community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop the Alg and Hash prefixes

This commit is contained in:
Miek Gieben 2011-07-08 17:27:44 +02:00
parent b84e27535c
commit 4c26df63ba
3 changed files with 115 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
dnssec.go
View File

@ -22,25 +22,25 @@ import (
// DNSSEC encryption algorithm codes.
const (
AlgRSAMD5 = 1
AlgDH = 2
AlgDSA = 3
AlgECC = 4
AlgRSASHA1 = 5
AlgRSASHA256 = 8
AlgRSASHA512 = 10
AlgECCGOST = 12
AlgECDSAP256SHA256 = 13
AlgECDSAP384SHA384 = 14
RSAMD5 = 1
DH = 2
DSA = 3
ECC = 4
RSASHA1 = 5
RSASHA256 = 8
RSASHA512 = 10
ECCGOST = 12
ECDSAP256SHA256 = 13
ECDSAP384SHA384 = 14
)
// DNSSEC hashing codes.
const (
_ = iota
HashSHA1 // RFC 4034
HashSHA256 // RFC 4509
HashGOST94 // RFC 5933
HashSHA384 // Experimental
SHA1 // RFC 4034
SHA256 // RFC 4509
GOST94 // RFC 5933
SHA384 // Experimental
)
// DNSKEY flags values.
@ -78,7 +78,7 @@ type dnskeyWireFmt struct {
func (k *RR_DNSKEY) KeyTag() uint16 {
var keytag int
switch k.Algorithm {
case AlgRSAMD5:
case RSAMD5:
keytag = 0
default:
keywire := new(dnskeyWireFmt)
@ -143,19 +143,19 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
digest := append(owner, wire...) // another copy TODO(mg)
switch h {
case HashSHA1:
case SHA1:
s := sha1.New()
io.WriteString(s, string(digest))
ds.Digest = hex.EncodeToString(s.Sum())
case HashSHA256:
case SHA256:
s := sha256.New()
io.WriteString(s, string(digest))
ds.Digest = hex.EncodeToString(s.Sum())
case HashSHA384:
case SHA384:
s := sha512.New384()
io.WriteString(s, string(digest))
ds.Digest = hex.EncodeToString(s.Sum())
case HashGOST94:
case GOST94:
/* I have no clue */
default:
return nil
@ -217,18 +217,18 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset RRset) bool {
var h hash.Hash
var ch crypto.Hash // Only need for RSA
switch s.Algorithm {
case AlgRSAMD5:
case RSAMD5:
h = md5.New()
ch = crypto.MD5
case AlgRSASHA1:
case RSASHA1:
h = sha1.New()
ch = crypto.SHA1
case AlgRSASHA256, AlgECDSAP256SHA256:
case RSASHA256, ECDSAP256SHA256:
h = sha256.New()
ch = crypto.SHA256
case AlgECDSAP384SHA384:
case ECDSAP384SHA384:
h = sha512.New384()
case AlgRSASHA512:
case RSASHA512:
h = sha512.New()
ch = crypto.SHA512
default:
@ -313,32 +313,32 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset RRset) bool {
var err os.Error
switch s.Algorithm {
case AlgRSASHA1, AlgRSASHA256, AlgRSASHA512, AlgRSAMD5:
case RSASHA1, RSASHA256, RSASHA512, RSAMD5:
pubkey := k.pubKeyRSA() // Get the key
// Setup the hash as defined for this alg.
var h hash.Hash
var ch crypto.Hash
switch s.Algorithm {
case AlgRSAMD5:
case RSAMD5:
h = md5.New()
ch = crypto.MD5
case AlgRSASHA1:
case RSASHA1:
h = sha1.New()
ch = crypto.SHA1
case AlgRSASHA256:
case RSASHA256:
h = sha256.New()
ch = crypto.SHA256
case AlgRSASHA512:
case RSASHA512:
h = sha512.New()
ch = crypto.SHA512
}
io.WriteString(h, string(signeddata))
sighash := h.Sum()
err = rsa.VerifyPKCS1v15(pubkey, ch, sighash, sigbuf)
case AlgDH:
case AlgDSA:
case AlgECC:
case AlgECCGOST:
case DH:
case DSA:
case ECC:
case ECCGOST:
default:
// Unknown Alg
return false
@ -400,9 +400,9 @@ func (k *RR_DNSKEY) pubKeyCurve() *ecdsa.PublicKey {
}
var c *elliptic.Curve
switch k.Algorithm {
case AlgECDSAP256SHA256:
case ECDSAP256SHA256:
c = elliptic.P256()
case AlgECDSAP384SHA384:
case ECDSAP384SHA384:
c = elliptic.P384()
}
x, y := c.Unmarshal(keybuf)
@ -500,13 +500,13 @@ func rawSignatureData(rrset RRset, s *RR_RRSIG) (buf []byte) {
// Map for algorithm names.
var alg_str = map[uint8]string{
AlgRSAMD5: "RSAMD5",
AlgDH: "DH",
AlgDSA: "DSA",
AlgRSASHA1: "RSASHA1",
AlgRSASHA256: "RSASHA256",
AlgRSASHA512: "RSASHA512",
AlgECCGOST: "ECC-GOST",
AlgECDSAP256SHA256: "ECDSAP256SHA256",
AlgECDSAP384SHA384: "ECDSAP384SHA384",
RSAMD5: "RSAMD5",
DH: "DH",
DSA: "DSA",
RSASHA1: "RSASHA1",
RSASHA256: "RSASHA256",
RSASHA512: "RSASHA512",
ECCGOST: "ECC-GOST",
ECDSAP256SHA256: "ECDSAP256SHA256",
ECDSAP384SHA384: "ECDSAP384SHA384",
}

81
keygen.go
View File

@ -21,32 +21,38 @@ type PrivateKey interface{}
// The public part is put inside the DNSKEY record.
// The Algorithm in the key must be set as this will define
// what kind of DNSKEY will be generated.
// For ECDSA the algorithms implies a keysize, in that case
// bits should be zero.
func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, os.Error) {
switch r.Algorithm {
case AlgRSAMD5, AlgRSASHA1, AlgRSASHA256:
case RSAMD5, RSASHA1, RSASHA256:
if bits < 512 || bits > 4096 {
return nil, ErrKeySize
}
case AlgRSASHA512:
case RSASHA512:
if bits < 1024 || bits > 4096 {
return nil, ErrKeySize
}
case ECDSAP256SHA256, ECDSAP384SHA384:
if bits != 0 {
return nil, ErrKeySize
}
}
switch r.Algorithm {
case AlgRSAMD5, AlgRSASHA1, AlgRSASHA256, AlgRSASHA512:
case RSAMD5, RSASHA1, RSASHA256, RSASHA512:
priv, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return nil, err
}
r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
return priv, nil
case AlgECDSAP256SHA256, AlgECDSAP384SHA384:
case ECDSAP256SHA256, ECDSAP384SHA384:
var c *elliptic.Curve
switch r.Algorithm {
case AlgECDSAP256SHA256:
case ECDSAP256SHA256:
c = elliptic.P256()
case AlgECDSAP384SHA384:
case ECDSAP384SHA384:
c = elliptic.P384()
}
priv, err := ecdsa.GenerateKey(c, rand.Reader)
@ -98,23 +104,22 @@ func (r *RR_DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
"Exponent1: " + exponent1 + "\n" +
"Exponent2: " + exponent2 + "\n" +
"Coefficient: " + coefficient + "\n"
case *ecdsa.PrivateKey:
//
}
return
}
// Read a private key (file) string and create a public key. Return the private key.
func (k *RR_DNSKEY) ReadPrivateKey(q io.Reader) (PrivateKey, os.Error) {
p := new(rsa.PrivateKey)
p.Primes = []*big.Int{nil,nil}
var left, right string
r := bufio.NewReader(q)
line, _, err := r.ReadLine()
var left, right string
for err == nil {
n, _ := fmt.Sscanf(string(line), "%s %s+\n", &left, &right)
if n > 0 {
switch left {
case "Private-key-format:":
if right != "v1.3" {
if right != "v1.2" || right != "v1.3" {
return nil, ErrPrivKey
}
case "Algorithm:":
@ -123,6 +128,30 @@ func (k *RR_DNSKEY) ReadPrivateKey(q io.Reader) (PrivateKey, os.Error) {
return nil, ErrAlg
}
k.Algorithm = uint8(a)
break
}
}
line, _, err = r.ReadLine()
}
switch k.Algorithm {
case RSAMD5, RSASHA1, RSASHA256, RSASHA512:
return k.readPrivateKeyRSA(r)
case ECDSAP256SHA256, ECDSAP384SHA384:
return k.readPrivateKeyECDSA(r)
}
return nil, ErrKey
}
// Read a private key (file) string and create a public key. Return the private key.
func (k *RR_DNSKEY) readPrivateKeyRSA(r *bufio.Reader) (PrivateKey, os.Error) {
p := new(rsa.PrivateKey)
p.Primes = []*big.Int{nil,nil}
var left, right string
line, _, err := r.ReadLine()
for err == nil {
n, _ := fmt.Sscanf(string(line), "%s %s+\n", &left, &right)
if n > 0 {
switch left {
case "Modulus:", "PublicExponent:", "PrivateExponent:", "Prime1:", "Prime2:":
v, err := packBase64([]byte(right))
if err != nil {
@ -165,3 +194,33 @@ func (k *RR_DNSKEY) ReadPrivateKey(q io.Reader) (PrivateKey, os.Error) {
}
return p, nil
}
// Read a private key (file) string and create a public key. Return the private key.
func (k *RR_DNSKEY) readPrivateKeyECDSA(r *bufio.Reader) (PrivateKey, os.Error) {
p := new(ecdsa.PrivateKey)
p.D = big.NewInt(0)
var left, right string
line, _, err := r.ReadLine()
for err == nil {
n, _ := fmt.Sscanf(string(line), "%s %s+\n", &left, &right)
if n > 0 {
switch left {
case "PrivateKey:":
v, err := packBase64([]byte(right))
if err != nil {
return nil, err
}
p.D.SetBytes(v)
case "Created:", "Publish:", "Activate:":
/* not used in Go (yet) */
default:
return nil, ErrKey
}
}
line, _, err = r.ReadLine()
}
//if ! k.setPublicKeyRSA(p.PublicKey.E, p.PublicKey.N) {
// return nil, ErrKey
//}
return p, nil
}

2
nsec3.go
View File

@ -29,7 +29,7 @@ func hashName(label string, ha int, iterations int, salt string) string {
name = name[:off]
var s hash.Hash
switch ha {
case HashSHA1:
case SHA1:
s = sha1.New()
default:
return ""