feat(alg): Add ES512 support

firebase · May 25, 2024 · 93f1109 · 93f1109
1 parent 500501c
commit 93f1109
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/src/JWT.php b/src/JWT.php
@@ -53,9 +53,10 @@ class JWT
      * @var array<string, string[]>
      */
     public static $supported_algs = [
-        'ES384' => ['openssl', 'SHA384'],
         'ES256' => ['openssl', 'SHA256'],
         'ES256K' => ['openssl', 'SHA256'],
+        'ES384' => ['openssl', 'SHA384'],
+        'ES512' => ['openssl', 'SHA512'],
         'HS256' => ['hash_hmac', 'SHA256'],
         'HS384' => ['hash_hmac', 'SHA384'],
         'HS512' => ['hash_hmac', 'SHA512'],
@@ -75,7 +76,7 @@ class JWT
      *                                                                      the public key.
      *                                                                      Each Key object contains an algorithm and
      *                                                                      matching key.
-     *                                                                      Supported algorithms are 'ES384','ES256',
+     *                                                                      Supported algorithms are 'ES256', 'ES256K', 'ES384', 'ES512',
      *                                                                      'HS256', 'HS384', 'HS512', 'RS256', 'RS384'
      *                                                                      and 'RS512'.
      * @param stdClass               $headers                               Optional. Populates stdClass with headers.
@@ -142,8 +143,8 @@ public static function decode(
             // See issue #351
             throw new UnexpectedValueException('Incorrect key for this algorithm');
         }
-        if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384'], true)) {
-            // OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384 signatures
+        if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384', 'ES512'], true)) {
+            // OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384/ES512 signatures
             $sig = self::signatureToDER($sig);
         }
         if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) {
@@ -186,8 +187,8 @@ public static function decode(
      *
      * @param array<mixed>          $payload PHP array
      * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
-     * @param string                $alg     Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
-     *                                       'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
+     * @param string                $alg     Supported algorithms are 'ES256', 'ES256K', 'ES384', 'ES512',
+     *                                       'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
      * @param string                $keyId
      * @param array<string, string> $head    An array with header elements to attach
      *
@@ -227,8 +228,8 @@ public static function encode(
      *
      * @param string $msg  The message to sign
      * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate  $key  The secret key.
-     * @param string $alg  Supported algorithms are 'EdDSA', 'ES384', 'ES256', 'ES256K', 'HS256',
-     *                    'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
+     * @param string $alg  Supported algorithms are 'EdDSA', 'ES256', 'ES256K', 'ES384', 'ES512',
+     *                    'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
      *
      * @return string An encrypted message
      *
@@ -262,6 +263,8 @@ public static function sign(
                     $signature = self::signatureFromDER($signature, 256);
                 } elseif ($alg === 'ES384') {
                     $signature = self::signatureFromDER($signature, 384);
+                } elseif ($alg === 'ES512') {
+                    $signature = self::signatureFromDER($signature, 512);
                 }
                 return $signature;
             case 'sodium_crypto':