parseECDSA parses an ECDSA key according to RFC 5656, section 3.1. This function is based on the one in golang.org/x/crypto/ssh.
(in []byte)
| 184 | // |
| 185 | // This function is based on the one in golang.org/x/crypto/ssh. |
| 186 | func parseECDSA(in []byte) (*ecdsa.PublicKey, error) { |
| 187 | var w struct { |
| 188 | Name string |
| 189 | Curve string |
| 190 | Key []byte |
| 191 | } |
| 192 | |
| 193 | if err := ssh.Unmarshal(in, &w); err != nil { |
| 194 | return nil, errors.Wrap(err, "error unmarshaling public key") |
| 195 | } |
| 196 | |
| 197 | var ( |
| 198 | key *ecdh.PublicKey |
| 199 | curve elliptic.Curve |
| 200 | size int |
| 201 | err error |
| 202 | ) |
| 203 | |
| 204 | switch w.Curve { |
| 205 | case "nistp256": |
| 206 | curve = elliptic.P256() |
| 207 | key, err = ecdh.P256().NewPublicKey(w.Key) |
| 208 | size = 32 |
| 209 | case "nistp384": |
| 210 | curve = elliptic.P384() |
| 211 | key, err = ecdh.P384().NewPublicKey(w.Key) |
| 212 | size = 48 |
| 213 | case "nistp521": |
| 214 | curve = elliptic.P521() |
| 215 | key, err = ecdh.P521().NewPublicKey(w.Key) |
| 216 | size = 66 |
| 217 | default: |
| 218 | return nil, errors.Errorf("unsupported curve %s", w.Curve) |
| 219 | } |
| 220 | |
| 221 | if err != nil { |
| 222 | return nil, fmt.Errorf("failed to create key: %w", err) |
| 223 | } |
| 224 | |
| 225 | return &ecdsa.PublicKey{ |
| 226 | Curve: curve, |
| 227 | X: big.NewInt(0).SetBytes(key.Bytes()[1 : size+1]), |
| 228 | Y: big.NewInt(0).SetBytes(key.Bytes()[size+1:]), |
| 229 | }, nil |
| 230 | } |
| 231 | |
| 232 | func parseED25519(in []byte) (ed25519.PublicKey, error) { |
| 233 | var w struct { |
no outgoing calls
searching dependent graphs…