...

Source file src/github.com/google/certificate-transparency-go/x509/sec1.go

Documentation: github.com/google/certificate-transparency-go/x509 

     1  // Copyright 2012 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package x509
     6  
     7  import (
     8  	"crypto/ecdsa"
     9  	"crypto/elliptic"
    10  	"errors"
    11  	"fmt"
    12  	"math/big"
    13  
    14  	"github.com/google/certificate-transparency-go/asn1"
    15  )
    16  
    17  const ecPrivKeyVersion = 1
    18  
    19  // ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
    20  // References:
    21  //
    22  //	RFC 5915
    23  //	SEC1 - http://www.secg.org/sec1-v2.pdf
    24  //
    25  // Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
    26  // most cases it is not.
    27  type ecPrivateKey struct {
    28  	Version       int
    29  	PrivateKey    []byte
    30  	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
    31  	PublicKey     asn1.BitString        `asn1:"optional,explicit,tag:1"`
    32  }
    33  
    34  // ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.
    35  //
    36  // This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
    37  func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
    38  	return parseECPrivateKey(nil, der)
    39  }
    40  
    41  // MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.
    42  //
    43  // This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
    44  // For a more flexible key format which is not EC specific, use
    45  // MarshalPKCS8PrivateKey.
    46  func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
    47  	oid, ok := OIDFromNamedCurve(key.Curve)
    48  	if !ok {
    49  		return nil, errors.New("x509: unknown elliptic curve")
    50  	}
    51  
    52  	return marshalECPrivateKeyWithOID(key, oid)
    53  }
    54  
    55  // marshalECPrivateKey marshals an EC private key into ASN.1, DER format and
    56  // sets the curve ID to the given OID, or omits it if OID is nil.
    57  func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {
    58  	privateKeyBytes := key.D.Bytes()
    59  	paddedPrivateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
    60  	copy(paddedPrivateKey[len(paddedPrivateKey)-len(privateKeyBytes):], privateKeyBytes)
    61  
    62  	return asn1.Marshal(ecPrivateKey{
    63  		Version:       1,
    64  		PrivateKey:    paddedPrivateKey,
    65  		NamedCurveOID: oid,
    66  		PublicKey:     asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
    67  	})
    68  }
    69  
    70  // parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
    71  // The OID for the named curve may be provided from another source (such as
    72  // the PKCS8 container) - if it is provided then use this instead of the OID
    73  // that may exist in the EC private key structure.
    74  func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
    75  	var privKey ecPrivateKey
    76  	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
    77  		if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
    78  			return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
    79  		}
    80  		if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
    81  			return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
    82  		}
    83  		return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
    84  	}
    85  	if privKey.Version != ecPrivKeyVersion {
    86  		return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
    87  	}
    88  
    89  	var nfe NonFatalErrors
    90  	var curve elliptic.Curve
    91  	if namedCurveOID != nil {
    92  		curve = namedCurveFromOID(*namedCurveOID, &nfe)
    93  	} else {
    94  		curve = namedCurveFromOID(privKey.NamedCurveOID, &nfe)
    95  	}
    96  	if curve == nil {
    97  		return nil, errors.New("x509: unknown elliptic curve")
    98  	}
    99  
   100  	k := new(big.Int).SetBytes(privKey.PrivateKey)
   101  	curveOrder := curve.Params().N
   102  	if k.Cmp(curveOrder) >= 0 {
   103  		return nil, errors.New("x509: invalid elliptic curve private key value")
   104  	}
   105  	priv := new(ecdsa.PrivateKey)
   106  	priv.Curve = curve
   107  	priv.D = k
   108  
   109  	privateKey := make([]byte, (curveOrder.BitLen()+7)/8)
   110  
   111  	// Some private keys have leading zero padding. This is invalid
   112  	// according to [SEC1], but this code will ignore it.
   113  	for len(privKey.PrivateKey) > len(privateKey) {
   114  		if privKey.PrivateKey[0] != 0 {
   115  			return nil, errors.New("x509: invalid private key length")
   116  		}
   117  		privKey.PrivateKey = privKey.PrivateKey[1:]
   118  	}
   119  
   120  	// Some private keys remove all leading zeros, this is also invalid
   121  	// according to [SEC1] but since OpenSSL used to do this, we ignore
   122  	// this too.
   123  	copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
   124  	priv.X, priv.Y = curve.ScalarBaseMult(privateKey)
   125  
   126  	return priv, nil
   127  }
   128  

View as plain text