diff --git a/dnssec.go b/dnssec.go index b4c28387..f89f8afe 100644 --- a/dnssec.go +++ b/dnssec.go @@ -1,4 +1,27 @@ package dns -// All verification for RRSIG and RRsets i -// Done here +import "time" + +// All DNSSEC verification + +const ( + Year68 = 2 << (32 - 1) +) + +// Translate the RRSIG's incep. and expir. time +// to the correct date, taking into account serial +// arithmetic +func timeToDate(t uint32) string { + utc := time.UTC().Seconds() + mod := (int64(t) - utc) / Year68 + + // If needed assume wrap around(s) + ti := time.SecondsToUTC(int64(t) + (mod * Year68)) // abs()? TODO + return ti.Format("20060102030405") +} + +// Is the signature (RRSIG) valid? +func validSignaturePeriod(start, end uint32) bool { + utc := time.UTC().Seconds() // maybe as parameter?? TODO MG + return int64(start) <= utc && utc <= int64(end) +} diff --git a/edns_test.go b/edns_test.go index 19cac42d..8e1fd0ee 100644 --- a/edns_test.go +++ b/edns_test.go @@ -3,17 +3,16 @@ package dns // Test EDNS RR records import ( "testing" - "fmt" ) func TestEDNS_RR(t *testing.T) { - edns := new(RR_OPT) - edns.Hdr.Name = "." // must . be for edns - edns.Hdr.Rrtype = TypeOPT - edns.Hdr.Class = ClassINET - edns.Hdr.Ttl = 3600 - edns.Option = make([]Option, 1) - edns.Option[0].Code = OptionCodeNSID - edns.Option[0].Data = "lalalala" - fmt.Printf("%v\n", edns) + edns := new(RR_OPT) + edns.Hdr.Name = "." // must . be for edns + edns.Hdr.Rrtype = TypeOPT + edns.Hdr.Class = ClassINET + edns.Hdr.Ttl = 3600 + edns.Option = make([]Option, 1) + edns.Option[0].Code = OptionCodeNSID + edns.Option[0].Data = "lalalala" + //t..Logf("%v\n", edns) } diff --git a/pack_test.go b/pack_test.go index 00d64628..35e6d0f8 100644 --- a/pack_test.go +++ b/pack_test.go @@ -3,7 +3,6 @@ package dns import ( "testing" "net" - "fmt" ) func TestPackUnpack(t *testing.T) { @@ -89,15 +88,15 @@ func TestPackUnpack(t *testing.T) { _, ok = packRR(edns, msg, 0) if !ok { + t.Logf("%v\n", edns) t.Log("Failed") t.Fail() } - fmt.Printf("%v\n", edns) unpacked, _, ok := unpackRR(msg, 0) if !ok { + t.Logf("%v\n", unpacked) t.Log("Failed") t.Fail() } - fmt.Printf("%v\n", unpacked) } diff --git a/resolverEdns_test.go b/resolverEdns_test.go index 5c41263b..a51e5231 100644 --- a/resolverEdns_test.go +++ b/resolverEdns_test.go @@ -3,7 +3,6 @@ package dns import ( "testing" "time" - "fmt" ) func TestResolverEdns(t *testing.T) { @@ -34,17 +33,14 @@ func TestResolverEdns(t *testing.T) { m.Question[0] = Question{"miek.nl", TypeSOA, ClassINET} m.Ns[0] = edns - fmt.Printf("Sending: %v\n", m) - ch <- DnsMsg{m, nil} in := <-ch if in.Dns.Rcode != RcodeSuccess { + t.Logf("Recv: %v\n", in.Dns) t.Log("Failed to get an valid answer") t.Fail() } - fmt.Printf("Recv: %v\n", in.Dns) - ch <- DnsMsg{nil, nil} - time.Sleep(1.0e9) + time.Sleep(0.5e9) } diff --git a/resolver_test.go b/resolver_test.go index 562b5db4..b3566ab4 100644 --- a/resolver_test.go +++ b/resolver_test.go @@ -3,7 +3,6 @@ package dns import ( "testing" "time" - "fmt" ) @@ -27,7 +26,7 @@ func TestResolver(t *testing.T) { if in.Dns.Rcode != RcodeSuccess { t.Log("Failed to get an valid answer") t.Fail() - fmt.Printf("%v\n", in) + t.Logf("%v\n", in) } // ask something @@ -38,9 +37,9 @@ func TestResolver(t *testing.T) { if in.Dns.Rcode != RcodeSuccess { t.Log("Failed to get an valid answer") t.Fail() - fmt.Printf("%v\n", in) + t.Logf("%v\n", in) } ch <- DnsMsg{nil, nil} - time.Sleep(1.0e9) + time.Sleep(0.5e9) } diff --git a/signature_test.go b/signature_test.go new file mode 100644 index 00000000..118e8809 --- /dev/null +++ b/signature_test.go @@ -0,0 +1,30 @@ +package dns + +import ( + "testing" +) + +func TestSignature(t *testing.T) { + sig := new(RR_RRSIG) + sig.Hdr.Name = "miek.nl." + sig.Hdr.Rrtype = TypeRRSIG + sig.Hdr.Class = ClassINET + sig.Hdr.Ttl = 3600 + sig.TypeCovered = TypeDNSKEY + sig.Algorithm = AlgRSASHA1 + sig.Labels = 2 + sig.OrigTtl = 4000 + sig.Expiration = 1000 + sig.Inception = 800 + sig.KeyTag = 34641 + sig.SignerName = "miek.nl." + sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ" + + // Should not be valid + if validSignaturePeriod(sig.Inception, sig.Expiration) { + t.Log("Should not be valid") + t.Fail() + } else { + t.Logf("Valid sig period:\n%v\n", sig) + } +} diff --git a/types.go b/types.go index 18d105ec..ff6393fc 100644 --- a/types.go +++ b/types.go @@ -10,7 +10,6 @@ package dns import ( "net" "strconv" - "time" ) // Packet formats @@ -382,29 +381,14 @@ func (rr *RR_RRSIG) Header() *RR_Header { return &rr.Hdr } -// Also, I might need more of these helper function -// where to put them if there are more -// Define a new interface?? -// needs serial stuff -// starts when 1970 has been 68 years ago?? -func intToDate(t uint32) string { - // als meer dan 68 jaar geleden, dan 68 jaar bij bedrag optellen - // TODO - ti := time.SecondsToUTC(int64(t)) - return ti.Format("20060102030405") -} - - func (rr *RR_RRSIG) String() string { return rr.Hdr.String() + " " + rr_str[rr.TypeCovered] + " " + strconv.Itoa(int(rr.Algorithm)) + " " + strconv.Itoa(int(rr.Labels)) + " " + strconv.Itoa(int(rr.OrigTtl)) + - // " " + strconv.Itoa(int(rr.Expiration)) + // date calc! TODO - " " + intToDate(rr.Expiration) + - // " " + strconv.Itoa(int(rr.Inception)) + // date calc! TODO - " " + intToDate(rr.Inception) + + " " + timeToDate(rr.Expiration) + + " " + timeToDate(rr.Inception) + " " + strconv.Itoa(int(rr.KeyTag)) + " " + rr.SignerName + " " + rr.Sig