elliptic curve stuff

dnssec.go

@@ -58,6 +58,7 @@ const (
 	SHA256 // RFC 4509 
 	GOST94 // RFC 5933
 	SHA384 // Experimental
+	SHA512 // Experimental
 )
 
 // DNSKEY flag values.
@@ -439,19 +440,17 @@ func (k *RR_DNSKEY) pubKeyCurve() *ecdsa.PublicKey {
 	if err != nil {
 		return nil
 	}
-	var c elliptic.Curve
+	pubkey := new(ecdsa.PublicKey)
 	switch k.Algorithm {
 	case ECDSAP256SHA256Y:
-		c = elliptic.P256()
+		pubkey.Curve = elliptic.P256()
 	case ECDSAP384SHA384Y:
-		c = elliptic.P384()
+		pubkey.Curve = elliptic.P384()
 	}
-	// This does not work, we need to split the buffer in two
-	x, y := elliptic.Unmarshal(c, keybuf)
-	pubkey := new(ecdsa.PublicKey)
-	pubkey.X = x
-	pubkey.Y = y
-	pubkey.Curve = c
+	pubkey.X = big.NewInt(0)
+	pubkey.X.SetBytes(keybuf[:len(keybuf)/2])
+	pubkey.Y = big.NewInt(0)
+	pubkey.Y.SetBytes(keybuf[len(keybuf)/2:]) // +1?
 	return pubkey
 }
 
@@ -494,7 +493,8 @@ func exponentToBuf(_E int) []byte {
 	return buf
 }
 
-// Set the public key for X and Y for Curve. Experiment.
+// Set the public key for X and Y for Curve. The two 
+// values are just concatenated.
 func curveToBuf(_X, _Y *big.Int) []byte {
 	buf := _X.Bytes()
 	buf = append(buf, _Y.Bytes()...)

dnssec_test.go

@@ -31,6 +31,20 @@ func getSoa() *RR_SOA {
 	return soa
 }
 
+func TestGenerateEC(t *testing.T) {
+	key := new(RR_DNSKEY)
+	key.Hdr.Rrtype = TypeDNSKEY
+	key.Hdr.Name = "miek.nl."
+	key.Hdr.Class = ClassINET
+	key.Hdr.Ttl = 14400
+	key.Flags = 256
+	key.Protocol = 3
+	key.Algorithm = ECDSAP256SHA256Y
+	privkey, _ := key.Generate(256)
+	t.Logf("%s\n", key.String())
+	t.Logf("%s\n", key.PrivateKeyString(privkey))
+}
+
 func TestSecure(t *testing.T) {
 	soa := getSoa()