From a85463e1d946686f38613ed6030196869e62bf0a Mon Sep 17 00:00:00 2001 From: Jack Bates Date: Wed, 17 Jul 2019 08:15:13 -0700 Subject: [PATCH] Run the Prettier code formatter > prettier --write $(git ls-files) --- .travis.yml | 2 +- README.md | 46 +- lib/anchors.js | 81 +- migrations/1_initial_migration.js | 2 +- migrations/2_deploy_contracts.js | 113 +-- test/TestAlgorithms.js | 33 +- test/TestDNSSEC.js | 1582 +++++++++++++++++++---------- test/TestDigests.js | 27 +- test/TestSHA1NSEC3Digest.js | 80 +- test/data/algorithms.js | 174 ++-- test/data/digests.js | 28 +- truffle.js | 20 +- 12 files changed, 1388 insertions(+), 800 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6fcb26e..6d32b8e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ dist: trusty language: node_js node_js: - - "8" + - '8' env: - TASK=test - TASK=lint diff --git a/README.md b/README.md index 40e2fed..c2cb3c0 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,28 @@ # DNSSEC Oracle -[![Build Status](https://travis-ci.org/ensdomains/dnssec-oracle.svg?branch=master)](https://travis-ci.org/ensdomains/dnssec-oracle) [![License](https://img.shields.io/badge/License-BSD--2--Clause-blue.svg)](LICENSE) +[![Build Status](https://travis-ci.org/ensdomains/dnssec-oracle.svg?branch=master)](https://travis-ci.org/ensdomains/dnssec-oracle) +[![License](https://img.shields.io/badge/License-BSD--2--Clause-blue.svg)](LICENSE) -This is an implementation of a DNSSEC oracle for Ethereum. With it, you can securely prove the contents of any DNSSEC-signed DNS record on the Ethereum blockchain, as long as it was signed using supported public key schemes and digests. Presently, the oracle only supports RSA and SHA-256; fortunately, over 3/4 of TLDs use this combination of algorithms. +This is an implementation of a DNSSEC oracle for Ethereum. With it, you +can securely prove the contents of any DNSSEC-signed DNS record on the +Ethereum blockchain, as long as it was signed using supported public key +schemes and digests. Presently, the oracle only supports RSA and +SHA-256; fortunately, over 3/4 of TLDs use this combination of +algorithms. -Once a record is proven to the oracle, any contract or external caller can fetch it with the `rrsets` constant function, allowing other contracts to read data from DNS. +Once a record is proven to the oracle, any contract or external caller +can fetch it with the `rrsets` constant function, allowing other +contracts to read data from DNS. ## Getting Started -These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. +These instructions will get you a copy of the project up and running on +your local machine for development and testing purposes. ### Installing -The DNSSEC Oracle uses npm to manage dependencies, therefore the installation process is kept simple: +The DNSSEC Oracle uses npm to manage dependencies, therefore the +installation process is kept simple: ``` npm install @@ -20,7 +30,8 @@ npm install ### Running tests -The DNSSEC Oracle uses truffle for its ethereum development environment. All tests can be run using truffle: +The DNSSEC Oracle uses truffle for its ethereum development environment. +All tests can be run using truffle: ``` truffle test @@ -52,24 +63,33 @@ import "dnssec-oracle/build/contracts/DNSSEC" var data = require("dnssec-oracle/build/contracts/DNSSEC.json") ``` -The JSON file is same as the one generated using `truffle compile`. You can pass the loaded data to `truffle-contract` or use it via web3 by passing `data.abi`. +The JSON file is same as the one generated using `truffle compile`. You +can pass the loaded data to `truffle-contract` or use it via web3 by +passing `data.abi`. ### Usage -A [command line utility](https://github.com/arachnid/dnsprove) is available that automates the task of generating the necessary proofs from DNS data and submitting them to the oracle. +A [command line utility](https://github.com/arachnid/dnsprove) is +available that automates the task of generating the necessary proofs +from DNS data and submitting them to the oracle. -The oracle is still in alpha, and does not yet have any official deployments on the main network or test networks. +The oracle is still in alpha, and does not yet have any official +deployments on the main network or test networks. ## Built With -* [Truffle](https://github.com/trufflesuite/truffle) - Ethereum development environment +- [Truffle](https://github.com/trufflesuite/truffle) - Ethereum + development environment ## Authors -* **Nick Johnson** - [Arachnid](https://github.com/Arachnid) +- **Nick Johnson** - [Arachnid](https://github.com/Arachnid) -See also the list of [contributors](https://github.com/ensdomains/dnssec-oracle/contributors) who participated in this project. +See also the list of +[contributors](https://github.com/ensdomains/dnssec-oracle/contributors) +who participated in this project. ## License -This project is licensed under the BSD 2-clause "Simplified" License - see the [LICENSE](LICENSE) file for details +This project is licensed under the BSD 2-clause "Simplified" License - +see the [LICENSE](LICENSE) file for details diff --git a/lib/anchors.js b/lib/anchors.js index 492fc35..819fd54 100644 --- a/lib/anchors.js +++ b/lib/anchors.js @@ -1,47 +1,58 @@ const packet = require('dns-packet'); exports.realEntries = [ - { - name: ".", - type: 'DS', - class: 'IN', - ttl: 3600, - data:{ - keyTag: 19036, - algorithm: 8, - digestType: 2, - digest: new Buffer("49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5", "hex") - } - }, - { - name: ".", - type: 'DS', - klass: 'IN', - ttl: 3600, - data:{ - keyTag: 20326, - algorithm: 8, - digestType: 2, - digest: new Buffer("E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D", "hex") - } - }, - ]; - + { + name: '.', + type: 'DS', + class: 'IN', + ttl: 3600, + data: { + keyTag: 19036, + algorithm: 8, + digestType: 2, + digest: new Buffer( + '49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5', + 'hex' + ) + } + }, + { + name: '.', + type: 'DS', + klass: 'IN', + ttl: 3600, + data: { + keyTag: 20326, + algorithm: 8, + digestType: 2, + digest: new Buffer( + 'E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D', + 'hex' + ) + } + } +]; + exports.dummyEntry = { - name: ".", + name: '.', type: 'DS', class: 'IN', ttl: 3600, - data:{ + data: { keyTag: 5647, // Empty body, flags == 0x0101, algorithm = 253, body = 0x1111 algorithm: 253, digestType: 253, - digest: new Buffer("", "hex") + digest: new Buffer('', 'hex') } -} +}; -exports.encode = (anchors) =>{ - return '0x' + anchors.map((anchor)=>{ - return packet.answer.encode(anchor).toString('hex') - }).join('') -} +exports.encode = anchors => { + return ( + '0x' + + anchors + .map(anchor => { + return packet.answer.encode(anchor).toString('hex'); + }) + .join('') + ); +}; diff --git a/migrations/1_initial_migration.js b/migrations/1_initial_migration.js index 4d5f3f9..e6f8ec3 100644 --- a/migrations/1_initial_migration.js +++ b/migrations/1_initial_migration.js @@ -1,4 +1,4 @@ -var Migrations = artifacts.require("./Migrations.sol"); +var Migrations = artifacts.require('./Migrations.sol'); module.exports = function(deployer) { deployer.deploy(Migrations); diff --git a/migrations/2_deploy_contracts.js b/migrations/2_deploy_contracts.js index 4b5c2ee..dba75ad 100644 --- a/migrations/2_deploy_contracts.js +++ b/migrations/2_deploy_contracts.js @@ -1,76 +1,75 @@ -const RSASHA1Algorithm = artifacts.require("./algorithms/RSASHA1Algorithm"); -const RSASHA256Algorithm = artifacts.require("./algorithms/RSASHA256Algorithm"); -const SHA1Digest = artifacts.require("./digests/SHA1Digest"); -const SHA256Digest = artifacts.require("./digests/SHA256Digest"); -const SHA1NSEC3Digest = artifacts.require("./nsec3digests/SHA1NSEC3Digest"); -const DNSSEC = artifacts.require("./DNSSECImpl"); -const DummyAlgorithm = artifacts.require("./algorithms/DummyAlgorithm"); -const DummyDigest = artifacts.require("./digests/DummyDigest"); -const P256SHA256Algorithm = artifacts.require("P256SHA256Algorithm.sol"); -const EllipticCurve = artifacts.require("EllipticCurve.sol"); - -const dnsAnchors = require("../lib/anchors.js"); +const RSASHA1Algorithm = artifacts.require('./algorithms/RSASHA1Algorithm'); +const RSASHA256Algorithm = artifacts.require('./algorithms/RSASHA256Algorithm'); +const SHA1Digest = artifacts.require('./digests/SHA1Digest'); +const SHA256Digest = artifacts.require('./digests/SHA256Digest'); +const SHA1NSEC3Digest = artifacts.require('./nsec3digests/SHA1NSEC3Digest'); +const DNSSEC = artifacts.require('./DNSSECImpl'); +const DummyAlgorithm = artifacts.require('./algorithms/DummyAlgorithm'); +const DummyDigest = artifacts.require('./digests/DummyDigest'); +const P256SHA256Algorithm = artifacts.require('P256SHA256Algorithm.sol'); +const EllipticCurve = artifacts.require('EllipticCurve.sol'); + +const dnsAnchors = require('../lib/anchors.js'); module.exports = function(deployer, network) { - return deployer.then(async () => { - let dev = (network == "test" || network == "local"); - // From http://data.iana.org/root-anchors/root-anchors.xml - let anchors = dnsAnchors.realEntries; + return deployer.then(async () => { + let dev = network == 'test' || network == 'local'; + // From http://data.iana.org/root-anchors/root-anchors.xml + let anchors = dnsAnchors.realEntries; - if (dev) { - anchors.push(dnsAnchors.dummyEntry); - } - await deployer.deploy(DNSSEC, dnsAnchors.encode(anchors)); + if (dev) { + anchors.push(dnsAnchors.dummyEntry); + } + await deployer.deploy(DNSSEC, dnsAnchors.encode(anchors)); - await deployer.deploy(RSASHA256Algorithm); - await deployer.deploy(RSASHA1Algorithm); - await deployer.deploy(SHA256Digest); - await deployer.deploy(SHA1Digest); - await deployer.deploy(SHA1NSEC3Digest); + await deployer.deploy(RSASHA256Algorithm); + await deployer.deploy(RSASHA1Algorithm); + await deployer.deploy(SHA256Digest); + await deployer.deploy(SHA1Digest); + await deployer.deploy(SHA1NSEC3Digest); - await deployer.deploy(EllipticCurve); + await deployer.deploy(EllipticCurve); - let curve = await EllipticCurve.deployed() - await deployer.deploy(P256SHA256Algorithm, curve.address) + let curve = await EllipticCurve.deployed(); + await deployer.deploy(P256SHA256Algorithm, curve.address); + if (dev) { + await deployer.deploy(DummyAlgorithm); + await deployer.deploy(DummyDigest); + } - if (dev) { - await deployer.deploy(DummyAlgorithm) - await deployer.deploy(DummyDigest) - } + let tasks = []; - let tasks = []; + const dnssec = await DNSSEC.deployed(); - const dnssec = await DNSSEC.deployed(); + const rsasha1 = await RSASHA1Algorithm.deployed(); + tasks.push(dnssec.setAlgorithm(5, rsasha1.address)); + tasks.push(dnssec.setAlgorithm(7, rsasha1.address)); - const rsasha1 = await RSASHA1Algorithm.deployed(); - tasks.push(dnssec.setAlgorithm(5, rsasha1.address)); - tasks.push(dnssec.setAlgorithm(7, rsasha1.address)); + const rsasha256 = await RSASHA256Algorithm.deployed(); + tasks.push(dnssec.setAlgorithm(8, rsasha256.address)); - const rsasha256 = await RSASHA256Algorithm.deployed(); - tasks.push(dnssec.setAlgorithm(8, rsasha256.address)); + const sha1 = await SHA1Digest.deployed(); + tasks.push(dnssec.setDigest(1, sha1.address)); - const sha1 = await SHA1Digest.deployed(); - tasks.push(dnssec.setDigest(1, sha1.address)); + const sha256 = await SHA256Digest.deployed(); + tasks.push(dnssec.setDigest(2, sha256.address)); - const sha256 = await SHA256Digest.deployed(); - tasks.push(dnssec.setDigest(2, sha256.address)); + const nsec3sha1 = await SHA1NSEC3Digest.deployed(); + tasks.push(dnssec.setNSEC3Digest(1, nsec3sha1.address)); - const nsec3sha1 = await SHA1NSEC3Digest.deployed(); - tasks.push(dnssec.setNSEC3Digest(1, nsec3sha1.address)); + const p256 = await P256SHA256Algorithm.deployed(); + tasks.push(dnssec.setAlgorithm(13, p256.address)); - const p256 = await P256SHA256Algorithm.deployed(); - tasks.push(dnssec.setAlgorithm(13, p256.address)); + if (dev) { + const dummyalgorithm = await DummyAlgorithm.deployed(); + tasks.push(dnssec.setAlgorithm(253, dummyalgorithm.address)); + tasks.push(dnssec.setAlgorithm(254, dummyalgorithm.address)); - if (dev) { - const dummyalgorithm = await DummyAlgorithm.deployed(); - tasks.push(dnssec.setAlgorithm(253, dummyalgorithm.address)); - tasks.push(dnssec.setAlgorithm(254, dummyalgorithm.address)); + const dummydigest = await DummyDigest.deployed(); + tasks.push(dnssec.setDigest(253, dummydigest.address)); + } - const dummydigest = await DummyDigest.deployed(); - tasks.push(dnssec.setDigest(253, dummydigest.address)); - } - - await Promise.all(tasks) - }); + await Promise.all(tasks); + }); }; diff --git a/test/TestAlgorithms.js b/test/TestAlgorithms.js index fc7a200..cc9620a 100644 --- a/test/TestAlgorithms.js +++ b/test/TestAlgorithms.js @@ -1,21 +1,26 @@ -const algorithms = require("./data/algorithms"); +const algorithms = require('./data/algorithms'); -algorithms.forEach(function ([algo, vector]) { - contract(algo, function (accounts) { +algorithms.forEach(function([algo, vector]) { + contract(algo, function(accounts) { + const algorithm = artifacts.require('./algorithms/' + algo + '.sol'); - const algorithm = artifacts.require("./algorithms/" + algo + ".sol"); + it('should return true for valid signatures', async function() { + var instance = await algorithm.deployed(); - it('should return true for valid signatures', async function() { - var instance = await algorithm.deployed(); - - assert.equal(await instance.verify(vector[0], vector[1], vector[2]), true); - }); + assert.equal( + await instance.verify(vector[0], vector[1], vector[2]), + true + ); + }); - it('should return false for invalid signatures', async function() { - var instance = await algorithm.deployed(); + it('should return false for invalid signatures', async function() { + var instance = await algorithm.deployed(); - vector[1] = vector[1] + "00"; - assert.equal(await instance.verify(vector[0], vector[1], vector[2]), false); - }); + vector[1] = vector[1] + '00'; + assert.equal( + await instance.verify(vector[0], vector[1], vector[2]), + false + ); }); + }); }); diff --git a/test/TestDNSSEC.js b/test/TestDNSSEC.js index 6c59962..b5aef13 100644 --- a/test/TestDNSSEC.js +++ b/test/TestDNSSEC.js @@ -1,10 +1,10 @@ var base32hex = require('rfc4648').base32hex; -const anchors = require("../lib/anchors.js"); +const anchors = require('../lib/anchors.js'); const packet = require('dns-packet'); const types = require('dns-packet/types'); -var dnssec = artifacts.require("./DNSSECImpl"); -const Result = require('@ensdomains/dnsprovejs/dist/dns/result') +var dnssec = artifacts.require('./DNSSECImpl'); +const Result = require('@ensdomains/dnsprovejs/dist/dns/result'); const util = require('util'); web3.currentProvider.send = util.promisify(web3.currentProvider.send); @@ -15,608 +15,1116 @@ const test_rrsets = [ // . 55430 IN DNSKEY 256 3 8 AwEAAcH+axCdUOsTc9o+jmyVq5rsGTh1EcatSumPqEfsPBT+whyj0/UhD7cWeixV9Wqzj/cnqs8iWELqhdzGX41ZtaNQUfWNfOriASnWmX2D9m/EunplHu8nMSlDnDcT7+llE9tjk5HI1Sr7d9N16ZTIrbVALf65VB2ABbBG39dyAb7tz21PICJbSp2cd77UF7NFqEVkqohl/LkDw+7Apalmp0qAQT1Mgwi2cVxZMKUiciA6EqS+KNajf0A6olO2oEhZnGGY6b1LTg34/YfHdiIIZQqAfqbieruCGHRiSscC2ZE7iNreL/76f4JyIEUNkt6bQA29JsegxorLzQkpF7NKqZc= // . 55430 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= // . 55430 IN DNSKEY 385 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= - [web3.utils.toHex("."), "0x003008000002a3005ca2a6005c86f6804f660000003000010002a30001080100030803010001c1fe6b109d50eb1373da3e8e6c95ab9aec19387511c6ad4ae98fa847ec3c14fec21ca3d3f5210fb7167a2c55f56ab38ff727aacf225842ea85dcc65f8d59b5a35051f58d7ceae20129d6997d83f66fc4ba7a651eef273129439c3713efe96513db639391c8d52afb77d375e994c8adb5402dfeb9541d8005b046dfd77201beedcf6d4f20225b4a9d9c77bed417b345a84564aa8865fcb903c3eec0a5a966a74a80413d4c8308b6715c5930a52272203a12a4be28d6a37f403aa253b6a048599c6198e9bd4b4e0df8fd87c7762208650a807ea6e27abb821874624ac702d9913b88dade2ffefa7f827220450d92de9b400dbd26c7a0c68acbcd092917b34aa99700003000010002a30001080101030803010001acffb409bcc939f831f7a1e5ec88f7a59255ec53040be432027390a4ce896d6f9086f3c5e177fbfe118163aaec7af1462c47945944c4e2c026be5e98bbcded25978272e1e3e079c5094d573f0e83c92f02b32d3513b1550b826929c80dd0f92cac966d17769fd5867b647c3f38029abdc48152eb8f207159ecc5d232c7c1537c79f4b7ac28ff11682f21681bf6d6aba555032bf6f9f036beb2aaa5b3778d6eebfba6bf9ea191be4ab0caea759e2f773a1f9029c73ecb8d5735b9321db085f1b8e2d8038fe2941992548cee0d67dd4547e11dd63af9c9fc1c5466fb684cf009d7197c2cf79e792ab501e6a8a1ca519af2cb9b5f6367e94c0d47502451357be1b500003000010002a30001080181030803010001a80020a95566ba42e886bb804cda84e47ef56dbd7aec612615552cec906d2116d0ef207028c51554144dfeafe7c7cb8f005dd18234133ac0710a81182ce1fd14ad2283bc83435f9df2f6313251931a176df0da51e54f42e604860dfb359580250f559cc543c4ffd51cbe3de8cfd06719237f9fc47ee729da06835fa452e825e9a18ebc2ecbcf563474652c33cf56a9033bcdf5d973121797ec8089041b6e03a1b72d0a735b984e03687309332324f27c2dba85e9db15e83a0143382e974b0621c18e625ecec907577d9e7bade95241a81ebbe8a901d4d3276e40b114c0a2e6fc38d19c2e6aab02644b2813f575fc21601e0dee49cd9ee96a43103e524d62873d", "0x03bea767c595b03fa92c028987dba32b1c510d67c97fc4b16b23a4ab71aaf535f8052b6940cd5efcab97f1a9b816b55108642f2e586260536a9be3ed7af1862403b495314b4a222e6af9279644a22371cc92b303a9257e6252103e4d42ef6d2484da56cbbd168e336f92ae2c054d464e454f78590cde0408e77a421d6f95a1b08f5d9cfbd09f8f9d23aaed29a3af05e053c13d8925e4237c9f84622ea76739e127fdc34070d74a29bf15cc4fed402e0598d539d5d7f8118b1214669d4af3a891f15797f4aff8513a846b96d8bb1f9a788710dbfe10ab2a3739c6f646b6d4bc3373536941e1bd6bfe81eab1de82d1288699da3403c478e1d8ca30755a0ff2662e"], + [ + web3.utils.toHex('.'), + '0x003008000002a3005ca2a6005c86f6804f660000003000010002a30001080100030803010001c1fe6b109d50eb1373da3e8e6c95ab9aec19387511c6ad4ae98fa847ec3c14fec21ca3d3f5210fb7167a2c55f56ab38ff727aacf225842ea85dcc65f8d59b5a35051f58d7ceae20129d6997d83f66fc4ba7a651eef273129439c3713efe96513db639391c8d52afb77d375e994c8adb5402dfeb9541d8005b046dfd77201beedcf6d4f20225b4a9d9c77bed417b345a84564aa8865fcb903c3eec0a5a966a74a80413d4c8308b6715c5930a52272203a12a4be28d6a37f403aa253b6a048599c6198e9bd4b4e0df8fd87c7762208650a807ea6e27abb821874624ac702d9913b88dade2ffefa7f827220450d92de9b400dbd26c7a0c68acbcd092917b34aa99700003000010002a30001080101030803010001acffb409bcc939f831f7a1e5ec88f7a59255ec53040be432027390a4ce896d6f9086f3c5e177fbfe118163aaec7af1462c47945944c4e2c026be5e98bbcded25978272e1e3e079c5094d573f0e83c92f02b32d3513b1550b826929c80dd0f92cac966d17769fd5867b647c3f38029abdc48152eb8f207159ecc5d232c7c1537c79f4b7ac28ff11682f21681bf6d6aba555032bf6f9f036beb2aaa5b3778d6eebfba6bf9ea191be4ab0caea759e2f773a1f9029c73ecb8d5735b9321db085f1b8e2d8038fe2941992548cee0d67dd4547e11dd63af9c9fc1c5466fb684cf009d7197c2cf79e792ab501e6a8a1ca519af2cb9b5f6367e94c0d47502451357be1b500003000010002a30001080181030803010001a80020a95566ba42e886bb804cda84e47ef56dbd7aec612615552cec906d2116d0ef207028c51554144dfeafe7c7cb8f005dd18234133ac0710a81182ce1fd14ad2283bc83435f9df2f6313251931a176df0da51e54f42e604860dfb359580250f559cc543c4ffd51cbe3de8cfd06719237f9fc47ee729da06835fa452e825e9a18ebc2ecbcf563474652c33cf56a9033bcdf5d973121797ec8089041b6e03a1b72d0a735b984e03687309332324f27c2dba85e9db15e83a0143382e974b0621c18e625ecec907577d9e7bade95241a81ebbe8a901d4d3276e40b114c0a2e6fc38d19c2e6aab02644b2813f575fc21601e0dee49cd9ee96a43103e524d62873d', + '0x03bea767c595b03fa92c028987dba32b1c510d67c97fc4b16b23a4ab71aaf535f8052b6940cd5efcab97f1a9b816b55108642f2e586260536a9be3ed7af1862403b495314b4a222e6af9279644a22371cc92b303a9257e6252103e4d42ef6d2484da56cbbd168e336f92ae2c054d464e454f78590cde0408e77a421d6f95a1b08f5d9cfbd09f8f9d23aaed29a3af05e053c13d8925e4237c9f84622ea76739e127fdc34070d74a29bf15cc4fed402e0598d539d5d7f8118b1214669d4af3a891f15797f4aff8513a846b96d8bb1f9a788710dbfe10ab2a3739c6f646b6d4bc3373536941e1bd6bfe81eab1de82d1288699da3403c478e1d8ca30755a0ff2662e' + ], // xyz. 75722 IN RRSIG DS 8 1 86400 20190326170000 20190313160000 16749 . b8+qL5kCQQ1cXJ3WtMffVlB9DhDYjcaJLq3YMU7JKfBUO9NDiSPWx2ugrWsXdgzr+ZCmnYJ3kcFK0kqhq/hklCKai16f+XxRlw/TLRG1O1pgBt5zyb3eklEwqqJkeq2sx4n74i5zPArNsIOdkDtqreBza2cWAEyBrfCgyVmoMIjqXgM7Nc7hEGueHJ/qxCcDKGB5hzuvzgl1Nhj8FpuLOEC0SsrEULrOytTVwas/H3aoQtdWoAiKnU1Dr0VtdxtdMl1kZcZZQmLvJHlsZC8YaF8ur+d+N7SP6MMTNyWv1II0OMrznnkbYC+h/p+3l1oZjWW0CPD4KaTmoXhYxiFt4w== // xyz. 75722 IN DS 3599 8 1 3FA3B264F45DB5F38BEDEAF1A88B76AA318C2C7F // xyz. 75722 IN DS 3599 8 2 B9733869BC84C86BB59D102BA5DA6B27B2088552332A39DCD54BC4E8D66B0499 - [web3.utils.toHex("xyz."), "0x002b0801000151805c9a5a905c892900416d000378797a00002b00010001518000180e0f08013fa3b264f45db5f38bedeaf1a88b76aa318c2c7f0378797a00002b00010001518000240e0f0802b9733869bc84c86bb59d102ba5da6b27b2088552332a39dcd54bc4e8d66b0499", "0x6fcfaa2f9902410d5c5c9dd6b4c7df56507d0e10d88dc6892eadd8314ec929f0543bd3438923d6c76ba0ad6b17760cebf990a69d827791c14ad24aa1abf86494229a8b5e9ff97c51970fd32d11b53b5a6006de73c9bdde925130aaa2647aadacc789fbe22e733c0acdb0839d903b6aade0736b6716004c81adf0a0c959a83088ea5e033b35cee1106b9e1c9feac42703286079873bafce09753618fc169b8b3840b44acac450bacecad4d5c1ab3f1f76a842d756a0088a9d4d43af456d771b5d325d6465c6594262ef24796c642f18685f2eafe77e37b48fe8c3133725afd4823438caf39e791b602fa1fe9fb7975a198d65b408f0f829a4e6a17858c6216de3"], + [ + web3.utils.toHex('xyz.'), + '0x002b0801000151805c9a5a905c892900416d000378797a00002b00010001518000180e0f08013fa3b264f45db5f38bedeaf1a88b76aa318c2c7f0378797a00002b00010001518000240e0f0802b9733869bc84c86bb59d102ba5da6b27b2088552332a39dcd54bc4e8d66b0499', + '0x6fcfaa2f9902410d5c5c9dd6b4c7df56507d0e10d88dc6892eadd8314ec929f0543bd3438923d6c76ba0ad6b17760cebf990a69d827791c14ad24aa1abf86494229a8b5e9ff97c51970fd32d11b53b5a6006de73c9bdde925130aaa2647aadacc789fbe22e733c0acdb0839d903b6aade0736b6716004c81adf0a0c959a83088ea5e033b35cee1106b9e1c9feac42703286079873bafce09753618fc169b8b3840b44acac450bacecad4d5c1ab3f1f76a842d756a0088a9d4d43af456d771b5d325d6465c6594262ef24796c642f18685f2eafe77e37b48fe8c3133725afd4823438caf39e791b602fa1fe9fb7975a198d65b408f0f829a4e6a17858c6216de3' + ], // xyz. 3599 IN RRSIG DNSKEY 8 1 3600 20190410030245 20190310213458 3599 xyz. IDV9fvByi5DC37UAe7gYuxJDjo6nAoz58e4EmeCFsX1RjjLjmOR2juGv80AY5rDRZq1F8hCGcCL0JpgCm3m/I/r6CkqRhFMRDCQmjv3X4otEGeIDPSyiTDA9wkiH01IqtozMrff/Px2jwnRojP7xqIF79ySX1mjHTAX0LsdoJiUNA7WYlyT6F3QrrlghgyHR01RcozY4/bGKGL5Ko7FW3Aul1NOhFHBTIkaCCWbKJrXCNg0fkRPfFS8IUxxmDghf8SvCe8E9CjE9K283gUy/SVaqe4uwcph71Uer0fDTdqPHdEQ1SNZwXC3wd+hwTbkAra/an3My9twMW5Gzcc1kYA== // xyz. 3599 IN DNSKEY 257 3 8 AwEAAbYRTzkgLg4oxcFb/+oFQMvluEut45siTtLiNL7t5Fim/ZnYhkxal6TiCUywnfgiycJyneNmtC/3eoTcz5dlrlRB5dwDehcqiZoFiqjaXGHcykHGFBDynD0/sRcEAQL+bLMv2qA+o2L7pDPHbCGJVXlUq57oTWfS4esbGDIa+1Bs8gDVMGUZcbRmeeKkc/MH2Oq1ApE5EKjH0ZRvYWS6afsWyvlXD2NXDthS5LltVKqqjhi6dy2O02stOt41z1qwfRlU89b3HXfDghlJ/L33DE+OcTyK0yRJ+ay4WpBgQJL8GDFKz1hnR2lOjYXLttJD7aHfcYyVO6zYsx2aeHI0OYM= // xyz. 3599 IN DNSKEY 256 3 8 AwEAAdkudvbXI30VVqraORIz7iVP4GX5jLvYI1vk1f8JJnvLNW9Gnsd8W4jne3PrkIIgoBeHJG1GC+5zo4Deusc8KVbQNjfL3TnuQF5iS8tkqnyqEUqHt2Rm+JHglrX0eIqftBjegf0WBTCVJIE/KqiC/X2EXr83/sAmrF5SchoEM2gx // xyz. 3599 IN DNSKEY 256 3 8 AwEAAa5jh93mWraaokFC83dqjRLypC8KijEI9DpGCL9epWGcZoEg2QpFRNaJuYjxASKjqF04TXZFOPLgSLMS6fPy6Cx4cBy4K392cbHBJafUnAecmHd4WJauED8q5OU+AnZbD07J424L9CszIXKFBBIeUXyNVhSgFszjZevNRie/Jk3v - [web3.utils.toHex("xyz."), "0x0030080100000e105cad5cd55c8583020e0f0378797a000378797a000030000100000e1000880100030803010001ae6387dde65ab69aa24142f3776a8d12f2a42f0a8a3108f43a4608bf5ea5619c668120d90a4544d689b988f10122a3a85d384d764538f2e048b312e9f3f2e82c78701cb82b7f7671b1c125a7d49c079c9877785896ae103f2ae4e53e02765b0f4ec9e36e0bf42b3321728504121e517c8d5614a016cce365ebcd4627bf264def0378797a000030000100000e1000880100030803010001d92e76f6d7237d1556aada391233ee254fe065f98cbbd8235be4d5ff09267bcb356f469ec77c5b88e77b73eb908220a01787246d460bee73a380debac73c2956d03637cbdd39ee405e624bcb64aa7caa114a87b76466f891e096b5f4788a9fb418de81fd1605309524813f2aa882fd7d845ebf37fec026ac5e52721a043368310378797a000030000100000e1001080101030803010001b6114f39202e0e28c5c15bffea0540cbe5b84bade39b224ed2e234beede458a6fd99d8864c5a97a4e2094cb09df822c9c2729de366b42ff77a84dccf9765ae5441e5dc037a172a899a058aa8da5c61dcca41c61410f29c3d3fb117040102fe6cb32fdaa03ea362fba433c76c2189557954ab9ee84d67d2e1eb1b18321afb506cf200d530651971b46679e2a473f307d8eab502913910a8c7d1946f6164ba69fb16caf9570f63570ed852e4b96d54aaaa8e18ba772d8ed36b2d3ade35cf5ab07d1954f3d6f71d77c3821949fcbdf70c4f8e713c8ad32449f9acb85a90604092fc18314acf586747694e8d85cbb6d243eda1df718c953bacd8b31d9a7872343983", "0x20357d7ef0728b90c2dfb5007bb818bb12438e8ea7028cf9f1ee0499e085b17d518e32e398e4768ee1aff34018e6b0d166ad45f210867022f42698029b79bf23fafa0a4a918453110c24268efdd7e28b4419e2033d2ca24c303dc24887d3522ab68cccadf7ff3f1da3c274688cfef1a8817bf72497d668c74c05f42ec76826250d03b5989724fa17742bae58218321d1d3545ca33638fdb18a18be4aa3b156dc0ba5d4d3a11470532246820966ca26b5c2360d1f9113df152f08531c660e085ff12bc27bc13d0a313d2b6f37814cbf4956aa7b8bb072987bd547abd1f0d376a3c774443548d6705c2df077e8704db900adafda9f7332f6dc0c5b91b371cd6460"], + [ + web3.utils.toHex('xyz.'), + '0x0030080100000e105cad5cd55c8583020e0f0378797a000378797a000030000100000e1000880100030803010001ae6387dde65ab69aa24142f3776a8d12f2a42f0a8a3108f43a4608bf5ea5619c668120d90a4544d689b988f10122a3a85d384d764538f2e048b312e9f3f2e82c78701cb82b7f7671b1c125a7d49c079c9877785896ae103f2ae4e53e02765b0f4ec9e36e0bf42b3321728504121e517c8d5614a016cce365ebcd4627bf264def0378797a000030000100000e1000880100030803010001d92e76f6d7237d1556aada391233ee254fe065f98cbbd8235be4d5ff09267bcb356f469ec77c5b88e77b73eb908220a01787246d460bee73a380debac73c2956d03637cbdd39ee405e624bcb64aa7caa114a87b76466f891e096b5f4788a9fb418de81fd1605309524813f2aa882fd7d845ebf37fec026ac5e52721a043368310378797a000030000100000e1001080101030803010001b6114f39202e0e28c5c15bffea0540cbe5b84bade39b224ed2e234beede458a6fd99d8864c5a97a4e2094cb09df822c9c2729de366b42ff77a84dccf9765ae5441e5dc037a172a899a058aa8da5c61dcca41c61410f29c3d3fb117040102fe6cb32fdaa03ea362fba433c76c2189557954ab9ee84d67d2e1eb1b18321afb506cf200d530651971b46679e2a473f307d8eab502913910a8c7d1946f6164ba69fb16caf9570f63570ed852e4b96d54aaaa8e18ba772d8ed36b2d3ade35cf5ab07d1954f3d6f71d77c3821949fcbdf70c4f8e713c8ad32449f9acb85a90604092fc18314acf586747694e8d85cbb6d243eda1df718c953bacd8b31d9a7872343983', + '0x20357d7ef0728b90c2dfb5007bb818bb12438e8ea7028cf9f1ee0499e085b17d518e32e398e4768ee1aff34018e6b0d166ad45f210867022f42698029b79bf23fafa0a4a918453110c24268efdd7e28b4419e2033d2ca24c303dc24887d3522ab68cccadf7ff3f1da3c274688cfef1a8817bf72497d668c74c05f42ec76826250d03b5989724fa17742bae58218321d1d3545ca33638fdb18a18be4aa3b156dc0ba5d4d3a11470532246820966ca26b5c2360d1f9113df152f08531c660e085ff12bc27bc13d0a313d2b6f37814cbf4956aa7b8bb072987bd547abd1f0d376a3c774443548d6705c2df077e8704db900adafda9f7332f6dc0c5b91b371cd6460' + ], // ethlab.xyz. 3599 IN RRSIG DS 8 2 3600 20190412084119 20190313062929 53709 xyz. QYtNoU4SsRpKcSeH1UUJNwJAADRW+LNx4an35z25tb+Cw0y51sKP/2FS8gD47XReZ5mmYE1E6DWLmPbizPOAUibfLZad+zKjRyrGm59rbeSetLdDD1zKw7Wa5CB2a+wFi0AVGwO0pMqxE/N2E1SEPbPUdsroMGTgBxBf/ON0YL4= // ethlab.xyz. 3599 IN DS 42999 8 2 954C021A38E5731EBAAA95323FB7C472A866CE4D86AE3AD8605843B722B62213 // ethlab.xyz. 3599 IN DS 60820 8 2 D1CDCF8E905ED06FEC438A63C69A34D2F4871B1F4869BBB852859892E693CAED - [web3.utils.toHex("ethlab.xyz."), "0x002b080200000e105cb04f2f5c88a349d1cd0378797a00066574686c61620378797a00002b000100000e100024a7f70802954c021a38e5731ebaaa95323fb7c472a866ce4d86ae3ad8605843b722b62213066574686c61620378797a00002b000100000e100024ed940802d1cdcf8e905ed06fec438a63c69a34d2f4871b1f4869bbb852859892e693caed", "0x418b4da14e12b11a4a712787d54509370240003456f8b371e1a9f7e73db9b5bf82c34cb9d6c28fff6152f200f8ed745e6799a6604d44e8358b98f6e2ccf3805226df2d969dfb32a3472ac69b9f6b6de49eb4b7430f5ccac3b59ae420766bec058b40151b03b4a4cab113f3761354843db3d476cae83064e007105ffce37460be"], + [ + web3.utils.toHex('ethlab.xyz.'), + '0x002b080200000e105cb04f2f5c88a349d1cd0378797a00066574686c61620378797a00002b000100000e100024a7f70802954c021a38e5731ebaaa95323fb7c472a866ce4d86ae3ad8605843b722b62213066574686c61620378797a00002b000100000e100024ed940802d1cdcf8e905ed06fec438a63c69a34d2f4871b1f4869bbb852859892e693caed', + '0x418b4da14e12b11a4a712787d54509370240003456f8b371e1a9f7e73db9b5bf82c34cb9d6c28fff6152f200f8ed745e6799a6604d44e8358b98f6e2ccf3805226df2d969dfb32a3472ac69b9f6b6de49eb4b7430f5ccac3b59ae420766bec058b40151b03b4a4cab113f3761354843db3d476cae83064e007105ffce37460be' + ], // ethlab.xyz. 3599 IN RRSIG DNSKEY 8 2 3600 20340214222653 20190305212653 42999 ethlab.xyz. DIouYhqzqxxN7fAQN8VYCSkXKFzuv1P964uctDaIfk/7BbCePJ3s3omGywNzH0/+Vzwa34AV0thIOphmLFqSQw== // ethlab.xyz. 3599 IN DNSKEY 257 3 8 AwEAAbjW5+pT9WirUzRujl+Haab7lw8NOa7N1FdRjpJ4ICzvOfc1vSYULj2eBIQJq5lys1Bhgs0NXHGsR0UDVok+uu7dic+UlEH8gIAa82yPefJOotD6yCZfqk1cuLX2+RGMHfpVgs4qwQa+PdajYfpw+sjzafGBuwiygycuZe40p4/Azm3E5/9lFsis4z3bXOd5vTdKYv5AWdEgKRdzZIRjIxurKz6G7nXPaxOn4zo4LM/kXxn4KjSLQQxQflr+xxHxda8zJZOY1Pj3iKcMzPtPHUsxbHbcjszmwNrn7sqNpSEPsoAw4+UQCG0FnhwsQxnAo5rE2YxJV1S+BRcAunyEsUE= // ethlab.xyz. 3599 IN DNSKEY 256 3 8 AwEAAdlnRTgge2TmnkenqHAh6YXRNWobwj0r23zHhgLxkN3IB7iAyUulB1L92aS60hHbfYJ1aXjFnF1fhXvAxaAgQN0= - [web3.utils.toHex("ethlab.xyz."), "0x0030080200000e10789d35ad5c7ee99da7f7066574686c61620378797a00066574686c61620378797a000030000100000e1000480100030803010001d9674538207b64e69e47a7a87021e985d1356a1bc23d2bdb7cc78602f190ddc807b880c94ba50752fdd9a4bad211db7d82756978c59c5d5f857bc0c5a02040dd066574686c61620378797a000030000100000e1001080101030803010001b8d6e7ea53f568ab53346e8e5f8769a6fb970f0d39aecdd457518e9278202cef39f735bd26142e3d9e048409ab9972b3506182cd0d5c71ac47450356893ebaeedd89cf949441fc80801af36c8f79f24ea2d0fac8265faa4d5cb8b5f6f9118c1dfa5582ce2ac106be3dd6a361fa70fac8f369f181bb08b283272e65ee34a78fc0ce6dc4e7ff6516c8ace33ddb5ce779bd374a62fe4059d120291773648463231bab2b3e86ee75cf6b13a7e33a382ccfe45f19f82a348b410c507e5afec711f175af33259398d4f8f788a70cccfb4f1d4b316c76dc8ecce6c0dae7eeca8da5210fb28030e3e510086d059e1c2c4319c0a39ac4d98c495754be051700ba7c84b141", "0x0c8a2e621ab3ab1c4dedf01037c558092917285ceebf53fdeb8b9cb436887e4ffb05b09e3c9decde8986cb03731f4ffe573c1adf8015d2d8483a98662c5a9243"], + [ + web3.utils.toHex('ethlab.xyz.'), + '0x0030080200000e10789d35ad5c7ee99da7f7066574686c61620378797a00066574686c61620378797a000030000100000e1000480100030803010001d9674538207b64e69e47a7a87021e985d1356a1bc23d2bdb7cc78602f190ddc807b880c94ba50752fdd9a4bad211db7d82756978c59c5d5f857bc0c5a02040dd066574686c61620378797a000030000100000e1001080101030803010001b8d6e7ea53f568ab53346e8e5f8769a6fb970f0d39aecdd457518e9278202cef39f735bd26142e3d9e048409ab9972b3506182cd0d5c71ac47450356893ebaeedd89cf949441fc80801af36c8f79f24ea2d0fac8265faa4d5cb8b5f6f9118c1dfa5582ce2ac106be3dd6a361fa70fac8f369f181bb08b283272e65ee34a78fc0ce6dc4e7ff6516c8ace33ddb5ce779bd374a62fe4059d120291773648463231bab2b3e86ee75cf6b13a7e33a382ccfe45f19f82a348b410c507e5afec711f175af33259398d4f8f788a70cccfb4f1d4b316c76dc8ecce6c0dae7eeca8da5210fb28030e3e510086d059e1c2c4319c0a39ac4d98c495754be051700ba7c84b141', + '0x0c8a2e621ab3ab1c4dedf01037c558092917285ceebf53fdeb8b9cb436887e4ffb05b09e3c9decde8986cb03731f4ffe573c1adf8015d2d8483a98662c5a9243' + ], // _ens.ethlab.xyz. 21599 IN RRSIG TXT 8 3 86400 20340214222653 20190305212653 42999 ethlab.xyz. cK9JLb6gBKY7oJi2E+94a0Eii8k4nirIKgginKID3FD7B0lVn6I0499nKzLVCWQtFc3Hnte9JaUrz4GvP3mBTA== // _ens.ethlab.xyz. 21599 IN TXT "a=0xfdb33f8ac7ce72d7d4795dd8610e323b4c122fbb" - [web3.utils.toHex("_ens.ethlab.xyz."), "0x0010080300015180789d35ad5c7ee99da7f7066574686c61620378797a00045f656e73066574686c61620378797a000010000100015180002d2c613d307866646233336638616337636537326437643437393564643836313065333233623463313232666262", "0x70af492dbea004a63ba098b613ef786b41228bc9389e2ac82a08229ca203dc50fb0749559fa234e3df672b32d509642d15cdc79ed7bd25a52bcf81af3f79814c"], + [ + web3.utils.toHex('_ens.ethlab.xyz.'), + '0x0010080300015180789d35ad5c7ee99da7f7066574686c61620378797a00045f656e73066574686c61620378797a000010000100015180002d2c613d307866646233336638616337636537326437643437393564643836313065333233623463313232666262', + '0x70af492dbea004a63ba098b613ef786b41228bc9389e2ac82a08229ca203dc50fb0749559fa234e3df672b32d509642d15cdc79ed7bd25a52bcf81af3f79814c' + ] ]; -function hexEncodeSignedSet(keys){ - return (new Result([keys])).proofs[0].toSubmit(); +function hexEncodeSignedSet(keys) { + return new Result([keys]).proofs[0].toSubmit(); } -function hexEncodeName(name){ - return '0x' + packet.name.encode(name).toString('hex'); +function hexEncodeName(name) { + return '0x' + packet.name.encode(name).toString('hex'); } async function verifySubmission(instance, data, sig, proof) { - if(proof === undefined) { - proof = await instance.anchors(); - } + if (proof === undefined) { + proof = await instance.anchors(); + } - var tx = await instance.submitRRSet(data, sig, proof); + var tx = await instance.submitRRSet(data, sig, proof); - assert.equal(tx.receipt.status, true); - assert.equal(tx.logs.length, 1); - return tx; + assert.equal(tx.receipt.status, true); + assert.equal(tx.logs.length, 1); + return tx; } async function verifyFailedSubmission(instance, data, sig, proof) { - if(proof === undefined) { - proof = await instance.anchors(); - } + if (proof === undefined) { + proof = await instance.anchors(); + } - try{ - var tx = await instance.submitRRSet(data, sig, proof); - } - catch(error){ - // @TODO use: https://github.com/ensdomains/root/blob/master/test/helpers/Utils.js#L8 - // Assert ganache revert exception - assert.equal(error.message, 'Returned error: VM Exception while processing transaction: revert'); - } + try { + var tx = await instance.submitRRSet(data, sig, proof); + } catch (error) { + // @TODO use: https://github.com/ensdomains/root/blob/master/test/helpers/Utils.js#L8 + // Assert ganache revert exception + assert.equal( + error.message, + 'Returned error: VM Exception while processing transaction: revert' + ); + } - // Assert geth failed transaction - if(tx !== undefined) { - assert.equal(tx.receipt.status, false); - } + // Assert geth failed transaction + if (tx !== undefined) { + assert.equal(tx.receipt.status, false); + } } contract('DNSSEC', function(accounts) { - it('should have a default algorithm and digest set', async function() { - var instance = await dnssec.deployed(); - assert.notEqual(await instance.algorithms(8), "0x0000000000000000000000000000000000000000"); - assert.notEqual(await instance.algorithms(253), "0x0000000000000000000000000000000000000000"); - assert.notEqual(await instance.digests(2), "0x0000000000000000000000000000000000000000"); - assert.notEqual(await instance.digests(253), "0x0000000000000000000000000000000000000000"); + it('should have a default algorithm and digest set', async function() { + var instance = await dnssec.deployed(); + assert.notEqual( + await instance.algorithms(8), + '0x0000000000000000000000000000000000000000' + ); + assert.notEqual( + await instance.algorithms(253), + '0x0000000000000000000000000000000000000000' + ); + assert.notEqual( + await instance.digests(2), + '0x0000000000000000000000000000000000000000' + ); + assert.notEqual( + await instance.digests(253), + '0x0000000000000000000000000000000000000000' + ); + }); + + function rootKeys() { + var name = '.'; + var sig = { + name: '.', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'DNSKEY', + algorithm: 253, + labels: 0, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }; + + var rrs = [ + { + name: '.', + type: 'DNSKEY', + class: 'IN', + ttl: 3600, + data: { flags: 0x0101, algorithm: 253, key: Buffer.from('1111', 'HEX') } + }, + { + name: '.', + type: 'DNSKEY', + class: 'IN', + ttl: 3600, + data: { flags: 0, algorithm: 253, key: Buffer.from('1111', 'HEX') } + }, + { + name: '.', + type: 'DNSKEY', + class: 'IN', + ttl: 3600, + data: { flags: 0, algorithm: 253, key: Buffer.from('1112', 'HEX') } + } + ]; + return { name, sig, rrs }; + } + + it('should reject signatures with non-matching algorithms', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + keys.rrs.forEach(r => { + r.data.algorithm = 255; }); + await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + }); - function rootKeys() { - var name = '.'; - var sig = { - name: '.', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data: - { - typeCovered: 'DNSKEY', - algorithm: 253, - labels: 0, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } + it('should reject signatures with non-matching keytags', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + + keys.rrs = [ + { + name: '.', + type: 'DNSKEY', + class: 'IN', + ttl: 3600, + data: { + flags: 0x0101, + protocol: 3, + algorithm: 253, + key: Buffer.from('1112', 'HEX') } + } + ]; + + await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + }); + + it('should reject signatures by keys without the ZK bit set', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + keys.rrs = [ + { + name: '.', + type: 'DNSKEY', + class: 'IN', + ttl: 3600, + data: { + flags: 0x0001, + protocol: 3, + algorithm: 253, + key: Buffer.from('1211', 'HEX') + } + } + ]; + + await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + }); - var rrs = [ - { - name: ".", type: 'DNSKEY', class: 'IN', ttl: 3600, - data:{flags: 0x0101, algorithm: 253, key: Buffer.from("1111", "HEX")} - }, - { - name: ".", type: 'DNSKEY', class: 'IN', ttl: 3600, - data:{flags: 0, algorithm: 253, key: Buffer.from("1111", "HEX")} - }, - { - name: ".", type: 'DNSKEY', class: 'IN', ttl: 3600, - data:{flags: 0, algorithm: 253, key: Buffer.from("1112", "HEX")} - } + var rootKeyProof = undefined; + it('should accept a root DNSKEY', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + var tx = await verifySubmission(instance, ...hexEncodeSignedSet(keys)); + rootKeyProof = tx.logs[0].args.rrset; + }); + + it('should check if root DNSKEY exist', async function() { + var instance = await dnssec.deployed(); + var result = await instance.rrdata.call( + types.toType('DNSKEY'), + hexEncodeName('nonexisting.') + ); + var rrs = result['2']; + assert.equal(rrs, '0x0000000000000000000000000000000000000000'); + result = await instance.rrdata.call( + types.toType('DNSKEY'), + hexEncodeName('.') + ); + rrs = result['2']; + assert.notEqual(rrs, '0x0000000000000000000000000000000000000000'); + }); + + it('should accept a signed RRSET', async function() { + var instance = await dnssec.deployed(); + await verifySubmission( + instance, + hexEncodeSignedSet({ + name: 'test', + sig: { + name: 'test', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'TXT', + algorithm: 253, + labels: 1, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'test', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('test', 'ascii') + } ] - return { name, sig, rrs } - } + })[0], + '0x', + rootKeyProof + ); + }); - it("should reject signatures with non-matching algorithms", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - keys.rrs.forEach((r)=>{r.data.algorithm = 255}) - await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); - }); + it('should reject signatures with non-matching classes', async function() { + var instance = await dnssec.deployed(); + await verifyFailedSubmission( + instance, + ...hexEncodeSignedSet({ + name: 'net', + sig: { + name: 'net', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'TXT', + algorithm: 253, + labels: 1, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'net', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('foo', 'ascii') + } + ] + }) + ); + }); - it("should reject signatures with non-matching keytags", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); + it('should reject signatures with non-matching names', async function() { + var instance = await dnssec.deployed(); + await verifyFailedSubmission( + instance, + ...hexEncodeSignedSet({ + name: 'foo.net', + sig: { + name: 'foo.net', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'TXT', + algorithm: 253, + labels: 1, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'foo.net', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('foo', 'ascii') + } + ] + }) + ); + }); - keys.rrs = [{ - name: ".", type: 'DNSKEY', class: 'IN', ttl: 3600, - data:{flags: 0x0101, protocol: 3, algorithm: 253, key: Buffer.from("1112", "HEX")} - }]; + it('should reject signatures with the wrong type covered', async function() { + var instance = await dnssec.deployed(); + await verifyFailedSubmission( + instance, + ...hexEncodeSignedSet({ + name: 'net', + sig: { + name: 'net', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'DS', + algorithm: 253, + labels: 1, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'net', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('foo', 'ascii') + } + ] + }) + ); + }); - await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); - }); + it('should reject signatures with too many labels', async function() { + var instance = await dnssec.deployed(); + await verifyFailedSubmission( + instance, + ...hexEncodeSignedSet({ + name: 'net', + sig: { + name: 'net', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'TXT', + algorithm: 253, + labels: 2, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'net', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('foo', 'ascii') + } + ] + }) + ); + }); - it("should reject signatures by keys without the ZK bit set", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - keys.rrs = [{ - name: ".", type: 'DNSKEY', class: 'IN', ttl: 3600, - data:{flags: 0x0001, protocol: 3, algorithm: 253, key: Buffer.from("1211", "HEX")} - }]; + it('should reject signatures with invalid signer names', async function() { + var instance = await dnssec.deployed(); + await verifySubmission( + instance, + hexEncodeSignedSet({ + name: 'test', + sig: { + name: 'test', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'TXT', + algorithm: 253, + labels: 1, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'test', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('test', 'ascii') + } + ] + })[0], + '0x', + rootKeyProof + ); + await verifyFailedSubmission( + instance, + hexEncodeSignedSet({ + name: 'test', + sig: { + name: 'test', + type: 'RRSIG', + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: 'TXT', + algorithm: 253, + labels: 1, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: 'com', + signature: new Buffer([]) + } + }, + rrs: [ + { + name: 'test', + type: 'TXT', + class: 'IN', + ttl: 3600, + data: Buffer.from('test', 'ascii') + } + ] + })[0], + '0x', + rootKeyProof + ); + }); - await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); - }); + it('should reject entries with expirations in the past', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + keys.sig.data.expiration = Date.now() / 1000 - 1; + await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + }); - var rootKeyProof = undefined; - it('should accept a root DNSKEY', async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - var tx = await verifySubmission(instance, ...hexEncodeSignedSet(keys)); - rootKeyProof = tx.logs[0].args.rrset; - }); + it('should reject entries with inceptions in the future', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + keys.sig.data.inception = Date.now() / 1000 + 2419200; + await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + }); - it('should check if root DNSKEY exist', async function(){ - var instance = await dnssec.deployed(); - var result = await instance.rrdata.call(types.toType('DNSKEY'), hexEncodeName('nonexisting.')); - var rrs = result['2'] - assert.equal(rrs, '0x0000000000000000000000000000000000000000'); - result = await instance.rrdata.call(types.toType('DNSKEY'), hexEncodeName('.')); - rrs = result['2'] - assert.notEqual(rrs, '0x0000000000000000000000000000000000000000'); - }) - - it('should accept a signed RRSET', async function() { - var instance = await dnssec.deployed(); - await verifySubmission(instance, hexEncodeSignedSet({ - name:'test', - sig:{ - name: 'test', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'TXT', - algorithm: 253, - labels: 1, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - }, - rrs:[{name: "test", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('test', 'ascii')}], - })[0], "0x", rootKeyProof); - }); + it('should accept updates with newer signatures', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + keys.sig.data.inception = Date.now() / 1000; + await verifySubmission(instance, ...hexEncodeSignedSet(keys)); + }); - it('should reject signatures with non-matching classes', async function() { - var instance = await dnssec.deployed(); - await verifyFailedSubmission(instance, ...hexEncodeSignedSet({ - name:'net', - sig:{ - name: 'net', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'TXT', - algorithm: 253, - labels: 1, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - }, - rrs:[{name: "net", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('foo', 'ascii')}], - })); - }) - - it('should reject signatures with non-matching names', async function() { - var instance = await dnssec.deployed(); - await verifyFailedSubmission(instance, - ...hexEncodeSignedSet({ - name:'foo.net', - sig:{ - name: 'foo.net', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'TXT', - algorithm: 253, - labels: 1, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - }, - rrs:[{name: "foo.net", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('foo', 'ascii')}], - })); - }); + it('should reject entries that are older', async function() { + var instance = await dnssec.deployed(); + var keys = rootKeys(); + keys.sig.data.inception = Date.now() / 1000 - 2419200; + await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + }); - it('should reject signatures with the wrong type covered', async function() { - var instance = await dnssec.deployed(); - await verifyFailedSubmission(instance, ...hexEncodeSignedSet({ - name:'net', - sig:{ - name: 'net', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'DS', - algorithm: 253, - labels: 1, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - }, - rrs:[{name: "net", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('foo', 'ascii')}], - })); - }); + it('should reject invalid RSA signatures', async function() { + var instance = await dnssec.deployed(); + var sig = test_rrsets[0][2]; + await verifyFailedSubmission( + instance, + test_rrsets[0][1], + sig.slice(0, sig.length - 2) + 'FF' + ); + }); - it('should reject signatures with too many labels', async function() { - var instance = await dnssec.deployed(); - await verifyFailedSubmission(instance, ...hexEncodeSignedSet({ - name:'net', - sig:{ - name: 'net', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'TXT', - algorithm: 253, - labels: 2, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - }, - rrs:[{name: "net", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('foo', 'ascii')}], - })); - }); + // Test delete RRSET + async function checkPresence(instance, type, name) { + var result = (await instance.rrdata.call( + types.toType(type), + hexEncodeName(name) + ))[2]; + return result != '0x0000000000000000000000000000000000000000'; + } - it('should reject signatures with invalid signer names', async function() { - var instance = await dnssec.deployed(); - await verifySubmission(instance, hexEncodeSignedSet({ - name:'test', - sig:{ - name: 'test', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'TXT', - algorithm: 253, - labels: 1, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - }, - rrs:[{name: "test", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('test', 'ascii')}], - })[0], "0x", rootKeyProof); - await verifyFailedSubmission(instance, hexEncodeSignedSet({ - name:'test', - sig:{ - name: 'test', - type: 'RRSIG', - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: 'TXT', - algorithm: 253, - labels: 1, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: "com", - signature: new Buffer([]) - } - }, - rrs:[{name: "test", type: 'TXT', class: 'IN', ttl: 3600, data:Buffer.from('test', 'ascii')}], - })[0], "0x", rootKeyProof); - }); + function buildEntry(type, name, rrsOption, sigOption) { + var rrs = [ + { name: name, type: type, class: 'IN', ttl: 3600, data: rrsOption } + ]; + var sig = { + name: name, + type: type, + ttl: 0, + class: 'IN', + flush: false, + data: { + typeCovered: type, + algorithm: 253, + labels: name.split('.').length, + originalTTL: 3600, + expiration: Date.now() / 1000 + 2419200, + inception: Date.now() / 1000, + keyTag: 5647, + signersName: '.', + signature: new Buffer([]) + } + }; - it("should reject entries with expirations in the past", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - keys.sig.data.expiration = Date.now() / 1000 - 1; - await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); - }); + if (sigOption !== undefined) { + Object.assign(sig.data, sigOption); + } + var keys = { name, rrs, sig }; + return keys; + } - it("should reject entries with inceptions in the future", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - keys.sig.data.inception = Date.now() / 1000 + 2419200; - await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); - }); + async function submitEntry(instance, type, name, option, proof, sig) { + var keys = buildEntry(type, name, option, sig); + tx = await verifySubmission( + instance, + hexEncodeSignedSet(keys)[0], + '0x', + proof + ); + var res = await instance.rrdata.call( + types.toType(type), + hexEncodeName(name) + ); + assert.notEqual(res['2'], '0x0000000000000000000000000000000000000000'); + return tx; + } - it("should accept updates with newer signatures", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - keys.sig.data.inception = Date.now() / 1000; - await verifySubmission(instance, ...hexEncodeSignedSet(keys)); - }); + async function deleteEntry(instance, deletetype, deletename, nsec, proof) { + var tx, result; + try { + tx = await instance.deleteRRSet( + types.toType(deletetype), + hexEncodeName(deletename), + nsec, + '0x', + proof + ); + } catch (error) { + result = false; + } + // Assert geth failed transaction + if (tx !== undefined) { + result = tx.receipt.status; + } + return result; + } + + it('rejects if a proof with the wrong type is supplied', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'b', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + // Submit with a proof for an irrelevant record. + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'b', + hexEncodeSignedSet(rootKeys())[0], + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'b'), true); + }); + + it('rejects if next record does not come before the deleting name', async function() { + var instance = await dnssec.deployed(); + // text z. comes after next d. + await submitEntry( + instance, + 'TXT', + 'z', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'a', { nextDomain: 'd', rrtypes: ['TXT'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'z', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'z'), true); + }); + + it('rejects if nsec record starts after the deleting name', async function() { + var instance = await dnssec.deployed(); + // text a. comes after nsec b. + await submitEntry( + instance, + 'TXT', + 'a', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'b', { nextDomain: 'd', rrtypes: ['TXT'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'a', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'a'), true); + }); - it("should reject entries that are older", async function() { - var instance = await dnssec.deployed(); - var keys = rootKeys(); - keys.sig.data.inception = Date.now() / 1000 - 2419200; - await verifyFailedSubmission(instance, ...hexEncodeSignedSet(keys)); + it('rejects RRset if trying to delete rrset that is in the type bitmap', async function() { + var instance = await dnssec.deployed(); + // text a. has same nsec a. with type bitmap + await submitEntry( + instance, + 'TXT', + 'a', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'a', { nextDomain: 'd', rrtypes: ['TXT'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'a', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'a'), true); + }); + + it('deletes RRset if nsec name and delete name are the same but with different rrtypes', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'a', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + // This test fails if rrtypes is empty ([]), but would that case every happen? + var nsec = buildEntry('NSEC', 'a', { nextDomain: 'd', rrtypes: ['NSEC'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'a', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + true + ); + assert.equal(await checkPresence(instance, 'TXT', 'a'), false); + }); + + it('rejects if the proof hash does not match', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'a', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'a', { nextDomain: 'd', rrtypes: ['NSEC'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'a', + hexEncodeSignedSet(nsec)[0] + '00', + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'a'), true); + }); + + it('deletes RRset if NSEC next comes after delete name', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'b', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'a', { nextDomain: 'd', rrtypes: ['TXT'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'b', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + true + ); + assert.equal(await checkPresence(instance, 'TXT', 'b'), false); + }); + + it('deletes RRset if NSEC is on apex domain', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'b.test', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'test', { + nextDomain: 'd.test', + rrtypes: ['TXT'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'b.test', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + true + ); + assert.equal(await checkPresence(instance, 'TXT', 'b.test'), false); + }); - it('should reject invalid RSA signatures', async function() { - var instance = await dnssec.deployed(); - var sig = test_rrsets[0][2]; - await verifyFailedSubmission(instance, test_rrsets[0][1], sig.slice(0, sig.length - 2) + "FF"); + it('deletes RRset if NSEC next name is on apex domain', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'b.test', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry('NSEC', 'a.test', { + nextDomain: 'test', + rrtypes: ['TXT'] }); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'b.test', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + true + ); + assert.equal(await checkPresence(instance, 'TXT', 'b.test'), false); + }); - // Test delete RRSET - async function checkPresence(instance, type, name){ - var result = (await instance.rrdata.call(types.toType(type), hexEncodeName(name)))[2]; - return result != '0x0000000000000000000000000000000000000000'; - } + it('will not delete a record if it is more recent than the NSEC record', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'y', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec = buildEntry( + 'NSEC', + 'x', + { nextDomain: 'z', rrtypes: ['TXT'] }, + { inception: Date.now() / 1000 - 2419200 } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'y', + hexEncodeSignedSet(nsec)[0], + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'y'), true); + }); - function buildEntry(type, name, rrsOption, sigOption) { - var rrs = [{name: name, type: type, class: 'IN', ttl: 3600, data:rrsOption}]; - var sig = { - name: name, - type: type, - ttl: 0, - class: 'IN', - flush: false, - data:{ - typeCovered: type, - algorithm: 253, - labels: name.split(".").length, - originalTTL: 3600, - expiration: Date.now() / 1000 + 2419200, - inception: Date.now() / 1000, - keyTag: 5647, - signersName: ".", - signature: new Buffer([]) - } - } - - if(sigOption !== undefined) { - Object.assign(sig.data, sigOption); - } - var keys = {name, rrs, sig} - return keys; - } + // 088vbc61o9hm3qfu7vhd3ajtilp4bc5l + // H(matoken.xyz) = bst4hlje7r0o8c8p4o8q582lm0ejmiqt + // H(quux.matoken.xyz) = gjjkn49ondfjc1thska8ai4csj8pd7af + // l54nruaka4b4f3mfm5scv7aocqls84gm + // H(foo.matoken.xyz) = nvlh0ajql16jp0bigvm9jcmm50c3f8gj + // H(_abc.matoken.xyz) = q116ronfpgiloujs07ueb829e1rjg0pa - async function submitEntry(instance, type, name, option, proof, sig){ - var keys = buildEntry(type, name, option, sig); - tx = await verifySubmission(instance, hexEncodeSignedSet(keys)[0], "0x", proof); - var res = await instance.rrdata.call(types.toType(type), hexEncodeName(name)); - assert.notEqual(res['2'], '0x0000000000000000000000000000000000000000'); - return tx; - } + it('deletes record on the same name using NSEC3', async function() { + var instance = await dnssec.deployed(); - async function deleteEntry(instance, deletetype, deletename, nsec, proof) { - var tx, result; - try{ - tx = await instance.deleteRRSet(types.toType(deletetype), hexEncodeName(deletename), nsec, "0x", proof); - } - catch(error){ - result = false; - } - // Assert geth failed transaction - if(tx !== undefined) { - result = tx.receipt.status; - } - return result; - } + await submitEntry( + instance, + 'TXT', + 'matoken.xyz', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec3 = buildEntry( + 'NSEC3', + 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', + { + algorithm: 1, + flags: 0, + iterations: 1, + salt: Buffer.from('5BA6AD4385844262', 'hex'), + nextDomain: Buffer.from( + base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM') + ), + rrtypes: ['DNSKEY'] + } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'matoken.xyz', + hexEncodeSignedSet(nsec3)[0], + rootKeyProof + ), + true + ); + assert.equal(await checkPresence(instance, 'TXT', 'matoken.xyz'), false); + }); + + it('deletes records in a zone using NSEC3', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'quux.matoken.xyz', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec3 = buildEntry( + 'NSEC3', + 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', + { + algorithm: 1, + flags: 0, + iterations: 1, + salt: Buffer.from('5BA6AD4385844262', 'hex'), + nextDomain: Buffer.from( + base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM') + ), + rrtypes: ['TXT'] + } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'quux.matoken.xyz', + hexEncodeSignedSet(nsec3)[0], + rootKeyProof + ), + true + ); + assert.equal( + await checkPresence(instance, 'TXT', 'quux.matoken.xyz'), + false + ); + }); + + it('deletes records at the end of a zone using NSEC3', async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'foo.matoken.xyz', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec3 = buildEntry( + 'NSEC3', + 'l54nruaka4b4f3mfm5scv7aocqls84gm.matoken.xyz', + { + algorithm: 1, + flags: 0, + iterations: 1, + salt: Buffer.from('5BA6AD4385844262', 'hex'), + nextDomain: Buffer.from( + base32hex.parse('088VBC61O9HM3QFU7VHD3AJTILP4BC5L') + ), + rrtypes: ['TXT'] + } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'foo.matoken.xyz', + hexEncodeSignedSet(nsec3)[0], + rootKeyProof + ), + true + ); + assert.equal( + await checkPresence(instance, 'TXT', 'foo.matoken.xyz'), + false + ); + }); - it('rejects if a proof with the wrong type is supplied', async function(){ - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'b', Buffer.from('foo', 'ascii'), rootKeyProof); - // Submit with a proof for an irrelevant record. - assert.equal((await deleteEntry(instance, 'TXT', 'b', hexEncodeSignedSet(rootKeys())[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'b')), true); - }) - - it('rejects if next record does not come before the deleting name', async function(){ - var instance = await dnssec.deployed(); - // text z. comes after next d. - await submitEntry(instance, 'TXT', 'z', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'a', { nextDomain:'d', rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'z', hexEncodeSignedSet(nsec)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'z')), true); - }) - - it('rejects if nsec record starts after the deleting name', async function(){ - var instance = await dnssec.deployed(); - // text a. comes after nsec b. - await submitEntry(instance, 'TXT', 'a', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'b', { nextDomain:'d', rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'a', hexEncodeSignedSet(nsec)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'a')), true); - }) - - it('rejects RRset if trying to delete rrset that is in the type bitmap', async function(){ - var instance = await dnssec.deployed(); - // text a. has same nsec a. with type bitmap - await submitEntry(instance, 'TXT', 'a', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'a', { nextDomain:'d', rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'a', hexEncodeSignedSet(nsec)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'a')), true); - }) - - it('deletes RRset if nsec name and delete name are the same but with different rrtypes', async function(){ - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'a', Buffer.from('foo', 'ascii'), rootKeyProof); - // This test fails if rrtypes is empty ([]), but would that case every happen? - var nsec = buildEntry('NSEC', 'a', { nextDomain:'d', rrtypes:['NSEC']}); - assert.equal((await deleteEntry(instance, 'TXT', 'a', hexEncodeSignedSet(nsec)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'a')), false); - }) - - it('rejects if the proof hash does not match', async function(){ - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'a', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'a', { nextDomain:'d', rrtypes:['NSEC']}); - assert.equal((await deleteEntry(instance, 'TXT', 'a', hexEncodeSignedSet(nsec)[0] + '00', rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'a')), true); - }) - - it('deletes RRset if NSEC next comes after delete name', async function(){ - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'b', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'a', { nextDomain:'d', rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'b', hexEncodeSignedSet(nsec)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'b')), false); - }) - - it('deletes RRset if NSEC is on apex domain', async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'b.test', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'test', { nextDomain:'d.test', rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'b.test', hexEncodeSignedSet(nsec)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'b.test')), false); - }) - - it('deletes RRset if NSEC next name is on apex domain', async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'b.test', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'a.test', { nextDomain:'test', rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'b.test', hexEncodeSignedSet(nsec)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'b.test')), false); - }) - - it('will not delete a record if it is more recent than the NSEC record', async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'y', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec = buildEntry('NSEC', 'x', { nextDomain:'z', rrtypes:['TXT']}, {inception: Date.now() / 1000 - 2419200}); - assert.equal((await deleteEntry(instance, 'TXT', 'y', hexEncodeSignedSet(nsec)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'y')), true); - }) - - // 088vbc61o9hm3qfu7vhd3ajtilp4bc5l - // H(matoken.xyz) = bst4hlje7r0o8c8p4o8q582lm0ejmiqt - // H(quux.matoken.xyz) = gjjkn49ondfjc1thska8ai4csj8pd7af - // l54nruaka4b4f3mfm5scv7aocqls84gm - // H(foo.matoken.xyz) = nvlh0ajql16jp0bigvm9jcmm50c3f8gj - // H(_abc.matoken.xyz) = q116ronfpgiloujs07ueb829e1rjg0pa - - it('deletes record on the same name using NSEC3', async function() { - var instance = await dnssec.deployed(); - - await submitEntry(instance, 'TXT', 'matoken.xyz', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec3 = buildEntry( - 'NSEC3', - 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', - { - algorithm: 1, - flags: 0, - iterations: 1, - salt: Buffer.from("5BA6AD4385844262", "hex"), - nextDomain: Buffer.from(base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM')), - rrtypes:['DNSKEY'] - } - ); - assert.equal((await deleteEntry(instance, 'TXT', 'matoken.xyz', hexEncodeSignedSet(nsec3)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'matoken.xyz')), false); - }) - - it('deletes records in a zone using NSEC3', async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'quux.matoken.xyz', Buffer.from('foo', 'ascii'), rootKeyProof); - var nsec3 = buildEntry('NSEC3', 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', {algorithm: 1, flags: 0, iterations: 1, salt: Buffer.from("5BA6AD4385844262", "hex"), nextDomain: Buffer.from(base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM')), rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'quux.matoken.xyz', hexEncodeSignedSet(nsec3)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'quux.matoken.xyz')), false); - }) - - it('deletes records at the end of a zone using NSEC3', async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'foo.matoken.xyz', Buffer.from('foo', 'ascii'), rootKeyProof) - var nsec3 = buildEntry('NSEC3', 'l54nruaka4b4f3mfm5scv7aocqls84gm.matoken.xyz', {algorithm: 1, flags: 0, iterations: 1, salt: Buffer.from("5BA6AD4385844262", "hex"), nextDomain: Buffer.from(base32hex.parse('088VBC61O9HM3QFU7VHD3AJTILP4BC5L')), rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'foo.matoken.xyz', hexEncodeSignedSet(nsec3)[0], rootKeyProof)), true); - assert.equal((await checkPresence(instance, 'TXT', 'foo.matoken.xyz')), false); - }) - - it("doesn't delete records before the range using NSEC3", async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', '_abc.matoken.xyz', Buffer.from('foo', 'ascii'), rootKeyProof) - var nsec3 = buildEntry('NSEC3', 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', {algorithm: 1, flags: 0, iterations: 1, salt: Buffer.from("5BA6AD4385844262", "hex"), nextDomain: Buffer.from(base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM')), rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', '_abc.matoken.xyz', hexEncodeSignedSet(nsec3)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', '_abc.matoken.xyz')), true); - }) - - it("doesn't delete records after the range using NSEC3", async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'foo.matoken.xyz', Buffer.from('foo', 'ascii'), rootKeyProof) - var nsec3 = buildEntry('NSEC3', 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', {algorithm: 1, flags: 0, iterations: 1, salt: Buffer.from("5BA6AD4385844262", "hex"), nextDomain: Buffer.from(base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM')), rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'foo.matoken.xyz', hexEncodeSignedSet(nsec3)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'foo.matoken.xyz')), true); - }) - - it("doesn't delete records that aren't at the end of a zone using NSEC3", async function() { - var instance = await dnssec.deployed(); - await submitEntry(instance, 'TXT', 'quux.matoken.xyz', Buffer.from('foo', 'ascii'), rootKeyProof) - var nsec3 = buildEntry('NSEC3', 'l54nruaka4b4f3mfm5scv7aocqls84gm.matoken.xyz', {algorithm: 1, flags: 0, iterations: 1, salt: Buffer.from("5BA6AD4385844262", "hex"), nextDomain: Buffer.from(base32hex.parse('088VBC61O9HM3QFU7VHD3AJTILP4BC5L')), rrtypes:['TXT']}); - assert.equal((await deleteEntry(instance, 'TXT', 'quux.matoken.xyz', hexEncodeSignedSet(nsec3)[0], rootKeyProof)), false); - assert.equal((await checkPresence(instance, 'TXT', 'quux.matoken.xyz')), true); - }) + it("doesn't delete records before the range using NSEC3", async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + '_abc.matoken.xyz', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec3 = buildEntry( + 'NSEC3', + 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', + { + algorithm: 1, + flags: 0, + iterations: 1, + salt: Buffer.from('5BA6AD4385844262', 'hex'), + nextDomain: Buffer.from( + base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM') + ), + rrtypes: ['TXT'] + } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + '_abc.matoken.xyz', + hexEncodeSignedSet(nsec3)[0], + rootKeyProof + ), + false + ); + assert.equal( + await checkPresence(instance, 'TXT', '_abc.matoken.xyz'), + true + ); + }); + + it("doesn't delete records after the range using NSEC3", async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'foo.matoken.xyz', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec3 = buildEntry( + 'NSEC3', + 'bst4hlje7r0o8c8p4o8q582lm0ejmiqt.matoken.xyz', + { + algorithm: 1, + flags: 0, + iterations: 1, + salt: Buffer.from('5BA6AD4385844262', 'hex'), + nextDomain: Buffer.from( + base32hex.parse('L54NRUAKA4B4F3MFM5SCV7AOCQLS84GM') + ), + rrtypes: ['TXT'] + } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'foo.matoken.xyz', + hexEncodeSignedSet(nsec3)[0], + rootKeyProof + ), + false + ); + assert.equal(await checkPresence(instance, 'TXT', 'foo.matoken.xyz'), true); + }); + + it("doesn't delete records that aren't at the end of a zone using NSEC3", async function() { + var instance = await dnssec.deployed(); + await submitEntry( + instance, + 'TXT', + 'quux.matoken.xyz', + Buffer.from('foo', 'ascii'), + rootKeyProof + ); + var nsec3 = buildEntry( + 'NSEC3', + 'l54nruaka4b4f3mfm5scv7aocqls84gm.matoken.xyz', + { + algorithm: 1, + flags: 0, + iterations: 1, + salt: Buffer.from('5BA6AD4385844262', 'hex'), + nextDomain: Buffer.from( + base32hex.parse('088VBC61O9HM3QFU7VHD3AJTILP4BC5L') + ), + rrtypes: ['TXT'] + } + ); + assert.equal( + await deleteEntry( + instance, + 'TXT', + 'quux.matoken.xyz', + hexEncodeSignedSet(nsec3)[0], + rootKeyProof + ), + false + ); + assert.equal( + await checkPresence(instance, 'TXT', 'quux.matoken.xyz'), + true + ); + }); }); - // Test against real record +// Test against real record contract('DNSSEC', accounts => { - it('should accept real DNSSEC records', async function() { - var instance = await dnssec.deployed(); - var proof = await instance.anchors(); - // They were all valid at Fri Mar 15 14:06:45 2019 +1300 and - // will be again every 2^32 seconds or 136 years - await web3.currentProvider.send({ - method: 'evm_increaseTime', - params: 1552612005 - Date.now() / 1000 >>> 0 - }); - for (let i = 0; i < test_rrsets.length; i++) { - var rrset = test_rrsets[i]; - var tx = await instance.submitRRSet(rrset[1], rrset[2], proof); - proof = tx.logs[0].args.rrset; - assert.equal(tx.receipt.status, true); - } + it('should accept real DNSSEC records', async function() { + var instance = await dnssec.deployed(); + var proof = await instance.anchors(); + // They were all valid at Fri Mar 15 14:06:45 2019 +1300 and + // will be again every 2^32 seconds or 136 years + await web3.currentProvider.send({ + method: 'evm_increaseTime', + params: (1552612005 - Date.now() / 1000) >>> 0 }); + for (let i = 0; i < test_rrsets.length; i++) { + var rrset = test_rrsets[i]; + var tx = await instance.submitRRSet(rrset[1], rrset[2], proof); + proof = tx.logs[0].args.rrset; + assert.equal(tx.receipt.status, true); + } + }); }); diff --git a/test/TestDigests.js b/test/TestDigests.js index 050c5d9..c6811e4 100644 --- a/test/TestDigests.js +++ b/test/TestDigests.js @@ -1,20 +1,17 @@ -const digests = require("./data/digests"); +const digests = require('./data/digests'); -digests.forEach(function ([digest, valid, valid2, invalid]) { - contract(digest, function (accounts) { +digests.forEach(function([digest, valid, valid2, invalid]) { + contract(digest, function(accounts) { + const algorithm = artifacts.require('./digests/' + digest + '.sol'); - const algorithm = artifacts.require("./digests/" + digest + ".sol"); - - it('should return true for valid hashes', async function() { - var instance = await algorithm.deployed(); - assert.equal(await instance.verify(valid[0], valid[1]), true); // @todo need to convert foo to bytes - }); - - - it('should return false for invalid hashes', async function() { - var instance = await algorithm.deployed(); - assert.equal(await instance.verify(invalid[0], invalid[1]), false); - }); + it('should return true for valid hashes', async function() { + var instance = await algorithm.deployed(); + assert.equal(await instance.verify(valid[0], valid[1]), true); // @todo need to convert foo to bytes + }); + it('should return false for invalid hashes', async function() { + var instance = await algorithm.deployed(); + assert.equal(await instance.verify(invalid[0], invalid[1]), false); }); + }); }); diff --git a/test/TestSHA1NSEC3Digest.js b/test/TestSHA1NSEC3Digest.js index 7013a67..a29ccae 100644 --- a/test/TestSHA1NSEC3Digest.js +++ b/test/TestSHA1NSEC3Digest.js @@ -1,28 +1,70 @@ var base32hex = require('rfc4648').base32hex; -var sha1 = artifacts.require("./nsec3digests/SHA1NSEC3Digest.sol"); +var sha1 = artifacts.require('./nsec3digests/SHA1NSEC3Digest.sol'); function fromBase32(s) { - return "0x" + Buffer.from(base32hex.parse(s.toUpperCase())).toString('hex') + "000000000000000000000000"; + return ( + '0x' + + Buffer.from(base32hex.parse(s.toUpperCase())).toString('hex') + + '000000000000000000000000' + ); } // @todo fix byte encoding of these vectors vectors = [ - ["0x", "0x", 0, "0xda39a3ee5e6b4b0d3255bfef95601890afd80709000000000000000000000000"], - [web3.utils.toHex("nacl"), web3.utils.toHex("test"), 0, "0x68b36a28941caebfc2af818c99a8e34478d77fec000000000000000000000000"], - [web3.utils.toHex("nacl"), web3.utils.toHex("test"), 1, "0x16574cbb9312cf064794482fdd1148289027db73000000000000000000000000"], - [web3.utils.toHex("nacl"), web3.utils.toHex("test"), 10, "0x455370ef51d39be8efa646b807a818c7649a505e000000000000000000000000"], - ["0xaabbccdd", web3.utils.asciiToHex("\x07example\x00"), 12, fromBase32("0p9mhaveqvm6t7vbl5lop2u3t2rp3tom")], - ["0xaabbccdd", web3.utils.asciiToHex("\x01a\x07example\x00"), 12, fromBase32("35mthgpgcu1qg68fab165klnsnk3dpvl")], - ["0x5BA6AD4385844262", web3.utils.asciiToHex("\x07matoken\x03xyz\x00"), 1, fromBase32("bst4hlje7r0o8c8p4o8q582lm0ejmiqt")] + [ + '0x', + '0x', + 0, + '0xda39a3ee5e6b4b0d3255bfef95601890afd80709000000000000000000000000' + ], + [ + web3.utils.toHex('nacl'), + web3.utils.toHex('test'), + 0, + '0x68b36a28941caebfc2af818c99a8e34478d77fec000000000000000000000000' + ], + [ + web3.utils.toHex('nacl'), + web3.utils.toHex('test'), + 1, + '0x16574cbb9312cf064794482fdd1148289027db73000000000000000000000000' + ], + [ + web3.utils.toHex('nacl'), + web3.utils.toHex('test'), + 10, + '0x455370ef51d39be8efa646b807a818c7649a505e000000000000000000000000' + ], + [ + '0xaabbccdd', + web3.utils.asciiToHex('\x07example\x00'), + 12, + fromBase32('0p9mhaveqvm6t7vbl5lop2u3t2rp3tom') + ], + [ + '0xaabbccdd', + web3.utils.asciiToHex('\x01a\x07example\x00'), + 12, + fromBase32('35mthgpgcu1qg68fab165klnsnk3dpvl') + ], + [ + '0x5BA6AD4385844262', + web3.utils.asciiToHex('\x07matoken\x03xyz\x00'), + 1, + fromBase32('bst4hlje7r0o8c8p4o8q582lm0ejmiqt') + ] ]; -contract("SHA1NSEC3Digest", function(accounts) { - for(var i = 0; i < vectors.length; i++) { - (function(i, vector) { - it('calculates test vector ' + i, async function() { - var instance = await sha1.deployed(); - assert.equal(await instance.hash(vector[0], vector[1], vector[2]), vector[3]) - }); - })(i, vectors[i]); - } -}) +contract('SHA1NSEC3Digest', function(accounts) { + for (var i = 0; i < vectors.length; i++) { + (function(i, vector) { + it('calculates test vector ' + i, async function() { + var instance = await sha1.deployed(); + assert.equal( + await instance.hash(vector[0], vector[1], vector[2]), + vector[3] + ); + }); + })(i, vectors[i]); + } +}); diff --git a/test/data/algorithms.js b/test/data/algorithms.js index e9ef4c9..482bc1f 100644 --- a/test/data/algorithms.js +++ b/test/data/algorithms.js @@ -1,92 +1,92 @@ module.exports = [ + [ + 'RSASHA1Algorithm', + // This test vector generated from the zone using the following Python script: + // import dns.rrset + // + // dnskey = dns.rrset.from_text("org.", 900, "IN", "DNSKEY", "256 3 7 AwEAAXxsMmN/JgpEE9Y4uFNRJm7Q9GBwmEYUCsCxuKlgBU9WrQEFRrvAeMamUBeX4SE8s3V/TEk/TgGmPPp0pMkKD7mseluK6Ard2HZ6O3nPAzL4i8py/UDRUmYNSCxwfdfjUWRmcB9H+NKWMsJoDhAkLFqg5HS7f0j4Vb99Wac24Fk7") + // + // soa = dns.rrset.from_text("org.", 900, "IN", "SOA", "a0.org.afilias-nst.info. noc.afilias-nst.info. 2012953483 1800 900 604800 86400") + // buf = StringIO() + // soa.to_wire(buf) + // + // rrsig = dns.rrset.from_text("www.example.net.", 900, "IN", "RRSIG", "SOA 7 1 900 20180511092623 20180420082623 1862 org. NNyzNfXm72KiOuKvkd/s57kw4bYTX0xh4QBBca36MbYOl7SoqojQOfrUQmVj6/khTAOh2Ywx/S/2CKRQEhavsdBLKT29TlD5ahyzDHQu1hwvS6ZAqXgaPqeiXJiJodEUFkeCRWpp43iuqwh55mz6EeGqpX7vUpQ3DCDgfa3lo18=") + // + // signature = rrsig[0].signature + // rrsig[0].signature = '' + // signdata = rrsig[0].to_digestable() + buf.getvalue() + // + // print ('0x' + dnskey[0].to_digestable().encode('hex'), '0x' + signdata.encode('hex'), signature.encode('hex')) [ - "RSASHA1Algorithm", - // This test vector generated from the zone using the following Python script: - // import dns.rrset - // - // dnskey = dns.rrset.from_text("org.", 900, "IN", "DNSKEY", "256 3 7 AwEAAXxsMmN/JgpEE9Y4uFNRJm7Q9GBwmEYUCsCxuKlgBU9WrQEFRrvAeMamUBeX4SE8s3V/TEk/TgGmPPp0pMkKD7mseluK6Ard2HZ6O3nPAzL4i8py/UDRUmYNSCxwfdfjUWRmcB9H+NKWMsJoDhAkLFqg5HS7f0j4Vb99Wac24Fk7") - // - // soa = dns.rrset.from_text("org.", 900, "IN", "SOA", "a0.org.afilias-nst.info. noc.afilias-nst.info. 2012953483 1800 900 604800 86400") - // buf = StringIO() - // soa.to_wire(buf) - // - // rrsig = dns.rrset.from_text("www.example.net.", 900, "IN", "RRSIG", "SOA 7 1 900 20180511092623 20180420082623 1862 org. NNyzNfXm72KiOuKvkd/s57kw4bYTX0xh4QBBca36MbYOl7SoqojQOfrUQmVj6/khTAOh2Ywx/S/2CKRQEhavsdBLKT29TlD5ahyzDHQu1hwvS6ZAqXgaPqeiXJiJodEUFkeCRWpp43iuqwh55mz6EeGqpX7vUpQ3DCDgfa3lo18=") - // - // signature = rrsig[0].signature - // rrsig[0].signature = '' - // signdata = rrsig[0].to_digestable() + buf.getvalue() - // - // print ('0x' + dnskey[0].to_digestable().encode('hex'), '0x' + signdata.encode('hex'), signature.encode('hex')) - [ - // org. 705 IN DNSKEY 256 3 7 AwEAAXxsMmN/JgpEE9Y4uFNRJm7Q9GBwmEYUCsCxuKlgBU9WrQEFRrvA eMamUBeX4SE8s3V/TEk/TgGmPPp0pMkKD7mseluK6Ard2HZ6O3nPAzL4 i8py/UDRUmYNSCxwfdfjUWRmcB9H+NKWMsJoDhAkLFqg5HS7f0j4Vb99 Wac24Fk7 - "0x01000307030100017c6c32637f260a4413d638b85351266ed0f460709846140ac0b1b8a960054f56ad010546bbc078c6a6501797e1213cb3757f4c493f4e01a63cfa74a4c90a0fb9ac7a5b8ae80addd8767a3b79cf0332f88bca72fd40d152660d482c707dd7e3516466701f47f8d29632c2680e10242c5aa0e474bb7f48f855bf7d59a736e0593b", - // org. 39 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2012953483 1800 900 604800 86400 - "0x00060701000003845af561bf5ad9a42f0746036f726700036f72670000060001000003840043026130036f72670b6166696c6961732d6e737404696e666f00036e6f630b6166696c6961732d6e737404696e666f0077fb3b8b000007080000038400093a8000015180", - // org. 39 IN RRSIG SOA 7 1 900 20180511092623 20180420082623 1862 org. NNyzNfXm72KiOuKvkd/s57kw4bYTX0xh4QBBca36MbYOl7SoqojQOfrU QmVj6/khTAOh2Ywx/S/2CKRQEhavsdBLKT29TlD5ahyzDHQu1hwvS6ZA qXgaPqeiXJiJodEUFkeCRWpp43iuqwh55mz6EeGqpX7vUpQ3DCDgfa3l o18= - "0x34dcb335f5e6ef62a23ae2af91dfece7b930e1b6135f4c61e1004171adfa31b60e97b4a8aa88d039fad4426563ebf9214c03a1d98c31fd2ff608a4501216afb1d04b293dbd4e50f96a1cb30c742ed61c2f4ba640a9781a3ea7a25c9889a1d114164782456a69e378aeab0879e66cfa11e1aaa57eef5294370c20e07dade5a35f" - ], - ], + // org. 705 IN DNSKEY 256 3 7 AwEAAXxsMmN/JgpEE9Y4uFNRJm7Q9GBwmEYUCsCxuKlgBU9WrQEFRrvA eMamUBeX4SE8s3V/TEk/TgGmPPp0pMkKD7mseluK6Ard2HZ6O3nPAzL4 i8py/UDRUmYNSCxwfdfjUWRmcB9H+NKWMsJoDhAkLFqg5HS7f0j4Vb99 Wac24Fk7 + '0x01000307030100017c6c32637f260a4413d638b85351266ed0f460709846140ac0b1b8a960054f56ad010546bbc078c6a6501797e1213cb3757f4c493f4e01a63cfa74a4c90a0fb9ac7a5b8ae80addd8767a3b79cf0332f88bca72fd40d152660d482c707dd7e3516466701f47f8d29632c2680e10242c5aa0e474bb7f48f855bf7d59a736e0593b', + // org. 39 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2012953483 1800 900 604800 86400 + '0x00060701000003845af561bf5ad9a42f0746036f726700036f72670000060001000003840043026130036f72670b6166696c6961732d6e737404696e666f00036e6f630b6166696c6961732d6e737404696e666f0077fb3b8b000007080000038400093a8000015180', + // org. 39 IN RRSIG SOA 7 1 900 20180511092623 20180420082623 1862 org. NNyzNfXm72KiOuKvkd/s57kw4bYTX0xh4QBBca36MbYOl7SoqojQOfrU QmVj6/khTAOh2Ywx/S/2CKRQEhavsdBLKT29TlD5ahyzDHQu1hwvS6ZA qXgaPqeiXJiJodEUFkeCRWpp43iuqwh55mz6EeGqpX7vUpQ3DCDgfa3l o18= + '0x34dcb335f5e6ef62a23ae2af91dfece7b930e1b6135f4c61e1004171adfa31b60e97b4a8aa88d039fad4426563ebf9214c03a1d98c31fd2ff608a4501216afb1d04b293dbd4e50f96a1cb30c742ed61c2f4ba640a9781a3ea7a25c9889a1d114164782456a69e378aeab0879e66cfa11e1aaa57eef5294370c20e07dade5a35f' + ] + ], + [ + 'RSASHA256Algorithm', + // This test vector generated from the example in RFC5702 using the following Python script: + // import dns.rrset + // + // dnskey = dns.rrset.from_text("example.net.", 3600, "IN", "DNSKEY", "256 3 8 AwEAAcFcGsaxxdgiuuGmCkVImy4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8PkxUdp6p/DlUmObdk=") + // + // a = dns.rrset.from_text("www.example.net.", 3600, "IN", "A", "192.0.2.91") + // buf = StringIO() + // a.to_wire(buf) + // + // rrsig = dns.rrset.from_text("www.example.net.", 3600, "IN", "RRSIG", "A 8 3 3600 20300101000000 20000101000000 9033 example.net. kRCOH6u7l0QGy9qpC9l1sLncJcOKFLJ7GhiUOibu4teYp5VE9RncriShZNz85mwlMgNEacFYK/lPtPiVYP4bwg==") + // signature = rrsig[0].signature + // rrsig[0].signature = '' + // signdata = rrsig[0].to_digestable() + buf.getvalue() + // + // print ('0x' + dnskey[0].to_digestable().encode('hex'), '0x' + signdata.encode('hex'), signature.encode('hex')) [ - "RSASHA256Algorithm", - // This test vector generated from the example in RFC5702 using the following Python script: - // import dns.rrset - // - // dnskey = dns.rrset.from_text("example.net.", 3600, "IN", "DNSKEY", "256 3 8 AwEAAcFcGsaxxdgiuuGmCkVImy4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8PkxUdp6p/DlUmObdk=") - // - // a = dns.rrset.from_text("www.example.net.", 3600, "IN", "A", "192.0.2.91") - // buf = StringIO() - // a.to_wire(buf) - // - // rrsig = dns.rrset.from_text("www.example.net.", 3600, "IN", "RRSIG", "A 8 3 3600 20300101000000 20000101000000 9033 example.net. kRCOH6u7l0QGy9qpC9l1sLncJcOKFLJ7GhiUOibu4teYp5VE9RncriShZNz85mwlMgNEacFYK/lPtPiVYP4bwg==") - // signature = rrsig[0].signature - // rrsig[0].signature = '' - // signdata = rrsig[0].to_digestable() + buf.getvalue() - // - // print ('0x' + dnskey[0].to_digestable().encode('hex'), '0x' + signdata.encode('hex'), signature.encode('hex')) - [ - // example.net. 3600 IN DNSKEY (256 3 8 AwEAAcFcGsaxxdgiuuGmCkVI - // my4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8P - // kxUdp6p/DlUmObdk= );{id = 9033 (zsk), size = 512b} - "0x0100030803010001c15c1ac6b1c5d822bae1a60a45489b2e21f7d0aa4fb8f0637a5ec4f19c9d416d476161dfa069a27730b6467870082dbdde10b3c3e4c54769ea9fc395498e6dd9", - // www.example.net. 3600 IN A 192.0.2.91 - "0x0001080300000e1070dbd880386d43802349076578616d706c65036e65740003777777076578616d706c65036e6574000001000100000e100004c000025b", - // www.example.net. 3600 IN RRSIG (A 8 3 3600 20300101000000 - // 20000101000000 9033 example.net. kRCOH6u7l0QGy9qpC9 - // l1sLncJcOKFLJ7GhiUOibu4teYp5VE9RncriShZNz85mwlMgNEa - // cFYK/lPtPiVYP4bwg==);{id = 9033} - "0x91108e1fabbb974406cbdaa90bd975b0b9dc25c38a14b27b1a18943a26eee2d798a79544f519dcae24a164dcfce66c2532034469c1582bf94fb4f89560fe1bc2" - ] - ], + // example.net. 3600 IN DNSKEY (256 3 8 AwEAAcFcGsaxxdgiuuGmCkVI + // my4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8P + // kxUdp6p/DlUmObdk= );{id = 9033 (zsk), size = 512b} + '0x0100030803010001c15c1ac6b1c5d822bae1a60a45489b2e21f7d0aa4fb8f0637a5ec4f19c9d416d476161dfa069a27730b6467870082dbdde10b3c3e4c54769ea9fc395498e6dd9', + // www.example.net. 3600 IN A 192.0.2.91 + '0x0001080300000e1070dbd880386d43802349076578616d706c65036e65740003777777076578616d706c65036e6574000001000100000e100004c000025b', + // www.example.net. 3600 IN RRSIG (A 8 3 3600 20300101000000 + // 20000101000000 9033 example.net. kRCOH6u7l0QGy9qpC9 + // l1sLncJcOKFLJ7GhiUOibu4teYp5VE9RncriShZNz85mwlMgNEa + // cFYK/lPtPiVYP4bwg==);{id = 9033} + '0x91108e1fabbb974406cbdaa90bd975b0b9dc25c38a14b27b1a18943a26eee2d798a79544f519dcae24a164dcfce66c2532034469c1582bf94fb4f89560fe1bc2' + ] + ], + [ + 'P256SHA256Algorithm', + // This test vector generated from the example in RFC6605 using the following Python script: + // from StringIO import StringIO + // import dns.rrset + // + // dnskey = dns.rrset.from_text("example.net.", 3600, "IN", "DNSKEY", "257 3 13 GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edbkrSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA==") + // + // a = dns.rrset.from_text("www.example.net.", 3600, "IN", "A", "192.0.2.1") + // buf = StringIO() + // a.to_wire(buf) + // + // rrsig = dns.rrset.from_text("www.example.net.", 3600, "IN", "RRSIG", "A 13 3 3600 20100909100439 20100812100439 55648 example.net. qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXAyGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw==") + // signature = rrsig[0].signature + // rrsig[0].signature = '' + // signdata = rrsig[0].to_digestable() + buf.getvalue() + // + // print ('0x' + dnskey[0].to_digestable().encode('hex'), '0x' + signdata.encode('hex'), signature.encode('hex')) [ - "P256SHA256Algorithm", - // This test vector generated from the example in RFC6605 using the following Python script: - // from StringIO import StringIO - // import dns.rrset - // - // dnskey = dns.rrset.from_text("example.net.", 3600, "IN", "DNSKEY", "257 3 13 GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edbkrSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA==") - // - // a = dns.rrset.from_text("www.example.net.", 3600, "IN", "A", "192.0.2.1") - // buf = StringIO() - // a.to_wire(buf) - // - // rrsig = dns.rrset.from_text("www.example.net.", 3600, "IN", "RRSIG", "A 13 3 3600 20100909100439 20100812100439 55648 example.net. qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXAyGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw==") - // signature = rrsig[0].signature - // rrsig[0].signature = '' - // signdata = rrsig[0].to_digestable() + buf.getvalue() - // - // print ('0x' + dnskey[0].to_digestable().encode('hex'), '0x' + signdata.encode('hex'), signature.encode('hex')) - [ - // example.net. 3600 IN DNSKEY 257 3 13 ( - // GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb - // krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== ) - "0x0101030d1a88c88615d437fbb8bf9e1942a1929f28562706ae6c2bd399e7b1bfb6d1e9e75b92b4aa42917ae1c61b701ef035c3fe7be3009cbafe5a2f71316c902dcf0d00", - // www.example.net. 3600 IN A 192.0.2.1 - "0x00010d0300000e104c88b1374c63c737d960076578616d706c65036e65740003777777076578616d706c65036e6574000001000100000e100004c0000201", - // www.example.net. 3600 IN RRSIG A 13 3 3600 ( - // 20100909100439 20100812100439 55648 example.net. - // qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA - // yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== ) - "0xab1eb02d8aa687e97da0229337aa8873e6f0eb26be289f28333d183f5d3b7a95c0c869adfb748daee3c5286eed6682c12e5533186baced9c26c167a9ebae950b" - ] - ], + // example.net. 3600 IN DNSKEY 257 3 13 ( + // GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb + // krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== ) + '0x0101030d1a88c88615d437fbb8bf9e1942a1929f28562706ae6c2bd399e7b1bfb6d1e9e75b92b4aa42917ae1c61b701ef035c3fe7be3009cbafe5a2f71316c902dcf0d00', + // www.example.net. 3600 IN A 192.0.2.1 + '0x00010d0300000e104c88b1374c63c737d960076578616d706c65036e65740003777777076578616d706c65036e6574000001000100000e100004c0000201', + // www.example.net. 3600 IN RRSIG A 13 3 3600 ( + // 20100909100439 20100812100439 55648 example.net. + // qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA + // yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== ) + '0xab1eb02d8aa687e97da0229337aa8873e6f0eb26be289f28333d183f5d3b7a95c0c869adfb748daee3c5286eed6682c12e5533186baced9c26c167a9ebae950b' + ] + ] ]; diff --git a/test/data/digests.js b/test/data/digests.js index 1a45519..c68a796 100644 --- a/test/data/digests.js +++ b/test/data/digests.js @@ -1,16 +1,22 @@ module.exports = [ + [ + 'SHA256Digest', [ - "SHA256Digest", - ["0x", "0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"], // valid 1 - ["foo", "0x2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae"], // valid 2 - ["0x", "0x1111111111111111111111111111111111111111111111111111111111111111"] // invalid - ], + '0x', + '0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' + ], // valid 1 [ - "SHA1Digest", - ["0x", "0xda39a3ee5e6b4b0d3255bfef95601890afd80709"], // valid 1 - ["foo", "0x0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33"], // valid 2 - ["0x", "0x1111111111111111111111111111111111111111"] // invalid - ] + 'foo', + '0x2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae' + ], // valid 2 + ['0x', '0x1111111111111111111111111111111111111111111111111111111111111111'] // invalid + ], + [ + 'SHA1Digest', + ['0x', '0xda39a3ee5e6b4b0d3255bfef95601890afd80709'], // valid 1 + ['foo', '0x0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33'], // valid 2 + ['0x', '0x1111111111111111111111111111111111111111'] // invalid + ] ]; -// NOTE: WE HAD TO DO THE 2 VALIDS ON TOP LEVEL OTHERWISE IT DIDN'T SEEM TO WORK \ No newline at end of file +// NOTE: WE HAD TO DO THE 2 VALIDS ON TOP LEVEL OTHERWISE IT DIDN'T SEEM TO WORK diff --git a/truffle.js b/truffle.js index d90f416..c52f74b 100644 --- a/truffle.js +++ b/truffle.js @@ -1,27 +1,27 @@ module.exports = { networks: { local: { - host: "localhost", + host: 'localhost', port: 9545, - network_id: "*", - gas: 4712388, + network_id: '*', + gas: 4712388 }, ropsten: { - host: "localhost", + host: 'localhost', port: 8545, - network_id: "3", - from: "0xa303ddc620aa7d1390baccc8a495508b183fab59", - gas: 5000000, + network_id: '3', + from: '0xa303ddc620aa7d1390baccc8a495508b183fab59', + gas: 5000000 } }, mocha: { reporter: 'eth-gas-reporter', - reporterOptions : { + reporterOptions: { currency: 'USD', gasPrice: 1 } - }, -/* solc: { + } + /* solc: { optimizer: { enabled: true, runs: 200