5 #include <decaf/eddsa.hxx>
6 #include <decaf/spongerng.hxx>
8 #include "dnssecinfra.hh"
10 using namespace decaf
;
12 class DecafED25519DNSCryptoKeyEngine
: public DNSCryptoKeyEngine
15 explicit DecafED25519DNSCryptoKeyEngine(unsigned int algo
) : DNSCryptoKeyEngine(algo
)
19 string
getName() const override
{ return "Decaf ED25519"; }
20 void create(unsigned int bits
) override
;
21 storvector_t
convertToISCVector() const override
;
22 std::string
getPubKeyHash() const override
;
23 std::string
sign(const std::string
& msg
) const override
;
24 bool verify(const std::string
& msg
, const std::string
& signature
) const override
;
25 std::string
getPublicKeyString() const override
;
26 int getBits() const override
;
27 void fromISCMap(DNSKEYRecordContent
& drc
, std::map
<std::string
, std::string
>& stormap
) override
;
28 void fromPublicKeyString(const std::string
& content
) override
;
29 void fromPEMString(DNSKEYRecordContent
& drc
, const std::string
& raw
) override
32 static std::shared_ptr
<DNSCryptoKeyEngine
> maker(unsigned int algorithm
)
34 return std::make_shared
<DecafED25519DNSCryptoKeyEngine
>(algorithm
);
38 unsigned char d_pubkey
[DECAF_EDDSA_25519_PUBLIC_BYTES
];
39 unsigned char d_seckey
[DECAF_EDDSA_25519_PRIVATE_BYTES
];
42 void DecafED25519DNSCryptoKeyEngine::create(unsigned int bits
)
44 if(bits
!= (unsigned int)getBits()) {
45 throw runtime_error("Unsupported key length of "+std::to_string(bits
)+" bits requested, DecafED25519 class");
48 SpongeRng
rng("/dev/urandom");
50 typename EdDSA
<IsoEd25519
>::PrivateKey
priv(rng
);
51 typename EdDSA
<IsoEd25519
>::PublicKey
pub(priv
);
53 priv
.serialize_into(d_seckey
);
54 pub
.serialize_into(d_pubkey
);
57 int DecafED25519DNSCryptoKeyEngine::getBits() const
59 return DECAF_EDDSA_25519_PRIVATE_BYTES
<< 3;
62 DNSCryptoKeyEngine::storvector_t
DecafED25519DNSCryptoKeyEngine::convertToISCVector() const
65 Private-key-format: v1.2
66 Algorithm: 15 (ED25519)
67 PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=
70 storvector_t storvector
;
72 storvector
.push_back(make_pair("Algorithm", "15 (ED25519)"));
73 storvector
.push_back(make_pair("PrivateKey", string((char*)d_seckey
, DECAF_EDDSA_25519_PRIVATE_BYTES
)));
78 void DecafED25519DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent
& drc
, std::map
<std::string
, std::string
>& stormap
)
81 Private-key-format: v1.2
82 Algorithm: 15 (ED25519)
83 PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=
86 drc
.d_algorithm
= pdns_stou(stormap
["algorithm"]);
87 string privateKey
= stormap
["privatekey"];
89 if (privateKey
.length() != DECAF_EDDSA_25519_PRIVATE_BYTES
)
90 throw runtime_error("Private key size mismatch in ISCMap, DecafED25519 class");
92 typename EdDSA
<IsoEd25519
>::PrivateKey
priv(Block((const unsigned char*)privateKey
.c_str(), DECAF_EDDSA_25519_PRIVATE_BYTES
));
93 typename EdDSA
<IsoEd25519
>::PublicKey
pub(priv
);
95 priv
.serialize_into(d_seckey
);
96 pub
.serialize_into(d_pubkey
);
99 std::string
DecafED25519DNSCryptoKeyEngine::getPubKeyHash() const
101 return this->getPublicKeyString();
104 std::string
DecafED25519DNSCryptoKeyEngine::getPublicKeyString() const
106 return string((char*)d_pubkey
, DECAF_EDDSA_25519_PUBLIC_BYTES
);
109 void DecafED25519DNSCryptoKeyEngine::fromPublicKeyString(const std::string
& input
)
111 if (input
.length() != DECAF_EDDSA_25519_PUBLIC_BYTES
)
112 throw runtime_error("Public key size mismatch, DecafED25519 class");
114 memcpy(d_pubkey
, input
.c_str(), DECAF_EDDSA_25519_PUBLIC_BYTES
);
117 std::string
DecafED25519DNSCryptoKeyEngine::sign(const std::string
& msg
) const
119 typename EdDSA
<IsoEd25519
>::PrivateKey
priv(Block(d_seckey
, DECAF_EDDSA_25519_PRIVATE_BYTES
));
121 SecureBuffer
message(msg
.begin(), msg
.end());
123 SecureBuffer sig
= priv
.sign(message
);
125 return string(sig
.begin(), sig
.end());
128 bool DecafED25519DNSCryptoKeyEngine::verify(const std::string
& msg
, const std::string
& signature
) const
130 if (signature
.length() != DECAF_EDDSA_25519_SIGNATURE_BYTES
)
133 typename EdDSA
<IsoEd25519
>::PublicKey
pub(Block(d_pubkey
, DECAF_EDDSA_25519_PUBLIC_BYTES
));
135 SecureBuffer
sig(signature
.begin(), signature
.end());
136 SecureBuffer
message(msg
.begin(), msg
.end());
139 pub
.verify(sig
, message
);
140 } catch(CryptoException
) {
148 class DecafED448DNSCryptoKeyEngine
: public DNSCryptoKeyEngine
151 explicit DecafED448DNSCryptoKeyEngine(unsigned int algo
) : DNSCryptoKeyEngine(algo
)
155 string
getName() const override
{ return "Decaf ED448"; }
156 void create(unsigned int bits
) override
;
157 storvector_t
convertToISCVector() const override
;
158 std::string
getPubKeyHash() const override
;
159 std::string
sign(const std::string
& msg
) const override
;
160 bool verify(const std::string
& msg
, const std::string
& signature
) const override
;
161 std::string
getPublicKeyString() const override
;
162 int getBits() const override
;
163 void fromISCMap(DNSKEYRecordContent
& drc
, std::map
<std::string
, std::string
>& stormap
) override
;
164 void fromPublicKeyString(const std::string
& content
) override
;
165 void fromPEMString(DNSKEYRecordContent
& drc
, const std::string
& raw
) override
168 static std::shared_ptr
<DNSCryptoKeyEngine
> maker(unsigned int algorithm
)
170 return std::make_shared
<DecafED448DNSCryptoKeyEngine
>(algorithm
);
174 unsigned char d_pubkey
[DECAF_EDDSA_448_PUBLIC_BYTES
];
175 unsigned char d_seckey
[DECAF_EDDSA_448_PRIVATE_BYTES
];
178 void DecafED448DNSCryptoKeyEngine::create(unsigned int bits
)
180 if(bits
!= (unsigned int)getBits()) {
181 throw runtime_error("Unsupported key length of "+std::to_string(bits
)+" bits requested, DecafED448 class");
184 SpongeRng
rng("/dev/urandom");
186 typename EdDSA
<Ed448Goldilocks
>::PrivateKey
priv(rng
);
187 typename EdDSA
<Ed448Goldilocks
>::PublicKey
pub(priv
);
189 priv
.serialize_into(d_seckey
);
190 pub
.serialize_into(d_pubkey
);
193 int DecafED448DNSCryptoKeyEngine::getBits() const
195 return DECAF_EDDSA_448_PRIVATE_BYTES
<< 3;
198 DNSCryptoKeyEngine::storvector_t
DecafED448DNSCryptoKeyEngine::convertToISCVector() const
201 Private-key-format: v1.2
202 Algorithm: 16 (ED448)
203 PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA
206 storvector_t storvector
;
208 storvector
.push_back(make_pair("Algorithm", "16 (ED448)"));
209 storvector
.push_back(make_pair("PrivateKey", string((char*)d_seckey
, DECAF_EDDSA_448_PRIVATE_BYTES
)));
214 void DecafED448DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent
& drc
, std::map
<std::string
, std::string
>& stormap
)
217 Private-key-format: v1.2
218 Algorithm: 16 (ED448)
219 PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA
222 drc
.d_algorithm
= pdns_stou(stormap
["algorithm"]);
223 string privateKey
= stormap
["privatekey"];
225 if (privateKey
.length() != DECAF_EDDSA_448_PRIVATE_BYTES
)
226 throw runtime_error("Private key size mismatch in ISCMap, DecafED448 class");
228 typename EdDSA
<Ed448Goldilocks
>::PrivateKey
priv(Block((const unsigned char*)privateKey
.c_str(), DECAF_EDDSA_448_PRIVATE_BYTES
));
229 typename EdDSA
<Ed448Goldilocks
>::PublicKey
pub(priv
);
231 priv
.serialize_into(d_seckey
);
232 pub
.serialize_into(d_pubkey
);
235 std::string
DecafED448DNSCryptoKeyEngine::getPubKeyHash() const
237 return this->getPublicKeyString();
240 std::string
DecafED448DNSCryptoKeyEngine::getPublicKeyString() const
242 return string((char*)d_pubkey
, DECAF_EDDSA_448_PUBLIC_BYTES
);
245 void DecafED448DNSCryptoKeyEngine::fromPublicKeyString(const std::string
& input
)
247 if (input
.length() != DECAF_EDDSA_448_PUBLIC_BYTES
)
248 throw runtime_error("Public key size mismatch, DecafED448 class");
250 memcpy(d_pubkey
, input
.c_str(), DECAF_EDDSA_448_PUBLIC_BYTES
);
253 std::string
DecafED448DNSCryptoKeyEngine::sign(const std::string
& msg
) const
255 typename EdDSA
<Ed448Goldilocks
>::PrivateKey
priv(Block(d_seckey
, DECAF_EDDSA_448_PRIVATE_BYTES
));
257 SecureBuffer
message(msg
.begin(), msg
.end());
259 SecureBuffer sig
= priv
.sign(message
);
261 return string(sig
.begin(), sig
.end());
264 bool DecafED448DNSCryptoKeyEngine::verify(const std::string
& msg
, const std::string
& signature
) const
266 if (signature
.length() != DECAF_EDDSA_448_SIGNATURE_BYTES
)
269 typename EdDSA
<Ed448Goldilocks
>::PublicKey
pub(Block(d_pubkey
, DECAF_EDDSA_448_PUBLIC_BYTES
));
271 SecureBuffer
sig(signature
.begin(), signature
.end());
272 SecureBuffer
message(msg
.begin(), msg
.end());
275 pub
.verify(sig
, message
);
276 } catch(CryptoException
) {
285 struct LoaderDecafStruct
289 DNSCryptoKeyEngine::report(15, &DecafED25519DNSCryptoKeyEngine::maker
, true);
290 DNSCryptoKeyEngine::report(16, &DecafED448DNSCryptoKeyEngine::maker
);