community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,155 Commits 1 Branch 67 Tags 17 MiB
Commit Graph

203 Commits

Author SHA1 Message Date
Miek Gieben 67945c119e A bunch of golint fixes 
The proposed vars names are a nono, because they break the API.
Things left: document each RR and zscan_rr.go has some funcky if-then-elses.
 2015-02-19 09:58:33 +00:00
Filippo Valsorda 3035815b29 Reorder DNSSEC code 2015-01-23 13:06:08 -08:00
Filippo Valsorda e9faa971b3 Refactor the DNSSEC private key code 
Now PrivateKey is an interface exposing Sign() and String(). Common
implementations are wrappers for {rsa|dsa|ecdsa}.PrivateKey but
this allows for custom signers, and abstracts away the private-ops
code to a single place.
 2015-01-23 13:04:29 -08:00
Filippo Valsorda c47471f80e [DNSSEC] Make int to bytes conversions fixed length in DSA (RFC 2536) 
This fixes DSA key generation.
 2014-12-06 10:26:56 +00:00
Filippo Valsorda ed475ae9fa [DNSSEC] Make int to bytes conversions fixed length in ECDSA 
ECDSA public keys consist of a single value, called "Q" in FIPS
  186-3.  In DNSSEC keys, Q is a simple bit string that represents the
  uncompressed form of a curve point, "x | y".

  The ECDSA signature is the combination of two non-negative integers,
  called "r" and "s" in FIPS 186-3.  The two integers, each of which is
  formatted as a simple octet string, are combined into a single longer
  octet string for DNSSEC as the concatenation "r | s".  (Conversion of
  the integers to bit strings is described in Section C.2 of FIPS
  186-3.)  For P-256, each integer MUST be encoded as 32 octets; for
  P-384, each integer MUST be encoded as 48 octets.
 2014-12-05 20:17:11 +00:00
Filippo Valsorda 0f1b1184ae Rename and simplify packing helper functions 2014-12-05 19:27:44 +00:00
Miek Gieben a34d1f6ad7 Merge branch 'master' of github.com:miekg/dns 2014-11-03 11:02:31 +00:00
Andrew Tunnell-Jones 5bccac1c47 Fix off-by-one error parsing DSA public key 
I ran into a slice bounds out of range panic. Tired so I just rewrote it.
 2014-11-01 10:54:01 +00:00
Miek Gieben 71466895f7 Remove ECC which was set as alg 4 
There is no alg 4 and ECC is not an algorithm identifier.
 2014-10-23 08:12:02 +00:00
Alex A Skinner c417e9729d DNSSEC algorithm and digest types now uint8 2014-10-22 20:41:03 -04:00
Miek Gieben 0aa3021a83 Remove all copyright notices 
Use the central COPYRIGHT file.
 2014-09-11 20:57:37 +01:00
Miek Gieben 643720d10d Fix ECDSA algorithms 
Current code was completely wrong, so validation of ECDSA didn't work.
The new tests now works, the old one now doesn't
 2014-09-09 07:45:47 +01:00
Filippo Valsorda 3a7db158f5 Correct the DNSKEY flag values 
See https://www.iana.org/assignments/dnskey-flags/dnskey-flags.xhtml

Elsewhere in the code 256 (1 << 8) is used numerically for ZONE, so nothing breaks for now.
 2014-09-04 15:31:23 -07:00
Alex A. Skinner a156d1ec2f must lowercase ownername when computing hash for DS 2014-04-10 19:40:52 -04:00
Miek Gieben fb787f0d96 Update the documentation 2014-02-02 20:30:52 +00:00
Miek Gieben 9c75b3cdc2 Fi the tests too 2014-01-27 14:45:34 +00:00
Miek Gieben 39a8e2b8af Small api change to check RRSIG validity 2014-01-27 14:42:17 +00:00
Miek Gieben c97bb6d79d The right way around 2014-01-26 20:22:19 +00:00
Miek Gieben 2a659fce45 dnssec: don't override OrigTtl in sig 
When creating a signature and the OrigTtl is already set
don't override it.
 2014-01-26 19:53:49 +00:00
Miek Gieben 6b32a711e9 Allocate just enough space 
Remove the len()*2, and replace it with len()+1. The current
len() impl. of the types is good enough to be more precise.
 2013-12-06 11:30:33 +00:00
Miek Gieben 70ee966106 Fix the unknown record sign test 
Don't make up new error in msg.Pack when there are perfectly fine
errors to return.
 2013-12-06 09:43:26 +00:00
Skinner, Alex edd235088a Added TYPE65534 record type so that zone scanning doesn't die upon encountering one. Fixed DNSSEC signature verification. 2013-12-04 12:58:20 -05:00
Miek Gieben ee8ace0477 Merge branch 'master' of github.com:miekg/dns 2013-09-11 08:22:23 +01:00
Miek Gieben 9c1ee5d5ca Update IsDomainName 
This new functions just compiles the domain to wire format, if that
works, the name is deemed OK. It is also much less strict than the
older code. Almost everything is allowed in the name, except two
dots back to back (there is an explicit test for that).
 2013-09-10 18:09:22 +00:00
Miek Gieben 47cc5b052d Work on making IsDomainName better 2013-09-10 13:13:10 +00:00
Miek Gieben cb70138d9e Remove comment 2013-09-01 21:37:14 +01:00
Miek Gieben 38ea608d79 Rename the Label* functions 
SplitLabels -> SplitDomainName
CompareLabels -> CompareDomainName
LenLabels -> CountLabel
          -> NextLabel was added as a simple iterator-like function
 2013-06-22 07:21:15 +00:00
Miek Gieben c66494c6c5 Resolv merge conflicts 2013-05-12 19:08:37 +02:00
Miek Gieben 81941d4422 Update all copyright notices 2013-05-12 16:15:52 +02:00
Miek Gieben 320d981509 Add Algo-signal-draft impl. for EDNS0 2013-05-11 21:02:17 +02:00
Miek Gieben d53d9eab81 gofmt 2013-05-05 20:30:44 +02:00
Miek Gieben cd10853288 Make Len() and Copy() private 
I don't think anybody will needs these, msg.Len() is still
available. Severly cuts back on the amount of exported functions.
 2013-02-09 08:35:17 +01:00
Miek Gieben 235e892dfc Rename the RR types drop the RR_ prefix 
This is also done in the official Go library. It also make the
code shorter.
 2012-12-09 19:23:25 +01:00
Miek Gieben 2a3b818b95 Use much more descriptive names for the maps 
Alg_str -> AlgorithmToString
 Rr_str  -> TypeToString

And for the reverse maps also.
 2012-12-02 09:29:54 +01:00
Miek Gieben ffe42637c5 Documentation 2012-12-01 12:44:57 +01:00
Miek Gieben aaa65c0ae0 documentation 2012-11-20 10:10:09 +01:00
Miek Gieben dce8b2e71a gofmt 2012-10-10 22:17:50 +02:00
Miek Gieben 570bf8dc69 Use proper error in packing and unpacking 
All the relevant functions now return an error instead of
a simple boolean. This greatly approves the feedback to coders.

Spotted some fishy error handling along the way and fix that too.
 2012-10-09 21:17:54 +02:00
Miek Gieben c88a47e261 use nil for signing in rsa 2012-09-16 10:28:53 +02:00
Miek Gieben 8a21b263d8 Disallow rsamd5 as per rfc 6725 2012-09-14 09:11:19 +02:00
Miek Gieben ceea1024c1 use rr as var name 2012-09-03 08:37:16 +02:00
Miek Gieben 25abc3c0fc use rr as var name 2012-09-03 08:35:21 +02:00
Miek Gieben c0c9a5f3a9 docs 2012-08-27 08:41:14 +02:00
Miek Gieben b96e6ac78d tweaks to the documentation 2012-08-24 09:35:33 +02:00
Miek Gieben 6f7aad15d8 documenation 2012-08-21 17:36:58 +02:00
Miek Gieben b0fc5a2f22 re-export these - I use them in unbound 2012-08-20 18:03:15 +02:00
Miek Gieben 7b406f80ce dont export 2012-08-17 08:34:46 +02:00
Miek Gieben 73b6d37885 cleanup api, dont export Year68 2012-08-17 08:29:45 +02:00
Miek Gieben 2d2b4f5e64 tweaks to give more power to unbound package 2012-07-01 20:58:54 +02:00
Miek Gieben e6fca0be3f Actually copy the RR for DNSSEC validation. 
This is needed because we need to fiddle with the TTL and sometimes
even need to lowercase the rdata. We dont want this to propagate
to the original RRs
 2012-06-20 19:16:54 +02:00