lawliet89 · Mischala · Feb 18, 2019
diff --git a/src/jwa.rs b/src/jwa.rs
@@ -88,6 +88,8 @@ pub enum SignatureAlgorithm {
     RS384,
     /// RSASSA-PKCS1-v1_5 using SHA-512
     RS512,
+    /// EdDSA using Ed25519, and SHA-512 as the digest algorithm
+    ED25519,
     /// ECDSA using P-256 and SHA-256
     ES256,
     /// ECDSA using P-384 and SHA-384
@@ -261,6 +263,7 @@ impl SignatureAlgorithm {
             HS256 | HS384 | HS512 => Self::sign_hmac(data, secret, self),
             RS256 | RS384 | RS512 | PS256 | PS384 | PS512 => Self::sign_rsa(data, secret, self),
             ES256 | ES384 | ES512 => Self::sign_ecdsa(data, secret, self),
+            ED25519 => Self::sign_ed25519(data, secret, self),
         }
     }
 
@@ -271,7 +274,7 @@ impl SignatureAlgorithm {
         match *self {
             None => Self::verify_none(expected_signature, secret),
             HS256 | HS384 | HS512 => Self::verify_hmac(expected_signature, data, secret, self),
-            RS256 | RS384 | RS512 | PS256 | PS384 | PS512 | ES256 | ES384 | ES512 => {
+            RS256 | RS384 | RS512 | PS256 | PS384 | PS512 | ES256 | ES384 | ES512 | ED25519 => {
                 Self::verify_public_key(expected_signature, data, secret, self)
             }
         }
@@ -339,6 +342,15 @@ impl SignatureAlgorithm {
         }
     }
 
+    fn sign_ed25519(data: &[u8], secret: &Secret, _algorithm: &SignatureAlgorithm) -> Result<Vec<u8>, Error> {
+        let key_pair = match *secret {
+            Secret::Ed25519KeyPair(ref key_pair) => key_pair,
+            _ => Err("Invalid secret type. An Ed25519KeyPair is required".to_string())?,
+        };
+        let sig = key_pair.as_ref().sign(data);
+        Ok(sig.as_ref().to_vec())
+    }
+
     fn verify_none(expected_signature: &[u8], secret: &Secret) -> Result<(), Error> {
         match *secret {
             Secret::None => {}
@@ -384,6 +396,7 @@ impl SignatureAlgorithm {
                     SignatureAlgorithm::PS512 => &signature::RSA_PSS_2048_8192_SHA512,
                     SignatureAlgorithm::ES256 => &signature::ECDSA_P256_SHA256_FIXED,
                     SignatureAlgorithm::ES384 => &signature::ECDSA_P384_SHA384_FIXED,
+                    SignatureAlgorithm::ED25519 => &signature::ED25519,
                     SignatureAlgorithm::ES512 => Err(Error::UnsupportedOperation)?,
                     _ => unreachable!("Should not happen"),
                 };

diff --git a/src/jws.rs b/src/jws.rs
@@ -351,6 +351,21 @@ pub enum Secret {
     /// use biscuit::jws::Secret;
     ///
     /// let secret = Secret::public_key_from_file("test/fixtures/rsa_public_key.der");
+    Ed25519KeyPair(Arc<signature::Ed25519KeyPair>),
+    /// An Ed25519 Key pair constructed from a PKCS8 DER encoded private key
+    ///
+    /// To generate a private key, use
+    ///
+    /// ```sh
+    /// openssl genpkey -algorithm ed25519 -outform DER -out test25519.der
+    /// ```
+    ///
+    /// # Examples
+    /// ```
+    /// use biscuit::jws::Secret;
+    ///
+    /// let secret = Secret::ecdsa_keypair_from_file(biscuit::jwa::SignatureAlgorithm::ES256, "test/fixtures/ecdsa_private_key.p8");
+    /// ```
     PublicKey(Vec<u8>),
     /// Use the modulus (`n`) and exponent (`e`) of an RSA key directly
     ///