From 566effe8e2909ec5d8ee962d0fe5093a626b517a Mon Sep 17 00:00:00 2001
From: Warren Parad <gpg@warrenparad.net>
Date: Fri, 15 Dec 2023 12:18:37 +0100
Subject: [PATCH] Add Eddsa signature validation algorithms. fix #2426

---
 .../AsymmetricSignatureProvider.cs            | 14 ++++++++--
 .../SecurityAlgorithms.cs                     | 10 +++++++
 .../SupportedAlgorithms.cs                    | 26 +++++++++++++++++++
 .../JwtSecurityTokenHandler.cs                |  6 +++++
 4 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs b/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs
index 4ad0cf16fb..038c17f246 100644
--- a/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs
+++ b/src/Microsoft.IdentityModel.Tokens/AsymmetricSignatureProvider.cs
@@ -41,7 +41,12 @@ public class AsymmetricSignatureProvider : SignatureProvider
             { SecurityAlgorithms.RsaSsaPssSha512, 1040 },
             { SecurityAlgorithms.RsaSsaPssSha256Signature, 528 },
             { SecurityAlgorithms.RsaSsaPssSha384Signature, 784 },
-            { SecurityAlgorithms.RsaSsaPssSha512Signature, 1040 }
+            { SecurityAlgorithms.RsaSsaPssSha512Signature, 1040 },
+            { SecurityAlgorithms.EddsaEd25519Signature, 256 },
+            { SecurityAlgorithms.EddsaEd25519Sha512Signature, 256 },
+            { SecurityAlgorithms.EddsaEd25519WithContextSignature, 256 },
+            { SecurityAlgorithms.EddsaEd448Signature, 456 },
+            { SecurityAlgorithms.EddsaEd25519Shake256Signature, 456 },
         };
 
         /// <summary>
@@ -66,7 +71,12 @@ public class AsymmetricSignatureProvider : SignatureProvider
             { SecurityAlgorithms.RsaSsaPssSha512, 1040 },
             { SecurityAlgorithms.RsaSsaPssSha256Signature, 528 },
             { SecurityAlgorithms.RsaSsaPssSha384Signature, 784 },
-            { SecurityAlgorithms.RsaSsaPssSha512Signature, 1040 }
+            { SecurityAlgorithms.RsaSsaPssSha512Signature, 1040 },
+            { SecurityAlgorithms.EddsaEd25519Signature, 256 },
+            { SecurityAlgorithms.EddsaEd25519Sha512Signature, 256 },
+            { SecurityAlgorithms.EddsaEd25519WithContextSignature, 256 },
+            { SecurityAlgorithms.EddsaEd448Signature, 456 },
+            { SecurityAlgorithms.EddsaEd25519Shake256Signature, 456 },
         };
 
         internal AsymmetricSignatureProvider(SecurityKey key, string algorithm, CryptoProviderFactory cryptoProviderFactory)
diff --git a/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs b/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs
index 3db07ff95e..f6958a1e99 100644
--- a/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SecurityAlgorithms.cs
@@ -103,6 +103,16 @@ public static class SecurityAlgorithms
 
         // See: https://datatracker.ietf.org/doc/html/rfc7518#section-4.6
         public const string EcdhEs = "ECDH-ES";
+
+        // See: https://www.rfc-editor.org/rfc/rfc9231.html#name-edwards-curve
+        public const string EddsaEd25519Signature = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519";
+        public const string EddsaEd25519Sha512Signature = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519ph";
+        public const string EddsaEd25519WithContextSignature = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519ctx";
+        public const string EddsaEd448Signature = "   http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448";
+        public const string EddsaEd25519Shake256Signature = "http://www.w3.org/2021/04/xmldsig-more#eddsa-ed448ph";
+
+        // See: https://datatracker.ietf.org/doc/html/rfc8032
+        public const string Eddsa = "EdDSA";
 #pragma warning restore 1591
     }
 }
diff --git a/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs b/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs
index 086374360a..c9779ceef3 100644
--- a/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SupportedAlgorithms.cs
@@ -64,6 +64,16 @@ internal static class SupportedAlgorithms
             SecurityAlgorithms.RsaSsaPssSha512Signature
         };
 
+        internal static readonly ICollection<string> EddsaSigningAlgorithms = new Collection<string>
+        {
+            SecurityAlgorithms.EdDSA,
+            SecurityAlgorithms.EddsaEd25519Signature,
+            SecurityAlgorithms.EddsaEd25519Sha512Signature,
+            SecurityAlgorithms.EddsaEd25519WithContextSignature,
+            SecurityAlgorithms.EddsaEd448Signature,
+            SecurityAlgorithms.EddsaEd25519Shake256Signature
+        };
+
         internal static readonly ICollection<string> SymmetricEncryptionAlgorithms = new Collection<string>
         {
             SecurityAlgorithms.Aes128CbcHmacSha256,
@@ -215,6 +225,10 @@ public static bool IsSupportedAlgorithm(string algorithm, SecurityKey key)
             if (key as RsaSecurityKey != null)
                 return IsSupportedRsaAlgorithm(algorithm, key);
 
+            if (key as EddsaSecurityKey != null) {
+                return IsSupportedEddsaAlgorithm(algorithm, key);
+            }
+
             if (key is X509SecurityKey x509Key)
             {
                 // only RSA keys are supported
@@ -333,6 +347,10 @@ internal static bool IsSupportedRsaAlgorithm(string algorithm, SecurityKey key)
                 || (RsaPssSigningAlgorithms.Contains(algorithm) && IsSupportedRsaPss(key));
         }
 
+        internal static bool IsSupportedEddsaAlgorithm(string algorithm, EddsaSecurityKey key) {
+            return EddsaSigningAlgorithms.Contains(algorithm);
+        }
+
         private static bool IsSupportedRsaPss(SecurityKey key)
         {
             // RSACryptoServiceProvider doesn't support RSA-PSS
@@ -396,6 +414,14 @@ SecurityAlgorithms.RsaSsaPssSha512 or
             SecurityAlgorithms.RsaSsaPssSha512Signature or
             SecurityAlgorithms.RsaSha512Signature => 1024,
 
+            SecurityAlgorithms.EdDSA or
+            SecurityAlgorithms.EddsaEd25519Signature or
+            SecurityAlgorithms.EddsaEd25519Sha512Signature or
+            SecurityAlgorithms.EddsaEd25519WithContextSignature => 512,
+
+            SecurityAlgorithms.EddsaEd448Signature or
+            SecurityAlgorithms.EddsaEd25519Shake256Signature => 912,
+
             // if we don't know the algorithm, report 2K twice as big as any known algorithm.
             _ => 2048,
         };
diff --git a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs
index 0185050c47..f861fbc336 100644
--- a/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs
+++ b/src/System.IdentityModel.Tokens.Jwt/JwtSecurityTokenHandler.cs
@@ -70,6 +70,12 @@ public class JwtSecurityTokenHandler : SecurityTokenHandler
             { SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.RsaSha256 },
             { SecurityAlgorithms.RsaSha384Signature, SecurityAlgorithms.RsaSha384 },
             { SecurityAlgorithms.RsaSha512Signature, SecurityAlgorithms.RsaSha512 },
+
+            { SecurityAlgorithms.EddsaEd25519Signature, SecurityAlgorithms.EdDSA },
+            { SecurityAlgorithms.EddsaEd25519Sha512Signature, SecurityAlgorithms.EdDSA },
+            { SecurityAlgorithms.EddsaEd25519WithContextSignature, SecurityAlgorithms.EdDSA },
+            { SecurityAlgorithms.EddsaEd448Signature, SecurityAlgorithms.EdDSA },
+            { SecurityAlgorithms.EddsaEd25519Shake256Signature, SecurityAlgorithms.EdDSA },
         };
 
         /// <summary>