From be51022368e61b58df929ca5a5867c348b7510ce Mon Sep 17 00:00:00 2001 From: Tom Thorogood Date: Sat, 24 Oct 2020 22:25:21 +1030 Subject: [PATCH] Remove the remnants of DSA support (#1184) crypto/dsa is formally deprecated as of go1.16 and DSA support was largely removed from this library in 9c315c51c341, but some remnants remained. --- dnssec.go | 43 ++++--------------------------------------- dnssec_keygen.go | 4 ++-- dnssec_keyscan.go | 18 +++--------------- dnssec_privkey.go | 20 ++------------------ doc.go | 2 +- sig0.go | 14 +------------- 6 files changed, 13 insertions(+), 88 deletions(-) diff --git a/dnssec.go b/dnssec.go index 68c0bd74d..b6dd9d410 100644 --- a/dnssec.go +++ b/dnssec.go @@ -3,7 +3,6 @@ package dns import ( "bytes" "crypto" - "crypto/dsa" "crypto/ecdsa" "crypto/elliptic" _ "crypto/md5" @@ -318,6 +317,7 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error { } rr.Signature = toBase64(signature) + return nil case RSAMD5, DSA, DSANSEC3SHA1: // See RFC 6944. return ErrAlg @@ -332,9 +332,8 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error { } rr.Signature = toBase64(signature) + return nil } - - return nil } func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, error) { @@ -346,7 +345,6 @@ func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, switch alg { case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512: return signature, nil - case ECDSAP256SHA256, ECDSAP384SHA384: ecdsaSignature := &struct { R, S *big.Int @@ -366,20 +364,11 @@ func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, signature := intToBytes(ecdsaSignature.R, intlen) signature = append(signature, intToBytes(ecdsaSignature.S, intlen)...) return signature, nil - - // There is no defined interface for what a DSA backed crypto.Signer returns - case DSA, DSANSEC3SHA1: - // t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8) - // signature := []byte{byte(t)} - // signature = append(signature, intToBytes(r1, 20)...) - // signature = append(signature, intToBytes(s1, 20)...) - // rr.Signature = signature - case ED25519: return signature, nil + default: + return nil, ErrAlg } - - return nil, ErrAlg } // Verify validates an RRSet with the signature and key. This is only the @@ -600,30 +589,6 @@ func (k *DNSKEY) publicKeyECDSA() *ecdsa.PublicKey { return pubkey } -func (k *DNSKEY) publicKeyDSA() *dsa.PublicKey { - keybuf, err := fromBase64([]byte(k.PublicKey)) - if err != nil { - return nil - } - if len(keybuf) < 22 { - return nil - } - t, keybuf := int(keybuf[0]), keybuf[1:] - size := 64 + t*8 - q, keybuf := keybuf[:20], keybuf[20:] - if len(keybuf) != 3*size { - return nil - } - p, keybuf := keybuf[:size], keybuf[size:] - g, y := keybuf[:size], keybuf[size:] - pubkey := new(dsa.PublicKey) - pubkey.Parameters.Q = new(big.Int).SetBytes(q) - pubkey.Parameters.P = new(big.Int).SetBytes(p) - pubkey.Parameters.G = new(big.Int).SetBytes(g) - pubkey.Y = new(big.Int).SetBytes(y) - return pubkey -} - func (k *DNSKEY) publicKeyED25519() ed25519.PublicKey { keybuf, err := fromBase64([]byte(k.PublicKey)) if err != nil { diff --git a/dnssec_keygen.go b/dnssec_keygen.go index 60737e5b2..2ab7b6d73 100644 --- a/dnssec_keygen.go +++ b/dnssec_keygen.go @@ -19,8 +19,6 @@ import ( // bits should be set to the size of the algorithm. func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) { switch k.Algorithm { - case RSAMD5, DSA, DSANSEC3SHA1: - return nil, ErrAlg case RSASHA1, RSASHA256, RSASHA1NSEC3SHA1: if bits < 512 || bits > 4096 { return nil, ErrKeySize @@ -41,6 +39,8 @@ func (k *DNSKEY) Generate(bits int) (crypto.PrivateKey, error) { if bits != 256 { return nil, ErrKeySize } + default: + return nil, ErrAlg } switch k.Algorithm { diff --git a/dnssec_keyscan.go b/dnssec_keyscan.go index 0e6f32016..6cbc28483 100644 --- a/dnssec_keyscan.go +++ b/dnssec_keyscan.go @@ -43,15 +43,7 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, er return nil, ErrPrivKey } switch uint8(algo) { - case RSAMD5, DSA, DSANSEC3SHA1: - return nil, ErrAlg - case RSASHA1: - fallthrough - case RSASHA1NSEC3SHA1: - fallthrough - case RSASHA256: - fallthrough - case RSASHA512: + case RSASHA1, RSASHA1NSEC3SHA1, RSASHA256, RSASHA512: priv, err := readPrivateKeyRSA(m) if err != nil { return nil, err @@ -62,11 +54,7 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, er } priv.PublicKey = *pub return priv, nil - case ECCGOST: - return nil, ErrPrivKey - case ECDSAP256SHA256: - fallthrough - case ECDSAP384SHA384: + case ECDSAP256SHA256, ECDSAP384SHA384: priv, err := readPrivateKeyECDSA(m) if err != nil { return nil, err @@ -80,7 +68,7 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, er case ED25519: return readPrivateKeyED25519(m) default: - return nil, ErrPrivKey + return nil, ErrAlg } } diff --git a/dnssec_privkey.go b/dnssec_privkey.go index 4493c9d57..072e445da 100644 --- a/dnssec_privkey.go +++ b/dnssec_privkey.go @@ -2,7 +2,6 @@ package dns import ( "crypto" - "crypto/dsa" "crypto/ecdsa" "crypto/rsa" "math/big" @@ -17,8 +16,8 @@ var bigIntOne = big.NewInt(1) // PrivateKeyString converts a PrivateKey to a string. This string has the same // format as the private-key-file of BIND9 (Private-key-format: v1.3). -// It needs some info from the key (the algorithm), so its a method of the DNSKEY -// It supports rsa.PrivateKey, ecdsa.PrivateKey and dsa.PrivateKey +// It needs some info from the key (the algorithm), so its a method of the DNSKEY. +// It supports *rsa.PrivateKey, *ecdsa.PrivateKey and ed25519.PrivateKey. func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string { algorithm := strconv.Itoa(int(r.Algorithm)) algorithm += " (" + AlgorithmToString[r.Algorithm] + ")" @@ -67,21 +66,6 @@ func (r *DNSKEY) PrivateKeyString(p crypto.PrivateKey) string { "Algorithm: " + algorithm + "\n" + "PrivateKey: " + private + "\n" - case *dsa.PrivateKey: - T := divRoundUp(divRoundUp(p.PublicKey.Parameters.G.BitLen(), 8)-64, 8) - prime := toBase64(intToBytes(p.PublicKey.Parameters.P, 64+T*8)) - subprime := toBase64(intToBytes(p.PublicKey.Parameters.Q, 20)) - base := toBase64(intToBytes(p.PublicKey.Parameters.G, 64+T*8)) - priv := toBase64(intToBytes(p.X, 20)) - pub := toBase64(intToBytes(p.PublicKey.Y, 64+T*8)) - return format + - "Algorithm: " + algorithm + "\n" + - "Prime(p): " + prime + "\n" + - "Subprime(q): " + subprime + "\n" + - "Base(g): " + base + "\n" + - "Private_value(x): " + priv + "\n" + - "Public_value(y): " + pub + "\n" - case ed25519.PrivateKey: private := toBase64(p.Seed()) return format + diff --git a/doc.go b/doc.go index 92421681f..6861de774 100644 --- a/doc.go +++ b/doc.go @@ -260,7 +260,7 @@ From RFC 2931: on requests and responses, and protection of the overall integrity of a response. It works like TSIG, except that SIG(0) uses public key cryptography, instead of -the shared secret approach in TSIG. Supported algorithms: DSA, ECDSAP256SHA256, +the shared secret approach in TSIG. Supported algorithms: ECDSAP256SHA256, ECDSAP384SHA384, RSASHA1, RSASHA256 and RSASHA512. Signing subsequent messages in multi-message sessions is not implemented. diff --git a/sig0.go b/sig0.go index 55cf1c386..9ef13ccf3 100644 --- a/sig0.go +++ b/sig0.go @@ -2,7 +2,6 @@ package dns import ( "crypto" - "crypto/dsa" "crypto/ecdsa" "crypto/rsa" "encoding/binary" @@ -85,7 +84,7 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { var hash crypto.Hash switch rr.Algorithm { - case DSA, RSASHA1: + case RSASHA1: hash = crypto.SHA1 case RSASHA256, ECDSAP256SHA256: hash = crypto.SHA256 @@ -178,17 +177,6 @@ func (rr *SIG) Verify(k *KEY, buf []byte) error { hashed := hasher.Sum(nil) sig := buf[sigend:] switch k.Algorithm { - case DSA: - pk := k.publicKeyDSA() - sig = sig[1:] - r := new(big.Int).SetBytes(sig[:len(sig)/2]) - s := new(big.Int).SetBytes(sig[len(sig)/2:]) - if pk != nil { - if dsa.Verify(pk, hashed, r, s) { - return nil - } - return ErrSig - } case RSASHA1, RSASHA256, RSASHA512: pk := k.publicKeyRSA() if pk != nil {