feat: impl DynSignatureAlgorithmIdentifier for ed5519-dalek

dalek-cryptography · Oct 3, 2024 · a1155b6 · a1155b6
1 parent cbf794d
commit a1155b6
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 3 deletions.
diff --git a/ed25519-dalek/src/signature.rs b/ed25519-dalek/src/signature.rs
@@ -174,4 +174,4 @@ impl From<InternalSignature> for ed25519::Signature {
     fn from(sig: InternalSignature) -> ed25519::Signature {
         ed25519::Signature::from_components(*sig.R.as_bytes(), *sig.s.as_bytes())
     }
-}
+}
diff --git a/ed25519-dalek/src/signing.rs b/ed25519-dalek/src/signing.rs
@@ -665,6 +665,15 @@ impl pkcs8::EncodePrivateKey for SigningKey {
     }
 }
 
+#[cfg(feature = "pkcs8")]
+impl pkcs8::spki::DynSignatureAlgorithmIdentifier for SigningKey {
+    fn signature_algorithm_identifier(&self) -> pkcs8::spki::Result<pkcs8::spki::AlgorithmIdentifierOwned> {
+        // From https://datatracker.ietf.org/doc/html/rfc8410
+        // `id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }`
+        Ok(pkcs8::spki::AlgorithmIdentifier { oid: ed25519::pkcs8::ALGORITHM_OID, parameters: None })
+    }
+}
+
 #[cfg(feature = "pkcs8")]
 impl TryFrom<pkcs8::KeypairBytes> for SigningKey {
     type Error = pkcs8::Error;

diff --git a/ed25519-dalek/src/verifying.rs b/ed25519-dalek/src/verifying.rs
@@ -580,6 +580,15 @@ impl pkcs8::EncodePublicKey for VerifyingKey {
     }
 }
 
+#[cfg(feature = "pkcs8")]
+impl pkcs8::spki::DynSignatureAlgorithmIdentifier for VerifyingKey {
+    fn signature_algorithm_identifier(&self) -> pkcs8::spki::Result<pkcs8::spki::AlgorithmIdentifierOwned> {
+        // From https://datatracker.ietf.org/doc/html/rfc8410
+        // `id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }`
+        Ok(ed25519::pkcs8::spki::AlgorithmIdentifierOwned { oid: ed25519::pkcs8::ALGORITHM_OID, parameters: None })
+    }
+}
+
 #[cfg(feature = "pkcs8")]
 impl TryFrom<pkcs8::PublicKeyBytes> for VerifyingKey {
     type Error = pkcs8::spki::Error;

diff --git a/ed25519-dalek/tests/pkcs8.rs b/ed25519-dalek/tests/pkcs8.rs
@@ -4,8 +4,7 @@
 //! RFC5958 (PKCS#8) and RFC5280 (SPKI).
 
 #![cfg(feature = "pkcs8")]
-
-use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey};
+use ed25519_dalek::pkcs8::{spki::DynSignatureAlgorithmIdentifier, DecodePrivateKey, DecodePublicKey};
 use ed25519_dalek::{SigningKey, VerifyingKey};
 use hex_literal::hex;
 
@@ -69,3 +68,16 @@ fn encode_verifying_key() {
     let verifying_key2 = VerifyingKey::from_public_key_der(verifying_key_der.as_bytes()).unwrap();
     assert_eq!(verifying_key, verifying_key2);
 }
+
+#[test]
+fn get_algo_identifier() {
+    let verifying_key = VerifyingKey::from_public_key_der(PUBLIC_KEY_DER).unwrap();
+    let identifier = verifying_key.signature_algorithm_identifier().unwrap();
+    assert!(identifier.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifier.oid, ed25519::pkcs8::ALGORITHM_OID);
+
+    let signing_key = SigningKey::from_bytes(&SK_BYTES);
+    let identifer = signing_key.signature_algorithm_identifier().unwrap();
+    assert!(identifer.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifer.oid, ed25519::pkcs8::ALGORITHM_OID);
+}