Add MLDSA{65,87} support (#229)

* Add `MLDSA{65,87}` support

* Re-format

* Switch to `_@spi(PostQuantum)`

* More formatting

* Even more formatting

* Update MLDSA impl

* Fix imports

* Minor fixes

* Update Tests/JWTKitTests/MLDSATests.swift

Co-authored-by: Francesco Paolo Severino <[email protected]>

* Remove unused error case

* Update docs

* Slight improvement

* Update Sources/JWTKit/Docs.docc/index.md

Co-authored-by: Francesco Paolo Severino <[email protected]>

* Add snippet end

* Actually add the algo to the table

* What am I doing

* Update snippets

* Add benchmarks

* Fix

---------

Co-authored-by: Francesco Paolo Severino <[email protected]>

Author: ptoffy

Benchmarks/Package.swift

@@ -17,6 +17,7 @@ let package = Package(
             dependencies: [
                 .product(name: "Benchmark", package: "package-benchmark"),
                 .product(name: "JWTKit", package: "jwt-kit"),
+                .target(name: "Utilities"),
             ],
             path: "Signing",
             plugins: [
@@ -28,6 +29,7 @@ let package = Package(
             dependencies: [
                 .product(name: "Benchmark", package: "package-benchmark"),
                 .product(name: "JWTKit", package: "jwt-kit"),
+                .target(name: "Utilities"),
             ],
             path: "Verifying",
             plugins: [
@@ -39,11 +41,16 @@ let package = Package(
             dependencies: [
                 .product(name: "Benchmark", package: "package-benchmark"),
                 .product(name: "JWTKit", package: "jwt-kit"),
+                .target(name: "Utilities"),
             ],
             path: "TokenLifecycle",
             plugins: [
                 .plugin(name: "BenchmarkPlugin", package: "package-benchmark")
             ]
         ),
+        .target(
+            name: "Utilities",
+            path: "Utilities"
+        ),
     ]
 )

Benchmarks/Signing/Signing.swift

@@ -1,6 +1,7 @@
 import Benchmark
 import Foundation
-import JWTKit
+@_spi(PostQuantum) import JWTKit
+import Utilities
 
 let benchmarks = {
     Benchmark.defaultConfiguration = .init(
@@ -47,14 +48,16 @@ let benchmarks = {
             _ = try await keyCollection.sign(payload)
         }
     }
-}
-
-struct Payload: JWTPayload {
-    let name: String
-    let admin: Bool
 
-    func verify(using signer: some JWTAlgorithm) async throws {
-        // nothing to verify
+    if #available(iOS 26, macOS 26, tvOS 26, watchOS 26, *) {
+        Benchmark("MLDSA65") { benchmark in
+            let seed = Data(fromHexEncodedString: mldsa65PrivateKeySeed)!
+            let key = try MLDSA65PrivateKey(seedRepresentation: seed)
+            let keyCollection = await JWTKeyCollection().add(mldsa: key)
+            for _ in benchmark.scaledIterations {
+                _ = try await keyCollection.sign(payload)
+            }
+        }
     }
 }
 
@@ -102,3 +105,4 @@ let rsaPrivateKey = """
 
 let eddsaPublicKeyBase64Url = "0ZcEvMCSYqSwR8XIkxOoaYjRQSAO8frTMSCpNbUl4lE"
 let eddsaPrivateKeyBase64Url = "d1H3_dcg0V3XyAuZW2TE5Z3rhY20M-4YAfYu_HUQd8w"
+let mldsa65PrivateKeySeed = "70cefb9aed5b68e018b079da8284b9d5cad5499ed9c265ff73588005d85c225c"

Benchmarks/TokenLifecycle/TokenLifecycle.swift

@@ -1,6 +1,7 @@
 import Benchmark
 import Foundation
-import JWTKit
+@_spi(PostQuantum) import JWTKit
+import Utilities
 
 let benchmarks = {
     Benchmark.defaultConfiguration = .init(
@@ -70,14 +71,27 @@ let benchmarks = {
             _ = try await keyCollection.verify(token, as: Payload.self)
         }
     }
-}
 
-struct Payload: JWTPayload {
-    let name: String
-    let admin: Bool
+    if #available(iOS 26, macOS 26, tvOS 26, watchOS 26, *) {
+        Benchmark("MLDSA65") { benchmark in
+            for _ in benchmark.scaledIterations {
+                let key = try MLDSA65PrivateKey(d: eddsaPrivateKeyBase64Url, curve: .ed25519)
+                let keyCollection = JWTKeyCollection()
+                await keyCollection.add(eddsa: key)
+                let token = try await keyCollection.sign(payload)
+                _ = try await keyCollection.verify(token, as: Payload.self)
+            }
+        }
 
-    func verify(using signer: some JWTAlgorithm) async throws {
-        // nothing to verify
+        Benchmark("MLDSA87") { benchmark in
+            for _ in benchmark.scaledIterations {
+                let key = try MLDSA87PrivateKey(d: eddsaPrivateKeyBase64Url, curve: .ed25519)
+                let keyCollection = JWTKeyCollection()
+                await keyCollection.add(eddsa: key)
+                let token = try await keyCollection.sign(payload)
+                _ = try await keyCollection.verify(token, as: Payload.self)
+            }
+        }
     }
 }
 

Benchmarks/Utilities/Data+hex.swift

@@ -0,0 +1,30 @@
+#if canImport(FoundationEssentials)
+import FoundationEssentials
+#else
+import Foundation
+#endif
+
+extension Data {
+    package init?(fromHexEncodedString string: String) {
+        func decodeNibble(u: UInt8) -> UInt8? {
+            switch u {
+            case 0x30...0x39: u - 0x30
+            case 0x41...0x46: u - 0x41 + 10
+            case 0x61...0x66: u - 0x61 + 10
+            default: nil
+            }
+        }
+
+        self.init(capacity: string.utf8.count / 2)
+
+        var iter = string.utf8.makeIterator()
+        while let c1 = iter.next() {
+            guard
+                let val1 = decodeNibble(u: c1),
+                let c2 = iter.next(),
+                let val2 = decodeNibble(u: c2)
+            else { return nil }
+            self.append(val1 << 4 + val2)
+        }
+    }
+}

Benchmarks/Utilities/Payload.swift

@@ -0,0 +1,10 @@
+import JWTKit
+
+package struct Payload: JWTPayload {
+    package let name: String
+    package let admin: Bool
+
+    package func verify(using signer: some JWTAlgorithm) async throws {
+        // nothing to verify
+    }
+}

Benchmarks/Verifying/Verifying.swift

@@ -1,6 +1,7 @@
 import Benchmark
 import Foundation
-import JWTKit
+@_spi(PostQuantum) import JWTKit
+import Utilities
 
 let benchmarks = {
     Benchmark.defaultConfiguration = .init(
@@ -69,13 +70,17 @@ let benchmarks = {
             _ = try await keyCollection.verify(token, as: Payload.self)
         }
     }
-}
-
-struct Payload: JWTPayload {
-    let name: String
-    let admin: Bool
 
-    func verify(using signer: some JWTAlgorithm) async throws {
-        // nothing to verify
+    if #available(iOS 26, macOS 26, tvOS 26, watchOS 26, *) {
+        Benchmark("MLDSA") { benchmark in
+            let mldsa65PrivateKeySeed = Data(fromHexEncodedString: "70cefb9aed5b68e018b079da8284b9d5cad5499ed9c265ff73588005d85c225c")
+            let keyCollection = try await JWTKeyCollection()
+                .add(mldsa: MLDSA65PrivateKey(seedRepresentation: mldsa65PrivateKeySeed))
+            let token =
+                "eyJhbGciOiJNTC1EU0EtNjUiLCJ0eXAiOiJKV1QifQ.eyJiYXIiOjQyfQ.hsk2p8N1ScHi_Gj97WZRqm1c01MsIic8imHnvr3DjNEIfGqTScqiLqyjfd-tm1OsYQko1VI9y-g9RjA8YZPuVxXTHrQ4qOz_xXSL9nAA7_ddoknU6YOrIBQNMtoqEajvZFzfGcWVoQEniocIfXpLbR3e4fyoQjqRoQPkXNJpoE3Sw6tetMNdhL7_c_oP1ClM1sauUZTTYm6DhTvDoNV3swxh9t_duMXTLdxETN4pAb_G4xfrXqVyjkRFA5cJ9HK5Y5MXGUPRKD2VK0osuhbdFcPT3Bec4JGnVKxOYvd39p5w_WKGiTmwsRv9yE4fkXyvyDhCBHt1xUKc_6yVQl8Db60jcy5T5nLuc2TAZwTRllzSVzoFyTzlQ7edh2A3NJfiqWCF_q4y-QF3Usoiv8H4aFT22lZwIDCFpxcWQIwjt1M8WMJbJYROV6cK3c1nl0kgRfxcpq6PskAZiQ6L4wH83lwrNWGMWTGwLSwYcxtjgT3azucbrzSXBhv9JZ4nE2q2ek3sWBCdIj81qL4iVLDpOfo1jcerB1i35SWXTTTP1ROR3AfJLJR7QCLi4uEaYK1mUG8xH0CUuHL48C-ymXYMhFaz3RUPXAXMD_el3lkZDTHDQhEPf7LbXJDrId3v0-FSE187SZaW_8bAqPVMupZXU_TKvGD4juan6xQFv_0pS2sqXVLjvmMmdZPq1tj2aZuGCvReGMih0K_l8UYhAL_sm2QDt34Cjsw1ZlGkc6lJJU4ow38xl7_f3efFvuZFRT8eyoRP_s8Ld8JYOi360BL-tc5VMj510tpa5eBN3GpgnqpmhCHHPUnsiHuNdJWLmbuS4zMTlJTQ0eCkun6Kc1v2rrO1TVRIqs1aUDCTu8jsGQsZe00rdIvSU3HAJ28n6_P13sCI5JpT3pbMRdTjstzkXhGgA_D8bmjFAsV5UwugVYjTJ1u5S4hw1CtIMmV9a7uaq0MY7G58suzDzZCg14rBvj7DEWTljWZNV4OMs5m9dc42lcgZ5CC6N5ft_rNqbclkD1XJ-bbh5-halnOocQQl9J1uA7iVBoLd_tx4WOvl9RdhdEc-wVooyZ_BmXlvh1l-L8zSfmZm3r8EQcHPUhtayEAXVA7eVoNT-wAfXpV131pvjyVcxYyS2xbuHmCvL1VP5T8Ujva_aNINgZxU3w3hEzIvwZmKbkkyLpFSGPb9JmKryDDINJhu2TYJvQhhdgOkYe3IP8bEJUUiEoPI23SXj81OSgBo7GHFGooPk6FrBwnZJFOW31-SbhESYhnG0jfNeZhJhTGZe1Q6U7Ze4L_DJkiwlmebPKjUBIzSEs4HmR9-lpT05OUjuuFxOeg31MmHkuwGBbOcMxwaHZsSw40zbAYM7ktRYzPBA6MXeOojm-T3O7uCp8QCBArKlUN-rIeUSAlj76Fu6axdLzhZfT5YWzapODb0GIZAJAe4fwB_WFQuBjuR9J0JOSHt3dePL6XJAsKpBfszOY4vSjNHXdE3O3P-boAKOaOZvI4He8WKhyMENG9EaWQLlrWLnaOOIbygwDHDK6mdndvgaklyopa-jMne_ehdjTkNtsMW2uudNKisrAoUka-5kJrQZ3Rpe34DshXPj1ghRAjVk2igdozEJ1s05fgo4QzqaQPjuCbOHRLa1kOCB_G9A5ltJo88CbDRUVm-8_mR6tGiVbal5M8jMwJtYDNZV-Nsa7MWg2dVg3A63e4qpsuDgajpDxplZAFsmulGWOyeRf3tRt0GXDVMGEGdjW9iHuY5XqHN4Dz4YFPIR6NZOgfCGLrLSDyad4U6oxOmmliptmtkq6_12j_H2SV7YQT2e7rhBxTRlwsLWck6_tX3QbVfCBBtUzaxI4-FsXLKIFyFOAtE2Ng1OvYtAm5ZPE2GEwdWS35tKSaAztnKskiJ8mS9vslzo72ggoysFQeGRKC-hjlJ-EomboSrmMKjebRDQqeVq2qzFcYCe4HgPrvhEubTb0uXRLurFG8WmChBTntQc1NHI-dCsnsbDzJJoqHyuBsXQbMoY4E-Mr5QLwMKAQl0aDQ2jxdn2Y23c5oPXfKGeQy8Y6i3QIneLeGzpXbRcFZrs2BOcqAkREqs4n1qIYhwElbMgetVPVg_lIVUmY8XaH9-SCSKwncALVJm03WGCGwfEpnackyIO_i545shq9vcW_D_druZVszLbTYd7oERAOVGGL88K7u00fLpyy7rsviz_1W0HFPhlV9iTKk8uldMg4C1NMTQH2Y9IJ3D__PVfPF9hx-xMPyPK7wzC4M-nJdZop4bQYG36x4zKobYMQbNdOSSmK3poclPKzCTMH0RaMp6zynqPBVP2l4ow4gGNroH6eKVs-lVFrg3_pjnGR1fLKIvpCfkJs-TLSfw9uZrvdReMrTOvriF1wnN7uHnpCJ_Oj_NEZVGy-mH49owiNaCNu15Nt0uhqhwGQ9KlI_Einm771roQkX_XSd0if8PRvSwD427Lx8s9LMJ8JuAgu68FuAg_SiCNCnFVd7P4hTW3fI8OUNGEg40DcDxWdIRYYJ7OIeSh7Wgfa7Bk1VJ3jZs43KalQqApdTHubYdRfUjSnBG43egRO4YtZyKclQrlkQp6Lrq74tM8xPAnwr_Q5gwzoywgcnM-r3eoiZZ0qwJ40vMelEXhaoVWCWrBrjCj8Jq4VdOLMwzZBZVTHr72T3stNCECc5LWVjXwlKtVsAOP29T7cu90dJAFVwqIW-8gejMtVLLXTRiZv8k0plkPLJUB6-YyHGnIL_e-xBapj92G566Tuo-X4YDqzfuHVb7fgZit_QFcxl-fgfOlk0d1zeQc8g4oRzyw9M8NDWMBIPOlLF_CjxfrLhnmLGM52KP6j0jZEizTREsLOMS5vrTLQXq7EzBaB-7BUNGR5TjwojdUJexzKRNIGRXnmthUF587uxhIJ2EanK5ruhZX4iBuesEpMVK4B6G2WdMisSYm3M0fxOGmiIGiPzlU_k39utAvL1tqC9wD1w-l1SyZQHCmgRuZ6HiwprI4wqe5tGwqKn5fJN-Z6U1zyvq_jXfiwWnUR2GnagMMCYUlZQqlIxEBFVlJBC3-mbiPXvf-m2fy2BagmJcE3YCUU-uM_PkiO6ecqX6buraxjxexDbTdbH9VQo8u8MMSEX2IP9zZvhadTxu1k5lKvo3ZWu0jipz6Jg9HdLoJZiVN0koNoJmZXIBhXwNsVy4cpD1F8AQuI2IQDH_P8cKOrhbW_DzPcNk3Ec7bggNen6LxLC6oRHUz-mbqS5WvxBgUBXVayCiMByEX6wzwra7ZTA-9vRJhuC4phi5rM96cQFNfkTNoKj0hhvgYYdUV4XQtEDt3OC6H5Wrl3hDDqb2ZSsxZZpCly0C-VVpINBa78z9Kfegf-Mmj1akOeEUuCwJvlD55tQp2_n5BaSoIn_4qwKAiOE8JmZuEpfmk7qcjI-grh3q0bUBdikv7W0b6ny2uGa7u1dxXyGMH2C_FnLYEQZiPMO0DpD2nyOOm9Fk7vqaAmhTItB99LzqCN7PrwMz1xwidm-XtDWSc0gCcc0-c_1hYuXXHuK0qQ2mgtmY6O79MMmmR3OKEFq-FpwkmD2DFGzKqVvjTm-TRrptBcyyNuDXrRgnDfHHJoDGz-gpAiebTNTtWw3ewzWSyS1L06WihiXtHei6escdb8Rm9O_7178QkLwo6S9c1b0osuEGzOh-_4125KU2Sa27v7RfpDmFR8iNd-d1kA5rlLh8w2-VO_S6AIZ8JgFJmOQI1PjayqWYA-LtWW5Un7IOwIfK4jvAGlesGQ5dFPb_SUTtz3iW8YthqaDPW8_ybAY6Qjt6EnHdM_HDCbQn2OLF5zYKhWBo_bLPW2UiIklkVEv-dCCBZUw_QYspVESVMPlK6xG9gC_pT_MFQ0ncmNdcLXqaMsE4NjaMWMusvpgYnF2PE7uy3TdgsNpFLGGEy9mfAyFsp4YYM_WJrVyVCwTyoNex-ZcxDJ0egzy5CKwEDbqL3NzwanL3Z_1yX-4hyZWwRC-6a0WHBucNqBSSGQExwYadMHcbdcmeJRdkl6sdxnvFsArInXx1qDV-2cBkFTX5551zIHlqu-ZPBA8NmXUNzhe-R_X2mRCJh5-sEA8f8KEdfguPIDgTDQTQiQKyBo-g45cTezt239PIV6ZINDE8suB7veLIJ5Ye3XcUTqyKDgqNU6ri6BbtbhOcs2Jic2bVaLB0MkBvLCv6dprFNinKRKWZ1lUBPn6-fHYXldzJ-qCcfCpdGlTvuzB-WXuw6lgjO8i69tfkOjHMpb4r5mjkCipMreyXSbJMxSJR97MJOF3jfgndxBv4ogwPzXpjR5mOru4r0Ke--RtU5vkSGpLo7f1EbYWLnalQp7fXNEd2S09iofU9R32gr83XAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgwQExgf"
+            for _ in benchmark.scaledIterations {
+                _ = try await keyCollection.verify(token, as: Payload.self)
+            }
+        }
     }
 }

README.md

@@ -16,7 +16,7 @@
 </p>
 <br>
 
-🔑 JSON Web Token signing and verification (HMAC, RSA, PSS, ECDSA, EdDSA) using SwiftCrypto.
+🔑 JSON Web Token signing and verification (HMAC, ECDSA, EdDSA, MLDSA, RSA, PSS) using SwiftCrypto.
 
 ### Supported Platforms
 
@@ -58,21 +58,23 @@ JWTKit provides APIs for signing and verifying JSON Web Tokens, as specified by
 The following algorithms, as defined in [RFC 7518 § 3](https://www.rfc-editor.org/rfc/rfc7518.html#section-3) and [RFC 8037 § 3](https://www.rfc-editor.org/rfc/rfc8037.html#section-3), are supported for both signing and verification:
 
 | JWS | Algorithm | Description |
-| :-------------: | :-------------: | :----- |
-| HS256 | HMAC256 | HMAC with SHA-256 |
-| HS384 | HMAC384 | HMAC with SHA-384 |
-| HS512 | HMAC512 | HMAC with SHA-512 |
-| RS256 | RSA256 | RSASSA-PKCS1-v1_5 with SHA-256 |
-| RS384 | RSA384 | RSASSA-PKCS1-v1_5 with SHA-384 |
-| RS512 | RSA512 | RSASSA-PKCS1-v1_5 with SHA-512 |
-| PS256 | RSA256PSS | RSASSA-PSS with SHA-256 |
-| PS384 | RSA384PSS | RSASSA-PSS with SHA-384 |
-| PS512 | RSA512PSS | RSASSA-PSS with SHA-512 |
-| ES256 | ECDSA256 | ECDSA with curve P-256 and SHA-256 |
-| ES384 | ECDSA384 | ECDSA with curve P-384 and SHA-384 |
-| ES512 | ECDSA512 | ECDSA with curve P-521 and SHA-512 |
-| EdDSA | EdDSA | EdDSA with Ed25519 |
-| none | None | No digital signature or MAC |
+| :---: | :---: | --- |
+| `HS256` | `HMAC256` | HMAC with SHA‑256 |
+| `HS384` | `HMAC384` | HMAC with SHA‑384 |
+| `HS512` | `HMAC512` | HMAC with SHA‑512 |
+| `RS256` | `RSA256` | RSASSA‑PKCS1‑v1_5 + SHA‑256 |
+| `RS384` | `RSA384` | RSASSA‑PKCS1‑v1_5 + SHA‑384 |
+| `RS512` | `RSA512` | RSASSA‑PKCS1‑v1_5 + SHA‑512 |
+| `PS256` | `RSA256PSS` | RSASSA‑PSS + SHA‑256 |
+| `PS384` | `RSA384PSS` | RSASSA‑PSS + SHA‑384 |
+| `PS512` | `RSA512PSS` | RSASSA‑PSS + SHA‑512 |
+| `ES256` | `ECDSA256` | P‑256 + SHA‑256 |
+| `ES384` | `ECDSA384` | P‑384 + SHA‑384 |
+| `ES512` | `ECDSA512` | P‑521 + SHA‑512 |
+| `EdDSA` | `EdDSA` | Ed25519 |
+| `ML-DSA-65` | `MLDSA65` | MLDSA with parameter set 65 |
+| `ML-DSA-87` | `MLDSA87` | MLDSA with parameter set 87 |
+| `none` | `None`|  No signature / MAC |
 
 ## Vapor
 
@@ -271,6 +273,30 @@ await keys.add(eddsa: publicKey)
 await keys.add(eddsa: privateKey)
 ```
 
+## MLDSA
+
+Hidden behind the `@_spi(PostQuantum)` flag, JWTKit supports MLDSA (Module-Lattice-Based Digital Signature Algorithm), a post-quantum signature scheme based on the CRYSTALS-DILITHIUM algorithm. It is currently behind an SPI flag because, while the MLDSA signature scheme is [standardized by NIST](https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.204.pdf), its [usage in JWT](https://www.ietf.org/archive/id/draft-ietf-cose-dilithium-04.html) is still in draft state, and, while unlikely, may change before being finalized. Therefore JWTKit reserves the ability to make breaking changes to this API until the usage of MLDSA in JWT is finalized.
+
+> [!NOTE]\
+> MLDSA requires macOS 26+.
+
+Currently, to use MLDSA, you must import JWTKit with the `@_spi(PostQuantum)` flag enabled:
+
+```swift
+@_spi(PostQuantum) import JWTKit
+```
+
+Then you can choose whether to use MLDSA65 or MLDSA87. Use them as follows:
+
+```swift
+// Initialize an MLDSA key with its seed
+let seedRepresentation = Data("...".utf8)
+let privateKey = try MLDSA87PrivateKey(seedRepresentation: seedRepresentation)
+
+// Add private key to the key collection
+await keys.add(mldsa: privateKey)
+```
+
 ## RSA
 
 RSA is an asymmetric algorithm. It uses a public key to verify tokens and a private key to sign them.

Snippets/JWTKitExamples.swift

@@ -1,3 +1,6 @@
+// snippet.MLDSA_IMPORT
+@_spi(PostQuantum) import JWTKit
+// snippet.end
 // snippet.KEY_COLLECTION
 import JWTKit
 
@@ -111,6 +114,19 @@ do {
     // snippet.end
 }
 
+if #available(iOS 26, macOS 26, tvOS 26, watchOS 26, *) {
+    do {
+        // snippet.MLDSA
+        // Initialize an MLDSA key with its seed
+        let seedRepresentation = Data("...".utf8)
+        let privateKey = try MLDSA87PrivateKey(seedRepresentation: seedRepresentation)
+
+        // Add private key to the key collection
+        await keys.add(mldsa: privateKey)
+        // snippet.end
+    }
+}
+
 extension DataProtocol {
     func base64URLDecodedBytes() -> [UInt8] {
         let string = String(decoding: self, as: UTF8.self)

Sources/JWTKit/Docs.docc/index.md

@@ -33,21 +33,23 @@ JWTKit provides APIs for signing and verifying JSON Web Tokens, as specified by
 The following algorithms, as defined in [RFC 7518 § 3](https://www.rfc-editor.org/rfc/rfc7518.html#section-3) and [RFC 8037 § 3](https://www.rfc-editor.org/rfc/rfc8037.html#section-3), are supported for both signing and verification:
 
 | JWS | Algorithm | Description |
-| :-------------: | :-------------: | :----- |
-| HS256 | HMAC256 | HMAC with SHA-256 |
-| HS384 | HMAC384 | HMAC with SHA-384 |
-| HS512 | HMAC512 | HMAC with SHA-512 |
-| RS256 | RSA256 | RSASSA-PKCS1-v1_5 with SHA-256 |
-| RS384 | RSA384 | RSASSA-PKCS1-v1_5 with SHA-384 |
-| RS512 | RSA512 | RSASSA-PKCS1-v1_5 with SHA-512 |
-| PS256 | RSA256PSS | RSASSA-PSS with SHA-256 |
-| PS384 | RSA384PSS | RSASSA-PSS with SHA-384 |
-| PS512 | RSA512PSS | RSASSA-PSS with SHA-512 |
-| ES256 | ECDSA256 | ECDSA with curve P-256 and SHA-256 |
-| ES384 | ECDSA384 | ECDSA with curve P-384 and SHA-384 |
-| ES512 | ECDSA512 | ECDSA with curve P-521 and SHA-512 |
-| EdDSA | EdDSA | EdDSA with Ed25519 |
-| none | None | No digital signature or MAC |
+| :---: | :---: | --- |
+| `HS256` | `HMAC256` | HMAC with SHA‑256 |
+| `HS384` | `HMAC384` | HMAC with SHA‑384 |
+| `HS512` | `HMAC512` | HMAC with SHA‑512 |
+| `RS256` | `RSA256` | RSASSA‑PKCS1‑v1_5 + SHA‑256 |
+| `RS384` | `RSA384` | RSASSA‑PKCS1‑v1_5 + SHA‑384 |
+| `RS512` | `RSA512` | RSASSA‑PKCS1‑v1_5 + SHA‑512 |
+| `PS256` | `RSA256PSS` | RSASSA‑PSS + SHA‑256 |
+| `PS384` | `RSA384PSS` | RSASSA‑PSS + SHA‑384 |
+| `PS512` | `RSA512PSS` | RSASSA‑PSS + SHA‑512 |
+| `ES256` | `ECDSA256` | P‑256 + SHA‑256 |
+| `ES384` | `ECDSA384` | P‑384 + SHA‑384 |
+| `ES512` | `ECDSA512` | P‑521 + SHA‑512 |
+| `EdDSA` | `EdDSA` | Ed25519 |
+| `ML-DSA-65` | `MLDSA65` | MLDSA with parameter set 65 |
+| `ML-DSA-87` | `MLDSA87` | MLDSA with parameter set 87 |
+| `none` | `None`|  No signature / MAC |
 
 ## Vapor
 
@@ -159,6 +161,21 @@ You can create an EdDSA key using its coordinates:
 
 @Snippet(path: "jwt-kit/Snippets/JWTKitExamples", slice: EDDSA)
 
+## MLDSA
+
+Hidden behind the `@_spi(PostQuantum)` flag, JWTKit supports MLDSA (Module-Lattice-Based Digital Signature Algorithm), a post-quantum signature scheme based on the CRYSTALS-DILITHIUM algorithm. It is currently behind an SPI flag because, while the MLDSA signature scheme is [standardized by NIST](https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.204.pdf), its [usage in JWT](https://www.ietf.org/archive/id/draft-ietf-cose-dilithium-04.html) is still in draft state, and, while unlikely, may change before being finalized. Therefore JWTKit reserves the ability to make breaking changes to this API until the usage of MLDSA in JWT is finalized.
+
+> Note:
+> MLDSA is only available on macOS 26+.
+
+Currently, to use MLDSA, you must import JWTKit with the `@_spi(PostQuantum)` flag enabled:
+
+@Snippet(path: "jwt-kit/Snippets/JWTKitExamples", slice: MLDSA_IMPORT)
+
+Then you can choose whether to use MLDSA65 or MLDSA87. Use them as follows:
+
+@Snippet(path: "jwt-kit/Snippets/JWTKitExamples", slice: MLDSA)
+
 ## RSA
 
 RSA is an asymmetric algorithm. It uses a public key to verify tokens and a private key to sign them.

Sources/JWTKit/JWTKeyCollection.swift

@@ -50,8 +50,7 @@ public actor JWTKeyCollection: Sendable {
     /// - Returns: Self for chaining.
     @discardableResult
     func add(_ signer: JWTSigner, for kid: JWKIdentifier? = nil) -> Self {
-        let signer = JWTSigner(
-            algorithm: signer.algorithm, parser: signer.parser, serializer: signer.serializer)
+        let signer = JWTSigner(algorithm: signer.algorithm, parser: signer.parser, serializer: signer.serializer)
 
         if let kid {
             if self.storage[kid] != nil {
@@ -106,8 +105,7 @@ public actor JWTKeyCollection: Sendable {
         guard let kid = jwk.keyIdentifier else {
             throw JWTError.invalidJWK(reason: "Missing KID")
         }
-        let signer = try JWKSigner(
-            jwk: jwk, parser: defaultJWTParser, serializer: defaultJWTSerializer)
+        let signer = try JWKSigner(jwk: jwk, parser: defaultJWTParser, serializer: defaultJWTSerializer)
 
         self.storage[kid] = .jwk(signer)
         switch (self.default, isDefault) {