dnsimple / dns_erlang / 19826207533
85%

DEFAULT BRANCH: main
Ran
Jobs 3
Files 9
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 81.309% (-0.2%) from 81.472%
19826207533

push

github

web-flow 
Support ecdsa (#84)

By @pawloos1:
This PR adds support for algorithm 13 (ECDSA P-256 SHA-256) used for DNSSEC. It consists of:
- hashing the data with SHA-256 for signing/verifying
- signing/verifying records with crypto's implementation of ECDSA algorithm
- encoding/decoding ECDSA keys
- new zone and keys for unit tests

By @NelsonVides:
- I've added support for the algorithm 14, as other than generating the zones from BIND for the test (which Gemini helped a lot generating) everything else was rather one-liners here and there.
- Refactored a tiny bit the dnssec_test suite to be a bit more readable, it is indeed not immediately obvious to see what are the tests checking, DNSSEC is sufficiently complex by itself. Gonna do some heavier refactoring later on on this.
- When it comes to DNSSEC, for NSEC/NSEC3 there's a stream of RFCs correcting each other about the TTL value of negative responses (2308->4035->9077). There're APIs for gen_nsec and gen_nsec3 that would pregenerate the chain for an entire zone that needed fixing in order to match what BIND returns.
    - Also, hey, didn't realise we can pregenerate these chains! We might want to do that in erldns so that at runtime the negative answers are also already constructed maybe? Less CPU usage at runtime 😄

Commits:

* Add macros for ECDSA algorithm number
* Minor refactoring
* Hashing data for signing/veryfying
* Signing records with ecdsa
* Verifying records with ecdsa
* Encoding/decoding ECDSA keys
* Add unit tests
* Formatting
* Implement wire encode/decode for (c)dnskey of both P256/P384 with tests
* Implement RFC9077 TTL handling for NSEC/NSEC3
* Add support for ecdsa p384 and fix crypto:verify/5 API with the 0x04 header
* Fix dialyzer

---------

Co-authored-by: Nelson Vides <nelson.vides@dnsimple.com>

20 of 43 new or added lines in 3 files covered. (46.51%)

48 existing lines in 1 file now uncovered.

1292 of 1589 relevant lines covered (81.31%)

1260.67 hits per line

New Missed Lines in Diff

Lines Coverage File
23
66.51
 -0.95% src/dnssec.erl

Uncovered Existing Lines

Lines Coverage File
48
0.0
 0.0% src/DNS-ASN1.erl
Jobs
ID Job ID Ran Files Coverage
1 19826207533.1 9
78.92
 GitHub Action Run
2 19826207533.2 9
78.92
 GitHub Action Run
3 19826207533.3 9
78.92
 GitHub Action Run
Source Files on build 19826207533