src/crypto/x509/sec1.go - go - Git at Google

 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package x509

 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"encoding/asn1"
 	"errors"
 	"fmt"
 	"math/big"
 )

 const ecPrivKeyVersion = 1

 // ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
 // References:
 //   RFC 5915
 //   SEC1 - http://www.secg.org/sec1-v2.pdf
 // Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
 // most cases it is not.
 type ecPrivateKey struct {
 	Version       int
 	PrivateKey    []byte
 	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
 	PublicKey     asn1.BitString        `asn1:"optional,explicit,tag:1"`
 }

 // ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.
 //
 // This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
 func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
 	return parseECPrivateKey(nil, der)
 }

 // MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.
 //
 // This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
 // For a more flexible key format which is not EC specific, use
 // MarshalPKCS8PrivateKey.
 func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
 	oid, ok := oidFromNamedCurve(key.Curve)
 	if !ok {
 		return nil, errors.New("x509: unknown elliptic curve")
 	}

 	return marshalECPrivateKeyWithOID(key, oid)
 }

 // marshalECPrivateKey marshals an EC private key into ASN.1, DER format and
 // sets the curve ID to the given OID, or omits it if OID is nil.
 func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {
 	privateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
 	return asn1.Marshal(ecPrivateKey{
 		Version:       1,
 		PrivateKey:    key.D.FillBytes(privateKey),
 		NamedCurveOID: oid,
 		PublicKey:     asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
 	})
 }

 // parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
 // The OID for the named curve may be provided from another source (such as
 // the PKCS8 container) - if it is provided then use this instead of the OID
 // that may exist in the EC private key structure.
 func parseECPrivateKey(namedCurveOID *asn1.ObjectIdentifier, der []byte) (key *ecdsa.PrivateKey, err error) {
 	var privKey ecPrivateKey
 	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
 		if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
 			return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
 		}
 		if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
 			return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
 		}
 		return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
 	}
 	if privKey.Version != ecPrivKeyVersion {
 		return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
 	}

 	var curve elliptic.Curve
 	if namedCurveOID != nil {
 		curve = namedCurveFromOID(*namedCurveOID)
 	} else {
 		curve = namedCurveFromOID(privKey.NamedCurveOID)
 	}
 	if curve == nil {
 		return nil, errors.New("x509: unknown elliptic curve")
 	}

 	k := new(big.Int).SetBytes(privKey.PrivateKey)
 	curveOrder := curve.Params().N
 	if k.Cmp(curveOrder) >= 0 {
 		return nil, errors.New("x509: invalid elliptic curve private key value")
 	}
 	priv := new(ecdsa.PrivateKey)
 	priv.Curve = curve
 	priv.D = k

 	privateKey := make([]byte, (curveOrder.BitLen()+7)/8)

 	// Some private keys have leading zero padding. This is invalid
 	// according to [SEC1], but this code will ignore it.
 	for len(privKey.PrivateKey) > len(privateKey) {
 		if privKey.PrivateKey[0] != 0 {
 			return nil, errors.New("x509: invalid private key length")
 		}
 		privKey.PrivateKey = privKey.PrivateKey[1:]
 	}

 	// Some private keys remove all leading zeros, this is also invalid
 	// according to [SEC1] but since OpenSSL used to do this, we ignore
 	// this too.
 	copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
 	priv.X, priv.Y = curve.ScalarBaseMult(privateKey)

 	return priv, nil
 }
	// Copyright 2012 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package x509

	import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"encoding/asn1"
	"errors"
	"fmt"
	"math/big"
	)

	const ecPrivKeyVersion = 1

	// ecPrivateKey reflects an ASN.1 Elliptic Curve Private Key Structure.
	// References:
	// RFC 5915
	// SEC1 - http://www.secg.org/sec1-v2.pdf
	// Per RFC 5915 the NamedCurveOID is marked as ASN.1 OPTIONAL, however in
	// most cases it is not.
	type ecPrivateKey struct {
	Version int
	PrivateKey []byte
	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
	PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"`
	}

	// ParseECPrivateKey parses an EC private key in SEC 1, ASN.1 DER form.
	//
	// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
	func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error) {
	return parseECPrivateKey(nil, der)
	}

	// MarshalECPrivateKey converts an EC private key to SEC 1, ASN.1 DER form.
	//
	// This kind of key is commonly encoded in PEM blocks of type "EC PRIVATE KEY".
	// For a more flexible key format which is not EC specific, use
	// MarshalPKCS8PrivateKey.
	func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error) {
	oid, ok := oidFromNamedCurve(key.Curve)
	if !ok {
	return nil, errors.New("x509: unknown elliptic curve")
	}

	return marshalECPrivateKeyWithOID(key, oid)
	}

	// marshalECPrivateKey marshals an EC private key into ASN.1, DER format and
	// sets the curve ID to the given OID, or omits it if OID is nil.
	func marshalECPrivateKeyWithOID(key *ecdsa.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error) {
	privateKey := make([]byte, (key.Curve.Params().N.BitLen()+7)/8)
	return asn1.Marshal(ecPrivateKey{
	Version: 1,
	PrivateKey: key.D.FillBytes(privateKey),
	NamedCurveOID: oid,
	PublicKey: asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)},
	})
	}

	// parseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.
	// The OID for the named curve may be provided from another source (such as
	// the PKCS8 container) - if it is provided then use this instead of the OID
	// that may exist in the EC private key structure.
	func parseECPrivateKey(namedCurveOID asn1.ObjectIdentifier, der []byte) (key ecdsa.PrivateKey, err error) {
	var privKey ecPrivateKey
	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
	if _, err := asn1.Unmarshal(der, &pkcs8{}); err == nil {
	return nil, errors.New("x509: failed to parse private key (use ParsePKCS8PrivateKey instead for this key format)")
	}
	if _, err := asn1.Unmarshal(der, &pkcs1PrivateKey{}); err == nil {
	return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
	}
	return nil, errors.New("x509: failed to parse EC private key: " + err.Error())
	}
	if privKey.Version != ecPrivKeyVersion {
	return nil, fmt.Errorf("x509: unknown EC private key version %d", privKey.Version)
	}

	var curve elliptic.Curve
	if namedCurveOID != nil {
	curve = namedCurveFromOID(*namedCurveOID)
	} else {
	curve = namedCurveFromOID(privKey.NamedCurveOID)
	}
	if curve == nil {
	return nil, errors.New("x509: unknown elliptic curve")
	}

	k := new(big.Int).SetBytes(privKey.PrivateKey)
	curveOrder := curve.Params().N
	if k.Cmp(curveOrder) >= 0 {
	return nil, errors.New("x509: invalid elliptic curve private key value")
	}
	priv := new(ecdsa.PrivateKey)
	priv.Curve = curve
	priv.D = k

	privateKey := make([]byte, (curveOrder.BitLen()+7)/8)

	// Some private keys have leading zero padding. This is invalid
	// according to [SEC1], but this code will ignore it.
	for len(privKey.PrivateKey) > len(privateKey) {
	if privKey.PrivateKey[0] != 0 {
	return nil, errors.New("x509: invalid private key length")
	}
	privKey.PrivateKey = privKey.PrivateKey[1:]
	}

	// Some private keys remove all leading zeros, this is also invalid
	// according to [SEC1] but since OpenSSL used to do this, we ignore
	// this too.
	copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
	priv.X, priv.Y = curve.ScalarBaseMult(privateKey)

	return priv, nil
	}