More DSA stuff: generation/signing/verifying
This commit is contained in:
parent
4536259037
commit
7c9a376659
|
@ -251,6 +251,9 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
var h hash.Hash
|
||||
var ch crypto.Hash // Only need for RSA
|
||||
switch s.Algorithm {
|
||||
case DSA:
|
||||
h = sha1.New()
|
||||
ch = crypto.SHA1
|
||||
case RSAMD5:
|
||||
h = md5.New()
|
||||
ch = crypto.MD5
|
||||
|
@ -272,6 +275,8 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
sighash = h.Sum(nil)
|
||||
|
||||
switch p := k.(type) {
|
||||
case *dsa.PrivateKey:
|
||||
// TODO(mg): sign it
|
||||
case *rsa.PrivateKey:
|
||||
signature, err := rsa.SignPKCS1v15(rand.Reader, p, ch, sighash)
|
||||
if err != nil {
|
||||
|
@ -283,7 +288,6 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Check the length and zero pad??
|
||||
signature := r1.Bytes()
|
||||
signature = append(signature, s1.Bytes()...)
|
||||
s.Signature = unpackBase64(signature)
|
||||
|
|
18
keygen.go
18
keygen.go
|
@ -5,6 +5,7 @@ import (
|
|||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/dsa"
|
||||
"math/big"
|
||||
"strconv"
|
||||
)
|
||||
|
@ -23,6 +24,10 @@ type PrivateKey interface{}
|
|||
// bits should be set to the size of the algorithm.
|
||||
func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, error) {
|
||||
switch r.Algorithm {
|
||||
case DSA:
|
||||
if bits != 1024 {
|
||||
return nil, ErrKeySize
|
||||
}
|
||||
case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
|
||||
if bits < 512 || bits > 4096 {
|
||||
return nil, ErrKeySize
|
||||
|
@ -42,6 +47,19 @@ func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, error) {
|
|||
}
|
||||
|
||||
switch r.Algorithm {
|
||||
case DSA:
|
||||
params := new(dsa.Parameters)
|
||||
if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
priv := new(dsa.PrivateKey)
|
||||
priv.PublicKey.Parameters = *params
|
||||
err := dsa.GenerateKey(priv, rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// setPubicKey needed?
|
||||
return priv, nil
|
||||
case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
|
||||
priv, err := rsa.GenerateKey(rand.Reader, bits)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue