diff --git a/dnskey_test.go b/dnskey_test.go new file mode 100644 index 00000000..9e015f3a --- /dev/null +++ b/dnskey_test.go @@ -0,0 +1,53 @@ +package dns + +import ( + "testing" + "fmt" +) + +func TestDnskey(t *testing.T) { + return + // This key was generate with LDNS: + // ldns-keygen -a RSASHA256 -r /dev/urandom -b 1024 miek.nl + // Show that we have al the RSA parameters and can check them + // here to see what I came up with + key := new(RR_DNSKEY) + key.Hdr.Name = "miek.nl." + key.Hdr.Rrtype = TypeDNSKEY + key.Hdr.Class = ClassINET + key.Hdr.Ttl = 3600 + key.Flags = 256 + key.Protocol = 3 + key.Algorithm = AlgRSASHA256 + key.PubKey = "AwEAAcELcuxHosJX3LjbR6EFzsqI3mKivwvO6Y5Kzt/OXYmLQUI8tnOrX9ilT/0qGraxoONayVX3A6bl1pG3h/xOxVEGcJGqbrZnhr2+4S9tW2GWQwevV+NhinE7v6MCCCheVCnAPh0KFb/u14ng3DQizP1spBU/NoAN31l678snBpZX" + fmt.Printf("%v\n", key) + + soa := new(RR_SOA) + soa.Hdr = RR_Header{"Miek.nl.", TypeSOA, ClassINET, 875, 0} + soa.Ns = "open.nlnetlabs.nl." + soa.Mbox = "miekg.atoom.net." + soa.Serial = 1293513905 + soa.Refresh = 14400 + soa.Retry = 3600 + soa.Expire = 604800 + soa.Minttl = 86400 + + sig := new(RR_RRSIG) + sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0} + sig.TypeCovered = TypeSOA + sig.Algorithm = AlgRSASHA256 + sig.Labels = 2 + sig.Expiration = 1296098705 // date '+%s' -d"2011-01-27 04:25:05 + sig.Inception = 1293506705 + sig.OrigTtl = 14400 + //sig.KeyTag = 12051 + sig.KeyTag = 12273 //faked + sig.SignerName = "miek.nl." + sig.Signature = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng=" + + sig.Verify(key, []RR{soa}) + + // From Kmiek.nl*.private + openssl := "135560614087352210480379313279722604826647214111257577861451621491284835543707521986085999189597017237768514876957888744370440811423088511394629855684615382349190289731989185193184712980579812986523080792122141528583964882610028199770199112837017606561901919812183422914622295620927795008308854924436086101591" + println("OPENSSL key: what should be is: ",openssl) +} diff --git a/dnssec_test.go b/dnssec_test.go new file mode 100644 index 00000000..9c8750b4 --- /dev/null +++ b/dnssec_test.go @@ -0,0 +1,51 @@ +package dns + +import ( + "testing" + "fmt" + "os" +) + +func TestSecure(t *testing.T) { +// once this was valid + soa := new(RR_SOA) + soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0} + soa.Ns = "open.nlnetlabs.nl." + soa.Mbox = "miekg.atoom.net." + soa.Serial = 1293945905 + soa.Refresh = 14400 + soa.Retry = 3600 + soa.Expire = 604800 + soa.Minttl = 86400 + + sig := new(RR_RRSIG) + sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0} + sig.TypeCovered = TypeSOA + sig.Algorithm = AlgRSASHA256 + sig.Labels = 2 + // UTC LUL! + sig.Expiration = 1296534305 // date -u '+%s' -d"2011-02-01 04:25:05" + sig.Inception = 1293942305 // date -u '+%s' -d"2011-01-02 04:25:05" + sig.OrigTtl = 14400 + sig.KeyTag = 12051 + sig.SignerName = "miek.nl." + sig.Signature = "oMCbslaAVIp/8kVtLSms3tDABpcPRUgHLrOR48OOplkYo+8TeEGWwkSwaz/MRo2fB4FxW0qj/hTlIjUGuACSd+b1wKdH5GvzRJc2pFmxtCbm55ygAh4EUL0F6U5cKtGJGSXxxg6UFCQ0doJCmiGFa78LolaUOXImJrk6AFrGa0M=" + + key := new(RR_DNSKEY) + key.Hdr.Name = "miek.nl." + key.Hdr.Class = ClassINET + key.Hdr.Ttl = 14400 + key.Flags = 256 + key.Protocol = 3 + key.Algorithm = AlgRSASHA256 + key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz" + + fmt.Fprintf(os.Stderr, "%v\n%v\n", sig, soa) + // It should validate. Period is checked seperately, so this will keep on working + if ! sig.Verify(key, []RR{soa}) { + t.Log("Failure to validate") + t.Fail() + } else { + println("It validates!!") + } +} diff --git a/ds_test.go b/ds_test.go new file mode 100644 index 00000000..f2f71b86 --- /dev/null +++ b/ds_test.go @@ -0,0 +1,24 @@ +package dns + +import ( + "testing" + "strings" +) + +func TestKeyToDS(t *testing.T) { + key := new(RR_DNSKEY) + key.Hdr.Name = "miek.nl" + key.Hdr.Rrtype = TypeDNSKEY + key.Hdr.Class = ClassINET + key.Hdr.Ttl = 3600 + key.Flags = 256 + key.Protocol = 3 + key.Algorithm = AlgRSASHA256 + key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz" + + ds := key.ToDS(HashSHA1) + if strings.ToUpper(ds.Digest) != "B5121BDB5B8D86D0CC5FFAFBAAABE26C3E20BAC1" { + t.Logf("Wrong DS digest for Sha1\n%v\n", ds) + t.Fail() + } +} diff --git a/keytag_test.go b/keytag_test.go new file mode 100644 index 00000000..d131f6b6 --- /dev/null +++ b/keytag_test.go @@ -0,0 +1,24 @@ +package dns + +import ( + "testing" +) + +func TestTag(t *testing.T) { + key := new(RR_DNSKEY) + key.Hdr.Name = "miek.nl." + key.Hdr.Rrtype = TypeDNSKEY + key.Hdr.Class = ClassINET + key.Hdr.Ttl = 3600 + key.Flags = 256 + key.Protocol = 3 + key.Algorithm = AlgRSASHA256 + key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz" + + tag := key.KeyTag() + if tag != 12051 { + t.Logf("%v\n", key) + t.Logf("Wrong key tag: %d\n", tag) + t.Fail() + } +} diff --git a/signature_test.go b/signature_test.go new file mode 100644 index 00000000..5aeabed4 --- /dev/null +++ b/signature_test.go @@ -0,0 +1,34 @@ +package dns + +import ( + "testing" +) + +func TestSignature(t *testing.T) { + sig := new(RR_RRSIG) + sig.Hdr.Name = "miek.nl." + sig.Hdr.Class = ClassINET + sig.Hdr.Ttl = 3600 + sig.TypeCovered = TypeDNSKEY + sig.Algorithm = AlgRSASHA1 + sig.Labels = 2 + sig.OrigTtl = 4000 + sig.Expiration = 1000 //Thu Jan 1 02:06:40 CET 1970 + sig.Inception = 800 //Thu Jan 1 01:13:20 CET 1970 + sig.KeyTag = 34641 + sig.SignerName = "miek.nl." + sig.Signature = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ" + + // Should not be valid + if sig.PeriodOK() { + t.Log("Should not be valid") + t.Fail() + } + + sig.Inception = 315565800 //Tue Jan 1 10:10:00 CET 1980 + sig.Expiration = 4102477800 //Fri Jan 1 10:10:00 CET 2100 + if !sig.PeriodOK() { + t.Log("Should be valid") + t.Fail() + } +}