From 11f0b2685e233c87adb20134c732c17013699291 Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Thu, 4 Dec 2014 12:56:10 +0200
Subject: [PATCH] Add correct DS key tag generation

---
 app/models/dnskey.rb         | 23 +++++++++++++++++++++++
 app/models/domain.rb         |  4 ++--
 app/models/epp/epp_domain.rb |  1 -
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb
index 2197c06fd..de4e23004 100644
--- a/app/models/dnskey.rb
+++ b/app/models/dnskey.rb
@@ -10,6 +10,12 @@ class Dnskey < ActiveRecord::Base
 
   before_save -> { generate_digest if public_key_changed? && !ds_digest_changed? }
 
+  before_save lambda {
+    if (public_key_changed? || flags_changed? || alg_changed? || protocol_changed?) && !ds_key_tag_changed?
+      generate_ds_key_tag
+    end
+  }
+
   ALGORITHMS = %w(3 5 6 7 8 252 253 254 255)
   PROTOCOLS = %w(3)
   FLAGS = %w(0 256 257)
@@ -77,6 +83,23 @@ class Dnskey < ActiveRecord::Base
     self.class.bin_to_hex(Base64.decode64(public_key))
   end
 
+  def generate_ds_key_tag
+    public_key.gsub!(' ', '')
+    wire_format = [flags, protocol, alg].pack('S!>CC')
+    wire_format += Base64.decode64(public_key)
+
+    c = 0
+    wire_format.each_byte.with_index do |b, i|
+      if i.even?
+        c += b << 8
+      else
+        c += b
+      end
+    end
+
+    self.ds_key_tag = ((c & 0xFFFF) + (c >> 16)) & 0xFFFF
+  end
+
   class << self
     def int_to_hex(s)
       s = s.to_s(16)
diff --git a/app/models/domain.rb b/app/models/domain.rb
index 86bd23891..85f9d99d6 100644
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@@ -258,8 +258,8 @@ class Domain < ActiveRecord::Base
     res = ''
     parts = name.split('.')
     parts.each do |x|
-      res += sprintf('%02X', x.length)
-      res += x.each_byte.map { |b| sprintf('%02X', b) }.join
+      res += sprintf('%02X', x.length) # length of label in hex
+      res += x.each_byte.map { |b| sprintf('%02X', b) }.join # label
     end
 
     res += '00'
diff --git a/app/models/epp/epp_domain.rb b/app/models/epp/epp_domain.rb
index ea768824a..139700f98 100644
--- a/app/models/epp/epp_domain.rb
+++ b/app/models/epp/epp_domain.rb
@@ -198,7 +198,6 @@ class Epp::EppDomain < Domain
 
     dnssec_data[:key_data].each do |x|
       dnskeys.build({
-        ds_key_tag: SecureRandom.hex(5),
         ds_alg: 3,
         ds_digest_type: Setting.ds_algorithm
       }.merge(x))