Fix tsig -- needs testing
This commit is contained in:
Miek Gieben
parent
a6fee19f4c
commit
42ce4d3085
3
TODO
3
TODO
|
|
@ -10,11 +10,12 @@ Short term:
|
||||||
|
|
||||||
Issues:
|
Issues:
|
||||||
* Separation between dnssec and dns is arbitrary, why is tsig.go of package dns?
|
* Separation between dnssec and dns is arbitrary, why is tsig.go of package dns?
|
||||||
|
* escaped dots in domain names: \.
|
||||||
|
* quoted quotes in txt records
|
||||||
* Better sized buffers
|
* Better sized buffers
|
||||||
* Check the network order, it works now, but this is on Intel
|
* Check the network order, it works now, but this is on Intel
|
||||||
* Make the testsuite work with public DNS servers
|
* Make the testsuite work with public DNS servers
|
||||||
* shortened ipv6 addresses are not parsed correctly (maybe net issue)
|
* shortened ipv6 addresses are not parsed correctly (maybe net issue)
|
||||||
* quoted quotes in txt records
|
|
||||||
* Convenience functions?
|
* Convenience functions?
|
||||||
- for new(RR*)
|
- for new(RR*)
|
||||||
- nsupdate
|
- nsupdate
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,3 @@
|
||||||
// Package dnssec implements all client side DNSSEC function, like
|
|
||||||
// validation, keytag and DS calculation.
|
|
||||||
package dns
|
package dns
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|
@ -81,7 +79,6 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
owner, ok1 := WireDomainName(k.Hdr.Name)
|
owner, ok1 := WireDomainName(k.Hdr.Name)
|
||||||
if !ok1 {
|
if !ok1 {
|
||||||
return nil
|
return nil
|
||||||
|
|
@ -113,6 +110,11 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
||||||
return ds
|
return ds
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Generate the key material and return the private key part. Only
|
||||||
|
// the key's algorithm field needs to be known
|
||||||
|
func (k *RR_DNSKEY) Generate() *RR_DS {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Validate an rrset with the signature and key. This is the
|
// Validate an rrset with the signature and key. This is the
|
||||||
// cryptographic test, the validity period most be check separately.
|
// cryptographic test, the validity period most be check separately.
|
||||||
|
|
|
||||||
12
tsig.go
12
tsig.go
|
|
@ -6,7 +6,9 @@ package dns
|
||||||
import (
|
import (
|
||||||
"crypto/hmac"
|
"crypto/hmac"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"io"
|
"io"
|
||||||
|
"encoding/hex"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Need to lookup the actual codes
|
// Need to lookup the actual codes
|
||||||
|
|
@ -17,7 +19,7 @@ const (
|
||||||
|
|
||||||
type RR_TSIG struct {
|
type RR_TSIG struct {
|
||||||
Hdr RR_Header
|
Hdr RR_Header
|
||||||
Algorithm string "domain-name"
|
Algorithm string "domain-name"
|
||||||
TimeSigned uint64
|
TimeSigned uint64
|
||||||
Fudge uint16
|
Fudge uint16
|
||||||
MACSize uint16
|
MACSize uint16
|
||||||
|
|
@ -33,12 +35,12 @@ func (rr *RR_TSIG) Header() *RR_Header {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (rr *RR_TSIG) String() string {
|
func (rr *RR_TSIG) String() string {
|
||||||
// It has no presentation format
|
// It has no official presentation format
|
||||||
return rr.Hdr.String() +
|
return rr.Hdr.String() +
|
||||||
" " + rr.Algorithm +
|
" " + rr.Algorithm +
|
||||||
" " + "<timesigned>" +
|
" " + tsigTimeToDate(rr.TimeSigned) +
|
||||||
" " + strconv.Itoa(int(rr.Fudge)) +
|
" " + strconv.Itoa(int(rr.Fudge)) +
|
||||||
" " + "<MAC>" +
|
" " + strings.ToUpper(hex.EncodeToString([]byte(rr.MAC))) +
|
||||||
" " + strconv.Itoa(int(rr.OrigId)) +
|
" " + strconv.Itoa(int(rr.OrigId)) +
|
||||||
" " + strconv.Itoa(int(rr.Error)) +
|
" " + strconv.Itoa(int(rr.Error)) +
|
||||||
" " + rr.OtherData
|
" " + rr.OtherData
|
||||||
|
|
@ -53,7 +55,7 @@ type tsig_generation_fmt struct {
|
||||||
Class uint16
|
Class uint16
|
||||||
Ttl uint32
|
Ttl uint32
|
||||||
// Rdata of the TSIG
|
// Rdata of the TSIG
|
||||||
Algorithm string "domain-name"
|
Algorithm string "domain-name"
|
||||||
TimeSigned uint64
|
TimeSigned uint64
|
||||||
Fudge uint16
|
Fudge uint16
|
||||||
// MACSize, MAC and OrigId excluded
|
// MACSize, MAC and OrigId excluded
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ package dns
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestTsig(t *testing.T) {
|
func TestTsig(t *testing.T) {
|
||||||
|
|
@ -11,6 +12,8 @@ func TestTsig(t *testing.T) {
|
||||||
tsig.Hdr.Rrtype = TypeTSIG
|
tsig.Hdr.Rrtype = TypeTSIG
|
||||||
tsig.Hdr.Class = ClassANY
|
tsig.Hdr.Class = ClassANY
|
||||||
tsig.Hdr.Ttl = 0
|
tsig.Hdr.Ttl = 0
|
||||||
|
tsig.Fudge = 300
|
||||||
|
tsig.TimeSigned = uint64(time.Seconds())
|
||||||
|
|
||||||
out := new(Msg)
|
out := new(Msg)
|
||||||
out.MsgHdr.RecursionDesired = true
|
out.MsgHdr.RecursionDesired = true
|
||||||
|
|
|
||||||
5
types.go
5
types.go
|
|
@ -538,8 +538,9 @@ func timeToDate(t uint32) string {
|
||||||
// Translate the TSIG time signed into a date. There is no
|
// Translate the TSIG time signed into a date. There is no
|
||||||
// need for RFC1982 calculations as this date is 48 bits
|
// need for RFC1982 calculations as this date is 48 bits
|
||||||
func tsigTimeToDate(t uint64) string {
|
func tsigTimeToDate(t uint64) string {
|
||||||
// only use the lower 48 bits
|
// only use the lower 48 bits, TODO(mg), check for 48 bit size
|
||||||
return "TODO"
|
ti := time.SecondsToUTC(int64(t))
|
||||||
|
return ti.Format("20060102030405")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Map of constructors for each RR wire type.
|
// Map of constructors for each RR wire type.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue