protected KeyRecordBase(DomainName name, RecordClass recordClass, int timeToLive, ushort flags, ProtocolType protocol, DnsSecAlgorithm algorithm) : base(name, RecordType.Key, recordClass, timeToLive) { Flags = flags; Protocol = protocol; Algorithm = algorithm; }
public static int GetPriority(this DnsSecAlgorithm algorithm) { switch (algorithm) { case DnsSecAlgorithm.RsaSha1: return(100); case DnsSecAlgorithm.Dsa: return(90); case DnsSecAlgorithm.RsaSha1Nsec3Sha1: return(100); case DnsSecAlgorithm.DsaNsec3Sha1: return(90); case DnsSecAlgorithm.RsaSha256: return(80); case DnsSecAlgorithm.RsaSha512: return(70); case DnsSecAlgorithm.EccGost: return(110); case DnsSecAlgorithm.EcDsaP256Sha256: return(60); case DnsSecAlgorithm.EcDsaP384Sha384: return(50); default: throw new NotSupportedException(); } }
/// <summary> /// Creates a new key record. /// </summary> /// <param name="name">The name.</param> /// <param name="recordClass">The record class.</param> /// <param name="timeToLive">The time-to-live.</param> /// <param name="flags">The flags.</param> /// <param name="protocol">The protocol.</param> /// <param name="algorithm">The algorithm.</param> protected KeyRecordBase(string name, RecordClass recordClass, int timeToLive, ushort flags, ProtocolType protocol, DnsSecAlgorithm algorithm) : base(name, RecordType.Key, recordClass, timeToLive) { this.Flags = flags; this.Protocol = protocol; this.Algorithm = algorithm; }
public CertRecord(string name, int timeToLive, CertType type, ushort keyTag, DnsSecAlgorithm algorithm, byte[] certificate) : base(name, RecordType.Cert, RecordClass.INet, timeToLive) { Type = type; KeyTag = keyTag; Algorithm = algorithm; Certificate = certificate ?? new byte[] { }; }
public DnsKeyRecord(string name, RecordClass recordClass, int timeToLive, ushort flags, byte protocol, DnsSecAlgorithm algorithm, byte[] publicKey) : base(name, RecordType.DnsKey, recordClass, timeToLive) { Flags = flags; Protocol = protocol; Algorithm = algorithm; PublicKey = publicKey ?? new byte[] { }; }
/// <summary> /// Creates a new instance of the NSec3ParamRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="hashAlgorithm"> Algorithm of hash </param> /// <param name="flags"> Flags of the record </param> /// <param name="iterations"> Number of iterations </param> /// <param name="salt"> Binary data of salt </param> public NSec3ParamRecord(string name, RecordClass recordClass, int timeToLive, DnsSecAlgorithm hashAlgorithm, byte flags, ushort iterations, byte[] salt) : base(name, RecordType.NSec3Param, recordClass, timeToLive) { HashAlgorithm = hashAlgorithm; Flags = flags; Iterations = iterations; Salt = salt ?? new byte[] { }; }
/// <summary> /// Creates a new instance of the DsRecord class. /// </summary> /// <param name="name">Name of the record.</param> /// <param name="recordClass">Class of the record.</param> /// <param name="timeToLive">Seconds the record should be cached at most.</param> /// <param name="keyTag">Key tag.</param> /// <param name="algorithm">Algorithm used.</param> /// <param name="digestType">Type of the digest.</param> /// <param name="digest">Binary data of the digest.</param> public DsRecord(string name, RecordClass recordClass, int timeToLive, ushort keyTag, DnsSecAlgorithm algorithm, DnsSecDigestType digestType, byte[] digest) : base(name, RecordType.Ds, recordClass, timeToLive) { this.KeyTag = keyTag; this.Algorithm = algorithm; this.DigestType = digestType; this.Digest = digest ?? new byte[] { }; }
/// <summary> /// Creates a new instance of the DlvRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="keyTag"> Key tag </param> /// <param name="algorithm"> Algorithm used </param> /// <param name="digestType"> Type of the digest </param> /// <param name="digest"> Binary data of the digest </param> public DlvRecord(DomainName name, RecordClass recordClass, int timeToLive, ushort keyTag, DnsSecAlgorithm algorithm, DnsSecDigestType digestType, byte[] digest) : base(name, RecordType.Dlv, recordClass, timeToLive) { KeyTag = keyTag; Algorithm = algorithm; DigestType = digestType; Digest = digest ?? Array.Empty <byte>(); }
/// <summary> /// Creates a new instance of the CDsRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="keyTag"> Key tag </param> /// <param name="algorithm"> Algorithm used </param> /// <param name="digestType"> Type of the digest </param> /// <param name="digest"> Binary data of the digest </param> public CDsRecord(DomainName name, RecordClass recordClass, int timeToLive, ushort keyTag, DnsSecAlgorithm algorithm, DnsSecDigestType digestType, byte[] digest) : base(name, RecordType.Ds, recordClass, timeToLive) { KeyTag = keyTag; Algorithm = algorithm; DigestType = digestType; Digest = digest ?? new byte[] { }; }
/// <summary> /// Creates a new instace of the CertRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="type"> Type of the certificate data </param> /// <param name="keyTag"> Key tag </param> /// <param name="algorithm"> Algorithm of the certificate </param> /// <param name="certificate"> Binary data of the certificate </param> public CertRecord(string name, int timeToLive, CertType type, ushort keyTag, DnsSecAlgorithm algorithm, byte[] certificate) : base(name, RecordType.Cert, RecordClass.INet, timeToLive) { Type = type; KeyTag = keyTag; Algorithm = algorithm; Certificate = certificate ?? new byte[] { }; }
/// <summary> /// Creates a new instance of the DnsKeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol field </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> public DnsKeyRecord(string name, RecordClass recordClass, int timeToLive, ushort flags, byte protocol, DnsSecAlgorithm algorithm, byte[] publicKey) : base(name, RecordType.DnsKey, recordClass, timeToLive) { Flags = flags; Protocol = protocol; Algorithm = algorithm; PublicKey = publicKey ?? new byte[] { }; }
public NSec3ParamRecord(string name, RecordClass recordClass, int timeToLive, DnsSecAlgorithm hashAlgorithm, byte flags, ushort iterations, byte[] salt) : base(name, RecordType.NSec3Param, recordClass, timeToLive) { HashAlgorithm = hashAlgorithm; Flags = flags; Iterations = iterations; Salt = salt ?? new byte[] { }; }
/// <summary> /// Creates a new instace of the CertRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="type"> Type of the certificate data </param> /// <param name="keyTag"> Key tag </param> /// <param name="algorithm"> Algorithm of the certificate </param> /// <param name="certificate"> Binary data of the certificate </param> public CertRecord(DomainName name, int timeToLive, CertType type, ushort keyTag, DnsSecAlgorithm algorithm, byte[] certificate) : base(name, RecordType.Cert, RecordClass.INet, timeToLive) { Type = type; KeyTag = keyTag; Algorithm = algorithm; Certificate = certificate ?? Array.Empty <byte>(); }
/// <summary> /// Creates a new instance of the DnsKeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol field </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> /// <param name="privateKey"> Binary data of the private key </param> public CDnsKeyRecord(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, byte[] publicKey, byte[] privateKey) : base(name, RecordType.CDnsKey, recordClass, timeToLive) { Flags = flags; Protocol = protocol; Algorithm = algorithm; PublicKey = publicKey; PrivateKey = privateKey; }
/// <summary> /// Creates a new instance of the SigRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="typeCovered"> /// <see cref="RecordType">Record type</see> that is covered by this record /// </param> /// <param name="algorithm"> /// <see cref="DnsSecAlgorithm">Algorithm</see> that is used for signature /// </param> /// <param name="labels"> Label count of original record that is covered by this record </param> /// <param name="originalTimeToLive"> Original time to live value of original record that is covered by this record </param> /// <param name="signatureExpiration"> Signature is valid until this date </param> /// <param name="signatureInception"> Signature is valid from this date </param> /// <param name="keyTag"> Key tag </param> /// <param name="signersName"> Domain name of generator of the signature </param> /// <param name="signature"> Binary data of the signature </param> public SigRecord(DomainName name, RecordClass recordClass, int timeToLive, RecordType typeCovered, DnsSecAlgorithm algorithm, byte labels, int originalTimeToLive, DateTime signatureExpiration, DateTime signatureInception, ushort keyTag, DomainName signersName, byte[] signature) : base(name, RecordType.Sig, recordClass, timeToLive) { TypeCovered = typeCovered; Algorithm = algorithm; Labels = labels; OriginalTimeToLive = originalTimeToLive; SignatureExpiration = signatureExpiration; SignatureInception = signatureInception; KeyTag = keyTag; SignersName = signersName ?? DomainName.Root; Signature = signature ?? Array.Empty <byte>(); }
/// <summary> /// Creates a new instance of the SigRecord class. /// </summary> /// <param name="name">Name of the record.</param> /// <param name="recordClass">Class of the record.</param> /// <param name="timeToLive">Seconds the record should be cached at most.</param> /// <param name="typeCovered"><see cref="RecordType">Record type</see> that is covered by this record.</param> /// <param name="algorithm"><see cref="DnsSecAlgorithm">Algorithm</see> that is used for signature.</param> /// <param name="labels">Label count of original record that is covered by this record.</param> /// <param name="originalTimeToLive">Original time to live value of original record that is covered by this record.</param> /// <param name="signatureExpiration">Signature is valid until this date.</param> /// <param name="signatureInception">Signature is valid from this date.</param> /// <param name="keyTag">Key tag.</param> /// <param name="signersName">Domain name of generator of the signature.</param> /// <param name="signature">Binary data of the signature.</param> public SigRecord(string name, RecordClass recordClass, int timeToLive, RecordType typeCovered, DnsSecAlgorithm algorithm, byte labels, int originalTimeToLive, DateTime signatureExpiration, DateTime signatureInception, ushort keyTag, string signersName, byte[] signature) : base(name, RecordType.Sig, recordClass, timeToLive) { this.TypeCovered = typeCovered; this.Algorithm = algorithm; this.Labels = labels; this.OriginalTimeToLive = originalTimeToLive; this.SignatureExpiration = signatureExpiration; this.SignatureInception = signatureInception; this.KeyTag = keyTag; this.SignersName = signersName ?? String.Empty; this.Signature = signature ?? new byte[] { }; }
/// <summary> /// Creates a new instance of the SigRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="typeCovered"> /// <see cref="RecordType">Record type</see> that is covered by this record /// </param> /// <param name="algorithm"> /// <see cref="DnsSecAlgorithm">Algorithm</see> that is used for signature /// </param> /// <param name="labels"> Label count of original record that is covered by this record </param> /// <param name="originalTimeToLive"> Original time to live value of original record that is covered by this record </param> /// <param name="signatureExpiration"> Signature is valid until this date </param> /// <param name="signatureInception"> Signature is valid from this date </param> /// <param name="keyTag"> Key tag </param> /// <param name="signersName"> Domain name of generator of the signature </param> /// <param name="signature"> Binary data of the signature </param> public SigRecord(string name, RecordClass recordClass, int timeToLive, RecordType typeCovered, DnsSecAlgorithm algorithm, byte labels, int originalTimeToLive, DateTime signatureExpiration, DateTime signatureInception, ushort keyTag, string signersName, byte[] signature) : base(name, RecordType.Sig, recordClass, timeToLive) { TypeCovered = typeCovered; Algorithm = algorithm; Labels = labels; OriginalTimeToLive = originalTimeToLive; SignatureExpiration = signatureExpiration; SignatureInception = signatureInception; KeyTag = keyTag; SignersName = signersName ?? String.Empty; Signature = signature ?? new byte[] { }; }
public static bool IsCompatibleWithNSec3(this DnsSecAlgorithm algorithm) { switch (algorithm) { case DnsSecAlgorithm.RsaSha1Nsec3Sha1: case DnsSecAlgorithm.DsaNsec3Sha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: case DnsSecAlgorithm.EccGost: case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: return(true); default: return(false); } }
public static void GenerateKeypair(DnsSecAlgorithm algo, out byte[] privateKey, out byte[] publicKey) { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = null; Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()); switch (algo) { case DnsSecAlgorithm.RsaMd5: case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: keyPair = GenerateRsaKeyPair(random, 4096); break; case DnsSecAlgorithm.DiffieHellman: keyPair = GenerateDiffieHellmanKeyPair(random, 256); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: keyPair = GenerateDsaKeyPair(random, 1024); // size must be from 512 - 1024 and a multiple of 64 break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: keyPair = GenerateEcdsaKeyPair(random); // TODO: Pass curve break; case DnsSecAlgorithm.EccGost: keyPair = GenerateGost3410KeyPair(random, 512); // 512 or 1024 break; case DnsSecAlgorithm.Indirect: case DnsSecAlgorithm.PrivateDns: case DnsSecAlgorithm.PrivateOid: throw new System.NotImplementedException("Indirect | PrivateDns | PrivateOid"); } publicKey = Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public).GetEncoded(); privateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private).GetEncoded(); }
/// <summary> /// Creates of new instance of the NSec3Record class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="hashAlgorithm"> Algorithm of hash </param> /// <param name="flags"> Flags of the record </param> /// <param name="iterations"> Number of iterations </param> /// <param name="salt"> Binary data of salt </param> /// <param name="nextHashedOwnerName"> Binary data of hash of next owner </param> /// <param name="types"> Types of next owner </param> public NSec3Record(string name, RecordClass recordClass, int timeToLive, DnsSecAlgorithm hashAlgorithm, byte flags, ushort iterations, byte[] salt, byte[] nextHashedOwnerName, List <RecordType> types) : base(name, RecordType.NSec3, recordClass, timeToLive) { HashAlgorithm = hashAlgorithm; Flags = flags; Iterations = iterations; Salt = salt ?? new byte[] { }; NextHashedOwnerName = nextHashedOwnerName ?? new byte[] { }; if ((types == null) || (types.Count == 0)) { Types = new List <RecordType>(); } else { Types = new List <RecordType>(types); types.Sort((left, right) => ((ushort)left).CompareTo((ushort)right)); } }
/// <summary> /// Creates of new instance of the NSec3Record class. /// </summary> /// <param name="name">Name of the record.</param> /// <param name="recordClass">Class of the record.</param> /// <param name="timeToLive">Seconds the record should be cached at most.</param> /// <param name="hashAlgorithm">Algorithm of hash.</param> /// <param name="flags">Flags of the record.</param> /// <param name="iterations">Number of iterations.</param> /// <param name="salt">Binary data of salt.</param> /// <param name="nextHashedOwnerName">Binary data of hash of next owner.</param> /// <param name="types">Types of next owner.</param> public NSec3Record(string name, RecordClass recordClass, int timeToLive, DnsSecAlgorithm hashAlgorithm, byte flags, ushort iterations, byte[] salt, byte[] nextHashedOwnerName, List<RecordType> types) : base(name, RecordType.NSec3, recordClass, timeToLive) { this.HashAlgorithm = hashAlgorithm; this.Flags = flags; this.Iterations = iterations; this.Salt = salt ?? new byte[] { }; this.NextHashedOwnerName = nextHashedOwnerName ?? new byte[] { }; if ((types == null) || (types.Count == 0)) { this.Types = new List<RecordType>(); } else { this.Types = new List<RecordType>(types); types.Sort((left, right) => ((ushort) left).CompareTo((ushort) right)); } }
/// <summary> /// Creates of new instance of the KeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol for which the key is used </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> public KeyRecord(DomainName name, RecordClass recordClass, int timeToLive, ushort flags, ProtocolType protocol, DnsSecAlgorithm algorithm, byte[] publicKey) : base(name, recordClass, timeToLive, flags, protocol, algorithm) { PublicKey = publicKey ?? Array.Empty <byte>(); }
/// <summary> /// Creates of new instance of the KeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol for which the key is used </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> public KeyRecord(string name, RecordClass recordClass, int timeToLive, ushort flags, ProtocolType protocol, DnsSecAlgorithm algorithm, byte[] publicKey) : base(name, recordClass, timeToLive, flags, protocol, algorithm) { PublicKey = publicKey ?? new byte[] { }; }
/// <summary> /// Creates a new instance of the SigRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="typeCovered"> /// <see cref="RecordType">Record type</see> that is covered by this record /// </param> /// <param name="algorithm"> /// <see cref="DnsSecAlgorithm">Algorithm</see> that is used for signature /// </param> /// <param name="labels"> Label count of original record that is covered by this record </param> /// <param name="originalTimeToLive"> Original time to live value of original record that is covered by this record </param> /// <param name="signatureExpiration"> Signature is valid until this date </param> /// <param name="signatureInception"> Signature is valid from this date </param> /// <param name="keyTag"> Key tag </param> /// <param name="signersName"> Domain name of generator of the signature </param> /// <param name="signature"> Binary data of the signature </param> public SigRecord(DomainName name, RecordClass recordClass, int timeToLive, RecordType typeCovered, DnsSecAlgorithm algorithm, byte labels, int originalTimeToLive, DateTime signatureExpiration, DateTime signatureInception, ushort keyTag, DomainName signersName, byte[] signature) : base(name, RecordType.Sig, recordClass, timeToLive) { TypeCovered = typeCovered; Algorithm = algorithm; Labels = labels; OriginalTimeToLive = originalTimeToLive; SignatureExpiration = signatureExpiration; SignatureInception = signatureInception; KeyTag = keyTag; SignersName = signersName ?? DomainName.Root; Signature = signature ?? new byte[] { }; }
/// <summary> /// Creates a new signing key pair /// </summary> /// <param name="name">The name of the key or zone</param> /// <param name="recordClass">The record class of the DnsKeyRecord</param> /// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param> /// <param name="flags">The Flags of the DnsKeyRecord</param> /// <param name="protocol">The protocol version</param> /// <param name="algorithm">The key algorithm</param> /// <param name="keyStrength">The key strength or 0 for default strength</param> /// <returns></returns> public static KeyPairRecord CreateSigningKey(DnsSecAlgorithm algorithm, DnsKeyFlags flags, int keyStrength = 0) { // Found in DnsKeyRecord.CreateSigningKey KeyPairRecord rec = new KeyPairRecord(); rec.Flags = flags; rec.Algorithm = algorithm; Org.BouncyCastle.Security.SecureRandom _secureRandom = new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()); // https://csharp.hotexamples.com/examples/Org.BouncyCastle.Crypto.Generators/DsaKeyPairGenerator/GenerateKeyPair/php-dsakeypairgenerator-generatekeypair-method-examples.html switch (algorithm) { case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: if (keyStrength == 0) { keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024; } Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator rsaKeyGen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); rsaKeyGen.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(_secureRandom, keyStrength)); var rsaKey = rsaKeyGen.GenerateKeyPair(); rec.KeyPair = rsaKey; rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded(); var rsaPublicKey = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)rsaKey.Public; var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned(); var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned(); int offset = 1; if (rsaExponent.Length > 255) { rec.PublicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length]; EncodeUShort(rec.PublicKey, ref offset, (ushort)rec.PublicKey.Length); } else { rec.PublicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length]; rec.PublicKey[0] = (byte)rsaExponent.Length; } EncodeByteArray(rec.PublicKey, ref offset, rsaExponent); EncodeByteArray(rec.PublicKey, ref offset, rsaModulus); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: if (keyStrength == 0) { keyStrength = 1024; } Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator dsaParamsGen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator(); dsaParamsGen.Init(keyStrength, 12, _secureRandom); Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator dsaKeyGen = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator(); dsaKeyGen.Init(new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters())); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair dsaKey = dsaKeyGen.GenerateKeyPair(); rec.KeyPair = dsaKey; rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded(); var dsaPublicKey = (Org.BouncyCastle.Crypto.Parameters.DsaPublicKeyParameters)dsaKey.Public; byte[] dsaY = dsaPublicKey.Y.ToByteArrayUnsigned(); byte[] dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned(); byte[] dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned(); byte[] dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned(); byte dsaT = (byte)((dsaY.Length - 64) / 8); rec.PublicKey = new byte[21 + 3 * dsaY.Length]; rec.PublicKey[0] = dsaT; dsaQ.CopyTo(rec.PublicKey, 1); dsaP.CopyTo(rec.PublicKey, 21); dsaG.CopyTo(rec.PublicKey, 21 + dsaY.Length); dsaY.CopyTo(rec.PublicKey, 21 + 2 * dsaY.Length); break; case DnsSecAlgorithm.EccGost: Org.BouncyCastle.Crypto.Parameters.ECDomainParameters gostEcDomainParameters = Org.BouncyCastle.Asn1.CryptoPro.ECGost3410NamedCurves.GetByOid(Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); var gostKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); gostKeyGen.Init(new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom)); var gostKey = gostKeyGen.GenerateKeyPair(); rec.KeyPair = gostKey; rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded(); var gostPublicKey = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)gostKey.Public; rec.PublicKey = new byte[64]; // gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32); gostPublicKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, 32); // gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); gostPublicKey.Q.AffineYCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, 0); System.Array.Reverse(rec.PublicKey); break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: int ecDsaDigestSize; Org.BouncyCastle.Asn1.X9.X9ECParameters ecDsaCurveParameter; if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256) { ecDsaDigestSize = new Org.BouncyCastle.Crypto.Digests.Sha256Digest().GetDigestSize(); ecDsaCurveParameter = Org.BouncyCastle.Asn1.Nist.NistNamedCurves.GetByOid(Org.BouncyCastle.Asn1.Sec.SecObjectIdentifiers.SecP256r1); } else { ecDsaDigestSize = new Org.BouncyCastle.Crypto.Digests.Sha384Digest().GetDigestSize(); ecDsaCurveParameter = Org.BouncyCastle.Asn1.Nist.NistNamedCurves.GetByOid(Org.BouncyCastle.Asn1.Sec.SecObjectIdentifiers.SecP384r1); } Org.BouncyCastle.Crypto.Parameters.ECDomainParameters ecDsaP384EcDomainParameters = new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters( ecDsaCurveParameter.Curve, ecDsaCurveParameter.G, ecDsaCurveParameter.N, ecDsaCurveParameter.H, ecDsaCurveParameter.GetSeed()); var ecDsaKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); ecDsaKeyGen.Init(new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair ecDsaKey = ecDsaKeyGen.GenerateKeyPair(); rec.KeyPair = ecDsaKey; rec.PrivateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded(); var ecDsaPublicKey = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)ecDsaKey.Public; rec.PublicKey = new byte[ecDsaDigestSize * 2]; // ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); ecDsaPublicKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, 0); // ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize); ecDsaPublicKey.Q.AffineYCoord.ToBigInteger().ToByteArrayUnsigned().CopyTo(rec.PublicKey, ecDsaDigestSize); break; default: throw new System.NotSupportedException(); } // return new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, rec.PublicKey, rec.PrivateKey); return(rec); }
/// <summary> /// Creates a new instance of the DnsKeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol field </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> /// <param name="privateKey"> Binary data of the private key </param> public DnsKeyRecord(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, byte[] publicKey, byte[] privateKey) : base(name, RecordType.DnsKey, recordClass, timeToLive) { Flags = flags; Protocol = protocol; Algorithm = algorithm; PublicKey = publicKey; PrivateKey = privateKey; }
/// <summary> /// Creates a new signing key pair /// </summary> /// <param name="name">The name of the key or zone</param> /// <param name="recordClass">The record class of the DnsKeyRecord</param> /// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param> /// <param name="flags">The Flags of the DnsKeyRecord</param> /// <param name="protocol">The protocol version</param> /// <param name="algorithm">The key algorithm</param> /// <param name="keyStrength">The key strength or 0 for default strength</param> /// <returns></returns> public static DnsKeyRecord CreateSigningKey(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, int keyStrength = 0) { byte[] privateKey; byte[] publicKey; switch (algorithm) { case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: if (keyStrength == 0) keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024; RsaKeyPairGenerator rsaKeyGen = new RsaKeyPairGenerator(); rsaKeyGen.Init(new KeyGenerationParameters(_secureRandom, keyStrength)); var rsaKey = rsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded(); var rsaPublicKey = (RsaKeyParameters) rsaKey.Public; var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned(); var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned(); int offset = 1; if (rsaExponent.Length > 255) { publicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length]; DnsMessageBase.EncodeUShort(publicKey, ref offset, (ushort) publicKey.Length); } else { publicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length]; publicKey[0] = (byte) rsaExponent.Length; } DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaExponent); DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaModulus); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: if (keyStrength == 0) keyStrength = 1024; DsaParametersGenerator dsaParamsGen = new DsaParametersGenerator(); dsaParamsGen.Init(keyStrength, 12, _secureRandom); DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator(); dsaKeyGen.Init(new DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters())); var dsaKey = dsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded(); var dsaPublicKey = (DsaPublicKeyParameters) dsaKey.Public; var dsaY = dsaPublicKey.Y.ToByteArrayUnsigned(); var dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned(); var dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned(); var dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned(); var dsaT = (byte) ((dsaY.Length - 64) / 8); publicKey = new byte[21 + 3 * dsaY.Length]; publicKey[0] = dsaT; dsaQ.CopyTo(publicKey, 1); dsaP.CopyTo(publicKey, 21); dsaG.CopyTo(publicKey, 21 + dsaY.Length); dsaY.CopyTo(publicKey, 21 + 2 * dsaY.Length); break; case DnsSecAlgorithm.EccGost: ECDomainParameters gostEcDomainParameters = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); var gostKeyGen = new ECKeyPairGenerator(); gostKeyGen.Init(new ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom)); var gostKey = gostKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded(); var gostPublicKey = (ECPublicKeyParameters) gostKey.Public; publicKey = new byte[64]; gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32); gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); publicKey = publicKey.Reverse().ToArray(); break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: int ecDsaDigestSize; X9ECParameters ecDsaCurveParameter; if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256) { ecDsaDigestSize = new Sha256Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP256r1); } else { ecDsaDigestSize = new Sha384Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP384r1); } ECDomainParameters ecDsaP384EcDomainParameters = new ECDomainParameters( ecDsaCurveParameter.Curve, ecDsaCurveParameter.G, ecDsaCurveParameter.N, ecDsaCurveParameter.H, ecDsaCurveParameter.GetSeed()); var ecDsaKeyGen = new ECKeyPairGenerator(); ecDsaKeyGen.Init(new ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom)); var ecDsaKey = ecDsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded(); var ecDsaPublicKey = (ECPublicKeyParameters) ecDsaKey.Public; publicKey = new byte[ecDsaDigestSize * 2]; ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize); break; default: throw new NotSupportedException(); } return new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, privateKey); }
/// <summary> /// Creates a new signing key pair /// </summary> /// <param name="name">The name of the key or zone</param> /// <param name="recordClass">The record class of the DnsKeyRecord</param> /// <param name="timeToLive">The TTL in seconds to the DnsKeyRecord</param> /// <param name="flags">The Flags of the DnsKeyRecord</param> /// <param name="protocol">The protocol version</param> /// <param name="algorithm">The key algorithm</param> /// <param name="keyStrength">The key strength or 0 for default strength</param> /// <returns></returns> public static DnsKeyRecord CreateSigningKey(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, int keyStrength = 0) { byte[] privateKey; byte[] publicKey; switch (algorithm) { case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: if (keyStrength == 0) { keyStrength = (flags == (DnsKeyFlags.Zone | DnsKeyFlags.SecureEntryPoint)) ? 2048 : 1024; } RsaKeyPairGenerator rsaKeyGen = new RsaKeyPairGenerator(); rsaKeyGen.Init(new KeyGenerationParameters(_secureRandom, keyStrength)); var rsaKey = rsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKey.Private).GetDerEncoded(); var rsaPublicKey = (RsaKeyParameters)rsaKey.Public; var rsaExponent = rsaPublicKey.Exponent.ToByteArrayUnsigned(); var rsaModulus = rsaPublicKey.Modulus.ToByteArrayUnsigned(); int offset = 1; if (rsaExponent.Length > 255) { publicKey = new byte[3 + rsaExponent.Length + rsaModulus.Length]; DnsMessageBase.EncodeUShort(publicKey, ref offset, (ushort)publicKey.Length); } else { publicKey = new byte[1 + rsaExponent.Length + rsaModulus.Length]; publicKey[0] = (byte)rsaExponent.Length; } DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaExponent); DnsMessageBase.EncodeByteArray(publicKey, ref offset, rsaModulus); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: if (keyStrength == 0) { keyStrength = 1024; } DsaParametersGenerator dsaParamsGen = new DsaParametersGenerator(); dsaParamsGen.Init(keyStrength, 12, _secureRandom); DsaKeyPairGenerator dsaKeyGen = new DsaKeyPairGenerator(); dsaKeyGen.Init(new DsaKeyGenerationParameters(_secureRandom, dsaParamsGen.GenerateParameters())); var dsaKey = dsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(dsaKey.Private).GetDerEncoded(); var dsaPublicKey = (DsaPublicKeyParameters)dsaKey.Public; var dsaY = dsaPublicKey.Y.ToByteArrayUnsigned(); var dsaP = dsaPublicKey.Parameters.P.ToByteArrayUnsigned(); var dsaQ = dsaPublicKey.Parameters.Q.ToByteArrayUnsigned(); var dsaG = dsaPublicKey.Parameters.G.ToByteArrayUnsigned(); var dsaT = (byte)((dsaY.Length - 64) / 8); publicKey = new byte[21 + 3 * dsaY.Length]; publicKey[0] = dsaT; dsaQ.CopyTo(publicKey, 1); dsaP.CopyTo(publicKey, 21); dsaG.CopyTo(publicKey, 21 + dsaY.Length); dsaY.CopyTo(publicKey, 21 + 2 * dsaY.Length); break; case DnsSecAlgorithm.EccGost: ECDomainParameters gostEcDomainParameters = ECGost3410NamedCurves.GetByOid(CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); var gostKeyGen = new ECKeyPairGenerator(); gostKeyGen.Init(new ECKeyGenerationParameters(gostEcDomainParameters, _secureRandom)); var gostKey = gostKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(gostKey.Private).GetDerEncoded(); var gostPublicKey = (ECPublicKeyParameters)gostKey.Public; publicKey = new byte[64]; gostPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 32); gostPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); publicKey = publicKey.Reverse().ToArray(); break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: int ecDsaDigestSize; X9ECParameters ecDsaCurveParameter; if (algorithm == DnsSecAlgorithm.EcDsaP256Sha256) { ecDsaDigestSize = new Sha256Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP256r1); } else { ecDsaDigestSize = new Sha384Digest().GetDigestSize(); ecDsaCurveParameter = NistNamedCurves.GetByOid(SecObjectIdentifiers.SecP384r1); } ECDomainParameters ecDsaP384EcDomainParameters = new ECDomainParameters( ecDsaCurveParameter.Curve, ecDsaCurveParameter.G, ecDsaCurveParameter.N, ecDsaCurveParameter.H, ecDsaCurveParameter.GetSeed()); var ecDsaKeyGen = new ECKeyPairGenerator(); ecDsaKeyGen.Init(new ECKeyGenerationParameters(ecDsaP384EcDomainParameters, _secureRandom)); var ecDsaKey = ecDsaKeyGen.GenerateKeyPair(); privateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(ecDsaKey.Private).GetDerEncoded(); var ecDsaPublicKey = (ECPublicKeyParameters)ecDsaKey.Public; publicKey = new byte[ecDsaDigestSize * 2]; ecDsaPublicKey.Q.X.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, 0); ecDsaPublicKey.Q.Y.ToBigInteger().ToByteArrayUnsigned().CopyTo(publicKey, ecDsaDigestSize); break; default: throw new NotSupportedException(); } return(new DnsKeyRecord(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, privateKey)); }
/// <summary> /// Creates a new instance of the DnsKeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol field </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> public CDnsKeyRecord(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, byte[] publicKey) : this(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, null) { }
/// <summary> /// Creates a new instance of the DnsKeyRecord class /// </summary> /// <param name="name"> Name of the record </param> /// <param name="recordClass"> Class of the record </param> /// <param name="timeToLive"> Seconds the record should be cached at most </param> /// <param name="flags"> Flags of the key </param> /// <param name="protocol"> Protocol field </param> /// <param name="algorithm"> Algorithm of the key </param> /// <param name="publicKey"> Binary data of the public key </param> public DnsKeyRecord(DomainName name, RecordClass recordClass, int timeToLive, DnsKeyFlags flags, byte protocol, DnsSecAlgorithm algorithm, byte[] publicKey) : this(name, recordClass, timeToLive, flags, protocol, algorithm, publicKey, null) {}