community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement the other algorithms in tsig

This commit is contained in:
Miek Gieben 2012-01-26 20:23:43 +01:00
parent 886afe57bd
commit 48fa998539
2 changed files with 52 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
examples/q/q.go
View File

@ -25,7 +25,8 @@ func main() {
query := flag.Bool("question", false, "show question")
short := flag.Bool("short", false, "abbreviate long DNSSEC records")
check := flag.Bool("check", false, "check internal DNSSEC consistency")
anchor := flag.String("anchor", "", "use the DNSKEY in this file for checking consistency")
anchor := flag.String("anchor", "", "use the DNSKEY in this file for interla DNSSEC consistency")
tsig := flag.String("tsig", "", "tsig key, [hmac:]name:key")
port := flag.Int("port", 53, "port number to use")
aa := flag.Bool("aa", false, "set AA flag in query")
ad := flag.Bool("ad", false, "set AD flag in query")
@ -72,6 +73,14 @@ Flags:
// And if it looks like type, it is a type
if k, ok := dns.Str_rr[strings.ToUpper(flag.Arg(i))]; ok {
qtype = k
switch qtype {
case dns.TypeAXFR:
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
return
case dns.TypeIXFR:
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
return
}
continue Flags
}
// If it looks like a class, it is a class
@ -84,6 +93,14 @@ Flags:
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
if e == nil {
qtype = uint16(i)
switch qtype {
case dns.TypeAXFR:
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
return
case dns.TypeIXFR:
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
return
}
continue Flags
}
}

39
tsig.go
View File

@ -5,7 +5,7 @@
//
// m := new(Msg)
// m.SetAxfr("miek.nl.")
// // Add a skeleton TSIG record.
// // Add a stub TSIG record.
// m.SetTsig("axfr.", HmacMD5, 300, uint64(time.Seconds()))
// // Generate the contents of the complete TSIG record.
// TsigGenerate(m, "so6ZGir4GPAqINNh9U5c3A==", "", false)
@ -35,6 +35,8 @@ package dns
import (
"crypto/hmac"
"crypto/md5"
"crypto/sha1"
"crypto/sha256"
"encoding/hex"
"io"
"strings"
@ -78,8 +80,11 @@ type timerWireFmt struct {
Fudge uint16
}
// TsigGenerate adds an TSIG RR to a message. The TSIG MAC is saved
// in the Tsig RR that is added. When TsigGenerate is called for the
// TsigGenerate adds an TSIG RR to a message. The message should contain
// a "stub" TsigRR with the algorithm, key name (owner name of the RR),
// time fudge (defaults to 300 seconds) and the current time
// The TSIG MAC is saved in that Tsig RR.
// When TsigGenerate is called for the
// first time requestMAC is set to the empty string.
// If something goes wrong an error is returned, otherwise it is nil.
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
@ -100,7 +105,21 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
t := new(RR_TSIG)
h := hmac.New(md5.New, []byte(rawsecret))
switch algo {
}
h := ""
switch hmac {
case rr.Algorithm:
h = hmac.New(md5.New, []byte(rawsecret))
case HmacSHA1:
h = hmac.New(sha1.New, []byte(rawsecret))
case HmacSHA256:
h = hmac.New(sha256.New, []byte(rawsecret))
default:
return ErrKeyAlg
}
t.MAC = hex.EncodeToString(h.Sum(buf))
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
@ -136,7 +155,17 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
return ErrTime
}
h := hmac.New(md5.New, []byte(rawsecret))
h := ""
switch tsig.Algorithm {
case rr.Algorithm:
h = hmac.New(md5.New, []byte(rawsecret))
case HmacSHA1:
h = hmac.New(sha1.New, []byte(rawsecret))
case HmacSHA256:
h = hmac.New(sha256.New, []byte(rawsecret))
default:
return ErrKeyAlg
}
io.WriteString(h, string(buf))
if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
return ErrSig