Skip to content

crypto/ocsp: add support for Ed25519 signatures in OCSP responses #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+24 −5
Open

crypto/ocsp: add support for Ed25519 signatures in OCSP responses #319

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 24 additions & 5 deletions ocsp/ocsp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/ed25519"
"crypto/rand"
"crypto/rsa"
_ "crypto/sha1"
Expand Down Expand Up @@ -151,6 +152,7 @@ var (
oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2}
oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3}
oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4}
oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
)

var hashOIDs = map[crypto.Hash]asn1.ObjectIdentifier{
Expand Down Expand Up @@ -179,6 +181,7 @@ var signatureAlgorithmDetails = []struct {
{x509.ECDSAWithSHA256, oidSignatureECDSAWithSHA256, x509.ECDSA, crypto.SHA256},
{x509.ECDSAWithSHA384, oidSignatureECDSAWithSHA384, x509.ECDSA, crypto.SHA384},
{x509.ECDSAWithSHA512, oidSignatureECDSAWithSHA512, x509.ECDSA, crypto.SHA512},
{x509.PureEd25519, oidSignatureEd25519, x509.Ed25519, crypto.Hash(0) /* no pre-hashing */},
}

// TODO(rlb): This is also from crypto/x509, so same comment as AGL's below
Expand Down Expand Up @@ -211,8 +214,14 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo x509.SignatureA
err = errors.New("x509: unknown elliptic curve")
}

case ed25519.PublicKey:
pubType = x509.Ed25519
hashFunc = 0 // EdDSA does not use external hash
sigAlgo.Algorithm = oidSignatureEd25519
// Do not set sigAlgo.Parameters — RFC 8410 says it MUST be absent

default:
err = errors.New("x509: only RSA and ECDSA keys supported")
err = errors.New("x509: only RSA, ECDSA, and Ed25519 keys supported")
}

if err != nil {
Expand All @@ -231,7 +240,8 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo x509.SignatureA
return
}
sigAlgo.Algorithm, hashFunc = details.oid, details.hash
if hashFunc == 0 {
// EdDSA is special: hashFunc can be 0
if details.hash == 0 && requestedSigAlgo != x509.PureEd25519 {
err = errors.New("x509: cannot sign with hash function requested")
return
}
Expand Down Expand Up @@ -758,9 +768,18 @@ func CreateResponse(issuer, responderCert *x509.Certificate, template Response,
return nil, err
}

responseHash := hashFunc.New()
responseHash.Write(tbsResponseDataDER)
signature, err := priv.Sign(rand.Reader, responseHash.Sum(nil), hashFunc)
var digest []byte
if hashFunc == crypto.Hash(0) {
// Ed25519 and similar: sign raw DER
digest = tbsResponseDataDER
} else {
h := hashFunc.New()
h.Write(tbsResponseDataDER)
digest = h.Sum(nil)
}

signature, err := priv.Sign(rand.Reader, digest, hashFunc)

if err != nil {
return nil, err
}
Expand Down