mirror of
https://github.com/libp2p/go-openssl.git
synced 2025-03-10 11:10:23 +08:00
205 lines
5.5 KiB
Go
205 lines
5.5 KiB
Go
// Copyright (C) 2014 Space Monkey, Inc.
|
|
|
|
package openssl
|
|
|
|
// #cgo pkg-config: openssl
|
|
// #include <openssl/ssl.h>
|
|
// #include <openssl/conf.h>
|
|
import "C"
|
|
|
|
import (
|
|
"crypto/rsa"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"io/ioutil"
|
|
"runtime"
|
|
"unsafe"
|
|
)
|
|
|
|
type PublicKey interface {
|
|
MarshalPKIXPublicKeyPEM() (pem_block []byte, err error)
|
|
MarshalPKIXPublicKeyDER() (der_block []byte, err error)
|
|
StdlibPublicKey() (*rsa.PublicKey, error)
|
|
|
|
evpPKey() *C.EVP_PKEY
|
|
}
|
|
|
|
type PrivateKey interface {
|
|
PublicKey
|
|
|
|
MarshalPKCS1PrivateKeyPEM() (pem_block []byte, err error)
|
|
MarshalPKCS1PrivateKeyDER() (der_block []byte, err error)
|
|
StdlibPrivateKey() (*rsa.PrivateKey, error)
|
|
}
|
|
|
|
type pKey struct {
|
|
key *C.EVP_PKEY
|
|
}
|
|
|
|
func (key *pKey) evpPKey() *C.EVP_PKEY { return key.key }
|
|
|
|
func (key *pKey) MarshalPKCS1PrivateKeyPEM() (pem_block []byte,
|
|
err error) {
|
|
bio := C.BIO_new(C.BIO_s_mem())
|
|
if bio == nil {
|
|
return nil, SSLError.New("failed to allocate memory BIO")
|
|
}
|
|
defer C.BIO_free(bio)
|
|
if int(C.PEM_write_bio_PrivateKey(bio, key.key, nil, nil, C.int(0), nil,
|
|
nil)) != 1 {
|
|
return nil, SSLError.New("failed dumping private key")
|
|
}
|
|
return ioutil.ReadAll(asAnyBio(bio))
|
|
}
|
|
|
|
func (key *pKey) MarshalPKIXPublicKeyPEM() (pem_block []byte,
|
|
err error) {
|
|
bio := C.BIO_new(C.BIO_s_mem())
|
|
if bio == nil {
|
|
return nil, SSLError.New("failed to allocate memory BIO")
|
|
}
|
|
defer C.BIO_free(bio)
|
|
if int(C.PEM_write_bio_PUBKEY(bio, key.key)) != 1 {
|
|
return nil, SSLError.New("failed dumping public key")
|
|
}
|
|
return ioutil.ReadAll(asAnyBio(bio))
|
|
}
|
|
|
|
func (key *pKey) MarshalPKCS1PrivateKeyDER() (der_block []byte,
|
|
err error) {
|
|
// TODO: i can't decipher how to get a generic PKCS1 Private Key in DER
|
|
// format out of the openssl docs, so until someone who knows better
|
|
// can chastise me for this, we'll do it this way.
|
|
pem_block, err := key.MarshalPKCS1PrivateKeyPEM()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var p *pem.Block
|
|
p, pem_block = pem.Decode(pem_block)
|
|
if len(pem_block) > 0 || p == nil {
|
|
return nil, SSLError.New("something went wrong with PEM generation")
|
|
}
|
|
return p.Bytes, nil
|
|
}
|
|
|
|
func (key *pKey) MarshalPKIXPublicKeyDER() (der_block []byte,
|
|
err error) {
|
|
// TODO: i can't decipher how to get a generic PKIX Public Key in DER
|
|
// format out of the openssl docs, so until someone who knows better
|
|
// can chastise me for this, we'll do it this way.
|
|
pem_block, err := key.MarshalPKIXPublicKeyPEM()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var p *pem.Block
|
|
p, pem_block = pem.Decode(pem_block)
|
|
if len(pem_block) > 0 || p == nil {
|
|
return nil, SSLError.New("something went wrong with PEM generation")
|
|
}
|
|
return p.Bytes, nil
|
|
}
|
|
|
|
func (key *pKey) StdlibPrivateKey() (*rsa.PrivateKey, error) {
|
|
der_block, err := key.MarshalPKCS1PrivateKeyDER()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return x509.ParsePKCS1PrivateKey(der_block)
|
|
}
|
|
|
|
func (key *pKey) StdlibPublicKey() (*rsa.PublicKey, error) {
|
|
der_block, err := key.MarshalPKIXPublicKeyDER()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
k, err := x509.ParsePKIXPublicKey(der_block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
rk, ok := k.(*rsa.PublicKey)
|
|
if !ok {
|
|
return nil, SSLError.New("not an rsa public key")
|
|
}
|
|
return rk, nil
|
|
}
|
|
|
|
func LoadPrivateKey(pem_block []byte) (PrivateKey, error) {
|
|
runtime.LockOSThread()
|
|
defer runtime.UnlockOSThread()
|
|
bio := C.BIO_new_mem_buf(unsafe.Pointer(&pem_block[0]),
|
|
C.int(len(pem_block)))
|
|
key := C.PEM_read_bio_PrivateKey(bio, nil, nil, nil)
|
|
C.BIO_free(bio)
|
|
if key == nil {
|
|
return nil, errorFromErrorQueue()
|
|
}
|
|
p := &pKey{key: key}
|
|
runtime.SetFinalizer(p, func(p *pKey) {
|
|
C.EVP_PKEY_free(p.key)
|
|
})
|
|
return p, nil
|
|
}
|
|
|
|
type Certificate struct {
|
|
x *C.X509
|
|
}
|
|
|
|
func LoadCertificate(pem_block []byte) (*Certificate, error) {
|
|
runtime.LockOSThread()
|
|
defer runtime.UnlockOSThread()
|
|
bio := C.BIO_new_mem_buf(unsafe.Pointer(&pem_block[0]),
|
|
C.int(len(pem_block)))
|
|
cert := C.PEM_read_bio_X509(bio, nil, nil, nil)
|
|
C.BIO_free(bio)
|
|
if cert == nil {
|
|
return nil, errorFromErrorQueue()
|
|
}
|
|
x := &Certificate{x: cert}
|
|
runtime.SetFinalizer(x, func(x *Certificate) {
|
|
C.X509_free(x.x)
|
|
})
|
|
return x, nil
|
|
}
|
|
|
|
func (c *Certificate) MarshalPEM() (pem_block []byte, err error) {
|
|
bio := C.BIO_new(C.BIO_s_mem())
|
|
if bio == nil {
|
|
return nil, SSLError.New("failed to allocate memory BIO")
|
|
}
|
|
defer C.BIO_free(bio)
|
|
if int(C.PEM_write_bio_X509(bio, c.x)) != 1 {
|
|
return nil, SSLError.New("failed dumping certificate")
|
|
}
|
|
return ioutil.ReadAll(asAnyBio(bio))
|
|
}
|
|
|
|
func (c *Certificate) PublicKey() (PublicKey, error) {
|
|
pkey := C.X509_get_pubkey(c.x)
|
|
if pkey == nil {
|
|
return nil, SSLError.New("no public key found")
|
|
}
|
|
key := &pKey{key: pkey}
|
|
runtime.SetFinalizer(key, func(key *pKey) {
|
|
C.EVP_PKEY_free(key.key)
|
|
})
|
|
return key, nil
|
|
}
|
|
|
|
type KeyPair struct {
|
|
Certificate *Certificate
|
|
PrivateKey PrivateKey
|
|
}
|
|
|
|
func X509KeyPair(key PrivateKey, cert *Certificate) (tls.Certificate, error) {
|
|
key_pem_bytes, err := key.MarshalPKCS1PrivateKeyPEM()
|
|
if err != nil {
|
|
return tls.Certificate{}, err
|
|
}
|
|
cert_pem_bytes, err := cert.MarshalPEM()
|
|
if err != nil {
|
|
return tls.Certificate{}, err
|
|
}
|
|
return tls.X509KeyPair(cert_pem_bytes, key_pem_bytes)
|
|
}
|