From f170bd170a1adee75f3512f1285131b49e141f31 Mon Sep 17 00:00:00 2001 From: David Blacka Date: Fri, 2 Dec 2016 17:49:09 -0500 Subject: [PATCH] Elliptic curve support. Improve usage, unknown algorithm error handling in jdnssec-keygen Use the bouncycastle crypto provider for ECCGOST if available --- ChangeLog | 432 +++++++++--------- build.xml | 23 +- src/com/verisignlabs/dnssec/cl/KeyGen.java | 27 +- src/com/verisignlabs/dnssec/cl/SignZone.java | 1 + .../dnssec/security/DnsKeyAlgorithm.java | 323 +++++++++++-- .../dnssec/security/DnsKeyConverter.java | 146 ++++-- .../dnssec/security/DnsSecVerifier.java | 7 +- .../dnssec/security/JCEDnsSecSigner.java | 15 +- .../dnssec/security/SignUtils.java | 120 +++++ 9 files changed, 773 insertions(+), 321 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0285fdb..fe61a6c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,388 +1,406 @@ +2016-12-05 David Blacka + + * Add key generation, signing, verification support for elliptic + curve algorithms: ECC-GOST (12), ECDSA P-256 (13) and ECDSA P-384 (15). + +2016-08-22 David Blacka + + * Update internal dnsjava to 2.1.7-vrsn-1. + +2014-04-22 David Blacka + + * ZoneFormat: Make -N also compute original ownernames for empty + non-terminal NSEC3 records. + + * ZoneVerifier: Improve the zone verifiers handling of "junk" in a + zone (i.e., ignore resource records that aren't actually in the + zone itself.) + 2012-07-16 David Blacka - * Released version 0.12. + * Released version 0.12. - * TypeMap: fix the fromBytes() method, which was incorrect and add - a static fromString() method. - * ProtoNSEC3: use TypeMap's toString method, rather than fetching - the array of types and rendering them directly. + * TypeMap: fix the fromBytes() method, which was incorrect and add + a static fromString() method. + * ProtoNSEC3: use TypeMap's toString method, rather than fetching + the array of types and rendering them directly. 2012-05-29 David Blacka - * Released version 0.11. + * Released version 0.11. 2012-05-26 David Blacka - * Update dnsjava to dnsjava-2.1.3-vrsn-1. Update the code to - adjust for API changes in dnsjava-2.1.x. Highlights: - - no longer use DNSSEC.Failed, DNSSEC.Secure as those constants - are now gone. Instead, any methods returning those constants now - return a boolean, true for DNSSEC.Secure, false for DNSSEC.Failed - or DNSSEC.Insecure. - - No longer use KEYConverter. Instead, uses the new DNSKEYRecord - constructor. - - The NSEC3 digest type is now an int (rather than a byte) - - Algorithm references are now DNSSEC.Algorithm. + * Update dnsjava to dnsjava-2.1.3-vrsn-1. Update the code to + adjust for API changes in dnsjava-2.1.x. Highlights: + - no longer use DNSSEC.Failed, DNSSEC.Secure as those constants + are now gone. Instead, any methods returning those constants now + return a boolean, true for DNSSEC.Secure, false for DNSSEC.Failed + or DNSSEC.Insecure. + - No longer use KEYConverter. Instead, uses the new DNSKEYRecord + constructor. + - The NSEC3 digest type is now an int (rather than a byte) + - Algorithm references are now DNSSEC.Algorithm. - * jdnssec-verifyzone: Add duplicate RR detection (on by default) - and a command line option to disable it. + * jdnssec-verifyzone: Add duplicate RR detection (on by default) + and a command line option to disable it. 2011-02-14 David Blacka - * Released version 0.10.1. + * Released version 0.10.1. 2011-02-12 David Blacka - * Use Java 1.5 generic types when possible. DNSJava itself still - doesn't use them, so we have to suppress warnings when we use - RRset.rrs(), etc. - * Update commons-cli to version 1.2. - * Refactor all of the command line classes. A new command line - base class has been created to eliminate much of the duplicated - code. + * Use Java 1.5 generic types when possible. DNSJava itself still + doesn't use them, so we have to suppress warnings when we use + RRset.rrs(), etc. + * Update commons-cli to version 1.2. + * Refactor all of the command line classes. A new command line + base class has been created to eliminate much of the duplicated + code. 2011-02-09 David Blacka - * Enable reading and writing from stdin/stdout for most tools. To - do this, use '-' as the zonefile name. - * jdnssec-signzone, jdnssec-signrrset: remove 'multiline' output - as the default and add a command line switch (-m) to enable it. - That is, these tools will output each RR on a single line by - default, adding -m will restore the prior behavior. + * Enable reading and writing from stdin/stdout for most tools. To + do this, use '-' as the zonefile name. + * jdnssec-signzone, jdnssec-signrrset: remove 'multiline' output + as the default and add a command line switch (-m) to enable it. + That is, these tools will output each RR on a single line by + default, adding -m will restore the prior behavior. 2011-02-08 David Blacka - * Minor cleanups to usage statement printing across most of the tools. + * Minor cleanups to usage statement printing across most of the tools. 2011-02-03 David Blacka - * Released version 0.10 - * jdnssec-keygen: update the default algorithm to 8 (instead of 5). - * Update logging across all command line tools to use a consistent - '-v' option, and consistent, simpler log formatting. - * jdnssec-verifyzone: resume logging the key information at INFO, - but make the default log level WARNING. To see the old logging - behavior, use -v 4. + * Released version 0.10 + * jdnssec-keygen: update the default algorithm to 8 (instead of 5). + * Update logging across all command line tools to use a consistent + '-v' option, and consistent, simpler log formatting. + * jdnssec-verifyzone: resume logging the key information at INFO, + but make the default log level WARNING. To see the old logging + behavior, use -v 4. 2011-02-02 David Blacka - * DnsKeyConverter: support the new BIND 9.7 private key format, - which only entails recognizing the new version string, since the - new format is a superset of the old format. + * DnsKeyConverter: support the new BIND 9.7 private key format, + which only entails recognizing the new version string, since the + new format is a superset of the old format. 2011-01-11 David Blacka - * jdnssec-zoneformat: add a -m option for formatting as - multiline. Add a -N option for determining the original - ownernames for NSEC3 signed zones. + * jdnssec-zoneformat: add a -m option for formatting as + multiline. Add a -N option for determining the original + ownernames for NSEC3 signed zones. 2010-12-14 David Blacka - * jdnssec-verifyzone: Add options to either fudge or ignore RRSIG - inception and expiration times. + * jdnssec-verifyzone: Add options to either fudge or ignore RRSIG + inception and expiration times. 2010-12-06 David Blacka - * jdnssec-verifyzone: Complete refactored the verification code to - more comprehensively check a zone for DNSSEC validity. Instead of - just verifying signatures, it will also check to see if the NSEC - or NSEC3 chains are valid. + * jdnssec-verifyzone: Complete refactored the verification code to + more comprehensively check a zone for DNSSEC validity. Instead of + just verifying signatures, it will also check to see if the NSEC + or NSEC3 chains are valid. 2010-12-05 David Blacka - * jdnssec-signzone: Fix a bug that would incorrectly handle - delgations below delegations (those should be ignored.) + * jdnssec-signzone: Fix a bug that would incorrectly handle + delgations below delegations (those should be ignored.) - * jdnssec-signzone: Make the signer ignore junk below a DNAME. - This differs from BIND's dnssec-signzone behavior (currently), but - is the correct behavior, as stuff below a DNAME doesn't actually - exist in DNS. Note that if a name in a zone has both a DNAME and - a NS RRset (and is not at the apex), then the behavior is a bit - undefined. + * jdnssec-signzone: Make the signer ignore junk below a DNAME. + This differs from BIND's dnssec-signzone behavior (currently), but + is the correct behavior, as stuff below a DNAME doesn't actually + exist in DNS. Note that if a name in a zone has both a DNAME and + a NS RRset (and is not at the apex), then the behavior is a bit + undefined. - * jdnssec-signzone: Fix a bug that would incorrectly set the RRSIG - bit for NSEC3 RRs corresponding to insecure delegations. + * jdnssec-signzone: Fix a bug that would incorrectly set the RRSIG + bit for NSEC3 RRs corresponding to insecure delegations. - * jdnssec-signzone: add a "verbose signing" option. This will - cause the pre-signed bytes and the raw signature bytes to be - output when signing. - * Other fixes: some minor tweaks and comment fixes. - Unfortunately, also a lot of rewrapping and whitespace changes due - to Eclipse. Sigh. + * jdnssec-signzone: add a "verbose signing" option. This will + cause the pre-signed bytes and the raw signature bytes to be + output when signing. + * Other fixes: some minor tweaks and comment fixes. + Unfortunately, also a lot of rewrapping and whitespace changes due + to Eclipse. Sigh. 2010-01-14 David Blacka - * Released version 0.9.6 + * Released version 0.9.6 2010-01-09 David Blacka - * Upgrade to DNSJava 2.0.8 (plus a few local changes). 2.0.8 - fixes a major bug in typemap wire conversion. + * Upgrade to DNSJava 2.0.8 (plus a few local changes). 2.0.8 + fixes a major bug in typemap wire conversion. 2009-11-02 David Blacka - * Released version 0.9.5 + * Released version 0.9.5 2009-11-01 David Blacka - * Upgrade to DNSJava 2.0.7 (plus a few local changes). - * DnsKeyAlogorithm: change the RSASHA512 number to 10. + * Upgrade to DNSJava 2.0.7 (plus a few local changes). + * DnsKeyAlogorithm: change the RSASHA512 number to 10. 2009-08-23 David Blacka - * Released version 0.9.4 + * Released version 0.9.4 2009-07-15 David Blacka - * SignUtils: Fix major issue where the code that generates that - canonical RRset given signature data wasn't obeying the "Orig TTL" - and "Labels" fields. This is a major issue with verification, - although it doesn't affect signature generation. + * SignUtils: Fix major issue where the code that generates that + canonical RRset given signature data wasn't obeying the "Orig TTL" + and "Labels" fields. This is a major issue with verification, + although it doesn't affect signature generation. - * VerifyZone: Fix bug where the whole-zone security status was - still wrong: unsigned RRsets shouldn't make the zone Bogus. + * VerifyZone: Fix bug where the whole-zone security status was + still wrong: unsigned RRsets shouldn't make the zone Bogus. 2009-06-12 David Blacka - * VerifyZone: Fix bug in verification logic so that RRsets that - never find a valid signature (i.e., only have signatures by keys - that aren't in the zone) are considered Bogus. Note that - VerifyZone still can't tell if a RRset that should be signed - wasn't (or vice versa). + * VerifyZone: Fix bug in verification logic so that RRsets that + never find a valid signature (i.e., only have signatures by keys + that aren't in the zone) are considered Bogus. Note that + VerifyZone still can't tell if a RRset that should be signed + wasn't (or vice versa). - * dnsjava: Update local copy of dnsjava library. This version - adds NSEC3 agorithms to DNSSECVerifier and KEYConverter, emulates - DiG's "OPT PSEUDOSECTION" formatting in Message.toString(), and - adds a minimal DHCIDRecord type. Note that the DNSjava trunk has - a different (although functional similar) version of this type. + * dnsjava: Update local copy of dnsjava library. This version + adds NSEC3 agorithms to DNSSECVerifier and KEYConverter, emulates + DiG's "OPT PSEUDOSECTION" formatting in Message.toString(), and + adds a minimal DHCIDRecord type. Note that the DNSjava trunk has + a different (although functional similar) version of this type. 2009-06-09 David Blacka - * VerifyZone: Improve the output. + * VerifyZone: Improve the output. - * SignKeyset: Add a command line tool for just signing DNSKEY RRsets. + * SignKeyset: Add a command line tool for just signing DNSKEY RRsets. 2009-02-10 David Blacka - * Released version 0.9.0 + * Released version 0.9.0 2009-02-08 David Blacka - * KeyGen: make RSA large exponent the default. Make it possible - to select small exponent. + * KeyGen: make RSA large exponent the default. Make it possible + to select small exponent. - * KeyInfoTool: add more info to the output, handle multiple files - on the command line. + * KeyInfoTool: add more info to the output, handle multiple files + on the command line. - * DnsKeyAlgorithm: use DNSjava constants, BIND 9.6 mnemonics for - NSEC3 key aliases. + * DnsKeyAlgorithm: use DNSjava constants, BIND 9.6 mnemonics for + NSEC3 key aliases. 2009-02-07 David Blacka - * SignZone: add argument for setting the TTL of the NSEC3PARAM - record. This is so we can match current dnssec-signzone - (9.6.0-p1) behavior of using a TTL of zero. + * SignZone: add argument for setting the TTL of the NSEC3PARAM + record. This is so we can match current dnssec-signzone + (9.6.0-p1) behavior of using a TTL of zero. - * Update dnsjava to 2.0.6-vrsn-2, commons-cli to 1.1 + * Update dnsjava to 2.0.6-vrsn-2, commons-cli to 1.1 - * SignUtils: fix bug where NSEC3 algorithm and flags were transposed. + * SignUtils: fix bug where NSEC3 algorithm and flags were transposed. - * SignUtils: Make sure to use the SOA minimum value for NSEC TTLs, - instead of the ttl of the "node". + * SignUtils: Make sure to use the SOA minimum value for NSEC TTLs, + instead of the ttl of the "node". 2009-02-04 David Blacka - * update to dnsjava-2.0.1-vrsn-4 (updated typecodes for - NSEC3/NSEC3PARAM). + * update to dnsjava-2.0.1-vrsn-4 (updated typecodes for + NSEC3/NSEC3PARAM). - * SignUtils: use JDK-native SHA-256 code instead of broken - contributed implementation. + * SignUtils: use JDK-native SHA-256 code instead of broken + contributed implementation. - * DnsKeyAlgorithm: Add RSASHA256 and RSASHA512 algorithm, guessing - at the code points. Note, these require Java 5 or later, or an - alternate crypto provider. + * DnsKeyAlgorithm: Add RSASHA256 and RSASHA512 algorithm, guessing + at the code points. Note, these require Java 5 or later, or an + alternate crypto provider. - * ZoneUtils: add a method to find specific RRs in a list of RRs - or RRsets. + * ZoneUtils: add a method to find specific RRs in a list of RRs + or RRsets. - * SignZone: make jdnssec-signzone a bit more aggressive in finding - keys. Now it will look for keyfiles matching keys at the zone - apex, and, failing that, just look for keyfiles named after the - zone. Specifying any keys at all on the command line will - override this behavior. + * SignZone: make jdnssec-signzone a bit more aggressive in finding + keys. Now it will look for keyfiles matching keys at the zone + apex, and, failing that, just look for keyfiles named after the + zone. Specifying any keys at all on the command line will + override this behavior. 2009-02-01 David Blacka - * DnsKeyAlgorithm: add official aliases from RFC 5155. + * DnsKeyAlgorithm: add official aliases from RFC 5155. - * JCEDnsSecSigner: refactor zone signing methods to remove - duplicate code. + * JCEDnsSecSigner: refactor zone signing methods to remove + duplicate code. - * SignZone: move the signZone() methods to JCEDnsSecSigner + * SignZone: move the signZone() methods to JCEDnsSecSigner - * BINDKeyUtils: close the private key file after reading it. - Patch by Wolfgang Nagele. + * BINDKeyUtils: close the private key file after reading it. + Patch by Wolfgang Nagele. 2006-12-15 David Blacka - * Release version 0.8.4 + * Release version 0.8.4 - * SignZone: updated internals (and dnsjava lib) to match wire - format changes introduced by the nsec3-08 draft. + * SignZone: updated internals (and dnsjava lib) to match wire + format changes introduced by the nsec3-08 draft. 2006-10-10 David Blacka - * Released version 0.8.3 + * Released version 0.8.3 - * ZoneFormat: fix RRSIG ordering issue when dealing with multiple - RRSIGs for a given RRset. + * ZoneFormat: fix RRSIG ordering issue when dealing with multiple + RRSIGs for a given RRset. - * ZoneFormat: lowercase all names in the zone. + * ZoneFormat: lowercase all names in the zone. - * Fix packaging errors. + * Fix packaging errors. 2006-09-12 David Blacka - * Released version 0.8.0. + * Released version 0.8.0. 2006-09-10 David Blacka - * Added the "KeyInfoTool" command line tool as the start of a tool - for decoding DNSKEY information. Right now, mostly just useful - for checking the public exponenent of RSA keys. + * Added the "KeyInfoTool" command line tool as the start of a tool + for decoding DNSKEY information. Right now, mostly just useful + for checking the public exponenent of RSA keys. - * Added the "-e" option to jdnssec-keygen, to instruct the key - generator to use the (common) large exponent in RSA key - generation. + * Added the "-e" option to jdnssec-keygen, to instruct the key + generator to use the (common) large exponent in RSA key + generation. 2006-08-31 David Blacka - * Modified jdnssec-signzone to set the ttls of NSEC3 records (so - far) to the SOA minimum value. + * Modified jdnssec-signzone to set the ttls of NSEC3 records (so + far) to the SOA minimum value. - * Add NSEC3PARAM support for compatibility with the -07 NSEC3 - draft. + * Add NSEC3PARAM support for compatibility with the -07 NSEC3 + draft. 2006-05-24 David Blacka - * Add some error checking for the NSEC3 command line parameters - for jdnssec-signzone. + * Add some error checking for the NSEC3 command line parameters + for jdnssec-signzone. - * Update local dnsjava build to 2.0.1. This also contains a - change to the NSEC3 rdata format (as per the -06pre NSEC3 draft). - The change is the addition of a "next hashed owner name" length - octet. + * Update local dnsjava build to 2.0.1. This also contains a + change to the NSEC3 rdata format (as per the -06pre NSEC3 draft). + The change is the addition of a "next hashed owner name" length + octet. - * Modified the jdnssec-* shell wrappers to also use the local - build area version of the jdnssec-tools.jar file. This allows the - standard jdnssec-* wrappers to work right from the build area. + * Modified the jdnssec-* shell wrappers to also use the local + build area version of the jdnssec-tools.jar file. This allows the + standard jdnssec-* wrappers to work right from the build area. - * Add support of the SHA256 algorithm for DS records. This uses - the SHA256 class that I obtained from Scott Rose (thanks Scott!). + * Add support of the SHA256 algorithm for DS records. This uses + the SHA256 class that I obtained from Scott Rose (thanks Scott!). - * Change the name of the package and jar file to jdnssec-tools - (from java-dnssec-tools) for consistency. + * Change the name of the package and jar file to jdnssec-tools + (from java-dnssec-tools) for consistency. - * release version 0.7.0. + * release version 0.7.0. 2006-05-23 David Blacka - * Add support for algorithm aliases. This feature is so that the - user can declare the DNSKEY algorithm x is the same as algorithm 5 - (e.g.). So far, this only works with straight integer algorithm - identifiers (no private alg support yet). + * Add support for algorithm aliases. This feature is so that the + user can declare the DNSKEY algorithm x is the same as algorithm 5 + (e.g.). So far, this only works with straight integer algorithm + identifiers (no private alg support yet). - * Fix jdnssec-signzone so that you can specify multiple KSKs on - the command line. Apparently, commons-cli actually does handle - repeating command line options correctly. + * Fix jdnssec-signzone so that you can specify multiple KSKs on + the command line. Apparently, commons-cli actually does handle + repeating command line options correctly. 2006-05-03 David Blacka - * Add preliminary implementation of jdnssec-dstool. This is a - simple command line tool that takes a DNSKEY record and converts - it into a DS record (or a DLV record). Right now, it requires - that the key is stored in a file ending with '.key'. + * Add preliminary implementation of jdnssec-dstool. This is a + simple command line tool that takes a DNSKEY record and converts + it into a DS record (or a DLV record). Right now, it requires + that the key is stored in a file ending with '.key'. - * release version 0.6.0. + * release version 0.6.0. 2006-03-15 David Blacka - * Type map changes for NSEC3, corresponding to changes in draft - -05pre. Essentially: NSEC3 and RRSIG bits are not set for most - (all) NSEC3 records any longer. + * Type map changes for NSEC3, corresponding to changes in draft + -05pre. Essentially: NSEC3 and RRSIG bits are not set for most + (all) NSEC3 records any longer. 2006-03-06 David Blacka - * release version 0.5.0. + * release version 0.5.0. 2006-02-16 David Blacka - * Make RecordComparator also compare RDATA so the removeDuplicates - step actually works reliabled. This was masked by the dupicate - suppression in org.xbill.DNS.RRset. + * Make RecordComparator also compare RDATA so the removeDuplicates + step actually works reliabled. This was masked by the dupicate + suppression in org.xbill.DNS.RRset. - * Only allow one command line specified KSK since commons-cli - doesn't seem to handle multi-arg options correctly. + * Only allow one command line specified KSK since commons-cli + doesn't seem to handle multi-arg options correctly. - * Do not croak on the lack of the command-line keys for now. + * Do not croak on the lack of the command-line keys for now. - * New version of local dnsjava build containing NSEC3 changes - corresponding to the -04pre draft. + * New version of local dnsjava build containing NSEC3 changes + corresponding to the -04pre draft. 2005-11-16 David Blacka - * Make jdnssec-verifyzone work with just the zone (which is - self-signed anyway). + * Make jdnssec-verifyzone work with just the zone (which is + self-signed anyway). - * release version 0.4.2. + * release version 0.4.2. 2005-11-09 David Blacka - * Add original ownername comments to the NSEC3 generation. + * Add original ownername comments to the NSEC3 generation. 2005-11-08 David Blacka - * New zone formatter. + * New zone formatter. - * Misc bug fixes. + * Misc bug fixes. - * release version 0.4.1. + * release version 0.4.1. 2005-11-07 David Blacka - * Update the local dnsjava build with a bugfix. + * Update the local dnsjava build with a bugfix. - * Fix ordering problem with ProtoNSEC3s. + * Fix ordering problem with ProtoNSEC3s. 2005-11-06 David Blacka - * Actually use the --iterations command line option of - jdnssec-signzone. + * Actually use the --iterations command line option of + jdnssec-signzone. 2005-10-27 David Blacka - * Add NSEC3 support for jdnssec-signzone. + * Add NSEC3 support for jdnssec-signzone. - * Remove support for plain Opt-In (until private algorithms work). + * Remove support for plain Opt-In (until private algorithms work). - * release version 0.4.0. + * release version 0.4.0. 2005-08-14 David Blacka - * Move the signZone function into the SignZone class (from the - SignUtils) class. + * Move the signZone function into the SignZone class (from the + SignUtils) class. - * General cleanup. + * General cleanup. - * Add local _jdnssec-* shell wrappers. These use build/classes in - the classpath so can be used to run the tools right out of the - build area. + * Add local _jdnssec-* shell wrappers. These use build/classes in + the classpath so can be used to run the tools right out of the + build area. 2005-08-13 David Blacka - * Update to DNSjava 2.0.0 + * Update to DNSjava 2.0.0 - * Refactor command line parsing. + * Refactor command line parsing. - * Switch to using java.util.logging for logging. + * Switch to using java.util.logging for logging. diff --git a/build.xml b/build.xml index bd7f478..f4b4ea5 100644 --- a/build.xml +++ b/build.xml @@ -14,7 +14,7 @@ - + @@ -41,12 +41,10 @@ - @@ -57,20 +55,20 @@ includes="com/verisignlabs/dnssec/" /> - - - + @@ -148,7 +146,7 @@ - @@ -172,4 +170,3 @@ - diff --git a/src/com/verisignlabs/dnssec/cl/KeyGen.java b/src/com/verisignlabs/dnssec/cl/KeyGen.java index aa888b1..25e6e0e 100644 --- a/src/com/verisignlabs/dnssec/cl/KeyGen.java +++ b/src/com/verisignlabs/dnssec/cl/KeyGen.java @@ -74,17 +74,18 @@ public class KeyGen extends CLBase OptionBuilder.withDescription("ZONE | OTHER (default ZONE)"); opts.addOption(OptionBuilder.create('n')); + String[] algStrings = DnsKeyAlgorithm.getInstance().supportedAlgMnemonics(); OptionBuilder.hasArg(); OptionBuilder.withArgName("algorithm"); - OptionBuilder.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA " - + "| RSA-NSEC3-SHA1 | DSA-NSEC3-SHA1 " - + "| RSASHA256 | RSASHA512 | alias, RSASHA1 is default."); + OptionBuilder.withDescription(String.join(" | ", algStrings) + + " | alias, RSASHA256 is default."); opts.addOption(OptionBuilder.create('a')); OptionBuilder.hasArg(); OptionBuilder.withArgName("size"); - OptionBuilder.withDescription("key size, in bits. (default = 1024)\n" - + "RSA: [512..4096]\n" + "DSA: [512..1024]\n" + "DH: [128..4096]"); + OptionBuilder.withDescription("key size, in bits. default is 1024. " + + "RSA: [512..4096], DSA: [512..1024], DH: [128..4096], " + + "ECDSA: ignored"); opts.addOption(OptionBuilder.create('b')); OptionBuilder.hasArg(); @@ -98,7 +99,6 @@ public class KeyGen extends CLBase OptionBuilder.withArgName("dir"); OptionBuilder.withDescription("place generated key files in this " + "directory"); opts.addOption(OptionBuilder.create('d')); - opts.addOption(OptionBuilder.create('A')); } protected void processOptions(CommandLine cli) @@ -106,7 +106,7 @@ public class KeyGen extends CLBase { String optstr = null; String[] optstrs = null; - + if (cli.hasOption('k')) kskFlag = true; if (cli.hasOption('e')) useLargeE = true; @@ -136,6 +136,11 @@ public class KeyGen extends CLBase if ((optstr = cli.getOptionValue('a')) != null) { algorithm = parseAlg(optstr); + if (algorithm < 0) + { + System.err.println("DNSSEC algorithm " + optstr + " is not supported"); + usage(); + } } if ((optstr = cli.getOptionValue('b')) != null) @@ -166,7 +171,11 @@ public class KeyGen extends CLBase DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); int alg = parseInt(s, -1); - if (alg > 0) return alg; + if (alg > 0) + { + if (algs.supportedAlgorithm(alg)) return alg; + return -1; + } return algs.stringToAlgorithm(s); } @@ -211,7 +220,7 @@ public class KeyGen extends CLBase { KeyGen tool = new KeyGen(); tool.state = new CLIState(); - + tool.run(tool.state, args); } } diff --git a/src/com/verisignlabs/dnssec/cl/SignZone.java b/src/com/verisignlabs/dnssec/cl/SignZone.java index 47cbe04..a08df40 100644 --- a/src/com/verisignlabs/dnssec/cl/SignZone.java +++ b/src/com/verisignlabs/dnssec/cl/SignZone.java @@ -546,6 +546,7 @@ public class SignZone extends CLBase } } + br.close(); if (res.size() == 0) return null; return res; } diff --git a/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java b/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java index a3b1b52..fc0cc4e 100644 --- a/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java +++ b/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java @@ -29,13 +29,12 @@ package com.verisignlabs.dnssec.security; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.Signature; -import java.security.spec.RSAKeyGenParameterSpec; +import java.math.BigInteger; +import java.security.*; +import java.security.spec.*; +import java.util.Arrays; import java.util.HashMap; +import java.util.Set; import java.util.logging.Logger; import org.xbill.DNS.DNSSEC; @@ -56,20 +55,38 @@ import org.xbill.DNS.DNSSEC; public class DnsKeyAlgorithm { - public static final int UNKNOWN = -1; - public static final int RSA = 1; - public static final int DH = 2; - public static final int DSA = 3; + // Our base algorithm numbers. This is a normalization of the DNSSEC + // algorithms (which are really signature algorithms). Thus RSASHA1, + // RSASHA256, etc. all boil down to 'RSA' here. + public static final int UNKNOWN = -1; + public static final int RSA = 1; + public static final int DH = 2; + public static final int DSA = 3; + public static final int ECC_GOST = 4; + public static final int ECDSA = 5; - private static class Entry + private static class AlgEntry { + public int dnssecAlgorithm; public String sigName; public int baseType; - public Entry(String sigName, int baseType) + public AlgEntry(int algorithm, String sigName, int baseType) { - this.sigName = sigName; - this.baseType = baseType; + this.dnssecAlgorithm = algorithm; + this.sigName = sigName; + this.baseType = baseType; + } + } + + private static class ECAlgEntry extends AlgEntry + { + public ECParameterSpec ec_spec; + + public ECAlgEntry(int algorithm, String sigName, int baseType, ECParameterSpec spec) + { + super(algorithm, sigName, baseType); + this.ec_spec = spec; } } @@ -77,7 +94,7 @@ public class DnsKeyAlgorithm * This is a mapping of algorithm identifier to Entry. The Entry contains the * data needed to map the algorithm to the various crypto implementations. */ - private HashMap mAlgorithmMap; + private HashMap mAlgorithmMap; /** * This is a mapping of algorithm mnemonics to algorithm identifiers. */ @@ -90,31 +107,51 @@ public class DnsKeyAlgorithm /** This is a cached key pair generator for RSA keys. */ private KeyPairGenerator mRSAKeyGenerator; - /** This is a cache key pair generator for DSA keys. */ + /** This is a cached key pair generator for DSA keys. */ private KeyPairGenerator mDSAKeyGenerator; + /** This is a cached key pair generator for ECC GOST keys. */ + private KeyPairGenerator mECGOSTKeyGenerator; + /** This is a cached key pair generator for ECDSA_P256 keys. */ + private KeyPairGenerator mECKeyGenerator; - private Logger log = Logger.getLogger(this.getClass().toString()); + private Logger log = Logger.getLogger(this.getClass().toString()); /** This is the global instance for this class. */ private static DnsKeyAlgorithm mInstance = null; public DnsKeyAlgorithm() { - mAlgorithmMap = new HashMap(); + // Attempt to add the bouncycastle provider. + // This is so we can use this provider if it is available, but not require + // the user to add it as one of the java.security providers. + try + { + Class bc_provider_class = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); + Provider bc_provider = (Provider) bc_provider_class.newInstance(); + Security.addProvider(bc_provider); + } + catch (ReflectiveOperationException e) { } + + initialize(); + } + + private void initialize() + { + mAlgorithmMap = new HashMap(); mMnemonicToIdMap = new HashMap(); mIdToMnemonicMap = new HashMap(); // Load the standard DNSSEC algorithms. - addAlgorithm(DNSSEC.Algorithm.RSAMD5, new Entry("MD5withRSA", RSA)); + addAlgorithm(DNSSEC.Algorithm.RSAMD5, "MD5withRSA", RSA); addMnemonic("RSAMD5", DNSSEC.Algorithm.RSAMD5); - addAlgorithm(DNSSEC.Algorithm.DH, new Entry("", DH)); + addAlgorithm(DNSSEC.Algorithm.DH, "", DH); addMnemonic("DH", DNSSEC.Algorithm.DH); - addAlgorithm(DNSSEC.Algorithm.DSA, new Entry("SHA1withDSA", DSA)); + addAlgorithm(DNSSEC.Algorithm.DSA, "SHA1withDSA", DSA); addMnemonic("DSA", DNSSEC.Algorithm.DSA); - addAlgorithm(DNSSEC.Algorithm.RSASHA1, new Entry("SHA1withRSA", RSA)); + addAlgorithm(DNSSEC.Algorithm.RSASHA1, "SHA1withRSA", RSA); addMnemonic("RSASHA1", DNSSEC.Algorithm.RSASHA1); addMnemonic("RSA", DNSSEC.Algorithm.RSASHA1); @@ -126,22 +163,56 @@ public class DnsKeyAlgorithm addMnemonic("NSEC3RSASHA1", DNSSEC.Algorithm.RSA_NSEC3_SHA1); // Algorithms added by RFC 5702. - // NOTE: these algorithms aren't available in Java 1.4's sunprovider - // implementation (but are in java 1.5's and later). - addAlgorithm(8, new Entry("SHA256withRSA", RSA)); - addMnemonic("RSASHA256", 8); + addAlgorithm(DNSSEC.Algorithm.RSASHA256, "SHA256withRSA", RSA); + addMnemonic("RSASHA256", DNSSEC.Algorithm.RSASHA256); - addAlgorithm(10, new Entry("SHA512withRSA", RSA)); - addMnemonic("RSASHA512", 10); + addAlgorithm(DNSSEC.Algorithm.RSASHA512, "SHA512withRSA", RSA); + addMnemonic("RSASHA512", DNSSEC.Algorithm.RSASHA512); + + // ECC-GOST is not supported by Java 1.8's Sun crypto provider. The + // bouncycastle.org provider, however, does. + // GostR3410-2001-CryptoPro-A is the named curve in the BC provider, but we + // will get the parameters directly. + addAlgorithm(DNSSEC.Algorithm.ECC_GOST, "GOST3411withECGOST3410", ECC_GOST, null); + addMnemonic("ECCGOST", DNSSEC.Algorithm.ECC_GOST); + addMnemonic("ECC-GOST", DNSSEC.Algorithm.ECC_GOST); + + addAlgorithm(DNSSEC.Algorithm.ECDSAP256SHA256, "SHA256withECDSA", ECDSA, "secp256r1"); + addMnemonic("ECDSAP256SHA256", DNSSEC.Algorithm.ECDSAP256SHA256); + addMnemonic("ECDSA-P256", DNSSEC.Algorithm.ECDSAP256SHA256); + + addAlgorithm(DNSSEC.Algorithm.ECDSAP384SHA384, "SHA384withECDSA", ECDSA, "secp384r1"); + addMnemonic("ECDSAP384SHA384", DNSSEC.Algorithm.ECDSAP384SHA384); + addMnemonic("ECDSA-P384", DNSSEC.Algorithm.ECDSAP384SHA384); } - private void addAlgorithm(int algorithm, Entry entry) + private void addAlgorithm(int algorithm, String sigName, int baseType) { + mAlgorithmMap.put(algorithm, new AlgEntry(algorithm, sigName, baseType)); + } + + private void addAlgorithm(int algorithm, String sigName, int baseType, String curveName) + { + ECParameterSpec ec_spec = ECSpecFromAlgorithm(algorithm); + if (ec_spec == null) ec_spec = ECSpecFromName(curveName); + if (ec_spec == null) return; + // Check to see if we can get a Signature object for this algorithm. + try { + Signature.getInstance(sigName); + } catch (NoSuchAlgorithmException e) { + // If not, do not add the algorithm. + return; + } + + ECAlgEntry entry = new ECAlgEntry(algorithm, sigName, baseType, ec_spec); mAlgorithmMap.put(algorithm, entry); } private void addMnemonic(String m, int alg) { + // Do not add mnemonics for algorithms that ended up not actually being supported. + if (!mAlgorithmMap.containsKey(alg)) return; + mMnemonicToIdMap.put(m.toUpperCase(), alg); if (!mIdToMnemonicMap.containsKey(alg)) { @@ -172,14 +243,77 @@ public class DnsKeyAlgorithm } } - private Entry getEntry(int alg) + private AlgEntry getEntry(int alg) { return mAlgorithmMap.get(alg); } + // For curves where we don't (or can't) get the parameters from a standard + // name, we can construct the parameters here. For now, we only do this for + // the ECC-GOST curve. + private ECParameterSpec ECSpecFromAlgorithm(int algorithm) + { + switch (algorithm) + { + case DNSSEC.Algorithm.ECC_GOST: + { + // From RFC 4357 Section 11.4 + BigInteger p = new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", 16); + BigInteger a = new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", 16); + BigInteger b = new BigInteger("A6", 16); + BigInteger gx = new BigInteger("1", 16); + BigInteger gy = new BigInteger("8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", 16); + BigInteger n = new BigInteger( "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", 16); + + EllipticCurve curve = new EllipticCurve(new ECFieldFp(p), a, b); + return new ECParameterSpec(curve, new ECPoint(gx, gy), n, 1); + } + default: + return null; + } + } + + // Fetch the curve parameters from a named curve. + private ECParameterSpec ECSpecFromName(String stdName) + { + try + { + AlgorithmParameters ap = AlgorithmParameters.getInstance("EC"); + ECGenParameterSpec ecg_spec = new ECGenParameterSpec(stdName); + ap.init(ecg_spec); + return ap.getParameterSpec(ECParameterSpec.class); + } + catch (NoSuchAlgorithmException e) { + log.info("Elliptic Curve not supported by any crypto provider: " + e.getMessage()); + } + catch (InvalidParameterSpecException e) { + log.info("Elliptic Curve " + stdName + " not supported"); + } + return null; + } + + public String[] supportedAlgMnemonics() + { + Set keyset = mAlgorithmMap.keySet(); + Integer[] algs = keyset.toArray(new Integer[keyset.size()]); + Arrays.sort(algs); + + String[] result = new String[algs.length]; + for (int i = 0; i < algs.length; i++) + { + result[i] = mIdToMnemonicMap.get(algs[i]); + } + + return result; + } + /** + * Return a Signature object for the specified DNSSEC algorithm. + * @param algorithm The DNSSEC algorithm (by number). + * @return a Signature object. + */ public Signature getSignature(int algorithm) { - Entry entry = getEntry(algorithm); + AlgEntry entry = getEntry(algorithm); if (entry == null) return null; Signature s = null; @@ -197,6 +331,62 @@ public class DnsKeyAlgorithm return s; } + /** + * Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return + * the elliptic curve parameters. + * + * @param algorithm + * The DNSSEC algorithm number. + * @return The calculated JCA ECParameterSpec for that DNSSEC algorithm, or + * null if not a recognized/supported EC algorithm. + */ + public ECParameterSpec getEllipticCurveParams(int algorithm) + { + AlgEntry entry = getEntry(algorithm); + if (entry == null) return null; + if (!(entry instanceof ECAlgEntry)) return null; + ECAlgEntry ec_entry = (ECAlgEntry) entry; + + return ec_entry.ec_spec; + } + + /** + * Translate a possible algorithm alias back to the original DNSSEC algorithm + * number + * + * @param algorithm + * a DNSSEC algorithm that may be an alias. + * @return -1 if the algorithm isn't recognised, the orignal algorithm number + * if it is. + */ + public int originalAlgorithm(int algorithm) + { + AlgEntry entry = getEntry(algorithm); + if (entry == null) return -1; + return entry.dnssecAlgorithm; + } + + /** + * Test if a given algorithm is supported. + * + * @param algorithm The DNSSEC algorithm number. + * @return true if the algorithm is a recognized and supported algorithm or alias. + */ + public boolean supportedAlgorithm(int algorithm) + { + if (mAlgorithmMap.containsKey(algorithm)) return true; + return false; + } + + /** + * Given an algorithm mnemonic, convert the mnemonic to a DNSSEC algorithm + * number. + * + * @param s + * The mnemonic string. This is case-insensitive. + * @return -1 if the mnemonic isn't recognized or supported, the algorithm + * number if it is. + */ public int stringToAlgorithm(String s) { Integer alg = mMnemonicToIdMap.get(s.toUpperCase()); @@ -204,6 +394,14 @@ public class DnsKeyAlgorithm return -1; } + /** + * Given a DNSSEC algorithm number, return the "preferred" mnemonic. + * + * @param algorithm + * A DNSSEC algorithm number. + * @return The preferred mnemonic string, or null if not supported or + * recognized. + */ public String algToString(int algorithm) { return mIdToMnemonicMap.get(algorithm); @@ -211,26 +409,11 @@ public class DnsKeyAlgorithm public int baseType(int algorithm) { - Entry entry = getEntry(algorithm); + AlgEntry entry = getEntry(algorithm); if (entry != null) return entry.baseType; return UNKNOWN; } - public int standardAlgorithm(int algorithm) - { - switch (baseType(algorithm)) - { - case RSA: - return DNSSEC.Algorithm.RSASHA1; - case DSA: - return DNSSEC.Algorithm.DSA; - case DH: - return DNSSEC.Algorithm.DH; - default: - return UNKNOWN; - } - } - public boolean isDSA(int algorithm) { return (baseType(algorithm) == DSA); @@ -243,6 +426,7 @@ public class DnsKeyAlgorithm switch (baseType(algorithm)) { case RSA: + { if (mRSAKeyGenerator == null) { mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA"); @@ -270,7 +454,9 @@ public class DnsKeyAlgorithm pair = mRSAKeyGenerator.generateKeyPair(); break; + } case DSA: + { if (mDSAKeyGenerator == null) { mDSAKeyGenerator = KeyPairGenerator.getInstance("DSA"); @@ -278,6 +464,49 @@ public class DnsKeyAlgorithm mDSAKeyGenerator.initialize(keysize); pair = mDSAKeyGenerator.generateKeyPair(); break; + } + case ECC_GOST: + { + if (mECGOSTKeyGenerator == null) + { + mECGOSTKeyGenerator = KeyPairGenerator.getInstance("ECGOST3410"); + } + + ECParameterSpec ec_spec = getEllipticCurveParams(algorithm); + try + { + mECGOSTKeyGenerator.initialize(ec_spec); + } + catch (InvalidAlgorithmParameterException e) + { + // Fold the InvalidAlgorithmParameterException into our existing + // thrown exception. Ugly, but requires less code change. + throw new NoSuchAlgorithmException("invalid key parameter spec"); + } + pair = mECGOSTKeyGenerator.generateKeyPair(); + break; + } + case ECDSA: + { + if (mECKeyGenerator == null) + { + mECKeyGenerator = KeyPairGenerator.getInstance("EC"); + } + + ECParameterSpec ec_spec = getEllipticCurveParams(algorithm); + try + { + mECKeyGenerator.initialize(ec_spec); + } + catch (InvalidAlgorithmParameterException e) + { + // Fold the InvalidAlgorithmParameterException into our existing + // thrown exception. Ugly, but requires less code change. + throw new NoSuchAlgorithmException("invalid key parameter spec"); + } + pair = mECKeyGenerator.generateKeyPair(); + break; + } default: throw new NoSuchAlgorithmException("Alg " + algorithm); } diff --git a/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java b/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java index 1149578..5a00fd3 100644 --- a/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java +++ b/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java @@ -27,15 +27,8 @@ import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.spec.DSAPrivateKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.interfaces.*; +import java.security.spec.*; import java.util.StringTokenizer; import javax.crypto.interfaces.DHPrivateKey; @@ -44,6 +37,7 @@ import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPrivateKeySpec; import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DNSSEC; import org.xbill.DNS.DNSSEC.DNSSECException; import org.xbill.DNS.Name; import org.xbill.DNS.utils.base64; @@ -61,9 +55,12 @@ public class DnsKeyConverter private KeyFactory mRSAKeyFactory; private KeyFactory mDSAKeyFactory; private KeyFactory mDHKeyFactory; + private KeyFactory mECKeyFactory; + private DnsKeyAlgorithm mAlgorithms; - public DnsKeyConverter() + public DnsKeyConverter() { + mAlgorithms = DnsKeyAlgorithm.getInstance(); } /** @@ -76,23 +73,19 @@ public class DnsKeyConverter { if (pKeyRecord.getKey() == null) return null; - // For now, instead of re-implementing parseRecord (or adding this stuff - // to DNSjava), we will just translate the algorithm back to a standard - // algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1. + // Because we have arbitrarily aliased algorithms, we need to possibly + // translate the aliased algorithm back to the actual algorithm. - DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - int standard_alg = algs.standardAlgorithm(pKeyRecord.getAlgorithm()); + int originalAlgorithm = mAlgorithms.originalAlgorithm(pKeyRecord.getAlgorithm()); - if (standard_alg <= 0) - throw new NoSuchAlgorithmException("DNSKEY algorithm " - + pKeyRecord.getAlgorithm() + " is unrecognized"); + if (originalAlgorithm <= 0) throw new NoSuchAlgorithmException("DNSKEY algorithm " + + pKeyRecord.getAlgorithm() + " is unrecognized"); - if (pKeyRecord.getAlgorithm() != standard_alg) + if (pKeyRecord.getAlgorithm() != originalAlgorithm) { - pKeyRecord = new DNSKEYRecord(pKeyRecord.getName(), - pKeyRecord.getDClass(), + pKeyRecord = new DNSKEYRecord(pKeyRecord.getName(), pKeyRecord.getDClass(), pKeyRecord.getTTL(), pKeyRecord.getFlags(), - pKeyRecord.getProtocol(), standard_alg, + pKeyRecord.getProtocol(), originalAlgorithm, pKeyRecord.getKey()); } @@ -132,11 +125,9 @@ public class DnsKeyConverter public PrivateKey convertEncodedPrivateKey(byte[] key, int algorithm) { PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(key); - DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - try { - switch (algs.baseType(algorithm)) + switch (mAlgorithms.baseType(algorithm)) { case DnsKeyAlgorithm.RSA: return mRSAKeyFactory.generatePrivate(spec); @@ -146,12 +137,17 @@ public class DnsKeyConverter } catch (GeneralSecurityException e) { + e.printStackTrace(); } return null; } - private int parseInt(String s, int def) + /** + * A simple wrapper for parsing integers; parse failures result in the + * supplied default. + */ + private static int parseInt(String s, int def) { try { @@ -195,9 +191,8 @@ public class DnsKeyConverter String[] toks = val.split("\\s", 2); val = toks[0]; int alg = parseInt(val, -1); - DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - switch (algs.baseType(alg)) + switch (mAlgorithms.baseType(alg)) { case DnsKeyAlgorithm.RSA: return parsePrivateRSA(lines); @@ -205,6 +200,10 @@ public class DnsKeyConverter return parsePrivateDSA(lines); case DnsKeyAlgorithm.DH: return parsePrivateDH(lines); + case DnsKeyAlgorithm.ECC_GOST: + return parsePrivateECDSA(lines, alg); + case DnsKeyAlgorithm.ECDSA: + return parsePrivateECDSA(lines, alg); default: throw new IOException("unsupported private key algorithm: " + val); } @@ -216,7 +215,7 @@ public class DnsKeyConverter /** * @return the value part of an "attribute:value" pair. The value is trimmed. */ - private String value(String av) + private static String value(String av) { if (av == null) return null; @@ -434,6 +433,60 @@ public class DnsKeyConverter } } + /** + * Given the remaining lines in a BIND9-style ECDSA private key, parse the key + * info and translate it into a JCA private key object. + * @param lines The remaining lines in a private key file (after + * @throws NoSuchAlgorithmException + * If elliptic curve is not available. + */ + private PrivateKey parsePrivateECDSA(StringTokenizer lines, int algorithm) + throws NoSuchAlgorithmException + { + BigInteger s = null; + + while (lines.hasMoreTokens()) + { + String line = lines.nextToken(); + if (line == null) continue; + + if (line.startsWith("#")) continue; + + String val = value(line); + if (val == null) continue; + + byte[] data = base64.fromString(val); + + if (line.startsWith("PrivateKey: ")) + { + s = new BigInteger(1, data); + } + } + + if (mECKeyFactory == null) + { + mECKeyFactory = KeyFactory.getInstance("EC"); + } + ECParameterSpec ec_spec = mAlgorithms.getEllipticCurveParams(algorithm); + if (ec_spec == null) + { + throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm + + " is not a recognized Elliptic Curve algorithm"); + } + + KeySpec spec = new ECPrivateKeySpec(s, ec_spec); + + try + { + return mECKeyFactory.generatePrivate(spec); + } + catch (InvalidKeySpecException e) + { + e.printStackTrace(); + return null; + } + } + /** * Given a private key and public key, generate the BIND9 style private key * format. @@ -452,14 +505,17 @@ public class DnsKeyConverter { return generatePrivateDH((DHPrivateKey) priv, (DHPublicKey) pub, alg); } - + else if (priv instanceof ECPrivateKey && pub instanceof ECPublicKey) + { + return generatePrivateEC((ECPrivateKey) priv, (ECPublicKey) pub, alg); + } return null; } /** * Convert from 'unsigned' big integer to original 'signed format' in Base64 */ - private String b64BigInt(BigInteger i) + private static String b64BigInt(BigInteger i) { byte[] orig_bytes = i.toByteArray(); @@ -482,10 +538,9 @@ public class DnsKeyConverter { StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); - DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); out.println("Private-key-format: v1.2"); - out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm) + out.println("Algorithm: " + algorithm + " (" + mAlgorithms.algToString(algorithm) + ")"); out.print("Modulus: "); out.println(b64BigInt(key.getModulus())); @@ -513,12 +568,11 @@ public class DnsKeyConverter { StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); - DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); DHParameterSpec p = key.getParams(); out.println("Private-key-format: v1.2"); - out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm) + out.println("Algorithm: " + algorithm + " (" + mAlgorithms.algToString(algorithm) + ")"); out.print("Prime(p): "); out.println(b64BigInt(p.getP())); @@ -538,12 +592,11 @@ public class DnsKeyConverter { StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); - DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); DSAParams p = key.getParams(); out.println("Private-key-format: v1.2"); - out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm) + out.println("Algorithm: " + algorithm + " (" + mAlgorithms.algToString(algorithm) + ")"); out.print("Prime(p): "); out.println(b64BigInt(p.getP())); @@ -558,4 +611,23 @@ public class DnsKeyConverter return sw.toString(); } + + /** + * Given an elliptic curve key pair, and the actual algorithm (which will + * describe the curve used), return the BIND9-style text encoding. + */ + private String generatePrivateEC(ECPrivateKey priv, ECPublicKey pub, int alg) + { + StringWriter sw = new StringWriter(); + PrintWriter out = new PrintWriter(sw); + + out.println("Private-key-format: v1.2"); + out.println("Algorithm: " + alg + " (" + mAlgorithms.algToString(alg) + + ")"); + out.print("PrivateKey: "); + out.println(b64BigInt(priv.getS())); + + return sw.toString(); + } + } diff --git a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java index 68c480c..3796dac 100644 --- a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java +++ b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java @@ -256,6 +256,12 @@ public class DnsSecVerifier sig = SignUtils.convertDSASignature(sig); } + if (sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP256SHA256 || + sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP384SHA384) + { + sig = SignUtils.convertECDSASignature(sig); + } + if (!signer.verify(sig)) { if (reasons != null) reasons.add("Signature failed to verify cryptographically"); @@ -283,7 +289,6 @@ public class DnsSecVerifier * * @return true if the set verified, false if it did not. */ - @SuppressWarnings("unchecked") public boolean verify(RRset rrset) { boolean result = mVerifyAllSigs ? true : false; diff --git a/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java b/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java index 55a7f18..80067ae 100644 --- a/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java +++ b/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java @@ -33,12 +33,7 @@ import java.util.List; import java.util.ListIterator; import java.util.logging.Logger; -import org.xbill.DNS.DNSKEYRecord; -import org.xbill.DNS.Name; -import org.xbill.DNS.RRSIGRecord; -import org.xbill.DNS.RRset; -import org.xbill.DNS.Record; -import org.xbill.DNS.Type; +import org.xbill.DNS.*; import org.xbill.DNS.utils.hexdump; /** @@ -58,7 +53,7 @@ public class JCEDnsSecSigner private DnsKeyConverter mKeyConverter; private boolean mVerboseSigning = false; - private Logger log; + private Logger log = Logger.getLogger(this.getClass().toString()); public JCEDnsSecSigner() { @@ -197,6 +192,12 @@ public class JCEDnsSecSigner DSAPublicKey pk = (DSAPublicKey) pair.getPublic(); sig = SignUtils.convertDSASignature(pk.getParams(), sig); } + // Convert to RFC 6605, etc format + if (pair.getDNSKEYAlgorithm() == DNSSEC.Algorithm.ECDSAP256SHA256 || + pair.getDNSKEYAlgorithm() == DNSSEC.Algorithm.ECDSAP384SHA384) + { + sig = SignUtils.convertECDSASignature(pair.getDNSKEYAlgorithm(), sig); + } RRSIGRecord sigrec = SignUtils.generateRRSIG(sig, presig); if (mVerboseSigning) { diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java index e1f9b9f..55b034b 100644 --- a/src/com/verisignlabs/dnssec/security/SignUtils.java +++ b/src/com/verisignlabs/dnssec/security/SignUtils.java @@ -429,6 +429,126 @@ public class SignUtils return sig; } + // Given one of the ECDSA algorithms determine the "length", which is the + // length, in bytes, of both 'r' and 's' in the ECDSA signature. + private static int ecdsaLength(int algorithm) throws SignatureException + { + switch (algorithm) + { + case DNSSEC.Algorithm.ECDSAP256SHA256: return 32; + case DNSSEC.Algorithm.ECDSAP384SHA384: return 48; + default: + throw new SignatureException("Algorithm " + algorithm + + " is not a supported ECDSA signature algorithm."); + } + } + + /** + * Convert a JCE standard ECDSA signature (which is a ASN.1 encoding) into a + * standard DNS signature. + * + * The format of the ASN.1 signature is + * + * ASN1_SEQ . seq_length . ASN1_INT . r_length . R . ANS1_INT . s_length . S + * + * where R and S may have a leading zero byte if without it the values would + * be negative. + * + * The format of the DNSSEC signature is just R . S where R and S are both + * exactly "length" bytes. + * + * @param signature + * The output of a ECDSA signature object. + * @return signature data formatted for use in DNSSEC. + * @throws SignatureException if the ASN.1 encoding appears to be corrupt. + */ + public static byte[] convertECDSASignature(int algorithm, byte[] signature) + throws SignatureException + { + int exp_length = ecdsaLength(algorithm); + byte[] sig = new byte[exp_length * 2]; + + if (signature[0] != ASN1_SEQ || signature[2] != ASN1_INT) + { + throw new SignatureException("Invalid ASN.1 signature format: expected SEQ, INT"); + } + int r_len = signature[3]; + int r_pos = 4; + + if (signature[r_pos + r_len] != ASN1_INT) + { + throw new SignatureException("Invalid ASN.1 signature format: expected SEQ, INT, INT"); + } + int s_pos = r_pos + r_len + 2; + int s_len = signature[r_pos + r_len + 1]; + + // Adjust for leading zeros on both R and S + if (signature[r_pos] == 0) { + r_pos++; + } + if (signature[s_pos] == 0) { + s_pos++; + } + + System.arraycopy(signature, r_pos, sig, 0, exp_length); + System.arraycopy(signature, s_pos, sig, exp_length, exp_length); + + return sig; + } + + /** + * Convert a DNS standard ECDSA signature (defined in RFC 6605) into a + * JCE standard ECDSA signature, which is encoded in ASN.1. + * + * The format of the ASN.1 signature is + * + * ASN1_SEQ . seq_length . ASN1_INT . r_length . R . ANS1_INT . s_length . S + * + * where R and S may have a leading zero byte if without it the values would + * be negative. + * + * The format of the DNSSEC signature is just R . S where R and S are both + * exactly "length" bytes. + * + * @param signature + * The binary signature data from an RRSIG record. + * @return signature data that may be used in a JCE Signature object for + * verification purposes. + */ + public static byte[] convertECDSASignature(byte[] signature) + { + byte r_src_pos, r_src_len, r_pad, s_src_pos, s_src_len, s_pad, len; + + r_src_len = s_src_len = (byte) (signature.length / 2); + r_src_pos = 0; r_pad = 0; + s_src_pos = (byte) (r_src_pos + r_src_len); s_pad = 0; + len = (byte) (6 + r_src_len + s_src_len); + + if (signature[r_src_pos] < 0) { + r_pad = 1; len++; + } + if (signature[s_src_pos] < 0) { + s_pad = 1; len++; + } + byte[] sig = new byte[len]; + byte pos = 0; + + sig[pos++] = ASN1_SEQ; + sig[pos++] = (byte) (len - 2); + sig[pos++] = ASN1_INT; + sig[pos++] = (byte) (r_src_len + r_pad); + pos += r_pad; + System.arraycopy(signature, r_src_pos, sig, pos, r_src_len); + pos += r_src_len; + + sig[pos++] = ASN1_INT; + sig[pos++] = (byte) (s_src_len + s_pad); + pos += s_pad; + System.arraycopy(signature, s_src_pos, sig, pos, s_src_len); + + return sig; + } + /** * This is a convenience routine to help us classify records/RRsets. *