-
Notifications
You must be signed in to change notification settings - Fork 28
/
ecc.go
92 lines (73 loc) · 2.34 KB
/
ecc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
//package ecc provides helpers for creating elliptic curve leys
package ecc
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/x509"
"encoding/pem"
"errors"
"math/big"
)
// ReadPublic loads ecdsa.PublicKey from given PKCS1 X509 or PKIX blobs
func ReadPublic(raw []byte) (key *ecdsa.PublicKey, err error) {
var encoded *pem.Block
if encoded, _ = pem.Decode(raw); encoded == nil {
return nil, errors.New("Ecc.ReadPublic(): Key must be PEM encoded PKCS1 X509 certificate or PKIX EC public key")
}
var parsedKey interface{}
var cert *x509.Certificate
if parsedKey, err = x509.ParsePKIXPublicKey(encoded.Bytes); err != nil {
if cert, err = x509.ParseCertificate(encoded.Bytes); err != nil {
return nil, err
}
parsedKey = cert.PublicKey
}
var ok bool
if key, ok = parsedKey.(*ecdsa.PublicKey); !ok {
return nil, errors.New("Ecc.ReadPublic(): Key is not a valid *ecdsa.PublicKey")
}
return key, nil
}
// ReadPrivate loads ecdsa.PrivateKey from given PKCS1 or PKCS8 blobs
func ReadPrivate(raw []byte) (key *ecdsa.PrivateKey, err error) {
var encoded *pem.Block
if encoded, _ = pem.Decode(raw); encoded == nil {
return nil, errors.New("Ecc.ReadPrivate(): Key must be PEM encoded PKCS1 or PKCS8 EC private key")
}
var parsedKey interface{}
if parsedKey, err = x509.ParseECPrivateKey(encoded.Bytes); err != nil {
if parsedKey, err = x509.ParsePKCS8PrivateKey(encoded.Bytes); err != nil {
return nil, err
}
}
var ok bool
if key, ok = parsedKey.(*ecdsa.PrivateKey); !ok {
return nil, errors.New("Ecc.ReadPrivate(): Key is not valid *ecdsa.PrivateKey")
}
return key, nil
}
// NewPublic constructs ecdsa.PublicKey from given (X,Y)
func NewPublic(x, y []byte) *ecdsa.PublicKey {
return &ecdsa.PublicKey{Curve: curve(len(x)),
X: new(big.Int).SetBytes(x),
Y: new(big.Int).SetBytes(y)}
}
// NewPrivate constructs ecdsa.PrivateKey from given (X,Y) and D
func NewPrivate(x, y, d []byte) *ecdsa.PrivateKey {
return &ecdsa.PrivateKey{D: new(big.Int).SetBytes(d),
PublicKey: ecdsa.PublicKey{Curve: curve(len(x)),
X: new(big.Int).SetBytes(x),
Y: new(big.Int).SetBytes(y)}}
}
func curve(size int) elliptic.Curve {
switch size {
case 31, 32:
return elliptic.P256()
case 48:
return elliptic.P384()
case 65, 66:
return elliptic.P521() //adjust for P-521 curve, which can be 65 or 66 bytes
default:
return nil //unsupported curve
}
}