1package dns 2 3import ( 4 "crypto" 5 "testing" 6 "time" 7) 8 9func TestSIG0(t *testing.T) { 10 if testing.Short() { 11 t.Skip("skipping test in short mode.") 12 } 13 m := new(Msg) 14 m.SetQuestion("example.org.", TypeSOA) 15 for _, alg := range []uint8{ECDSAP256SHA256, ECDSAP384SHA384, RSASHA1, RSASHA256, RSASHA512} { 16 algstr := AlgorithmToString[alg] 17 keyrr := new(KEY) 18 keyrr.Hdr.Name = algstr + "." 19 keyrr.Hdr.Rrtype = TypeKEY 20 keyrr.Hdr.Class = ClassINET 21 keyrr.Algorithm = alg 22 keysize := 1024 23 switch alg { 24 case ECDSAP256SHA256: 25 keysize = 256 26 case ECDSAP384SHA384: 27 keysize = 384 28 } 29 pk, err := keyrr.Generate(keysize) 30 if err != nil { 31 t.Errorf("failed to generate key for “%s”: %v", algstr, err) 32 continue 33 } 34 now := uint32(time.Now().Unix()) 35 sigrr := new(SIG) 36 sigrr.Hdr.Name = "." 37 sigrr.Hdr.Rrtype = TypeSIG 38 sigrr.Hdr.Class = ClassANY 39 sigrr.Algorithm = alg 40 sigrr.Expiration = now + 300 41 sigrr.Inception = now - 300 42 sigrr.KeyTag = keyrr.KeyTag() 43 sigrr.SignerName = keyrr.Hdr.Name 44 mb, err := sigrr.Sign(pk.(crypto.Signer), m) 45 if err != nil { 46 t.Errorf("failed to sign message using “%s”: %v", algstr, err) 47 continue 48 } 49 m := new(Msg) 50 if err := m.Unpack(mb); err != nil { 51 t.Errorf("failed to unpack message signed using “%s”: %v", algstr, err) 52 continue 53 } 54 if len(m.Extra) != 1 { 55 t.Errorf("missing SIG for message signed using “%s”", algstr) 56 continue 57 } 58 var sigrrwire *SIG 59 switch rr := m.Extra[0].(type) { 60 case *SIG: 61 sigrrwire = rr 62 default: 63 t.Errorf("expected SIG RR, instead: %v", rr) 64 continue 65 } 66 for _, rr := range []*SIG{sigrr, sigrrwire} { 67 id := "sigrr" 68 if rr == sigrrwire { 69 id = "sigrrwire" 70 } 71 if err := rr.Verify(keyrr, mb); err != nil { 72 t.Errorf("failed to verify “%s” signed SIG(%s): %v", algstr, id, err) 73 continue 74 } 75 } 76 mb[13]++ 77 if err := sigrr.Verify(keyrr, mb); err == nil { 78 t.Errorf("verify succeeded on an altered message using “%s”", algstr) 79 continue 80 } 81 sigrr.Expiration = 2 82 sigrr.Inception = 1 83 mb, _ = sigrr.Sign(pk.(crypto.Signer), m) 84 if err := sigrr.Verify(keyrr, mb); err == nil { 85 t.Errorf("verify succeeded on an expired message using “%s”", algstr) 86 continue 87 } 88 } 89} 90