Merge pull request #157 from FiloSottile/intermittent_errors
Fix some intermittent errors
This commit is contained in:
commit
877e47b4c3
64
dnssec.go
64
dnssec.go
|
@ -97,6 +97,10 @@ type dnskeyWireFmt struct {
|
|||
/* Nothing is left out */
|
||||
}
|
||||
|
||||
func divRoundUp(a, b int) int {
|
||||
return (a + b - 1) / b
|
||||
}
|
||||
|
||||
// KeyTag calculates the keytag (or key-id) of the DNSKEY.
|
||||
func (k *DNSKEY) KeyTag() uint16 {
|
||||
if k == nil {
|
||||
|
@ -108,7 +112,7 @@ func (k *DNSKEY) KeyTag() uint16 {
|
|||
// Look at the bottom two bytes of the modules, which the last
|
||||
// item in the pubkey. We could do this faster by looking directly
|
||||
// at the base64 values. But I'm lazy.
|
||||
modulus, _ := packBase64([]byte(k.PublicKey))
|
||||
modulus, _ := fromBase64([]byte(k.PublicKey))
|
||||
if len(modulus) > 1 {
|
||||
x, _ := unpackUint16(modulus, len(modulus)-2)
|
||||
keytag = int(x)
|
||||
|
@ -255,6 +259,7 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
var sighash []byte
|
||||
var h hash.Hash
|
||||
var ch crypto.Hash // Only need for RSA
|
||||
var intlen int
|
||||
switch rr.Algorithm {
|
||||
case DSA, DSANSEC3SHA1:
|
||||
// Implicit in the ParameterSizes
|
||||
|
@ -264,8 +269,10 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
case RSASHA256, ECDSAP256SHA256:
|
||||
h = sha256.New()
|
||||
ch = crypto.SHA256
|
||||
intlen = 32
|
||||
case ECDSAP384SHA384:
|
||||
h = sha512.New384()
|
||||
intlen = 48
|
||||
case RSASHA512:
|
||||
h = sha512.New()
|
||||
ch = crypto.SHA512
|
||||
|
@ -284,24 +291,24 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
return err
|
||||
}
|
||||
signature := []byte{0x4D} // T value, here the ASCII M for Miek (not used in DNSSEC)
|
||||
signature = append(signature, r1.Bytes()...)
|
||||
signature = append(signature, s1.Bytes()...)
|
||||
rr.Signature = unpackBase64(signature)
|
||||
signature = append(signature, intToBytes(r1, 20)...)
|
||||
signature = append(signature, intToBytes(s1, 20)...)
|
||||
rr.Signature = toBase64(signature)
|
||||
case *rsa.PrivateKey:
|
||||
// We can use nil as rand.Reader here (says AGL)
|
||||
signature, err := rsa.SignPKCS1v15(nil, p, ch, sighash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rr.Signature = unpackBase64(signature)
|
||||
rr.Signature = toBase64(signature)
|
||||
case *ecdsa.PrivateKey:
|
||||
r1, s1, err := ecdsa.Sign(rand.Reader, p, sighash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
signature := r1.Bytes()
|
||||
signature = append(signature, s1.Bytes()...)
|
||||
rr.Signature = unpackBase64(signature)
|
||||
signature := intToBytes(r1, intlen)
|
||||
signature = append(signature, intToBytes(s1, intlen)...)
|
||||
rr.Signature = toBase64(signature)
|
||||
default:
|
||||
// Not given the correct key
|
||||
return ErrKeyAlg
|
||||
|
@ -444,7 +451,7 @@ func (rr *RRSIG) ValidityPeriod(t time.Time) bool {
|
|||
|
||||
// Return the signatures base64 encodedig sigdata as a byte slice.
|
||||
func (s *RRSIG) sigBuf() []byte {
|
||||
sigbuf, err := packBase64([]byte(s.Signature))
|
||||
sigbuf, err := fromBase64([]byte(s.Signature))
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -478,7 +485,7 @@ func (k *DNSKEY) setPublicKeyInPrivate(p PrivateKey) bool {
|
|||
|
||||
// publicKeyRSA returns the RSA public key from a DNSKEY record.
|
||||
func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
|
||||
keybuf, err := packBase64([]byte(k.PublicKey))
|
||||
keybuf, err := fromBase64([]byte(k.PublicKey))
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -516,7 +523,7 @@ func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
|
|||
|
||||
// publicKeyCurve returns the Curve public key from the DNSKEY record.
|
||||
func (k *DNSKEY) publicKeyCurve() *ecdsa.PublicKey {
|
||||
keybuf, err := packBase64([]byte(k.PublicKey))
|
||||
keybuf, err := fromBase64([]byte(k.PublicKey))
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -543,7 +550,7 @@ func (k *DNSKEY) publicKeyCurve() *ecdsa.PublicKey {
|
|||
}
|
||||
|
||||
func (k *DNSKEY) publicKeyDSA() *dsa.PublicKey {
|
||||
keybuf, err := packBase64([]byte(k.PublicKey))
|
||||
keybuf, err := fromBase64([]byte(k.PublicKey))
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
@ -573,7 +580,7 @@ func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
|
|||
}
|
||||
buf := exponentToBuf(_E)
|
||||
buf = append(buf, _N.Bytes()...)
|
||||
k.PublicKey = unpackBase64(buf)
|
||||
k.PublicKey = toBase64(buf)
|
||||
return true
|
||||
}
|
||||
|
||||
|
@ -582,9 +589,14 @@ func (k *DNSKEY) setPublicKeyCurve(_X, _Y *big.Int) bool {
|
|||
if _X == nil || _Y == nil {
|
||||
return false
|
||||
}
|
||||
buf := curveToBuf(_X, _Y)
|
||||
// Check the length of the buffer, either 64 or 92 bytes
|
||||
k.PublicKey = unpackBase64(buf)
|
||||
var intlen int
|
||||
switch k.Algorithm {
|
||||
case ECDSAP256SHA256:
|
||||
intlen = 32
|
||||
case ECDSAP384SHA384:
|
||||
intlen = 48
|
||||
}
|
||||
k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))
|
||||
return true
|
||||
}
|
||||
|
||||
|
@ -594,7 +606,7 @@ func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
|
|||
return false
|
||||
}
|
||||
buf := dsaToBuf(_Q, _P, _G, _Y)
|
||||
k.PublicKey = unpackBase64(buf)
|
||||
k.PublicKey = toBase64(buf)
|
||||
return true
|
||||
}
|
||||
|
||||
|
@ -618,21 +630,21 @@ func exponentToBuf(_E int) []byte {
|
|||
|
||||
// Set the public key for X and Y for Curve. The two
|
||||
// values are just concatenated.
|
||||
func curveToBuf(_X, _Y *big.Int) []byte {
|
||||
buf := _X.Bytes()
|
||||
buf = append(buf, _Y.Bytes()...)
|
||||
func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
|
||||
buf := intToBytes(_X, intlen)
|
||||
buf = append(buf, intToBytes(_Y, intlen)...)
|
||||
return buf
|
||||
}
|
||||
|
||||
// Set the public key for X and Y for Curve. The two
|
||||
// values are just concatenated.
|
||||
func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
|
||||
t := byte((len(_G.Bytes()) - 64) / 8)
|
||||
buf := []byte{t}
|
||||
buf = append(buf, _Q.Bytes()...)
|
||||
buf = append(buf, _P.Bytes()...)
|
||||
buf = append(buf, _G.Bytes()...)
|
||||
buf = append(buf, _Y.Bytes()...)
|
||||
t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
|
||||
buf := []byte{byte(t)}
|
||||
buf = append(buf, intToBytes(_Q, 20)...)
|
||||
buf = append(buf, intToBytes(_P, 64+t*8)...)
|
||||
buf = append(buf, intToBytes(_G, 64+t*8)...)
|
||||
buf = append(buf, intToBytes(_Y, 64+t*8)...)
|
||||
return buf
|
||||
}
|
||||
|
||||
|
|
|
@ -455,12 +455,19 @@ PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vwW7BOrbawVmVe0d9V94SR`
|
|||
sig.SignerName = eckey.(*DNSKEY).Hdr.Name
|
||||
sig.Algorithm = eckey.(*DNSKEY).Algorithm
|
||||
|
||||
sig.Sign(privkey, []RR{a})
|
||||
if sig.Sign(privkey, []RR{a}) != nil {
|
||||
t.Fatal("failure to sign the record")
|
||||
}
|
||||
|
||||
t.Logf("%s", sig.String())
|
||||
if e := sig.Verify(eckey.(*DNSKEY), []RR{a}); e != nil {
|
||||
t.Logf("failure to validate: %s", e.Error())
|
||||
t.Fail()
|
||||
t.Logf("\n%s\n%s\n%s\n\n%s\n\n",
|
||||
eckey.(*DNSKEY).String(),
|
||||
a.String(),
|
||||
sig.String(),
|
||||
eckey.(*DNSKEY).PrivateKeyString(privkey),
|
||||
)
|
||||
|
||||
t.Fatalf("failure to validate: %s", e.Error())
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -503,6 +510,13 @@ func TestSignVerifyECDSA2(t *testing.T) {
|
|||
|
||||
err = sig.Verify(key, []RR{srv})
|
||||
if err != nil {
|
||||
t.Logf("\n%s\n%s\n%s\n\n%s\n\n",
|
||||
key.String(),
|
||||
srv.String(),
|
||||
sig.String(),
|
||||
key.PrivateKeyString(privkey),
|
||||
)
|
||||
|
||||
t.Fatal("Failure to validate:", err)
|
||||
}
|
||||
}
|
||||
|
|
36
keygen.go
36
keygen.go
|
@ -94,12 +94,12 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
|
|||
switch t := p.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
|
||||
modulus := unpackBase64(t.PublicKey.N.Bytes())
|
||||
modulus := toBase64(t.PublicKey.N.Bytes())
|
||||
e := big.NewInt(int64(t.PublicKey.E))
|
||||
publicExponent := unpackBase64(e.Bytes())
|
||||
privateExponent := unpackBase64(t.D.Bytes())
|
||||
prime1 := unpackBase64(t.Primes[0].Bytes())
|
||||
prime2 := unpackBase64(t.Primes[1].Bytes())
|
||||
publicExponent := toBase64(e.Bytes())
|
||||
privateExponent := toBase64(t.D.Bytes())
|
||||
prime1 := toBase64(t.Primes[0].Bytes())
|
||||
prime2 := toBase64(t.Primes[1].Bytes())
|
||||
// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
|
||||
// and from: http://code.google.com/p/go/issues/detail?id=987
|
||||
one := big.NewInt(1)
|
||||
|
@ -110,9 +110,9 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
|
|||
exp2 := big.NewInt(0).Mod(t.D, q_1)
|
||||
coeff := big.NewInt(0).Exp(t.Primes[1], minusone, t.Primes[0])
|
||||
|
||||
exponent1 := unpackBase64(exp1.Bytes())
|
||||
exponent2 := unpackBase64(exp2.Bytes())
|
||||
coefficient := unpackBase64(coeff.Bytes())
|
||||
exponent1 := toBase64(exp1.Bytes())
|
||||
exponent2 := toBase64(exp2.Bytes())
|
||||
coefficient := toBase64(coeff.Bytes())
|
||||
|
||||
s = _FORMAT +
|
||||
"Algorithm: " + algorithm + "\n" +
|
||||
|
@ -126,17 +126,25 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
|
|||
"Coefficient: " + coefficient + "\n"
|
||||
case *ecdsa.PrivateKey:
|
||||
algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
|
||||
private := unpackBase64(t.D.Bytes())
|
||||
var intlen int
|
||||
switch r.Algorithm {
|
||||
case ECDSAP256SHA256:
|
||||
intlen = 32
|
||||
case ECDSAP384SHA384:
|
||||
intlen = 48
|
||||
}
|
||||
private := toBase64(intToBytes(t.D, intlen))
|
||||
s = _FORMAT +
|
||||
"Algorithm: " + algorithm + "\n" +
|
||||
"PrivateKey: " + private + "\n"
|
||||
case *dsa.PrivateKey:
|
||||
algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
|
||||
prime := unpackBase64(t.PublicKey.Parameters.P.Bytes())
|
||||
subprime := unpackBase64(t.PublicKey.Parameters.Q.Bytes())
|
||||
base := unpackBase64(t.PublicKey.Parameters.G.Bytes())
|
||||
priv := unpackBase64(t.X.Bytes())
|
||||
pub := unpackBase64(t.PublicKey.Y.Bytes())
|
||||
T := divRoundUp(divRoundUp(t.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
|
||||
prime := toBase64(intToBytes(t.PublicKey.Parameters.P, 64+T*8))
|
||||
subprime := toBase64(intToBytes(t.PublicKey.Parameters.Q, 20))
|
||||
base := toBase64(intToBytes(t.PublicKey.Parameters.G, 64+T*8))
|
||||
priv := toBase64(intToBytes(t.X, 20))
|
||||
pub := toBase64(intToBytes(t.PublicKey.Y, 64+T*8))
|
||||
s = _FORMAT +
|
||||
"Algorithm: " + algorithm + "\n" +
|
||||
"Prime(p): " + prime + "\n" +
|
||||
|
|
12
kscan.go
12
kscan.go
|
@ -39,7 +39,7 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
|
|||
return nil, e
|
||||
}
|
||||
if !k.setPublicKeyInPrivate(p) {
|
||||
return nil, ErrPrivKey
|
||||
return nil, ErrKey
|
||||
}
|
||||
return p, e
|
||||
case "1 (RSAMD5)":
|
||||
|
@ -56,7 +56,7 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
|
|||
return nil, e
|
||||
}
|
||||
if !k.setPublicKeyInPrivate(p) {
|
||||
return nil, ErrPrivKey
|
||||
return nil, ErrKey
|
||||
}
|
||||
return p, e
|
||||
case "12 (ECC-GOST)":
|
||||
|
@ -74,7 +74,7 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
|
|||
return nil, e
|
||||
}
|
||||
if !k.setPublicKeyInPrivate(p) {
|
||||
return nil, ErrPrivKey
|
||||
return nil, ErrKey
|
||||
}
|
||||
return p, e
|
||||
}
|
||||
|
@ -88,7 +88,7 @@ func readPrivateKeyRSA(m map[string]string) (PrivateKey, error) {
|
|||
for k, v := range m {
|
||||
switch k {
|
||||
case "modulus", "publicexponent", "privateexponent", "prime1", "prime2":
|
||||
v1, err := packBase64([]byte(v))
|
||||
v1, err := fromBase64([]byte(v))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -125,7 +125,7 @@ func readPrivateKeyDSA(m map[string]string) (PrivateKey, error) {
|
|||
for k, v := range m {
|
||||
switch k {
|
||||
case "private_value(x)":
|
||||
v1, err := packBase64([]byte(v))
|
||||
v1, err := fromBase64([]byte(v))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -144,7 +144,7 @@ func readPrivateKeyECDSA(m map[string]string) (PrivateKey, error) {
|
|||
for k, v := range m {
|
||||
switch k {
|
||||
case "privatekey":
|
||||
v1, err := packBase64([]byte(v))
|
||||
v1, err := fromBase64([]byte(v))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
78
msg.go
78
msg.go
|
@ -12,6 +12,7 @@ import (
|
|||
"encoding/base32"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"math/big"
|
||||
"math/rand"
|
||||
"net"
|
||||
"reflect"
|
||||
|
@ -813,7 +814,7 @@ func packStructValue(val reflect.Value, msg []byte, off int, compression map[str
|
|||
default:
|
||||
return lenmsg, &Error{"bad tag packing string: " + typefield.Tag.Get("dns")}
|
||||
case `dns:"base64"`:
|
||||
b64, e := packBase64([]byte(s))
|
||||
b64, e := fromBase64([]byte(s))
|
||||
if e != nil {
|
||||
return lenmsg, e
|
||||
}
|
||||
|
@ -834,7 +835,7 @@ func packStructValue(val reflect.Value, msg []byte, off int, compression map[str
|
|||
msg[off-1] = 20
|
||||
fallthrough
|
||||
case `dns:"base32"`:
|
||||
b32, e := packBase32([]byte(s))
|
||||
b32, e := fromBase32([]byte(s))
|
||||
if e != nil {
|
||||
return lenmsg, e
|
||||
}
|
||||
|
@ -1224,7 +1225,7 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
|
|||
if b64end > lenrd || b64end > lenmsg {
|
||||
return lenmsg, &Error{err: "overflow unpacking base64"}
|
||||
}
|
||||
s = unpackBase64(msg[off:b64end])
|
||||
s = toBase64(msg[off:b64end])
|
||||
off = b64end
|
||||
case `dns:"cdomain-name"`:
|
||||
fallthrough
|
||||
|
@ -1250,7 +1251,7 @@ func unpackStructValue(val reflect.Value, msg []byte, off int) (off1 int, err er
|
|||
if off+size > lenmsg {
|
||||
return lenmsg, &Error{err: "overflow unpacking base32"}
|
||||
}
|
||||
s = unpackBase32(msg[off : off+size])
|
||||
s = toBase32(msg[off : off+size])
|
||||
off += size
|
||||
case `dns:"size-hex"`:
|
||||
// a "size" string, but it must be encoded in hex in the string
|
||||
|
@ -1298,58 +1299,53 @@ func dddToByte(s []byte) byte {
|
|||
return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
|
||||
}
|
||||
|
||||
// Helper function for unpacking
|
||||
func unpackUint16(msg []byte, off int) (v uint16, off1 int) {
|
||||
v = uint16(msg[off])<<8 | uint16(msg[off+1])
|
||||
off1 = off + 2
|
||||
return
|
||||
}
|
||||
|
||||
// UnpackStruct unpacks a binary message from offset off to the interface
|
||||
// value given.
|
||||
func UnpackStruct(any interface{}, msg []byte, off int) (off1 int, err error) {
|
||||
off, err = unpackStructValue(structValue(any), msg, off)
|
||||
return off, err
|
||||
func UnpackStruct(any interface{}, msg []byte, off int) (int, error) {
|
||||
return unpackStructValue(structValue(any), msg, off)
|
||||
}
|
||||
|
||||
func unpackBase32(b []byte) string {
|
||||
b32 := make([]byte, base32.HexEncoding.EncodedLen(len(b)))
|
||||
base32.HexEncoding.Encode(b32, b)
|
||||
return string(b32)
|
||||
// Helper function for packing and unpacking
|
||||
func intToBytes(i *big.Int, length int) []byte {
|
||||
buf := i.Bytes()
|
||||
if len(buf) < length {
|
||||
b := make([]byte, length)
|
||||
copy(b[length-len(buf):], buf)
|
||||
return b
|
||||
}
|
||||
return buf
|
||||
}
|
||||
|
||||
func unpackBase64(b []byte) string {
|
||||
b64 := make([]byte, base64.StdEncoding.EncodedLen(len(b)))
|
||||
base64.StdEncoding.Encode(b64, b)
|
||||
return string(b64)
|
||||
func unpackUint16(msg []byte, off int) (uint16, int) {
|
||||
return uint16(msg[off])<<8 | uint16(msg[off+1]), off + 2
|
||||
}
|
||||
|
||||
// Helper function for packing
|
||||
func packUint16(i uint16) (byte, byte) {
|
||||
return byte(i >> 8), byte(i)
|
||||
}
|
||||
|
||||
func packBase64(s []byte) ([]byte, error) {
|
||||
b64len := base64.StdEncoding.DecodedLen(len(s))
|
||||
buf := make([]byte, b64len)
|
||||
n, err := base64.StdEncoding.Decode(buf, []byte(s))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
buf = buf[:n]
|
||||
return buf, nil
|
||||
func toBase32(b []byte) string {
|
||||
return base32.HexEncoding.EncodeToString(b)
|
||||
}
|
||||
|
||||
// Helper function for packing, mostly used in dnssec.go
|
||||
func packBase32(s []byte) ([]byte, error) {
|
||||
b32len := base32.HexEncoding.DecodedLen(len(s))
|
||||
buf := make([]byte, b32len)
|
||||
n, err := base32.HexEncoding.Decode(buf, []byte(s))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
func fromBase32(s []byte) (buf []byte, err error) {
|
||||
buflen := base32.HexEncoding.DecodedLen(len(s))
|
||||
buf = make([]byte, buflen)
|
||||
n, err := base32.HexEncoding.Decode(buf, s)
|
||||
buf = buf[:n]
|
||||
return buf, nil
|
||||
return
|
||||
}
|
||||
|
||||
func toBase64(b []byte) string {
|
||||
return base64.StdEncoding.EncodeToString(b)
|
||||
}
|
||||
|
||||
func fromBase64(s []byte) (buf []byte, err error) {
|
||||
buflen := base64.StdEncoding.DecodedLen(len(s))
|
||||
buf = make([]byte, buflen)
|
||||
n, err := base64.StdEncoding.Decode(buf, s)
|
||||
buf = buf[:n]
|
||||
return
|
||||
}
|
||||
|
||||
// PackRR packs a resource record rr into msg[off:].
|
||||
|
|
2
nsecx.go
2
nsecx.go
|
@ -47,7 +47,7 @@ func HashName(label string, ha uint8, iter uint16, salt string) string {
|
|||
io.WriteString(s, string(nsec3))
|
||||
nsec3 = s.Sum(nil)
|
||||
}
|
||||
return unpackBase32(nsec3)
|
||||
return toBase32(nsec3)
|
||||
}
|
||||
|
||||
type Denialer interface {
|
||||
|
|
|
@ -1230,7 +1230,7 @@ type algorithm struct {
|
|||
bits int
|
||||
}
|
||||
|
||||
func TestNewPrivateKeyECDSA(t *testing.T) {
|
||||
func TestNewPrivateKey(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("skipping test in short mode.")
|
||||
}
|
||||
|
@ -1239,7 +1239,7 @@ func TestNewPrivateKeyECDSA(t *testing.T) {
|
|||
algorithm{ECDSAP384SHA384, 384},
|
||||
algorithm{RSASHA1, 1024},
|
||||
algorithm{RSASHA256, 2048},
|
||||
// algorithm{DSA, 1024}, // TODO: STILL BROKEN!
|
||||
algorithm{DSA, 1024},
|
||||
}
|
||||
|
||||
for _, algo := range algorithms {
|
||||
|
@ -1258,6 +1258,9 @@ func TestNewPrivateKeyECDSA(t *testing.T) {
|
|||
|
||||
newPrivKey, err := key.NewPrivateKey(key.PrivateKeyString(privkey))
|
||||
if err != nil {
|
||||
t.Log(key.String())
|
||||
t.Log(key.PrivateKeyString(privkey))
|
||||
|
||||
t.Fatal(err.Error())
|
||||
}
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"runtime"
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func HelloServer(w ResponseWriter, req *Msg) {
|
||||
|
@ -36,6 +37,25 @@ func RunLocalUDPServer(laddr string) (*Server, string, error) {
|
|||
server.ActivateAndServe()
|
||||
pc.Close()
|
||||
}()
|
||||
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
|
||||
return server, pc.LocalAddr().String(), nil
|
||||
}
|
||||
|
||||
func RunLocalUDPServerUnsafe(laddr string) (*Server, string, error) {
|
||||
pc, err := net.ListenPacket("udp", laddr)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
server := &Server{PacketConn: pc, Unsafe: true}
|
||||
go func() {
|
||||
server.ActivateAndServe()
|
||||
pc.Close()
|
||||
}()
|
||||
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
|
||||
return server, pc.LocalAddr().String(), nil
|
||||
}
|
||||
|
||||
|
@ -49,6 +69,19 @@ func RunLocalTCPServer(laddr string) (*Server, string, error) {
|
|||
server.ActivateAndServe()
|
||||
l.Close()
|
||||
}()
|
||||
|
||||
for i := 0; ; i++ {
|
||||
conn, err := net.Dial("tcp", l.Addr().String())
|
||||
if err == nil {
|
||||
conn.Close()
|
||||
break
|
||||
}
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
if i > 50 {
|
||||
return nil, "", fmt.Errorf("failed to start server: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
return server, l.Addr().String(), nil
|
||||
}
|
||||
|
||||
|
@ -311,7 +344,6 @@ func TestServingResponse(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("Unable to run test server: %s", err)
|
||||
}
|
||||
defer s.Shutdown()
|
||||
|
||||
c := new(Client)
|
||||
m := new(Msg)
|
||||
|
@ -328,7 +360,14 @@ func TestServingResponse(t *testing.T) {
|
|||
t.Log("exchanged response message")
|
||||
t.Fatal()
|
||||
}
|
||||
s.Unsafe = true
|
||||
|
||||
s.Shutdown()
|
||||
s, addrstr, err = RunLocalUDPServerUnsafe("127.0.0.1:0")
|
||||
if err != nil {
|
||||
t.Fatalf("Unable to run test server: %s", err)
|
||||
}
|
||||
defer s.Shutdown()
|
||||
|
||||
m.Response = true
|
||||
_, _, err = c.Exchange(m, addrstr)
|
||||
if err != nil {
|
||||
|
@ -342,9 +381,6 @@ func TestShutdownTCP(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("Unable to run test server: %s", err)
|
||||
}
|
||||
// it normally is too early to shutting down because server
|
||||
// activates in goroutine.
|
||||
runtime.Gosched()
|
||||
err = s.Shutdown()
|
||||
if err != nil {
|
||||
t.Errorf("Could not shutdown test TCP server, %s", err)
|
||||
|
@ -356,9 +392,6 @@ func TestShutdownUDP(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("Unable to run test server: %s", err)
|
||||
}
|
||||
// it normally is too early to shutting down because server
|
||||
// activates in goroutine.
|
||||
runtime.Gosched()
|
||||
err = s.Shutdown()
|
||||
if err != nil {
|
||||
t.Errorf("Could not shutdown test UDP server, %s", err)
|
||||
|
|
31
sig0.go
31
sig0.go
|
@ -44,18 +44,7 @@ func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
|
|||
rr.TypeCovered = 0
|
||||
rr.Labels = 0
|
||||
|
||||
buflen := m.Len() + rr.len()
|
||||
switch k := k.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
buflen += len(k.N.Bytes())
|
||||
case *dsa.PrivateKey:
|
||||
buflen += 40
|
||||
case *ecdsa.PrivateKey:
|
||||
buflen += 96
|
||||
default:
|
||||
return nil, ErrPrivKey
|
||||
}
|
||||
buf := make([]byte, m.Len()+rr.len()+buflen)
|
||||
buf := make([]byte, m.Len()+rr.len())
|
||||
mbuf, err := m.PackBuffer(buf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -69,13 +58,16 @@ func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
|
|||
}
|
||||
buf = buf[:off:cap(buf)]
|
||||
var hash crypto.Hash
|
||||
var intlen int
|
||||
switch rr.Algorithm {
|
||||
case DSA, RSASHA1:
|
||||
hash = crypto.SHA1
|
||||
case RSASHA256, ECDSAP256SHA256:
|
||||
hash = crypto.SHA256
|
||||
intlen = 32
|
||||
case ECDSAP384SHA384:
|
||||
hash = crypto.SHA384
|
||||
intlen = 48
|
||||
case RSASHA512:
|
||||
hash = crypto.SHA512
|
||||
default:
|
||||
|
@ -91,15 +83,14 @@ func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
|
|||
var sig []byte
|
||||
switch p := k.(type) {
|
||||
case *dsa.PrivateKey:
|
||||
t := byte((len(p.PublicKey.Y.Bytes()) - 64) / 8)
|
||||
t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
|
||||
r1, s1, err := dsa.Sign(rand.Reader, p, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sig = make([]byte, 0, 1+len(r1.Bytes())+len(s1.Bytes()))
|
||||
sig = append(sig, t)
|
||||
sig = append(sig, r1.Bytes()...)
|
||||
sig = append(sig, s1.Bytes()...)
|
||||
sig = append(sig, byte(t))
|
||||
sig = append(sig, intToBytes(r1, 20)...)
|
||||
sig = append(sig, intToBytes(s1, 20)...)
|
||||
case *rsa.PrivateKey:
|
||||
sig, err = rsa.SignPKCS1v15(rand.Reader, p, hash, hashed)
|
||||
if err != nil {
|
||||
|
@ -110,12 +101,12 @@ func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sig = r1.Bytes()
|
||||
sig = append(sig, s1.Bytes()...)
|
||||
sig = intToBytes(r1, intlen)
|
||||
sig = append(sig, intToBytes(s1, intlen)...)
|
||||
default:
|
||||
return nil, ErrAlg
|
||||
}
|
||||
rr.Signature = unpackBase64(sig)
|
||||
rr.Signature = toBase64(sig)
|
||||
buf = append(buf, sig...)
|
||||
if len(buf) > int(^uint16(0)) {
|
||||
return nil, ErrBuf
|
||||
|
|
4
tsig.go
4
tsig.go
|
@ -159,7 +159,7 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
|
|||
panic("dns: TSIG not last RR in additional")
|
||||
}
|
||||
// If we barf here, the caller is to blame
|
||||
rawsecret, err := packBase64([]byte(secret))
|
||||
rawsecret, err := fromBase64([]byte(secret))
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
|
@ -209,7 +209,7 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
|
|||
// If the signature does not validate err contains the
|
||||
// error, otherwise it is nil.
|
||||
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
||||
rawsecret, err := packBase64([]byte(secret))
|
||||
rawsecret, err := fromBase64([]byte(secret))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue