Add key2ds conversion
More DNSSEC pieces are coming together
This commit is contained in:
parent
36b181f65a
commit
8dbefdd3f1
|
@ -15,7 +15,7 @@ func TestTag(t *testing.T) {
|
|||
key.Algorithm = AlgRSASHA256
|
||||
key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
|
||||
|
||||
tag := key.Tag()
|
||||
tag := key.KeyTag()
|
||||
if tag != 12051 {
|
||||
t.Logf("%v\n", key)
|
||||
t.Logf("Wrong key tag: %d\n", tag)
|
||||
|
|
61
dnssec.go
61
dnssec.go
|
@ -2,7 +2,9 @@ package dns
|
|||
|
||||
import (
|
||||
"crypto/sha1"
|
||||
"encoding/hex"
|
||||
"time"
|
||||
"io"
|
||||
)
|
||||
|
||||
const (
|
||||
|
@ -12,18 +14,64 @@ const (
|
|||
|
||||
// Convert an DNSKEY record to a DS record.
|
||||
func (k *RR_DNSKEY) ToDS(hash int) *RR_DS {
|
||||
ds := new(RR_DS)
|
||||
ds.Hdr.Name = k.Hdr.Name
|
||||
ds.Hdr.Class = k.Hdr.Class
|
||||
ds.Hdr.Ttl = k.Hdr.Ttl
|
||||
ds.Hdr.Rrtype = TypeDS
|
||||
ds.KeyTag = k.KeyTag()
|
||||
ds.Algorithm = k.Algorithm
|
||||
ds.DigestType = uint8(hash)
|
||||
|
||||
// Generic function that gives back a buffer with the rdata?? TODO(MG)
|
||||
// Find the rdata portion for the key (again)
|
||||
// (keytag does this too)
|
||||
buf := make([]byte, 4096)
|
||||
off1, ok := packRR(k, buf, 0)
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
start := off1 - int(k.Header().Rdlength)
|
||||
end := start + int(k.Header().Rdlength)
|
||||
// buf[start:end] is the rdata of the key
|
||||
buf = buf[start:end]
|
||||
// Now the owner name
|
||||
owner := make([]byte, 255)
|
||||
off1, ok = packDomainName(k.Hdr.Name, owner, 0)
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
owner = owner[:off1]
|
||||
// digest buffer
|
||||
digest := append(owner, buf...)
|
||||
|
||||
/*
|
||||
* from RFC4034
|
||||
* digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
|
||||
* "|" denotes concatenation
|
||||
* DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
|
||||
*/
|
||||
|
||||
switch hash {
|
||||
case HashSHA1:
|
||||
var _ = sha1.New()
|
||||
|
||||
s := sha1.New()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
case HashSHA256:
|
||||
|
||||
case HashGOST94:
|
||||
|
||||
default:
|
||||
// wrong hash value
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
return ds
|
||||
}
|
||||
|
||||
// Calculate the keytag of the DNSKEY
|
||||
func (k *RR_DNSKEY) Tag() (keytag int) {
|
||||
func (k *RR_DNSKEY) KeyTag() uint16 {
|
||||
var keytag int
|
||||
switch k.Algorithm {
|
||||
case AlgRSAMD5:
|
||||
println("Keytag RSAMD5. Todo")
|
||||
|
@ -31,6 +79,7 @@ func (k *RR_DNSKEY) Tag() (keytag int) {
|
|||
default:
|
||||
// Might encode header length too, so that
|
||||
// we dont need to pack/unpack all the time
|
||||
// Or a shadow structure, with the wiredata and header
|
||||
buf := make([]byte, 4096)
|
||||
off1, ok := packRR(k, buf, 0)
|
||||
if !ok {
|
||||
|
@ -41,7 +90,7 @@ func (k *RR_DNSKEY) Tag() (keytag int) {
|
|||
end := start + int(k.Header().Rdlength)
|
||||
for i, v := range buf[start:end] {
|
||||
if i&1 != 0 {
|
||||
keytag += int(v)
|
||||
keytag += int(v) // must be larger than uint32
|
||||
} else {
|
||||
keytag += int(v) << 8
|
||||
}
|
||||
|
@ -49,7 +98,7 @@ func (k *RR_DNSKEY) Tag() (keytag int) {
|
|||
keytag += (keytag >> 16) & 0xFFFF
|
||||
keytag &= 0xFFFF
|
||||
}
|
||||
return
|
||||
return uint16(keytag)
|
||||
}
|
||||
|
||||
// Validate an rrset with the signature and key. Note the
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"fmt" //togo
|
||||
)
|
||||
|
||||
func TestKeyToDS(t *testing.T) {
|
||||
key := new(RR_DNSKEY)
|
||||
key.Hdr.Name = "miek.nl"
|
||||
key.Hdr.Rrtype = TypeDNSKEY
|
||||
key.Hdr.Class = ClassINET
|
||||
key.Hdr.Ttl = 3600
|
||||
key.Flags = 256
|
||||
key.Protocol = 3
|
||||
key.Algorithm = AlgRSASHA256
|
||||
key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
|
||||
|
||||
ds := key.ToDS(HashSHA1)
|
||||
|
||||
fmt.Printf("%v\n%v\n", key, ds)
|
||||
}
|
2
msg.go
2
msg.go
|
@ -21,7 +21,6 @@ import (
|
|||
"reflect"
|
||||
"net"
|
||||
"strconv"
|
||||
"strings"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
)
|
||||
|
@ -388,7 +387,6 @@ func unpackStructValue(val *reflect.StructValue, msg []byte, off int) (off1 int,
|
|||
consumed = 0 // TODO
|
||||
}
|
||||
s = hex.EncodeToString(msg[off : off+rdlength-consumed])
|
||||
s = strings.ToUpper(s)
|
||||
off += rdlength - consumed
|
||||
case "base64":
|
||||
// Rest of the RR is base64 encoded value
|
||||
|
|
8
types.go
8
types.go
|
@ -25,6 +25,7 @@ package dns
|
|||
import (
|
||||
"net"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// Packet formats
|
||||
|
@ -118,8 +119,9 @@ const (
|
|||
|
||||
// DNSSEC hashing codes.
|
||||
const (
|
||||
HashSHA1 = 1 //?
|
||||
HashSHA1 = 1 //? Check the codepoints
|
||||
HashSHA256 = 2 //?
|
||||
HashGOST94 = 3 //?
|
||||
)
|
||||
|
||||
// DNS queries.
|
||||
|
@ -440,7 +442,7 @@ func (rr *RR_DS) String() string {
|
|||
" " + strconv.Itoa(int(rr.KeyTag)) +
|
||||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||
" " + strconv.Itoa(int(rr.DigestType)) +
|
||||
" " + rr.Digest
|
||||
" " + strings.ToUpper(rr.Digest)
|
||||
}
|
||||
|
||||
type RR_DNSKEY struct {
|
||||
|
@ -477,6 +479,7 @@ type RR_NSEC3 struct {
|
|||
|
||||
func (rr *RR_NSEC3) Header() *RR_Header {
|
||||
return &rr.Hdr
|
||||
// Salt with strings.ToUpper()
|
||||
}
|
||||
|
||||
func (rr *RR_NSEC3) String() string {
|
||||
|
@ -498,6 +501,7 @@ func (rr *RR_NSEC3PARAM) Header() *RR_Header {
|
|||
|
||||
func (rr *RR_NSEC3PARAM) String() string {
|
||||
return rr.Hdr.String() + "BLAH"
|
||||
// Salt with strings.ToUpper()
|
||||
}
|
||||
|
||||
// Map of constructors for each RR wire type.
|
||||
|
|
Loading…
Reference in New Issue