Added Ed25519 support (#44696)

CHANGES

@@ -1,3 +1,5 @@
+4665.	[func]		Add Ed25519 support (RFC 8080). [RT #25519]
+
 4664.	[func]		Add a "glue-cache" option to enable or disable the
 			glue cache. The default is "no" to reduce memory
 			usage, but enabling this option will improve

bin/dnssec/dnssec-keyfromlabel.c

@@ -52,7 +52,8 @@ int verbose;
 static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
 			  " NSEC3DSA | NSEC3RSASHA1 |"
 			  " RSASHA256 | RSASHA512 | ECCGOST |"
-			  " ECDSAP256SHA256 | ECDSAP384SHA384";
+			  " ECDSAP256SHA256 | ECDSAP384SHA384 |"
+			  " ED25519 | ED448";
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(void) ISC_PLATFORM_NORETURN_POST;
@@ -437,7 +438,8 @@ main(int argc, char **argv) {
 		    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
 		    alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
 		    alg != DST_ALG_ECCGOST &&
-		    alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
+		    alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384 &&
+		    alg != DST_ALG_ED25519 && alg != DST_ALG_ED448) {
 			fatal("%s is incompatible with NSEC3; "
 			      "do not use the -3 option", algname);
 		}

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -102,7 +102,7 @@
 	    Selects the cryptographic algorithm.  The value of
 	    <option>algorithm</option> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
-	    ECDSAP256SHA256 or ECDSAP384SHA384.
+	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
 	    These values are case insensitive.
 	  </para>
 	  <para>

bin/dnssec/dnssec-keygen.c

@@ -82,7 +82,8 @@ usage(void) {
 				" | NSEC3DSA |\n");
 	fprintf(stderr, "        RSASHA256 | RSASHA512 | ECCGOST |\n");
 	fprintf(stderr, "        ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
-	fprintf(stderr, "        DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
+	fprintf(stderr, "        ED25519 | ED448 | DH |\n");
+	fprintf(stderr, "        HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
 				"HMAC-SHA256 | \n");
 	fprintf(stderr, "        HMAC-SHA384 | HMAC-SHA512\n");
 	fprintf(stderr, "       (default: RSASHA1, or "
@@ -101,6 +102,8 @@ usage(void) {
 	fprintf(stderr, "        ECCGOST:\tignored\n");
 	fprintf(stderr, "        ECDSAP256SHA256:\tignored\n");
 	fprintf(stderr, "        ECDSAP384SHA384:\tignored\n");
+	fprintf(stderr, "        ED25519:\tignored\n");
+	fprintf(stderr, "        ED448:\tignored\n");
 	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
 	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
 	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
@@ -602,7 +605,8 @@ main(int argc, char **argv) {
 		    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
 		    alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512 &&
 		    alg != DST_ALG_ECCGOST &&
-		    alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
+		    alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384 &&
+		    alg != DST_ALG_ED25519 && alg != DST_ALG_ED448) {
 			fatal("%s is incompatible with NSEC3; "
 			      "do not use the -3 option", algname);
 		}
@@ -636,7 +640,9 @@ main(int argc, char **argv) {
 							" to %d\n", size);
 			} else if (alg != DST_ALG_ECCGOST &&
 				   alg != DST_ALG_ECDSA256 &&
-				   alg != DST_ALG_ECDSA384)
+				   alg != DST_ALG_ECDSA384 &&
+				   alg != DST_ALG_ED25519 &&
+				   alg != DST_ALG_ED448)
 				fatal("key size not specified (-b option)");
 		}
 
@@ -773,6 +779,12 @@ main(int argc, char **argv) {
 	case DST_ALG_ECDSA384:
 		size = 384;
 		break;
+	case DST_ALG_ED25519:
+		size = 256;
+		break;
+	case DST_ALG_ED448:
+		size = 456;
+		break;
 	case DST_ALG_HMACMD5:
 		options |= DST_TYPE_KEY;
 		if (size < 1 || size > 512)
@@ -906,6 +918,8 @@ main(int argc, char **argv) {
 	case DST_ALG_ECCGOST:
 	case DST_ALG_ECDSA256:
 	case DST_ALG_ECDSA384:
+	case DST_ALG_ED25519:
+	case DST_ALG_ED448:
 		show_progress = ISC_TRUE;
 		/* fall through */
 

bin/dnssec/dnssec-keygen.docbook

@@ -114,7 +114,7 @@
 	    Selects the cryptographic algorithm.  For DNSSEC keys, the value
 	    of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
-	    ECDSAP256SHA256 or ECDSAP384SHA384.
+	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
 	    For TSIG/TKEY, the value must
 	    be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
 	    HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
@@ -186,8 +186,8 @@
 	    If this option is used and no algorithm is explicitly
 	    set on the command line, NSEC3RSASHA1 will be used by
 	    default. Note that RSASHA256, RSASHA512, ECCGOST,
-	    ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
+	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 and ED448
-	    are NSEC3-capable.
+	    algorithms are NSEC3-capable.
 	  </para>
 	</listitem>
       </varlistentry>

bin/pkcs11/pkcs11-keygen.c

@@ -73,6 +73,7 @@
 #define WANT_DH_PRIMES
 #define WANT_ECC_CURVES
 #include <pk11/constants.h>
+#include <pkcs11/eddsa.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)	getpass(x)
@@ -82,13 +83,14 @@
 static CK_BBOOL truevalue = TRUE;
 static CK_BBOOL falsevalue = FALSE;
 
-/* Key class: RSA, ECC, DSA, DH, or unknown */
+/* Key class: RSA, ECC, ECX, DSA, DH, or unknown */
 typedef enum {
 	key_unknown,
 	key_rsa,
 	key_dsa,
 	key_dh,
-	key_ecc
+	key_ecc,
+	key_ecx
 } key_class_t;
 
 /*
@@ -136,7 +138,7 @@ static CK_ATTRIBUTE rsa_template[] = {
 };
 
 /*
- * Public key template for ECC keys
+ * Public key template for ECC/ECX keys
  */
 #define ECC_LABEL 0
 #define ECC_VERIFY 1
@@ -247,6 +249,9 @@ keyclass_fromtext(const char *name) {
 	else if (strncasecmp(name, "ecc", 3) == 0 ||
 		 strncasecmp(name, "ecdsa", 5) == 0)
 		return (key_ecc);
+	else if (strncasecmp(name, "ecx", 3) == 0 ||
+		 strncasecmp(name, "ed", 2) == 0)
+		return (key_ecx);
 	else
 		return (key_unknown);
 }
@@ -425,6 +430,39 @@ main(int argc, char *argv[]) {
 				sizeof(pk11_ecc_secp384r1);
 		}
 
+		break;
+	case key_ecx:
+#ifndef CKM_EDDSA_KEY_PAIR_GEN
+		fprintf(stderr, "CKM_EDDSA_KEY_PAIR_GEN is not defined\n");
+		usage();
+#endif
+		op_type = OP_EC;
+		if (bits == 0)
+			bits = 256;
+		else if (bits != 256 && bits != 456) {
+			fprintf(stderr, "ECX keys only support bit sizes of "
+					"256 and 456\n");
+			exit(2);
+		}
+
+		mech.mechanism = CKM_EDDSA_KEY_PAIR_GEN;
+		mech.pParameter = NULL;
+		mech.ulParameterLen = 0;
+
+		public_template = ecc_template;
+		public_attrcnt = ECC_ATTRS;
+		id_offset = ECC_ID;
+
+		if (bits == 256) {
+			public_template[4].pValue = pk11_ecc_ed25519;
+			public_template[4].ulValueLen =
+				sizeof(pk11_ecc_ed25519);
+		} else {
+			public_template[4].pValue = pk11_ecc_ed448;
+			public_template[4].ulValueLen =
+				sizeof(pk11_ecc_ed448);
+		}
+
 		break;
 	case key_dsa:
 		op_type = OP_DSA;
@@ -570,7 +608,7 @@ main(int argc, char *argv[]) {
 		private_template[5].pValue = &truevalue;
 	}
 
-	if (keyclass == key_rsa || keyclass == key_ecc)
+	if (keyclass == key_rsa || keyclass == key_ecc || keyclass == key_ecx)
 		goto generate_keys;
 
 	/*

bin/pkcs11/pkcs11-keygen.docbook

@@ -71,11 +71,11 @@
         <listitem>
           <para>
             Specify the key algorithm class: Supported classes are RSA,
-            DSA, DH, and ECC. In addition to these strings, the
+            DSA, DH, ECC and ECX. In addition to these strings, the
             <option>algorithm</option> can be specified as a DNSSEC
             signing algorithm that will be used with this key; for
-            example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps
+            example, NSEC3RSASHA1 maps to RSA, ECDSAP256SHA256 maps
-            to ECC.  The default class is "RSA".
+            to ECC, and ED25519 to ECX.  The default class is "RSA".
           </para>
         </listitem>
       </varlistentry>
@@ -86,7 +86,8 @@
           <para>
             Create the key pair with <option>keysize</option> bits of
             prime. For ECC keys, the only valid values are 256 and 384,
-            and the default is 256.
+            and the default is 256. For ECX kyes, the only valid values
+            are 256 and 456, and the default is 256.
           </para>
         </listitem>
       </varlistentry>

bin/python/isc/dnskey.py.in

@@ -30,7 +30,7 @@ class dnskey:
     _ALGNAMES = (None, 'RSAMD5', 'DH', 'DSA', 'ECC', 'RSASHA1',
                  'NSEC3DSA', 'NSEC3RSASHA1', 'RSASHA256', None,
                  'RSASHA512', None, 'ECCGOST', 'ECDSAP256SHA256',
-                 'ECDSAP384SHA384')
+                 'ECDSAP384SHA384', 'ED25519', 'ED448')
 
     def __init__(self, key, directory=None, keyttl=None):
         # this makes it possible to use algname as a class or instance method

bin/python/isc/policy.py.in

@@ -68,7 +68,7 @@ class PolicyLex:
         return t
 
     def t_ALGNAME(self, t):
-        r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384)\b'
+        r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
         t.value = t.value.upper()
         return t
 
@@ -138,7 +138,9 @@ class Policy:
                              'RSASHA512': [1024, 4096],
                              'ECCGOST': None,
                              'ECDSAP256SHA256': None,
-                             'ECDSAP384SHA384': None}
+                             'ECDSAP384SHA384': None,
+                             'ED25519': None,
+                             'ED448': None}
 
     def __init__(self, name=None, algorithm=None, parent=None):
         self.name = name
@@ -275,7 +277,9 @@ class Policy:
 
             if self.algorithm in ['ECCGOST', \
                                   'ECDSAP256SHA256', \
-                                  'ECDSAP384SHA384']:
+                                  'ECDSAP384SHA384', \
+                                  'ED25519', \
+                                  'ED448']:
                 self.ksk_keysize = None
                 self.zsk_keysize = None
 
@@ -378,6 +382,18 @@ class dnssec_policy:
         self.alg_policy['ECDSAP384SHA384'].ksk_keysize = None;
         self.alg_policy['ECDSAP384SHA384'].zsk_keysize = None;
 
+        self.alg_policy['ED25519'] = copy(p)
+        self.alg_policy['ED25519'].algorithm = "ED25519"
+        self.alg_policy['ED25519'].name = "ED25519"
+        self.alg_policy['ED25519'].ksk_keysize = None;
+        self.alg_policy['ED25519'].zsk_keysize = None;
+
+        self.alg_policy['ED448'] = copy(p)
+        self.alg_policy['ED448'].algorithm = "ED448"
+        self.alg_policy['ED448'].name = "ED448"
+        self.alg_policy['ED448'].ksk_keysize = None;
+        self.alg_policy['ED448'].zsk_keysize = None;
+
         if filename:
             self.load(filename)
 

bin/tests/system/conf.sh.in

@@ -76,7 +76,7 @@ SUBDIRS="acl additional addzone allow_query autosign builtin
 	 cacheclean case catz chain
          checkconf @CHECKDS@ checknames checkzone cookie @COVERAGE@
          database digdelv dlv dlvauto dlz dlzexternal
-	 dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa
+	 dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa
 	 emptyzones fetchlimit filter-aaaa formerr geoip glue gost
 	 inline integrity ixfr keepalive @KEYMGR@ legacy limits
 	 logfileconfig lwresd masterfile masterformat metadata mkeys

bin/tests/system/conf.sh.win32

@@ -61,6 +61,7 @@ MDIG=$TOP/Build/$VSCONF/mdig@EXEEXT@
 NZD2NZF=$TOP/Build/$VSCONF/named-nzd2nzf@EXEEXT@
 FSTRM_CAPTURE=@FSTRM_CAPTURE@
 FEATURETEST=$TOP/Build/$VSCONF/feature-test@EXEEXT@
+# to port WIRETEST=$TOP/Build/$VSCONF/wire_test@EXEEXT@
 
 # this is given as argument to native WIN32 executables
 RANDFILE=`cygpath -w $TOP/bin/tests/system/random.data`
@@ -72,14 +73,17 @@ KEYDELETE=$TOP/Build/$VSCONF/keydelete@EXEEXT@
 LWTEST=$TOP/Build/$VSCONF/lwtest@EXEEXT@
 MAKEJOURNAL=$TOP/Build/$VSCONF/makejournal@EXEEXT@
 PIPEQUERIES=$TOP/Build/$VSCONF/pipequeries@EXEEXT@
+# to port SAMPLEUPDATE=$TOP/lib/samples/sample-update
 
 # The "stress" test is not run by default since it creates enough
 # load on the machine to make it unusable to other users.
 # v6synth
-SUBDIRS="acl additional addzone allow_query autosign builtin cacheclean case
+SUBDIRS="acl additional addzone allow_query autosign builtin
-	 catz checkconf @CHECKDS@ checknames checkzone cookie @COVERAGE@
+	 cacheclean case catz
-	 database digdelv dlv dlvauto dlz dlzexternal dname dns64 dnssec
+	 checkconf @CHECKDS@ checknames checkzone cookie @COVERAGE@
-	 @DNSTAP@ dscp dsdigest dyndb ecdsa ednscompliance emptyzones
+	 database digdelv dlv dlvauto dlz dlzexternal dname
+	 dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa
+	 ednscompliance emptyzones
 	 fetchlimit filter-aaaa formerr forward geoip glue gost inline ixfr
 	 keepalive @KEYMGR@ legacy limits logfileconfig lwresd masterfile
 	 masterformat metadata mkeys names notify nslookup nsupdate
@@ -90,6 +94,9 @@ SUBDIRS="acl additional addzone allow_query autosign builtin cacheclean case
 	 tsiggss unknown upforwd verify views wildcard xfer xferquota
 	 zero zonechecks"
 
+# missing: chain integrity
+# extra: dname ednscompliance forward 
+
 #Things that are different on Windows
 KILL="/bin/kill -f"
 DIFF="diff --strip-trailing-cr"

bin/tests/system/eddsa/clean.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+rm -f */K* */dsset-* */*.signed */trusted.conf
+rm -f ns1/root.db
+rm -f ns*/signer.err
+rm -f dig.out*
+rm -f */named.run
+rm -f */named.memstats
+rm -f ns*/named.lock

bin/tests/system/eddsa/ns1/named.conf

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/* $Id$ */
+
+// NS1
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify yes;
+	dnssec-enable yes;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type master;
+	file "root.db.signed";
+};
+
+include "trusted.conf";

bin/tests/system/eddsa/ns1/root.db.in

@@ -0,0 +1,18 @@
+; Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+; $Id$
+
+$TTL 300
+. 			IN SOA	fdupont.isc.org. a.root.servers.nil. (
+				2012040600   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1

bin/tests/system/eddsa/ns1/sign.sh

@@ -0,0 +1,38 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+key1=`$KEYGEN -q -r $RANDFILE -a ED25519 -n zone $zone`
+key2=`$KEYGEN -q -r $RANDFILE -a ED25519 -n zone -f KSK $zone`
+#key2=`$KEYGEN -q -r $RANDFILE -a ED448 -n zone -f KSK $zone`
+$DSFROMKEY -a sha-256 $key2.key > dsset-256
+
+cat $infile $key1.key $key2.key > $zonefile
+
+$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+
+# Configure the resolving server with a trusted key.
+
+cat $key1.key | grep -v '^; ' | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+trusted-keys {
+    "$dn" $flags $proto $alg "$key";
+};
+EOF
+' > trusted.conf
+cp trusted.conf ../ns2/trusted.conf
+
+cd ../ns2 && $SHELL sign.sh

bin/tests/system/eddsa/ns2/Xexample.com.+015+03613.key

@@ -0,0 +1 @@
+example.com. IN DNSKEY 257 3 15 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4=

bin/tests/system/eddsa/ns2/Xexample.com.+015+03613.private

@@ -0,0 +1,4 @@
+Private-key-format: v1.2
+Algorithm: 15 (ED25519)
+PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=
+

bin/tests/system/eddsa/ns2/Xexample.com.+015+35217.key

@@ -0,0 +1 @@
+example.com. IN DNSKEY 257 3 15 zPnZ/QwEe7S8C5SPz2OfS5RR40ATk2/rYnE9xHIEijs=

bin/tests/system/eddsa/ns2/Xexample.com.+015+35217.private

@@ -0,0 +1,3 @@
+Private-key-format: v1.2
+Algorithm: 15 (ED25519)
+PrivateKey: DSSF3o0s0f+ElWzj9E/Osxw8hLpk55chkmx0LYN5WiY=

bin/tests/system/eddsa/ns2/example.com.db

@@ -0,0 +1,22 @@
+; Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+; $Id$
+
+$TTL 3600
+@ 			IN SOA	fdupont.isc.org. ns.example.com. (
+				2012040600   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				3600       	; minimum
+				)
+			MX	10	mail.example.com.
+			NS	ns.example.com.
+ns.example.com.		A	10.53.0.3
+;
+$INCLUDE Kexample.com.+015+03613.key
+$INCLUDE Kexample.com.+015+35217.key

bin/tests/system/eddsa/ns2/named.conf

@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+/* $Id$ */
+
+// NS2
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.2;
+	notify-source 10.53.0.2;
+	transfer-source 10.53.0.2;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.2; };
+	listen-on-v6 { none; };
+	recursion yes;
+	notify yes;
+	dnssec-enable yes;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type hint;
+	file "../../common/root.hint";
+};
+
+include "trusted.conf";

bin/tests/system/eddsa/ns2/sign.sh

@@ -0,0 +1,23 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=example.com.
+zonefile=example.com.db
+starttime=20150729220000
+endtime=20150819220000
+
+for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \
+	 Xexample.com.+015+35217.key Xexample.com.+015+35217.private
+do
+	cp $i `echo $i | sed s/X/K/`
+done
+
+$SIGNER -P -z -s $starttime -e $endtime -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err

bin/tests/system/eddsa/prereq.sh

@@ -0,0 +1,12 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+exec $SHELL ../testcrypto.sh eddsa

bin/tests/system/eddsa/setup.sh

@@ -0,0 +1,14 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
+
+cd ns1 && $SHELL sign.sh

bin/tests/system/eddsa/tests.sh

@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# $Id$
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+rm -f dig.out.*
+
+DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
+
+# Check the example. domain
+
+echo "I:checking that positive validation works ($n)"
+ret=0
+$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
+$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
+$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# Check test vectors (RFC 8080 + errata)
+
+echo "I:checking that test vectors match ($n)"
+ret=0
+grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/null || ret=1
+grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1
+grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1
+grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1

bin/tests/system/pkcs11/ns1/named.conf

@@ -42,3 +42,9 @@ zone "ecc.example." {
 	file "ecc.example.db.signed";
 	allow-update { any; };
 };
+
+zone "ecx.example." {
+	type master;
+	file "ecx.example.db.signed";
+	allow-update { any; };
+};

bin/tests/system/pkcs11/prereq.sh

@@ -10,18 +10,24 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 echo "I:(Native PKCS#11)" >&2
-rsafail=0 eccfail=0
+rsafail=0 eccfail=0 ecxfail=0
 
 $SHELL ../testcrypto.sh -q rsa || rsafail=1
 $SHELL ../testcrypto.sh -q ecdsa || eccfail=1
+$SHELL ../testcrypto.sh -q eddsa || ecxfail=1
 
-if [ $rsafail = 0 -a $eccfail = 0 ]; then
+if [ $rsafail = 1 -a $eccfail = 1 ]; then
-	echo both > supported
-elif [ $rsafail = 1 -a $eccfail = 1 ]; then
 	echo "I:This test requires PKCS#11 support for either RSA or ECDSA cryptography." >&2
 	exit 255
-elif [ $rsafail = 0 ]; then
+fi
-	echo rsaonly > supported
+rm -f supported
-else
+touch supported
-        echo ecconly > supported
+if [ $rsafail = 0 ]; then
+	echo rsa >> supported
+fi
+if [ $eccfail = 0 ]; then
+	echo ecc >> supported
+fi
+if [ $ecxfail = 0 ]; then
+	echo ecx >> supported
 fi

bin/tests/system/pkcs11/setup.sh

@@ -14,11 +14,10 @@ infile=ns1/example.db.in
 /bin/echo -n ${HSMPIN:-1234}> pin
 PWD=`pwd`
 
-supported=`cat supported`
-
 zone=rsa.example
 zonefile=ns1/rsa.example.db
-if [ "$supported" != "ecconly" ]; then
+have_rsa=`grep rsa supported`
+if [ "x$have_rsa" != "x" ]; then
     $PK11GEN -a RSA -b 1024 -l robie-rsa-zsk1 -i 01
     $PK11GEN -a RSA -b 1024 -l robie-rsa-zsk2 -i 02
     $PK11GEN -a RSA -b 2048 -l robie-rsa-ksk
@@ -42,7 +41,8 @@ fi
 
 zone=ecc.example
 zonefile=ns1/ecc.example.db
-if [ "$supported" != "rsaonly" ]; then
+have_ecc=`grep ecc supported`
+if [ "x$have_ecc" != "x" ]; then
     $PK11GEN -a ECC -b 256 -l robie-ecc-zsk1 -i 03
     $PK11GEN -a ECC -b 256 -l robie-ecc-zsk2 -i 04
     $PK11GEN -a ECC -b 384 -l robie-ecc-ksk
@@ -64,4 +64,32 @@ else
     cp $infile ${zonefile}.signed
 fi
 
+zone=ecx.example
+zonefile=ns1/ecx.example.db
+have_ecx=`grep ecx supported`
+if [ "x$have_ecx" != "x" ]; then
+    $PK11GEN -a ECX -b 256 -l robie-ecx-zsk1 -i 05
+    $PK11GEN -a ECX -b 256 -l robie-ecx-zsk2 -i 06
+    $PK11GEN -a ECX -b 256 -l robie-ecx-ksk
+#   $PK11GEN -a ECX -b 456 -l robie-ecx-ksk
+
+    ecxzsk1=`$KEYFRLAB -a ED25519 \
+            -l "object=robie-ecx-zsk1;pin-source=$PWD/pin" ecx.example`
+    ecxzsk2=`$KEYFRLAB -a ED25519 \
+            -l "object=robie-ecx-zsk2;pin-source=$PWD/pin" ecx.example`
+    ecxksk=`$KEYFRLAB -a ED25519 -f ksk \
+            -l "object=robie-ecx-ksk;pin-source=$PWD/pin" ecx.example`
+#   ecxksk=`$KEYFRLAB -a ED448 -f ksk \
+#           -l "object=robie-ecx-ksk;pin-source=$PWD/pin" ecx.example`
+
+    cat $infile $ecxzsk1.key $ecxksk.key > $zonefile
+    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
+        > /dev/null 2> signer.err || cat signer.err
+    cp $ecxzsk2.key ns1/ecx.key
+    mv Kecx* ns1
+else
+    # ECX not available and will not be tested; make a placeholder
+    cp $infile ${zonefile}.signed
+fi
+
 rm -f signer.err

bin/tests/system/pkcs11/tests.sh

@@ -16,13 +16,19 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
 status=0
 ret=0
 
-supported=`cat supported`
+algs=""
-case $supported in
+have_rsa=`grep rsa supported`
-    rsaonly) algs="rsa" ;;
+if [ "x$have_rsa" != "x" ]; then
-    ecconly) algs="ecc" ;;
+    algs="rsa "
-    both) algs="rsa ecc" ;;
+fi
-esac
+have_ecc=`grep ecc supported`
-
+if [ "x$have_ecc" != "x" ]; then
+    algs=$algs"ecc "
+fi
+have_ecx=`grep ecc supported`
+if [ "x$have_ecx" != "x" ]; then
+    algs=$algs"ecx "
+fi
 
 for alg in $algs; do
     zonefile=ns1/$alg.example.db 
@@ -66,6 +72,7 @@ END
     case $alg in
         rsa) id=02 ;;
         ecc) id=04 ;;
+	ecx) id=06 ;;
     esac
     $PK11DEL -i $id -w0 > /dev/null 2>&1 || ret=1
     if [ $ret != 0 ]; then echo "I:failed"; fi

bin/tests/system/testcrypto.sh

@@ -39,6 +39,11 @@ while test "$#" -gt 0; do
                 msg1="ECDSA cryptography"
                 msg2="--with-ecdsa"
                 ;;
+	eddsa|EDDSA)
+		alg="-a ED25519"
+		msg1="EDDSA cryptography"
+		msg2="--with-eddsa"
+		;;
         *)
                 echo "${prog}: unknown argument"
                 exit 1

config.h.in

@@ -368,6 +368,12 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define if your OpenSSL version supports ECDSA. */
 #undef HAVE_OPENSSL_ECDSA
 
+/* Define if your OpenSSL version supports Ed25519. */
+#undef HAVE_OPENSSL_ED25519
+
+/* Define if your OpenSSL version supports Ed448. */
+#undef HAVE_OPENSSL_ED448
+
 /* Define if your OpenSSL version supports EVP AES */
 #undef HAVE_OPENSSL_EVP_AES
 
@@ -377,6 +383,12 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define if your PKCS11 provider supports ECDSA. */
 #undef HAVE_PKCS11_ECDSA
 
+/* Define if your PKCS11 provider supports Ed25519. */
+#undef HAVE_PKCS11_ED25519
+
+/* Define if your PKCS11 provider supports Ed448. */
+#undef HAVE_PKCS11_ED448
+
 /* Define if your PKCS11 provider supports GOST. */
 #undef HAVE_PKCS11_GOST
 

config.h.win32

@@ -328,12 +328,24 @@ typedef __int64 off_t;
 /* Define if OpenSSL includes ECDSA support */
 @HAVE_OPENSSL_ECDSA@
 
+/* Define if OpenSSL includes Ed25519 support */
+@HAVE_OPENSSL_ED25519@
+
+/* Define if OpenSSL includes Ed448 support */
+@HAVE_OPENSSL_ED448@
+
 /* Define if your OpenSSL version supports GOST. */
 @HAVE_OPENSSL_GOST@
 
 /* Define if your PKCS11 provider supports ECDSA. */
 @HAVE_PKCS11_ECDSA@
 
+/* Define if your PKCS11 provider supports Ed25519. */
+@HAVE_PKCS11_ED25519@
+
+/* Define if your PKCS11 provider supports Ed448. */
+@HAVE_PKCS11_ED448@
+
 /* Define if your PKCS11 provider supports GOST. */
 @HAVE_PKCS11_GOST@
 

configure

@@ -821,6 +821,7 @@ NZDTARGETS
 NZDSRCS
 NZD_TOOLS
 PKCS11_TEST
+PKCS11_ED25519
 PKCS11_GOST
 PKCS11_ECDSA
 CRYPTO
@@ -843,11 +844,14 @@ ISC_OPENSSL_INC
 ISC_PLATFORM_OPENSSLHASH
 ISC_PLATFORM_WANTAES
 OPENSSL_GOST
+OPENSSL_ED25519
 OPENSSL_ECDSA
 OPENSSLLINKSRCS
 OPENSSLLINKOBJS
 OPENSSLGOSTLINKSRCS
 OPENSSLGOSTLINKOBJS
+OPENSSLEDDSALINKSRCS
+OPENSSLEDDSALINKOBJS
 DST_OPENSSL_INC
 INSTALL_LIBRARY
 ISC_THREAD_DIR
@@ -1016,6 +1020,7 @@ with_openssl
 with_pkcs11
 with_ecdsa
 with_gost
+with_eddsa
 with_aes
 enable_openssl_hash
 with_cc_alg
@@ -1748,6 +1753,7 @@ Optional Packages:
 			  (PATH is for the PKCS11 provider)
   --with-ecdsa            Crypto ECDSA
   --with-gost             Crypto GOST yes|no|raw|asn1.
+  --with-eddsa            Crypto EDDSA yes|all|no.
   --with-aes              Crypto AES
   --with-cc-alg=ALG      choose the algorithm for Client Cookie [aes|sha1|sha256]
   --with-lmdb=PATH        build with LMDB library yes|no|path
@@ -15792,7 +15798,7 @@ fi
 
 
 #
-# were --with-ecdsa, --with-gost, --with-aes specified
+# were --with-ecdsa, --with-gost, --with-eddsa, --with-aes specified
 #
 
 # Check whether --with-ecdsa was given.
@@ -15811,6 +15817,14 @@ else
 fi
 
 
+# Check whether --with-eddsa was given.
+if test "${with_eddsa+set}" = set; then :
+  withval=$with_eddsa; with_eddsa="$withval"
+else
+  with_eddsa="auto"
+fi
+
+
 # Check whether --with-aes was given.
 if test "${with_aes+set}" = set; then :
   withval=$with_aes; with_aes="$withval"
@@ -15892,6 +15906,7 @@ then
 fi
 OPENSSL_ECDSA=""
 OPENSSL_GOST=""
+OPENSSL_ED25519=""
 gosttype="raw"
 case "$with_gost" in
 	raw)
@@ -15917,6 +15932,8 @@ case "$use_openssl" in
 $as_echo "disabled because of native PKCS11" >&6; }
 		DST_OPENSSL_INC=""
 		CRYPTO="-DPKCS11CRYPTO"
+		OPENSSLEDDSALINKOBJS=""
+		OPENSSLEDDSALINKSRS=""
 		OPENSSLGOSTLINKOBJS=""
 		OPENSSLGOSTLINKSRS=""
 		OPENSSLLINKOBJS=""
@@ -15927,6 +15944,8 @@ $as_echo "disabled because of native PKCS11" >&6; }
 $as_echo "no" >&6; }
 		DST_OPENSSL_INC=""
 		CRYPTO=""
+		OPENSSLEDDSALINKOBJS=""
+		OPENSSLEDDSALINKSRS=""
 		OPENSSLGOSTLINKOBJS=""
 		OPENSSLGOSTLINKSRS=""
 		OPENSSLLINKOBJS=""
@@ -15935,6 +15954,8 @@ $as_echo "no" >&6; }
 	auto)
 		DST_OPENSSL_INC=""
 		CRYPTO=""
+		OPENSSLEDDSALINKOBJS=""
+		OPENSSLEDDSALINKSRS=""
 		OPENSSLGOSTLINKOBJS=""
 		OPENSSLGOSTLINKSRS=""
 		OPENSSLLINKOBJS=""
@@ -16348,6 +16369,120 @@ $as_echo "#define HAVE_OPENSSL_GOST 1" >>confdefs.h
 		;;
 	esac
 
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL Ed25519 support" >&5
+$as_echo_n "checking for OpenSSL Ed25519 support... " >&6; }
+	have_ed25519=""
+	have_ed448=""
+	if test "$cross_compiling" = yes; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-eddsa" >&5
+$as_echo "using --with-eddsa" >&6; }
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main() {
+	EVP_PKEY_CTX *ctx;
+
+	ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+	if (ctx == NULL)
+		return (2);
+	return (0);
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	have_ed25519="yes"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	have_ed25519="no"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+	case "$with_eddsa" in
+	yes|all)
+	    case "$have_ed25519" in
+	    no)  as_fn_error $? "eddsa not supported" "$LINENO" 5 ;;
+	    *)  have_ed25519=yes ;;
+	    esac
+	    ;;
+	no)
+	    have_ed25519=no ;;
+	*)
+	    case "$have_ed25519" in
+	    yes|no) ;;
+	    *) as_fn_error $? "need --with-eddsa=[yes, all or no]" "$LINENO" 5 ;;
+	    esac
+	    ;;
+	esac
+	case $have_ed25519 in
+	yes)
+		OPENSSL_ED25519="yes"
+		OPENSSLEDDSALINKOBJS='${OPENSSLEDDSALINKOBJS}'
+		OPENSSLEDDSALINKSRCS='${OPENSSLEDDSALINKSRCS}'
+
+$as_echo "#define HAVE_OPENSSL_ED25519 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL Ed448 support" >&5
+$as_echo_n "checking for OpenSSL Ed448 support... " >&6; }
+		if test "$cross_compiling" = yes; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-eddsa" >&5
+$as_echo "using --with-eddsa" >&6; }
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main() {
+	EVP_PKEY_CTX *ctx;
+
+	ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
+	if (ctx == NULL)
+		return (2);
+	return (0);
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		have_ed448="yes"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		have_ed448="no"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+		case $with_eddsa in
+		all)
+			have_ed448=yes ;;
+		*)
+			;;
+		esac
+		case $have_ed448 in
+		yes)
+
+$as_echo "#define HAVE_OPENSSL_ED448 1" >>confdefs.h
+],
+			;;
+		*)
+			;;
+		esac
+		;;
+	*)
+		;;
+	esac
+
 	have_aes="no"
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL AES support" >&5
 $as_echo_n "checking for OpenSSL AES support... " >&6; }
@@ -16440,6 +16575,9 @@ esac
 
 
 
+
+
+
 DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
 
 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
@@ -16694,6 +16832,7 @@ esac
 
 PKCS11_ECDSA=""
 PKCS11_GOST=""
+PKCS11_ED25519=""
 set_pk11_flavor="no"
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for native PKCS11" >&5
 $as_echo_n "checking for native PKCS11... " >&6; }
@@ -16737,6 +16876,37 @@ $as_echo "#define HAVE_PKCS11_GOST 1" >>confdefs.h
 $as_echo "disabled" >&6; }
 			;;
 		esac
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS11 Ed25519" >&5
+$as_echo_n "checking for PKCS11 Ed25519... " >&6; }
+		case "$with_eddsa" in
+		yes|all)
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: enabled" >&5
+$as_echo "enabled" >&6; }
+			PKCS11_ED25519="yes"
+
+$as_echo "#define HAVE_PKCS11_ED25519 1" >>confdefs.h
+
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS11 Ed448" >&5
+$as_echo_n "checking for PKCS11 Ed448... " >&6; }
+			case "$with_eddsa" in
+			all)
+				{ $as_echo "$as_me:${as_lineno-$LINENO}: result: enabled" >&5
+$as_echo "enabled" >&6; }
+
+$as_echo "#define HAVE_PKCS11_ED448 1" >>confdefs.h
+
+				;;
+			*)
+				{ $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
+$as_echo "disabled" >&6; }
+				;;
+			esac
+			;;
+		*)
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
+$as_echo "disabled" >&6; }
+			;;
+		esac
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PKCS11 flavor" >&5
 $as_echo_n "checking for PKCS11 flavor... " >&6; }
 		case "$PKCS11_PROVIDER" in
@@ -16797,6 +16967,7 @@ esac
 
 
 
+
 # for PKCS11 benchmarks
 
 have_clock_gt=no
@@ -25934,6 +26105,8 @@ report() {
     fi
     test "yes" = "$OPENSSL_ECDSA" -o "$PKCS11_ECDSA" && \
         echo "    ECDSA algorithm support (--with-ecdsa)"
+    test "yes" = "$OPENSSL_ED25519" -o "$PKCS11_ED25519" && \
+        echo "    EDDSA algorithm support (--with-eddsa)"
     test "yes" = "$enable_fixed" && \
         echo "    Allow 'fixed' rrset-order (--enable-fixed-rrset)"
     test "yes" = "$enable_filter" && \
@@ -25995,6 +26168,8 @@ report() {
         echo "    GOST algorithm support (--with-gost)"
     test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ECDSA" -o "yes" = "$PKCS11_ECDSA" || \
         echo "    ECDSA algorithm support (--with-ecdsa)"
+    test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
+        echo "    EDDSA algorithm support (--with-eddsa)"
 
     test "yes" = "$enable_seccomp" || \
         echo "    Use libseccomp system call filtering (--enable-seccomp)"

configure.in

@@ -1443,12 +1443,14 @@ AC_ARG_WITH(pkcs11,
    use_pkcs11="$withval", use_pkcs11="auto")
 
 #
-# were --with-ecdsa, --with-gost, --with-aes specified
+# were --with-ecdsa, --with-gost, --with-eddsa, --with-aes specified
 #
 AC_ARG_WITH(ecdsa, [  --with-ecdsa            Crypto ECDSA],
 	    with_ecdsa="$withval", with_ecdsa="auto")
 AC_ARG_WITH(gost, [  --with-gost             Crypto GOST [yes|no|raw|asn1].],
 	    with_gost="$withval", with_gost="auto")
+AC_ARG_WITH(eddsa, [  --with-eddsa            Crypto EDDSA [yes|all|no].],
+            with_eddsa="$withval", with_eddsa="auto")
 AC_ARG_WITH(aes, [  --with-aes              Crypto AES],
 	    with_aes="$withval", with_aes="checkcc")
 
@@ -1514,6 +1516,7 @@ then
 fi
 OPENSSL_ECDSA=""
 OPENSSL_GOST=""
+OPENSSL_ED25519=""
 gosttype="raw"
 case "$with_gost" in
 	raw)
@@ -1537,6 +1540,8 @@ case "$use_openssl" in
 		AC_MSG_RESULT(disabled because of native PKCS11)
 		DST_OPENSSL_INC=""
 		CRYPTO="-DPKCS11CRYPTO"
+		OPENSSLEDDSALINKOBJS=""
+		OPENSSLEDDSALINKSRS=""
 		OPENSSLGOSTLINKOBJS=""
 		OPENSSLGOSTLINKSRS=""
 		OPENSSLLINKOBJS=""
@@ -1546,6 +1551,8 @@ case "$use_openssl" in
 		AC_MSG_RESULT(no)
 		DST_OPENSSL_INC=""
 		CRYPTO=""
+		OPENSSLEDDSALINKOBJS=""
+		OPENSSLEDDSALINKSRS=""
 		OPENSSLGOSTLINKOBJS=""
 		OPENSSLGOSTLINKSRS=""
 		OPENSSLLINKOBJS=""
@@ -1554,6 +1561,8 @@ case "$use_openssl" in
 	auto)
 		DST_OPENSSL_INC=""
 		CRYPTO=""
+		OPENSSLEDDSALINKOBJS=""
+		OPENSSLEDDSALINKSRS=""
 		OPENSSLGOSTLINKOBJS=""
 		OPENSSLGOSTLINKSRS=""
 		OPENSSLLINKOBJS=""
@@ -1853,6 +1862,86 @@ int main() {
 		;;
 	esac
 
+	AC_MSG_CHECKING(for OpenSSL Ed25519 support)
+	have_ed25519=""
+	have_ed448=""
+	AC_TRY_RUN([
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main() {
+	EVP_PKEY_CTX *ctx;
+
+	ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+	if (ctx == NULL)
+		return (2);
+	return (0);
+}
+],
+	[AC_MSG_RESULT(yes)
+	have_ed25519="yes"],
+	[AC_MSG_RESULT(no)
+	have_ed25519="no"],
+	[AC_MSG_RESULT(using --with-eddsa)])
+	case "$with_eddsa" in
+	yes|all)
+	    case "$have_ed25519" in
+	    no)  AC_MSG_ERROR([eddsa not supported]) ;;
+	    *)  have_ed25519=yes ;;
+	    esac
+	    ;;
+	no)
+	    have_ed25519=no ;;
+	*)
+	    case "$have_ed25519" in
+	    yes|no) ;;
+	    *) AC_MSG_ERROR([need --with-eddsa=[[yes, all or no]]]) ;;
+	    esac
+	    ;;
+	esac
+	case $have_ed25519 in
+	yes)
+		OPENSSL_ED25519="yes"
+		OPENSSLEDDSALINKOBJS='${OPENSSLEDDSALINKOBJS}'
+		OPENSSLEDDSALINKSRCS='${OPENSSLEDDSALINKSRCS}'
+		AC_DEFINE(HAVE_OPENSSL_ED25519, 1,
+			  [Define if your OpenSSL version supports Ed25519.])
+		AC_MSG_CHECKING(for OpenSSL Ed448 support)
+		AC_TRY_RUN([
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main() {
+	EVP_PKEY_CTX *ctx;
+
+	ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
+	if (ctx == NULL)
+		return (2);
+	return (0);
+}
+],
+		[AC_MSG_RESULT(yes)
+		have_ed448="yes"],
+		[AC_MSG_RESULT(no)
+		have_ed448="no"],
+		[AC_MSG_RESULT(using --with-eddsa)])
+		case $with_eddsa in
+		all)
+			have_ed448=yes ;;
+		*)
+			;;
+		esac
+		case $have_ed448 in
+		yes)
+			AC_DEFINE(HAVE_OPENSSL_ED448, 1,
+				  [Define if your OpenSSL version supports Ed448.])],
+			;;	   
+		*)
+			;;
+		esac
+		;;
+	*)
+		;;
+	esac
+
 	have_aes="no"
 	AC_MSG_CHECKING(for OpenSSL AES support)
 	AC_TRY_RUN([
@@ -1915,11 +2004,14 @@ esac
 #
 
 AC_SUBST(DST_OPENSSL_INC)
+AC_SUBST(OPENSSLEDDSALINKOBJS)
+AC_SUBST(OPENSSLEDDSALINKSRCS)
 AC_SUBST(OPENSSLGOSTLINKOBJS)
 AC_SUBST(OPENSSLGOSTLINKSRCS)
 AC_SUBST(OPENSSLLINKOBJS)
 AC_SUBST(OPENSSLLINKSRCS)
 AC_SUBST(OPENSSL_ECDSA)
+AC_SUBST(OPENSSL_ED25519)
 AC_SUBST(OPENSSL_GOST)
 
 DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@@ -2138,6 +2230,7 @@ AC_SUBST(PKCS11_PROVIDER)
 
 PKCS11_ECDSA=""
 PKCS11_GOST=""
+PKCS11_ED25519=""
 set_pk11_flavor="no"
 AC_MSG_CHECKING(for native PKCS11)
 
@@ -2171,6 +2264,29 @@ case "$want_native_pkcs11" in
 			AC_MSG_RESULT(disabled)
 			;;
 		esac
+		AC_MSG_CHECKING(for PKCS11 Ed25519)
+		case "$with_eddsa" in
+		yes|all)
+			AC_MSG_RESULT(enabled)
+			PKCS11_ED25519="yes"
+			AC_DEFINE(HAVE_PKCS11_ED25519, 1,
+				  [Define if your PKCS11 provider supports Ed25519.])
+			AC_MSG_CHECKING(for PKCS11 Ed448)
+			case "$with_eddsa" in
+			all)
+				AC_MSG_RESULT(enabled)
+				AC_DEFINE(HAVE_PKCS11_ED448, 1,
+					  [Define if your PKCS11 provider supports Ed448.])
+				;;
+			*)
+				AC_MSG_RESULT(disabled)
+				;;
+			esac
+			;;
+		*)
+			AC_MSG_RESULT(disabled)
+			;;
+		esac
 		AC_MSG_CHECKING(for PKCS11 flavor)
 		case "$PKCS11_PROVIDER" in
 			*nfast*)
@@ -2220,6 +2336,7 @@ AC_SUBST(PKCS11LINKSRCS)
 AC_SUBST(CRYPTO)
 AC_SUBST(PKCS11_ECDSA)
 AC_SUBST(PKCS11_GOST)
+AC_SUBST(PKCS11_ED25519)
 AC_SUBST(PKCS11_TEST)
 
 # for PKCS11 benchmarks
@@ -5351,6 +5468,8 @@ report() {
     fi
     test "yes" = "$OPENSSL_ECDSA" -o "$PKCS11_ECDSA" && \
         echo "    ECDSA algorithm support (--with-ecdsa)"
+    test "yes" = "$OPENSSL_ED25519" -o "$PKCS11_ED25519" && \
+        echo "    EDDSA algorithm support (--with-eddsa)"
     test "yes" = "$enable_fixed" && \
         echo "    Allow 'fixed' rrset-order (--enable-fixed-rrset)"
     test "yes" = "$enable_filter" && \
@@ -5412,6 +5531,8 @@ report() {
         echo "    GOST algorithm support (--with-gost)"
     test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ECDSA" -o "yes" = "$PKCS11_ECDSA" || \
         echo "    ECDSA algorithm support (--with-ecdsa)"
+    test "X$CRYPTO" = "X" -o "yes" = "$OPENSSL_ED25519" -o "yes" = "$PKCS11_ED25519" || \
+        echo "    EDDSA algorithm support (--with-eddsa)"
 
     test "yes" = "$enable_seccomp" || \
         echo "    Use libseccomp system call filtering (--enable-seccomp)"

doc/rfc/rfc8080.txt

@@ -0,0 +1,395 @@
+
+
+
+
+
+
+Internet Engineering Task Force (IETF)                           O. Sury
+Request for Comments: 8080                                        CZ.NIC
+Category: Standards Track                                     R. Edmonds
+ISSN: 2070-1721                                                   Fastly
+                                                           February 2017
+
+
+      Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC
+
+Abstract
+
+   This document describes how to specify Edwards-curve Digital Security
+   Algorithm (EdDSA) keys and signatures in DNS Security (DNSSEC).  It
+   uses EdDSA with the choice of two curves: Ed25519 and Ed448.
+
+Status of This Memo
+
+   This is an Internet Standards Track document.
+
+   This document is a product of the Internet Engineering Task Force
+   (IETF).  It represents the consensus of the IETF community.  It has
+   received public review and has been approved for publication by the
+   Internet Engineering Steering Group (IESG).  Further information on
+   Internet Standards is available in Section 2 of RFC 7841.
+
+   Information about the current status of this document, any errata,
+   and how to provide feedback on it may be obtained at
+   http://www.rfc-editor.org/info/rfc8080.
+
+Copyright Notice
+
+   Copyright (c) 2017 IETF Trust and the persons identified as the
+   document authors.  All rights reserved.
+
+   This document is subject to BCP 78 and the IETF Trust's Legal
+   Provisions Relating to IETF Documents
+   (http://trustee.ietf.org/license-info) in effect on the date of
+   publication of this document.  Please review these documents
+   carefully, as they describe your rights and restrictions with respect
+   to this document.  Code Components extracted from this document must
+   include Simplified BSD License text as described in Section 4.e of
+   the Trust Legal Provisions and are provided without warranty as
+   described in the Simplified BSD License.
+
+
+
+
+
+
+
+
+Sury & Edmonds               Standards Track                    [Page 1]
+
+RFC 8080                    EdDSA for DNSSEC               February 2017
+
+
+Table of Contents
+
+   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
+   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   2
+   3.  DNSKEY Resource Records . . . . . . . . . . . . . . . . . . .   2
+   4.  RRSIG Resource Records  . . . . . . . . . . . . . . . . . . .   3
+   5.  Algorithm Number for DS, DNSKEY, and RRSIG Resource Records .   3
+   6.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .   3
+     6.1.  Ed25519 Examples  . . . . . . . . . . . . . . . . . . . .   3
+     6.2.  Ed448 Examples  . . . . . . . . . . . . . . . . . . . . .   4
+   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
+   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
+   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
+     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
+     9.2.  Informative References  . . . . . . . . . . . . . . . . .   7
+   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   7
+   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7
+
+1.  Introduction
+
+   DNSSEC, which is broadly defined in [RFC4033], [RFC4034], and
+   [RFC4035], uses cryptographic keys and digital signatures to provide
+   authentication of DNS data.  Currently, the most popular signature
+   algorithm in use is RSA.  GOST [RFC5933] and NIST-specified elliptic
+   curve cryptography [RFC6605] are also standardized.
+
+   [RFC8032] describes the elliptic curve signature system Edwards-curve
+   Digital Signature Algorithm (EdDSA) and recommends two curves,
+   Ed25519 and Ed448.
+
+   This document defines the use of DNSSEC's DS, DNSKEY, and RRSIG
+   resource records (RRs) with a new signing algorithm, EdDSA, using a
+   choice of two curves: Ed25519 and Ed448.
+
+2.  Requirements Language
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in [RFC2119].
+
+3.  DNSKEY Resource Records
+
+   An Ed25519 public key consists of a 32-octet value, which is encoded
+   into the Public Key field of a DNSKEY resource record as a simple bit
+   string.  The generation of a public key is defined in Section 5.1.5
+   of [RFC8032].
+
+
+
+
+
+Sury & Edmonds               Standards Track                    [Page 2]
+
+RFC 8080                    EdDSA for DNSSEC               February 2017
+
+
+   An Ed448 public key consists of a 57-octet value, which is encoded
+   into the Public Key field of a DNSKEY resource record as a simple bit
+   string.  The generation of a public key is defined in Section 5.2.5
+   of [RFC8032].
+
+4.  RRSIG Resource Records
+
+   An Ed25519 signature consists of a 64-octet value, which is encoded
+   into the Signature field of an RRSIG resource record as a simple bit
+   string.  The Ed25519 signature algorithm and verification of the
+   Ed25519 signature are described in Sections 5.1.6 and 5.1.7 of
+   [RFC8032], respectively.
+
+   An Ed448 signature consists of a 114-octet value, which is encoded
+   into the Signature field of an RRSIG resource record as a simple bit
+   string.  The Ed448 signature algorithm and verification of the Ed448
+   signature are described in Sections 5.2.6 and 5.2.7 of [RFC8032],
+   respectively.
+
+5.  Algorithm Number for DS, DNSKEY, and RRSIG Resource Records
+
+   The algorithm number associated with the use of Ed25519 in DS,
+   DNSKEY, and RRSIG resource records is 15.  The algorithm number
+   associated with the use of Ed448 in DS, DNSKEY, and RRSIG resource
+   records is 16.  This registration is fully defined in the IANA
+   Considerations section.
+
+6.  Examples
+
+6.1.  Ed25519 Examples
+
+Private-key-format: v1.2
+Algorithm: 15 (ED25519)
+PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=
+
+example.com. 3600 IN DNSKEY 257 3 15 (
+             l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= )
+
+example.com. 3600 IN DS 3613 15 2 (
+             3aa5ab37efce57f737fc1627013fee07bdf241bd10f3b1964ab55c78e79
+             a304b )
+
+example.com. 3600 IN MX 10 mail.example.com.
+
+example.com. 3600 IN RRSIG MX 3 3600 (
+             1440021600 1438207200 3613 example.com. (
+             Edk+IB9KNNWg0HAjm7FazXyrd5m3Rk8zNZbvNpAcM+eysqcUOMIjWoevFkj
+             H5GaMWeG96GUVZu6ECKOQmemHDg== )
+
+
+
+Sury & Edmonds               Standards Track                    [Page 3]
+
+RFC 8080                    EdDSA for DNSSEC               February 2017
+
+
+Private-key-format: v1.2
+Algorithm: 15 (ED25519)
+PrivateKey: DSSF3o0s0f+ElWzj9E/Osxw8hLpk55chkmx0LYN5WiY=
+
+example.com. 3600 IN DNSKEY 257 3 15 (
+             zPnZ/QwEe7S8C5SPz2OfS5RR40ATk2/rYnE9xHIEijs= )
+
+example.com. 3600 IN DS 35217 15 2 (
+             401781b934e392de492ec77ae2e15d70f6575a1c0bc59c5275c04ebe80c
+             6614c )
+
+example.com. 3600 IN MX 10 mail.example.com.
+
+example.com. 3600 IN RRSIG MX 3 3600 (
+             1440021600 1438207200 35217 example.com. (
+             5LL2obmzdqjWI+Xto5eP5adXt/T5tMhasWvwcyW4L3SzfcRawOle9bodhC+
+             oip9ayUGjY9T/rL4rN3bOuESGDA== )
+
+6.2.  Ed448 Examples
+
+Private-key-format: v1.2
+Algorithm: 16 (ED448)
+PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x
+            8wWbDDct/U3FhYWA
+
+example.com. 3600 IN DNSKEY 257 3 16 (
+             3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx
+             1FYYUcJKm1MDpJtIA )
+
+example.com. 3600 IN DS 9713 16 2 (
+             6ccf18d5bc5d7fc2fceb1d59d17321402f2aa8d368048db93dd811f5cb2
+             b19c7 )
+
+example.com. 3600 IN MX 10 mail.example.com.
+
+example.com. 3600 IN RRSIG MX 3 3600 (
+             1440021600 1438207200 9713 example.com. (
+             Nmc0rgGKpr3GKYXcB1JmqqS4NYwhmechvJTqVzt3jR+Qy/lSLFoIk1L+9e3
+             9GPL+5tVzDPN3f9kAwiu8KCuPPjtl227ayaCZtRKZuJax7n9NuYlZJIusX0
+             SOIOKBGzG+yWYtz1/jjbzl5GGkWvREUCUA )
+
+
+
+
+
+
+
+
+
+
+
+Sury & Edmonds               Standards Track                    [Page 4]
+
+RFC 8080                    EdDSA for DNSSEC               February 2017
+
+
+Private-key-format: v1.2
+Algorithm: 16 (ED448)
+PrivateKey: WEykD3ht3MHkU8iH4uVOLz8JLwtRBSqiBoM6fF72+Mrp/u5gjxuB1DV6NnPO
+            2BlZdz4hdSTkOdOA
+
+example.com. 3600 IN DNSKEY 257 3 16 (
+             kkreGWoccSDmUBGAe7+zsbG6ZAFQp+syPmYUurBRQc3tDjeMCJcVMRDmgcN
+             Lp5HlHAMy12VoISsA )
+
+example.com. 3600 IN DS 38353 16 2 (
+             645ff078b3568f5852b70cb60e8e696cc77b75bfaaffc118cf79cbda1ba
+             28af4 )
+
+example.com. 3600 IN MX 10 mail.example.com.
+
+example.com. 3600 IN RRSIG MX 3 3600 (
+             1440021600 1438207200 38353 example.com. (
+             +JjANio/LIzp7osmMYE5XD3H/YES8kXs5Vb9H8MjPS8OAGZMD37+LsCIcjg
+             5ivt0d4Om/UaqETEAsJjaYe56CEQP5lhRWuD2ivBqE0zfwJTyp4WqvpULbp
+             vaukswvv/WNEFxzEYQEIm9+xDlXj4pMAMA )
+
+7.  IANA Considerations
+
+   This document updates the IANA registry "Domain Name System Security
+   (DNSSEC) Algorithm Numbers".  The following entries have been added
+   to the registry:
+
+                  +--------------+----------+----------+
+                  | Number       | 15       | 16       |
+                  | Description  | Ed25519  | Ed448    |
+                  | Mnemonic     | ED25519  | ED448    |
+                  | Zone Signing | Y        | Y        |
+                  | Trans. Sec.  | *        | *        |
+                  | Reference    | RFC 8080 | RFC 8080 |
+                  +--------------+----------+----------+
+
+    * There has been no determination of standardization of the use of
+                 this algorithm with Transaction Security.
+
+8.  Security Considerations
+
+   The security considerations of [RFC8032] and [RFC7748] are inherited
+   in the usage of Ed25519 and Ed448 in DNSSEC.
+
+   Ed25519 is intended to operate at around the 128-bit security level
+   and Ed448 at around the 224-bit security level.  A sufficiently large
+   quantum computer would be able to break both.  Reasonable projections
+   of the abilities of classical computers conclude that Ed25519 is
+
+
+
+Sury & Edmonds               Standards Track                    [Page 5]
+
+RFC 8080                    EdDSA for DNSSEC               February 2017
+
+
+   perfectly safe.  Ed448 is provided for those applications with
+   relaxed performance requirements and where there is a desire to hedge
+   against analytical attacks on elliptic curves.
+
+   These assessments could, of course, change in the future if new
+   attacks that work better than the ones known today are found.
+
+   A private key used for a DNSSEC zone MUST NOT be used for any other
+   purpose than for that zone.  Otherwise, cross-protocol or cross-
+   application attacks are possible.
+
+9.  References
+
+9.1.  Normative References
+
+   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
+              Requirement Levels", BCP 14, RFC 2119,
+              DOI 10.17487/RFC2119, March 1997,
+              <http://www.rfc-editor.org/info/rfc2119>.
+
+   [RFC4033]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
+              Rose, "DNS Security Introduction and Requirements",
+              RFC 4033, DOI 10.17487/RFC4033, March 2005,
+              <http://www.rfc-editor.org/info/rfc4033>.
+
+   [RFC4034]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
+              Rose, "Resource Records for the DNS Security Extensions",
+              RFC 4034, DOI 10.17487/RFC4034, March 2005,
+              <http://www.rfc-editor.org/info/rfc4034>.
+
+   [RFC4035]  Arends, R., Austein, R., Larson, M., Massey, D., and S.
+              Rose, "Protocol Modifications for the DNS Security
+              Extensions", RFC 4035, DOI 10.17487/RFC4035, March 2005,
+              <http://www.rfc-editor.org/info/rfc4035>.
+
+   [RFC7748]  Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
+              for Security", RFC 7748, DOI 10.17487/RFC7748, January
+              2016, <http://www.rfc-editor.org/info/rfc7748>.
+
+   [RFC8032]  Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
+              Signature Algorithm (EdDSA)", RFC 8032,
+              DOI 10.17487/RFC8032, January 2017,
+              <http://www.rfc-editor.org/info/rfc8032>.
+
+
+
+
+
+
+
+
+Sury & Edmonds               Standards Track                    [Page 6]
+
+RFC 8080                    EdDSA for DNSSEC               February 2017
+
+
+9.2.  Informative References
+
+   [RFC5933]  Dolmatov, V., Ed., Chuprina, A., and I. Ustinov, "Use of
+              GOST Signature Algorithms in DNSKEY and RRSIG Resource
+              Records for DNSSEC", RFC 5933, DOI 10.17487/RFC5933, July
+              2010, <http://www.rfc-editor.org/info/rfc5933>.
+
+   [RFC6605]  Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital
+              Signature Algorithm (DSA) for DNSSEC", RFC 6605,
+              DOI 10.17487/RFC6605, April 2012,
+              <http://www.rfc-editor.org/info/rfc6605>.
+
+Acknowledgements
+
+   Some of the material in this document is copied liberally from
+   [RFC6605].
+
+   The authors of this document wish to thank Jan Vcelak, Pieter Lexis,
+   Kees Monshouwer, Simon Josefsson, Paul Hoffman, and others for a
+   review of this document.
+
+Authors' Addresses
+
+   Ondrej Sury
+   CZ.NIC
+   Milesovska 1136/5
+   Praha  130 00
+   Czech Republic
+
+   Email: ondrej.sury@nic.cz
+
+
+   Robert Edmonds
+   Fastly
+   Atlanta, Georgia
+   United States of America
+
+   Email: edmonds@mycre.ws
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sury & Edmonds               Standards Track                    [Page 7]
+

lib/dns/Makefile.in

@@ -39,12 +39,14 @@ LIBS =		@LIBS@
 # Alphabetically
 
 OPENSSLGOSTLINKOBJS = opensslgost_link.@O@
+OPENSSLEDDSALINKOBJS = openssleddsa_link.@O@
 OPENSSLLINKOBJS = openssl_link.@O@ openssldh_link.@O@ openssldsa_link.@O@ \
-		  opensslecdsa_link.@O@ @OPENSSLGOSTLINKOBJS@ \
+		  opensslecdsa_link.@O@ @OPENSSLEDDSALINKOBJS@ \
-		  opensslrsa_link.@O@
+		  @OPENSSLGOSTLINKOBJS@ opensslrsa_link.@O@
 
 PKCS11LINKOBJS	= pkcs11dh_link.@O@ pkcs11dsa_link.@O@ pkcs11rsa_link.@O@ \
-		pkcs11ecdsa_link.@O@ pkcs11gost_link.@O@ pkcs11.@O@
+		pkcs11ecdsa_link.@O@ pkcs11eddsa_link.@O@ \
+		pkcs11gost_link.@O@ pkcs11.@O@
 
 DSTOBJS =	@DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@ @PKCS11LINKOBJS@ \
 		dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@ \
@@ -80,11 +82,14 @@ OBJS=		@DNSTAPOBJS@ ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} \
 
 # Alphabetically
 OPENSSLGOSTLINKSRCS = opensslgost_link.c
+OPENSSLEDDDSALINKSRCS = openssleddsa_link.c
 OPENSSLLINKSRCS = openssl_link.c openssldh_link.c openssldsa_link.c \
-		  opensslecdsa_link.c @OPENSSLGOSTLINKSRCS@ opensslrsa_link.c
+		  opensslecdsa_link.c @OPENSSLEDDDSALINKSRCS@ \
+		  @OPENSSLGOSTLINKSRCS@ opensslrsa_link.c
 
 PKCS11LINKSRCS	= pkcs11dh_link.c pkcs11dsa_link.c pkcs11rsa_link.c \
-		pkcs11ecdsa_link.c pkcs11gost_link.c pkcs11.c
+		pkcs11ecdsa_link.c pkcs11eddsa_link.c \
+		pkcs11gost_link.c pkcs11.c
 
 DSTSRCS =	@DST_EXTRA_SRCS@ @OPENSSLLINKSRCS@ @PKCS11LINKSRCS@ \
 		dst_api.c dst_lib.c dst_parse.c \

lib/dns/dst_api.c

@@ -227,6 +227,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
 	RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
 	RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
 #endif
+#ifdef HAVE_OPENSSL_ED25519
+	RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED25519]));
+#endif
+#ifdef HAVE_OPENSSL_ED448
+	RETERR(dst__openssleddsa_init(&dst_t_func[DST_ALG_ED448]));
+#endif
 #elif PKCS11CRYPTO
 	RETERR(dst__pkcs11_init(mctx, engine));
 #ifndef PK11_MD5_DISABLE
@@ -247,6 +253,12 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
 	RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
 	RETERR(dst__pkcs11ecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
 #endif
+#ifdef HAVE_PKCS11_ED25519
+	RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED25519]));
+#endif
+#ifdef HAVE_PKCS11_ED448
+	RETERR(dst__pkcs11eddsa_init(&dst_t_func[DST_ALG_ED448]));
+#endif
 #ifdef HAVE_PKCS11_GOST
 	RETERR(dst__pkcs11gost_init(&dst_t_func[DST_ALG_ECCGOST]));
 #endif
@@ -1289,6 +1301,12 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
 	case DST_ALG_ECDSA384:
 		*n = DNS_SIG_ECDSA384SIZE;
 		break;
+	case DST_ALG_ED25519:
+		*n = DNS_SIG_ED25519SIZE;
+		break;
+	case DST_ALG_ED448:
+		*n = DNS_SIG_ED448SIZE;
+		break;
 #ifndef PK11_MD5_DISABLE
 	case DST_ALG_HMACMD5:
 		*n = 16;
@@ -1631,6 +1649,8 @@ issymmetric(const dst_key_t *key) {
 	case DST_ALG_ECCGOST:
 	case DST_ALG_ECDSA256:
 	case DST_ALG_ECDSA384:
+	case DST_ALG_ED25519:
+	case DST_ALG_ED448:
 		return (ISC_FALSE);
 #ifndef PK11_MD5_DISABLE
 	case DST_ALG_HMACMD5:
@@ -1919,7 +1939,8 @@ algorithm_status(unsigned int alg) {
 	    alg == DST_ALG_NSEC3RSASHA1 ||
 	    alg == DST_ALG_RSASHA256 || alg == DST_ALG_RSASHA512 ||
 	    alg == DST_ALG_ECCGOST ||
-	    alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384)
+	    alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384 ||
+	    alg == DST_ALG_ED25519 || alg == DST_ALG_ED448)
 		return (DST_R_NOCRYPTO);
 #endif
 	return (DST_R_UNSUPPORTEDALG);

lib/dns/dst_internal.h

@@ -256,9 +256,15 @@ isc_result_t dst__gssapi_init(struct dst_func **funcp);
 #ifdef HAVE_OPENSSL_ECDSA
 isc_result_t dst__opensslecdsa_init(struct dst_func **funcp);
 #endif
+#if defined(HAVE_OPENSSL_ED25519) || defined(HAVE_OPENSSL_ED448)
+isc_result_t dst__openssleddsa_init(struct dst_func **funcp);
+#endif
 #ifdef HAVE_PKCS11_ECDSA
 isc_result_t dst__pkcs11ecdsa_init(struct dst_func **funcp);
 #endif
+#if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
+isc_result_t dst__pkcs11eddsa_init(struct dst_func **funcp);
+#endif
 #ifdef HAVE_OPENSSL_GOST
 isc_result_t dst__opensslgost_init(struct dst_func **funcp);
 #endif

lib/dns/dst_parse.c

@@ -112,6 +112,10 @@ static struct parse_map map[] = {
 	{TAG_ECDSA_ENGINE, "Engine:" },
 	{TAG_ECDSA_LABEL, "Label:" },
 
+	{TAG_EDDSA_PRIVATEKEY, "PrivateKey:"},
+	{TAG_EDDSA_ENGINE, "Engine:" },
+	{TAG_EDDSA_LABEL, "Label:" },
+
 #ifndef PK11_MD5_DISABLE
 	{TAG_HMACMD5_KEY, "Key:"},
 	{TAG_HMACMD5_BITS, "Bits:"},
@@ -308,6 +312,38 @@ check_ecdsa(const dst_private_t *priv, isc_boolean_t external) {
 	return (ok ? 0 : -1 );
 }
 
+static int
+check_eddsa(const dst_private_t *priv, isc_boolean_t external) {
+	int i, j;
+	isc_boolean_t have[EDDSA_NTAGS];
+	isc_boolean_t ok;
+	unsigned int mask;
+
+	if (external)
+		return ((priv->nelements == 0) ? 0 : -1);
+
+	for (i = 0; i < EDDSA_NTAGS; i++)
+		have[i] = ISC_FALSE;
+	for (j = 0; j < priv->nelements; j++) {
+		for (i = 0; i < EDDSA_NTAGS; i++)
+			if (priv->elements[j].tag == TAG(DST_ALG_ED25519, i))
+				break;
+		if (i == EDDSA_NTAGS)
+			return (-1);
+		have[i] = ISC_TRUE;
+	}
+
+	mask = ~0;
+	mask <<= sizeof(mask) * 8 - TAG_SHIFT;
+	mask >>= sizeof(mask) * 8 - TAG_SHIFT;
+
+	if (have[TAG_EDDSA_ENGINE & mask])
+		ok = have[TAG_EDDSA_LABEL & mask];
+	else
+		ok = have[TAG_EDDSA_PRIVATEKEY & mask];
+	return (ok ? 0 : -1 );
+}
+
 #ifndef PK11_MD5_DISABLE
 static int
 check_hmac_md5(const dst_private_t *priv, isc_boolean_t old) {
@@ -385,6 +421,9 @@ check_data(const dst_private_t *priv, const unsigned int alg,
 	case DST_ALG_ECDSA256:
 	case DST_ALG_ECDSA384:
 		return (check_ecdsa(priv, external));
+	case DST_ALG_ED25519:
+	case DST_ALG_ED448:
+		return (check_eddsa(priv, external));
 #ifndef PK11_MD5_DISABLE
 	case DST_ALG_HMACMD5:
 		return (check_hmac_md5(priv, old));
@@ -736,6 +775,12 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
 	case DST_ALG_ECDSA384:
 		fprintf(fp, "(ECDSAP384SHA384)\n");
 		break;
+	case DST_ALG_ED25519:
+		fprintf(fp, "(ED25519)\n");
+		break;
+	case DST_ALG_ED448:
+		fprintf(fp, "(ED448)\n");
+		break;
 	case DST_ALG_HMACMD5:
 		fprintf(fp, "(HMAC_MD5)\n");
 		break;

lib/dns/dst_parse.h

@@ -77,6 +77,11 @@
 #define TAG_ECDSA_ENGINE	((DST_ALG_ECDSA256 << TAG_SHIFT) + 1)
 #define TAG_ECDSA_LABEL		((DST_ALG_ECDSA256 << TAG_SHIFT) + 2)
 
+#define EDDSA_NTAGS		4
+#define TAG_EDDSA_PRIVATEKEY	((DST_ALG_ED25519 << TAG_SHIFT) + 0)
+#define TAG_EDDSA_ENGINE	((DST_ALG_ED25519 << TAG_SHIFT) + 1)
+#define TAG_EDDSA_LABEL		((DST_ALG_ED25519 << TAG_SHIFT) + 2)
+
 #define OLD_HMACMD5_NTAGS	1
 #define HMACMD5_NTAGS		2
 #define TAG_HMACMD5_KEY		((DST_ALG_HMACMD5 << TAG_SHIFT) + 0)

lib/dns/include/dns/keyvalues.h

@@ -64,6 +64,8 @@
 #define DNS_KEYALG_ECCGOST	12
 #define DNS_KEYALG_ECDSA256	13
 #define DNS_KEYALG_ECDSA384	14
+#define DNS_KEYALG_ED25519	15
+#define DNS_KEYALG_ED448	16
 #define DNS_KEYALG_INDIRECT	252
 #define DNS_KEYALG_PRIVATEDNS	253
 #define DNS_KEYALG_PRIVATEOID	254     /*%< Key begins with OID giving alg */
@@ -100,4 +102,10 @@
 #define DNS_KEY_ECDSA256SIZE	64
 #define DNS_KEY_ECDSA384SIZE	96
 
+#define DNS_SIG_ED25519SIZE	64
+#define DNS_SIG_ED448SIZE	114
+
+#define DNS_KEY_ED25519SIZE	32
+#define DNS_KEY_ED448SIZE	57
+
 #endif /* DNS_KEYVALUES_H */

lib/dns/include/dst/dst.h

@@ -53,6 +53,8 @@ typedef struct dst_context 	dst_context_t;
 #define DST_ALG_ECCGOST		12
 #define DST_ALG_ECDSA256	13
 #define DST_ALG_ECDSA384	14
+#define DST_ALG_ED25519		15
+#define DST_ALG_ED448		16
 #define DST_ALG_HMACMD5		157
 #define DST_ALG_GSSAPI		160
 #define DST_ALG_HMACSHA1	161	/* XXXMPA */

lib/dns/openssleddsa_link.c

@@ -0,0 +1,670 @@
+/*
+ * Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <config.h>
+
+#if defined(OPENSSL) && \
+    (defined(HAVE_OPENSSL_ED25519) || defined(HAVE_OPENSSL_ED448))
+
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/sha2.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/keyvalues.h>
+#include <dst/result.h>
+
+#include "dst_internal.h"
+#include "dst_openssl.h"
+#include "dst_parse.h"
+
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#ifndef NID_ED25519
+#error "Ed25519 group is not known (NID_ED25519)"
+#endif
+#ifndef NID_ED448
+#error "Ed448 group is not known (NID_ED448)"
+#endif
+
+#define DST_RET(a) {ret = a; goto err;}
+
+/* OpenSSL doesn't provide direct access to key values */
+
+#define PUBPREFIXLEN	12
+
+static const unsigned char ed25519_pub_prefix[] = {
+	0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+	0x70, 0x03, 0x21, 0x00
+};
+
+static EVP_PKEY *pub_ed25519_to_ossl(const unsigned char *key)
+{
+	unsigned char buf[PUBPREFIXLEN + DNS_KEY_ED25519SIZE];
+	const unsigned char *p;
+
+	memmove(buf, ed25519_pub_prefix, PUBPREFIXLEN);
+	memmove(buf + PUBPREFIXLEN, key, DNS_KEY_ED25519SIZE);
+	p = buf;
+	return (d2i_PUBKEY(NULL, &p, PUBPREFIXLEN + DNS_KEY_ED25519SIZE));
+}
+
+static isc_result_t pub_ed25519_from_ossl(EVP_PKEY *pkey,
+					  unsigned char *key)
+{
+	unsigned char buf[PUBPREFIXLEN + DNS_KEY_ED25519SIZE];
+	unsigned char *p;
+	int len;
+
+	len = i2d_PUBKEY(pkey, NULL);
+	if ((len <= DNS_KEY_ED25519SIZE) ||
+	    (len > PUBPREFIXLEN + DNS_KEY_ED25519SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	p = buf;
+	len = i2d_PUBKEY(pkey, &p);
+	if ((len <= DNS_KEY_ED25519SIZE) ||
+	    (len > PUBPREFIXLEN + DNS_KEY_ED25519SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	memmove(key, buf + len - DNS_KEY_ED25519SIZE, DNS_KEY_ED25519SIZE);
+	return (ISC_R_SUCCESS);
+}
+
+static const unsigned char ed448_pub_prefix[] = {
+	0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+	0x71, 0x03, 0x21, 0x00
+};
+
+static EVP_PKEY *pub_ed448_to_ossl(const unsigned char *key)
+{
+	unsigned char buf[PUBPREFIXLEN + DNS_KEY_ED448SIZE];
+	const unsigned char *p;
+
+	memmove(buf, ed448_pub_prefix, PUBPREFIXLEN);
+	memmove(buf + PUBPREFIXLEN, key, DNS_KEY_ED448SIZE);
+	p = buf;
+	return (d2i_PUBKEY(NULL, &p, PUBPREFIXLEN + DNS_KEY_ED448SIZE));
+}
+
+static isc_result_t pub_ed448_from_ossl(EVP_PKEY *pkey,
+					unsigned char *key)
+{
+	unsigned char buf[PUBPREFIXLEN + DNS_KEY_ED448SIZE];
+	unsigned char *p;
+	int len;
+
+	len = i2d_PUBKEY(pkey, NULL);
+	if ((len <= DNS_KEY_ED448SIZE) ||
+	    (len > PUBPREFIXLEN + DNS_KEY_ED448SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	p = buf;
+	len = i2d_PUBKEY(pkey, &p);
+	if ((len <= DNS_KEY_ED448SIZE) ||
+	    (len > PUBPREFIXLEN + DNS_KEY_ED448SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	memmove(key, buf + len - DNS_KEY_ED448SIZE, DNS_KEY_ED448SIZE);
+	return (ISC_R_SUCCESS);
+}
+
+#define PRIVPREFIXLEN	16
+
+static const unsigned char ed25519_priv_prefix[] = {
+	0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+	0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20
+};
+
+static EVP_PKEY *priv_ed25519_to_ossl(const unsigned char *key)
+{
+	unsigned char buf[PRIVPREFIXLEN + DNS_KEY_ED25519SIZE];
+	const unsigned char *p;
+
+	memmove(buf, ed25519_priv_prefix, PRIVPREFIXLEN);
+	memmove(buf + PRIVPREFIXLEN, key, DNS_KEY_ED25519SIZE);
+	p = buf;
+	return (d2i_PrivateKey(NID_ED25519, NULL, &p,
+			       PRIVPREFIXLEN + DNS_KEY_ED25519SIZE));
+}
+
+static isc_result_t priv_ed25519_from_ossl(EVP_PKEY *pkey,
+					  unsigned char *key)
+{
+	unsigned char buf[PRIVPREFIXLEN + DNS_KEY_ED25519SIZE];
+	unsigned char *p;
+	int len;
+
+	len = i2d_PrivateKey(pkey, NULL);
+	if ((len <= DNS_KEY_ED25519SIZE) ||
+	    (len > PRIVPREFIXLEN + DNS_KEY_ED25519SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	p = buf;
+	len = i2d_PrivateKey(pkey, &p);
+	if ((len <= DNS_KEY_ED25519SIZE) ||
+	    (len > PRIVPREFIXLEN + DNS_KEY_ED25519SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	memmove(key, buf + len - DNS_KEY_ED25519SIZE, DNS_KEY_ED25519SIZE);
+	return (ISC_R_SUCCESS);
+}
+
+static const unsigned char ed448_priv_prefix[] = {
+	0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+	0x03, 0x2b, 0x65, 0x71, 0x04, 0x22, 0x04, 0x20
+};
+
+static EVP_PKEY *priv_ed448_to_ossl(const unsigned char *key)
+{
+	unsigned char buf[PRIVPREFIXLEN + DNS_KEY_ED448SIZE];
+	const unsigned char *p;
+
+	memmove(buf, ed448_priv_prefix, PRIVPREFIXLEN);
+	memmove(buf + PRIVPREFIXLEN, key, DNS_KEY_ED448SIZE);
+	p = buf;
+	return (d2i_PrivateKey(NID_ED448, NULL, &p,
+			       PRIVPREFIXLEN + DNS_KEY_ED448SIZE));
+}
+
+static isc_result_t priv_ed448_from_ossl(EVP_PKEY *pkey,
+					unsigned char *key)
+{
+	unsigned char buf[PRIVPREFIXLEN + DNS_KEY_ED448SIZE];
+	unsigned char *p;
+	int len;
+
+	len = i2d_PrivateKey(pkey, NULL);
+	if ((len <= DNS_KEY_ED448SIZE) ||
+	    (len > PRIVPREFIXLEN + DNS_KEY_ED448SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	p = buf;
+	len = i2d_PrivateKey(pkey, &p);
+	if ((len <= DNS_KEY_ED448SIZE) ||
+	    (len > PRIVPREFIXLEN + DNS_KEY_ED448SIZE))
+		return (DST_R_OPENSSLFAILURE);
+	memmove(key, buf + len - DNS_KEY_ED448SIZE, DNS_KEY_ED448SIZE);
+	return (ISC_R_SUCCESS);
+}
+
+static isc_result_t openssleddsa_todns(const dst_key_t *key,
+				       isc_buffer_t *data);
+
+static isc_result_t
+openssleddsa_createctx(dst_key_t *key, dst_context_t *dctx) {
+	isc_buffer_t *buf = NULL;
+	isc_result_t result;
+
+	UNUSED(key);
+	REQUIRE(dctx->key->key_alg == DST_ALG_ED25519 ||
+		dctx->key->key_alg == DST_ALG_ED448);
+
+	result = isc_buffer_allocate(dctx->mctx, &buf, 64);
+	dctx->ctxdata.generic = buf;
+
+	return (result);
+}
+
+static void
+openssleddsa_destroyctx(dst_context_t *dctx) {
+	isc_buffer_t *buf = (isc_buffer_t *) dctx->ctxdata.generic;
+
+	REQUIRE(dctx->key->key_alg == DST_ALG_ED25519 ||
+		dctx->key->key_alg == DST_ALG_ED448);
+	if (buf != NULL)
+		isc_buffer_free(&buf);
+	dctx->ctxdata.generic = NULL;
+}
+
+static isc_result_t
+openssleddsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
+	isc_buffer_t *buf = (isc_buffer_t *) dctx->ctxdata.generic;
+	isc_buffer_t *nbuf = NULL;
+	isc_region_t r;
+	unsigned int length;
+	isc_result_t result;
+
+	REQUIRE(dctx->key->key_alg == DST_ALG_ED25519 ||
+		dctx->key->key_alg == DST_ALG_ED448);
+
+	result = isc_buffer_copyregion(buf, data);
+	if (result == ISC_R_SUCCESS)
+		return (ISC_R_SUCCESS);
+
+	length = isc_buffer_length(buf) + data->length + 64;
+	result = isc_buffer_allocate(dctx->mctx, &nbuf, length);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	isc_buffer_usedregion(buf, &r);
+	(void) isc_buffer_copyregion(nbuf, &r);
+	(void) isc_buffer_copyregion(nbuf, data);
+	isc_buffer_free(&buf);
+	dctx->ctxdata.generic = nbuf;
+
+	return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+openssleddsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
+	isc_result_t ret;
+	dst_key_t *key = dctx->key;
+	isc_region_t tbsreg;
+	isc_region_t sigreg;
+	EVP_PKEY *pkey = key->keydata.pkey;
+	EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+	isc_buffer_t *buf = (isc_buffer_t *) dctx->ctxdata.generic;
+	size_t siglen;
+
+	REQUIRE(key->key_alg == DST_ALG_ED25519 ||
+		key->key_alg == DST_ALG_ED448);
+
+	if (ctx == NULL)
+		return (ISC_R_NOMEMORY);
+
+	if (key->key_alg == DST_ALG_ED25519)
+		siglen = DNS_SIG_ED25519SIZE;
+	else
+		siglen = DNS_SIG_ED448SIZE;
+
+	isc_buffer_availableregion(sig, &sigreg);
+	if (sigreg.length < (unsigned int) siglen)
+		DST_RET(ISC_R_NOSPACE);
+
+	isc_buffer_usedregion(buf, &tbsreg);
+
+	if (!EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey))
+		DST_RET(dst__openssl_toresult3(dctx->category,
+					       "EVP_DigestSignInit",
+					       ISC_R_FAILURE));
+	if (!EVP_DigestSign(ctx, sigreg.base, &siglen,
+			    tbsreg.base, tbsreg.length))
+		DST_RET(dst__openssl_toresult3(dctx->category,
+					       "EVP_DigestSign",
+					       DST_R_SIGNFAILURE));
+	isc_buffer_add(sig, (unsigned int) siglen);
+	ret = ISC_R_SUCCESS;
+
+ err:
+	if (ctx != NULL)
+		EVP_MD_CTX_free(ctx);
+	isc_buffer_free(&buf);
+	dctx->ctxdata.generic = NULL;
+
+	return (ret);
+}
+
+static isc_result_t
+openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
+	isc_result_t ret;
+	dst_key_t *key = dctx->key;
+	int status;
+	isc_region_t tbsreg;
+	EVP_PKEY *pkey = key->keydata.pkey;
+	EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+	isc_buffer_t *buf = (isc_buffer_t *) dctx->ctxdata.generic;
+	unsigned int siglen;
+
+	REQUIRE(key->key_alg == DST_ALG_ED25519 ||
+		key->key_alg == DST_ALG_ED448);
+
+	if (ctx == NULL)
+		return (ISC_R_NOMEMORY);
+
+	if (key->key_alg == DST_ALG_ED25519)
+		siglen = DNS_SIG_ED25519SIZE;
+	else
+		siglen = DNS_SIG_ED448SIZE;
+
+	if (sig->length != siglen)
+		return (DST_R_VERIFYFAILURE);
+
+	isc_buffer_usedregion(buf, &tbsreg);
+
+	if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+		DST_RET(dst__openssl_toresult3(dctx->category,
+					       "EVP_DigestVerifyInit",
+					       ISC_R_FAILURE));
+
+	status = EVP_DigestVerify(ctx, sig->base, siglen,
+				  tbsreg.base, tbsreg.length);
+
+	switch (status) {
+	case 1:
+		ret = ISC_R_SUCCESS;
+		break;
+	case 0:
+		ret = dst__openssl_toresult(DST_R_VERIFYFAILURE);
+		break;
+	default:
+		ret = dst__openssl_toresult3(dctx->category,
+					     "EVP_DigestVerify",
+					     DST_R_VERIFYFAILURE);
+		break;
+	}
+
+ err:
+	if (ctx != NULL)
+		EVP_MD_CTX_free(ctx);
+	isc_buffer_free(&buf);
+	dctx->ctxdata.generic = NULL;
+
+	return (ret);
+}
+
+static isc_boolean_t
+openssleddsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
+	int status;
+	EVP_PKEY *pkey1 = key1->keydata.pkey;
+	EVP_PKEY *pkey2 = key2->keydata.pkey;
+
+	if (pkey1 == NULL && pkey2 == NULL)
+		return (ISC_TRUE);
+	else if (pkey1 == NULL || pkey2 == NULL)
+		return (ISC_FALSE);
+
+	status = EVP_PKEY_cmp(pkey1, pkey2);
+	if (status == 1)
+		return (ISC_TRUE);
+	return (ISC_FALSE);
+}
+
+static isc_result_t
+openssleddsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
+	isc_result_t ret;
+	EVP_PKEY *pkey = NULL;
+	EVP_PKEY_CTX *ctx = NULL;
+	int nid, status;
+
+	REQUIRE(key->key_alg == DST_ALG_ED25519 ||
+		key->key_alg == DST_ALG_ED448);
+	UNUSED(unused);
+	UNUSED(callback);
+
+	if (key->key_alg == DST_ALG_ED25519) {
+		nid = NID_ED25519;
+		key->key_size = DNS_KEY_ED25519SIZE;
+	} else {
+		nid = NID_ED448;
+		key->key_size = DNS_KEY_ED448SIZE;
+	}
+
+	ctx = EVP_PKEY_CTX_new_id(nid, NULL);
+	if (ctx == NULL)
+		return (dst__openssl_toresult2("EVP_PKEY_CTX_new_id",
+					       DST_R_OPENSSLFAILURE));
+
+	status = EVP_PKEY_keygen_init(ctx);
+	if (status != 1)
+		DST_RET (dst__openssl_toresult2("EVP_PKEY_keygen_init",
+						DST_R_OPENSSLFAILURE));
+
+	status = EVP_PKEY_keygen(ctx, &pkey);
+	if (status != 1)
+		DST_RET (dst__openssl_toresult2("EVP_PKEY_keygen",
+						DST_R_OPENSSLFAILURE));
+
+	key->keydata.pkey = pkey;
+	ret = ISC_R_SUCCESS;
+
+ err:
+	if (ctx != NULL)
+		EVP_PKEY_CTX_free(ctx);
+	return (ret);
+}
+
+static isc_boolean_t
+openssleddsa_isprivate(const dst_key_t *key) {
+	EVP_PKEY *pkey = key->keydata.pkey;
+	int len;
+	unsigned long err;
+
+	if (pkey == NULL)
+		return (ISC_FALSE);
+
+	len = i2d_PrivateKey(pkey, NULL);
+	if (len > 0)
+		return (ISC_TRUE);
+	/* can check if first error is EC_R_INVALID_PRIVATE_KEY */
+	while ((err = ERR_get_error()) != 0)
+		/**/;
+
+	return (ISC_FALSE);
+}
+
+static void
+openssleddsa_destroy(dst_key_t *key) {
+	EVP_PKEY *pkey = key->keydata.pkey;
+
+	EVP_PKEY_free(pkey);
+	key->keydata.pkey = NULL;
+}
+
+static isc_result_t
+openssleddsa_todns(const dst_key_t *key, isc_buffer_t *data) {
+	EVP_PKEY *pkey = key->keydata.pkey;
+	isc_region_t r;
+	isc_result_t result;
+
+	REQUIRE(pkey != NULL);
+
+	pkey = key->keydata.pkey;
+	switch (key->key_alg) {
+	case DST_ALG_ED25519:
+		isc_buffer_availableregion(data, &r);
+		if (r.length < DNS_KEY_ED25519SIZE)
+			return (ISC_R_NOSPACE);
+		result = pub_ed25519_from_ossl(pkey, r.base);
+		if (result == ISC_R_SUCCESS)
+			isc_buffer_add(data, DNS_KEY_ED25519SIZE);
+		return (result);
+	case DST_ALG_ED448:
+		isc_buffer_availableregion(data, &r);
+		if (r.length < DNS_KEY_ED448SIZE)
+			return (ISC_R_NOSPACE);
+		result = pub_ed448_from_ossl(pkey, r.base);
+		if (result == ISC_R_SUCCESS)
+			isc_buffer_add(data, DNS_KEY_ED448SIZE);
+		return (result);
+	default:
+		INSIST(0);
+	}
+}
+
+static isc_result_t
+openssleddsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
+	EVP_PKEY *pkey;
+	isc_region_t r;
+	unsigned int len;
+
+	REQUIRE(key->key_alg == DST_ALG_ED25519 ||
+		key->key_alg == DST_ALG_ED448);
+
+	isc_buffer_remainingregion(data, &r);
+	if (r.length == 0)
+		return (ISC_R_SUCCESS);
+	if (key->key_alg == DST_ALG_ED25519) {
+		len = DNS_KEY_ED25519SIZE;
+		if (r.length < len)
+			return (DST_R_INVALIDPUBLICKEY);
+		pkey = pub_ed25519_to_ossl(r.base);
+	} else {
+		len = DNS_KEY_ED448SIZE;
+		if (r.length < len)
+			return (DST_R_INVALIDPUBLICKEY);
+		pkey = pub_ed448_to_ossl(r.base);
+	}
+	if (pkey == NULL)
+		return (dst__openssl_toresult(ISC_R_FAILURE));
+	isc_buffer_forward(data, len);
+	key->keydata.pkey = pkey;
+	key->key_size = len;
+	return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+openssleddsa_tofile(const dst_key_t *key, const char *directory) {
+	isc_result_t ret;
+	EVP_PKEY *pkey;
+	dst_private_t priv;
+	unsigned char *buf = NULL;
+	unsigned int len;
+
+	REQUIRE(key->key_alg == DST_ALG_ED25519 ||
+		key->key_alg == DST_ALG_ED448);
+
+	if (key->keydata.pkey == NULL)
+		return (DST_R_NULLKEY);
+
+	if (key->external) {
+		priv.nelements = 0;
+		return (dst__privstruct_writefile(key, &priv, directory));
+	}
+
+	pkey = key->keydata.pkey;
+	if (key->key_alg == DST_ALG_ED25519) {
+		len = DNS_KEY_ED25519SIZE;
+		buf = isc_mem_get(key->mctx, len);
+		if (buf == NULL)
+			return (ISC_R_NOMEMORY);
+		priv.elements[0].tag = TAG_EDDSA_PRIVATEKEY;
+		priv.elements[0].length = len;
+		ret = priv_ed25519_from_ossl(pkey, buf);
+		if (ret != ISC_R_SUCCESS)
+			DST_RET (dst__openssl_toresult(ret));
+		priv.elements[0].data = buf;
+		priv.nelements = 1;
+		ret = dst__privstruct_writefile(key, &priv, directory);
+	} else {
+		len = DNS_KEY_ED448SIZE;
+		buf = isc_mem_get(key->mctx, len);
+		if (buf == NULL)
+			return (ISC_R_NOMEMORY);
+		priv.elements[0].tag = TAG_EDDSA_PRIVATEKEY;
+		priv.elements[0].length = len;
+		ret = priv_ed448_from_ossl(pkey, buf);
+		if (ret != ISC_R_SUCCESS)
+			DST_RET (dst__openssl_toresult(ret));
+		priv.elements[0].data = buf;
+		priv.nelements = 1;
+		ret = dst__privstruct_writefile(key, &priv, directory);
+	}
+
+ err:
+	if (buf != NULL)
+		isc_mem_put(key->mctx, buf, len);
+	return (ret);
+}
+
+static isc_result_t
+eddsa_check(EVP_PKEY *privkey, dst_key_t *pub)
+{
+	EVP_PKEY *pkey;
+
+	if (pub == NULL)
+		return (ISC_R_SUCCESS);
+	pkey = pub->keydata.pkey;
+	if (pkey == NULL)
+		return (ISC_R_SUCCESS);
+	if (EVP_PKEY_cmp(privkey, pkey) == 1)
+		return (ISC_R_SUCCESS);
+	return (ISC_R_FAILURE);
+}
+
+static isc_result_t
+openssleddsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
+	dst_private_t priv;
+	isc_result_t ret;
+	EVP_PKEY *pkey = NULL;
+	unsigned int len;
+	isc_mem_t *mctx = key->mctx;
+
+	REQUIRE(key->key_alg == DST_ALG_ED25519 ||
+		key->key_alg == DST_ALG_ED448);
+
+	/* read private key file */
+	ret = dst__privstruct_parse(key, DST_ALG_ED25519, lexer, mctx, &priv);
+	if (ret != ISC_R_SUCCESS)
+		goto err;
+
+	if (key->external) {
+		if (priv.nelements != 0)
+			DST_RET(DST_R_INVALIDPRIVATEKEY);
+		if (pub == NULL)
+			DST_RET(DST_R_INVALIDPRIVATEKEY);
+		key->keydata.pkey = pub->keydata.pkey;
+		pub->keydata.pkey = NULL;
+		dst__privstruct_free(&priv, mctx);
+		memset(&priv, 0, sizeof(priv));
+		return (ISC_R_SUCCESS);
+	}
+
+	if (key->key_alg == DST_ALG_ED25519) {
+		len = DNS_KEY_ED25519SIZE;
+		if (priv.elements[0].length < len)
+			DST_RET(DST_R_INVALIDPRIVATEKEY);
+		pkey = priv_ed25519_to_ossl(priv.elements[0].data);
+	} else {
+		len = DNS_KEY_ED448SIZE;
+		if (priv.elements[0].length < len)
+			DST_RET(DST_R_INVALIDPRIVATEKEY);
+		pkey = priv_ed448_to_ossl(priv.elements[0].data);
+	}
+	if (pkey == NULL)
+		DST_RET (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+	if (eddsa_check(pkey, pub) != ISC_R_SUCCESS) {
+		EVP_PKEY_free(pkey);
+		DST_RET(DST_R_INVALIDPRIVATEKEY);
+	}
+	key->keydata.pkey = pkey;
+	key->key_size = len;
+	ret = ISC_R_SUCCESS;
+
+ err:
+	dst__privstruct_free(&priv, mctx);
+	memset(&priv, 0, sizeof(priv));
+	return (ret);
+}
+
+static dst_func_t openssleddsa_functions = {
+	openssleddsa_createctx,
+	NULL, /*%< createctx2 */
+	openssleddsa_destroyctx,
+	openssleddsa_adddata,
+	openssleddsa_sign,
+	openssleddsa_verify,
+	NULL, /*%< verify2 */
+	NULL, /*%< computesecret */
+	openssleddsa_compare,
+	NULL, /*%< paramcompare */
+	openssleddsa_generate,
+	openssleddsa_isprivate,
+	openssleddsa_destroy,
+	openssleddsa_todns,
+	openssleddsa_fromdns,
+	openssleddsa_tofile,
+	openssleddsa_parse,
+	NULL, /*%< cleanup */
+	NULL, /*%< fromlabel */
+	NULL, /*%< dump */
+	NULL, /*%< restore */
+};
+
+isc_result_t
+dst__openssleddsa_init(dst_func_t **funcp) {
+	REQUIRE(funcp != NULL);
+	if (*funcp == NULL)
+		*funcp = &openssleddsa_functions;
+	return (ISC_R_SUCCESS);
+}
+
+#else /* HAVE_OPENSSL_EDxxx */
+
+#include <isc/util.h>
+
+EMPTY_TRANSLATION_UNIT
+
+#endif /* HAVE_OPENSSL_EDxxx */
+/*! \file */

lib/dns/rcode.c

@@ -132,6 +132,8 @@
 	{ DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \
 	{ DNS_KEYALG_ECDSA256, "ECDSAP256SHA256", 0 }, \
 	{ DNS_KEYALG_ECDSA384, "ECDSAP384SHA384", 0 }, \
+	{ DNS_KEYALG_ED25519, "ED25519", 0 }, \
+	{ DNS_KEYALG_ED448, "ED448", 0 }, \
 	{ DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \
 	{ DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \
 	{ DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \

lib/dns/win32/libdns.dsp.in

@@ -887,6 +887,10 @@ SOURCE=..\opensslecdsa_link.c
 # End Source File
 # Begin Source File
 
+SOURCE=..\openssleddsa_link.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\opensslgost_link.c
 # End Source File
 # Begin Source File
@@ -913,6 +917,10 @@ SOURCE=..\pkcs11ecdsa_link.c
 # End Source File
 # Begin Source File
 
+SOURCE=..\pkcs11eddsa_link.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\pkcs11gost_link.c
 # End Source File
 # Begin Source File

lib/dns/win32/libdns.mak.in

@@ -175,6 +175,7 @@ CLEAN :
 	-@erase "$(INTDIR)\openssldh_link.obj"
 	-@erase "$(INTDIR)\openssldsa_link.obj"
 	-@erase "$(INTDIR)\opensslecdsa_link.obj"
+	-@erase "$(INTDIR)\openssleddsa_link.obj"
 	-@erase "$(INTDIR)\opensslgost_link.obj"
 	-@erase "$(INTDIR)\opensslrsa_link.obj"
 @END OPENSSL
@@ -185,6 +186,7 @@ CLEAN :
 	-@erase "$(INTDIR)\pkcs11dh_link.obj"
 	-@erase "$(INTDIR)\pkcs11dsa_link.obj"
 	-@erase "$(INTDIR)\pkcs11ecdsa_link.obj"
+	-@erase "$(INTDIR)\pkcs11eddsa_link.obj"
 	-@erase "$(INTDIR)\pkcs11gost_link.obj"
 	-@erase "$(INTDIR)\pkcs11rsa_link.obj"
 @END PKCS11
@@ -378,6 +380,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\openssldh_link.obj" \
 	"$(INTDIR)\openssldsa_link.obj" \
 	"$(INTDIR)\opensslecdsa_link.obj" \
+	"$(INTDIR)\openssleddsa_link.obj" \
 	"$(INTDIR)\opensslgost_link.obj" \
 	"$(INTDIR)\opensslrsa_link.obj" \
 @END OPENSSL
@@ -386,6 +389,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\pkcs11dh_link.obj" \
 	"$(INTDIR)\pkcs11dsa_link.obj" \
 	"$(INTDIR)\pkcs11ecdsa_link.obj" \
+	"$(INTDIR)\pkcs11eddsa_link.obj" \
 	"$(INTDIR)\pkcs11gost_link.obj" \
 	"$(INTDIR)\pkcs11rsa_link.obj" \
 @END PKCS11
@@ -529,6 +533,8 @@ CLEAN :
 	-@erase "$(INTDIR)\openssldsa_link.sbr"
 	-@erase "$(INTDIR)\opensslecdsa_link.obj"
 	-@erase "$(INTDIR)\opensslecdsa_link.sbr"
+	-@erase "$(INTDIR)\openssleddsa_link.obj"
+	-@erase "$(INTDIR)\openssleddsa_link.sbr"
 	-@erase "$(INTDIR)\opensslgost_link.obj"
 	-@erase "$(INTDIR)\opensslgost_link.sbr"
 	-@erase "$(INTDIR)\opensslrsa_link.obj"
@@ -547,6 +553,8 @@ CLEAN :
 	-@erase "$(INTDIR)\pkcs11dsa_link.sbr"
 	-@erase "$(INTDIR)\pkcs11ecdsa_link.obj"
 	-@erase "$(INTDIR)\pkcs11ecdsa_link.sbr"
+	-@erase "$(INTDIR)\pkcs11eddsa_link.obj"
+	-@erase "$(INTDIR)\pkcs11eddsa_link.sbr"
 	-@erase "$(INTDIR)\pkcs11gost_link.obj"
 	-@erase "$(INTDIR)\pkcs11gost_link.sbr"
 	-@erase "$(INTDIR)\pkcs11rsa_link.obj"
@@ -780,6 +788,7 @@ BSC32_SBRS= \
 	"$(INTDIR)\openssldh_link.sbr" \
 	"$(INTDIR)\openssldsa_link.sbr" \
 	"$(INTDIR)\opensslecdsa_link.sbr" \
+	"$(INTDIR)\openssleddsa_link.sbr" \
 	"$(INTDIR)\opensslgost_link.sbr" \
 	"$(INTDIR)\opensslrsa_link.sbr" \
 @END OPENSSL
@@ -788,6 +797,7 @@ BSC32_SBRS= \
 	"$(INTDIR)\pkcs11dh_link.sbr" \
 	"$(INTDIR)\pkcs11dsa_link.sbr" \
 	"$(INTDIR)\pkcs11ecdsa_link.sbr" \
+	"$(INTDIR)\pkcs11eddsa_link.sbr" \
 	"$(INTDIR)\pkcs11gost_link.sbr" \
 	"$(INTDIR)\pkcs11rsa_link.sbr"
 @END PKCS11
@@ -899,6 +909,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\openssldh_link.obj" \
 	"$(INTDIR)\openssldsa_link.obj" \
 	"$(INTDIR)\opensslecdsa_link.obj" \
+	"$(INTDIR)\openssleddsa_link.obj" \
 	"$(INTDIR)\opensslgost_link.obj" \
 	"$(INTDIR)\opensslrsa_link.obj" \
 @END OPENSSL
@@ -907,6 +918,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\pkcs11dh_link.obj" \
 	"$(INTDIR)\pkcs11dsa_link.obj" \
 	"$(INTDIR)\pkcs11ecdsa_link.obj" \
+	"$(INTDIR)\pkcs11eddsa_link.obj" \
 	"$(INTDIR)\pkcs11gost_link.obj" \
 	"$(INTDIR)\pkcs11rsa_link.obj" \
 @END PKCS11
@@ -2644,6 +2656,24 @@ SOURCE=..\opensslecdsa_link.c
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
+!ENDIF 
+
+SOURCE=..\openssleddsa_link.c
+
+!IF  "$(CFG)" == "libdns - @PLATFORM@ Release"
+
+
+"$(INTDIR)\openssleddsa_link.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "libdns - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\openssleddsa_link.obj"	"$(INTDIR)\openssleddsa_link.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
 !ENDIF 
 
 SOURCE=..\opensslgost_link.c
@@ -2754,6 +2784,24 @@ SOURCE=..\pkcs11ecdsa_link.c
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
+!ENDIF 
+
+SOURCE=..\pkcs11eddsa_link.c
+
+!IF  "$(CFG)" == "libdns - @PLATFORM@ Release"
+
+
+"$(INTDIR)\pkcs11eddsa_link.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "libdns - @PLATFORM@ Debug"
+
+
+"$(INTDIR)\pkcs11eddsa_link.obj"	"$(INTDIR)\pkcs11eddsa_link.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
 !ENDIF 
 
 SOURCE=..\pkcs11gost_link.c

lib/dns/win32/libdns.vcxproj.filters.in

@@ -309,6 +309,9 @@
     <ClCompile Include="..\opensslecdsa_link.c">
       <Filter>Dst Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\openssleddsa_link.c">
+      <Filter>Dst Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="..\opensslgost_link.c">
       <Filter>Dst Source Files</Filter>
     </ClCompile>
@@ -329,6 +332,9 @@
     <ClCompile Include="..\pkcs11ecdsa_link.c">
       <Filter>Dst Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\pkcs11eddsa_link.c">
+      <Filter>Dst Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="..\pkcs11gost_link.c">
       <Filter>Dst Source Files</Filter>
     </ClCompile>

lib/dns/win32/libdns.vcxproj.in

@@ -163,6 +163,7 @@
     <ClCompile Include="..\openssldh_link.c" />
     <ClCompile Include="..\openssldsa_link.c" />
     <ClCompile Include="..\opensslecdsa_link.c" />
+    <ClCompile Include="..\openssleddsa_link.c" />
     <ClCompile Include="..\opensslgost_link.c" />
     <ClCompile Include="..\opensslrsa_link.c" />
     <ClCompile Include="..\openssl_link.c" />
@@ -174,6 +175,7 @@
     <ClCompile Include="..\pkcs11dh_link.c" />
     <ClCompile Include="..\pkcs11dsa_link.c" />
     <ClCompile Include="..\pkcs11ecdsa_link.c" />
+    <ClCompile Include="..\pkcs11eddsa_link.c" />
     <ClCompile Include="..\pkcs11gost_link.c" />
     <ClCompile Include="..\pkcs11rsa_link.c" />
 @END PKCS11

lib/isc/hmacmd5.c

@@ -95,8 +95,19 @@ isc_hmacmd5_init(isc_hmacmd5_t *ctx, const unsigned char *key,
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 		{ CKA_VALUE, NULL, (CK_ULONG) len }
 	};
+#ifdef PK11_PAD_HMAC_KEYS
+	CK_BYTE keypad[ISC_MD5_DIGESTLENGTH];
 
+	if (len < ISC_MD5_DIGESTLENGTH) {
+		memset(keypad, 0, ISC_MD5_DIGESTLENGTH);
+		memmove(keypad, key, len);
+		keyTemplate[5].pValue = keypad;
+		keyTemplate[5].ulValueLen = ISC_MD5_DIGESTLENGTH;
+	} else
+		DE_CONST(key, keyTemplate[5].pValue);
+#else
 	DE_CONST(key, keyTemplate[5].pValue);
+#endif
 	RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
 				       ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
 	ctx->object = CK_INVALID_HANDLE;

lib/isc/hmacsha.c

@@ -265,8 +265,19 @@ isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key,
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 		{ CKA_VALUE, NULL, (CK_ULONG) len }
 	};
+#ifdef PK11_PAD_HMAC_KEYS
+	CK_BYTE keypad[ISC_SHA1_DIGESTLENGTH];
 
+	if (len < ISC_SHA1_DIGESTLENGTH) {
+		memset(keypad, 0, ISC_SHA1_DIGESTLENGTH);
+		memmove(keypad, key, len);
+		keyTemplate[5].pValue = keypad;
+		keyTemplate[5].ulValueLen = ISC_SHA1_DIGESTLENGTH;
+	} else
+		DE_CONST(key, keyTemplate[5].pValue);
+#else
 	DE_CONST(key, keyTemplate[5].pValue);
+#endif
 	RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
 				       ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
 	ctx->object = CK_INVALID_HANDLE;
@@ -424,8 +435,19 @@ isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key,
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 		{ CKA_VALUE, NULL, (CK_ULONG) len }
 	};
+#ifdef PK11_PAD_HMAC_KEYS
+	CK_BYTE keypad[ISC_SHA224_DIGESTLENGTH];
 
+	if (len < ISC_SHA224_DIGESTLENGTH) {
+		memset(keypad, 0, ISC_SHA224_DIGESTLENGTH);
+		memmove(keypad, key, len);
+		keyTemplate[5].pValue = keypad;
+		keyTemplate[5].ulValueLen = ISC_SHA224_DIGESTLENGTH;
+	} else
+		DE_CONST(key, keyTemplate[5].pValue);
+#else
 	DE_CONST(key, keyTemplate[5].pValue);
+#endif
 	RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
 				       ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
 	ctx->object = CK_INVALID_HANDLE;
@@ -583,8 +605,19 @@ isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key,
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 		{ CKA_VALUE, NULL, (CK_ULONG) len }
 	};
+#ifdef PK11_PAD_HMAC_KEYS
+	CK_BYTE keypad[ISC_SHA256_DIGESTLENGTH];
 
+	if (len < ISC_SHA256_DIGESTLENGTH) {
+		memset(keypad, 0, ISC_SHA256_DIGESTLENGTH);
+		memmove(keypad, key, len);
+		keyTemplate[5].pValue = keypad;
+		keyTemplate[5].ulValueLen = ISC_SHA256_DIGESTLENGTH;
+	} else
+		DE_CONST(key, keyTemplate[5].pValue);
+#else
 	DE_CONST(key, keyTemplate[5].pValue);
+#endif
 	RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
 				       ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
 	ctx->object = CK_INVALID_HANDLE;
@@ -742,8 +775,19 @@ isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key,
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 		{ CKA_VALUE, NULL, (CK_ULONG) len }
 	};
+#ifdef PK11_PAD_HMAC_KEYS
+	CK_BYTE keypad[ISC_SHA384_DIGESTLENGTH];
 
+	if (len < ISC_SHA384_DIGESTLENGTH) {
+		memset(keypad, 0, ISC_SHA384_DIGESTLENGTH);
+		memmove(keypad, key, len);
+		keyTemplate[5].pValue = keypad;
+		keyTemplate[5].ulValueLen = ISC_SHA384_DIGESTLENGTH;
+	} else
+		DE_CONST(key, keyTemplate[5].pValue);
+#else
 	DE_CONST(key, keyTemplate[5].pValue);
+#endif
 	RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
 				       ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
 	ctx->object = CK_INVALID_HANDLE;
@@ -901,8 +945,19 @@ isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key,
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 		{ CKA_VALUE, NULL, (CK_ULONG) len }
 	};
+#ifdef PK11_PAD_HMAC_KEYS
+	CK_BYTE keypad[ISC_SHA512_DIGESTLENGTH];
 
+	if (len < ISC_SHA512_DIGESTLENGTH) {
+		memset(keypad, 0, ISC_SHA512_DIGESTLENGTH);
+		memmove(keypad, key, len);
+		keyTemplate[5].pValue = keypad;
+		keyTemplate[5].ulValueLen = ISC_SHA512_DIGESTLENGTH;
+	} else
+		DE_CONST(key, keyTemplate[5].pValue);
+#else
 	DE_CONST(key, keyTemplate[5].pValue);
+#endif
 	RUNTIME_CHECK(pk11_get_session(ctx, OP_DIGEST, ISC_TRUE, ISC_FALSE,
 				       ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
 	ctx->object = CK_INVALID_HANDLE;

lib/isc/include/pk11/constants.h

@@ -23,6 +23,12 @@ static CK_BYTE pk11_ecc_prime256v1[] = {
 static CK_BYTE pk11_ecc_secp384r1[] = {
 	0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
 };
+static CK_BYTE pk11_ecc_ed25519[] = {
+	0x06, 0x03, 0x2b, 0x65, 0x70
+};
+static CK_BYTE pk11_ecc_ed448[] = {
+	0x06, 0x03, 0x2b, 0x65, 0x71
+};
 #endif
 
 #ifdef WANT_DH_PRIMES

lib/isc/include/pk11/site.h

@@ -23,6 +23,9 @@
  *
  *\li PK11_<algorithm>_DISABLE:
  *	Same as SKIP, and disable support for the algorithm.
+ *
+ *\li PK11_PAD_HMAC_KEYS:
+ *	Extend HMAC keys shorter than digest length.
  */
 
 /* current implemented flags are:
@@ -38,6 +41,7 @@ PK11_SHA512_HMAC_REPLACE
 PK11_MD5_DISABLE
 PK11_DSA_DISABLE
 PK11_DH_DISABLE
+PK11_PAD_HMAC_KEYS
 */
 
 /*
@@ -66,8 +70,11 @@ PK11_DH_DISABLE
 #endif
 
 #if PK11_FLAVOR == PK11_SOFTHSMV1_FLAVOR
-#define PK11_DH_DISABLE
+#define PK11_PAD_HMAC_KEYS
-#define PK11_DSA_DISABLE
+#endif
+
+#if PK11_FLAVOR == PK11_SOFTHSMV2_FLAVOR
+/* SoftHSMv2 was updated to enforce minimal key sizes... argh! */
 #define PK11_MD5_HMAC_REPLACE
 #define PK11_SHA_1_HMAC_REPLACE
 #define PK11_SHA224_HMAC_REPLACE
@@ -76,9 +83,6 @@ PK11_DH_DISABLE
 #define PK11_SHA512_HMAC_REPLACE
 #endif
 
-#if PK11_FLAVOR == PK11_SOFTHSMV2_FLAVOR
-#endif
-
 #if PK11_FLAVOR == PK11_CRYPTECH_FLAVOR
 #define PK11_DH_DISABLE
 #define PK11_DSA_DISABLE

lib/isc/include/pkcs11/Makefile.in

@@ -17,7 +17,7 @@ VERSION=@BIND9_VERSION@
 # machine generated.  The latter are handled specially in the
 # install target below.
 #
-HEADERS =	pkcs11f.h pkcs11.h pkcs11t.h
+HEADERS =	pkcs11f.h pkcs11.h pkcs11t.h eddsa.h
 SUBDIRS =
 TARGETS =
 

lib/isc/include/pkcs11/eddsa.h

@@ -0,0 +1,22 @@
+#ifndef _EDDSA_H_
+#define _EDDSA_H_ 1
+
+#ifndef CKK_EDDSA
+#ifdef PK11_SOFTHSMV2_FLAVOR
+#define CKK_EDDSA               0x00008003UL
+#endif
+#endif
+
+#ifndef CKM_EDDSA_KEY_PAIR_GEN
+#ifdef PK11_SOFTHSMV2_FLAVOR
+#define CKM_EDDSA_KEY_PAIR_GEN         0x00009040UL
+#endif
+#endif
+
+#ifndef CKM_EDDSA
+#ifdef PK11_SOFTHSMV2_FLAVOR
+#define CKM_EDDSA                      0x00009041UL
+#endif
+#endif
+
+#endif /* _EDDSA_H_ */

lib/isc/pk11.c

@@ -30,6 +30,7 @@
 
 #include <pkcs11/cryptoki.h>
 #include <pkcs11/pkcs11.h>
+#include <pkcs11/eddsa.h>
 
 /* was 32 octets, Petr Spacek suggested 1024, SoftHSMv2 uses 256... */
 #ifndef PINLEN
@@ -871,12 +872,33 @@ scan_slots(void) {
 			PK11_TRACEM(CKM_GOSTR3410_WITH_GOSTR3411);
 		}
 		if (bad)
-			goto try_aes;
+			goto try_eddsa;
 		token->operations |= 1 << OP_GOST;
 		if (best_gost_token == NULL)
 			best_gost_token = token;
 
+	try_eddsa:
+#if defined(CKM_EDDSA_KEY_PAIR_GEN) && defined(CKM_EDDSA) && defined(CKK_EDDSA)
+		bad = ISC_FALSE;
+		rv = pkcs_C_GetMechanismInfo(slot, CKM_EDDSA_KEY_PAIR_GEN,
+					     &mechInfo);
+		if ((rv != CKR_OK) ||
+		    ((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0)) {
+			bad = ISC_TRUE;
+			PK11_TRACEM(CKM_EDDSA_KEY_PAIR_GEN);
+		}
+		rv = pkcs_C_GetMechanismInfo(slot, CKM_EDDSA, &mechInfo);
+		if ((rv != CKR_OK) ||
+		    ((mechInfo.flags & CKF_SIGN) == 0) ||
+		    ((mechInfo.flags & CKF_VERIFY) == 0)) {
+			bad = ISC_TRUE;
+			PK11_TRACEM(CKM_EDDSA);
+		}
+		if (bad)
+			goto try_aes;
+
 	try_aes:
+#endif
 		bad = ISC_FALSE;
 		rv = pkcs_C_GetMechanismInfo(slot, CKM_AES_ECB, &mechInfo);
 		if ((rv != CKR_OK) || ((mechInfo.flags & CKF_ENCRYPT) == 0)) {

win32utils/Configure

@@ -406,9 +406,13 @@ my @substdefh = ("AES_CC",
                  "HAVE_OPENSSL_AES",
                  "HAVE_OPENSSL_DSA",
                  "HAVE_OPENSSL_ECDSA",
+                 "HAVE_OPENSSL_ED25519",
+                 "HAVE_OPENSSL_ED448",
                  "HAVE_OPENSSL_EVP_AES",
                  "HAVE_OPENSSL_GOST",
                  "HAVE_PKCS11_ECDSA",
+                 "HAVE_PKCS11_ED25519",
+                 "HAVE_PKCS11_ED448",
                  "HAVE_PKCS11_GOST",
                  "HAVE_READLINE",
                  "HAVE_ZLIB",
@@ -569,6 +573,7 @@ my @withlist = ("aes",
                 "cc-alg",
                 "cross-compile",
                 "ecdsa",
+                "eddsa",
                 "extra-tests",
                 "gssapi",
                 "geoip",
@@ -629,6 +634,7 @@ my @help = (
 "  with-openssl[=PATH]   build with OpenSSL yes|no|path\n",
 "  with-pkcs11[=PATH]    build with PKCS#11 support yes|no|provider-path\n",
 "  with-ecdsa            crypto ECDSA\n",
+"  with-eddsa            crypto EDDSA yes|all|no\n",
 "  with-gost[=ENC]       crypto GOST yes|no|raw|ans1\n",
 "  with-aes              crypto AES\n",
 "  with-cc-alg           choose the algorithm for cookies aes|sha1|sha256\n",
@@ -673,6 +679,8 @@ my $openssl_path = "..\\..\\";
 my $use_pkcs11 = "no";
 my $pkcs11_path = "unknown";
 my $use_ecdsa = "auto";
+my $use_eddsa = "auto";
+my $use_ed448 = "auto";
 my $use_gost = "auto";
 my $gost_encoding = "raw";
 my $use_aes = "auto";
@@ -753,19 +761,19 @@ if ($legacy_only && ($want_x64 ne "yes")) {
 }
 
 if ($want_checkfiles eq "yes") {
-	foreach (@filelist) {
+        foreach (@filelist) {
-		next if -r $_ . ".in";
+                next if -r $_ . ".in";
-		s/\\/\//g;
+                s/\\/\//g;
-		next if -r $_ . ".in";
+                next if -r $_ . ".in";
-		print "missing $_.in from filelist\n";
+                print "missing $_.in from filelist\n";
-	}
+        }
-	foreach (@projectlist) {
+        foreach (@projectlist) {
-		next if -r $_ . ".in";
+                next if -r $_ . ".in";
-		s/\\/\//g;
+                s/\\/\//g;
-		next if -r $_ . ".in";
+                next if -r $_ . ".in";
-		print "missing $_.in from projectlist\n";
+                print "missing $_.in from projectlist\n";
-	}
+        }
-	exit(0);
+        exit(0);
 }
 
 # configure the platform
@@ -966,10 +974,19 @@ sub mywith {
         } elsif ($val =~ /^yes$/i) {
             $use_ecdsa = "yes";
         }
+    } elsif ($key =~ /^eddsa$/i) {
+        if ($val =~ /^no$/i) {
+            $use_eddsa = "no";
+        } elsif ($val !~ /^no$/i) {
+            $use_eddsa = "yes";
+            if ($val =~ /^all$/i) {
+                $use_ed448 = "yes";
+            }
+        }
     } elsif ($key =~ /^gost$/i) {
         if ($val =~ /^no$/i) {
             $use_gost = "no";
-        } elsif ($val =~ /^yes$/i) {
+        } elsif ($val !~ /^no$/i) {
             $use_gost = "yes";
             $gost_encoding = $val;
         }
@@ -1204,6 +1221,16 @@ if ($verbose) {
     } else {
         print "ecdsa: enabled\n";
     }
+    if ($use_eddsa eq "no") {
+        print "eddsa: disabled\n";
+    } else {
+        print "ed25519: enabled\n";
+        if ($use_ed448 eq "no") {
+            print "ed448: disabled\n";
+        } else {
+            print "ed448: enabled\n";
+        }
+    }
     if ($use_gost eq "no") {
         print "gost: disabled\n";
     } else {
@@ -1497,6 +1524,26 @@ if ($enable_native_pkcs11 eq "yes") {
         }
         $configdefh{"HAVE_PKCS11_ECDSA"} = 1;
     }
+    if ($use_eddsa eq "no") {
+        if ($verbose) {
+            print "no EDDSA support in native PKCS#11\n";
+        }
+    } else {
+        if ($verbose) {
+            print "enabled Ed25519 support in native PKCS#11\n";
+        }
+        $configdefh{"HAVE_PKCS11_ED25519"} = 1;
+        if ($use_ed448 eq "no") {
+            if ($verbose) {
+                print "no Ed448 support in native PKCS#11\n";
+            }
+        } else {
+            if ($verbose) {
+                print "enabled Ed448 support in native PKCS#11\n";
+            }
+            $configdefh{"HAVE_PKCS11_ED448"} = 1;
+        }
+    }
     if ($use_gost eq "no") {
         if ($verbose) {
             print "no GOST support in native PKCS#11\n";
@@ -1831,6 +1878,7 @@ EOF
             if ($verbose) {
                 print "EVP_sha512 test failed: disabling EVP_sha512\n";
             }
+            $use_eddsa = "no";
         } else {
             $configdefh{"HAVE_EVP_SHA512"} = 1;
         }
@@ -1839,6 +1887,7 @@ EOF
             print "can't compile EVP_sha512 test: $compret\n";
             print "disabling EVP_sha512\n";
         }
+        $use_eddsa = "no";
     }
 }
 
@@ -1893,6 +1942,104 @@ if ($use_ecdsa ne "no") {
     $configdefh{"HAVE_OPENSSL_ECDSA"} = 1;
 }
 
+# with-eddsa
+if ($use_openssl eq "no") {
+    $use_eddsa = "no";
+}
+if ($use_eddsa eq "auto") {
+    if ($verbose) {
+        print "checking for OpenSSL ED25519 support\n";
+    }
+    open F, ">tested25519.c" || die $!;
+    print F << 'EOF';
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+
+int
+main(void)
+{
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+        if (ctx == NULL)
+                return (2);
+        return (0);
+}
+EOF
+    close F;
+    my $include = $configinc{"OPENSSL_INC"};
+    my $library = $configlib{"OPENSSL_LIB"};
+    $compret = `cl /nologo /MD /I "$include" tested25519.c "$library"`;
+    if (grep { -f and -x } ".\\tested25519.exe") {
+        `.\\tested25519.exe`;
+        if ($? != 0) {
+            if ($verbose) {
+                print "EDDSA test failed: disabling EDDSA\n";
+            }
+            $use_eddsa = "no";
+        }
+    } else {
+        if ($verbose) {
+            print "can't compile EDDSA test: $compret\n";
+            print "disabling EDDSA\n";
+        }
+    $use_eddsa = "no";
+    }
+}
+
+if ($use_eddsa ne "no") {
+    $use_eddsa = "yes";
+    $configdefh{"HAVE_OPENSSL_ED25519"} = 1;
+} else {
+    $use_ed448 = "no";
+}
+
+if ($use_ed448 eq "auto") {
+    if ($verbose) {
+        print "checking for OpenSSL ED448 support\n";
+    }
+    open F, ">tested448.c" || die $!;
+    print F << 'EOF';
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+
+int
+main(void)
+{
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
+        if (ctx == NULL)
+                return (2);
+        return (0);
+}
+EOF
+    close F;
+    my $include = $configinc{"OPENSSL_INC"};
+    my $library = $configlib{"OPENSSL_LIB"};
+    $compret = `cl /nologo /MD /I "$include" tested448.c "$library"`;
+    if (grep { -f and -x } ".\\tested448.exe") {
+        `.\\tested448.exe`;
+        if ($? != 0) {
+            if ($verbose) {
+                print "ED448 test failed: disabling ED448\n";
+            }
+            $use_ed448 = "no";
+        }
+    } else {
+        if ($verbose) {
+            print "can't compile ED448 test: $compret\n";
+            print "disabling ED448\n";
+        }
+    $use_ed448 = "no";
+    }
+}
+
+if ($use_ed448 ne "no") {
+    $use_ed448 = "yes";
+    $configdefh{"HAVE_OPENSSL_ED448"} = 1;
+}
+
 # with-gost
 if ($use_openssl eq "no") {
     $use_gost = "no";
@@ -3425,6 +3572,7 @@ exit 0;
 #  --with-openssl supported
 #  --with-pkcs11 supported
 #  --with-ecdsa supported
+#  --with-eddsa supported
 #  --with-gost supported
 #  --with-aes supported
 #  --with-cc-alg supported