Merge commit 'upstream/0.15'
Ondrej Sury
14 years ago
0 | 0 | Revision history for Perl extension Net::DNS::SEC. |
1 | 1 | |
2 | ***0.15 December 31, 2008 | |
3 | ||
4 | ||
5 | Fix: digestbin not set when an empty value passed to hash. | |
6 | ||
7 | Feature: Added DLV (rfcc 4431). The RR object is simply a clone of | |
8 | the DS RR and inherits ... everything | |
9 | ||
10 | Feature: Added NSEC3 and NSEC3PARAM support (RFC5155). | |
11 | This adds Mime::Base32 to the module dependency list. | |
12 | The RR type was still experimental at that time and is maintained | |
13 | in Net::DNS::RR. | |
14 | ||
15 | Fix: Test script recognizes change in Time::Local. Note that | |
16 | Time::Local does not deal with dates beyond 03:14:07 UTC on | |
17 | Tuesday, 19 January 2038. Therefore this code has a year 2038 | |
18 | problem. | |
19 | ||
20 | Fix: DS create_from_hash now produces objects that can create | |
21 | wireformat. | |
22 | ||
23 | Other: minor changes to the debug statements | |
24 | added t/05-rr.t (and identified a couple of bugs using it) | |
25 | ||
26 | Fix: a few inconsistencies with respect to parsing of trailing dots. | |
27 | ||
28 | ||
29 | During development the test signatures generated with the BIND tools | |
30 | were re-generated in order to troubleshoot a bug that (most | |
31 | probably) was caused by a version incompatibility between Net::DNS | |
32 | and Net::DNS::SEC. Before release the original test from the 0.14 | |
33 | release were ran against this version too. | |
34 | ||
35 | ||
36 | ||
2 | 37 | |
3 | 38 | 0.14 February 14, 2005 |
4 | 39 | |
341 | 376 | |
342 | 377 | 0.19-DNSSEC-0.3: |
343 | 378 | Solved patch problems that where due to the |
344 | $Id: Changes 557 2006-02-14 10:07:46Z olaf $ in headers not | |
379 | $Id: Changes 769 2008-12-30 16:42:20Z olaf $ in headers not | |
345 | 380 | being from the original distribution. |
346 | 381 | |
347 | 382 | Added DSA signature creation |
373 | 408 | |
374 | 409 | |
375 | 410 | --------------------------------------------------------------------------- |
376 | $Id: Changes 557 2006-02-14 10:07:46Z olaf $ | |
411 | $Id: Changes 769 2008-12-30 16:42:20Z olaf $ |
0 | 0 | |
1 | # $Id: Keyset.pm 269 2005-04-13 13:12:04Z olaf $ | |
1 | # $Id: Keyset.pm 728 2008-10-12 09:02:24Z olaf $ | |
2 | 2 | |
3 | 3 | |
4 | 4 | package Net::DNS::Keyset; |
36 | 36 | |
37 | 37 | use vars qw ( $VERSION @EXPORT $keyset_err ); |
38 | 38 | |
39 | ( $VERSION ) = '$Revision: 269 $ ' =~ /\$Revision:\s+([^\s]+)/; | |
39 | ( $VERSION ) = '$Revision: 728 $ ' =~ /\$Revision:\s+([^\s]+)/; | |
40 | 40 | |
41 | 41 | my $debug=0; |
42 | 42 | |
537 | 537 | $sig->signame .":". $sig->keytag . "\n" if $debug; |
538 | 538 | |
539 | 539 | if ($key->keytag == $sig->keytag && |
540 | $key->name."." eq $sig->signame ){ | |
540 | $key->name."." eq $sig->signame."." ){ | |
541 | 541 | print "...\n" if $debug; |
542 | 542 | my @keys=$self->keys ; |
543 | 543 | if (! $sig->verify( \@keys , $key)){ |
10 | 10 | RR/DS.pm |
11 | 11 | RR/KEY.pm |
12 | 12 | RR/NSEC.pm |
13 | RR/NSEC3.pm | |
14 | RR/NSEC3PARAM.pm | |
13 | 15 | RR/NXT.pm |
14 | 16 | RR/RRSIG.pm |
15 | 17 | RR/SIG.pm |
18 | RR/DLV.pm | |
16 | 19 | SEC.pm |
17 | 20 | SEC/Private.pm |
18 | 21 | t/00-load.t |
27 | 30 | t/12-nsec++.t |
28 | 31 | t/13-utilities.t |
29 | 32 | t/14-misc.t |
33 | t/15-ds.t | |
34 | t/16-dlv.t | |
30 | 35 | t/getpacket.pl |
31 | 36 | t/Kexample.com.+001+28551.private |
32 | 37 | t/Kexample.com.+001+28551.key |
0 | 0 | # http://module-build.sourceforge.net/META-spec.html |
1 | 1 | #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX# |
2 | 2 | name: Net-DNS-SEC |
3 | version: 0.14 | |
3 | version: 0.15 | |
4 | 4 | version_from: SEC.pm |
5 | 5 | installdirs: site |
6 | 6 | requires: |
12 | 12 | Digest::SHA1: 0 |
13 | 13 | File::Basename: 0 |
14 | 14 | Math::BigInt: 0 |
15 | MIME::Base32: 0 | |
15 | 16 | MIME::Base64: 0 |
16 | Net::DNS: 0.44 | |
17 | Net::DNS: 0.64 | |
17 | 18 | Test::More: 0.47 |
18 | 19 | Time::Local: 0 |
19 | 20 | |
20 | 21 | distribution_type: module |
21 | generated_by: ExtUtils::MakeMaker version 6.17 | |
22 | generated_by: ExtUtils::MakeMaker version 6.30 |
0 | 0 | # |
1 | # $Id: Makefile.PL 527 2005-12-09 10:51:06Z olaf $ | |
1 | # $Id: Makefile.PL 728 2008-10-12 09:02:24Z olaf $ | |
2 | 2 | # |
3 | 3 | |
4 | 4 | |
24 | 24 | 'NAME' => 'Net::DNS::SEC', |
25 | 25 | 'VERSION_FROM' => 'SEC.pm', |
26 | 26 | 'PREREQ_PM' => { |
27 | Net::DNS => 0.44, | |
27 | Net::DNS => 0.64, | |
28 | 28 | Test::More => 0.47, |
29 | 29 | Crypt::OpenSSL::RSA => 0.19, |
30 | 30 | Crypt::OpenSSL::Bignum => 0.03, |
32 | 32 | Digest::SHA => 5.23, |
33 | 33 | File::Basename => 0.0, |
34 | 34 | MIME::Base64 => 0.0, |
35 | MIME::Base32 => 0.0, | |
35 | 36 | Math::BigInt => 0.0, |
36 | 37 | Time::Local => 0.0, |
37 | 38 | Digest::BubbleBabble => 0.01, |
44 | 45 | 'SEC.pm' => '$(INST_LIBDIR)/SEC.pm', |
45 | 46 | 'SEC/Private.pm' => '$(INST_LIBDIR)/SEC/Private.pm', |
46 | 47 | 'RR/DS.pm' => '$(INST_LIBDIR)/RR/DS.pm', |
48 | 'RR/DLV.pm' => '$(INST_LIBDIR)/RR/DLV.pm', | |
47 | 49 | 'RR/NXT.pm' => '$(INST_LIBDIR)/RR/NXT.pm', |
48 | 50 | 'RR/KEY.pm' => '$(INST_LIBDIR)/RR/KEY.pm', |
49 | 51 | 'RR/SIG.pm' => '$(INST_LIBDIR)/RR/SIG.pm', |
50 | 52 | 'RR/RRSIG.pm' => '$(INST_LIBDIR)/RR/RRSIG.pm', |
51 | 53 | 'RR/DNSKEY.pm' => '$(INST_LIBDIR)/RR/DNSKEY.pm', |
52 | 54 | 'RR/NSEC.pm' => '$(INST_LIBDIR)/RR/NSEC.pm', |
55 | 'RR/NSEC3.pm' => '$(INST_LIBDIR)/RR/NSEC3.pm', | |
56 | 'RR/NSEC3PARAM.pm' => '$(INST_LIBDIR)/RR/NSEC3PARAM.pm', | |
53 | 57 | }, |
54 | 58 | |
55 | clean => {FILES => "*~ keyset-*"} | |
59 | clean => {FILES => "*~ t/keyset-*"} | |
56 | 60 | |
57 | 61 | ); |
58 | 62 |
0 | package Net::DNS::RR::DLV; | |
1 | # | |
2 | # $Id: DLV.pm 580 2006-04-20 15:56:57Z olaf $ | |
3 | # | |
4 | use strict; | |
5 | BEGIN { | |
6 | eval { require bytes; } | |
7 | } | |
8 | use vars qw(@ISA $VERSION); | |
9 | use Net::DNS::RR::DS; | |
10 | ||
11 | ||
12 | @ISA = qw(Net::DNS::RR::DS); | |
13 | $VERSION = (qw$LastChangedRevision: 580 $)[1]; | |
14 | ||
15 | ||
16 | ||
17 | =head1 NAME | |
18 | ||
19 | Net::DNS::RR::DLV - DNS DLV resource record | |
20 | ||
21 | =head1 SYNOPSIS | |
22 | ||
23 | C<use Net::DNS::RR>; | |
24 | ||
25 | =head1 DESCRIPTION | |
26 | ||
27 | This is a clone of the DS record. This class therfore completely inherits | |
28 | all properties of the Net::DNS::RR::DS class. | |
29 | ||
30 | Please see the L<Net::DNS::RR::DS> perldocumentation for details | |
31 | ||
32 | =head1 COPYRIGHT | |
33 | ||
34 | Copyright (c) 2005 Olaf Kolkman (NLnet Labs) | |
35 | ||
36 | All rights reserved. This program is free software; you may redistribute | |
37 | it and/or modify it under the same terms as Perl itself. | |
38 | ||
39 | =head1 SEE ALSO | |
40 | ||
41 | L<perl(1)>, L<Net::DNS>, L<Net::DNS::Resolver>, L<Net::DNS::Packet>, | |
42 | L<Net::DNS::Header>, L<Net::DNS::Question>, L<Net::DNS::RR>, | |
43 | RFC4431. | |
44 | ||
45 | ||
46 | =cut | |
47 |
0 | 0 | package Net::DNS::RR::DS; |
1 | 1 | |
2 | # $Id: DS.pm 518 2005-11-23 13:23:53Z olaf $ | |
2 | # $Id: DS.pm 728 2008-10-12 09:02:24Z olaf $ | |
3 | 3 | |
4 | 4 | |
5 | 5 | use strict; |
21 | 21 | |
22 | 22 | |
23 | 23 | |
24 | $VERSION = do { my @r=(q$Revision: 518 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
24 | $VERSION = do { my @r=(q$Revision: 728 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
25 | 25 | my $debug=0; |
26 | 26 | |
27 | 27 | @ISA = qw(Net::DNS::RR); |
104 | 104 | |
105 | 105 | sub rr_rdata { |
106 | 106 | my $self = shift; |
107 | ||
108 | 107 | my $rdata; |
109 | if (exists $self->{"keytag"}) { | |
110 | $rdata= pack("n",$self->{"keytag"}) ; | |
111 | $rdata.= pack("C", $self->{"algorithm"}) ; | |
112 | $rdata.= pack("C", $self->{"digtype"}) ; | |
113 | $rdata.= $self->{"digestbin"} | |
108 | if (exists $self->{"digest"}) { | |
109 | $rdata= pack("n",$self->{"keytag"}) ; | |
110 | $rdata.= pack("C", $self->{"algorithm"}) ; | |
111 | $rdata.= pack("C", $self->{"digtype"}) ; | |
112 | $rdata.= $self->digestbin; | |
114 | 113 | } |
115 | 114 | return $rdata; |
116 | 115 | } |
134 | 133 | sub babble { |
135 | 134 | my $self=shift; |
136 | 135 | if ($_Babble){ |
137 | return bubblebabble(Digest=>$self->digestbin); | |
136 | return bubblebabble(Digest=>$self->digestbin); | |
138 | 137 | }else{ |
139 | 138 | return(""); |
140 | 139 | } |
141 | 140 | } |
142 | 141 | |
142 | ||
143 | sub digestbin { | |
144 | my ($self,$new_val)=@_; | |
145 | ||
146 | if (defined $new_val) { | |
147 | $self->{"digestbin"} = $new_val; | |
148 | $self->{"digest"} = unpack("H*",$new_val); | |
149 | return $self->{"digestbin"}; | |
150 | } | |
151 | ||
152 | ||
153 | $self->{"digestbin"}=pack("H*",$self->{"digest"}) unless( $self->{"digestbin"} ); | |
154 | return $self->{"digestbin"}; | |
155 | ||
156 | ||
157 | } | |
143 | 158 | |
144 | 159 | sub create { |
145 | 160 | my ($class, $keyrr ,%args) = @_; |
0 | 0 | package Net::DNS::RR::NSEC; |
1 | 1 | |
2 | # $Id: NSEC.pm 510 2005-11-05 01:01:45Z olaf $ | |
2 | # $Id: NSEC.pm 728 2008-10-12 09:02:24Z olaf $ | |
3 | 3 | |
4 | 4 | use strict; |
5 | 5 | use vars qw(@ISA $VERSION); |
12 | 12 | use Carp; |
13 | 13 | |
14 | 14 | @ISA = qw(Net::DNS::RR); |
15 | $VERSION = do { my @r=(q$Revision: 510 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
15 | $VERSION = do { my @r=(q$Revision: 728 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
16 | 16 | |
17 | 17 | sub new { |
18 | 18 | my ($class, $self, $data, $offset) = @_; |
21 | 21 | my($nxtdname,$nxtoffset) = |
22 | 22 | Net::DNS::Packet::dn_expand($data, $offset); |
23 | 23 | |
24 | $self->{"nxtdname"} = "$nxtdname"; | |
24 | $self->{"nxtdname"} = $nxtdname; | |
25 | 25 | |
26 | 26 | my $typebm =substr($$data,$nxtoffset, |
27 | 27 | $self->{"rdlength"}- |
45 | 45 | $string =~ /^\s*(\S+)\s+(.*)/; |
46 | 46 | my @nxttypes = split ' ' , $nxtstr; # everything after last match... |
47 | 47 | |
48 | $self->{"nxtdname"}= $nxtdname; | |
48 | $self->{"nxtdname"}= Net::DNS::stripdot($nxtdname); | |
49 | 49 | $self->{"typelist"}= join " " , sort @nxttypes ; |
50 | 50 | $self->{"typebm"}=_typearray2typebm(@nxttypes); |
51 | 51 | |
74 | 74 | |
75 | 75 | |
76 | 76 | if (exists $self->{"nxtdname"}) { |
77 | $rdatastr = $self->{nxtdname}; | |
77 | $rdatastr = $self->{nxtdname}."."; | |
78 | 78 | $rdatastr .= " " . $self->typelist(); |
79 | 79 | } |
80 | 80 | else { |
91 | 91 | my $rdata = "" ; |
92 | 92 | if (exists $self->{"nxtdname"}) { |
93 | 93 | # Compression used here... |
94 | $rdata = $packet->dn_comp($self->{"nxtdname"},$offset); | |
94 | $rdata = $packet->dn_comp(($self->{"nxtdname"}),$offset); | |
95 | 95 | $rdata .= $self->typebm(); |
96 | 96 | } |
97 | 97 | |
98 | 98 | return $rdata; |
99 | 99 | |
100 | 100 | } |
101 | ||
102 | ||
103 | ||
104 | ||
105 | sub _normalize_dnames { | |
106 | my $self=shift; | |
107 | $self->_normalize_ownername(); | |
108 | $self->{'nxtdname'}=lc(Net::DNS::stripdot($self->{'nxtdname'})) if defined $self->{'nxtdname'}; | |
109 | } | |
110 | ||
111 | ||
101 | 112 | |
102 | 113 | |
103 | 114 | |
131 | 142 | |
132 | 143 | |
133 | 144 | sub _canonicalRdata { |
134 | # rdata contains a compressed domainname... we should not have that. | |
145 | # rdata contains a compressed domainname... that should not have | |
146 | # been done @specification time :-) | |
135 | 147 | my ($self) = @_; |
136 | 148 | my $rdata; |
137 | 149 | $rdata=$self->_name2wire($self->{"nxtdname"}); |
170 | 182 | # Turn the array of arrays referenced through $bm into the bitmap |
171 | 183 | # as used in the RDATA |
172 | 184 | |
173 | ||
174 | 185 | for (my $i=0; $i < @{$bm}; $i++){ |
175 | 186 | if (defined ($bm->[$i])){ |
176 | 187 | use integer; |
0 | package Net::DNS::RR::NSEC3; | |
1 | # | |
2 | # $Id: NSEC3.pm 767 2008-12-24 10:02:25Z olaf $ | |
3 | ||
4 | use strict; | |
5 | require Exporter; | |
6 | ||
7 | use vars qw( | |
8 | @ISA | |
9 | $VERSION | |
10 | @EXPORT_OK | |
11 | %digestbyname | |
12 | %digestbyval | |
13 | ); | |
14 | ||
15 | ||
16 | use Carp; | |
17 | use bytes; | |
18 | use MIME::Base64; | |
19 | use MIME::Base32; | |
20 | ||
21 | use Digest::SHA qw(sha1 sha1_hex sha256 sha256_hex ); | |
22 | ||
23 | use Net::DNS qw( name2labels ); | |
24 | use Net::DNS::SEC; | |
25 | use Net::DNS::Packet; | |
26 | use Net::DNS::RR::NSEC; | |
27 | ||
28 | ||
29 | #http://www.iana.org/assignments/dnssec-nsec3-parameters | |
30 | %digestbyname = ( | |
31 | "SHA1" => 1, | |
32 | ); | |
33 | ||
34 | @EXPORT_OK= qw ( | |
35 | name2hash | |
36 | ); | |
37 | ||
38 | ||
39 | # Inherit a couple of methods from NSEC. | |
40 | @ISA = qw(Exporter Net::DNS::SEC Net::DNS::RR Net::DNS::RR::NSEC); | |
41 | ||
42 | ||
43 | ||
44 | $VERSION = do { my @r=(q$Revision: 510 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
45 | ||
46 | sub new { | |
47 | my ($class, $self, $data, $offset) = @_; | |
48 | ||
49 | if ($self->{'rdlength'} > 0) { | |
50 | ||
51 | # section 3.1 of NSEC3 specs | |
52 | # 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 | |
53 | # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
54 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
55 | # | Hash Alg. | Flags Field | Iterations | | |
56 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
57 | # | Salt Length | Salt / | |
58 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
59 | # | Hash Length | Next Hashed Ownername / | |
60 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
61 | # / Type Bit Maps / | |
62 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
63 | ||
64 | my $offsettoits=$offset+2; | |
65 | my $offsettoflags=$offset+1; | |
66 | my $offsettosaltlength=$offset+4; | |
67 | my $offsettosalt=$offset+5; | |
68 | $self->{'hashalgo'}=unpack("C",substr($$data,$offset,1)); | |
69 | $self->{'flags'}=unpack("C",substr($$data,$offsettoflags,1)); | |
70 | $self->{'iterations'}=unpack("n",substr($$data,$offsettoits,3)); | |
71 | ||
72 | $self->{'saltlength'}=unpack("C",substr($$data,$offsettosaltlength,1)); | |
73 | $self->{'saltbin'}=substr($$data,$offsettosalt,$self->{'saltlength'}); | |
74 | $self->{'salt'}= unpack("H*",$self->{'saltbin'}); | |
75 | ||
76 | my $offsettohashlength= $offsettosalt+$self->{'saltlength'}; | |
77 | $self->{'hashlength'}=unpack("C",substr($$data,$offsettohashlength,1)); | |
78 | ||
79 | $self->{'hnxtnamebin'}=substr($$data,$offsettohashlength+1,$self->{'hashlength'}); | |
80 | $self->{'hnxtname'}=MIME::Base32::encode $self->{'hnxtnamebin'}; | |
81 | my $offsettotypebm=$offsettohashlength+1+$self->{'hashlength'}; | |
82 | ||
83 | my $typebm =substr($$data,$offsettotypebm, $self->{'rdlength'}-$offsettotypebm +$offset ); | |
84 | ||
85 | ||
86 | $self->{'typebm'}=$typebm; | |
87 | $self->{'typelist'} = join " " | |
88 | , Net::DNS::RR::NSEC::_typebm2typearray($typebm); | |
89 | ||
90 | } | |
91 | bless $self, $class; | |
92 | return $self; | |
93 | } | |
94 | ||
95 | ||
96 | ||
97 | ||
98 | sub new_from_string { | |
99 | my ($class, $self, $string) = @_; | |
100 | if ($string) { | |
101 | $string =~ tr/()//d; | |
102 | $string =~ s/;.*$//mg; | |
103 | $string =~ s/\n//mg; | |
104 | ||
105 | my ($hashalgo,$flags,$iterations,$salt,$hnxtname,$nxtstr)= | |
106 | $string =~ /^\s*(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(\S+)\s?(.*)/; | |
107 | my @nxttypes = split ' ' , $nxtstr; # everything after last match... | |
108 | ||
109 | bless $self, $class; | |
110 | ||
111 | # This assumes that the digest type allocations follow the assignments as used for DS... | |
112 | ||
113 | #overwrite the digestby name table used by Net::DNS::SEC digtype | |
114 | $self->{'hashalgo'}=$self->digtype($hashalgo) || | |
115 | return undef; | |
116 | $self->{'flags'}=$flags; | |
117 | $self->{'iterations'}=$iterations; | |
118 | if ($salt eq '-') {$salt=''}; | |
119 | $self->{'salt'}=$salt; | |
120 | $self->{'saltbin'}=pack("H*",$salt); | |
121 | $self->{'saltlength'}=length $self->{saltbin}; | |
122 | ||
123 | $self->{'hnxtname'}= Net::DNS::stripdot($hnxtname); | |
124 | $self->{'hnxtnamebin'}=MIME::Base32::decode uc $hnxtname; | |
125 | ||
126 | $self->{'typelist'}= join " " , sort @nxttypes ; | |
127 | $self->{'typebm'}=Net::DNS::RR::NSEC::_typearray2typebm(@nxttypes); | |
128 | ||
129 | } | |
130 | return $self; | |
131 | } | |
132 | ||
133 | ||
134 | ||
135 | ||
136 | sub rdatastr | |
137 | { | |
138 | my $self = shift; | |
139 | my $rdatastr; | |
140 | if (exists $self->{hashalgo}) | |
141 | { | |
142 | $rdatastr .= $self->{hashalgo} ." "; | |
143 | $rdatastr .= $self->{flags}." "; | |
144 | $rdatastr .= $self->{iterations}. " "; | |
145 | $rdatastr .= $self->salt()." "; | |
146 | ||
147 | $rdatastr .= "(\n\t\t\t"; | |
148 | $rdatastr .= $self->{hnxtname} . "\n"; | |
149 | $rdatastr .= "\t\t\t$self->{typelist} )"; | |
150 | } | |
151 | else | |
152 | { | |
153 | $rdatastr = "; no data" | |
154 | } | |
155 | $rdatastr | |
156 | } | |
157 | ||
158 | sub rr_rdata { | |
159 | my ($self, $packet, $offset) = @_; | |
160 | ||
161 | my $rdata = "" ; | |
162 | ||
163 | if (exists $self->{'hnxtname'}) { | |
164 | $rdata = pack("C",$self->{'hashalgo'}); | |
165 | $rdata .= pack("C", $self->{'flags'} ); | |
166 | $rdata .= pack("n", $self->{'iterations'} ); | |
167 | ||
168 | unless( exists $self->{'saltbin'}) { | |
169 | if ($self->{'salt'} eq "-"){ | |
170 | $self->{'saltbin'}=""; | |
171 | }else{ | |
172 | $self->{'saltbin'}=pack("H*",$self->{'salt'}) | |
173 | } | |
174 | } | |
175 | $rdata.= pack("C",length($self->{'saltbin'})); | |
176 | $rdata .= $self->{'saltbin'}; | |
177 | ||
178 | $self->{'hnxtnamebin'}=MIME::Base32::decode(uc $self->{'hnxtname'}) unless | |
179 | exists $self->{'hnxtnamebin'} ; | |
180 | $rdata.= pack("C",length($self->{'hnxtnamebin'})); | |
181 | $rdata .= $self->{'hnxtnamebin'}; | |
182 | $rdata .= $self->typebm(); | |
183 | ||
184 | } | |
185 | return $rdata; | |
186 | } | |
187 | ||
188 | ||
189 | sub _normalize_dnames { | |
190 | my $self=shift; | |
191 | $self->_normalize_ownername(); | |
192 | $self->{'hnxtname'}= Net::DNS::stripdot($self->{'hnxtname'}) if defined $self->{'hnxtname'}; | |
193 | $self->{'hnxtnamebin'}=MIME::Base32::decode(uc $self->{'hnxtname'}); | |
194 | ||
195 | } | |
196 | ||
197 | ||
198 | ||
199 | ||
200 | sub salt { | |
201 | my ($self,$salt)=@_; | |
202 | if (defined $salt){ | |
203 | if ($salt eq "-"){ | |
204 | $self->{'salt'} = "" ; | |
205 | }else{ | |
206 | $self->{'salt'} = $salt ; | |
207 | unless ($salt =~ /^[0-9a-f]*$/i ) { | |
208 | # print "input ($salt) not hex" ; | |
209 | return undef; | |
210 | } | |
211 | $self->{'saltbin'} = pack("H*",$salt); | |
212 | } | |
213 | } | |
214 | return "-" if ($self->{'salt'} eq ""); | |
215 | return $self->{'salt'}; | |
216 | } | |
217 | ||
218 | ||
219 | sub name2hash { | |
220 | my $hashalg=shift; | |
221 | my $inname= lc shift; | |
222 | my $iterations=shift; | |
223 | my $saltbin=shift; | |
224 | ||
225 | my $hashfunc; | |
226 | if ($hashalg==1){ | |
227 | $hashfunc = sub {my $x=shift ; return sha1($x)}; | |
228 | }elsif($hashalg==2){ | |
229 | $hashfunc = sub {my $x=shift ; return sha256($x)}; | |
230 | }else{ | |
231 | return; | |
232 | } | |
233 | my $wirename=Net::DNS::RR->_name2wire($inname); | |
234 | my $i=0; | |
235 | for (0..$iterations) | |
236 | { | |
237 | $wirename=&$hashfunc($wirename.$saltbin); | |
238 | } | |
239 | return lc MIME::Base32::encode $wirename; | |
240 | ||
241 | ||
242 | } | |
243 | ||
244 | ||
245 | ||
246 | sub ownername { | |
247 | my $self=shift; | |
248 | if (defined $self->{'ownername'}){ | |
249 | return $self->{'ownername'}; | |
250 | }else{ | |
251 | return $self->{'ownername'} = (name2labels($self->name))[0] ; | |
252 | } | |
253 | ||
254 | } | |
255 | ||
256 | ||
257 | sub _zonelabels { | |
258 | # Extracts the labels that make up the zone from the owner name of the | |
259 | # record, simply by stripping the first label. | |
260 | # returns an array of labels in wire format. | |
261 | my $self=shift; | |
262 | unless (defined $self->{'zonelabels'}){ | |
263 | my @labels= (name2labels($self->name)) ; | |
264 | shift @labels; | |
265 | $self->{'zonelabels'} = \@labels ; | |
266 | ||
267 | } | |
268 | return @{$self->{'zonelabels'}}; | |
269 | } | |
270 | ||
271 | sub _zone { | |
272 | # Returns the result from the zonelabels method in presentation | |
273 | # format (without trailing dot | |
274 | my $self=shift; | |
275 | my $name; | |
276 | foreach my $label ($self->zonelabels){ | |
277 | $name .= wire2presentation($label) . "."; | |
278 | } | |
279 | chop($name); | |
280 | return $name; | |
281 | } | |
282 | ||
283 | ||
284 | sub optout { | |
285 | my ($self,$newval )= @_; | |
286 | if (defined ($newval)) { | |
287 | if ($newval){ | |
288 | $self->{'flags'} |= hex("0x01"); | |
289 | }else{ | |
290 | $self->{'flags'} &= ~hex("0x01"); | |
291 | } | |
292 | } | |
293 | ||
294 | return $self->{'flags'} & hex("0x01"); | |
295 | } | |
296 | ||
297 | ||
298 | ||
299 | ||
300 | sub covered { | |
301 | my $self=shift; | |
302 | my $domainname=shift; | |
303 | ||
304 | # first test if the domain name is in the NSEC zone. | |
305 | my @domainlabels=name2labels($domainname); | |
306 | my @zonelabels= $self->_zonelabels(); | |
307 | ||
308 | while (my $zlabel = pop @zonelabels ){ | |
309 | my $dlabel= pop @domainlabels; | |
310 | return 0 unless ($dlabel eq $zlabel) | |
311 | } | |
312 | ||
313 | my $hashedname= Net::DNS::RR::NSEC3::name2hash( | |
314 | $self->hashalgo, | |
315 | $domainname, | |
316 | $self->iterations, | |
317 | $self->saltbin, | |
318 | ); | |
319 | ||
320 | if ( ($self->ownername() cmp $self->hnxtname() )== 1 ) { | |
321 | # last name in the zone. | |
322 | return 1 if ( ( $hashedname cmp $self->hnxtname() ) == 1 ); | |
323 | return 1 if ( ( $hashedname cmp $self->ownername() ) == -1 ); | |
324 | } | |
325 | elsif ( ($self->ownername() cmp $self->hnxtname() )== 0 ) { | |
326 | # One entry in the zone. | |
327 | return 1; | |
328 | }else{ | |
329 | return 1 if ( ($self->ownername() cmp $hashedname) == -1 ) | |
330 | && | |
331 | ( ( $hashedname cmp $self->hnxtname() ) == -1 ); | |
332 | } | |
333 | return 0; | |
334 | ||
335 | } | |
336 | ||
337 | ||
338 | ||
339 | sub match { | |
340 | my $self=shift; | |
341 | my $domainname=shift; | |
342 | my $ownername=$self->ownername(); | |
343 | my $hashedname= Net::DNS::RR::NSEC3::name2hash( | |
344 | $self->hashalgo, | |
345 | $domainname, | |
346 | $self->iterations, | |
347 | $self->saltbin | |
348 | ); | |
349 | ||
350 | return $ownername eq $hashedname; | |
351 | ||
352 | } | |
353 | ||
354 | ||
355 | ||
356 | ||
357 | ||
358 | sub digtype { | |
359 | my $self=shift; | |
360 | $self->{'digestbyname'}= \%digestbyname; | |
361 | $self->_digtype(@_); | |
362 | } | |
363 | ||
364 | ||
365 | ||
366 | 1; | |
367 | ||
368 | ||
369 | =head1 NAME | |
370 | ||
371 | Net::DNS::RR::NSEC3 - DNS NSEC3 resource record | |
372 | ||
373 | =head1 SYNOPSIS | |
374 | ||
375 | C<use Net::DNS::RR;> | |
376 | ||
377 | =head1 DESCRIPTION | |
378 | ||
379 | Class for DNS Address (NSEC3) resource records. | |
380 | ||
381 | The NSEC3 Resource Record (RR) provides authenticated denial of | |
382 | existence for DNS Resource Record Sets. The NSEC3 RR lists RR types | |
383 | present at the NSEC3 RR's original ownername. It includes the next | |
384 | hashed ownername in the hash order of the zone. The complete set of | |
385 | NSEC3 RRs in a zone indicates which RRsets exist for the original | |
386 | ownername of the RRset and form a chain of hashed ownernames in the | |
387 | zone. | |
388 | ||
389 | ||
390 | ||
391 | =head1 METHODS | |
392 | ||
393 | =head2 ownername | |
394 | ||
395 | Returns the hashed value of the original owner name as contained in the first | |
396 | label of the ownername of the record. | |
397 | ||
398 | The owner name for the NSEC3 RR is the base32 encoding of the hashed | |
399 | owner name prepended as a single label to the name of the zone. | |
400 | ||
401 | In other words the name(name) method returns the result of the | |
402 | ownername() method prepended to the name of the containing zone. | |
403 | ||
404 | ||
405 | =head2 optout | |
406 | ||
407 | Reads and sets the opt-out attribute. | |
408 | ||
409 | ||
410 | =head2 flags | |
411 | ||
412 | Reads and sets the flag field. | |
413 | ||
414 | =head2 hashalgo | |
415 | ||
416 | Reads and sets the hashalgo (hash algorithm) attribute. | |
417 | ||
418 | =head2 hnxtname | |
419 | ||
420 | Reads and sets the hnxtname (hashed next ownername) attribute. | |
421 | ||
422 | =head2 typelist (inhereted from NSEC) | |
423 | ||
424 | print "typelist" = ", $rr->typelist, "\n"; | |
425 | ||
426 | Returns a string with the list of qtypes for which data exists for | |
427 | this particular label. | |
428 | ||
429 | ||
430 | =head2 typebm (inhereted from NSEC) | |
431 | ||
432 | print "typebm" = " unpack("B*", $rr->typebm), "\n"; | |
433 | ||
434 | Same as the typelist but now in a representation bitmap as in | |
435 | specified in the RFC. This is not the kind of method you will need | |
436 | on daily basis. | |
437 | ||
438 | ||
439 | =head2 covered, matched | |
440 | ||
441 | print "covered" if $rr->covered{'example.foo'} | |
442 | ||
443 | covered returns a nonzero value when the the domain name provided as argument | |
444 | is covered as defined in the NSEC3 specification: | |
445 | ||
446 | ||
447 | To cover: An NSEC3 RR is said to "cover" a name if the hash of the | |
448 | name or "next closer" name falls between the owner name and the | |
449 | next hashed owner name of the NSEC3. In other words, if it proves | |
450 | the nonexistence of the name, either directly or by proving the | |
451 | nonexistence of an ancestor of the name. | |
452 | ||
453 | ||
454 | ||
455 | ||
456 | Similarly ismatched returns a nonzero value when the domainname in the argument | |
457 | matches as defined in the NSEC3 specification: | |
458 | ||
459 | To match: An NSEC3 RR is said to "match" a name if the owner name | |
460 | of the NSEC3 RR is the same as the hashed owner name of that | |
461 | name. | |
462 | ||
463 | ||
464 | ||
465 | =head1 Functions | |
466 | ||
467 | =head2 name2hash | |
468 | ||
469 | Takes the hash identifyer (numeric), a fullyqualfied domain name, the | |
470 | number of iterations and a binary salt to compute the hash value used | |
471 | in the NSEC3 calculations. | |
472 | ||
473 | $hashalg=Net::DNS::SEC->digtype("SHA1"); | |
474 | $salt=pack("H*","aabbccdd"); | |
475 | $iterations=12; | |
476 | $name="*.x.w.example"; | |
477 | ||
478 | $hashedname= Net::DNS::RR::NSEC3::name2hash($hashalg,$name,$iterations,$salt); | |
479 | print $hashedname; | |
480 | results in: | |
481 | 92pqneegtaue7pjatc3l3qnk738c6v5m | |
482 | ||
483 | Normally the salt and itterations would be fetched from an NSEC3PARAM record. | |
484 | ||
485 | ||
486 | ||
487 | =head1 COPYRIGHT | |
488 | ||
489 | Copyright (c) 2007, 2008 NLnet Labs. Author Olaf M. Kolkman <olaf@net-dns.org> | |
490 | ||
491 | All Rights Reserved | |
492 | ||
493 | Permission to use, copy, modify, and distribute this software and its | |
494 | documentation for any purpose and without fee is hereby granted, | |
495 | provided that the above copyright notice appear in all copies and that | |
496 | both that copyright notice and this permission notice appear in | |
497 | supporting documentation, and that the name of the author not be | |
498 | used in advertising or publicity pertaining to distribution of the | |
499 | software without specific, written prior permission. | |
500 | ||
501 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING | |
502 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL | |
503 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY | |
504 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN | |
505 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
506 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
507 | ||
508 | Based on, and contains, code by Copyright (c) 1997 Michael Fuhr. | |
509 | ||
510 | Acknowledgements to Roy Arends who made a test version for this class | |
511 | and whose code I've looked at before writing this module. | |
512 | ||
513 | =head1 SEE ALSO | |
514 | ||
515 | L<http://www.net-dns.org/> | |
516 | L<http://www.iana.org/assignments/dnssec-nsec3-parameters> | |
517 | L<Net::DNS::RR::NSEC3PARAM>, | |
518 | L<perl(1)>, L<Net::DNS>, L<Net::DNS::Resolver>, L<Net::DNS::Packet>, | |
519 | L<Net::DNS::Header>, L<Net::DNS::Question>, L<Net::DNS::RR>, | |
520 | RFC4033, RFC4034, RFC4035, RFC5155 | |
521 | ||
522 | =cut |
0 | package Net::DNS::RR::NSEC3PARAM; | |
1 | ||
2 | # $Id: NSEC3.pm 602 2006-07-24 14:23:15Z olaf $ | |
3 | ||
4 | use strict; | |
5 | use vars qw(@ISA $VERSION); | |
6 | use Carp; | |
7 | use bytes; | |
8 | ||
9 | use Net::DNS; | |
10 | use Net::DNS::SEC; | |
11 | use Net::DNS::Packet; | |
12 | use Net::DNS::RR::NSEC; | |
13 | use Data::Dumper; | |
14 | ||
15 | use Carp qw(cluck); | |
16 | ||
17 | ||
18 | # To be removed when finalized | |
19 | ||
20 | ||
21 | @ISA = qw(Net::DNS::RR Net::DNS::RR::NSEC3); | |
22 | ||
23 | ||
24 | ||
25 | $VERSION = do { my @r=(q$Revision: 510 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
26 | ||
27 | sub new { | |
28 | my ($class, $self, $data, $offset) = @_; | |
29 | ||
30 | ||
31 | if ($self->{"rdlength"} > 0) { | |
32 | ||
33 | ||
34 | # 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 | |
35 | # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |
36 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
37 | # | Hash Alg. | Flags Field | Iterations | | |
38 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
39 | # | Salt Length | Salt / | |
40 | # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |
41 | # | |
42 | # Hash Algorithm is a single octet. | |
43 | # | |
44 | # Flags Field is a single octet. | |
45 | # | |
46 | # Iterations is represented as a 16-bit integer, with the most | |
47 | # significant bit first. | |
48 | # | |
49 | # Salt Length represents the length of the following Salt field in | |
50 | # octets. If the value is zero, the Salt field is omitted. | |
51 | ||
52 | ||
53 | my $offsettoflag=$offset+1; | |
54 | my $offsettoits=$offset+2; | |
55 | my $offesttosaltlength=$offset+4; | |
56 | my $offsettosalt=$offset+5; | |
57 | ||
58 | $self->{"hashalgo"}=unpack("C",substr($$data,$offset,1)); | |
59 | $self->{"flags"}=unpack("C",substr($$data,$offsettoflag,1)); | |
60 | $self->{"iterations"}= unpack("n",substr($$data,$offsettoits,2)); | |
61 | $self->{"saltlength"}=unpack("C",substr($$data,$offesttosaltlength,1)); | |
62 | ||
63 | ||
64 | $self->{"saltbin"}=substr($$data,$offsettosalt,$self->{"saltlength"}); | |
65 | $self->{"salt"}= unpack("H*",$self->{"saltbin"}); | |
66 | ||
67 | } | |
68 | ||
69 | ||
70 | ||
71 | bless $self, $class; | |
72 | return $self; | |
73 | } | |
74 | ||
75 | ||
76 | ||
77 | ||
78 | sub new_from_string { | |
79 | my ($class, $self, $string) = @_; | |
80 | bless $self, $class; | |
81 | ||
82 | if ($string) { | |
83 | $string =~ tr/()//d; | |
84 | $string =~ s/;.*$//mg; | |
85 | $string =~ s/\n//mg; | |
86 | ||
87 | my ($hashalgo,$flags,$iterations,$salt)= | |
88 | $string =~ /^\s*(\d+)\s+(\d+)\s+(\d+)\s+(\S*)\s*$/; | |
89 | ||
90 | ||
91 | # This assumes that the digest type allocations follow the assignments as used for DS... | |
92 | defined($self->{'hashalgo'}=Net::DNS::SEC->digtype($hashalgo)) || | |
93 | return undef; | |
94 | defined($self->{'iterations'}=$iterations) || return undef; | |
95 | ||
96 | defined($self->{'flags'}=$flags) || return undef; | |
97 | ||
98 | defined($self->{"salt"}=$self->salt($salt)) || return undef; | |
99 | $self->{"saltbin"}=pack("H*",$salt) || return undef; | |
100 | $self->{saltlength}=length $self->{saltbin}; | |
101 | ||
102 | ||
103 | } | |
104 | return $self; | |
105 | } | |
106 | ||
107 | ||
108 | sub rdatastr | |
109 | { | |
110 | my $self = shift; | |
111 | my $rdatastr; | |
112 | if (exists $self->{hashalgo}) | |
113 | { | |
114 | $rdatastr .= $self->{hashalgo} ." "; | |
115 | $rdatastr .= $self->{flags}." "; | |
116 | $rdatastr .= $self->{iterations}. " "; | |
117 | $rdatastr .= $self->salt()." \n"; | |
118 | ||
119 | } | |
120 | else | |
121 | { | |
122 | $rdatastr = "; no data" | |
123 | } | |
124 | $rdatastr | |
125 | } | |
126 | ||
127 | sub rr_rdata { | |
128 | my ($self, $packet, $offset) = @_; | |
129 | ||
130 | ||
131 | ||
132 | my $rdata = "" ; | |
133 | ||
134 | if (exists $self->{'hashalgo'}) { | |
135 | ||
136 | $rdata = pack("C",$self->{'hashalgo'}); | |
137 | $rdata .= pack("C",$self->{'flags'}); | |
138 | $rdata .= pack("n",$self->{'iterations'}); | |
139 | unless( exists $self->{"saltbin"}) { | |
140 | if ($self->{"salt"} eq "-"){ | |
141 | $self->{"saltbin"}=""; | |
142 | }else{ | |
143 | $self->{"saltbin"}=pack("H*",$self->{"salt"}) | |
144 | ||
145 | } | |
146 | } | |
147 | $rdata .= pack("C",length($self->{'saltbin'})); | |
148 | $rdata .= $self->{'saltbin'}; | |
149 | ||
150 | } | |
151 | ||
152 | return $rdata; | |
153 | } | |
154 | ||
155 | ||
156 | ||
157 | ||
158 | ||
159 | 1; | |
160 | ||
161 | ||
162 | =head1 NAME | |
163 | ||
164 | Net::DNS::RR::NSEC3PARAM - DNS NSEC3PARAM resource record | |
165 | ||
166 | =head1 SYNOPSIS | |
167 | ||
168 | C<use Net::DNS::RR;> | |
169 | ||
170 | =head1 DESCRIPTION | |
171 | ||
172 | Class for DNS Address (NSEC3PARAM) resource records. | |
173 | ||
174 | ||
175 | The NSEC3PARAM RR contains the NSEC3 parameters (hash algorithm, | |
176 | flags, iterations and salt) needed to calculate hashed ownernames. | |
177 | The presence of an NSEC3PARAM RR at a zone apex indicates that the | |
178 | specified parameters may be used by authoritative servers to choose an | |
179 | appropriate set of NSEC3 records for negative responses. | |
180 | ||
181 | ||
182 | ||
183 | =head1 METHODS | |
184 | ||
185 | =head2 hashalgo | |
186 | ||
187 | Reads and sets the hashalgo (hash algorithm) attribute. | |
188 | ||
189 | =head2 flags | |
190 | ||
191 | Reads and sets the flag field. Check the IANA registry for valid values. | |
192 | At the time of code release the only defined value was 0x00 | |
193 | ||
194 | =head2 iterations | |
195 | ||
196 | Reads and sets the iterations field | |
197 | ||
198 | =head2 salt | |
199 | ||
200 | Reads and sets the salt value. Accepts and returns a string with a | |
201 | number in hexadecimal notation. | |
202 | ||
203 | ||
204 | =head1 COPYRIGHT | |
205 | ||
206 | Copyright (c) 2007,2008 NLnet Labs. Author Olaf M. Kolkman <olaf@net-dns.org> | |
207 | ||
208 | All Rights Reserved | |
209 | ||
210 | Permission to use, copy, modify, and distribute this software and its | |
211 | documentation for any purpose and without fee is hereby granted, | |
212 | provided that the above copyright notice appear in all copies and that | |
213 | both that copyright notice and this permission notice appear in | |
214 | supporting documentation, and that the name of the author not be | |
215 | used in advertising or publicity pertaining to distribution of the | |
216 | software without specific, written prior permission. | |
217 | ||
218 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING | |
219 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL | |
220 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY | |
221 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN | |
222 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
223 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
224 | ||
225 | ||
226 | Based on, and contains, code by Copyright (c) 1997 Michael Fuhr. | |
227 | ||
228 | Acknowledgements to Roy Arends who made a test version for this class | |
229 | and whose code I've looked at before writing this module. | |
230 | ||
231 | =head1 SEE ALSO | |
232 | ||
233 | L<http://www.net-dns.org/> | |
234 | L<http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-nsec3> | |
235 | L<Net::DNS::RR::NSEC3>, | |
236 | ||
237 | L<perl(1)>, L<Net::DNS>, L<Net::DNS::Resolver>, L<Net::DNS::Packet>, | |
238 | L<Net::DNS::Header>, L<Net::DNS::Question>, L<Net::DNS::RR>, | |
239 | RFC4033, RFC4034, RFC4035, RFC 5155 | |
240 | ||
241 | =cut |
0 | 0 | # perldoc RRSIG.pm for documentation. |
1 | 1 | # Specs: RFC 2535 section 4 |
2 | # $Id: RRSIG.pm 527 2005-12-09 10:51:06Z olaf $ | |
2 | # $Id: RRSIG.pm 777 2008-12-30 17:18:54Z olaf $ | |
3 | 3 | |
4 | 4 | package Net::DNS::RR::RRSIG; |
5 | 5 | |
8 | 8 | use Net::DNS; |
9 | 9 | use Carp; |
10 | 10 | use bytes; |
11 | use Data::Dumper; | |
11 | 12 | |
12 | 13 | use Crypt::OpenSSL::DSA; |
13 | 14 | use Crypt::OpenSSL::RSA; |
32 | 33 | |
33 | 34 | require Exporter; |
34 | 35 | |
35 | $VERSION = do { my @r=(q$Revision: 527 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
36 | $VERSION = do { my @r=(q$Revision: 777 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
36 | 37 | @ISA = qw ( |
37 | 38 | Exporter |
38 | 39 | Net::DNS::RR |
83 | 84 | $self->{"keytag"}=unpack("n",substr($$data,$offsettokeytag,2)); |
84 | 85 | my($signame,$sigoffset) = Net::DNS::Packet::dn_expand |
85 | 86 | ($data, $offsettosignm); |
86 | $self->{"signame"}=lc($signame)."."; #Add a trailing dot..dn_expand does not do that. | |
87 | $self->{"signame"}=lc($signame); | |
87 | 88 | my($sigmaterial)=substr($$data,$sigoffset, |
88 | 89 | ($self->{"rdlength"}-$sigoffset+$offset)); |
89 | 90 | $self->{"sigbin"}=$sigmaterial; |
107 | 108 | $labels, $orgttl, $sigexpiration, |
108 | 109 | $siginception, $keytag,$signame,$sig) = |
109 | 110 | $string =~ |
110 | /^\s*(\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(.*)/; | |
111 | /^\s*(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(.*)/; | |
111 | 112 | croak (" Invallid RRSIG RR, check your fomat ") if !$keytag; |
112 | 113 | $sig =~ s/\s*//g; |
113 | 114 | $self->{"typecovered"}= $typecovered; |
119 | 120 | $self->{"sigexpiration"}= $sigexpiration; |
120 | 121 | $self->{"siginception"}= $siginception; |
121 | 122 | $self->{"keytag"}= $keytag; |
122 | $self->{"signame"}= lc($signame); | |
123 | $self->{"signame"}= lc(Net::DNS::stripdot($signame)); | |
123 | 124 | $self->{"sig"}= $sig; |
124 | 125 | $self->{"sigbin"}= decode_base64($sig); |
125 | 126 | $self->{"vrfyerrstr"}=""; |
139 | 140 | $rdatastr .= " " . "$self->{sigexpiration}"; |
140 | 141 | $rdatastr .= " (\n\t\t\t" . "$self->{siginception}"; |
141 | 142 | $rdatastr .= " " . "$self->{keytag}"; |
142 | $rdatastr .= " " . "$self->{signame}"; | |
143 | $rdatastr .= " " . "$self->{signame}."; | |
143 | 144 | # do some nice formatting |
144 | 145 | my $sigstring=$self->{sig}; |
145 | 146 | $sigstring =~ s/\n//g; |
173 | 174 | $rdata .= pack("n",$self->{"keytag"}); |
174 | 175 | # Since we will need canonical and expanded names while checking |
175 | 176 | # we do not use the packet->dn_comp here but use RFC1035 p10. |
176 | { my @dname= split /\./,lc($self->{"signame"}); #/ emacs fontlock | |
177 | { my @dname= split /\./,lc($self->{"signame"}."."); #/ emacs fontlock | |
177 | 178 | for (my $i=0;$i<@dname;$i++){ |
178 | 179 | $rdata .= pack ("C",length $dname[$i] ); |
179 | 180 | $rdata .= $dname[$i] ; |
194 | 195 | $rdata=$self->rr_rdata_without_sigbin; |
195 | 196 | |
196 | 197 | if ($self->{"sig"} ne "NOTYETCALCULATED") { |
198 | $self->{"sigbin"}= decode_base64($self->{"sig"}) unless defined $self->{"sigbin"} ; | |
197 | 199 | $rdata .= $self->{"sigbin"}; |
198 | 200 | }else{ |
199 | 201 | die "RRSIGs should not be used for SIG0 type signatures, use Net::DNS::RR::SIG"; |
228 | 230 | } |
229 | 231 | $self->{"algorithm"}=Net::DNS::SEC->algorithm($Private->algorithm); |
230 | 232 | $self->{"keytag"}=$Private->keytag; |
231 | $self->{"signame"}=$Private->signame; | |
232 | ||
233 | $self->{"signame"}=Net::DNS::stripdot($Private->signame); | |
234 | ||
233 | 235 | |
234 | 236 | die "Argument is not a reference to an array, are you trying to create a SIG0 using RRSIG?" if ! ref ($datarrset); |
235 | 237 | |
246 | 248 | |
247 | 249 | |
248 | 250 | if (defined ($args{ttl})){ |
249 | print "\nSetting TTL to ". $args{"ttl"} if $debug; | |
251 | print "Setting TTL to ". $args{"ttl"} . "\n" if $debug; | |
250 | 252 | $self->{"ttl"}= $args{"ttl"}; |
251 | 253 | }else{ |
252 | 254 | $self->{"ttl"}= $datarrset->[0]->ttl; |
338 | 340 | # more ways to do things) |
339 | 341 | |
340 | 342 | bless $self, $class; |
341 | ||
343 | ||
342 | 344 | my $sigdata=$self->_CreateSigData($datarrset); |
343 | ||
344 | ||
345 | ||
346 | 345 | |
347 | 346 | my $signature; |
348 | 347 | |
349 | 348 | # |
350 | 349 | # Enjoy the crypto |
351 | if ($self->algorithm == 1 || $self->algorithm == 5) { #RSA | |
352 | if (! ($Private->algorithm == 1 || $Private->algorithm == 5 )) { | |
350 | if ($self->algorithm == 1 | |
351 | || $self->algorithm == 5 | |
352 | || $self->algorithm == 7) { #RSA | |
353 | if (! ($Private->algorithm == 1 | |
354 | || $Private->algorithm == 5 | |
355 | || $Private->algorithm == 7 )) { | |
353 | 356 | die "Private key mismatch, not RSAMD5 or RSASHA."; |
354 | 357 | |
355 | 358 | } |
373 | 376 | |
374 | 377 | print "\n SIGNED" if $debug ; |
375 | 378 | |
376 | }elsif ($self->algorithm == 3){ #DSA | |
379 | }elsif ($self->algorithm == 3 || $self->algorithm == 6 ){ #DSA | |
377 | 380 | $self->{"private_key"}=$Private->privatekey; |
378 | 381 | my $private_dsa=$Private->privatekey; |
379 | 382 | |
577 | 580 | if ( $self->algorithm == 1 ){ #Verifying for RSA |
578 | 581 | $verified=$self->_verifyRSA($sigdata,$signature,$keyrr,0) || return 0; |
579 | 582 | } |
580 | elsif ( $self->algorithm == 3 ) # Verifying for DSA | |
583 | elsif ( $self->algorithm == 3 || $self->algorithm == 6 ) # Verifying for DSA | |
581 | 584 | { |
582 | 585 | $verified=$self->_verifyDSA($sigdata,$signature,$keyrr) || return 0; |
583 | 586 | } |
584 | elsif ( $self->algorithm == 5 ) # Verifying for RSASHA1 | |
587 | elsif ( $self->algorithm == 5 || $self->algorithm == 7 ) # Verifying for RSASHA1 | |
585 | 588 | { |
586 | 589 | $verified=$self->_verifyRSA($sigdata,$signature,$keyrr,1) || return 0; |
587 | 590 | } |
857 | 860 | my $sigdata; |
858 | 861 | # construction of message |
859 | 862 | |
860 | ||
863 | print "_CreatSigData\n" if $debug; | |
861 | 864 | my $rdatawithoutsig=$self->rr_rdata_without_sigbin; |
862 | print "\n\nstrip:\t\t", unpack("H*", $rdatawithoutsig) if $debug; | |
865 | print "raw RRsig:\t", unpack("H*", $rdatawithoutsig) if $debug; | |
863 | 866 | $sigdata= $rdatawithoutsig; |
864 | 867 | |
865 | 868 | |
942 | 945 | $self->orgttl . "\n" if |
943 | 946 | ( $rawdata->[0]->{"ttl"}!=$self->orgttl ); |
944 | 947 | } |
945 | print "\nRDATA: \t" .$rawdata->[0]->_canonicalRdata ."\t" . | |
946 | unpack("H*",$rawdata->[0]->_canonicalRdata) ."\n" if $debug; | |
948 | print "\nRDATA:\t\t" .$rawdata->[0]->_canonicalRdata ."\n-----:\t\t" . | |
949 | unpack("H*",$rawdata->[0]->_canonicalRdata) ."\n" if $debug; | |
947 | 950 | |
948 | 951 | $rawdata->[0]->{"ttl"}=$self->orgttl; |
949 | 952 | $sigdata .= $rawdata->[0]->_canonicaldata; |
1006 | 1009 | sub siginceptation { |
1007 | 1010 | my $self=shift; |
1008 | 1011 | return $self->siginception(@_); |
1012 | } | |
1013 | ||
1014 | ||
1015 | ||
1016 | sub _normalize_dnames { | |
1017 | my $self=shift; | |
1018 | $self->_normalize_ownername(); | |
1019 | $self->{'signame'}=lc(Net::DNS::stripdot($self->{'signame'})) if defined $self->{'signame'}; | |
1009 | 1020 | } |
1010 | 1021 | |
1011 | 1022 | |
1096 | 1107 | create method uses the filename as generated by dnssec-keygen to |
1097 | 1108 | determine the keyowner, algorithm and the keyid (keytag). |
1098 | 1109 | |
1099 | - Only RSA signatures (algorithm 1) and DSA signatures (algorithm 3) | |
1100 | have been implemented. | |
1110 | - Only RSA signatures (algorithm 1,5 and 7) and DSA signatures | |
1111 | (algorithm 3, and 6) have been implemented. | |
1101 | 1112 | |
1102 | 1113 | |
1103 | 1114 | |
1218 | 1229 | =head1 COPYRIGHT |
1219 | 1230 | |
1220 | 1231 | Copyright (c) 2001 - 2005 RIPE NCC. Author Olaf M. Kolkman |
1232 | Copyright (c) 2007 - 2008 NLnet Labs. Author Olaf M. Kolkman | |
1221 | 1233 | <olaf@net-dns.org> |
1222 | 1234 | |
1223 | 1235 | All Rights Reserved |
0 | 0 | # perldoc SIG.pm for documentation. |
1 | 1 | # Specs: RFC 2535 section 4 |
2 | # $Id: SIG.pm 555 2006-02-14 09:34:07Z olaf $ | |
2 | # $Id: SIG.pm 777 2008-12-30 17:18:54Z olaf $ | |
3 | 3 | |
4 | 4 | package Net::DNS::RR::SIG; |
5 | 5 | |
32 | 32 | |
33 | 33 | require Exporter; |
34 | 34 | |
35 | $VERSION = do { my @r=(q$Revision: 555 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
35 | $VERSION = do { my @r=(q$Revision: 777 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r }; | |
36 | 36 | @ISA = qw ( |
37 | 37 | Exporter |
38 | 38 | Net::DNS::RR |
81 | 81 | $self->{"keytag"}=unpack("n",substr($$data,$offsettokeytag,2)); |
82 | 82 | my($signame,$sigoffset) = Net::DNS::Packet::dn_expand |
83 | 83 | ($data, $offsettosignm); |
84 | $self->{"signame"}=lc($signame) ."."; #dn_expand forgets trailing dots. | |
84 | $self->{"signame"}=lc($signame) ; | |
85 | 85 | my($sigmaterial)=substr($$data,$sigoffset, |
86 | 86 | ($self->{"rdlength"}-$sigoffset+$offset)); |
87 | 87 | $self->{"sigbin"}=$sigmaterial; |
117 | 117 | $self->{"sigexpiration"}= $sigexpiration; |
118 | 118 | $self->{"siginception"}= $siginception; |
119 | 119 | $self->{"keytag"}= $keytag; |
120 | $self->{"signame"}= lc($signame); | |
120 | $self->{"signame"}= Net::DNS::stripdot(lc($signame)); | |
121 | 121 | $self->{"sig"}= $sig; |
122 | 122 | $self->{"sigbin"}= decode_base64($sig); |
123 | 123 | $self->{"vrfyerrstr"}=""; |
191 | 191 | $rdata=$self->rr_rdata_without_sigbin; |
192 | 192 | |
193 | 193 | if ($self->{"sig"} ne "NOTYETCALCULATED") { |
194 | $self->{"sigbin"}= decode_base64($self->{"sig"}) unless defined $self->{"sigbin"} ; | |
194 | 195 | $rdata .= $self->{"sigbin"}; |
195 | 196 | }else{ |
196 | 197 | #do sigzero calculation based on current packet content... |
0 | 0 | # |
1 | # $Id: SEC.pm 559 2006-02-14 10:12:16Z olaf $ | |
1 | # $Id: SEC.pm 767 2008-12-24 10:02:25Z olaf $ | |
2 | 2 | # |
3 | 3 | |
4 | 4 | use strict; |
11 | 11 | use Carp; |
12 | 12 | use strict; |
13 | 13 | use Exporter; |
14 | use vars qw($VERSION @EXPORT_OK @ISA); | |
14 | use vars qw($SVNVERSION $VERSION $HAS_NSEC3 $HAS_DLV @EXPORT_OK @ISA); | |
15 | 15 | @ISA=qw(Exporter); |
16 | $VERSION = '0.14'; | |
16 | $VERSION = '0.15'; | |
17 | ||
18 | $HAS_DLV=1; # Signals availability of DLV to Net::DNS::RR | |
19 | $HAS_NSEC3=1; # Signals availability of NSEC3 to Net::DNS::RR | |
20 | ||
21 | ||
22 | $SVNVERSION = (qw$LastChangedRevision: 767 $)[1]; | |
23 | ||
17 | 24 | |
18 | 25 | @EXPORT_OK= qw ( |
19 | 26 | key_difference |
36 | 43 | =head1 DESCRIPTION |
37 | 44 | |
38 | 45 | The Net::DSN::SEC suite provides the resource records that are needed |
39 | for DNSSEC (RFC 4033, 4034 and 4035). | |
46 | for DNSSEC (RFC 4033, 4034 and 4035). In addition the DLV RR, a clone | |
47 | of the DS RR is supported (RFC 4431) | |
40 | 48 | |
41 | 49 | It also provides support for SIG0. That later is useful for dynamic |
42 | 50 | updates using key-pairs. |
44 | 52 | RSA and DSA crypto routines are supported. |
45 | 53 | |
46 | 54 | For details see L<Net::DNS::RR::RRSIG>, L<Net::DNS::RR::DNSKEY>, |
47 | L<Net::DNS::RR::NSEC> and L<Net::DNS::RR:DS>. and see | |
48 | L<Net::DNS::RR::SIG> and L<Net::DNS::RR::KEY> for the use with SIG0. | |
55 | L<Net::DNS::RR::NSEC>, L<Net::DNS::RR:DS>, L<Net::DNS::RR::DLV>, and | |
56 | see L<Net::DNS::RR::SIG> and L<Net::DNS::RR::KEY> for the use with | |
57 | SIG0. | |
49 | 58 | |
50 | 59 | Net::DNS contains all needed hooks to load the Net::DNS::SEC |
51 | 60 | extensions when they are available. |
71 | 80 | |
72 | 81 | |
73 | 82 | =cut |
83 | ||
74 | 84 | |
75 | 85 | |
76 | 86 | sub key_difference { |
122 | 132 | |
123 | 133 | Can also be called as a class method to do Mnemonic to Value conversion. |
124 | 134 | |
135 | =head2 digtype | |
136 | ||
137 | $value=$self->digtype("SHA1"); | |
138 | $value=$self->digtype(1); | |
139 | ||
140 | $algorithm=$self->digtype(); | |
141 | $memonic=$self->digtype("mnemonic"); | |
142 | ||
143 | ||
144 | The algorithm method is used to set or read the value of the digest or | |
145 | hash algorithm field in Net::DNS::RR::DS and Net::DNS::RR::NSEC3 | |
146 | objects. | |
147 | ||
148 | If supplied with an argument it will set the digetstype/hash algorithm | |
149 | accordingly, except when the argument equals the string "mnemonic" the | |
150 | method will return the mnemonic of the digetstype/hash algorithm. | |
151 | ||
152 | Can also be called as a class method to do Mnemonic to Value | |
153 | conversion, note however that it will then use the "Delegation Signer | |
154 | (DS) Resource Record (RR) Type Digest Algorithms" and not the "DNSSEC | |
155 | NSEC3 Hash Algorithms" IANA registry. If you want to specifically get | |
156 | access to the NSEC3 digest types then use a construct like: | |
157 | ||
158 | bless $self, Net::DNS::RR::NSEC3; | |
159 | $self->digtype("SHA1"); | |
160 | ||
161 | ||
125 | 162 | |
126 | 163 | |
127 | 164 | =head1 COPYRIGHT |
175 | 212 | $classmethod=1 unless ref ($self); |
176 | 213 | |
177 | 214 | my %algbyname = ( |
178 | "RSAMD5" => 1, | |
179 | "DH" => 2, # Not implemented | |
180 | "DSA" => 3, | |
181 | "ECC" => 4, # Not implemented | |
182 | "RSASHA1" => 5, | |
183 | "INDIRECT" => 252, # Not implemented | |
184 | "PRIVATEDNS" => 253, # Not implemented | |
185 | "PRIVATEOID" => 254, # Not implemented | |
186 | ); | |
215 | "RSAMD5" => 1, | |
216 | "DH" => 2, # Not implemented | |
217 | "DSA" => 3, | |
218 | "ECC" => 4, # Not implemented | |
219 | "RSASHA1" => 5, | |
220 | "DSA-NSEC3-SHA1" => 6, | |
221 | "RSA-NSEC3-SHA1" => 7, | |
222 | "INDIRECT" => 252, # Not implemented | |
223 | "PRIVATEDNS" => 253, # Not implemented | |
224 | "PRIVATEOID" => 254, # Not implemented | |
225 | ); | |
187 | 226 | my %algbyval = reverse %algbyname; |
188 | 227 | |
189 | 228 | # If the argument is undefined... |
230 | 269 | |
231 | 270 | |
232 | 271 | |
233 | ||
234 | ||
235 | 272 | sub digtype { |
273 | _digtype(@_); | |
274 | } | |
275 | ||
276 | sub _digtype { | |
236 | 277 | my $self=shift; |
237 | 278 | my $argument=shift; |
238 | 279 | # classmethod is true if called as class method. |
239 | 280 | my $classmethod=0; |
240 | 281 | $classmethod=1 unless ref ($self); |
241 | 282 | |
242 | my %digestbyname = ( | |
283 | my %digestbyname= ( | |
243 | 284 | "SHA1" => 1, |
244 | 285 | "SHA256" => 2, |
245 | 286 | ); |
287 | ||
288 | ||
289 | if (! $classmethod && defined ($self->{'digestbyname'}) ){ | |
290 | %digestbyname= %{$self->{"digestbyname"}}; | |
291 | } | |
292 | ||
293 | ||
246 | 294 | my %digestbyval = reverse %digestbyname; |
247 | 295 | |
248 | 296 | # If the argument is undefined... |
0 | 0 | #!/usr/bin/perl -sw |
1 | 1 | # Test script for loading parser and zonemodules |
2 | # $Id: 00-loader.t 454 2005-07-06 13:38:31Z olaf $ | |
2 | # $Id: 00-load.t 778 2008-12-30 17:19:35Z olaf $ | |
3 | 3 | # |
4 | 4 | # Called in a fashion simmilar to: |
5 | 5 | # /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i386-freebsd \ |
23 | 23 | |
24 | 24 | } # test 1 |
25 | 25 | |
26 | ||
27 | ||
28 | 26 | require_ok('Net::DNS::SEC'); |
29 | 27 | |
30 | 28 | |
31 | ||
32 | 29 | diag("\nThese tests were ran with:\n"); |
33 | diag("Net::DNS::VERSION: ".$Net::DNS::VERSION); | |
34 | diag("Net::DNS::SEC::VERSION: ".$Net::DNS::SEC::VERSION); | |
35 | diag("Net::DNS::RR::RRSIG::VERSION: ".$Net::DNS::RR::RRSIG::VERSION); | |
36 | diag("Net::DNS::RR::DNSKEY::VERSION: ".$Net::DNS::RR::DNSKEY::VERSION); | |
37 | diag("Net::DNS::RR::NSEC::VERSION: ".$Net::DNS::RR::NSEC::VERSION); | |
38 | diag("Net::DNS::RR::DS::VERSION: ".$Net::DNS::RR::DS::VERSION); | |
39 | ||
40 | diag("Crypt::OpenSSL::DSA::VERSION: ".$Crypt::OpenSSL::DSA::VERSION); | |
41 | diag("Crypt::OpenSSL::RSA::VERSION: ".$Crypt::OpenSSL::RSA::VERSION); | |
42 | diag("Crypt::OpenSSL::Bignum::VERSION: ".$Crypt::OpenSSL::Bignum::VERSION); | |
43 | diag("Net::DNS::SEC::Private::VERSION: ".$Net::DNS::SEC::Private::VERSION); | |
44 | diag("File::Basename::VERSION: ".$File::Basename::VERSION); | |
45 | diag("MIME::Base64::VERSION: ".$MIME::Base64::VERSION); | |
46 | diag("Math::BigInt::VERSION: ".$Math::BigInt::VERSION); | |
47 | diag("Time::Local::VERSION: ".$Time::Local::VERSION); | |
48 | diag("Digest::SHA::VERSION: ".$Digest::SHA::VERSION); | |
30 | diag("Net::DNS::VERSION: ". | |
31 | $Net::DNS::VERSION); | |
32 | diag("Net::DNS (SVN) Version " | |
33 | .$Net::DNS::SVNVERSION); | |
34 | diag("Net::DNS::SEC::VERSION: ". | |
35 | $Net::DNS::SEC::VERSION); | |
36 | diag("Net::DNS::SEC::SVNVERSION: ". | |
37 | $Net::DNS::SEC::SVNVERSION); | |
38 | diag("Net::DNS::RR::RRSIG::VERSION: ". | |
39 | $Net::DNS::RR::RRSIG::VERSION); | |
40 | diag("Net::DNS::RR::DNSKEY::VERSION: ". | |
41 | $Net::DNS::RR::DNSKEY::VERSION); | |
42 | diag("Net::DNS::RR::NSEC::VERSION: ". | |
43 | $Net::DNS::RR::NSEC::VERSION); | |
44 | diag("Net::DNS::RR::NSEC3::VERSION: ". | |
45 | $Net::DNS::RR::NSEC3::VERSION); | |
46 | diag("Net::DNS::RR::NSEC3PARAM::VERSION: ". | |
47 | $Net::DNS::RR::NSEC3PARAM::VERSION); | |
48 | diag("Net::DNS::RR::DS::VERSION: ". | |
49 | $Net::DNS::RR::DS::VERSION); | |
50 | diag("Net::DNS::RR::DLV::VERSION: ". | |
51 | $Net::DNS::RR::DLV::VERSION); | |
52 | diag("Crypt::OpenSSL::DSA::VERSION: ". | |
53 | $Crypt::OpenSSL::DSA::VERSION); | |
54 | diag("Crypt::OpenSSL::RSA::VERSION: ". | |
55 | $Crypt::OpenSSL::RSA::VERSION); | |
56 | diag("Crypt::OpenSSL::Bignum::VERSION: ". | |
57 | $Crypt::OpenSSL::Bignum::VERSION); | |
58 | diag("Net::DNS::SEC::Private::VERSION: ". | |
59 | $Net::DNS::SEC::Private::VERSION); | |
60 | diag("File::Basename::VERSION: ". | |
61 | $File::Basename::VERSION); | |
62 | diag("MIME::Base64::VERSION: ". | |
63 | $MIME::Base64::VERSION); | |
64 | diag("MIME::Base32::VERSION: ". | |
65 | $MIME::Base32::VERSION); | |
66 | diag("Math::BigInt::VERSION: ". | |
67 | $Math::BigInt::VERSION); | |
68 | diag("Time::Local::VERSION: ". | |
69 | $Time::Local::VERSION); | |
70 | diag("Digest::SHA::VERSION: ". | |
71 | $Digest::SHA::VERSION); | |
49 | 72 | |
50 | 73 | |
51 | 74 |
0 | 0 | #!/usr/bin/perl -sw |
1 | 1 | # Test script for dnssec functionalty |
2 | # $Id: 09-dnssec.t 555 2006-02-14 09:34:07Z olaf $ | |
2 | # $Id: 09-dnssec.t 717 2008-02-25 14:52:54Z olaf $ | |
3 | 3 | # |
4 | 4 | # Called in a fashion simmilar to: |
5 | 5 | # /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i386-freebsd \ |
328 | 328 | |
329 | 329 | # Cross check with a signature generated with bind tools. |
330 | 330 | |
331 | ||
332 | my $bindkey=Net::DNS::RR->new(" foo.example 3600 DNSKEY 256 3 5 ( | |
333 | AQMLaOdD3VKofLiblKFdjnJpVFPD1mbIxh2H | |
334 | +JaHkblnFH5cKn/mHU21ODD4mubkPqrhpEWi | |
335 | Omm5+rpj90YdeFilf05tncc+3vr3ttSKKpXz | |
336 | nV1h+IuX4tUwnCd1xH8+FrvoSJLgFCR97VG7 | |
337 | wwKOIXjjttpnoj+eX8wnlR0u8DxXH8q7o2Un | |
338 | o5T1htoz/RtjUdbkuTpn4a7XRt98GcBQ1YGd | |
339 | iOk3c5sVSCqHeEpsHTSSa5DYcNbBD71d+ahc | |
340 | jkKVJXyAGRNEjEvYRQ6XSQ84rH7okO3Pl18V | |
341 | rBDEMw6mivD0970W/Y0T2nBORTDR7h9D/62+ | |
342 | SmqCxuW6ISPvhL8VgO9R64i9/vo3K95JIEQB | |
343 | LH+dab2olsuM+O9rVkBaIe+qNT6hT0ScRR6E | |
344 | eDdA0CH+zqATqGrENT6I4XES+tuVJKK6Cph5 | |
345 | L3uO5QeevoFgh3jJDKHawi/QA2P0mhtTNF1E | |
346 | Q7XwlHZVefVxUmLjJ5r7UBKaa7xAg8W4RKCR | |
347 | 9w== | |
348 | ) ; key id = 43787 | |
349 | "); | |
350 | ||
351 | ||
352 | my $bindsig=Net::DNS::RR->new("foo.example 3600 RRSIG ( | |
353 | DNSKEY 5 2 3600 20320101000000 | |
354 | 20050330103924 43787 foo.example. | |
355 | BfAfvJtmvnhxMTo6frGc7bSNJS0M5D6zWBK3 | |
356 | WSoeYtDEyLhNDJSNL34lVlR8zkuKOLZ0b3mU | |
357 | duscHd5f/AVb5mhVjmAGIIY4LWv9WIJlGBAG | |
358 | mzlsYpx/fNWk8er55bSy5XRDB/46uIfTGVFs | |
359 | 4gjO39HgNOEH8IniuBvTvdK8/KhSZUlru1FP | |
360 | Hzo2n+Jxv3weiVm1Q+bUBjJoX8GZ9sPeC83s | |
361 | JHA8BhGwbvUIOCZUaFUwF5cREJUvyK32Uc+L | |
362 | qIgJOWlCgkCOBDjLmnsKrIQ085ymJAIK2M8k | |
363 | 65e7+IrsysNZSBLoEeVaDZn0/AoYpoOnphCw | |
364 | ibTt2ETYR4rgdO2Ffqzot9ZkSSnjZ5FwNmmS | |
365 | rthYddYAofScUX/5rtHYeLPk1D6iTcQGmdeu | |
366 | HY/7YgkrjaPRAwZ8SW9H4Ud78kFmVBLfIFRj | |
367 | df7O4KRmQdufVpoFb7fOy1c/JtmnZp3kQZuw | |
368 | vrAyfMJK5QXD1TM1CYFFeF2gyCRNzhv2sDQ= ) | |
369 | ||
370 | ||
371 | ||
372 | "); | |
373 | ||
374 | ||
375 | my $binddataset=[$bindkey]; | |
376 | ||
377 | ok( $bindsig->verify($binddataset,$bindkey), | |
378 | 'RSA sig generated with bind verifies'); | |
379 | ||
380 | ||
381 | ||
382 | ||
383 | my $nsecrr=Net::DNS::RR->new("foo.example. 300 NSEC foo.example. SOA RRSIG NSEC DNSKEY"); | |
331 | my $bindkey1=Net::DNS::RR->new(" | |
332 | example.com. 3600 IN DNSKEY 257 3 5 ( | |
333 | AQPUiszMMAi36agx/V+7Tw95l8PYmoVjHWvOKxx/0iH8ZE3sdEqQncCe | |
334 | Jg7IVQ+LNWSP9mT/B26eQb5WZ2IKFzNFQTMNi6um+yh3nytazwOwOx00 | |
335 | 2VGnwpYwnUFV3bZ5BcgWC8wrUzVGgCVIvX+besZrIXMY60yriRqQqNGO | |
336 | DnKo2T6zYewfCw4lYxRKYT6RqA0y8nJqyLRmeZ0nYP6uvDYjHEu7mqUf | |
337 | XBzeZNMy3WgSCTbQoK/RaSR7adTgTe5t972c51Di7TCwxpDzCfAKuPPk | |
338 | liBM9Z0x4gC0AZfO5Ma0p+dhf2k7wfl8m8xEOEMJITLooy88Nh+u2c9H | |
339 | F1tw0naH ; key id = 40620 | |
340 | "); | |
341 | my $bindkey2=Net::DNS::RR->new(" | |
342 | example.com. 3600 IN DNSKEY 256 3 5 | |
343 | AQPaoHW/nC0fj9HuCW3hACSGiP0AkPS3dQFXDlEUjv1orbtx06TMmVKG | |
344 | K5K564OSd6UCf4ZQEu2CMPSAUFGHEZuANKYGwZh0k/HeoVNeom1L3Nt4 | |
345 | tVLiGMzrPQskzeK8sr1NKgqFmckQllMWd0ob8Ud6nqeQLHvXQgv1iHX3 | |
346 | dpBIPLYbRCzueqC5k09APl25PgJjjreyRXrxodvoiiaLHpdL5NtM2S9e | |
347 | ok2zmuRpYQSF1LTNfWwY9CkgL017Z/Zv00SbcoTM/eTXPqijGtUhh6UX | |
348 | 1gX89ybeyjtfcGbmTcB+I79NykZWoddO8zyzBXzzfFwtsAuryjQ/HFa5 | |
349 | r4mrbhkJ ; key id = 6227 | |
350 | "); | |
351 | my $bindsig=Net::DNS::RR->new(" | |
352 | ||
353 | example.com. 3600 RRSIG DNSKEY 5 2 3600 20380101000000 ( | |
354 | 20080225134340 40620 example.com. | |
355 | KXDsJ6gOFbGUA8cSwLIgnHQ2GwfpUJLWZK7/ | |
356 | MwF7+G2B5Ds7SQG1UWv0QuyNtWB0ubSn2ipw | |
357 | 4TclHDKjeYMFLD6I5Zuh4mW7n2QpPN79z57V | |
358 | C4Hf23lcWLRSL37jtX2qOPqWnFjy1AoGYzmy | |
359 | IksYcjPF5VPZyfQC0YprAQ35UKwAHfF9RMwi | |
360 | 7vdE0GzON1FkVCWN7uxYjnZT1jxs3EeSnR4+ | |
361 | 6ckK9OBJVHYUnjmIgViq6IuPV08zrelvZHcC | |
362 | WNFcjKKNpf3yx5YhyQBJBM6Fofl8Dk4zexsp | |
363 | VVjGDLrDwg73dOGEe3E00DQ9zDc++PGVNRPm | |
364 | r34ojumh85Ua0YVatw== ) | |
365 | ||
366 | "); | |
367 | ||
368 | ||
369 | ||
370 | my $binddataset=[$bindkey1, $bindkey2]; | |
371 | ||
372 | ok( $bindsig->verify($binddataset,$bindkey1), | |
373 | 'RSA sig generated with bind verifies') || diag ($bindsig->vrfyerrstr); | |
374 | ||
375 | ||
376 | ||
377 | ||
378 | my $nsecrr=Net::DNS::RR->new("example.com 300 NSEC itemA.with.caps.example.com. NS SOA TXT RRSIG NSEC DNSKEY | |
379 | "); | |
384 | 380 | |
385 | 381 | ok ( $nsecrr, 'NSEC RR created from string'); |
386 | 382 | |
387 | my $nsecsig=Net::DNS::RR->new("foo.example. 300 RRSIG ( | |
388 | NSEC 5 2 300 20320101000000 | |
389 | 20050330103924 43787 foo.example. | |
390 | CF3JXoyzhdi0hNj4gsEz+a8u8LedRrFtZpDc | |
391 | gvwdsQLYD+UTFEE/zbomMBxdh1M5EsVAnead | |
392 | 5vTn1AeSvbBzy976FoAd6lDYEGgUvCEJUsng | |
393 | UHiCvBX6Netnqo4d7Tnzi0wsCvtAIMYuYa/T | |
394 | 3FnLMaJepNKp+QctcO8RpjlLb+b8rNAxsNcv | |
395 | SaBxwAhPDvqQfPGmMQr5+Ga1c/1QCCkDyMzX | |
396 | sZ0YqzZgeU+9kkqent4hPBdI8vlsISpTZgmC | |
397 | BmNniBpPwpAHSAqCM0EyKu9Jni2laYT7Xsu2 | |
398 | LpQ2NU6lYRfOVu/OG98IevFZZ90YHbvF84e8 | |
399 | rHWllbuFLTien++AQitKCM9wxSPIoOFXq3O4 | |
400 | pEV00Ja9UAQMvHtRiC5AronayV8fSRjooiJe | |
401 | 67eLFYSV6t3K1Qlx4nKuTbM+9TFevvgWKk6w | |
402 | a6hHetCohec/7xTftU9R329Jm9fWQCrOLuYa | |
403 | gOKAKiwn8AtOTKyJec0wC2/lqrlMcToYtIM= ) | |
404 | ||
405 | ||
406 | ||
407 | "); | |
408 | ||
409 | my $nseckey=Net::DNS::RR->new("foo.example. 3600 DNSKEY 256 3 5 ( | |
410 | AQMLaOdD3VKofLiblKFdjnJpVFPD1mbIxh2H | |
411 | +JaHkblnFH5cKn/mHU21ODD4mubkPqrhpEWi | |
412 | Omm5+rpj90YdeFilf05tncc+3vr3ttSKKpXz | |
413 | nV1h+IuX4tUwnCd1xH8+FrvoSJLgFCR97VG7 | |
414 | wwKOIXjjttpnoj+eX8wnlR0u8DxXH8q7o2Un | |
415 | o5T1htoz/RtjUdbkuTpn4a7XRt98GcBQ1YGd | |
416 | iOk3c5sVSCqHeEpsHTSSa5DYcNbBD71d+ahc | |
417 | jkKVJXyAGRNEjEvYRQ6XSQ84rH7okO3Pl18V | |
418 | rBDEMw6mivD0970W/Y0T2nBORTDR7h9D/62+ | |
419 | SmqCxuW6ISPvhL8VgO9R64i9/vo3K95JIEQB | |
420 | LH+dab2olsuM+O9rVkBaIe+qNT6hT0ScRR6E | |
421 | eDdA0CH+zqATqGrENT6I4XES+tuVJKK6Cph5 | |
422 | L3uO5QeevoFgh3jJDKHawi/QA2P0mhtTNF1E | |
423 | Q7XwlHZVefVxUmLjJ5r7UBKaa7xAg8W4RKCR | |
424 | 9w== | |
425 | ) ; key id = 43787 | |
426 | ||
427 | ||
428 | "); | |
383 | my $nsecsig=Net::DNS::RR->new(" | |
384 | ||
385 | example.com. 300 RRSIG NSEC 5 2 300 20380101000000 ( | |
386 | 20080225134340 6227 example.com. | |
387 | TyfSavDAslOFzfiAQv29/KjGQBSyptVIHAl/ | |
388 | +BtV7YL7VBOBBxpYM0laQWfnvRPwqfqO0STD | |
389 | u3KpIH95/ZeIPA/20xqR9IqgQNx3NvMmNK2g | |
390 | R0qPK/tkKQpHsBGPgARXhQqUwT2HhhmwNOYb | |
391 | ZwvnbaarFVq3RWerJUAxWHm3OABqZ1RYr6rL | |
392 | JEIIwEuBs9zAmR0G03Ourg+vVzkIgOoiEcBy | |
393 | ketBJr7FfFsRAYJ0HWOupSw16lxoUkSrEZ/f | |
394 | NpSwOB7zdEuDeojcfK0JaanpWihA0hiiqq0D | |
395 | 7RKqrnkoTrPVN4lP7bIr4q52jEBlFVIrbIzL | |
396 | UGtebocRBrvlmVB3+A== ) | |
397 | ||
398 | ||
399 | ||
400 | "); | |
401 | ||
429 | 402 | |
430 | 403 | my @nsecdata=($nsecrr); |
431 | 404 | |
432 | ok( $nsecsig->verify(\@nsecdata,$nseckey), "RRSIG over NSEC verifies"); | |
433 | ||
405 | ok( $nsecsig->verify(\@nsecdata,$bindkey2), "RRSIG over NSEC verifies") || | |
406 | diag ($nsecsig->vrfyerrstr); | |
434 | 407 | # |
435 | 408 | # RSA keypair |
436 | 409 | # |
0 | 0 | #!/usr/bin/perl -sw |
1 | 1 | # Test script for dnssec functionalty |
2 | # $Id: 12-nsec++.t 296 2005-05-27 11:31:07Z olaf $ | |
2 | # $Id: 12-nsec++.t 778 2008-12-30 17:19:35Z olaf $ | |
3 | 3 | # |
4 | use Net::DNS::RR::RRSIG; | |
5 | 4 | |
6 | use Test::More tests=>10; | |
5 | ||
6 | ||
7 | use Net::DNS::SEC; | |
8 | use Test::More tests=>17; | |
9 | use Data::Dumper; | |
10 | use Net::DNS::RR::NSEC3 qw( name2hash ); | |
11 | ||
12 | ||
7 | 13 | use strict; |
8 | 14 | |
9 | 15 | BEGIN {use_ok('Net::DNS'); } # test 1 |
63 | 69 | |
64 | 70 | $rr2->typebm(pack("H*",$newbitmap)); |
65 | 71 | is ($rr2->typelist,$newtypelist,"typelist appropritatly changed after invoking typelist method"); |
72 | ||
73 | ||
74 | ######################## | |
75 | ||
76 | ||
77 | my $foo={};; | |
78 | ||
79 | ||
80 | ||
81 | bless($foo,"Net::DNS::RR::NSEC3"); | |
82 | $foo->salt("aabbccdd"); | |
83 | ||
84 | # H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom | |
85 | ||
86 | is ("0p9mhaveqvm6t7vbl5lop2u3t2rp3tom",lc Net::DNS::RR::NSEC3::name2hash(1,"example.",12,$foo->saltbin),"name2hash over example"); | |
87 | ||
88 | ||
89 | # H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995 | |
90 | is ("b4um86eghhds6nea196smvmlo4ors995",lc Net::DNS::RR::NSEC3::name2hash(1,"x.w.example.",12,$foo->saltbin),"name2hash over example"); | |
91 | ||
92 | # H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh | |
93 | ||
94 | is ("0va5bpr2ou0vk0lbqeeljri88laipsfh",lc Net::DNS::RR::NSEC3::name2hash(1,"c.x.w.example.",12,$foo->saltbin),"name2hash over example"); | |
95 | ||
96 | ||
97 | # H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m | |
98 | is ("92pqneegtaue7pjatc3l3qnk738c6v5m",lc Net::DNS::RR::NSEC3::name2hash(1,"*.x.w.example.",12,$foo->saltbin),"name2hash over example"); | |
99 | ||
100 | ||
101 | ||
102 | my $nsec3param=Net::DNS::RR->new( | |
103 | "alfa.example.com 86400 NSEC3PARAM 2 0 12 aabbccdd", | |
104 | ); | |
105 | ok ($nsec3param, "NSEC3PARAM created"); | |
106 | ||
107 | undef $nsec3param; | |
108 | $nsec3param=Net::DNS::RR->new( | |
109 | "alfa.example.com 86400 NSEC3PARAM 2 0 12 aabbccfs", | |
110 | ); | |
111 | ok (!$nsec3param, "NSEC3PARAM not created with corrupt hex data"); | |
112 | ||
113 | ||
114 | ||
115 | my $hashalg=Net::DNS::SEC->digtype("SHA1"); | |
116 | my $salt=pack("H*","aabbccdd"); | |
117 | my $iterations=12; | |
118 | my $name="*.x.w.example"; | |
119 | ||
120 | my $hashedname= name2hash($hashalg,$name,$iterations,$salt); | |
121 | is( $hashedname,"92pqneegtaue7pjatc3l3qnk738c6v5m","name2hash exports and works"); |
9 | 9 | |
10 | 10 | use Net::DNS; |
11 | 11 | |
12 | plan tests=>2; | |
12 | plan tests=>4; | |
13 | 13 | my $nsec1=Net::DNS::RR->new( |
14 | 14 | "example.com. 300 NSEC itemA.with.caps.example.com. NS SOA TXT RRSIG NSEC DNSKEY"); |
15 | 15 | |
16 | 16 | |
17 | 17 | my $nsec2=Net::DNS::RR->new( |
18 | 18 | "itemA.with.caps.example.com. 300 NSEC itemb.without.caps.example.com. TXT RRSIG NSEC"); |
19 | ||
20 | ||
21 | 19 | |
22 | 20 | |
23 | 21 | |
66 | 64 | ) ; key id = 6227 |
67 | 65 | '); |
68 | 66 | |
69 | $nsec1->print; | |
70 | $sig_nsec1->print; | |
71 | $dnskey->print; | |
67 | ||
68 | my $sig_nsec1_ldns=Net::DNS::RR->new(" | |
69 | example.com. 300 IN RRSIG NSEC RSASHA1 2 300 20380119031407 200703 | |
70 | 09133715 6227 example.com. aXhXGPs5tiGFM4NFmgtsj7jW4p6A/hnY2JOwfD/gK1bFTIF/wHTRh | |
71 | na7t1L3auWileX1OymoivDw+HzoRnpL+IStqv4/7P0mMHGwwuyjhpMry8FMf1p3La8IzMV8pmAYsEENb | |
72 | 3izYio3Hjrvvnw2uv2IWOgf1zPmndlmV0B5gOuSJEkyDFP8Z6Zshaou+oGjmDGwMNt0e6IW7yg2r92+9 | |
73 | NNJiGk3EcRnC0uzFVs/4/zlcoTjd4bnK4hQIGyPGOFiC6ATdfIZzVybrUL3tYA1enSh1lBqVh4KVuq9q | |
74 | LkqaBzpNelbwXcSnd5ohLgC/thqMfuYjHnUT1sVEt5uQRL4XA== | |
75 | "); | |
76 | ||
77 | ||
78 | my $sig_nsec2_ldns=Net::DNS::RR->new(" | |
79 | itema.with.caps.example.com. 300 IN RRSIG NSEC RSASHA1 5 300 20380 | |
80 | 119031407 20070309133715 6227 example.com. vvoRDdVtmRhnePyN9Fcm4+vUN7WR4VV6BP68o | |
81 | oHwqmYcllKB6dW1blPupRlVknxhpdGuiSt9D6AhBRFxZNKYhC0mPECHhIXD7wdM/ubMw5ebvRX25DdNy | |
82 | JmVeA1Dz2/mJDgId7reofns8AlFL0xgx5OytIQdiA8HVJqJqDOr3EQsnkhMZ575icJIuDwws7IHNDDZD | |
83 | 8QmEAw4RT/+b8bq3VkAKT6XHiFXBvpfMRHw/W3xOfJgYKckZAku2wSt8caWDooneIOUQxrEG5PR+jtHq | |
84 | zVSxaZtgZ0t9ZR2BPDjgXg3F4kxDetFzqSfjg1fhs+dD9nIn6mGmvNOL71l8vauIA== | |
85 | "); | |
86 | ||
72 | 87 | |
73 | 88 | |
74 | 89 | my $data=[$nsec1]; |
75 | ok($sig_nsec1->verify($data, $dnskey),"Data validated") || diag $sig_nsec1->vrfyerrstr; | |
90 | ok($sig_nsec1->verify($data, $dnskey),"Data did validate") || diag $sig_nsec1->vrfyerrstr; | |
76 | 91 | |
77 | 92 | |
78 | 93 | my $data2=[$nsec2]; |
79 | 94 | ok($sig_nsec2->verify($data2, $dnskey),"Data validated") || diag $sig_nsec2->vrfyerrstr; |
80 | 95 | |
96 | #diag "PERL VERSION $]"; | |
97 | #diag "TIME::Local VERSION $Time::Local::VERSION"; | |
98 | SKIP:{ | |
99 | skip "Time::Local seems to check on unix time use beyond 2032", 2 if $Time::Local::VERSION > 1.11; | |
100 | ok(! $sig_nsec1_ldns->verify($data, $dnskey),"Data did not validate (now generated with 'broken signer')") || diag $sig_nsec1_ldns->vrfyerrstr; | |
101 | ||
102 | ||
103 | ||
104 | $data2=[$nsec2]; | |
105 | ok($sig_nsec2_ldns->verify($data2, $dnskey),"Data validated") || diag $sig_nsec2_ldns->vrfyerrstr; | |
106 | } | |
81 | 107 | |
82 | 108 | |
83 | 109 |
0 | # $Id$ -*-perl-*- | |
1 | # | |
2 | # | |
3 | # These are test that relate to DS RRs. | |
4 | # Mainly used during implementation of the SHA256 algorithm | |
5 | ||
6 | ||
7 | use Test::More; | |
8 | use strict; | |
9 | ||
10 | use Net::DNS; | |
11 | ||
12 | plan tests=>3; | |
13 | ||
14 | ||
15 | my $dnskeyrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DNSKEY 256 3 5 ( | |
16 | AQOeiiR0GOMYkDshWoSKz9Xz | |
17 | fwJr1AYtsmx3TGkJaNXVbfi/ | |
18 | 2pHm822aJ5iI9BMzNXxeYCmZ | |
19 | DRD99WYwYqUSdjMmmAphXdvx | |
20 | egXd/M5+X7OrzKBaMbCVdFLU | |
21 | Uh6DhweJBjEVv5f2wwjM9Xzc | |
22 | nOf+EPbtG9DMBmADjFDc2w/r | |
23 | ljwvFw== | |
24 | ) ; key id = 60485'); | |
25 | ||
26 | my $dsrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DS 60485 5 2 ( | |
27 | D4B7D520E7BB5F0F67674A0C | |
28 | CEB1E3E0614B93C4F9E99B83 | |
29 | 83F6A1E4469DA50A )'); | |
30 | ||
31 | ||
32 | $dsrr->print; | |
33 | ok($dsrr->verify($dnskeyrr),"Validated the SHA256 DS"); | |
34 | ||
35 | ||
36 | my $newdsrr=create Net::DNS::RR::DS($dnskeyrr, | |
37 | ( | |
38 | digtype => "SHA256" | |
39 | ) | |
40 | ); | |
41 | ok($newdsrr->verify($dnskeyrr),"Validated the second SHA256 DS"); | |
42 | ||
43 | ||
44 | my $ds1 = Net::DNS::RR->new( | |
45 | 'algorithm' => 3, | |
46 | 'class' => 'IN', | |
47 | 'digest' => '1234567890ABCDEF', | |
48 | 'digtype' => 5, | |
49 | 'keytag' => 123, | |
50 | 'name' => 'test1dom1.se', | |
51 | 'ttl' => 43200, | |
52 | 'type' => 'DS', | |
53 | 'digestbin' => '' | |
54 | ); | |
55 | #error only occurs when next line is commented | |
56 | ||
57 | ||
58 | my $ds2 = Net::DNS::RR->new( | |
59 | 'algorithm' => 3, | |
60 | 'class' => 'IN', | |
61 | 'digest' => '1234567890ABCDEF', | |
62 | 'digtype' => 5, | |
63 | 'keytag' => 123, | |
64 | 'name' => 'test1dom1.se', | |
65 | 'ttl' => 43200, | |
66 | 'type' => 'DS', | |
67 | ); | |
68 | ||
69 | ||
70 | is ($ds1->string,$ds2->string,"Digestbin calculation correct"); | |
71 | ||
72 |
0 | # $Id: 16-dlv.t 778 2008-12-30 17:19:35Z olaf $ -*-perl-*- | |
1 | # | |
2 | # | |
3 | # These are test that relate to DLV RRs. | |
4 | # Mainly used during implementation of the SHA256 algorithm | |
5 | ||
6 | ||
7 | use Test::More; | |
8 | use strict; | |
9 | ||
10 | use Net::DNS; | |
11 | ||
12 | plan tests=>2; | |
13 | ||
14 | ||
15 | my $dnskeyrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DNSKEY 256 3 5 ( | |
16 | AQOeiiR0GOMYkDshWoSKz9Xz | |
17 | fwJr1AYtsmx3TGkJaNXVbfi/ | |
18 | 2pHm822aJ5iI9BMzNXxeYCmZ | |
19 | DRD99WYwYqUSdjMmmAphXdvx | |
20 | egXd/M5+X7OrzKBaMbCVdFLU | |
21 | Uh6DhweJBjEVv5f2wwjM9Xzc | |
22 | nOf+EPbtG9DMBmADjFDc2w/r | |
23 | ljwvFw== | |
24 | ) ; key id = 60485'); | |
25 | ||
26 | my $dsrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DLV 60485 5 2 ( | |
27 | D4B7D520E7BB5F0F67674A0C | |
28 | CEB1E3E0614B93C4F9E99B83 | |
29 | 83F6A1E4469DA50A )'); | |
30 | ||
31 | ||
32 | $dsrr->print; | |
33 | ok($dsrr->verify($dnskeyrr),"Validated the SHA256 DLV"); | |
34 | ||
35 | ||
36 | my $newdsrr=create Net::DNS::RR::DLV($dnskeyrr, | |
37 | ( | |
38 | digtype => "SHA256" | |
39 | ) | |
40 | ); | |
41 | ok($newdsrr->verify($dnskeyrr),"Validated the second SHA256 DLV"); | |
42 | ||
43 |