From 43a16f03d4c635a8836c23ac07244c116ea3aab8 Mon Sep 17 00:00:00 2001
From: Julius Liu <juliusl@microsoft.com>
Date: Mon, 7 Oct 2024 17:01:13 -0700
Subject: [PATCH] Implement `DynSignatureAlgorithmIdentifier` trait for ed25519
 (#712)

---
 ed25519-dalek/src/signing.rs   | 14 ++++++++++++++
 ed25519-dalek/src/verifying.rs | 14 ++++++++++++++
 ed25519-dalek/tests/pkcs8.rs   | 18 +++++++++++++++++-
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/ed25519-dalek/src/signing.rs b/ed25519-dalek/src/signing.rs
index 3d911dd3a..f3c1053b2 100644
--- a/ed25519-dalek/src/signing.rs
+++ b/ed25519-dalek/src/signing.rs
@@ -665,6 +665,20 @@ impl pkcs8::EncodePrivateKey for SigningKey {
     }
 }
 
+#[cfg(all(feature = "alloc", feature = "pkcs8"))]
+impl pkcs8::spki::DynSignatureAlgorithmIdentifier for SigningKey {
+    fn signature_algorithm_identifier(
+        &self,
+    ) -> pkcs8::spki::Result<pkcs8::spki::AlgorithmIdentifierOwned> {
+        // From https://datatracker.ietf.org/doc/html/rfc8410
+        // `id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }`
+        Ok(pkcs8::spki::AlgorithmIdentifier {
+            oid: ed25519::pkcs8::ALGORITHM_OID,
+            parameters: None,
+        })
+    }
+}
+
 #[cfg(feature = "pkcs8")]
 impl TryFrom<pkcs8::KeypairBytes> for SigningKey {
     type Error = pkcs8::Error;
diff --git a/ed25519-dalek/src/verifying.rs b/ed25519-dalek/src/verifying.rs
index d82a5fbe1..2bb40ebd7 100644
--- a/ed25519-dalek/src/verifying.rs
+++ b/ed25519-dalek/src/verifying.rs
@@ -580,6 +580,20 @@ impl pkcs8::EncodePublicKey for VerifyingKey {
     }
 }
 
+#[cfg(all(feature = "alloc", feature = "pkcs8"))]
+impl pkcs8::spki::DynSignatureAlgorithmIdentifier for VerifyingKey {
+    fn signature_algorithm_identifier(
+        &self,
+    ) -> pkcs8::spki::Result<pkcs8::spki::AlgorithmIdentifierOwned> {
+        // From https://datatracker.ietf.org/doc/html/rfc8410
+        // `id-Ed25519   OBJECT IDENTIFIER ::= { 1 3 101 112 }`
+        Ok(ed25519::pkcs8::spki::AlgorithmIdentifierOwned {
+            oid: ed25519::pkcs8::ALGORITHM_OID,
+            parameters: None,
+        })
+    }
+}
+
 #[cfg(feature = "pkcs8")]
 impl TryFrom<pkcs8::PublicKeyBytes> for VerifyingKey {
     type Error = pkcs8::spki::Error;
diff --git a/ed25519-dalek/tests/pkcs8.rs b/ed25519-dalek/tests/pkcs8.rs
index fecdba94e..4a12318b0 100644
--- a/ed25519-dalek/tests/pkcs8.rs
+++ b/ed25519-dalek/tests/pkcs8.rs
@@ -4,7 +4,6 @@
 //! RFC5958 (PKCS#8) and RFC5280 (SPKI).
 
 #![cfg(feature = "pkcs8")]
-
 use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey};
 use ed25519_dalek::{SigningKey, VerifyingKey};
 use hex_literal::hex;
@@ -12,6 +11,9 @@ use hex_literal::hex;
 #[cfg(feature = "alloc")]
 use ed25519_dalek::pkcs8::{EncodePrivateKey, EncodePublicKey};
 
+#[cfg(all(feature = "alloc", feature = "pkcs8"))]
+use ed25519_dalek::pkcs8::spki::DynSignatureAlgorithmIdentifier;
+
 /// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER.
 const PKCS8_V1_DER: &[u8] = include_bytes!("examples/pkcs8-v1.der");
 
@@ -69,3 +71,17 @@ fn encode_verifying_key() {
     let verifying_key2 = VerifyingKey::from_public_key_der(verifying_key_der.as_bytes()).unwrap();
     assert_eq!(verifying_key, verifying_key2);
 }
+
+#[test]
+#[cfg(feature = "alloc")]
+fn get_algo_identifier() {
+    let verifying_key = VerifyingKey::from_public_key_der(PUBLIC_KEY_DER).unwrap();
+    let identifier = verifying_key.signature_algorithm_identifier().unwrap();
+    assert!(identifier.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifier.oid, ed25519::pkcs8::ALGORITHM_OID);
+
+    let signing_key = SigningKey::from_bytes(&SK_BYTES);
+    let identifer = signing_key.signature_algorithm_identifier().unwrap();
+    assert!(identifer.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifer.oid, ed25519::pkcs8::ALGORITHM_OID);
+}