1package dns
2
3import (
4	"crypto"
5	"testing"
6	"time"
7)
8
9func TestSIG0(t *testing.T) {
10	if testing.Short() {
11		t.Skip("skipping test in short mode.")
12	}
13	m := new(Msg)
14	m.SetQuestion("example.org.", TypeSOA)
15	for _, alg := range []uint8{ECDSAP256SHA256, ECDSAP384SHA384, RSASHA1, RSASHA256, RSASHA512} {
16		algstr := AlgorithmToString[alg]
17		keyrr := new(KEY)
18		keyrr.Hdr.Name = algstr + "."
19		keyrr.Hdr.Rrtype = TypeKEY
20		keyrr.Hdr.Class = ClassINET
21		keyrr.Algorithm = alg
22		keysize := 1024
23		switch alg {
24		case ECDSAP256SHA256:
25			keysize = 256
26		case ECDSAP384SHA384:
27			keysize = 384
28		}
29		pk, err := keyrr.Generate(keysize)
30		if err != nil {
31			t.Errorf("failed to generate key for “%s”: %v", algstr, err)
32			continue
33		}
34		now := uint32(time.Now().Unix())
35		sigrr := new(SIG)
36		sigrr.Hdr.Name = "."
37		sigrr.Hdr.Rrtype = TypeSIG
38		sigrr.Hdr.Class = ClassANY
39		sigrr.Algorithm = alg
40		sigrr.Expiration = now + 300
41		sigrr.Inception = now - 300
42		sigrr.KeyTag = keyrr.KeyTag()
43		sigrr.SignerName = keyrr.Hdr.Name
44		mb, err := sigrr.Sign(pk.(crypto.Signer), m)
45		if err != nil {
46			t.Errorf("failed to sign message using “%s”: %v", algstr, err)
47			continue
48		}
49		m := new(Msg)
50		if err := m.Unpack(mb); err != nil {
51			t.Errorf("failed to unpack message signed using “%s”: %v", algstr, err)
52			continue
53		}
54		if len(m.Extra) != 1 {
55			t.Errorf("missing SIG for message signed using “%s”", algstr)
56			continue
57		}
58		var sigrrwire *SIG
59		switch rr := m.Extra[0].(type) {
60		case *SIG:
61			sigrrwire = rr
62		default:
63			t.Errorf("expected SIG RR, instead: %v", rr)
64			continue
65		}
66		for _, rr := range []*SIG{sigrr, sigrrwire} {
67			id := "sigrr"
68			if rr == sigrrwire {
69				id = "sigrrwire"
70			}
71			if err := rr.Verify(keyrr, mb); err != nil {
72				t.Errorf("failed to verify “%s” signed SIG(%s): %v", algstr, id, err)
73				continue
74			}
75		}
76		mb[13]++
77		if err := sigrr.Verify(keyrr, mb); err == nil {
78			t.Errorf("verify succeeded on an altered message using “%s”", algstr)
79			continue
80		}
81		sigrr.Expiration = 2
82		sigrr.Inception = 1
83		mb, _ = sigrr.Sign(pk.(crypto.Signer), m)
84		if err := sigrr.Verify(keyrr, mb); err == nil {
85			t.Errorf("verify succeeded on an expired message using “%s”", algstr)
86			continue
87		}
88	}
89}
90