Update to the latest weekly: weekly/weekly.2011-12-06
The new time API must still be used. But for now it compiles. All DNSSEC/TSIG timing is probably broken
This commit is contained in:
Miek Gieben
parent
c9bb2e0617
commit
e115e5da6e
30
dnssec.go
30
dnssec.go
|
|
@ -3,21 +3,20 @@ package dns
|
|||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/md5"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rsa"
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"hash"
|
||||
"time"
|
||||
"io"
|
||||
"big"
|
||||
"math/big"
|
||||
"sort"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// DNSSEC encryption algorithm codes.
|
||||
|
|
@ -147,16 +146,13 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
|||
switch h {
|
||||
case SHA1:
|
||||
s := sha1.New()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
ds.Digest = hex.EncodeToString(s.Sum(digest))
|
||||
case SHA256:
|
||||
s := sha256.New()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
ds.Digest = hex.EncodeToString(s.Sum(digest))
|
||||
case SHA384:
|
||||
s := sha512.New384()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
ds.Digest = hex.EncodeToString(s.Sum(digest))
|
||||
case GOST94:
|
||||
/* I have no clue */
|
||||
default:
|
||||
|
|
@ -235,8 +231,7 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset RRset) error {
|
|||
default:
|
||||
return ErrAlg
|
||||
}
|
||||
io.WriteString(h, string(signdata))
|
||||
sighash = h.Sum()
|
||||
sighash = h.Sum(signdata)
|
||||
|
||||
switch p := k.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
|
|
@ -331,8 +326,7 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset RRset) error {
|
|||
h = sha512.New()
|
||||
ch = crypto.SHA512
|
||||
}
|
||||
io.WriteString(h, string(signeddata))
|
||||
sighash := h.Sum()
|
||||
sighash := h.Sum(signeddata)
|
||||
return rsa.VerifyPKCS1v15(pubkey, ch, sighash, sigbuf)
|
||||
}
|
||||
// Unknown alg
|
||||
|
|
@ -342,7 +336,7 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset RRset) error {
|
|||
// ValidityPeriod uses RFC1982 serial arithmetic to calculate
|
||||
// if a signature period is valid.
|
||||
func (s *RR_RRSIG) ValidityPeriod() bool {
|
||||
utc := time.UTC().Seconds()
|
||||
utc := time.Now().UTC().Unix()
|
||||
modi := (int64(s.Inception) - utc) / Year68
|
||||
mode := (int64(s.Expiration) - utc) / Year68
|
||||
ti := int64(s.Inception) + (modi * Year68)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package dns
|
|||
|
||||
import (
|
||||
"io"
|
||||
"big"
|
||||
"math/big"
|
||||
"strconv"
|
||||
"crypto/rsa"
|
||||
"crypto/ecdsa"
|
||||
|
|
|
|||
14
msg.go
14
msg.go
|
|
@ -15,14 +15,14 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"net"
|
||||
"rand"
|
||||
"time"
|
||||
"strconv"
|
||||
"encoding/base64"
|
||||
"encoding/base32"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"math/rand"
|
||||
"net"
|
||||
"reflect"
|
||||
"strconv"
|
||||
"time"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -1085,5 +1085,5 @@ func (dns *Msg) String() string {
|
|||
// Return a 16 bits random number to be used as a
|
||||
// message id. The random provided should be good enough.
|
||||
func Id() uint16 {
|
||||
return uint16(rand.Int()) ^ uint16(time.Nanoseconds())
|
||||
return uint16(rand.Int()) ^ uint16(time.Now().UnixNano())
|
||||
}
|
||||
|
|
|
|||
7
nsec3.go
7
nsec3.go
|
|
@ -1,7 +1,6 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"io"
|
||||
"hash"
|
||||
"strings"
|
||||
"crypto/sha1"
|
||||
|
|
@ -38,14 +37,12 @@ func HashName(label string, ha int, iterations int, salt string) string {
|
|||
|
||||
// k = 0
|
||||
name = append(name, wire...)
|
||||
io.WriteString(s, string(name))
|
||||
nsec3 := s.Sum()
|
||||
nsec3 := s.Sum(name)
|
||||
// k > 0
|
||||
for k := 0; k < iterations; k++ {
|
||||
s.Reset()
|
||||
nsec3 = append(nsec3, wire...)
|
||||
io.WriteString(s, string(nsec3))
|
||||
nsec3 = s.Sum()
|
||||
nsec3 = s.Sum(nsec3)
|
||||
}
|
||||
return unpackBase32(nsec3)
|
||||
}
|
||||
|
|
|
|||
15
tsig.go
15
tsig.go
|
|
@ -33,11 +33,11 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"io"
|
||||
"time"
|
||||
"strings"
|
||||
"crypto/hmac"
|
||||
"encoding/hex"
|
||||
"io"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// HMAC hashing codes. These are transmitted as domain names.
|
||||
|
|
@ -100,9 +100,8 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
|
|||
t := new(RR_TSIG)
|
||||
|
||||
h := hmac.NewMD5([]byte(rawsecret))
|
||||
io.WriteString(h, string(buf))
|
||||
|
||||
t.MAC = hex.EncodeToString(h.Sum())
|
||||
t.MAC = hex.EncodeToString(h.Sum(buf))
|
||||
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
||||
|
||||
t.Hdr = RR_Header{Name: rr.Hdr.Name, Rrtype: TypeTSIG, Class: ClassANY, Ttl: 0}
|
||||
|
|
@ -131,14 +130,14 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
|||
|
||||
buf := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
|
||||
|
||||
ti := uint64(time.Seconds()) - tsig.TimeSigned
|
||||
ti := uint64(time.Now().Unix()) - tsig.TimeSigned
|
||||
if uint64(tsig.Fudge) < ti {
|
||||
return ErrTime
|
||||
}
|
||||
|
||||
h := hmac.NewMD5([]byte(rawsecret))
|
||||
io.WriteString(h, string(buf))
|
||||
if strings.ToUpper(hex.EncodeToString(h.Sum())) != strings.ToUpper(tsig.MAC) {
|
||||
if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
|
||||
return ErrSig
|
||||
}
|
||||
return nil
|
||||
|
|
@ -151,7 +150,7 @@ func tsigBuffer(msgbuf []byte, rr *RR_TSIG, requestMAC string, timersOnly bool)
|
|||
buf []byte
|
||||
)
|
||||
if rr.TimeSigned == 0 {
|
||||
rr.TimeSigned = uint64(time.Seconds())
|
||||
rr.TimeSigned = uint64(time.Now().Unix())
|
||||
}
|
||||
if rr.Fudge == 0 {
|
||||
rr.Fudge = 300 // Standard (RFC) default.
|
||||
|
|
|
|||
15
types.go
15
types.go
|
|
@ -7,7 +7,6 @@ package dns
|
|||
|
||||
import (
|
||||
"net"
|
||||
"time"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
|
@ -799,20 +798,26 @@ func (rr *RR_TSIG) String() string {
|
|||
// Translate the RRSIG's incep. and expir. time to the correct date.
|
||||
// Taking into account serial arithmetic (RFC 1982)
|
||||
func timeToDate(t uint32) string {
|
||||
utc := time.UTC().Seconds()
|
||||
mod := (int64(t) - utc) / Year68
|
||||
//utc := time.Now().Unix()
|
||||
//mod := (int64(t) - utc) / Year68
|
||||
|
||||
// If needed assume wrap around(s)
|
||||
ti := time.SecondsToUTC(int64(t) + (mod * Year68)) // abs()? TODO
|
||||
return ""
|
||||
/* TODO: new time api
|
||||
ti := time.Unix(int64(t),0).Unix() + (mod * Year68) // abs()? TODO
|
||||
return ti.Format("20060102150405")
|
||||
*/
|
||||
}
|
||||
|
||||
// Translate the TSIG time signed into a date. There is no
|
||||
// need for RFC1982 calculations as this date is 48 bits
|
||||
func tsigTimeToDate(t uint64) string {
|
||||
// only use the lower 48 bits, TODO(mg), check for 48 bit size
|
||||
ti := time.SecondsToUTC(int64(t))
|
||||
return ""
|
||||
/*
|
||||
ti := time.Unix(int64(t), 0).Unix()
|
||||
return ti.Format("20060102150405")
|
||||
*/
|
||||
}
|
||||
|
||||
// Map of constructors for each RR wire type.
|
||||
|
|
|
|||
|
|
@ -59,13 +59,16 @@ func NewParser(r io.Reader) *Parser {
|
|||
// string values ("20110403154150") to an integer.
|
||||
// Taking into account serial arithmetic (RFC 1982)
|
||||
func dateToTime(s string) (uint32, error) {
|
||||
t, e := time.Parse("20060102150405", s)
|
||||
_, e := time.Parse("20060102150405", s)
|
||||
if e != nil {
|
||||
return 0, e
|
||||
}
|
||||
return 0, nil
|
||||
/*
|
||||
mod := t.Seconds() / Year68
|
||||
ti := uint32(t.Seconds() - (mod * Year68))
|
||||
return ti, nil
|
||||
*/
|
||||
}
|
||||
|
||||
// Return the rdata fields as a string slice.
|
||||
|
|
|
|||
Loading…
Reference in New Issue