feat(jwa): add Ed25519 and Ed448 algorithms for JWS

lepture · lepture · commit 9e27449f4d31 · 2025-11-26T12:49:41.000+09:00
#76
diff --git a/src/joserfc/_rfc8037/jws_eddsa.py b/src/joserfc/_rfc8037/jws_eddsa.py
@@ -1,6 +1,7 @@
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey, Ed25519PrivateKey
 from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey, Ed448PrivateKey
+from ..errors import InvalidKeyTypeError
 from .._rfc7515.model import JWSAlgModel
 from .okp_key import OKPKey
 
@@ -9,15 +10,18 @@ class EdDSAAlgorithm(JWSAlgModel):
     name = "EdDSA"
     description = "Edwards-curve Digital Signature Algorithm for JWS"
     key_type = "OKP"
+    security_warning = "EdDSA is deprecated via RFC 9864"
 
     def sign(self, msg: bytes, key: OKPKey) -> bytes:
         op_key = key.get_op_key("sign")
-        assert isinstance(op_key, (Ed25519PrivateKey, Ed448PrivateKey))
+        if not isinstance(op_key, (Ed25519PrivateKey, Ed448PrivateKey)):
+            raise InvalidKeyTypeError(f"Algorithm '{self.name}' requires 'Ed25519' and 'Ed448' OKP key")
         return op_key.sign(msg)
 
     def verify(self, msg: bytes, sig: bytes, key: OKPKey) -> bool:
         op_key = key.get_op_key("verify")
-        assert isinstance(op_key, (Ed25519PublicKey, Ed448PublicKey))
+        if not isinstance(op_key, (Ed25519PublicKey, Ed448PublicKey)):
+            raise InvalidKeyTypeError(f"Algorithm '{self.name}' requires 'Ed25519' and 'Ed448' OKP key")
         try:
             op_key.verify(sig, msg)
             return True
diff --git a/src/joserfc/_rfc9864/__init__.py b/src/joserfc/_rfc9864/__init__.py
@@ -0,0 +1,8 @@
+from .jws_eddsa import JWS_ALGORITHMS, Ed25519, Ed448
+
+
+__all__ = [
+    "JWS_ALGORITHMS",
+    "Ed25519",
+    "Ed448",
+]
diff --git a/src/joserfc/_rfc9864/jws_eddsa.py b/src/joserfc/_rfc9864/jws_eddsa.py
@@ -0,0 +1,43 @@
+import typing as t
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey, Ed25519PrivateKey
+from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey, Ed448PrivateKey
+from ..errors import InvalidKeyTypeError
+from .._rfc7515.model import JWSAlgModel
+from .._rfc8037.okp_key import OKPKey
+
+
+_private_key_mapping = {"Ed25519": Ed25519PrivateKey, "Ed448": Ed448PrivateKey}
+_public_key_mapping = {"Ed25519": Ed25519PublicKey, "Ed448": Ed448PublicKey}
+
+
+class EdDSAAlgorithm(JWSAlgModel):
+    key_type = "OKP"
+
+    def __init__(self, curve: t.Literal["Ed25519", "Ed448"]):
+        self.name = curve
+        self.description = f"EdDSA using the {curve} parameter set"
+
+    def sign(self, msg: bytes, key: OKPKey) -> bytes:
+        op_key = t.cast(t.Union[Ed25519PrivateKey, Ed448PrivateKey], key.get_op_key("sign"))
+        private_key_cls = _private_key_mapping[self.name]
+        if not isinstance(op_key, private_key_cls):
+            raise InvalidKeyTypeError(f"Algorithm '{self.name}' requires '{self.name}' OKP key")
+        return op_key.sign(msg)
+
+    def verify(self, msg: bytes, sig: bytes, key: OKPKey) -> bool:
+        op_key = t.cast(t.Union[Ed25519PublicKey, Ed448PublicKey], key.get_op_key("verify"))
+        public_key_cls = _public_key_mapping[self.name]
+        if not isinstance(op_key, public_key_cls):
+            raise InvalidKeyTypeError(f"Algorithm '{self.name}' requires '{self.name}' OKP key")
+        try:
+            op_key.verify(sig, msg)
+            return True
+        except InvalidSignature:
+            return False
+
+
+Ed25519 = EdDSAAlgorithm("Ed25519")
+Ed448 = EdDSAAlgorithm("Ed448")
+
+JWS_ALGORITHMS: list[EdDSAAlgorithm] = [Ed25519, Ed448]
diff --git a/src/joserfc/jwa.py b/src/joserfc/jwa.py
@@ -16,7 +16,7 @@
     RSAAlgorithm,
     ESAlgorithm,
     RSAPSSAlgorithm,
-    JWS_ALGORITHMS as _JWS_ALGORITHMS,
+    JWS_ALGORITHMS as RFC7518_JWS_ALGORITHMS,
 )
 from ._rfc7518.jwe_algs import (
     DirectAlgEncryption,
@@ -37,6 +37,7 @@
 )
 from ._rfc8037.jws_eddsa import EdDSA, EdDSAAlgorithm
 from ._rfc8812 import ES256K
+from ._rfc9864 import JWS_ALGORITHMS as RFC9864_JWS_ALGORITHMS
 from ._keys import KeySet
 
 __all__ = [
@@ -74,9 +75,10 @@
 ]
 
 JWS_ALGORITHMS = [
-    *_JWS_ALGORITHMS,
+    *RFC7518_JWS_ALGORITHMS,
     EdDSA,
     ES256K,
+    *RFC9864_JWS_ALGORITHMS,
 ]
 
 
diff --git a/tests/jws/test_eddsa.py b/tests/jws/test_eddsa.py
@@ -0,0 +1,41 @@
+import typing as t
+from unittest import TestCase
+from joserfc import jwt
+from joserfc.jwk import OKPKey
+from joserfc.errors import InvalidKeyTypeError, BadSignatureError
+from tests.base import load_key
+
+
+class TestEdDSA(TestCase):
+    x25519_key = t.cast(OKPKey, load_key("okp-x25519-alice.json"))
+    ed25519_key = t.cast(OKPKey, load_key("okp-ed25519-private.json"))
+    ed448_key = t.cast(OKPKey, load_key("okp-ed448-private.pem"))
+
+    def test_EdDSA(self):
+        algorithms = ["EdDSA"]
+        encoded_jwt = jwt.encode({"alg": "EdDSA"}, {}, self.ed25519_key, algorithms=algorithms)
+        jwt.decode(encoded_jwt, self.ed25519_key, algorithms=algorithms)
+        self.assertRaises(InvalidKeyTypeError, jwt.decode, encoded_jwt, self.x25519_key, algorithms=algorithms)
+        self.assertRaises(InvalidKeyTypeError, jwt.encode, {"alg": "EdDSA"}, {}, self.x25519_key, algorithms=algorithms)
+
+    def test_Ed25519(self):
+        algorithms = ["Ed25519"]
+        encoded_jwt = jwt.encode({"alg": "Ed25519"}, {}, self.ed25519_key, algorithms=algorithms)
+        jwt.decode(encoded_jwt, self.ed25519_key, algorithms=algorithms)
+        self.assertRaises(
+            InvalidKeyTypeError, jwt.encode, {"alg": "Ed25519"}, {}, self.ed448_key, algorithms=algorithms
+        )
+        self.assertRaises(InvalidKeyTypeError, jwt.decode, encoded_jwt, self.ed448_key, algorithms=algorithms)
+        wrong_key = OKPKey.generate_key("Ed25519", private=False)
+        self.assertRaises(BadSignatureError, jwt.decode, encoded_jwt, wrong_key, algorithms=algorithms)
+
+    def test_Ed448(self):
+        algorithms = ["Ed448"]
+        encoded_jwt = jwt.encode({"alg": "Ed448"}, {}, self.ed448_key, algorithms=algorithms)
+        jwt.decode(encoded_jwt, self.ed448_key, algorithms=algorithms)
+        self.assertRaises(
+            InvalidKeyTypeError, jwt.encode, {"alg": "Ed448"}, {}, self.ed25519_key, algorithms=algorithms
+        )
+        self.assertRaises(InvalidKeyTypeError, jwt.decode, encoded_jwt, self.ed25519_key, algorithms=algorithms)
+        wrong_key = OKPKey.generate_key("Ed448", private=False)
+        self.assertRaises(BadSignatureError, jwt.decode, encoded_jwt, wrong_key, algorithms=algorithms)

Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`RSAAlgorithm,`
`17`	`17`	`ESAlgorithm,`
`18`	`18`	`RSAPSSAlgorithm,`
`19`		`- JWS_ALGORITHMS as _JWS_ALGORITHMS,`
	`19`	`+ JWS_ALGORITHMS as RFC7518_JWS_ALGORITHMS,`
`20`	`20`	`)`
`21`	`21`	`from ._rfc7518.jwe_algs import (`
`22`	`22`	`DirectAlgEncryption,`
`@@ -37,6 +37,7 @@`
`37`	`37`	`)`
`38`	`38`	`from ._rfc8037.jws_eddsa import EdDSA, EdDSAAlgorithm`
`39`	`39`	`from ._rfc8812 import ES256K`
	`40`	`+from ._rfc9864 import JWS_ALGORITHMS as RFC9864_JWS_ALGORITHMS`
`40`	`41`	`from ._keys import KeySet`
`41`	`42`
`42`	`43`	`__all__ = [`
`@@ -74,9 +75,10 @@`
`74`	`75`	`]`
`75`	`76`
`76`	`77`	`JWS_ALGORITHMS = [`
`77`		`- *_JWS_ALGORITHMS,`
	`78`	`+ *RFC7518_JWS_ALGORITHMS,`
`78`	`79`	`EdDSA,`
`79`	`80`	`ES256K,`
	`81`	`+ *RFC9864_JWS_ALGORITHMS,`
`80`	`82`	`]`
`81`	`83`
`82`	`84`