feat: support the Ed25519 JWS Algorithm Identifier

Author: panva

package.json

@@ -13,6 +13,7 @@
     "detached",
     "ec",
     "ecdsa",
+    "ed25519",
     "eddsa",
     "edge",
     "electron",

src/jwks/local.ts

@@ -94,7 +94,7 @@ class LocalJWKSet {
       }
 
       // filter out non-applicable OKP Sub Types
-      if (candidate && alg === 'EdDSA') {
+      if (candidate && (alg === 'EdDSA' || alg === 'Ed25519')) {
         candidate = jwk.crv === 'Ed25519'
       }
 

src/key/generate_key_pair.ts

@@ -125,6 +125,7 @@ export async function generateKeyPair(
       algorithm = { name: 'ECDSA', namedCurve: 'P-521' }
       keyUsages = ['sign', 'verify']
       break
+    case 'Ed25519': // Fall through
     case 'EdDSA': {
       keyUsages = ['sign', 'verify']
       algorithm = { name: 'Ed25519' }

src/lib/asn1.ts

@@ -129,6 +129,7 @@ const genericImport = async (
       keyUsages = isPublic ? [] : ['deriveBits']
       break
     }
+    case 'Ed25519': // Fall through
     case 'EdDSA':
       algorithm = { name: 'Ed25519' }
       keyUsages = isPublic ? ['verify'] : ['sign']

src/lib/crypto_key.ts

@@ -66,6 +66,7 @@ export function checkSigCryptoKey(key: types.CryptoKey, alg: string, usage: KeyU
       if (actual !== expected) throw unusable(`SHA-${expected}`, 'algorithm.hash')
       break
     }
+    case 'Ed25519': // Fall through
     case 'EdDSA': {
       if (!isAlgorithm(key.algorithm, 'Ed25519')) throw unusable('Ed25519')
       break

src/lib/jwk_to_key.ts

@@ -66,6 +66,7 @@ function subtleMapping(jwk: types.JWK): {
     }
     case 'OKP': {
       switch (jwk.alg) {
+        case 'Ed25519': // Fall through
         case 'EdDSA':
           algorithm = { name: 'Ed25519' }
           keyUsages = jwk.d ? ['sign'] : ['verify']

src/lib/normalize_key.ts

@@ -73,7 +73,7 @@ const handleKeyObject = (keyObject: ConvertableKeyObject, alg: string) => {
   }
 
   if (keyObject.asymmetricKeyType === 'ed25519') {
-    if (alg !== 'EdDSA') {
+    if (alg !== 'EdDSA' && alg !== 'Ed25519') {
       throw new TypeError('TODO')
     }
 

src/lib/subtle_dsa.ts

@@ -19,6 +19,7 @@ export default (alg: string, algorithm: KeyAlgorithm | EcKeyAlgorithm) => {
     case 'ES384':
     case 'ES512':
       return { hash, name: 'ECDSA', namedCurve: (algorithm as EcKeyAlgorithm).namedCurve }
+    case 'Ed25519': // Fall through
     case 'EdDSA':
       return { name: 'Ed25519' }
     default:

tap/jwk.ts

@@ -28,6 +28,7 @@ export default (
           env.isEdgeRuntime ||
           (env.isGecko && env.isBrowserVersionAtLeast(130)),
     ],
+    ['Ed25519', KEYS.Ed25519.jwk, !env.isBlink],
     ['EdDSA', KEYS.Ed25519.jwk, !env.isBlink],
     ['ES256', KEYS.P256.jwk, true],
     ['ES384', KEYS.P384.jwk, true],

tap/jws.ts

@@ -13,6 +13,7 @@ export default (
 
   type Vector = [string, boolean] | [string, boolean, jose.GenerateKeyPairOptions]
   const algorithms: Vector[] = [
+    ['Ed25519', !env.isBlink],
     ['EdDSA', !env.isBlink],
     ['ES256', true],
     ['ES384', true],

tap/keyobject-stub.ts

@@ -87,15 +87,9 @@ const stub: Pick<
         return generate('ec', { namedCurve: 'P-384' })
       case 'ES512':
         return generate('ec', { namedCurve: 'P-521' })
-      case 'EdDSA': {
-        switch (options?.crv) {
-          case undefined:
-          case 'Ed25519':
-            return generate('ed25519')
-          default:
-            throw new Error('unreachable')
-        }
-      }
+      case 'Ed25519': // Fall through
+      case 'EdDSA':
+        return generate('ed25519')
       case 'ECDH-ES':
       case 'ECDH-ES+A128KW':
       case 'ECDH-ES+A192KW':

tap/pem.ts

@@ -85,6 +85,9 @@ export default (
         env.isEdgeRuntime ||
         (env.isGecko && env.isBrowserVersionAtLeast(130)),
     ],
+    ['Ed25519', KEYS.Ed25519.pkcs8, !env.isBlink],
+    ['Ed25519', KEYS.Ed25519.spki, !env.isBlink],
+    ['Ed25519', KEYS.Ed25519.x509, !env.isBlink],
     [['EdDSA', 'Ed25519'], KEYS.Ed25519.pkcs8, !env.isBlink],
     [['EdDSA', 'Ed25519'], KEYS.Ed25519.spki, !env.isBlink],
     [['EdDSA', 'Ed25519'], KEYS.Ed25519.x509, !env.isBlink],