Add correct DS key tag generation

app/models/dnskey.rb

@@ -10,6 +10,12 @@ class Dnskey < ActiveRecord::Base
 
   before_save -> { generate_digest if public_key_changed? && !ds_digest_changed? }
 
+  before_save lambda {
+    if (public_key_changed? || flags_changed? || alg_changed? || protocol_changed?) && !ds_key_tag_changed?
+      generate_ds_key_tag
+    end
+  }
+
   ALGORITHMS = %w(3 5 6 7 8 252 253 254 255)
   PROTOCOLS = %w(3)
   FLAGS = %w(0 256 257)
@@ -77,6 +83,23 @@ class Dnskey < ActiveRecord::Base
     self.class.bin_to_hex(Base64.decode64(public_key))
   end
 
+  def generate_ds_key_tag
+    public_key.gsub!(' ', '')
+    wire_format = [flags, protocol, alg].pack('S!>CC')
+    wire_format += Base64.decode64(public_key)
+
+    c = 0
+    wire_format.each_byte.with_index do |b, i|
+      if i.even?
+        c += b << 8
+      else
+        c += b
+      end
+    end
+
+    self.ds_key_tag = ((c & 0xFFFF) + (c >> 16)) & 0xFFFF
+  end
+
   class << self
     def int_to_hex(s)
       s = s.to_s(16)

app/models/domain.rb

@@ -258,8 +258,8 @@ class Domain < ActiveRecord::Base
     res = ''
     parts = name.split('.')
     parts.each do |x|
-      res += sprintf('%02X', x.length)
-      res += x.each_byte.map { |b| sprintf('%02X', b) }.join
+      res += sprintf('%02X', x.length) # length of label in hex
+      res += x.each_byte.map { |b| sprintf('%02X', b) }.join # label
     end
 
     res += '00'

app/models/epp/epp_domain.rb

@@ -198,7 +198,6 @@ class Epp::EppDomain < Domain
 
     dnssec_data[:key_data].each do |x|
       dnskeys.build({
-        ds_key_tag: SecureRandom.hex(5),
         ds_alg: 3,
         ds_digest_type: Setting.ds_algorithm
       }.merge(x))