedECDomain {
    @AsnProp({ type: AsnPropTypes.Integer })
    public version: number = 1

    @AsnProp({ type: FieldID })
    public fieldID: FieldID = new FieldID()

    @AsnProp({ type: Curve })
    public curve: Curve = new Curve()

    @AsnProp({ type: AsnPropTypes.OctetString })
    public base: ArrayBuffer = new ArrayBuffer(0)

    @AsnProp({ type: AsnPropTypes.Integer })
    public order: string = "";

    @AsnProp({ type: AsnPropTypes.Integer, optional: true })
    public cofactor?: number = 0;
}

@AsnType({ type: AsnTypeTypes.Choice })
export class ECParameters {

  @AsnProp({ type: AsnPropTypes.ObjectIdentifier })
  public namedCurve?: string;

  @AsnProp({ type: SpecifiedECDomain })
  public explicitCurve?: SpecifiedECDomain;

  constructor(params: Partial<ECParameters> = {}) {
    Object.assign(this, params);
  }
}

[li0ard]

@microshine

[microshine]

I'm working on this. I'm clarifying the specification and checking the ASN.1 schema. I'm planning to add new schemas to the @peculiar/asn1-ecc module.

[li0ard]

Thank you. Are you planning to add signature verification for X509 cert's with explicit EC parameters in @peculiar/x509?

[microshine]

Currently, we have no plans to add signature verification for X.509 certificates with explicit EC parameters in @peculiar/x509. Since @peculiar/x509 relies on the WebCrypto API for cryptographic operations, and the WebCrypto API may not support this specific ECC format, extending the functionality would require significant changes.

We do have separate modules that implement the WebCrypto interface:

• @peculiar/webcrypto: An implementation based on the Node.js Crypto API.
• webcrypto-liner: An implementation based on the native browser crypto provider with additional JavaScript implementations.

[microshine]

@li0ard I've created a PR. Could you please take a look and let me know if this implementation works for you?

[li0ard]

Yes, it works, thanks. After applying this PR, will it be possible to parse a certificate with this parameters via @peculiar/x509?

[microshine]

@peculiar/[email protected] has been published
I'm going to update the @peculiar/x509 dependencies and check if it's possible to parse this type of certificate