From: Mark Andrews <marka@isc.org>
Date: Wed, 14 May 2025 22:47:39 +0000 (+1000)
Subject: Add example PRIVATEDNS algorithm identifiers to DS
X-Git-Tag: v9.21.10~47^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92393f3c97a7b473a043401a25f6074bb7cbc9ba;p=thirdparty%2Fbind9.git

Add example PRIVATEDNS algorithm identifiers to DS
---

diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index e3d70827066..5e52548d296 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -2704,6 +2704,19 @@ dst_algorithm_tosecalg(dst_algorithm_t dst_alg) {
 	return 0;
 }
 
+#if TEST_PRIVATEDNS
+/*
+ * These are examples of specifying an algorithm using
+ * PRIVATEDNS. When creating such an algorithm, use your
+ * organisation's domain name instead of "example.org"
+ * so the identifier will be globally unique.
+ */
+static unsigned char rsasha256dns_data[] = "\011rsasha256\007example\003org";
+static dns_name_t const rsasha256dns = DNS_NAME_INITABSOLUTE(rsasha256dns_data);
+static unsigned char rsasha512dns_data[] = "\011rsasha512\007example\003org";
+static dns_name_t const rsasha512dns = DNS_NAME_INITABSOLUTE(rsasha512dns_data);
+#endif
+
 dst_algorithm_t
 dst_algorithm_fromprivatedns(isc_buffer_t *buffer) {
 	dns_fixedname_t fixed;
@@ -2718,6 +2731,27 @@ dst_algorithm_fromprivatedns(isc_buffer_t *buffer) {
 	/*
 	 * Do name to dst_algorithm number mapping here.
 	 */
+	switch (name->length) {
+#if TEST_PRIVATEDNS
+	case 23:
+		switch (name->ndata[7]) {
+		case '2':
+			if (dns_name_equal(name, &rsasha256dns)) {
+				return DST_ALG_RSASHA256PRIVATEDNS;
+			}
+			break;
+		case '5':
+			if (dns_name_equal(name, &rsasha512dns)) {
+				return DST_ALG_RSASHA512PRIVATEDNS;
+			}
+			break;
+		}
+		break;
+#endif
+	default:
+		break;
+	}
+
 	return 0;
 }