From: Kees Monshouwer Date: Tue, 10 Jan 2017 15:04:22 +0000 (+0100) Subject: update Ed25519 algorithm number and mnemonic X-Git-Tag: auth-4.0.4-rc1~3^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a579b0ad7e0403a3d5629b95fc1aa16713aa474b;p=thirdparty%2Fpdns.git update Ed25519 algorithm number and mnemonic http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml --- diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc index f115e018bc..a62784fbe1 100644 --- a/pdns/dbdnsseckeeper.cc +++ b/pdns/dbdnsseckeeper.cc @@ -79,7 +79,7 @@ bool DNSSECKeeper::addKey(const DNSName& name, bool setSEPBit, int algorithm, in if(algorithm <= 10) throw runtime_error("Creating an algorithm " +std::to_string(algorithm)+" ("+algorithm2name(algorithm)+") key requires the size (in bits) to be passed"); else { - if(algorithm == 12 || algorithm == 13 || algorithm == 250) // GOST, ECDSAP256SHA256, ED25519SHA512 + if(algorithm == 12 || algorithm == 13 || algorithm == 15) // GOST, ECDSAP256SHA256, ED25519 bits = 256; else if(algorithm == 14) // ECDSAP384SHA384 bits = 384; diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index 54f6b8e79f..8a17cac035 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -236,7 +236,7 @@ pair DNSCryptoKeyEngine::testMakers(unsigned int alg unsigned int bits; if(algo <= 10) bits=1024; - else if(algo == 12 || algo == 13 || algo == 250) // ECC-GOST or ECDSAP256SHA256 or ED25519SHA512 + else if(algo == 12 || algo == 13 || algo == 15) // ECC-GOST or ECDSAP256SHA256 or ED25519 bits=256; else if(algo == 14) // ECDSAP384SHA384 bits = 384; diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index 38dbc56464..9c8582f3cf 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -51,7 +51,7 @@ public: ECCGOST=12, ECDSA256=13, ECDSA384=14, - EXPERIMENTALED25519=250 + ED25519=15 }; struct KeyMetaData @@ -91,7 +91,7 @@ public: if (!algorithm.compare("gost")) return ECCGOST; if (!algorithm.compare("ecdsa256")) return ECDSA256; if (!algorithm.compare("ecdsa384")) return ECDSA384; - if (!algorithm.compare("experimental-ed25519")) return EXPERIMENTALED25519; + if (!algorithm.compare("ed25519")) return ED25519; return -1; } @@ -124,8 +124,8 @@ public: return "ECDSAP256SHA256"; case ECDSA384: return "ECDSAP384SHA384"; - case EXPERIMENTALED25519: - return "ED25519SHA512"; + case ED25519: + return "ED25519"; case 252: return "INDIRECT"; case 253: diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index c62e1edc43..88d58558df 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -1910,7 +1910,7 @@ try cout<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|inactive]"<()); if(algorithm <= 10) bits = keyOrZone ? 2048 : 1024; else { - if(algorithm == 12 || algorithm == 13 || algorithm == 250) // ECDSA, GOST, ED25519 + if(algorithm == 12 || algorithm == 13 || algorithm == 15) // ECDSA, GOST, ED25519 bits = 256; else if(algorithm == 14) bits = 384; diff --git a/pdns/sodiumsigners.cc b/pdns/sodiumsigners.cc index 7c6d744dae..a937484aa4 100644 --- a/pdns/sodiumsigners.cc +++ b/pdns/sodiumsigners.cc @@ -52,12 +52,12 @@ DNSCryptoKeyEngine::storvector_t SodiumED25519DNSCryptoKeyEngine::convertToISCVe { /* Private-key-format: v1.2 - Algorithm: 250 (ED25519SHA512) + Algorithm: 15 (ED25519) PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ= */ storvector_t storvector; - string algorithm = "250 (ED25519SHA512)"; + string algorithm = "15 (ED25519)"; storvector.push_back(make_pair("Algorithm", algorithm)); @@ -70,7 +70,7 @@ void SodiumED25519DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std:: { /* Private-key-format: v1.2 - Algorithm: 250 (ED25519SHA512) + Algorithm: 15 (ED25519) PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ= */ @@ -146,7 +146,7 @@ struct LoaderSodiumStruct { LoaderSodiumStruct() { - DNSCryptoKeyEngine::report(250, &SodiumED25519DNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(15, &SodiumED25519DNSCryptoKeyEngine::maker); } } loadersodium; }