Bugs/fix ed25519 (#522)

Spomky · web-flow · commit fbcbfe8cabb7 · 2024-02-13T08:34:05.000+01:00
Fix Ed25519 public key
diff --git a/composer.json b/composer.json
@@ -54,6 +54,7 @@
         "ext-sodium": "*",
         "brick/math": "^0.9|^0.10|^0.11|^0.12",
         "paragonie/constant_time_encoding": "^2.6",
+        "paragonie/sodium_compat": "^1.20",
         "psr/clock": "^1.0",
         "psr/event-dispatcher": "^1.0",
         "psr/http-client": "^1.0",
diff --git a/src/Library/KeyManagement/KeyConverter/KeyConverter.php b/src/Library/KeyManagement/KeyConverter/KeyConverter.php
@@ -7,12 +7,14 @@
 use InvalidArgumentException;
 use OpenSSLCertificate;
 use ParagonIE\ConstantTime\Base64UrlSafe;
+use ParagonIE\Sodium\Core\Ed25519;
 use RuntimeException;
 use SpomkyLabs\Pki\CryptoEncoding\PEM;
 use SpomkyLabs\Pki\CryptoTypes\Asymmetric\PrivateKey;
 use SpomkyLabs\Pki\CryptoTypes\Asymmetric\PublicKey;
 use Throwable;
 use function array_key_exists;
+use function assert;
 use function count;
 use function extension_loaded;
 use function in_array;
@@ -258,17 +260,31 @@ private static function tryToLoadOtherKeyTypes(string $input): array
      */
     private static function populatePoints(PrivateKey $key, array $values): array
     {
-        if (($values['crv'] === 'Ed25519' || $values['crv'] === 'X25519')) {
-            if (! extension_loaded('sodium')) {
-                throw new RuntimeException('Please install the Sodium extension');
-            }
-            $x = sodium_crypto_scalarmult_base($key->privateKeyData());
+        $crv = $values['crv'] ?? null;
+        assert(is_string($crv), 'Unsupported key type.');
+        $x = self::getPublicKey($key, $crv);
+        if ($x !== null) {
             $values['x'] = Base64UrlSafe::encodeUnpadded($x);
         }
 
         return $values;
     }
 
+    private static function getPublicKey(PrivateKey $key, string $crv): ?string
+    {
+        switch ($crv) {
+            case 'Ed25519':
+                return Ed25519::publickey_from_secretkey($key->privateKeyData());
+            case 'X25519':
+                if (extension_loaded('sodium')) {
+                    return sodium_crypto_scalarmult_base($key->privateKeyData());
+                }
+                // no break
+            default:
+                return null;
+        }
+    }
+
     private static function checkType(string $curve): void
     {
         $curves = ['Ed448ph', 'Ed25519ph', 'Ed448', 'Ed25519', 'X448', 'X25519'];
diff --git a/src/Library/Signature/Algorithm/EdDSA.php b/src/Library/Signature/Algorithm/EdDSA.php
@@ -7,7 +7,9 @@
 use InvalidArgumentException;
 use Jose\Component\Core\JWK;
 use ParagonIE\ConstantTime\Base64UrlSafe;
+use ParagonIE\Sodium\Core\Ed25519;
 use RuntimeException;
+use function assert;
 use function extension_loaded;
 use function in_array;
 use function is_string;
@@ -40,7 +42,7 @@ public function sign(JWK $key, string $input): string
             throw new InvalidArgumentException('Invalid "d" parameter.');
         }
         if (! $key->has('x')) {
-            $x = sodium_crypto_sign_publickey_from_secretkey($d);
+            $x = self::getPublicKey($key);
         } else {
             $x = $key->get('x');
         }
@@ -84,6 +86,24 @@ public function name(): string
         return 'EdDSA';
     }
 
+    private static function getPublicKey(JWK $key): string
+    {
+        $d = $key->get('d');
+        assert(is_string($d), 'Unsupported key type');
+
+        switch ($key->get('crv')) {
+            case 'Ed25519':
+                return Ed25519::publickey_from_secretkey($d);
+            case 'X25519':
+                if (extension_loaded('sodium')) {
+                    return sodium_crypto_scalarmult_base($d);
+                }
+                // no break
+            default:
+                throw new InvalidArgumentException('Unsupported key type');
+        }
+    }
+
     private function checkKey(JWK $key): void
     {
         if (! in_array($key->get('kty'), $this->allowedKeyTypes(), true)) {
diff --git a/src/Library/composer.json b/src/Library/composer.json
@@ -43,6 +43,7 @@
         "ext-mbstring": "*",
         "brick/math": "^0.9|^0.10|^0.11|^0.12",
         "paragonie/constant_time_encoding": "^2.6",
+        "paragonie/sodium_compat": "^1.20",
         "psr/clock": "^1.0",
         "psr/http-factory": "^1.0",
         "psr/http-client": "^1.0",
diff --git a/tests/Component/KeyManagement/JWKFactoryTest.php b/tests/Component/KeyManagement/JWKFactoryTest.php
@@ -297,7 +297,7 @@ public static function dataKeys(): iterable
                 'kty' => 'OKP',
                 'crv' => 'Ed25519',
                 'd' => 'Pr9AxZivB-zSq95wLrZfYa7DQ3TUPqZTkP_0w33r3rc',
-                'x' => 'uRhai1TsvrSB43HD-36TQ2hMQfV8ruJz7F8o0wIe1VI',
+                'x' => 'wrI33AEj15KHHYplueUE5cnJKtbM8oVHFf6wGnw2oOE',
             ],
         ];
         yield [
