Test signing with ecdsa
This commit is contained in:
parent
35bfb48fac
commit
edf4b3d11b
|
@ -100,6 +100,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 {
|
|||
var keytag int
|
||||
switch k.Algorithm {
|
||||
case RSAMD5:
|
||||
// TODO(mg): implement old style keytag calculation
|
||||
keytag = 0
|
||||
default:
|
||||
keywire := new(dnskeyWireFmt)
|
||||
|
|
|
@ -39,7 +39,7 @@ func TestGenerateEC(t *testing.T) {
|
|||
key.Hdr.Ttl = 14400
|
||||
key.Flags = 256
|
||||
key.Protocol = 3
|
||||
key.Algorithm = ECDSAP256SHA256Y
|
||||
key.Algorithm = ECDSAP256SHA256
|
||||
privkey, _ := key.Generate(256)
|
||||
t.Logf("%s\n", key.String())
|
||||
t.Logf("%s\n", key.PrivateKeyString(privkey))
|
||||
|
|
8
kscan.go
8
kscan.go
|
@ -21,7 +21,13 @@ func ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
|
|||
return nil, ErrPrivKey
|
||||
}
|
||||
switch m["algorithm"] {
|
||||
case "1 (RSAMD5)", "5 (RSASHA1)", "8 (RSASHA256)", "10 (RSASHA512)":
|
||||
case "1 (RSAMD5)":
|
||||
fallthrough
|
||||
case "5 (RSASHA1)":
|
||||
fallthrough
|
||||
case "8 (RSASHA256)":
|
||||
fallthrough
|
||||
case "10 (RSASHA512)":
|
||||
fallthrough
|
||||
case "7 (RSASHA1NSEC3SHA1)":
|
||||
return readPrivateKeyRSA(m)
|
||||
|
|
|
@ -75,6 +75,46 @@ Activate: 20110302104537`
|
|||
}
|
||||
}
|
||||
|
||||
func TestSignECDSA(t *testing.T) {
|
||||
pub := `example.net. 3600 IN DNSKEY 257 3 14 (
|
||||
xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1
|
||||
w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8
|
||||
/uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40 )`
|
||||
priv := `Private-key-format: v1.2
|
||||
Algorithm: 14 (ECDSAP384SHA384)
|
||||
PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vwW7BOrbawVmVe0d9V94SR`
|
||||
|
||||
eckey, err := NewRR(pub)
|
||||
if err != nil {
|
||||
t.Fatal()
|
||||
}
|
||||
privkey, err := ReadPrivateKey(strings.NewReader(priv), "")
|
||||
if err != nil {
|
||||
t.Fatal(err.Error())
|
||||
}
|
||||
|
||||
ds := eckey.(*RR_DNSKEY).ToDS(SHA384)
|
||||
if ds.KeyTag != 10771 {
|
||||
t.Fatal("Wrong keytag on DS")
|
||||
}
|
||||
if ds.Digest != "72d7b62976ce06438e9c0bf319013cf801f09ecc84b8d7e9495f27e305c6a9b0563a9b5f4d288405c3008a946df983d6" {
|
||||
t.Fatal("Wrong DS Digest")
|
||||
}
|
||||
a, _ := NewRR("www.example.net. 3600 IN A 192.0.2.1")
|
||||
sig := new(RR_RRSIG)
|
||||
sig.Hdr = RR_Header{"example.net.", TypeRRSIG, ClassINET, 14400, 0}
|
||||
sig.Expiration, _ = DateToTime("20100909102025")
|
||||
sig.Inception, _ = DateToTime("20100812102025")
|
||||
sig.KeyTag = eckey.(*RR_DNSKEY).KeyTag()
|
||||
sig.SignerName = eckey.(*RR_DNSKEY).Hdr.Name
|
||||
sig.Algorithm = eckey.(*RR_DNSKEY).Algorithm
|
||||
|
||||
sig.Sign(privkey, []RR{a})
|
||||
|
||||
t.Logf("%s", sig.String())
|
||||
|
||||
}
|
||||
|
||||
func TestDotInName(t *testing.T) {
|
||||
buf := make([]byte, 20)
|
||||
PackDomainName("aa\\.bb.nl.", buf, 0, nil, false)
|
||||
|
|
19
types.go
19
types.go
|
@ -606,8 +606,8 @@ func (rr *RR_RRSIG) String() string {
|
|||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||
" " + strconv.Itoa(int(rr.Labels)) +
|
||||
" " + strconv.FormatInt(int64(rr.OrigTtl), 10) +
|
||||
" " + timeToDate(rr.Expiration) +
|
||||
" " + timeToDate(rr.Inception) +
|
||||
" " + TimeToDate(rr.Expiration) +
|
||||
" " + TimeToDate(rr.Inception) +
|
||||
" " + strconv.Itoa(int(rr.KeyTag)) +
|
||||
" " + rr.SignerName +
|
||||
" " + rr.Signature
|
||||
|
@ -1033,19 +1033,20 @@ func (rr *RR_HIP) Len() int {
|
|||
return l
|
||||
}
|
||||
|
||||
// Translate the RRSIG's incep. and expir. time to the correct date.
|
||||
// Taking into account serial arithmetic (RFC 1982) [TODO]
|
||||
func timeToDate(t uint32) string {
|
||||
// TimeToDate translates the RRSIG's incep. and expir. times to the
|
||||
// string representation used when printing the record.
|
||||
// It takes serial arithmetic (RFC 1982) into account. [TODO]
|
||||
func TimeToDate(t uint32) string {
|
||||
// utc := time.Now().UTC().Unix()
|
||||
// mod := (int64(t) - utc) / Year68
|
||||
ti := time.Unix(int64(t), 0).UTC()
|
||||
return ti.Format("20060102150405")
|
||||
}
|
||||
|
||||
// Translate the RRSIG's incep. and expir. times from
|
||||
// string values ("20110403154150") to an integer.
|
||||
// Taking into account serial arithmetic (RFC 1982)
|
||||
func dateToTime(s string) (uint32, error) {
|
||||
// DateToTime translates the RRSIG's incep. and expir. times from
|
||||
// string values like "20110403154150" to an 32 bit integer.
|
||||
// It takes serial arithmetic (RFC 1982) into account. [TODO]
|
||||
func DateToTime(s string) (uint32, error) {
|
||||
t, e := time.Parse("20060102150405", s)
|
||||
if e != nil {
|
||||
return 0, e
|
||||
|
|
|
@ -544,14 +544,14 @@ func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
|
|||
}
|
||||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, err := dateToTime(l.token); err != nil {
|
||||
if i, err := DateToTime(l.token); err != nil {
|
||||
return nil, &ParseError{f, "bad RRSIG Expiration", l}
|
||||
} else {
|
||||
rr.Expiration = i
|
||||
}
|
||||
<-c // _BLANK
|
||||
l = <-c
|
||||
if i, err := dateToTime(l.token); err != nil {
|
||||
if i, err := DateToTime(l.token); err != nil {
|
||||
return nil, &ParseError{f, "bad RRSIG Inception", l}
|
||||
} else {
|
||||
rr.Inception = i
|
||||
|
|
Loading…
Reference in New Issue