forked from mouuff/go-rocket-update
/
crypto.go
124 lines (109 loc) · 2.76 KB
/
crypto.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package crypto
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"errors"
"io"
"os"
)
// ChecksumFileSHA256 calculate the sha256 checksum of a file
func ChecksumFileSHA256(path string) ([]byte, error) {
f, err := os.Open(path)
if err != nil {
return []byte{}, err
}
defer f.Close()
hash := sha256.New()
if _, err := io.Copy(hash, f); err != nil {
return []byte{}, err
}
return hash.Sum(nil), nil
}
// GeneratePrivateKey generate a random private key.
func GeneratePrivateKey() (*rsa.PrivateKey, error) {
return rsa.GenerateKey(rand.Reader, 4096)
}
// GetFileSignature signs a file using the given private key
// returns the signature in a hex string
func GetFileSignature(priv *rsa.PrivateKey, path string) ([]byte, error) {
hash, err := ChecksumFileSHA256(path)
if err != nil {
return nil, err
}
signature, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hash)
if err != nil {
return nil, err
}
return signature, nil
}
// VerifyFileSignature verifies the signature of a file
func VerifyFileSignature(pub *rsa.PublicKey, signature []byte, path string) error {
hash, err := ChecksumFileSHA256(path)
if err != nil {
return err
}
err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, hash, signature)
if err != nil {
return err
}
return nil
}
// ExportPrivateKeyAsPem exports the private key to Pem
func ExportPrivateKeyAsPem(privateKey *rsa.PrivateKey) []byte {
privkeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
privkeyPem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: privkeyBytes,
},
)
return privkeyPem
}
// ParsePemPrivateKey parses the pem private key
func ParsePemPrivateKey(privPEM []byte) (*rsa.PrivateKey, error) {
block, _ := pem.Decode(privPEM)
if block == nil {
return nil, errors.New("failed to parse PEM block containing the key")
}
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return priv, nil
}
// ExportPublicKeyAsPem exports the public key as Pem
func ExportPublicKeyAsPem(publicKey *rsa.PublicKey) ([]byte, error) {
pubkeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)
if err != nil {
return nil, err
}
pubkeyPem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubkeyBytes,
},
)
return pubkeyPem, nil
}
// ParsePemPublicKey parse the pem public key
func ParsePemPublicKey(pubPEM []byte) (*rsa.PublicKey, error) {
block, _ := pem.Decode(pubPEM)
if block == nil {
return nil, errors.New("failed to parse PEM block containing the key")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
switch pub := pub.(type) {
case *rsa.PublicKey:
return pub, nil
default:
break
}
return nil, errors.New("Key type is not rsa.PublicKey")
}