From 42ce4d30856114a2d687ea687c949e286d5b019e Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Sun, 9 Jan 2011 15:54:23 +0100 Subject: [PATCH] Fix tsig -- needs testing --- TODO | 3 ++- dnssec.go | 8 +++++--- tsig.go | 12 +++++++----- tsig_test.go | 3 +++ types.go | 5 +++-- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/TODO b/TODO index 8c443a6f..94639c08 100644 --- a/TODO +++ b/TODO @@ -10,11 +10,12 @@ Short term: Issues: * Separation between dnssec and dns is arbitrary, why is tsig.go of package dns? +* escaped dots in domain names: \. +* quoted quotes in txt records * Better sized buffers * Check the network order, it works now, but this is on Intel * Make the testsuite work with public DNS servers * shortened ipv6 addresses are not parsed correctly (maybe net issue) -* quoted quotes in txt records * Convenience functions? - for new(RR*) - nsupdate diff --git a/dnssec.go b/dnssec.go index 3ff07fbc..1996bf3b 100644 --- a/dnssec.go +++ b/dnssec.go @@ -1,5 +1,3 @@ -// Package dnssec implements all client side DNSSEC function, like -// validation, keytag and DS calculation. package dns import ( @@ -81,7 +79,6 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS { if !ok { return nil } - owner, ok1 := WireDomainName(k.Hdr.Name) if !ok1 { return nil @@ -113,6 +110,11 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS { return ds } +// Generate the key material and return the private key part. Only +// the key's algorithm field needs to be known +func (k *RR_DNSKEY) Generate() *RR_DS { + +} // Validate an rrset with the signature and key. This is the // cryptographic test, the validity period most be check separately. diff --git a/tsig.go b/tsig.go index bd8f0d8d..3751f8ee 100644 --- a/tsig.go +++ b/tsig.go @@ -6,7 +6,9 @@ package dns import ( "crypto/hmac" "strconv" + "strings" "io" + "encoding/hex" ) // Need to lookup the actual codes @@ -17,7 +19,7 @@ const ( type RR_TSIG struct { Hdr RR_Header - Algorithm string "domain-name" + Algorithm string "domain-name" TimeSigned uint64 Fudge uint16 MACSize uint16 @@ -33,12 +35,12 @@ func (rr *RR_TSIG) Header() *RR_Header { } func (rr *RR_TSIG) String() string { - // It has no presentation format + // It has no official presentation format return rr.Hdr.String() + " " + rr.Algorithm + - " " + "" + + " " + tsigTimeToDate(rr.TimeSigned) + " " + strconv.Itoa(int(rr.Fudge)) + - " " + "" + + " " + strings.ToUpper(hex.EncodeToString([]byte(rr.MAC))) + " " + strconv.Itoa(int(rr.OrigId)) + " " + strconv.Itoa(int(rr.Error)) + " " + rr.OtherData @@ -53,7 +55,7 @@ type tsig_generation_fmt struct { Class uint16 Ttl uint32 // Rdata of the TSIG - Algorithm string "domain-name" + Algorithm string "domain-name" TimeSigned uint64 Fudge uint16 // MACSize, MAC and OrigId excluded diff --git a/tsig_test.go b/tsig_test.go index f7fe6d42..82f554ec 100644 --- a/tsig_test.go +++ b/tsig_test.go @@ -3,6 +3,7 @@ package dns import ( "testing" "fmt" + "time" ) func TestTsig(t *testing.T) { @@ -11,6 +12,8 @@ func TestTsig(t *testing.T) { tsig.Hdr.Rrtype = TypeTSIG tsig.Hdr.Class = ClassANY tsig.Hdr.Ttl = 0 + tsig.Fudge = 300 + tsig.TimeSigned = uint64(time.Seconds()) out := new(Msg) out.MsgHdr.RecursionDesired = true diff --git a/types.go b/types.go index 1777f94f..7c28b2ed 100644 --- a/types.go +++ b/types.go @@ -538,8 +538,9 @@ func timeToDate(t uint32) string { // Translate the TSIG time signed into a date. There is no // need for RFC1982 calculations as this date is 48 bits func tsigTimeToDate(t uint64) string { - // only use the lower 48 bits - return "TODO" + // only use the lower 48 bits, TODO(mg), check for 48 bit size + ti := time.SecondsToUTC(int64(t)) + return ti.Format("20060102030405") } // Map of constructors for each RR wire type.