update Ed25519 algorithm number and mnemonic

http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 70849f12d61c266fe8574227e8dab1f5d1ef015b..ea9b6ff06e8cc0bbf6595cf7a4ea6b39c3fb6586 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -79,7 +79,7 @@ bool DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, in
     if(algorithm <= 10)
       throw runtime_error("Creating an algorithm " +std::to_string(algorithm)+" ("+algorithm2name(algorithm)+") key requires the size (in bits) to be passed.");
     else {
-      if(algorithm == 12 || algorithm == 13 || algorithm == 250) // GOST, ECDSAP256SHA256, ED25519SHA512
+      if(algorithm == 12 || algorithm == 13 || algorithm == 15) // GOST, ECDSAP256SHA256, ED25519
         bits = 256;
       else if(algorithm == 14) // ECDSAP384SHA384
         bits = 384;

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index f213d353e831ac8cd1aa7351782c414e49b415b0..9d47abe80c5529d6d63b9be203046daf5a4a3f26 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -236,7 +236,7 @@ pair<unsigned int, unsigned int> DNSCryptoKeyEngine::testMakers(unsigned int alg
   unsigned int bits;
   if(algo <= 10)
     bits=1024;
-  else if(algo == 12 || algo == 13 || algo == 250) // ECC-GOST or ECDSAP256SHA256 or ED25519SHA512
+  else if(algo == 12 || algo == 13 || algo == 15) // ECC-GOST or ECDSAP256SHA256 or ED25519
     bits=256;
   else if(algo == 14) // ECDSAP384SHA384
     bits = 384;

diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 7a9a296649752e5d3a58fcdbf046de3ae17673dd..73b4b89fd194717d90ec29952b20f6ea9bde8e67 100644 (file)
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -51,7 +51,7 @@ public:
     ECCGOST=12,
     ECDSA256=13,
     ECDSA384=14,
-    EXPERIMENTALED25519=250
+    ED25519=15
   };
 
   struct KeyMetaData
@@ -91,7 +91,7 @@ public:
     if (!algorithm.compare("gost")) return ECCGOST;
     if (!algorithm.compare("ecdsa256")) return ECDSA256;
     if (!algorithm.compare("ecdsa384")) return ECDSA384;
-    if (!algorithm.compare("experimental-ed25519")) return EXPERIMENTALED25519;
+    if (!algorithm.compare("ed25519")) return ED25519;
     return -1;
   }
 
@@ -124,8 +124,8 @@ public:
         return "ECDSAP256SHA256";
       case ECDSA384:
         return "ECDSAP384SHA384";
-      case EXPERIMENTALED25519:
-        return "ED25519SHA512";
+      case ED25519:
+        return "ED25519";
       case 252:
         return "INDIRECT";
       case 253:

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 18549fe639af2333a508ca7d77f5bf5d93c3b268..6b059cc53d23b96137dcaa6bf8aa67ad0d1a1bf5 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -1991,7 +1991,7 @@ try
     cout<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|inactive]"<<endl;
     cout<<"             [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384";
 #ifdef HAVE_LIBSODIUM
-    cout<<"|experimental-ed25519";
+    cout<<"|ed25519";
 #endif
     cout<<"]"<<endl;
     cout<<"                                   Add a ZSK or KSK to zone and specify algo&bits"<<endl;
@@ -2827,7 +2827,7 @@ loadMainConfig(g_vm["config-dir"].as<string>());
       if(algorithm <= 10)
         bits = keyOrZone ? 2048 : 1024;
       else {
-        if(algorithm == 12 || algorithm == 13 || algorithm == 250) // ECDSA, GOST, ED25519
+        if(algorithm == 12 || algorithm == 13 || algorithm == 15) // ECDSA, GOST, ED25519
           bits = 256;
         else if(algorithm == 14)
           bits = 384;

diff --git a/pdns/sodiumsigners.cc b/pdns/sodiumsigners.cc
index 7c6d744dae6547b285002b40c049df7e1edd50c5..a937484aa4ca4cf2f0f26f3ad3152c685853c4c5 100644 (file)
--- a/pdns/sodiumsigners.cc
+++ b/pdns/sodiumsigners.cc
@@ -52,12 +52,12 @@ DNSCryptoKeyEngine::storvector_t SodiumED25519DNSCryptoKeyEngine::convertToISCVe
 {
   /*
     Private-key-format: v1.2
-    Algorithm: 250 (ED25519SHA512)
+    Algorithm: 15 (ED25519)
     PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
   */
 
   storvector_t storvector;
-  string algorithm = "250 (ED25519SHA512)";
+  string algorithm = "15 (ED25519)";
 
   storvector.push_back(make_pair("Algorithm", algorithm));
 
@@ -70,7 +70,7 @@ void SodiumED25519DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::
 {
   /*
     Private-key-format: v1.2
-    Algorithm: 250 (ED25519SHA512)
+    Algorithm: 15 (ED25519)
     PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
   */
 
@@ -146,7 +146,7 @@ struct LoaderSodiumStruct
 {
   LoaderSodiumStruct()
   {
-    DNSCryptoKeyEngine::report(250, &SodiumED25519DNSCryptoKeyEngine::maker);
+    DNSCryptoKeyEngine::report(15, &SodiumED25519DNSCryptoKeyEngine::maker);
   }
 } loadersodium;
 }

diff --git a/regression-tests.api/test_cryptokeys.py b/regression-tests.api/test_cryptokeys.py
index c5981def4bfb882ab678e662c95fadcbdf245c4c..cf249beaddff7287cceb6523d9f33ec9ac14f108 100644 (file)
--- a/regression-tests.api/test_cryptokeys.py
+++ b/regression-tests.api/test_cryptokeys.py
@@ -177,7 +177,7 @@ class Cryptokeys(ApiTestCase):
         self.assertIn("The algorithm does not support the given bit size.", r.json()['error'])
 
     def test_post_can_not_guess_key_size(self):
-        r = self.add_key(algo=15)
+        r = self.add_key(algo=17)
         self.assert_error_json(r)
         self.assertEquals(r.status_code,422)
         self.assertIn("Can not guess key size for algorithm", r.json()['error'])