Implement DynSignatureAlgorithmIdentifier trait for ed25519 (#712)

dalek-cryptography · Oct 8, 2024 · 43a16f0 · 43a16f0
1 parent cbf794d
commit 43a16f0
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/ed25519-dalek/src/signing.rs b/ed25519-dalek/src/signing.rs
@@ -665,6 +665,20 @@ impl pkcs8::EncodePrivateKey for SigningKey {
     }
 }
 
+#[cfg(all(feature = "alloc", feature = "pkcs8"))]
+impl pkcs8::spki::DynSignatureAlgorithmIdentifier for SigningKey {
+    fn signature_algorithm_identifier(
+        &self,
+    ) -> pkcs8::spki::Result<pkcs8::spki::AlgorithmIdentifierOwned> {
+        // From https://datatracker.ietf.org/doc/html/rfc8410
+        // `id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }`
+        Ok(pkcs8::spki::AlgorithmIdentifier {
+            oid: ed25519::pkcs8::ALGORITHM_OID,
+            parameters: None,
+        })
+    }
+}
+
 #[cfg(feature = "pkcs8")]
 impl TryFrom<pkcs8::KeypairBytes> for SigningKey {
     type Error = pkcs8::Error;

diff --git a/ed25519-dalek/src/verifying.rs b/ed25519-dalek/src/verifying.rs
@@ -580,6 +580,20 @@ impl pkcs8::EncodePublicKey for VerifyingKey {
     }
 }
 
+#[cfg(all(feature = "alloc", feature = "pkcs8"))]
+impl pkcs8::spki::DynSignatureAlgorithmIdentifier for VerifyingKey {
+    fn signature_algorithm_identifier(
+        &self,
+    ) -> pkcs8::spki::Result<pkcs8::spki::AlgorithmIdentifierOwned> {
+        // From https://datatracker.ietf.org/doc/html/rfc8410
+        // `id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }`
+        Ok(ed25519::pkcs8::spki::AlgorithmIdentifierOwned {
+            oid: ed25519::pkcs8::ALGORITHM_OID,
+            parameters: None,
+        })
+    }
+}
+
 #[cfg(feature = "pkcs8")]
 impl TryFrom<pkcs8::PublicKeyBytes> for VerifyingKey {
     type Error = pkcs8::spki::Error;

diff --git a/ed25519-dalek/tests/pkcs8.rs b/ed25519-dalek/tests/pkcs8.rs
@@ -4,14 +4,16 @@
 //! RFC5958 (PKCS#8) and RFC5280 (SPKI).
 
 #![cfg(feature = "pkcs8")]
-
 use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey};
 use ed25519_dalek::{SigningKey, VerifyingKey};
 use hex_literal::hex;
 
 #[cfg(feature = "alloc")]
 use ed25519_dalek::pkcs8::{EncodePrivateKey, EncodePublicKey};
 
+#[cfg(all(feature = "alloc", feature = "pkcs8"))]
+use ed25519_dalek::pkcs8::spki::DynSignatureAlgorithmIdentifier;
+
 /// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER.
 const PKCS8_V1_DER: &[u8] = include_bytes!("examples/pkcs8-v1.der");
 
@@ -69,3 +71,17 @@ fn encode_verifying_key() {
     let verifying_key2 = VerifyingKey::from_public_key_der(verifying_key_der.as_bytes()).unwrap();
     assert_eq!(verifying_key, verifying_key2);
 }
+
+#[test]
+#[cfg(feature = "alloc")]
+fn get_algo_identifier() {
+    let verifying_key = VerifyingKey::from_public_key_der(PUBLIC_KEY_DER).unwrap();
+    let identifier = verifying_key.signature_algorithm_identifier().unwrap();
+    assert!(identifier.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifier.oid, ed25519::pkcs8::ALGORITHM_OID);
+
+    let signing_key = SigningKey::from_bytes(&SK_BYTES);
+    let identifer = signing_key.signature_algorithm_identifier().unwrap();
+    assert!(identifer.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifer.oid, ed25519::pkcs8::ALGORITHM_OID);
+}