-
Notifications
You must be signed in to change notification settings - Fork 0
/
test_perl_netdns.pl
executable file
·44 lines (39 loc) · 2.38 KB
/
test_perl_netdns.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#!/usr/bin/env perl
use Digest::SHA; # SHA algorithm dependence
use Digest::GOST::CryptoPro; # GOST 34.11-94 hash dependence
use Net::DNS::RR::DS; # recent version Net::DNS >=1.0 needed
# $domain - string, the canonical domain name with trailing dot
# $flags - int, the flags of the DNSKEY (alway 257)
# $protocol - int, the protocol of the DNSKEY (always 3)
# $algorithm - int, the algorithm of the DNSKEY (8, 10, 12, 13 or 14)
# $publickey - string, the full publickey base64 encoded (care, no spaces allowed)
# $digest_alg - string, the hash algorithm for the DS digest (sha256, gost-crypto or sha384)
#
# return keytag and DS signature as a array
sub calc_ds($$$$$$) {
my ($domain, $flags, $protocol, $algorithm, $publickey, $digest_alg) = @_;
# create DNSKEY object
my $string = "$domain DNSKEY $flags $protocol $algorithm $publickey";
my $rr = Net::DNS::RR->new($string);
# create DS object from DNSKEY
my $dsrr = create Net::DNS::RR::DS($rr, digtype => $digest_alg);
return ($dsrr->keytag ,uc $dsrr->digest);
};
# Test with predefined test data
my %dnskey = (
'domain' => 'example.com.',
'flags' => '257',
'protocol' => 3,
'algorithm' => '13',
'key' => "6a81escFb5QysOzJopVCPslEyldHJxOlNIq3ol0xZPeLn6HBLwdRIaxz1aYpefJHPaj+seBti4j5gLWYetY3vA==",
);
my ($keytag, $digest) = ();
($keytag, $digest) = calc_ds($dnskey{'domain'}, $dnskey{'flags'}, $dnskey{'protocol'}, $dnskey{'algorithm'}, $dnskey{'key'}, 'SHA256');
print("TEST: example.com. IN DS 20545 13 2 E460EAB7D69ABDE51078BC27CE8377074CA94EE05F5A609E5593C5E25ACF2BF4\n");
print("CALC: $dnskey{'domain'} IN DS $keytag $dnskey{'algorithm'} 2 $digest\n\n");
($keytag, $digest) = calc_ds($dnskey{'domain'}, $dnskey{'flags'}, $dnskey{'protocol'}, $dnskey{'algorithm'}, $dnskey{'key'}, 'GOST');
print("TEST: example.com. IN DS 20545 13 3 9B8E8392B2C8203CEC672AE891329221678CE06E5FE861DB61688F0C1CA0B494\n");
print("CALC: $dnskey{'domain'} IN DS $keytag $dnskey{'algorithm'} 3 $digest\n\n");
($keytag, $digest) = calc_ds($dnskey{'domain'}, $dnskey{'flags'}, $dnskey{'protocol'}, $dnskey{'algorithm'}, $dnskey{'key'}, 'SHA384');
print("TEST: example.com. IN DS 20545 13 4 99436F3FB883CA4F077798C206037D97A34560245E57F1FFB10222B12AB8BD73755B1C41BFF6CF039E942CD3CB3950C1\n");
print("CALC: $dnskey{'domain'} IN DS $keytag $dnskey{'algorithm'} 4 $digest\n");