mirror of
https://github.com/gregtwallace/apc-p15-tool.git
synced 2025-07-26 16:32:56 +00:00
add ecdsa key support and enable 4,092 RSA
* apcssh: add descriptive error when required file(s) not passed * create: dont create key+cert file when key isn't supported by NMC2 * config: fix usage messages re: key types * p15 files: dont generate key+cert when it isn't needed (aka NMC2 doesn't support key) * pkcs15: pre-calculate envelope when making the p15 struct * pkcs15: omit key ID 8 & 9 from EC keys * pkcs15: update key decode logic * pkcs15: add key type value for easy determination of compatibility * pkcs15: add ec key support * pkcs15: separate functions for key and key+cert p15 files * update README see: https://github.com/gregtwallace/apc-p15-tool/issues/6
This commit is contained in:
Greg T. Wallace
parent
51e5847409
commit
cbb831e009
12 changed files with 508 additions and 266 deletions
pkg/pkcs15
|
|
@ -2,6 +2,8 @@ package pkcs15
|
|||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/ecdsa"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
)
|
||||
|
||||
|
|
@ -10,6 +12,59 @@ import (
|
|||
type pkcs15KeyCert struct {
|
||||
key crypto.PrivateKey
|
||||
cert *x509.Certificate
|
||||
// store the encrypted enveloped Private Key for re-use
|
||||
envelopedPrivateKey []byte
|
||||
}
|
||||
|
||||
// KeyType is used by consumers to check for compatibility
|
||||
type KeyType int
|
||||
|
||||
const (
|
||||
KeyTypeRSA1024 KeyType = iota
|
||||
KeyTypeRSA2048
|
||||
KeyTypeRSA3072
|
||||
KeyTypeRSA4096
|
||||
|
||||
KeyTypeECP256
|
||||
KeyTypeECP384
|
||||
KeyTypeECP521
|
||||
|
||||
KeyTypeUnknown
|
||||
)
|
||||
|
||||
// KeyType returns the private key type
|
||||
func (p15 *pkcs15KeyCert) KeyType() KeyType {
|
||||
switch pKey := p15.key.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
switch pKey.N.BitLen() {
|
||||
case 1024:
|
||||
return KeyTypeRSA1024
|
||||
case 2048:
|
||||
return KeyTypeRSA2048
|
||||
case 3072:
|
||||
return KeyTypeRSA3072
|
||||
case 4096:
|
||||
return KeyTypeRSA4096
|
||||
|
||||
default:
|
||||
}
|
||||
|
||||
case *ecdsa.PrivateKey:
|
||||
switch pKey.Curve.Params().Name {
|
||||
case "P-256":
|
||||
return KeyTypeECP256
|
||||
case "P-384":
|
||||
return KeyTypeECP384
|
||||
case "P-521":
|
||||
return KeyTypeECP521
|
||||
|
||||
default:
|
||||
}
|
||||
|
||||
default:
|
||||
}
|
||||
|
||||
return KeyTypeUnknown
|
||||
}
|
||||
|
||||
// ParsePEMToPKCS15 parses the provide pem files to a pkcs15 struct; it also does some
|
||||
|
|
@ -27,10 +82,17 @@ func ParsePEMToPKCS15(keyPem, certPem []byte) (*pkcs15KeyCert, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// create p15 struct
|
||||
p15 := &pkcs15KeyCert{
|
||||
key: key,
|
||||
cert: cert,
|
||||
}
|
||||
|
||||
// pre-calculate encrypted envelope
|
||||
err = p15.computeEncryptedKeyEnvelope()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return p15, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue