1 package pkcs7
2
3 import (
4 "crypto"
5 "crypto/dsa"
6 "crypto/ecdsa"
7 "crypto/ed25519"
8 "crypto/elliptic"
9 "crypto/rand"
10 "crypto/rsa"
11 "crypto/x509"
12 "crypto/x509/pkix"
13 "encoding/pem"
14 "fmt"
15 "math/big"
16 "time"
17 )
18
19 var test1024Key, test2048Key, test3072Key, test4096Key *rsa.PrivateKey
20
21 func init() {
22 test1024Key = &rsa.PrivateKey{
23 PublicKey: rsa.PublicKey{
24 N: fromBase10("123024078101403810516614073341068864574068590522569345017786163424062310013967742924377390210586226651760719671658568413826602264886073432535341149584680111145880576802262550990305759285883150470245429547886689754596541046564560506544976611114898883158121012232676781340602508151730773214407220733898059285561"),
25 E: 65537,
26 },
27 D: fromBase10("118892427340746627750435157989073921703209000249285930635312944544706203626114423392257295670807166199489096863209592887347935991101581502404113203993092422730000157893515953622392722273095289787303943046491132467130346663160540744582438810535626328230098940583296878135092036661410664695896115177534496784545"),
28 Primes: []*big.Int{
29 fromBase10("12172745919282672373981903347443034348576729562395784527365032103134165674508405592530417723266847908118361582847315228810176708212888860333051929276459099"),
30 fromBase10("10106518193772789699356660087736308350857919389391620140340519320928952625438936098550728858345355053201610649202713962702543058578827268756755006576249339"),
31 },
32 }
33 test1024Key.Precompute()
34 test2048Key = &rsa.PrivateKey{
35 PublicKey: rsa.PublicKey{
36 N: fromBase10("14314132931241006650998084889274020608918049032671858325988396851334124245188214251956198731333464217832226406088020736932173064754214329009979944037640912127943488972644697423190955557435910767690712778463524983667852819010259499695177313115447116110358524558307947613422897787329221478860907963827160223559690523660574329011927531289655711860504630573766609239332569210831325633840174683944553667352219670930408593321661375473885147973879086994006440025257225431977751512374815915392249179976902953721486040787792801849818254465486633791826766873076617116727073077821584676715609985777563958286637185868165868520557"),
37 E: 3,
38 },
39 D: fromBase10("9542755287494004433998723259516013739278699355114572217325597900889416163458809501304132487555642811888150937392013824621448709836142886006653296025093941418628992648429798282127303704957273845127141852309016655778568546006839666463451542076964744073572349705538631742281931858219480985907271975884773482372966847639853897890615456605598071088189838676728836833012254065983259638538107719766738032720239892094196108713378822882383694456030043492571063441943847195939549773271694647657549658603365629458610273821292232646334717612674519997533901052790334279661754176490593041941863932308687197618671528035670452762731"),
40 Primes: []*big.Int{
41 fromBase10("130903255182996722426771613606077755295583329135067340152947172868415809027537376306193179624298874215608270802054347609836776473930072411958753044562214537013874103802006369634761074377213995983876788718033850153719421695468704276694983032644416930879093914927146648402139231293035971427838068945045019075433"),
42 fromBase10("109348945610485453577574767652527472924289229538286649661240938988020367005475727988253438647560958573506159449538793540472829815903949343191091817779240101054552748665267574271163617694640513549693841337820602726596756351006149518830932261246698766355347898158548465400674856021497190430791824869615170301029"),
43 },
44 }
45 test2048Key.Precompute()
46 test3072Key = &rsa.PrivateKey{
47 PublicKey: rsa.PublicKey{
48 N: fromBase10("4799422180968749215324244710281712119910779465109490663934897082847293004098645365195947978124390029272750644394844443980065532911010718425428791498896288210928474905407341584968381379157418577471272697781778686372450913810019702928839200328075568223462554606149618941566459398862673532997592879359280754226882565483298027678735544377401276021471356093819491755877827249763065753555051973844057308627201762456191918852016986546071426986328720794061622370410645440235373576002278045257207695462423797272017386006110722769072206022723167102083033531426777518054025826800254337147514768377949097720074878744769255210076910190151785807232805749219196645305822228090875616900385866236956058984170647782567907618713309775105943700661530312800231153745705977436176908325539234432407050398510090070342851489496464612052853185583222422124535243967989533830816012180864309784486694786581956050902756173889941244024888811572094961378021"),
49 E: 65537,
50 },
51 D: fromBase10("4068124900056380177006532461065648259352178312499768312132802353620854992915205894105621345694615110794369150964768050224096623567443679436821868510233726084582567244003894477723706516831312989564775159596496449435830457803384416702014837685962523313266832032687145914871879794104404800823188153886925022171560391765913739346955738372354826804228989767120353182641396181570533678315099748218734875742705419933837638038793286534641711407564379950728858267828581787483317040753987167237461567332386718574803231955771633274184646232632371006762852623964054645811527580417392163873708539175349637050049959954373319861427407953413018816604365474462455009323937599275324390953644555294418021286807661559165324810415569396577697316798600308544755741549699523972971375304826663847015905713096287495342701286542193782001358775773848824496321550110946106870685499577993864871847542645561943034990484973293461948058147956373115641615329"),
52 Primes: []*big.Int{
53 fromBase10("2378529069722721185825622840841310902793949682948530343491428052737890236476884657507685118578733560141370511507721598189068683665232991988491561624429938984370132428230072355214627085652359350722926394699707232921674771664421591347888367477300909202851476404132163673865768760147403525700174918450753162242834161458300343282159799476695001920226357456953682236859505243928716782707623075239350380352265954107362618991716602898266999700316937680986690964564264877"),
54 fromBase10("2017811025336026464312837780072272578817919741496395062543647660689775637351085991504709917848745137013798005682591633910555599626950744674459976829106750083386168859581016361317479081273480343110649405858059581933773354781034946787147300862495438979895430001323443224335618577322449133208754541656374335100929456885995320929464029817626916719434010943205170760536768893924932021302887114400922813817969176636993508191950649313115712159241971065134077636674146073"),
55 },
56 }
57 test3072Key.Precompute()
58 test4096Key = &rsa.PrivateKey{
59 PublicKey: rsa.PublicKey{
60 N: fromBase10("633335480064287130853997429184971616419051348693342219741748040433588285601270210251206421401040394238592139790962887290698043839174341843721930134010306454716566698330215646704263665452264344664385995704186692432827662862845900348526672531755932642433662686500295989783595767573119607065791980381547677840410600100715146047382485989885183858757974681241303484641390718944520330953604501686666386926996348457928415093305041429178744778762826377713889019740060910363468343855830206640274442887621960581569183233822878661711798998132931623726434336448716605363514220760343097572198620479297583609779817750646169845195672483600293522186340560792255595411601450766002877850696008003794520089358819042318331840490155176019070646738739580486357084733208876620846449161909966690602374519398451042362690200166144326179405976024265116931974936425064291406950542193873313447617169603706868220189295654943247311295475722243471700112334609817776430552541319671117235957754556272646031356496763094955985615723596562217985372503002989591679252640940571608314743271809251568670314461039035793703429977801961867815257832671786542212589906513979094156334941265621017752516999186481477500481433634914622735206243841674973785078408289183000133399026553"),
61 E: 65537,
62 },
63 D: fromBase10("439373650557744155078930178606343279553665694488479749802070836418412881168612407941793966086633543867614175621952769177088930851151267623886678906158545451731745754402575409204816390946376103491325109185445659065122640946673660760274557781540431107937331701243915001777636528502669576801704352961341634812275635811512806966908648671988644114352046582195051714797831307925775689566757438907578527366568747104508496278929566712224252103563340770696548181508180254674236716995730292431858611476396845443056967589437890065663497768422598977743046882539288481002449571403783500529740184608873520856954837631427724158592309018382711485601884461168736465751756282510065053161144027097169985941910909130083273691945578478173708396726266170473745329617793866669307716920992380350270584929908460462802627239204245339385636926433446418108504614031393494119344916828744888432279343816084433424594432427362258172264834429525166677273382617457205387388293888430391895615438030066428745187333897518037597413369705720436392869403948934993623418405908467147848576977008003556716087129242155836114780890054057743164411952731290520995017097151300091841286806603044227906213832083363876549637037625314539090155417589796428888619937329669464810549362433"),
64 Primes: []*big.Int{
65 fromBase10("25745433817240673759910623230144796182285844101796353869339294232644316274580053211056707671663014355388701931204078502829809738396303142990312095225333440050808647355535878394534263839500592870406002873182360027755750148248672968563366185348499498613479490545488025779331426515670185366021612402246813511722553210128074701620113404560399242413747318161403908617342170447610792422053460359960010544593668037305465806912471260799852789913123044326555978680190904164976511331681163576833618899773550873682147782263100803907156362439021929408298804955194748640633152519828940133338948391986823456836070708197320166146761"),
66 fromBase10("24599914864909676687852658457515103765368967514652318497893275892114442089314173678877914038802355565271545910572804267918959612739009937926962653912943833939518967731764560204997062096919833970670512726396663920955497151415639902788974842698619579886297871162402643104696160155894685518587660015182381685605752989716946154299190561137541792784125356553411300817844325739404126956793095254412123887617931225840421856505925283322918693259047428656823141903489964287619982295891439430302405252447010728112098326033634688757933930065610737780413018498561434074501822951716586796047404555397992425143397497639322075233073"),
67 },
68 }
69 test4096Key.Precompute()
70 }
71
72 func fromBase10(base10 string) *big.Int {
73 i, ok := new(big.Int).SetString(base10, 10)
74 if !ok {
75 panic("bad number: " + base10)
76 }
77 return i
78 }
79
80 type certKeyPair struct {
81 Certificate *x509.Certificate
82 PrivateKey *crypto.PrivateKey
83 }
84
85 func createTestCertificate(sigAlg x509.SignatureAlgorithm) (certKeyPair, error) {
86 signer, err := createTestCertificateByIssuer("Eddard Stark", nil, sigAlg, true)
87 if err != nil {
88 return certKeyPair{}, err
89 }
90 pair, err := createTestCertificateByIssuer("Jon Snow", signer, sigAlg, false)
91 if err != nil {
92 return certKeyPair{}, err
93 }
94 return *pair, nil
95 }
96
97 func createTestCertificateByIssuer(name string, issuer *certKeyPair, sigAlg x509.SignatureAlgorithm, isCA bool) (*certKeyPair, error) {
98 var (
99 err error
100 priv crypto.PrivateKey
101 derCert []byte
102 issuerCert *x509.Certificate
103 issuerKey crypto.PrivateKey
104 )
105 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 32)
106 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
107 if err != nil {
108 return nil, err
109 }
110
111 template := x509.Certificate{
112 SerialNumber: serialNumber,
113 Subject: pkix.Name{
114 CommonName: name,
115 Organization: []string{"Acme Co"},
116 },
117 NotBefore: time.Now().Add(-1 * time.Second),
118 NotAfter: time.Now().AddDate(1, 0, 0),
119 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
120 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection},
121 }
122 if issuer != nil {
123 issuerCert = issuer.Certificate
124 issuerKey = *issuer.PrivateKey
125 }
126 switch sigAlg {
127 case x509.SHA1WithRSA:
128 priv = test1024Key
129 switch issuerKey.(type) {
130 case *rsa.PrivateKey:
131 template.SignatureAlgorithm = x509.SHA1WithRSA
132 case *ecdsa.PrivateKey:
133 template.SignatureAlgorithm = x509.ECDSAWithSHA1
134 case ed25519.PrivateKey:
135 template.SignatureAlgorithm = x509.PureEd25519
136 case *dsa.PrivateKey:
137 template.SignatureAlgorithm = x509.DSAWithSHA1
138 }
139 case x509.SHA256WithRSA:
140 priv = test2048Key
141 switch issuerKey.(type) {
142 case *rsa.PrivateKey:
143 template.SignatureAlgorithm = x509.SHA256WithRSA
144 case *ecdsa.PrivateKey:
145 template.SignatureAlgorithm = x509.ECDSAWithSHA256
146 case ed25519.PrivateKey:
147 template.SignatureAlgorithm = x509.PureEd25519
148 case *dsa.PrivateKey:
149 template.SignatureAlgorithm = x509.DSAWithSHA256
150 }
151 case x509.SHA384WithRSA:
152 priv = test3072Key
153 switch issuerKey.(type) {
154 case *rsa.PrivateKey:
155 template.SignatureAlgorithm = x509.SHA384WithRSA
156 case *ecdsa.PrivateKey:
157 template.SignatureAlgorithm = x509.ECDSAWithSHA384
158 case ed25519.PrivateKey:
159 template.SignatureAlgorithm = x509.PureEd25519
160 case *dsa.PrivateKey:
161 template.SignatureAlgorithm = x509.DSAWithSHA256
162 }
163 case x509.SHA512WithRSA:
164 priv = test4096Key
165 switch issuerKey.(type) {
166 case *rsa.PrivateKey:
167 template.SignatureAlgorithm = x509.SHA512WithRSA
168 case *ecdsa.PrivateKey:
169 template.SignatureAlgorithm = x509.ECDSAWithSHA512
170 case ed25519.PrivateKey:
171 template.SignatureAlgorithm = x509.PureEd25519
172 case *dsa.PrivateKey:
173 template.SignatureAlgorithm = x509.DSAWithSHA256
174 }
175 case x509.ECDSAWithSHA1:
176 priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
177 if err != nil {
178 return nil, err
179 }
180 switch issuerKey.(type) {
181 case *rsa.PrivateKey:
182 template.SignatureAlgorithm = x509.SHA1WithRSA
183 case *ecdsa.PrivateKey:
184 template.SignatureAlgorithm = x509.ECDSAWithSHA1
185 case ed25519.PrivateKey:
186 template.SignatureAlgorithm = x509.PureEd25519
187 case *dsa.PrivateKey:
188 template.SignatureAlgorithm = x509.DSAWithSHA1
189 }
190 case x509.ECDSAWithSHA256:
191 priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
192 if err != nil {
193 return nil, err
194 }
195 switch issuerKey.(type) {
196 case *rsa.PrivateKey:
197 template.SignatureAlgorithm = x509.SHA256WithRSA
198 case *ecdsa.PrivateKey:
199 template.SignatureAlgorithm = x509.ECDSAWithSHA256
200 case ed25519.PrivateKey:
201 template.SignatureAlgorithm = x509.PureEd25519
202 case *dsa.PrivateKey:
203 template.SignatureAlgorithm = x509.DSAWithSHA256
204 }
205 case x509.ECDSAWithSHA384:
206 priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
207 if err != nil {
208 return nil, err
209 }
210 switch issuerKey.(type) {
211 case *rsa.PrivateKey:
212 template.SignatureAlgorithm = x509.SHA384WithRSA
213 case *ecdsa.PrivateKey:
214 template.SignatureAlgorithm = x509.ECDSAWithSHA384
215 case ed25519.PrivateKey:
216 template.SignatureAlgorithm = x509.PureEd25519
217 case *dsa.PrivateKey:
218 template.SignatureAlgorithm = x509.DSAWithSHA256
219 }
220 case x509.ECDSAWithSHA512:
221 priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
222 if err != nil {
223 return nil, err
224 }
225 switch issuerKey.(type) {
226 case *rsa.PrivateKey:
227 template.SignatureAlgorithm = x509.SHA512WithRSA
228 case *ecdsa.PrivateKey:
229 template.SignatureAlgorithm = x509.ECDSAWithSHA512
230 case ed25519.PrivateKey:
231 template.SignatureAlgorithm = x509.PureEd25519
232 case *dsa.PrivateKey:
233 template.SignatureAlgorithm = x509.DSAWithSHA256
234 }
235 case x509.DSAWithSHA1:
236 var dsaPriv dsa.PrivateKey
237 params := &dsaPriv.Parameters
238 err = dsa.GenerateParameters(params, rand.Reader, dsa.L1024N160)
239 if err != nil {
240 return nil, err
241 }
242 err = dsa.GenerateKey(&dsaPriv, rand.Reader)
243 if err != nil {
244 return nil, err
245 }
246 switch issuerKey.(type) {
247 case *rsa.PrivateKey:
248 template.SignatureAlgorithm = x509.SHA1WithRSA
249 case *ecdsa.PrivateKey:
250 template.SignatureAlgorithm = x509.ECDSAWithSHA1
251 case ed25519.PrivateKey:
252 template.SignatureAlgorithm = x509.PureEd25519
253 case *dsa.PrivateKey:
254 template.SignatureAlgorithm = x509.DSAWithSHA1
255 }
256 priv = &dsaPriv
257 case x509.PureEd25519:
258 _, priv, err = ed25519.GenerateKey(rand.Reader)
259 if err != nil {
260 return nil, err
261 }
262 switch issuerKey.(type) {
263 case *rsa.PrivateKey:
264 template.SignatureAlgorithm = x509.SHA256WithRSA
265 case *ecdsa.PrivateKey:
266 template.SignatureAlgorithm = x509.ECDSAWithSHA256
267 case ed25519.PrivateKey:
268 template.SignatureAlgorithm = x509.PureEd25519
269 case *dsa.PrivateKey:
270 template.SignatureAlgorithm = x509.DSAWithSHA256
271 }
272 }
273 if isCA {
274 template.IsCA = true
275 template.KeyUsage |= x509.KeyUsageCertSign
276 template.BasicConstraintsValid = true
277 }
278 if issuer == nil {
279
280 issuerCert = &template
281 issuerKey = priv
282 }
283
284 switch priv.(type) {
285 case *rsa.PrivateKey:
286 switch issuerKey := issuerKey.(type) {
287 case *rsa.PrivateKey:
288 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*rsa.PrivateKey).Public(), issuerKey)
289 case *ecdsa.PrivateKey:
290 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*rsa.PrivateKey).Public(), issuerKey)
291 case ed25519.PrivateKey:
292 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*rsa.PrivateKey).Public(), issuerKey)
293 case *dsa.PrivateKey:
294 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*rsa.PrivateKey).Public(), issuerKey)
295 }
296 case *ecdsa.PrivateKey:
297 switch issuerKey := issuerKey.(type) {
298 case *rsa.PrivateKey:
299 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*ecdsa.PrivateKey).Public(), issuerKey)
300 case *ecdsa.PrivateKey:
301 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*ecdsa.PrivateKey).Public(), issuerKey)
302 case ed25519.PrivateKey:
303 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*ecdsa.PrivateKey).Public(), issuerKey)
304 case *dsa.PrivateKey:
305 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*ecdsa.PrivateKey).Public(), issuerKey)
306 }
307 case ed25519.PrivateKey:
308 switch issuerKey := issuerKey.(type) {
309 case *rsa.PrivateKey:
310 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(ed25519.PrivateKey).Public(), issuerKey)
311 case *ecdsa.PrivateKey:
312 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(ed25519.PrivateKey).Public(), issuerKey)
313 case ed25519.PrivateKey:
314 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(ed25519.PrivateKey).Public(), issuerKey)
315 case *dsa.PrivateKey:
316 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(ed25519.PrivateKey).Public(), issuerKey)
317 }
318 case *dsa.PrivateKey:
319 pub := &priv.(*dsa.PrivateKey).PublicKey
320 switch issuerKey := issuerKey.(type) {
321 case *rsa.PrivateKey:
322 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, pub, issuerKey)
323 case *ecdsa.PrivateKey:
324 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*dsa.PublicKey), issuerKey)
325 case ed25519.PrivateKey:
326 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(dsa.PublicKey), issuerKey)
327 case *dsa.PrivateKey:
328 derCert, err = x509.CreateCertificate(rand.Reader, &template, issuerCert, priv.(*dsa.PublicKey), issuerKey)
329 }
330 }
331 if err != nil {
332 return nil, err
333 }
334 if len(derCert) == 0 {
335 return nil, fmt.Errorf("no certificate created, probably due to wrong keys. types were %T and %T", priv, issuerKey)
336 }
337 cert, err := x509.ParseCertificate(derCert)
338 if err != nil {
339 return nil, err
340 }
341 return &certKeyPair{
342 Certificate: cert,
343 PrivateKey: &priv,
344 }, nil
345 }
346
347 type TestFixture struct {
348 Input []byte
349 Certificate *x509.Certificate
350 PrivateKey *rsa.PrivateKey
351 }
352
353 func UnmarshalTestFixture(testPEMBlock string) TestFixture {
354 var result TestFixture
355 var derBlock *pem.Block
356 var pemBlock = []byte(testPEMBlock)
357 for {
358 derBlock, pemBlock = pem.Decode(pemBlock)
359 if derBlock == nil {
360 break
361 }
362 switch derBlock.Type {
363 case "PKCS7":
364 result.Input = derBlock.Bytes
365 case "CERTIFICATE":
366 result.Certificate, _ = x509.ParseCertificate(derBlock.Bytes)
367 case "PRIVATE KEY":
368 result.PrivateKey, _ = x509.ParsePKCS1PrivateKey(derBlock.Bytes)
369 }
370 }
371
372 return result
373 }
374
View as plain text