diff --git a/include/dnssec_tests.hrl b/include/dnssec_tests.hrl index fb3e187..a49481b 100644 --- a/include/dnssec_tests.hrl +++ b/include/dnssec_tests.hrl @@ -218,9 +218,8 @@ test_sample_key(dsa, PrivKey, PubKey) -> crypto:verify(dss, sha, Sample, Sig, PubKey); test_sample_key(rsa, PrivKey, PubKey) -> Sample = <<"1234">>, - Signature = crypto:sign(rsa, sha, Sample, PrivKey, [{rsa_padding, rsa_pkcs1_padding}]), - crypto:verify(rsa, sha, Sample, Signature, PubKey, [{rsa_padding, rsa_pkcs1_padding}]). - + Cipher = crypto:sign(rsa, none, Sample, PrivKey, [{rsa_padding, rsa_pkcs1_padding}]), + true =:= crypto:verify(rsa, none, Sample, Cipher, PubKey, [{rsa_padding, rsa_pkcs1_padding}]). dnskey_pubkey_gen_test_() -> [ diff --git a/src/dnssec.erl b/src/dnssec.erl index 1c9a195..e886663 100644 --- a/src/dnssec.erl +++ b/src/dnssec.erl @@ -420,7 +420,7 @@ sign_rrset( -> crypto:sign( rsa, - dns_algo_to_digest_type(Alg), + none, BaseSigInput, Key, [{rsa_padding, rsa_pkcs1_padding}] @@ -505,7 +505,12 @@ verify_rrsig( -> try crypto:verify( - rsa, dns_algo_to_digest_type(Alg), SigInput, Sig, Key, [{rsa_padding, rsa_pkcs1_padding}] + rsa, + none, + SigInput, + Sig, + Key, + [{rsa_padding, rsa_pkcs1_padding}] ) catch error:decrypt_failed -> undefined @@ -517,11 +522,6 @@ verify_rrsig( ) end. -dns_algo_to_digest_type(?DNS_ALG_NSEC3RSASHA1) -> sha; -dns_algo_to_digest_type(?DNS_ALG_RSASHA1) -> sha; -dns_algo_to_digest_type(?DNS_ALG_RSASHA256) -> sha256; -dns_algo_to_digest_type(?DNS_ALG_RSASHA512) -> sha512. - build_sig_input( SignersName, KeyTag,