Add support for Ed25519 / EdDSA, with unit tests

[Someguy123]

Added support for EdDSA signing and verification using cryptography (version 2.6 and higher), including unit tests in the TestEd25519Algorithms class at tests/contrib/test_algorithms.py

The Ed25519Algorithm class supports loading private and public keys in PEM format, as well as public keys in OpenSSH format. If a private key is specified, it can be used for both signing and verification, as the public key can simply be interpolated from the private key.

Ed25519 JWT functionality was verified by encoding a JWT from PyJWT, decoding it with PyJWT, and also decoding it with NodeJS's Jose.

As a second interoperability test, I also signed an EdDSA JWT from NodeJS Jose, then verified it from PyJWT to confirm bi-directional interoperability.

Generating JWT with EdDSA and verifying it in python

import jwt

ed_priv = b'-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIBy9N4xfv/9qOiKrxwRKeGfO5ab6lSukKHbuC5vaJ1Mg\n-----END PRIVATE KEY-----\n'

jwt.encode({'hello': 'world'}, ed_priv, algorithm='EdDSA')

# Output: b'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJoZWxsbyI6IndvcmxkIn0.HEDJTw1jNaz82WuP3O1l5_i-eaaj3DBEKesPUsInSgKuvbav6XaLORERs7wPrmS14DN_WlzDUCn0LmVGl4VlCg'

jwt.decode(b'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJoZWxsbyI6IndvcmxkIn0.HEDJTw1jNaz82WuP3O1l5_i-eaaj3DBEKesPUsInSgKuvbav6XaLORERs7wPrmS14DN_WlzDUCn0LmVGl4VlCg', ed_priv, algorithms=['EdDSA'])

# Output: {'hello': 'world'}

Taking the JWT generated in Python and verifying it with the NodeJS jose package

var jose = require('jose');

key = jose.JWK.asKey('-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIBy9N4xfv/9qOiKrxwRKeGfO5ab6lSukKHbuC5vaJ1Mg\n-----END PRIVATE KEY-----\n');

// OKPKey {
//  crv: 'Ed25519',
//  kid: 'qQ6jEDQi_utuJJopIs6HKOUwBGparO3roUaHeHxsjgM',
//  kty: 'OKP',
//  x: 'LikrZ148aBy0gCyHQf-2ZSsvPHZVzgu1zxM32d-4KEY'
// }

jose.JWT.verify('eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJoZWxsbyI6IndvcmxkIn0.HEDJTw1jNaz82WuP3O1l5_i-eaaj3DBEKesPUsInSgKuvbav6XaLORERs7wPrmS14DN_WlzDUCn0LmVGl4VlCg', key, {algorithms: ['EdDSA']})

// { hello: 'world' }

Generating an EdDSA JWT in NodeJS jose, and verifying it with PyJWT

NodeJS Signing EdDSA:

> jose.JWT.sign({'example': 'test'}, key, {algorithm: 'EdDSA'})
'eyJhbGciOiJFZERTQSIsImtpZCI6InFRNmpFRFFpX3V0dUpKb3BJczZIS09Vd0JHcGFyTzNyb1VhSGVIeHNqZ00ifQ.eyJleGFtcGxlIjoidGVzdCIsImlhdCI6MTU3MjA1NzEyNH0.dXjiE-eRL4ZLDctu0qCw8gedttMP64TykuxxOGFOR3_0FlUDPpY5K3bSqymdcUlmN4_4bEQqFZ7fRPP9Ak-iDg'

Python (PyJWT) verifying EdDSA JWT from NodeJS jose:

jwt.decode(b'eyJhbGciOiJFZERTQSIsImtpZCI6InFRNmpFRFFpX3V0dUpKb3BJczZIS09Vd0JHcGFyTzNyb1VhSGVIeHNqZ00ifQ.eyJleGFtcGxlIjoidGVzdCIsImlhdCI6MTU3MjA1NzEyNH0.dXjiE-eRL4ZLDctu0qCw8gedttMP64TykuxxOGFOR3_0FlUDPpY5K3bSqymdcUlmN4_4bEQqFZ7fRPP9Ak-iDg',
           ed_priv, algorithms=['EdDSA'])
{'example': 'test', 'iat': 1572057124}

[coveralls]

Pull Request Test Coverage Report for Build 98

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at ?%

---

Totals
Change from base Build 94:	0.0%
Covered Lines:
Relevant Lines:	0

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build 98

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at ?%

---

Totals
Change from base Build 94:	0.0%
Covered Lines:
Relevant Lines:	0

---

💛 - Coveralls

[Congee]

Any blockers for this pull request?

[benwis]

I hope this gets merged in, the Ed25519 algorithm is really nice!