From 93f1109db51f6e5ec78dd96b3bdc29f5372cfc4a Mon Sep 17 00:00:00 2001 From: Ninos Ego Date: Sat, 25 May 2024 08:18:09 +0200 Subject: [PATCH] feat(alg): Add ES512 support --- src/JWT.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/JWT.php b/src/JWT.php index e9d75639..1b8f68d6 100644 --- a/src/JWT.php +++ b/src/JWT.php @@ -53,9 +53,10 @@ class JWT * @var array */ public static $supported_algs = [ - 'ES384' => ['openssl', 'SHA384'], 'ES256' => ['openssl', 'SHA256'], 'ES256K' => ['openssl', 'SHA256'], + 'ES384' => ['openssl', 'SHA384'], + 'ES512' => ['openssl', 'SHA512'], 'HS256' => ['hash_hmac', 'SHA256'], 'HS384' => ['hash_hmac', 'SHA384'], 'HS512' => ['hash_hmac', 'SHA512'], @@ -75,7 +76,7 @@ class JWT * the public key. * Each Key object contains an algorithm and * matching key. - * Supported algorithms are 'ES384','ES256', + * Supported algorithms are 'ES256', 'ES256K', 'ES384', 'ES512', * 'HS256', 'HS384', 'HS512', 'RS256', 'RS384' * and 'RS512'. * @param stdClass $headers Optional. Populates stdClass with headers. @@ -142,8 +143,8 @@ public static function decode( // See issue #351 throw new UnexpectedValueException('Incorrect key for this algorithm'); } - if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384'], true)) { - // OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384 signatures + if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384', 'ES512'], true)) { + // OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384/ES512 signatures $sig = self::signatureToDER($sig); } if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) { @@ -186,8 +187,8 @@ public static function decode( * * @param array $payload PHP array * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key. - * @param string $alg Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256', - * 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' + * @param string $alg Supported algorithms are 'ES256', 'ES256K', 'ES384', 'ES512', + * 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' * @param string $keyId * @param array $head An array with header elements to attach * @@ -227,8 +228,8 @@ public static function encode( * * @param string $msg The message to sign * @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key. - * @param string $alg Supported algorithms are 'EdDSA', 'ES384', 'ES256', 'ES256K', 'HS256', - * 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' + * @param string $alg Supported algorithms are 'EdDSA', 'ES256', 'ES256K', 'ES384', 'ES512', + * 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' * * @return string An encrypted message * @@ -262,6 +263,8 @@ public static function sign( $signature = self::signatureFromDER($signature, 256); } elseif ($alg === 'ES384') { $signature = self::signatureFromDER($signature, 384); + } elseif ($alg === 'ES512') { + $signature = self::signatureFromDER($signature, 512); } return $signature; case 'sodium_crypto':