Skip to content

Commit

Permalink
Deprecate AlgorithmEd25519 and provide AlgorithmEdDSA instead (#160)
Browse files Browse the repository at this point in the history
Signed-off-by: qmuntal <[email protected]>
  • Loading branch information
qmuntal authored Jul 24, 2023
1 parent ec64bcb commit 88e7f1e
Show file tree
Hide file tree
Showing 12 changed files with 44 additions and 38 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ These are the required packages for each built-in cose.Algorithm:

- cose.AlgorithmPS256, cose.AlgorithmES256: `crypto/sha256`
- cose.AlgorithmPS384, cose.AlgorithmPS512, cose.AlgorithmES384, cose.AlgorithmES512: `crypto/sha512`
- cose.AlgorithmEd25519: none
- cose.AlgorithmEdDSA: none

## Features

Expand Down
8 changes: 7 additions & 1 deletion algorithm.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,14 @@ const (
AlgorithmES512 Algorithm = -36

// PureEdDSA by RFC 8152.
//
// Deprecated: use AlgorithmEdDSA instead, which has
// the same value but with a more accurate name.
AlgorithmEd25519 Algorithm = -8

// PureEdDSA by RFC 8152.
AlgorithmEdDSA Algorithm = -8

// An invalid/unrecognised algorithm.
AlgorithmInvalid Algorithm = 0
)
Expand Down Expand Up @@ -65,7 +71,7 @@ func (a Algorithm) String() string {
return "ES384"
case AlgorithmES512:
return "ES512"
case AlgorithmEd25519:
case AlgorithmEdDSA:
// As stated in RFC 8152 8.2, only the pure EdDSA version is used for
// COSE.
return "EdDSA"
Expand Down
2 changes: 1 addition & 1 deletion algorithm_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ func TestAlgorithm_computeHash(t *testing.T) {
},
{
name: "Ed25519",
alg: AlgorithmEd25519,
alg: AlgorithmEdDSA,
wantErr: ErrUnavailableHashFunc,
},
{
Expand Down
4 changes: 2 additions & 2 deletions ed25519.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ type ed25519Signer struct {

// Algorithm returns the signing algorithm associated with the private key.
func (es *ed25519Signer) Algorithm() Algorithm {
return AlgorithmEd25519
return AlgorithmEdDSA
}

// Sign signs message content with the private key, possibly using entropy from
Expand All @@ -34,7 +34,7 @@ type ed25519Verifier struct {

// Algorithm returns the signing algorithm associated with the public key.
func (ev *ed25519Verifier) Algorithm() Algorithm {
return AlgorithmEd25519
return AlgorithmEdDSA
}

// Verify verifies message content with the public key, returning nil for
Expand Down
8 changes: 4 additions & 4 deletions ed25519_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func generateTestEd25519Key(t *testing.T) (ed25519.PublicKey, ed25519.PrivateKey

func Test_ed25519Signer(t *testing.T) {
// generate key
alg := AlgorithmEd25519
alg := AlgorithmEdDSA
_, key := generateTestEd25519Key(t)

// set up signer
Expand Down Expand Up @@ -51,7 +51,7 @@ func Test_ed25519Signer(t *testing.T) {

func Test_ed25519Verifier_Verify_Success(t *testing.T) {
// generate key
alg := AlgorithmEd25519
alg := AlgorithmEdDSA
_, key := generateTestEd25519Key(t)

// generate a valid signature
Expand All @@ -77,7 +77,7 @@ func Test_ed25519Verifier_Verify_Success(t *testing.T) {

func Test_ed25519Verifier_Verify_KeyMismatch(t *testing.T) {
// generate key
alg := AlgorithmEd25519
alg := AlgorithmEdDSA
_, key := generateTestEd25519Key(t)

// generate a valid signature
Expand All @@ -97,7 +97,7 @@ func Test_ed25519Verifier_Verify_KeyMismatch(t *testing.T) {

func Test_ed25519Verifier_Verify_InvalidSignature(t *testing.T) {
// generate key
alg := AlgorithmEd25519
alg := AlgorithmEdDSA
vk, sk := generateTestEd25519Key(t)

// generate a valid signature with a tampered one
Expand Down
4 changes: 2 additions & 2 deletions fuzz_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
var supportedAlgorithms = [...]cose.Algorithm{
cose.AlgorithmPS256, cose.AlgorithmPS384, cose.AlgorithmPS512,
cose.AlgorithmES256, cose.AlgorithmES384, cose.AlgorithmES512,
cose.AlgorithmEd25519,
cose.AlgorithmEdDSA,
}

func FuzzSign1Message_UnmarshalCBOR(f *testing.F) {
Expand Down Expand Up @@ -181,7 +181,7 @@ func newSignerWithEphemeralKey(alg cose.Algorithm) (sv signVerifier, err error)
key, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
case cose.AlgorithmES512:
key, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
case cose.AlgorithmEd25519:
case cose.AlgorithmEdDSA:
_, key, err = ed25519.GenerateKey(rand.Reader)
default:
err = cose.ErrAlgorithmNotSupported
Expand Down
12 changes: 6 additions & 6 deletions key.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ type Key struct {

// NewOKPKey returns a Key created using the provided Octet Key Pair data.
func NewOKPKey(alg Algorithm, x, d []byte) (*Key, error) {
if alg != AlgorithmEd25519 {
if alg != AlgorithmEdDSA {
return nil, fmt.Errorf("unsupported algorithm %q", alg)
}

Expand Down Expand Up @@ -389,7 +389,7 @@ func NewKeyFromPublic(pub crypto.PublicKey) (*Key, error) {

return NewEC2Key(alg, vk.X.Bytes(), vk.Y.Bytes(), nil)
case ed25519.PublicKey:
return NewOKPKey(AlgorithmEd25519, []byte(vk), nil)
return NewOKPKey(AlgorithmEdDSA, []byte(vk), nil)
default:
return nil, ErrInvalidPubKey
}
Expand All @@ -408,7 +408,7 @@ func NewKeyFromPrivate(priv crypto.PrivateKey) (*Key, error) {

return NewEC2Key(alg, sk.X.Bytes(), sk.Y.Bytes(), sk.D.Bytes())
case ed25519.PrivateKey:
return NewOKPKey(AlgorithmEd25519, []byte(sk[32:]), []byte(sk[:32]))
return NewOKPKey(AlgorithmEdDSA, []byte(sk[32:]), []byte(sk[:32]))
default:
return nil, ErrInvalidPrivKey
}
Expand Down Expand Up @@ -679,7 +679,7 @@ func (k *Key) PublicKey() (crypto.PublicKey, error) {
pub.Y.SetBytes(y)

return pub, nil
case AlgorithmEd25519:
case AlgorithmEdDSA:
_, x, _ := k.OKP()
return ed25519.PublicKey(x), nil
default:
Expand Down Expand Up @@ -724,7 +724,7 @@ func (k *Key) PrivateKey() (crypto.PrivateKey, error) {
PublicKey: ecdsa.PublicKey{Curve: curve, X: bx, Y: by},
D: bd,
}, nil
case AlgorithmEd25519:
case AlgorithmEdDSA:
_, x, d := k.OKP()
if len(x) == 0 {
return ed25519.NewKeyFromSeed(d), nil
Expand Down Expand Up @@ -817,7 +817,7 @@ func (k *Key) deriveAlgorithm() (Algorithm, error) {
crv, _, _ := k.OKP()
switch crv {
case CurveEd25519:
return AlgorithmEd25519, nil
return AlgorithmEdDSA, nil
default:
return AlgorithmInvalid, fmt.Errorf(
"unsupported curve %q for key type OKP", crv.String())
Expand Down
30 changes: 15 additions & 15 deletions key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -457,7 +457,7 @@ func TestKey_UnmarshalCBOR(t *testing.T) {
},
want: &Key{
KeyType: KeyTypeOKP,
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
KeyOps: []KeyOp{KeyOpVerify, KeyOpSign},
BaseIV: []byte{0x03, 0x02, 0x01},
Params: map[interface{}]interface{}{
Expand Down Expand Up @@ -644,7 +644,7 @@ func TestKey_MarshalCBOR(t *testing.T) {
name: "OKP with kty and alg",
key: &Key{
KeyType: KeyTypeOKP,
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
},
want: []byte{
0xa2, // map (2)
Expand Down Expand Up @@ -730,7 +730,7 @@ func TestKey_MarshalCBOR(t *testing.T) {
name: "OKP",
key: &Key{
KeyType: KeyTypeOKP,
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
KeyOps: []KeyOp{KeyOpVerify, KeyOpEncrypt},
Params: map[interface{}]interface{}{
KeyLabelOKPCurve: CurveEd25519,
Expand Down Expand Up @@ -846,10 +846,10 @@ func TestNewOKPKey(t *testing.T) {
wantErr string
}{
{
name: "valid", args: args{AlgorithmEd25519, x, d},
name: "valid", args: args{AlgorithmEdDSA, x, d},
want: &Key{
KeyType: KeyTypeOKP,
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
Params: map[interface{}]interface{}{
KeyLabelOKPCurve: CurveEd25519,
KeyLabelOKPX: x,
Expand All @@ -862,7 +862,7 @@ func TestNewOKPKey(t *testing.T) {
want: nil,
wantErr: `unsupported algorithm "unknown algorithm value -100"`,
}, {
name: "x and d missing", args: args{AlgorithmEd25519, nil, nil},
name: "x and d missing", args: args{AlgorithmEdDSA, nil, nil},
want: nil,
wantErr: "invalid key: required parameters missing",
},
Expand Down Expand Up @@ -1061,7 +1061,7 @@ func TestKey_AlgorithmOrDefault(t *testing.T) {
KeyLabelOKPCurve: CurveEd25519,
},
},
AlgorithmEd25519,
AlgorithmEdDSA,
"",
},
{
Expand Down Expand Up @@ -1170,7 +1170,7 @@ func TestNewKeyFromPrivate(t *testing.T) {
{
"ed25519", ed25519.PrivateKey(append(okpd, okpx...)),
&Key{
Algorithm: AlgorithmEd25519, KeyType: KeyTypeOKP,
Algorithm: AlgorithmEdDSA, KeyType: KeyTypeOKP,
Params: map[interface{}]interface{}{
KeyLabelOKPCurve: CurveEd25519,
KeyLabelOKPX: okpx,
Expand Down Expand Up @@ -1228,7 +1228,7 @@ func TestNewKeyFromPublic(t *testing.T) {
{
"ed25519", ed25519.PublicKey(okpx),
&Key{
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
KeyType: KeyTypeOKP,
Params: map[interface{}]interface{}{
KeyLabelOKPCurve: CurveEd25519,
Expand Down Expand Up @@ -1275,20 +1275,20 @@ func TestKey_Signer(t *testing.T) {
KeyLabelOKPD: d,
},
},
AlgorithmEd25519,
AlgorithmEdDSA,
"",
},
{
"without key_ops", &Key{
KeyType: KeyTypeOKP,
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
Params: map[interface{}]interface{}{
KeyLabelOKPCurve: CurveEd25519,
KeyLabelOKPX: x,
KeyLabelOKPD: d,
},
},
AlgorithmEd25519,
AlgorithmEdDSA,
"",
},
{
Expand Down Expand Up @@ -1361,19 +1361,19 @@ func TestKey_Verifier(t *testing.T) {
KeyLabelOKPX: x,
},
},
AlgorithmEd25519,
AlgorithmEdDSA,
"",
},
{
"without key_ops", &Key{
KeyType: KeyTypeOKP,
Algorithm: AlgorithmEd25519,
Algorithm: AlgorithmEdDSA,
Params: map[interface{}]interface{}{
KeyLabelOKPCurve: CurveEd25519,
KeyLabelOKPX: x,
},
},
AlgorithmEd25519,
AlgorithmEdDSA,
"",
},
{
Expand Down
2 changes: 1 addition & 1 deletion signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func NewSigner(alg Algorithm, key crypto.Signer) (Signer, error) {
key: vk,
signer: key,
}, nil
case AlgorithmEd25519:
case AlgorithmEdDSA:
if _, ok := key.Public().(ed25519.PublicKey); !ok {
return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
}
Expand Down
4 changes: 2 additions & 2 deletions signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,15 +77,15 @@ func TestNewSigner(t *testing.T) {
},
{
name: "ed25519 signer",
alg: AlgorithmEd25519,
alg: AlgorithmEdDSA,
key: ed25519Key,
want: &ed25519Signer{
key: ed25519Key,
},
},
{
name: "ed25519 key mismatch",
alg: AlgorithmEd25519,
alg: AlgorithmEdDSA,
key: rsaKey,
wantErr: "EdDSA: invalid public key",
},
Expand Down
2 changes: 1 addition & 1 deletion verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func NewVerifier(alg Algorithm, key crypto.PublicKey) (Verifier, error) {
alg: alg,
key: vk,
}, nil
case AlgorithmEd25519:
case AlgorithmEdDSA:
vk, ok := key.(ed25519.PublicKey)
if !ok {
return nil, fmt.Errorf("%v: %w", alg, ErrInvalidPubKey)
Expand Down
4 changes: 2 additions & 2 deletions verifier_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,15 +73,15 @@ func TestNewVerifier(t *testing.T) {
},
{
name: "ed25519 verifier",
alg: AlgorithmEd25519,
alg: AlgorithmEdDSA,
key: ed25519Key,
want: &ed25519Verifier{
key: ed25519Key,
},
},
{
name: "ed25519 invalid public key",
alg: AlgorithmEd25519,
alg: AlgorithmEdDSA,
key: rsaKey,
wantErr: "EdDSA: invalid public key",
},
Expand Down

0 comments on commit 88e7f1e

Please sign in to comment.