Merge pull request #424 from bwelling/master

Add support for EdDSA DNSSEC algorithms.

diff --cc dns/dnssec.py
index 43f9b4b4f3c80e82479f0a205603a035f73e739e,0cabb5b56edde9f41fd479a8a1d1018d98b18b5d..a6686692aae840aae572c38319f58e6fd9ad95b6
--- 1/dns/dnssec.py
--- 2/dns/dnssec.py
+++ b/dns/dnssec.py
@@@ -383,12 -381,23 +392,23 @@@ def _validate_rrsig(rrset, rrsig, keys
              ecdsa_x = keyptr[0:octets]
              ecdsa_y = keyptr[octets:octets * 2]
              pubkey = CryptoECC.construct(
 -                curve = curve,
 -                point_x = number.bytes_to_long(ecdsa_x),
 -                point_y = number.bytes_to_long(ecdsa_y))
 +                curve=curve,
 +                point_x=number.bytes_to_long(ecdsa_x),
 +                point_y=number.bytes_to_long(ecdsa_y))
              sig = rrsig.signature
  
-         elif _is_eddsa(rrsig.algorithm) or _is_gost(rrsig.algorithm):
+         elif _is_eddsa(rrsig.algorithm):
+             keyptr = candidate_key.key
+             if not (_have_ecpy and sys.version_info >= (3, 6)):
+                 raise ImportError('DNSSEC validation for algorithm %u requires ecpy library and Python 3.6 or newer' % rrsig.algorithm)
+             if rrsig.algorithm == ED25519:
+                 curve = 'Ed25519'
+             else:
+                 curve = 'Ed448'
+             point = Curve.get_curve(curve).decode_point(keyptr)
+             pubkey = ECPublicKey(point)
+             sig = rrsig.signature
+         elif _is_gost(rrsig.algorithm):
              raise UnsupportedAlgorithm(
                  'algorithm "%s" not supported by dnspython' % algorithm_to_text(rrsig.algorithm))
          else: