Small signing tweaks
* Get more info from the rrset your are signing * Still todo, calculate publickey and keytag etc.
This commit is contained in:
parent
04884f4c2f
commit
3df903d6e6
19
dnssec.go
19
dnssec.go
|
@ -147,7 +147,7 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
|||
}
|
||||
|
||||
// Sign an RRSet. The Signature needs to be filled in with
|
||||
// all the values: Inception, Expiration, KeyTag and SignerName
|
||||
// the values: Inception, Expiration, KeyTag, SignerName and Algorithm.
|
||||
// The rest is copied from the RRset. Return true when the signing went OK.
|
||||
// The Signature data is the RRSIG is filled by this method.
|
||||
// There is no check if rrset is a proper (RFC 2181) RRSet.
|
||||
|
@ -155,18 +155,17 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset RRset) bool {
|
|||
if k == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
s.Hdr.Name = rrset[0].Header().Name
|
||||
s.Hdr.Class = rrset[0].Header().Class
|
||||
s.Hdr.Rrtype = TypeRRSIG
|
||||
s.Hdr.Ttl = rrset[0].Header().Ttl // re-use TTL of RRset
|
||||
|
||||
if s.KeyTag == 0 || len(s.SignerName) == 0 {
|
||||
// s.Inception and s.Expiration may be 0 (rollover etc.)
|
||||
if s.KeyTag == 0 || len(s.SignerName) == 0 || s.Algorithm == 0 {
|
||||
// Must be set
|
||||
return false
|
||||
}
|
||||
// Algorithm is check below
|
||||
// s.Inception and s.Expiration may be 0 (rollover etc.)
|
||||
|
||||
s.Hdr.Rrtype = TypeRRSIG
|
||||
s.Hdr.Name = rrset[0].Header().Name
|
||||
s.Hdr.Class = rrset[0].Header().Class
|
||||
s.Hdr.Ttl = rrset[0].Header().Ttl
|
||||
s.TypeCovered = rrset[0].Header().Rrtype
|
||||
s.Labels = LabelCount(rrset[0].Header().Name)
|
||||
s.TypeCovered = rrset[0].Header().Rrtype
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
"crypto/rsa"
|
||||
)
|
||||
|
@ -73,6 +74,7 @@ Activate: 20110109154937`
|
|||
k.Hdr.Rrtype = TypeDNSKEY
|
||||
k.Hdr.Class = ClassINET
|
||||
k.Hdr.Name = "miek.nl."
|
||||
k.Hdr.Ttl = 3600
|
||||
k.Protocol = 3
|
||||
k.Flags = 256
|
||||
p, _ := k.PrivateKeySetString(a)
|
||||
|
@ -88,4 +90,24 @@ Activate: 20110109154937`
|
|||
t.Log("Keytag should be 41946")
|
||||
t.Fail()
|
||||
}
|
||||
|
||||
soa := new(RR_SOA)
|
||||
soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}
|
||||
soa.Ns = "open.nlnetlabs.nl."
|
||||
soa.Mbox = "miekg.atoom.net."
|
||||
soa.Serial = 1293945905
|
||||
soa.Refresh = 14400
|
||||
soa.Retry = 3600
|
||||
soa.Expire = 604800
|
||||
soa.Minttl = 86400
|
||||
|
||||
sig := new(RR_RRSIG)
|
||||
sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
|
||||
sig.Expiration = 1296534305 // date -u '+%s' -d"2011-02-01 04:25:05"
|
||||
sig.Inception = 1293942305 // date -u '+%s' -d"2011-01-02 04:25:05"
|
||||
sig.KeyTag = k.KeyTag()
|
||||
sig.SignerName = k.Hdr.Name
|
||||
|
||||
sig.Sign(p, []RR{soa})
|
||||
fmt.Printf("%v\n%v\n%v\n", k, soa, sig)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue