fixup! Add Ed448 signature support and implement related structures

Author: stevefan1999-personal

Cargo.lock

@@ -60,9 +60,6 @@ itertools = { version = "0.14.0", default-features = false }
 rsa_098 = { package = "rsa", version = "0.9.8", features = ["sha2"] }
 signature_220 = { package = "signature", version = "2.2.0" }
 rustls = { version = "0.23.31", default-features = false, features = ["std"] }
-spki = { version = "0.8.0-rc.4", default-features = false, features = [
-    "alloc",
-] }
 x509-cert = { version = "0.2.5", default-features = false, features = [
     "builder",
 ] }

Cargo.toml

@@ -211,8 +211,8 @@ pub const ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms {
             &[
                 #[cfg(feature = "eddsa-ed25519")]
                 eddsa::ed25519::ED25519,
-                // #[cfg(feature = "eddsa-ed448")]
-                // eddsa::ed448::ED448,
+                #[cfg(feature = "eddsa-ed448")]
+                eddsa::ed448::ED448,
             ]
         }
 

src/verify.rs

@@ -1,41 +1,45 @@
-use ed448_goldilocks::{Signature, VerifyingKey};
-use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
-use signature::Verifier;
-
-#[derive(Debug)]
-pub struct Ed448Verify;
-
-impl Ed448Verify {
-    fn verify_inner(
-        public_key: &[u8],
-        message: &[u8],
-        signature: &[u8],
-    ) -> Result<(), crate::verify::Error> {
-        let public_key = public_key.try_into()?;
-        let signature = Signature::from_slice(signature)?;
-        let verifying_key = VerifyingKey::from_bytes(public_key)?;
-        verifying_key.verify(message, &signature)?;
-        Ok(())
-    }
-}
-
-impl SignatureVerificationAlgorithm for Ed448Verify {
-    fn public_key_alg_id(&self) -> AlgorithmIdentifier {
-        todo!()
-    }
-
-    fn signature_alg_id(&self) -> AlgorithmIdentifier {
-        todo!()
-    }
-
-    fn verify_signature(
-        &self,
-        public_key: &[u8],
-        message: &[u8],
-        signature: &[u8],
-    ) -> Result<(), InvalidSignature> {
-        Self::verify_inner(public_key, message, signature).map_err(|_| InvalidSignature)
-    }
-}
-
-pub const ED448: &dyn SignatureVerificationAlgorithm = &Ed448Verify;
+use ed448_goldilocks::{Signature, VerifyingKey};
+use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
+use signature::Verifier;
+
+#[derive(Debug)]
+pub struct Ed448Verify;
+
+impl Ed448Verify {
+    fn verify_inner(
+        public_key: &[u8],
+        message: &[u8],
+        signature: &[u8],
+    ) -> Result<(), crate::verify::Error> {
+        let public_key = public_key.try_into()?;
+        let signature = Signature::from_slice(signature)?;
+        let verifying_key = VerifyingKey::from_bytes(public_key)?;
+        verifying_key.verify(message, &signature)?;
+        Ok(())
+    }
+}
+
+// Until https://github.com/rustls/pki-types/pull/87 was released, we need to use this hack
+const ED448_IDENTIFIER: AlgorithmIdentifier =
+    AlgorithmIdentifier::from_slice(&[0x06, 0x03, 0x2B, 0x65, 0x71]);
+
+impl SignatureVerificationAlgorithm for Ed448Verify {
+    fn public_key_alg_id(&self) -> AlgorithmIdentifier {
+        ED448_IDENTIFIER
+    }
+
+    fn signature_alg_id(&self) -> AlgorithmIdentifier {
+        ED448_IDENTIFIER
+    }
+
+    fn verify_signature(
+        &self,
+        public_key: &[u8],
+        message: &[u8],
+        signature: &[u8],
+    ) -> Result<(), InvalidSignature> {
+        Self::verify_inner(public_key, message, signature).map_err(|_| InvalidSignature)
+    }
+}
+
+pub const ED448: &dyn SignatureVerificationAlgorithm = &Ed448Verify;