7 #include "dnssecinfra.hh"
9 class SodiumED25519DNSCryptoKeyEngine
: public DNSCryptoKeyEngine
12 explicit SodiumED25519DNSCryptoKeyEngine(unsigned int algo
) : DNSCryptoKeyEngine(algo
)
14 string
getName() const override
{ return "Sodium ED25519"; }
15 void create(unsigned int bits
) override
;
16 storvector_t
convertToISCVector() const override
;
17 std::string
getPubKeyHash() const override
;
18 std::string
sign(const std::string
& msg
) const override
;
19 bool verify(const std::string
& msg
, const std::string
& signature
) const override
;
20 std::string
getPublicKeyString() const override
;
21 int getBits() const override
;
22 void fromISCMap(DNSKEYRecordContent
& drc
, std::map
<std::string
, std::string
>& stormap
) override
;
23 void fromPublicKeyString(const std::string
& content
) override
;
24 void fromPEMString(DNSKEYRecordContent
& drc
, const std::string
& raw
) override
27 static std::shared_ptr
<DNSCryptoKeyEngine
> maker(unsigned int algorithm
)
29 return std::make_shared
<SodiumED25519DNSCryptoKeyEngine
>(algorithm
);
33 unsigned char d_pubkey
[crypto_sign_ed25519_PUBLICKEYBYTES
];
34 unsigned char d_seckey
[crypto_sign_ed25519_SECRETKEYBYTES
];
37 void SodiumED25519DNSCryptoKeyEngine::create(unsigned int bits
)
39 if(bits
!= crypto_sign_ed25519_SEEDBYTES
* 8) {
40 throw runtime_error("Unsupported key length of "+std::to_string(bits
)+" bits requested, SodiumED25519 class");
42 crypto_sign_ed25519_keypair(d_pubkey
, d_seckey
);
45 int SodiumED25519DNSCryptoKeyEngine::getBits() const
47 return crypto_sign_ed25519_SEEDBYTES
* 8;
50 DNSCryptoKeyEngine::storvector_t
SodiumED25519DNSCryptoKeyEngine::convertToISCVector() const
53 Private-key-format: v1.2
54 Algorithm: 15 (ED25519)
55 PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
58 storvector_t storvector
;
59 string algorithm
= "15 (ED25519)";
61 storvector
.push_back(make_pair("Algorithm", algorithm
));
63 vector
<unsigned char> buffer
;
64 storvector
.push_back(make_pair("PrivateKey", string((char*)d_seckey
, crypto_sign_ed25519_SEEDBYTES
)));
68 void SodiumED25519DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent
& drc
, std::map
<std::string
, std::string
>& stormap
)
71 Private-key-format: v1.2
72 Algorithm: 15 (ED25519)
73 PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
76 drc
.d_algorithm
= pdns_stou(stormap
["algorithm"]);
77 string privateKey
= stormap
["privatekey"];
79 if (privateKey
.length() != crypto_sign_ed25519_SEEDBYTES
)
80 throw runtime_error("Seed size mismatch in ISCMap, SodiumED25519 class");
82 std::unique_ptr
<unsigned char[]> seed(new unsigned char[crypto_sign_ed25519_SEEDBYTES
]);
84 memcpy(seed
.get(), privateKey
.c_str(), crypto_sign_ed25519_SEEDBYTES
);
85 crypto_sign_ed25519_seed_keypair(d_pubkey
, d_seckey
, seed
.get());
88 std::string
SodiumED25519DNSCryptoKeyEngine::getPubKeyHash() const
90 return this->getPublicKeyString();
93 std::string
SodiumED25519DNSCryptoKeyEngine::getPublicKeyString() const
95 return string((char*)d_pubkey
, crypto_sign_ed25519_PUBLICKEYBYTES
);
98 void SodiumED25519DNSCryptoKeyEngine::fromPublicKeyString(const std::string
& input
)
100 if (input
.length() != crypto_sign_ed25519_PUBLICKEYBYTES
)
101 throw runtime_error("Public key size mismatch, SodiumED25519 class");
103 memcpy(d_pubkey
, input
.c_str(), crypto_sign_ed25519_PUBLICKEYBYTES
);
106 std::string
SodiumED25519DNSCryptoKeyEngine::sign(const std::string
& msg
) const
108 unsigned long long smlen
= msg
.length() + crypto_sign_ed25519_BYTES
;
109 std::unique_ptr
<unsigned char[]> sm(new unsigned char[smlen
]);
111 crypto_sign_ed25519(sm
.get(), &smlen
, (const unsigned char*)msg
.c_str(), msg
.length(), d_seckey
);
113 return string((const char*)sm
.get(), crypto_sign_ed25519_BYTES
);
116 bool SodiumED25519DNSCryptoKeyEngine::verify(const std::string
& msg
, const std::string
& signature
) const
118 if (signature
.length() != crypto_sign_ed25519_BYTES
)
121 unsigned long long smlen
= msg
.length() + crypto_sign_ed25519_BYTES
;
122 std::unique_ptr
<unsigned char[]> sm(new unsigned char[smlen
]);
124 memcpy(sm
.get(), signature
.c_str(), crypto_sign_ed25519_BYTES
);
125 memcpy(sm
.get() + crypto_sign_ed25519_BYTES
, msg
.c_str(), msg
.length());
127 std::unique_ptr
<unsigned char[]> m(new unsigned char[smlen
]);
129 return crypto_sign_ed25519_open(m
.get(), &smlen
, sm
.get(), smlen
, d_pubkey
) == 0;
133 struct LoaderSodiumStruct
137 DNSCryptoKeyEngine::report(15, &SodiumED25519DNSCryptoKeyEngine::maker
);