Skip to content

2026 05 02 add Ed25519 support #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
robinheghan merged 8 commits into from
May 9, 2026
Merged

2026 05 02 add Ed25519 support #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
777beb1
Add support for generating signatures with the Ed25519 algorithm
joeybright May 2, 2026
a194ee0
Detecting support for ed25519 key generation and not failing tests if…
joeybright May 3, 2026
184ba64
Added comment to better explain platform compatibility check
joeybright May 3, 2026
a4c1397
Removed unnecessary comment
joeybright May 3, 2026
2944a5b
Merge branch 'main' into 2026-05-02-add-ed25519-support
joeybright May 3, 2026
6ed8fea
Ran `devbox format`
joeybright May 7, 2026
acdc2ab
Fixing shadowing error in integration tests
joeybright May 7, 2026
0d7d5fb
Merge branch 'main' into 2026-05-02-add-ed25519-support
joeybright May 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
289 changes: 289 additions & 0 deletions integration_tests/src/Test/Crypto.gren
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ tests =
, hmacTests secureContext
, rsaPssTests secureContext
, ecdsaTests secureContext
, ed25519Tests secureContext
, digestTests secureContext
]
)
Expand Down Expand Up @@ -2504,6 +2505,294 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } =



-- Ed25519 Tests


{-|-}
ed25519Tests secureContext =
-- Checks to see if generating a key pair succeeds. This assumes that the platform that's
-- running the tests supports this algorithm and other tests can be run. If this fails,
-- it's assumed the platform does not support the algorithm and does not run the test that
-- will, ultimately, fail.
await
(Crypto.generateEd25519KeyPair secureContext Crypto.CannotBeExtracted
|> Task.map Just
|> Task.onError
(\err ->
when err is
Crypto.Ed25519KeyGenerationNotSupported ->
Task.succeed Nothing
)
)
"Ed25519: Checking runtime support"
(\maybeKeyPair ->
when maybeKeyPair is
Just keyPair ->
ed25519SupportedTests secureContext keyPair

Nothing ->
test "Ed25519 is not supported by this runtime, so Ed25519 tests are skipped"
(\_ ->
Expect.pass
)
)


{-|-}
ed25519SupportedTests secureContext { publicKey, privateKey } =
concat
[ describe "Ed25519: Generated a key that cannot be extracted"
[ await
(Crypto.exportEd25519PublicKeyAsRaw publicKey)
"Exporting public Ed25519 key as RAW when not extractable"
(\exportedKey ->
await
(Crypto.importEd25519PublicKeyFromRaw
secureContext
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey publicKey
)
)
)
, await
(Crypto.exportEd25519PublicKeyAsSpki publicKey)
"Exporting public Ed25519 key as SPKI when not extractable"
(\exportedKey ->
await
(Crypto.importEd25519PublicKeyFromSpki
secureContext
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey publicKey
)
)
)
, await
(Crypto.exportEd25519PublicKeyAsJwk publicKey)
"Exporting public Ed25519 key as JWK when not extractable"
(\exportedKey ->
await
(Crypto.importEd25519PublicKeyFromJwk
secureContext
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey publicKey
)
)
)
, awaitError
(Crypto.exportEd25519PrivateKeyAsPkcs8 privateKey)
"Exporting private Ed25519 key as PKCS8 when not extractable"
(\err ->
test "When exporting private key that isn't extractable, fails with expected message"
(\_ ->
Expect.equal err Crypto.KeyNotExportable
)
)
, awaitError
(Crypto.exportEd25519PrivateKeyAsJwk privateKey)
"Exporting private Ed25519 key as JWK when not extractable"
(\err ->
test "When exporting private key that isn't extractable, fails with expected message"
(\_ ->
Expect.equal err Crypto.KeyNotExportable
)
)
, await
(Crypto.signWithEd25519 privateKey (Bytes.fromString "hello"))
"Signing some bytes with a non-extractable key"
(\signature ->
await
(Crypto.verifyWithEd25519 publicKey signature (Bytes.fromString "hello"))
"Verifying signed bytes"
(\verifiedBytes ->
test "The verified bytes equal the signed bytes"
(\_ ->
Expect.equal verifiedBytes (Bytes.fromString "hello")
)
)
)
]
, await
(Crypto.generateEd25519KeyPair
secureContext
Crypto.CanBeExtracted
)
"Ed25519: Generating a key that can be extracted"
(\extractableKey ->
let
bytesToSign =
Bytes.fromString "hello"
in
concat
[ await
(Crypto.exportEd25519PublicKeyAsRaw extractableKey.publicKey)
"Exporting public Ed25519 key as RAW when extractable"
(\exportedKey ->
await
(Crypto.importEd25519PublicKeyFromRaw
secureContext
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey extractableKey.publicKey
)
)
)
, await
(Crypto.exportEd25519PublicKeyAsSpki extractableKey.publicKey)
"Exporting public Ed25519 key as SPKI when extractable"
(\exportedKey ->
await
(Crypto.importEd25519PublicKeyFromSpki
secureContext
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey extractableKey.publicKey
)
)
)
, await
(Crypto.exportEd25519PublicKeyAsJwk extractableKey.publicKey)
"Exporting public Ed25519 key as JWK when extractable"
(\exportedKey ->
await
(Crypto.importEd25519PublicKeyFromJwk
secureContext
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey extractableKey.publicKey
)
)
)
, await
(Crypto.exportEd25519PrivateKeyAsPkcs8 extractableKey.privateKey)
"Exporting private Ed25519 key as PKCS8 when extractable"
(\exportedKey ->
await
(Crypto.importEd25519PrivateKeyFromPkcs8
secureContext
Crypto.CanBeExtracted
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey extractableKey.privateKey
)
)
)
, await
(Crypto.exportEd25519PrivateKeyAsJwk extractableKey.privateKey)
"Exporting private Ed25519 key as JWK when extractable"
(\exportedKey ->
await
(Crypto.importEd25519PrivateKeyFromJwk
secureContext
Crypto.CanBeExtracted
exportedKey
)
"Importing the exported key"
(\importedKey ->
test "Imported key equals the original key"
(\_ ->
Expect.equal importedKey extractableKey.privateKey
)
)
)
, await
(Crypto.signWithEd25519 extractableKey.privateKey bytesToSign)
"Sign some bytes"
(\signature ->
concat
[ await
(Crypto.verifyWithEd25519 extractableKey.publicKey signature bytesToSign)
"Verifying signed bytes"
(\verifiedBytes ->
test "The verified bytes are the same as the signed bytes"
(\_ ->
Expect.equal verifiedBytes bytesToSign
)
)
, awaitError
(Crypto.verifyWithEd25519 extractableKey.publicKey signature (Bytes.fromString "some other bytes"))
"Verifying bytes that were not signed"
(\_ ->
test "Fails when bytes that are being verified are different than what was signed"
(\_ ->
Expect.pass
)
)
]
)
]
)
, awaitError
(Crypto.importEd25519PublicKeyFromRaw
secureContext
(Bytes.fromString "obviously not a valid ed25519 public key")
)
"Importing an Ed25519 public key from invalid raw bytes"
(\err ->
test "Produces the expected error"
(\_ ->
Expect.equal err Crypto.ImportEd25519KeyError
)
)
, awaitError
(Crypto.importEd25519PublicKeyFromSpki
secureContext
(Bytes.fromString "junk")
)
"Importing an Ed25519 public key from invalid SPKI bytes"
(\err ->
test "Produces the expected error"
(\_ ->
Expect.equal err Crypto.ImportEd25519KeyError
)
)
, awaitError
(Crypto.importEd25519PrivateKeyFromPkcs8
secureContext
Crypto.CanBeExtracted
(Bytes.fromString "junk")
)
"Importing an Ed25519 private key from invalid PKCS8 bytes"
(\err ->
test "Produces the expected error"
(\_ ->
Expect.equal err Crypto.ImportEd25519KeyError
)
)
]



-- HMAC Tests


Expand Down
Loading
Loading