4536259037
1/2 support for DSA
2012-04-17 11:39:58 +02:00
70efdaabea
keytag calc. for RSAMD5 keys
2012-04-17 10:55:02 +02:00
daf51db85d
add indirect alg type
2012-04-16 09:09:32 +02:00
cf627feaa8
remove debugging.Validation code works, but isnt validating
2012-04-15 21:43:52 +02:00
e6b2ec8d72
Add ecdsa verification
2012-04-15 21:37:00 +02:00
b58c604e17
Add symmetry to the reading of public/private keys
...
Add a NewPrivateKey that works on strings and calls ReadPrivateKey
that works on io.Readers.
2012-04-15 20:50:53 +02:00
3e11306260
some debugging
2012-04-12 15:39:54 +02:00
134b557647
Start with validating Curve algos
2012-04-11 16:20:29 +02:00
1e1559423d
Fix EC signing
2012-04-11 16:09:40 +02:00
b1099c10b8
More stuff for ecdsa. Need to find good abstraction
2012-04-11 15:42:33 +02:00
edf4b3d11b
Test signing with ecdsa
2012-04-11 15:13:17 +02:00
35bfb48fac
fix the mnemonic for ecdsa*
2012-04-11 14:37:51 +02:00
a55014ff8a
elliptic curve stuff
2012-04-11 14:32:44 +02:00
1083e5542e
add comment
2012-04-06 20:12:00 +02:00
33a58c8cb7
make it compile
2012-03-19 20:00:40 +01:00
f38cd6abe0
better errors
2012-03-18 22:44:42 +01:00
9f14f2d5ab
Documentation updates
2012-03-08 20:47:45 +01:00
1744a80850
add a TsigStatus to the client as well
...
Bring server and client side more inline
with each other. For a client we also
use TsigStatus() to retrieve the tsig info.
2012-03-04 14:47:20 +01:00
dc16392734
Newly allocated names
2012-03-02 15:28:22 +01:00
104d875a75
Flag large RSA exponents as an error
2012-02-29 21:11:45 +01:00
c32c13ba25
dnssec-bis-16 updates fix
2012-02-28 20:09:00 +01:00
d7a7e6e112
Lowercase/uppercase mahem in DNSSEC
2012-02-28 19:25:09 +01:00
ea57a49d94
Allow mnemonic algorithm numbers in DS (and DS-like) records
2012-02-27 19:17:58 +01:00
ef2e12b0dd
Validation fixes, still not perfect, but much nicer
2012-02-25 22:04:29 +01:00
89c05b4f74
gofmt
2012-02-23 19:37:08 +01:00
c6042c4ce8
Work on copy of the header when validating
2012-02-23 12:46:39 +01:00
d0a45c667e
Downcase these domains
2012-02-23 10:47:50 +01:00
99ea36cd42
Check the protocol value of the key
2012-02-16 23:34:09 +01:00
2cb265697e
Documentation
...
Need to think about the non-existing root-label and the label
functions.
2012-02-12 11:34:28 +01:00
448596bccb
fix typo
2012-02-10 09:19:23 +01:00
c05615b783
fix RRSIG wildcard checking
2012-02-10 09:19:00 +01:00
ed61734c89
Optimize the RR reading further
...
remove len(strings) from the code. 16% increase
in speed. Getting about 35K RR/s
2012-01-30 21:26:29 +01:00
bfc928973f
Remove/fix some todo
2012-01-29 00:34:59 +01:00
19f8d266b5
Remove the RRset type - only add obvious stuff
2012-01-28 01:14:07 +01:00
6d5fd7f975
Some more tweaks into verifying nsec3 messages
2012-01-22 16:12:10 +01:00
c051e5eec5
Small tweaks
2012-01-22 12:24:31 +01:00
f25584e94e
Overflow fixes
2012-01-21 12:35:19 +01:00
c9fc2ea493
Enable signature checking in messages
2012-01-21 11:58:26 +01:00
5917838cbb
gofmt
2012-01-20 12:24:20 +01:00
509912d4c4
Fixes for weekly.2012-01-20
2012-01-20 12:24:05 +01:00
9f3a1c1f13
Documentation and make ParseKey private (parseKey)
2012-01-16 21:44:49 +01:00
50a62b9c68
Dont downcase
2012-01-16 10:50:35 +01:00
4bd5d7f3f2
Lowercase rdata of rr to be signed/verified
2012-01-16 09:54:05 +01:00
8608def558
Documentation
2012-01-15 16:14:22 +01:00
5c74f7285f
Save some bytes in the dnssec signature validation
2012-01-15 16:00:40 +01:00
0509df509e
gofmt
2012-01-12 23:17:34 +01:00
d53102fc7b
Make alg_str public: Alg_str
2012-01-12 13:01:43 +01:00
f1a3b31384
Make a packStructCompress() to leave packStruct() simpler
2012-01-11 20:33:38 +01:00
eafe995a56
Add a compression flag to msg struct
2012-01-11 20:26:39 +01:00
6d95911558
Dont allow the question section to be compressed
2012-01-11 16:16:09 +01:00
974c28d1b1
More fixes for compression
2012-01-11 11:13:17 +01:00
7f77e5e6b4
Fix key2ds
2012-01-08 16:49:54 +01:00
cd266d5f0f
Its a uint8
2012-01-08 15:56:19 +01:00
ecfd5451a9
Remove the Labels() function.
...
This is now handled inside IsDomainName, which really parses
the name and then (also) returns the number of labels found.
2012-01-08 15:54:33 +01:00
d1b0ee219f
Digest fixes
2011-12-16 15:06:24 +01:00
131f6962d1
gofmt
2011-12-09 21:45:57 +01:00
17d3f12d31
Fix NSEC presentation
2011-12-09 16:11:37 +01:00
96cbd9420c
add privatedns/oid
2011-12-09 16:00:41 +01:00
ad11f2425e
export Unpack/PackDomainName
2011-12-09 15:58:36 +01:00
e115e5da6e
Update to the latest weekly: weekly/weekly.2011-12-06
...
The new time API must still be used. But for now it compiles.
All DNSSEC/TSIG timing is probably broken
2011-12-09 11:16:49 +01:00
22a467e718
Fixes the latest weekly
2011-11-02 23:06:54 +01:00
b7ca96e7d4
Normalize errors
...
Use the errors as defined in msg.go and a few.
2011-09-09 10:21:04 +02:00
24a912919f
Change Sign() and Verify() to return more useful os.Error
2011-09-08 12:14:41 -07:00
220ad18ded
Remove redundant sorting and fix small error
2011-09-08 12:14:06 -07:00
ca33c9ad0e
Add sorting to DNSSEC signature verify
2011-09-08 12:14:06 -07:00
c104ee05b8
documentation updates
2011-09-08 19:25:45 +02:00
6034016b29
tweak the documentation a bit
2011-09-08 08:30:17 +02:00
7897c8f088
Add RSASHA1NSEC3SHA1 alg
...
From Taral <taralx@gmail.com>
2011-09-08 08:26:40 +02:00
4671072027
Error handling
...
Handle semantic errors in the input stream.
Try to use Ragel's error handling when seeing a non-supported
class. This does not work yet.
2011-07-24 17:08:33 +02:00
da0603089a
gofmt -w
2011-07-23 23:43:43 +02:00
9b1e7b4b3d
documentation
...
make Str_rr and Str_class private, prolly only needed
for parsing
2011-07-23 23:15:40 +02:00
fd0064c805
Parsings works - clean up the tests
...
RR_DNSKEY has now a
* Read (to read an RR)
* ReadPrivateKey (to read an private key file)
Together you have enough data to sign and verify DNSSEC data.
I'm thinking about a better API, but I think one will emerge
whenever I complete the zone parsin.
2011-07-17 20:51:27 +02:00
4c26df63ba
Drop the Alg and Hash prefixes
2011-07-08 17:27:44 +02:00
b84e27535c
More ECC updates - we should be able to sign
2011-07-08 14:51:40 +02:00
ad5b59c09d
Prepare ecdsa signing/verification
2011-07-08 11:40:32 +02:00
e73c759491
More curve updates
2011-07-08 11:08:31 +02:00
328931d079
implement (part of) ecdsa256/384
2011-07-08 10:41:07 +02:00
582766d6fe
Tweaks preparing for ECC
2011-07-07 11:19:57 +02:00
df10cc187e
Add the new hashes
2011-07-07 10:00:42 +02:00
7cc28a94e9
Fix funkensturm signing
...
make LabelCount public account.
2011-07-06 21:50:23 +02:00
ffd7a5acb6
documentation
2011-03-30 15:44:28 +02:00
8a4647ec22
documentation
2011-03-30 15:35:49 +02:00
f44bf2d656
Formatting
2011-03-24 09:24:24 +01:00
d8d4d000bc
Fix test and robustness
2011-03-24 09:02:19 +01:00
3af023bda9
Use bufio.Reader in private key reading
2011-03-23 16:10:15 +01:00
bc4d7ed748
add this example too
2011-03-22 09:13:25 +01:00
50ecc8d2a6
the comments
2011-03-15 19:41:28 +01:00
115309962a
Add const for KSK/ZSK and REVOKE
2011-03-03 11:45:33 +01:00
2b5a97570a
Made a start with ixfr
2011-02-24 21:44:55 +01:00
98e4b33cb5
formatting and documentation
2011-02-24 16:22:14 +01:00
71b860e0d3
comment updates
2011-02-24 15:31:58 +01:00
266ed16e72
refactor the rrset to signedata function
2011-02-24 15:29:36 +01:00
9ea988d5fa
doc update
2011-02-11 22:21:41 +01:00
1e111c9571
Make it work with the new Go release
2011-02-02 09:05:25 +01:00
8fbcb3e408
loose the dns. prefix
2011-01-27 20:43:55 +01:00
bc53ca75e1
some buf sizes
2011-01-27 20:30:16 +01:00
f934968d00
remove printlns
2011-01-27 20:24:58 +01:00
13574b6c97
use DefaultMsgSize
2011-01-27 09:38:52 +01:00
0e0c6fd024
use DefaultMsgSize
2011-01-27 09:38:30 +01:00
d9dfd913a7
documentation updates
2011-01-27 09:29:11 +01:00
7e1f9490f2
Cert RR added
...
PubKey is named PublicKey in the RR_DNSKEY
2011-01-25 13:57:54 +01:00
fc0ffa20f7
Not possible to create keytag from privkey alone
2011-01-18 11:43:08 +01:00
68e0e0b1be
Set the algorithm too in the test
2011-01-18 11:34:48 +01:00
3df903d6e6
Small signing tweaks
...
* Get more info from the rrset your are signing
* Still todo, calculate publickey and keytag etc.
2011-01-18 11:25:47 +01:00
9eea4682fd
Fix documentation
2011-01-17 21:10:48 +01:00
96a55dee9b
Less verbose tests
2011-01-17 20:29:40 +01:00
48cbf55a23
completely fix private key reading
2011-01-17 20:18:51 +01:00
1f6a221bd8
Private key completely works. Can read BIND9 files
2011-01-17 19:52:28 +01:00
ea08cb2d7b
Fix all exponent issues in rsa keys
2011-01-17 18:13:52 +01:00
2041cffcfc
Fix exp 65537 in RSA keys
2011-01-17 17:55:58 +01:00
d086722c36
Add rrset check function
2011-01-16 20:07:17 +01:00
2cfa45408d
trying to set the pubkey from the private key
2011-01-16 18:37:29 +01:00
54f158c23d
Helper functions for base64 encoding/decoding
2011-01-15 10:38:14 +01:00
15bf984f3f
LabelCount() made public and various other tweaks
2011-01-14 18:55:18 +01:00
ab4a5b5477
Love interfaces
...
Using interfaces to make key.Generate and Sign much more generic
2011-01-14 18:25:36 +01:00
0c95585952
Signing works, dont know yet if it would validate
2011-01-14 13:22:24 +01:00
67230e9759
Fixed signing stuff (doesn't work yet)
...
Need a nice priv-key representation to make it all work
2011-01-14 12:10:54 +01:00
a60238bdde
Remove unwanted wire conversion functions
2011-01-14 11:57:28 +01:00
728b575b60
Make signing a method of DNSKEY
2011-01-13 17:14:14 +01:00
4f8537dde2
incorp. in the main dns package
2011-01-09 20:00:37 +01:00
42ce4d3085
Fix tsig -- needs testing
2011-01-09 15:54:23 +01:00
19edd05274
Fold dnssec back into dns
...
It is more natural. Otherwise tsig and tkey needed to be
put in their own packages
2011-01-09 10:31:23 +01:00
15dd65171b
Split the package in multiple packages
...
dns - the standard rrtypes and such
dnssec - validation, keytag calculation, etc
resolver - for talking to servers
2010-12-30 13:42:52 +01:00
bc624181dc
More dnssec stuff added
2010-12-30 09:24:40 +01:00
ac43aed00f
Extracted the pubkey from a DNSKEY record
2010-12-29 16:34:53 +01:00
504ab27f6f
en weer terug
2010-12-29 16:12:01 +01:00
de5b30f781
zo dan
2010-12-29 16:11:23 +01:00
5ced9e2152
almost ready for DNSSEC validation
...
only need call the crypto/rsa func
2010-12-28 14:57:30 +01:00
0cea39ac49
Second stab a DNSSEC validation
...
- still need: sorting, numOfLabels, wildcard handling
2010-12-28 10:40:20 +01:00
e339e8bce6
more tests
2010-12-28 10:17:27 +01:00
c1d45f507e
First stab at DNSSEC validation
2010-12-28 09:49:45 +01:00
4ed14b9785
More cleansup and robustness
...
* make the resolver more robust
* more dnssec functions
2010-12-28 09:41:54 +01:00
8dbefdd3f1
Add key2ds conversion
...
More DNSSEC pieces are coming together
2010-12-27 13:56:58 +01:00
36b181f65a
Add keytag calculation
...
Still slow, but it is working. Added testcase for this too
2010-12-27 12:49:48 +01:00
830b2eae29
add hex encoding for DS record
...
* some more edns finishing touches
2010-12-27 09:58:45 +01:00
b634118257
add function prototype for to be implemented functions
2010-12-25 13:13:32 +01:00
70552b49ca
More stuff added, first stab at using hashing functions
2010-12-25 11:43:12 +01:00
65caf6f891
Documentation!
...
Make the packet documentation much nicer.
2010-12-25 11:14:11 +01:00
fd9afcb44d
Add signature helper function
...
Do this in dnssec.go so that all DNSSEC stuff in contained
in that file.
Add testing too
2010-12-24 11:50:42 +01:00
92d09fcfc1
prepare stuff for DNSSEC
2010-12-24 10:59:15 +01:00
Miek Gieben
Peter van Dijk
Taral