From e396684a54f170ea284e3939fc7e89b97316591a Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 24 Jul 2017 10:44:30 +0000
Subject: [PATCH] - Fix #1365: Add Ed25519 support using libnettle.

git-svn-id: file:///svn/unbound/trunk@4286 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 config.h.in             |  3 +++
 configure               | 27 ++++++++++++++++++++++-----
 configure.ac            |  7 ++++++-
 doc/Changelog           |  1 +
 testcode/unitverify.c   |  3 +++
 validator/val_secalgo.c | 40 ++++++++++++++++++++++++++++++++++++++++
 6 files changed, 75 insertions(+), 6 deletions(-)

diff --git a/config.h.in b/config.h.in
index 04aa762c5..16a7b0281 100644
--- a/config.h.in
+++ b/config.h.in
@@ -296,6 +296,9 @@
 /* Define to 1 if you have the <nettle/dsa-compat.h> header file. */
 #undef HAVE_NETTLE_DSA_COMPAT_H
 
+/* Define to 1 if you have the <nettle/eddsa.h> header file. */
+#undef HAVE_NETTLE_EDDSA_H
+
 /* Use libnss for crypto */
 #undef HAVE_NSS
 
diff --git a/configure b/configure
index ce8da0369..64040541c 100755
--- a/configure
+++ b/configure
@@ -18104,11 +18104,6 @@ cat >>confdefs.h <<_ACEOF
 _ACEOF
 if test $ac_have_decl = 1; then :
 
-
-cat >>confdefs.h <<_ACEOF
-#define USE_ED25519 1
-_ACEOF
-
       		use_ed25519="yes"
 
 else
@@ -18116,6 +18111,28 @@ else
 	      	fi
 fi
 
+      fi
+      if test $USE_NETTLE = "yes"; then
+		for ac_header in nettle/eddsa.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "nettle/eddsa.h" "ac_cv_header_nettle_eddsa_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_nettle_eddsa_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_NETTLE_EDDSA_H 1
+_ACEOF
+ use_ed25519="yes"
+fi
+
+done
+
+      fi
+      if test $use_ed25519 = "yes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define USE_ED25519 1
+_ACEOF
+
       fi
       ;;
 esac
diff --git a/configure.ac b/configure.ac
index c98a6938f..e94abe0b3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -931,13 +931,18 @@ case "$enable_ed25519" in
     *)
       if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
 	      AC_CHECK_DECLS([NID_ED25519], [
-      		AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
       		use_ed25519="yes"
 	      ], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
 	      	fi ], [AC_INCLUDES_DEFAULT
 #include <openssl/evp.h>
 	      ])
       fi
+      if test $USE_NETTLE = "yes"; then
+		AC_CHECK_HEADERS([nettle/eddsa.h], use_ed25519="yes",, [AC_INCLUDES_DEFAULT])
+      fi
+      if test $use_ed25519 = "yes"; then
+      		AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
+      fi
       ;;
 esac
 
diff --git a/doc/Changelog b/doc/Changelog
index b7206b763..ee4276ec3 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -9,6 +9,7 @@
 	- remove warning from windows compile.
 	- Fix compile with libnettle
 	- Fix DSA configure switch (--disable dsa) for libnettle and libnss.
+	- Fix #1365: Add Ed25519 support using libnettle.
 
 17 July 2017: Wouter
 	- Fix #1350: make cachedb backend configurable (from JINMEI Tatuya).
diff --git a/testcode/unitverify.c b/testcode/unitverify.c
index e5e5b0f7b..e421d90bc 100644
--- a/testcode/unitverify.c
+++ b/testcode/unitverify.c
@@ -299,6 +299,7 @@ verifytest_file(const char* fname, const char* at_date)
 	struct module_env env;
 	struct val_env ve;
 	time_t now = time(NULL);
+	unit_show_func("signature verify", fname);
 
 	if(!list)
 		fatal_exit("could not read %s: %s", fname, strerror(errno));
@@ -341,6 +342,7 @@ dstest_file(const char* fname)
 	struct entry* e;
 	struct entry* list = read_datafile(fname, 1);
 	struct module_env env;
+	unit_show_func("DS verify", fname);
 
 	if(!list)
 		fatal_exit("could not read %s: %s", fname, strerror(errno));
@@ -474,6 +476,7 @@ nsec3_hash_test(const char* fname)
 	sldns_buffer* buf = sldns_buffer_new(65535);
 	struct entry* e;
 	struct entry* list = read_datafile(fname, 1);
+	unit_show_func("NSEC3 hash", fname);
 
 	if(!list)
 		fatal_exit("could not read %s: %s", fname, strerror(errno));
diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c
index 7b26dea9c..282019632 100644
--- a/validator/val_secalgo.c
+++ b/validator/val_secalgo.c
@@ -1320,6 +1320,9 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 #include "ecdsa.h"
 #include "ecc-curve.h"
 #endif
+#ifdef HAVE_NETTLE_EDDSA_H
+#include "eddsa.h"
+#endif
 
 static int
 _digest_nettle(int algo, uint8_t* buf, size_t len,
@@ -1477,6 +1480,10 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_ECDSAP384SHA384:
 #endif
 		return 1;
+#ifdef USE_ED25519
+	case LDNS_ED25519:
+		return 1;
+#endif
 	case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */
 	case LDNS_ECC_GOST:
 	default:
@@ -1718,6 +1725,30 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char*
 }
 #endif
 
+#ifdef USE_ED25519
+static char *
+_verify_nettle_ed25519(sldns_buffer* buf, unsigned char* sigblock,
+	unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
+{
+	int res = 0;
+
+	if(sigblock_len != ED25519_SIGNATURE_SIZE) {
+		return "wrong ED25519 signature length";
+	}
+	if(keylen != ED25519_KEY_SIZE) {
+		return "wrong ED25519 key length";
+	}
+
+	res = ed25519_sha512_verify((uint8_t*)key, sldns_buffer_limit(buf),
+		sldns_buffer_begin(buf), sigblock);
+
+	if (!res)
+		return "ED25519 signature verification failed";
+	else
+		return NULL;
+}
+#endif
+
 /**
  * Check a canonical sig+rrset and signature against a dnskey
  * @param buf: buffer with data to verify, the first rrsig part and the
@@ -1789,6 +1820,15 @@ verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock,
 			return sec_status_bogus;
 		else
 			return sec_status_secure;
+#endif
+#ifdef USE_ED25519
+	case LDNS_ED25519:
+		*reason = _verify_nettle_ed25519(buf, sigblock, sigblock_len,
+			key, keylen);
+		if (*reason != NULL)
+			return sec_status_bogus;
+		else
+			return sec_status_secure;
 #endif
 	case LDNS_RSAMD5:
 	case LDNS_ECC_GOST: