221 lines
6.2 KiB
Go
221 lines
6.2 KiB
Go
package dns
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/dsa"
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"math/big"
|
|
"strconv"
|
|
)
|
|
|
|
const _FORMAT = "Private-key-format: v1.3\n"
|
|
|
|
type PrivateKey interface {
|
|
Sign([]byte, uint8) ([]byte, error)
|
|
String(uint8) string
|
|
}
|
|
|
|
// Generate generates a DNSKEY of the given bit size.
|
|
// The public part is put inside the DNSKEY record.
|
|
// The Algorithm in the key must be set as this will define
|
|
// what kind of DNSKEY will be generated.
|
|
// The ECDSA algorithms imply a fixed keysize, in that case
|
|
// bits should be set to the size of the algorithm.
|
|
func (r *DNSKEY) Generate(bits int) (PrivateKey, error) {
|
|
switch r.Algorithm {
|
|
case DSA, DSANSEC3SHA1:
|
|
if bits != 1024 {
|
|
return nil, ErrKeySize
|
|
}
|
|
case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
|
|
if bits < 512 || bits > 4096 {
|
|
return nil, ErrKeySize
|
|
}
|
|
case RSASHA512:
|
|
if bits < 1024 || bits > 4096 {
|
|
return nil, ErrKeySize
|
|
}
|
|
case ECDSAP256SHA256:
|
|
if bits != 256 {
|
|
return nil, ErrKeySize
|
|
}
|
|
case ECDSAP384SHA384:
|
|
if bits != 384 {
|
|
return nil, ErrKeySize
|
|
}
|
|
}
|
|
|
|
switch r.Algorithm {
|
|
case DSA, DSANSEC3SHA1:
|
|
params := new(dsa.Parameters)
|
|
if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
|
|
return nil, err
|
|
}
|
|
priv := new(dsa.PrivateKey)
|
|
priv.PublicKey.Parameters = *params
|
|
err := dsa.GenerateKey(priv, rand.Reader)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
r.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
|
|
return (*DSAPrivateKey)(priv), nil
|
|
case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
|
|
priv, err := rsa.GenerateKey(rand.Reader, bits)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
|
|
return (*RSAPrivateKey)(priv), nil
|
|
case ECDSAP256SHA256, ECDSAP384SHA384:
|
|
var c elliptic.Curve
|
|
switch r.Algorithm {
|
|
case ECDSAP256SHA256:
|
|
c = elliptic.P256()
|
|
case ECDSAP384SHA384:
|
|
c = elliptic.P384()
|
|
}
|
|
priv, err := ecdsa.GenerateKey(c, rand.Reader)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
r.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
|
|
return (*ECDSAPrivateKey)(priv), nil
|
|
default:
|
|
return nil, ErrAlg
|
|
}
|
|
}
|
|
|
|
// PrivateKeyString converts a PrivateKey to a string. This string has the same
|
|
// format as the private-key-file of BIND9 (Private-key-format: v1.3).
|
|
// It needs some info from the key (the algorithm), so its a method of the
|
|
// DNSKEY and calls PrivateKey.String(alg).
|
|
func (r *DNSKEY) PrivateKeyString(p PrivateKey) string {
|
|
return p.String(r.Algorithm)
|
|
}
|
|
|
|
type RSAPrivateKey rsa.PrivateKey
|
|
|
|
func (p *RSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
|
|
var hash crypto.Hash
|
|
switch alg {
|
|
case RSASHA1, RSASHA1NSEC3SHA1:
|
|
hash = crypto.SHA1
|
|
case RSASHA256:
|
|
hash = crypto.SHA256
|
|
case RSASHA512:
|
|
hash = crypto.SHA512
|
|
default:
|
|
return nil, ErrAlg
|
|
}
|
|
return rsa.SignPKCS1v15(nil, (*rsa.PrivateKey)(p), hash, hashed)
|
|
}
|
|
|
|
func (p *RSAPrivateKey) String(alg uint8) string {
|
|
if true {
|
|
algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
|
|
modulus := toBase64(p.PublicKey.N.Bytes())
|
|
e := big.NewInt(int64(p.PublicKey.E))
|
|
publicExponent := toBase64(e.Bytes())
|
|
privateExponent := toBase64(p.D.Bytes())
|
|
prime1 := toBase64(p.Primes[0].Bytes())
|
|
prime2 := toBase64(p.Primes[1].Bytes())
|
|
// Calculate Exponent1/2 and Coefficient as per: http://en.wikipedia.org/wiki/RSA#Using_the_Chinese_remainder_algorithm
|
|
// and from: http://code.google.com/p/go/issues/detail?id=987
|
|
one := big.NewInt(1)
|
|
p_1 := big.NewInt(0).Sub(p.Primes[0], one)
|
|
q_1 := big.NewInt(0).Sub(p.Primes[1], one)
|
|
exp1 := big.NewInt(0).Mod(p.D, p_1)
|
|
exp2 := big.NewInt(0).Mod(p.D, q_1)
|
|
coeff := big.NewInt(0).ModInverse(p.Primes[1], p.Primes[0])
|
|
|
|
exponent1 := toBase64(exp1.Bytes())
|
|
exponent2 := toBase64(exp2.Bytes())
|
|
coefficient := toBase64(coeff.Bytes())
|
|
|
|
return _FORMAT +
|
|
"Algorithm: " + algorithm + "\n" +
|
|
"Modulus: " + modulus + "\n" +
|
|
"PublicExponent: " + publicExponent + "\n" +
|
|
"PrivateExponent: " + privateExponent + "\n" +
|
|
"Prime1: " + prime1 + "\n" +
|
|
"Prime2: " + prime2 + "\n" +
|
|
"Exponent1: " + exponent1 + "\n" +
|
|
"Exponent2: " + exponent2 + "\n" +
|
|
"Coefficient: " + coefficient + "\n"
|
|
}
|
|
}
|
|
|
|
type ECDSAPrivateKey ecdsa.PrivateKey
|
|
|
|
func (p *ECDSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
|
|
var intlen int
|
|
switch alg {
|
|
case ECDSAP256SHA256:
|
|
intlen = 32
|
|
case ECDSAP384SHA384:
|
|
intlen = 48
|
|
default:
|
|
return nil, ErrAlg
|
|
}
|
|
r1, s1, err := ecdsa.Sign(rand.Reader, (*ecdsa.PrivateKey)(p), hashed)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
signature := intToBytes(r1, intlen)
|
|
signature = append(signature, intToBytes(s1, intlen)...)
|
|
return signature, nil
|
|
}
|
|
|
|
func (p *ECDSAPrivateKey) String(alg uint8) string {
|
|
if true {
|
|
algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
|
|
var intlen int
|
|
switch alg {
|
|
case ECDSAP256SHA256:
|
|
intlen = 32
|
|
case ECDSAP384SHA384:
|
|
intlen = 48
|
|
}
|
|
private := toBase64(intToBytes(p.D, intlen))
|
|
return _FORMAT +
|
|
"Algorithm: " + algorithm + "\n" +
|
|
"PrivateKey: " + private + "\n"
|
|
}
|
|
}
|
|
|
|
type DSAPrivateKey dsa.PrivateKey
|
|
|
|
func (p *DSAPrivateKey) Sign(hashed []byte, alg uint8) ([]byte, error) {
|
|
r1, s1, err := dsa.Sign(rand.Reader, (*dsa.PrivateKey)(p), hashed)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
|
|
signature := []byte{byte(t)}
|
|
signature = append(signature, intToBytes(r1, 20)...)
|
|
signature = append(signature, intToBytes(s1, 20)...)
|
|
return signature, nil
|
|
}
|
|
|
|
func (p *DSAPrivateKey) String(alg uint8) string {
|
|
if true {
|
|
algorithm := strconv.Itoa(int(alg)) + " (" + AlgorithmToString[alg] + ")"
|
|
T := divRoundUp(divRoundUp(p.PublicKey.Parameters.G.BitLen(), 8)-64, 8)
|
|
prime := toBase64(intToBytes(p.PublicKey.Parameters.P, 64+T*8))
|
|
subprime := toBase64(intToBytes(p.PublicKey.Parameters.Q, 20))
|
|
base := toBase64(intToBytes(p.PublicKey.Parameters.G, 64+T*8))
|
|
priv := toBase64(intToBytes(p.X, 20))
|
|
pub := toBase64(intToBytes(p.PublicKey.Y, 64+T*8))
|
|
return _FORMAT +
|
|
"Algorithm: " + algorithm + "\n" +
|
|
"Prime(p): " + prime + "\n" +
|
|
"Subprime(q): " + subprime + "\n" +
|
|
"Base(g): " + base + "\n" +
|
|
"Private_value(x): " + priv + "\n" +
|
|
"Public_value(y): " + pub + "\n"
|
|
}
|
|
}
|