Closed invisal closed 3 years ago
timonson
commented
3 years ago Hi @invisal thank you for this update!
Unfortunately, the tests for the new algorithms fail. If you don't mind please take a look at this new branch https://github.com/timonson/djwt/tree/alg-patch1 and run deno test -A.
I got the JWTs for comparison from https://jwt.io/.
An additional test for PS512 is missing but the tests for RS512 and PS256 fail because the signatures don't match.
invisal
commented
3 years ago Thank. I have checked the problems and I found the problem in my implementation:
RS512, the encryption is right, except that I write the wrong oid (using sha256 oid). I use verify code to test the sign code and my verify code does not include checking oid. I will update more test case for this one.PS256, there is small error in my code as well and add more test cases.The test method for testing PS256 in your code is also wrong. PS256 and PS512 include random salt. That's mean that it always produce different signature for same message.
I will patch the fix this week and I will update back to you on this issue.
itohatweb
commented
3 years ago Maybe add support for ed25519 too?
invisal
commented
3 years ago I have updated the fix in 1.4.8. However, it still fail the PS256 test case because PS256 is random algorithm. It always reproduce different signature every time you sign same message.
@itohatweb elliptic curve algorithm is also in my roadmap. But I need to do more reading to implement it.
timonson
commented
3 years ago The tests pass now.
I would love to get a code review before I merge these changes: https://github.com/timonson/djwt/pull/44
With new release of god_crypto v1.4.7, you can now add support for the following algorithms: RS512, PS256, and PS512.
RS512
PS256
PS512