Add support for Ed25519 certificates

This adds support for verification of ed25519 certificates according to RFC 8410. Implements #49. The test certificate was generated using OpenSSL 1.1.1a, using the following commands (CA.pl is distributed with OpenSSL): openssl genpkey -algorithm ed25519 -outform pem -out root_key.pem openssl req -new -x509 -days 9999 -extensions v3_ca -key root_key.pem \ -inform pem -outform pem -out root_ed25519.pem echo root_ed25519.pem | CA.pl -newca openssl genpkey -algorithm ed25519 -outform pem -out client_key.pem openssl req -new -key client_key.pem -inform pem -outform pem \ -out client_ed25519_csr.pem openssl ca -keyfile ./root_key.pem -days 999 -notext -in \ client_ed25519_csr.pem -out client_ed25519.pem I agree to license my contributions to each file under the terms given at the top of each file I changed.
2019-01-13 08:14:28 +01:00 · 2019-01-13 08:14:28 +01:00 · d139e98815
parent 6c710deee8
commit d139e98815
6 changed files with 39 additions and 1 deletions
--- a/src/data/alg-ed25519.der
+++ b/src/data/alg-ed25519.der
@ -0,0 +1 @@
+ep
--- a/src/signed_data.rs
+++ b/src/signed_data.rs
@ -267,6 +267,14 @@ pub static RSA_PSS_2048_8192_SHA512_LEGACY_KEY: SignatureAlgorithm =
    verification_alg: &signature::RSA_PSS_2048_8192_SHA512,
 };

+/// ED25519 signatures according to RFC 8410
+pub static ED25519: SignatureAlgorithm =
+        SignatureAlgorithm {
+    public_key_alg_id: ED_25519,
+    signature_alg_id: ED_25519,
+    verification_alg: &signature::ED25519,
+};
+
 struct AlgorithmIdentifier {
    asn1_id_value: &'static [u8],
 }
@ -327,6 +335,9 @@ const RSA_PSS_SHA512: AlgorithmIdentifier = AlgorithmIdentifier {
    asn1_id_value: include_bytes!("data/alg-rsa-pss-sha512.der"),
 };

+const ED_25519: AlgorithmIdentifier = AlgorithmIdentifier {
+    asn1_id_value: include_bytes!("data/alg-ed25519.der"),
+};

 #[cfg(test)]
 mod tests {
@ -635,6 +646,7 @@ mod tests {
        &signed_data::RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
        &signed_data::RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
        &signed_data::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
+        &signed_data::ED25519,

        // Algorithms deprecated because they are annoying (P-521) or because
        // they are nonsensical combinations.
--- a/src/webpki.rs
+++ b/src/webpki.rs
@ -95,6 +95,7 @@ pub use signed_data::{
    RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
    RSA_PSS_2048_8192_SHA384_LEGACY_KEY,
    RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
+    ED25519,
 };

 pub use time::Time;
--- a/tests/ed25519/ca.der
+++ b/tests/ed25519/ca.der
--- a/tests/ed25519/ee.der
+++ b/tests/ed25519/ee.der
--- a/tests/integration.rs
+++ b/tests/integration.rs
@ -50,7 +50,8 @@ static ALL_SIGALGS: &'static [&'static webpki::SignatureAlgorithm] = &[
    &webpki::RSA_PKCS1_2048_8192_SHA256,
    &webpki::RSA_PKCS1_2048_8192_SHA384,
    &webpki::RSA_PKCS1_2048_8192_SHA512,
-    &webpki::RSA_PKCS1_3072_8192_SHA384
+    &webpki::RSA_PKCS1_3072_8192_SHA384,
+    &webpki::ED25519,
 ];

 /* Checks we can verify netflix's cert chain.  This is notable
@ -81,6 +82,29 @@ pub fn netflix()
        .unwrap();
 }

+#[cfg(feature = "trust_anchor_util")]
+#[test]
+pub fn ed25519()
+{
+    let ee = include_bytes!("ed25519/ee.der");
+    let ca = include_bytes!("ed25519/ca.der");
+
+    let ee_input = untrusted::Input::from(ee);
+    let anchors = vec![
+        webpki::trust_anchor_util::cert_der_as_trust_anchor(
+            untrusted::Input::from(ca)
+        ).unwrap()
+    ];
+    let anchors = webpki::TLSServerTrustAnchors(&anchors);
+
+    let time = webpki::Time::from_seconds_since_unix_epoch(1547363522);
+
+    let cert = webpki::EndEntityCert::from(ee_input).unwrap();
+    let _ = cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors,
+                                                 &[], time)
+        .unwrap();
+}
+
 #[cfg(feature = "trust_anchor_util")]
 #[test]
 fn read_root_with_zero_serial() {