This adds support for verification of ed25519 certificates according to
RFC 8410. Implements #49.
The test certificate was generated using OpenSSL 1.1.1a, using the
following commands (CA.pl is distributed with OpenSSL):
openssl genpkey -algorithm ed25519 -outform pem -out root_key.pem
openssl req -new -x509 -days 9999 -extensions v3_ca -key root_key.pem \
-inform pem -outform pem -out root_ed25519.pem
echo root_ed25519.pem | CA.pl -newca
openssl genpkey -algorithm ed25519 -outform pem -out client_key.pem
openssl req -new -key client_key.pem -inform pem -outform pem \
-out client_ed25519_csr.pem
openssl ca -keyfile ./root_key.pem -days 999 -notext -in \
client_ed25519_csr.pem -out client_ed25519.pem
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Simplify the way algorithm identifiers are parsed. Simplify the tests
to account for the new simpler parsing.
Simplify how algorithm identifiers are matched against known algorithm
identifiers by using just bytewise comparison.
Simplify the storage of known algorithm identifiers by including their
binary DER-encoded values from files in src/data/. Remove most of the
macros for encoding OID values as they are no longer needed. Remove the
script for generating PSS-related AlgorithmIdentifier parts in favor of
using der-ascii in the future, as documented in src/data/README.md.
Remove the encoded PSS parts generated from the deleted script, as they
were replaced in this transition.
This has tests generated by openssl, and integrated with
the existing chromium verify_signed_data corpus.
The PSS parameter encodings are slightly unwieldy, and
are included from files rather than embedded in the source.
There are python scripts for regenerating the parameter encodings
and tests.
Brian Smith
Sebastian Hahn
Joseph Birr-Pixton