forgejo/vendor/github.com/miekg/dns/dnssec_keygen.go

package dns

import (
	"crypto"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/rsa"
	"math/big"

	"golang.org/x/crypto/ed25519"
)

// Generate generates a DNSKEY of the given bit size.
// The public part is put inside the DNSKEY record.
// The Algorithm in the key must be set as this will define
// what kind of DNSKEY will be generated.
// The ECDSA algorithms imply a fixed keysize, in that case
// bits should be set to the size of the algorithm.
func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {
	switch k.Algorithm {
	case RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
		if bits < 512 || bits > 4096 {
			return nil, ErrKeySize
		}
	case RSASHA512:
		if bits < 1024 || bits > 4096 {
			return nil, ErrKeySize
		}
	case ECDSAP256SHA256:
		if bits != 256 {
			return nil, ErrKeySize
		}
	case ECDSAP384SHA384:
		if bits != 384 {
			return nil, ErrKeySize
		}
	case ED25519:
		if bits != 256 {
			return nil, ErrKeySize
		}
	default:
		return nil, ErrAlg
	}

	switch k.Algorithm {
	case RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
		priv, err := rsa.GenerateKey(rand.Reader, bits)
		if err != nil {
			return nil, err
		}
		k.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
		return priv, nil
	case ECDSAP256SHA256, ECDSAP384SHA384:
		var c elliptic.Curve
		switch k.Algorithm {
		case ECDSAP256SHA256:
			c = elliptic.P256()
		case ECDSAP384SHA384:
			c = elliptic.P384()
		}
		priv, err := ecdsa.GenerateKey(c, rand.Reader)
		if err != nil {
			return nil, err
		}
		k.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)
		return priv, nil
	case ED25519:
		pub, priv, err := ed25519.GenerateKey(rand.Reader)
		if err != nil {
			return nil, err
		}
		k.setPublicKeyED25519(pub)
		return priv, nil
	default:
		return nil, ErrAlg
	}
}

// Set the public key (the value E and N)
func (k *DNSKEY) setPublicKeyRSA(_E int, _N *big.Int) bool {
	if _E == 0 || _N == nil {
		return false
	}
	buf := exponentToBuf(_E)
	buf = append(buf, _N.Bytes()...)
	k.PublicKey = toBase64(buf)
	return true
}

// Set the public key for Elliptic Curves
func (k *DNSKEY) setPublicKeyECDSA(_X, _Y *big.Int) bool {
	if _X == nil || _Y == nil {
		return false
	}
	var intlen int
	switch k.Algorithm {
	case ECDSAP256SHA256:
		intlen = 32
	case ECDSAP384SHA384:
		intlen = 48
	}
	k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))
	return true
}

// Set the public key for Ed25519
func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {
	if _K == nil {
		return false
	}
	k.PublicKey = toBase64(_K)
	return true
}

// Set the public key (the values E and N) for RSA
// RFC 3110: Section 2. RSA Public KEY Resource Records
func exponentToBuf(_E int) []byte {
	var buf []byte
	i := big.NewInt(int64(_E)).Bytes()
	if len(i) < 256 {
		buf = make([]byte, 1, 1+len(i))
		buf[0] = uint8(len(i))
	} else {
		buf = make([]byte, 3, 3+len(i))
		buf[0] = 0
		buf[1] = uint8(len(i) >> 8)
		buf[2] = uint8(len(i))
	}
	buf = append(buf, i...)
	return buf
}

// Set the public key for X and Y for Curve. The two
// values are just concatenated.
func curveToBuf(_X, _Y *big.Int, intlen int) []byte {
	buf := intToBytes(_X, intlen)
	buf = append(buf, intToBytes(_Y, intlen)...)
	return buf
}
Use caddy's certmagic library for extensible/robust ACME handling (#14177) * use certmagic for more extensible/robust ACME cert handling * accept TOS based on config option Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 2021-01-24 18:37:35 -05:00			`package dns`

			`import (`
			`"crypto"`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"math/big"`
[Vendor] Update directly used dependencys (#15593) * update github.com/blevesearch/bleve v2.0.2 -> v2.0.3 * github.com/denisenkom/go-mssqldb v0.9.0 -> v0.10.0 * github.com/editorconfig/editorconfig-core-go v2.4.1 -> v2.4.2 * github.com/go-chi/cors v1.1.1 -> v1.2.0 * github.com/go-git/go-billy v5.0.0 -> v5.1.0 * github.com/go-git/go-git v5.2.0 -> v5.3.0 * github.com/go-ldap/ldap v3.2.4 -> v3.3.0 * github.com/go-redis/redis v8.6.0 -> v8.8.2 * github.com/go-sql-driver/mysql v1.5.0 -> v1.6.0 * github.com/go-swagger/go-swagger v0.26.1 -> v0.27.0 * github.com/lib/pq v1.9.0 -> v1.10.1 * github.com/mattn/go-sqlite3 v1.14.6 -> v1.14.7 * github.com/go-testfixtures/testfixtures v3.5.0 -> v3.6.0 * github.com/issue9/identicon v1.0.1 -> v1.2.0 * github.com/klauspost/compress v1.11.8 -> v1.12.1 * github.com/mgechev/revive v1.0.3 -> v1.0.6 * github.com/microcosm-cc/bluemonday v1.0.7 -> v1.0.8 * github.com/niklasfasching/go-org v1.4.0 -> v1.5.0 * github.com/olivere/elastic v7.0.22 -> v7.0.24 * github.com/pelletier/go-toml v1.8.1 -> v1.9.0 * github.com/prometheus/client_golang v1.9.0 -> v1.10.0 * github.com/xanzy/go-gitlab v0.44.0 -> v0.48.0 * github.com/yuin/goldmark v1.3.3 -> v1.3.5 * github.com/6543/go-version v1.2.4 -> v1.3.1 * do github.com/lib/pq v1.10.0 -> v1.10.1 again ... 2021-04-23 02:08:53 +02:00
			`"golang.org/x/crypto/ed25519"`
Use caddy's certmagic library for extensible/robust ACME handling (#14177) * use certmagic for more extensible/robust ACME cert handling * accept TOS based on config option Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 2021-01-24 18:37:35 -05:00			`)`

			`// Generate generates a DNSKEY of the given bit size.`
			`// The public part is put inside the DNSKEY record.`
			`// The Algorithm in the key must be set as this will define`
			`// what kind of DNSKEY will be generated.`
			`// The ECDSA algorithms imply a fixed keysize, in that case`
			`// bits should be set to the size of the algorithm.`
			`func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) {`
			`switch k.Algorithm {`
			`case RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:`
			`if bits < 512 \|\| bits > 4096 {`
			`return nil, ErrKeySize`
			`}`
			`case RSASHA512:`
			`if bits < 1024 \|\| bits > 4096 {`
			`return nil, ErrKeySize`
			`}`
			`case ECDSAP256SHA256:`
			`if bits != 256 {`
			`return nil, ErrKeySize`
			`}`
			`case ECDSAP384SHA384:`
			`if bits != 384 {`
			`return nil, ErrKeySize`
			`}`
			`case ED25519:`
			`if bits != 256 {`
			`return nil, ErrKeySize`
			`}`
go1.16 (#14783) 2021-02-28 18:08:33 -05:00			`default:`
			`return nil, ErrAlg`
Use caddy's certmagic library for extensible/robust ACME handling (#14177) * use certmagic for more extensible/robust ACME cert handling * accept TOS based on config option Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 2021-01-24 18:37:35 -05:00			`}`

			`switch k.Algorithm {`
			`case RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:`
			`priv, err := rsa.GenerateKey(rand.Reader, bits)`
			`if err != nil {`
			`return nil, err`
			`}`
			`k.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)`
			`return priv, nil`
			`case ECDSAP256SHA256, ECDSAP384SHA384:`
			`var c elliptic.Curve`
			`switch k.Algorithm {`
			`case ECDSAP256SHA256:`
			`c = elliptic.P256()`
			`case ECDSAP384SHA384:`
			`c = elliptic.P384()`
			`}`
			`priv, err := ecdsa.GenerateKey(c, rand.Reader)`
			`if err != nil {`
			`return nil, err`
			`}`
			`k.setPublicKeyECDSA(priv.PublicKey.X, priv.PublicKey.Y)`
			`return priv, nil`
			`case ED25519:`
			`pub, priv, err := ed25519.GenerateKey(rand.Reader)`
			`if err != nil {`
			`return nil, err`
			`}`
			`k.setPublicKeyED25519(pub)`
			`return priv, nil`
			`default:`
			`return nil, ErrAlg`
			`}`
			`}`

			`// Set the public key (the value E and N)`
			`func (k DNSKEY) setPublicKeyRSA(_E int, _N big.Int) bool {`
			`if _E == 0 \|\| _N == nil {`
			`return false`
			`}`
			`buf := exponentToBuf(_E)`
			`buf = append(buf, _N.Bytes()...)`
			`k.PublicKey = toBase64(buf)`
			`return true`
			`}`

			`// Set the public key for Elliptic Curves`
			`func (k DNSKEY) setPublicKeyECDSA(_X, _Y big.Int) bool {`
			`if _X == nil \|\| _Y == nil {`
			`return false`
			`}`
			`var intlen int`
			`switch k.Algorithm {`
			`case ECDSAP256SHA256:`
			`intlen = 32`
			`case ECDSAP384SHA384:`
			`intlen = 48`
			`}`
			`k.PublicKey = toBase64(curveToBuf(_X, _Y, intlen))`
			`return true`
			`}`

			`// Set the public key for Ed25519`
			`func (k *DNSKEY) setPublicKeyED25519(_K ed25519.PublicKey) bool {`
			`if _K == nil {`
			`return false`
			`}`
			`k.PublicKey = toBase64(_K)`
			`return true`
			`}`

			`// Set the public key (the values E and N) for RSA`
			`// RFC 3110: Section 2. RSA Public KEY Resource Records`
			`func exponentToBuf(_E int) []byte {`
			`var buf []byte`
			`i := big.NewInt(int64(_E)).Bytes()`
			`if len(i) < 256 {`
			`buf = make([]byte, 1, 1+len(i))`
			`buf[0] = uint8(len(i))`
			`} else {`
			`buf = make([]byte, 3, 3+len(i))`
			`buf[0] = 0`
			`buf[1] = uint8(len(i) >> 8)`
			`buf[2] = uint8(len(i))`
			`}`
			`buf = append(buf, i...)`
			`return buf`
			`}`

			`// Set the public key for X and Y for Curve. The two`
			`// values are just concatenated.`
			`func curveToBuf(_X, _Y *big.Int, intlen int) []byte {`
			`buf := intToBytes(_X, intlen)`
			`buf = append(buf, intToBytes(_Y, intlen)...)`
			`return buf`
			`}`