-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathkey.go
More file actions
90 lines (72 loc) · 2.21 KB
/
key.go
File metadata and controls
90 lines (72 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package keycred
import (
"bytes"
"crypto/rsa"
"crypto/x509"
"encoding/binary"
"fmt"
"math/big"
)
// MarshalPublicKeyMaterial serializes an RSA public key in a bcrypt RSA key
// blob
// (https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_rsakey_blob)
// or DER representation.
func MarshalPublicKeyMaterial(key *rsa.PublicKey, asDER bool) ([]byte, error) {
if asDER {
return x509.MarshalPKCS1PublicKey(key), nil
}
modulusBytes := key.N.Bytes()
exponentBytes := big.NewInt(int64(key.E)).Bytes()
var buf bytes.Buffer
err := writeBinary(&buf, binary.LittleEndian,
uint32(KeyTypeRSAPublic),
uint32(8*key.Size()),
uint32(len(exponentBytes)),
uint32(len(modulusBytes)),
uint32(0),
uint32(0),
exponentBytes,
modulusBytes,
)
return buf.Bytes(), err
}
// UnmarshalPublicKeyMaterial parses binary key material in bcrypt RSA key blob
// (https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_rsakey_blob)
// or DER format.
func UnmarshalPublicKeyMaterial(buffer []byte) (key *rsa.PublicKey, isDER bool, err error) {
if isDerEncoded(buffer) {
key, err := x509.ParsePKCS1PublicKey(buffer)
if err != nil {
return nil, false, fmt.Errorf("parse DER encoded public key: %w", err)
}
return key, true, nil
}
consumer := newConsumer(buffer, binary.LittleEndian)
keyType := consumer.Uint32()
if keyType != KeyTypeRSAPublic {
return nil, false, fmt.Errorf("unsupported key type: 0x%x", keyType)
}
keySize := consumer.Uint32()
exponentSize := int(consumer.Uint32())
modulusSize := int(consumer.Uint32())
prime1Size := int(consumer.Uint32())
prime2Size := int(consumer.Uint32())
exponentBytes := consumer.Bytes(exponentSize)
modulusBytes := consumer.Bytes(modulusSize)
_ = consumer.Bytes(prime1Size)
_ = consumer.Bytes(prime2Size)
exponent := big.NewInt(0)
exponent.SetBytes(exponentBytes)
key = &rsa.PublicKey{
E: int(exponent.Int64()),
N: big.NewInt(0),
}
key.N.SetBytes(modulusBytes)
if 8*key.Size() != int(keySize) {
return nil, false, fmt.Errorf("key size mismatch: actual=%d, advertized=%d", 8*key.Size(), keySize)
}
return key, false, consumer.Error()
}
func isDerEncoded(buffer []byte) bool {
return len(buffer) > 0 && buffer[0] == 0x30
}