add ED448 to signers unit test

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index ce66160fb32ee6005af7857feb03f04f197b7a0e..9f1cead79184a9bd3d83a27e9d33f26d83caaee8 100644 (file)
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -1192,6 +1192,11 @@ testrunner_SOURCES += sodiumsigners.cc
 testrunner_LDADD += $(LIBSODIUM_LIBS)
 endif
 
+if LIBDECAF
+testrunner_SOURCES += decafsigners.cc
+testrunner_LDADD += $(LIBDECAF_LIBS)
+endif
+
 pdns_control_SOURCES = \
        arguments.cc \
        dynloader.cc \

diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc
index 993c035b34e281b24558e3fc6fbadf7b9fdc087c..043b1ab7039788669ddd5d36317b521fbc4b10b8 100644 (file)
--- a/pdns/test-signers.cc
+++ b/pdns/test-signers.cc
@@ -16,7 +16,7 @@
 
 BOOST_AUTO_TEST_SUITE(test_signers)
 
-#ifdef HAVE_LIBSODIUM
+#if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBDECAF)
 BOOST_AUTO_TEST_CASE(test_ed25519_signer) {
     vector<std::shared_ptr<DNSRecordContent> > rrs;
     DNSName qname("example.com.");
@@ -59,4 +59,47 @@ BOOST_AUTO_TEST_CASE(test_ed25519_signer) {
 }
 #endif
 
+#ifdef HAVE_LIBDECAF
+BOOST_AUTO_TEST_CASE(test_ed448_signer) {
+    vector<std::shared_ptr<DNSRecordContent> > rrs;
+    DNSName qname("example.com.");
+    DNSKEYRecordContent drc;
+
+    // TODO: make this a collection of inputs and resulting sigs for various algos
+    shared_ptr<DNSCryptoKeyEngine> engine = DNSCryptoKeyEngine::makeFromISCString(drc,
+"Private-key-format: v1.2\n"
+"Algorithm: 16 (ED448)\n"
+"PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA\n");
+
+    DNSSECPrivateKey dpk;
+    dpk.setKey(engine);
+
+    reportBasicTypes();
+
+    rrs.push_back(DNSRecordContent::makeunique(QType::MX, 1, "10 mail.example.com."));
+
+    RRSIGRecordContent rrc;
+    rrc.d_originalttl = 3600;
+    rrc.d_sigexpire = 1440021600;
+    rrc.d_siginception = 1438207200;
+    rrc.d_signer = qname;
+    rrc.d_type = QType::MX;
+    rrc.d_labels = 2;
+    // TODO: derive the next two from the key
+    rrc.d_tag = 9713;
+    rrc.d_algorithm = 16;
+
+    string msg = getMessageForRRSET(qname, rrc, rrs, false);
+
+    // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py (rev 476d6ded) by printing signature_data
+    BOOST_CHECK_EQUAL(makeHexDump(msg), "00 0f 10 02 00 00 0e 10 55 d4 fc 60 55 b9 4c e0 25 f1 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 0f 00 01 00 00 0e 10 00 14 00 0a 04 6d 61 69 6c 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ");
+
+    string signature = engine->sign(msg);
+    string b64 = Base64Encode(signature);
+
+    // vector verified from dnskey.py as above, and confirmed with https://www.rfc-editor.org/errata_search.php?rfc=8080&eid=4935
+    BOOST_CHECK_EQUAL(b64, "3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLmjInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKiwZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQvE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213WKsJlwEA");
+}
+#endif
+
 BOOST_AUTO_TEST_SUITE_END()