github.com/insolar/x-crypto@v0.0.0-20191031140942-75fab8a325f6/x509/pkcs8.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import ( 8 "encoding/asn1" 9 "errors" 10 "fmt" 11 "github.com/insolar/x-crypto/ecdsa" 12 "github.com/insolar/x-crypto/rsa" 13 "github.com/insolar/x-crypto/x509/pkix" 14 ) 15 16 // pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See 17 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn 18 // and RFC 5208. 19 type pkcs8 struct { 20 Version int 21 Algo pkix.AlgorithmIdentifier 22 PrivateKey []byte 23 // optional attributes omitted. 24 } 25 26 // ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. 27 // See RFC 5208. 28 func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) { 29 var privKey pkcs8 30 if _, err := asn1.Unmarshal(der, &privKey); err != nil { 31 return nil, err 32 } 33 switch { 34 case privKey.Algo.Algorithm.Equal(oidPublicKeyRSA): 35 key, err = ParsePKCS1PrivateKey(privKey.PrivateKey) 36 if err != nil { 37 return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error()) 38 } 39 return key, nil 40 41 case privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA): 42 bytes := privKey.Algo.Parameters.FullBytes 43 namedCurveOID := new(asn1.ObjectIdentifier) 44 if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil { 45 namedCurveOID = nil 46 } 47 key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey) 48 if err != nil { 49 return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error()) 50 } 51 return key, nil 52 53 default: 54 return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm) 55 } 56 } 57 58 // MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form. 59 // The following key types are supported: *rsa.PrivateKey, *ecdsa.PrivateKey. 60 // Unsupported key types result in an error. 61 // 62 // See RFC 5208. 63 func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) { 64 var privKey pkcs8 65 66 switch k := key.(type) { 67 case *rsa.PrivateKey: 68 privKey.Algo = pkix.AlgorithmIdentifier{ 69 Algorithm: oidPublicKeyRSA, 70 Parameters: asn1.NullRawValue, 71 } 72 privKey.PrivateKey = MarshalPKCS1PrivateKey(k) 73 74 case *ecdsa.PrivateKey: 75 oid, ok := oidFromNamedCurve(k.Curve) 76 if !ok { 77 return nil, errors.New("x509: unknown curve while marshalling to PKCS#8") 78 } 79 80 oidBytes, err := asn1.Marshal(oid) 81 if err != nil { 82 return nil, errors.New("x509: failed to marshal curve OID: " + err.Error()) 83 } 84 85 privKey.Algo = pkix.AlgorithmIdentifier{ 86 Algorithm: oidPublicKeyECDSA, 87 Parameters: asn1.RawValue{ 88 FullBytes: oidBytes, 89 }, 90 } 91 92 if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil { 93 return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error()) 94 } 95 96 default: 97 return nil, fmt.Errorf("x509: unknown key type while marshalling PKCS#8: %T", key) 98 } 99 100 return asn1.Marshal(privKey) 101 }