apc-p15-tool/pkg/pkcs15/pem_parse.go

package pkcs15

import (
	"crypto"
	"crypto/ecdsa"
	"crypto/rsa"
	"crypto/x509"
)

// pkcs15KeyCert holds the data for a key and certificate pair; it provides
// various methods to transform pkcs15 data
type pkcs15KeyCert struct {
	key  crypto.PrivateKey
	cert *x509.Certificate
	// store the encrypted enveloped Private Key for re-use
	envelopedPrivateKey []byte
}

// KeyType is used by consumers to check for compatibility
type KeyType int

const (
	KeyTypeRSA1024 KeyType = iota
	KeyTypeRSA2048
	KeyTypeRSA3072
	KeyTypeRSA4096

	KeyTypeECP256
	KeyTypeECP384
	KeyTypeECP521

	KeyTypeUnknown
)

// KeyType returns the private key type
func (p15 *pkcs15KeyCert) KeyType() KeyType {
	switch pKey := p15.key.(type) {
	case *rsa.PrivateKey:
		switch pKey.N.BitLen() {
		case 1024:
			return KeyTypeRSA1024
		case 2048:
			return KeyTypeRSA2048
		case 3072:
			return KeyTypeRSA3072
		case 4096:
			return KeyTypeRSA4096

		default:
		}

	case *ecdsa.PrivateKey:
		switch pKey.Curve.Params().Name {
		case "P-256":
			return KeyTypeECP256
		case "P-384":
			return KeyTypeECP384
		case "P-521":
			return KeyTypeECP521

		default:
		}

	default:
	}

	return KeyTypeUnknown
}

// ParsePEMToPKCS15 parses the provide pem files to a pkcs15 struct; it also does some
// basic sanity check; if any of this fails, an error is returned
func ParsePEMToPKCS15(keyPem, certPem []byte) (*pkcs15KeyCert, error) {
	// decode / check key
	key, err := pemKeyDecode(keyPem)
	if err != nil {
		return nil, err
	}

	// decode / check cert
	cert, err := pemCertDecode(certPem, keyPem)
	if err != nil {
		return nil, err
	}

	// create p15 struct
	p15 := &pkcs15KeyCert{
		key:  key,
		cert: cert,
	}

	// pre-calculate encrypted envelope
	err = p15.computeEncryptedKeyEnvelope()
	if err != nil {
		return nil, err
	}

	return p15, nil
}
key: finish key encoding and start cert 2024-01-27 16:35:35 +00:00			`package pkcs15`

			`import (`
pkcs15: add some prep for maybe ec key support later 2024-06-24 22:23:05 +00:00			`"crypto"`
add ecdsa key support and enable 4,092 RSA * apcssh: add descriptive error when required file(s) not passed * create: dont create key+cert file when key isn't supported by NMC2 * config: fix usage messages re: key types * p15 files: dont generate key+cert when it isn't needed (aka NMC2 doesn't support key) * pkcs15: pre-calculate envelope when making the p15 struct * pkcs15: omit key ID 8 & 9 from EC keys * pkcs15: update key decode logic * pkcs15: add key type value for easy determination of compatibility * pkcs15: add ec key support * pkcs15: separate functions for key and key+cert p15 files * update README see: https://github.com/gregtwallace/apc-p15-tool/issues/6 2024-09-17 22:44:33 +00:00			`"crypto/ecdsa"`
			`"crypto/rsa"`
key: finish key encoding and start cert 2024-01-27 16:35:35 +00:00			`"crypto/x509"`
			`)`

			`// pkcs15KeyCert holds the data for a key and certificate pair; it provides`
			`// various methods to transform pkcs15 data`
			`type pkcs15KeyCert struct {`
pkcs15: add some prep for maybe ec key support later 2024-06-24 22:23:05 +00:00			`key crypto.PrivateKey`
key: finish key encoding and start cert 2024-01-27 16:35:35 +00:00			`cert *x509.Certificate`
add ecdsa key support and enable 4,092 RSA * apcssh: add descriptive error when required file(s) not passed * create: dont create key+cert file when key isn't supported by NMC2 * config: fix usage messages re: key types * p15 files: dont generate key+cert when it isn't needed (aka NMC2 doesn't support key) * pkcs15: pre-calculate envelope when making the p15 struct * pkcs15: omit key ID 8 & 9 from EC keys * pkcs15: update key decode logic * pkcs15: add key type value for easy determination of compatibility * pkcs15: add ec key support * pkcs15: separate functions for key and key+cert p15 files * update README see: https://github.com/gregtwallace/apc-p15-tool/issues/6 2024-09-17 22:44:33 +00:00			`// store the encrypted enveloped Private Key for re-use`
			`envelopedPrivateKey []byte`
			`}`

			`// KeyType is used by consumers to check for compatibility`
			`type KeyType int`

			`const (`
			`KeyTypeRSA1024 KeyType = iota`
			`KeyTypeRSA2048`
			`KeyTypeRSA3072`
			`KeyTypeRSA4096`

			`KeyTypeECP256`
			`KeyTypeECP384`
			`KeyTypeECP521`

			`KeyTypeUnknown`
			`)`

			`// KeyType returns the private key type`
			`func (p15 *pkcs15KeyCert) KeyType() KeyType {`
			`switch pKey := p15.key.(type) {`
			`case *rsa.PrivateKey:`
			`switch pKey.N.BitLen() {`
			`case 1024:`
			`return KeyTypeRSA1024`
			`case 2048:`
			`return KeyTypeRSA2048`
			`case 3072:`
			`return KeyTypeRSA3072`
			`case 4096:`
			`return KeyTypeRSA4096`

			`default:`
			`}`

			`case *ecdsa.PrivateKey:`
			`switch pKey.Curve.Params().Name {`
			`case "P-256":`
			`return KeyTypeECP256`
			`case "P-384":`
			`return KeyTypeECP384`
			`case "P-521":`
			`return KeyTypeECP521`

			`default:`
			`}`

			`default:`
			`}`

			`return KeyTypeUnknown`
key: finish key encoding and start cert 2024-01-27 16:35:35 +00:00			`}`

			`// ParsePEMToPKCS15 parses the provide pem files to a pkcs15 struct; it also does some`
			`// basic sanity check; if any of this fails, an error is returned`
			`func ParsePEMToPKCS15(keyPem, certPem []byte) (*pkcs15KeyCert, error) {`
			`// decode / check key`
			`key, err := pemKeyDecode(keyPem)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// decode / check cert`
			`cert, err := pemCertDecode(certPem, keyPem)`
			`if err != nil {`
			`return nil, err`
			`}`

add ecdsa key support and enable 4,092 RSA * apcssh: add descriptive error when required file(s) not passed * create: dont create key+cert file when key isn't supported by NMC2 * config: fix usage messages re: key types * p15 files: dont generate key+cert when it isn't needed (aka NMC2 doesn't support key) * pkcs15: pre-calculate envelope when making the p15 struct * pkcs15: omit key ID 8 & 9 from EC keys * pkcs15: update key decode logic * pkcs15: add key type value for easy determination of compatibility * pkcs15: add ec key support * pkcs15: separate functions for key and key+cert p15 files * update README see: https://github.com/gregtwallace/apc-p15-tool/issues/6 2024-09-17 22:44:33 +00:00			`// create p15 struct`
key: finish key encoding and start cert 2024-01-27 16:35:35 +00:00			`p15 := &pkcs15KeyCert{`
			`key: key,`
			`cert: cert,`
			`}`

add ecdsa key support and enable 4,092 RSA * apcssh: add descriptive error when required file(s) not passed * create: dont create key+cert file when key isn't supported by NMC2 * config: fix usage messages re: key types * p15 files: dont generate key+cert when it isn't needed (aka NMC2 doesn't support key) * pkcs15: pre-calculate envelope when making the p15 struct * pkcs15: omit key ID 8 & 9 from EC keys * pkcs15: update key decode logic * pkcs15: add key type value for easy determination of compatibility * pkcs15: add ec key support * pkcs15: separate functions for key and key+cert p15 files * update README see: https://github.com/gregtwallace/apc-p15-tool/issues/6 2024-09-17 22:44:33 +00:00			`// pre-calculate encrypted envelope`
			`err = p15.computeEncryptedKeyEnvelope()`
			`if err != nil {`
			`return nil, err`
			`}`

key: finish key encoding and start cert 2024-01-27 16:35:35 +00:00			`return p15, nil`
			`}`