guillp · guillp · Jan 11, 2023 · Nov 29, 2022 · Dec 21, 2022 · Dec 21, 2022
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install poetry tox tox-gh-actions tox-poetry
+          pip install poetry "tox<4" tox-gh-actions tox-poetry
 
       - name: test with tox
         run:
@@ -57,7 +57,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install poetry tox tox-gh-actions tox-poetry
+          pip install poetry "tox<4" tox-gh-actions tox-poetry
 
       - name: test with tox
         run:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -7,15 +7,15 @@ repos:
     -   id: forbid-tabs
     -   id: remove-tabs
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
     - id: trailing-whitespace
     - id: end-of-file-fixer
     - id: check-merge-conflict
     - id: check-yaml
       args: [--unsafe]
 -   repo: https://github.com/hadialqattan/pycln
-    rev: v2.1.1
+    rev: v2.1.2
     hooks:
     -   id: pycln
         args: [--config=pyproject.toml]
@@ -24,28 +24,29 @@ repos:
     hooks:
     - id: isort
 -   repo: https://github.com/psf/black
-    rev: 22.10.0
+    rev: 22.12.0
     hooks:
     - id: black
--   repo: https://gitlab.com/pycqa/flake8
-    rev: 3.9.2
+-   repo: https://github.com/pycqa/flake8
+    rev: 6.0.0
     hooks:
     -   id: flake8
-        additional_dependencies: [flake8-typing-imports==1.10.0]
+        additional_dependencies:
+            - flake8-typing-imports==1.14.0
 -   repo: https://github.com/asottile/blacken-docs
     rev: v1.12.1
     hooks:
         - id: blacken-docs
 -   repo: https://github.com/pycqa/pydocstyle
-    rev: 6.1.1
+    rev: 6.2.3
     hooks:
     -   id: pydocstyle
         additional_dependencies:
             - toml
         args:
             - --add-ignore=D107
 -   repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.982
+    rev: v0.991
     hooks:
     -   id: mypy
         args: [--strict]

diff --git a/README.md b/README.md
@@ -5,7 +5,8 @@
 
 A Pythonic implementation of the JOSE set of IETF specifications: [Json Web Signature][rfc7515], [Keys][rfc7517],
 [Algorithms][rfc7518], [Tokens][rfc7519] and [Encryption][rfc7516] (RFC7515 to 7519), and their extensions
-[ECDH Signatures][rfc8037] (RFC8037), [JWK Thumbprints][rfc7638] (RFC7638), and [JWK Thumbprint URI][rfc9278] (RFC9278).
+[ECDH Signatures][rfc8037] (RFC8037), [JWK Thumbprints][rfc7638] (RFC7638), and [JWK Thumbprint URI][rfc9278] (RFC9278),
+and with respect to [JWT Best Current Practices][rfc8725].
 
 - Free software: MIT
 - Documentation: <https://guillp.github.io/jwskate/>
@@ -140,25 +141,25 @@ The generated JWT claims will include the standardised claims:
 
 `jwskate` supports the following signature algorithms:
 
-| Signature Alg | Description                                    | Key Type | Reference                          | Note                  |
-|---------------|------------------------------------------------|----------|------------------------------------|-----------------------|
-| HS256         | HMAC using SHA-256                             | oct      | [RFC7518, Section 3.2]             |                       |
-| HS384         | HMAC using SHA-384                             | oct      | [RFC7518, Section 3.2]             |                       |
-| HS512         | HMAC using SHA-512                             | oct      | [RFC7518, Section 3.2]             |                       |
-| RS256         | RSASSA-PKCS1-v1_5 using SHA-256                | RSA      | [RFC7518, Section 3.3]             |                       |
-| RS384         | RSASSA-PKCS1-v1_5 using SHA-384                | RSA      | [RFC7518, Section 3.3]             |                       |
-| RS512         | RSASSA-PKCS1-v1_5 using SHA-512                | RSA      | [RFC7518, Section 3.3]             |                       |
-| ES256         | ECDSA using P-256 and SHA-256                  | EC       | [RFC7518, Section 3.4]             |                       |
-| ES384         | ECDSA using P-384 and SHA-384                  | EC       | [RFC7518, Section 3.4]             |                       |
-| ES512         | ECDSA using P-521 and SHA-512                  | EC       | [RFC7518, Section 3.4]             |                       |
-| PS256         | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 | RSA      | [RFC7518, Section 3.5]             |                       |
-| PS384         | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 | RSA      | [RFC7518, Section 3.5]             |                       |
-| PS512         | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 | RSA      | [RFC7518, Section 3.5]             |                       |
-| EdDSA         | EdDSA signature algorithms                     | OKP      | [RFC8037, Section 3.1]             |                       |
-| ES256K        | ECDSA using secp256k1 curve and SHA-256        | EC       | [RFC8812, Section 3.2]             |                       |
-| HS1           | HMAC using SHA-1                               | oct      | https://www.w3.org/TR/WebCryptoAPI | Validation Only       |
-| RS1           | RSASSA-PKCS1-v1_5 with SHA-1                   | oct      | https://www.w3.org/TR/WebCryptoAPI | Validation Only       |
-| none          | No digital signature or MAC performed          |          | [RFC7518, Section 3.6]             | Not usable by mistake |
+| Signature Alg | Description                                    | Key Type | Reference                          | Note                           |
+|---------------|------------------------------------------------|----------|------------------------------------|--------------------------------|
+| HS256         | HMAC using SHA-256                             | oct      | [RFC7518, Section 3.2]             |                                |
+| HS384         | HMAC using SHA-384                             | oct      | [RFC7518, Section 3.2]             |                                |
+| HS512         | HMAC using SHA-512                             | oct      | [RFC7518, Section 3.2]             |                                |
+| RS256         | RSASSA-PKCS1-v1_5 using SHA-256                | RSA      | [RFC7518, Section 3.3]             |                                |
+| RS384         | RSASSA-PKCS1-v1_5 using SHA-384                | RSA      | [RFC7518, Section 3.3]             |                                |
+| RS512         | RSASSA-PKCS1-v1_5 using SHA-512                | RSA      | [RFC7518, Section 3.3]             |                                |
+| ES256         | ECDSA using P-256 and SHA-256                  | EC       | [RFC7518, Section 3.4]             |                                |
+| ES384         | ECDSA using P-384 and SHA-384                  | EC       | [RFC7518, Section 3.4]             |                                |
+| ES512         | ECDSA using P-521 and SHA-512                  | EC       | [RFC7518, Section 3.4]             |                                |
+| PS256         | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 | RSA      | [RFC7518, Section 3.5]             |                                |
+| PS384         | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 | RSA      | [RFC7518, Section 3.5]             |                                |
+| PS512         | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 | RSA      | [RFC7518, Section 3.5]             |                                |
+| EdDSA         | EdDSA signature algorithms                     | OKP      | [RFC8037, Section 3.1]             | Ed2219 and Ed448 are supported |
+| ES256K        | ECDSA using secp256k1 curve and SHA-256        | EC       | [RFC8812, Section 3.2]             |                                |
+| HS1           | HMAC using SHA-1                               | oct      | https://www.w3.org/TR/WebCryptoAPI | Validation Only                |
+| RS1           | RSASSA-PKCS1-v1_5 with SHA-1                   | oct      | https://www.w3.org/TR/WebCryptoAPI | Validation Only                |
+| none          | No digital signature or MAC performed          |          | [RFC7518, Section 3.6]             | Not usable by mistake          |
 
 ### Supported Key Management algorithms
 
@@ -247,6 +248,8 @@ of mistakes.
 
 ### Safe Signature Verification
 
+As advised in [JWT Best Practices][rfc8725] $3.1:
+
 For every signature verification method in `jwskate`, the expected signature(s) algorithm(s) must be specified. That is
 to avoid a security flaw where your application accepts tokens with a weaker encryption scheme than what your security
 policy mandates; or even worse, where it accepts unsigned tokens, or tokens that are symmetrically signed with an
@@ -292,6 +295,7 @@ All cryptographic operations are handled by [cryptography](https://cryptography.
 [rfc8037]: https://www.rfc-editor.org/rfc/rfc8037.html
 [rfc8037, section 3.1]: https://www.rfc-editor.org/rfc/rfc8037.html#section-3.1
 [rfc8037, section 3.2]: https://www.rfc-editor.org/rfc/rfc8037.html#section-3.2
+[rfc8725]: https://www.rfc-editor.org/rfc/rfc8725
 [rfc8812, section 3.1]: https://www.rfc-editor.org/rfc/rfc8812.html#section-3.1
 [rfc8812, section 3.2]: https://www.rfc-editor.org/rfc/rfc8812.html#name-ecdsa-signature-with-secp25
 [rfc9278]: https://www.rfc-editor.org/rfc/rfc9278.html
diff --git a/jwskate/enums.py b/jwskate/enums.py
@@ -1,6 +1,7 @@
 """This module contains enums for the various identifiers used in JWA and JWK.
 
 See [IANA JOSE](https://www.iana.org/assignments/jose/jose.xhtml).
+
 """
 
 

diff --git a/jwskate/jwa/__init__.py b/jwskate/jwa/__init__.py
@@ -5,6 +5,7 @@
 `cryptography`.
 
 [RFC7518]: https://www.rfc-editor.org/rfc/rfc7518
+
 """
 
 from .base import (
@@ -71,6 +72,8 @@
     BaseECSignatureAlg,
     BaseHMACSigAlg,
     BaseRSASigAlg,
+    Ed448Dsa,
+    Ed25519Dsa,
     EdDsa,
 )
 
@@ -111,7 +114,9 @@
     "EcdhEs_A192KW",
     "EcdhEs_A256KW",
     "Ed25519",
+    "Ed25519Dsa",
     "Ed448",
+    "Ed448Dsa",
     "EdDsa",
     "EllipticCurve",
     "HS256",

diff --git a/jwskate/jwa/base.py b/jwskate/jwa/base.py
@@ -7,6 +7,7 @@
 
 import cryptography.exceptions
 from binapy import BinaPy
+from cryptography.hazmat.primitives import hashes
 
 
 class PrivateKeyRequired(AttributeError):
@@ -23,18 +24,19 @@ class BaseAlg:
     An algorithm has a `name` and a `description`, whose reference is found in [IANA JOSE registry][IANA].
 
     [IANA]: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
+
     """
 
     use: str
     """Alg use ('sig' or 'enc')"""
 
     name: str
-    """Technical name of the algorithm"""
+    """Technical name of the algorithm."""
     description: str
     """Description of the algorithm (human readable)"""
     read_only: bool = False
-    """For algs that are considered insecure, set to True to allow only signature verification
-       or decryption of existing data, but don't allow new signatures or encryption."""
+    """For algs that are considered insecure, set to True to allow only signature verification or decryption of existing
+    data, but don't allow new signatures or encryption."""
 
     def __repr__(self) -> str:
         """Use the name of the alg as repr."""
@@ -46,6 +48,7 @@ class BaseSymmetricAlg(BaseAlg):
 
     Args:
         key: the key to use for cryptographic operations
+
     """
 
     def __init__(self, key: bytes):
@@ -64,6 +67,7 @@ def check_key(cls, key: bytes) -> None:
 
         Returns:
           Returns `None`. Raises an exception if the key is not suitable
+
         """
         pass
 
@@ -78,6 +82,7 @@ def supports_key(cls, key: bytes) -> bool:
 
         Returns:
           `True` if the key is suitable for this alg class, `False` otherwise
+
         """
         try:
             cls.check_key(key)
@@ -98,6 +103,7 @@ class BaseAsymmetricAlg(Generic[Kpriv, Kpub], BaseAlg):
 
     Args:
         key: the key to use.
+
     """
 
     private_key_class: Union[Type[Kpriv], Tuple[Type[Kpriv], ...]]
@@ -121,31 +127,34 @@ def check_key(cls, key: Union[Kpriv, Kpub]) -> None:
 
         Raises:
             Exception: if the key is not suitable for use with this alg class
+
         """
 
     @contextmanager
     def private_key_required(self) -> Iterator[Kpriv]:
-        """A context manager that checks if this alg is initialised with a private key.
+        """Check if this alg is initialised with a private key, as a context manager.
 
         Yields:
             the private key
 
         Raises:
             PrivateKeyRequired: if the configured key is not private
+
         """
         if not isinstance(self.key, self.private_key_class):
             raise PrivateKeyRequired()
         yield self.key  # type: ignore
 
     @contextmanager
     def public_key_required(self) -> Iterator[Kpub]:
-        """A context manager that checks if this alg is initialised with a public key.
+        """Check if this alg is initialised with a public key, as a context manager.
 
         Yields:
             The public key
 
         Raises:
             PublicKeyRequired: if the configured key is private
+
         """
         if not isinstance(self.key, self.public_key_class):
             raise PublicKeyRequired()
@@ -156,6 +165,7 @@ class BaseSignatureAlg(BaseAlg):
     """Base class for signature algorithms."""
 
     use = "sig"
+    hashing_alg: hashes.HashAlgorithm
 
     def sign(self, data: Union[bytes, SupportsBytes]) -> BinaPy:
         """Sign arbitrary data, return the signature.
@@ -165,6 +175,7 @@ def sign(self, data: Union[bytes, SupportsBytes]) -> BinaPy:
 
         Returns:
           the raw signature
+
         """
         raise NotImplementedError
 
@@ -179,6 +190,7 @@ def verify(
 
         Returns:
           `True` if the signature matches, `False` otherwise.
+
         """
         raise NotImplementedError
 
@@ -201,6 +213,7 @@ def check_key(cls, key: bytes) -> None:
 
         Raises:
             ValueError: if the key is not suitable
+
         """
         if len(key) * 8 != cls.key_size:
             raise ValueError(
@@ -213,6 +226,7 @@ def generate_key(cls) -> BinaPy:
 
         Returns:
             a random AES key
+
         """
         return BinaPy.random_bits(cls.key_size)
 
@@ -222,6 +236,7 @@ def generate_iv(cls) -> BinaPy:
 
         Returns:
             a random IV
+
         """
         return BinaPy.random_bits(cls.iv_size)
 
@@ -249,6 +264,7 @@ def encrypt(
           a tuple of ciphered data and authentication tag
 
         [AEAD]: https://wikipedia.org/wiki/Authenticated_encryption
+
         """
         raise NotImplementedError
 
@@ -275,6 +291,7 @@ def decrypt(
 
         Returns:
           the deciphered data
+
         """
         raise NotImplementedError
 
@@ -284,6 +301,7 @@ def init_random_key(cls) -> BaseAESEncryptionAlg:
 
         Returns:
             a subclass of BaseAESEncryptionAlg initialized with a randomly generated key
+
         """
         return cls(cls.generate_key())