[DNSSEC] Make int to bytes conversions fixed length in DSA (RFC 2536)
This fixes DSA key generation.
This commit is contained in:
Filippo Valsorda
parent
ed475ae9fa
commit
c47471f80e
20
dnssec.go
20
dnssec.go
|
|
@ -97,6 +97,10 @@ type dnskeyWireFmt struct {
|
|||
/* Nothing is left out */
|
||||
}
|
||||
|
||||
func divRoundUp(a, b int) int {
|
||||
return (a + b - 1) / b
|
||||
}
|
||||
|
||||
// KeyTag calculates the keytag (or key-id) of the DNSKEY.
|
||||
func (k *DNSKEY) KeyTag() uint16 {
|
||||
if k == nil {
|
||||
|
|
@ -287,8 +291,8 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
return err
|
||||
}
|
||||
signature := []byte{0x4D} // T value, here the ASCII M for Miek (not used in DNSSEC)
|
||||
signature = append(signature, r1.Bytes()...)
|
||||
signature = append(signature, s1.Bytes()...)
|
||||
signature = append(signature, intToBytes(r1, 20)...)
|
||||
signature = append(signature, intToBytes(s1, 20)...)
|
||||
rr.Signature = toBase64(signature)
|
||||
case *rsa.PrivateKey:
|
||||
// We can use nil as rand.Reader here (says AGL)
|
||||
|
|
@ -635,12 +639,12 @@ func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
|
|||
// Set the public key for X and Y for Curve. The two
|
||||
// values are just concatenated.
|
||||
func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
|
||||
t := byte((len(_G.Bytes()) - 64) / 8)
|
||||
buf := []byte{t}
|
||||
buf = append(buf, _Q.Bytes()...)
|
||||
buf = append(buf, _P.Bytes()...)
|
||||
buf = append(buf, _G.Bytes()...)
|
||||
buf = append(buf, _Y.Bytes()...)
|
||||
t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
|
||||
buf := []byte{byte(t)}
|
||||
buf = append(buf, intToBytes(_Q, 20)...)
|
||||
buf = append(buf, intToBytes(_P, 64+t*8)...)
|
||||
buf = append(buf, intToBytes(_G, 64+t*8)...)
|
||||
buf = append(buf, intToBytes(_Y, 64+t*8)...)
|
||||
return buf
|
||||
}
|
||||
|
||||
|
|
|
|||
11
keygen.go
11
keygen.go
|
|
@ -139,11 +139,12 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
|
|||
"PrivateKey: " + private + "\n"
|
||||
case *dsa.PrivateKey:
|
||||
algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
|
||||
prime := toBase64(t.PublicKey.Parameters.P.Bytes())
|
||||
subprime := toBase64(t.PublicKey.Parameters.Q.Bytes())
|
||||
base := toBase64(t.PublicKey.Parameters.G.Bytes())
|
||||
priv := toBase64(t.X.Bytes())
|
||||
pub := toBase64(t.PublicKey.Y.Bytes())
|
||||
T := divRoundUp(divRoundUp(t.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
|
||||
prime := toBase64(intToBytes(t.PublicKey.Parameters.P, 64+T*8))
|
||||
subprime := toBase64(intToBytes(t.PublicKey.Parameters.Q, 20))
|
||||
base := toBase64(intToBytes(t.PublicKey.Parameters.G, 64+T*8))
|
||||
priv := toBase64(intToBytes(t.X, 20))
|
||||
pub := toBase64(intToBytes(t.PublicKey.Y, 64+T*8))
|
||||
s = _FORMAT +
|
||||
"Algorithm: " + algorithm + "\n" +
|
||||
"Prime(p): " + prime + "\n" +
|
||||
|
|
|
|||
|
|
@ -1230,7 +1230,7 @@ type algorithm struct {
|
|||
bits int
|
||||
}
|
||||
|
||||
func TestNewPrivateKeyECDSA(t *testing.T) {
|
||||
func TestNewPrivateKey(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("skipping test in short mode.")
|
||||
}
|
||||
|
|
@ -1239,7 +1239,7 @@ func TestNewPrivateKeyECDSA(t *testing.T) {
|
|||
algorithm{ECDSAP384SHA384, 384},
|
||||
algorithm{RSASHA1, 1024},
|
||||
algorithm{RSASHA256, 2048},
|
||||
// algorithm{DSA, 1024}, // TODO: STILL BROKEN!
|
||||
algorithm{DSA, 1024},
|
||||
}
|
||||
|
||||
for _, algo := range algorithms {
|
||||
|
|
|
|||
Loading…
Reference in New Issue