From 49a4ea0caba0288275ccb6830ab08eb8e9876fa0 Mon Sep 17 00:00:00 2001 From: Ben Collins Date: Tue, 3 Dec 2024 12:14:31 -0500 Subject: [PATCH] Confirmed LibJWT encoded EDDSA keys can be decoded by ruby-jwt Included test script Signed-off-by: Ben Collins --- tests/jwt_eddsa.c | 7 ++---- ...5519-pub.pem => eddsa_key_ed25519-pub.pem} | 0 ...key_edd25519.pem => eddsa_key_ed25519.pem} | 0 tests/misc/ruby-eddsa.rb | 22 +++++++++++++++++++ 4 files changed, 24 insertions(+), 5 deletions(-) rename tests/keys/{eddsa_key_edd25519-pub.pem => eddsa_key_ed25519-pub.pem} (100%) rename tests/keys/{eddsa_key_edd25519.pem => eddsa_key_ed25519.pem} (100%) create mode 100755 tests/misc/ruby-eddsa.rb diff --git a/tests/jwt_eddsa.c b/tests/jwt_eddsa.c index d1e66e0b..2aaf9ff2 100644 --- a/tests/jwt_eddsa.c +++ b/tests/jwt_eddsa.c @@ -33,9 +33,6 @@ static unsigned char key[16384]; static size_t key_len; -/* NOTE: EdDSA signing will generate a different signature every time, so can't - * be simply string compared for verification like we do with RS. */ - static const char jwt_eddsa[] = "eyJhbGciOiJFRERTQSIsInR5cCI6IkpXVCJ9.eyJpYX" "QiOjE0NzU5ODA1NDUsImlzcyI6ImZpbGVzLm1hY2xhcmEtbGxjLmNvbSIsInJlZiI6I" "lhYWFgtWVlZWS1aWlpaLUFBQUEtQ0NDQyIsInN1YiI6InVzZXIwIn0.19ip2DFFjaZ_" @@ -118,13 +115,13 @@ static void __test_alg_key(const jwt_alg_t alg, const char *file, const char *pu START_TEST(test_jwt_encode_eddsa) { - __test_alg_key(JWT_ALG_EDDSA, "eddsa_key_edd25519.pem", "eddsa_key_edd25519-pub.pem"); + __test_alg_key(JWT_ALG_EDDSA, "eddsa_key_ed25519.pem", "eddsa_key_ed25519-pub.pem"); } END_TEST START_TEST(test_jwt_verify_eddsa) { - __verify_jwt(jwt_eddsa, JWT_ALG_EDDSA, "eddsa_key_edd25519-pub.pem"); + __verify_jwt(jwt_eddsa, JWT_ALG_EDDSA, "eddsa_key_ed25519-pub.pem"); } END_TEST diff --git a/tests/keys/eddsa_key_edd25519-pub.pem b/tests/keys/eddsa_key_ed25519-pub.pem similarity index 100% rename from tests/keys/eddsa_key_edd25519-pub.pem rename to tests/keys/eddsa_key_ed25519-pub.pem diff --git a/tests/keys/eddsa_key_edd25519.pem b/tests/keys/eddsa_key_ed25519.pem similarity index 100% rename from tests/keys/eddsa_key_edd25519.pem rename to tests/keys/eddsa_key_ed25519.pem diff --git a/tests/misc/ruby-eddsa.rb b/tests/misc/ruby-eddsa.rb new file mode 100755 index 00000000..246b79a4 --- /dev/null +++ b/tests/misc/ruby-eddsa.rb @@ -0,0 +1,22 @@ +#!/usr/bin/env ruby + +# gem install jwt-eddsa +require "jwt/eddsa" + +# EDDSA Token generated by LibJWT +# Key generated by OpenSSL (keys/eddsa_key_ed25519-pub.pem) +# The pub key was converted to 32-bytes with some openssl and CLI magic + +token = "eyJhbGciOiJFRERTQSIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0NzU5ODA1NDUsImlzc" + + "yI6ImZpbGVzLm1hY2xhcmEtbGxjLmNvbSIsInJlZiI6IlhYWFgtWVlZWS1aWlpaLUF" + + "BQUEtQ0NDQyIsInN1YiI6InVzZXIwIn0.19ip2DFFjaZ_UFVCo0OtdwuzSmOYModle" + + "JVeFcAjb_4hrAAf0pZSf8O78pivbXLJenEIsaZ9REFOauBeDxbTBw" + +pub_key = "\x1d\x48\xfe\xd7\x89\x0d\xe8\xde\x22\xe6\xa3\x55\x91\xf1\x21\xc0" + + "\xa8\x82\x7f\xeb\x52\xae\xf4\x47\xb2\xd4\x1d\xb5\x5f\x1a\xe5\x03" + +verify_key = Ed25519::VerifyKey.new(pub_key) + +payload, header = JWT.decode(token, verify_key, true, algorithm: "EdDSA") +puts payload +puts header