github.com/letsencrypt/trillian@v1.1.2-0.20180615153820-ae375a99d36a/crypto/keys/der/der.go (about) 1 // Copyright 2017 Google Inc. All Rights Reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package der 16 17 import ( 18 "crypto" 19 "crypto/ecdsa" 20 "crypto/rsa" 21 "crypto/x509" 22 "fmt" 23 24 "github.com/google/trillian/crypto/keys" 25 "github.com/google/trillian/crypto/keyspb" 26 ) 27 28 // FromProto takes a PrivateKey protobuf message and returns the private key contained within. 29 func FromProto(pb *keyspb.PrivateKey) (crypto.Signer, error) { 30 return UnmarshalPrivateKey(pb.GetDer()) 31 } 32 33 // NewProtoFromSpec creates a new private key based on a key specification. 34 // It returns a PrivateKey protobuf message that contains the private key. 35 func NewProtoFromSpec(spec *keyspb.Specification) (*keyspb.PrivateKey, error) { 36 key, err := keys.NewFromSpec(spec) 37 if err != nil { 38 return nil, fmt.Errorf("der: error generating key: %v", err) 39 } 40 41 der, err := MarshalPrivateKey(key) 42 if err != nil { 43 return nil, fmt.Errorf("der: error marshaling private key: %v", err) 44 } 45 46 return &keyspb.PrivateKey{Der: der}, nil 47 } 48 49 // FromPublicProto takes a PublicKey protobuf message and returns the public 50 // key contained within. 51 func FromPublicProto(pb *keyspb.PublicKey) (crypto.PublicKey, error) { 52 return UnmarshalPublicKey(pb.GetDer()) 53 } 54 55 // ToPublicProto returns a keyspb.PublicKey that contains pubKey in DER encoding. 56 func ToPublicProto(pubKey crypto.PublicKey) (*keyspb.PublicKey, error) { 57 keyDER, err := MarshalPublicKey(pubKey) 58 if err != nil { 59 return nil, err 60 } 61 return &keyspb.PublicKey{Der: keyDER}, nil 62 } 63 64 // UnmarshalPrivateKey reads a DER-encoded private key. 65 func UnmarshalPrivateKey(keyDER []byte) (crypto.Signer, error) { 66 key1, err1 := x509.ParseECPrivateKey(keyDER) 67 if err1 == nil { 68 return key1, nil 69 } 70 71 key2, err2 := x509.ParsePKCS8PrivateKey(keyDER) 72 if err2 == nil { 73 switch key2 := key2.(type) { 74 case *ecdsa.PrivateKey: 75 return key2, nil 76 case *rsa.PrivateKey: 77 return key2, nil 78 } 79 return nil, fmt.Errorf("der: unsupported private key type: %T", key2) 80 } 81 82 key3, err3 := x509.ParsePKCS1PrivateKey(keyDER) 83 if err3 == nil { 84 return key3, nil 85 } 86 87 return nil, fmt.Errorf("der: could not parse private key as SEC1 (%v), PKCS8 (%v) or PKCS1 (%v)", err1, err2, err3) 88 } 89 90 // UnmarshalPublicKey reads a DER-encoded public key. 91 func UnmarshalPublicKey(keyDER []byte) (crypto.PublicKey, error) { 92 key, err := x509.ParsePKIXPublicKey(keyDER) 93 if err != nil { 94 return nil, fmt.Errorf("der: could not parse public key as PKIX (%v)", err) 95 } 96 97 return key, nil 98 } 99 100 // MarshalPublicKey serializes an RSA or ECDSA public key as DER. 101 func MarshalPublicKey(pubKey crypto.PublicKey) ([]byte, error) { 102 der, err := x509.MarshalPKIXPublicKey(pubKey) 103 if err != nil { 104 return nil, fmt.Errorf("der: could not marshal public key as PKIX (%v)", err) 105 } 106 107 return der, nil 108 } 109 110 // MarshalPrivateKey serializes an RSA or ECDSA private key as DER. 111 func MarshalPrivateKey(key crypto.Signer) ([]byte, error) { 112 switch key := key.(type) { 113 case *ecdsa.PrivateKey: 114 return x509.MarshalECPrivateKey(key) 115 case *rsa.PrivateKey: 116 return x509.MarshalPKCS1PrivateKey(key), nil 117 } 118 119 return nil, fmt.Errorf("der: unsupported key type: %T", key) 120 }