PR c++/86342 - -Wdeprecated-copy and system headers.

[official-gcc.git] / libgo / go / crypto / x509 / pkcs8.go

// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509

import (
        "crypto/ecdsa"
        "crypto/rsa"
        "crypto/x509/pkix"
        "encoding/asn1"
        "errors"
        "fmt"
)

// pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See
// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
// and RFC 5208.
type pkcs8 struct {
        Version    int
        Algo       pkix.AlgorithmIdentifier
        PrivateKey []byte
        // optional attributes omitted.
}

// ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key.
// See RFC 5208.
func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error) {
        var privKey pkcs8
        if _, err := asn1.Unmarshal(der, &privKey); err != nil {
                return nil, err
        }
        switch {
        case privKey.Algo.Algorithm.Equal(oidPublicKeyRSA):
                key, err = ParsePKCS1PrivateKey(privKey.PrivateKey)
                if err != nil {
                        return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err.Error())
                }
                return key, nil

        case privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA):
                bytes := privKey.Algo.Parameters.FullBytes
                namedCurveOID := new(asn1.ObjectIdentifier)
                if _, err := asn1.Unmarshal(bytes, namedCurveOID); err != nil {
                        namedCurveOID = nil
                }
                key, err = parseECPrivateKey(namedCurveOID, privKey.PrivateKey)
                if err != nil {
                        return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + err.Error())
                }
                return key, nil

        default:
                return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey.Algo.Algorithm)
        }
}

// MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form.
// The following key types are supported: *rsa.PrivateKey, *ecdsa.PublicKey.
// Unsupported key types result in an error.
//
// See RFC 5208.
func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error) {
        var privKey pkcs8

        switch k := key.(type) {
        case *rsa.PrivateKey:
                privKey.Algo = pkix.AlgorithmIdentifier{
                        Algorithm:  oidPublicKeyRSA,
                        Parameters: asn1.NullRawValue,
                }
                privKey.PrivateKey = MarshalPKCS1PrivateKey(k)

        case *ecdsa.PrivateKey:
                oid, ok := oidFromNamedCurve(k.Curve)
                if !ok {
                        return nil, errors.New("x509: unknown curve while marshalling to PKCS#8")
                }

                oidBytes, err := asn1.Marshal(oid)
                if err != nil {
                        return nil, errors.New("x509: failed to marshal curve OID: " + err.Error())
                }

                privKey.Algo = pkix.AlgorithmIdentifier{
                        Algorithm: oidPublicKeyECDSA,
                        Parameters: asn1.RawValue{
                                FullBytes: oidBytes,
                        },
                }

                if privKey.PrivateKey, err = marshalECPrivateKeyWithOID(k, nil); err != nil {
                        return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + err.Error())
                }

        default:
                return nil, fmt.Errorf("x509: unknown key type while marshalling PKCS#8: %T", key)
        }

        return asn1.Marshal(privKey)
}