From e5be17353eafdc1b37222e52360fa0c1084409a4 Mon Sep 17 00:00:00 2001 From: David Bensoussan Date: Tue, 15 Apr 2025 17:45:53 +0200 Subject: [PATCH] feat: can sign ocsp with ed25519 --- vendor/golang.org/x/crypto/ocsp/ocsp.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/vendor/golang.org/x/crypto/ocsp/ocsp.go b/vendor/golang.org/x/crypto/ocsp/ocsp.go index bf2259537..ef11b7b5c 100644 --- a/vendor/golang.org/x/crypto/ocsp/ocsp.go +++ b/vendor/golang.org/x/crypto/ocsp/ocsp.go @@ -11,6 +11,7 @@ import ( "crypto" "crypto/ecdsa" "crypto/elliptic" + "crypto/ed25519" "crypto/rand" "crypto/rsa" _ "crypto/sha1" @@ -151,6 +152,7 @@ var ( oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2} oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3} oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4} + oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} ) var hashOIDs = map[crypto.Hash]asn1.ObjectIdentifier{ @@ -179,6 +181,7 @@ var signatureAlgorithmDetails = []struct { {x509.ECDSAWithSHA256, oidSignatureECDSAWithSHA256, x509.ECDSA, crypto.SHA256}, {x509.ECDSAWithSHA384, oidSignatureECDSAWithSHA384, x509.ECDSA, crypto.SHA384}, {x509.ECDSAWithSHA512, oidSignatureECDSAWithSHA512, x509.ECDSA, crypto.SHA512}, + {x509.PureEd25519, oidSignatureEd25519, x509.Ed25519, crypto.Hash(0)}, } // TODO(rlb): This is also from crypto/x509, so same comment as AGL's below @@ -211,8 +214,16 @@ func signingParamsForPublicKey(pub interface{}, requestedSigAlgo x509.SignatureA err = errors.New("x509: unknown elliptic curve") } + case ed25519.PublicKey: + pubType = x509.Ed25519 + hashFunc = crypto.SHA512 + sigAlgo.Algorithm = oidSignatureEd25519 // EdDSA OID + sigAlgo.Parameters = asn1.RawValue{ + Tag: 5, + } + default: - err = errors.New("x509: only RSA and ECDSA keys supported") + err = errors.New("x509: only RSA, ECDSA and EdDSA keys supported") } if err != nil {