Fix tsig -- needs testing
This commit is contained in:
parent
a6fee19f4c
commit
42ce4d3085
3
TODO
3
TODO
|
@ -10,11 +10,12 @@ Short term:
|
|||
|
||||
Issues:
|
||||
* Separation between dnssec and dns is arbitrary, why is tsig.go of package dns?
|
||||
* escaped dots in domain names: \.
|
||||
* quoted quotes in txt records
|
||||
* Better sized buffers
|
||||
* Check the network order, it works now, but this is on Intel
|
||||
* Make the testsuite work with public DNS servers
|
||||
* shortened ipv6 addresses are not parsed correctly (maybe net issue)
|
||||
* quoted quotes in txt records
|
||||
* Convenience functions?
|
||||
- for new(RR*)
|
||||
- nsupdate
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
// Package dnssec implements all client side DNSSEC function, like
|
||||
// validation, keytag and DS calculation.
|
||||
package dns
|
||||
|
||||
import (
|
||||
|
@ -81,7 +79,6 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
|||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
owner, ok1 := WireDomainName(k.Hdr.Name)
|
||||
if !ok1 {
|
||||
return nil
|
||||
|
@ -113,6 +110,11 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
|||
return ds
|
||||
}
|
||||
|
||||
// Generate the key material and return the private key part. Only
|
||||
// the key's algorithm field needs to be known
|
||||
func (k *RR_DNSKEY) Generate() *RR_DS {
|
||||
|
||||
}
|
||||
|
||||
// Validate an rrset with the signature and key. This is the
|
||||
// cryptographic test, the validity period most be check separately.
|
||||
|
|
12
tsig.go
12
tsig.go
|
@ -6,7 +6,9 @@ package dns
|
|||
import (
|
||||
"crypto/hmac"
|
||||
"strconv"
|
||||
"strings"
|
||||
"io"
|
||||
"encoding/hex"
|
||||
)
|
||||
|
||||
// Need to lookup the actual codes
|
||||
|
@ -17,7 +19,7 @@ const (
|
|||
|
||||
type RR_TSIG struct {
|
||||
Hdr RR_Header
|
||||
Algorithm string "domain-name"
|
||||
Algorithm string "domain-name"
|
||||
TimeSigned uint64
|
||||
Fudge uint16
|
||||
MACSize uint16
|
||||
|
@ -33,12 +35,12 @@ func (rr *RR_TSIG) Header() *RR_Header {
|
|||
}
|
||||
|
||||
func (rr *RR_TSIG) String() string {
|
||||
// It has no presentation format
|
||||
// It has no official presentation format
|
||||
return rr.Hdr.String() +
|
||||
" " + rr.Algorithm +
|
||||
" " + "<timesigned>" +
|
||||
" " + tsigTimeToDate(rr.TimeSigned) +
|
||||
" " + strconv.Itoa(int(rr.Fudge)) +
|
||||
" " + "<MAC>" +
|
||||
" " + strings.ToUpper(hex.EncodeToString([]byte(rr.MAC))) +
|
||||
" " + strconv.Itoa(int(rr.OrigId)) +
|
||||
" " + strconv.Itoa(int(rr.Error)) +
|
||||
" " + rr.OtherData
|
||||
|
@ -53,7 +55,7 @@ type tsig_generation_fmt struct {
|
|||
Class uint16
|
||||
Ttl uint32
|
||||
// Rdata of the TSIG
|
||||
Algorithm string "domain-name"
|
||||
Algorithm string "domain-name"
|
||||
TimeSigned uint64
|
||||
Fudge uint16
|
||||
// MACSize, MAC and OrigId excluded
|
||||
|
|
|
@ -3,6 +3,7 @@ package dns
|
|||
import (
|
||||
"testing"
|
||||
"fmt"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestTsig(t *testing.T) {
|
||||
|
@ -11,6 +12,8 @@ func TestTsig(t *testing.T) {
|
|||
tsig.Hdr.Rrtype = TypeTSIG
|
||||
tsig.Hdr.Class = ClassANY
|
||||
tsig.Hdr.Ttl = 0
|
||||
tsig.Fudge = 300
|
||||
tsig.TimeSigned = uint64(time.Seconds())
|
||||
|
||||
out := new(Msg)
|
||||
out.MsgHdr.RecursionDesired = true
|
||||
|
|
5
types.go
5
types.go
|
@ -538,8 +538,9 @@ func timeToDate(t uint32) string {
|
|||
// Translate the TSIG time signed into a date. There is no
|
||||
// need for RFC1982 calculations as this date is 48 bits
|
||||
func tsigTimeToDate(t uint64) string {
|
||||
// only use the lower 48 bits
|
||||
return "TODO"
|
||||
// only use the lower 48 bits, TODO(mg), check for 48 bit size
|
||||
ti := time.SecondsToUTC(int64(t))
|
||||
return ti.Format("20060102030405")
|
||||
}
|
||||
|
||||
// Map of constructors for each RR wire type.
|
||||
|
|
Loading…
Reference in New Issue