Skip to content

Commit f46d230

Browse files
dixyesdixyes
committed
ocsp: support ed25519 signing
1 parent 5307a0c commit f46d230

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

ocsp/ocsp.go

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ package ocsp
1010
import (
1111
"crypto"
1212
"crypto/ecdsa"
13+
"crypto/ed25519"
1314
"crypto/elliptic"
1415
"crypto/rand"
1516
"crypto/rsa"
@@ -151,6 +152,7 @@ var (
151152
oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2}
152153
oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3}
153154
oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4}
155+
oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
154156
)
155157

156158
var hashOIDs = map[crypto.Hash]asn1.ObjectIdentifier{
@@ -179,6 +181,7 @@ var signatureAlgorithmDetails = []struct {
179181
{x509.ECDSAWithSHA256, oidSignatureECDSAWithSHA256, x509.ECDSA, crypto.SHA256},
180182
{x509.ECDSAWithSHA384, oidSignatureECDSAWithSHA384, x509.ECDSA, crypto.SHA384},
181183
{x509.ECDSAWithSHA512, oidSignatureECDSAWithSHA512, x509.ECDSA, crypto.SHA512},
184+
{x509.PureEd25519, oidSignatureEd25519, x509.Ed25519, crypto.Hash(0) /* no pre-hashing */},
182185
}
183186

184187
// TODO(rlb): This is also from crypto/x509, so same comment as AGL's below
@@ -211,8 +214,13 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo x509.SignatureA
211214
err = errors.New("x509: unknown elliptic curve")
212215
}
213216

217+
case ed25519.PublicKey:
218+
pubType = x509.Ed25519
219+
hashFunc = crypto.Hash(0)
220+
sigAlgo.Algorithm = oidSignatureEd25519
221+
214222
default:
215-
err = errors.New("x509: only RSA and ECDSA keys supported")
223+
err = errors.New("x509: only RSA, ECDSA and Ed25519 keys supported")
216224
}
217225

218226
if err != nil {
@@ -753,14 +761,18 @@ func CreateResponse(issuer, responderCert *x509.Certificate, template Response,
753761
return nil, err
754762
}
755763

764+
signed := tbsResponseDataDER
756765
hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(priv.Public(), template.SignatureAlgorithm)
757766
if err != nil {
758767
return nil, err
759768
}
769+
if hashFunc != 0 {
770+
responseHash := hashFunc.New()
771+
responseHash.Write(tbsResponseDataDER)
772+
signed = responseHash.Sum(nil)
773+
}
760774

761-
responseHash := hashFunc.New()
762-
responseHash.Write(tbsResponseDataDER)
763-
signature, err := priv.Sign(rand.Reader, responseHash.Sum(nil), hashFunc)
775+
signature, err := priv.Sign(rand.Reader, signed, hashFunc)
764776
if err != nil {
765777
return nil, err
766778
}

0 commit comments

Comments
 (0)