tsig generation; first stab
This commit is contained in:
parent
b2e9fc8d84
commit
1b39853f03
6
TODO
6
TODO
|
@ -2,8 +2,7 @@ Todo:
|
|||
Short term:
|
||||
* NSEC(3) secure denial of existence, support the type bitmap
|
||||
- need base32 for Nsec3
|
||||
* TKEY -- RFC 2930 - validation
|
||||
* TSIG -- RFC 4635 - validation
|
||||
* TSIG
|
||||
* Parsing from strings
|
||||
* Server support
|
||||
* Key generation
|
||||
|
@ -19,7 +18,8 @@ Issues:
|
|||
- for new(RR*)
|
||||
- nsupdate
|
||||
* query-time, server in string ouput of dns.Msg
|
||||
- DnsMsg when doing resolver querying
|
||||
- DnsMsg when doing resolver querying, extend msg...?
|
||||
--
|
||||
|
||||
Port over from LDNS:
|
||||
* ldns-rrsig
|
||||
|
|
24
msg.go
24
msg.go
|
@ -242,12 +242,19 @@ func packStructValue(val *reflect.StructValue, msg []byte, off int) (off1 int, o
|
|||
switch fv := val.Field(i).(type) {
|
||||
default:
|
||||
BadType:
|
||||
fmt.Fprintf(os.Stderr, "net: dns: unknown packing type %v\n", f.Type)
|
||||
fmt.Fprintf(os.Stderr, "dns: unknown packing type %v\n", f.Type)
|
||||
return len(msg), false
|
||||
case *reflect.ArrayValue:
|
||||
switch f.Tag {
|
||||
default:
|
||||
fmt.Fprintf(os.Stderr, "dns: unknown IP tag %v", f.Tag)
|
||||
return len(msg), false
|
||||
case "TSIG":
|
||||
}
|
||||
case *reflect.SliceValue:
|
||||
switch f.Tag {
|
||||
default:
|
||||
fmt.Fprintf(os.Stderr, "net: dns: unknown IP tag %v\n", f.Tag)
|
||||
fmt.Fprintf(os.Stderr, ": dns: unknown IP tag %v\n", f.Tag)
|
||||
return len(msg), false
|
||||
case "OPT": // edns
|
||||
for j := 0; j < val.Field(i).(*reflect.SliceValue).Len(); j++ {
|
||||
|
@ -380,12 +387,19 @@ func unpackStructValue(val *reflect.StructValue, msg []byte, off int) (off1 int,
|
|||
switch fv := val.Field(i).(type) {
|
||||
default:
|
||||
BadType:
|
||||
fmt.Fprintf(os.Stderr, "net: dns: unknown packing type %v", f.Type)
|
||||
fmt.Fprintf(os.Stderr, "dns: unknown packing type %v", f.Type)
|
||||
return len(msg), false
|
||||
case *reflect.ArrayValue:
|
||||
switch f.Tag {
|
||||
default:
|
||||
fmt.Fprintf(os.Stderr, "dns: unknown IP tag %v", f.Tag)
|
||||
return len(msg), false
|
||||
case "TSIG":
|
||||
}
|
||||
case *reflect.SliceValue:
|
||||
switch f.Tag {
|
||||
default:
|
||||
fmt.Fprintf(os.Stderr, "net: dns: unknown IP tag %v", f.Tag)
|
||||
fmt.Fprintf(os.Stderr, "dns: unknown IP tag %v", f.Tag)
|
||||
return len(msg), false
|
||||
case "A":
|
||||
if off+net.IPv4len > len(msg) {
|
||||
|
@ -450,7 +464,7 @@ func unpackStructValue(val *reflect.StructValue, msg []byte, off int) (off1 int,
|
|||
var s string
|
||||
switch f.Tag {
|
||||
default:
|
||||
fmt.Fprintf(os.Stderr, "net: dns: unknown string tag %v", f.Tag)
|
||||
fmt.Fprintf(os.Stderr, "dns: unknown string tag %v", f.Tag)
|
||||
return len(msg), false
|
||||
case "hex":
|
||||
// Rest of the RR is hex encoded, network order an issue here?
|
||||
|
|
39
tsig.go
39
tsig.go
|
@ -1,5 +1,16 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"io"
|
||||
)
|
||||
|
||||
// Need to lookup the actual codes
|
||||
const (
|
||||
HmacMD5 = iota
|
||||
HmacSHA1
|
||||
)
|
||||
|
||||
// The following values must be put in wireformat, so that
|
||||
// the MAC can be calculated
|
||||
// RFC 2845, section 3.4.2. TSIG Variables
|
||||
|
@ -9,8 +20,8 @@ type tsig_generation_fmt struct {
|
|||
Class uint16
|
||||
Ttl uint32
|
||||
// Rdata of the TSIG
|
||||
Algorithm string "domain-name"
|
||||
TimeSigned [3]uint16
|
||||
Algorithm string "domain-name"
|
||||
TimeSigned [3]uint16 "TSIG"
|
||||
Fudge uint16
|
||||
// MACSize, MAC and OrigId excluded
|
||||
Error uint16
|
||||
|
@ -18,7 +29,9 @@ type tsig_generation_fmt struct {
|
|||
OtherData string
|
||||
}
|
||||
|
||||
func (rr *RR_TSIG) GenerateMAC() bool {
|
||||
// Generate the HMAC for msg. The TSIG RR is modified
|
||||
// to include the MAC and MACSize
|
||||
func (rr *RR_TSIG) GenerateMAC(msg *Msg, secret string) bool {
|
||||
buf := make([]byte, 2048) // TODO(mg) bufsize!
|
||||
tsigbuf := new(tsig_generation_fmt)
|
||||
|
||||
|
@ -26,12 +39,18 @@ func (rr *RR_TSIG) GenerateMAC() bool {
|
|||
tsigbuf.Name = rr.Header().Name
|
||||
tsigbuf.Class = rr.Header().Class
|
||||
tsigbuf.Ttl = rr.Header().Ttl
|
||||
tsigbuf.Algorithm = rr.Algorithm
|
||||
tsigbuf.TimeSigned = rr.TimeSigned
|
||||
tsigbuf.Fudge = rr.Fudge
|
||||
tsigbuf.Error = rr.Error
|
||||
tsigbuf.OtherLen = rr.OtherLen
|
||||
tsigbuf.OtherData = rr.OtherData
|
||||
packStruct(tsigbuf, buf, 0)
|
||||
tsigbuf.Algorithm = rr.Algorithm
|
||||
tsigbuf.TimeSigned = rr.TimeSigned
|
||||
tsigbuf.Fudge = rr.Fudge
|
||||
tsigbuf.Error = rr.Error
|
||||
tsigbuf.OtherLen = rr.OtherLen
|
||||
tsigbuf.OtherData = rr.OtherData
|
||||
packStruct(tsigbuf, buf, 0)
|
||||
//func NewMD5(key []byte) hash.Hash
|
||||
hmac := hmac.NewMD5([]byte(secret))
|
||||
io.WriteString(hmac, string(buf))
|
||||
rr.MAC = string(hmac.Sum())
|
||||
rr.MACSize = uint16(len(rr.MAC))
|
||||
|
||||
return true
|
||||
}
|
||||
|
|
4
types.go
4
types.go
|
@ -527,11 +527,11 @@ func (rr *RR_TKEY) String() string {
|
|||
type RR_TSIG struct {
|
||||
Hdr RR_Header
|
||||
Algorithm string "domain-name"
|
||||
TimeSigned [3]uint16
|
||||
TimeSigned [3]uint16 "TSIG"
|
||||
Fudge uint16
|
||||
MACSize uint16
|
||||
OrigId uint16 // msg id
|
||||
MAC string
|
||||
OrigId uint16 // msg id
|
||||
Error uint16
|
||||
OtherLen uint16
|
||||
OtherData string
|
||||
|
|
Loading…
Reference in New Issue