12 "golang.org/x/crypto/ed25519"
15 // Generate generates a DNSKEY of the given bit size.
16 // The public part is put inside the DNSKEY record.
17 // The Algorithm in the key must be set as this will define
18 // what kind of DNSKEY will be generated.
19 // The ECDSA algorithms imply a fixed keysize, in that case
20 // bits should be set to the size of the algorithm.
21 func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
23 case DSA, DSANSEC3SHA1:
25 return nil, ErrKeySize
27 case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
28 if bits < 512 || bits > 4096 {
29 return nil, ErrKeySize
32 if bits < 1024 || bits > 4096 {
33 return nil, ErrKeySize
37 return nil, ErrKeySize
41 return nil, ErrKeySize
45 return nil, ErrKeySize
50 case DSA, DSANSEC3SHA1:
51 params := new(dsa.Parameters)
52 if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
55 priv := new(dsa.PrivateKey)
56 priv.PublicKey.Parameters = *params
57 err := dsa.GenerateKey(priv, rand.Reader)
61 k.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
63 case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
64 priv, err := rsa.GenerateKey(rand.Reader, bits)
68 k.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
70 case ECDSAP256SHA256, ECDSAP384SHA384:
78 priv, err := ecdsa.GenerateKey(c, rand.Reader)
82 k.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
85 pub, priv, err := ed25519.GenerateKey(rand.Reader)
89 k.setPublicKeyED25519(pub)
96 // Set the public key (the value E and N)
97 func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
98 if _E == 0 || _N == nil {
101 buf := exponentToBuf(_E)
102 buf = append(buf, _N.Bytes()...)
103 k.PublicKey = toBase64(buf)
107 // Set the public key for Elliptic Curves
108 func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
109 if _X == nil || _Y == nil {
114 case ECDSAP256SHA256:
116 case ECDSAP384SHA384:
119 k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))
123 // Set the public key for DSA
124 func (k *DNSKEY) setPublicKeyDSA(_Q, _P, _G, _Y *big.Int) bool {
125 if _Q == nil || _P == nil || _G == nil || _Y == nil {
128 buf := dsaToBuf(_Q, _P, _G, _Y)
129 k.PublicKey = toBase64(buf)
133 // Set the public key for Ed25519
134 func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {
138 k.PublicKey = toBase64(_K)
142 // Set the public key (the values E and N) for RSA
143 // RFC 3110: Section 2. RSA Public KEY Resource Records
144 func exponentToBuf(_E int) []byte {
146 i := big.NewInt(int64(_E)).Bytes()
148 buf = make([]byte, 1, 1+len(i))
149 buf[0] = uint8(len(i))
151 buf = make([]byte, 3, 3+len(i))
153 buf[1] = uint8(len(i) >> 8)
154 buf[2] = uint8(len(i))
156 buf = append(buf, i...)
160 // Set the public key for X and Y for Curve. The two
161 // values are just concatenated.
162 func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
163 buf := intToBytes(_X, intlen)
164 buf = append(buf, intToBytes(_Y, intlen)...)
168 // Set the public key for X and Y for Curve. The two
169 // values are just concatenated.
170 func dsaToBuf(_Q, _P, _G, _Y *big.Int) []byte {
171 t := divRoundUp(divRoundUp(_G.BitLen(), 8)-64, 8)
172 buf := []byte{byte(t)}
173 buf = append(buf, intToBytes(_Q, 20)...)
174 buf = append(buf, intToBytes(_P, 64+t*8)...)
175 buf = append(buf, intToBytes(_G, 64+t*8)...)
176 buf = append(buf, intToBytes(_Y, 64+t*8)...)