DKIM: accept ed25519.

src/App/Type/DKIM.purs

@@ -55,8 +55,8 @@ show_hashing_algorithm = case _ of
   -- SHA1   -> "sha1"
   SHA256 -> "sha256"
 
-data SignatureAlgorithm = RSA
-sign_algos = [RSA] :: Array SignatureAlgorithm
+data SignatureAlgorithm = RSA | ED25519
+sign_algos = [RSA, ED25519] :: Array SignatureAlgorithm
 
 -- | Codec for just encoding a single value of type `SignatureAlgorithm`.
 codecSignatureAlgorithm :: CA.JsonCodec SignatureAlgorithm
@@ -65,11 +65,13 @@ codecSignatureAlgorithm = CA.prismaticCodec "SignatureAlgorithm" str_to_signatur
 str_to_signature_algorithm :: String -> Maybe SignatureAlgorithm
 str_to_signature_algorithm = case _ of
   "rsa"       -> Just RSA
+  "ed25519"   -> Just ED25519
   _ -> Nothing
 
 show_signature_algorithm :: SignatureAlgorithm -> String
 show_signature_algorithm = case _ of
-  RSA -> "rsa"
+  RSA     -> "rsa"
+  ED25519 -> "ed25519"
 
 data Version = DKIM1
 

src/App/Validation/DNS.purs

@@ -269,6 +269,7 @@ validationSPF form = ado
 
 -- | Accepted RSA key sizes = 2048 or 4096 bits, meaning 256 or 512 characters.
 accepted_rsa_key_sizes = [256, 512] :: Array Int
+accepted_ed25519_key_sizes = [32] :: Array Int
 
 verify_public_key :: DKIM.SignatureAlgorithm -> DKIM.PublicKey -> V (Array Error) DKIM.PublicKey
 verify_public_key signalgo key = case signalgo of
@@ -277,6 +278,11 @@ verify_public_key signalgo key = case signalgo of
          then pure key
          else invalid [DKIMInvalidKeySize accepted_rsa_key_sizes]
     in k
+  DKIM.ED25519 -> ado
+    k <- if A.elem (S.length key) accepted_ed25519_key_sizes
+         then pure key
+         else invalid [DKIMInvalidKeySize accepted_ed25519_key_sizes]
+    in k
 
 validationDKIM :: ResourceRecord -> V (Array Error) ResourceRecord
 validationDKIM form =