diff --git a/tlslite/constants.py b/tlslite/constants.py index bf509e12..2d37e145 100644 --- a/tlslite/constants.py +++ b/tlslite/constants.py @@ -187,6 +187,7 @@ class HashAlgorithm(TLSEnum): sha256 = 4 sha384 = 5 sha512 = 6 + intrinsic = 8 # RFC 8422 class SignatureAlgorithm(TLSEnum): @@ -196,6 +197,8 @@ class SignatureAlgorithm(TLSEnum): rsa = 1 dsa = 2 ecdsa = 3 + ed25519 = 7 # RFC 8422 + ed448 = 8 # RFC 8422 class SignatureScheme(TLSEnum): @@ -217,6 +220,8 @@ class SignatureScheme(TLSEnum): rsa_pss_rsae_sha256 = (8, 4) rsa_pss_rsae_sha384 = (8, 5) rsa_pss_rsae_sha512 = (8, 6) + ed25519 = (8, 7) # RFC 8422 + ed448 = (8, 8) # RFC 8422 rsa_pss_pss_sha256 = (8, 9) rsa_pss_pss_sha384 = (8, 10) rsa_pss_pss_sha512 = (8, 11) @@ -243,6 +248,9 @@ def getKeyType(scheme): E.g. for "rsa_pkcs1_sha1" it returns "rsa" """ + # they need to be threated as ECDSA algorithms, see RFC 8422 + if scheme in ("ed25519", "ed448"): + return "ecdsa" try: getattr(SignatureScheme, scheme) except AttributeError: @@ -269,6 +277,9 @@ def getPadding(scheme): @staticmethod def getHash(scheme): """Return the name of hash used in signature scheme.""" + # there is no explicit hash in the EDDSA, see RFC 8422 + if scheme in ("ed25519", "ed448"): + return "intrinsic" try: getattr(SignatureScheme, scheme) except AttributeError: diff --git a/unit_tests/test_tlslite_constants.py b/unit_tests/test_tlslite_constants.py index 913c8663..af160259 100644 --- a/unit_tests/test_tlslite_constants.py +++ b/unit_tests/test_tlslite_constants.py @@ -315,3 +315,13 @@ def test_getPadding_with_valid_new_name(self): ret = SignatureScheme.getPadding('rsa_pss_pss_sha256') self.assertEqual(ret, 'pss') + + def test_getKeyType_with_eddsa(self): + ret = SignatureScheme.getKeyType('ed25519') + + self.assertEqual(ret, 'ecdsa') + + def test_getHash_with_eddsa(self): + ret = SignatureScheme.getHash('ed25519') + + self.assertEqual(ret, 'intrinsic')