Commit 20f2d9b4 authored by Mark Andrews's avatar Mark Andrews

test Ed448 against test vectors

parent 5da97eee
example.com. IN DNSKEY 257 3 16 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx1FYYUcJKm1MDpJtIA
Private-key-format: v1.2
Algorithm: 16 (ED448)
PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA
example.com. IN DNSKEY 257 3 16 kkreGWoccSDmUBGAe7+zsbG6ZAFQp+syPmYUurBRQc3tDjeMCJcVMRDmgcNLp5HlHAMy12VoISsA
Private-key-format: v1.2
Algorithm: 16 (ED448)
PrivateKey: WEykD3ht3MHkU8iH4uVOLz8JLwtRBSqiBoM6fF72+Mrp/u5gjxuB1DV6NnPO2BlZdz4hdSTkOdOA
......@@ -21,3 +21,5 @@ ns.example.com. A 10.53.0.3
;
$INCLUDE Kexample.com.+015+03613.key
$INCLUDE Kexample.com.+015+35217.key
$INCLUDE Kexample.com.+016+09713.key
$INCLUDE Kexample.com.+016+38353.key
......@@ -18,7 +18,9 @@ starttime=20150729220000
endtime=20150819220000
for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \
Xexample.com.+015+35217.key Xexample.com.+015+35217.private
Xexample.com.+015+35217.key Xexample.com.+015+35217.private \
Xexample.com.+016+09713.key Xexample.com.+016+09713.private \
Xexample.com.+016+38353.key Xexample.com.+016+38353.private
do
cp $i `echo $i | sed s/X/K/`
done
......
......@@ -13,7 +13,7 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
n=1
rm -f dig.out.*
......@@ -33,7 +33,7 @@ status=`expr $status + $ret`
# Check test vectors (RFC 8080 + errata)
echo "I:checking that test vectors match ($n)"
echo "I:checking that Ed25519 test vectors match ($n)"
ret=0
grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/null || ret=1
grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1
......@@ -43,5 +43,23 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking that Ed448 test vectors match ($n)"
ret=0
grep '3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLm' ns2/example.com.db.signed > /dev/null || ret=1
grep 'jInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKi' ns2/example.com.db.signed > /dev/null || ret=1
grep 'wZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQ' ns2/example.com.db.signed > /dev/null || ret=1
grep 'vE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213' ns2/example.com.db.signed > /dev/null || ret=1
grep 'WKsJlwEA' ns2/example.com.db.signed > /dev/null || ret=1
grep 'E1/oLjSGIbmLny/4fcgM1z4oL6aqo+izT3ur' ns2/example.com.db.signed > /dev/null || ret=1
grep 'CyHyvEp4Sp8Syg1eI+lJ57CSnZqjJP41O/9l' ns2/example.com.db.signed > /dev/null || ret=1
grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns2/example.com.db.signed > /dev/null || ret=1
grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns2/example.com.db.signed > /dev/null || ret=1
grep 'ZmQ0YQUA' ns2/example.com.db.signed > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -285,6 +285,9 @@
/* define if OpenSSL supports Ed25519 */
#undef HAVE_OPENSSL_ED25519
/* define if OpenSSL supports Ed448 */
#undef HAVE_OPENSSL_ED448
/* Define to 1 if you have the `processor_bind' function. */
#undef HAVE_PROCESSOR_BIND
......
......@@ -15996,15 +15996,29 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Ed448 support" >&5
$as_echo_n "checking for Ed448 support... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: broken" >&5
$as_echo "broken" >&6; }
#AC_COMPILE_IFELSE(
# [AC_LANG_PROGRAM([[#include <openssl/evp.h>
# #include <openssl/ec.h>]],
# [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED448);]])],
# [AC_DEFINE([HAVE_OPENSSL_ED448], [1], [define if OpenSSL supports Ed448])
# AC_MSG_RESULT([yes])],
# [AC_MSG_RESULT([no])])
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <openssl/evp.h>
#include <openssl/ec.h>
int
main ()
{
EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED448);
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
$as_echo "#define HAVE_OPENSSL_ED448 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
#
# Check for OpenSSL SHA-1 support
......
......@@ -805,14 +805,13 @@ AC_COMPILE_IFELSE(
[AC_MSG_RESULT([no])])
AC_MSG_CHECKING([for Ed448 support])
AC_MSG_RESULT([broken])
#AC_COMPILE_IFELSE(
# [AC_LANG_PROGRAM([[#include <openssl/evp.h>
# #include <openssl/ec.h>]],
# [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED448);]])],
# [AC_DEFINE([HAVE_OPENSSL_ED448], [1], [define if OpenSSL supports Ed448])
# AC_MSG_RESULT([yes])],
# [AC_MSG_RESULT([no])])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[#include <openssl/evp.h>
#include <openssl/ec.h>]],
[[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED448);]])],
[AC_DEFINE([HAVE_OPENSSL_ED448], [1], [define if OpenSSL supports Ed448])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
#
# Check for OpenSSL SHA-1 support
......
......@@ -614,6 +614,10 @@
./bin/tests/system/eddsa/ns2/Xexample.com.+015+03613.private X 2017,2018,2019
./bin/tests/system/eddsa/ns2/Xexample.com.+015+35217.key X 2017,2018,2019
./bin/tests/system/eddsa/ns2/Xexample.com.+015+35217.private X 2017,2018,2019
./bin/tests/system/eddsa/ns2/Xexample.com.+016+09713.key X 2019
./bin/tests/system/eddsa/ns2/Xexample.com.+016+09713.private X 2019
./bin/tests/system/eddsa/ns2/Xexample.com.+016+38353.key X 2019
./bin/tests/system/eddsa/ns2/Xexample.com.+016+38353.private X 2019
./bin/tests/system/eddsa/ns2/sign.sh SH 2017,2018,2019
./bin/tests/system/eddsa/prereq.sh SH 2017,2018,2019
./bin/tests/system/eddsa/setup.sh SH 2017,2018,2019
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment