reformat everything with gofmt
Yes, I know that this will more or less destroy the history, but it had to be done. I also adjusted my editor to use gofmt rules by default now.
This commit is contained in:
parent
b3f621a312
commit
301d931ad7
|
@ -63,14 +63,18 @@ func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*Certifi
|
||||||
csr.EmailAddresses = c.EmailAddresses
|
csr.EmailAddresses = c.EmailAddresses
|
||||||
|
|
||||||
csr_asn1, err := x509.CreateCertificateRequest(rand.Reader, csr, private_key.PrivateKey())
|
csr_asn1, err := x509.CreateCertificateRequest(rand.Reader, csr, private_key.PrivateKey())
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return LoadCertificateSignRequest(csr_asn1)
|
return LoadCertificateSignRequest(csr_asn1)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load a certificate sign request from its asn1 representation.
|
// Load a certificate sign request from its asn1 representation.
|
||||||
func LoadCertificateSignRequest(raw []byte) (*CertificateRequest, error) {
|
func LoadCertificateSignRequest(raw []byte) (*CertificateRequest, error) {
|
||||||
csr, err := x509.ParseCertificateRequest(raw)
|
csr, err := x509.ParseCertificateRequest(raw)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return (*CertificateRequest)(csr), nil
|
return (*CertificateRequest)(csr), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -88,7 +92,9 @@ func (c *CertificateRequest) MarshalPem() (marshalledPemBlock, error) {
|
||||||
func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
|
func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
|
||||||
cert_opts CertificateOptions, ca *Certificate) (*Certificate, error) {
|
cert_opts CertificateOptions, ca *Certificate) (*Certificate, error) {
|
||||||
|
|
||||||
if err := cert_opts.Valid(); err != nil { return nil, err }
|
if err := cert_opts.Valid(); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
template := &x509.Certificate{}
|
template := &x509.Certificate{}
|
||||||
template.Subject = c.Subject
|
template.Subject = c.Subject
|
||||||
|
@ -124,14 +130,18 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
|
||||||
} else {
|
} else {
|
||||||
cert_asn1, err = x509.CreateCertificate(rand.Reader, template, (*x509.Certificate)(ca), c.PublicKey, private_key.PrivateKey())
|
cert_asn1, err = x509.CreateCertificate(rand.Reader, template, (*x509.Certificate)(ca), c.PublicKey, private_key.PrivateKey())
|
||||||
}
|
}
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return LoadCertificate(cert_asn1)
|
return LoadCertificate(cert_asn1)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load a certificate from its asn1 representation.
|
// Load a certificate from its asn1 representation.
|
||||||
func LoadCertificate(raw []byte) (*Certificate, error) {
|
func LoadCertificate(raw []byte) (*Certificate, error) {
|
||||||
cert, err := x509.ParseCertificate(raw)
|
cert, err := x509.ParseCertificate(raw)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return (*Certificate)(cert), nil
|
return (*Certificate)(cert), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,6 +153,8 @@ func (c *Certificate) MarshalPem() (marshalledPemBlock, error) {
|
||||||
|
|
||||||
// Check if the certificate options have the required fields set.
|
// Check if the certificate options have the required fields set.
|
||||||
func (co *CertificateOptions) Valid() error {
|
func (co *CertificateOptions) Valid() error {
|
||||||
if co.SerialNumber == nil { return fmt.Errorf("No serial number set!") }
|
if co.SerialNumber == nil {
|
||||||
|
return fmt.Errorf("No serial number set!")
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,6 @@ package pki
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/elliptic"
|
"crypto/elliptic"
|
||||||
// "crypto/x509"
|
|
||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
"math/big"
|
"math/big"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
@ -18,10 +17,14 @@ var (
|
||||||
|
|
||||||
func TestCertificateCreation(t *testing.T) {
|
func TestCertificateCreation(t *testing.T) {
|
||||||
pk, err := NewPrivateKeyEcdsa(elliptic.P224())
|
pk, err := NewPrivateKeyEcdsa(elliptic.P224())
|
||||||
if err != nil { t.Errorf("cert: creating private key failed: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("cert: creating private key failed: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
csr, err := TestCertificateData.ToCertificateRequest(pk)
|
csr, err := TestCertificateData.ToCertificateRequest(pk)
|
||||||
if err != nil { t.Errorf("cert: creating csr failed: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("cert: creating csr failed: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
cert_opts := CertificateOptions{
|
cert_opts := CertificateOptions{
|
||||||
// KeyUsage: x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
|
// KeyUsage: x509.KeyUsageEncipherOnly | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
|
||||||
|
@ -29,7 +32,9 @@ func TestCertificateCreation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cert, err := csr.ToCertificate(pk, cert_opts, nil)
|
cert, err := csr.ToCertificate(pk, cert_opts, nil)
|
||||||
if err != nil { t.Errorf("cert: creating cert failed: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("cert: creating cert failed: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
if !fieldsAreSame(TestCertificateData, cert) {
|
if !fieldsAreSame(TestCertificateData, cert) {
|
||||||
t.Errorf("cert: Fields are not the same")
|
t.Errorf("cert: Fields are not the same")
|
||||||
|
@ -37,10 +42,20 @@ func TestCertificateCreation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func fieldsAreSame(data CertificateData, cert *Certificate) bool {
|
func fieldsAreSame(data CertificateData, cert *Certificate) bool {
|
||||||
if data.Subject.CommonName != cert.Subject.CommonName { return false }
|
if data.Subject.CommonName != cert.Subject.CommonName {
|
||||||
if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) { return false }
|
return false
|
||||||
if !reflect.DeepEqual(data.DNSNames, cert.DNSNames) { return false }
|
}
|
||||||
if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses) { return false }
|
if !reflect.DeepEqual(data.Subject.Country, cert.Subject.Country) {
|
||||||
if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses) { return false }
|
return false
|
||||||
|
}
|
||||||
|
if !reflect.DeepEqual(data.DNSNames, cert.DNSNames) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if !reflect.DeepEqual(data.IPAddresses, cert.IPAddresses) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if !reflect.DeepEqual(data.EmailAddresses, cert.EmailAddresses) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
28
ecdsa.go
28
ecdsa.go
|
@ -39,14 +39,18 @@ type (
|
||||||
// For available curves, please take a look at the crypto/elliptic package.
|
// For available curves, please take a look at the crypto/elliptic package.
|
||||||
func NewPrivateKeyEcdsa(curve elliptic.Curve) (*EcdsaPrivateKey, error) {
|
func NewPrivateKeyEcdsa(curve elliptic.Curve) (*EcdsaPrivateKey, error) {
|
||||||
key, err := ecdsa.GenerateKey(curve, rand.Reader)
|
key, err := ecdsa.GenerateKey(curve, rand.Reader)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &EcdsaPrivateKey{key}, nil
|
return &EcdsaPrivateKey{key}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load the private key from the asn1 representation.
|
// Load the private key from the asn1 representation.
|
||||||
func LoadPrivateKeyEcdsa(raw []byte) (*EcdsaPrivateKey, error) {
|
func LoadPrivateKeyEcdsa(raw []byte) (*EcdsaPrivateKey, error) {
|
||||||
key, err := x509.ParseECPrivateKey(raw)
|
key, err := x509.ParseECPrivateKey(raw)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &EcdsaPrivateKey{key}, nil
|
return &EcdsaPrivateKey{key}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -75,7 +79,9 @@ func (pr EcdsaPrivateKey) PrivateKey() crypto.PrivateKey {
|
||||||
// into a pem block.
|
// into a pem block.
|
||||||
func (pr EcdsaPrivateKey) MarshalPem() (io.WriterTo, error) {
|
func (pr EcdsaPrivateKey) MarshalPem() (io.WriterTo, error) {
|
||||||
asn1, err := x509.MarshalECPrivateKey(pr.private_key)
|
asn1, err := x509.MarshalECPrivateKey(pr.private_key)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
pem_block := pem.Block{Type: PemLabelEcdsa, Bytes: asn1}
|
pem_block := pem.Block{Type: PemLabelEcdsa, Bytes: asn1}
|
||||||
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
||||||
}
|
}
|
||||||
|
@ -83,10 +89,14 @@ func (pr EcdsaPrivateKey) MarshalPem() (io.WriterTo, error) {
|
||||||
// This functoin loads an ecdsa public key from the asn.1 representation.
|
// This functoin loads an ecdsa public key from the asn.1 representation.
|
||||||
func LoadPublicKeyEcdsa(raw []byte) (*EcdsaPublicKey, error) {
|
func LoadPublicKeyEcdsa(raw []byte) (*EcdsaPublicKey, error) {
|
||||||
raw_pub, err := x509.ParsePKIXPublicKey(raw)
|
raw_pub, err := x509.ParsePKIXPublicKey(raw)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
pub, ok := raw_pub.(*ecdsa.PublicKey)
|
pub, ok := raw_pub.(*ecdsa.PublicKey)
|
||||||
if !ok { return nil, errors.New("Not an ecdsa key!") }
|
if !ok {
|
||||||
|
return nil, errors.New("Not an ecdsa key!")
|
||||||
|
}
|
||||||
return &EcdsaPublicKey{pub}, nil
|
return &EcdsaPublicKey{pub}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -94,7 +104,9 @@ func LoadPublicKeyEcdsa(raw []byte) (*EcdsaPublicKey, error) {
|
||||||
// a pem block.
|
// a pem block.
|
||||||
func (pu *EcdsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
func (pu *EcdsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
||||||
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
|
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
pem_block := pem.Block{Type: PemLabelPublic, Bytes: asn1}
|
pem_block := pem.Block{Type: PemLabelPublic, Bytes: asn1}
|
||||||
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
||||||
}
|
}
|
||||||
|
@ -105,7 +117,9 @@ func (pu *EcdsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
||||||
func (pu *EcdsaPublicKey) Verify(message []byte, signature_raw []byte, hash crypto.Hash) (bool, error) {
|
func (pu *EcdsaPublicKey) Verify(message []byte, signature_raw []byte, hash crypto.Hash) (bool, error) {
|
||||||
var sig signatureEcdsa
|
var sig signatureEcdsa
|
||||||
_, err := asn1.Unmarshal(signature_raw, &sig)
|
_, err := asn1.Unmarshal(signature_raw, &sig)
|
||||||
if err != nil { return false, err }
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
hashed_message := hash.New()
|
hashed_message := hash.New()
|
||||||
hashed_message.Write(message)
|
hashed_message.Write(message)
|
||||||
return ecdsa.Verify(pu.public_key, hashed_message.Sum(nil), sig.R, sig.S), nil
|
return ecdsa.Verify(pu.public_key, hashed_message.Sum(nil), sig.R, sig.S), nil
|
||||||
|
|
|
@ -35,29 +35,45 @@ func RunMarshalTest(pkType string, pe Pemmer, label string, t *testing.T) ([]byt
|
||||||
// test other private key functions
|
// test other private key functions
|
||||||
func RunPrivateKeyTests(pkType string, pk PrivateKey, pu PublicKey, t *testing.T) {
|
func RunPrivateKeyTests(pkType string, pk PrivateKey, pu PublicKey, t *testing.T) {
|
||||||
signature, err := pk.Sign(SignatureMessage, SignatureHash)
|
signature, err := pk.Sign(SignatureMessage, SignatureHash)
|
||||||
if err != nil { t.Errorf("%s: error creating a signature: %s", pkType, err) }
|
if err != nil {
|
||||||
|
t.Errorf("%s: error creating a signature: %s", pkType, err)
|
||||||
|
}
|
||||||
|
|
||||||
valid, err := pu.Verify(SignatureMessage, signature, SignatureHash)
|
valid, err := pu.Verify(SignatureMessage, signature, SignatureHash)
|
||||||
if err != nil { t.Errorf("%s: could not verify message: %s", pkType, err) }
|
if err != nil {
|
||||||
if !valid { t.Errorf("%s: signature invalid, but should be valid!", pkType) }
|
t.Errorf("%s: could not verify message: %s", pkType, err)
|
||||||
|
}
|
||||||
|
if !valid {
|
||||||
|
t.Errorf("%s: signature invalid, but should be valid!", pkType)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// test ecdsa private key functions
|
// test ecdsa private key functions
|
||||||
func TestEcdsaFunctions(t *testing.T) {
|
func TestEcdsaFunctions(t *testing.T) {
|
||||||
pk, err := NewPrivateKeyEcdsa(elliptic.P521())
|
pk, err := NewPrivateKeyEcdsa(elliptic.P521())
|
||||||
if err != nil { t.Errorf("ecdsa: creating private key failed: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("ecdsa: creating private key failed: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
blockBytes, err := RunMarshalTest("ecdsa", pk, PemLabelEcdsa, t)
|
blockBytes, err := RunMarshalTest("ecdsa", pk, PemLabelEcdsa, t)
|
||||||
if err != nil { return }
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
pk, err = LoadPrivateKeyEcdsa(blockBytes)
|
pk, err = LoadPrivateKeyEcdsa(blockBytes)
|
||||||
if err != nil { t.Errorf("ecdsa: pem content wrong: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("ecdsa: pem content wrong: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
blockBytes, err = RunMarshalTest("ecdsa-public", pk.Public(), PemLabelPublic, t)
|
blockBytes, err = RunMarshalTest("ecdsa-public", pk.Public(), PemLabelPublic, t)
|
||||||
if err != nil { return }
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
pu, err := LoadPublicKeyEcdsa(blockBytes)
|
pu, err := LoadPublicKeyEcdsa(blockBytes)
|
||||||
if err != nil { t.Errorf("ecdsa-public: pem content wrong: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("ecdsa-public: pem content wrong: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
RunPrivateKeyTests("ecdsa", pk, pu, t)
|
RunPrivateKeyTests("ecdsa", pk, pu, t)
|
||||||
}
|
}
|
||||||
|
@ -65,20 +81,29 @@ func TestEcdsaFunctions(t *testing.T) {
|
||||||
// test rsa private key functions
|
// test rsa private key functions
|
||||||
func TestRsaFunctions(t *testing.T) {
|
func TestRsaFunctions(t *testing.T) {
|
||||||
pk, err := NewPrivateKeyRsa(2048)
|
pk, err := NewPrivateKeyRsa(2048)
|
||||||
if err != nil { t.Errorf("rsa: creating private key failed: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("rsa: creating private key failed: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
blockBytes, err := RunMarshalTest("rsa", pk, PemLabelRsa, t)
|
blockBytes, err := RunMarshalTest("rsa", pk, PemLabelRsa, t)
|
||||||
if err != nil { return }
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
pk, err = LoadPrivateKeyRsa(blockBytes)
|
pk, err = LoadPrivateKeyRsa(blockBytes)
|
||||||
if err != nil { t.Errorf("rsa: pem content wrong: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("rsa: pem content wrong: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
blockBytes, err = RunMarshalTest("rsa-public", pk.Public(), PemLabelPublic, t)
|
blockBytes, err = RunMarshalTest("rsa-public", pk.Public(), PemLabelPublic, t)
|
||||||
if err != nil { return }
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
pu, err := LoadPublicKeyRsa(blockBytes)
|
pu, err := LoadPublicKeyRsa(blockBytes)
|
||||||
if err != nil { t.Errorf("rsa-public: pem content wrong: %s", err) }
|
if err != nil {
|
||||||
|
t.Errorf("rsa-public: pem content wrong: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
RunPrivateKeyTests("rsa", pk, pu, t)
|
RunPrivateKeyTests("rsa", pk, pu, t)
|
||||||
}
|
}
|
||||||
|
|
12
rsa.go
12
rsa.go
|
@ -27,14 +27,18 @@ type (
|
||||||
// generate a new rsa private key
|
// generate a new rsa private key
|
||||||
func NewPrivateKeyRsa(size int) (*RsaPrivateKey, error) {
|
func NewPrivateKeyRsa(size int) (*RsaPrivateKey, error) {
|
||||||
key, err := rsa.GenerateKey(rand.Reader, size)
|
key, err := rsa.GenerateKey(rand.Reader, size)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &RsaPrivateKey{key}, nil
|
return &RsaPrivateKey{key}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// load a rsa private key its ASN.1 presentation
|
// load a rsa private key its ASN.1 presentation
|
||||||
func LoadPrivateKeyRsa(raw []byte) (*RsaPrivateKey, error) {
|
func LoadPrivateKeyRsa(raw []byte) (*RsaPrivateKey, error) {
|
||||||
key, err := x509.ParsePKCS1PrivateKey(raw)
|
key, err := x509.ParsePKCS1PrivateKey(raw)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &RsaPrivateKey{key}, nil
|
return &RsaPrivateKey{key}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -65,7 +69,9 @@ func LoadPublicKeyRsa(raw []byte) (*RsaPublicKey, error) {
|
||||||
// marshal a rsa public key into pem format
|
// marshal a rsa public key into pem format
|
||||||
func (pu *RsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
func (pu *RsaPublicKey) MarshalPem() (io.WriterTo, error) {
|
||||||
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
|
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
|
||||||
if err != nil { return nil, err }
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
pem_block := pem.Block{Type: PemLabelPublic, Bytes: asn1}
|
pem_block := pem.Block{Type: PemLabelPublic, Bytes: asn1}
|
||||||
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue