github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/ct/x509/pkcs1.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import ( 8 "crypto/rsa" 9 // START CT CHANGES 10 "github.com/zmap/zcrypto/ct/asn1" 11 // END CT CHANGES 12 "errors" 13 "math/big" 14 ) 15 16 // pkcs1PrivateKey is a structure which mirrors the PKCS#1 ASN.1 for an RSA private key. 17 type pkcs1PrivateKey struct { 18 Version int 19 N *big.Int 20 E int 21 D *big.Int 22 P *big.Int 23 Q *big.Int 24 // We ignore these values, if present, because rsa will calculate them. 25 Dp *big.Int `asn1:"optional"` 26 Dq *big.Int `asn1:"optional"` 27 Qinv *big.Int `asn1:"optional"` 28 29 AdditionalPrimes []pkcs1AdditionalRSAPrime `asn1:"optional,omitempty"` 30 } 31 32 type pkcs1AdditionalRSAPrime struct { 33 Prime *big.Int 34 35 // We ignore these values because rsa will calculate them. 36 Exp *big.Int 37 Coeff *big.Int 38 } 39 40 // ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form. 41 func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error) { 42 var priv pkcs1PrivateKey 43 rest, err := asn1.Unmarshal(der, &priv) 44 if len(rest) > 0 { 45 err = asn1.SyntaxError{Msg: "trailing data"} 46 return 47 } 48 if err != nil { 49 return 50 } 51 52 if priv.Version > 1 { 53 return nil, errors.New("x509: unsupported private key version") 54 } 55 56 if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 || priv.Q.Sign() <= 0 { 57 return nil, errors.New("x509: private key contains zero or negative value") 58 } 59 60 key = new(rsa.PrivateKey) 61 key.PublicKey = rsa.PublicKey{ 62 E: priv.E, 63 N: priv.N, 64 } 65 66 key.D = priv.D 67 key.Primes = make([]*big.Int, 2+len(priv.AdditionalPrimes)) 68 key.Primes[0] = priv.P 69 key.Primes[1] = priv.Q 70 for i, a := range priv.AdditionalPrimes { 71 if a.Prime.Sign() <= 0 { 72 return nil, errors.New("x509: private key contains zero or negative prime") 73 } 74 key.Primes[i+2] = a.Prime 75 // We ignore the other two values because rsa will calculate 76 // them as needed. 77 } 78 79 err = key.Validate() 80 if err != nil { 81 return nil, err 82 } 83 key.Precompute() 84 85 return 86 } 87 88 // MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form. 89 func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte { 90 key.Precompute() 91 92 version := 0 93 if len(key.Primes) > 2 { 94 version = 1 95 } 96 97 priv := pkcs1PrivateKey{ 98 Version: version, 99 N: key.N, 100 E: key.PublicKey.E, 101 D: key.D, 102 P: key.Primes[0], 103 Q: key.Primes[1], 104 Dp: key.Precomputed.Dp, 105 Dq: key.Precomputed.Dq, 106 Qinv: key.Precomputed.Qinv, 107 } 108 109 priv.AdditionalPrimes = make([]pkcs1AdditionalRSAPrime, len(key.Precomputed.CRTValues)) 110 for i, values := range key.Precomputed.CRTValues { 111 priv.AdditionalPrimes[i].Prime = key.Primes[2+i] 112 priv.AdditionalPrimes[i].Exp = values.Exp 113 priv.AdditionalPrimes[i].Coeff = values.Coeff 114 } 115 116 b, _ := asn1.Marshal(priv) 117 return b 118 } 119 120 // rsaPublicKey reflects the ASN.1 structure of a PKCS#1 public key. 121 type rsaPublicKey struct { 122 N *big.Int 123 E int 124 }