Lowercase/uppercase mahem in DNSSEC
This commit is contained in:
parent
261025ab42
commit
d7a7e6e112
|
@ -10,6 +10,7 @@ need to be fixed.
|
|||
* Add tsig check in 'q'?
|
||||
* Tsig is handled in the library, api for querying tsig status
|
||||
* Query source address?
|
||||
* TEST nsec with TYPE65534
|
||||
|
||||
## Examples to add
|
||||
|
||||
|
|
10
dnssec.go
10
dnssec.go
|
@ -222,6 +222,7 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
sigwire.Expiration = s.Expiration
|
||||
sigwire.Inception = s.Inception
|
||||
sigwire.KeyTag = s.KeyTag
|
||||
// For signing, lowercase this name
|
||||
sigwire.SignerName = strings.ToLower(s.SignerName)
|
||||
|
||||
// Create the desired binary blob
|
||||
|
@ -288,6 +289,9 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
// This function modifies the rdata of some RRs (lowercases domain names) for the validation to work.
|
||||
func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
|
||||
// First the easy checks
|
||||
if len(rrset) == 0 {
|
||||
return ErrSigGen
|
||||
}
|
||||
if s.KeyTag != k.KeyTag() {
|
||||
return ErrKey
|
||||
}
|
||||
|
@ -297,7 +301,7 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
|
|||
if s.Algorithm != k.Algorithm {
|
||||
return ErrKey
|
||||
}
|
||||
if s.SignerName != k.Hdr.Name {
|
||||
if strings.ToLower(s.SignerName) != strings.ToLower(k.Hdr.Name) {
|
||||
return ErrKey
|
||||
}
|
||||
if k.Protocol != 3 {
|
||||
|
@ -311,7 +315,6 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
|
|||
return ErrRRset
|
||||
}
|
||||
}
|
||||
|
||||
// RFC 4035 5.3.2. Reconstructing the Signed Data
|
||||
// Copy the sig, except the rrsig data
|
||||
sigwire := new(rrsigWireFmt)
|
||||
|
@ -322,7 +325,8 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
|
|||
sigwire.Expiration = s.Expiration
|
||||
sigwire.Inception = s.Inception
|
||||
sigwire.KeyTag = s.KeyTag
|
||||
sigwire.SignerName = strings.ToLower(s.SignerName)
|
||||
// Copy the signername as-is, don't ToLower() it
|
||||
sigwire.SignerName = s.SignerName
|
||||
// Create the desired binary blob
|
||||
signeddata := make([]byte, DefaultMsgSize)
|
||||
n, ok := packStruct(sigwire, signeddata, 0)
|
||||
|
|
Loading…
Reference in New Issue