dns/keygen.go

package dns

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/rsa"
	"math/big"
	"strconv"
)

// Empty interface that is used as a wrapper around all possible
// private key implementations from the crypto package.
type PrivateKey interface{}

// Generate generates a DNSKEY of the given bit size.
// The public part is put inside the DNSKEY record. 
// The Algorithm in the key must be set as this will define
// what kind of DNSKEY will be generated.
// The ECDSA algorithms imply a fixed keysize, in that case
// bits should be set to the size of the algorithm.
func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, error) {
	switch r.Algorithm {
	case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
		if bits < 512 || bits > 4096 {
			return nil, ErrKeySize
		}
	// TODO: check these limits
	case RSASHA512:
		if bits < 1024 || bits > 4096 {
			return nil, ErrKeySize
		}
	case ECDSAP256SHA256Y:
		if bits != 256 {
			return nil, ErrKeySize
		}
	case ECDSAP384SHA384Y:
		if bits != 384 {
			return nil, ErrKeySize
		}
	}

	switch r.Algorithm {
	case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
		priv, err := rsa.GenerateKey(rand.Reader, bits)
		if err != nil {
			return nil, err
		}
		r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
		return priv, nil
	case ECDSAP256SHA256Y, ECDSAP384SHA384Y:
		var c elliptic.Curve
		switch r.Algorithm {
		case ECDSAP256SHA256Y:
			c = elliptic.P256()
		case ECDSAP384SHA384Y:
			c = elliptic.P384()
		}
		priv, err := ecdsa.GenerateKey(c, rand.Reader)
		if err != nil {
			return nil, err
		}
		r.setPublicKeyCurve(priv.PublicKey.X, priv.PublicKey.Y)
		return priv, nil
	default:
		return nil, ErrAlg
	}
	return nil, nil // Dummy return
}

// PrivateKeyString converts a PrivateKey to a string. This
// string has the same format as the private-key-file of BIND9 (Private-key-format: v1.3). 
// It needs some info from the key (hashing, keytag), so its a method of the RR_DNSKEY.
func (r *RR_DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
	switch t := p.(type) {
	case *rsa.PrivateKey:
		algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + Alg_str[r.Algorithm] + ")"
		modulus := unpackBase64(t.PublicKey.N.Bytes())
		e := big.NewInt(int64(t.PublicKey.E))
		publicExponent := unpackBase64(e.Bytes())
		privateExponent := unpackBase64(t.D.Bytes())
		prime1 := unpackBase64(t.Primes[0].Bytes())
		prime2 := unpackBase64(t.Primes[1].Bytes())
		// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
		// and from: http://code.google.com/p/go/issues/detail?id=987
		one := big.NewInt(1)
		minusone := big.NewInt(-1)
		p_1 := big.NewInt(0).Sub(t.Primes[0], one)
		q_1 := big.NewInt(0).Sub(t.Primes[1], one)
		exp1 := big.NewInt(0).Mod(t.D, p_1)
		exp2 := big.NewInt(0).Mod(t.D, q_1)
		coeff := big.NewInt(0).Exp(t.Primes[1], minusone, t.Primes[0])

		exponent1 := unpackBase64(exp1.Bytes())
		exponent2 := unpackBase64(exp2.Bytes())
		coefficient := unpackBase64(coeff.Bytes())

		s = "Private-key-format: v1.3\n" +
			"Algorithm: " + algorithm + "\n" +
			"Modules: " + modulus + "\n" +
			"PublicExponent: " + publicExponent + "\n" +
			"PrivateExponent: " + privateExponent + "\n" +
			"Prime1: " + prime1 + "\n" +
			"Prime2: " + prime2 + "\n" +
			"Exponent1: " + exponent1 + "\n" +
			"Exponent2: " + exponent2 + "\n" +
			"Coefficient: " + coefficient + "\n"
	case *ecdsa.PrivateKey:
		s = "TODO"
	}
	return
}
Add dnskey gen for RSA keys 2011-01-11 02:10:15 +11:00			`package dns`

			`import (`
gofmt -w 2011-07-24 07:43:43 +10:00			`"crypto/ecdsa"`
			`"crypto/elliptic"`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`"crypto/rand"`
gofmt 2011-12-10 07:45:57 +11:00			`"crypto/rsa"`
			`"math/big"`
			`"strconv"`
Add dnskey gen for RSA keys 2011-01-11 02:10:15 +11:00			`)`

documentation updates 2011-01-27 19:29:11 +11:00			`// Empty interface that is used as a wrapper around all possible`
Fix documentation 2011-01-18 07:10:48 +11:00			`// private key implementations from the crypto package.`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`type PrivateKey interface{}`

documentation 2011-09-09 03:35:02 +10:00			`// Generate generates a DNSKEY of the given bit size.`
documentation updates 2011-01-27 19:29:11 +11:00			`// The public part is put inside the DNSKEY record.`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`// The Algorithm in the key must be set as this will define`
Helper functions for base64 encoding/decoding 2011-01-15 20:38:14 +11:00			`// what kind of DNSKEY will be generated.`
documentation 2011-09-09 03:35:02 +10:00			`// The ECDSA algorithms imply a fixed keysize, in that case`
			`// bits should be set to the size of the algorithm.`
Fixes the latest weekly 2011-11-03 09:06:54 +11:00			`func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, error) {`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`switch r.Algorithm {`
gofmt 2011-12-10 07:45:57 +11:00			`case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`if bits < 512 \|\| bits > 4096 {`
normalize errors 2011-03-25 21:19:35 +11:00			`return nil, ErrKeySize`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`}`
small updates 2012-03-19 08:47:06 +11:00			`// TODO: check these limits`
Drop the Alg and Hash prefixes 2011-07-09 01:27:44 +10:00			`case RSASHA512:`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`if bits < 1024 \|\| bits > 4096 {`
normalize errors 2011-03-25 21:19:35 +11:00			`return nil, ErrKeySize`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`}`
Newly allocated names 2012-03-03 01:28:22 +11:00			`case ECDSAP256SHA256Y:`
gofmt -w 2011-07-24 07:43:43 +10:00			`if bits != 256 {`
			`return nil, ErrKeySize`
			`}`
Newly allocated names 2012-03-03 01:28:22 +11:00			`case ECDSAP384SHA384Y:`
gofmt -w 2011-07-24 07:43:43 +10:00			`if bits != 384 {`
			`return nil, ErrKeySize`
			`}`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`}`
Add dnskey gen for RSA keys 2011-01-11 02:10:15 +11:00
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`switch r.Algorithm {`
Fixes the latest weekly 2011-11-03 09:06:54 +11:00			`case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`priv, err := rsa.GenerateKey(rand.Reader, bits)`
			`if err != nil {`
			`return nil, err`
			`}`
gofmt -w 2011-07-24 07:43:43 +10:00			`r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)`
			`return priv, nil`
Newly allocated names 2012-03-03 01:28:22 +11:00			`case ECDSAP256SHA256Y, ECDSAP384SHA384Y:`
Fixes for weekly.2012-01-20 2012-01-20 22:24:05 +11:00			`var c elliptic.Curve`
gofmt -w 2011-07-24 07:43:43 +10:00			`switch r.Algorithm {`
Newly allocated names 2012-03-03 01:28:22 +11:00			`case ECDSAP256SHA256Y:`
gofmt -w 2011-07-24 07:43:43 +10:00			`c = elliptic.P256()`
Newly allocated names 2012-03-03 01:28:22 +11:00			`case ECDSAP384SHA384Y:`
gofmt -w 2011-07-24 07:43:43 +10:00			`c = elliptic.P384()`
			`}`
			`priv, err := ecdsa.GenerateKey(c, rand.Reader)`
			`if err != nil {`
			`return nil, err`
			`}`
			`r.setPublicKeyCurve(priv.PublicKey.X, priv.PublicKey.Y)`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`return priv, nil`
implement (part of) ecdsa256/384 2011-07-08 18:41:07 +10:00			`default:`
			`return nil, ErrAlg`
Love interfaces Using interfaces to make key.Generate and Sign much more generic 2011-01-15 04:25:36 +11:00			`}`
			`return nil, nil // Dummy return`
Add dnskey gen for RSA keys 2011-01-11 02:10:15 +11:00			`}`
Add private (rsa) key to string method 2011-01-15 22:18:18 +11:00
Documentation 2012-01-16 02:09:17 +11:00			`// PrivateKeyString converts a PrivateKey to a string. This`
Fix documentation 2011-01-18 07:10:48 +11:00			`// string has the same format as the private-key-file of BIND9 (Private-key-format: v1.3).`
			`// It needs some info from the key (hashing, keytag), so its a method of the RR_DNSKEY.`
Documentation 2012-01-16 02:09:17 +11:00			`func (r *RR_DNSKEY) PrivateKeyString(p PrivateKey) (s string) {`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`switch t := p.(type) {`
			`case *rsa.PrivateKey:`
Make alg_str public: Alg_str 2012-01-12 23:01:43 +11:00			`algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + Alg_str[r.Algorithm] + ")"`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`modulus := unpackBase64(t.PublicKey.N.Bytes())`
Less verbose tests 2011-01-18 06:29:40 +11:00			`e := big.NewInt(int64(t.PublicKey.E))`
Fix all exponent issues in rsa keys 2011-01-18 04:13:52 +11:00			`publicExponent := unpackBase64(e.Bytes())`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`privateExponent := unpackBase64(t.D.Bytes())`
Ran gofix, and manually bring code up to latest go release. 1) Ran gofix on all files. 2) Added "tcp" and "udp" to Resolve* functions in server.go 3) Generated primes to the primes array and not to two predefined struct members (P and Q), since now rsa support multi-factor primes. 2011-06-02 20:31:12 +10:00			`prime1 := unpackBase64(t.Primes[0].Bytes())`
			`prime2 := unpackBase64(t.Primes[1].Bytes())`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm`
			`// and from: http://code.google.com/p/go/issues/detail?id=987`
			`one := big.NewInt(1)`
			`minusone := big.NewInt(-1)`
Ran gofix, and manually bring code up to latest go release. 1) Ran gofix on all files. 2) Added "tcp" and "udp" to Resolve* functions in server.go 3) Generated primes to the primes array and not to two predefined struct members (P and Q), since now rsa support multi-factor primes. 2011-06-02 20:31:12 +10:00			`p_1 := big.NewInt(0).Sub(t.Primes[0], one)`
			`q_1 := big.NewInt(0).Sub(t.Primes[1], one)`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`exp1 := big.NewInt(0).Mod(t.D, p_1)`
			`exp2 := big.NewInt(0).Mod(t.D, q_1)`
Ran gofix, and manually bring code up to latest go release. 1) Ran gofix on all files. 2) Added "tcp" and "udp" to Resolve* functions in server.go 3) Generated primes to the primes array and not to two predefined struct members (P and Q), since now rsa support multi-factor primes. 2011-06-02 20:31:12 +10:00			`coeff := big.NewInt(0).Exp(t.Primes[1], minusone, t.Primes[0])`
Add private (rsa) key to string method 2011-01-15 22:18:18 +11:00
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`exponent1 := unpackBase64(exp1.Bytes())`
			`exponent2 := unpackBase64(exp2.Bytes())`
			`coefficient := unpackBase64(coeff.Bytes())`
Add private (rsa) key to string method 2011-01-15 22:18:18 +11:00
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`s = "Private-key-format: v1.3\n" +`
			`"Algorithm: " + algorithm + "\n" +`
			`"Modules: " + modulus + "\n" +`
			`"PublicExponent: " + publicExponent + "\n" +`
			`"PrivateExponent: " + privateExponent + "\n" +`
			`"Prime1: " + prime1 + "\n" +`
			`"Prime2: " + prime2 + "\n" +`
			`"Exponent1: " + exponent1 + "\n" +`
			`"Exponent2: " + exponent2 + "\n" +`
			`"Coefficient: " + coefficient + "\n"`
gofmt -w 2011-07-24 07:43:43 +10:00			`case *ecdsa.PrivateKey:`
Documentation 2012-01-16 02:09:17 +11:00			`s = "TODO"`
Parsing .private files work - needs some cleaning up 2011-01-17 03:59:04 +11:00			`}`
			`return`
Add private (rsa) key to string method 2011-01-15 22:18:18 +11:00			`}`