pkcs1.go 3.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
  1. // Copyright 2011 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package x509
  5. import (
  6. "crypto/rsa"
  7. // START CT CHANGES
  8. "github.com/google/certificate-transparency/go/asn1"
  9. // END CT CHANGES
  10. "errors"
  11. "math/big"
  12. )
  13. // pkcs1PrivateKey is a structure which mirrors the PKCS#1 ASN.1 for an RSA private key.
  14. type pkcs1PrivateKey struct {
  15. Version int
  16. N *big.Int
  17. E int
  18. D *big.Int
  19. P *big.Int
  20. Q *big.Int
  21. // We ignore these values, if present, because rsa will calculate them.
  22. Dp *big.Int `asn1:"optional"`
  23. Dq *big.Int `asn1:"optional"`
  24. Qinv *big.Int `asn1:"optional"`
  25. AdditionalPrimes []pkcs1AdditionalRSAPrime `asn1:"optional,omitempty"`
  26. }
  27. type pkcs1AdditionalRSAPrime struct {
  28. Prime *big.Int
  29. // We ignore these values because rsa will calculate them.
  30. Exp *big.Int
  31. Coeff *big.Int
  32. }
  33. // ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.
  34. func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error) {
  35. var priv pkcs1PrivateKey
  36. rest, err := asn1.Unmarshal(der, &priv)
  37. if len(rest) > 0 {
  38. err = asn1.SyntaxError{Msg: "trailing data"}
  39. return
  40. }
  41. if err != nil {
  42. return
  43. }
  44. if priv.Version > 1 {
  45. return nil, errors.New("x509: unsupported private key version")
  46. }
  47. if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 || priv.Q.Sign() <= 0 {
  48. return nil, errors.New("x509: private key contains zero or negative value")
  49. }
  50. key = new(rsa.PrivateKey)
  51. key.PublicKey = rsa.PublicKey{
  52. E: priv.E,
  53. N: priv.N,
  54. }
  55. key.D = priv.D
  56. key.Primes = make([]*big.Int, 2+len(priv.AdditionalPrimes))
  57. key.Primes[0] = priv.P
  58. key.Primes[1] = priv.Q
  59. for i, a := range priv.AdditionalPrimes {
  60. if a.Prime.Sign() <= 0 {
  61. return nil, errors.New("x509: private key contains zero or negative prime")
  62. }
  63. key.Primes[i+2] = a.Prime
  64. // We ignore the other two values because rsa will calculate
  65. // them as needed.
  66. }
  67. err = key.Validate()
  68. if err != nil {
  69. return nil, err
  70. }
  71. key.Precompute()
  72. return
  73. }
  74. // MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.
  75. func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte {
  76. key.Precompute()
  77. version := 0
  78. if len(key.Primes) > 2 {
  79. version = 1
  80. }
  81. priv := pkcs1PrivateKey{
  82. Version: version,
  83. N: key.N,
  84. E: key.PublicKey.E,
  85. D: key.D,
  86. P: key.Primes[0],
  87. Q: key.Primes[1],
  88. Dp: key.Precomputed.Dp,
  89. Dq: key.Precomputed.Dq,
  90. Qinv: key.Precomputed.Qinv,
  91. }
  92. priv.AdditionalPrimes = make([]pkcs1AdditionalRSAPrime, len(key.Precomputed.CRTValues))
  93. for i, values := range key.Precomputed.CRTValues {
  94. priv.AdditionalPrimes[i].Prime = key.Primes[2+i]
  95. priv.AdditionalPrimes[i].Exp = values.Exp
  96. priv.AdditionalPrimes[i].Coeff = values.Coeff
  97. }
  98. b, _ := asn1.Marshal(priv)
  99. return b
  100. }
  101. // rsaPublicKey reflects the ASN.1 structure of a PKCS#1 public key.
  102. type rsaPublicKey struct {
  103. N *big.Int
  104. E int
  105. }