fixed check algo

deatil · Feb 20, 2025 · 177970a · 177970a
1 parent 2173ee8
commit 177970a
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 37 deletions.
diff --git a/README.md b/README.md
@@ -85,6 +85,7 @@ The JWT library have signing methods:
  - `ES384`: jwt.SigningMethodES384
 
  - `EdDSA`: jwt.SigningMethodEdDSA
+ - `ED25519`: jwt.SigningMethodED25519
 
  - `HS256`: jwt.SigningMethodHS256
  - `HS384`: jwt.SigningMethodHS384

diff --git a/src/ecdsa.zig b/src/ecdsa.zig
@@ -4,11 +4,11 @@ const testing = std.testing;
 
 pub const ecdsa = std.crypto.sign.ecdsa;
 
-pub const ES256 = SigningECDSA(ecdsa.EcdsaP256Sha256, "ES256");
-pub const ES384 = SigningECDSA(ecdsa.EcdsaP384Sha384, "ES384");
-// pub const ES512 = SigningECDSA(ecdsa.EcdsaP512Sha512, "ES512");
+pub const SigningES256 = SignECDSA(ecdsa.EcdsaP256Sha256, "ES256");
+pub const SigningES384 = SignECDSA(ecdsa.EcdsaP384Sha384, "ES384");
+// pub const SigningES512 = SignECDSA(ecdsa.EcdsaP512Sha512, "ES512");
 
-pub fn SigningECDSA(comptime EC: type, comptime name: []const u8) type {
+pub fn SignECDSA(comptime EC: type, comptime name: []const u8) type {
     return struct {
         const Self = @This();
 
@@ -53,8 +53,8 @@ pub fn SigningECDSA(comptime EC: type, comptime name: []const u8) type {
     };
 }
 
-test "ES256" {
-    const h = ES256.init();
+test "SigningES256" {
+    const h = SigningES256.init();
 
     const alg = h.alg();
     const signLength = h.signLength();
@@ -78,8 +78,8 @@ test "ES256" {
 
 }
 
-test "ES384" {
-    const h = ES384.init();
+test "SigningES384" {
+    const h = SigningES384.init();
 
     const alg = h.alg();
     const signLength = h.signLength();

diff --git a/src/eddsa.zig b/src/eddsa.zig
@@ -4,9 +4,10 @@ const testing = std.testing;
 
 pub const Ed25519 = std.crypto.sign.Ed25519;
 
-pub const EdDSA = SigningEdDSA("EdDSA");
+pub const SigningEdDSA = SignEdDSA("EdDSA");
+pub const SigningED25519 = SignEdDSA("ED25519");
 
-pub fn SigningEdDSA(comptime name: []const u8) type {
+pub fn SignEdDSA(comptime name: []const u8) type {
     return struct {
         const Self = @This();
 
@@ -49,8 +50,8 @@ pub fn SigningEdDSA(comptime name: []const u8) type {
     };
 }
 
-test "EdDSA" {
-    const h = EdDSA.init();
+test "SigningEdDSA" {
+    const h = SigningEdDSA.init();
 
     const alg = h.alg();
     const signLength = h.signLength();
@@ -73,3 +74,28 @@ test "EdDSA" {
     try testing.expectEqual(true, veri);
 
 }
+
+test "SigningED25519" {
+    const h = SigningED25519.init();
+
+    const alg = h.alg();
+    const signLength = h.signLength();
+    try testing.expectEqual(64, signLength);
+    try testing.expectEqualStrings("ED25519", alg);
+
+    const kp = Ed25519.KeyPair.generate();
+
+    const msg = "test-data";
+
+    const signed = try h.sign(msg, kp.secret_key);
+    const singed_res = fmt.bytesToHex(signed, .lower);
+
+    try testing.expectEqual(128, singed_res.len);
+
+    var signature: [64]u8 = undefined;
+    _ = try fmt.hexToBytes(&signature, &singed_res);
+    const veri = h.verify(msg, signature, kp.public_key);
+
+    try testing.expectEqual(true, veri);
+
+}
diff --git a/src/hmac.zig b/src/hmac.zig
@@ -3,11 +3,11 @@ const fmt = std.fmt;
 const testing = std.testing;
 const hmac = std.crypto.auth.hmac;
 
-pub const HS256 = SigningHmac(hmac.sha2.HmacSha256, "HS256");
-pub const HS384 = SigningHmac(hmac.sha2.HmacSha384, "HS384");
-pub const HS512 = SigningHmac(hmac.sha2.HmacSha512, "HS512");
+pub const SigningHS256 = SignHmac(hmac.sha2.HmacSha256, "HS256");
+pub const SigningHS384 = SignHmac(hmac.sha2.HmacSha384, "HS384");
+pub const SigningHS512 = SignHmac(hmac.sha2.HmacSha512, "HS512");
 
-pub fn SigningHmac(comptime Hash: type, comptime name: []const u8) type {
+pub fn SignHmac(comptime Hash: type, comptime name: []const u8) type {
     return struct {
         const Self = @This();
 
@@ -57,8 +57,8 @@ pub fn SigningHmac(comptime Hash: type, comptime name: []const u8) type {
     };
 }
 
-test "HS256" {
-    const h = HS256.init();
+test "SigningHS256" {
+    const h = SigningHS256.init();
 
     const alg = h.alg();
     const signLength = h.signLength();
@@ -82,8 +82,8 @@ test "HS256" {
 
 }
 
-test "HS384" {
-    const h = HS384.init();
+test "SigningHS384" {
+    const h = SigningHS384.init();
 
     const alg = h.alg();
     const signLength = h.signLength();
@@ -107,8 +107,8 @@ test "HS384" {
 
 }
 
-test "HS512" {
-    const h = HS512.init();
+test "SigningHS512" {
+    const h = SigningHS512.init();
 
     const alg = h.alg();
     const signLength = h.signLength();

diff --git a/src/jwt.zig b/src/jwt.zig
@@ -10,23 +10,25 @@ pub const none = @import("none.zig");
 pub const token = @import("token.zig");
 pub const utils = @import("utils.zig");
 
-pub const SigningMethodES256 = JWT(ecdsa.ES256, ecdsa.ecdsa.EcdsaP256Sha256.SecretKey, ecdsa.ecdsa.EcdsaP256Sha256.PublicKey);
-pub const SigningMethodES384 = JWT(ecdsa.ES384, ecdsa.ecdsa.EcdsaP384Sha384.SecretKey, ecdsa.ecdsa.EcdsaP384Sha384.PublicKey);
+pub const SigningMethodES256 = JWT(ecdsa.SigningES256, ecdsa.ecdsa.EcdsaP256Sha256.SecretKey, ecdsa.ecdsa.EcdsaP256Sha256.PublicKey);
+pub const SigningMethodES384 = JWT(ecdsa.SigningES384, ecdsa.ecdsa.EcdsaP384Sha384.SecretKey, ecdsa.ecdsa.EcdsaP384Sha384.PublicKey);
 // pub const SigningMethodES512 = JWT(ecdsa.ES512, ecdsa.ecdsa.SecretKey, ecdsa.ecdsa.PublicKey);
 
-pub const SigningMethodEdDSA = JWT(eddsa.EdDSA, eddsa.Ed25519.SecretKey, eddsa.Ed25519.PublicKey);
+pub const SigningMethodEdDSA = JWT(eddsa.SigningEdDSA, eddsa.Ed25519.SecretKey, eddsa.Ed25519.PublicKey);
+pub const SigningMethodED25519 = JWT(eddsa.SigningED25519, eddsa.Ed25519.SecretKey, eddsa.Ed25519.PublicKey);
 
-pub const SigningMethodHS256 = JWT(hmac.HS256, []const u8, []const u8);
-pub const SigningMethodHS384 = JWT(hmac.HS384, []const u8, []const u8);
-pub const SigningMethodHS512 = JWT(hmac.HS512, []const u8, []const u8);
+pub const SigningMethodHS256 = JWT(hmac.SigningHS256, []const u8, []const u8);
+pub const SigningMethodHS384 = JWT(hmac.SigningHS384, []const u8, []const u8);
+pub const SigningMethodHS512 = JWT(hmac.SigningHS512, []const u8, []const u8);
 
-pub const SigningMethodNone = JWT(none.None, []const u8, []const u8);
+pub const SigningMethodNone = JWT(none.SigningNone, []const u8, []const u8);
 
 pub const Error = error {
     JWTVerifyFail,
     JWTSignatureInvalid,
     JWTSigningMethodNotExists,
     JWTTypeInvalid,
+    JWTAlgoInvalid
 };
 
 pub fn JWT(comptime Signer: type, comptime SecretKeyType: type, comptime PublicKeyType: type) type {
@@ -69,6 +71,9 @@ pub fn JWT(comptime Signer: type, comptime SecretKeyType: type, comptime PublicK
             if (!eq(header.typ, "JWT")) {
                 return Error.JWTTypeInvalid;
             }
+            if (!eq(header.alg, self.signer.alg())) {
+                return Error.JWTAlgoInvalid;
+            }
 
             const token_sign = t.getSignature();
 
@@ -200,7 +205,7 @@ test "parse JWTSignatureInvalid" {
     var need_true: bool = false;
     _ = p.parse(token_string, kp.public_key) catch |err| {
         need_true = true;
-        try testing.expectEqual(Error.JWTSignatureInvalid, err);
+        try testing.expectEqual(Error.JWTAlgoInvalid, err);
     };
     try testing.expectEqual(true, need_true);
 
@@ -506,13 +511,13 @@ test "SigningMethodEdDSA Check" {
         .foo = "bar",
     };
 
-    const s = SigningMethodEdDSA.init(alloc);
+    const s = SigningMethodED25519.init(alloc);
     const token_string = try s.make(claims, secret_key);
     try testing.expectEqual(true, token_string.len > 0);
 
     // ==========
 
-    const p = SigningMethodEdDSA.init(alloc);
+    const p = SigningMethodED25519.init(alloc);
     var parsed = try p.parse(token_str, public_key);
 
     const claims2 = try parsed.getClaims();
@@ -533,7 +538,7 @@ test "SigningMethodEdDSA Check fail" {
 
     const public_key = try eddsa.Ed25519.PublicKey.fromBytes(pub_key_buf);
 
-    const p = SigningMethodEdDSA.init(alloc);
+    const p = SigningMethodED25519.init(alloc);
 
     var need_true: bool = false;
     _ = p.parse(token_str, public_key) catch |err| {

diff --git a/src/none.zig b/src/none.zig
@@ -2,9 +2,9 @@ const std = @import("std");
 const fmt = std.fmt;
 const testing = std.testing;
 
-pub const None = SigningNone("none");
+pub const SigningNone = SignNone("none");
 
-pub fn SigningNone(comptime name: []const u8) type {
+pub fn SignNone(comptime name: []const u8) type {
     return struct {
         const Self = @This();
 
@@ -44,8 +44,8 @@ pub fn SigningNone(comptime name: []const u8) type {
     };
 }
 
-test "None" {
-    const h = None.init();
+test "SigningNone" {
+    const h = SigningNone.init();
 
     const alg = h.alg();
     const signLength = h.signLength();