[AC_DEFINE([HAVE_GNUTLS_PKCS11], [1], [gnutls_pkcs11_copy_pubkey available])
gnutls_pkcs11=yes], [gnutls_pkcs11=no])
- AC_CHECK_DECL([GNUTLS_SIGN_EDDSA_ED448],
- [AC_DEFINE([HAVE_ED448], [1], [GnuTLS ED448 support available])
- enable_ed448=yes],
- [enable_ed448=no],
- [#include <gnutls/gnutls.h>])
-
AC_CHECK_FUNC([gnutls_early_cipher_get],
[AC_DEFINE([HAVE_GNUTLS_QUIC], [1], [gnutls_early_cipher_get available])
gnutls_quic=yes], [gnutls_quic=no])
D-Bus support: ${enable_dbus}
POSIX capabilities: ${enable_cap_ng}
PKCS #11 support: ${enable_pkcs11}
- Ed448 support: ${enable_ed448}
Code coverage: ${enable_code_coverage}
Sanitizer: ${with_sanitizer}
- ``ed25519``
- ``ed448``
-.. NOTE::
- Ed448 algorithm is only available if compiled with GnuTLS 3.6.12+ and Nettle 3.6+.
-
*Default:* ``ecdsap256sha256``
.. _policy_ksk-size:
{ DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256, "ecdsap256sha256" },
{ DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384, "ecdsap384sha384" },
{ DNSSEC_KEY_ALGORITHM_ED25519, "ed25519" },
-#ifdef HAVE_ED448
{ DNSSEC_KEY_ALGORITHM_ED448, "ed448" },
-#endif
{ 0, NULL }
};
return GNUTLS_PK_ECDSA;
case DNSSEC_KEY_ALGORITHM_ED25519:
return GNUTLS_PK_EDDSA_ED25519;
-#ifdef HAVE_ED448
case DNSSEC_KEY_ALGORITHM_ED448:
return GNUTLS_PK_EDDSA_ED448;
-#endif
default:
return GNUTLS_PK_UNKNOWN;
}
{
switch (curve) {
case GNUTLS_ECC_CURVE_ED25519: return 32;
-#ifdef HAVE_ED448
case GNUTLS_ECC_CURVE_ED448: return 57;
-#endif
default: return 0;
}
}
{
switch (rdata_size) {
case 32: return GNUTLS_ECC_CURVE_ED25519;
-#ifdef HAVE_ED448
case 57: return GNUTLS_ECC_CURVE_ED448;
-#endif
default: return GNUTLS_ECC_CURVE_INVALID;
}
}
case GNUTLS_PK_RSA: return rsa_pubkey_to_rdata(key, rdata);
case GNUTLS_PK_ECDSA: return ecdsa_pubkey_to_rdata(key, rdata);
case GNUTLS_PK_EDDSA_ED25519: return eddsa_pubkey_to_rdata(key, rdata);
-#ifdef HAVE_ED448
case GNUTLS_PK_EDDSA_ED448: return eddsa_pubkey_to_rdata(key, rdata);
-#endif
default: return KNOT_INVALID_KEY_ALGORITHM;
}
}
case GNUTLS_PK_RSA: return rsa_rdata_to_pubkey(rdata, key);
case GNUTLS_PK_ECDSA: return ecdsa_rdata_to_pubkey(rdata, key);
case GNUTLS_PK_EDDSA_ED25519: return eddsa_rdata_to_pubkey(rdata, key);
-#ifdef HAVE_ED448
case GNUTLS_PK_EDDSA_ED448: return eddsa_rdata_to_pubkey(rdata, key);
-#endif
default: return KNOT_INVALID_KEY_ALGORITHM;
}
}
return GNUTLS_SIGN_ECDSA_SHA384;
case DNSSEC_KEY_ALGORITHM_ED25519:
return GNUTLS_SIGN_EDDSA_ED25519;
-#ifdef HAVE_ED448
case DNSSEC_KEY_ALGORITHM_ED448:
return GNUTLS_SIGN_EDDSA_ED448;
-#endif
default:
return GNUTLS_SIGN_UNKNOWN;
}
{
switch (pubkey_size) {
case 32: return GNUTLS_ECC_CURVE_ED25519;
-#ifdef HAVE_ED448
case 57: return GNUTLS_ECC_CURVE_ED448;
-#endif
case 64: return GNUTLS_ECC_CURVE_SECP256R1;
case 96: return GNUTLS_ECC_CURVE_SECP384R1;
default: return GNUTLS_ECC_CURVE_INVALID;
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return ecdsa_params_to_pem(key, params, pem);
case DNSSEC_KEY_ALGORITHM_ED25519:
-#ifdef HAVE_ED448
case DNSSEC_KEY_ALGORITHM_ED448:
-#endif
return eddsa_params_to_pem(key, params, pem);
default:
return KNOT_INVALID_KEY_ALGORITHM;
{ "RSA", &SAMPLE_RSA1024_SHA256_KEY },
{ "ECDSA", &SAMPLE_ECDSA_P256_SHA256_KEY },
{ "ED25519", &SAMPLE_ED25519_KEY },
-#ifdef HAVE_ED448
{ "ED448", &SAMPLE_ED448_KEY },
-#endif
{ NULL }
};
is_int(2048, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3), "rsa default");
is_int(256, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256), "ecc default");
is_int(256, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_ED25519), "ed25519 default");
-#ifdef HAVE_ED448
is_int(456, dnssec_algorithm_key_size_default(DNSSEC_KEY_ALGORITHM_ED448), "ed448 default");
-#endif
}
int main(void)
ok_range(DNSSEC_KEY_ALGORITHM_RSA_SHA512, 1024, 4096, "RSA/SHA256");
ok_range(DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384, 384, 384, "ECDSA/SHA384");
ok_range(DNSSEC_KEY_ALGORITHM_ED25519, 256, 256, "ED25519");
-#ifdef HAVE_ED448
ok_range(DNSSEC_KEY_ALGORITHM_ED448, 456, 456, "ED448");
-#endif
+
null_range();
check_borders();
test_key("RSA", &SAMPLE_RSA1024_SHA256_KEY);
test_key("ECDSA", &SAMPLE_ECDSA_P256_SHA256_KEY);
test_key("ED25519", &SAMPLE_ED25519_KEY);
-#ifdef HAVE_ED448
test_key("ED448", &SAMPLE_ED448_KEY);
-#endif
test_errors(&SAMPLE_ECDSA_P256_SHA256_KEY);
test_errors(&SAMPLE_ED25519_KEY);
-#ifdef HAVE_ED448
test_errors(&SAMPLE_ED448_KEY);
-#endif
dnssec_crypto_cleanup();
0x70, 0x34, 0x5e, 0x02, 0x49, 0xfb, 0x9e, 0x05,
}};
-#ifdef HAVE_ED448
static const dnssec_binary_t signed_ed448 = { .size = 114, .data = (uint8_t []) {
0x8d, 0x79, 0x27, 0xbd, 0xe2, 0xc4, 0x23, 0xd8, 0x26, 0xc1, 0xd4, 0xab,
0x6a, 0x0d, 0xdf, 0xe5, 0x5c, 0xf1, 0x8d, 0x3f, 0x1b, 0x13, 0x81, 0x94,
0x74, 0x99, 0x01, 0x98, 0x5f, 0xdb, 0xea, 0xdf, 0xab, 0x59, 0x6c, 0x79,
0xe2, 0xc2, 0x2a, 0x91, 0x29, 0x00
}};
-#endif
static dnssec_binary_t binary_set_string(char *str)
{
check_key(&SAMPLE_ECDSA_P256_SHA256_KEY, &input_data, &signed_ecdsa, false);
diag("ED25519 signing");
check_key(&SAMPLE_ED25519_KEY, &input_data, &signed_ed25519, true);
-#ifdef HAVE_ED448
diag("ED448 signing");
check_key(&SAMPLE_ED448_KEY, &input_data, &signed_ed448, true);
-#endif
dnssec_crypto_cleanup();
projects / thirdparty / knot-dns.git / commitdiff
