community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implement (part of) ecdsa256/384

This commit is contained in:
Miek Gieben 2011-07-08 10:41:07 +02:00
parent 3c6e18e7b6
commit 328931d079
3 changed files with 59 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
dnssec.go
View File

@ -28,8 +28,8 @@ const (
AlgRSASHA256 = 8 AlgRSASHA256 = 8
AlgRSASHA512 = 10 AlgRSASHA512 = 10
AlgECCGOST = 12 AlgECCGOST = 12
// AlgECDSAP256SHA256 = 13 AlgECDSAP256SHA256 = 13
// AlgECDSAP384SHA384 = 14 AlgECDSAP384SHA384 = 14
) )
// DNSSEC hashing codes. // DNSSEC hashing codes.
@ -405,6 +405,16 @@ func (k *RR_DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
return true return true
} }
// Set the public key for Elliptic Curves
func (k *RR_DNSKEY) setPublicKeyCurve(_X, _Y *big.Int) bool {
if _X == nil || _Y == nil {
return false
}
buf := curveToBuf(_X, _Y)
k.PublicKey = unpackBase64(buf)
return true
}
// Set the public key (the values E and N) for RSA // Set the public key (the values E and N) for RSA
// RFC 3110: Section 2. RSA Public KEY Resource Records // RFC 3110: Section 2. RSA Public KEY Resource Records
func exponentToBuf(_E int) []byte { func exponentToBuf(_E int) []byte {
@ -423,6 +433,14 @@ func exponentToBuf(_E int) []byte {
return buf return buf
} }
// Set the public key for X and Y for Curve
// Experimental
func curveToBuf(_X, _Y *big.Int) []byte {
buf := _X.Bytes()
buf = append(buf, _Y.Bytes()...)
return buf
}
// return a saw signature data // return a saw signature data
func rawSignatureData(rrset RRset, s *RR_RRSIG) (buf []byte) { func rawSignatureData(rrset RRset, s *RR_RRSIG) (buf []byte) {
for _, r := range rrset { for _, r := range rrset {
@ -470,4 +488,6 @@ var alg_str = map[uint8]string{
AlgRSASHA256: "RSASHA256", AlgRSASHA256: "RSASHA256",
AlgRSASHA512: "RSASHA512", AlgRSASHA512: "RSASHA512",
AlgECCGOST: "ECC-GOST", AlgECCGOST: "ECC-GOST",
AlgECDSAP256SHA256: "ECDSAP256SHA256",
AlgECDSAP384SHA384: "ECDSAP384SHA384",
} }

22
dnssec_test.go
View File

@ -1,6 +1,7 @@
package dns package dns
import ( import (
"fmt"
"testing" "testing"
"strings" "strings"
) )
@ -100,7 +101,7 @@ func TestSignVerify(t *testing.T) {
sig := new(RR_RRSIG) sig := new(RR_RRSIG)
sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0} sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
sig.TypeCovered = soa.Hdr.Rrtype sig.TypeCovered = soa.Hdr.Rrtype
sig.Labels = labelCount(soa.Hdr.Name) sig.Labels = LabelCount(soa.Hdr.Name)
sig.OrigTtl = soa.Hdr.Ttl sig.OrigTtl = soa.Hdr.Ttl
sig.Expiration = 1296534305 // date -u '+%s' -d"2011-02-01 04:25:05" sig.Expiration = 1296534305 // date -u '+%s' -d"2011-02-01 04:25:05"
sig.Inception = 1293942305 // date -u '+%s' -d"2011-01-02 04:25:05" sig.Inception = 1293942305 // date -u '+%s' -d"2011-01-02 04:25:05"
@ -119,7 +120,7 @@ func TestSignVerify(t *testing.T) {
} }
} }
func TestKeyGen(t *testing.T) { func TestKeyGenRSA(t *testing.T) {
key := new(RR_DNSKEY) key := new(RR_DNSKEY)
key.Hdr.Name = "miek.nl." key.Hdr.Name = "miek.nl."
key.Hdr.Rrtype = TypeDNSKEY key.Hdr.Rrtype = TypeDNSKEY
@ -128,9 +129,22 @@ func TestKeyGen(t *testing.T) {
key.Flags = 256 key.Flags = 256
key.Protocol = 3 key.Protocol = 3
key.Algorithm = AlgRSASHA256 key.Algorithm = AlgRSASHA256
key.Generate(512) key.Generate(1024)
fmt.Printf("%v\n", key)
} }
func TestKeyGenCurve(t *testing.T) {
key := new(RR_DNSKEY)
key.Hdr.Name = "miek.nl."
key.Hdr.Rrtype = TypeDNSKEY
key.Hdr.Class = ClassINET
key.Hdr.Ttl = 3600
key.Flags = 256
key.Protocol = 3
key.Algorithm = AlgECDSAP256SHA256
key.Generate(0)
fmt.Printf("%v\n", key)
}
/* /*
func TestDnskey(t *testing.T) { func TestDnskey(t *testing.T) {
@ -199,7 +213,7 @@ func TestTag(t *testing.T) {
} }
} }
func TestKeyGenRSA(t *testing.T) { func TestKeyRSA(t *testing.T) {
return // Tijdelijk uit TODO(mg) return // Tijdelijk uit TODO(mg)
key := new(RR_DNSKEY) key := new(RR_DNSKEY)

24
keygen.go
View File

@ -8,6 +8,8 @@ import (
"bufio" "bufio"
"strconv" "strconv"
"crypto/rsa" "crypto/rsa"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand" "crypto/rand"
) )
@ -29,8 +31,6 @@ func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, os.Error) {
if bits < 1024 || bits > 4096 { if bits < 1024 || bits > 4096 {
return nil, ErrKeySize return nil, ErrKeySize
} }
default:
return nil, ErrAlg
} }
switch r.Algorithm { switch r.Algorithm {
@ -39,10 +39,24 @@ func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, os.Error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
keybuf := exponentToBuf(priv.PublicKey.E) r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
keybuf = append(keybuf, priv.PublicKey.N.Bytes()...)
r.PublicKey = unpackBase64(keybuf)
return priv, nil return priv, nil
case AlgECDSAP256SHA256, AlgECDSAP384SHA384:
var c *elliptic.Curve
switch r.Algorithm {
case AlgECDSAP256SHA256:
c = elliptic.P256()
case AlgECDSAP384SHA384:
c = elliptic.P384()
}
priv, err := ecdsa.GenerateKey(c, rand.Reader)
if err != nil {
return nil, err
}
r.setPublicKeyCurve(priv.PublicKey.X, priv.PublicKey.Y)
return priv, nil
default:
return nil, ErrAlg
} }
return nil, nil // Dummy return return nil, nil // Dummy return
} }