gmsm/smx509/pkcs8.go

package smx509

import (
	"crypto/ecdsa"
	"crypto/x509"
	"crypto/x509/pkix"
	"encoding/asn1"
	"errors"

	"github.com/emmansun/gmsm/ecdh"
	"github.com/emmansun/gmsm/sm2"
	"github.com/emmansun/gmsm/sm9"
)

var (
	oidSM9     = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302}
	oidSM9Sign = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 1}
	oidSM9Enc  = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 3}
)

// pkcs8 reflects an ASN.1, PKCS #8 PrivateKey. See
// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
// and RFC 5208.
type pkcs8 struct {
	Version    int
	Algo       pkix.AlgorithmIdentifier
	PrivateKey []byte
	// optional attributes omitted.
}

// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form.
//
// It returns a *rsa.PrivateKey, a *ecdsa.PrivateKey, a *sm2.PrivateKey, a *sm9.SignMasterPrivateKey,
// a *sm9.SignPrivateKey, a *sm9.EncryptMasterPrivateKey, a *sm9.EncryptPrivateKey or a ed25519.PrivateKey.
// More types might be supported in the future.
//
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
	var privKey pkcs8
	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
		if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil {
			return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")
		}
		if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
			return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
		}
		return nil, err
	}
	if privKey.Algo.Algorithm.Equal(oidSM9) || privKey.Algo.Algorithm.Equal(oidSM9Sign) || privKey.Algo.Algorithm.Equal(oidSM9Enc) {
		return parseSM9PrivateKey(privKey)
	}
	if !privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA) {
		return x509.ParsePKCS8PrivateKey(der)
	}
	bytes := privKey.Algo.Parameters.FullBytes
	namedCurveOID := new(asn1.ObjectIdentifier)
	if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil {
		namedCurveOID = nil
	}
	ecKey, err := parseECPrivateKey(namedCurveOID, privKey.PrivateKey)
	if err != nil {
		return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
	}
	if namedCurveOID.Equal(oidNamedCurveP256SM2) {
		key, err = new(sm2.PrivateKey).FromECPrivateKey(ecKey)
	} else {
		key = ecKey
	}
	return key, err
}

func parseSM9PrivateKey(privKey pkcs8) (key interface{}, err error) {
	switch {
	case privKey.Algo.Algorithm.Equal(oidSM9Sign):
		sm9SignKey := new(sm9.SignPrivateKey)
		err = sm9SignKey.UnmarshalASN1(privKey.PrivateKey)
		if err != nil {
			return
		}
		key = sm9SignKey
		return
	case privKey.Algo.Algorithm.Equal(oidSM9Enc):
		sm9EncKey := new(sm9.EncryptPrivateKey)
		err = sm9EncKey.UnmarshalASN1(privKey.PrivateKey)
		if err != nil {
			return
		}
		key = sm9EncKey
		return
	default:
		bytes := privKey.Algo.Parameters.FullBytes
		detailOID := new(asn1.ObjectIdentifier)
		_, err = asn1.Unmarshal(bytes, detailOID)
		if err != nil {
			return
		}
		switch {
		case oidSM9Sign.Equal(*detailOID):
			sm9SignMasterKey := new(sm9.SignMasterPrivateKey)
			err = sm9SignMasterKey.UnmarshalASN1(privKey.PrivateKey)
			if err != nil {
				return
			}
			key = sm9SignMasterKey
			return
		case oidSM9Enc.Equal(*detailOID):
			sm9EncMasterKey := new(sm9.EncryptMasterPrivateKey)
			err = sm9EncMasterKey.UnmarshalASN1(privKey.PrivateKey)
			if err != nil {
				return
			}
			key = sm9EncMasterKey
			return
		}
		return nil, errors.New("not support yet")
	}
}

// MarshalPKCS8PrivateKey converts a private key to PKCS #8, ASN.1 DER form.
//
// The following key types are currently supported: *rsa.PrivateKey, *ecdsa.PrivateKey, a *sm2.PrivateKey, a *ecdh.PrivateKey
// a *sm9.SignMasterPrivateKey, a *sm9.SignPrivateKey, a *sm9.EncryptMasterPrivateKey, a *sm9.EncryptPrivateKey
// and ed25519.PrivateKey. Unsupported key types result in an error.
//
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
	switch k := key.(type) {
	case *sm2.PrivateKey:
		return marshalPKCS8ECPrivateKey(&k.PrivateKey)
	case *ecdh.PrivateKey:
		return marshalPKCS8ECDHPrivateKey(k)
	case *sm9.SignPrivateKey:
		return marshalPKCS8SM9SignPrivateKey(k)
	case *sm9.EncryptPrivateKey:
		return marshalPKCS8SM9EncPrivateKey(k)
	case *sm9.SignMasterPrivateKey:
		return marshalPKCS8SM9SignMasterPrivateKey(k)
	case *sm9.EncryptMasterPrivateKey:
		return marshalPKCS8SM9EncMasterPrivateKey(k)
	}
	return x509.MarshalPKCS8PrivateKey(key)
}

type sm9PrivateKey struct {
	PrivateKey asn1.RawValue
	PublicKey  asn1.RawValue
}

func marshalPKCS8SM9SignPrivateKey(k *sm9.SignPrivateKey) ([]byte, error) {
	var privKey pkcs8
	privKey.Algo = pkix.AlgorithmIdentifier{
		Algorithm:  oidSM9Sign,
		Parameters: asn1.NullRawValue,
	}

	key := sm9PrivateKey{}
	privans1, err := k.MarshalASN1()
	if err != nil {
		return nil, err
	}
	pubasn1, err := k.MasterPublic().MarshalASN1()
	if err != nil {
		return nil, err
	}
	key.PrivateKey.FullBytes = privans1
	key.PublicKey.FullBytes = pubasn1

	if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {
		return nil, errors.New("x509: failed to marshal sm9 sign private key while building PKCS#8: " + err.Error())
	}
	return asn1.Marshal(privKey)
}

func marshalPKCS8SM9EncPrivateKey(k *sm9.EncryptPrivateKey) ([]byte, error) {
	var privKey pkcs8
	privKey.Algo = pkix.AlgorithmIdentifier{
		Algorithm:  oidSM9Enc,
		Parameters: asn1.NullRawValue,
	}
	key := sm9PrivateKey{}
	privans1, err := k.MarshalASN1()
	if err != nil {
		return nil, err
	}
	pubasn1, err := k.MasterPublic().MarshalASN1()
	if err != nil {
		return nil, err
	}
	key.PrivateKey.FullBytes = privans1
	key.PublicKey.FullBytes = pubasn1

	if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {
		return nil, errors.New("x509: failed to marshal sm9 encrypt private key while building PKCS#8: " + err.Error())
	}
	return asn1.Marshal(privKey)
}

func marshalPKCS8SM9SignMasterPrivateKey(k *sm9.SignMasterPrivateKey) ([]byte, error) {
	var privKey pkcs8
	oidBytes, err := asn1.Marshal(oidSM9Sign)
	if err != nil {
		return nil, errors.New("x509: failed to marshal SM9 OID: " + err.Error())
	}

	privKey.Algo = pkix.AlgorithmIdentifier{
		Algorithm: oidSM9,
		Parameters: asn1.RawValue{
			FullBytes: oidBytes,
		},
	}

	key := sm9PrivateKey{}
	privans1, err := k.MarshalASN1()
	if err != nil {
		return nil, err
	}
	pubasn1, err := k.Public().MarshalASN1()
	if err != nil {
		return nil, err
	}
	key.PrivateKey.FullBytes = privans1
	key.PublicKey.FullBytes = pubasn1

	if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {
		return nil, errors.New("x509: failed to marshal sm9 sign master private key while building PKCS#8: " + err.Error())
	}
	return asn1.Marshal(privKey)
}

func marshalPKCS8SM9EncMasterPrivateKey(k *sm9.EncryptMasterPrivateKey) ([]byte, error) {
	var privKey pkcs8
	oidBytes, err := asn1.Marshal(oidSM9Enc)
	if err != nil {
		return nil, errors.New("x509: failed to marshal SM9 OID: " + err.Error())
	}

	privKey.Algo = pkix.AlgorithmIdentifier{
		Algorithm: oidSM9,
		Parameters: asn1.RawValue{
			FullBytes: oidBytes,
		},
	}

	key := sm9PrivateKey{}
	privans1, err := k.MarshalASN1()
	if err != nil {
		return nil, err
	}
	pubasn1, err := k.Public().MarshalASN1()
	if err != nil {
		return nil, err
	}
	key.PrivateKey.FullBytes = privans1
	key.PublicKey.FullBytes = pubasn1

	if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {
		return nil, errors.New("x509: failed to marshal sm9 encrypt master private key while building PKCS#8: " + err.Error())
	}
	return asn1.Marshal(privKey)
}

func marshalPKCS8ECPrivateKey(k *ecdsa.PrivateKey) ([]byte, error) {
	var privKey pkcs8
	oid, ok := oidFromNamedCurve(k.Curve)
	if !ok {
		return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")
	}

	oidBytes, err := asn1.Marshal(oid)
	if err != nil {
		return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())
	}

	privKey.Algo = pkix.AlgorithmIdentifier{
		Algorithm: oidPublicKeyECDSA,
		Parameters: asn1.RawValue{
			FullBytes: oidBytes,
		},
	}

	if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil {
		return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())
	}
	return asn1.Marshal(privKey)
}

func marshalPKCS8ECDHPrivateKey(k *ecdh.PrivateKey) ([]byte, error) {
	var privKey pkcs8
	oid, ok := oidFromECDHCurve(k.Curve())
	if !ok {
		return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")
	}
	oidBytes, err := asn1.Marshal(oid)
	if err != nil {
		return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())
	}
	privKey.Algo = pkix.AlgorithmIdentifier{
		Algorithm: oidPublicKeyECDSA,
		Parameters: asn1.RawValue{
			FullBytes: oidBytes,
		},
	}
	if privKey.PrivateKey, err = marshalECDHPrivateKey(k); err != nil {
		return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())
	}
	return asn1.Marshal(privKey)
}
align format 2022-01-21 11:24:10 +08:00			`package smx509`

			`import (`
			`"crypto/ecdsa"`
			`"crypto/x509"`
			`"crypto/x509/pkix"`
			`"encoding/asn1"`
			`"errors"`

sm2,smx509: add encoding paths for SM2 ecdh keys 2022-11-21 09:31:30 +08:00			`"github.com/emmansun/gmsm/ecdh"`
align format 2022-01-21 11:24:10 +08:00			`"github.com/emmansun/gmsm/sm2"`
support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`"github.com/emmansun/gmsm/sm9"`
			`)`

			`var (`
			`oidSM9 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302}`
			`oidSM9Sign = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 1}`
			`oidSM9Enc = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 3}`
align format 2022-01-21 11:24:10 +08:00			`)`

[X509] sync upstream 2022-02-08 16:30:28 +08:00			`// pkcs8 reflects an ASN.1, PKCS #8 PrivateKey. See`
align format 2022-01-21 11:24:10 +08:00			`// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn`
			`// and RFC 5208.`
			`type pkcs8 struct {`
			`Version int`
			`Algo pkix.AlgorithmIdentifier`
			`PrivateKey []byte`
			`// optional attributes omitted.`
			`}`

[X509] sync upstream 2022-02-08 16:30:28 +08:00			`// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form.`
align format 2022-01-21 11:24:10 +08:00			`//`
sm2,smx509: add encoding paths for SM2 ecdh keys 2022-11-21 09:31:30 +08:00			`// It returns a rsa.PrivateKey, a ecdsa.PrivateKey, a sm2.PrivateKey, a sm9.SignMasterPrivateKey,`
update comments 2022-10-24 16:31:26 +08:00			`// a sm9.SignPrivateKey, a sm9.EncryptMasterPrivateKey, a *sm9.EncryptPrivateKey or a ed25519.PrivateKey.`
align format 2022-01-21 11:24:10 +08:00			`// More types might be supported in the future.`
			`//`
			`// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".`
			`func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {`
			`var privKey pkcs8`
			`if _, err := asn1.Unmarshal(der, &privKey); err != nil {`
			`if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil {`
			`return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")`
			`}`
			`if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {`
			`return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")`
			`}`
			`return nil, err`
			`}`
support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`if privKey.Algo.Algorithm.Equal(oidSM9) \|\| privKey.Algo.Algorithm.Equal(oidSM9Sign) \|\| privKey.Algo.Algorithm.Equal(oidSM9Enc) {`
			`return parseSM9PrivateKey(privKey)`
			`}`
align format 2022-01-21 11:24:10 +08:00			`if !privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA) {`
			`return x509.ParsePKCS8PrivateKey(der)`
			`}`
			`bytes := privKey.Algo.Parameters.FullBytes`
			`namedCurveOID := new(asn1.ObjectIdentifier)`
			`if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil {`
			`namedCurveOID = nil`
			`}`
			`ecKey, err := parseECPrivateKey(namedCurveOID, privKey.PrivateKey)`
			`if err != nil {`
			`return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())`
			`}`
			`if namedCurveOID.Equal(oidNamedCurveP256SM2) {`
			`key, err = new(sm2.PrivateKey).FromECPrivateKey(ecKey)`
			`} else {`
			`key = ecKey`
			`}`
[X509] missing return error 2022-01-28 13:04:34 +08:00			`return key, err`
align format 2022-01-21 11:24:10 +08:00			`}`

support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`func parseSM9PrivateKey(privKey pkcs8) (key interface{}, err error) {`
			`switch {`
			`case privKey.Algo.Algorithm.Equal(oidSM9Sign):`
			`sm9SignKey := new(sm9.SignPrivateKey)`
			`err = sm9SignKey.UnmarshalASN1(privKey.PrivateKey)`
			`if err != nil {`
			`return`
			`}`
			`key = sm9SignKey`
			`return`
			`case privKey.Algo.Algorithm.Equal(oidSM9Enc):`
			`sm9EncKey := new(sm9.EncryptPrivateKey)`
			`err = sm9EncKey.UnmarshalASN1(privKey.PrivateKey)`
			`if err != nil {`
			`return`
			`}`
			`key = sm9EncKey`
			`return`
			`default:`
pkcs8 sm9 master sign/encrypt private key support 2022-10-24 11:00:13 +08:00			`bytes := privKey.Algo.Parameters.FullBytes`
			`detailOID := new(asn1.ObjectIdentifier)`
			`_, err = asn1.Unmarshal(bytes, detailOID)`
			`if err != nil {`
			`return`
			`}`
			`switch {`
			`case oidSM9Sign.Equal(*detailOID):`
			`sm9SignMasterKey := new(sm9.SignMasterPrivateKey)`
			`err = sm9SignMasterKey.UnmarshalASN1(privKey.PrivateKey)`
			`if err != nil {`
			`return`
			`}`
			`key = sm9SignMasterKey`
			`return`
			`case oidSM9Enc.Equal(*detailOID):`
			`sm9EncMasterKey := new(sm9.EncryptMasterPrivateKey)`
			`err = sm9EncMasterKey.UnmarshalASN1(privKey.PrivateKey)`
			`if err != nil {`
			`return`
			`}`
			`key = sm9EncMasterKey`
			`return`
			`}`
support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`return nil, errors.New("not support yet")`
			`}`
			`}`

[X509] sync upstream 2022-02-08 16:30:28 +08:00			`// MarshalPKCS8PrivateKey converts a private key to PKCS #8, ASN.1 DER form.`
align format 2022-01-21 11:24:10 +08:00			`//`
sm2,smx509: add encoding paths for SM2 ecdh keys 2022-11-21 09:31:30 +08:00			`// The following key types are currently supported: rsa.PrivateKey, ecdsa.PrivateKey, a sm2.PrivateKey, a ecdh.PrivateKey`
			`// a sm9.SignMasterPrivateKey, a sm9.SignPrivateKey, a sm9.EncryptMasterPrivateKey, a sm9.EncryptPrivateKey`
align format 2022-01-21 11:24:10 +08:00			`// and ed25519.PrivateKey. Unsupported key types result in an error.`
			`//`
			`// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".`
			`func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {`
			`switch k := key.(type) {`
			`case *sm2.PrivateKey:`
			`return marshalPKCS8ECPrivateKey(&k.PrivateKey)`
sm2,smx509: add encoding paths for SM2 ecdh keys 2022-11-21 09:31:30 +08:00			`case *ecdh.PrivateKey:`
			`return marshalPKCS8ECDHPrivateKey(k)`
support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`case *sm9.SignPrivateKey:`
			`return marshalPKCS8SM9SignPrivateKey(k)`
			`case *sm9.EncryptPrivateKey:`
			`return marshalPKCS8SM9EncPrivateKey(k)`
			`case *sm9.SignMasterPrivateKey:`
pkcs8 sm9 master sign/encrypt private key support 2022-10-24 11:00:13 +08:00			`return marshalPKCS8SM9SignMasterPrivateKey(k)`
support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`case *sm9.EncryptMasterPrivateKey:`
pkcs8 sm9 master sign/encrypt private key support 2022-10-24 11:00:13 +08:00			`return marshalPKCS8SM9EncMasterPrivateKey(k)`
align format 2022-01-21 11:24:10 +08:00			`}`
			`return x509.MarshalPKCS8PrivateKey(key)`
			`}`

support sm9 key format with gmssl 2022-10-22 15:49:01 +08:00			`type sm9PrivateKey struct {`
			`PrivateKey asn1.RawValue`
			`PublicKey asn1.RawValue`
			`}`

			`func marshalPKCS8SM9SignPrivateKey(k *sm9.SignPrivateKey) ([]byte, error) {`
			`var privKey pkcs8`
			`privKey.Algo = pkix.AlgorithmIdentifier{`
			`Algorithm: oidSM9Sign,`
			`Parameters: asn1.NullRawValue,`
			`}`

			`key := sm9PrivateKey{}`
			`privans1, err := k.MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`pubasn1, err := k.MasterPublic().MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`key.PrivateKey.FullBytes = privans1`
			`key.PublicKey.FullBytes = pubasn1`

			`if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {`
			`return nil, errors.New("x509: failed to marshal sm9 sign private key while building PKCS#8: " + err.Error())`
			`}`
			`return asn1.Marshal(privKey)`
			`}`

			`func marshalPKCS8SM9EncPrivateKey(k *sm9.EncryptPrivateKey) ([]byte, error) {`
			`var privKey pkcs8`
			`privKey.Algo = pkix.AlgorithmIdentifier{`
			`Algorithm: oidSM9Enc,`
			`Parameters: asn1.NullRawValue,`
			`}`
			`key := sm9PrivateKey{}`
			`privans1, err := k.MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`pubasn1, err := k.MasterPublic().MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`key.PrivateKey.FullBytes = privans1`
			`key.PublicKey.FullBytes = pubasn1`

			`if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {`
			`return nil, errors.New("x509: failed to marshal sm9 encrypt private key while building PKCS#8: " + err.Error())`
			`}`
			`return asn1.Marshal(privKey)`
			`}`

pkcs8 sm9 master sign/encrypt private key support 2022-10-24 11:00:13 +08:00			`func marshalPKCS8SM9SignMasterPrivateKey(k *sm9.SignMasterPrivateKey) ([]byte, error) {`
			`var privKey pkcs8`
			`oidBytes, err := asn1.Marshal(oidSM9Sign)`
			`if err != nil {`
			`return nil, errors.New("x509: failed to marshal SM9 OID: " + err.Error())`
			`}`

			`privKey.Algo = pkix.AlgorithmIdentifier{`
			`Algorithm: oidSM9,`
			`Parameters: asn1.RawValue{`
			`FullBytes: oidBytes,`
			`},`
			`}`

			`key := sm9PrivateKey{}`
			`privans1, err := k.MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`pubasn1, err := k.Public().MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`key.PrivateKey.FullBytes = privans1`
			`key.PublicKey.FullBytes = pubasn1`

			`if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {`
			`return nil, errors.New("x509: failed to marshal sm9 sign master private key while building PKCS#8: " + err.Error())`
			`}`
			`return asn1.Marshal(privKey)`
			`}`

			`func marshalPKCS8SM9EncMasterPrivateKey(k *sm9.EncryptMasterPrivateKey) ([]byte, error) {`
			`var privKey pkcs8`
			`oidBytes, err := asn1.Marshal(oidSM9Enc)`
			`if err != nil {`
			`return nil, errors.New("x509: failed to marshal SM9 OID: " + err.Error())`
			`}`

			`privKey.Algo = pkix.AlgorithmIdentifier{`
			`Algorithm: oidSM9,`
			`Parameters: asn1.RawValue{`
			`FullBytes: oidBytes,`
			`},`
			`}`

			`key := sm9PrivateKey{}`
			`privans1, err := k.MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`pubasn1, err := k.Public().MarshalASN1()`
			`if err != nil {`
			`return nil, err`
			`}`
			`key.PrivateKey.FullBytes = privans1`
			`key.PublicKey.FullBytes = pubasn1`

			`if privKey.PrivateKey, err = asn1.Marshal(key); err != nil {`
			`return nil, errors.New("x509: failed to marshal sm9 encrypt master private key while building PKCS#8: " + err.Error())`
			`}`
			`return asn1.Marshal(privKey)`
			`}`

align format 2022-01-21 11:24:10 +08:00			`func marshalPKCS8ECPrivateKey(k *ecdsa.PrivateKey) ([]byte, error) {`
			`var privKey pkcs8`
			`oid, ok := oidFromNamedCurve(k.Curve)`
			`if !ok {`
			`return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")`
			`}`

			`oidBytes, err := asn1.Marshal(oid)`
			`if err != nil {`
			`return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())`
			`}`

			`privKey.Algo = pkix.AlgorithmIdentifier{`
			`Algorithm: oidPublicKeyECDSA,`
			`Parameters: asn1.RawValue{`
			`FullBytes: oidBytes,`
			`},`
			`}`

			`if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil {`
			`return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())`
			`}`
			`return asn1.Marshal(privKey)`
			`}`
sm2,smx509: add encoding paths for SM2 ecdh keys 2022-11-21 09:31:30 +08:00
			`func marshalPKCS8ECDHPrivateKey(k *ecdh.PrivateKey) ([]byte, error) {`
			`var privKey pkcs8`
			`oid, ok := oidFromECDHCurve(k.Curve())`
			`if !ok {`
			`return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")`
			`}`
			`oidBytes, err := asn1.Marshal(oid)`
			`if err != nil {`
			`return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())`
			`}`
			`privKey.Algo = pkix.AlgorithmIdentifier{`
			`Algorithm: oidPublicKeyECDSA,`
			`Parameters: asn1.RawValue{`
			`FullBytes: oidBytes,`
			`},`
			`}`
			`if privKey.PrivateKey, err = marshalECDHPrivateKey(k); err != nil {`
			`return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())`
			`}`
			`return asn1.Marshal(privKey)`
			`}`