feat: add EdDSA support (#2782)

cmd/keys_create.go

@@ -33,7 +33,7 @@ func NewKeysCreateCmd() *cobra.Command {
 		Short: "Create a new JSON Web Key Set",
 		Run:   cli.NewHandler().Keys.CreateKeys,
 	}
-	cmd.Flags().StringP("alg", "a", "RS256", "The algorithm to be used to generated they key. Supports: RS256, ES512, HS256")
+	cmd.Flags().StringP("alg", "a", "RS256", "The algorithm to be used to generated they key. Supports: RS256, ES512, HS256, EdDSA")
 	cmd.Flags().StringP("use", "u", "sig", "The intended use of this key")
 	return cmd
 }

docs/docs/.static/api.json

@@ -462,7 +462,7 @@
         }
       },
       "post": {
-        "description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.",
+        "description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA, EdDSA). If the specified JSON Web Key Set does not exist, it will be created.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.",
         "consumes": ["application/json"],
         "produces": ["application/json"],
         "schemes": ["http", "https"],
@@ -1656,7 +1656,7 @@
           "example": "1603dfe0af8f4596"
         },
         "kty": {
-          "description": "The \"kty\" (key type) parameter identifies the cryptographic algorithm\nfamily used with the key, such as \"RSA\" or \"EC\". \"kty\" values should\neither be registered in the IANA \"JSON Web Key Types\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name.  The \"kty\" value is a case-sensitive string.",
+          "description": "The \"kty\" (key type) parameter identifies the cryptographic algorithm\nfamily used with the key, such as \"RSA\", \"EC\" or \"OKP\". \"kty\" values should\neither be registered in the IANA \"JSON Web Key Types\" registry\nestablished by [JWA] or be a value that contains a Collision-\nResistant Name.  The \"kty\" value is a case-sensitive string.",
           "type": "string",
           "example": "RSA"
         },
@@ -1695,6 +1695,10 @@
         "y": {
           "type": "string",
           "example": "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0"
+        },
+        "d": {
+          "type": "string",
+          "example": "coI45jiIFWasP6gSRyUZkud4OCdoiemikVjClc1v8uA"
         }
       }
     },
@@ -2386,7 +2390,7 @@
       "required": ["alg", "use", "kid"],
       "properties": {
         "alg": {
-          "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\"",
+          "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", \"HS256\", and \"EdDSA\"",
           "type": "string"
         },
         "kid": {

docs/docs/advanced.md

@@ -245,6 +245,7 @@ private/public keypairs with currently supported signing algorithms:
 - RS256 (default), RS384, RS512
 - PS256, PS384, PS512
 - ES256, ES384, ES512
+- EdDSA
 
 This authentication method replaces the classic HTTP Basic Authorization and
 HTTP POST Authorization schemes. Instead of sending the `client_id` and
@@ -332,6 +333,27 @@ And here is how it looks like for a `jwks` including an ECDSA public key:
 }
 ```
 
+And here is how it looks like for a `jwks` including an EdDSA public key:
+
+```json
+{
+  "client_id": "eddsa-client-jwks",
+  "jwks": {
+    "keys": [
+      {
+        "kty": "OKP",
+        "use": "sig",
+        "crv": "Ed25519",
+        "kid": "eddsa-jwk",
+        "x": "cg1qGqQGSF6xvzoDZVaDfxu0c2fPhUEuVHYUr1WYVXs"
+      }
+    ]
+  },
+  "token_endpoint_auth_method": "private_key_jwt",
+  "token_endpoint_auth_signing_alg": "EdDSA"
+}
+```
+
 And with `jwks_uri`:
 
 ```json

docs/docs/cli/hydra-keys-create.md

@@ -21,7 +21,7 @@ hydra keys create <set> <key> [flags]
 ### Options
 
 ```
-  -a, --alg string   The algorithm to be used to generated they key. Supports: RS256, ES512, HS256 (default "RS256")
+  -a, --alg string   The algorithm to be used to generated they key. Supports: RS256, ES512, HS256, EdDSA (default "RS256")
   -h, --help         help for create
   -u, --use string   The intended use of this key (default "sig")
 ```

driver/registry_base.go

@@ -227,6 +227,7 @@ func (m *RegistryBase) KeyGenerators() map[string]jwk.KeyGenerator {
 			"ES512": &jwk.ECDSA512Generator{},
 			"HS256": &jwk.HS256Generator{},
 			"HS512": &jwk.HS512Generator{},
+			"EdDSA": &jwk.EdDSAGenerator{},
 		}
 	}
 	return m.kg

jwk/generator_eddsa.go

@@ -0,0 +1,41 @@
+package jwk
+
+import (
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/x509"
+
+	"github.com/pborman/uuid"
+	"github.com/pkg/errors"
+	"gopkg.in/square/go-jose.v2"
+)
+
+type EdDSAGenerator struct{}
+
+func (g *EdDSAGenerator) Generate(id, use string) (*jose.JSONWebKeySet, error) {
+	publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, errors.Errorf("Could not generate key because %s", err)
+	}
+
+	if id == "" {
+		id = uuid.New()
+	}
+
+	return &jose.JSONWebKeySet{
+		Keys: []jose.JSONWebKey{
+			{
+				Key:          privateKey,
+				Use:          use,
+				KeyID:        Ider("private", id),
+				Certificates: []*x509.Certificate{},
+			},
+			{
+				Key:          publicKey,
+				Use:          use,
+				KeyID:        Ider("public", id),
+				Certificates: []*x509.Certificate{},
+			},
+		},
+	}, nil
+}

jwk/generator_test.go

@@ -92,6 +92,28 @@ func TestGenerator(t *testing.T) {
 				assert.Equal(t, "enc", ks.Keys[1].Use)
 			},
 		},
+		{
+			g:   &EdDSAGenerator{},
+			use: "sig",
+			check: func(ks *jose.JSONWebKeySet) {
+				assert.Len(t, ks, 2)
+				assert.NotEmpty(t, ks.Keys[0].Key)
+				assert.NotEmpty(t, ks.Keys[1].Key)
+				assert.Equal(t, "sig", ks.Keys[0].Use)
+				assert.Equal(t, "sig", ks.Keys[1].Use)
+			},
+		},
+		{
+			g:   &EdDSAGenerator{},
+			use: "enc",
+			check: func(ks *jose.JSONWebKeySet) {
+				assert.Len(t, ks, 2)
+				assert.NotEmpty(t, ks.Keys[0].Key)
+				assert.NotEmpty(t, ks.Keys[1].Key)
+				assert.Equal(t, "sig", ks.Keys[0].Use)
+				assert.Equal(t, "sig", ks.Keys[1].Use)
+			},
+		},
 	} {
 		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
 			keys, err := c.g.Generate("foo", c.use)

jwk/helper.go

@@ -23,13 +23,12 @@ package jwk
 import (
 	"context"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
 
-	"golang.org/x/crypto/ed25519"
-
 	"github.com/ory/x/errorsx"
 
 	"github.com/ory/hydra/x"
@@ -136,7 +135,7 @@ func ExcludePrivateKeys(set *jose.JSONWebKeySet) *jose.JSONWebKeySet {
 
 	for _, k := range set.Keys {
 		_, ecdsaOk := k.Key.(*ecdsa.PublicKey)
-		_, ed25519OK := k.Key.(*ed25519.PublicKey)
+		_, ed25519OK := k.Key.(ed25519.PublicKey)
 		_, rsaOK := k.Key.(*rsa.PublicKey)
 
 		if ecdsaOk || ed25519OK || rsaOK {
@@ -172,6 +171,12 @@ func PEMBlockForKey(key interface{}) (*pem.Block, error) {
 			return nil, errorsx.WithStack(err)
 		}
 		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}, nil
+	case ed25519.PrivateKey:
+		b, err := x509.MarshalPKCS8PrivateKey(k)
+		if err != nil {
+			return nil, errorsx.WithStack(err)
+		}
+		return &pem.Block{Type: "PRIVATE KEY", Bytes: b}, nil
 	default:
 		return nil, errors.New("Invalid key type")
 	}

jwk/helper_test.go

@@ -22,6 +22,7 @@ package jwk
 
 import (
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"testing"
 
@@ -77,6 +78,7 @@ func TestIder(t *testing.T) {
 func TestHandlerFindPublicKey(t *testing.T) {
 	var testRSGenerator = RS256Generator{}
 	var testECDSAGenerator = ECDSA256Generator{}
+	var testEdDSAGenerator = EdDSAGenerator{}
 
 	t.Run("Test_Helper/Run_FindPublicKey_With_RSA", func(t *testing.T) {
 		RSIDKS, _ := testRSGenerator.Generate("test-id-1", "sig")
@@ -93,4 +95,12 @@ func TestHandlerFindPublicKey(t *testing.T) {
 		assert.Equal(t, keys.KeyID, Ider("public", "test-id-2"))
 		assert.IsType(t, keys.Key, new(ecdsa.PublicKey))
 	})
+
+	t.Run("Test_Helper/Run_FindPublicKey_With_EdDSA", func(t *testing.T) {
+		EdDSAIDKS, _ := testEdDSAGenerator.Generate("test-id-3", "sig")
+		keys, err := FindPublicKey(EdDSAIDKS)
+		require.NoError(t, err)
+		assert.Equal(t, keys.KeyID, Ider("public", "test-id-3"))
+		assert.IsType(t, keys.Key, ed25519.PublicKey{})
+	})
 }