diff --git a/Makefile b/Makefile index 0fa4715f..d8d15669 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ include $(GOROOT)/src/Make.pkg all: package gomake -C resolver package gomake -C responder package -# gomake -C strconv package + gomake -C strconv package dnstest: gotest diff --git a/dnskey_test.go b/dnskey_test.go index f66cb92f..36492432 100644 --- a/dnskey_test.go +++ b/dnskey_test.go @@ -15,10 +15,8 @@ func TestKeyGen(t *testing.T) { key.Flags = 256 key.Protocol = 3 key.Algorithm = AlgRSASHA256 - key.GenerateRSA(512) - - fmt.Printf("%v\n", key) - + key.Generate(512) + fmt.Printf("Generated key: %v\n", key) } diff --git a/dnssec.go b/dnssec.go index d119d6cb..bf334c57 100644 --- a/dnssec.go +++ b/dnssec.go @@ -153,7 +153,7 @@ func (k *RR_DNSKEY) ToDS(h int) *RR_DS { // the rest is copied from the RRset. Return true when all ok. // The Signature data is filled by this method // There is no check if rrset is a proper (RFC 2181) RRSet -func (s *RR_RRSIG) Sign(k *rsa.PrivateKey, rrset RRset) bool { +func (s *RR_RRSIG) Sign(k PrivateKey, rrset RRset) bool { if k == nil { return false } @@ -252,13 +252,21 @@ func (s *RR_RRSIG) Sign(k *rsa.PrivateKey, rrset RRset) bool { // Need privakey representation in godns TODO(mg) see keygen.go io.WriteString(h, string(signdata)) sighash := h.Sum() - signature, err = rsa.SignPKCS1v15(rand.Reader, k, ch, sighash) - if err != nil { + + // Get the key from the interface + switch p := k.(type) { + case *rsa.PrivateKey: + signature, err = rsa.SignPKCS1v15(rand.Reader, p, ch, sighash) + if err != nil { + return false + } + b64 := make([]byte, base64.StdEncoding.EncodedLen(len(signature))) + base64.StdEncoding.Encode(b64, signature) + s.Signature = string(b64) + default: + // Not given the correct key return false } - b64 := make([]byte, base64.StdEncoding.EncodedLen(len(signature))) - base64.StdEncoding.Encode(b64, signature) - s.Signature = string(b64) case AlgDH: case AlgDSA: case AlgECC: diff --git a/keygen.go b/keygen.go index 112bf2f5..c5d2225c 100644 --- a/keygen.go +++ b/keygen.go @@ -1,54 +1,62 @@ package dns import ( - "os" - "crypto/rsa" - "crypto/rand" - "encoding/base64" + "os" + "crypto/rsa" + "crypto/rand" + "encoding/base64" ) +// Empty interface so all crypty private key +// can be grouped together +type PrivateKey interface{} + // io.Reader // PrivateKeyToString // PrivateKeyFromString // PrivateKeyToDNSKEY -// Generate a RSA key of the given bit size. +// Generate a Key of the given bit size. // The public part is directly put inside the DNSKEY record. -// The Algorithm in the key must be set -func (r *RR_DNSKEY) GenerateRSA(bits int) (*rsa.PrivateKey, os.Error) { +// The Algorithm in the key must be set as this will define +// what kind of DNSKEY will be generated +func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, os.Error) { + switch r.Algorithm { + case AlgRSAMD5, AlgRSASHA1, AlgRSASHA256: + if bits < 512 || bits > 4096 { + return nil, &Error{Error: "Size not in range [512..4096]"} + } + case AlgRSASHA512: + if bits < 1024 || bits > 4096 { + return nil, &Error{Error: "Size not in range [1024..4096]"} + } + default: + return nil, &Error{Error: "Algorithm not recognized"} + } + switch r.Algorithm { - case AlgRSAMD5: fallthrough - case AlgRSASHA1: fallthrough - case AlgRSASHA256: - if bits < 512 || bits > 4096 { - return nil, &Error{Error: "Size not in range [512..4096]"} - } - case AlgRSASHA512: - if bits < 1024 || bits > 4096 { - return nil, &Error{Error: "Size not in range [1024..4096]"} - } - default: - return nil, &Error{Error: "Algorithm does not match RSA*"} - } - priv, err := rsa.GenerateKey(rand.Reader, bits) - if err != nil { - return nil, err - } - keybuf := make([]byte, 1) + case AlgRSAMD5, AlgRSASHA1, AlgRSASHA256, AlgRSASHA512: + priv, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + return nil, err + } + keybuf := make([]byte, 1) - if priv.PublicKey.E < 256 { - keybuf[0] = uint8(priv.PublicKey.E) - } else { - keybuf[0] = 0 - // keybuf[1]+[2] have the length - // keybuf[3:..3+lenght] have exponent - // not implemented - return nil, &Error{Error: "Exponent too large"} - } - keybuf = append(keybuf, priv.PublicKey.N.Bytes()...) + if priv.PublicKey.E < 256 { + keybuf[0] = uint8(priv.PublicKey.E) + } else { + keybuf[0] = 0 + // keybuf[1]+[2] have the length + // keybuf[3:..3+lenght] have exponent + // not implemented + return nil, &Error{Error: "Exponent too large"} + } + keybuf = append(keybuf, priv.PublicKey.N.Bytes()...) - b64 := make([]byte, base64.StdEncoding.EncodedLen(len(keybuf))) - base64.StdEncoding.Encode(b64, keybuf) - r.PubKey = string(b64) - return priv, nil + b64 := make([]byte, base64.StdEncoding.EncodedLen(len(keybuf))) + base64.StdEncoding.Encode(b64, keybuf) + r.PubKey = string(b64) + return priv, nil + } + return nil, nil // Dummy return } diff --git a/strconv/_go_.6 b/strconv/_go_.6 index 04f16510..a5d1e607 100644 Binary files a/strconv/_go_.6 and b/strconv/_go_.6 differ diff --git a/strconv/_obj/dns/strconv.a b/strconv/_obj/dns/strconv.a index 5ee10e2d..e9f92db5 100644 Binary files a/strconv/_obj/dns/strconv.a and b/strconv/_obj/dns/strconv.a differ diff --git a/strconv/strconv.go b/strconv/strconv.go index 630d67ac..33959eb0 100644 --- a/strconv/strconv.go +++ b/strconv/strconv.go @@ -3,6 +3,7 @@ package strconv import ( "unicode" conv "strconv" + "dns" ) const ( @@ -71,3 +72,11 @@ func SecondsToString(val uint32) (str string) { } return } + +// Read a string and convert it to the correct +// Resource Record. +func SetString(s string) dns.RR { + + k := new(dns.RR_DNSKEY) + return k +}