Refactor the DNSSEC private key code

Now PrivateKey is an interface exposing Sign() and String(). Common
implementations are wrappers for {rsa|dsa|ecdsa}.PrivateKey but
this allows for custom signers, and abstracts away the private-ops
code to a single place.

dnssec.go

@@ -20,7 +20,6 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/md5"
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/sha256"
@@ -256,63 +255,36 @@ func (rr *RRSIG) Sign(k PrivateKey, rrset []RR) error {
 	}
 	signdata = append(signdata, wire...)
 
-	var sighash []byte
 	var h hash.Hash
-	var ch crypto.Hash // Only need for RSA
-	var intlen int
 	switch rr.Algorithm {
 	case DSA, DSANSEC3SHA1:
-		// Implicit in the ParameterSizes
+		// TODO: this seems bugged, will panic
 	case RSASHA1, RSASHA1NSEC3SHA1:
 		h = sha1.New()
-		ch = crypto.SHA1
 	case RSASHA256, ECDSAP256SHA256:
 		h = sha256.New()
-		ch = crypto.SHA256
-		intlen = 32
 	case ECDSAP384SHA384:
 		h = sha512.New384()
-		intlen = 48
 	case RSASHA512:
 		h = sha512.New()
-		ch = crypto.SHA512
 	case RSAMD5:
 		fallthrough // Deprecated in RFC 6725
 	default:
 		return ErrAlg
 	}
-	io.WriteString(h, string(signdata))
-	sighash = h.Sum(nil)
 
-	switch p := k.(type) {
-	case *dsa.PrivateKey:
-		r1, s1, err := dsa.Sign(rand.Reader, p, sighash)
-		if err != nil {
-			return err
-		}
-		signature := []byte{0x4D} // T value, here the ASCII M for Miek (not used in DNSSEC)
-		signature = append(signature, intToBytes(r1, 20)...)
-		signature = append(signature, intToBytes(s1, 20)...)
-		rr.Signature = toBase64(signature)
-	case *rsa.PrivateKey:
-		// We can use nil as rand.Reader here (says AGL)
-		signature, err := rsa.SignPKCS1v15(nil, p, ch, sighash)
-		if err != nil {
-			return err
-		}
-		rr.Signature = toBase64(signature)
-	case *ecdsa.PrivateKey:
-		r1, s1, err := ecdsa.Sign(rand.Reader, p, sighash)
-		if err != nil {
-			return err
-		}
-		signature := intToBytes(r1, intlen)
-		signature = append(signature, intToBytes(s1, intlen)...)
-		rr.Signature = toBase64(signature)
-	default:
-		// Not given the correct key
-		return ErrKeyAlg
+	_, err = h.Write(signdata)
+	if err != nil {
+		return err
 	}
+	sighash := h.Sum(nil)
+
+	signature, err := k.Sign(sighash, rr.Algorithm)
+	if err != nil {
+		return err
+	}
+	rr.Signature = toBase64(signature)
+
 	return nil
 }
 
@@ -405,7 +377,7 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
 		sighash := h.Sum(nil)
 		return rsa.VerifyPKCS1v15(pubkey, ch, sighash, sigbuf)
 	case ECDSAP256SHA256, ECDSAP384SHA384:
-		pubkey := k.publicKeyCurve()
+		pubkey := k.publicKeyECDSA()
 		if pubkey == nil {
 			return ErrKey
 		}
@@ -458,31 +430,6 @@ func (s *RRSIG) sigBuf() []byte {
 	return sigbuf
 }
 
-// setPublicKeyInPrivate sets the public key in the private key.
-func (k *DNSKEY) setPublicKeyInPrivate(p PrivateKey) bool {
-	switch t := p.(type) {
-	case *dsa.PrivateKey:
-		x := k.publicKeyDSA()
-		if x == nil {
-			return false
-		}
-		t.PublicKey = *x
-	case *rsa.PrivateKey:
-		x := k.publicKeyRSA()
-		if x == nil {
-			return false
-		}
-		t.PublicKey = *x
-	case *ecdsa.PrivateKey:
-		x := k.publicKeyCurve()
-		if x == nil {
-			return false
-		}
-		t.PublicKey = *x
-	}
-	return true
-}
-
 // publicKeyRSA returns the RSA public key from a DNSKEY record.
 func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
 	keybuf, err := fromBase64([]byte(k.PublicKey))
@@ -521,8 +468,8 @@ func (k *DNSKEY) publicKeyRSA() *rsa.PublicKey {
 	return pubkey
 }
 
-// publicKeyCurve returns the Curve public key from the DNSKEY record.
-func (k *DNSKEY) publicKeyCurve() *ecdsa.PublicKey {
+// publicKeyECDSA returns the Curve public key from the DNSKEY record.
+func (k *DNSKEY) publicKeyECDSA() *ecdsa.PublicKey {
 	keybuf, err := fromBase64([]byte(k.PublicKey))
 	if err != nil {
 		return nil
@@ -585,7 +532,7 @@ func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
 }
 
 // Set the public key for Elliptic Curves
-func (k *DNSKEY) setPublicKeyCurve(_X, _Y *big.Int) bool {
+func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
 	if _X == nil || _Y == nil {
 		return false
 	}

dnssec_test.go

@@ -1,7 +1,6 @@
 package dns
 
 import (
-	"crypto/rsa"
 	"reflect"
 	"strings"
 	"testing"
@@ -389,7 +388,7 @@ Activate: 20110302104537`
 		t.Fail()
 	}
 	switch priv := p.(type) {
-	case *rsa.PrivateKey:
+	case *RSAPrivateKey:
 		if 65537 != priv.PublicKey.E {
 			t.Log("exponenent should be 65537")
 			t.Fail()

keygen.go

@@ -1,6 +1,7 @@
 package dns
 
 import (
+	"crypto"
 	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -12,9 +13,10 @@ import (
 
 const _FORMAT = "Private-key-format: v1.3\n"
 
-// Empty interface that is used as a wrapper around all possible
-// private key implementations from the crypto package.
-type PrivateKey interface{}
+type PrivateKey interface {
+	Sign([]byte, uint8) ([]byte, error)
+	String(uint8) string
+}
 
 // Generate generates a DNSKEY of the given bit size.
 // The public part is put inside the DNSKEY record.
@@ -59,14 +61,14 @@ func (r *DNSKEY) Generate(bits int) (PrivateKey, error) {
 			return nil, err
 		}
 		r.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
-		return priv, nil
+		return (*DSAPrivateKey)(priv), nil
 	case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
 		priv, err := rsa.GenerateKey(rand.Reader, bits)
 		if err != nil {
 			return nil, err
 		}
 		r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
-		return priv, nil
+		return (*RSAPrivateKey)(priv), nil
 	case ECDSAP256SHA256, ECDSAP384SHA384:
 		var c elliptic.Curve
 		switch r.Algorithm {
@@ -79,41 +81,61 @@ func (r *DNSKEY) Generate(bits int) (PrivateKey, error) {
 		if err != nil {
 			return nil, err
 		}
-		r.setPublicKeyCurve(priv.PublicKey.X, priv.PublicKey.Y)
-		return priv, nil
+		r.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
+		return (*ECDSAPrivateKey)(priv), nil
 	default:
 		return nil, ErrAlg
 	}
-	return nil, nil // Dummy return
 }
 
-// PrivateKeyString converts a PrivateKey to a string. This
-// string has the same format as the private-key-file of BIND9 (Private-key-format: v1.3).
-// It needs some info from the key (hashing, keytag), so its a method of the DNSKEY.
-func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
-	switch t := p.(type) {
-	case *rsa.PrivateKey:
-		algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
-		modulus := toBase64(t.PublicKey.N.Bytes())
-		e := big.NewInt(int64(t.PublicKey.E))
+// PrivateKeyString converts a PrivateKey to a string. This string has the same
+// format as the private-key-file of BIND9 (Private-key-format: v1.3).
+// It needs some info from the key (the algorithm), so its a method of the
+// DNSKEY and calls PrivateKey.String(alg).
+func (r *DNSKEY) PrivateKeyString(p PrivateKey) string {
+	return p.String(r.Algorithm)
+}
+
+type RSAPrivateKey rsa.PrivateKey
+
+func (p *RSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
+	var hash crypto.Hash
+	switch alg {
+	case RSASHA1, RSASHA1NSEC3SHA1:
+		hash = crypto.SHA1
+	case RSASHA256:
+		hash = crypto.SHA256
+	case RSASHA512:
+		hash = crypto.SHA512
+	default:
+		return nil, ErrAlg
+	}
+	return rsa.SignPKCS1v15(nil, (*rsa.PrivateKey)(p), hash, hashed)
+}
+
+func (p *RSAPrivateKey) String(alg uint8) string {
+	if true {
+		algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
+		modulus := toBase64(p.PublicKey.N.Bytes())
+		e := big.NewInt(int64(p.PublicKey.E))
 		publicExponent := toBase64(e.Bytes())
-		privateExponent := toBase64(t.D.Bytes())
-		prime1 := toBase64(t.Primes[0].Bytes())
-		prime2 := toBase64(t.Primes[1].Bytes())
+		privateExponent := toBase64(p.D.Bytes())
+		prime1 := toBase64(p.Primes[0].Bytes())
+		prime2 := toBase64(p.Primes[1].Bytes())
 		// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
 		// and from: http://code.google.com/p/go/issues/detail?id=987
 		one := big.NewInt(1)
-		p_1 := big.NewInt(0).Sub(t.Primes[0], one)
-		q_1 := big.NewInt(0).Sub(t.Primes[1], one)
-		exp1 := big.NewInt(0).Mod(t.D, p_1)
-		exp2 := big.NewInt(0).Mod(t.D, q_1)
-		coeff := big.NewInt(0).ModInverse(t.Primes[1], t.Primes[0])
+		p_1 := big.NewInt(0).Sub(p.Primes[0], one)
+		q_1 := big.NewInt(0).Sub(p.Primes[1], one)
+		exp1 := big.NewInt(0).Mod(p.D, p_1)
+		exp2 := big.NewInt(0).Mod(p.D, q_1)
+		coeff := big.NewInt(0).ModInverse(p.Primes[1], p.Primes[0])
 
 		exponent1 := toBase64(exp1.Bytes())
 		exponent2 := toBase64(exp2.Bytes())
 		coefficient := toBase64(coeff.Bytes())
 
-		s = _FORMAT +
+		return _FORMAT +
 			"Algorithm: " + algorithm + "\n" +
 			"Modulus: " + modulus + "\n" +
 			"PublicExponent: " + publicExponent + "\n" +
@@ -123,28 +145,71 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
 			"Exponent1: " + exponent1 + "\n" +
 			"Exponent2: " + exponent2 + "\n" +
 			"Coefficient: " + coefficient + "\n"
-	case *ecdsa.PrivateKey:
-		algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
+	}
+}
+
+type ECDSAPrivateKey ecdsa.PrivateKey
+
+func (p *ECDSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
+	var intlen int
+	switch alg {
+	case ECDSAP256SHA256:
+		intlen = 32
+	case ECDSAP384SHA384:
+		intlen = 48
+	default:
+		return nil, ErrAlg
+	}
+	r1, s1, err := ecdsa.Sign(rand.Reader, (*ecdsa.PrivateKey)(p), hashed)
+	if err != nil {
+		return nil, err
+	}
+	signature := intToBytes(r1, intlen)
+	signature = append(signature, intToBytes(s1, intlen)...)
+	return signature, nil
+}
+
+func (p *ECDSAPrivateKey) String(alg uint8) string {
+	if true {
+		algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
 		var intlen int
-		switch r.Algorithm {
+		switch alg {
 		case ECDSAP256SHA256:
 			intlen = 32
 		case ECDSAP384SHA384:
 			intlen = 48
 		}
-		private := toBase64(intToBytes(t.D, intlen))
-		s = _FORMAT +
+		private := toBase64(intToBytes(p.D, intlen))
+		return _FORMAT +
 			"Algorithm: " + algorithm + "\n" +
 			"PrivateKey: " + private + "\n"
-	case *dsa.PrivateKey:
-		algorithm := strconv.Itoa(int(r.Algorithm)) + " (" + AlgorithmToString[r.Algorithm] + ")"
-		T := divRoundUp(divRoundUp(t.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
-		prime := toBase64(intToBytes(t.PublicKey.Parameters.P, 64+T*8))
-		subprime := toBase64(intToBytes(t.PublicKey.Parameters.Q, 20))
-		base := toBase64(intToBytes(t.PublicKey.Parameters.G, 64+T*8))
-		priv := toBase64(intToBytes(t.X, 20))
-		pub := toBase64(intToBytes(t.PublicKey.Y, 64+T*8))
-		s = _FORMAT +
+	}
+}
+
+type DSAPrivateKey dsa.PrivateKey
+
+func (p *DSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
+	r1, s1, err := dsa.Sign(rand.Reader, (*dsa.PrivateKey)(p), hashed)
+	if err != nil {
+		return nil, err
+	}
+	t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
+	signature := []byte{byte(t)}
+	signature = append(signature, intToBytes(r1, 20)...)
+	signature = append(signature, intToBytes(s1, 20)...)
+	return signature, nil
+}
+
+func (p *DSAPrivateKey) String(alg uint8) string {
+	if true {
+		algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
+		T := divRoundUp(divRoundUp(p.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
+		prime := toBase64(intToBytes(p.PublicKey.Parameters.P, 64+T*8))
+		subprime := toBase64(intToBytes(p.PublicKey.Parameters.Q, 20))
+		base := toBase64(intToBytes(p.PublicKey.Parameters.G, 64+T*8))
+		priv := toBase64(intToBytes(p.X, 20))
+		pub := toBase64(intToBytes(p.PublicKey.Y, 64+T*8))
+		return _FORMAT +
 			"Algorithm: " + algorithm + "\n" +
 			"Prime(p): " + prime + "\n" +
 			"Subprime(q): " + subprime + "\n" +
@@ -152,5 +217,4 @@ func (r *DNSKEY) PrivateKeyString(p PrivateKey) (s string) {
 			"Private_value(x): " + priv + "\n" +
 			"Public_value(y): " + pub + "\n"
 	}
-	return
 }

kscan.go

@@ -18,8 +18,8 @@ func (k *DNSKEY) NewPrivateKey(s string) (PrivateKey, error) {
 
 // ReadPrivateKey reads a private key from the io.Reader q. The string file is
 // only used in error reporting.
-// The public key must be
-// known, because some cryptographic algorithms embed the public inside the privatekey.
+// The public key must be known, because some cryptographic algorithms embed
+// the public inside the privatekey.
 func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
 	m, e := parseKey(q, file)
 	if m == nil {
@@ -34,14 +34,16 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
 	// TODO(mg): check if the pubkey matches the private key
 	switch m["algorithm"] {
 	case "3 (DSA)":
-		p, e := readPrivateKeyDSA(m)
+		priv, e := readPrivateKeyDSA(m)
 		if e != nil {
 			return nil, e
 		}
-		if !k.setPublicKeyInPrivate(p) {
+		pub := k.publicKeyDSA()
+		if pub == nil {
 			return nil, ErrKey
 		}
-		return p, e
+		priv.PublicKey = *pub
+		return (*DSAPrivateKey)(priv), e
 	case "1 (RSAMD5)":
 		fallthrough
 	case "5 (RSASHA1)":
@@ -51,38 +53,38 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (PrivateKey, error) {
 	case "8 (RSASHA256)":
 		fallthrough
 	case "10 (RSASHA512)":
-		p, e := readPrivateKeyRSA(m)
+		priv, e := readPrivateKeyRSA(m)
 		if e != nil {
 			return nil, e
 		}
-		if !k.setPublicKeyInPrivate(p) {
+		pub := k.publicKeyRSA()
+		if pub == nil {
 			return nil, ErrKey
 		}
-		return p, e
+		priv.PublicKey = *pub
+		return (*RSAPrivateKey)(priv), e
 	case "12 (ECC-GOST)":
-		p, e := readPrivateKeyGOST(m)
-		if e != nil {
-			return nil, e
-		}
-		// setPublicKeyInPrivate(p)
-		return p, e
+		return nil, ErrPrivKey
 	case "13 (ECDSAP256SHA256)":
 		fallthrough
 	case "14 (ECDSAP384SHA384)":
-		p, e := readPrivateKeyECDSA(m)
+		priv, e := readPrivateKeyECDSA(m)
 		if e != nil {
 			return nil, e
 		}
-		if !k.setPublicKeyInPrivate(p) {
+		pub := k.publicKeyECDSA()
+		if pub == nil {
 			return nil, ErrKey
 		}
-		return p, e
+		priv.PublicKey = *pub
+		return (*ECDSAPrivateKey)(priv), e
+	default:
+		return nil, ErrPrivKey
 	}
-	return nil, ErrPrivKey
 }
 
 // Read a private key (file) string and create a public key. Return the private key.
-func readPrivateKeyRSA(m map[string]string) (PrivateKey, error) {
+func readPrivateKeyRSA(m map[string]string) (*rsa.PrivateKey, error) {
 	p := new(rsa.PrivateKey)
 	p.Primes = []*big.Int{nil, nil}
 	for k, v := range m {
@@ -119,7 +121,7 @@ func readPrivateKeyRSA(m map[string]string) (PrivateKey, error) {
 	return p, nil
 }
 
-func readPrivateKeyDSA(m map[string]string) (PrivateKey, error) {
+func readPrivateKeyDSA(m map[string]string) (*dsa.PrivateKey, error) {
 	p := new(dsa.PrivateKey)
 	p.X = big.NewInt(0)
 	for k, v := range m {
@@ -137,7 +139,7 @@ func readPrivateKeyDSA(m map[string]string) (PrivateKey, error) {
 	return p, nil
 }
 
-func readPrivateKeyECDSA(m map[string]string) (PrivateKey, error) {
+func readPrivateKeyECDSA(m map[string]string) (*ecdsa.PrivateKey, error) {
 	p := new(ecdsa.PrivateKey)
 	p.D = big.NewInt(0)
 	// TODO: validate that the required flags are present
@@ -156,11 +158,6 @@ func readPrivateKeyECDSA(m map[string]string) (PrivateKey, error) {
 	return p, nil
 }
 
-func readPrivateKeyGOST(m map[string]string) (PrivateKey, error) {
-	// TODO(miek)
-	return nil, nil
-}
-
 // parseKey reads a private key from r. It returns a map[string]string,
 // with the key-value pairs, or an error when the file is not correct.
 func parseKey(r io.Reader, file string) (map[string]string, error) {

parse_test.go

@@ -1265,8 +1265,8 @@ func TestNewPrivateKey(t *testing.T) {
 		}
 
 		switch newPrivKey := newPrivKey.(type) {
-		case *rsa.PrivateKey:
-			newPrivKey.Precompute()
+		case *RSAPrivateKey:
+			(*rsa.PrivateKey)(newPrivKey).Precompute()
 		}
 
 		if !reflect.DeepEqual(privkey, newPrivKey) {

sig0.go

@@ -19,7 +19,6 @@ import (
 	"crypto"
 	"crypto/dsa"
 	"crypto/ecdsa"
-	"crypto/rand"
 	"crypto/rsa"
 	"math/big"
 	"strings"
@@ -58,16 +57,13 @@ func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
 	}
 	buf = buf[:off:cap(buf)]
 	var hash crypto.Hash
-	var intlen int
 	switch rr.Algorithm {
 	case DSA, RSASHA1:
 		hash = crypto.SHA1
 	case RSASHA256, ECDSAP256SHA256:
 		hash = crypto.SHA256
-		intlen = 32
 	case ECDSAP384SHA384:
 		hash = crypto.SHA384
-		intlen = 48
 	case RSASHA512:
 		hash = crypto.SHA512
 	default:
@@ -80,31 +76,9 @@ func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
 	hasher.Write(buf[:len(mbuf)])
 	hashed := hasher.Sum(nil)
 
-	var sig []byte
-	switch p := k.(type) {
-	case *dsa.PrivateKey:
-		t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
-		r1, s1, err := dsa.Sign(rand.Reader, p, hashed)
-		if err != nil {
-			return nil, err
-		}
-		sig = append(sig, byte(t))
-		sig = append(sig, intToBytes(r1, 20)...)
-		sig = append(sig, intToBytes(s1, 20)...)
-	case *rsa.PrivateKey:
-		sig, err = rsa.SignPKCS1v15(rand.Reader, p, hash, hashed)
-		if err != nil {
-			return nil, err
-		}
-	case *ecdsa.PrivateKey:
-		r1, s1, err := ecdsa.Sign(rand.Reader, p, hashed)
-		if err != nil {
-			return nil, err
-		}
-		sig = intToBytes(r1, intlen)
-		sig = append(sig, intToBytes(s1, intlen)...)
-	default:
-		return nil, ErrAlg
+	sig, err := k.Sign(hashed, rr.Algorithm)
+	if err != nil {
+		return nil, err
 	}
 	rr.Signature = toBase64(sig)
 	buf = append(buf, sig...)
@@ -246,7 +220,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error {
 			return rsa.VerifyPKCS1v15(pk, hash, hashed, sig)
 		}
 	case ECDSAP256SHA256, ECDSAP384SHA384:
-		pk := k.publicKeyCurve()
+		pk := k.publicKeyECDSA()
 		r := big.NewInt(0)
 		r.SetBytes(sig[:len(sig)/2])
 		s := big.NewInt(0)