panva
diff --git a/‎certification/oidc/configuration.js
Lines changed: 108 additions & 81 deletions b/‎certification/oidc/configuration.js
Lines changed: 108 additions & 81 deletions
diff --git a/‎docs/README.md
Lines changed: 9 additions & 1 deletion b/‎docs/README.md
Lines changed: 9 additions & 1 deletion
diff --git a/‎lib/consts/jwa.js
Lines changed: 6 additions & 0 deletions b/‎lib/consts/jwa.js
Lines changed: 6 additions & 0 deletions
diff --git a/‎lib/helpers/client_schema.js
Lines changed: 1 addition & 1 deletion b/‎lib/helpers/client_schema.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/helpers/configuration.js
Lines changed: 15 additions & 1 deletion b/‎lib/helpers/configuration.js
Lines changed: 15 additions & 1 deletion
diff --git a/‎lib/helpers/defaults.js
Lines changed: 9 additions & 1 deletion b/‎lib/helpers/defaults.js
Lines changed: 9 additions & 1 deletion
diff --git a/‎lib/helpers/initialize_keystore.js
Lines changed: 25 additions & 2 deletions b/‎lib/helpers/initialize_keystore.js
Lines changed: 25 additions & 2 deletions
diff --git a/‎lib/helpers/keystore.js
Lines changed: 10 additions & 4 deletions b/‎lib/helpers/keystore.js
Lines changed: 10 additions & 4 deletions
diff --git a/‎lib/models/client.js
Lines changed: 9 additions & 2 deletions b/‎lib/models/client.js
Lines changed: 9 additions & 2 deletions
diff --git a/‎lib/shared/attest_client_auth.js
Lines changed: 6 additions & 1 deletion b/‎lib/shared/attest_client_auth.js
Lines changed: 6 additions & 1 deletion
@@ -1913,7 +1913,7 @@ async function getResourceServerInfo(ctx, resourceIndicator, client) {
     // Tokens will be signed
     sign?:
      | {
-         alg?: string, // 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512' | 'Ed25519' | 'RS256' | 'RS384' | 'RS512' | 'EdDSA'
+         alg?: string, // 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512' | 'Ed25519' | 'RS256' | 'RS384' | 'RS512' | 'EdDSA' | 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87'
          kid?: string, // OPTIONAL `kid` to aid in signing key selection
        }
      | {
@@ -3598,6 +3598,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
 ]
 ```
 </details>
@@ -3689,6 +3690,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
   'HS256', 'HS384', 'HS512',
 ]
 ```
@@ -3721,6 +3723,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
   'HS256', 'HS384', 'HS512',
 ]
 ```
@@ -3750,6 +3753,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
 ]
 ```
 </details>
@@ -3841,6 +3845,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
   'HS256', 'HS384', 'HS512',
 ]
 ```
@@ -3933,6 +3938,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
   'HS256', 'HS384', 'HS512',
 ]
 ```
@@ -4026,6 +4032,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
   'HS256', 'HS384', 'HS512',
 ]
 ```
@@ -4118,6 +4125,7 @@ _**default value**_:
   'PS256', 'PS384', 'PS512',
   'ES256', 'ES384', 'ES512',
   'Ed25519', 'EdDSA',
+  'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
   'HS256', 'HS384', 'HS512',
 ]
 ```
 
@@ -6,6 +6,12 @@ const signingAlgValues = [
   'Ed25519', 'EdDSA',
 ];
 
+const version = globalThis.process?.version?.substring(1).split('.').map((i) => parseInt(i, 10));
+
+if (version[0] > 24 || (version[0] === 24 && version[1] >= 7)) {
+  signingAlgValues.push('ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87');
+}
+
 const encryptionAlgValues = [
   // asymmetric
   'RSA-OAEP',
 
@@ -11,7 +11,7 @@ import omitBy from './_/omit_by.js';
 const W3CEmailRegExp = /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/;
 const needsJwks = {
   jwe: /^(RSA|ECDH)/,
-  jws: /^(?:(?:P|E|R)S(?:256|384|512)|Ed(?:DSA|25519))$/,
+  jws: /^(?:(?:P|E|R)S(?:256|384|512)|Ed(?:DSA|25519)|ML-DSA-(?:44|65|87))$/,
 };
 const {
   ARYS,
 
@@ -22,7 +22,21 @@ function filterHS(alg) {
   return alg.startsWith('HS');
 }
 
-const filterAsymmetricSig = RegExp.prototype.test.bind(/^(?:PS(?:256|384|512)|RS(?:256|384|512)|ES(?:256K?|384|512)|Ed(?:25519|DSA))$/);
+function filterAsymmetricSig(alg) {
+  switch (alg.slice(0, 2)) {
+    case 'ML': // ML-DSA-*, ML-KEM-*
+    case 'RS': // RS\d{3}, RSA-OAEP
+    case 'PS': // PS\d{3}
+    case 'ES': // ECDSA
+    case 'EC': // ECDH
+    case 'Ed': // Ed*
+    case 'X2': // X25519
+    case 'X4': // X448
+      return true;
+    default:
+      return false;
+  }
+}
 
 const supportedResponseTypes = new Set(['none', 'code', 'id_token', 'token']);
 const fapiProfiles = new Set(['1.0 Final', '2.0']);
 
@@ -2107,7 +2107,7 @@ function makeDefaults() {
          *     // Tokens will be signed
          *     sign?:
          *      | {
-         *          alg?: string, // 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512' | 'Ed25519' | 'RS256' | 'RS384' | 'RS512' | 'EdDSA'
+         *          alg?: string, // 'PS256' | 'PS384' | 'PS512' | 'ES256' | 'ES384' | 'ES512' | 'Ed25519' | 'RS256' | 'RS384' | 'RS512' | 'EdDSA' | 'ML-DSA-44' | 'ML-DSA-65' | 'ML-DSA-87'
          *          kid?: string, // OPTIONAL `kid` to aid in signing key selection
          *        }
          *      | {
@@ -2855,6 +2855,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        *   'HS256', 'HS384', 'HS512',
        * ]
        * ```
@@ -2881,6 +2882,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        *   'HS256', 'HS384', 'HS512',
        * ]
        * ```
@@ -2900,6 +2902,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        *   'HS256', 'HS384', 'HS512',
        * ]
        * ```
@@ -2926,6 +2929,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        *   'HS256', 'HS384', 'HS512',
        * ]
        * ```
@@ -2945,6 +2949,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        *   'HS256', 'HS384', 'HS512',
        * ]
        * ```
@@ -2970,6 +2975,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        *   'HS256', 'HS384', 'HS512',
        * ]
        * ```
@@ -3242,6 +3248,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        * ]
        * ```
        */
@@ -3260,6 +3267,7 @@ function makeDefaults() {
        *   'PS256', 'PS384', 'PS512',
        *   'ES256', 'ES384', 'ES512',
        *   'Ed25519', 'EdDSA',
+       *   'ML-DSA-44', 'ML-DSA-65', 'ML-DSA-87', // available in Node.js >= 24.7.0
        * ]
        * ```
        */
 
@@ -26,13 +26,18 @@ const calculateKid = (jwk) => {
         crv: jwk.crv, kty: 'OKP', x: jwk.x,
       };
       break;
+    case 'AKP':
+      components = {
+        alg: jwk.alg, kty: 'AKP', pub: jwk.pub,
+      };
+      break;
     default:
       return undefined;
   }
 
   return crypto.hash('sha256', JSON.stringify(components), 'base64url');
 };
-const KEY_TYPES = new Set(['RSA', 'EC', 'OKP']);
+const KEY_TYPES = new Set(['RSA', 'EC', 'OKP', 'AKP']);
 
 const jwkSignatureAlgorithms = (jwk) => {
   if (jwk.use !== 'sig' && jwk.use !== undefined) {
@@ -67,6 +72,16 @@ const jwkSignatureAlgorithms = (jwk) => {
         default:
       }
       break;
+    case 'AKP':
+      switch (jwk.alg) {
+        case 'ML-DSA-44':
+        case 'ML-DSA-65':
+        case 'ML-DSA-87':
+          available = [jwk.alg];
+          break;
+        default:
+      }
+      break;
     default:
   }
 
@@ -140,14 +155,21 @@ function registerKey(input, i, keystore, kids) {
   } else {
     key = structuredClone(input);
   }
-  assert(KEY_TYPES.has(key.kty), `only RSA, EC, or OKP keys should be part of jwks configuration (index ${i})`);
+  assert(KEY_TYPES.has(key.kty), `only RSA, EC, OKP, or AKP keys should be part of jwks configuration (index ${i})`);
   key.kid ??= calculateKid(key);
   checkString(key.kid, 'kid', i);
 
   assert(!kids.has(key.kid), 'jwks.keys configuration must not contain duplicate "kid" values');
   kids.add(key.kid);
 
   switch (key.kty) {
+    case 'AKP':
+      checkString(key.alg, 'alg', i);
+      checkString(key.pub, 'pub', i);
+      if (!(key instanceof ExternalSigningKey)) {
+        checkString(key.priv, 'priv', i);
+      }
+      break;
     case 'OKP':
       checkString(key.crv, 'crv', i);
       checkString(key.x, 'x', i);
@@ -282,6 +304,7 @@ provide your own in the configuration "jwks" property');
     x: key.x,
     x5c: key.x5c ? [...key.x5c] : undefined,
     y: key.y,
+    pub: key.pub,
   }));
   instance(this).jwks = { keys };
 }
@@ -36,6 +36,11 @@ export class ExternalSigningKey {
     return this.#publicJwk.kty;
   }
 
+  get pub() {
+    this.#ensurePublicJwk();
+    return this.#publicJwk.pub;
+  }
+
   get e() {
     this.#ensurePublicJwk();
     return this.#publicJwk.e;
@@ -99,6 +104,7 @@ const getKtyFromJWSAlg = (alg) => {
     case 'HS': return 'oct';
     case 'ES': return 'EC';
     case 'Ed': return 'OKP';
+    case 'ML': return 'AKP';
     default:
       throw new Error();
   }
@@ -138,7 +144,7 @@ const filter = Symbol();
 
 function stripPrivate(jwk) {
   const {
-    d, p, q, dp, dq, qi, oth, ...pub
+    d, p, q, dp, dq, qi, oth, priv, ...pub
   } = jwk;
   return pub;
 }
@@ -163,13 +169,13 @@ class KeyStore {
     const scoring = { alg, use: 'sig' };
 
     return this[filter]((jwk) => {
-      let candidate = typeof kty === 'string' ? jwk.kty === kty : kty.includes(jwk.kty);
+      let candidate = jwk.kty === kty;
 
       if (candidate && typeof kid === 'string') {
         candidate = kid === jwk.kid;
       }
 
-      if (candidate && typeof jwk.alg === 'string') {
+      if (candidate && (typeof jwk.alg === 'string' || kty === 'AKP')) {
         candidate = alg === jwk.alg;
       }
 
@@ -272,7 +278,7 @@ class KeyStore {
       return getPublic ? input.keyObject() : input;
     }
 
-    if (input.kty === 'oct' || !input.d || !getPublic) {
+    if (input.kty === 'oct' || (!input.d && !input.priv) || !getPublic) {
       return input;
     }
 
 
@@ -77,23 +77,30 @@ function checkJWK(jwk) {
         if (!EC_CURVES.has(jwk.crv)) return undefined;
         if (!(typeof jwk.x === 'string' && jwk.x)) throw new Error();
         if (!(typeof jwk.y === 'string' && jwk.y)) throw new Error();
+        if (jwk.d !== undefined) throw new Error();
         break;
       case 'OKP':
         if (!(typeof jwk.crv === 'string' && jwk.crv)) throw new Error();
         if (!OKP_SUBTYPES.has(jwk.crv)) return undefined;
         if (!(typeof jwk.x === 'string' && jwk.x)) throw new Error();
+        if (jwk.d !== undefined) throw new Error();
+        break;
+      case 'AKP':
+        if (!(typeof jwk.alg === 'string' && jwk.alg)) throw new Error();
+        if (!(typeof jwk.pub === 'string' && jwk.pub)) throw new Error();
+        if (jwk.priv !== undefined) throw new Error();
         break;
       case 'RSA':
         if (!(typeof jwk.e === 'string' && jwk.e)) throw new Error();
         if (!(typeof jwk.n === 'string' && jwk.n)) throw new Error();
+        if (jwk.d !== undefined) throw new Error();
         break;
       case 'oct':
-        break;
+        throw new Error();
       default:
         return undefined;
     }
 
-    if (!(jwk.d === undefined && jwk.kty !== 'oct')) throw new Error();
     if (!(jwk.alg === undefined || (typeof jwk.alg === 'string' && jwk.alg))) throw new Error();
     if (!(jwk.kid === undefined || (typeof jwk.kid === 'string' && jwk.kid))) throw new Error();
     if (!(jwk.use === undefined || (typeof jwk.use === 'string' && jwk.use))) throw new Error();
 
@@ -46,7 +46,12 @@ export default async function attestationClientAuth(ctx) {
     if (verifiedAttestation.key.type !== 'public') {
       throw new Error('the resolved key must be a public key');
     }
-    if (typeof verifiedAttestation.payload.cnf?.jwk?.kty !== 'string' || verifiedAttestation.payload.cnf?.jwk?.d !== undefined || verifiedAttestation.payload.cnf?.jwk?.k !== undefined) {
+    if (
+      typeof verifiedAttestation.payload.cnf?.jwk?.kty !== 'string'
+      || verifiedAttestation.payload.cnf?.jwk?.d !== undefined
+      || verifiedAttestation.payload.cnf?.jwk?.priv !== undefined
+      || verifiedAttestation.payload.cnf?.jwk?.k !== undefined
+    ) {
       throw new Error('invalid cnf.jwk');
     }
   } catch (err) {
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,12 @@ export default async function attestationClientAuth(ctx) {`
`46`	`46`	`if (verifiedAttestation.key.type !== 'public') {`
`47`	`47`	`throw new Error('the resolved key must be a public key');`
`48`	`48`	`}`
`49`		`- if (typeof verifiedAttestation.payload.cnf?.jwk?.kty !== 'string' \|\| verifiedAttestation.payload.cnf?.jwk?.d !== undefined \|\| verifiedAttestation.payload.cnf?.jwk?.k !== undefined) {`
	`49`	`+ if (`
	`50`	`+ typeof verifiedAttestation.payload.cnf?.jwk?.kty !== 'string'`
	`51`	`+ \|\| verifiedAttestation.payload.cnf?.jwk?.d !== undefined`
	`52`	`+ \|\| verifiedAttestation.payload.cnf?.jwk?.priv !== undefined`
	`53`	`+ \|\| verifiedAttestation.payload.cnf?.jwk?.k !== undefined`
	`54`	`+ ) {`
`50`	`55`	`throw new Error('invalid cnf.jwk');`
`51`	`56`	`}`
`52`	`57`	`} catch (err) {`