Commit 3802e36b authored by Vladimír Čunát's avatar Vladimír Čunát Committed by Daniel Salzman
Browse files

libdnssec: finish ED448 support

gnutls 3.6.12 adds support for this, given that you use sufficiently new
nettle (not released yet).  I tested this with Knot Resolver and
https://rootcanary.org/test.html

Note: in some switch statements I moved the labels inside #ifdef guards.
Otherwise the fall-through wouldn't be correct in the weird case of
not supporting ed25519 but supporting ed448 (shouldn't happen anyway).
parent 47657d50
Pipeline #59244 passed with stages
in 8 minutes and 4 seconds
......@@ -162,6 +162,12 @@ PKG_CHECK_MODULES([gnutls], [gnutls >= 3.3], [
[enable_ed25519=no],
[#include <gnutls/gnutls.h>])
AC_CHECK_DECL([GNUTLS_SIGN_EDDSA_ED448],
[AC_DEFINE([HAVE_ED448], [1], [GnuTLS ED448 support available])
enable_ed448=yes],
[enable_ed448=no],
[#include <gnutls/gnutls.h>])
AC_CHECK_FUNC([gnutls_privkey_sign_data2],
[AC_DEFINE([HAVE_SIGN_DATA2], [1], [gnutls_privkey_sign_data2 available])])
......@@ -716,6 +722,7 @@ result_msg_base=" Knot DNS $VERSION
POSIX capabilities: ${enable_cap_ng}
PKCS #11 support: ${enable_pkcs11}
Ed25519 support: ${enable_ed25519}
Ed448 support: ${enable_ed448}
Code coverage: ${enable_code_coverage}
Sanitizer: ${with_sanitizer}
LibFuzzer: ${with_fuzzer}
......
......@@ -94,11 +94,14 @@ gnutls_pk_algorithm_t algorithm_to_gnutls(dnssec_key_algorithm_t dnssec)
case DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256:
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return GNUTLS_PK_EC;
case DNSSEC_KEY_ALGORITHM_ED25519:
#ifdef HAVE_ED25519
case DNSSEC_KEY_ALGORITHM_ED25519:
return GNUTLS_PK_EDDSA_ED25519;
#endif
#ifdef HAVE_ED448
case DNSSEC_KEY_ALGORITHM_ED448:
return GNUTLS_PK_EDDSA_ED448;
#endif
default:
return GNUTLS_PK_UNKNOWN;
}
......
......@@ -222,8 +222,8 @@ static gnutls_digest_algorithm_t get_digest_algorithm(const dnssec_key_t *key)
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return GNUTLS_DIG_SHA384;
case DNSSEC_KEY_ALGORITHM_ED25519:
return GNUTLS_DIG_SHA512;
case DNSSEC_KEY_ALGORITHM_ED448:
return GNUTLS_DIG_SHA512;
default:
return GNUTLS_DIG_UNKNOWN;
}
......@@ -246,12 +246,12 @@ static gnutls_sign_algorithm_t get_sign_algorithm(const dnssec_key_t *key)
return GNUTLS_SIGN_RSA_SHA512;
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return GNUTLS_SIGN_ECDSA_SHA384;
case DNSSEC_KEY_ALGORITHM_ED25519:
#ifdef HAVE_ED25519
case DNSSEC_KEY_ALGORITHM_ED25519:
return GNUTLS_SIGN_EDDSA_ED25519;
#endif
case DNSSEC_KEY_ALGORITHM_ED448:
#ifdef HAVE_ED448
case DNSSEC_KEY_ALGORITHM_ED448:
return GNUTLS_SIGN_EDDSA_ED448;
#endif
default:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment