On Fri, Jul 13, 2012 at 10:43 AM, Adam Portier <[email protected]> wrote:
> Hello. I am learning Python and specifically dnspython in order to write
> my own DNSSEC domain validator. I have run into an issue calculating the
> key tag value from a DNSKEY response. I was directed to RFC 4034 from a
> script I found on the web for an example in C for how to calculate the key
> tag from a wire representation of the record. I tried implementing the
> method myself and I am getting very different results than what are
> returned by drill or dnsviz.net. I am sure I am doing this wrong. Could
> someone assist me with a code snippet that takes a DNSKEY object and
> determines the key tag to be matched up against a corresponding DS record?
>
>
def key_tag(rdata):
'''Return the key_tag for the given DNSKEY rdata,
as specified in RFC 4034.'''
if rdata.algorithm == 1:
return struct.unpack('!H', rdata.key[-3:-1])[0]
key_str = struct.pack('!HBB', rdata.flags, rdata.protocol,
rdata.algorithm) + rdata.key
ac = 0
for i in range(len(key_str)):
b, = struct.unpack('B',key_str[i])
if i & 1:
ac += b
else:
ac += (b << 8)
ac += (ac >> 16) & 0xffff
return ac & 0xffff
_______________________________________________
dnspython-users mailing list
[email protected]
http://howl.play-bow.org/mailman/listinfo/dnspython-users
