Add signature helper function
Do this in dnssec.go so that all DNSSEC stuff in contained in that file. Add testing too
This commit is contained in:
parent
92d09fcfc1
commit
fd9afcb44d
27
dnssec.go
27
dnssec.go
|
@ -1,4 +1,27 @@
|
||||||
package dns
|
package dns
|
||||||
|
|
||||||
// All verification for RRSIG and RRsets i
|
import "time"
|
||||||
// Done here
|
|
||||||
|
// All DNSSEC verification
|
||||||
|
|
||||||
|
const (
|
||||||
|
Year68 = 2 << (32 - 1)
|
||||||
|
)
|
||||||
|
|
||||||
|
// Translate the RRSIG's incep. and expir. time
|
||||||
|
// to the correct date, taking into account serial
|
||||||
|
// arithmetic
|
||||||
|
func timeToDate(t uint32) string {
|
||||||
|
utc := time.UTC().Seconds()
|
||||||
|
mod := (int64(t) - utc) / Year68
|
||||||
|
|
||||||
|
// If needed assume wrap around(s)
|
||||||
|
ti := time.SecondsToUTC(int64(t) + (mod * Year68)) // abs()? TODO
|
||||||
|
return ti.Format("20060102030405")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Is the signature (RRSIG) valid?
|
||||||
|
func validSignaturePeriod(start, end uint32) bool {
|
||||||
|
utc := time.UTC().Seconds() // maybe as parameter?? TODO MG
|
||||||
|
return int64(start) <= utc && utc <= int64(end)
|
||||||
|
}
|
||||||
|
|
19
edns_test.go
19
edns_test.go
|
@ -3,17 +3,16 @@ package dns
|
||||||
// Test EDNS RR records
|
// Test EDNS RR records
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
"fmt"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestEDNS_RR(t *testing.T) {
|
func TestEDNS_RR(t *testing.T) {
|
||||||
edns := new(RR_OPT)
|
edns := new(RR_OPT)
|
||||||
edns.Hdr.Name = "." // must . be for edns
|
edns.Hdr.Name = "." // must . be for edns
|
||||||
edns.Hdr.Rrtype = TypeOPT
|
edns.Hdr.Rrtype = TypeOPT
|
||||||
edns.Hdr.Class = ClassINET
|
edns.Hdr.Class = ClassINET
|
||||||
edns.Hdr.Ttl = 3600
|
edns.Hdr.Ttl = 3600
|
||||||
edns.Option = make([]Option, 1)
|
edns.Option = make([]Option, 1)
|
||||||
edns.Option[0].Code = OptionCodeNSID
|
edns.Option[0].Code = OptionCodeNSID
|
||||||
edns.Option[0].Data = "lalalala"
|
edns.Option[0].Data = "lalalala"
|
||||||
fmt.Printf("%v\n", edns)
|
//t..Logf("%v\n", edns)
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ package dns
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
"net"
|
"net"
|
||||||
"fmt"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestPackUnpack(t *testing.T) {
|
func TestPackUnpack(t *testing.T) {
|
||||||
|
@ -89,15 +88,15 @@ func TestPackUnpack(t *testing.T) {
|
||||||
|
|
||||||
_, ok = packRR(edns, msg, 0)
|
_, ok = packRR(edns, msg, 0)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
t.Logf("%v\n", edns)
|
||||||
t.Log("Failed")
|
t.Log("Failed")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
fmt.Printf("%v\n", edns)
|
|
||||||
|
|
||||||
unpacked, _, ok := unpackRR(msg, 0)
|
unpacked, _, ok := unpackRR(msg, 0)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
t.Logf("%v\n", unpacked)
|
||||||
t.Log("Failed")
|
t.Log("Failed")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
fmt.Printf("%v\n", unpacked)
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ package dns
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
"fmt"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestResolverEdns(t *testing.T) {
|
func TestResolverEdns(t *testing.T) {
|
||||||
|
@ -34,17 +33,14 @@ func TestResolverEdns(t *testing.T) {
|
||||||
m.Question[0] = Question{"miek.nl", TypeSOA, ClassINET}
|
m.Question[0] = Question{"miek.nl", TypeSOA, ClassINET}
|
||||||
m.Ns[0] = edns
|
m.Ns[0] = edns
|
||||||
|
|
||||||
fmt.Printf("Sending: %v\n", m)
|
|
||||||
|
|
||||||
ch <- DnsMsg{m, nil}
|
ch <- DnsMsg{m, nil}
|
||||||
in := <-ch
|
in := <-ch
|
||||||
|
|
||||||
if in.Dns.Rcode != RcodeSuccess {
|
if in.Dns.Rcode != RcodeSuccess {
|
||||||
|
t.Logf("Recv: %v\n", in.Dns)
|
||||||
t.Log("Failed to get an valid answer")
|
t.Log("Failed to get an valid answer")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
fmt.Printf("Recv: %v\n", in.Dns)
|
|
||||||
|
|
||||||
ch <- DnsMsg{nil, nil}
|
ch <- DnsMsg{nil, nil}
|
||||||
time.Sleep(1.0e9)
|
time.Sleep(0.5e9)
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ package dns
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
"fmt"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -27,7 +26,7 @@ func TestResolver(t *testing.T) {
|
||||||
if in.Dns.Rcode != RcodeSuccess {
|
if in.Dns.Rcode != RcodeSuccess {
|
||||||
t.Log("Failed to get an valid answer")
|
t.Log("Failed to get an valid answer")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
fmt.Printf("%v\n", in)
|
t.Logf("%v\n", in)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ask something
|
// ask something
|
||||||
|
@ -38,9 +37,9 @@ func TestResolver(t *testing.T) {
|
||||||
if in.Dns.Rcode != RcodeSuccess {
|
if in.Dns.Rcode != RcodeSuccess {
|
||||||
t.Log("Failed to get an valid answer")
|
t.Log("Failed to get an valid answer")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
fmt.Printf("%v\n", in)
|
t.Logf("%v\n", in)
|
||||||
}
|
}
|
||||||
|
|
||||||
ch <- DnsMsg{nil, nil}
|
ch <- DnsMsg{nil, nil}
|
||||||
time.Sleep(1.0e9)
|
time.Sleep(0.5e9)
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
package dns
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestSignature(t *testing.T) {
|
||||||
|
sig := new(RR_RRSIG)
|
||||||
|
sig.Hdr.Name = "miek.nl."
|
||||||
|
sig.Hdr.Rrtype = TypeRRSIG
|
||||||
|
sig.Hdr.Class = ClassINET
|
||||||
|
sig.Hdr.Ttl = 3600
|
||||||
|
sig.TypeCovered = TypeDNSKEY
|
||||||
|
sig.Algorithm = AlgRSASHA1
|
||||||
|
sig.Labels = 2
|
||||||
|
sig.OrigTtl = 4000
|
||||||
|
sig.Expiration = 1000
|
||||||
|
sig.Inception = 800
|
||||||
|
sig.KeyTag = 34641
|
||||||
|
sig.SignerName = "miek.nl."
|
||||||
|
sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ"
|
||||||
|
|
||||||
|
// Should not be valid
|
||||||
|
if validSignaturePeriod(sig.Inception, sig.Expiration) {
|
||||||
|
t.Log("Should not be valid")
|
||||||
|
t.Fail()
|
||||||
|
} else {
|
||||||
|
t.Logf("Valid sig period:\n%v\n", sig)
|
||||||
|
}
|
||||||
|
}
|
20
types.go
20
types.go
|
@ -10,7 +10,6 @@ package dns
|
||||||
import (
|
import (
|
||||||
"net"
|
"net"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Packet formats
|
// Packet formats
|
||||||
|
@ -382,29 +381,14 @@ func (rr *RR_RRSIG) Header() *RR_Header {
|
||||||
return &rr.Hdr
|
return &rr.Hdr
|
||||||
}
|
}
|
||||||
|
|
||||||
// Also, I might need more of these helper function
|
|
||||||
// where to put them if there are more
|
|
||||||
// Define a new interface??
|
|
||||||
// needs serial stuff
|
|
||||||
// starts when 1970 has been 68 years ago??
|
|
||||||
func intToDate(t uint32) string {
|
|
||||||
// als meer dan 68 jaar geleden, dan 68 jaar bij bedrag optellen
|
|
||||||
// TODO
|
|
||||||
ti := time.SecondsToUTC(int64(t))
|
|
||||||
return ti.Format("20060102030405")
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
func (rr *RR_RRSIG) String() string {
|
func (rr *RR_RRSIG) String() string {
|
||||||
return rr.Hdr.String() +
|
return rr.Hdr.String() +
|
||||||
" " + rr_str[rr.TypeCovered] +
|
" " + rr_str[rr.TypeCovered] +
|
||||||
" " + strconv.Itoa(int(rr.Algorithm)) +
|
" " + strconv.Itoa(int(rr.Algorithm)) +
|
||||||
" " + strconv.Itoa(int(rr.Labels)) +
|
" " + strconv.Itoa(int(rr.Labels)) +
|
||||||
" " + strconv.Itoa(int(rr.OrigTtl)) +
|
" " + strconv.Itoa(int(rr.OrigTtl)) +
|
||||||
// " " + strconv.Itoa(int(rr.Expiration)) + // date calc! TODO
|
" " + timeToDate(rr.Expiration) +
|
||||||
" " + intToDate(rr.Expiration) +
|
" " + timeToDate(rr.Inception) +
|
||||||
// " " + strconv.Itoa(int(rr.Inception)) + // date calc! TODO
|
|
||||||
" " + intToDate(rr.Inception) +
|
|
||||||
" " + strconv.Itoa(int(rr.KeyTag)) +
|
" " + strconv.Itoa(int(rr.KeyTag)) +
|
||||||
" " + rr.SignerName +
|
" " + rr.SignerName +
|
||||||
" " + rr.Sig
|
" " + rr.Sig
|
||||||
|
|
Loading…
Reference in New Issue