mirror of
https://github.com/emmansun/gmsm.git
synced 2025-04-22 02:06:18 +08:00
136 lines
4.5 KiB
Go
136 lines
4.5 KiB
Go
package smx509
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"encoding/asn1"
|
|
"errors"
|
|
"fmt"
|
|
"math/big"
|
|
|
|
"github.com/emmansun/gmsm/sm2"
|
|
)
|
|
|
|
const ecPrivKeyVersion = 1
|
|
|
|
// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
|
|
// References:
|
|
// RFC 5915
|
|
// SEC1 - http://www.secg.org/sec1-v2.pdf
|
|
// Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
|
|
// most cases it is not.
|
|
type ecPrivateKey struct {
|
|
Version int
|
|
PrivateKey []byte
|
|
NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
|
|
PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"`
|
|
}
|
|
|
|
// ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.
|
|
//
|
|
// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
|
|
func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
|
|
return parseECPrivateKey(nil, der)
|
|
}
|
|
|
|
// ParseSM2PrivateKey parses an SM2 private key
|
|
func ParseSM2PrivateKey(der []byte) (*sm2.PrivateKey, error) {
|
|
key, err := parseECPrivateKey(nil, der)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return new(sm2.PrivateKey).FromECPrivateKey(key)
|
|
}
|
|
|
|
// MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.
|
|
//
|
|
// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
|
|
// For a more flexible key format which is not EC specific, use
|
|
// MarshalPKCS8PrivateKey.
|
|
func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
|
|
oid, ok := oidFromNamedCurve(key.Curve)
|
|
if !ok {
|
|
return nil, errors.New("x509: unknown elliptic curve")
|
|
}
|
|
|
|
return marshalECPrivateKeyWithOID(key, oid)
|
|
}
|
|
|
|
// MarshalSM2PrivateKey convient method to marshal sm2 private key directly
|
|
func MarshalSM2PrivateKey(key *sm2.PrivateKey) ([]byte, error) {
|
|
return MarshalECPrivateKey(&key.PrivateKey)
|
|
}
|
|
|
|
// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and
|
|
// sets the curve ID to the given OID, or omits it if OID is nil.
|
|
func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {
|
|
if !key.Curve.IsOnCurve(key.X, key.Y) {
|
|
return nil, errors.New("invalid elliptic key public key")
|
|
}
|
|
privateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
|
|
return asn1.Marshal(ecPrivateKey{
|
|
Version: 1,
|
|
PrivateKey: key.D.FillBytes(privateKey),
|
|
NamedCurveOID: oid,
|
|
PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
|
|
})
|
|
}
|
|
|
|
// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
|
|
// The OID for the named curve may be provided from another source (such as
|
|
// the PKCS8 container) - if it is provided then use this instead of the OID
|
|
// that may exist in the EC private key structure.
|
|
func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
|
|
var privKey ecPrivateKey
|
|
if _, err := asn1.Unmarshal(der, &privKey); err != nil {
|
|
if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
|
|
return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
|
|
}
|
|
if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
|
|
return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
|
|
}
|
|
return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
|
|
}
|
|
if privKey.Version != ecPrivKeyVersion {
|
|
return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
|
|
}
|
|
|
|
var curve elliptic.Curve
|
|
if namedCurveOID != nil {
|
|
curve = namedCurveFromOID(*namedCurveOID)
|
|
} else {
|
|
curve = namedCurveFromOID(privKey.NamedCurveOID)
|
|
}
|
|
if curve == nil {
|
|
return nil, errors.New("x509: unknown elliptic curve")
|
|
}
|
|
|
|
k := new(big.Int).SetBytes(privKey.PrivateKey)
|
|
curveOrder := curve.Params().N
|
|
if k.Cmp(curveOrder) >= 0 {
|
|
return nil, errors.New("x509: invalid elliptic curve private key value")
|
|
}
|
|
priv := new(ecdsa.PrivateKey)
|
|
priv.Curve = curve
|
|
priv.D = k
|
|
|
|
privateKey := make([]byte, (curveOrder.BitLen()+7)/8)
|
|
|
|
// Some private keys have leading zero padding. This is invalid
|
|
// according to [SEC1], but this code will ignore it.
|
|
for len(privKey.PrivateKey) > len(privateKey) {
|
|
if privKey.PrivateKey[0] != 0 {
|
|
return nil, errors.New("x509: invalid private key length")
|
|
}
|
|
privKey.PrivateKey = privKey.PrivateKey[1:]
|
|
}
|
|
|
|
// Some private keys remove all leading zeros, this is also invalid
|
|
// according to [SEC1] but since OpenSSL used to do this, we ignore
|
|
// this too.
|
|
copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
|
|
priv.X, priv.Y = curve.ScalarBaseMult(privateKey)
|
|
|
|
return priv, nil
|
|
}
|