Skip to content

Commit

Permalink
feat: add support for Ed25519 and Ed448 (EdDSA)
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Sep 11, 2024
1 parent f40be7d commit 5331137
Show file tree
Hide file tree
Showing 10 changed files with 31 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/oneShotAlgs.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ module.exports = function(alg, key) {
digest: 'sha512',
key: { key, dsaEncoding: 'ieee-p1363' },
};
case 'EdDSA':
return {
digest: undefined,
key: { key },
};
default:
throw new Error('unreachable');
}
Expand Down
2 changes: 2 additions & 0 deletions lib/validateAsymmetricKey.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ const { ASYMMETRIC_KEY_DETAILS_SUPPORTED, RSA_PSS_KEY_DETAILS_SUPPORTED } = requ

const allowedAlgorithmsForKeys = {
'ec': ['ES256', 'ES256K', 'ES384', 'ES512'],
'ed25519': ['EdDSA'],
'ed448': ['EdDSA'],
'rsa': ['RS256', 'PS256', 'RS384', 'PS384', 'RS512', 'PS512'],
'rsa-pss': ['PS256', 'PS384', 'PS512']
};
Expand Down
1 change: 1 addition & 0 deletions sign.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ const SUPPORTED_ALGS = [
'PS256', 'PS384', 'PS512',
'ES256', 'ES256K', 'ES384', 'ES512',
'HS256', 'HS384', 'HS512',
'EdDSA',
'none',
];

Expand Down
3 changes: 3 additions & 0 deletions test/ed25519-private.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINm0OEjPHWFVPXX+RWO48diNrzeWvhxLYT0UfBHb6ZBA
-----END PRIVATE KEY-----
3 changes: 3 additions & 0 deletions test/ed25519-public-invalid.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAnbt7ZRTDvGWNmgiJQ+oOodLqvFS0fl1mlRHTaetHI0Q=
-----END PUBLIC KEY-----
3 changes: 3 additions & 0 deletions test/ed25519-public.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAbelG8IgnkVHYUdI5CN54QDdYkvgJkeDc7V8EVBN6zVg=
-----END PUBLIC KEY-----
5 changes: 5 additions & 0 deletions test/jwt.asymmetric_signing.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ const algorithms = {
pub_key: loadKey('secp256k1-public.pem'),
invalid_pub_key: loadKey('secp256k1-public-invalid.pem')
},
EdDSA: {
priv_key: loadKey('ed25519-private.pem'),
pub_key: loadKey('ed25519-public.pem'),
invalid_pub_key: loadKey('ed25519-public-invalid.pem')
},
PS256: {
pub_key: loadKey('pub.pem'),
priv_key: loadKey('priv.pem'),
Expand Down
2 changes: 2 additions & 0 deletions test/roundtrip.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ for (const [alg, opts] of [
["ES256K"],
["ES384"],
["ES512"],
["EdDSA", { crv: "Ed25519" }],
["EdDSA", { crv: "Ed448" }],
]) {
const conditionalDescribe =
parseInt(process.versions.node, 10) >= 18 ? describe : describe.skip;
Expand Down
2 changes: 2 additions & 0 deletions test/schema.tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ describe('schema', function() {
var cert_secp256k1_priv = fs.readFileSync(__dirname + '/secp256k1-private.pem');
var cert_secp384r1_priv = fs.readFileSync(__dirname + '/secp384r1-private.pem');
var cert_secp521r1_priv = fs.readFileSync(__dirname + '/secp521r1-private.pem');
var cert_ed25519_priv = fs.readFileSync(__dirname + '/ed25519-private.pem');

function sign(options, secretOrPrivateKey) {
jwt.sign({foo: 123}, secretOrPrivateKey, options);
Expand All @@ -30,6 +31,7 @@ describe('schema', function() {
sign({algorithm: 'ES256K'}, cert_secp256k1_priv);
sign({algorithm: 'ES384'}, cert_secp384r1_priv);
sign({algorithm: 'ES512'}, cert_secp521r1_priv);
sign({algorithm: 'EdDSA'}, cert_ed25519_priv);
sign({algorithm: 'HS256'}, 'superSecret');
sign({algorithm: 'HS384'}, 'superSecret');
sign({algorithm: 'HS512'}, 'superSecret');
Expand Down
5 changes: 5 additions & 0 deletions verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ const EC_KEY_ALGS = ['ES256', 'ES256K', 'ES384', 'ES512'];
const RSA_KEY_ALGS = ['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512'];
const PUB_KEY_ALGS = [].concat(RSA_KEY_ALGS, EC_KEY_ALGS);
const HS_ALGS = ['HS256', 'HS384', 'HS512'];
const EdDSA_ALGS = ['EdDSA'];

function processPayload(header, payload, signature, options, done) {
const clockTimestamp = options.clockTimestamp || Math.floor(Date.now() / 1000);
Expand Down Expand Up @@ -222,6 +223,10 @@ module.exports = function(jwtString, secretOrPublicKey, options, callback) {
case 'ec':
options.algorithms = EC_KEY_ALGS
break;
case 'ed25519':
case 'ed448':
options.algorithms = EdDSA_ALGS;
break;
default:
options.algorithms = PUB_KEY_ALGS;
}
Expand Down

0 comments on commit 5331137

Please sign in to comment.