podman
427 строк · 12.7 Кб
1package libtrust2import (4"crypto"5"crypto/rand"6"crypto/rsa"7"crypto/x509"8"encoding/json"9"encoding/pem"10"errors"11"fmt"12"io"13"math/big"14)15/*17* RSA DSA PUBLIC KEY18*/19// rsaPublicKey implements a JWK Public Key using RSA digital signature algorithms.21type rsaPublicKey struct {22*rsa.PublicKey23extended map[string]interface{}24}25func fromRSAPublicKey(cryptoPublicKey *rsa.PublicKey) *rsaPublicKey {27return &rsaPublicKey{cryptoPublicKey, map[string]interface{}{}}28}29// KeyType returns the JWK key type for RSA keys, i.e., "RSA".31func (k *rsaPublicKey) KeyType() string {32return "RSA"33}34// KeyID returns a distinct identifier which is unique to this Public Key.36func (k *rsaPublicKey) KeyID() string {37return keyIDFromCryptoKey(k)38}39func (k *rsaPublicKey) String() string {41return fmt.Sprintf("RSA Public Key <%s>", k.KeyID())42}43// Verify verifyies the signature of the data in the io.Reader using this Public Key.45// The alg parameter should be the name of the JWA digital signature algorithm46// which was used to produce the signature and should be supported by this47// public key. Returns a nil error if the signature is valid.48func (k *rsaPublicKey) Verify(data io.Reader, alg string, signature []byte) error {49// Verify the signature of the given date, return non-nil error if valid.50sigAlg, err := rsaSignatureAlgorithmByName(alg)51if err != nil {52return fmt.Errorf("unable to verify Signature: %s", err)53}54hasher := sigAlg.HashID().New()56_, err = io.Copy(hasher, data)57if err != nil {58return fmt.Errorf("error reading data to sign: %s", err)59}60hash := hasher.Sum(nil)61err = rsa.VerifyPKCS1v15(k.PublicKey, sigAlg.HashID(), hash, signature)63if err != nil {64return fmt.Errorf("invalid %s signature: %s", sigAlg.HeaderParam(), err)65}66return nil68}69// CryptoPublicKey returns the internal object which can be used as a71// crypto.PublicKey for use with other standard library operations. The type72// is either *rsa.PublicKey or *ecdsa.PublicKey73func (k *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {74return k.PublicKey75}76func (k *rsaPublicKey) toMap() map[string]interface{} {78jwk := make(map[string]interface{})79for k, v := range k.extended {80jwk[k] = v81}82jwk["kty"] = k.KeyType()83jwk["kid"] = k.KeyID()84jwk["n"] = joseBase64UrlEncode(k.N.Bytes())85jwk["e"] = joseBase64UrlEncode(serializeRSAPublicExponentParam(k.E))86return jwk88}89// MarshalJSON serializes this Public Key using the JWK JSON serialization format for91// RSA keys.92func (k *rsaPublicKey) MarshalJSON() (data []byte, err error) {93return json.Marshal(k.toMap())94}95// PEMBlock serializes this Public Key to DER-encoded PKIX format.97func (k *rsaPublicKey) PEMBlock() (*pem.Block, error) {98derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)99if err != nil {100return nil, fmt.Errorf("unable to serialize RSA PublicKey to DER-encoded PKIX format: %s", err)101}102k.extended["kid"] = k.KeyID() // For display purposes.103return createPemBlock("PUBLIC KEY", derBytes, k.extended)104}105func (k *rsaPublicKey) AddExtendedField(field string, value interface{}) {107k.extended[field] = value108}109func (k *rsaPublicKey) GetExtendedField(field string) interface{} {111v, ok := k.extended[field]112if !ok {113return nil114}115return v116}117func rsaPublicKeyFromMap(jwk map[string]interface{}) (*rsaPublicKey, error) {119// JWK key type (kty) has already been determined to be "RSA".120// Need to extract 'n', 'e', and 'kid' and check for121// consistency.122// Get the modulus parameter N.124nB64Url, err := stringFromMap(jwk, "n")125if err != nil {126return nil, fmt.Errorf("JWK RSA Public Key modulus: %s", err)127}128n, err := parseRSAModulusParam(nB64Url)130if err != nil {131return nil, fmt.Errorf("JWK RSA Public Key modulus: %s", err)132}133// Get the public exponent E.135eB64Url, err := stringFromMap(jwk, "e")136if err != nil {137return nil, fmt.Errorf("JWK RSA Public Key exponent: %s", err)138}139e, err := parseRSAPublicExponentParam(eB64Url)141if err != nil {142return nil, fmt.Errorf("JWK RSA Public Key exponent: %s", err)143}144key := &rsaPublicKey{146PublicKey: &rsa.PublicKey{N: n, E: e},147}148// Key ID is optional, but if it exists, it should match the key.150_, ok := jwk["kid"]151if ok {152kid, err := stringFromMap(jwk, "kid")153if err != nil {154return nil, fmt.Errorf("JWK RSA Public Key ID: %s", err)155}156if kid != key.KeyID() {157return nil, fmt.Errorf("JWK RSA Public Key ID does not match: %s", kid)158}159}160if _, ok := jwk["d"]; ok {162return nil, fmt.Errorf("JWK RSA Public Key cannot contain private exponent")163}164key.extended = jwk166return key, nil168}169/*171* RSA DSA PRIVATE KEY172*/173// rsaPrivateKey implements a JWK Private Key using RSA digital signature algorithms.175type rsaPrivateKey struct {176rsaPublicKey177*rsa.PrivateKey178}179func fromRSAPrivateKey(cryptoPrivateKey *rsa.PrivateKey) *rsaPrivateKey {181return &rsaPrivateKey{182*fromRSAPublicKey(&cryptoPrivateKey.PublicKey),183cryptoPrivateKey,184}185}186// PublicKey returns the Public Key data associated with this Private Key.188func (k *rsaPrivateKey) PublicKey() PublicKey {189return &k.rsaPublicKey190}191func (k *rsaPrivateKey) String() string {193return fmt.Sprintf("RSA Private Key <%s>", k.KeyID())194}195// Sign signs the data read from the io.Reader using a signature algorithm supported197// by the RSA private key. If the specified hashing algorithm is supported by198// this key, that hash function is used to generate the signature otherwise the199// the default hashing algorithm for this key is used. Returns the signature200// and the name of the JWK signature algorithm used, e.g., "RS256", "RS384",201// "RS512".202func (k *rsaPrivateKey) Sign(data io.Reader, hashID crypto.Hash) (signature []byte, alg string, err error) {203// Generate a signature of the data using the internal alg.204sigAlg := rsaPKCS1v15SignatureAlgorithmForHashID(hashID)205hasher := sigAlg.HashID().New()206_, err = io.Copy(hasher, data)208if err != nil {209return nil, "", fmt.Errorf("error reading data to sign: %s", err)210}211hash := hasher.Sum(nil)212signature, err = rsa.SignPKCS1v15(rand.Reader, k.PrivateKey, sigAlg.HashID(), hash)214if err != nil {215return nil, "", fmt.Errorf("error producing signature: %s", err)216}217alg = sigAlg.HeaderParam()219return221}222// CryptoPrivateKey returns the internal object which can be used as a224// crypto.PublicKey for use with other standard library operations. The type225// is either *rsa.PublicKey or *ecdsa.PublicKey226func (k *rsaPrivateKey) CryptoPrivateKey() crypto.PrivateKey {227return k.PrivateKey228}229func (k *rsaPrivateKey) toMap() map[string]interface{} {231k.Precompute() // Make sure the precomputed values are stored.232jwk := k.rsaPublicKey.toMap()233jwk["d"] = joseBase64UrlEncode(k.D.Bytes())235jwk["p"] = joseBase64UrlEncode(k.Primes[0].Bytes())236jwk["q"] = joseBase64UrlEncode(k.Primes[1].Bytes())237jwk["dp"] = joseBase64UrlEncode(k.Precomputed.Dp.Bytes())238jwk["dq"] = joseBase64UrlEncode(k.Precomputed.Dq.Bytes())239jwk["qi"] = joseBase64UrlEncode(k.Precomputed.Qinv.Bytes())240otherPrimes := k.Primes[2:]242if len(otherPrimes) > 0 {244otherPrimesInfo := make([]interface{}, len(otherPrimes))245for i, r := range otherPrimes {246otherPrimeInfo := make(map[string]string, 3)247otherPrimeInfo["r"] = joseBase64UrlEncode(r.Bytes())248crtVal := k.Precomputed.CRTValues[i]249otherPrimeInfo["d"] = joseBase64UrlEncode(crtVal.Exp.Bytes())250otherPrimeInfo["t"] = joseBase64UrlEncode(crtVal.Coeff.Bytes())251otherPrimesInfo[i] = otherPrimeInfo252}253jwk["oth"] = otherPrimesInfo254}255return jwk257}258// MarshalJSON serializes this Private Key using the JWK JSON serialization format for260// RSA keys.261func (k *rsaPrivateKey) MarshalJSON() (data []byte, err error) {262return json.Marshal(k.toMap())263}264// PEMBlock serializes this Private Key to DER-encoded PKIX format.266func (k *rsaPrivateKey) PEMBlock() (*pem.Block, error) {267derBytes := x509.MarshalPKCS1PrivateKey(k.PrivateKey)268k.extended["keyID"] = k.KeyID() // For display purposes.269return createPemBlock("RSA PRIVATE KEY", derBytes, k.extended)270}271func rsaPrivateKeyFromMap(jwk map[string]interface{}) (*rsaPrivateKey, error) {273// The JWA spec for RSA Private Keys (draft rfc section 5.3.2) states that274// only the private key exponent 'd' is REQUIRED, the others are just for275// signature/decryption optimizations and SHOULD be included when the JWK276// is produced. We MAY choose to accept a JWK which only includes 'd', but277// we're going to go ahead and not choose to accept it without the extra278// fields. Only the 'oth' field will be optional (for multi-prime keys).279privateExponent, err := parseRSAPrivateKeyParamFromMap(jwk, "d")280if err != nil {281return nil, fmt.Errorf("JWK RSA Private Key exponent: %s", err)282}283firstPrimeFactor, err := parseRSAPrivateKeyParamFromMap(jwk, "p")284if err != nil {285return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)286}287secondPrimeFactor, err := parseRSAPrivateKeyParamFromMap(jwk, "q")288if err != nil {289return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)290}291firstFactorCRT, err := parseRSAPrivateKeyParamFromMap(jwk, "dp")292if err != nil {293return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)294}295secondFactorCRT, err := parseRSAPrivateKeyParamFromMap(jwk, "dq")296if err != nil {297return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)298}299crtCoeff, err := parseRSAPrivateKeyParamFromMap(jwk, "qi")300if err != nil {301return nil, fmt.Errorf("JWK RSA Private Key CRT coefficient: %s", err)302}303var oth interface{}305if _, ok := jwk["oth"]; ok {306oth = jwk["oth"]307delete(jwk, "oth")308}309// JWK key type (kty) has already been determined to be "RSA".311// Need to extract the public key information, then extract the private312// key values.313publicKey, err := rsaPublicKeyFromMap(jwk)314if err != nil {315return nil, err316}317privateKey := &rsa.PrivateKey{319PublicKey: *publicKey.PublicKey,320D: privateExponent,321Primes: []*big.Int{firstPrimeFactor, secondPrimeFactor},322Precomputed: rsa.PrecomputedValues{323Dp: firstFactorCRT,324Dq: secondFactorCRT,325Qinv: crtCoeff,326},327}328if oth != nil {330// Should be an array of more JSON objects.331otherPrimesInfo, ok := oth.([]interface{})332if !ok {333return nil, errors.New("JWK RSA Private Key: Invalid other primes info: must be an array")334}335numOtherPrimeFactors := len(otherPrimesInfo)336if numOtherPrimeFactors == 0 {337return nil, errors.New("JWK RSA Privake Key: Invalid other primes info: must be absent or non-empty")338}339otherPrimeFactors := make([]*big.Int, numOtherPrimeFactors)340productOfPrimes := new(big.Int).Mul(firstPrimeFactor, secondPrimeFactor)341crtValues := make([]rsa.CRTValue, numOtherPrimeFactors)342for i, val := range otherPrimesInfo {344otherPrimeinfo, ok := val.(map[string]interface{})345if !ok {346return nil, errors.New("JWK RSA Private Key: Invalid other prime info: must be a JSON object")347}348otherPrimeFactor, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "r")350if err != nil {351return nil, fmt.Errorf("JWK RSA Private Key prime factor: %s", err)352}353otherFactorCRT, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "d")354if err != nil {355return nil, fmt.Errorf("JWK RSA Private Key CRT exponent: %s", err)356}357otherCrtCoeff, err := parseRSAPrivateKeyParamFromMap(otherPrimeinfo, "t")358if err != nil {359return nil, fmt.Errorf("JWK RSA Private Key CRT coefficient: %s", err)360}361crtValue := crtValues[i]363crtValue.Exp = otherFactorCRT364crtValue.Coeff = otherCrtCoeff365crtValue.R = productOfPrimes366otherPrimeFactors[i] = otherPrimeFactor367productOfPrimes = new(big.Int).Mul(productOfPrimes, otherPrimeFactor)368}369privateKey.Primes = append(privateKey.Primes, otherPrimeFactors...)371privateKey.Precomputed.CRTValues = crtValues372}373key := &rsaPrivateKey{375rsaPublicKey: *publicKey,376PrivateKey: privateKey,377}378return key, nil380}381/*383* Key Generation Functions.384*/385func generateRSAPrivateKey(bits int) (k *rsaPrivateKey, err error) {387k = new(rsaPrivateKey)388k.PrivateKey, err = rsa.GenerateKey(rand.Reader, bits)389if err != nil {390return nil, err391}392k.rsaPublicKey.PublicKey = &k.PrivateKey.PublicKey394k.extended = make(map[string]interface{})395return397}398// GenerateRSA2048PrivateKey generates a key pair using 2048-bit RSA.400func GenerateRSA2048PrivateKey() (PrivateKey, error) {401k, err := generateRSAPrivateKey(2048)402if err != nil {403return nil, fmt.Errorf("error generating RSA 2048-bit key: %s", err)404}405return k, nil407}408// GenerateRSA3072PrivateKey generates a key pair using 3072-bit RSA.410func GenerateRSA3072PrivateKey() (PrivateKey, error) {411k, err := generateRSAPrivateKey(3072)412if err != nil {413return nil, fmt.Errorf("error generating RSA 3072-bit key: %s", err)414}415return k, nil417}418// GenerateRSA4096PrivateKey generates a key pair using 4096-bit RSA.420func GenerateRSA4096PrivateKey() (PrivateKey, error) {421k, err := generateRSAPrivateKey(4096)422if err != nil {423return nil, fmt.Errorf("error generating RSA 4096-bit key: %s", err)424}425return k, nil427}428