Hulk did something

[bytom/vapor.git] / vendor / github.com / miekg / dns / dnssec_keygen.go

package dns

import (
        "crypto"
        "crypto/dsa"
        "crypto/ecdsa"
        "crypto/elliptic"
        "crypto/rand"
        "crypto/rsa"
        "math/big"

        "golang.org/x/crypto/ed25519"
)

// Generate generates a DNSKEY of the given bit size.
// The public part is put inside the DNSKEY record.
// The Algorithm in the key must be set as this will define
// what kind of DNSKEY will be generated.
// The ECDSA algorithms imply a fixed keysize, in that case
// bits should be set to the size of the algorithm.
func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
        switch k.Algorithm {
        case DSA, DSANSEC3SHA1:
                if bits != 1024 {
                        return nil, ErrKeySize
                }
        case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
                if bits < 512 || bits > 4096 {
                        return nil, ErrKeySize
                }
        case RSASHA512:
                if bits < 1024 || bits > 4096 {
                        return nil, ErrKeySize
                }
        case ECDSAP256SHA256:
                if bits != 256 {
                        return nil, ErrKeySize
                }
        case ECDSAP384SHA384:
                if bits != 384 {
                        return nil, ErrKeySize
                }
        case ED25519:
                if bits != 256 {
                        return nil, ErrKeySize
                }
        }

        switch k.Algorithm {
        case DSA, DSANSEC3SHA1:
                params := new(dsa.Parameters)
                if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
                        return nil, err
                }
                priv := new(dsa.PrivateKey)
                priv.PublicKey.Parameters = *params
                err := dsa.GenerateKey(priv, rand.Reader)
                if err != nil {
                        return nil, err
                }
                k.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
                return priv, nil
        case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
                priv, err := rsa.GenerateKey(rand.Reader, bits)
                if err != nil {
                        return nil, err
                }
                k.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
                return priv, nil
        case ECDSAP256SHA256, ECDSAP384SHA384:
                var c elliptic.Curve
                switch k.Algorithm {
                case ECDSAP256SHA256:
                        c = elliptic.P256()
                case ECDSAP384SHA384:
                        c = elliptic.P384()
                }
                priv, err := ecdsa.GenerateKey(c, rand.Reader)
                if err != nil {
                        return nil, err
                }
                k.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
                return priv, nil
        case ED25519:
                pub, priv, err := ed25519.GenerateKey(rand.Reader)
                if err != nil {
                        return nil, err
                }
                k.setPublicKeyED25519(pub)
                return priv, nil
        default:
                return nil, ErrAlg
        }
}

// Set the public key (the value E and N)
func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
        if _E == 0 || _N == nil {
                return false
        }
        buf := exponentToBuf(_E)
        buf = append(buf, _N.Bytes()...)
        k.PublicKey = toBase64(buf)
        return true
}

// Set the public key for Elliptic Curves
func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
        if _X == nil || _Y == nil {
                return false
        }
        var intlen int
        switch k.Algorithm {
        case ECDSAP256SHA256:
                intlen = 32
        case ECDSAP384SHA384:
                intlen = 48
        }
        k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))
        return true
}

// Set the public key for DSA
func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
        if _Q == nil || _P == nil || _G == nil || _Y == nil {
                return false
        }
        buf := dsaToBuf(_Q, _P, _G, _Y)
        k.PublicKey = toBase64(buf)
        return true
}

// Set the public key for Ed25519
func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {
        if _K == nil {
                return false
        }
        k.PublicKey = toBase64(_K)
        return true
}

// Set the public key (the values E and N) for RSA
// RFC 3110: Section 2. RSA Public KEY Resource Records
func exponentToBuf(_E int) []byte {
        var buf []byte
        i := big.NewInt(int64(_E)).Bytes()
        if len(i) < 256 {
                buf = make([]byte, 1, 1+len(i))
                buf[0] = uint8(len(i))
        } else {
                buf = make([]byte, 3, 3+len(i))
                buf[0] = 0
                buf[1] = uint8(len(i) >> 8)
                buf[2] = uint8(len(i))
        }
        buf = append(buf, i...)
        return buf
}

// Set the public key for X and Y for Curve. The two
// values are just concatenated.
func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
        buf := intToBytes(_X, intlen)
        buf = append(buf, intToBytes(_Y, intlen)...)
        return buf
}

// Set the public key for X and Y for Curve. The two
// values are just concatenated.
func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
        t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
        buf := []byte{byte(t)}
        buf = append(buf, intToBytes(_Q, 20)...)
        buf = append(buf, intToBytes(_P, 64+t*8)...)
        buf = append(buf, intToBytes(_G, 64+t*8)...)
        buf = append(buf, intToBytes(_Y, 64+t*8)...)
        return buf
}