[DNSSEC] Make int to bytes conversions fixed length in DSA (RFC 2536)
This fixes DSA key generation.
This commit is contained in:
parent
ed475ae9fa
commit
c47471f80e
20
dnssec.go
20
dnssec.go
|
@ -97,6 +97,10 @@ type dnskeyWireFmt struct {
|
||||||
/* Nothing is left out */
|
/* Nothing is left out */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func divRoundUp(a, b int) int {
|
||||||
|
return (a + b - 1) / b
|
||||||
|
}
|
||||||
|
|
||||||
// KeyTag calculates the keytag (or key-id) of the DNSKEY.
|
// KeyTag calculates the keytag (or key-id) of the DNSKEY.
|
||||||
func (k *DNSKEY) KeyTag() uint16 {
|
func (k *DNSKEY) KeyTag() uint16 {
|
||||||
if k == nil {
|
if k == nil {
|
||||||
|
@ -287,8 +291,8 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
signature := []byte{0x4D} // T value, here the ASCII M for Miek (not used in DNSSEC)
|
signature := []byte{0x4D} // T value, here the ASCII M for Miek (not used in DNSSEC)
|
||||||
signature = append(signature, r1.Bytes()...)
|
signature = append(signature, intToBytes(r1, 20)...)
|
||||||
signature = append(signature, s1.Bytes()...)
|
signature = append(signature, intToBytes(s1, 20)...)
|
||||||
rr.Signature = toBase64(signature)
|
rr.Signature = toBase64(signature)
|
||||||
case *rsa.PrivateKey:
|
case *rsa.PrivateKey:
|
||||||
// We can use nil as rand.Reader here (says AGL)
|
// We can use nil as rand.Reader here (says AGL)
|
||||||
|
@ -635,12 +639,12 @@ func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
|
||||||
// Set the public key for X and Y for Curve. The two
|
// Set the public key for X and Y for Curve. The two
|
||||||
// values are just concatenated.
|
// values are just concatenated.
|
||||||
func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
|
func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
|
||||||
t := byte((len(_G.Bytes()) - 64) / 8)
|
t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
|
||||||
buf := []byte{t}
|
buf := []byte{byte(t)}
|
||||||
buf = append(buf, _Q.Bytes()...)
|
buf = append(buf, intToBytes(_Q, 20)...)
|
||||||
buf = append(buf, _P.Bytes()...)
|
buf = append(buf, intToBytes(_P, 64+t*8)...)
|
||||||
buf = append(buf, _G.Bytes()...)
|
buf = append(buf, intToBytes(_G, 64+t*8)...)
|
||||||
buf = append(buf, _Y.Bytes()...)
|
buf = append(buf, intToBytes(_Y, 64+t*8)...)
|
||||||
return buf
|
return buf
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
11
keygen.go
11
keygen.go
|
@ -139,11 +139,12 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
|
||||||
"PrivateKey: " + private + "\n"
|
"PrivateKey: " + private + "\n"
|
||||||
case *dsa.PrivateKey:
|
case *dsa.PrivateKey:
|
||||||
algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
|
algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
|
||||||
prime := toBase64(t.PublicKey.Parameters.P.Bytes())
|
T := divRoundUp(divRoundUp(t.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
|
||||||
subprime := toBase64(t.PublicKey.Parameters.Q.Bytes())
|
prime := toBase64(intToBytes(t.PublicKey.Parameters.P, 64+T*8))
|
||||||
base := toBase64(t.PublicKey.Parameters.G.Bytes())
|
subprime := toBase64(intToBytes(t.PublicKey.Parameters.Q, 20))
|
||||||
priv := toBase64(t.X.Bytes())
|
base := toBase64(intToBytes(t.PublicKey.Parameters.G, 64+T*8))
|
||||||
pub := toBase64(t.PublicKey.Y.Bytes())
|
priv := toBase64(intToBytes(t.X, 20))
|
||||||
|
pub := toBase64(intToBytes(t.PublicKey.Y, 64+T*8))
|
||||||
s = _FORMAT +
|
s = _FORMAT +
|
||||||
"Algorithm: " + algorithm + "\n" +
|
"Algorithm: " + algorithm + "\n" +
|
||||||
"Prime(p): " + prime + "\n" +
|
"Prime(p): " + prime + "\n" +
|
||||||
|
|
|
@ -1230,7 +1230,7 @@ type algorithm struct {
|
||||||
bits int
|
bits int
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestNewPrivateKeyECDSA(t *testing.T) {
|
func TestNewPrivateKey(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("skipping test in short mode.")
|
t.Skip("skipping test in short mode.")
|
||||||
}
|
}
|
||||||
|
@ -1239,7 +1239,7 @@ func TestNewPrivateKeyECDSA(t *testing.T) {
|
||||||
algorithm{ECDSAP384SHA384, 384},
|
algorithm{ECDSAP384SHA384, 384},
|
||||||
algorithm{RSASHA1, 1024},
|
algorithm{RSASHA1, 1024},
|
||||||
algorithm{RSASHA256, 2048},
|
algorithm{RSASHA256, 2048},
|
||||||
// algorithm{DSA, 1024}, // TODO: STILL BROKEN!
|
algorithm{DSA, 1024},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, algo := range algorithms {
|
for _, algo := range algorithms {
|
||||||
|
|
Loading…
Reference in New Issue