1 files changed, 144 insertions, 29 deletions

diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
index 417f91d..b6a73fc 100644
--- a/tests/test_algorithms.py
+++ b/tests/test_algorithms.py
@@ -11,12 +11,7 @@ from .keys import load_ec_pub_key_p_521, load_hmac_key, load_rsa_pub_key
 from .utils import crypto_required, key_path
 
 if has_crypto:
-    from jwt.algorithms import (
-        ECAlgorithm,
-        Ed25519Algorithm,
-        RSAAlgorithm,
-        RSAPSSAlgorithm,
-    )
+    from jwt.algorithms import ECAlgorithm, OKPAlgorithm, RSAAlgorithm, RSAPSSAlgorithm
 
 
 class TestAlgorithms:
@@ -667,12 +662,12 @@ class TestAlgorithmsRFC7520:
 
 
 @crypto_required
-class TestEd25519Algorithms:
+class TestOKPAlgorithms:
     hello_world_sig = b"Qxa47mk/azzUgmY2StAOguAd4P7YBLpyCfU3JdbaiWnXM4o4WibXwmIHvNYgN3frtE2fcyd8OYEaOiD/KiwkCg=="
     hello_world = b"Hello World!"
 
-    def test_ed25519_should_reject_non_string_key(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_should_reject_non_string_key(self):
+        algo = OKPAlgorithm()
 
         with pytest.raises(TypeError):
             algo.prepare_key(None)
@@ -683,14 +678,14 @@ class TestEd25519Algorithms:
         with open(key_path("testkey_ed25519.pub")) as keyfile:
             algo.prepare_key(keyfile.read())
 
-    def test_ed25519_should_accept_unicode_key(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_should_accept_unicode_key(self):
+        algo = OKPAlgorithm()
 
         with open(key_path("testkey_ed25519")) as ec_key:
             algo.prepare_key(ec_key.read())
 
-    def test_ed25519_sign_should_generate_correct_signature_value(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_sign_should_generate_correct_signature_value(self):
+        algo = OKPAlgorithm()
 
         jwt_message = self.hello_world
 
@@ -706,8 +701,8 @@ class TestEd25519Algorithms:
         result = algo.verify(jwt_message, jwt_pub_key, expected_sig)
         assert result
 
-    def test_ed25519_verify_should_return_false_if_signature_invalid(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_verify_should_return_false_if_signature_invalid(self):
+        algo = OKPAlgorithm()
 
         jwt_message = self.hello_world
         jwt_sig = base64.b64decode(self.hello_world_sig)
@@ -720,8 +715,8 @@ class TestEd25519Algorithms:
         result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
         assert not result
 
-    def test_ed25519_verify_should_return_true_if_signature_valid(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_verify_should_return_true_if_signature_valid(self):
+        algo = OKPAlgorithm()
 
         jwt_message = self.hello_world
         jwt_sig = base64.b64decode(self.hello_world_sig)
@@ -732,8 +727,8 @@ class TestEd25519Algorithms:
         result = algo.verify(jwt_message, jwt_pub_key, jwt_sig)
         assert result
 
-    def test_ed25519_prepare_key_should_be_idempotent(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_prepare_key_should_be_idempotent(self):
+        algo = OKPAlgorithm()
 
         with open(key_path("testkey_ed25519.pub")) as keyfile:
             jwt_pub_key_first = algo.prepare_key(keyfile.read())
@@ -741,8 +736,8 @@ class TestEd25519Algorithms:
 
         assert jwt_pub_key_first == jwt_pub_key_second
 
-    def test_ed25519_jwk_private_key_should_parse_and_verify(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_jwk_private_key_should_parse_and_verify(self):
+        algo = OKPAlgorithm()
 
         with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile:
             key = algo.from_jwk(keyfile.read())
@@ -750,8 +745,19 @@ class TestEd25519Algorithms:
         signature = algo.sign(b"Hello World!", key)
         assert algo.verify(b"Hello World!", key.public_key(), signature)
 
-    def test_ed25519_jwk_public_key_should_parse_and_verify(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_jwk_private_key_should_parse_and_verify_with_private_key_as_is(
+        self,
+    ):
+        algo = OKPAlgorithm()
+
+        with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile:
+            key = algo.from_jwk(keyfile.read())
+
+        signature = algo.sign(b"Hello World!", key)
+        assert algo.verify(b"Hello World!", key, signature)
+
+    def test_okp_ed25519_jwk_public_key_should_parse_and_verify(self):
+        algo = OKPAlgorithm()
 
         with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile:
             priv_key = algo.from_jwk(keyfile.read())
@@ -762,8 +768,8 @@ class TestEd25519Algorithms:
         signature = algo.sign(b"Hello World!", priv_key)
         assert algo.verify(b"Hello World!", pub_key, signature)
 
-    def test_ed25519_jwk_fails_on_invalid_json(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_jwk_fails_on_invalid_json(self):
+        algo = OKPAlgorithm()
 
         with open(key_path("jwk_okp_pub_Ed25519.json")) as keyfile:
             valid_pub = json.loads(keyfile.read())
@@ -790,6 +796,12 @@ class TestEd25519Algorithms:
         with pytest.raises(InvalidKeyError):
             algo.from_jwk(v)
 
+        # Invalid crv, "Ed448"
+        v = valid_pub.copy()
+        v["crv"] = "Ed448"
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
         # Missing x
         v = valid_pub.copy()
         del v["x"]
@@ -808,8 +820,8 @@ class TestEd25519Algorithms:
         with pytest.raises(InvalidKeyError):
             algo.from_jwk(v)
 
-    def test_ed25519_to_jwk_works_with_from_jwk(self):
-        algo = Ed25519Algorithm()
+    def test_okp_ed25519_to_jwk_works_with_from_jwk(self):
+        algo = OKPAlgorithm()
 
         with open(key_path("jwk_okp_key_Ed25519.json")) as keyfile:
             priv_key_1 = algo.from_jwk(keyfile.read())
@@ -827,8 +839,111 @@ class TestEd25519Algorithms:
         assert algo.verify(b"Hello World!", pub_key_2, signature_1)
         assert algo.verify(b"Hello World!", pub_key_2, signature_2)
 
-    def test_ed25519_to_jwk_raises_exception_on_invalid_key(self):
-        algo = Ed25519Algorithm()
+    def test_okp_to_jwk_raises_exception_on_invalid_key(self):
+        algo = OKPAlgorithm()
 
         with pytest.raises(InvalidKeyError):
             algo.to_jwk({"not": "a valid key"})
+
+    def test_okp_ed448_jwk_private_key_should_parse_and_verify(self):
+        algo = OKPAlgorithm()
+
+        with open(key_path("jwk_okp_key_Ed448.json")) as keyfile:
+            key = algo.from_jwk(keyfile.read())
+
+        signature = algo.sign(b"Hello World!", key)
+        assert algo.verify(b"Hello World!", key.public_key(), signature)
+
+    def test_okp_ed448_jwk_private_key_should_parse_and_verify_with_private_key_as_is(
+        self,
+    ):
+        algo = OKPAlgorithm()
+
+        with open(key_path("jwk_okp_key_Ed448.json")) as keyfile:
+            key = algo.from_jwk(keyfile.read())
+
+        signature = algo.sign(b"Hello World!", key)
+        assert algo.verify(b"Hello World!", key, signature)
+
+    def test_okp_ed448_jwk_public_key_should_parse_and_verify(self):
+        algo = OKPAlgorithm()
+
+        with open(key_path("jwk_okp_key_Ed448.json")) as keyfile:
+            priv_key = algo.from_jwk(keyfile.read())
+
+        with open(key_path("jwk_okp_pub_Ed448.json")) as keyfile:
+            pub_key = algo.from_jwk(keyfile.read())
+
+        signature = algo.sign(b"Hello World!", priv_key)
+        assert algo.verify(b"Hello World!", pub_key, signature)
+
+    def test_okp_ed448_jwk_fails_on_invalid_json(self):
+        algo = OKPAlgorithm()
+
+        with open(key_path("jwk_okp_pub_Ed448.json")) as keyfile:
+            valid_pub = json.loads(keyfile.read())
+        with open(key_path("jwk_okp_key_Ed448.json")) as keyfile:
+            valid_key = json.loads(keyfile.read())
+
+        # Invalid instance type
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(123)
+
+        # Invalid JSON
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk("<this isn't json>")
+
+        # Invalid kty, not "OKP"
+        v = valid_pub.copy()
+        v["kty"] = "oct"
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
+        # Invalid crv, not "Ed448"
+        v = valid_pub.copy()
+        v["crv"] = "P-256"
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
+        # Invalid crv, "Ed25519"
+        v = valid_pub.copy()
+        v["crv"] = "Ed25519"
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
+        # Missing x
+        v = valid_pub.copy()
+        del v["x"]
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
+        # Invalid x
+        v = valid_pub.copy()
+        v["x"] = "123"
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
+        # Invalid d
+        v = valid_key.copy()
+        v["d"] = "123"
+        with pytest.raises(InvalidKeyError):
+            algo.from_jwk(v)
+
+    def test_okp_ed448_to_jwk_works_with_from_jwk(self):
+        algo = OKPAlgorithm()
+
+        with open(key_path("jwk_okp_key_Ed448.json")) as keyfile:
+            priv_key_1 = algo.from_jwk(keyfile.read())
+
+        with open(key_path("jwk_okp_pub_Ed448.json")) as keyfile:
+            pub_key_1 = algo.from_jwk(keyfile.read())
+
+        pub = algo.to_jwk(pub_key_1)
+        pub_key_2 = algo.from_jwk(pub)
+        pri = algo.to_jwk(priv_key_1)
+        priv_key_2 = algo.from_jwk(pri)
+
+        signature_1 = algo.sign(b"Hello World!", priv_key_1)
+        signature_2 = algo.sign(b"Hello World!", priv_key_2)
+        assert algo.verify(b"Hello World!", pub_key_2, signature_1)
+        assert algo.verify(b"Hello World!", pub_key_2, signature_2)