Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ed25519: implement SignatureBitStringEncoding support #889

Merged
merged 1 commit into from
Jan 23, 2025
Merged

ed25519: implement SignatureBitStringEncoding support #889

merged 1 commit into from
Jan 23, 2025
+30 −1

Conversation

baloo
Copy link
Member

@baloo baloo commented Jan 22, 2025
edited
Loading

@baloo baloo marked this pull request as draft January 22, 2025 18:15
@baloo
Copy link
Member Author

baloo commented Jan 22, 2025

Putting that in draft for now, I didn't check whether that was enough to generate an x509 cert with it yet.

@baloo
Copy link
Member Author

baloo commented Jan 22, 2025

This generates those kind of x509 certificates:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
        Signature Algorithm: ED25519
        Issuer: C = US, O = Acme Inc, CN = Hi
        Validity
            Not Before: Jan 22 21:22:51 2025 GMT
            Not After : Jan 28 16:16:11 2025 GMT
        Subject: C = US, O = Acme Inc, CN = Hi
        Subject Public Key Info:
            Public Key Algorithm: ED25519
                ED25519 Public-Key:
                pub:
                    4e:2b:d6:8d:a9:04:b2:aa:6f:f3:6e:a8:7a:39:cc:
                    b5:18:cc:a8:c2:4f:70:04:a0:c9:46:ef:d2:5f:43:
                    fc:77
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                E3:7F:9B:E3:F5:42:9B:81:6D:9A:FC:F4:21:9B:6D:BD:71:FC:0F:00
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                E3:7F:9B:E3:F5:42:9B:81:6D:9A:FC:F4:21:9B:6D:BD:71:FC:0F:00
    Signature Algorithm: ED25519
    Signature Value:
        68:45:67:e3:74:89:a3:e4:9b:75:28:95:43:ab:53:cc:48:b6:
        52:6c:e8:9a:53:70:b3:86:97:a4:a4:ee:ef:bb:3a:08:ea:0c:
        2a:99:fb:bf:71:fc:65:0a:35:ed:51:e9:77:f2:53:d5:5b:bb:
        61:07:c9:5f:fa:38:22:db:8c:0f
-----BEGIN CERTIFICATE-----
MIIBbDCCAR6gAwIBAgIBKjAFBgMrZXAwLTELMAkGA1UEBhMCVVMxETAPBgNVBAoM
CEFjbWUgSW5jMQswCQYDVQQDDAJIaTAeFw0yNTAxMjIyMTIyNTFaFw0yNTAxMjgx
NjE2MTFaMC0xCzAJBgNVBAYTAlVTMREwDwYDVQQKDAhBY21lIEluYzELMAkGA1UE
AwwCSGkwKjAFBgMrZXADIQBOK9aNqQSyqm/zbqh6Ocy1GMyowk9wBKDJRu/SX0P8
d6NjMGEwHwYDVR0jBBgwFoAU43+b4/VCm4Ftmvz0IZttvXH8DwAwDwYDVR0TAQH/
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFON/m+P1QpuBbZr89CGb
bb1x/A8AMAUGAytlcANBAGhFZ+N0iaPkm3UolUOrU8xItlJs6JpTcLOGl6Sk7u+7
OgjqDCqZ+79x/GUKNe1R6XfyU9Vbu2EHyV/6OCLbjA8=
-----END CERTIFICATE-----

This doesn't pass the zlint because it fails on https://github.com/zmap/zlint/blob/master/v3/lints/cabf_br/lint_subject_public_key_info_improper_algorithm_object_identifier_encoding.go#L62

which follows CABF (https://github.com/cabforum/servercert/blob/main/docs/BR.md#7131-subjectpublickeyinfo).

I think openssl is happy about it:

$ openssl verify -check_ss_sig -CAfile /tmp/eddsa.pem /tmp/eddsa.pem
/tmp/eddsa.pem: OK

@baloo baloo marked this pull request as ready for review January 22, 2025 21:24
@baloo baloo mentioned this pull request Jan 22, 2025
Open
@tarcieri tarcieri merged commit e5a732d into RustCrypto:master Jan 23, 2025
8 checks passed
@baloo baloo deleted the baloo/ed25519/signature-encoding branch January 23, 2025 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarcieri tarcieri

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ed25519: SignatureBitStringEncoding support
2 participants
@baloo @tarcieri