func main() {
var privateKey dsa.PrivateKey
params := &privateKey.Parameters
// L2048N224 is length of L and N
if err := dsa.GenerateParameters(params, rand.Reader, dsa.L2048N224); err != nil {
fmt.Printf("Err: %s", err)
return
}
if err := dsa.GenerateKey(&privateKey, rand.Reader); err != nil {
fmt.Printf("Err: %s", err)
return
}
hashed := []byte("This is test hashed message")
// It returns the signature as a pair of integers.
r, s, err := dsa.Sign(rand.Reader, &privateKey, hashed)
if err != nil {
fmt.Printf("Err: %s", err)
return
}
// Check signnature can be verified
publicKey := &privateKey.PublicKey
if dsa.Verify(publicKey, hashed, r, s) {
fmt.Printf("Verified\n")
}
}
func generateDSAKey(size uint) (*dsaKey, error) {
dsakey := new(dsaKey)
if size == 0 {
size = T_DSA_PRIV.defaultSize()
}
if !T_DSA_PRIV.isAcceptableSize(size) {
return nil, ErrInvalidKeySize
}
var psz dsa.ParameterSizes
switch size {
case 1024:
psz = dsa.L1024N160
default:
panic("unknown dsa key size")
}
err := dsa.GenerateParameters(&dsakey.key.PublicKey.Parameters, rand.Reader, psz)
if err != nil {
return nil, err
}
err = dsa.GenerateKey(&dsakey.key, rand.Reader)
if err != nil {
return nil, err
}
dsakey.publicKey.key = dsakey.key.PublicKey
return dsakey, nil
}
// Generates a compatible OpenSSH private key. The key is in the
// raw Go key format. To convert this to a PEM encoded key, see
// MarshalPrivate.
func GenerateKey(keytype Type, size int) (key interface{}, err error) {
switch keytype {
case KEY_RSA:
if size < 2048 {
return nil, ErrInvalidKeySize
}
var rsakey *rsa.PrivateKey
rsakey, err = rsa.GenerateKey(PRNG, size)
if err != nil {
return
}
key = rsakey
case KEY_ECDSA:
var eckey *ecdsa.PrivateKey
switch size {
case 256:
eckey, err = ecdsa.GenerateKey(elliptic.P256(), PRNG)
case 384:
eckey, err = ecdsa.GenerateKey(elliptic.P384(), PRNG)
case 521:
eckey, err = ecdsa.GenerateKey(elliptic.P521(), PRNG)
default:
return nil, ErrInvalidKeySize
}
key = eckey
case KEY_DSA:
var sizes dsa.ParameterSizes
switch size {
case 1024:
sizes = dsa.L1024N160
case 2048:
sizes = dsa.L2048N256
case 3072:
sizes = dsa.L3072N256
default:
err = ErrInvalidKeySize
return
}
params := dsa.Parameters{}
err = dsa.GenerateParameters(¶ms, rand.Reader, sizes)
if err != nil {
return
}
dsakey := &dsa.PrivateKey{
PublicKey: dsa.PublicKey{
Parameters: params,
},
}
err = dsa.GenerateKey(dsakey, rand.Reader)
if err != nil {
return
}
key = dsakey
}
return
}
func (priv *PrivateKey) Generate(rand io.Reader) {
if err := dsa.GenerateParameters(&priv.PrivateKey.PublicKey.Parameters, rand, dsa.L1024N160); err != nil {
panic(err.Error())
}
if err := dsa.GenerateKey(&priv.PrivateKey, rand); err != nil {
panic(err.Error())
}
priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey
}
// Generate will generate a new DSA Private Key with the randomness provided. The parameter size used is 1024 and 160.
func (priv *PrivateKey) Generate(rand io.Reader) error {
if err := dsa.GenerateParameters(&priv.PrivateKey.PublicKey.Parameters, rand, dsa.L1024N160); err != nil {
return err
}
if err := dsa.GenerateKey(&priv.PrivateKey, rand); err != nil {
return err
}
priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey
return nil
}
func TestNewSignatureVerifierFailsWithUnsupportedKeyType(t *testing.T) {
var k dsa.PrivateKey
if err := dsa.GenerateParameters(&k.Parameters, rand.Reader, dsa.L1024N160); err != nil {
t.Fatalf("Failed to generate DSA key parameters: %v", err)
}
if err := dsa.GenerateKey(&k, rand.Reader); err != nil {
t.Fatalf("Failed to generate DSA key: %v", err)
}
if _, err := NewSignatureVerifier(k); err == nil {
t.Fatal("Creating a SignatureVerifier with a DSA key unexpectedly succeeded")
}
}
func MakeKey() *dsa.PrivateKey {
key := new(dsa.PrivateKey)
err := dsa.GenerateParameters(&key.Parameters, rand.Reader, dsa.L2048N256)
if err != nil {
log.Fatalf("failed to parameters: %s", err)
}
err = dsa.GenerateKey(key, rand.Reader)
if err != nil {
log.Fatalf("failed to generate key: %s", err)
}
return key
}
func TestDSA(t *testing.T) {
params := dsa.Parameters{}
if !assert.NoError(t, dsa.GenerateParameters(¶ms, rand.Reader, dsa.L2048N256), "Parameter generation succeeds") {
return
}
privkey := dsa.PrivateKey{
PublicKey: dsa.PublicKey{
Parameters: params,
},
}
if !assert.NoError(t, dsa.GenerateKey(&privkey, rand.Reader), "GenerateKey succeeds") {
return
}
key := NewDSA(&privkey.PublicKey)
xmlstr, err := key.Serialize()
if !assert.NoError(t, err, "Serialize succeeds") {
return
}
t.Logf("%s", xmlstr)
key2, err := Parse([]byte(xmlstr))
if !assert.NoError(t, err, "Parse succeeds") {
return
}
switch key2.(type) {
case *DSA:
default:
if !assert.Fail(t, "expected *DSA type, but got something else") {
return
}
}
}
func generateDSAKey() ([]byte, []byte, error) {
params := &dsa.Parameters{}
if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
return nil, nil, err
}
dsaKey := &dsa.PrivateKey{
PublicKey: dsa.PublicKey{
Parameters: *params,
},
}
if err := dsa.GenerateKey(dsaKey, rand.Reader); err != nil {
return nil, nil, err
}
pubKey, err := ssh.NewPublicKey(&dsaKey.PublicKey)
if err != nil {
return nil, nil, err
}
dsaKeyASN1, err := asn1.Marshal(struct {
Version int
P, Q, G, Y, X *big.Int
}{
0,
dsaKey.P,
dsaKey.Q,
dsaKey.G,
dsaKey.Y,
dsaKey.X,
})
if err != nil {
return nil, nil, err
}
return pem.EncodeToMemory(&pem.Block{
Type: "DSA PRIVATE KEY",
Bytes: dsaKeyASN1,
}), ssh.MarshalAuthorizedKey(pubKey), nil
}
// Generate generates a DNSKEY of the given bit size.
// The public part is put inside the DNSKEY record.
// The Algorithm in the key must be set as this will define
// what kind of DNSKEY will be generated.
// The ECDSA algorithms imply a fixed keysize, in that case
// bits should be set to the size of the algorithm.
func (r *RR_DNSKEY) Generate(bits int) (PrivateKey, error) {
switch r.Algorithm {
case DSA, DSANSEC3SHA1:
if bits != 1024 {
return nil, ErrKeySize
}
case RSAMD5, RSASHA1, RSASHA256, RSASHA1NSEC3SHA1:
if bits < 512 || bits > 4096 {
return nil, ErrKeySize
}
case RSASHA512:
if bits < 1024 || bits > 4096 {
return nil, ErrKeySize
}
case ECDSAP256SHA256:
if bits != 256 {
return nil, ErrKeySize
}
case ECDSAP384SHA384:
if bits != 384 {
return nil, ErrKeySize
}
}
switch r.Algorithm {
case DSA, DSANSEC3SHA1:
params := new(dsa.Parameters)
if err := dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160); err != nil {
return nil, err
}
priv := new(dsa.PrivateKey)
priv.PublicKey.Parameters = *params
err := dsa.GenerateKey(priv, rand.Reader)
if err != nil {
return nil, err
}
r.setPublicKeyDSA(params.Q, params.P, params.G, priv.PublicKey.Y)
return priv, nil
case RSAMD5, RSASHA1, RSASHA256, RSASHA512, RSASHA1NSEC3SHA1:
priv, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return nil, err
}
r.setPublicKeyRSA(priv.PublicKey.E, priv.PublicKey.N)
return priv, nil
case ECDSAP256SHA256, ECDSAP384SHA384:
var c elliptic.Curve
switch r.Algorithm {
case ECDSAP256SHA256:
c = elliptic.P256()
case ECDSAP384SHA384:
c = elliptic.P384()
}
priv, err := ecdsa.GenerateKey(c, rand.Reader)
if err != nil {
return nil, err
}
r.setPublicKeyCurve(priv.PublicKey.X, priv.PublicKey.Y)
return priv, nil
default:
return nil, ErrAlg
}
return nil, nil // Dummy return
}
func SignatureGenerateServerKey() *dsa.PrivateKey {
priv := dsa.PrivateKey{}
dsa.GenerateParameters(&priv.Parameters, rand.Reader, dsa.L3072N256)
dsa.GenerateKey(&priv, rand.Reader)
return &priv
}
func TestMetadata(t *testing.T) {
params := dsa.Parameters{}
if !assert.NoError(t, dsa.GenerateParameters(¶ms, rand.Reader, dsa.L2048N256), "Parameter generation succeeds") {
return
}
privkey := dsa.PrivateKey{
PublicKey: dsa.PublicKey{
Parameters: params,
},
}
if !assert.NoError(t, dsa.GenerateKey(&privkey, rand.Reader), "GenerateKey succeeds") {
return
}
md := md.Metadata{
EntityDescriptors: []md.EntityDescriptor{
md.IDPDescriptor{
ContactPerson: &md.ContactPerson{
Type: "technical",
GivenName: "Daisuke",
SurName: "Maki",
EmailAddress: "*****@*****.**",
TelephoneNumber: "000-1234-5678",
},
KeyDescriptor: &md.KeyDescriptor{
Key: key.NewDSA(&privkey.PublicKey),
Use: "signing",
},
RoleDescriptor: md.RoleDescriptor{
CommonDescriptor: md.CommonDescriptor{
ID: "https://github.com/lestrrat/go-saml",
},
},
SSODescriptor: md.SSODescriptor{
SingleLogoutService: []saml.Endpoint{
saml.Endpoint{
ProtocolBinding: binding.HTTPRedirect,
Location: `https://github.com/lestrrat/go-saml/dummy/idp/logout`,
},
},
NameIDFormat: nameid.Transient,
},
SingleSignOnService: []saml.Endpoint{
saml.Endpoint{
ProtocolBinding: binding.HTTPRedirect,
Location: `https://github.com/lestrrat/go-saml/dummy/idp/sso`,
},
},
},
},
}
xmlstr, err := md.Serialize()
if !assert.NoError(t, err, "Serialize succeeds") {
return
}
t.Logf("%s", xmlstr)
}