github.com/flyinox/gosm@v0.0.0-20171117061539-16768cb62077/src/crypto/x509/sec1.go (about) 1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import ( 8 "crypto/ecdsa" 9 "crypto/elliptic" 10 sm "crypto/sm/sm2" 11 "encoding/asn1" 12 "errors" 13 "fmt" 14 "math/big" 15 ) 16 17 const ecPrivKeyVersion = 1 18 19 // ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure. 20 // References: 21 // RFC 5915 22 // SEC1 - http://www.secg.org/sec1-v2.pdf 23 // Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in 24 // most cases it is not. 25 type ecPrivateKey struct { 26 Version int 27 PrivateKey []byte 28 NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"` 29 PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"` 30 } 31 32 // ParseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure. 33 func ParseECPrivateKey(der []byte) (interface{}, error) { 34 return parseECPrivateKey(nil, der) 35 } 36 37 // MarshalECPrivateKey marshals an EC private key into ASN.1, DER format. 38 func MarshalECPrivateKey(key interface{}) ([]byte, error) { 39 var curve elliptic.Curve 40 var x, y *big.Int 41 var privateKeyBytes []byte 42 43 switch key := key.(type) { 44 case *ecdsa.PrivateKey: 45 privateKeyBytes = key.D.Bytes() 46 curve = key.Curve 47 x = key.X 48 y = key.Y 49 case *sm.PrivateKey: 50 privateKeyBytes = key.D.Bytes() 51 curve = key.Curve 52 x = key.X 53 y = key.Y 54 } 55 oid, ok := oidFromNamedCurve(curve) 56 if !ok { 57 return nil, errors.New("x509: unknown elliptic curve") 58 } 59 60 //privateKeyBytes := key.D.Bytes() 61 paddedPrivateKey := make([]byte, (curve.Params().N.BitLen()+7)/8) 62 copy(paddedPrivateKey[len(paddedPrivateKey)-len(privateKeyBytes):], privateKeyBytes) 63 64 return asn1.Marshal(ecPrivateKey{ 65 Version: 1, 66 PrivateKey: paddedPrivateKey, 67 NamedCurveOID: oid, 68 PublicKey: asn1.BitString{Bytes: elliptic.Marshal(curve, x, y)}, 69 }) 70 } 71 72 // parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure. 73 // The OID for the named curve may be provided from another source (such as 74 // the PKCS8 container) - if it is provided then use this instead of the OID 75 // that may exist in the EC private key structure. 76 func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key interface{}, err error) { 77 var privKey ecPrivateKey 78 if _, err := asn1.Unmarshal(der, &privKey); err != nil { 79 return nil, errors.New("x509: failed to parse EC private key: " + err.Error()) 80 } 81 if privKey.Version != ecPrivKeyVersion { 82 return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version) 83 } 84 85 var curve elliptic.Curve 86 if namedCurveOID != nil { 87 curve = namedCurveFromOID(*namedCurveOID) 88 } else { 89 curve = namedCurveFromOID(privKey.NamedCurveOID) 90 } 91 if curve == nil { 92 return nil, errors.New("x509: unknown elliptic curve") 93 } 94 95 k := new(big.Int).SetBytes(privKey.PrivateKey) 96 curveOrder := curve.Params().N 97 if k.Cmp(curveOrder) >= 0 { 98 return nil, errors.New("x509: invalid elliptic curve private key value") 99 } 100 101 switch curve { 102 case elliptic.P256Sm2(): 103 k := new(big.Int).SetBytes(privKey.PrivateKey) 104 curveOrder := curve.Params().N 105 if k.Cmp(curveOrder) >= 0 { 106 return nil, errors.New("x509: invalid elliptic curve private key value") 107 } 108 priv := new(sm.PrivateKey) 109 priv.Curve = curve 110 priv.D = k 111 112 privateKey := make([]byte, (curveOrder.BitLen()+7)/8) 113 114 // Some private keys have leading zero padding. This is invalid 115 // according to [SEC1], but this code will ignore it. 116 for len(privKey.PrivateKey) > len(privateKey) { 117 if privKey.PrivateKey[0] != 0 { 118 return nil, errors.New("x509: invalid private key length") 119 } 120 privKey.PrivateKey = privKey.PrivateKey[1:] 121 } 122 123 // Some private keys remove all leading zeros, this is also invalid 124 // according to [SEC1] but since OpenSSL used to do this, we ignore 125 // this too. 126 copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey) 127 priv.X, priv.Y = curve.ScalarBaseMult(privateKey) 128 129 return priv, nil 130 131 case elliptic.P224(), elliptic.P256(), elliptic.P384(), elliptic.P521(): 132 k := new(big.Int).SetBytes(privKey.PrivateKey) 133 curveOrder := curve.Params().N 134 if k.Cmp(curveOrder) >= 0 { 135 return nil, errors.New("x509: invalid elliptic curve private key value") 136 } 137 priv := new(ecdsa.PrivateKey) 138 priv.Curve = curve 139 priv.D = k 140 141 privateKey := make([]byte, (curveOrder.BitLen()+7)/8) 142 143 // Some private keys have leading zero padding. This is invalid 144 // according to [SEC1], but this code will ignore it. 145 for len(privKey.PrivateKey) > len(privateKey) { 146 if privKey.PrivateKey[0] != 0 { 147 return nil, errors.New("x509: invalid private key length") 148 } 149 privKey.PrivateKey = privKey.PrivateKey[1:] 150 } 151 152 // Some private keys remove all leading zeros, this is also invalid 153 // according to [SEC1] but since OpenSSL used to do this, we ignore 154 // this too. 155 copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey) 156 priv.X, priv.Y = curve.ScalarBaseMult(privateKey) 157 158 return priv, nil 159 default: 160 return nil, errors.New("x509: invalid private key curve param") 161 } 162 }