Reorder DNSSEC code

2015-01-23 13:06:08 -08:00 · 2015-01-23 13:06:08 -08:00 · 3035815b29
parent e9faa971b3
commit 3035815b29
5 changed files with 298 additions and 295 deletions
--- a/dnssec.go
+++ b/dnssec.go
@ -520,81 +520,6 @@ func (k *DNSKEY) publicKeyDSA() *dsa.PublicKey {
 	return pubkey
 }

-// Set the public key (the value E and N)
-func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
-	if _E == 0 || _N == nil {
-		return false
-	}
-	buf := exponentToBuf(_E)
-	buf = append(buf, _N.Bytes()...)
-	k.PublicKey = toBase64(buf)
-	return true
-}
-
-// Set the public key for Elliptic Curves
-func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
-	if _X == nil || _Y == nil {
-		return false
-	}
-	var intlen int
-	switch k.Algorithm {
-	case ECDSAP256SHA256:
-		intlen = 32
-	case ECDSAP384SHA384:
-		intlen = 48
-	}
-	k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))
-	return true
-}
-
-// Set the public key for DSA
-func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
-	if _Q == nil || _P == nil || _G == nil || _Y == nil {
-		return false
-	}
-	buf := dsaToBuf(_Q, _P, _G, _Y)
-	k.PublicKey = toBase64(buf)
-	return true
-}
-
-// Set the public key (the values E and N) for RSA
-// RFC 3110: Section 2. RSA Public KEY Resource Records
-func exponentToBuf(_E int) []byte {
-	var buf []byte
-	i := big.NewInt(int64(_E))
-	if len(i.Bytes()) < 256 {
-		buf = make([]byte, 1)
-		buf[0] = uint8(len(i.Bytes()))
-	} else {
-		buf = make([]byte, 3)
-		buf[0] = 0
-		buf[1] = uint8(len(i.Bytes()) >> 8)
-		buf[2] = uint8(len(i.Bytes()))
-	}
-	buf = append(buf, i.Bytes()...)
-	return buf
-}
-
-// Set the public key for X and Y for Curve. The two
-// values are just concatenated.
-func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
-	buf := intToBytes(_X, intlen)
-	buf = append(buf, intToBytes(_Y, intlen)...)
-	return buf
-}
-
-// Set the public key for X and Y for Curve. The two
-// values are just concatenated.
-func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
-	t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
-	buf := []byte{byte(t)}
-	buf = append(buf, intToBytes(_Q, 20)...)
-	buf = append(buf, intToBytes(_P, 64+t*8)...)
-	buf = append(buf, intToBytes(_G, 64+t*8)...)
-	buf = append(buf, intToBytes(_Y, 64+t*8)...)
-	return buf
-}
-
 type wireSlice [][]byte

 func (p wireSlice) Len() int      { return len(p) }
--- a/dnssec_keygen.go
+++ b/dnssec_keygen.go
@ -0,0 +1,155 @@
+package dns
+
+import (
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/rsa"
+	"math/big"
+)
+
+// Generate generates a DNSKEY of the given bit size.
+// The public part is put inside the DNSKEY record.
+// The Algorithm in the key must be set as this will define
+// what kind of DNSKEY will be generated.
+// The ECDSA algorithms imply a fixed keysize, in that case
+// bits should be set to the size of the algorithm.
+func (r *DNSKEY) Generate(bits int) (PrivateKey, error) {
+	switch r.Algorithm {
+	case DSA, DSANSEC3SHA1:
+		if bits != 1024 {
+			return nil, ErrKeySize
+		}
+	case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
+		if bits < 512 || bits > 4096 {
+			return nil, ErrKeySize
+		}
+	case RSASHA512:
+		if bits < 1024 || bits > 4096 {
+			return nil, ErrKeySize
+		}
+	case ECDSAP256SHA256:
+		if bits != 256 {
+			return nil, ErrKeySize
+		}
+	case ECDSAP384SHA384:
+		if bits != 384 {
+			return nil, ErrKeySize
+		}
+	}
+
+	switch r.Algorithm {
+	case DSA, DSANSEC3SHA1:
+		params := new(dsa.Parameters)
+		if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
+			return nil, err
+		}
+		priv := new(dsa.PrivateKey)
+		priv.PublicKey.Parameters = *params
+		err := dsa.GenerateKey(priv, rand.Reader)
+		if err != nil {
+			return nil, err
+		}
+		r.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
+		return (*DSAPrivateKey)(priv), nil
+	case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
+		priv, err := rsa.GenerateKey(rand.Reader, bits)
+		if err != nil {
+			return nil, err
+		}
+		r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
+		return (*RSAPrivateKey)(priv), nil
+	case ECDSAP256SHA256, ECDSAP384SHA384:
+		var c elliptic.Curve
+		switch r.Algorithm {
+		case ECDSAP256SHA256:
+			c = elliptic.P256()
+		case ECDSAP384SHA384:
+			c = elliptic.P384()
+		}
+		priv, err := ecdsa.GenerateKey(c, rand.Reader)
+		if err != nil {
+			return nil, err
+		}
+		r.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
+		return (*ECDSAPrivateKey)(priv), nil
+	default:
+		return nil, ErrAlg
+	}
+}
+
+// Set the public key (the value E and N)
+func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
+	if _E == 0 || _N == nil {
+		return false
+	}
+	buf := exponentToBuf(_E)
+	buf = append(buf, _N.Bytes()...)
+	k.PublicKey = toBase64(buf)
+	return true
+}
+
+// Set the public key for Elliptic Curves
+func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
+	if _X == nil || _Y == nil {
+		return false
+	}
+	var intlen int
+	switch k.Algorithm {
+	case ECDSAP256SHA256:
+		intlen = 32
+	case ECDSAP384SHA384:
+		intlen = 48
+	}
+	k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))
+	return true
+}
+
+// Set the public key for DSA
+func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
+	if _Q == nil || _P == nil || _G == nil || _Y == nil {
+		return false
+	}
+	buf := dsaToBuf(_Q, _P, _G, _Y)
+	k.PublicKey = toBase64(buf)
+	return true
+}
+
+// Set the public key (the values E and N) for RSA
+// RFC 3110: Section 2. RSA Public KEY Resource Records
+func exponentToBuf(_E int) []byte {
+	var buf []byte
+	i := big.NewInt(int64(_E))
+	if len(i.Bytes()) < 256 {
+		buf = make([]byte, 1)
+		buf[0] = uint8(len(i.Bytes()))
+	} else {
+		buf = make([]byte, 3)
+		buf[0] = 0
+		buf[1] = uint8(len(i.Bytes()) >> 8)
+		buf[2] = uint8(len(i.Bytes()))
+	}
+	buf = append(buf, i.Bytes()...)
+	return buf
+}
+
+// Set the public key for X and Y for Curve. The two
+// values are just concatenated.
+func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
+	buf := intToBytes(_X, intlen)
+	buf = append(buf, intToBytes(_Y, intlen)...)
+	return buf
+}
+
+// Set the public key for X and Y for Curve. The two
+// values are just concatenated.
+func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
+	t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
+	buf := []byte{byte(t)}
+	buf = append(buf, intToBytes(_Q, 20)...)
+	buf = append(buf, intToBytes(_P, 64+t*8)...)
+	buf = append(buf, intToBytes(_G, 64+t*8)...)
+	buf = append(buf, intToBytes(_Y, 64+t*8)...)
+	return buf
+}
--- a/dnssec_keyscan.go
+++ b/dnssec_keyscan.go
--- a/dnssec_privkey.go
+++ b/dnssec_privkey.go
@ -0,0 +1,143 @@
+package dns
+
+import (
+	"crypto"
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"math/big"
+	"strconv"
+)
+
+const _FORMAT = "Private-key-format: v1.3\n"
+
+type PrivateKey interface {
+	Sign([]byte, uint8) ([]byte, error)
+	String(uint8) string
+}
+
+// PrivateKeyString converts a PrivateKey to a string. This string has the same
+// format as the private-key-file of BIND9 (Private-key-format: v1.3).
+// It needs some info from the key (the algorithm), so its a method of the
+// DNSKEY and calls PrivateKey.String(alg).
+func (r *DNSKEY) PrivateKeyString(p PrivateKey) string {
+	return p.String(r.Algorithm)
+}
+
+type RSAPrivateKey rsa.PrivateKey
+
+func (p *RSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
+	var hash crypto.Hash
+	switch alg {
+	case RSASHA1, RSASHA1NSEC3SHA1:
+		hash = crypto.SHA1
+	case RSASHA256:
+		hash = crypto.SHA256
+	case RSASHA512:
+		hash = crypto.SHA512
+	default:
+		return nil, ErrAlg
+	}
+	return rsa.SignPKCS1v15(nil, (*rsa.PrivateKey)(p), hash, hashed)
+}
+
+func (p *RSAPrivateKey) String(alg uint8) string {
+	algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
+	modulus := toBase64(p.PublicKey.N.Bytes())
+	e := big.NewInt(int64(p.PublicKey.E))
+	publicExponent := toBase64(e.Bytes())
+	privateExponent := toBase64(p.D.Bytes())
+	prime1 := toBase64(p.Primes[0].Bytes())
+	prime2 := toBase64(p.Primes[1].Bytes())
+	// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
+	// and from: http://code.google.com/p/go/issues/detail?id=987
+	one := big.NewInt(1)
+	p_1 := big.NewInt(0).Sub(p.Primes[0], one)
+	q_1 := big.NewInt(0).Sub(p.Primes[1], one)
+	exp1 := big.NewInt(0).Mod(p.D, p_1)
+	exp2 := big.NewInt(0).Mod(p.D, q_1)
+	coeff := big.NewInt(0).ModInverse(p.Primes[1], p.Primes[0])
+
+	exponent1 := toBase64(exp1.Bytes())
+	exponent2 := toBase64(exp2.Bytes())
+	coefficient := toBase64(coeff.Bytes())
+
+	return _FORMAT +
+		"Algorithm: " + algorithm + "\n" +
+		"Modulus: " + modulus + "\n" +
+		"PublicExponent: " + publicExponent + "\n" +
+		"PrivateExponent: " + privateExponent + "\n" +
+		"Prime1: " + prime1 + "\n" +
+		"Prime2: " + prime2 + "\n" +
+		"Exponent1: " + exponent1 + "\n" +
+		"Exponent2: " + exponent2 + "\n" +
+		"Coefficient: " + coefficient + "\n"
+}
+
+type ECDSAPrivateKey ecdsa.PrivateKey
+
+func (p *ECDSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
+	var intlen int
+	switch alg {
+	case ECDSAP256SHA256:
+		intlen = 32
+	case ECDSAP384SHA384:
+		intlen = 48
+	default:
+		return nil, ErrAlg
+	}
+	r1, s1, err := ecdsa.Sign(rand.Reader, (*ecdsa.PrivateKey)(p), hashed)
+	if err != nil {
+		return nil, err
+	}
+	signature := intToBytes(r1, intlen)
+	signature = append(signature, intToBytes(s1, intlen)...)
+	return signature, nil
+}
+
+func (p *ECDSAPrivateKey) String(alg uint8) string {
+	algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
+	var intlen int
+	switch alg {
+	case ECDSAP256SHA256:
+		intlen = 32
+	case ECDSAP384SHA384:
+		intlen = 48
+	}
+	private := toBase64(intToBytes(p.D, intlen))
+	return _FORMAT +
+		"Algorithm: " + algorithm + "\n" +
+		"PrivateKey: " + private + "\n"
+}
+
+type DSAPrivateKey dsa.PrivateKey
+
+func (p *DSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
+	r1, s1, err := dsa.Sign(rand.Reader, (*dsa.PrivateKey)(p), hashed)
+	if err != nil {
+		return nil, err
+	}
+	t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
+	signature := []byte{byte(t)}
+	signature = append(signature, intToBytes(r1, 20)...)
+	signature = append(signature, intToBytes(s1, 20)...)
+	return signature, nil
+}
+
+func (p *DSAPrivateKey) String(alg uint8) string {
+	algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
+	T := divRoundUp(divRoundUp(p.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
+	prime := toBase64(intToBytes(p.PublicKey.Parameters.P, 64+T*8))
+	subprime := toBase64(intToBytes(p.PublicKey.Parameters.Q, 20))
+	base := toBase64(intToBytes(p.PublicKey.Parameters.G, 64+T*8))
+	priv := toBase64(intToBytes(p.X, 20))
+	pub := toBase64(intToBytes(p.PublicKey.Y, 64+T*8))
+	return _FORMAT +
+		"Algorithm: " + algorithm + "\n" +
+		"Prime(p): " + prime + "\n" +
+		"Subprime(q): " + subprime + "\n" +
+		"Base(g): " + base + "\n" +
+		"Private_value(x): " + priv + "\n" +
+		"Public_value(y): " + pub + "\n"
+}
--- a/keygen.go
+++ b/keygen.go
@ -1,220 +0,0 @@
-package dns
-
-import (
-	"crypto"
-	"crypto/dsa"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"math/big"
-	"strconv"
-)
-
-const _FORMAT = "Private-key-format: v1.3\n"
-
-type PrivateKey interface {
-	Sign([]byte, uint8) ([]byte, error)
-	String(uint8) string
-}
-
-// Generate generates a DNSKEY of the given bit size.
-// The public part is put inside the DNSKEY record.
-// The Algorithm in the key must be set as this will define
-// what kind of DNSKEY will be generated.
-// The ECDSA algorithms imply a fixed keysize, in that case
-// bits should be set to the size of the algorithm.
-func (r *DNSKEY) Generate(bits int) (PrivateKey, error) {
-	switch r.Algorithm {
-	case DSA, DSANSEC3SHA1:
-		if bits != 1024 {
-			return nil, ErrKeySize
-		}
-	case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
-		if bits < 512 || bits > 4096 {
-			return nil, ErrKeySize
-		}
-	case RSASHA512:
-		if bits < 1024 || bits > 4096 {
-			return nil, ErrKeySize
-		}
-	case ECDSAP256SHA256:
-		if bits != 256 {
-			return nil, ErrKeySize
-		}
-	case ECDSAP384SHA384:
-		if bits != 384 {
-			return nil, ErrKeySize
-		}
-	}
-
-	switch r.Algorithm {
-	case DSA, DSANSEC3SHA1:
-		params := new(dsa.Parameters)
-		if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
-			return nil, err
-		}
-		priv := new(dsa.PrivateKey)
-		priv.PublicKey.Parameters = *params
-		err := dsa.GenerateKey(priv, rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		r.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
-		return (*DSAPrivateKey)(priv), nil
-	case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
-		priv, err := rsa.GenerateKey(rand.Reader, bits)
-		if err != nil {
-			return nil, err
-		}
-		r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
-		return (*RSAPrivateKey)(priv), nil
-	case ECDSAP256SHA256, ECDSAP384SHA384:
-		var c elliptic.Curve
-		switch r.Algorithm {
-		case ECDSAP256SHA256:
-			c = elliptic.P256()
-		case ECDSAP384SHA384:
-			c = elliptic.P384()
-		}
-		priv, err := ecdsa.GenerateKey(c, rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		r.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
-		return (*ECDSAPrivateKey)(priv), nil
-	default:
-		return nil, ErrAlg
-	}
-}
-
-// PrivateKeyString converts a PrivateKey to a string. This string has the same
-// format as the private-key-file of BIND9 (Private-key-format: v1.3).
-// It needs some info from the key (the algorithm), so its a method of the
-// DNSKEY and calls PrivateKey.String(alg).
-func (r *DNSKEY) PrivateKeyString(p PrivateKey) string {
-	return p.String(r.Algorithm)
-}
-
-type RSAPrivateKey rsa.PrivateKey
-
-func (p *RSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
-	var hash crypto.Hash
-	switch alg {
-	case RSASHA1, RSASHA1NSEC3SHA1:
-		hash = crypto.SHA1
-	case RSASHA256:
-		hash = crypto.SHA256
-	case RSASHA512:
-		hash = crypto.SHA512
-	default:
-		return nil, ErrAlg
-	}
-	return rsa.SignPKCS1v15(nil, (*rsa.PrivateKey)(p), hash, hashed)
-}
-
-func (p *RSAPrivateKey) String(alg uint8) string {
-	if true {
-		algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
-		modulus := toBase64(p.PublicKey.N.Bytes())
-		e := big.NewInt(int64(p.PublicKey.E))
-		publicExponent := toBase64(e.Bytes())
-		privateExponent := toBase64(p.D.Bytes())
-		prime1 := toBase64(p.Primes[0].Bytes())
-		prime2 := toBase64(p.Primes[1].Bytes())
-		// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
-		// and from: http://code.google.com/p/go/issues/detail?id=987
-		one := big.NewInt(1)
-		p_1 := big.NewInt(0).Sub(p.Primes[0], one)
-		q_1 := big.NewInt(0).Sub(p.Primes[1], one)
-		exp1 := big.NewInt(0).Mod(p.D, p_1)
-		exp2 := big.NewInt(0).Mod(p.D, q_1)
-		coeff := big.NewInt(0).ModInverse(p.Primes[1], p.Primes[0])
-
-		exponent1 := toBase64(exp1.Bytes())
-		exponent2 := toBase64(exp2.Bytes())
-		coefficient := toBase64(coeff.Bytes())
-
-		return _FORMAT +
-			"Algorithm: " + algorithm + "\n" +
-			"Modulus: " + modulus + "\n" +
-			"PublicExponent: " + publicExponent + "\n" +
-			"PrivateExponent: " + privateExponent + "\n" +
-			"Prime1: " + prime1 + "\n" +
-			"Prime2: " + prime2 + "\n" +
-			"Exponent1: " + exponent1 + "\n" +
-			"Exponent2: " + exponent2 + "\n" +
-			"Coefficient: " + coefficient + "\n"
-	}
-}
-
-type ECDSAPrivateKey ecdsa.PrivateKey
-
-func (p *ECDSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
-	var intlen int
-	switch alg {
-	case ECDSAP256SHA256:
-		intlen = 32
-	case ECDSAP384SHA384:
-		intlen = 48
-	default:
-		return nil, ErrAlg
-	}
-	r1, s1, err := ecdsa.Sign(rand.Reader, (*ecdsa.PrivateKey)(p), hashed)
-	if err != nil {
-		return nil, err
-	}
-	signature := intToBytes(r1, intlen)
-	signature = append(signature, intToBytes(s1, intlen)...)
-	return signature, nil
-}
-
-func (p *ECDSAPrivateKey) String(alg uint8) string {
-	if true {
-		algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
-		var intlen int
-		switch alg {
-		case ECDSAP256SHA256:
-			intlen = 32
-		case ECDSAP384SHA384:
-			intlen = 48
-		}
-		private := toBase64(intToBytes(p.D, intlen))
-		return _FORMAT +
-			"Algorithm: " + algorithm + "\n" +
-			"PrivateKey: " + private + "\n"
-	}
-}
-
-type DSAPrivateKey dsa.PrivateKey
-
-func (p *DSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
-	r1, s1, err := dsa.Sign(rand.Reader, (*dsa.PrivateKey)(p), hashed)
-	if err != nil {
-		return nil, err
-	}
-	t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
-	signature := []byte{byte(t)}
-	signature = append(signature, intToBytes(r1, 20)...)
-	signature = append(signature, intToBytes(s1, 20)...)
-	return signature, nil
-}
-
-func (p *DSAPrivateKey) String(alg uint8) string {
-	if true {
-		algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
-		T := divRoundUp(divRoundUp(p.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
-		prime := toBase64(intToBytes(p.PublicKey.Parameters.P, 64+T*8))
-		subprime := toBase64(intToBytes(p.PublicKey.Parameters.Q, 20))
-		base := toBase64(intToBytes(p.PublicKey.Parameters.G, 64+T*8))
-		priv := toBase64(intToBytes(p.X, 20))
-		pub := toBase64(intToBytes(p.PublicKey.Y, 64+T*8))
-		return _FORMAT +
-			"Algorithm: " + algorithm + "\n" +
-			"Prime(p): " + prime + "\n" +
-			"Subprime(q): " + subprime + "\n" +
-			"Base(g): " + base + "\n" +
-			"Private_value(x): " + priv + "\n" +
-			"Public_value(y): " + pub + "\n"
-	}
-}