ed25519 algo oid is not allowed in `v3/lints/cabf_br/lint_subject_public_key_info_improper_algorithm_object_identifier_encoding.go`

[juliusl]

https://datatracker.ietf.org/doc/html/rfc8410

If trying to lint an x509 certificate with an ed25519 signer the following error is issued,

parse zlint output: Error("invalid type: string \"The encoded AlgorithmObjectIdentifier \\\"300506032b6570\\\" inside the SubjectPublicKeyInfo field is not allowed\", expected a borrowed string", line: 22, column: 124)

It appears the identifier is not included here,

https://github.com/zmap/zlint/blob/ddaf5ccd564ba8e5f1115f2885ac9cc9d6451248/v3/lints/cabf_br/lint_subject_public_key_info_improper_algorithm_object_identifier_encoding.go#L62

var allowedPublicKeyEncodings = [4][]byte{
    // encoded AlgorithmIdentifier for an RSA key
    {0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00},
    // encoded AlgorithmIdentifier for a P-256 key
    {0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07},
    // encoded AlgorithmIdentifier for a P-384 key
    {0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22},
    // encoded AlgorithmIdentifier for a P-521 key
    {0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23},
}

[mcpherrinm]

Ed25519 is not permitted by the CABF baseline requirements, so this lint is correct. If you're not interested in baseline requirement compliance, you shouldn't run this lint.

[juliusl]

@mcpherrinm appreciate the help, that makes much more sense now