From: Bob Halley <halley@dnspython.org>
Date: Wed, 11 Mar 2020 17:16:06 +0000 (-0700)
Subject: Merge pull request #424 from bwelling/master
X-Git-Tag: v2.0.0rc1~330
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df6813dcaf963f207bf51aae57a73d122dc9b316;p=thirdparty%2Fdnspython.git

Merge pull request #424 from bwelling/master

Add support for EdDSA DNSSEC algorithms.
---

df6813dcaf963f207bf51aae57a73d122dc9b316
diff --cc dns/dnssec.py
index 43f9b4b4,0cabb5b5..a6686692
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@@ -383,12 -381,23 +392,23 @@@ def _validate_rrsig(rrset, rrsig, keys
              ecdsa_x = keyptr[0:octets]
              ecdsa_y = keyptr[octets:octets * 2]
              pubkey = CryptoECC.construct(
 -                curve = curve,
 -                point_x = number.bytes_to_long(ecdsa_x),
 -                point_y = number.bytes_to_long(ecdsa_y))
 +                curve=curve,
 +                point_x=number.bytes_to_long(ecdsa_x),
 +                point_y=number.bytes_to_long(ecdsa_y))
              sig = rrsig.signature
  
-         elif _is_eddsa(rrsig.algorithm) or _is_gost(rrsig.algorithm):
+         elif _is_eddsa(rrsig.algorithm):
+             keyptr = candidate_key.key
+             if not (_have_ecpy and sys.version_info >= (3, 6)):
+                 raise ImportError('DNSSEC validation for algorithm %u requires ecpy library and Python 3.6 or newer' % rrsig.algorithm)
+             if rrsig.algorithm == ED25519:
+                 curve = 'Ed25519'
+             else:
+                 curve = 'Ed448'
+             point = Curve.get_curve(curve).decode_point(keyptr)
+             pubkey = ECPublicKey(point)
+             sig = rrsig.signature
+         elif _is_gost(rrsig.algorithm):
              raise UnsupportedAlgorithm(
                  'algorithm "%s" not supported by dnspython' % algorithm_to_text(rrsig.algorithm))
          else: