From edf4b3d11bc346647af28522cc69472b9af7dbe5 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Wed, 11 Apr 2012 15:13:17 +0200
Subject: [PATCH] Test signing with ecdsa

---
 dnssec.go      |  1 +
 dnssec_test.go |  2 +-
 kscan.go       |  8 +++++++-
 parse_test.go  | 40 ++++++++++++++++++++++++++++++++++++++++
 types.go       | 19 ++++++++++---------
 zscan_rr.go    |  4 ++--
 6 files changed, 61 insertions(+), 13 deletions(-)

diff --git a/dnssec.go b/dnssec.go
index c2e2bce3..eaabba61 100644
--- a/dnssec.go
+++ b/dnssec.go
@@ -100,6 +100,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 {
 	var keytag int
 	switch k.Algorithm {
 	case RSAMD5:
+		// TODO(mg): implement old style keytag calculation
 		keytag = 0
 	default:
 		keywire := new(dnskeyWireFmt)
diff --git a/dnssec_test.go b/dnssec_test.go
index 9b89dbc7..de7755ca 100644
--- a/dnssec_test.go
+++ b/dnssec_test.go
@@ -39,7 +39,7 @@ func TestGenerateEC(t *testing.T) {
 	key.Hdr.Ttl = 14400
 	key.Flags = 256
 	key.Protocol = 3
-	key.Algorithm = ECDSAP256SHA256Y
+	key.Algorithm = ECDSAP256SHA256
 	privkey, _ := key.Generate(256)
 	t.Logf("%s\n", key.String())
 	t.Logf("%s\n", key.PrivateKeyString(privkey))
diff --git a/kscan.go b/kscan.go
index b381064f..2fb41bc6 100644
--- a/kscan.go
+++ b/kscan.go
@@ -21,7 +21,13 @@ func ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
 		return nil, ErrPrivKey
 	}
 	switch m["algorithm"] {
-	case "1 (RSAMD5)", "5 (RSASHA1)", "8 (RSASHA256)", "10 (RSASHA512)":
+	case "1 (RSAMD5)":
+		fallthrough
+	case "5 (RSASHA1)":
+		fallthrough
+	case "8 (RSASHA256)":
+		fallthrough
+	case "10 (RSASHA512)":
 		fallthrough
 	case "7 (RSASHA1NSEC3SHA1)":
 		return readPrivateKeyRSA(m)
diff --git a/parse_test.go b/parse_test.go
index 2c58181f..9ca97ebe 100644
--- a/parse_test.go
+++ b/parse_test.go
@@ -75,6 +75,46 @@ Activate: 20110302104537`
 	}
 }
 
+func TestSignECDSA(t *testing.T) {
+	pub := `example.net. 3600 IN DNSKEY 257 3 14 (
+	xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1
+	w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8
+	/uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40 )`
+	priv := `Private-key-format: v1.2
+Algorithm: 14 (ECDSAP384SHA384)
+PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vwW7BOrbawVmVe0d9V94SR`
+
+	eckey, err := NewRR(pub)
+	if err != nil {
+		t.Fatal()
+	}
+	privkey, err := ReadPrivateKey(strings.NewReader(priv), "")
+	if err != nil {
+		t.Fatal(err.Error())
+	}
+
+	ds := eckey.(*RR_DNSKEY).ToDS(SHA384)
+	if ds.KeyTag != 10771 {
+		t.Fatal("Wrong keytag on DS")
+	}
+	if ds.Digest != "72d7b62976ce06438e9c0bf319013cf801f09ecc84b8d7e9495f27e305c6a9b0563a9b5f4d288405c3008a946df983d6" {
+		t.Fatal("Wrong DS Digest")
+	}
+	a, _ := NewRR("www.example.net. 3600 IN A 192.0.2.1")
+	sig := new(RR_RRSIG)
+	sig.Hdr = RR_Header{"example.net.", TypeRRSIG, ClassINET, 14400, 0}
+	sig.Expiration, _ = DateToTime("20100909102025")
+	sig.Inception, _ = DateToTime("20100812102025")
+	sig.KeyTag = eckey.(*RR_DNSKEY).KeyTag()
+	sig.SignerName = eckey.(*RR_DNSKEY).Hdr.Name
+	sig.Algorithm = eckey.(*RR_DNSKEY).Algorithm
+
+	sig.Sign(privkey, []RR{a})
+
+	t.Logf("%s", sig.String())
+
+}
+
 func TestDotInName(t *testing.T) {
 	buf := make([]byte, 20)
 	PackDomainName("aa\\.bb.nl.", buf, 0, nil, false)
diff --git a/types.go b/types.go
index 79026ecd..d30d425e 100644
--- a/types.go
+++ b/types.go
@@ -606,8 +606,8 @@ func (rr *RR_RRSIG) String() string {
 		" " + strconv.Itoa(int(rr.Algorithm)) +
 		" " + strconv.Itoa(int(rr.Labels)) +
 		" " + strconv.FormatInt(int64(rr.OrigTtl), 10) +
-		" " + timeToDate(rr.Expiration) +
-		" " + timeToDate(rr.Inception) +
+		" " + TimeToDate(rr.Expiration) +
+		" " + TimeToDate(rr.Inception) +
 		" " + strconv.Itoa(int(rr.KeyTag)) +
 		" " + rr.SignerName +
 		" " + rr.Signature
@@ -1033,19 +1033,20 @@ func (rr *RR_HIP) Len() int {
 	return l
 }
 
-// Translate the RRSIG's incep. and expir. time to the correct date.
-// Taking into account serial arithmetic (RFC 1982) [TODO]
-func timeToDate(t uint32) string {
+// TimeToDate translates the RRSIG's incep. and expir. times to the
+// string representation used when printing the record.
+// It takes serial arithmetic (RFC 1982) into account. [TODO]
+func TimeToDate(t uint32) string {
 	//	utc := time.Now().UTC().Unix()
 	//	mod := (int64(t) - utc) / Year68
 	ti := time.Unix(int64(t), 0).UTC()
 	return ti.Format("20060102150405")
 }
 
-// Translate the RRSIG's incep. and expir. times from 
-// string values ("20110403154150") to an integer.
-// Taking into account serial arithmetic (RFC 1982)
-func dateToTime(s string) (uint32, error) {
+// DateToTime translates the RRSIG's incep. and expir. times from 
+// string values like "20110403154150" to an 32 bit integer.
+// It takes serial arithmetic (RFC 1982) into account. [TODO]
+func DateToTime(s string) (uint32, error) {
 	t, e := time.Parse("20060102150405", s)
 	if e != nil {
 		return 0, e
diff --git a/zscan_rr.go b/zscan_rr.go
index 55a6cfd1..af7a49cd 100644
--- a/zscan_rr.go
+++ b/zscan_rr.go
@@ -544,14 +544,14 @@ func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
 	}
 	<-c // _BLANK
 	l = <-c
-	if i, err := dateToTime(l.token); err != nil {
+	if i, err := DateToTime(l.token); err != nil {
 		return nil, &ParseError{f, "bad RRSIG Expiration", l}
 	} else {
 		rr.Expiration = i
 	}
 	<-c // _BLANK
 	l = <-c
-	if i, err := dateToTime(l.token); err != nil {
+	if i, err := DateToTime(l.token); err != nil {
 		return nil, &ParseError{f, "bad RRSIG Inception", l}
 	} else {
 		rr.Inception = i