alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Merge pull request #566 from smallstep/ed25519-improvements

Browse source 
Ed25519 improvements
This commit is contained in:
Mariano Cano 2021-05-07 10:05:46 -07:00 committed by GitHub
commit 1788d09b44
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/api.go
View file

@ -5,6 +5,7 @@ import (
"crypto" "crypto"
"crypto/dsa" //nolint "crypto/dsa" //nolint
"crypto/ecdsa" "crypto/ecdsa"
"crypto/ed25519"
"crypto/rsa" "crypto/rsa"
"crypto/x509" "crypto/x509"
"encoding/asn1" "encoding/asn1"
@ -437,7 +438,6 @@ func parseCursor(r *http.Request) (cursor string, limit int, err error) {
return return
} }
// TODO: add support for Ed25519 once it's supported
func fmtPublicKey(cert *x509.Certificate) string { func fmtPublicKey(cert *x509.Certificate) string {
var params string var params string
switch pk := cert.PublicKey.(type) { switch pk := cert.PublicKey.(type) {
@ -445,6 +445,8 @@ func fmtPublicKey(cert *x509.Certificate) string {
params = pk.Curve.Params().Name params = pk.Curve.Params().Name
case *rsa.PublicKey: case *rsa.PublicKey:
params = strconv.Itoa(pk.Size() * 8) params = strconv.Itoa(pk.Size() * 8)
case ed25519.PublicKey:
return cert.PublicKeyAlgorithm.String()
case *dsa.PublicKey: case *dsa.PublicKey:
params = strconv.Itoa(pk.Q.BitLen() * 8) params = strconv.Itoa(pk.Q.BitLen() * 8)
default: default:

6
api/api_test.go
View file

@ -6,6 +6,7 @@ import (
"crypto" "crypto"
"crypto/dsa" //nolint "crypto/dsa" //nolint
"crypto/ecdsa" "crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
@ -1285,6 +1286,10 @@ func Test_fmtPublicKey(t *testing.T) {
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
edPub, edPriv, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
t.Fatal(err)
}
var dsa2048 dsa.PrivateKey var dsa2048 dsa.PrivateKey
if err := dsa.GenerateParameters(&dsa2048.Parameters, rand.Reader, dsa.L2048N256); err != nil { if err := dsa.GenerateParameters(&dsa2048.Parameters, rand.Reader, dsa.L2048N256); err != nil {
t.Fatal(err) t.Fatal(err)
@ -1304,6 +1309,7 @@ func Test_fmtPublicKey(t *testing.T) {
}{ }{
{"p256", args{p256.Public(), p256, nil}, "ECDSA P-256"}, {"p256", args{p256.Public(), p256, nil}, "ECDSA P-256"},
{"rsa1024", args{rsa1024.Public(), rsa1024, nil}, "RSA 1024"}, {"rsa1024", args{rsa1024.Public(), rsa1024, nil}, "RSA 1024"},
{"ed25519", args{edPub, edPriv, nil}, "Ed25519"},
{"dsa2048", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.DSA, PublicKey: &dsa2048.PublicKey}}, "DSA 2048"}, {"dsa2048", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.DSA, PublicKey: &dsa2048.PublicKey}}, "DSA 2048"},
{"unknown", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.ECDSA, PublicKey: []byte("12345678")}}, "ECDSA unknown"}, {"unknown", args{cert: &x509.Certificate{PublicKeyAlgorithm: x509.ECDSA, PublicKey: []byte("12345678")}}, "ECDSA unknown"},
} }

8
ca/tls.go
View file

@ -4,6 +4,7 @@ import (
"context" "context"
"crypto" "crypto"
"crypto/ecdsa" "crypto/ecdsa"
"crypto/ed25519"
"crypto/rsa" "crypto/rsa"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
@ -325,6 +326,13 @@ func getPEM(i interface{}) ([]byte, error) {
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error marshaling private key") return nil, errors.Wrap(err, "error marshaling private key")
} }
case ed25519.PrivateKey:
var err error
block.Type = "PRIVATE KEY"
block.Bytes, err = x509.MarshalPKCS8PrivateKey(i)
if err != nil {
return nil, errors.Wrap(err, "error marshaling private key")
}
default: default:
return nil, errors.Errorf("unsupported key type %T", i) return nil, errors.Errorf("unsupported key type %T", i)
} }