25 * reference to RFC5959 and RFC2898
29 oidPBES1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 3} // pbeWithMD5AndDES-CBC(PBES1)
30 oidPBES2 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 13} // id-PBES2(PBES2)
31 oidPBKDF2 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 12} // id-PBKDF2
33 oidKEYMD5 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5}
34 oidKEYSHA1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 7}
35 oidKEYSHA256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 9}
36 oidKEYSHA512 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 11}
38 oidAES128CBC = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 1, 2}
39 oidAES256CBC = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 1, 42}
41 oidSM2 = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
44 // reference to https://www.rfc-editor.org/rfc/rfc5958.txt
45 type PrivateKeyInfo struct {
46 Version int // v1 or v2
47 PrivateKeyAlgorithm []asn1.ObjectIdentifier
51 // reference to https://www.rfc-editor.org/rfc/rfc5958.txt
52 type EncryptedPrivateKeyInfo struct {
53 EncryptionAlgorithm Pbes2Algorithms
57 // reference to https://www.ietf.org/rfc/rfc2898.txt
58 type Pbes2Algorithms struct {
59 IdPBES2 asn1.ObjectIdentifier
60 Pbes2Params Pbes2Params
63 // reference to https://www.ietf.org/rfc/rfc2898.txt
64 type Pbes2Params struct {
65 KeyDerivationFunc Pbes2KDfs // PBES2-KDFs
66 EncryptionScheme Pbes2Encs // PBES2-Encs
69 // reference to https://www.ietf.org/rfc/rfc2898.txt
70 type Pbes2KDfs struct {
71 IdPBKDF2 asn1.ObjectIdentifier
72 Pkdf2Params Pkdf2Params
75 type Pbes2Encs struct {
76 EncryAlgo asn1.ObjectIdentifier
80 // reference to https://www.ietf.org/rfc/rfc2898.txt
81 type Pkdf2Params struct {
84 Prf pkix.AlgorithmIdentifier
87 type sm2PrivateKey struct {
90 NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
91 PublicKey asn1.BitString `asn1:"optional,explicit,tag:1"`
96 Algo pkix.AlgorithmIdentifier
100 // copy from crypto/pbkdf2.go
101 func pbkdf(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
102 prf := hmac.New(h, password)
103 hashLen := prf.Size()
104 numBlocks := (keyLen + hashLen - 1) / hashLen
107 dk := make([]byte, 0, numBlocks*hashLen)
108 U := make([]byte, hashLen)
109 for block := 1; block <= numBlocks; block++ {
110 // N.B.: || means concatenation, ^ means XOR
111 // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter
112 // U_1 = PRF(password, salt || uint(i))
115 buf[0] = byte(block >> 24)
116 buf[1] = byte(block >> 16)
117 buf[2] = byte(block >> 8)
121 T := dk[len(dk)-hashLen:]
124 // U_n = PRF(password, U_(n-1))
125 for n := 2; n <= iter; n++ {
138 func ParseSm2PublicKey(der []byte) (*PublicKey, error) {
139 var pubkey pkixPublicKey
141 if _, err := asn1.Unmarshal(der, &pubkey); err != nil {
144 if !reflect.DeepEqual(pubkey.Algo.Algorithm, oidSM2) {
145 return nil, errors.New("x509: not sm2 elliptic curve")
148 x, y := elliptic.Unmarshal(curve, pubkey.BitString.Bytes)
157 func MarshalSm2PublicKey(key *PublicKey) ([]byte, error) {
159 var algo pkix.AlgorithmIdentifier
161 algo.Algorithm = oidSM2
162 algo.Parameters.Class = 0
163 algo.Parameters.Tag = 6
164 algo.Parameters.IsCompound = false
165 algo.Parameters.FullBytes = []byte{6, 8, 42, 129, 28, 207, 85, 1, 130, 45} // asn1.Marshal(asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 301})
167 r.BitString = asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)}
168 return asn1.Marshal(r)
171 func ParseSm2PrivateKey(der []byte) (*PrivateKey, error) {
172 var privKey sm2PrivateKey
174 if _, err := asn1.Unmarshal(der, &privKey); err != nil {
175 return nil, errors.New("x509: failed to parse SM2 private key: " + err.Error())
178 k := new(big.Int).SetBytes(privKey.PrivateKey)
179 curveOrder := curve.Params().N
180 if k.Cmp(curveOrder) >= 0 {
181 return nil, errors.New("x509: invalid elliptic curve private key value")
183 priv := new(PrivateKey)
186 privateKey := make([]byte, (curveOrder.BitLen()+7)/8)
187 for len(privKey.PrivateKey) > len(privateKey) {
188 if privKey.PrivateKey[0] != 0 {
189 return nil, errors.New("x509: invalid private key length")
191 privKey.PrivateKey = privKey.PrivateKey[1:]
193 copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
194 priv.X, priv.Y = curve.ScalarBaseMult(privateKey)
198 func ParsePKCS8UnecryptedPrivateKey(der []byte) (*PrivateKey, error) {
201 if _, err := asn1.Unmarshal(der, &privKey); err != nil {
204 if !reflect.DeepEqual(privKey.Algo.Algorithm, oidSM2) {
205 return nil, errors.New("x509: not sm2 elliptic curve")
207 return ParseSm2PrivateKey(privKey.PrivateKey)
210 func ParsePKCS8EcryptedPrivateKey(der, pwd []byte) (*PrivateKey, error) {
211 var keyInfo EncryptedPrivateKeyInfo
213 _, err := asn1.Unmarshal(der, &keyInfo)
215 return nil, errors.New("x509: unknown format")
217 if !reflect.DeepEqual(keyInfo.EncryptionAlgorithm.IdPBES2, oidPBES2) {
218 return nil, errors.New("x509: only support PBES2")
220 encryptionScheme := keyInfo.EncryptionAlgorithm.Pbes2Params.EncryptionScheme
221 keyDerivationFunc := keyInfo.EncryptionAlgorithm.Pbes2Params.KeyDerivationFunc
222 if !reflect.DeepEqual(keyDerivationFunc.IdPBKDF2, oidPBKDF2) {
223 return nil, errors.New("x509: only support PBKDF2")
225 pkdf2Params := keyDerivationFunc.Pkdf2Params
226 if !reflect.DeepEqual(encryptionScheme.EncryAlgo, oidAES128CBC) &&
227 !reflect.DeepEqual(encryptionScheme.EncryAlgo, oidAES256CBC) {
228 return nil, errors.New("x509: unknow encryption algorithm")
230 iv := encryptionScheme.IV
231 salt := pkdf2Params.Salt
232 iter := pkdf2Params.IterationCount
233 encryptedKey := keyInfo.EncryptedData
236 case pkdf2Params.Prf.Algorithm.Equal(oidKEYMD5):
237 key = pbkdf(pwd, salt, iter, 32, md5.New)
239 case pkdf2Params.Prf.Algorithm.Equal(oidKEYSHA1):
240 key = pbkdf(pwd, salt, iter, 32, sha1.New)
242 case pkdf2Params.Prf.Algorithm.Equal(oidKEYSHA256):
243 key = pbkdf(pwd, salt, iter, 32, sha256.New)
245 case pkdf2Params.Prf.Algorithm.Equal(oidKEYSHA512):
246 key = pbkdf(pwd, salt, iter, 32, sha512.New)
249 return nil, errors.New("x509: unknown hash algorithm")
251 block, err := aes.NewCipher(key)
255 mode := cipher.NewCBCDecrypter(block, iv)
256 mode.CryptBlocks(encryptedKey, encryptedKey)
257 rKey, err := ParsePKCS8UnecryptedPrivateKey(encryptedKey)
259 return nil, errors.New("pkcs8: incorrect password")
264 func ParsePKCS8PrivateKey(der, pwd []byte) (*PrivateKey, error) {
266 return ParsePKCS8UnecryptedPrivateKey(der)
268 return ParsePKCS8EcryptedPrivateKey(der, pwd)
271 func MarshalSm2UnecryptedPrivateKey(key *PrivateKey) ([]byte, error) {
273 var priv sm2PrivateKey
274 var algo pkix.AlgorithmIdentifier
276 algo.Algorithm = oidSM2
277 algo.Parameters.Class = 0
278 algo.Parameters.Tag = 6
279 algo.Parameters.IsCompound = false
280 algo.Parameters.FullBytes = []byte{6, 8, 42, 129, 28, 207, 85, 1, 130, 45} // asn1.Marshal(asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 301})
282 priv.NamedCurveOID = oidNamedCurveP256SM2
283 priv.PublicKey = asn1.BitString{Bytes: elliptic.Marshal(key.Curve, key.X, key.Y)}
284 priv.PrivateKey = key.D.Bytes()
287 r.PrivateKey, _ = asn1.Marshal(priv)
288 return asn1.Marshal(r)
291 func MarshalSm2EcryptedPrivateKey(PrivKey *PrivateKey, pwd []byte) ([]byte, error) {
292 der, err := MarshalSm2UnecryptedPrivateKey(PrivKey)
297 salt := make([]byte, 8)
298 iv := make([]byte, 16)
299 rand.Reader.Read(salt)
301 key := pbkdf(pwd, salt, iter, 32, sha1.New) // 默认是SHA1
302 padding := aes.BlockSize - len(der)%aes.BlockSize
305 der = append(der, make([]byte, padding)...)
306 for i := 0; i < padding; i++ {
307 der[n+i] = byte(padding)
310 encryptedKey := make([]byte, len(der))
311 block, err := aes.NewCipher(key)
315 mode := cipher.NewCBCEncrypter(block, iv)
316 mode.CryptBlocks(encryptedKey, der)
317 var algorithmIdentifier pkix.AlgorithmIdentifier
318 algorithmIdentifier.Algorithm = oidKEYSHA1
319 algorithmIdentifier.Parameters.Tag = 5
320 algorithmIdentifier.Parameters.IsCompound = false
321 algorithmIdentifier.Parameters.FullBytes = []byte{5, 0}
322 keyDerivationFunc := Pbes2KDfs{
330 encryptionScheme := Pbes2Encs{
334 pbes2Algorithms := Pbes2Algorithms{
341 encryptedPkey := EncryptedPrivateKeyInfo{
345 return asn1.Marshal(encryptedPkey)
348 func MarshalSm2PrivateKey(key *PrivateKey, pwd []byte) ([]byte, error) {
350 return MarshalSm2UnecryptedPrivateKey(key)
352 return MarshalSm2EcryptedPrivateKey(key, pwd)
355 func ReadPrivateKeyFromMem(data []byte, pwd []byte) (*PrivateKey, error) {
358 block, _ = pem.Decode(data)
360 return nil, errors.New("failed to decode private key")
362 priv, err := ParsePKCS8PrivateKey(block.Bytes, pwd)
366 func ReadPrivateKeyFromPem(FileName string, pwd []byte) (*PrivateKey, error) {
367 data, err := ioutil.ReadFile(FileName)
371 return ReadPrivateKeyFromMem(data, pwd)
374 func WritePrivateKeytoMem(key *PrivateKey, pwd []byte) ([]byte, error) {
377 der, err := MarshalSm2PrivateKey(key, pwd)
383 Type: "ENCRYPTED PRIVATE KEY",
392 return pem.EncodeToMemory(block), nil
395 func WritePrivateKeytoPem(FileName string, key *PrivateKey, pwd []byte) (bool, error) {
398 der, err := MarshalSm2PrivateKey(key, pwd)
404 Type: "ENCRYPTED PRIVATE KEY",
413 file, err := os.Create(FileName)
418 err = pem.Encode(file, block)
425 func ReadPublicKeyFromMem(data []byte, _ []byte) (*PublicKey, error) {
426 block, _ := pem.Decode(data)
427 if block == nil || block.Type != "PUBLIC KEY" {
428 return nil, errors.New("failed to decode public key")
430 pub, err := ParseSm2PublicKey(block.Bytes)
434 func ReadPublicKeyFromPem(FileName string, pwd []byte) (*PublicKey, error) {
435 data, err := ioutil.ReadFile(FileName)
439 return ReadPublicKeyFromMem(data, pwd)
442 func WritePublicKeytoMem(key *PublicKey, _ []byte) ([]byte, error) {
443 der, err := MarshalSm2PublicKey(key)
451 return pem.EncodeToMemory(block), nil
454 func WritePublicKeytoPem(FileName string, key *PublicKey, _ []byte) (bool, error) {
455 der, err := MarshalSm2PublicKey(key)
463 file, err := os.Create(FileName)
468 err = pem.Encode(file, block)