pin jwx/v3 to 89c1d7848e6e (#4)

lestrrat · web-flow · commit 6dc50028e34a · 2026-04-01T23:10:54.000+09:00
* pin jwx/v3 to 89c1d7848e6e

* update ed448 to use KeyExporter API

* trigger CI on all pushes
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,11 +1,5 @@
 name: CI
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
+on: [push]
 
 jobs:
   build:
diff --git a/ed448.go b/ed448.go
@@ -33,16 +33,13 @@ func init() {
 	// Register Ed448 as valid algorithm for OKP key type
 	jws.RegisterAlgorithmForKeyType(jwa.OKP(), jwa.EdDSAEd448())
 
-	// Register JWK OKP curve builders for Ed448
-	jwk.RegisterOKPCurveBuilder(jwa.Ed448(), jwk.OKPCurveBuilder{
-		BuildPublicKey:  buildEd448PublicKey,
-		BuildPrivateKey: buildEd448PrivateKey,
-	})
+	// Register JWK exporter for OKP:Ed448 keys (JWK → raw ed448 key)
+	jwk.RegisterKeyExporter(jwk.KeyKind("OKP:Ed448"), jwk.KeyExportFunc(exportEd448Key))
 
 	// Register raw key importer for Ed448 keys
 	jwk.RegisterOKPRawKeyImporter(importEd448RawKey)
 
-	// Register jwk.Import handlers for Ed448 key types
+	// Register jwk.Import handlers for Ed448 key types (raw ed448 key → JWK)
 	f := jwk.KeyImportFunc(importOKPEd448Key)
 	jwk.RegisterKeyImporter(ed448.PublicKey(nil), f)
 	jwk.RegisterKeyImporter(ed448.PrivateKey(nil), f)
@@ -126,25 +123,40 @@ func ed448PublicKey(dst *ed448.PublicKey, src any) error {
 	return nil
 }
 
-// --- JWK OKP key building ---
+// --- JWK key export (JWK → raw ed448 key) ---
 
-func buildEd448PublicKey(xbuf []byte) (any, error) {
-	if len(xbuf) != ed448.PublicKeySize {
-		return nil, fmt.Errorf(`ed448: wrong public key size %d (expected %d)`, len(xbuf), ed448.PublicKeySize)
-	}
-	return ed448.PublicKey(xbuf), nil
-}
-
-func buildEd448PrivateKey(xbuf, dbuf []byte) (any, error) {
-	if len(dbuf) != ed448.SeedSize {
-		return nil, fmt.Errorf(`ed448: wrong private key seed size %d (expected %d)`, len(dbuf), ed448.SeedSize)
-	}
-	ret := ed448.NewKeyFromSeed(dbuf)
-	pub := ret.Public().(ed448.PublicKey) //nolint:forcetypeassert
-	if !bytes.Equal(xbuf, pub) {
-		return nil, fmt.Errorf(`ed448: invalid x value given d value`)
+func exportEd448Key(key jwk.Key, _ any) (any, error) {
+	switch key := key.(type) {
+	case jwk.OKPPrivateKey:
+		x, ok := key.X()
+		if !ok {
+			return nil, fmt.Errorf(`missing "x" field`)
+		}
+		d, ok := key.D()
+		if !ok {
+			return nil, fmt.Errorf(`missing "d" field`)
+		}
+		if len(d) != ed448.SeedSize {
+			return nil, fmt.Errorf(`ed448: wrong private key seed size %d (expected %d)`, len(d), ed448.SeedSize)
+		}
+		ret := ed448.NewKeyFromSeed(d)
+		pub := ret.Public().(ed448.PublicKey) //nolint:forcetypeassert
+		if !bytes.Equal(x, pub) {
+			return nil, fmt.Errorf(`ed448: invalid x value given d value`)
+		}
+		return ret, nil
+	case jwk.OKPPublicKey:
+		x, ok := key.X()
+		if !ok {
+			return nil, fmt.Errorf(`missing "x" field`)
+		}
+		if len(x) != ed448.PublicKeySize {
+			return nil, fmt.Errorf(`ed448: wrong public key size %d (expected %d)`, len(x), ed448.PublicKeySize)
+		}
+		return ed448.PublicKey(x), nil
+	default:
+		return nil, jwk.ContinueError()
 	}
-	return ret, nil
 }
 
 // --- JWK raw key import ---
diff --git a/ed448_test.go b/ed448_test.go
@@ -112,3 +112,4 @@ func TestEd448JWKRoundtrip(t *testing.T) {
 		require.Equal(t, priv.Seed(), exported.Seed())
 	})
 }
+
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.25.0
 
 require (
 	github.com/cloudflare/circl v1.6.3
-	github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401120942-afa5b058da4f
+	github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401135236-89c1d7848e6e
 	github.com/stretchr/testify v1.11.1
 )
 
diff --git a/go.sum b/go.sum
@@ -17,8 +17,8 @@ github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZ
 github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
 github.com/lestrrat-go/httprc/v3 v3.0.5 h1:S+Mb4L2I+bM6JGTibLmxExhyTOqnXjqx+zi9MoXw/TM=
 github.com/lestrrat-go/httprc/v3 v3.0.5/go.mod h1:mSMtkZW92Z98M5YoNNztbRGxbXHql7tSitCvaxvo9l0=
-github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401120942-afa5b058da4f h1:K86lFdx4kZMoFIcp7h8uKIYCzvyVVc6yl1kJR4LS15Q=
-github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401120942-afa5b058da4f/go.mod h1:vuqP7b/QKMjPSwaYSFxZNfIVxm7OreavgfKUjkw4gjY=
+github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401135236-89c1d7848e6e h1:GFSbTQz4VvJP1ZJ6lTUdOedHm7rCdSa8IpPHLYGeBrE=
+github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401135236-89c1d7848e6e/go.mod h1:vuqP7b/QKMjPSwaYSFxZNfIVxm7OreavgfKUjkw4gjY=
 github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLOcID3Ss=
 github.com/lestrrat-go/option/v2 v2.0.0/go.mod h1:oSySsmzMoR0iRzCDCaUfsCzxQHUEuhOViQObyy7S6Vg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

Original file line number	Diff line number	Diff line change
`@@ -112,3 +112,4 @@ func TestEd448JWKRoundtrip(t *testing.T) {`
`112`	`112`	`require.Equal(t, priv.Seed(), exported.Seed())`
`113`	`113`	`})`
`114`	`114`	`}`
	`115`	`+`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ go 1.25.0`
`4`	`4`
`5`	`5`	`require (`
`6`	`6`	`github.com/cloudflare/circl v1.6.3`
`7`		`- github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401120942-afa5b058da4f`
	`7`	`+ github.com/lestrrat-go/jwx/v3 v3.0.14-0.20260401135236-89c1d7848e6e`
`8`	`8`	`github.com/stretchr/testify v1.11.1`
`9`	`9`	`)`
`10`	`10`