Created
September 8, 2014 19:53
-
-
Save FiloSottile/014127ce8bf88594ec77 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Copyright 2014 CoudFlare. All rights reserved. | |
| // Use of this source code is governed by a BSD-style | |
| // license that can be found in the LICENSE file. | |
| package dns | |
| import ( | |
| "reflect" | |
| "testing" | |
| ) | |
| // Here the test vectors from the relevant RFCs are checked. | |
| // rfc6605 6.1 | |
| func TestRFC6605P256(t *testing.T) { | |
| exDNSKEY := `example.net. 3600 IN DNSKEY 257 3 13 ( | |
| GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb | |
| krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )` | |
| exPriv := `Private-key-format: v1.2 | |
| Algorithm: 13 (ECDSAP256SHA256) | |
| PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=` | |
| rrDNSKEY, err := NewRR(exDNSKEY) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| priv, err := rrDNSKEY.(*DNSKEY).NewPrivateKey(exPriv) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| exDS := `example.net. 3600 IN DS 55648 13 2 ( | |
| b4c8c1fe2e7477127b27115656ad6256f424625bf5c1 | |
| e2770ce6d6e37df61d17 )` | |
| rrDS, err := NewRR(exDS) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| ourDS := rrDNSKEY.(*DNSKEY).ToDS(SHA256) | |
| if !reflect.DeepEqual(ourDS, rrDS.(*DS)) { | |
| t.Errorf("DS record differs:\n%v\n%v\n", ourDS, rrDS.(*DS)) | |
| } | |
| exA := `www.example.net. 3600 IN A 192.0.2.1` | |
| exRRSIG := `www.example.net. 3600 IN RRSIG A 13 3 3600 ( | |
| 20100909100439 20100812100439 55648 example.net. | |
| qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA | |
| yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )` | |
| rrA, err := NewRR(exA) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| rrRRSIG, err := NewRR(exRRSIG) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| if err = rrRRSIG.(*RRSIG).Verify(rrDNSKEY.(*DNSKEY), []RR{rrA}); err != nil { | |
| t.Errorf("Failure to validate the spec RRSIG: %v", err) | |
| } | |
| ourRRSIG := &RRSIG{ | |
| Hdr: RR_Header{ | |
| Ttl: rrA.Header().Ttl, | |
| }, | |
| KeyTag: rrDNSKEY.(*DNSKEY).KeyTag(), | |
| SignerName: rrDNSKEY.(*DNSKEY).Hdr.Name, | |
| Algorithm: rrDNSKEY.(*DNSKEY).Algorithm, | |
| } | |
| ourRRSIG.Expiration, _ = StringToTime("20100909100439") | |
| ourRRSIG.Inception, _ = StringToTime("20100812100439") | |
| err = ourRRSIG.Sign(priv, []RR{rrA}) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| if err = ourRRSIG.Verify(rrDNSKEY.(*DNSKEY), []RR{rrA}); err != nil { | |
| t.Errorf("Failure to validate our RRSIG: %v", err) | |
| } | |
| // Signatures are randomized | |
| rrRRSIG.(*RRSIG).Signature = "" | |
| ourRRSIG.Signature = "" | |
| if !reflect.DeepEqual(ourRRSIG, rrRRSIG.(*RRSIG)) { | |
| t.Fatalf("RRSIG record differs:\n%v\n%v\n", ourRRSIG, rrRRSIG.(*RRSIG)) | |
| } | |
| } | |
| // rfc6605 6.2 | |
| func TestRFC6605P384(t *testing.T) { | |
| exDNSKEY := `example.net. 3600 IN DNSKEY 257 3 14 ( | |
| xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1 | |
| w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8 | |
| /uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40 )` | |
| exPriv := `Private-key-format: v1.2 | |
| Algorithm: 14 (ECDSAP384SHA384) | |
| PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vwW7BOrbawVmVe0d9V94SR` | |
| rrDNSKEY, err := NewRR(exDNSKEY) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| priv, err := rrDNSKEY.(*DNSKEY).NewPrivateKey(exPriv) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| exDS := `example.net. 3600 IN DS 10771 14 4 ( | |
| 72d7b62976ce06438e9c0bf319013cf801f09ecc84b8 | |
| d7e9495f27e305c6a9b0563a9b5f4d288405c3008a94 | |
| 6df983d6 )` | |
| rrDS, err := NewRR(exDS) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| ourDS := rrDNSKEY.(*DNSKEY).ToDS(SHA384) | |
| if !reflect.DeepEqual(ourDS, rrDS.(*DS)) { | |
| t.Fatalf("DS record differs:\n%v\n%v\n", ourDS, rrDS.(*DS)) | |
| } | |
| exA := `www.example.net. 3600 IN A 192.0.2.1` | |
| exRRSIG := `www.example.net. 3600 IN RRSIG A 14 3 3600 ( | |
| 20100909102025 20100812102025 10771 example.net. | |
| /L5hDKIvGDyI1fcARX3z65qrmPsVz73QD1Mr5CEqOiLP | |
| 95hxQouuroGCeZOvzFaxsT8Glr74hbavRKayJNuydCuz | |
| WTSSPdz7wnqXL5bdcJzusdnI0RSMROxxwGipWcJm )` | |
| rrA, err := NewRR(exA) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| rrRRSIG, err := NewRR(exRRSIG) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| if err = rrRRSIG.(*RRSIG).Verify(rrDNSKEY.(*DNSKEY), []RR{rrA}); err != nil { | |
| t.Errorf("Failure to validate the spec RRSIG: %v", err) | |
| } | |
| ourRRSIG := &RRSIG{ | |
| Hdr: RR_Header{ | |
| Ttl: rrA.Header().Ttl, | |
| }, | |
| KeyTag: rrDNSKEY.(*DNSKEY).KeyTag(), | |
| SignerName: rrDNSKEY.(*DNSKEY).Hdr.Name, | |
| Algorithm: rrDNSKEY.(*DNSKEY).Algorithm, | |
| } | |
| ourRRSIG.Expiration, _ = StringToTime("20100909102025") | |
| ourRRSIG.Inception, _ = StringToTime("20100812102025") | |
| err = ourRRSIG.Sign(priv, []RR{rrA}) | |
| if err != nil { | |
| t.Fatal(err.Error()) | |
| } | |
| if err = ourRRSIG.Verify(rrDNSKEY.(*DNSKEY), []RR{rrA}); err != nil { | |
| t.Errorf("Failure to validate our RRSIG: %v", err) | |
| } | |
| // Signatures are randomized | |
| rrRRSIG.(*RRSIG).Signature = "" | |
| ourRRSIG.Signature = "" | |
| if !reflect.DeepEqual(ourRRSIG, rrRRSIG.(*RRSIG)) { | |
| t.Fatalf("RRSIG record differs:\n%v\n%v\n", ourRRSIG, rrRRSIG.(*RRSIG)) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment