From 6b092311123d1d4342f5f4cf2b30a39f9222c01b Mon Sep 17 00:00:00 2001 From: Brian Wellington Date: Fri, 20 Mar 2020 14:40:04 -0700 Subject: [PATCH] Add support for SHA-384 DS records. --- dns/dnssec.py | 3 +++ tests/test_dnssec.py | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/dns/dnssec.py b/dns/dnssec.py index 69c266d9..055e47ad 100644 --- a/dns/dnssec.py +++ b/dns/dnssec.py @@ -191,6 +191,9 @@ def make_ds(name, key, algorithm, origin=None): elif algorithm.upper() == 'SHA256': dsalg = 2 dshash = hashlib.sha256() + elif algorithm.upper() == 'SHA384': + dsalg = 4 + dshash = hashlib.sha384() else: raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm) diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py index 24ec2d26..16ad37de 100644 --- a/tests/test_dnssec.py +++ b/tests/test_dnssec.py @@ -112,6 +112,9 @@ example_ds_sha1 = dns.rdata.from_text(dns.rdataclass.IN, dns.rdatatype.DS, example_ds_sha256 = dns.rdata.from_text(dns.rdataclass.IN, dns.rdatatype.DS, '18673 3 2 eb8344cbbf07c9d3d3d6c81d10c76653e28d8611a65e639ef8f716e4e4e5d913') +example_ds_sha384 = dns.rdata.from_text(dns.rdataclass.IN, dns.rdatatype.DS, + '18673 3 4 61ab241025c5f88d2537be04dcfba96f952adaefe0b382ecbc4108c97b75768c9e99fd16caed2a09634c51e8089fb84f') + when3 = 1379801800 abs_ecdsa256_keys = { @@ -304,6 +307,10 @@ class DNSSECMakeDSTestCase(unittest.TestCase): ds = dns.dnssec.make_ds(abs_example, example_sep_key, 'SHA256') self.assertEqual(ds, example_ds_sha256) + def testMakeExampleSHA384DS(self): # type: () -> None + ds = dns.dnssec.make_ds(abs_example, example_sep_key, 'SHA384') + self.assertEqual(ds, example_ds_sha384) + def testMakeSHA256DS(self): # type: () -> None ds = dns.dnssec.make_ds(abs_dnspython_org, sep_key, 'SHA256') self.assertEqual(ds, good_ds) -- 2.47.3