Enable EdDSA (Ed25519) support

[Copilot]

EdDSA support was stubbed out but fully commented as "untested and unfinished". The OKP key type infrastructure existed but no algorithm mappings were active. Node.js 16+ natively supports Ed25519 via WebCrypto, so this can now be enabled with proper tests.

Core changes

• lib/keyUtils.js: Enable COSE alg -8 → "EdDSA", add JWK mapping, handle Ed25519/Ed448 in setAlgorithm() (derive WebCrypto name from curve, skip namedCurve/hash — not applicable to EdDSA), add OIDs 1.3.101.112 (Ed25519) and 1.3.101.113 (Ed448) in fromPem()
• lib/toolbox.js: Skip hash requirement in verifySignature() for Ed25519/Ed448 (hash is intrinsic to EdDSA)
• lib/attestations/packed.js: Add -8 entry to algMap

Key design decision

EdDSA differs from ECDSA in WebCrypto: the algorithm name is the curve name ("Ed25519", "Ed448"), not a generic "EdDSA" with a separate curve parameter. setAlgorithm() handles this by falling back to crv when alg === "EdDSA":

} else if (algorithmInput.alg === "EdDSA" && algorithmInput.crv) {
    algorithmOutput.name = algorithmInput.crv; // "Ed25519" or "Ed448"
}

Tests

• Ed25519 COSE key import, PEM import, algorithm detection, JWK/PEM round-trip export
• Ed25519 signature verification from both PEM and COSE-imported keys
• coseAlgToStr(-8) → "EdDSA"
• 873 tests passing (+12 new), 0 regressions

Original prompt

---

This section details on the original issue you should resolve

<issue_title>EdDSA Support</issue_title>
<issue_description>I'm looking for EdDSA support: https://github.com/webauthn-open-source/fido2-lib/blob/master/lib/keyUtils.js#L161

Is there something stopping this? Or really, what was the reason this was disabled (There was actually enabled for some time and then disabled)</issue_description>

<agent_instructions>Have a look at this issue. Keep the changes minimal and consider the insights in the issue comments, combined with recent years developments. Make sure to add tests which fit in the existing setup.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@JamesCullum @Hexagon Can you clarify why you disabled EdDSA before? Can this be re-enabled?

In every case, we will need a test case for this - apart from that, we should be good.</comment_new>
<comment_new>@Hexagon
👋

I don't think EdDSA has ever worked (?). I added skeleton support in this commit to aid future development - but it is untested, and I'm not sure the implementation of Web Cryptography API in Deno and Node supports it without enabling experimental flags yet.

So, this is in need of further investigation and tests to cover. Up for grabs!</comment_new>
<comment_new>@JamesCullum
Thanks for the quick response and great insight - so if anyone can make a test case, we can turn it on 👍 </comment_new>

• Fixes EdDSA Support #145

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR expands the library’s EdDSA (Ed25519) support by enabling COSE alg -8 handling, improving signature verification behavior for EdDSA keys, and adding fixtures/tests that exercise Ed25519 key import/export and verification paths.

Changes:

• Add Ed25519 fixtures and tests for verifying signatures from PEM and COSE, plus PublicKey import/export assertions.
• Enable COSE alg -8 (“EdDSA”) mapping in key utilities and packed attestation algorithm mapping.
• Adjust tools.verifySignature to allow Ed25519/Ed448 verification without requiring a separate hash.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
test/parseAssertion.test.js	Adds Ed25519 signature verification tests from PEM and COSE.
test/keyUtils.test.js	Adds Ed25519 PublicKey import/export tests and COSE -8 string mapping test.
test/fixtures/eddsaPublicKey.js	Introduces Ed25519 fixture values (COSE, PEM, test data, signature).
lib/toolbox.js	Updates verifySignature hash handling to allow EdDSA without a separate hash.
lib/keyUtils.js	Enables COSE alg -8 (“EdDSA”) and adds Ed25519/Ed448 algorithm parsing/normalization.
lib/attestations/packed.js	Adds packed attestation alg map entry for COSE -8 with no hashAlg.

Comments suppressed due to low confidence (1)

lib/keyUtils.js:31

• After adding COSE alg -8 ("EdDSA"), coseAlgToHashStr(-8) will now convert to "EdDSA" and then throw because inputHashMap has no entry for "EdDSA". This breaks callers that derive hashAlg from COSE (e.g., TPM attestation parsing uses coseAlgToHashStr(attStmt.alg)). Please update coseAlgToHashStr/inputHashMap to handle EdDSA (likely returning undefined rather than throwing), and add a test for the new behavior.

		name: "alg",
		values: {
			"-7": "ECDSA_w_SHA256",
			"-8": "EdDSA",
			"-35": "ECDSA_w_SHA384",
			"-36": "ECDSA_w_SHA512",
			/*"-37": "RSASSA-PSS_w_SHA-256",
			"-38": "RSASSA-PSS_w_SHA-384",

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.