1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package x509 6 7 import ( 8 "crypto/x509/pkix" 9 "encoding/asn1" 10 "errors" 11 "fmt" 12 ) 13 14 // pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See 15 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn 16 // and RFC5208. 17 type pkcs8 struct { 18 Version int 19 Algo pkix.AlgorithmIdentifier 20 PrivateKey []byte 21 // optional attributes omitted. 22 } 23 24 // ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. See 25 // http://www.rsa.com/rsalabs/node.asp?id=2130 and RFC5208. 26 func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) { 27 var privKey pkcs8 28 if _, err := asn1.Unmarshal(der, &privKey); err != nil { 29 return nil, err 30 } 31 switch { 32 case privKey.Algo.Algorithm.Equal(oidPublicKeyRSA): 33 key, err = ParsePKCS1PrivateKey(privKey.PrivateKey) 34 if err != nil { 35 return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error()) 36 } 37 return key, nil 38 39 case privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA): 40 bytes := privKey.Algo.Parameters.FullBytes 41 namedCurveOID := new(asn1.ObjectIdentifier) 42 if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil { 43 namedCurveOID = nil 44 } 45 key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey) 46 if err != nil { 47 return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error()) 48 } 49 return key, nil 50 51 default: 52 return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm) 53 } 54 } 55