-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for ED25519 #229
Support for ED25519 #229
Changes from 3 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,7 +17,8 @@ module Signature | |
HMAC_ALGORITHMS = %w[HS256 HS512256 HS384 HS512].freeze | ||
RSA_ALGORITHMS = %w[RS256 RS384 RS512].freeze | ||
ECDSA_ALGORITHMS = %w[ES256 ES384 ES512].freeze | ||
|
||
EDDSA_ALGORITHMS = %w[ED25519].freeze | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Trailing whitespace detected. |
||
NAMED_CURVES = { | ||
'prime256v1' => 'ES256', | ||
'secp384r1' => 'ES384', | ||
|
@@ -31,6 +32,8 @@ def sign(algorithm, msg, key) | |
sign_rsa(algorithm, msg, key) | ||
elsif ECDSA_ALGORITHMS.include?(algorithm) | ||
sign_ecdsa(algorithm, msg, key) | ||
elsif EDDSA_ALGORITHMS.include?(algorithm) | ||
sign_eddsa(algorithm, msg, key) | ||
else | ||
raise NotImplementedError, 'Unsupported signing method' | ||
end | ||
|
@@ -43,6 +46,8 @@ def verify(algo, key, signing_input, signature) | |
SecurityUtils.verify_rsa(algo, key, signing_input, signature) | ||
elsif ECDSA_ALGORITHMS.include?(algo) | ||
verify_ecdsa(algo, key, signing_input, signature) | ||
elsif EDDSA_ALGORITHMS.include?(algo) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Align |
||
verify_eddsa(algo, key, signing_input, signature) | ||
else | ||
raise JWT::VerificationError, 'Algorithm not supported' | ||
end | ||
|
@@ -70,7 +75,11 @@ def sign_ecdsa(algorithm, msg, private_key) | |
digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha')) | ||
SecurityUtils.asn1_to_raw(private_key.dsa_sign_asn1(digest.digest(msg)), private_key) | ||
end | ||
|
||
def sign_eddsa(algorithm, msg, private_key) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use empty lines between method definitions. |
||
raise EncodeError, "Key given is a #{private_key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey" if private_key.class != RbNaCl::Signatures::Ed25519::SigningKey | ||
raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{private_key.primitive} signing key was provided" if algorithm.downcase.to_sym != private_key.primitive | ||
private_key.sign(msg) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Trailing whitespace detected. |
||
end | ||
def sign_hmac(algorithm, msg, key) | ||
authenticator, padded_key = SecurityUtils.rbnacl_fixup(algorithm, key) | ||
if authenticator && padded_key | ||
|
@@ -79,13 +88,16 @@ def sign_hmac(algorithm, msg, key) | |
OpenSSL::HMAC.digest(OpenSSL::Digest.new(algorithm.sub('HS', 'sha')), key, msg) | ||
end | ||
end | ||
|
||
def verify_eddsa(algorithm, public_key,signing_input, signature) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Space missing after comma. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use empty lines between method definitions. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. JWT::Signature takes parameters ['algorithm', 'public_key', 'signature', 'signing_input'] to 3 methods |
||
raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{public_key.primitive} verification key was provided" if algorithm.downcase.to_sym != public_key.primitive | ||
raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey | ||
public_key.verify(signature, signing_input) | ||
end | ||
def verify_ecdsa(algorithm, public_key, signing_input, signature) | ||
key_algorithm = NAMED_CURVES[public_key.group.curve_name] | ||
if algorithm != key_algorithm | ||
raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided" | ||
end | ||
|
||
digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha')) | ||
public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key)) | ||
end | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
%w
-literals should be delimited by(
and)
.