Merge branch 'master' of github.com:miekg/dns
This commit is contained in:
commit
a34d1f6ad7
|
@ -49,7 +49,7 @@ Send pull request if you want to be listed here.
|
|||
* DNSSEC: signing, validating and key generation for DSA, RSA and ECDSA;
|
||||
* EDNS0, NSID;
|
||||
* AXFR/IXFR;
|
||||
* TSIG;
|
||||
* TSIG, SIG(0);
|
||||
* DNS name compression;
|
||||
* Depends only on the standard library.
|
||||
|
||||
|
@ -137,5 +137,4 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
|
|||
* CAA parsing is broken;
|
||||
* NSEC(3) cover/match/closest enclose;
|
||||
* Replies with TC bit are not parsed to the end;
|
||||
* SIG(0);
|
||||
* Create IsMsg to validate a message before fully parsing it.
|
||||
|
|
|
@ -430,7 +430,7 @@ func TestToRFC3597(t *testing.T) {
|
|||
a, _ := NewRR("miek.nl. IN A 10.0.1.1")
|
||||
x := new(RFC3597)
|
||||
x.ToRFC3597(a)
|
||||
if x.String() != `miek.nl. 3600 IN A \# 4 0a000101` {
|
||||
if x.String() != `miek.nl. 3600 CLASS1 TYPE1 \# 4 0a000101` {
|
||||
t.Fail()
|
||||
}
|
||||
}
|
||||
|
|
22
dnssec.go
22
dnssec.go
|
@ -547,20 +547,22 @@ func (k *DNSKEY) publicKeyDSA() *dsa.PublicKey {
|
|||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
if len(keybuf) < 22 { // TODO: check
|
||||
if len(keybuf) < 22 {
|
||||
return nil
|
||||
}
|
||||
t := int(keybuf[0])
|
||||
t, keybuf := int(keybuf[0]), keybuf[1:]
|
||||
size := 64 + t*8
|
||||
q, keybuf := keybuf[:20], keybuf[20:]
|
||||
if len(keybuf) != 3*size {
|
||||
return nil
|
||||
}
|
||||
p, keybuf := keybuf[:size], keybuf[size:]
|
||||
g, y := keybuf[:size], keybuf[size:]
|
||||
pubkey := new(dsa.PublicKey)
|
||||
pubkey.Parameters.Q = big.NewInt(0)
|
||||
pubkey.Parameters.Q.SetBytes(keybuf[1:21]) // +/- 1 ?
|
||||
pubkey.Parameters.P = big.NewInt(0)
|
||||
pubkey.Parameters.P.SetBytes(keybuf[22 : 22+size])
|
||||
pubkey.Parameters.G = big.NewInt(0)
|
||||
pubkey.Parameters.G.SetBytes(keybuf[22+size+1 : 22+size*2])
|
||||
pubkey.Y = big.NewInt(0)
|
||||
pubkey.Y.SetBytes(keybuf[22+size*2+1 : 22+size*3])
|
||||
pubkey.Parameters.Q = big.NewInt(0).SetBytes(q)
|
||||
pubkey.Parameters.P = big.NewInt(0).SetBytes(p)
|
||||
pubkey.Parameters.G = big.NewInt(0).SetBytes(g)
|
||||
pubkey.Y = big.NewInt(0).SetBytes(y)
|
||||
return pubkey
|
||||
}
|
||||
|
||||
|
|
2
msg.go
2
msg.go
|
@ -110,6 +110,7 @@ var TypeToString = map[uint16]string{
|
|||
TypeIPSECKEY: "IPSECKEY",
|
||||
TypeISDN: "ISDN",
|
||||
TypeIXFR: "IXFR", // Meta RR
|
||||
TypeKEY: "KEY",
|
||||
TypeKX: "KX",
|
||||
TypeL32: "L32",
|
||||
TypeL64: "L64",
|
||||
|
@ -140,6 +141,7 @@ var TypeToString = map[uint16]string{
|
|||
TypeRP: "RP",
|
||||
TypeRRSIG: "RRSIG",
|
||||
TypeRT: "RT",
|
||||
TypeSIG: "SIG",
|
||||
TypeSOA: "SOA",
|
||||
TypeSPF: "SPF",
|
||||
TypeSRV: "SRV",
|
||||
|
|
|
@ -0,0 +1,261 @@
|
|||
// SIG(0)
|
||||
//
|
||||
// From RFC 2931:
|
||||
//
|
||||
// SIG(0) provides protection for DNS transactions and requests ....
|
||||
// ... protection for glue records, DNS requests, protection for message headers
|
||||
// on requests and responses, and protection of the overall integrity of a response.
|
||||
//
|
||||
// It works like TSIG, except that SIG(0) uses public key cryptography, instead of the shared
|
||||
// secret approach in TSIG.
|
||||
package dns
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/ecdsa"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"fmt"
|
||||
"math/big"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Sign signs a dns.Msg. It fills the signature with the appropriate data.
|
||||
// The SIG record should have the SignerName, KeyTag, Algorithm, Inception
|
||||
// and Expiration set.
|
||||
func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
|
||||
if k == nil {
|
||||
return nil, ErrPrivKey
|
||||
}
|
||||
if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
|
||||
return nil, ErrKey
|
||||
}
|
||||
rr.Header().Rrtype = TypeSIG
|
||||
rr.Header().Class = ClassANY
|
||||
rr.Header().Ttl = 0
|
||||
rr.Header().Name = "."
|
||||
rr.OrigTtl = 0
|
||||
rr.TypeCovered = 0
|
||||
rr.Labels = 0
|
||||
|
||||
buflen := m.Len() + rr.len()
|
||||
switch k := k.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
buflen += len(k.N.Bytes())
|
||||
case *dsa.PrivateKey:
|
||||
buflen += 40
|
||||
case *ecdsa.PrivateKey:
|
||||
buflen += 96
|
||||
default:
|
||||
return nil, ErrPrivKey
|
||||
}
|
||||
buf := make([]byte, m.Len()+rr.len()+buflen)
|
||||
mbuf, err := m.PackBuffer(buf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if &buf[0] != &mbuf[0] {
|
||||
return nil, ErrBuf
|
||||
}
|
||||
off, err := PackRR(rr, buf, len(mbuf), nil, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
buf = buf[:off:cap(buf)]
|
||||
var hash crypto.Hash
|
||||
switch rr.Algorithm {
|
||||
case DSA, RSASHA1:
|
||||
hash = crypto.SHA1
|
||||
case RSASHA256, ECDSAP256SHA256:
|
||||
hash = crypto.SHA256
|
||||
case ECDSAP384SHA384:
|
||||
hash = crypto.SHA384
|
||||
case RSASHA512:
|
||||
hash = crypto.SHA512
|
||||
default:
|
||||
return nil, ErrAlg
|
||||
}
|
||||
hasher := hash.New()
|
||||
// Write SIG rdata
|
||||
hasher.Write(buf[len(mbuf)+1+2+2+4+2:])
|
||||
// Write message
|
||||
hasher.Write(buf[:len(mbuf)])
|
||||
hashed := hasher.Sum(nil)
|
||||
|
||||
var sig []byte
|
||||
switch p := k.(type) {
|
||||
case *dsa.PrivateKey:
|
||||
t := byte((len(p.PublicKey.Y.Bytes()) - 64) / 8)
|
||||
r1, s1, err := dsa.Sign(rand.Reader, p, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sig = make([]byte, 0, 1+len(r1.Bytes())+len(s1.Bytes()))
|
||||
sig = append(sig, t)
|
||||
sig = append(sig, r1.Bytes()...)
|
||||
sig = append(sig, s1.Bytes()...)
|
||||
case *rsa.PrivateKey:
|
||||
sig, err = rsa.SignPKCS1v15(rand.Reader, p, hash, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case *ecdsa.PrivateKey:
|
||||
r1, s1, err := ecdsa.Sign(rand.Reader, p, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sig = r1.Bytes()
|
||||
sig = append(sig, s1.Bytes()...)
|
||||
default:
|
||||
return nil, ErrAlg
|
||||
}
|
||||
rr.Signature = unpackBase64(sig)
|
||||
buf = append(buf, sig...)
|
||||
if len(buf) > int(^uint16(0)) {
|
||||
return nil, ErrBuf
|
||||
}
|
||||
// Adjust sig data length
|
||||
rdoff := len(mbuf) + 1 + 2 + 2 + 4
|
||||
rdlen, _ := unpackUint16(buf, rdoff)
|
||||
rdlen += uint16(len(sig))
|
||||
buf[rdoff], buf[rdoff+1] = packUint16(rdlen)
|
||||
// Adjust additional count
|
||||
adc, _ := unpackUint16(buf, 10)
|
||||
adc += 1
|
||||
buf[10], buf[11] = packUint16(adc)
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
// Verify validates the message buf using the key k.
|
||||
// It's assumed that buf is a valid message from which rr was unpacked.
|
||||
func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
||||
if k == nil {
|
||||
return ErrKey
|
||||
}
|
||||
if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
|
||||
return ErrKey
|
||||
}
|
||||
|
||||
var hash crypto.Hash
|
||||
switch rr.Algorithm {
|
||||
case DSA, RSASHA1:
|
||||
hash = crypto.SHA1
|
||||
case RSASHA256, ECDSAP256SHA256:
|
||||
hash = crypto.SHA256
|
||||
case ECDSAP384SHA384:
|
||||
hash = crypto.SHA384
|
||||
case RSASHA512:
|
||||
hash = crypto.SHA512
|
||||
default:
|
||||
return ErrAlg
|
||||
}
|
||||
hasher := hash.New()
|
||||
|
||||
buflen := len(buf)
|
||||
qdc, _ := unpackUint16(buf, 4)
|
||||
anc, _ := unpackUint16(buf, 6)
|
||||
auc, _ := unpackUint16(buf, 8)
|
||||
adc, offset := unpackUint16(buf, 10)
|
||||
var err error
|
||||
for i := uint16(0); i < qdc && offset < buflen; i++ {
|
||||
// decode a name
|
||||
_, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// skip past Type and Class
|
||||
offset += 2 + 2
|
||||
}
|
||||
for i := uint16(1); i < anc+auc+adc && offset < buflen; i++ {
|
||||
// decode a name
|
||||
_, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// skip past Type, Class and TTL
|
||||
offset += 2 + 2 + 4
|
||||
var rdlen uint16
|
||||
rdlen, offset = unpackUint16(buf, offset)
|
||||
offset += int(rdlen)
|
||||
}
|
||||
// offset should be just prior to SIG
|
||||
bodyend := offset
|
||||
// Owner name SHOULD be root
|
||||
_, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Skip Type, Class, TTL, RDLen
|
||||
offset += 2 + 2 + 4 + 2
|
||||
sigstart := offset
|
||||
offset += 2 + 1 + 1 + 4 // skip Type Covered, Algorithm, Labels, Original TTL
|
||||
// TODO: This should be moved out and used elsewhere
|
||||
unpackUint32 := func(buf []byte, off int) (uint32, int) {
|
||||
r := uint32(buf[off])<<24 | uint32(buf[off+1])<<16 | uint32(buf[off+2])<<8 | uint32(buf[off+3])
|
||||
return r, off + 4
|
||||
}
|
||||
var expire, incept uint32
|
||||
expire, offset = unpackUint32(buf, offset)
|
||||
incept, offset = unpackUint32(buf, offset)
|
||||
now := uint32(time.Now().Unix())
|
||||
if now < incept || now > expire {
|
||||
return ErrTime
|
||||
}
|
||||
offset += 2 // skip key tag
|
||||
var signername string
|
||||
signername, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// If key has come from the DNS name compression might
|
||||
// have mangled the case of the name
|
||||
if strings.ToLower(signername) != strings.ToLower(k.Header().Name) {
|
||||
return fmt.Errorf("Signer name doesn't match key name")
|
||||
}
|
||||
sigend := offset
|
||||
hasher.Write(buf[sigstart:sigend])
|
||||
hasher.Write(buf[:10])
|
||||
hasher.Write([]byte{
|
||||
byte((adc - 1) << 8),
|
||||
byte(adc - 1),
|
||||
})
|
||||
hasher.Write(buf[12:bodyend])
|
||||
|
||||
hashed := hasher.Sum(nil)
|
||||
sig := buf[sigend:]
|
||||
switch k.Algorithm {
|
||||
case DSA:
|
||||
pk := k.publicKeyDSA()
|
||||
sig = sig[1:]
|
||||
r := big.NewInt(0)
|
||||
r.SetBytes(sig[:len(sig)/2])
|
||||
s := big.NewInt(0)
|
||||
s.SetBytes(sig[len(sig)/2:])
|
||||
if pk != nil {
|
||||
if dsa.Verify(pk, hashed, r, s) {
|
||||
return nil
|
||||
}
|
||||
return ErrSig
|
||||
}
|
||||
case RSASHA1, RSASHA256, RSASHA512:
|
||||
pk := k.publicKeyRSA()
|
||||
if pk != nil {
|
||||
return rsa.VerifyPKCS1v15(pk, hash, hashed, sig)
|
||||
}
|
||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||
pk := k.publicKeyCurve()
|
||||
r := big.NewInt(0)
|
||||
r.SetBytes(sig[:len(sig)/2])
|
||||
s := big.NewInt(0)
|
||||
s.SetBytes(sig[len(sig)/2:])
|
||||
if pk != nil {
|
||||
if ecdsa.Verify(pk, hashed, r, s) {
|
||||
return nil
|
||||
}
|
||||
return ErrSig
|
||||
}
|
||||
}
|
||||
return ErrKeyAlg
|
||||
}
|
|
@ -0,0 +1,105 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestSIG0(t *testing.T) {
|
||||
keys := []struct {
|
||||
alg uint8
|
||||
rr *KEY
|
||||
pk PrivateKey
|
||||
}{{alg: DSA}, {alg: ECDSAP256SHA256}, {alg: ECDSAP384SHA384}, {alg: RSASHA1}, {alg: RSASHA256}, {alg: RSASHA512}}
|
||||
for i := range keys {
|
||||
keys[i].rr = new(KEY)
|
||||
keys[i].rr.Hdr.Name = AlgorithmToString[keys[i].alg] + "."
|
||||
keys[i].rr.Hdr.Rrtype = TypeKEY
|
||||
keys[i].rr.Hdr.Class = ClassINET
|
||||
keys[i].rr.Algorithm = keys[i].alg
|
||||
keysize := 1024
|
||||
switch keys[i].alg {
|
||||
case ECDSAP256SHA256:
|
||||
keysize = 256
|
||||
case ECDSAP384SHA384:
|
||||
keysize = 384
|
||||
}
|
||||
pk, err := keys[i].rr.Generate(keysize)
|
||||
if err != nil {
|
||||
t.Logf("Failed to generate key for “%s”: %v", AlgorithmToString[keys[i].alg], err)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
keys[i].pk = pk
|
||||
}
|
||||
|
||||
m := new(Msg)
|
||||
m.SetQuestion("example.org.", TypeSOA)
|
||||
for _, key := range keys {
|
||||
if key.pk == nil {
|
||||
continue
|
||||
}
|
||||
algstr := AlgorithmToString[key.alg]
|
||||
now := uint32(time.Now().Unix())
|
||||
sigrr := new(SIG)
|
||||
sigrr.Hdr.Name = "."
|
||||
sigrr.Hdr.Rrtype = TypeSIG
|
||||
sigrr.Hdr.Class = ClassANY
|
||||
sigrr.Algorithm = key.rr.Algorithm
|
||||
sigrr.Expiration = now + 300
|
||||
sigrr.Inception = now - 300
|
||||
sigrr.KeyTag = key.rr.KeyTag()
|
||||
sigrr.SignerName = key.rr.Hdr.Name
|
||||
mb, err := sigrr.Sign(key.pk, m)
|
||||
if err != nil {
|
||||
t.Logf("Failed to sign message using “%s”: %v", algstr, err)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
m := new(Msg)
|
||||
if err := m.Unpack(mb); err != nil {
|
||||
t.Logf("Failed to unpack message signed using “%s”: %v", algstr, err)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
if len(m.Extra) != 1 {
|
||||
t.Logf("Missing SIG for message signed using “%s”", algstr)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
var sigrrwire *SIG
|
||||
switch rr := m.Extra[0].(type) {
|
||||
case *SIG:
|
||||
sigrrwire = rr
|
||||
default:
|
||||
t.Logf("Expected SIG RR, instead: %v", rr)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
for _, rr := range []*SIG{sigrr, sigrrwire} {
|
||||
id := "sigrr"
|
||||
if rr == sigrrwire {
|
||||
id = "sigrrwire"
|
||||
}
|
||||
if err := rr.Verify(key.rr, mb); err != nil {
|
||||
t.Logf("Failed to verify “%s” signed SIG(%s): %v", algstr, id, err)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
}
|
||||
mb[13]++
|
||||
if err := sigrr.Verify(key.rr, mb); err == nil {
|
||||
t.Logf("Verify succeeded on an altered message using “%s”", algstr)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
sigrr.Expiration = 2
|
||||
sigrr.Inception = 1
|
||||
mb, _ = sigrr.Sign(key.pk, m)
|
||||
if err := sigrr.Verify(key.rr, mb); err == nil {
|
||||
t.Logf("Verify succeeded on an expired message using “%s”", algstr)
|
||||
t.Fail()
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
102
types.go
102
types.go
|
@ -818,6 +818,11 @@ func (rr *LOC) String() string {
|
|||
return s
|
||||
}
|
||||
|
||||
// SIG is identical to RRSIG and nowadays only used for SIG(0), RFC2931.
|
||||
type SIG struct {
|
||||
RRSIG
|
||||
}
|
||||
|
||||
type RRSIG struct {
|
||||
Hdr RR_Header
|
||||
TypeCovered uint16
|
||||
|
@ -889,6 +894,14 @@ func (rr *NSEC) len() int {
|
|||
return l
|
||||
}
|
||||
|
||||
type DLV struct {
|
||||
DS
|
||||
}
|
||||
|
||||
type CDS struct {
|
||||
DS
|
||||
}
|
||||
|
||||
type DS struct {
|
||||
Hdr RR_Header
|
||||
KeyTag uint16
|
||||
|
@ -910,48 +923,6 @@ func (rr *DS) String() string {
|
|||
" " + strings.ToUpper(rr.Digest)
|
||||
}
|
||||
|
||||
type CDS struct {
|
||||
Hdr RR_Header
|
||||
KeyTag uint16
|
||||
Algorithm uint8
|
||||
DigestType uint8
|
||||
Digest string `dns:"hex"`
|
||||
}
|
||||
|
||||
func (rr *CDS) Header() *RR_Header { return &rr.Hdr }
|
||||
func (rr *CDS) len() int { return rr.Hdr.len() + 4 + len(rr.Digest)/2 }
|
||||
func (rr *CDS) copy() RR {
|
||||
return &CDS{*rr.Hdr.copyHeader(), rr.KeyTag, rr.Algorithm, rr.DigestType, rr.Digest}
|
||||
}
|
||||
|
||||
func (rr *CDS) String() string {
|
||||
return rr.Hdr.String() + strconv.Itoa(int(rr.KeyTag)) +
|
||||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||
" " + strconv.Itoa(int(rr.DigestType)) +
|
||||
" " + strings.ToUpper(rr.Digest)
|
||||
}
|
||||
|
||||
type DLV struct {
|
||||
Hdr RR_Header
|
||||
KeyTag uint16
|
||||
Algorithm uint8
|
||||
DigestType uint8
|
||||
Digest string `dns:"hex"`
|
||||
}
|
||||
|
||||
func (rr *DLV) Header() *RR_Header { return &rr.Hdr }
|
||||
func (rr *DLV) len() int { return rr.Hdr.len() + 4 + len(rr.Digest)/2 }
|
||||
func (rr *DLV) copy() RR {
|
||||
return &DLV{*rr.Hdr.copyHeader(), rr.KeyTag, rr.Algorithm, rr.DigestType, rr.Digest}
|
||||
}
|
||||
|
||||
func (rr *DLV) String() string {
|
||||
return rr.Hdr.String() + strconv.Itoa(int(rr.KeyTag)) +
|
||||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||
" " + strconv.Itoa(int(rr.DigestType)) +
|
||||
" " + strings.ToUpper(rr.Digest)
|
||||
}
|
||||
|
||||
type KX struct {
|
||||
Hdr RR_Header
|
||||
Preference uint16
|
||||
|
@ -1049,6 +1020,14 @@ func (rr *IPSECKEY) len() int {
|
|||
base64.StdEncoding.DecodedLen(len(rr.PublicKey))
|
||||
}
|
||||
|
||||
type KEY struct {
|
||||
DNSKEY
|
||||
}
|
||||
|
||||
type CDNSKEY struct {
|
||||
DNSKEY
|
||||
}
|
||||
|
||||
type DNSKEY struct {
|
||||
Hdr RR_Header
|
||||
Flags uint16
|
||||
|
@ -1072,29 +1051,6 @@ func (rr *DNSKEY) String() string {
|
|||
" " + rr.PublicKey
|
||||
}
|
||||
|
||||
type CDNSKEY struct {
|
||||
Hdr RR_Header
|
||||
Flags uint16
|
||||
Protocol uint8
|
||||
Algorithm uint8
|
||||
PublicKey string `dns:"base64"`
|
||||
}
|
||||
|
||||
func (rr *CDNSKEY) Header() *RR_Header { return &rr.Hdr }
|
||||
func (rr *CDNSKEY) len() int {
|
||||
return rr.Hdr.len() + 4 + base64.StdEncoding.DecodedLen(len(rr.PublicKey))
|
||||
}
|
||||
func (rr *CDNSKEY) copy() RR {
|
||||
return &DNSKEY{*rr.Hdr.copyHeader(), rr.Flags, rr.Protocol, rr.Algorithm, rr.PublicKey}
|
||||
}
|
||||
|
||||
func (rr *CDNSKEY) String() string {
|
||||
return rr.Hdr.String() + strconv.Itoa(int(rr.Flags)) +
|
||||
" " + strconv.Itoa(int(rr.Protocol)) +
|
||||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||
" " + rr.PublicKey
|
||||
}
|
||||
|
||||
type RKEY struct {
|
||||
Hdr RR_Header
|
||||
Flags uint16
|
||||
|
@ -1245,11 +1201,23 @@ func (rr *RFC3597) copy() RR { return &RFC3597{*rr.Hdr.copyHeader(), r
|
|||
func (rr *RFC3597) len() int { return rr.Hdr.len() + len(rr.Rdata)/2 + 2 }
|
||||
|
||||
func (rr *RFC3597) String() string {
|
||||
s := rr.Hdr.String()
|
||||
// Let's call it a hack
|
||||
s := rfc3597Header(rr.Hdr)
|
||||
|
||||
s += "\\# " + strconv.Itoa(len(rr.Rdata)/2) + " " + rr.Rdata
|
||||
return s
|
||||
}
|
||||
|
||||
func rfc3597Header(h RR_Header) string {
|
||||
var s string
|
||||
|
||||
s += sprintName(h.Name) + "\t"
|
||||
s += strconv.FormatInt(int64(h.Ttl), 10) + "\t"
|
||||
s += "CLASS" + strconv.Itoa(int(h.Class)) + "\t"
|
||||
s += "TYPE" + strconv.Itoa(int(h.Rrtype)) + "\t"
|
||||
return s
|
||||
}
|
||||
|
||||
type URI struct {
|
||||
Hdr RR_Header
|
||||
Priority uint16
|
||||
|
@ -1652,6 +1620,7 @@ var typeToRR = map[uint16]func() RR{
|
|||
TypeDHCID: func() RR { return new(DHCID) },
|
||||
TypeDLV: func() RR { return new(DLV) },
|
||||
TypeDNAME: func() RR { return new(DNAME) },
|
||||
TypeKEY: func() RR { return new(KEY) },
|
||||
TypeDNSKEY: func() RR { return new(DNSKEY) },
|
||||
TypeDS: func() RR { return new(DS) },
|
||||
TypeEUI48: func() RR { return new(EUI48) },
|
||||
|
@ -1689,6 +1658,7 @@ var typeToRR = map[uint16]func() RR{
|
|||
TypeRKEY: func() RR { return new(RKEY) },
|
||||
TypeRP: func() RR { return new(RP) },
|
||||
TypePX: func() RR { return new(PX) },
|
||||
TypeSIG: func() RR { return new(SIG) },
|
||||
TypeRRSIG: func() RR { return new(RRSIG) },
|
||||
TypeRT: func() RR { return new(RT) },
|
||||
TypeSOA: func() RR { return new(SOA) },
|
||||
|
|
167
zscan_rr.go
167
zscan_rr.go
|
@ -1065,6 +1065,14 @@ func setOPENPGPKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, strin
|
|||
return rr, nil, c1
|
||||
}
|
||||
|
||||
func setSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setRRSIG(h, c, o, f)
|
||||
if r != nil {
|
||||
return &SIG{*r.(*RRSIG)}, e, s
|
||||
}
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(RRSIG)
|
||||
rr.Hdr = h
|
||||
|
@ -1452,7 +1460,7 @@ func setSSHFP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, ""
|
||||
}
|
||||
|
||||
func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
func setDNSKEYs(h RR_Header, c chan lex, o, f, typ string) (RR, *ParseError, string) {
|
||||
rr := new(DNSKEY)
|
||||
rr.Hdr = h
|
||||
|
||||
|
@ -1461,25 +1469,25 @@ func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, l.comment
|
||||
}
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DNSKEY Flags", l}, ""
|
||||
return nil, &ParseError{f, "bad " + typ + " Flags", l}, ""
|
||||
} else {
|
||||
rr.Flags = uint16(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c // _STRING
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DNSKEY Protocol", l}, ""
|
||||
return nil, &ParseError{f, "bad " + typ + " Protocol", l}, ""
|
||||
} else {
|
||||
rr.Protocol = uint8(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c // _STRING
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DNSKEY Algorithm", l}, ""
|
||||
return nil, &ParseError{f, "bad " + typ + " Algorithm", l}, ""
|
||||
} else {
|
||||
rr.Algorithm = uint8(i)
|
||||
}
|
||||
s, e, c1 := endingToString(c, "bad DNSKEY PublicKey", f)
|
||||
s, e, c1 := endingToString(c, "bad "+typ+" PublicKey", f)
|
||||
if e != nil {
|
||||
return nil, e, c1
|
||||
}
|
||||
|
@ -1487,39 +1495,25 @@ func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, c1
|
||||
}
|
||||
|
||||
func setCDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(CDNSKEY)
|
||||
rr.Hdr = h
|
||||
func setKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setDNSKEYs(h, c, o, f, "KEY")
|
||||
if r != nil {
|
||||
return &KEY{*r.(*DNSKEY)}, e, s
|
||||
}
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
l := <-c
|
||||
if l.length == 0 {
|
||||
return rr, nil, l.comment
|
||||
func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setDNSKEYs(h, c, o, f, "DNSKEY")
|
||||
return r, e, s
|
||||
}
|
||||
|
||||
func setCDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setDNSKEYs(h, c, o, f, "CDNSKEY")
|
||||
if r != nil {
|
||||
return &CDNSKEY{*r.(*DNSKEY)}, e, s
|
||||
}
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad CDNSKEY Flags", l}, ""
|
||||
} else {
|
||||
rr.Flags = uint16(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c // _STRING
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad CDNSKEY Protocol", l}, ""
|
||||
} else {
|
||||
rr.Protocol = uint8(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c // _STRING
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad CDNSKEY Algorithm", l}, ""
|
||||
} else {
|
||||
rr.Algorithm = uint8(i)
|
||||
}
|
||||
s, e, c1 := endingToString(c, "bad CDNSKEY PublicKey", f)
|
||||
if e != nil {
|
||||
return nil, e, c1
|
||||
}
|
||||
rr.PublicKey = s
|
||||
return rr, nil, c1
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
func setRKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
|
@ -1557,44 +1551,6 @@ func setRKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, c1
|
||||
}
|
||||
|
||||
func setDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(DS)
|
||||
rr.Hdr = h
|
||||
l := <-c
|
||||
if l.length == 0 {
|
||||
return rr, nil, l.comment
|
||||
}
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DS KeyTag", l}, ""
|
||||
} else {
|
||||
rr.KeyTag = uint16(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
if i, ok := StringToAlgorithm[l.tokenUpper]; !ok {
|
||||
return nil, &ParseError{f, "bad DS Algorithm", l}, ""
|
||||
} else {
|
||||
rr.Algorithm = i
|
||||
}
|
||||
} else {
|
||||
rr.Algorithm = uint8(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DS DigestType", l}, ""
|
||||
} else {
|
||||
rr.DigestType = uint8(i)
|
||||
}
|
||||
s, e, c1 := endingToString(c, "bad DS Digest", f)
|
||||
if e != nil {
|
||||
return nil, e, c1
|
||||
}
|
||||
rr.Digest = s
|
||||
return rr, nil, c1
|
||||
}
|
||||
|
||||
func setEID(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(EID)
|
||||
rr.Hdr = h
|
||||
|
@ -1667,15 +1623,15 @@ func setGPOS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, ""
|
||||
}
|
||||
|
||||
func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(CDS)
|
||||
func setDSs(h RR_Header, c chan lex, o, f, typ string) (RR, *ParseError, string) {
|
||||
rr := new(DS)
|
||||
rr.Hdr = h
|
||||
l := <-c
|
||||
if l.length == 0 {
|
||||
return rr, nil, l.comment
|
||||
}
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad CDS KeyTag", l}, ""
|
||||
return nil, &ParseError{f, "bad " + typ + " KeyTag", l}, ""
|
||||
} else {
|
||||
rr.KeyTag = uint16(i)
|
||||
}
|
||||
|
@ -1683,7 +1639,7 @@ func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
l = <-c
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
if i, ok := StringToAlgorithm[l.tokenUpper]; !ok {
|
||||
return nil, &ParseError{f, "bad CDS Algorithm", l}, ""
|
||||
return nil, &ParseError{f, "bad " + typ + " Algorithm", l}, ""
|
||||
} else {
|
||||
rr.Algorithm = i
|
||||
}
|
||||
|
@ -1693,11 +1649,11 @@ func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad CDS DigestType", l}, ""
|
||||
return nil, &ParseError{f, "bad " + typ + " DigestType", l}, ""
|
||||
} else {
|
||||
rr.DigestType = uint8(i)
|
||||
}
|
||||
s, e, c1 := endingToString(c, "bad CDS Digest", f)
|
||||
s, e, c1 := endingToString(c, "bad " + typ + " Digest", f)
|
||||
if e != nil {
|
||||
return nil, e, c1
|
||||
}
|
||||
|
@ -1705,42 +1661,25 @@ func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, c1
|
||||
}
|
||||
|
||||
func setDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setDSs(h, c, o, f, "DS")
|
||||
return r, e, s
|
||||
}
|
||||
|
||||
func setDLV(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(DLV)
|
||||
rr.Hdr = h
|
||||
l := <-c
|
||||
if l.length == 0 {
|
||||
return rr, nil, l.comment
|
||||
r, e, s := setDSs(h, c, o, f, "DLV")
|
||||
if r != nil {
|
||||
return &DLV{*r.(*DS)}, e, s
|
||||
}
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DLV KeyTag", l}, ""
|
||||
} else {
|
||||
rr.KeyTag = uint16(i)
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
func setCDS(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setDSs(h, c, o, f, "DLV")
|
||||
if r != nil {
|
||||
return &CDS{*r.(*DS)}, e, s
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
if i, ok := StringToAlgorithm[l.tokenUpper]; !ok {
|
||||
return nil, &ParseError{f, "bad DLV Algorithm", l}, ""
|
||||
} else {
|
||||
rr.Algorithm = i
|
||||
}
|
||||
} else {
|
||||
rr.Algorithm = uint8(i)
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, e := strconv.Atoi(l.token); e != nil {
|
||||
return nil, &ParseError{f, "bad DLV DigestType", l}, ""
|
||||
} else {
|
||||
rr.DigestType = uint8(i)
|
||||
}
|
||||
s, e, c1 := endingToString(c, "bad DLV Digest", f)
|
||||
if e != nil {
|
||||
return nil, e, c1
|
||||
}
|
||||
rr.Digest = s
|
||||
return rr, nil, c1
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
func setTA(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
|
@ -2159,6 +2098,7 @@ var typeToparserFunc = map[uint16]parserFunc{
|
|||
TypeDHCID: parserFunc{setDHCID, true},
|
||||
TypeDLV: parserFunc{setDLV, true},
|
||||
TypeDNAME: parserFunc{setDNAME, false},
|
||||
TypeKEY: parserFunc{setKEY, true},
|
||||
TypeDNSKEY: parserFunc{setDNSKEY, true},
|
||||
TypeDS: parserFunc{setDS, true},
|
||||
TypeEID: parserFunc{setEID, true},
|
||||
|
@ -2194,6 +2134,7 @@ var typeToparserFunc = map[uint16]parserFunc{
|
|||
TypeOPENPGPKEY: parserFunc{setOPENPGPKEY, true},
|
||||
TypePTR: parserFunc{setPTR, false},
|
||||
TypePX: parserFunc{setPX, false},
|
||||
TypeSIG: parserFunc{setSIG, true},
|
||||
TypeRKEY: parserFunc{setRKEY, true},
|
||||
TypeRP: parserFunc{setRP, false},
|
||||
TypeRRSIG: parserFunc{setRRSIG, true},
|
||||
|
|
Loading…
Reference in New Issue