mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-22 02:06:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
gmsm/smx509/pkcs8.go

98 lines
3.0 KiB
Go
Raw Normal View History

align format
2022-01-21 11:24:10 +08:00
package smx509
import (
"crypto/ecdsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"errors"
"github.com/emmansun/gmsm/sm2"
)
[X509] sync upstream
2022-02-08 16:30:28 +08:00
// pkcs8 reflects an ASN.1, PKCS #8 PrivateKey. See
align format
2022-01-21 11:24:10 +08:00
// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
// and RFC 5208.
type pkcs8 struct {
Version int
Algo pkix.AlgorithmIdentifier
PrivateKey []byte
// optional attributes omitted.
}
[X509] sync upstream
2022-02-08 16:30:28 +08:00
// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form.
align format
2022-01-21 11:24:10 +08:00
//
// It returns a *rsa.PrivateKey, a *ecdsa.PrivateKey, or a ed25519.PrivateKey.
// More types might be supported in the future.
//
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
var privKey pkcs8
if _, err := asn1.Unmarshal(der, &privKey); err != nil {
if _, err := asn1.Unmarshal(der, &ecPrivateKey{}); err == nil {
return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")
}
if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
}
return nil, err
}
if !privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA) {
return x509.ParsePKCS8PrivateKey(der)
}
bytes := privKey.Algo.Parameters.FullBytes
namedCurveOID := new(asn1.ObjectIdentifier)
if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil {
namedCurveOID = nil
}
ecKey, err := parseECPrivateKey(namedCurveOID, privKey.PrivateKey)
if err != nil {
return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
}
if namedCurveOID.Equal(oidNamedCurveP256SM2) {
key, err = new(sm2.PrivateKey).FromECPrivateKey(ecKey)
} else {
key = ecKey
}
[X509] missing return error
2022-01-28 13:04:34 +08:00
return key, err
align format
2022-01-21 11:24:10 +08:00
}
[X509] sync upstream
2022-02-08 16:30:28 +08:00
// MarshalPKCS8PrivateKey converts a private key to PKCS #8, ASN.1 DER form.
align format
2022-01-21 11:24:10 +08:00
//
// The following key types are currently supported: *rsa.PrivateKey, *ecdsa.PrivateKey
// and ed25519.PrivateKey. Unsupported key types result in an error.
//
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
switch k := key.(type) {
case *sm2.PrivateKey:
return marshalPKCS8ECPrivateKey(&k.PrivateKey)
}
return x509.MarshalPKCS8PrivateKey(key)
}
func marshalPKCS8ECPrivateKey(k *ecdsa.PrivateKey) ([]byte, error) {
var privKey pkcs8
oid, ok := oidFromNamedCurve(k.Curve)
if !ok {
return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")
}
oidBytes, err := asn1.Marshal(oid)
if err != nil {
return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())
}
privKey.Algo = pkix.AlgorithmIdentifier{
Algorithm: oidPublicKeyECDSA,
Parameters: asn1.RawValue{
FullBytes: oidBytes,
},
}
if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil {
return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())
}
return asn1.Marshal(privKey)
}
Reference in New Issue Copy Permalink