feat: add support for Ed25519 and Ed448 (EdDSA)

Author: panva

README.md

@@ -144,9 +144,11 @@ As mentioned in [this comment](https://github.com/auth0/node-jsonwebtoken/issues
 * `algorithms`: List of strings with the names of the allowed algorithms. For instance, `["HS256", "HS384"]`. 
   > If not specified a defaults will be used based on the type of key provided
   > * secret - ['HS256', 'HS384', 'HS512']
-  > * rsa - ['RS256', 'RS384', 'RS512']
-  > * ec - ['ES256', 'ES384', 'ES512']
-  > * default - ['RS256', 'RS384', 'RS512']
+  > * rsa - ['RS256', 'RS384', 'RS512', 'PS256', 'PS384', 'PS512']
+  > * rsa-pss - ['PS256', 'PS384', 'PS512']
+  > * ec - ['ES256', 'ES256K', 'ES384', 'ES512']
+  > * ed25519 - ['EdDSA', 'Ed25519']
+  > * ed448 - ['EdDSA', 'Ed448']
 * `audience`: if you want to check audience (`aud`), provide a value here. The audience can be checked against a string, a regular expression or a list of strings and/or regular expressions. 
   > Eg: `"urn:foo"`, `/urn:f[o]{2}/`, `[/urn:f[o]{2}/, "urn:bar"]`
 * `complete`: return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload.
@@ -370,6 +372,9 @@ Array of supported algorithms. The following algorithms are currently supported.
 | ES256               | ECDSA using P-256 curve and SHA-256 hash algorithm                     |
 | ES384               | ECDSA using P-384 curve and SHA-384 hash algorithm                     |
 | ES512               | ECDSA using P-521 curve and SHA-512 hash algorithm                     |
+| EdDSA (deprecated)  | EdDSA using Ed25519 or Ed448                                           |
+| Ed25519             | EdDSA using Ed25519                                                    |
+| Ed448               | EdDSA using Ed448                                                      |
 | none                | No digital signature or MAC value included                             |
 
 ## Refreshing JWTs

lib/oneShotAlgs.js

@@ -52,6 +52,13 @@ module.exports = function(alg, key) {
       digest: 'sha512',
       key: { key, dsaEncoding: 'ieee-p1363' },
     };
+  case 'Ed25519':
+  case 'Ed448':
+  case 'EdDSA':
+    return {
+      digest: undefined,
+      key: { key },
+    };
   default:
     throw new Error('unreachable');
   }

lib/validateAsymmetricKey.js

@@ -2,6 +2,8 @@ const { ASYMMETRIC_KEY_DETAILS_SUPPORTED, RSA_PSS_KEY_DETAILS_SUPPORTED } = requ
 
 const allowedAlgorithmsForKeys = {
   'ec': ['ES256', 'ES256K', 'ES384', 'ES512'],
+  'ed25519': ['EdDSA'],
+  'ed448': ['EdDSA'],
   'rsa': ['RS256', 'PS256', 'RS384', 'PS384', 'RS512', 'PS512'],
   'rsa-pss': ['PS256', 'PS384', 'PS512']
 };

sign.js

@@ -15,6 +15,8 @@ const SUPPORTED_ALGS = [
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES256K', 'ES384', 'ES512',
   'HS256', 'HS384', 'HS512',
+  'EdDSA',
+  'Ed25519', 'Ed448',
   'none',
 ];
 

test/ed25519-private.pem

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEINm0OEjPHWFVPXX+RWO48diNrzeWvhxLYT0UfBHb6ZBA
+-----END PRIVATE KEY-----

test/ed25519-public-invalid.pem

@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAnbt7ZRTDvGWNmgiJQ+oOodLqvFS0fl1mlRHTaetHI0Q=
+-----END PUBLIC KEY-----

test/ed25519-public.pem

@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAbelG8IgnkVHYUdI5CN54QDdYkvgJkeDc7V8EVBN6zVg=
+-----END PUBLIC KEY-----

test/jwt.asymmetric_signing.tests.js

@@ -26,6 +26,11 @@ const algorithms = {
     pub_key: loadKey('secp256k1-public.pem'),
     invalid_pub_key: loadKey('secp256k1-public-invalid.pem')
   },
+  EdDSA: {
+    priv_key: loadKey('ed25519-private.pem'),
+    pub_key: loadKey('ed25519-public.pem'),
+    invalid_pub_key: loadKey('ed25519-public-invalid.pem')
+  },
   PS256: {
     pub_key: loadKey('pub.pem'),
     priv_key: loadKey('priv.pem'),

test/roundtrip.test.js

@@ -14,6 +14,8 @@ for (const [alg, opts] of [
   ["ES256K"],
   ["ES384"],
   ["ES512"],
+  ["EdDSA", { crv: "Ed25519" }],
+  ["EdDSA", { crv: "Ed448" }],
 ]) {
   const conditionalDescribe =
     parseInt(process.versions.node, 10) >= 18 ? describe : describe.skip;

test/schema.tests.js

@@ -10,6 +10,7 @@ describe('schema', function() {
     var cert_secp256k1_priv = fs.readFileSync(__dirname + '/secp256k1-private.pem');
     var cert_secp384r1_priv = fs.readFileSync(__dirname + '/secp384r1-private.pem');
     var cert_secp521r1_priv = fs.readFileSync(__dirname + '/secp521r1-private.pem');
+    var cert_ed25519_priv = fs.readFileSync(__dirname + '/ed25519-private.pem');
 
     function sign(options, secretOrPrivateKey) {
       jwt.sign({foo: 123}, secretOrPrivateKey, options);
@@ -30,6 +31,7 @@ describe('schema', function() {
       sign({algorithm: 'ES256K'}, cert_secp256k1_priv);
       sign({algorithm: 'ES384'}, cert_secp384r1_priv);
       sign({algorithm: 'ES512'}, cert_secp521r1_priv);
+      sign({algorithm: 'EdDSA'}, cert_ed25519_priv);
       sign({algorithm: 'HS256'}, 'superSecret');
       sign({algorithm: 'HS384'}, 'superSecret');
       sign({algorithm: 'HS512'}, 'superSecret');

verify.js

@@ -12,6 +12,7 @@ const RSA_KEY_ALGS = ['RS256', 'RS384', 'RS512'];
 const RSA_PSS_KEY_ALGS = ['PS256', 'PS384', 'PS512'];
 const PUB_KEY_ALGS = [].concat(RSA_KEY_ALGS, EC_KEY_ALGS);
 const HS_ALGS = ['HS256', 'HS384', 'HS512'];
+const EdDSA_ALGS = ['EdDSA'];
 
 function processPayload(header, payload, signature, options, done) {
   const clockTimestamp = options.clockTimestamp || Math.floor(Date.now() / 1000);
@@ -225,6 +226,12 @@ module.exports = function(jwtString, secretOrPublicKey, options, callback) {
         case 'ec':
           options.algorithms = EC_KEY_ALGS;
           break;
+        case 'ed25519':
+          options.algorithms = [].concat(EdDSA_ALGS, 'Ed25519');
+          break;
+        case 'ed448':
+          options.algorithms = [].concat(EdDSA_ALGS, 'Ed448');
+          break;
         default:
           options.algorithms = PUB_KEY_ALGS;
         }