Support for P-521 (secp521r1)

[cplussharp]

Is there a reason for not supporting P-521? Or was it just not implemented because it is to complex?

[kjur]

That's the limitation of BitcoinJS bundled in jsrsasign. If I get good recommendation for ECDSA/EdDSA JS library, I can switch to it.

[augjoh]

@kjur, @cplussharp: Only minor changes are necessary to support P-521, as far as I can see. I don't have the time to prepare a pull request here, but perhaps some else could enhance jsrsasign with the following changes:

Take into account that gxHex is one byte shorter, when registering the P-521 curve. Left padding with 00 is sufficient:

    this.regist = function(name, keylen, pHex, aHex, bHex, nHex, hHex, gxHex, gyHex, aliasList, oid, info) {
[...]
        var G = curve.decodePointHex("04" + gxHex + gyHex);

Resolve OID/Names to canonical name:

  KJUR.crypto.ECDSA.getName = function(s) {
  [..]
    if ("|2b81040023|secp521r1|NIST P-521|".includes(name)) {
        return "secp521r1"
    }

Calculate length constraint correctly for P-521:

KJUR.crypto.ECDSA = function(params) {
[...]
    this.getPublicKeyXYHex = function() {
[...]
    if (h.length !== 2 + charlen * 2)

Don't stumble over P-521 signature length here, neither:

KJUR.crypto.ECDSA.concatSigToASN1Sig = function(concatSig) {
[...]
    if ((((concatSig.length / 2) * 8) % (16 * 8)) != 0)
[...]

And finally add missing JWS algorithm:

KJUR.jws.JWS.jwsalg2sigalg = { 
[...]
    //"ES512":  "SHA512withECDSA", // unsupported because of jsrsasign's bug

Please see "DER signature creation fails" (#507) for an interoperability test with node.js and webcrypto.

Given a more generic implementation "Brainpool Curves for ECDSA" (#430) might be merged as well.

[kjur]

Hi @augjoh , thank you for your kind investigation. I'll try to check and fix it later.

[cplussharp]

Looks easy, I will try to add it.