Test Ed448 as part of the generic mechanism for testing signers

This also automatically tests a few things that weren't being tested before.

diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc
index d4c8c28226b6dc49c2d1b3b2fc5305bff75cd081..9b0b7586a051b59e9fe81e89fd27dee740d0e652 100644 (file)
--- a/pdns/test-signers.cc
+++ b/pdns/test-signers.cc
@@ -167,8 +167,8 @@ static const SignerParams ed25519 = SignerParams{
 
   .name = "ed25519.",
 
-  // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py
-  // (rev 476d6ded) by printing signature_data
+  // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py (rev
+  // 476d6ded) by printing signature_data
   .rfcMsgDump = "00 0f 0f 02 00 00 0e 10 55 d4 fc 60 55 b9 4c e0 0e 1d 07 65 78 "
                 "61 6d 70 6c 65 03 63 6f 6d 00 07 65 78 61 6d 70 6c 65 03 63 6f "
                 "6d 00 00 0f 00 01 00 00 0e 10 00 14 00 0a 04 6d 61 69 6c 07 65 "
@@ -190,6 +190,64 @@ static const SignerParams ed25519 = SignerParams{
          "MC4CAQAwBQYDK2VwBCIEIDgyMjYwMzg0NjI4MDgwMTIyNjQ1MTkwMjA0MTQyMjYy\n"
          "-----END PRIVATE KEY-----\n"};
 
+/* Ed448.
+ */
+static const SignerParams ed448 = SignerParams{
+  .iscMap = "Private-key-format: v1.2\n"
+            "Algorithm: 16 (ED448)\n"
+            "PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA\n",
+
+  .dsSHA1 = "9712 16 1 2873e800eb2d784cdd1802f884b3c540b573eaa0",
+
+  .dsSHA256 = "9712 16 2 9aa27306f8a04a0a6fae8affd65d6f35875dcb134c05bd7c7b61bd0dc44009cd",
+
+  .dsSHA384 = "9712 16 4 3876e5d892d3f31725f9964a332f9b9afd791171833480f2e71af78efb985cde9900ba95315287123a5908ca8f334369",
+
+  // clang-format off
+  .signature = {
+    0xb5, 0xcc, 0x21, 0x5a, 0x52, 0x21, 0x60, 0xa3, 0xb8, 0xd9, 0x3a, 0xd7, 0x05,
+    0xdd, 0x4a, 0x32, 0x96, 0xce, 0x08, 0xde, 0x74, 0x5f, 0xdb, 0xde, 0x54, 0x95,
+    0x97, 0x93, 0x6f, 0x3a, 0x4a, 0x34, 0x41, 0x14, 0xba, 0x99, 0x86, 0x0d, 0xe2,
+    0x99, 0xf1, 0x14, 0x6a, 0x1b, 0x7a, 0xfa, 0xef, 0xab, 0x62, 0xd2, 0x71, 0x85,
+    0xae, 0xd1, 0x84, 0x80, 0x00, 0x50, 0x03, 0x9e, 0x73, 0x53, 0xe8, 0x9e, 0x19,
+    0xb8, 0xc0, 0xdb, 0xd4, 0xf0, 0x1e, 0x44, 0x4c, 0xb7, 0x32, 0x07, 0xda, 0x0b,
+    0x64, 0x22, 0xa8, 0x63, 0xaa, 0x7a, 0x12, 0x73, 0xc9, 0x29, 0xfd, 0x50, 0x85,
+    0x0f, 0x43, 0x72, 0x77, 0x86, 0xec, 0x88, 0x1a, 0x96, 0x95, 0x4a, 0x01, 0xfe,
+    0xf2, 0xe6, 0x77, 0x4a, 0x2e, 0x43, 0xdd, 0x60, 0x29, 0x00,
+  },
+  // clang-format on
+
+  .zoneRepresentation = "256 3 16 "
+                        "3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+"
+                        "G2MpTPhpj/OiBVHHSfPodx1FYYUcJKm1MDpJtIA",
+
+  .name = "ed448.",
+
+  // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py (rev
+  // 476d6ded) by printing signature_data
+  .rfcMsgDump = "00 0f 10 02 00 00 0e 10 55 d4 fc 60 55 b9 4c e0 25 f1 07 65 78 "
+                "61 6d 70 6c 65 03 63 6f 6d 00 07 65 78 61 6d 70 6c 65 03 63 6f "
+                "6d 00 00 0f 00 01 00 00 0e 10 00 14 00 0a 04 6d 61 69 6c 07 65 "
+                "78 61 6d 70 6c 65 03 63 6f 6d 00 ",
+
+  // vector verified from dnskey.py as above, and confirmed with
+  // https://www.rfc-editor.org/errata_search.php?rfc=8080&eid=4935
+  .rfcB64Signature = "3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLmjInI8w1CMB29FkEA"
+                     "IJUA0amxWndkmnBZ6SKiwZSAxGILn/NBtOXft0+Gj7FSvOKxE/07"
+                     "+4RQvE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213WKsJlwEA",
+
+  .bits = 456,
+  .flags = 256,
+  .rfcFlags = 257,
+
+  .algorithm = DNSSECKeeper::ED448,
+  .isDeterministic = true,
+
+  .pem = "-----BEGIN PRIVATE KEY-----\n"
+         "MEcCAQAwBQYDK2VxBDsEOcWfuQoJuOt8boLZGOQdCcenqxU16dd62HoLLdKkbTbD\n"
+         "mJ2laTMdGf3ORIgPcfMFmww3Lf1NxYWFgA==\n"
+         "-----END PRIVATE KEY-----\n"};
+
 struct Fixture
 {
   Fixture()
@@ -211,6 +269,10 @@ struct Fixture
     #if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBDECAF) || defined(HAVE_LIBCRYPTO_ED25519)
     addSignerParams(DNSSECKeeper::ED25519, "ED25519", ed25519);
     #endif
+
+    #if defined(HAVE_LIBDECAF) || defined(HAVE_LIBCRYPTO_ED448)
+    addSignerParams(DNSSECKeeper::ED448, "ED448", ed448);
+    #endif
   }
 
   void addSignerParams(const uint8_t algorithm, const std::string& name, const SignerParams& params)
@@ -373,49 +435,6 @@ BOOST_FIXTURE_TEST_CASE(test_generic_signers, Fixture)
   }
 }
 
-#if defined(HAVE_LIBDECAF) || defined(HAVE_LIBCRYPTO_ED448)
-BOOST_AUTO_TEST_CASE(test_ed448_signer) {
-    sortedRecords_t rrs;
-    DNSName qname("example.com.");
-    DNSKEYRecordContent drc;
-
-    // TODO: make this a collection of inputs and resulting sigs for various algos
-    shared_ptr<DNSCryptoKeyEngine> engine = DNSCryptoKeyEngine::makeFromISCString(drc,
-"Private-key-format: v1.2\n"
-"Algorithm: 16 (ED448)\n"
-"PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA\n");
-
-    DNSSECPrivateKey dpk;
-    dpk.setKey(engine);
-
-    reportBasicTypes();
-
-    rrs.insert(DNSRecordContent::mastermake(QType::MX, 1, "10 mail.example.com."));
-
-    RRSIGRecordContent rrc;
-    rrc.d_originalttl = 3600;
-    rrc.d_sigexpire = 1440021600;
-    rrc.d_siginception = 1438207200;
-    rrc.d_signer = qname;
-    rrc.d_type = QType::MX;
-    rrc.d_labels = 2;
-    // TODO: derive the next two from the key
-    rrc.d_tag = 9713;
-    rrc.d_algorithm = 16;
-
-    string msg = getMessageForRRSET(qname, rrc, rrs, false);
-
-    // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py (rev 476d6ded) by printing signature_data
-    BOOST_CHECK_EQUAL(makeHexDump(msg), "00 0f 10 02 00 00 0e 10 55 d4 fc 60 55 b9 4c e0 25 f1 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 0f 00 01 00 00 0e 10 00 14 00 0a 04 6d 61 69 6c 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ");
-
-    string signature = engine->sign(msg);
-    string b64 = Base64Encode(signature);
-
-    // vector verified from dnskey.py as above, and confirmed with https://www.rfc-editor.org/errata_search.php?rfc=8080&eid=4935
-    BOOST_CHECK_EQUAL(b64, "3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLmjInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKiwZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQvE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213WKsJlwEA");
-}
-#endif /* defined(HAVE_LIBDECAF) || defined(HAVE_LIBCRYPTO_ED448) */
-
 BOOST_AUTO_TEST_CASE(test_hash_qname_with_salt) {
   {
     // rfc5155 appendix A