...
Run Format

Source file src/crypto/x509/sec1.go

Documentation: crypto/x509

  // Copyright 2012 The Go Authors. All rights reserved.
  // Use of this source code is governed by a BSD-style
  // license that can be found in the LICENSE file.
  
  package x509
  
  import (
  	"crypto/ecdsa"
  	"crypto/elliptic"
  	"encoding/asn1"
  	"errors"
  	"fmt"
  	"math/big"
  )
  
  const ecPrivKeyVersion = 1
  
  // ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
  // References:
  //   RFC 5915
  //   SEC1 - http://www.secg.org/sec1-v2.pdf
  // Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
  // most cases it is not.
  type ecPrivateKey struct {
  	Version       int
  	PrivateKey    []byte
  	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
  	PublicKey     asn1.BitString        `asn1:"optional,explicit,tag:1"`
  }
  
  // ParseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
  func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
  	return parseECPrivateKey(nil, der)
  }
  
  // MarshalECPrivateKey marshals an EC private key into ASN.1, DER format.
  func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
  	oid, ok := oidFromNamedCurve(key.Curve)
  	if !ok {
  		return nil, errors.New("x509: unknown elliptic curve")
  	}
  
  	privateKeyBytes := key.D.Bytes()
  	paddedPrivateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
  	copy(paddedPrivateKey[len(paddedPrivateKey)-len(privateKeyBytes):], privateKeyBytes)
  
  	return asn1.Marshal(ecPrivateKey{
  		Version:       1,
  		PrivateKey:    paddedPrivateKey,
  		NamedCurveOID: oid,
  		PublicKey:     asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
  	})
  }
  
  // parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
  // The OID for the named curve may be provided from another source (such as
  // the PKCS8 container) - if it is provided then use this instead of the OID
  // that may exist in the EC private key structure.
  func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
  	var privKey ecPrivateKey
  	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
  		return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
  	}
  	if privKey.Version != ecPrivKeyVersion {
  		return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
  	}
  
  	var curve elliptic.Curve
  	if namedCurveOID != nil {
  		curve = namedCurveFromOID(*namedCurveOID)
  	} else {
  		curve = namedCurveFromOID(privKey.NamedCurveOID)
  	}
  	if curve == nil {
  		return nil, errors.New("x509: unknown elliptic curve")
  	}
  
  	k := new(big.Int).SetBytes(privKey.PrivateKey)
  	curveOrder := curve.Params().N
  	if k.Cmp(curveOrder) >= 0 {
  		return nil, errors.New("x509: invalid elliptic curve private key value")
  	}
  	priv := new(ecdsa.PrivateKey)
  	priv.Curve = curve
  	priv.D = k
  
  	privateKey := make([]byte, (curveOrder.BitLen()+7)/8)
  
  	// Some private keys have leading zero padding. This is invalid
  	// according to [SEC1], but this code will ignore it.
  	for len(privKey.PrivateKey) > len(privateKey) {
  		if privKey.PrivateKey[0] != 0 {
  			return nil, errors.New("x509: invalid private key length")
  		}
  		privKey.PrivateKey = privKey.PrivateKey[1:]
  	}
  
  	// Some private keys remove all leading zeros, this is also invalid
  	// according to [SEC1] but since OpenSSL used to do this, we ignore
  	// this too.
  	copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
  	priv.X, priv.Y = curve.ScalarBaseMult(privateKey)
  
  	return priv, nil
  }
  

View as plain text