From a579b0ad7e0403a3d5629b95fc1aa16713aa474b Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 10 Jan 2017 16:04:22 +0100 Subject: [PATCH] update Ed25519 algorithm number and mnemonic http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml --- pdns/dbdnsseckeeper.cc | 2 +- pdns/dnssecinfra.cc | 2 +- pdns/dnsseckeeper.hh | 8 ++++---- pdns/pdnsutil.cc | 4 ++-- pdns/sodiumsigners.cc | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index f115e018b..a62784fbe 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -79,7 +79,7 @@ bool DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, in if(algorithm <= 10) throw runtime_error("Creating an algorithm " +std::to_string(algorithm)+" ("+algorithm2name(algorithm)+") key requires the size (in bits) to be passed"); else { - if(algorithm == 12 || algorithm == 13 || algorithm == 250) // GOST, ECDSAP256SHA256, ED25519SHA512 + if(algorithm == 12 || algorithm == 13 || algorithm == 15) // GOST, ECDSAP256SHA256, ED25519 bits = 256; else if(algorithm == 14) // ECDSAP384SHA384 bits = 384; diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index 54f6b8e79..8a17cac03 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -236,7 +236,7 @@ pair DNSCryptoKeyEngine::testMakers(unsigned int alg unsigned int bits; if(algo <= 10) bits=1024; - else if(algo == 12 || algo == 13 || algo == 250) // ECC-GOST or ECDSAP256SHA256 or ED25519SHA512 + else if(algo == 12 || algo == 13 || algo == 15) // ECC-GOST or ECDSAP256SHA256 or ED25519 bits=256; else if(algo == 14) // ECDSAP384SHA384 bits = 384; diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index 38dbc5646..9c8582f3c 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -51,7 +51,7 @@ public: ECCGOST=12, ECDSA256=13, ECDSA384=14, - EXPERIMENTALED25519=250 + ED25519=15 }; struct KeyMetaData @@ -91,7 +91,7 @@ public: if (!algorithm.compare("gost")) return ECCGOST; if (!algorithm.compare("ecdsa256")) return ECDSA256; if (!algorithm.compare("ecdsa384")) return ECDSA384; - if (!algorithm.compare("experimental-ed25519")) return EXPERIMENTALED25519; + if (!algorithm.compare("ed25519")) return ED25519; return -1; } @@ -124,8 +124,8 @@ public: return "ECDSAP256SHA256"; case ECDSA384: return "ECDSAP384SHA384"; - case EXPERIMENTALED25519: - return "ED25519SHA512"; + case ED25519: + return "ED25519"; case 252: return "INDIRECT"; case 253: diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index c62e1edc4..88d58558d 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -1910,7 +1910,7 @@ try cout<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|inactive]"<()); if(algorithm <= 10) bits = keyOrZone ? 2048 : 1024; else { - if(algorithm == 12 || algorithm == 13 || algorithm == 250) // ECDSA, GOST, ED25519 + if(algorithm == 12 || algorithm == 13 || algorithm == 15) // ECDSA, GOST, ED25519 bits = 256; else if(algorithm == 14) bits = 384; diff --git a/pdns/sodiumsigners.cc b/pdns/sodiumsigners.cc index 7c6d744da..a937484aa 100644 --- a/pdns/sodiumsigners.cc +++ b/pdns/sodiumsigners.cc @@ -52,12 +52,12 @@ DNSCryptoKeyEngine::storvector_t SodiumED25519DNSCryptoKeyEngine::convertToISCVe { /* Private-key-format: v1.2 - Algorithm: 250 (ED25519SHA512) + Algorithm: 15 (ED25519) PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ= */ storvector_t storvector; - string algorithm = "250 (ED25519SHA512)"; + string algorithm = "15 (ED25519)"; storvector.push_back(make_pair("Algorithm", algorithm)); @@ -70,7 +70,7 @@ void SodiumED25519DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std:: { /* Private-key-format: v1.2 - Algorithm: 250 (ED25519SHA512) + Algorithm: 15 (ED25519) PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ= */ @@ -146,7 +146,7 @@ struct LoaderSodiumStruct { LoaderSodiumStruct() { - DNSCryptoKeyEngine::report(250, &SodiumED25519DNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(15, &SodiumED25519DNSCryptoKeyEngine::maker); } } loadersodium; } -- 2.49.0