| 
									
										
										
										
											2020-09-16 22:32:46 +00:00
										 |  |  | package xkeypairs | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"crypto/ecdsa" | 
					
						
							|  |  |  | 	"crypto/elliptic" | 
					
						
							| 
									
										
										
										
											2022-05-05 17:38:25 -06:00
										 |  |  | 	"crypto/rand" | 
					
						
							| 
									
										
										
										
											2020-09-16 22:32:46 +00:00
										 |  |  | 	"crypto/rsa" | 
					
						
							|  |  |  | 	"io" | 
					
						
							|  |  |  | 	"log" | 
					
						
							| 
									
										
										
										
											2022-05-05 17:38:25 -06:00
										 |  |  | 	mathrand "math/rand" | 
					
						
							| 
									
										
										
										
											2020-09-16 22:32:46 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	"git.rootprojects.org/root/keypairs" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-05-05 17:38:25 -06:00
										 |  |  | const maxRetry = 16 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // RandomReader may be overwritten for testing | 
					
						
							|  |  |  | var RandomReader io.Reader = rand.Reader | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | //var RandomReader = rand.Reader | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-16 22:32:46 +00:00
										 |  |  | // KeyOptions are the things that we may need to know about a request to fulfill it properly | 
					
						
							|  |  |  | type KeyOptions struct { | 
					
						
							| 
									
										
										
										
											2022-05-05 17:38:25 -06:00
										 |  |  | 	Key     string          `json:"key"` | 
					
						
							|  |  |  | 	KeyType string          `json:"kty"` | 
					
						
							|  |  |  | 	Seed    int64           `json:"-"` | 
					
						
							|  |  |  | 	SeedStr string          `json:"seed"` | 
					
						
							|  |  |  | 	Claims  keypairs.Object `json:"claims"` | 
					
						
							|  |  |  | 	Header  keypairs.Object `json:"header"` | 
					
						
							| 
									
										
										
										
											2020-09-16 22:32:46 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // this shananigans is only for testing and debug API stuff | 
					
						
							|  |  |  | func (o *KeyOptions) MyFooNextReader() io.Reader { | 
					
						
							|  |  |  | 	if 0 == o.Seed { | 
					
						
							|  |  |  | 		return RandomReader | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2022-05-05 17:38:25 -06:00
										 |  |  | 	return mathrand.New(mathrand.NewSource(o.Seed)) | 
					
						
							| 
									
										
										
										
											2020-09-16 22:32:46 +00:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // GenPrivKey generates a 256-bit entropy RSA or ECDSA private key | 
					
						
							|  |  |  | func GenPrivKey(opts *KeyOptions) keypairs.PrivateKey { | 
					
						
							|  |  |  | 	var privkey keypairs.PrivateKey | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if "RSA" == opts.KeyType { | 
					
						
							|  |  |  | 		keylen := 2048 | 
					
						
							|  |  |  | 		privkey, _ = rsa.GenerateKey(opts.MyFooNextReader(), keylen) | 
					
						
							|  |  |  | 		if 0 != opts.Seed { | 
					
						
							|  |  |  | 			for i := 0; i < maxRetry; i++ { | 
					
						
							|  |  |  | 				otherkey, _ := rsa.GenerateKey(opts.MyFooNextReader(), keylen) | 
					
						
							|  |  |  | 				otherCmp := otherkey.D.Cmp(privkey.(*rsa.PrivateKey).D) | 
					
						
							|  |  |  | 				if 0 != otherCmp { | 
					
						
							|  |  |  | 					// There are two possible keys, choose the lesser D value | 
					
						
							|  |  |  | 					// See https://github.com/square/go-jose/issues/189 | 
					
						
							|  |  |  | 					if otherCmp < 0 { | 
					
						
							|  |  |  | 						privkey = otherkey | 
					
						
							|  |  |  | 					} | 
					
						
							|  |  |  | 					break | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 				if maxRetry == i-1 { | 
					
						
							|  |  |  | 					log.Printf("error: coinflip landed on heads %d times", maxRetry) | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		// TODO: EC keys may also suffer the same random problems in the future | 
					
						
							|  |  |  | 		privkey, _ = ecdsa.GenerateKey(elliptic.P256(), opts.MyFooNextReader()) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return privkey | 
					
						
							|  |  |  | } |