From e339e8bce604ad58359d5e5f81b1c67bb4fa4dee Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Tue, 28 Dec 2010 10:17:27 +0100 Subject: [PATCH] more tests --- TODO | 1 + dnssec.go | 4 ++++ dnssec_test.go | 34 +++++++++++++++++++++------------- 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/TODO b/TODO index 3b256c32..583b5aa9 100644 --- a/TODO +++ b/TODO @@ -4,6 +4,7 @@ Todo: * Unknown RRs * fix os.Erros usage, add DNSSEC related errors * AXFR/IXFR support +* IDN Tesing: * EDNS0 diff --git a/dnssec.go b/dnssec.go index d5848f1f..ddbee167 100644 --- a/dnssec.go +++ b/dnssec.go @@ -107,6 +107,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 { // Validate an rrset with the signature and key. This is the // cryptographic test, the validity period most be check separately. func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool { + println(len(rrset)) // Frist the easy checks if s.KeyTag != k.KeyTag() { return false @@ -117,6 +118,9 @@ func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool { if s.Algorithm != k.Algorithm { return false } + if s.SignerName != k.Hdr.Name { + return false + } return true } diff --git a/dnssec_test.go b/dnssec_test.go index 1b9c85f6..fab0a1ea 100644 --- a/dnssec_test.go +++ b/dnssec_test.go @@ -5,32 +5,40 @@ import ( ) func TestSecure(t *testing.T) { +// once this was valid + soa := new(RR_SOA) + soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0} + soa.Ns = "open.nlnetlabs.nl." + soa.Mbox = "miekg.atoom.net." + soa.Serial = 1293513905 + soa.Refresh = 14400 + soa.Retry = 3600 + soa.Expire = 604800 + soa.Minttl = 86400 + sig := new(RR_RRSIG) - sig.Hdr.Name = "miek.nl." - sig.Hdr.Rrtype = TypeRRSIG - sig.Hdr.Class = ClassINET - sig.Hdr.Ttl = 3600 - sig.TypeCovered = TypeDNSKEY - sig.Algorithm = AlgRSASHA1 + sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0} + sig.TypeCovered = TypeSOA + sig.Algorithm = AlgRSASHA256 sig.Labels = 2 - sig.OrigTtl = 4000 - sig.KeyTag = 34641 - sig.Inception = 315565800 //Tue Jan 1 10:10:00 CET 1980 - sig.Expiration = 4102477800 //Fri Jan 1 10:10:00 CET 2100 + sig.Expiration = 1296098705 // date '+%s' -d"2011-01-27 04:25:05 + sig.Inception = 1293506705 + sig.OrigTtl = 14400 + sig.KeyTag = 12051 sig.SignerName = "miek.nl." - sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ" + sig.Sig = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng=" key := new(RR_DNSKEY) key.Hdr.Name = "miek.nl" key.Hdr.Rrtype = TypeDNSKEY key.Hdr.Class = ClassINET - key.Hdr.Ttl = 3600 + key.Hdr.Ttl = 14400 key.Flags = 256 key.Protocol = 3 key.Algorithm = AlgRSASHA256 key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz" - if ! sig.Secure(nil, key) { + if ! sig.Secure([]RR{soa}, key) { t.Log("It is not secure") t.Fail() }