Add signature helper function
Do this in dnssec.go so that all DNSSEC stuff in contained in that file. Add testing too
This commit is contained in:
parent
92d09fcfc1
commit
fd9afcb44d
27
dnssec.go
27
dnssec.go
|
@ -1,4 +1,27 @@
|
|||
package dns
|
||||
|
||||
// All verification for RRSIG and RRsets i
|
||||
// Done here
|
||||
import "time"
|
||||
|
||||
// All DNSSEC verification
|
||||
|
||||
const (
|
||||
Year68 = 2 << (32 - 1)
|
||||
)
|
||||
|
||||
// Translate the RRSIG's incep. and expir. time
|
||||
// to the correct date, taking into account serial
|
||||
// arithmetic
|
||||
func timeToDate(t uint32) string {
|
||||
utc := time.UTC().Seconds()
|
||||
mod := (int64(t) - utc) / Year68
|
||||
|
||||
// If needed assume wrap around(s)
|
||||
ti := time.SecondsToUTC(int64(t) + (mod * Year68)) // abs()? TODO
|
||||
return ti.Format("20060102030405")
|
||||
}
|
||||
|
||||
// Is the signature (RRSIG) valid?
|
||||
func validSignaturePeriod(start, end uint32) bool {
|
||||
utc := time.UTC().Seconds() // maybe as parameter?? TODO MG
|
||||
return int64(start) <= utc && utc <= int64(end)
|
||||
}
|
||||
|
|
19
edns_test.go
19
edns_test.go
|
@ -3,17 +3,16 @@ package dns
|
|||
// Test EDNS RR records
|
||||
import (
|
||||
"testing"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
func TestEDNS_RR(t *testing.T) {
|
||||
edns := new(RR_OPT)
|
||||
edns.Hdr.Name = "." // must . be for edns
|
||||
edns.Hdr.Rrtype = TypeOPT
|
||||
edns.Hdr.Class = ClassINET
|
||||
edns.Hdr.Ttl = 3600
|
||||
edns.Option = make([]Option, 1)
|
||||
edns.Option[0].Code = OptionCodeNSID
|
||||
edns.Option[0].Data = "lalalala"
|
||||
fmt.Printf("%v\n", edns)
|
||||
edns := new(RR_OPT)
|
||||
edns.Hdr.Name = "." // must . be for edns
|
||||
edns.Hdr.Rrtype = TypeOPT
|
||||
edns.Hdr.Class = ClassINET
|
||||
edns.Hdr.Ttl = 3600
|
||||
edns.Option = make([]Option, 1)
|
||||
edns.Option[0].Code = OptionCodeNSID
|
||||
edns.Option[0].Data = "lalalala"
|
||||
//t..Logf("%v\n", edns)
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ package dns
|
|||
import (
|
||||
"testing"
|
||||
"net"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
func TestPackUnpack(t *testing.T) {
|
||||
|
@ -89,15 +88,15 @@ func TestPackUnpack(t *testing.T) {
|
|||
|
||||
_, ok = packRR(edns, msg, 0)
|
||||
if !ok {
|
||||
t.Logf("%v\n", edns)
|
||||
t.Log("Failed")
|
||||
t.Fail()
|
||||
}
|
||||
fmt.Printf("%v\n", edns)
|
||||
|
||||
unpacked, _, ok := unpackRR(msg, 0)
|
||||
if !ok {
|
||||
t.Logf("%v\n", unpacked)
|
||||
t.Log("Failed")
|
||||
t.Fail()
|
||||
}
|
||||
fmt.Printf("%v\n", unpacked)
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ package dns
|
|||
import (
|
||||
"testing"
|
||||
"time"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
func TestResolverEdns(t *testing.T) {
|
||||
|
@ -34,17 +33,14 @@ func TestResolverEdns(t *testing.T) {
|
|||
m.Question[0] = Question{"miek.nl", TypeSOA, ClassINET}
|
||||
m.Ns[0] = edns
|
||||
|
||||
fmt.Printf("Sending: %v\n", m)
|
||||
|
||||
ch <- DnsMsg{m, nil}
|
||||
in := <-ch
|
||||
|
||||
if in.Dns.Rcode != RcodeSuccess {
|
||||
t.Logf("Recv: %v\n", in.Dns)
|
||||
t.Log("Failed to get an valid answer")
|
||||
t.Fail()
|
||||
}
|
||||
fmt.Printf("Recv: %v\n", in.Dns)
|
||||
|
||||
ch <- DnsMsg{nil, nil}
|
||||
time.Sleep(1.0e9)
|
||||
time.Sleep(0.5e9)
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ package dns
|
|||
import (
|
||||
"testing"
|
||||
"time"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
|
||||
|
@ -27,7 +26,7 @@ func TestResolver(t *testing.T) {
|
|||
if in.Dns.Rcode != RcodeSuccess {
|
||||
t.Log("Failed to get an valid answer")
|
||||
t.Fail()
|
||||
fmt.Printf("%v\n", in)
|
||||
t.Logf("%v\n", in)
|
||||
}
|
||||
|
||||
// ask something
|
||||
|
@ -38,9 +37,9 @@ func TestResolver(t *testing.T) {
|
|||
if in.Dns.Rcode != RcodeSuccess {
|
||||
t.Log("Failed to get an valid answer")
|
||||
t.Fail()
|
||||
fmt.Printf("%v\n", in)
|
||||
t.Logf("%v\n", in)
|
||||
}
|
||||
|
||||
ch <- DnsMsg{nil, nil}
|
||||
time.Sleep(1.0e9)
|
||||
time.Sleep(0.5e9)
|
||||
}
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
package dns
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestSignature(t *testing.T) {
|
||||
sig := new(RR_RRSIG)
|
||||
sig.Hdr.Name = "miek.nl."
|
||||
sig.Hdr.Rrtype = TypeRRSIG
|
||||
sig.Hdr.Class = ClassINET
|
||||
sig.Hdr.Ttl = 3600
|
||||
sig.TypeCovered = TypeDNSKEY
|
||||
sig.Algorithm = AlgRSASHA1
|
||||
sig.Labels = 2
|
||||
sig.OrigTtl = 4000
|
||||
sig.Expiration = 1000
|
||||
sig.Inception = 800
|
||||
sig.KeyTag = 34641
|
||||
sig.SignerName = "miek.nl."
|
||||
sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ"
|
||||
|
||||
// Should not be valid
|
||||
if validSignaturePeriod(sig.Inception, sig.Expiration) {
|
||||
t.Log("Should not be valid")
|
||||
t.Fail()
|
||||
} else {
|
||||
t.Logf("Valid sig period:\n%v\n", sig)
|
||||
}
|
||||
}
|
20
types.go
20
types.go
|
@ -10,7 +10,6 @@ package dns
|
|||
import (
|
||||
"net"
|
||||
"strconv"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Packet formats
|
||||
|
@ -382,29 +381,14 @@ func (rr *RR_RRSIG) Header() *RR_Header {
|
|||
return &rr.Hdr
|
||||
}
|
||||
|
||||
// Also, I might need more of these helper function
|
||||
// where to put them if there are more
|
||||
// Define a new interface??
|
||||
// needs serial stuff
|
||||
// starts when 1970 has been 68 years ago??
|
||||
func intToDate(t uint32) string {
|
||||
// als meer dan 68 jaar geleden, dan 68 jaar bij bedrag optellen
|
||||
// TODO
|
||||
ti := time.SecondsToUTC(int64(t))
|
||||
return ti.Format("20060102030405")
|
||||
}
|
||||
|
||||
|
||||
func (rr *RR_RRSIG) String() string {
|
||||
return rr.Hdr.String() +
|
||||
" " + rr_str[rr.TypeCovered] +
|
||||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||
" " + strconv.Itoa(int(rr.Labels)) +
|
||||
" " + strconv.Itoa(int(rr.OrigTtl)) +
|
||||
// " " + strconv.Itoa(int(rr.Expiration)) + // date calc! TODO
|
||||
" " + intToDate(rr.Expiration) +
|
||||
// " " + strconv.Itoa(int(rr.Inception)) + // date calc! TODO
|
||||
" " + intToDate(rr.Inception) +
|
||||
" " + timeToDate(rr.Expiration) +
|
||||
" " + timeToDate(rr.Inception) +
|
||||
" " + strconv.Itoa(int(rr.KeyTag)) +
|
||||
" " + rr.SignerName +
|
||||
" " + rr.Sig
|
||||
|
|
Loading…
Reference in New Issue