Second stab a DNSSEC validation

- still need: sorting, numOfLabels, wildcard handling
2010-12-28 10:40:20 +01:00 · 2010-12-28 10:40:20 +01:00 · 0cea39ac49
parent fc2373cd15
commit 0cea39ac49
2 changed files with 97 additions and 69 deletions
--- a/dnssec.go
+++ b/dnssec.go
@ -13,6 +13,8 @@ const (
 	year68 = 2 << (32 - 1)
 )

+type RRset []RR
+
 // Convert an DNSKEY record to a DS record.
 func (k *RR_DNSKEY) ToDS(hash int) *RR_DS {
 	ds := new(RR_DS)
@ -106,21 +108,38 @@ func (k *RR_DNSKEY) KeyTag() uint16 {

 // Validate an rrset with the signature and key. This is the
 // cryptographic test, the validity period most be check separately.
-func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
-        println(len(rrset))
+func (s *RR_RRSIG) Secure(rrset RRset, k *RR_DNSKEY) bool {
 	// Frist the easy checks
 	if s.KeyTag != k.KeyTag() {
+		println(s.KeyTag)
+		println(k.KeyTag())
 		return false
 	}
 	if s.Hdr.Class != k.Hdr.Class {
+		println("Class")
 		return false
 	}
 	if s.Algorithm != k.Algorithm {
+		println("Class")
 		return false
 	}
 	if s.SignerName != k.Hdr.Name {
+		println(s.SignerName)
+		println(k.Hdr.Name)
 		return false
 	}
+	for _, r := range rrset {
+		if r.Header().Class != s.Hdr.Class {
+			return false
+		}
+                if r.Header().Rrtype != s.TypeCovered {
+                        return false
+                }
+                // Number of labels. TODO(mg) add helper functions
+	}
+        // 5.3.2.  Reconstructing the Signed Data
+        // signed_data = RRSIG_RDATA | RR(1) | RR(2)...
+
 	return true
 }

@ -145,3 +164,9 @@ func timeToDate(t uint32) string {
 	return ti.Format("20060102030405")
 }

+// Sort an rrset
+func (RRset) Sort() []RR {
+        return nil
+}
+
+// Nr of labels
--- a/dnssec_test.go
+++ b/dnssec_test.go
@ -29,7 +29,7 @@ func TestSecure(t *testing.T) {
 	sig.Sig = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng="

 	key := new(RR_DNSKEY)
-	key.Hdr.Name = "miek.nl"
+	key.Hdr.Name = "miek.nl."
 	key.Hdr.Rrtype = TypeDNSKEY
 	key.Hdr.Class = ClassINET
 	key.Hdr.Ttl = 14400
@ -38,6 +38,9 @@ func TestSecure(t *testing.T) {
 	key.Algorithm = AlgRSASHA256
 	key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"

-        if sig.Secure([]RR{soa}, key) {
+        // It should validate, at least this month dec 2010
+        if ! sig.Secure([]RR{soa}, key) {
+                t.Log("Failure to validate")
+                t.Fail()
        }
 }