community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more tests

This commit is contained in:
Miek Gieben 2010-12-28 10:17:27 +01:00
parent c1d45f507e
commit e339e8bce6
3 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO
View File

@ -4,6 +4,7 @@ Todo:
* Unknown RRs * Unknown RRs
* fix os.Erros usage, add DNSSEC related errors * fix os.Erros usage, add DNSSEC related errors
* AXFR/IXFR support * AXFR/IXFR support
* IDN
Tesing: Tesing:
* EDNS0 * EDNS0

4
dnssec.go
View File

@ -107,6 +107,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 {
// Validate an rrset with the signature and key. This is the // Validate an rrset with the signature and key. This is the
// cryptographic test, the validity period most be check separately. // cryptographic test, the validity period most be check separately.
func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool { func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
println(len(rrset))
// Frist the easy checks // Frist the easy checks
if s.KeyTag != k.KeyTag() { if s.KeyTag != k.KeyTag() {
return false return false
@ -117,6 +118,9 @@ func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
if s.Algorithm != k.Algorithm { if s.Algorithm != k.Algorithm {
return false return false
} }
if s.SignerName != k.Hdr.Name {
return false
}
return true return true
} }

34
dnssec_test.go
View File

@ -5,32 +5,40 @@ import (
) )
func TestSecure(t *testing.T) { func TestSecure(t *testing.T) {
// once this was valid
soa := new(RR_SOA)
soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}
soa.Ns = "open.nlnetlabs.nl."
soa.Mbox = "miekg.atoom.net."
soa.Serial = 1293513905
soa.Refresh = 14400
soa.Retry = 3600
soa.Expire = 604800
soa.Minttl = 86400
sig := new(RR_RRSIG) sig := new(RR_RRSIG)
sig.Hdr.Name = "miek.nl." sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
sig.Hdr.Rrtype = TypeRRSIG sig.TypeCovered = TypeSOA
sig.Hdr.Class = ClassINET sig.Algorithm = AlgRSASHA256
sig.Hdr.Ttl = 3600
sig.TypeCovered = TypeDNSKEY
sig.Algorithm = AlgRSASHA1
sig.Labels = 2 sig.Labels = 2
sig.OrigTtl = 4000 sig.Expiration = 1296098705 // date '+%s' -d"2011-01-27 04:25:05
sig.KeyTag = 34641 sig.Inception = 1293506705
sig.Inception = 315565800 //Tue Jan 1 10:10:00 CET 1980 sig.OrigTtl = 14400
sig.Expiration = 4102477800 //Fri Jan 1 10:10:00 CET 2100 sig.KeyTag = 12051
sig.SignerName = "miek.nl." sig.SignerName = "miek.nl."
sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ" sig.Sig = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng="
key := new(RR_DNSKEY) key := new(RR_DNSKEY)
key.Hdr.Name = "miek.nl" key.Hdr.Name = "miek.nl"
key.Hdr.Rrtype = TypeDNSKEY key.Hdr.Rrtype = TypeDNSKEY
key.Hdr.Class = ClassINET key.Hdr.Class = ClassINET
key.Hdr.Ttl = 3600 key.Hdr.Ttl = 14400
key.Flags = 256 key.Flags = 256
key.Protocol = 3 key.Protocol = 3
key.Algorithm = AlgRSASHA256 key.Algorithm = AlgRSASHA256
key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz" key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
if ! sig.Secure(nil, key) { if ! sig.Secure([]RR{soa}, key) {
t.Log("It is not secure") t.Log("It is not secure")
t.Fail() t.Fail()
} }