dnsjava-users Mailing List for dnsjava (Page 4)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Jul 26, 2013, at 9:56 AM, Tekto <te...@ge...> wrote:

> Hi,
> 
> -- Description --
> 
> SIG0.signMessage in Version 2.1.5 is calculating a wrong signature. Sending
> following update-request to a server will produce a SERVFAIL:
> 
> 	SimpleResolver resolver = new SimpleResolver("somedns.example.invalid.");
> 	Name sig0zoneName = new Name("sig0.invalid.");
> 	Name sig0hostName = new Name("sometext.sig0.invalid.");
> 
> 	KeyFactory keyFactory = KeyFactory.getInstance("RSA");
> 	RSAPrivateKey privKey = getPrivateZoneCrtKey(keyFactory);
> 	RSAPublicKey pubKey = getPublicZoneKey(keyFactory);
> 
> 	KEYRecord keyRecord = new KEYRecord(sig0zoneName, DClass.IN, 0, Flags.HOST, Protocol.DNSSEC, Algorithm.RSASHA1, pubKey);		
> 	TXTRecord txtRecord = new TXTRecord(sig0hostName, DClass.IN, 0, "Hello World!");
> 	Update updateMessage = new Update(sig0zoneName);
> 	updateMessage.add(txtRecord);
> 
> 	SIG0.signMessage(updateMessage, keyRecord, privKey, null);
> 
> 
> -- How to reproduce --
> 
> Use SIG0.verifyMessage and try to verify updateMessage.toWire() which will
> throw a DNSSEC.DNSSECException.
> 
> 	SIG0.verifyMessage(updateMessage, updateMessage.toWire(), keyRecord, null);

I assume there's some missing code between the signMessage and verifyMessage?  Passing the same Message object to both signMessage and verifyMessage doesn't work, since some of the internal Message state needed to verify is only filled in when the Message is parsed from wire format; that is, something like:

SIG0.signMessage(updateMessage, keyRecord, privKey, null);
byte [] wire = msg.toWire();
Message msg = new Message(wire);
SIG0.verifyMessage(msg, msg.toWire(), keyRecord, null);

Without that, the code throws an ArrayIndexOutOfBoundsException, because it's badly handling the fact that the Message doesn't know where the start of the SIG0 record is (I've locally updated the code to throw a more useful NoSignatureException).

With code like that added, I'm seeing the failure, although I'm not sure why I'm not seeing the same failure in the existing SIG0 test code I have.

I'm going to try and adapt this sample code into a unit test, and commit the changes in the next few days.

Thanks!

Brian

2001	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec (2)
2002	Jan (5)	Feb (1)	Mar (7)	Apr (1)	May	Jun	Jul	Aug	Sep (5)	Oct (6)	Nov (4)	Dec
2003	Jan (2)	Feb (2)	Mar	Apr (5)	May (5)	Jun (1)	Jul	Aug (2)	Sep (1)	Oct (3)	Nov (2)	Dec
2004	Jan (1)	Feb (1)	Mar	Apr (3)	May	Jun	Jul	Aug	Sep	Oct (2)	Nov	Dec
2005	Jan	Feb (1)	Mar	Apr	May	Jun	Jul (6)	Aug (2)	Sep	Oct (3)	Nov (13)	Dec
2006	Jan (3)	Feb (3)	Mar (4)	Apr	May	Jun	Jul (2)	Aug	Sep (1)	Oct (6)	Nov	Dec
2007	Jan	Feb	Mar (2)	Apr (4)	May	Jun (3)	Jul (6)	Aug (2)	Sep	Oct	Nov (3)	Dec
2008	Jan (2)	Feb (2)	Mar	Apr	May	Jun	Jul (1)	Aug (9)	Sep (5)	Oct	Nov	Dec
2009	Jan	Feb (2)	Mar	Apr	May (13)	Jun (7)	Jul (2)	Aug (2)	Sep (2)	Oct (2)	Nov (3)	Dec (1)
2010	Jan	Feb	Mar (5)	Apr	May	Jun	Jul (7)	Aug	Sep (2)	Oct	Nov (12)	Dec (3)
2011	Jan	Feb	Mar (7)	Apr	May (8)	Jun (6)	Jul	Aug	Sep (11)	Oct (8)	Nov (3)	Dec (2)
2012	Jan (9)	Feb (3)	Mar (5)	Apr	May	Jun	Jul	Aug (9)	Sep	Oct	Nov	Dec
2013	Jan	Feb (3)	Mar (6)	Apr	May (8)	Jun	Jul (5)	Aug (1)	Sep	Oct	Nov	Dec (2)
2014	Jan	Feb	Mar	Apr	May (5)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2016	Jan	Feb	Mar	Apr	May	Jun (2)	Jul	Aug	Sep	Oct	Nov	Dec
2017	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug (3)	Sep (1)	Oct (1)	Nov (1)	Dec (2)
2018	Jan	Feb (3)	Mar (4)	Apr	May	Jun (2)	Jul (5)	Aug	Sep (4)	Oct (2)	Nov (1)	Dec (2)
2019	Jan (2)	Feb (4)	Mar (4)	Apr	May (8)	Jun (3)	Jul	Aug (1)	Sep (3)	Oct (1)	Nov	Dec (2)
2020	Jan (4)	Feb	Mar (2)	Apr (1)	May (6)	Jun (3)	Jul (2)	Aug (1)	Sep (3)	Oct	Nov (3)	Dec
2023	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov (2)	Dec
2024	Jan	Feb	Mar	Apr	May	Jun (1)	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar (1)	Apr	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

dnsjava-users Mailing List for dnsjava (Page 4)

dnsjava-users — The dnsjava mailing list