feat(EdDSA): Accept EdDSA as algorithm header

jwt · Sep 29, 2021 · ffad2de · ffad2de
1 parent 1a4e401
commit ffad2de
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 7 deletions.
diff --git a/lib/jwt/algos/eddsa.rb b/lib/jwt/algos/eddsa.rb
@@ -3,18 +3,25 @@ module Algos
     module Eddsa
       module_function
 
-      SUPPORTED = %w[ED25519].freeze
+      SUPPORTED = %w[ED25519 EdDSA].freeze
 
       def sign(to_sign)
         algorithm, msg, key = to_sign.values
-        raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey" if key.class != RbNaCl::Signatures::Ed25519::SigningKey
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"  if algorithm.downcase.to_sym != key.primitive
+        if key.class != RbNaCl::Signatures::Ed25519::SigningKey
+          raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey"
+        end
+        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
+        end
+
         key.sign(msg)
       end
 
       def verify(to_verify)
         algorithm, public_key, signing_input, signature = to_verify.values
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{public_key.primitive} verification key was provided" if algorithm.downcase.to_sym != public_key.primitive
+        unless SUPPORTED.map(&:downcase).map(&:to_sym).include?(algorithm.downcase.to_sym)
+          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"
+        end
         raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
         public_key.verify(signature, signing_input)
       end

diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
@@ -34,9 +34,13 @@
     }
 
     if defined?(RbNaCl)
+      ed25519_private = RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF')
+      ed25519_public =  ed25519_private.verify_key
       data.merge!(
-        'ED25519_private' =>  RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF'),
-        'ED25519_public' => RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF').verify_key,
+        'ED25519_private' =>  ed25519_private,
+        'ED25519_public' => ed25519_public,
+        'EdDSA_private' =>  ed25519_private,
+        'EdDSA_public' => ed25519_public,
       )
     end
     data
@@ -188,7 +192,7 @@
   end
 
   if defined?(RbNaCl)
-    %w[ED25519].each do |alg|
+    %w[ED25519 EdDSA].each do |alg|
       context "alg: #{alg}" do
         before(:each) do
           data[alg] = JWT.encode payload, data["#{alg}_private"], alg