Implement the other algorithms in tsig
This commit is contained in:
parent
886afe57bd
commit
48fa998539
|
@ -25,7 +25,8 @@ func main() {
|
||||||
query := flag.Bool("question", false, "show question")
|
query := flag.Bool("question", false, "show question")
|
||||||
short := flag.Bool("short", false, "abbreviate long DNSSEC records")
|
short := flag.Bool("short", false, "abbreviate long DNSSEC records")
|
||||||
check := flag.Bool("check", false, "check internal DNSSEC consistency")
|
check := flag.Bool("check", false, "check internal DNSSEC consistency")
|
||||||
anchor := flag.String("anchor", "", "use the DNSKEY in this file for checking consistency")
|
anchor := flag.String("anchor", "", "use the DNSKEY in this file for interla DNSSEC consistency")
|
||||||
|
tsig := flag.String("tsig", "", "tsig key, [hmac:]name:key")
|
||||||
port := flag.Int("port", 53, "port number to use")
|
port := flag.Int("port", 53, "port number to use")
|
||||||
aa := flag.Bool("aa", false, "set AA flag in query")
|
aa := flag.Bool("aa", false, "set AA flag in query")
|
||||||
ad := flag.Bool("ad", false, "set AD flag in query")
|
ad := flag.Bool("ad", false, "set AD flag in query")
|
||||||
|
@ -72,6 +73,14 @@ Flags:
|
||||||
// And if it looks like type, it is a type
|
// And if it looks like type, it is a type
|
||||||
if k, ok := dns.Str_rr[strings.ToUpper(flag.Arg(i))]; ok {
|
if k, ok := dns.Str_rr[strings.ToUpper(flag.Arg(i))]; ok {
|
||||||
qtype = k
|
qtype = k
|
||||||
|
switch qtype {
|
||||||
|
case dns.TypeAXFR:
|
||||||
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
||||||
|
return
|
||||||
|
case dns.TypeIXFR:
|
||||||
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
||||||
|
return
|
||||||
|
}
|
||||||
continue Flags
|
continue Flags
|
||||||
}
|
}
|
||||||
// If it looks like a class, it is a class
|
// If it looks like a class, it is a class
|
||||||
|
@ -84,6 +93,14 @@ Flags:
|
||||||
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
|
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
|
||||||
if e == nil {
|
if e == nil {
|
||||||
qtype = uint16(i)
|
qtype = uint16(i)
|
||||||
|
switch qtype {
|
||||||
|
case dns.TypeAXFR:
|
||||||
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
||||||
|
return
|
||||||
|
case dns.TypeIXFR:
|
||||||
|
fmt.Fprintf(os.Stderr, "AXFR not supported\n")
|
||||||
|
return
|
||||||
|
}
|
||||||
continue Flags
|
continue Flags
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
39
tsig.go
39
tsig.go
|
@ -5,7 +5,7 @@
|
||||||
//
|
//
|
||||||
// m := new(Msg)
|
// m := new(Msg)
|
||||||
// m.SetAxfr("miek.nl.")
|
// m.SetAxfr("miek.nl.")
|
||||||
// // Add a skeleton TSIG record.
|
// // Add a stub TSIG record.
|
||||||
// m.SetTsig("axfr.", HmacMD5, 300, uint64(time.Seconds()))
|
// m.SetTsig("axfr.", HmacMD5, 300, uint64(time.Seconds()))
|
||||||
// // Generate the contents of the complete TSIG record.
|
// // Generate the contents of the complete TSIG record.
|
||||||
// TsigGenerate(m, "so6ZGir4GPAqINNh9U5c3A==", "", false)
|
// TsigGenerate(m, "so6ZGir4GPAqINNh9U5c3A==", "", false)
|
||||||
|
@ -35,6 +35,8 @@ package dns
|
||||||
import (
|
import (
|
||||||
"crypto/hmac"
|
"crypto/hmac"
|
||||||
"crypto/md5"
|
"crypto/md5"
|
||||||
|
"crypto/sha1"
|
||||||
|
"crypto/sha256"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"io"
|
"io"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -78,8 +80,11 @@ type timerWireFmt struct {
|
||||||
Fudge uint16
|
Fudge uint16
|
||||||
}
|
}
|
||||||
|
|
||||||
// TsigGenerate adds an TSIG RR to a message. The TSIG MAC is saved
|
// TsigGenerate adds an TSIG RR to a message. The message should contain
|
||||||
// in the Tsig RR that is added. When TsigGenerate is called for the
|
// a "stub" TsigRR with the algorithm, key name (owner name of the RR),
|
||||||
|
// time fudge (defaults to 300 seconds) and the current time
|
||||||
|
// The TSIG MAC is saved in that Tsig RR.
|
||||||
|
// When TsigGenerate is called for the
|
||||||
// first time requestMAC is set to the empty string.
|
// first time requestMAC is set to the empty string.
|
||||||
// If something goes wrong an error is returned, otherwise it is nil.
|
// If something goes wrong an error is returned, otherwise it is nil.
|
||||||
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
|
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
|
||||||
|
@ -100,7 +105,21 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
|
||||||
|
|
||||||
t := new(RR_TSIG)
|
t := new(RR_TSIG)
|
||||||
|
|
||||||
h := hmac.New(md5.New, []byte(rawsecret))
|
switch algo {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
h := ""
|
||||||
|
switch hmac {
|
||||||
|
case rr.Algorithm:
|
||||||
|
h = hmac.New(md5.New, []byte(rawsecret))
|
||||||
|
case HmacSHA1:
|
||||||
|
h = hmac.New(sha1.New, []byte(rawsecret))
|
||||||
|
case HmacSHA256:
|
||||||
|
h = hmac.New(sha256.New, []byte(rawsecret))
|
||||||
|
default:
|
||||||
|
return ErrKeyAlg
|
||||||
|
}
|
||||||
|
|
||||||
t.MAC = hex.EncodeToString(h.Sum(buf))
|
t.MAC = hex.EncodeToString(h.Sum(buf))
|
||||||
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
||||||
|
@ -136,7 +155,17 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
||||||
return ErrTime
|
return ErrTime
|
||||||
}
|
}
|
||||||
|
|
||||||
h := hmac.New(md5.New, []byte(rawsecret))
|
h := ""
|
||||||
|
switch tsig.Algorithm {
|
||||||
|
case rr.Algorithm:
|
||||||
|
h = hmac.New(md5.New, []byte(rawsecret))
|
||||||
|
case HmacSHA1:
|
||||||
|
h = hmac.New(sha1.New, []byte(rawsecret))
|
||||||
|
case HmacSHA256:
|
||||||
|
h = hmac.New(sha256.New, []byte(rawsecret))
|
||||||
|
default:
|
||||||
|
return ErrKeyAlg
|
||||||
|
}
|
||||||
io.WriteString(h, string(buf))
|
io.WriteString(h, string(buf))
|
||||||
if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
|
if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
|
||||||
return ErrSig
|
return ErrSig
|
||||||
|
|
Loading…
Reference in New Issue