gmsm/smx509/sec1.go

package smx509

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"encoding/asn1"
	"errors"
	"fmt"
	"math/big"

	"github.com/emmansun/gmsm/sm2"
)

// pkcs1PrivateKey is a structure which mirrors the PKCS#1 ASN.1 for an RSA private key.
type pkcs1PrivateKey struct {
	Version int
	N       *big.Int
	E       int
	D       *big.Int
	P       *big.Int
	Q       *big.Int
	// We ignore these values, if present, because rsa will calculate them.
	Dp   *big.Int `asn1:"optional"`
	Dq   *big.Int `asn1:"optional"`
	Qinv *big.Int `asn1:"optional"`

	AdditionalPrimes []pkcs1AdditionalRSAPrime `asn1:"optional,omitempty"`
}

type pkcs1AdditionalRSAPrime struct {
	Prime *big.Int

	// We ignore these values because rsa will calculate them.
	Exp   *big.Int
	Coeff *big.Int
}

const ecPrivKeyVersion = 1

// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
// References:
//   RFC 5915
//   SEC1 - http://www.secg.org/sec1-v2.pdf
// Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
// most cases it is not.
type ecPrivateKey struct {
	Version       int
	PrivateKey    []byte
	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
	PublicKey     asn1.BitString        `asn1:"optional,explicit,tag:1"`
}

// ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.
//
// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
	return parseECPrivateKey(nil, der)
}

// ParseSM2PrivateKey parses an SM2 private key
func ParseSM2PrivateKey(der []byte) (*sm2.PrivateKey, error) {
	key, err := parseECPrivateKey(nil, der)
	if err != nil {
		return nil, err
	}
	return new(sm2.PrivateKey).FromECPrivateKey(key)
}

// MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.
//
// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
// For a more flexible key format which is not EC specific, use
// MarshalPKCS8PrivateKey.
func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
	oid, ok := oidFromNamedCurve(key.Curve)
	if !ok {
		return nil, errors.New("x509: unknown elliptic curve")
	}

	return marshalECPrivateKeyWithOID(key, oid)
}

// MarshalSM2PrivateKey convient method to marshal sm2 private key directly
func MarshalSM2PrivateKey(key *sm2.PrivateKey) ([]byte, error) {
	return MarshalECPrivateKey(&key.PrivateKey)
}

// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and
// sets the curve ID to the given OID, or omits it if OID is nil.
func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {
	privateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
	return asn1.Marshal(ecPrivateKey{
		Version:       1,
		PrivateKey:    key.D.FillBytes(privateKey),
		NamedCurveOID: oid,
		PublicKey:     asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
	})
}

// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
// The OID for the named curve may be provided from another source (such as
// the PKCS8 container) - if it is provided then use this instead of the OID
// that may exist in the EC private key structure.
func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
	var privKey ecPrivateKey
	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
		if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
			return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
		}
		if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
			return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
		}
		return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
	}
	if privKey.Version != ecPrivKeyVersion {
		return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
	}

	var curve elliptic.Curve
	if namedCurveOID != nil {
		curve = namedCurveFromOID(*namedCurveOID)
	} else {
		curve = namedCurveFromOID(privKey.NamedCurveOID)
	}
	if curve == nil {
		return nil, errors.New("x509: unknown elliptic curve")
	}

	k := new(big.Int).SetBytes(privKey.PrivateKey)
	curveOrder := curve.Params().N
	if k.Cmp(curveOrder) >= 0 {
		return nil, errors.New("x509: invalid elliptic curve private key value")
	}
	priv := new(ecdsa.PrivateKey)
	priv.Curve = curve
	priv.D = k

	privateKey := make([]byte, (curveOrder.BitLen()+7)/8)

	// Some private keys have leading zero padding. This is invalid
	// according to [SEC1], but this code will ignore it.
	for len(privKey.PrivateKey) > len(privateKey) {
		if privKey.PrivateKey[0] != 0 {
			return nil, errors.New("x509: invalid private key length")
		}
		privKey.PrivateKey = privKey.PrivateKey[1:]
	}

	// Some private keys remove all leading zeros, this is also invalid
	// according to [SEC1] but since OpenSSL used to do this, we ignore
	// this too.
	copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
	priv.X, priv.Y = curve.ScalarBaseMult(privateKey)

	return priv, nil
}
MAGIC - bad idea to port whole x509 2021-02-15 20:09:49 +08:00			`package smx509`

			`import (`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"encoding/asn1"`
			`"errors"`
			`"fmt"`
			`"math/big"`

			`"github.com/emmansun/gmsm/sm2"`
			`)`

			`// pkcs1PrivateKey is a structure which mirrors the PKCS#1 ASN.1 for an RSA private key.`
			`type pkcs1PrivateKey struct {`
			`Version int`
			`N *big.Int`
			`E int`
			`D *big.Int`
			`P *big.Int`
			`Q *big.Int`
			`// We ignore these values, if present, because rsa will calculate them.`
			Dp *big.Int `asn1:"optional"`
			Dq *big.Int `asn1:"optional"`
			Qinv *big.Int `asn1:"optional"`

			AdditionalPrimes []pkcs1AdditionalRSAPrime `asn1:"optional,omitempty"`
			`}`

			`type pkcs1AdditionalRSAPrime struct {`
			`Prime *big.Int`

			`// We ignore these values because rsa will calculate them.`
			`Exp *big.Int`
			`Coeff *big.Int`
			`}`

			`const ecPrivKeyVersion = 1`

			`// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.`
			`// References:`
			`// RFC 5915`
			`// SEC1 - http://www.secg.org/sec1-v2.pdf`
			`// Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in`
			`// most cases it is not.`
			`type ecPrivateKey struct {`
			`Version int`
			`PrivateKey []byte`
			NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
			PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"`
			`}`

			`// ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.`
			`//`
			`// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".`
			`func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {`
			`return parseECPrivateKey(nil, der)`
			`}`

			`// ParseSM2PrivateKey parses an SM2 private key`
			`func ParseSM2PrivateKey(der []byte) (*sm2.PrivateKey, error) {`
			`key, err := parseECPrivateKey(nil, der)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return new(sm2.PrivateKey).FromECPrivateKey(key)`
			`}`

			`// MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.`
			`//`
			`// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".`
			`// For a more flexible key format which is not EC specific, use`
			`// MarshalPKCS8PrivateKey.`
			`func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {`
			`oid, ok := oidFromNamedCurve(key.Curve)`
			`if !ok {`
			`return nil, errors.New("x509: unknown elliptic curve")`
			`}`

			`return marshalECPrivateKeyWithOID(key, oid)`
			`}`

			`// MarshalSM2PrivateKey convient method to marshal sm2 private key directly`
			`func MarshalSM2PrivateKey(key *sm2.PrivateKey) ([]byte, error) {`
			`return MarshalECPrivateKey(&key.PrivateKey)`
			`}`

			`// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and`
			`// sets the curve ID to the given OID, or omits it if OID is nil.`
			`func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {`
align x509 implementation 2021-12-03 15:12:27 +08:00			`privateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)`
MAGIC - bad idea to port whole x509 2021-02-15 20:09:49 +08:00			`return asn1.Marshal(ecPrivateKey{`
			`Version: 1,`
align x509 implementation 2021-12-03 15:12:27 +08:00			`PrivateKey: key.D.FillBytes(privateKey),`
MAGIC - bad idea to port whole x509 2021-02-15 20:09:49 +08:00			`NamedCurveOID: oid,`
			`PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},`
			`})`
			`}`

			`// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.`
			`// The OID for the named curve may be provided from another source (such as`
			`// the PKCS8 container) - if it is provided then use this instead of the OID`
			`// that may exist in the EC private key structure.`
			`func parseECPrivateKey(namedCurveOID asn1.ObjectIdentifier, der []byte) (key ecdsa.PrivateKey, err error) {`
			`var privKey ecPrivateKey`
			`if _, err := asn1.Unmarshal(der, &privKey); err != nil {`
			`if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {`
			`return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")`
			`}`
			`if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {`
			`return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")`
			`}`
			`return nil, errors.New("x509: failed to parse EC private key: " + err.Error())`
			`}`
			`if privKey.Version != ecPrivKeyVersion {`
			`return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)`
			`}`

			`var curve elliptic.Curve`
			`if namedCurveOID != nil {`
			`curve = namedCurveFromOID(*namedCurveOID)`
			`} else {`
			`curve = namedCurveFromOID(privKey.NamedCurveOID)`
			`}`
			`if curve == nil {`
			`return nil, errors.New("x509: unknown elliptic curve")`
			`}`

			`k := new(big.Int).SetBytes(privKey.PrivateKey)`
			`curveOrder := curve.Params().N`
			`if k.Cmp(curveOrder) >= 0 {`
			`return nil, errors.New("x509: invalid elliptic curve private key value")`
			`}`
			`priv := new(ecdsa.PrivateKey)`
			`priv.Curve = curve`
			`priv.D = k`

			`privateKey := make([]byte, (curveOrder.BitLen()+7)/8)`

			`// Some private keys have leading zero padding. This is invalid`
			`// according to [SEC1], but this code will ignore it.`
			`for len(privKey.PrivateKey) > len(privateKey) {`
			`if privKey.PrivateKey[0] != 0 {`
			`return nil, errors.New("x509: invalid private key length")`
			`}`
			`privKey.PrivateKey = privKey.PrivateKey[1:]`
			`}`

			`// Some private keys remove all leading zeros, this is also invalid`
			`// according to [SEC1] but since OpenSSL used to do this, we ignore`
			`// this too.`
			`copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)`
			`priv.X, priv.Y = curve.ScalarBaseMult(privateKey)`

			`return priv, nil`
			`}`