Home | History | Annotate | Download | only in x509
      1 // Copyright 2011 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 package x509
      6 
      7 import (
      8 	"crypto/x509/pkix"
      9 	"encoding/asn1"
     10 	"errors"
     11 	"fmt"
     12 )
     13 
     14 // pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See
     15 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
     16 // and RFC5208.
     17 type pkcs8 struct {
     18 	Version    int
     19 	Algo       pkix.AlgorithmIdentifier
     20 	PrivateKey []byte
     21 	// optional attributes omitted.
     22 }
     23 
     24 // ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. See
     25 // http://www.rsa.com/rsalabs/node.asp?id=2130 and RFC5208.
     26 func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
     27 	var privKey pkcs8
     28 	if _, err := asn1.Unmarshal(der, &privKey); err != nil {
     29 		return nil, err
     30 	}
     31 	switch {
     32 	case privKey.Algo.Algorithm.Equal(oidPublicKeyRSA):
     33 		key, err = ParsePKCS1PrivateKey(privKey.PrivateKey)
     34 		if err != nil {
     35 			return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error())
     36 		}
     37 		return key, nil
     38 
     39 	case privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA):
     40 		bytes := privKey.Algo.Parameters.FullBytes
     41 		namedCurveOID := new(asn1.ObjectIdentifier)
     42 		if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil {
     43 			namedCurveOID = nil
     44 		}
     45 		key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey)
     46 		if err != nil {
     47 			return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
     48 		}
     49 		return key, nil
     50 
     51 	default:
     52 		return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm)
     53 	}
     54 }
     55