Skip to content
This repository has been archived by the owner on Dec 12, 2024. It is now read-only.

temporary fix to use the Ed25519 type #521

Merged
merged 1 commit into from
Apr 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions credential/integrity/jwt.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,13 @@ func SignVerifiableCredentialJWT(signer jwx.Signer, cred credential.VerifiableCr
return nil, errors.Wrap(err, "setting KID protected header")
}
}
signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(signer.ALG), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))

// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
alg := signer.ALG
if alg == "Ed25519" {
alg = jwa.EdDSA.String()
}
signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(alg), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
if err != nil {
return nil, errors.Wrap(err, "signing JWT credential")
}
Expand Down Expand Up @@ -271,7 +277,12 @@ func SignVerifiablePresentationJWT(signer jwx.Signer, parameters *JWTVVPParamete
return nil, errors.Wrap(err, "setting KID protected header")
}
}
signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(signer.ALG), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
alg := signer.ALG
if alg == "Ed25519" {
alg = jwa.EdDSA.String()
}
signed, err := jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(alg), signer.PrivateKey, jws.WithProtectedHeaders(hdrs)))
if err != nil {
return nil, errors.Wrap(err, "signing JWT presentation")
}
Expand Down
6 changes: 5 additions & 1 deletion crypto/jwx/jwk.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,13 @@ func (k *PrivateKeyJWK) ToPrivateKey() (gocrypto.PrivateKey, error) {
if err != nil {
return nil, errors.Wrap(err, "getting alg from key and curve")
}
// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
if alg == jwa.Ed25519.String() {
alg = jwa.EdDSA.String()
}
k.ALG = alg
}
if IsSupportedJWXSigningVerificationAlgorithm(k.ALG) || IsSupportedKeyAgreementType(k.ALG) {
if IsSupportedJWXSigningVerificationAlgorithm(k.ALG) || IsSupportedKeyAgreementType(k.CRV) {
return k.toSupportedPrivateKey()
}
if IsExperimentalJWXSigningVerificationAlgorithm(k.ALG) {
Expand Down
25 changes: 21 additions & 4 deletions crypto/jwx/jwt.go
Original file line number Diff line number Diff line change
Expand Up @@ -179,12 +179,23 @@ func (s *Signer) SignWithDefaults(kvs map[string]any) ([]byte, error) {
return nil, errors.Wrap(err, "setting KID protected header")
}
}
return jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(s.ALG), s.PrivateKey, jws.WithProtectedHeaders(hdrs)))

// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
alg := s.ALG
if alg == "Ed25519" {
alg = jwa.EdDSA.String()
}
return jwt.Sign(t, jwt.WithKey(jwa.SignatureAlgorithm(alg), s.PrivateKey, jws.WithProtectedHeaders(hdrs)))
}

// Verify parses a token given the verifier's known algorithm and key, and returns an error, which is nil upon success
func (v *Verifier) Verify(token string) error {
if _, err := jwt.Parse([]byte(token), jwt.WithKey(jwa.SignatureAlgorithm(v.ALG), v.publicKey)); err != nil {
alg := jwa.SignatureAlgorithm(v.ALG)
// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
if alg == "Ed25519" {
alg = jwa.EdDSA
}
if _, err := jwt.Parse([]byte(token), jwt.WithKey(alg, v.publicKey)); err != nil {
return errors.Wrap(err, "verifying JWT")
}
return nil
Expand All @@ -205,7 +216,12 @@ func (*Verifier) Parse(token string) (jws.Headers, jwt.Token, error) {

// VerifyAndParse attempts to turn a string into a jwt.Token and verify its signature using the verifier
func (v *Verifier) VerifyAndParse(token string) (jws.Headers, jwt.Token, error) {
parsed, err := jwt.Parse([]byte(token), jwt.WithKey(jwa.SignatureAlgorithm(v.ALG), v.publicKey))
alg := jwa.SignatureAlgorithm(v.ALG)
// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
if alg == "Ed25519" {
alg = jwa.EdDSA
}
parsed, err := jwt.Parse([]byte(token), jwt.WithKey(alg, v.publicKey))
if err != nil {
return nil, nil, errors.Wrap(err, "parsing and verifying JWT")
}
Expand Down Expand Up @@ -235,7 +251,7 @@ func AlgFromKeyAndCurve(kty, crv string) (string, error) {
case jwa.X25519.String():
return jwa.X25519.String(), nil
case jwa.Ed25519.String():
return jwa.EdDSA.String(), nil
return jwa.Ed25519.String(), nil
default:
return "", fmt.Errorf("unsupported OKP jwt curve: %s", curve)
}
Expand Down Expand Up @@ -277,6 +293,7 @@ func GetSupportedJWXSigningVerificationAlgorithms() []string {
jwa.ES384.String(),
jwa.ES512.String(),
jwa.EdDSA.String(),
jwa.Ed25519.String(),
}
}

Expand Down
14 changes: 12 additions & 2 deletions cryptosuite/jws2020/jsonwebkey2020.go
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,12 @@ func (s *JSONWebKeySigner) Sign(tbs []byte) ([]byte, error) {
if err := headers.Set(jws.CriticalKey, []string{b64}); err != nil {
return nil, err
}
return jws.Sign(nil, jws.WithKey(jwa.SignatureAlgorithm(s.ALG), s.PrivateKey), jws.WithHeaders(headers), jws.WithDetachedPayload(tbs))
// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
alg := s.ALG
if alg == "Ed25519" {
alg = jwa.EdDSA.String()
}
return jws.Sign(nil, jws.WithKey(jwa.SignatureAlgorithm(alg), s.PrivateKey), jws.WithHeaders(headers), jws.WithDetachedPayload(tbs))
}

func (s *JSONWebKeySigner) GetKeyID() string {
Expand Down Expand Up @@ -238,7 +243,12 @@ func (v JSONWebKeyVerifier) Verify(message, signature []byte) error {
if err != nil {
return errors.Wrap(err, "getting public key")
}
_, err = jws.Verify(signature, jws.WithKey(jwa.SignatureAlgorithm(v.ALG), pubKey), jws.WithDetachedPayload(message))
// Ed25519 is not supported by the jwx library yet https://github.com/TBD54566975/ssi-sdk/issues/520
alg := v.ALG
if alg == "Ed25519" {
alg = jwa.EdDSA.String()
}
_, err = jws.Verify(signature, jws.WithKey(jwa.SignatureAlgorithm(alg), pubKey), jws.WithDetachedPayload(message))
return err
}

Expand Down
6 changes: 6 additions & 0 deletions go.work.sum
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 h1:RBkacARv7qY5laaXGlF4wFB/tk5rnthhPb8oIBGoagY=
github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8/go.mod h1:9PdLyPiZIiW3UopXyRnPYyjUXSpiQNHRLu8fOsR3o8M=
github.com/tidwall/gjson v1.6.7 h1:Mb1M9HZCRWEcXQ8ieJo7auYyyiSux6w9XN3AdTpxJrE=
Expand Down Expand Up @@ -241,14 +242,18 @@ golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9t
golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
Expand All @@ -268,6 +273,7 @@ golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
Expand Down
Loading