forked from cloudflare/cfssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
helpers/derhelpers: split Go 1.12/1.13 impls.
When using modern `golang.org/x/crypto/ed25519` on Go 1.13 the `x` library is a small wrapper around the stdlib version. The helper function needs to match on the stdlib type in this case. To maintain backwards compat with Go 1.12 the helper code is split by a build tag. The legacy code can use the `golang.org/x/crypto/ed25519` import while the new code can use the `crypto/ed25519` import.
- Loading branch information
Daniel
committed
Feb 19, 2020
1 parent
69802dd
commit 81e5473
Showing
2 changed files
with
53 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
// +build !go1.13 | ||
|
||
// Package derhelpers implements common functionality | ||
// on DER encoded data | ||
package derhelpers | ||
|
||
import ( | ||
"crypto" | ||
"crypto/ecdsa" | ||
"crypto/rsa" | ||
"crypto/x509" | ||
|
||
cferr "github.com/cloudflare/cfssl/errors" | ||
"golang.org/x/crypto/ed25519" | ||
) | ||
|
||
// ParsePrivateKeyDER parses a PKCS #1, PKCS #8, ECDSA, or Ed25519 DER-encoded | ||
// private key. The key must not be in PEM format. | ||
func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) { | ||
generalKey, err := x509.ParsePKCS8PrivateKey(keyDER) | ||
if err != nil { | ||
generalKey, err = x509.ParsePKCS1PrivateKey(keyDER) | ||
if err != nil { | ||
generalKey, err = x509.ParseECPrivateKey(keyDER) | ||
if err != nil { | ||
generalKey, err = ParseEd25519PrivateKey(keyDER) | ||
if err != nil { | ||
// We don't include the actual error into | ||
// the final error. The reason might be | ||
// we don't want to leak any info about | ||
// the private key. | ||
return nil, cferr.New(cferr.PrivateKeyError, | ||
cferr.ParseFailed) | ||
} | ||
} | ||
} | ||
} | ||
|
||
switch generalKey.(type) { | ||
case *rsa.PrivateKey: | ||
return generalKey.(*rsa.PrivateKey), nil | ||
case *ecdsa.PrivateKey: | ||
return generalKey.(*ecdsa.PrivateKey), nil | ||
case ed25519.PrivateKey: | ||
return generalKey.(ed25519.PrivateKey), nil | ||
} | ||
|
||
// should never reach here | ||
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters