Commit 015dfc57 authored by Ondřej Surý's avatar Ondřej Surý

Add initial EdDSA support (no signing yet)

parent 61329882
......@@ -92,6 +92,8 @@ typedef enum dnssec_key_algorithm {
DNSSEC_KEY_ALGORITHM_RSA_SHA512 = 10,
DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256 = 13,
DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384 = 14,
DNSSEC_KEY_ALGORITHM_ED25519 = 15,
DNSSEC_KEY_ALGORITHM_ED448 = 16,
} dnssec_key_algorithm_t;
struct dnssec_key;
......
......@@ -68,6 +68,18 @@ static const struct limits *get_limits(dnssec_key_algorithm_t algorithm)
.def = 384,
};
static const struct limits ED25519 = {
.min = 256,
.max = 256,
.def = 256,
};
static const struct limits ED448 = {
.min = 456,
.max = 456,
.def = 456,
};
switch (algorithm) {
case DNSSEC_KEY_ALGORITHM_DSA_SHA1:
case DNSSEC_KEY_ALGORITHM_DSA_SHA1_NSEC3:
......@@ -82,6 +94,10 @@ static const struct limits *get_limits(dnssec_key_algorithm_t algorithm)
return &EC256;
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return &EC384;
case DNSSEC_KEY_ALGORITHM_ED25519:
return &ED25519;
case DNSSEC_KEY_ALGORITHM_ED448:
return &ED448;
default:
return NULL;
}
......@@ -103,6 +119,8 @@ gnutls_pk_algorithm_t algorithm_to_gnutls(dnssec_key_algorithm_t dnssec)
case DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256:
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return GNUTLS_PK_EC;
case DNSSEC_KEY_ALGORITHM_ED25519:
case DNSSEC_KEY_ALGORITHM_ED448:
default:
return GNUTLS_PK_UNKNOWN;
}
......
......@@ -266,6 +266,8 @@ static const algorithm_functions_t *get_functions(const dnssec_key_t *key)
case DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256:
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return &ecdsa_functions;
case DNSSEC_KEY_ALGORITHM_ED25519:
case DNSSEC_KEY_ALGORITHM_ED448:
default:
return NULL;
}
......@@ -291,6 +293,8 @@ static gnutls_digest_algorithm_t get_digest_algorithm(const dnssec_key_t *key)
return GNUTLS_DIG_SHA512;
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return GNUTLS_DIG_SHA384;
case DNSSEC_KEY_ALGORITHM_ED25519:
case DNSSEC_KEY_ALGORITHM_ED448:
default:
return GNUTLS_DIG_UNKNOWN;
}
......
......@@ -71,6 +71,8 @@ const knot_lookup_t knot_dnssec_alg_names[] = {
{ KNOT_DNSSEC_ALG_ECC_GOST, "ECC_GOST" },
{ KNOT_DNSSEC_ALG_ECDSAP256SHA256, "ECDSAP256SHA256" },
{ KNOT_DNSSEC_ALG_ECDSAP384SHA384, "ECDSAP384SHA384" },
{ KNOT_DNSSEC_ALG_ED25519, "ED25519" },
{ KNOT_DNSSEC_ALG_ED448, "ED448" },
{ KNOT_DNSSEC_ALG_INDIRECT, "INDIRECT" },
{ KNOT_DNSSEC_ALG_PRIVATEDNS, "PRIVATEDNS" },
{ KNOT_DNSSEC_ALG_PRIVATEOID, "PRIVATEOID" },
......
......@@ -146,6 +146,9 @@ typedef enum {
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14,
KNOT_DNSSEC_ALG_ED25519 = 15,
KNOT_DNSSEC_ALG_ED448 = 16,
KNOT_DNSSEC_ALG_INDIRECT = 252,
KNOT_DNSSEC_ALG_PRIVATEDNS = 253,
KNOT_DNSSEC_ALG_PRIVATEOID = 254
......
......@@ -1318,6 +1318,12 @@ static size_t dnskey_len(const uint8_t *rdata,
case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
// RFC 6605.
return 384;
case KNOT_DNSSEC_ALG_ED25519:
// RFC TBD, an Ed25519 public key consists of a 32-octet value.
return 256;
case KNOT_DNSSEC_ALG_ED448:
// RFC TBD, an Ed448 public key consists of a 57-octet value.
return 456;
default:
return 0;
}
......
This diff is collapsed.
This diff is collapsed.
......@@ -1186,6 +1186,12 @@
action _write8_14 {
*(rdata_tail++) = 14;
}
action _write8_15 {
*(rdata_tail++) = 15;
}
action _write8_16 {
*(rdata_tail++) = 16;
}
action _write8_252 {
*(rdata_tail++) = 252;
}
......@@ -1663,6 +1669,8 @@
| "ECC-GOST"i %_write8_12
| "ECDSAP256SHA256"i %_write8_13
| "ECDSAP384SHA384"i %_write8_14
| "ED25519"i %_write8_15
| "ED448"i %_write8_16
| "INDIRECT"i %_write8_252
| "PRIVATEDNS"i %_write8_253
| "PRIVATEOID"i %_write8_254
......
......@@ -25,6 +25,8 @@ $TTL 1
@ CERT 0 0 ECC-GOST AA== ; Algorithm mnemo
@ CERT 0 0 ECDSAP256SHA256 AA== ; Algorithm mnemo
@ CERT 0 0 ECDSAP384SHA384 AA== ; Algorithm mnemo
@ CERT 0 0 ED25519 AA== ; Algorithm mnemo
@ CERT 0 0 ED448 AA== ; Algorithm mnemo
@ CERT 0 0 INDIRECT AA== ; Algorithm mnemo
@ CERT 0 0 PRIVATEDNS AA== ; Algorithm mnemo
@ CERT 0 0 PRIVATEOID AA== ; Algorithm mnemo
......
......@@ -140,6 +140,18 @@ OWNER=00
CLASS=0001
RRTTL=00000001
RTYPE=0025
RDATA=000000000F00
------
OWNER=00
CLASS=0001
RRTTL=00000001
RTYPE=0025
RDATA=000000001000
------
OWNER=00
CLASS=0001
RRTTL=00000001
RTYPE=0025
RDATA=00000000FC00
------
OWNER=00
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment