TBD54566975 · decentralgabe · Apr 2, 2024 · Apr 2, 2024
@@ -44,7 +44,13 @@ func SignVerifiableCredentialJWT(signer jwx.Signer, cred credential.VerifiableCr
 			return nil, errors.Wrap(err, "setting KID protected header")
 		}
 	}
-	signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(signer.ALG), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
+
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	alg := signer.ALG
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA.String()
+	}
+	signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(alg), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
 	if err != nil {
 		return nil, errors.Wrap(err, "signing JWT credential")
 	}
@@ -271,7 +277,12 @@ func SignVerifiablePresentationJWT(signer jwx.Signer, parameters *JWTVVPParamete
 			return nil, errors.Wrap(err, "setting KID protected header")
 		}
 	}
-	signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(signer.ALG), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	alg := signer.ALG
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA.String()
+	}
+	signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(alg), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
 	if err != nil {
 		return nil, errors.Wrap(err, "signing JWT presentation")
 	}

@@ -82,9 +82,13 @@ func (k *PrivateKeyJWK) ToPrivateKey() (gocrypto.PrivateKey, error) {
 		if err != nil {
 			return nil, errors.Wrap(err, "getting alg from key and curve")
 		}
+		// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+		if alg == jwa.Ed25519.String() {
+			alg = jwa.EdDSA.String()
+		}
 		k.ALG = alg
 	}
-	if IsSupportedJWXSigningVerificationAlgorithm(k.ALG) || IsSupportedKeyAgreementType(k.ALG) {
+	if IsSupportedJWXSigningVerificationAlgorithm(k.ALG) || IsSupportedKeyAgreementType(k.CRV) {
 		return k.toSupportedPrivateKey()
 	}
 	if IsExperimentalJWXSigningVerificationAlgorithm(k.ALG) {

@@ -179,12 +179,23 @@ func (s *Signer) SignWithDefaults(kvs map[string]any) ([]byte, error) {
 			return nil, errors.Wrap(err, "setting KID protected header")
 		}
 	}
-	return jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(s.ALG), s.PrivateKey, jws.WithProtectedHeaders(hdrs)))
+
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	alg := s.ALG
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA.String()
+	}
+	return jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(alg), s.PrivateKey, jws.WithProtectedHeaders(hdrs)))
 }
 
 // Verify parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success
 func (v *Verifier) Verify(token string) error {
-	if _, err := jwt.Parse([]byte(token), jwt.WithKey(jwa.SignatureAlgorithm(v.ALG), v.publicKey)); err != nil {
+	alg := jwa.SignatureAlgorithm(v.ALG)
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA
+	}
+	if _, err := jwt.Parse([]byte(token), jwt.WithKey(alg, v.publicKey)); err != nil {
 		return errors.Wrap(err, "verifying JWT")
 	}
 	return nil
@@ -205,7 +216,12 @@ func (*Verifier) Parse(token string) (jws.Headers, jwt.Token, error) {
 
 // VerifyAndParse attempts to turn a string into a jwt.Token and verify its signature using the verifier
 func (v *Verifier) VerifyAndParse(token string) (jws.Headers, jwt.Token, error) {
-	parsed, err := jwt.Parse([]byte(token), jwt.WithKey(jwa.SignatureAlgorithm(v.ALG), v.publicKey))
+	alg := jwa.SignatureAlgorithm(v.ALG)
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA
+	}
+	parsed, err := jwt.Parse([]byte(token), jwt.WithKey(alg, v.publicKey))
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "parsing and verifying JWT")
 	}
@@ -235,7 +251,7 @@ func AlgFromKeyAndCurve(kty, crv string) (string, error) {
 		case jwa.X25519.String():
 			return jwa.X25519.String(), nil
 		case jwa.Ed25519.String():
-			return jwa.EdDSA.String(), nil
+			return jwa.Ed25519.String(), nil
 		default:
 			return "", fmt.Errorf("unsupported OKP jwt curve: %s", curve)
 		}
@@ -277,6 +293,7 @@ func GetSupportedJWXSigningVerificationAlgorithms() []string {
 		jwa.ES384.String(),
 		jwa.ES512.String(),
 		jwa.EdDSA.String(),
+		jwa.Ed25519.String(),
 	}
 }
 

@@ -182,7 +182,12 @@ func (s *JSONWebKeySigner) Sign(tbs []byte) ([]byte, error) {
 	if err := headers.Set(jws.CriticalKey, []string{b64}); err != nil {
 		return nil, err
 	}
-	return jws.Sign(nil, jws.WithKey(jwa.SignatureAlgorithm(s.ALG), s.PrivateKey), jws.WithHeaders(headers), jws.WithDetachedPayload(tbs))
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	alg := s.ALG
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA.String()
+	}
+	return jws.Sign(nil, jws.WithKey(jwa.SignatureAlgorithm(alg), s.PrivateKey), jws.WithHeaders(headers), jws.WithDetachedPayload(tbs))
 }
 
 func (s *JSONWebKeySigner) GetKeyID() string {
@@ -238,7 +243,12 @@ func (v JSONWebKeyVerifier) Verify(message, signature []byte) error {
 	if err != nil {
 		return errors.Wrap(err, "getting public key")
 	}
-	_, err = jws.Verify(signature, jws.WithKey(jwa.SignatureAlgorithm(v.ALG), pubKey), jws.WithDetachedPayload(message))
+	// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
+	alg := v.ALG
+	if alg == "Ed25519" {
+		alg = jwa.EdDSA.String()
+	}
+	_, err = jws.Verify(signature, jws.WithKey(jwa.SignatureAlgorithm(alg), pubKey), jws.WithDetachedPayload(message))
 	return err
 }
 

@@ -202,6 +202,7 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 h1:RBkacARv7qY5laaXGlF4wFB/tk5rnthhPb8oIBGoagY=
 github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8/go.mod h1:9PdLyPiZIiW3UopXyRnPYyjUXSpiQNHRLu8fOsR3o8M=
 github.com/tidwall/gjson v1.6.7 h1:Mb1M9HZCRWEcXQ8ieJo7auYyyiSux6w9XN3AdTpxJrE=
@@ -241,14 +242,18 @@ golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9t
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
@@ -268,6 +273,7 @@ golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
 golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=