Add support for Ed25519 and Ed448

[fdennis]

Fixes #319

[github-actions]

Test Results

2 305 tests   2 297 ✅  1m 3s ⏱️
   46 suites      8 💤
   46 files        0 ❌

Results for commit 5e6177c.

♻️ This comment has been updated with latest results.

[emlun]

Alright! 🙂 we'll also need corresponding constants in PublicKeyCredentialParameters, and to add Ed448 to the default preferredPubkeyParams (also in RelyingPartyV2). I'd say to add it after ES512, since Ed448 and ES512 are at the same security level and the current default prefers ES256 over EdDSA.

Then we also need some tests! 🙂

• First off, that Ed448 is included in emitted pubKeyCredParams when available. You can duplicate this test and replace the EdDSA constant references (but not the KeyFactory argument, I think) with Ed448:

  java-webauthn-server/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2RegistrationSpec.scala

  Line 4280 in 5cbebf2

  it("EdDSA, when available.") {

  (also in RelyingPartyRegistrationSpec)

• We also need some tests of using Ed448:

  java-webauthn-server/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2AssertionSpec.scala

  Line 2417 in 5cbebf2

  it("a generated Ed25519 key.") {

  So I guess for that I'll need to show you how the RegistrationTestDataGenerator works 😄 (of course if we can find some real examples that's great too, but I don't know of any popular authenticator implementations off the top of my head.)

  You can run that class in your IDE, and it will go through a hardcoded list of RegistrationTestData instances and call regenerate() on each of them. Then for each test data index it'll print the index in the list, and then a block of code to paste over the new RegistrationTestData(...) for that test data set. After that you can run the code formatter and commit the new or updated test data. This way we have a set of test vectors that are stable even after changes to the code that originally generated them, but which can be easily updated whenever needed. Most of these are also listed in the defaultSettingsValidExamples constant, which is used in RelyingPartyRegistrationSpec to check that all of those test cases work with the default settings.

  So for this we can start by duplicating the val BasicAttestationEdDsa as val BasicAttestationEd448 and just update the constant in regenerate(), then add that to the list in regenerateTestData and to defaultSettingsValidExamples, and then run RegistrationTestDataGenerator to generate the test case. For this we'll probably need to add some switch cases in TestAuthenticator.scala (regenerate() calls createBasicAttestedCredential which eventually ends up in generateKeypair, and you'll also need to update the KeyPairGenerator argument further down that call chain) and WebauthnCodecs too.

  I realize that's a lot to dig into, so let me know if you need any help and/or guidance with it 😄

[emlun]

Looks good! I fixed a few small issues, refactored a couple things and tweaked code style a bit: https://github.com/Yubico/java-webauthn-server/pull/429/files/9cb7678ec627b8c40c8584ed6ac1dc7410e9215d..40acf2117024faf2192ea968bfcab3f513c05e61

• I noticed that we're sometimes using the JCA identifier "EdDSA" (since before) and sometimes "Ed25519" or "Ed448", so I got curious about which is most appropriate. This led me to notice that some of these switch statements are no longer exhaustive, so I added tests to catch that: 14fa04a and 48464e4. d8f634d doesn't have a test, but rather addresses similar warnings from the Scala compiler.
• Then commit 1f2c6b3 makes the change to using only the "Ed25519" and "Ed448" identifiers.
• I noticed that the COSE alg of the key in the BasicAttestationEd448 test case was set to -7 (EdDSA), because that was still hard-coded in eddsaPublicKeyToCose: 070d895 and 3e06a2a.
• Most of commits 03a2109 through 40acf21 are various refactorings and some subjective code style fixes. I think these changes make the code easier to read and follow (most of the affected code is from before the PR).