1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
package pki
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"io"
)
const (
PemLabelRsa = "RSA PRIVATE KEY"
)
type (
RsaPrivateKey struct {
private_key *rsa.PrivateKey
}
RsaPublicKey struct {
public_key *rsa.PublicKey
}
)
// generate a new rsa private key
func NewPrivateKeyRsa(size int) (*RsaPrivateKey, error) {
key, err := rsa.GenerateKey(rand.Reader, size)
if err != nil {
return nil, err
}
return &RsaPrivateKey{key}, nil
}
// load a rsa private key its ASN.1 presentation
func LoadPrivateKeyRsa(raw []byte) (*RsaPrivateKey, error) {
key, err := x509.ParsePKCS1PrivateKey(raw)
if err != nil {
return nil, err
}
return &RsaPrivateKey{key}, nil
}
func (pr *RsaPrivateKey) Public() PublicKey {
return &RsaPublicKey{pr.private_key.Public().(*rsa.PublicKey)}
}
func (pr RsaPrivateKey) Sign(message []byte, hash crypto.Hash) ([]byte, error) {
if !hash.Available() {
return make([]byte, 0), errors.New("Hash method is not available!")
}
hashed_message := hash.New()
hashed_message.Write(message)
return rsa.SignPKCS1v15(rand.Reader, pr.private_key, hash, hashed_message.Sum(nil))
}
// get the private key
func (pr RsaPrivateKey) PrivateKey() crypto.PrivateKey {
return pr.private_key
}
func (pr RsaPrivateKey) MarshalPem() (io.WriterTo, error) {
pem_block, err := pr.ToPem()
if err != nil { // it does not currently return an error, but maybe that will change
return nil, err
}
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
}
func (pr RsaPrivateKey) ToPem() (pem.Block, error) {
return pem.Block{
Type: PemLabelRsa,
Bytes: x509.MarshalPKCS1PrivateKey(pr.private_key),
}, nil
}
// restore a rsa public key
func LoadPublicKeyRsa(raw []byte) (*RsaPublicKey, error) {
pub := &RsaPublicKey{}
if pub_raw, err := x509.ParsePKIXPublicKey(raw); err != nil {
return nil, err
} else {
pub.public_key = pub_raw.(*rsa.PublicKey)
}
return pub, nil
}
// ToPem returns the pem encoded public key.
func (pu *RsaPublicKey) ToPem() (pem.Block, error) {
asn1, err := x509.MarshalPKIXPublicKey(pu.public_key)
if err != nil {
return pem.Block{}, err
}
return pem.Block{Type: PemLabelPublic, Bytes: asn1}, nil
}
// marshal a rsa public key into pem format
func (pu *RsaPublicKey) MarshalPem() (io.WriterTo, error) {
pem_block, err := pu.ToPem()
if err != nil {
return nil, err
}
return marshalledPemBlock(pem.EncodeToMemory(&pem_block)), nil
}
// verify a message with a signature using the public key
func (pu *RsaPublicKey) Verify(message []byte, signature []byte, hash crypto.Hash) (bool, error) {
hashed_message := hash.New()
hashed_message.Write(message)
if err := rsa.VerifyPKCS1v15(pu.public_key, hash, hashed_message.Sum(nil), signature); err != nil {
return false, err
}
return true, nil
}
|