-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2.0.0
-
Component/s: Enforcer NG
-
Labels:None
-
Epic Link:
In kasp.proto:
message NSEC3 {
optional bool optout = 1 [(xml).path="OptOut"]; // opt out flag for nsec3
optional uint32 ttl = 2 [(xml).path="TTL", (xml).type=duration]; // ttl for nsec(3) rrs ?? not found in kasp.rnc
required uint32 resalt = 3 [(xml).path="Resalt", (xml).type=duration]; // re-salting interval
required uint32 algorithm = 4 [(xml).path="Hash/Algorithm"]; // algorithm 0..255
required uint32 iterations = 5 [(xml).path="Hash/Iterations"]; // iterations 0..65535
required uint32 saltlength = 6 [(xml).path="Hash/Salt/@length"];// nsec3 salt length 0..255
optional string salt = 7 [(xml).path="Hash/Salt"];// the actual salt is generated by the enforcer e.g. 0438eb9a93a6d6c5
optional uint32 salt_last_change = 8; // timestamp for when the last resalt took place
}
When exporting a kasp.xml file, the salt length should be exported, but not the actual value. However, if the xml.path attribute of the 'salt' string is removed, the salt tag is not exported at all, due to a bug in the xml export logic. So at the moment both the length and value are exported as this is the only option so the xml export needs to be fixes and then the definition should be changed. The policy regression tests should then also be updated!