1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftASN1 open source project
//
// Copyright (c) 2019-2020 Apple Inc. and the SwiftASN1 project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftASN1 project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
import SwiftASN1
// For PKCS#8 we need the following for the private key:
//
// PrivateKeyInfo ::= SEQUENCE {
// version Version,
// privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
// privateKey PrivateKey,
// attributes [0] IMPLICIT Attributes OPTIONAL }
//
// Version ::= INTEGER
//
// PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
//
// PrivateKey ::= OCTET STRING
//
// Attributes ::= SET OF Attribute
//
// We disregard the attributes because we don't support them anyway.
//
// For testing purposes we're supporting a very general version of this, which only contains a SEC1
// private key (i.e. an EC private key). In the wild, the PKCS8 key format can contain other keys,
// but for testing we don't care.
struct PKCS8PrivateKey: DERImplicitlyTaggable {
static var defaultIdentifier: ASN1Identifier {
return .sequence
}
var algorithm: RFC5480AlgorithmIdentifier
var privateKey: SEC1PrivateKey
init(derEncoded rootNode: ASN1Node, withIdentifier identifier: ASN1Identifier) throws {
self = try DER.sequence(rootNode, identifier: identifier) { nodes in
let version = try Int(derEncoded: &nodes)
guard version == 0 else {
throw ASN1Error.invalidASN1Object(reason: "Invalid version")
}
let algorithm = try RFC5480AlgorithmIdentifier(derEncoded: &nodes)
let privateKeyBytes = try ASN1OctetString(derEncoded: &nodes)
// We ignore the attributes
_ = try DER.optionalExplicitlyTagged(&nodes, tagNumber: 0, tagClass: .contextSpecific) { _ in }
let sec1PrivateKeyNode = try DER.parse(privateKeyBytes.bytes)
let sec1PrivateKey = try SEC1PrivateKey(derEncoded: sec1PrivateKeyNode)
if let innerAlgorithm = sec1PrivateKey.algorithm, innerAlgorithm != algorithm {
throw ASN1Error.invalidASN1Object(reason: "Mismatched algorithms")
}
return try .init(algorithm: algorithm, privateKey: sec1PrivateKey)
}
}
private init(algorithm: RFC5480AlgorithmIdentifier, privateKey: SEC1PrivateKey) throws {
self.privateKey = privateKey
self.algorithm = algorithm
}
init(algorithm: RFC5480AlgorithmIdentifier, privateKey: [UInt8], publicKey: [UInt8]) {
self.algorithm = algorithm
// We nil out the private key here. I don't really know why we do this, but OpenSSL does, and it seems
// safe enough to do: it certainly avoids the possibility of disagreeing on what it is!
self.privateKey = SEC1PrivateKey(privateKey: privateKey, algorithm: nil, publicKey: publicKey)
}
func serialize(into coder: inout DER.Serializer, withIdentifier identifier: ASN1Identifier) throws {
try coder.appendConstructedNode(identifier: identifier) { coder in
try coder.serialize(0) // version
try coder.serialize(self.algorithm)
// Here's a weird one: we recursively serialize the private key, and then turn the bytes into an octet string.
var subCoder = DER.Serializer()
try subCoder.serialize(self.privateKey)
let serializedKey = ASN1OctetString(contentBytes: subCoder.serializedBytes[...])
try coder.serialize(serializedKey)
}
}
}
|
