├── .github
    ├── FUNDING.yml
    ├── PULL_REQUEST_TEMPLATE.md
    └── CONTRIBUTING.md
├── README.md
├── composer.json
├── LICENSE
└── EdDSA.php


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | patreon: FlorentMorselli
2 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not submit any Pull Requests here. It will be automatically closed.
2 | 
3 | You should submit it here: https://github.com/web-token/jwt-framework/pulls
4 | 


--------------------------------------------------------------------------------
/.github/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Contributing
2 | 
3 | This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY. 
4 | Please do not submit any Pull Requests here. It will be automatically closed.
5 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | EdDSA Based Signature Algorithms For JWT-Framework
 2 | ==================================================
 3 | 
 4 | This repository is a sub repository of [the JWT Framework](https://github.com/web-token/jwt-framework) project and is READ ONLY.
 5 | 
 6 | **Please do not submit any Pull Request here.**
 7 | You should go to [the main repository](https://github.com/web-token/jwt-framework) instead.
 8 | 
 9 | # Documentation
10 | 
11 | The official documentation is available as https://web-token.spomky-labs.com/ 
12 | 
13 | # Licence
14 | 
15 | This software is release under [MIT licence](LICENSE).
16 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "web-token/jwt-signature-algorithm-eddsa",
 3 |     "description": "EdDSA Signature Algorithm the JWT Framework.",
 4 |     "type": "library",
 5 |     "license": "MIT",
 6 |     "keywords": ["JWS", "JWT", "JWE", "JWA", "JWK", "JWKSet", "Jot", "Jose", "RFC7515", "RFC7516", "RFC7517", "RFC7518", "RFC7519", "RFC7520", "Bundle", "Symfony"],
 7 |     "homepage": "https://github.com/web-token",
 8 |     "authors": [
 9 |         {
10 |             "name": "Florent Morselli",
11 |             "homepage": "https://github.com/Spomky"
12 |         },{
13 |             "name": "All contributors",
14 |             "homepage": "https://github.com/web-token/jwt-framework/contributors"
15 |         }
16 |     ],
17 |     "autoload": {
18 |         "psr-4": {
19 |             "Jose\\Component\\Signature\\Algorithm\\":  ""
20 |         }
21 |     },
22 |     "require": {
23 |         "php": ">=8.1",
24 |         "ext-sodium": "*",
25 |         "web-token/jwt-signature": "^3.0"
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2014-2019 Spomky-Labs
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/EdDSA.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | declare(strict_types=1);
 4 | 
 5 | namespace Jose\Component\Signature\Algorithm;
 6 | 
 7 | use function extension_loaded;
 8 | use function in_array;
 9 | use InvalidArgumentException;
10 | use function is_string;
11 | use Jose\Component\Core\JWK;
12 | use ParagonIE\ConstantTime\Base64UrlSafe;
13 | use RuntimeException;
14 | 
15 | final class EdDSA implements SignatureAlgorithm
16 | {
17 |     public function __construct()
18 |     {
19 |         if (! extension_loaded('sodium')) {
20 |             throw new RuntimeException('The extension "sodium" is not available. Please install it to use this method');
21 |         }
22 |     }
23 | 
24 |     public function allowedKeyTypes(): array
25 |     {
26 |         return ['OKP'];
27 |     }
28 | 
29 |     public function sign(JWK $key, string $input): string
30 |     {
31 |         $this->checkKey($key);
32 |         if (! $key->has('d')) {
33 |             throw new InvalidArgumentException('The EC key is not private');
34 |         }
35 |         $x = $key->get('x');
36 |         if (! is_string($x)) {
37 |             throw new InvalidArgumentException('Invalid "x" parameter.');
38 |         }
39 |         $d = $key->get('d');
40 |         if (! is_string($d)) {
41 |             throw new InvalidArgumentException('Invalid "d" parameter.');
42 |         }
43 |         $x = Base64UrlSafe::decode($x);
44 |         $d = Base64UrlSafe::decode($d);
45 |         $secret = $d . $x;
46 | 
47 |         return match ($key->get('crv')) {
48 |             'Ed25519' => sodium_crypto_sign_detached($input, $secret),
49 |             default => throw new InvalidArgumentException('Unsupported curve'),
50 |         };
51 |     }
52 | 
53 |     public function verify(JWK $key, string $input, string $signature): bool
54 |     {
55 |         $this->checkKey($key);
56 |         $x = $key->get('x');
57 |         if (! is_string($x)) {
58 |             throw new InvalidArgumentException('Invalid "x" parameter.');
59 |         }
60 | 
61 |         $public = Base64UrlSafe::decode($x);
62 | 
63 |         return match ($key->get('crv')) {
64 |             'Ed25519' => sodium_crypto_sign_verify_detached($signature, $input, $public),
65 |             default => throw new InvalidArgumentException('Unsupported curve'),
66 |         };
67 |     }
68 | 
69 |     public function name(): string
70 |     {
71 |         return 'EdDSA';
72 |     }
73 | 
74 |     private function checkKey(JWK $key): void
75 |     {
76 |         if (! in_array($key->get('kty'), $this->allowedKeyTypes(), true)) {
77 |             throw new InvalidArgumentException('Wrong key type.');
78 |         }
79 |         foreach (['x', 'crv'] as $k) {
80 |             if (! $key->has($k)) {
81 |                 throw new InvalidArgumentException(sprintf('The key parameter "%s" is missing.', $k));
82 |             }
83 |         }
84 |         if ($key->get('crv') !== 'Ed25519') {
85 |             throw new InvalidArgumentException('Unsupported curve.');
86 |         }
87 |     }
88 | }
89 | 


--------------------------------------------------------------------------------