From 48e6fbb69ea1954823944dab01b9dd9eff875da1 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 19 Jun 2017 11:09:47 +0200
Subject: [PATCH] add ED448 to signers unit test

---
 pdns/Makefile.am     |  5 +++++
 pdns/test-signers.cc | 45 +++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index ce66160fb..9f1cead79 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -1192,6 +1192,11 @@ testrunner_SOURCES += sodiumsigners.cc
 testrunner_LDADD += $(LIBSODIUM_LIBS)
 endif
 
+if LIBDECAF
+testrunner_SOURCES += decafsigners.cc
+testrunner_LDADD += $(LIBDECAF_LIBS)
+endif
+
 pdns_control_SOURCES = \
 	arguments.cc \
 	dynloader.cc \
diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc
index 993c035b3..043b1ab70 100644
--- a/pdns/test-signers.cc
+++ b/pdns/test-signers.cc
@@ -16,7 +16,7 @@
 
 BOOST_AUTO_TEST_SUITE(test_signers)
 
-#ifdef HAVE_LIBSODIUM
+#if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBDECAF)
 BOOST_AUTO_TEST_CASE(test_ed25519_signer) {
     vector<std::shared_ptr<DNSRecordContent> > rrs;
     DNSName qname("example.com.");
@@ -59,4 +59,47 @@ BOOST_AUTO_TEST_CASE(test_ed25519_signer) {
 }
 #endif
 
+#ifdef HAVE_LIBDECAF
+BOOST_AUTO_TEST_CASE(test_ed448_signer) {
+    vector<std::shared_ptr<DNSRecordContent> > rrs;
+    DNSName qname("example.com.");
+    DNSKEYRecordContent drc;
+
+    // TODO: make this a collection of inputs and resulting sigs for various algos
+    shared_ptr<DNSCryptoKeyEngine> engine = DNSCryptoKeyEngine::makeFromISCString(drc,
+"Private-key-format: v1.2\n"
+"Algorithm: 16 (ED448)\n"
+"PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA\n");
+
+    DNSSECPrivateKey dpk;
+    dpk.setKey(engine);
+
+    reportBasicTypes();
+
+    rrs.push_back(DNSRecordContent::makeunique(QType::MX, 1, "10 mail.example.com."));
+
+    RRSIGRecordContent rrc;
+    rrc.d_originalttl = 3600;
+    rrc.d_sigexpire = 1440021600;
+    rrc.d_siginception = 1438207200;
+    rrc.d_signer = qname;
+    rrc.d_type = QType::MX;
+    rrc.d_labels = 2;
+    // TODO: derive the next two from the key
+    rrc.d_tag = 9713;
+    rrc.d_algorithm = 16;
+
+    string msg = getMessageForRRSET(qname, rrc, rrs, false);
+
+    // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py (rev 476d6ded) by printing signature_data
+    BOOST_CHECK_EQUAL(makeHexDump(msg), "00 0f 10 02 00 00 0e 10 55 d4 fc 60 55 b9 4c e0 25 f1 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 0f 00 01 00 00 0e 10 00 14 00 0a 04 6d 61 69 6c 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ");
+
+    string signature = engine->sign(msg);
+    string b64 = Base64Encode(signature);
+
+    // vector verified from dnskey.py as above, and confirmed with https://www.rfc-editor.org/errata_search.php?rfc=8080&eid=4935
+    BOOST_CHECK_EQUAL(b64, "3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLmjInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKiwZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQvE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213WKsJlwEA");
+}
+#endif
+
 BOOST_AUTO_TEST_SUITE_END()
-- 
2.40.0