Drop the Alg and Hash prefixes
This commit is contained in:
parent
b84e27535c
commit
4c26df63ba
88
dnssec.go
88
dnssec.go
|
@ -22,25 +22,25 @@ import (
|
|||
|
||||
// DNSSEC encryption algorithm codes.
|
||||
const (
|
||||
AlgRSAMD5 = 1
|
||||
AlgDH = 2
|
||||
AlgDSA = 3
|
||||
AlgECC = 4
|
||||
AlgRSASHA1 = 5
|
||||
AlgRSASHA256 = 8
|
||||
AlgRSASHA512 = 10
|
||||
AlgECCGOST = 12
|
||||
AlgECDSAP256SHA256 = 13
|
||||
AlgECDSAP384SHA384 = 14
|
||||
RSAMD5 = 1
|
||||
DH = 2
|
||||
DSA = 3
|
||||
ECC = 4
|
||||
RSASHA1 = 5
|
||||
RSASHA256 = 8
|
||||
RSASHA512 = 10
|
||||
ECCGOST = 12
|
||||
ECDSAP256SHA256 = 13
|
||||
ECDSAP384SHA384 = 14
|
||||
)
|
||||
|
||||
// DNSSEC hashing codes.
|
||||
const (
|
||||
_ = iota
|
||||
HashSHA1 // RFC 4034
|
||||
HashSHA256 // RFC 4509
|
||||
HashGOST94 // RFC 5933
|
||||
HashSHA384 // Experimental
|
||||
SHA1 // RFC 4034
|
||||
SHA256 // RFC 4509
|
||||
GOST94 // RFC 5933
|
||||
SHA384 // Experimental
|
||||
)
|
||||
|
||||
// DNSKEY flags values.
|
||||
|
@ -78,7 +78,7 @@ type dnskeyWireFmt struct {
|
|||
func (k *RR_DNSKEY) KeyTag() uint16 {
|
||||
var keytag int
|
||||
switch k.Algorithm {
|
||||
case AlgRSAMD5:
|
||||
case RSAMD5:
|
||||
keytag = 0
|
||||
default:
|
||||
keywire := new(dnskeyWireFmt)
|
||||
|
@ -143,19 +143,19 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS {
|
|||
digest := append(owner, wire...) // another copy TODO(mg)
|
||||
|
||||
switch h {
|
||||
case HashSHA1:
|
||||
case SHA1:
|
||||
s := sha1.New()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
case HashSHA256:
|
||||
case SHA256:
|
||||
s := sha256.New()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
case HashSHA384:
|
||||
case SHA384:
|
||||
s := sha512.New384()
|
||||
io.WriteString(s, string(digest))
|
||||
ds.Digest = hex.EncodeToString(s.Sum())
|
||||
case HashGOST94:
|
||||
case GOST94:
|
||||
/* I have no clue */
|
||||
default:
|
||||
return nil
|
||||
|
@ -217,18 +217,18 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset RRset) bool {
|
|||
var h hash.Hash
|
||||
var ch crypto.Hash // Only need for RSA
|
||||
switch s.Algorithm {
|
||||
case AlgRSAMD5:
|
||||
case RSAMD5:
|
||||
h = md5.New()
|
||||
ch = crypto.MD5
|
||||
case AlgRSASHA1:
|
||||
case RSASHA1:
|
||||
h = sha1.New()
|
||||
ch = crypto.SHA1
|
||||
case AlgRSASHA256, AlgECDSAP256SHA256:
|
||||
case RSASHA256, ECDSAP256SHA256:
|
||||
h = sha256.New()
|
||||
ch = crypto.SHA256
|
||||
case AlgECDSAP384SHA384:
|
||||
case ECDSAP384SHA384:
|
||||
h = sha512.New384()
|
||||
case AlgRSASHA512:
|
||||
case RSASHA512:
|
||||
h = sha512.New()
|
||||
ch = crypto.SHA512
|
||||
default:
|
||||
|
@ -313,32 +313,32 @@ func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset RRset) bool {
|
|||
|
||||
var err os.Error
|
||||
switch s.Algorithm {
|
||||
case AlgRSASHA1, AlgRSASHA256, AlgRSASHA512, AlgRSAMD5:
|
||||
case RSASHA1, RSASHA256, RSASHA512, RSAMD5:
|
||||
pubkey := k.pubKeyRSA() // Get the key
|
||||
// Setup the hash as defined for this alg.
|
||||
var h hash.Hash
|
||||
var ch crypto.Hash
|
||||
switch s.Algorithm {
|
||||
case AlgRSAMD5:
|
||||
case RSAMD5:
|
||||
h = md5.New()
|
||||
ch = crypto.MD5
|
||||
case AlgRSASHA1:
|
||||
case RSASHA1:
|
||||
h = sha1.New()
|
||||
ch = crypto.SHA1
|
||||
case AlgRSASHA256:
|
||||
case RSASHA256:
|
||||
h = sha256.New()
|
||||
ch = crypto.SHA256
|
||||
case AlgRSASHA512:
|
||||
case RSASHA512:
|
||||
h = sha512.New()
|
||||
ch = crypto.SHA512
|
||||
}
|
||||
io.WriteString(h, string(signeddata))
|
||||
sighash := h.Sum()
|
||||
err = rsa.VerifyPKCS1v15(pubkey, ch, sighash, sigbuf)
|
||||
case AlgDH:
|
||||
case AlgDSA:
|
||||
case AlgECC:
|
||||
case AlgECCGOST:
|
||||
case DH:
|
||||
case DSA:
|
||||
case ECC:
|
||||
case ECCGOST:
|
||||
default:
|
||||
// Unknown Alg
|
||||
return false
|
||||
|
@ -400,9 +400,9 @@ func (k *RR_DNSKEY) pubKeyCurve() *ecdsa.PublicKey {
|
|||
}
|
||||
var c *elliptic.Curve
|
||||
switch k.Algorithm {
|
||||
case AlgECDSAP256SHA256:
|
||||
case ECDSAP256SHA256:
|
||||
c = elliptic.P256()
|
||||
case AlgECDSAP384SHA384:
|
||||
case ECDSAP384SHA384:
|
||||
c = elliptic.P384()
|
||||
}
|
||||
x, y := c.Unmarshal(keybuf)
|
||||
|
@ -500,13 +500,13 @@ func rawSignatureData(rrset RRset, s *RR_RRSIG) (buf []byte) {
|
|||
|
||||
// Map for algorithm names.
|
||||
var alg_str = map[uint8]string{
|
||||
AlgRSAMD5: "RSAMD5",
|
||||
AlgDH: "DH",
|
||||
AlgDSA: "DSA",
|
||||
AlgRSASHA1: "RSASHA1",
|
||||
AlgRSASHA256: "RSASHA256",
|
||||
AlgRSASHA512: "RSASHA512",
|
||||
AlgECCGOST: "ECC-GOST",
|
||||
AlgECDSAP256SHA256: "ECDSAP256SHA256",
|
||||
AlgECDSAP384SHA384: "ECDSAP384SHA384",
|
||||
RSAMD5: "RSAMD5",
|
||||
DH: "DH",
|
||||
DSA: "DSA",
|
||||
RSASHA1: "RSASHA1",
|
||||
RSASHA256: "RSASHA256",
|
||||
RSASHA512: "RSASHA512",
|
||||
ECCGOST: "ECC-GOST",
|
||||
ECDSAP256SHA256: "ECDSAP256SHA256",
|
||||
ECDSAP384SHA384: "ECDSAP384SHA384",
|
||||
}
|
||||
|
|
81
keygen.go
81
keygen.go
|
@ -21,32 +21,38 @@ type PrivateKey interface{}
|
|||
// The public part is put inside the DNSKEY record.
|
||||
// The Algorithm in the key must be set as this will define
|
||||
// what kind of DNSKEY will be generated.
|
||||
// For ECDSA the algorithms implies a keysize, in that case
|
||||
// bits should be zero.
|
||||
func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, os.Error) {
|
||||
switch r.Algorithm {
|
||||
case AlgRSAMD5, AlgRSASHA1, AlgRSASHA256:
|
||||
case RSAMD5, RSASHA1, RSASHA256:
|
||||
if bits < 512 || bits > 4096 {
|
||||
return nil, ErrKeySize
|
||||
}
|
||||
case AlgRSASHA512:
|
||||
case RSASHA512:
|
||||
if bits < 1024 || bits > 4096 {
|
||||
return nil, ErrKeySize
|
||||
}
|
||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||
if bits != 0 {
|
||||
return nil, ErrKeySize
|
||||
}
|
||||
}
|
||||
|
||||
switch r.Algorithm {
|
||||
case AlgRSAMD5, AlgRSASHA1, AlgRSASHA256, AlgRSASHA512:
|
||||
case RSAMD5, RSASHA1, RSASHA256, RSASHA512:
|
||||
priv, err := rsa.GenerateKey(rand.Reader, bits)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
|
||||
return priv, nil
|
||||
case AlgECDSAP256SHA256, AlgECDSAP384SHA384:
|
||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||
var c *elliptic.Curve
|
||||
switch r.Algorithm {
|
||||
case AlgECDSAP256SHA256:
|
||||
case ECDSAP256SHA256:
|
||||
c = elliptic.P256()
|
||||
case AlgECDSAP384SHA384:
|
||||
case ECDSAP384SHA384:
|
||||
c = elliptic.P384()
|
||||
}
|
||||
priv, err := ecdsa.GenerateKey(c, rand.Reader)
|
||||
|
@ -98,23 +104,22 @@ func (r *RR_DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
|
|||
"Exponent1: " + exponent1 + "\n" +
|
||||
"Exponent2: " + exponent2 + "\n" +
|
||||
"Coefficient: " + coefficient + "\n"
|
||||
case *ecdsa.PrivateKey:
|
||||
//
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Read a private key (file) string and create a public key. Return the private key.
|
||||
func (k *RR_DNSKEY) ReadPrivateKey(q io.Reader) (PrivateKey, os.Error) {
|
||||
p := new(rsa.PrivateKey)
|
||||
p.Primes = []*big.Int{nil,nil}
|
||||
var left, right string
|
||||
r := bufio.NewReader(q)
|
||||
line, _, err := r.ReadLine()
|
||||
var left, right string
|
||||
for err == nil {
|
||||
n, _ := fmt.Sscanf(string(line), "%s %s+\n", &left, &right)
|
||||
if n > 0 {
|
||||
switch left {
|
||||
case "Private-key-format:":
|
||||
if right != "v1.3" {
|
||||
if right != "v1.2" || right != "v1.3" {
|
||||
return nil, ErrPrivKey
|
||||
}
|
||||
case "Algorithm:":
|
||||
|
@ -123,6 +128,30 @@ func (k *RR_DNSKEY) ReadPrivateKey(q io.Reader) (PrivateKey, os.Error) {
|
|||
return nil, ErrAlg
|
||||
}
|
||||
k.Algorithm = uint8(a)
|
||||
break
|
||||
}
|
||||
}
|
||||
line, _, err = r.ReadLine()
|
||||
}
|
||||
switch k.Algorithm {
|
||||
case RSAMD5, RSASHA1, RSASHA256, RSASHA512:
|
||||
return k.readPrivateKeyRSA(r)
|
||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||
return k.readPrivateKeyECDSA(r)
|
||||
}
|
||||
return nil, ErrKey
|
||||
}
|
||||
|
||||
// Read a private key (file) string and create a public key. Return the private key.
|
||||
func (k *RR_DNSKEY) readPrivateKeyRSA(r *bufio.Reader) (PrivateKey, os.Error) {
|
||||
p := new(rsa.PrivateKey)
|
||||
p.Primes = []*big.Int{nil,nil}
|
||||
var left, right string
|
||||
line, _, err := r.ReadLine()
|
||||
for err == nil {
|
||||
n, _ := fmt.Sscanf(string(line), "%s %s+\n", &left, &right)
|
||||
if n > 0 {
|
||||
switch left {
|
||||
case "Modulus:", "PublicExponent:", "PrivateExponent:", "Prime1:", "Prime2:":
|
||||
v, err := packBase64([]byte(right))
|
||||
if err != nil {
|
||||
|
@ -165,3 +194,33 @@ func (k *RR_DNSKEY) ReadPrivateKey(q io.Reader) (PrivateKey, os.Error) {
|
|||
}
|
||||
return p, nil
|
||||
}
|
||||
|
||||
// Read a private key (file) string and create a public key. Return the private key.
|
||||
func (k *RR_DNSKEY) readPrivateKeyECDSA(r *bufio.Reader) (PrivateKey, os.Error) {
|
||||
p := new(ecdsa.PrivateKey)
|
||||
p.D = big.NewInt(0)
|
||||
var left, right string
|
||||
line, _, err := r.ReadLine()
|
||||
for err == nil {
|
||||
n, _ := fmt.Sscanf(string(line), "%s %s+\n", &left, &right)
|
||||
if n > 0 {
|
||||
switch left {
|
||||
case "PrivateKey:":
|
||||
v, err := packBase64([]byte(right))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
p.D.SetBytes(v)
|
||||
case "Created:", "Publish:", "Activate:":
|
||||
/* not used in Go (yet) */
|
||||
default:
|
||||
return nil, ErrKey
|
||||
}
|
||||
}
|
||||
line, _, err = r.ReadLine()
|
||||
}
|
||||
//if ! k.setPublicKeyRSA(p.PublicKey.E, p.PublicKey.N) {
|
||||
// return nil, ErrKey
|
||||
//}
|
||||
return p, nil
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue