github.com/zmap/zcrypto@v0.0.0-20240512203510-0fef58d9a9db/x509/pkcs1.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import ( 8 "crypto/rsa" 9 "errors" 10 "math/big" 11 12 "github.com/zmap/zcrypto/encoding/asn1" 13 ) 14 15 // pkcs1PrivateKey is a structure which mirrors the PKCS#1 ASN.1 for an RSA private key. 16 type pkcs1PrivateKey struct { 17 Version int 18 N *big.Int 19 E int 20 D *big.Int 21 P *big.Int 22 Q *big.Int 23 // We ignore these values, if present, because rsa will calculate them. 24 Dp *big.Int `asn1:"optional"` 25 Dq *big.Int `asn1:"optional"` 26 Qinv *big.Int `asn1:"optional"` 27 28 AdditionalPrimes []pkcs1AdditionalRSAPrime `asn1:"optional,omitempty"` 29 } 30 31 type pkcs1AdditionalRSAPrime struct { 32 Prime *big.Int 33 34 // We ignore these values because rsa will calculate them. 35 Exp *big.Int 36 Coeff *big.Int 37 } 38 39 // pkcs1PublicKey reflects the ASN.1 structure of a PKCS#1 public key. 40 type pkcs1PublicKey struct { 41 N *big.Int 42 E int 43 } 44 45 // ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form. 46 func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) { 47 var priv pkcs1PrivateKey 48 rest, err := asn1.Unmarshal(der, &priv) 49 if len(rest) > 0 { 50 return nil, asn1.SyntaxError{Msg: "trailing data"} 51 } 52 if err != nil { 53 return nil, err 54 } 55 56 if priv.Version > 1 { 57 return nil, errors.New("x509: unsupported private key version") 58 } 59 60 if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 || priv.Q.Sign() <= 0 { 61 return nil, errors.New("x509: private key contains zero or negative value") 62 } 63 64 key := new(rsa.PrivateKey) 65 key.PublicKey = rsa.PublicKey{ 66 E: priv.E, 67 N: priv.N, 68 } 69 70 key.D = priv.D 71 key.Primes = make([]*big.Int, 2+len(priv.AdditionalPrimes)) 72 key.Primes[0] = priv.P 73 key.Primes[1] = priv.Q 74 for i, a := range priv.AdditionalPrimes { 75 if a.Prime.Sign() <= 0 { 76 return nil, errors.New("x509: private key contains zero or negative prime") 77 } 78 key.Primes[i+2] = a.Prime 79 // We ignore the other two values because rsa will calculate 80 // them as needed. 81 } 82 83 err = key.Validate() 84 if err != nil { 85 return nil, err 86 } 87 key.Precompute() 88 89 return key, nil 90 } 91 92 // MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form. 93 func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte { 94 key.Precompute() 95 96 version := 0 97 if len(key.Primes) > 2 { 98 version = 1 99 } 100 101 priv := pkcs1PrivateKey{ 102 Version: version, 103 N: key.N, 104 E: key.PublicKey.E, 105 D: key.D, 106 P: key.Primes[0], 107 Q: key.Primes[1], 108 Dp: key.Precomputed.Dp, 109 Dq: key.Precomputed.Dq, 110 Qinv: key.Precomputed.Qinv, 111 } 112 113 priv.AdditionalPrimes = make([]pkcs1AdditionalRSAPrime, len(key.Precomputed.CRTValues)) 114 for i, values := range key.Precomputed.CRTValues { 115 priv.AdditionalPrimes[i].Prime = key.Primes[2+i] 116 priv.AdditionalPrimes[i].Exp = values.Exp 117 priv.AdditionalPrimes[i].Coeff = values.Coeff 118 } 119 120 b, _ := asn1.Marshal(priv) 121 return b 122 }