From ea1fc5c47b1e242eaa43483a00bbb5922c4ad2d3 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 2 Sep 2024 17:48:22 +0200
Subject: [PATCH] Change dnssec-ksr key sorting

Sort keys on algorithm, then keytag. This is more convenient for
testing.
---
 bin/dnssec/dnssec-ksr.c                | 10 +++++++---
 bin/tests/system/ksr/ns1/named.conf.in |  4 ++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/bin/dnssec/dnssec-ksr.c b/bin/dnssec/dnssec-ksr.c
index ea4d3e729e..9919fd4210 100644
--- a/bin/dnssec/dnssec-ksr.c
+++ b/bin/dnssec/dnssec-ksr.c
@@ -182,10 +182,14 @@ getkasp(ksr_ctx_t *ksr, dns_kasp_t **kasp) {
 }
 
 static int
-keytag_cmp(const void *k1, const void *k2) {
+keyalgtag_cmp(const void *k1, const void *k2) {
 	dns_dnsseckey_t **key1 = (dns_dnsseckey_t **)k1;
 	dns_dnsseckey_t **key2 = (dns_dnsseckey_t **)k2;
-	if (dst_key_id((*key1)->key) < dst_key_id((*key2)->key)) {
+	if (dst_key_alg((*key1)->key) < dst_key_alg((*key2)->key)) {
+		return (-1);
+	} else if (dst_key_alg((*key1)->key) > dst_key_alg((*key2)->key)) {
+		return (1);
+	} else if (dst_key_id((*key1)->key) < dst_key_id((*key2)->key)) {
 		return (-1);
 	} else if (dst_key_id((*key1)->key) > dst_key_id((*key2)->key)) {
 		return (1);
@@ -220,7 +224,7 @@ get_dnskeys(ksr_ctx_t *ksr, dns_dnsseckeylist_t *keys) {
 	{
 		keys_sorted[i] = dk;
 	}
-	qsort(keys_sorted, n, sizeof(dns_dnsseckey_t *), keytag_cmp);
+	qsort(keys_sorted, n, sizeof(dns_dnsseckey_t *), keyalgtag_cmp);
 	while (!ISC_LIST_EMPTY(keys_read)) {
 		dns_dnsseckey_t *key = ISC_LIST_HEAD(keys_read);
 		ISC_LIST_UNLINK(keys_read, key, link);
diff --git a/bin/tests/system/ksr/ns1/named.conf.in b/bin/tests/system/ksr/ns1/named.conf.in
index 9cd4ed6725..75710b42dc 100644
--- a/bin/tests/system/ksr/ns1/named.conf.in
+++ b/bin/tests/system/ksr/ns1/named.conf.in
@@ -79,9 +79,9 @@ dnssec-policy "no-cds" {
 dnssec-policy "two-tone" {
 	offline-ksk yes;
 	keys {
-		ksk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
 		ksk lifetime unlimited algorithm @ALTERNATIVE_ALGORITHM@;
-		zsk lifetime P3M algorithm @DEFAULT_ALGORITHM@;
 		zsk lifetime P5M algorithm @ALTERNATIVE_ALGORITHM@;
+		ksk lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
+		zsk lifetime P3M algorithm @DEFAULT_ALGORITHM@;
 	};
 };