Support for ED25519

[ab320012]

Added support + tests, readme section for eddsa algo ed25519
#217

[sourcelevel-bot]

Hello, @ab320012! This is your first Pull Request that will be reviewed by Ebert, an automatic Code Review service. It will leave comments on this diff with potential issues and style violations found in the code as you push new commits. You can also see all the issues found on this Pull Request on its review page. Please check our documentation for more information.

[sourcelevel-bot]

Trailing whitespace detected.

[sourcelevel-bot]

Trailing whitespace detected.

[sourcelevel-bot]

Space missing after comma.

[sourcelevel-bot]

%w-literals should be delimited by ( and ).

[sourcelevel-bot]

Use empty lines between method definitions.

[sourcelevel-bot]

Use empty lines between method definitions.

[sourcelevel-bot]

Align elsif with if.

[sourcelevel-bot]

JWT::Signature takes parameters ['algorithm', 'public_key', 'signature', 'signing_input'] to 3 methods

Read more about it here.

[sourcelevel-bot]

%w-literals should be delimited by ( and ).

[sourcelevel-bot]

JWT::Signature takes parameters ['algorithm', 'public_key', 'signature', 'signing_input'] to 3 methods

Read more about it here.

[sourcelevel-bot]

Ebert has finished reviewing this Pull Request and has found:

• 6 possible new issues (including those that may have been commented here).

You can see more details about this review at https://ebertapp.io/github/jwt/ruby-jwt/pulls/229.

[ab320012]

method length + complexity for verify and arity of sign + verify eddsa methods follow the surrounding code convention. I can probably fix these but would have to modify existing code, let me know if this is ok

Here is a snippet to remove longevity of if statements that doesn't modify the code base much at all.

    ALGOS = [
      {name: :hmac, types: %(HS256 HS512256 HS384 HS512).freeze },
      {name: :rsa, types: %w(RS256 RS384 RS512).freeze }, 
      {name: :ecdsa, types: %w(ES256 ES384 ES512).freeze },
      {name: :eddsa, types: %w(ED25519).freeze }
    ]
    def sign(algorithm, msg, key)
      algo= ALGOS.find{|algo| 
        algo[:types].include? algorithm
      }
      raise NotImplementedError, 'Unsupported signing method'  if algo.nil? 
      self.send("sign_#{algo[:name]}", algorithm, msg, key) 
    end

    def verify(algorithm, key, signing_input, signature)
      algo= ALGOS.find{|algo|
        algo[:types].include? algorithm 
      }
      raise JWT::VerificationError, 'Algorithm not supported' if algo.nil?  
      verified = self.send("verify_#{algo[:name]}", algorithm, key, signing_input, signature)
      raise JWT::VerificationError, 'Signature verification raised' unless verified 
    end

[excpt]

@ab320012 Thank you for the PR!

Refactoring the code to reduce the arity and other code smells should happen in a different PR. Don't do it in this PR.

Reviewing you code now.

[ab320012]

@excpt Thanks, will add that one after this one closes. Wondering if class based solution will make more sense.

# lib/jwt/algos/hmac.rb
class Hmac
   # other classes same structure: ecdsa, eddsa, rsa
  TYPES= %w(HS256 HS512256 HS384 HS512).freeze 
 def initialize; end 
 def sign (signing_input); end
 def verify(verifying_input); end 
end

# signing_input and verifying_input will be refactored into a struct 

#lib/signature.rb 
Signed = Struct.new(:algo, :key, :msg) 
Verified = Struct.new(:algorithm, :public_key, :signing_input, :signature)

Let me know if something like this is ok with you for next PR

[excpt]

@ab320012 That's the way to go. Most important: the two signatures of the main methods JWT.encode and JWT.decode need to stay the same. Everything else is code behind and that should not break anything for the users.