Test SIG(0)

Tests message signing and verification against itself, that altered messages don't pass and that expired messages don't pass. Static samples generated by something else would be good to add at some point.
2014-11-02 00:28:01 +00:00 · 2014-11-02 00:28:01 +00:00 · bc85c128bd
parent 91b8c69a22
commit bc85c128bd
1 changed files with 105 additions and 0 deletions
--- a/sig0_test.go
+++ b/sig0_test.go
@ -0,0 +1,105 @@
+package dns
+
+import (
+	"testing"
+	"time"
+)
+
+func TestSIG0(t *testing.T) {
+	keys := []struct {
+		alg uint8
+		rr  *KEY
+		pk  PrivateKey
+	}{{alg: DSA}, {alg: ECDSAP256SHA256}, {alg: ECDSAP384SHA384}, {alg: RSASHA1}, {alg: RSASHA256}, {alg: RSASHA512}}
+	for i := range keys {
+		keys[i].rr = new(KEY)
+		keys[i].rr.Hdr.Name = AlgorithmToString[keys[i].alg] + "."
+		keys[i].rr.Hdr.Rrtype = TypeKEY
+		keys[i].rr.Hdr.Class = ClassINET
+		keys[i].rr.Algorithm = keys[i].alg
+		keysize := 1024
+		switch keys[i].alg {
+		case ECDSAP256SHA256:
+			keysize = 256
+		case ECDSAP384SHA384:
+			keysize = 384
+		}
+		pk, err := keys[i].rr.Generate(keysize)
+		if err != nil {
+			t.Logf("Failed to generate key for “%s”: %v", AlgorithmToString[keys[i].alg], err)
+			t.Fail()
+			continue
+		}
+		keys[i].pk = pk
+	}
+
+	m := new(Msg)
+	m.SetQuestion("example.org.", TypeSOA)
+	for _, key := range keys {
+		if key.pk == nil {
+			continue
+		}
+		algstr := AlgorithmToString[key.alg]
+		now := uint32(time.Now().Unix())
+		sigrr := new(SIG)
+		sigrr.Hdr.Name = "."
+		sigrr.Hdr.Rrtype = TypeSIG
+		sigrr.Hdr.Class = ClassANY
+		sigrr.Algorithm = key.rr.Algorithm
+		sigrr.Expiration = now + 300
+		sigrr.Inception = now - 300
+		sigrr.KeyTag = key.rr.KeyTag()
+		sigrr.SignerName = key.rr.Hdr.Name
+		mb, err := sigrr.Sign(key.pk, m)
+		if err != nil {
+			t.Logf("Failed to sign message using “%s”: %v", algstr, err)
+			t.Fail()
+			continue
+		}
+		m := new(Msg)
+		if err := m.Unpack(mb); err != nil {
+			t.Logf("Failed to unpack message signed using “%s”: %v", algstr, err)
+			t.Fail()
+			continue
+		}
+		if len(m.Extra) != 1 {
+			t.Logf("Missing SIG for message signed using “%s”", algstr)
+			t.Fail()
+			continue
+		}
+		var sigrrwire *SIG
+		switch rr := m.Extra[0].(type) {
+		case *SIG:
+			sigrrwire = rr
+		default:
+			t.Logf("Expected SIG RR, instead: %v", rr)
+			t.Fail()
+			continue
+		}
+		for _, rr := range []*SIG{sigrr, sigrrwire} {
+			id := "sigrr"
+			if rr == sigrrwire {
+				id = "sigrrwire"
+			}
+			if err := rr.Verify(key.rr, mb); err != nil {
+				t.Logf("Failed to verify “%s” signed SIG(%s): %v", algstr, id, err)
+				t.Fail()
+				continue
+			}
+		}
+		mb[13]++
+		if err := sigrr.Verify(key.rr, mb); err == nil {
+			t.Logf("Verify succeeded on an altered message using “%s”", algstr)
+			t.Fail()
+			continue
+		}
+		sigrr.Expiration = 2
+		sigrr.Inception = 1
+		mb, _ = sigrr.Sign(key.pk, m)
+		if err := sigrr.Verify(key.rr, mb); err == nil {
+			t.Logf("Verify succeeded on an expired message using “%s”", algstr)
+			t.Fail()
+			continue
+		}
+	}
+}