Add key2ds conversion

More DNSSEC pieces are coming together

dnskey_test.go

@@ -15,7 +15,7 @@ func TestTag(t *testing.T) {
 	key.Algorithm = AlgRSASHA256
 	key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
 
-        tag := key.Tag()
+        tag := key.KeyTag()
         if tag != 12051 {
                 t.Logf("%v\n", key)
                 t.Logf("Wrong key tag: %d\n", tag)

dnssec.go

@@ -2,7 +2,9 @@ package dns
 
 import (
 	"crypto/sha1"
+        "encoding/hex"
 	"time"
+        "io"
 )
 
 const (
@@ -12,18 +14,64 @@ const (
 
 // Convert an DNSKEY record to a DS record.
 func (k *RR_DNSKEY) ToDS(hash int) *RR_DS {
+        ds := new(RR_DS)
+        ds.Hdr.Name = k.Hdr.Name
+        ds.Hdr.Class = k.Hdr.Class
+        ds.Hdr.Ttl  = k.Hdr.Ttl
+        ds.Hdr.Rrtype = TypeDS
+        ds.KeyTag = k.KeyTag()
+        ds.Algorithm = k.Algorithm
+        ds.DigestType = uint8(hash)
+
+        // Generic function that gives back a buffer with the rdata?? TODO(MG)
+        // Find the rdata portion for the key (again)
+        // (keytag does this too)
+        buf := make([]byte, 4096)
+        off1, ok := packRR(k, buf, 0)
+        if !ok {
+                return nil
+        }
+
+        start := off1 - int(k.Header().Rdlength)
+        end := start + int(k.Header().Rdlength)
+        // buf[start:end] is the rdata of the key
+        buf = buf[start:end]
+        // Now the owner name
+        owner := make([]byte, 255)
+        off1, ok = packDomainName(k.Hdr.Name, owner, 0)
+        if !ok {
+                return nil
+        }
+        owner = owner[:off1]
+        // digest buffer
+        digest := append(owner, buf...)
+
+        /* 
+         * from RFC4034
+         * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
+         * "|" denotes concatenation
+         * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
+        */
+
 	switch hash {
 	case HashSHA1:
-		var _ = sha1.New()
-
+		s := sha1.New()
+                io.WriteString(s, string(digest))
+                ds.Digest = hex.EncodeToString(s.Sum())
 	case HashSHA256:
 
+        case HashGOST94:
+
+        default:
+                // wrong hash value
+                return nil
 	}
-	return nil
+	return ds
 }
 
 // Calculate the keytag of the DNSKEY
-func (k *RR_DNSKEY) Tag() (keytag int) {
+func (k *RR_DNSKEY) KeyTag() uint16 {
+        var keytag int
 	switch k.Algorithm {
 	case AlgRSAMD5:
                 println("Keytag RSAMD5. Todo")
@@ -31,6 +79,7 @@ func (k *RR_DNSKEY) Tag() (keytag int) {
 	default:
 		// Might encode header length too, so that
 		// we dont need to pack/unpack all the time
+                // Or a shadow structure, with the wiredata and header
 		buf := make([]byte, 4096)
 		off1, ok := packRR(k, buf, 0)
 		if !ok {
@@ -41,7 +90,7 @@ func (k *RR_DNSKEY) Tag() (keytag int) {
 		end := start + int(k.Header().Rdlength)
 		for i, v := range buf[start:end] {
 			if i&1 != 0 {
-				keytag += int(v)
+				keytag += int(v)         // must be larger than uint32
 			} else {
 				keytag += int(v) << 8
 			}
@@ -49,7 +98,7 @@ func (k *RR_DNSKEY) Tag() (keytag int) {
 		keytag += (keytag >> 16) & 0xFFFF
 		keytag &= 0xFFFF
 	}
-	return
+	return uint16(keytag)
 }
 
 // Validate an rrset with the signature and key. Note the

ds_test.go

@@ -0,0 +1,22 @@
+package dns
+
+import (
+	"testing"
+        "fmt" //togo
+)
+
+func TestKeyToDS(t *testing.T) {
+	key := new(RR_DNSKEY)
+	key.Hdr.Name = "miek.nl"
+	key.Hdr.Rrtype = TypeDNSKEY
+	key.Hdr.Class = ClassINET
+	key.Hdr.Ttl = 3600
+	key.Flags = 256
+	key.Protocol = 3
+	key.Algorithm = AlgRSASHA256
+	key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
+
+        ds := key.ToDS(HashSHA1)
+
+        fmt.Printf("%v\n%v\n", key, ds)
+}

msg.go

@@ -21,7 +21,6 @@ import (
 	"reflect"
 	"net"
 	"strconv"
-        "strings"
 	"encoding/base64"
 	"encoding/hex"
 )
@@ -388,7 +387,6 @@ func unpackStructValue(val *reflect.StructValue, msg []byte, off int) (off1 int,
 					consumed = 0 // TODO
 				}
 				s = hex.EncodeToString(msg[off : off+rdlength-consumed])
-                                s = strings.ToUpper(s)
 				off += rdlength - consumed
 			case "base64":
 				// Rest of the RR is base64 encoded value

types.go

@@ -25,6 +25,7 @@ package dns
 import (
 	"net"
 	"strconv"
+        "strings"
 )
 
 // Packet formats
@@ -118,8 +119,9 @@ const (
 
 // DNSSEC hashing codes.
 const (
-	HashSHA1   = 1 //?
+	HashSHA1   = 1 //? Check the codepoints
 	HashSHA256 = 2 //?
+        HashGOST94 = 3 //? 
 )
 
 // DNS queries.
@@ -440,7 +442,7 @@ func (rr *RR_DS) String() string {
 		" " + strconv.Itoa(int(rr.KeyTag)) +
 		" " + strconv.Itoa(int(rr.Algorithm)) +
 		" " + strconv.Itoa(int(rr.DigestType)) +
-		" " + rr.Digest
+		" " + strings.ToUpper(rr.Digest)
 }
 
 type RR_DNSKEY struct {
@@ -477,6 +479,7 @@ type RR_NSEC3 struct {
 
 func (rr *RR_NSEC3) Header() *RR_Header {
 	return &rr.Hdr
+        // Salt with strings.ToUpper()
 }
 
 func (rr *RR_NSEC3) String() string {
@@ -498,6 +501,7 @@ func (rr *RR_NSEC3PARAM) Header() *RR_Header {
 
 func (rr *RR_NSEC3PARAM) String() string {
 	return rr.Hdr.String() + "BLAH"
+        // Salt with strings.ToUpper()
 }
 
 // Map of constructors for each RR wire type.