Codebase list libnet-dns-sec-perl / a4a6160
Merge commit 'upstream/0.15' Ondrej Sury 14 years ago
19 changed file(s) with 1343 addition(s) and 203 deletion(s). Raw diff Collapse all Expand all
+37
-2
Changes less more
00 Revision history for Perl extension Net::DNS::SEC.
11
2 ***0.15 December 31, 2008
3
4
5 Fix: digestbin not set when an empty value passed to hash.
6
7 Feature: Added DLV (rfcc 4431). The RR object is simply a clone of
8 the DS RR and inherits ... everything
9
10 Feature: Added NSEC3 and NSEC3PARAM support (RFC5155).
11 This adds Mime::Base32 to the module dependency list.
12 The RR type was still experimental at that time and is maintained
13 in Net::DNS::RR.
14
15 Fix: Test script recognizes change in Time::Local. Note that
16 Time::Local does not deal with dates beyond 03:14:07 UTC on
17 Tuesday, 19 January 2038. Therefore this code has a year 2038
18 problem.
19
20 Fix: DS create_from_hash now produces objects that can create
21 wireformat.
22
23 Other: minor changes to the debug statements
24 added t/05-rr.t (and identified a couple of bugs using it)
25
26 Fix: a few inconsistencies with respect to parsing of trailing dots.
27
28
29 During development the test signatures generated with the BIND tools
30 were re-generated in order to troubleshoot a bug that (most
31 probably) was caused by a version incompatibility between Net::DNS
32 and Net::DNS::SEC. Before release the original test from the 0.14
33 release were ran against this version too.
34
35
36
237
338 0.14 February 14, 2005
439
341376
342377 0.19-DNSSEC-0.3:
343378 Solved patch problems that where due to the
344 $Id: Changes 557 2006-02-14 10:07:46Z olaf $ in headers not
379 $Id: Changes 769 2008-12-30 16:42:20Z olaf $ in headers not
345380 being from the original distribution.
346381
347382 Added DSA signature creation
373408
374409
375410 ---------------------------------------------------------------------------
376 $Id: Changes 557 2006-02-14 10:07:46Z olaf $
411 $Id: Changes 769 2008-12-30 16:42:20Z olaf $
+3
-3
Keyset.pm less more
00
1 # $Id: Keyset.pm 269 2005-04-13 13:12:04Z olaf $
1 # $Id: Keyset.pm 728 2008-10-12 09:02:24Z olaf $
22
33
44 package Net::DNS::Keyset;
3636
3737 use vars qw ( $VERSION @EXPORT $keyset_err );
3838
39 ( $VERSION ) = '$Revision: 269 $ ' =~ /\$Revision:\s+([^\s]+)/;
39 ( $VERSION ) = '$Revision: 728 $ ' =~ /\$Revision:\s+([^\s]+)/;
4040
4141 my $debug=0;
4242
537537 $sig->signame .":". $sig->keytag . "\n" if $debug;
538538
539539 if ($key->keytag == $sig->keytag &&
540 $key->name."." eq $sig->signame ){
540 $key->name."." eq $sig->signame."." ){
541541 print "...\n" if $debug;
542542 my @keys=$self->keys ;
543543 if (! $sig->verify( \@keys , $key)){
+5
-0
MANIFEST less more
1010 RR/DS.pm
1111 RR/KEY.pm
1212 RR/NSEC.pm
13 RR/NSEC3.pm
14 RR/NSEC3PARAM.pm
1315 RR/NXT.pm
1416 RR/RRSIG.pm
1517 RR/SIG.pm
18 RR/DLV.pm
1619 SEC.pm
1720 SEC/Private.pm
1821 t/00-load.t
2730 t/12-nsec++.t
2831 t/13-utilities.t
2932 t/14-misc.t
33 t/15-ds.t
34 t/16-dlv.t
3035 t/getpacket.pl
3136 t/Kexample.com.+001+28551.private
3237 t/Kexample.com.+001+28551.key
+4
-3
META.yml less more
00 # http://module-build.sourceforge.net/META-spec.html
11 #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
22 name: Net-DNS-SEC
3 version: 0.14
3 version: 0.15
44 version_from: SEC.pm
55 installdirs: site
66 requires:
1212 Digest::SHA1: 0
1313 File::Basename: 0
1414 Math::BigInt: 0
15 MIME::Base32: 0
1516 MIME::Base64: 0
16 Net::DNS: 0.44
17 Net::DNS: 0.64
1718 Test::More: 0.47
1819 Time::Local: 0
1920
2021 distribution_type: module
21 generated_by: ExtUtils::MakeMaker version 6.17
22 generated_by: ExtUtils::MakeMaker version 6.30
+7
-3
Makefile.PL less more
00 #
1 # $Id: Makefile.PL 527 2005-12-09 10:51:06Z olaf $
1 # $Id: Makefile.PL 728 2008-10-12 09:02:24Z olaf $
22 #
33
44
2424 'NAME' => 'Net::DNS::SEC',
2525 'VERSION_FROM' => 'SEC.pm',
2626 'PREREQ_PM' => {
27 Net::DNS => 0.44,
27 Net::DNS => 0.64,
2828 Test::More => 0.47,
2929 Crypt::OpenSSL::RSA => 0.19,
3030 Crypt::OpenSSL::Bignum => 0.03,
3232 Digest::SHA => 5.23,
3333 File::Basename => 0.0,
3434 MIME::Base64 => 0.0,
35 MIME::Base32 => 0.0,
3536 Math::BigInt => 0.0,
3637 Time::Local => 0.0,
3738 Digest::BubbleBabble => 0.01,
4445 'SEC.pm' => '$(INST_LIBDIR)/SEC.pm',
4546 'SEC/Private.pm' => '$(INST_LIBDIR)/SEC/Private.pm',
4647 'RR/DS.pm' => '$(INST_LIBDIR)/RR/DS.pm',
48 'RR/DLV.pm' => '$(INST_LIBDIR)/RR/DLV.pm',
4749 'RR/NXT.pm' => '$(INST_LIBDIR)/RR/NXT.pm',
4850 'RR/KEY.pm' => '$(INST_LIBDIR)/RR/KEY.pm',
4951 'RR/SIG.pm' => '$(INST_LIBDIR)/RR/SIG.pm',
5052 'RR/RRSIG.pm' => '$(INST_LIBDIR)/RR/RRSIG.pm',
5153 'RR/DNSKEY.pm' => '$(INST_LIBDIR)/RR/DNSKEY.pm',
5254 'RR/NSEC.pm' => '$(INST_LIBDIR)/RR/NSEC.pm',
55 'RR/NSEC3.pm' => '$(INST_LIBDIR)/RR/NSEC3.pm',
56 'RR/NSEC3PARAM.pm' => '$(INST_LIBDIR)/RR/NSEC3PARAM.pm',
5357 },
5458
55 clean => {FILES => "*~ keyset-*"}
59 clean => {FILES => "*~ t/keyset-*"}
5660
5761 );
5862
+48
-0
RR/DLV.pm less more
0 package Net::DNS::RR::DLV;
1 #
2 # $Id: DLV.pm 580 2006-04-20 15:56:57Z olaf $
3 #
4 use strict;
5 BEGIN {
6 eval { require bytes; }
7 }
8 use vars qw(@ISA $VERSION);
9 use Net::DNS::RR::DS;
10
11
12 @ISA = qw(Net::DNS::RR::DS);
13 $VERSION = (qw$LastChangedRevision: 580 $)[1];
14
15
16
17 =head1 NAME
18
19 Net::DNS::RR::DLV - DNS DLV resource record
20
21 =head1 SYNOPSIS
22
23 C<use Net::DNS::RR>;
24
25 =head1 DESCRIPTION
26
27 This is a clone of the DS record. This class therfore completely inherits
28 all properties of the Net::DNS::RR::DS class.
29
30 Please see the L<Net::DNS::RR::DS> perldocumentation for details
31
32 =head1 COPYRIGHT
33
34 Copyright (c) 2005 Olaf Kolkman (NLnet Labs)
35
36 All rights reserved. This program is free software; you may redistribute
37 it and/or modify it under the same terms as Perl itself.
38
39 =head1 SEE ALSO
40
41 L<perl(1)>, L<Net::DNS>, L<Net::DNS::Resolver>, L<Net::DNS::Packet>,
42 L<Net::DNS::Header>, L<Net::DNS::Question>, L<Net::DNS::RR>,
43 RFC4431.
44
45
46 =cut
47
+24
-9
RR/DS.pm less more
00 package Net::DNS::RR::DS;
11
2 # $Id: DS.pm 518 2005-11-23 13:23:53Z olaf $
2 # $Id: DS.pm 728 2008-10-12 09:02:24Z olaf $
33
44
55 use strict;
2121
2222
2323
24 $VERSION = do { my @r=(q$Revision: 518 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
24 $VERSION = do { my @r=(q$Revision: 728 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
2525 my $debug=0;
2626
2727 @ISA = qw(Net::DNS::RR);
104104
105105 sub rr_rdata {
106106 my $self = shift;
107
108107 my $rdata;
109 if (exists $self->{"keytag"}) {
110 $rdata= pack("n",$self->{"keytag"}) ;
111 $rdata.= pack("C", $self->{"algorithm"}) ;
112 $rdata.= pack("C", $self->{"digtype"}) ;
113 $rdata.= $self->{"digestbin"}
108 if (exists $self->{"digest"}) {
109 $rdata= pack("n",$self->{"keytag"}) ;
110 $rdata.= pack("C", $self->{"algorithm"}) ;
111 $rdata.= pack("C", $self->{"digtype"}) ;
112 $rdata.= $self->digestbin;
114113 }
115114 return $rdata;
116115 }
134133 sub babble {
135134 my $self=shift;
136135 if ($_Babble){
137 return bubblebabble(Digest=>$self->digestbin);
136 return bubblebabble(Digest=>$self->digestbin);
138137 }else{
139138 return("");
140139 }
141140 }
142141
142
143 sub digestbin {
144 my ($self,$new_val)=@_;
145
146 if (defined $new_val) {
147 $self->{"digestbin"} = $new_val;
148 $self->{"digest"} = unpack("H*",$new_val);
149 return $self->{"digestbin"};
150 }
151
152
153 $self->{"digestbin"}=pack("H*",$self->{"digest"}) unless( $self->{"digestbin"} );
154 return $self->{"digestbin"};
155
156
157 }
143158
144159 sub create {
145160 my ($class, $keyrr ,%args) = @_;
+19
-8
RR/NSEC.pm less more
00 package Net::DNS::RR::NSEC;
11
2 # $Id: NSEC.pm 510 2005-11-05 01:01:45Z olaf $
2 # $Id: NSEC.pm 728 2008-10-12 09:02:24Z olaf $
33
44 use strict;
55 use vars qw(@ISA $VERSION);
1212 use Carp;
1313
1414 @ISA = qw(Net::DNS::RR);
15 $VERSION = do { my @r=(q$Revision: 510 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
15 $VERSION = do { my @r=(q$Revision: 728 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
1616
1717 sub new {
1818 my ($class, $self, $data, $offset) = @_;
2121 my($nxtdname,$nxtoffset) =
2222 Net::DNS::Packet::dn_expand($data, $offset);
2323
24 $self->{"nxtdname"} = "$nxtdname";
24 $self->{"nxtdname"} = $nxtdname;
2525
2626 my $typebm =substr($$data,$nxtoffset,
2727 $self->{"rdlength"}-
4545 $string =~ /^\s*(\S+)\s+(.*)/;
4646 my @nxttypes = split ' ' , $nxtstr; # everything after last match...
4747
48 $self->{"nxtdname"}= $nxtdname;
48 $self->{"nxtdname"}= Net::DNS::stripdot($nxtdname);
4949 $self->{"typelist"}= join " " , sort @nxttypes ;
5050 $self->{"typebm"}=_typearray2typebm(@nxttypes);
5151
7474
7575
7676 if (exists $self->{"nxtdname"}) {
77 $rdatastr = $self->{nxtdname};
77 $rdatastr = $self->{nxtdname}.".";
7878 $rdatastr .= " " . $self->typelist();
7979 }
8080 else {
9191 my $rdata = "" ;
9292 if (exists $self->{"nxtdname"}) {
9393 # Compression used here...
94 $rdata = $packet->dn_comp($self->{"nxtdname"},$offset);
94 $rdata = $packet->dn_comp(($self->{"nxtdname"}),$offset);
9595 $rdata .= $self->typebm();
9696 }
9797
9898 return $rdata;
9999
100100 }
101
102
103
104
105 sub _normalize_dnames {
106 my $self=shift;
107 $self->_normalize_ownername();
108 $self->{'nxtdname'}=lc(Net::DNS::stripdot($self->{'nxtdname'})) if defined $self->{'nxtdname'};
109 }
110
111
101112
102113
103114
131142
132143
133144 sub _canonicalRdata {
134 # rdata contains a compressed domainname... we should not have that.
145 # rdata contains a compressed domainname... that should not have
146 # been done @specification time :-)
135147 my ($self) = @_;
136148 my $rdata;
137149 $rdata=$self->_name2wire($self->{"nxtdname"});
170182 # Turn the array of arrays referenced through $bm into the bitmap
171183 # as used in the RDATA
172184
173
174185 for (my $i=0; $i < @{$bm}; $i++){
175186 if (defined ($bm->[$i])){
176187 use integer;
+523
-0
RR/NSEC3.pm less more
0 package Net::DNS::RR::NSEC3;
1 #
2 # $Id: NSEC3.pm 767 2008-12-24 10:02:25Z olaf $
3
4 use strict;
5 require Exporter;
6
7 use vars qw(
8 @ISA
9 $VERSION
10 @EXPORT_OK
11 %digestbyname
12 %digestbyval
13 );
14
15
16 use Carp;
17 use bytes;
18 use MIME::Base64;
19 use MIME::Base32;
20
21 use Digest::SHA qw(sha1 sha1_hex sha256 sha256_hex );
22
23 use Net::DNS qw( name2labels );
24 use Net::DNS::SEC;
25 use Net::DNS::Packet;
26 use Net::DNS::RR::NSEC;
27
28
29 #http://www.iana.org/assignments/dnssec-nsec3-parameters
30 %digestbyname = (
31 "SHA1" => 1,
32 );
33
34 @EXPORT_OK= qw (
35 name2hash
36 );
37
38
39 # Inherit a couple of methods from NSEC.
40 @ISA = qw(Exporter Net::DNS::SEC Net::DNS::RR Net::DNS::RR::NSEC);
41
42
43
44 $VERSION = do { my @r=(q$Revision: 510 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
45
46 sub new {
47 my ($class, $self, $data, $offset) = @_;
48
49 if ($self->{'rdlength'} > 0) {
50
51 # section 3.1 of NSEC3 specs
52 # 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
53 # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
54 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
55 # | Hash Alg. | Flags Field | Iterations |
56 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
57 # | Salt Length | Salt /
58 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
59 # | Hash Length | Next Hashed Ownername /
60 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 # / Type Bit Maps /
62 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63
64 my $offsettoits=$offset+2;
65 my $offsettoflags=$offset+1;
66 my $offsettosaltlength=$offset+4;
67 my $offsettosalt=$offset+5;
68 $self->{'hashalgo'}=unpack("C",substr($$data,$offset,1));
69 $self->{'flags'}=unpack("C",substr($$data,$offsettoflags,1));
70 $self->{'iterations'}=unpack("n",substr($$data,$offsettoits,3));
71
72 $self->{'saltlength'}=unpack("C",substr($$data,$offsettosaltlength,1));
73 $self->{'saltbin'}=substr($$data,$offsettosalt,$self->{'saltlength'});
74 $self->{'salt'}= unpack("H*",$self->{'saltbin'});
75
76 my $offsettohashlength= $offsettosalt+$self->{'saltlength'};
77 $self->{'hashlength'}=unpack("C",substr($$data,$offsettohashlength,1));
78
79 $self->{'hnxtnamebin'}=substr($$data,$offsettohashlength+1,$self->{'hashlength'});
80 $self->{'hnxtname'}=MIME::Base32::encode $self->{'hnxtnamebin'};
81 my $offsettotypebm=$offsettohashlength+1+$self->{'hashlength'};
82
83 my $typebm =substr($$data,$offsettotypebm, $self->{'rdlength'}-$offsettotypebm +$offset );
84
85
86 $self->{'typebm'}=$typebm;
87 $self->{'typelist'} = join " "
88 , Net::DNS::RR::NSEC::_typebm2typearray($typebm);
89
90 }
91 bless $self, $class;
92 return $self;
93 }
94
95
96
97
98 sub new_from_string {
99 my ($class, $self, $string) = @_;
100 if ($string) {
101 $string =~ tr/()//d;
102 $string =~ s/;.*$//mg;
103 $string =~ s/\n//mg;
104
105 my ($hashalgo,$flags,$iterations,$salt,$hnxtname,$nxtstr)=
106 $string =~ /^\s*(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(\S+)\s?(.*)/;
107 my @nxttypes = split ' ' , $nxtstr; # everything after last match...
108
109 bless $self, $class;
110
111 # This assumes that the digest type allocations follow the assignments as used for DS...
112
113 #overwrite the digestby name table used by Net::DNS::SEC digtype
114 $self->{'hashalgo'}=$self->digtype($hashalgo) ||
115 return undef;
116 $self->{'flags'}=$flags;
117 $self->{'iterations'}=$iterations;
118 if ($salt eq '-') {$salt=''};
119 $self->{'salt'}=$salt;
120 $self->{'saltbin'}=pack("H*",$salt);
121 $self->{'saltlength'}=length $self->{saltbin};
122
123 $self->{'hnxtname'}= Net::DNS::stripdot($hnxtname);
124 $self->{'hnxtnamebin'}=MIME::Base32::decode uc $hnxtname;
125
126 $self->{'typelist'}= join " " , sort @nxttypes ;
127 $self->{'typebm'}=Net::DNS::RR::NSEC::_typearray2typebm(@nxttypes);
128
129 }
130 return $self;
131 }
132
133
134
135
136 sub rdatastr
137 {
138 my $self = shift;
139 my $rdatastr;
140 if (exists $self->{hashalgo})
141 {
142 $rdatastr .= $self->{hashalgo} ." ";
143 $rdatastr .= $self->{flags}." ";
144 $rdatastr .= $self->{iterations}. " ";
145 $rdatastr .= $self->salt()." ";
146
147 $rdatastr .= "(\n\t\t\t";
148 $rdatastr .= $self->{hnxtname} . "\n";
149 $rdatastr .= "\t\t\t$self->{typelist} )";
150 }
151 else
152 {
153 $rdatastr = "; no data"
154 }
155 $rdatastr
156 }
157
158 sub rr_rdata {
159 my ($self, $packet, $offset) = @_;
160
161 my $rdata = "" ;
162
163 if (exists $self->{'hnxtname'}) {
164 $rdata = pack("C",$self->{'hashalgo'});
165 $rdata .= pack("C", $self->{'flags'} );
166 $rdata .= pack("n", $self->{'iterations'} );
167
168 unless( exists $self->{'saltbin'}) {
169 if ($self->{'salt'} eq "-"){
170 $self->{'saltbin'}="";
171 }else{
172 $self->{'saltbin'}=pack("H*",$self->{'salt'})
173 }
174 }
175 $rdata.= pack("C",length($self->{'saltbin'}));
176 $rdata .= $self->{'saltbin'};
177
178 $self->{'hnxtnamebin'}=MIME::Base32::decode(uc $self->{'hnxtname'}) unless
179 exists $self->{'hnxtnamebin'} ;
180 $rdata.= pack("C",length($self->{'hnxtnamebin'}));
181 $rdata .= $self->{'hnxtnamebin'};
182 $rdata .= $self->typebm();
183
184 }
185 return $rdata;
186 }
187
188
189 sub _normalize_dnames {
190 my $self=shift;
191 $self->_normalize_ownername();
192 $self->{'hnxtname'}= Net::DNS::stripdot($self->{'hnxtname'}) if defined $self->{'hnxtname'};
193 $self->{'hnxtnamebin'}=MIME::Base32::decode(uc $self->{'hnxtname'});
194
195 }
196
197
198
199
200 sub salt {
201 my ($self,$salt)=@_;
202 if (defined $salt){
203 if ($salt eq "-"){
204 $self->{'salt'} = "" ;
205 }else{
206 $self->{'salt'} = $salt ;
207 unless ($salt =~ /^[0-9a-f]*$/i ) {
208 # print "input ($salt) not hex" ;
209 return undef;
210 }
211 $self->{'saltbin'} = pack("H*",$salt);
212 }
213 }
214 return "-" if ($self->{'salt'} eq "");
215 return $self->{'salt'};
216 }
217
218
219 sub name2hash {
220 my $hashalg=shift;
221 my $inname= lc shift;
222 my $iterations=shift;
223 my $saltbin=shift;
224
225 my $hashfunc;
226 if ($hashalg==1){
227 $hashfunc = sub {my $x=shift ; return sha1($x)};
228 }elsif($hashalg==2){
229 $hashfunc = sub {my $x=shift ; return sha256($x)};
230 }else{
231 return;
232 }
233 my $wirename=Net::DNS::RR->_name2wire($inname);
234 my $i=0;
235 for (0..$iterations)
236 {
237 $wirename=&$hashfunc($wirename.$saltbin);
238 }
239 return lc MIME::Base32::encode $wirename;
240
241
242 }
243
244
245
246 sub ownername {
247 my $self=shift;
248 if (defined $self->{'ownername'}){
249 return $self->{'ownername'};
250 }else{
251 return $self->{'ownername'} = (name2labels($self->name))[0] ;
252 }
253
254 }
255
256
257 sub _zonelabels {
258 # Extracts the labels that make up the zone from the owner name of the
259 # record, simply by stripping the first label.
260 # returns an array of labels in wire format.
261 my $self=shift;
262 unless (defined $self->{'zonelabels'}){
263 my @labels= (name2labels($self->name)) ;
264 shift @labels;
265 $self->{'zonelabels'} = \@labels ;
266
267 }
268 return @{$self->{'zonelabels'}};
269 }
270
271 sub _zone {
272 # Returns the result from the zonelabels method in presentation
273 # format (without trailing dot
274 my $self=shift;
275 my $name;
276 foreach my $label ($self->zonelabels){
277 $name .= wire2presentation($label) . ".";
278 }
279 chop($name);
280 return $name;
281 }
282
283
284 sub optout {
285 my ($self,$newval )= @_;
286 if (defined ($newval)) {
287 if ($newval){
288 $self->{'flags'} |= hex("0x01");
289 }else{
290 $self->{'flags'} &= ~hex("0x01");
291 }
292 }
293
294 return $self->{'flags'} & hex("0x01");
295 }
296
297
298
299
300 sub covered {
301 my $self=shift;
302 my $domainname=shift;
303
304 # first test if the domain name is in the NSEC zone.
305 my @domainlabels=name2labels($domainname);
306 my @zonelabels= $self->_zonelabels();
307
308 while (my $zlabel = pop @zonelabels ){
309 my $dlabel= pop @domainlabels;
310 return 0 unless ($dlabel eq $zlabel)
311 }
312
313 my $hashedname= Net::DNS::RR::NSEC3::name2hash(
314 $self->hashalgo,
315 $domainname,
316 $self->iterations,
317 $self->saltbin,
318 );
319
320 if ( ($self->ownername() cmp $self->hnxtname() )== 1 ) {
321 # last name in the zone.
322 return 1 if ( ( $hashedname cmp $self->hnxtname() ) == 1 );
323 return 1 if ( ( $hashedname cmp $self->ownername() ) == -1 );
324 }
325 elsif ( ($self->ownername() cmp $self->hnxtname() )== 0 ) {
326 # One entry in the zone.
327 return 1;
328 }else{
329 return 1 if ( ($self->ownername() cmp $hashedname) == -1 )
330 &&
331 ( ( $hashedname cmp $self->hnxtname() ) == -1 );
332 }
333 return 0;
334
335 }
336
337
338
339 sub match {
340 my $self=shift;
341 my $domainname=shift;
342 my $ownername=$self->ownername();
343 my $hashedname= Net::DNS::RR::NSEC3::name2hash(
344 $self->hashalgo,
345 $domainname,
346 $self->iterations,
347 $self->saltbin
348 );
349
350 return $ownername eq $hashedname;
351
352 }
353
354
355
356
357
358 sub digtype {
359 my $self=shift;
360 $self->{'digestbyname'}= \%digestbyname;
361 $self->_digtype(@_);
362 }
363
364
365
366 1;
367
368
369 =head1 NAME
370
371 Net::DNS::RR::NSEC3 - DNS NSEC3 resource record
372
373 =head1 SYNOPSIS
374
375 C<use Net::DNS::RR;>
376
377 =head1 DESCRIPTION
378
379 Class for DNS Address (NSEC3) resource records.
380
381 The NSEC3 Resource Record (RR) provides authenticated denial of
382 existence for DNS Resource Record Sets. The NSEC3 RR lists RR types
383 present at the NSEC3 RR's original ownername. It includes the next
384 hashed ownername in the hash order of the zone. The complete set of
385 NSEC3 RRs in a zone indicates which RRsets exist for the original
386 ownername of the RRset and form a chain of hashed ownernames in the
387 zone.
388
389
390
391 =head1 METHODS
392
393 =head2 ownername
394
395 Returns the hashed value of the original owner name as contained in the first
396 label of the ownername of the record.
397
398 The owner name for the NSEC3 RR is the base32 encoding of the hashed
399 owner name prepended as a single label to the name of the zone.
400
401 In other words the name(name) method returns the result of the
402 ownername() method prepended to the name of the containing zone.
403
404
405 =head2 optout
406
407 Reads and sets the opt-out attribute.
408
409
410 =head2 flags
411
412 Reads and sets the flag field.
413
414 =head2 hashalgo
415
416 Reads and sets the hashalgo (hash algorithm) attribute.
417
418 =head2 hnxtname
419
420 Reads and sets the hnxtname (hashed next ownername) attribute.
421
422 =head2 typelist (inhereted from NSEC)
423
424 print "typelist" = ", $rr->typelist, "\n";
425
426 Returns a string with the list of qtypes for which data exists for
427 this particular label.
428
429
430 =head2 typebm (inhereted from NSEC)
431
432 print "typebm" = " unpack("B*", $rr->typebm), "\n";
433
434 Same as the typelist but now in a representation bitmap as in
435 specified in the RFC. This is not the kind of method you will need
436 on daily basis.
437
438
439 =head2 covered, matched
440
441 print "covered" if $rr->covered{'example.foo'}
442
443 covered returns a nonzero value when the the domain name provided as argument
444 is covered as defined in the NSEC3 specification:
445
446
447 To cover: An NSEC3 RR is said to "cover" a name if the hash of the
448 name or "next closer" name falls between the owner name and the
449 next hashed owner name of the NSEC3. In other words, if it proves
450 the nonexistence of the name, either directly or by proving the
451 nonexistence of an ancestor of the name.
452
453
454
455
456 Similarly ismatched returns a nonzero value when the domainname in the argument
457 matches as defined in the NSEC3 specification:
458
459 To match: An NSEC3 RR is said to "match" a name if the owner name
460 of the NSEC3 RR is the same as the hashed owner name of that
461 name.
462
463
464
465 =head1 Functions
466
467 =head2 name2hash
468
469 Takes the hash identifyer (numeric), a fullyqualfied domain name, the
470 number of iterations and a binary salt to compute the hash value used
471 in the NSEC3 calculations.
472
473 $hashalg=Net::DNS::SEC->digtype("SHA1");
474 $salt=pack("H*","aabbccdd");
475 $iterations=12;
476 $name="*.x.w.example";
477
478 $hashedname= Net::DNS::RR::NSEC3::name2hash($hashalg,$name,$iterations,$salt);
479 print $hashedname;
480 results in:
481 92pqneegtaue7pjatc3l3qnk738c6v5m
482
483 Normally the salt and itterations would be fetched from an NSEC3PARAM record.
484
485
486
487 =head1 COPYRIGHT
488
489 Copyright (c) 2007, 2008 NLnet Labs. Author Olaf M. Kolkman <olaf@net-dns.org>
490
491 All Rights Reserved
492
493 Permission to use, copy, modify, and distribute this software and its
494 documentation for any purpose and without fee is hereby granted,
495 provided that the above copyright notice appear in all copies and that
496 both that copyright notice and this permission notice appear in
497 supporting documentation, and that the name of the author not be
498 used in advertising or publicity pertaining to distribution of the
499 software without specific, written prior permission.
500
501 THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
502 ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
503 AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
504 DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
505 AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
506 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
507
508 Based on, and contains, code by Copyright (c) 1997 Michael Fuhr.
509
510 Acknowledgements to Roy Arends who made a test version for this class
511 and whose code I've looked at before writing this module.
512
513 =head1 SEE ALSO
514
515 L<http://www.net-dns.org/>
516 L<http://www.iana.org/assignments/dnssec-nsec3-parameters>
517 L<Net::DNS::RR::NSEC3PARAM>,
518 L<perl(1)>, L<Net::DNS>, L<Net::DNS::Resolver>, L<Net::DNS::Packet>,
519 L<Net::DNS::Header>, L<Net::DNS::Question>, L<Net::DNS::RR>,
520 RFC4033, RFC4034, RFC4035, RFC5155
521
522 =cut
+242
-0
RR/NSEC3PARAM.pm less more
0 package Net::DNS::RR::NSEC3PARAM;
1
2 # $Id: NSEC3.pm 602 2006-07-24 14:23:15Z olaf $
3
4 use strict;
5 use vars qw(@ISA $VERSION);
6 use Carp;
7 use bytes;
8
9 use Net::DNS;
10 use Net::DNS::SEC;
11 use Net::DNS::Packet;
12 use Net::DNS::RR::NSEC;
13 use Data::Dumper;
14
15 use Carp qw(cluck);
16
17
18 # To be removed when finalized
19
20
21 @ISA = qw(Net::DNS::RR Net::DNS::RR::NSEC3);
22
23
24
25 $VERSION = do { my @r=(q$Revision: 510 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
26
27 sub new {
28 my ($class, $self, $data, $offset) = @_;
29
30
31 if ($self->{"rdlength"} > 0) {
32
33
34 # 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
35 # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
36 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
37 # | Hash Alg. | Flags Field | Iterations |
38 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
39 # | Salt Length | Salt /
40 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
41 #
42 # Hash Algorithm is a single octet.
43 #
44 # Flags Field is a single octet.
45 #
46 # Iterations is represented as a 16-bit integer, with the most
47 # significant bit first.
48 #
49 # Salt Length represents the length of the following Salt field in
50 # octets. If the value is zero, the Salt field is omitted.
51
52
53 my $offsettoflag=$offset+1;
54 my $offsettoits=$offset+2;
55 my $offesttosaltlength=$offset+4;
56 my $offsettosalt=$offset+5;
57
58 $self->{"hashalgo"}=unpack("C",substr($$data,$offset,1));
59 $self->{"flags"}=unpack("C",substr($$data,$offsettoflag,1));
60 $self->{"iterations"}= unpack("n",substr($$data,$offsettoits,2));
61 $self->{"saltlength"}=unpack("C",substr($$data,$offesttosaltlength,1));
62
63
64 $self->{"saltbin"}=substr($$data,$offsettosalt,$self->{"saltlength"});
65 $self->{"salt"}= unpack("H*",$self->{"saltbin"});
66
67 }
68
69
70
71 bless $self, $class;
72 return $self;
73 }
74
75
76
77
78 sub new_from_string {
79 my ($class, $self, $string) = @_;
80 bless $self, $class;
81
82 if ($string) {
83 $string =~ tr/()//d;
84 $string =~ s/;.*$//mg;
85 $string =~ s/\n//mg;
86
87 my ($hashalgo,$flags,$iterations,$salt)=
88 $string =~ /^\s*(\d+)\s+(\d+)\s+(\d+)\s+(\S*)\s*$/;
89
90
91 # This assumes that the digest type allocations follow the assignments as used for DS...
92 defined($self->{'hashalgo'}=Net::DNS::SEC->digtype($hashalgo)) ||
93 return undef;
94 defined($self->{'iterations'}=$iterations) || return undef;
95
96 defined($self->{'flags'}=$flags) || return undef;
97
98 defined($self->{"salt"}=$self->salt($salt)) || return undef;
99 $self->{"saltbin"}=pack("H*",$salt) || return undef;
100 $self->{saltlength}=length $self->{saltbin};
101
102
103 }
104 return $self;
105 }
106
107
108 sub rdatastr
109 {
110 my $self = shift;
111 my $rdatastr;
112 if (exists $self->{hashalgo})
113 {
114 $rdatastr .= $self->{hashalgo} ." ";
115 $rdatastr .= $self->{flags}." ";
116 $rdatastr .= $self->{iterations}. " ";
117 $rdatastr .= $self->salt()." \n";
118
119 }
120 else
121 {
122 $rdatastr = "; no data"
123 }
124 $rdatastr
125 }
126
127 sub rr_rdata {
128 my ($self, $packet, $offset) = @_;
129
130
131
132 my $rdata = "" ;
133
134 if (exists $self->{'hashalgo'}) {
135
136 $rdata = pack("C",$self->{'hashalgo'});
137 $rdata .= pack("C",$self->{'flags'});
138 $rdata .= pack("n",$self->{'iterations'});
139 unless( exists $self->{"saltbin"}) {
140 if ($self->{"salt"} eq "-"){
141 $self->{"saltbin"}="";
142 }else{
143 $self->{"saltbin"}=pack("H*",$self->{"salt"})
144
145 }
146 }
147 $rdata .= pack("C",length($self->{'saltbin'}));
148 $rdata .= $self->{'saltbin'};
149
150 }
151
152 return $rdata;
153 }
154
155
156
157
158
159 1;
160
161
162 =head1 NAME
163
164 Net::DNS::RR::NSEC3PARAM - DNS NSEC3PARAM resource record
165
166 =head1 SYNOPSIS
167
168 C<use Net::DNS::RR;>
169
170 =head1 DESCRIPTION
171
172 Class for DNS Address (NSEC3PARAM) resource records.
173
174
175 The NSEC3PARAM RR contains the NSEC3 parameters (hash algorithm,
176 flags, iterations and salt) needed to calculate hashed ownernames.
177 The presence of an NSEC3PARAM RR at a zone apex indicates that the
178 specified parameters may be used by authoritative servers to choose an
179 appropriate set of NSEC3 records for negative responses.
180
181
182
183 =head1 METHODS
184
185 =head2 hashalgo
186
187 Reads and sets the hashalgo (hash algorithm) attribute.
188
189 =head2 flags
190
191 Reads and sets the flag field. Check the IANA registry for valid values.
192 At the time of code release the only defined value was 0x00
193
194 =head2 iterations
195
196 Reads and sets the iterations field
197
198 =head2 salt
199
200 Reads and sets the salt value. Accepts and returns a string with a
201 number in hexadecimal notation.
202
203
204 =head1 COPYRIGHT
205
206 Copyright (c) 2007,2008 NLnet Labs. Author Olaf M. Kolkman <olaf@net-dns.org>
207
208 All Rights Reserved
209
210 Permission to use, copy, modify, and distribute this software and its
211 documentation for any purpose and without fee is hereby granted,
212 provided that the above copyright notice appear in all copies and that
213 both that copyright notice and this permission notice appear in
214 supporting documentation, and that the name of the author not be
215 used in advertising or publicity pertaining to distribution of the
216 software without specific, written prior permission.
217
218 THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
219 ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
220 AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
221 DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
222 AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
223 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
224
225
226 Based on, and contains, code by Copyright (c) 1997 Michael Fuhr.
227
228 Acknowledgements to Roy Arends who made a test version for this class
229 and whose code I've looked at before writing this module.
230
231 =head1 SEE ALSO
232
233 L<http://www.net-dns.org/>
234 L<http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-nsec3>
235 L<Net::DNS::RR::NSEC3>,
236
237 L<perl(1)>, L<Net::DNS>, L<Net::DNS::Resolver>, L<Net::DNS::Packet>,
238 L<Net::DNS::Header>, L<Net::DNS::Question>, L<Net::DNS::RR>,
239 RFC4033, RFC4034, RFC4035, RFC 5155
240
241 =cut
+37
-25
RR/RRSIG.pm less more
00 # perldoc RRSIG.pm for documentation.
11 # Specs: RFC 2535 section 4
2 # $Id: RRSIG.pm 527 2005-12-09 10:51:06Z olaf $
2 # $Id: RRSIG.pm 777 2008-12-30 17:18:54Z olaf $
33
44 package Net::DNS::RR::RRSIG;
55
88 use Net::DNS;
99 use Carp;
1010 use bytes;
11 use Data::Dumper;
1112
1213 use Crypt::OpenSSL::DSA;
1314 use Crypt::OpenSSL::RSA;
3233
3334 require Exporter;
3435
35 $VERSION = do { my @r=(q$Revision: 527 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
36 $VERSION = do { my @r=(q$Revision: 777 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
3637 @ISA = qw (
3738 Exporter
3839 Net::DNS::RR
8384 $self->{"keytag"}=unpack("n",substr($$data,$offsettokeytag,2));
8485 my($signame,$sigoffset) = Net::DNS::Packet::dn_expand
8586 ($data, $offsettosignm);
86 $self->{"signame"}=lc($signame)."."; #Add a trailing dot..dn_expand does not do that.
87 $self->{"signame"}=lc($signame);
8788 my($sigmaterial)=substr($$data,$sigoffset,
8889 ($self->{"rdlength"}-$sigoffset+$offset));
8990 $self->{"sigbin"}=$sigmaterial;
107108 $labels, $orgttl, $sigexpiration,
108109 $siginception, $keytag,$signame,$sig) =
109110 $string =~
110 /^\s*(\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(.*)/;
111 /^\s*(\S+)\s+(\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\S+)\s+(.*)/;
111112 croak (" Invallid RRSIG RR, check your fomat ") if !$keytag;
112113 $sig =~ s/\s*//g;
113114 $self->{"typecovered"}= $typecovered;
119120 $self->{"sigexpiration"}= $sigexpiration;
120121 $self->{"siginception"}= $siginception;
121122 $self->{"keytag"}= $keytag;
122 $self->{"signame"}= lc($signame);
123 $self->{"signame"}= lc(Net::DNS::stripdot($signame));
123124 $self->{"sig"}= $sig;
124125 $self->{"sigbin"}= decode_base64($sig);
125126 $self->{"vrfyerrstr"}="";
139140 $rdatastr .= " " . "$self->{sigexpiration}";
140141 $rdatastr .= " (\n\t\t\t" . "$self->{siginception}";
141142 $rdatastr .= " " . "$self->{keytag}";
142 $rdatastr .= " " . "$self->{signame}";
143 $rdatastr .= " " . "$self->{signame}.";
143144 # do some nice formatting
144145 my $sigstring=$self->{sig};
145146 $sigstring =~ s/\n//g;
173174 $rdata .= pack("n",$self->{"keytag"});
174175 # Since we will need canonical and expanded names while checking
175176 # we do not use the packet->dn_comp here but use RFC1035 p10.
176 { my @dname= split /\./,lc($self->{"signame"}); #/ emacs fontlock
177 { my @dname= split /\./,lc($self->{"signame"}."."); #/ emacs fontlock
177178 for (my $i=0;$i<@dname;$i++){
178179 $rdata .= pack ("C",length $dname[$i] );
179180 $rdata .= $dname[$i] ;
194195 $rdata=$self->rr_rdata_without_sigbin;
195196
196197 if ($self->{"sig"} ne "NOTYETCALCULATED") {
198 $self->{"sigbin"}= decode_base64($self->{"sig"}) unless defined $self->{"sigbin"} ;
197199 $rdata .= $self->{"sigbin"};
198200 }else{
199201 die "RRSIGs should not be used for SIG0 type signatures, use Net::DNS::RR::SIG";
228230 }
229231 $self->{"algorithm"}=Net::DNS::SEC->algorithm($Private->algorithm);
230232 $self->{"keytag"}=$Private->keytag;
231 $self->{"signame"}=$Private->signame;
232
233 $self->{"signame"}=Net::DNS::stripdot($Private->signame);
234
233235
234236 die "Argument is not a reference to an array, are you trying to create a SIG0 using RRSIG?" if ! ref ($datarrset);
235237
246248
247249
248250 if (defined ($args{ttl})){
249 print "\nSetting TTL to ". $args{"ttl"} if $debug;
251 print "Setting TTL to ". $args{"ttl"} . "\n" if $debug;
250252 $self->{"ttl"}= $args{"ttl"};
251253 }else{
252254 $self->{"ttl"}= $datarrset->[0]->ttl;
338340 # more ways to do things)
339341
340342 bless $self, $class;
341
343
342344 my $sigdata=$self->_CreateSigData($datarrset);
343
344
345
346345
347346 my $signature;
348347
349348 #
350349 # Enjoy the crypto
351 if ($self->algorithm == 1 || $self->algorithm == 5) { #RSA
352 if (! ($Private->algorithm == 1 || $Private->algorithm == 5 )) {
350 if ($self->algorithm == 1
351 || $self->algorithm == 5
352 || $self->algorithm == 7) { #RSA
353 if (! ($Private->algorithm == 1
354 || $Private->algorithm == 5
355 || $Private->algorithm == 7 )) {
353356 die "Private key mismatch, not RSAMD5 or RSASHA.";
354357
355358 }
373376
374377 print "\n SIGNED" if $debug ;
375378
376 }elsif ($self->algorithm == 3){ #DSA
379 }elsif ($self->algorithm == 3 || $self->algorithm == 6 ){ #DSA
377380 $self->{"private_key"}=$Private->privatekey;
378381 my $private_dsa=$Private->privatekey;
379382
577580 if ( $self->algorithm == 1 ){ #Verifying for RSA
578581 $verified=$self->_verifyRSA($sigdata,$signature,$keyrr,0) || return 0;
579582 }
580 elsif ( $self->algorithm == 3 ) # Verifying for DSA
583 elsif ( $self->algorithm == 3 || $self->algorithm == 6 ) # Verifying for DSA
581584 {
582585 $verified=$self->_verifyDSA($sigdata,$signature,$keyrr) || return 0;
583586 }
584 elsif ( $self->algorithm == 5 ) # Verifying for RSASHA1
587 elsif ( $self->algorithm == 5 || $self->algorithm == 7 ) # Verifying for RSASHA1
585588 {
586589 $verified=$self->_verifyRSA($sigdata,$signature,$keyrr,1) || return 0;
587590 }
857860 my $sigdata;
858861 # construction of message
859862
860
863 print "_CreatSigData\n" if $debug;
861864 my $rdatawithoutsig=$self->rr_rdata_without_sigbin;
862 print "\n\nstrip:\t\t", unpack("H*", $rdatawithoutsig) if $debug;
865 print "raw RRsig:\t", unpack("H*", $rdatawithoutsig) if $debug;
863866 $sigdata= $rdatawithoutsig;
864867
865868
942945 $self->orgttl . "\n" if
943946 ( $rawdata->[0]->{"ttl"}!=$self->orgttl );
944947 }
945 print "\nRDATA: \t" .$rawdata->[0]->_canonicalRdata ."\t" .
946 unpack("H*",$rawdata->[0]->_canonicalRdata) ."\n" if $debug;
948 print "\nRDATA:\t\t" .$rawdata->[0]->_canonicalRdata ."\n-----:\t\t" .
949 unpack("H*",$rawdata->[0]->_canonicalRdata) ."\n" if $debug;
947950
948951 $rawdata->[0]->{"ttl"}=$self->orgttl;
949952 $sigdata .= $rawdata->[0]->_canonicaldata;
10061009 sub siginceptation {
10071010 my $self=shift;
10081011 return $self->siginception(@_);
1012 }
1013
1014
1015
1016 sub _normalize_dnames {
1017 my $self=shift;
1018 $self->_normalize_ownername();
1019 $self->{'signame'}=lc(Net::DNS::stripdot($self->{'signame'})) if defined $self->{'signame'};
10091020 }
10101021
10111022
10961107 create method uses the filename as generated by dnssec-keygen to
10971108 determine the keyowner, algorithm and the keyid (keytag).
10981109
1099 - Only RSA signatures (algorithm 1) and DSA signatures (algorithm 3)
1100 have been implemented.
1110 - Only RSA signatures (algorithm 1,5 and 7) and DSA signatures
1111 (algorithm 3, and 6) have been implemented.
11011112
11021113
11031114
12181229 =head1 COPYRIGHT
12191230
12201231 Copyright (c) 2001 - 2005 RIPE NCC. Author Olaf M. Kolkman
1232 Copyright (c) 2007 - 2008 NLnet Labs. Author Olaf M. Kolkman
12211233 <olaf@net-dns.org>
12221234
12231235 All Rights Reserved
+5
-4
RR/SIG.pm less more
00 # perldoc SIG.pm for documentation.
11 # Specs: RFC 2535 section 4
2 # $Id: SIG.pm 555 2006-02-14 09:34:07Z olaf $
2 # $Id: SIG.pm 777 2008-12-30 17:18:54Z olaf $
33
44 package Net::DNS::RR::SIG;
55
3232
3333 require Exporter;
3434
35 $VERSION = do { my @r=(q$Revision: 555 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
35 $VERSION = do { my @r=(q$Revision: 777 $=~/\d+/g); sprintf "%d."."%03d"x$#r,@r };
3636 @ISA = qw (
3737 Exporter
3838 Net::DNS::RR
8181 $self->{"keytag"}=unpack("n",substr($$data,$offsettokeytag,2));
8282 my($signame,$sigoffset) = Net::DNS::Packet::dn_expand
8383 ($data, $offsettosignm);
84 $self->{"signame"}=lc($signame) ."."; #dn_expand forgets trailing dots.
84 $self->{"signame"}=lc($signame) ;
8585 my($sigmaterial)=substr($$data,$sigoffset,
8686 ($self->{"rdlength"}-$sigoffset+$offset));
8787 $self->{"sigbin"}=$sigmaterial;
117117 $self->{"sigexpiration"}= $sigexpiration;
118118 $self->{"siginception"}= $siginception;
119119 $self->{"keytag"}= $keytag;
120 $self->{"signame"}= lc($signame);
120 $self->{"signame"}= Net::DNS::stripdot(lc($signame));
121121 $self->{"sig"}= $sig;
122122 $self->{"sigbin"}= decode_base64($sig);
123123 $self->{"vrfyerrstr"}="";
191191 $rdata=$self->rr_rdata_without_sigbin;
192192
193193 if ($self->{"sig"} ne "NOTYETCALCULATED") {
194 $self->{"sigbin"}= decode_base64($self->{"sig"}) unless defined $self->{"sigbin"} ;
194195 $rdata .= $self->{"sigbin"};
195196 }else{
196197 #do sigzero calculation based on current packet content...
+66
-18
SEC.pm less more
00 #
1 # $Id: SEC.pm 559 2006-02-14 10:12:16Z olaf $
1 # $Id: SEC.pm 767 2008-12-24 10:02:25Z olaf $
22 #
33
44 use strict;
1111 use Carp;
1212 use strict;
1313 use Exporter;
14 use vars qw($VERSION @EXPORT_OK @ISA);
14 use vars qw($SVNVERSION $VERSION $HAS_NSEC3 $HAS_DLV @EXPORT_OK @ISA);
1515 @ISA=qw(Exporter);
16 $VERSION = '0.14';
16 $VERSION = '0.15';
17
18 $HAS_DLV=1; # Signals availability of DLV to Net::DNS::RR
19 $HAS_NSEC3=1; # Signals availability of NSEC3 to Net::DNS::RR
20
21
22 $SVNVERSION = (qw$LastChangedRevision: 767 $)[1];
23
1724
1825 @EXPORT_OK= qw (
1926 key_difference
3643 =head1 DESCRIPTION
3744
3845 The Net::DSN::SEC suite provides the resource records that are needed
39 for DNSSEC (RFC 4033, 4034 and 4035).
46 for DNSSEC (RFC 4033, 4034 and 4035). In addition the DLV RR, a clone
47 of the DS RR is supported (RFC 4431)
4048
4149 It also provides support for SIG0. That later is useful for dynamic
4250 updates using key-pairs.
4452 RSA and DSA crypto routines are supported.
4553
4654 For details see L<Net::DNS::RR::RRSIG>, L<Net::DNS::RR::DNSKEY>,
47 L<Net::DNS::RR::NSEC> and L<Net::DNS::RR:DS>. and see
48 L<Net::DNS::RR::SIG> and L<Net::DNS::RR::KEY> for the use with SIG0.
55 L<Net::DNS::RR::NSEC>, L<Net::DNS::RR:DS>, L<Net::DNS::RR::DLV>, and
56 see L<Net::DNS::RR::SIG> and L<Net::DNS::RR::KEY> for the use with
57 SIG0.
4958
5059 Net::DNS contains all needed hooks to load the Net::DNS::SEC
5160 extensions when they are available.
7180
7281
7382 =cut
83
7484
7585
7686 sub key_difference {
122132
123133 Can also be called as a class method to do Mnemonic to Value conversion.
124134
135 =head2 digtype
136
137 $value=$self->digtype("SHA1");
138 $value=$self->digtype(1);
139
140 $algorithm=$self->digtype();
141 $memonic=$self->digtype("mnemonic");
142
143
144 The algorithm method is used to set or read the value of the digest or
145 hash algorithm field in Net::DNS::RR::DS and Net::DNS::RR::NSEC3
146 objects.
147
148 If supplied with an argument it will set the digetstype/hash algorithm
149 accordingly, except when the argument equals the string "mnemonic" the
150 method will return the mnemonic of the digetstype/hash algorithm.
151
152 Can also be called as a class method to do Mnemonic to Value
153 conversion, note however that it will then use the "Delegation Signer
154 (DS) Resource Record (RR) Type Digest Algorithms" and not the "DNSSEC
155 NSEC3 Hash Algorithms" IANA registry. If you want to specifically get
156 access to the NSEC3 digest types then use a construct like:
157
158 bless $self, Net::DNS::RR::NSEC3;
159 $self->digtype("SHA1");
160
161
125162
126163
127164 =head1 COPYRIGHT
175212 $classmethod=1 unless ref ($self);
176213
177214 my %algbyname = (
178 "RSAMD5" => 1,
179 "DH" => 2, # Not implemented
180 "DSA" => 3,
181 "ECC" => 4, # Not implemented
182 "RSASHA1" => 5,
183 "INDIRECT" => 252, # Not implemented
184 "PRIVATEDNS" => 253, # Not implemented
185 "PRIVATEOID" => 254, # Not implemented
186 );
215 "RSAMD5" => 1,
216 "DH" => 2, # Not implemented
217 "DSA" => 3,
218 "ECC" => 4, # Not implemented
219 "RSASHA1" => 5,
220 "DSA-NSEC3-SHA1" => 6,
221 "RSA-NSEC3-SHA1" => 7,
222 "INDIRECT" => 252, # Not implemented
223 "PRIVATEDNS" => 253, # Not implemented
224 "PRIVATEOID" => 254, # Not implemented
225 );
187226 my %algbyval = reverse %algbyname;
188227
189228 # If the argument is undefined...
230269
231270
232271
233
234
235272 sub digtype {
273 _digtype(@_);
274 }
275
276 sub _digtype {
236277 my $self=shift;
237278 my $argument=shift;
238279 # classmethod is true if called as class method.
239280 my $classmethod=0;
240281 $classmethod=1 unless ref ($self);
241282
242 my %digestbyname = (
283 my %digestbyname= (
243284 "SHA1" => 1,
244285 "SHA256" => 2,
245286 );
287
288
289 if (! $classmethod && defined ($self->{'digestbyname'}) ){
290 %digestbyname= %{$self->{"digestbyname"}};
291 }
292
293
246294 my %digestbyval = reverse %digestbyname;
247295
248296 # If the argument is undefined...
+43
-20
t/00-load.t less more
00 #!/usr/bin/perl -sw
11 # Test script for loading parser and zonemodules
2 # $Id: 00-loader.t 454 2005-07-06 13:38:31Z olaf $
2 # $Id: 00-load.t 778 2008-12-30 17:19:35Z olaf $
33 #
44 # Called in a fashion simmilar to:
55 # /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i386-freebsd \
2323
2424 } # test 1
2525
26
27
2826 require_ok('Net::DNS::SEC');
2927
3028
31
3229 diag("\nThese tests were ran with:\n");
33 diag("Net::DNS::VERSION: ".$Net::DNS::VERSION);
34 diag("Net::DNS::SEC::VERSION: ".$Net::DNS::SEC::VERSION);
35 diag("Net::DNS::RR::RRSIG::VERSION: ".$Net::DNS::RR::RRSIG::VERSION);
36 diag("Net::DNS::RR::DNSKEY::VERSION: ".$Net::DNS::RR::DNSKEY::VERSION);
37 diag("Net::DNS::RR::NSEC::VERSION: ".$Net::DNS::RR::NSEC::VERSION);
38 diag("Net::DNS::RR::DS::VERSION: ".$Net::DNS::RR::DS::VERSION);
39
40 diag("Crypt::OpenSSL::DSA::VERSION: ".$Crypt::OpenSSL::DSA::VERSION);
41 diag("Crypt::OpenSSL::RSA::VERSION: ".$Crypt::OpenSSL::RSA::VERSION);
42 diag("Crypt::OpenSSL::Bignum::VERSION: ".$Crypt::OpenSSL::Bignum::VERSION);
43 diag("Net::DNS::SEC::Private::VERSION: ".$Net::DNS::SEC::Private::VERSION);
44 diag("File::Basename::VERSION: ".$File::Basename::VERSION);
45 diag("MIME::Base64::VERSION: ".$MIME::Base64::VERSION);
46 diag("Math::BigInt::VERSION: ".$Math::BigInt::VERSION);
47 diag("Time::Local::VERSION: ".$Time::Local::VERSION);
48 diag("Digest::SHA::VERSION: ".$Digest::SHA::VERSION);
30 diag("Net::DNS::VERSION: ".
31 $Net::DNS::VERSION);
32 diag("Net::DNS (SVN) Version "
33 .$Net::DNS::SVNVERSION);
34 diag("Net::DNS::SEC::VERSION: ".
35 $Net::DNS::SEC::VERSION);
36 diag("Net::DNS::SEC::SVNVERSION: ".
37 $Net::DNS::SEC::SVNVERSION);
38 diag("Net::DNS::RR::RRSIG::VERSION: ".
39 $Net::DNS::RR::RRSIG::VERSION);
40 diag("Net::DNS::RR::DNSKEY::VERSION: ".
41 $Net::DNS::RR::DNSKEY::VERSION);
42 diag("Net::DNS::RR::NSEC::VERSION: ".
43 $Net::DNS::RR::NSEC::VERSION);
44 diag("Net::DNS::RR::NSEC3::VERSION: ".
45 $Net::DNS::RR::NSEC3::VERSION);
46 diag("Net::DNS::RR::NSEC3PARAM::VERSION: ".
47 $Net::DNS::RR::NSEC3PARAM::VERSION);
48 diag("Net::DNS::RR::DS::VERSION: ".
49 $Net::DNS::RR::DS::VERSION);
50 diag("Net::DNS::RR::DLV::VERSION: ".
51 $Net::DNS::RR::DLV::VERSION);
52 diag("Crypt::OpenSSL::DSA::VERSION: ".
53 $Crypt::OpenSSL::DSA::VERSION);
54 diag("Crypt::OpenSSL::RSA::VERSION: ".
55 $Crypt::OpenSSL::RSA::VERSION);
56 diag("Crypt::OpenSSL::Bignum::VERSION: ".
57 $Crypt::OpenSSL::Bignum::VERSION);
58 diag("Net::DNS::SEC::Private::VERSION: ".
59 $Net::DNS::SEC::Private::VERSION);
60 diag("File::Basename::VERSION: ".
61 $File::Basename::VERSION);
62 diag("MIME::Base64::VERSION: ".
63 $MIME::Base64::VERSION);
64 diag("MIME::Base32::VERSION: ".
65 $MIME::Base32::VERSION);
66 diag("Math::BigInt::VERSION: ".
67 $Math::BigInt::VERSION);
68 diag("Time::Local::VERSION: ".
69 $Time::Local::VERSION);
70 diag("Digest::SHA::VERSION: ".
71 $Digest::SHA::VERSION);
4972
5073
5174
+71
-98
t/09-dnssec.t less more
00 #!/usr/bin/perl -sw
11 # Test script for dnssec functionalty
2 # $Id: 09-dnssec.t 555 2006-02-14 09:34:07Z olaf $
2 # $Id: 09-dnssec.t 717 2008-02-25 14:52:54Z olaf $
33 #
44 # Called in a fashion simmilar to:
55 # /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/lib/perl5/5.6.1/i386-freebsd \
328328
329329 # Cross check with a signature generated with bind tools.
330330
331
332 my $bindkey=Net::DNS::RR->new(" foo.example 3600 DNSKEY 256 3 5 (
333 AQMLaOdD3VKofLiblKFdjnJpVFPD1mbIxh2H
334 +JaHkblnFH5cKn/mHU21ODD4mubkPqrhpEWi
335 Omm5+rpj90YdeFilf05tncc+3vr3ttSKKpXz
336 nV1h+IuX4tUwnCd1xH8+FrvoSJLgFCR97VG7
337 wwKOIXjjttpnoj+eX8wnlR0u8DxXH8q7o2Un
338 o5T1htoz/RtjUdbkuTpn4a7XRt98GcBQ1YGd
339 iOk3c5sVSCqHeEpsHTSSa5DYcNbBD71d+ahc
340 jkKVJXyAGRNEjEvYRQ6XSQ84rH7okO3Pl18V
341 rBDEMw6mivD0970W/Y0T2nBORTDR7h9D/62+
342 SmqCxuW6ISPvhL8VgO9R64i9/vo3K95JIEQB
343 LH+dab2olsuM+O9rVkBaIe+qNT6hT0ScRR6E
344 eDdA0CH+zqATqGrENT6I4XES+tuVJKK6Cph5
345 L3uO5QeevoFgh3jJDKHawi/QA2P0mhtTNF1E
346 Q7XwlHZVefVxUmLjJ5r7UBKaa7xAg8W4RKCR
347 9w==
348 ) ; key id = 43787
349 ");
350
351
352 my $bindsig=Net::DNS::RR->new("foo.example 3600 RRSIG (
353 DNSKEY 5 2 3600 20320101000000
354 20050330103924 43787 foo.example.
355 BfAfvJtmvnhxMTo6frGc7bSNJS0M5D6zWBK3
356 WSoeYtDEyLhNDJSNL34lVlR8zkuKOLZ0b3mU
357 duscHd5f/AVb5mhVjmAGIIY4LWv9WIJlGBAG
358 mzlsYpx/fNWk8er55bSy5XRDB/46uIfTGVFs
359 4gjO39HgNOEH8IniuBvTvdK8/KhSZUlru1FP
360 Hzo2n+Jxv3weiVm1Q+bUBjJoX8GZ9sPeC83s
361 JHA8BhGwbvUIOCZUaFUwF5cREJUvyK32Uc+L
362 qIgJOWlCgkCOBDjLmnsKrIQ085ymJAIK2M8k
363 65e7+IrsysNZSBLoEeVaDZn0/AoYpoOnphCw
364 ibTt2ETYR4rgdO2Ffqzot9ZkSSnjZ5FwNmmS
365 rthYddYAofScUX/5rtHYeLPk1D6iTcQGmdeu
366 HY/7YgkrjaPRAwZ8SW9H4Ud78kFmVBLfIFRj
367 df7O4KRmQdufVpoFb7fOy1c/JtmnZp3kQZuw
368 vrAyfMJK5QXD1TM1CYFFeF2gyCRNzhv2sDQ= )
369
370
371
372 ");
373
374
375 my $binddataset=[$bindkey];
376
377 ok( $bindsig->verify($binddataset,$bindkey),
378 'RSA sig generated with bind verifies');
379
380
381
382
383 my $nsecrr=Net::DNS::RR->new("foo.example. 300 NSEC foo.example. SOA RRSIG NSEC DNSKEY");
331 my $bindkey1=Net::DNS::RR->new("
332 example.com. 3600 IN DNSKEY 257 3 5 (
333 AQPUiszMMAi36agx/V+7Tw95l8PYmoVjHWvOKxx/0iH8ZE3sdEqQncCe
334 Jg7IVQ+LNWSP9mT/B26eQb5WZ2IKFzNFQTMNi6um+yh3nytazwOwOx00
335 2VGnwpYwnUFV3bZ5BcgWC8wrUzVGgCVIvX+besZrIXMY60yriRqQqNGO
336 DnKo2T6zYewfCw4lYxRKYT6RqA0y8nJqyLRmeZ0nYP6uvDYjHEu7mqUf
337 XBzeZNMy3WgSCTbQoK/RaSR7adTgTe5t972c51Di7TCwxpDzCfAKuPPk
338 liBM9Z0x4gC0AZfO5Ma0p+dhf2k7wfl8m8xEOEMJITLooy88Nh+u2c9H
339 F1tw0naH ; key id = 40620
340 ");
341 my $bindkey2=Net::DNS::RR->new("
342 example.com. 3600 IN DNSKEY 256 3 5
343 AQPaoHW/nC0fj9HuCW3hACSGiP0AkPS3dQFXDlEUjv1orbtx06TMmVKG
344 K5K564OSd6UCf4ZQEu2CMPSAUFGHEZuANKYGwZh0k/HeoVNeom1L3Nt4
345 tVLiGMzrPQskzeK8sr1NKgqFmckQllMWd0ob8Ud6nqeQLHvXQgv1iHX3
346 dpBIPLYbRCzueqC5k09APl25PgJjjreyRXrxodvoiiaLHpdL5NtM2S9e
347 ok2zmuRpYQSF1LTNfWwY9CkgL017Z/Zv00SbcoTM/eTXPqijGtUhh6UX
348 1gX89ybeyjtfcGbmTcB+I79NykZWoddO8zyzBXzzfFwtsAuryjQ/HFa5
349 r4mrbhkJ ; key id = 6227
350 ");
351 my $bindsig=Net::DNS::RR->new("
352
353 example.com. 3600 RRSIG DNSKEY 5 2 3600 20380101000000 (
354 20080225134340 40620 example.com.
355 KXDsJ6gOFbGUA8cSwLIgnHQ2GwfpUJLWZK7/
356 MwF7+G2B5Ds7SQG1UWv0QuyNtWB0ubSn2ipw
357 4TclHDKjeYMFLD6I5Zuh4mW7n2QpPN79z57V
358 C4Hf23lcWLRSL37jtX2qOPqWnFjy1AoGYzmy
359 IksYcjPF5VPZyfQC0YprAQ35UKwAHfF9RMwi
360 7vdE0GzON1FkVCWN7uxYjnZT1jxs3EeSnR4+
361 6ckK9OBJVHYUnjmIgViq6IuPV08zrelvZHcC
362 WNFcjKKNpf3yx5YhyQBJBM6Fofl8Dk4zexsp
363 VVjGDLrDwg73dOGEe3E00DQ9zDc++PGVNRPm
364 r34ojumh85Ua0YVatw== )
365
366 ");
367
368
369
370 my $binddataset=[$bindkey1, $bindkey2];
371
372 ok( $bindsig->verify($binddataset,$bindkey1),
373 'RSA sig generated with bind verifies') || diag ($bindsig->vrfyerrstr);
374
375
376
377
378 my $nsecrr=Net::DNS::RR->new("example.com 300 NSEC itemA.with.caps.example.com. NS SOA TXT RRSIG NSEC DNSKEY
379 ");
384380
385381 ok ( $nsecrr, 'NSEC RR created from string');
386382
387 my $nsecsig=Net::DNS::RR->new("foo.example. 300 RRSIG (
388 NSEC 5 2 300 20320101000000
389 20050330103924 43787 foo.example.
390 CF3JXoyzhdi0hNj4gsEz+a8u8LedRrFtZpDc
391 gvwdsQLYD+UTFEE/zbomMBxdh1M5EsVAnead
392 5vTn1AeSvbBzy976FoAd6lDYEGgUvCEJUsng
393 UHiCvBX6Netnqo4d7Tnzi0wsCvtAIMYuYa/T
394 3FnLMaJepNKp+QctcO8RpjlLb+b8rNAxsNcv
395 SaBxwAhPDvqQfPGmMQr5+Ga1c/1QCCkDyMzX
396 sZ0YqzZgeU+9kkqent4hPBdI8vlsISpTZgmC
397 BmNniBpPwpAHSAqCM0EyKu9Jni2laYT7Xsu2
398 LpQ2NU6lYRfOVu/OG98IevFZZ90YHbvF84e8
399 rHWllbuFLTien++AQitKCM9wxSPIoOFXq3O4
400 pEV00Ja9UAQMvHtRiC5AronayV8fSRjooiJe
401 67eLFYSV6t3K1Qlx4nKuTbM+9TFevvgWKk6w
402 a6hHetCohec/7xTftU9R329Jm9fWQCrOLuYa
403 gOKAKiwn8AtOTKyJec0wC2/lqrlMcToYtIM= )
404
405
406
407 ");
408
409 my $nseckey=Net::DNS::RR->new("foo.example. 3600 DNSKEY 256 3 5 (
410 AQMLaOdD3VKofLiblKFdjnJpVFPD1mbIxh2H
411 +JaHkblnFH5cKn/mHU21ODD4mubkPqrhpEWi
412 Omm5+rpj90YdeFilf05tncc+3vr3ttSKKpXz
413 nV1h+IuX4tUwnCd1xH8+FrvoSJLgFCR97VG7
414 wwKOIXjjttpnoj+eX8wnlR0u8DxXH8q7o2Un
415 o5T1htoz/RtjUdbkuTpn4a7XRt98GcBQ1YGd
416 iOk3c5sVSCqHeEpsHTSSa5DYcNbBD71d+ahc
417 jkKVJXyAGRNEjEvYRQ6XSQ84rH7okO3Pl18V
418 rBDEMw6mivD0970W/Y0T2nBORTDR7h9D/62+
419 SmqCxuW6ISPvhL8VgO9R64i9/vo3K95JIEQB
420 LH+dab2olsuM+O9rVkBaIe+qNT6hT0ScRR6E
421 eDdA0CH+zqATqGrENT6I4XES+tuVJKK6Cph5
422 L3uO5QeevoFgh3jJDKHawi/QA2P0mhtTNF1E
423 Q7XwlHZVefVxUmLjJ5r7UBKaa7xAg8W4RKCR
424 9w==
425 ) ; key id = 43787
426
427
428 ");
383 my $nsecsig=Net::DNS::RR->new("
384
385 example.com. 300 RRSIG NSEC 5 2 300 20380101000000 (
386 20080225134340 6227 example.com.
387 TyfSavDAslOFzfiAQv29/KjGQBSyptVIHAl/
388 +BtV7YL7VBOBBxpYM0laQWfnvRPwqfqO0STD
389 u3KpIH95/ZeIPA/20xqR9IqgQNx3NvMmNK2g
390 R0qPK/tkKQpHsBGPgARXhQqUwT2HhhmwNOYb
391 ZwvnbaarFVq3RWerJUAxWHm3OABqZ1RYr6rL
392 JEIIwEuBs9zAmR0G03Ourg+vVzkIgOoiEcBy
393 ketBJr7FfFsRAYJ0HWOupSw16lxoUkSrEZ/f
394 NpSwOB7zdEuDeojcfK0JaanpWihA0hiiqq0D
395 7RKqrnkoTrPVN4lP7bIr4q52jEBlFVIrbIzL
396 UGtebocRBrvlmVB3+A== )
397
398
399
400 ");
401
429402
430403 my @nsecdata=($nsecrr);
431404
432 ok( $nsecsig->verify(\@nsecdata,$nseckey), "RRSIG over NSEC verifies");
433
405 ok( $nsecsig->verify(\@nsecdata,$bindkey2), "RRSIG over NSEC verifies") ||
406 diag ($nsecsig->vrfyerrstr);
434407 #
435408 # RSA keypair
436409 #
+59
-3
t/12-nsec++.t less more
00 #!/usr/bin/perl -sw
11 # Test script for dnssec functionalty
2 # $Id: 12-nsec++.t 296 2005-05-27 11:31:07Z olaf $
2 # $Id: 12-nsec++.t 778 2008-12-30 17:19:35Z olaf $
33 #
4 use Net::DNS::RR::RRSIG;
54
6 use Test::More tests=>10;
5
6
7 use Net::DNS::SEC;
8 use Test::More tests=>17;
9 use Data::Dumper;
10 use Net::DNS::RR::NSEC3 qw( name2hash );
11
12
713 use strict;
814
915 BEGIN {use_ok('Net::DNS'); } # test 1
6369
6470 $rr2->typebm(pack("H*",$newbitmap));
6571 is ($rr2->typelist,$newtypelist,"typelist appropritatly changed after invoking typelist method");
72
73
74 ########################
75
76
77 my $foo={};;
78
79
80
81 bless($foo,"Net::DNS::RR::NSEC3");
82 $foo->salt("aabbccdd");
83
84 # H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
85
86 is ("0p9mhaveqvm6t7vbl5lop2u3t2rp3tom",lc Net::DNS::RR::NSEC3::name2hash(1,"example.",12,$foo->saltbin),"name2hash over example");
87
88
89 # H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995
90 is ("b4um86eghhds6nea196smvmlo4ors995",lc Net::DNS::RR::NSEC3::name2hash(1,"x.w.example.",12,$foo->saltbin),"name2hash over example");
91
92 # H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh
93
94 is ("0va5bpr2ou0vk0lbqeeljri88laipsfh",lc Net::DNS::RR::NSEC3::name2hash(1,"c.x.w.example.",12,$foo->saltbin),"name2hash over example");
95
96
97 # H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m
98 is ("92pqneegtaue7pjatc3l3qnk738c6v5m",lc Net::DNS::RR::NSEC3::name2hash(1,"*.x.w.example.",12,$foo->saltbin),"name2hash over example");
99
100
101
102 my $nsec3param=Net::DNS::RR->new(
103 "alfa.example.com 86400 NSEC3PARAM 2 0 12 aabbccdd",
104 );
105 ok ($nsec3param, "NSEC3PARAM created");
106
107 undef $nsec3param;
108 $nsec3param=Net::DNS::RR->new(
109 "alfa.example.com 86400 NSEC3PARAM 2 0 12 aabbccfs",
110 );
111 ok (!$nsec3param, "NSEC3PARAM not created with corrupt hex data");
112
113
114
115 my $hashalg=Net::DNS::SEC->digtype("SHA1");
116 my $salt=pack("H*","aabbccdd");
117 my $iterations=12;
118 my $name="*.x.w.example";
119
120 my $hashedname= name2hash($hashalg,$name,$iterations,$salt);
121 is( $hashedname,"92pqneegtaue7pjatc3l3qnk738c6v5m","name2hash exports and works");
+33
-7
t/14-misc.t less more
99
1010 use Net::DNS;
1111
12 plan tests=>2;
12 plan tests=>4;
1313 my $nsec1=Net::DNS::RR->new(
1414 "example.com. 300 NSEC itemA.with.caps.example.com. NS SOA TXT RRSIG NSEC DNSKEY");
1515
1616
1717 my $nsec2=Net::DNS::RR->new(
1818 "itemA.with.caps.example.com. 300 NSEC itemb.without.caps.example.com. TXT RRSIG NSEC");
19
20
2119
2220
2321
6664 ) ; key id = 6227
6765 ');
6866
69 $nsec1->print;
70 $sig_nsec1->print;
71 $dnskey->print;
67
68 my $sig_nsec1_ldns=Net::DNS::RR->new("
69 example.com. 300 IN RRSIG NSEC RSASHA1 2 300 20380119031407 200703
70 09133715 6227 example.com. aXhXGPs5tiGFM4NFmgtsj7jW4p6A/hnY2JOwfD/gK1bFTIF/wHTRh
71 na7t1L3auWileX1OymoivDw+HzoRnpL+IStqv4/7P0mMHGwwuyjhpMry8FMf1p3La8IzMV8pmAYsEENb
72 3izYio3Hjrvvnw2uv2IWOgf1zPmndlmV0B5gOuSJEkyDFP8Z6Zshaou+oGjmDGwMNt0e6IW7yg2r92+9
73 NNJiGk3EcRnC0uzFVs/4/zlcoTjd4bnK4hQIGyPGOFiC6ATdfIZzVybrUL3tYA1enSh1lBqVh4KVuq9q
74 LkqaBzpNelbwXcSnd5ohLgC/thqMfuYjHnUT1sVEt5uQRL4XA==
75 ");
76
77
78 my $sig_nsec2_ldns=Net::DNS::RR->new("
79 itema.with.caps.example.com. 300 IN RRSIG NSEC RSASHA1 5 300 20380
80 119031407 20070309133715 6227 example.com. vvoRDdVtmRhnePyN9Fcm4+vUN7WR4VV6BP68o
81 oHwqmYcllKB6dW1blPupRlVknxhpdGuiSt9D6AhBRFxZNKYhC0mPECHhIXD7wdM/ubMw5ebvRX25DdNy
82 JmVeA1Dz2/mJDgId7reofns8AlFL0xgx5OytIQdiA8HVJqJqDOr3EQsnkhMZ575icJIuDwws7IHNDDZD
83 8QmEAw4RT/+b8bq3VkAKT6XHiFXBvpfMRHw/W3xOfJgYKckZAku2wSt8caWDooneIOUQxrEG5PR+jtHq
84 zVSxaZtgZ0t9ZR2BPDjgXg3F4kxDetFzqSfjg1fhs+dD9nIn6mGmvNOL71l8vauIA==
85 ");
86
7287
7388
7489 my $data=[$nsec1];
75 ok($sig_nsec1->verify($data, $dnskey),"Data validated") || diag $sig_nsec1->vrfyerrstr;
90 ok($sig_nsec1->verify($data, $dnskey),"Data did validate") || diag $sig_nsec1->vrfyerrstr;
7691
7792
7893 my $data2=[$nsec2];
7994 ok($sig_nsec2->verify($data2, $dnskey),"Data validated") || diag $sig_nsec2->vrfyerrstr;
8095
96 #diag "PERL VERSION $]";
97 #diag "TIME::Local VERSION $Time::Local::VERSION";
98 SKIP:{
99 skip "Time::Local seems to check on unix time use beyond 2032", 2 if $Time::Local::VERSION > 1.11;
100 ok(! $sig_nsec1_ldns->verify($data, $dnskey),"Data did not validate (now generated with 'broken signer')") || diag $sig_nsec1_ldns->vrfyerrstr;
101
102
103
104 $data2=[$nsec2];
105 ok($sig_nsec2_ldns->verify($data2, $dnskey),"Data validated") || diag $sig_nsec2_ldns->vrfyerrstr;
106 }
81107
82108
83109
+73
-0
t/15-ds.t less more
0 # $Id$ -*-perl-*-
1 #
2 #
3 # These are test that relate to DS RRs.
4 # Mainly used during implementation of the SHA256 algorithm
5
6
7 use Test::More;
8 use strict;
9
10 use Net::DNS;
11
12 plan tests=>3;
13
14
15 my $dnskeyrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DNSKEY 256 3 5 (
16 AQOeiiR0GOMYkDshWoSKz9Xz
17 fwJr1AYtsmx3TGkJaNXVbfi/
18 2pHm822aJ5iI9BMzNXxeYCmZ
19 DRD99WYwYqUSdjMmmAphXdvx
20 egXd/M5+X7OrzKBaMbCVdFLU
21 Uh6DhweJBjEVv5f2wwjM9Xzc
22 nOf+EPbtG9DMBmADjFDc2w/r
23 ljwvFw==
24 ) ; key id = 60485');
25
26 my $dsrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DS 60485 5 2 (
27 D4B7D520E7BB5F0F67674A0C
28 CEB1E3E0614B93C4F9E99B83
29 83F6A1E4469DA50A )');
30
31
32 $dsrr->print;
33 ok($dsrr->verify($dnskeyrr),"Validated the SHA256 DS");
34
35
36 my $newdsrr=create Net::DNS::RR::DS($dnskeyrr,
37 (
38 digtype => "SHA256"
39 )
40 );
41 ok($newdsrr->verify($dnskeyrr),"Validated the second SHA256 DS");
42
43
44 my $ds1 = Net::DNS::RR->new(
45 'algorithm' => 3,
46 'class' => 'IN',
47 'digest' => '1234567890ABCDEF',
48 'digtype' => 5,
49 'keytag' => 123,
50 'name' => 'test1dom1.se',
51 'ttl' => 43200,
52 'type' => 'DS',
53 'digestbin' => ''
54 );
55 #error only occurs when next line is commented
56
57
58 my $ds2 = Net::DNS::RR->new(
59 'algorithm' => 3,
60 'class' => 'IN',
61 'digest' => '1234567890ABCDEF',
62 'digtype' => 5,
63 'keytag' => 123,
64 'name' => 'test1dom1.se',
65 'ttl' => 43200,
66 'type' => 'DS',
67 );
68
69
70 is ($ds1->string,$ds2->string,"Digestbin calculation correct");
71
72
+44
-0
t/16-dlv.t less more
0 # $Id: 16-dlv.t 778 2008-12-30 17:19:35Z olaf $ -*-perl-*-
1 #
2 #
3 # These are test that relate to DLV RRs.
4 # Mainly used during implementation of the SHA256 algorithm
5
6
7 use Test::More;
8 use strict;
9
10 use Net::DNS;
11
12 plan tests=>2;
13
14
15 my $dnskeyrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DNSKEY 256 3 5 (
16 AQOeiiR0GOMYkDshWoSKz9Xz
17 fwJr1AYtsmx3TGkJaNXVbfi/
18 2pHm822aJ5iI9BMzNXxeYCmZ
19 DRD99WYwYqUSdjMmmAphXdvx
20 egXd/M5+X7OrzKBaMbCVdFLU
21 Uh6DhweJBjEVv5f2wwjM9Xzc
22 nOf+EPbtG9DMBmADjFDc2w/r
23 ljwvFw==
24 ) ; key id = 60485');
25
26 my $dsrr=Net::DNS::RR->new('dskey.example.com. 86400 IN DLV 60485 5 2 (
27 D4B7D520E7BB5F0F67674A0C
28 CEB1E3E0614B93C4F9E99B83
29 83F6A1E4469DA50A )');
30
31
32 $dsrr->print;
33 ok($dsrr->verify($dnskeyrr),"Validated the SHA256 DLV");
34
35
36 my $newdsrr=create Net::DNS::RR::DLV($dnskeyrr,
37 (
38 digtype => "SHA256"
39 )
40 );
41 ok($newdsrr->verify($dnskeyrr),"Validated the second SHA256 DLV");
42
43