作者:NeuralSpa
项目:go-acme-clien
func CreatePrivateKey(keyType KeyType, curve Curve, rsaBits *int) (interface{}, error) {
switch keyType {
case KeyEcdsa:
switch curve {
case curveDefault:
return CreateEcdsaPrivateKey(elliptic.P521())
case CurveP256:
return CreateEcdsaPrivateKey(elliptic.P256())
case CurveP384:
return CreateEcdsaPrivateKey(elliptic.P384())
case CurveP521:
return CreateEcdsaPrivateKey(elliptic.P521())
default:
return nil, UnknownCurve
}
case KeyRSA:
bits := 2048
if nil != rsaBits {
bits = *rsaBits
}
if bits < 2048 || bits > 4096 {
return nil, InvalidRsaBits
}
return CreateRsaPrivateKey(bits)
default:
return nil, UnknownKeyType
}
}
作者:jmptrade
项目:gocrypt
func TestBadPubs(t *testing.T) {
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
t.Fatalf("%v", err)
}
bad1, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
t.Fatalf("%v", err)
}
bad2, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
t.Fatalf("%v", err)
}
bad2.Curve = elliptic.P521()
var bad3 *ecdsa.PublicKey
if _, err = ECDH(priv, bad3); err == nil {
t.Fatalf("ECDH should fail with nil key")
} else if _, err = ECDH(priv, &bad1.PublicKey); err == nil {
t.Fatalf("ECDH should fail with mismatched curve")
} else if _, err = ECDH(priv, &bad2.PublicKey); err == nil {
t.Fatalf("ECDH should fail with wrong curve")
}
}
作者:AaronGoldma
项目:ccf
//PrivteKeyFromBytes makes a private key from a slice of bytes and returns it.
func PrivateKeyFromBytes(b []byte) (priv *PrivateKey, err error) {
if len(b) < 64 {
return nil, fmt.Errorf("Could not parse commit bytes")
}
D := new(big.Int).SetBytes(b)
priv = new(PrivateKey)
priv.PublicKey.Curve = elliptic.P521()
priv.PublicKey.X, priv.PublicKey.Y = elliptic.P521().ScalarBaseMult(b)
priv.D = D
return priv, nil
}
作者:postfi
项目:ar
func loadECDSAPub(in []byte) (*ecdsa.PublicKey, error) {
x, y := elliptic.Unmarshal(elliptic.P521(), in)
if x == nil {
return nil, errors.New("crypto: invalid ECDSA public key")
}
return &ecdsa.PublicKey{
X: x,
Y: y,
Curve: elliptic.P521(),
}, nil
}
作者:jmptrade
项目:gocrypt
func TestSetupKeys(t *testing.T) {
var err error
alice, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
t.Fatalf("%v", err)
}
bob, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
t.Fatalf("%v", err)
}
}
作者:AaronGoldma
项目:ccf
//GetPublicKeyForHkid uses the lookup services to get a public key for an hkid
func GetPublicKeyForHkid(hkid objects.HKID) objects.PublicKey {
marshaledKey, err := GetBlob(objects.HCID(hkid))
if err != nil {
return objects.PublicKey{}
}
curve := elliptic.P521()
x, y := elliptic.Unmarshal(elliptic.P521(), marshaledKey)
pubKey := ecdsa.PublicKey{
Curve: curve, //elliptic.Curve
X: x, //X *big.Int
Y: y} //Y *big.Int
return objects.PublicKey(pubKey)
}
作者:postfi
项目:ar
func generateKey() *ecdsa.PrivateKey {
prv, x, y, err := elliptic.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
fmt.Printf("Key generation failed: %v\n", err.Error())
os.Exit(1)
}
return &ecdsa.PrivateKey{
D: new(big.Int).SetBytes(prv),
PublicKey: ecdsa.PublicKey{
Curve: elliptic.P521(),
X: x,
Y: y,
},
}
}
作者:kal
项目:cfss
// DefaultSigAlgo returns an appropriate X.509 signature algorithm given the
// CA's private key.
func DefaultSigAlgo(priv interface{}) x509.SignatureAlgorithm {
switch priv := priv.(type) {
case *rsa.PrivateKey:
keySize := priv.N.BitLen()
switch {
case keySize >= 4096:
return x509.SHA512WithRSA
case keySize >= 3072:
return x509.SHA384WithRSA
case keySize >= 2048:
return x509.SHA256WithRSA
default:
return x509.SHA1WithRSA
}
case *ecdsa.PrivateKey:
switch priv.Curve {
case elliptic.P256():
return x509.ECDSAWithSHA256
case elliptic.P384():
return x509.ECDSAWithSHA384
case elliptic.P521():
return x509.ECDSAWithSHA512
default:
return x509.ECDSAWithSHA1
}
default:
return x509.UnknownSignatureAlgorithm
}
}
作者:Jyggafe
项目:dron
func init() {
raw256, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
ecdsaKey, _ = NewSignerFromKey(raw256)
raw384, _ := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
ecdsa384Key, _ = NewSignerFromKey(raw384)
raw521, _ := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
ecdsa521Key, _ = NewSignerFromKey(raw521)
// Create a cert and sign it for use in tests.
testCert := &OpenSSHCertV01{
Nonce: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
Key: ecdsaKey.PublicKey(),
ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
ValidAfter: 0, // unix epoch
ValidBefore: maxUint64, // The end of currently representable time.
Reserved: []byte{}, // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
SignatureKey: rsaKey.PublicKey(),
}
sigBytes, _ := rsaKey.Sign(rand.Reader, testCert.BytesForSigning())
testCert.Signature = &signature{
Format: testCert.SignatureKey.PublicKeyAlgo(),
Blob: sigBytes,
}
testCertKey = &testSigner{
Signer: ecdsaKey,
pub: testCert,
}
}
作者:msorna
项目:gopk
func generatePriv() (*ecdsa.PrivateKey, error) {
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
return nil, err
}
return priv, nil
}
作者:CometKi
项目:platfor
func GenerateSigningTestKey(sigAlg SignatureAlgorithm) (sig, ver interface{}) {
switch sigAlg {
case RS256, RS384, RS512, PS256, PS384, PS512:
sig = rsaTestKey
ver = &rsaTestKey.PublicKey
case HS256, HS384, HS512:
sig, _, _ = randomKeyGenerator{size: 16}.genKey()
ver = sig
case ES256:
key, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
sig = key
ver = &key.PublicKey
case ES384:
key, _ := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
sig = key
ver = &key.PublicKey
case ES512:
key, _ := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
sig = key
ver = &key.PublicKey
default:
panic("Must update test case")
}
return
}
作者:hy
项目:go.sampl
func main() {
c := elliptic.P521()
sec, _ := ecdsa.GenerateKey(c, rand.Reader)
pub := &sec.PublicKey
log.Print("pub", pub)
log.Print("sec", sec)
pempub := exportPublicKeytoPEM(pub)
pemsec := exportPrivateKeytoEncryptedPEM(sec, []byte("asdfgh"))
log.Print("pempub", pempub)
log.Print("pemsec", pemsec)
pub = importPublicKeyfromPEM(pempub)
//sec = importPrivateKeyfromPEM(pemsec)
sec = importPrivateKeyfromEncryptedPEM(pemsec, []byte("asdfgh"))
log.Print("pub", pub)
log.Print("sec", sec)
t := sha1.New()
io.WriteString(t, "data") // when msg is a string
//t.Write([]byte("data")) // when msg is []bye
sum1 := t.Sum(nil)[:]
r, s, _ := ecdsa.Sign(rand.Reader, sec, sum1)
log.Printf("r=%d\ts=%d", r, s)
b := ecdsa.Verify(pub, sum1, r, s)
log.Printf("b=%v", b)
b = ecdsa.Verify(pub, sum1, s, r)
log.Printf("b=%v", b)
}
作者:useide
项目:notar
func TestECDSAVerifierOtherCurves(t *testing.T) {
curves := []elliptic.Curve{elliptic.P256(), elliptic.P384(), elliptic.P521()}
for _, curve := range curves {
ecdsaPrivKey, err := ecdsa.GenerateKey(curve, rand.Reader)
// Get a DER-encoded representation of the PublicKey
ecdsaPubBytes, err := x509.MarshalPKIXPublicKey(&ecdsaPrivKey.PublicKey)
assert.NoError(t, err, "failed to marshal public key")
// Get a DER-encoded representation of the PrivateKey
ecdsaPrivKeyBytes, err := x509.MarshalECPrivateKey(ecdsaPrivKey)
assert.NoError(t, err, "failed to marshal private key")
testECDSAPubKey := data.NewECDSAPublicKey(ecdsaPubBytes)
testECDSAKey, err := data.NewECDSAPrivateKey(testECDSAPubKey, ecdsaPrivKeyBytes)
assert.NoError(t, err, "failed to read private key")
// Sign some data using ECDSA
message := []byte("test data for signing")
hashed := sha256.Sum256(message)
signedData, err := ecdsaSign(testECDSAKey, hashed[:])
assert.NoError(t, err)
// Create and call Verify on the verifier
ecdsaVerifier := ECDSAVerifier{}
err = ecdsaVerifier.Verify(testECDSAKey, signedData, message)
assert.NoError(t, err, "expecting success but got error while verifying data using ECDSA")
// Make sure an invalid signature fails verification
signedData[0]++
err = ecdsaVerifier.Verify(testECDSAKey, signedData, message)
assert.Error(t, err, "expecting error but got success while verifying data using ECDSA")
}
}
作者:postfi
项目:sshke
func marshalECDSAKey(priv *ecdsa.PrivateKey) (out []byte, err error) {
var eckey ecPrivateKey
eckey.Version = 1
eckey.PrivateKey = priv.D.Bytes()
switch priv.PublicKey.Curve {
case elliptic.P256():
eckey.NamedCurveOID = oidNamedCurveP256
case elliptic.P384():
eckey.NamedCurveOID = oidNamedCurveP384
case elliptic.P521():
eckey.NamedCurveOID = oidNamedCurveP521
default:
err = ErrInvalidPrivateKey
}
pkey := elliptic.Marshal(priv.PublicKey.Curve, priv.PublicKey.X,
priv.PublicKey.Y)
if pkey == nil {
err = ErrInvalidPrivateKey
return
}
eckey.PublicKey = asn1.BitString{
BitLength: len(pkey) * 8,
Bytes: pkey,
}
out, err = asn1.Marshal(eckey)
return
}
作者:jgeromer
项目:cfss
// Compute the priority of different key algorithm based performance and security
// ECDSA>RSA>DSA>Unknown
func keyAlgoPriority(cert *x509.Certificate) int {
switch cert.PublicKeyAlgorithm {
case x509.ECDSA:
switch cert.PublicKey.(*ecdsa.PublicKey).Curve {
case elliptic.P256():
return 100
case elliptic.P384():
return 120
case elliptic.P521():
return 140
default:
return 100
}
case x509.RSA:
switch cert.PublicKey.(*rsa.PublicKey).N.BitLen() {
case 4096:
return 70
case 3072:
return 50
case 2048:
return 30
// key size <= 1024 are discouraged.
default:
return 0
}
// we do not want to bundle a DSA cert.
case x509.DSA:
return 0
default:
return 0
}
}
作者:ericchian
项目:de
func (key rawJSONWebKey) ecPrivateKey() (*ecdsa.PrivateKey, error) {
var curve elliptic.Curve
switch key.Crv {
case "P-256":
curve = elliptic.P256()
case "P-384":
curve = elliptic.P384()
case "P-521":
curve = elliptic.P521()
default:
return nil, fmt.Errorf("square/go-jose: unsupported elliptic curve '%s'", key.Crv)
}
if key.X == nil || key.Y == nil || key.D == nil {
return nil, fmt.Errorf("square/go-jose: invalid EC private key, missing x/y/d values")
}
x := key.X.bigInt()
y := key.Y.bigInt()
if !curve.IsOnCurve(x, y) {
return nil, errors.New("square/go-jose: invalid EC key, X/Y are not on declared curve")
}
return &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: curve,
X: x,
Y: y,
},
D: key.D.bigInt(),
}, nil
}
作者:bbandi
项目:cfss
// Generate generates a key as specified in the request. Currently,
// only ECDSA and RSA are supported.
func (kr *BasicKeyRequest) Generate() (crypto.PrivateKey, error) {
log.Debugf("generate key from request: algo=%s, size=%d", kr.Algo(), kr.Size())
switch kr.Algo() {
case "rsa":
if kr.Size() < 2048 {
return nil, errors.New("RSA key is too weak")
}
if kr.Size() > 8192 {
return nil, errors.New("RSA key size too large")
}
return rsa.GenerateKey(rand.Reader, kr.Size())
case "ecdsa":
var curve elliptic.Curve
switch kr.Size() {
case curveP256:
curve = elliptic.P256()
case curveP384:
curve = elliptic.P384()
case curveP521:
curve = elliptic.P521()
default:
return nil, errors.New("invalid curve")
}
return ecdsa.GenerateKey(curve, rand.Reader)
default:
return nil, errors.New("invalid algorithm")
}
}
作者:sdgoi
项目:TheDistributedBa
func GenerateEmptyConfig() (*tls.Config, error) {
priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
return nil, err
}
number, err := rand.Int(rand.Reader, big.NewInt(0).Lsh(big.NewInt(1), 128))
if err != nil {
return nil, err
}
cert := &x509.Certificate{
SerialNumber: number,
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
BasicConstraintsValid: true,
}
certbytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &priv.PublicKey, priv)
if err != nil {
return nil, err
}
ct := tls.Certificate{[][]byte{certbytes}, priv, nil, cert}
c := &tls.Config{InsecureSkipVerify: true}
c.Certificates = append(c.Certificates, ct)
c.NextProtos = []string{Proto}
return c, nil
}
作者:nerdze
项目:nerdz-ap
func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey {
pk := &PublicKey{
CreationTime: creationTime,
PubKeyAlgo: PubKeyAlgoECDSA,
PublicKey: pub,
ec: new(ecdsaKey),
}
switch pub.Curve {
case elliptic.P256():
pk.ec.oid = oidCurveP256
case elliptic.P384():
pk.ec.oid = oidCurveP384
case elliptic.P521():
pk.ec.oid = oidCurveP521
default:
panic("unknown elliptic curve")
}
pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
pk.ec.p.bitLength = uint16(8 * len(pk.ec.p.bytes))
pk.setFingerPrintAndKeyId()
return pk
}
作者:backko
项目:leanote-al
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
var w struct {
Curve string
KeyBytes []byte
Rest []byte `ssh:"rest"`
}
if err := Unmarshal(in, &w); err != nil {
return nil, nil, err
}
key := new(ecdsa.PublicKey)
switch w.Curve {
case "nistp256":
key.Curve = elliptic.P256()
case "nistp384":
key.Curve = elliptic.P384()
case "nistp521":
key.Curve = elliptic.P521()
default:
return nil, nil, errors.New("ssh: unsupported curve")
}
key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
if key.X == nil || key.Y == nil {
return nil, nil, errors.New("ssh: invalid curve point")
}
return (*ecdsaPublicKey)(key), w.Rest, nil
}
