From 89c0960c3c03d45a8db3ec9e6348e35301cb03ce Mon Sep 17 00:00:00 2001
From: "Jesper B. Rosenkilde" <jbr@humppa.dk>
Date: Fri, 6 May 2022 16:06:19 +0200
Subject: Add ECDSA generation functions to crypto funcs

ECDSAGenerateKey takes one of Go's supported named NIST curves and an
argument and returns a newly generated EC private key PEM encoded.

ECDSADerivePublicKey takes a PEM encoded EC private key and derives the
corresponding public key, which is returned PEM encoded.
---
 funcs/crypto.go      | 24 ++++++++++++++++++++++++
 funcs/crypto_test.go | 31 +++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

(limited to 'funcs')

diff --git a/funcs/crypto.go b/funcs/crypto.go
index 6a1156fc..4df8f193 100644
--- a/funcs/crypto.go
+++ b/funcs/crypto.go
@@ -250,6 +250,30 @@ func (f *CryptoFuncs) RSADerivePublicKey(privateKey string) (string, error) {
 	return string(out), err
 }
 
+// ECDSAGenerateKey - -
+// Experimental!
+func (f *CryptoFuncs) ECDSAGenerateKey(args ...interface{}) (string, error) {
+	if err := checkExperimental(f.ctx); err != nil {
+		return "", err
+	}
+	curve := "P-256"
+	if len(args) == 1 {
+		curve = conv.ToString(args[0])
+	} else if len(args) > 1 {
+		return "", fmt.Errorf("wrong number of args: want 0 or 1, got %d", len(args))
+	}
+	out, err := crypto.ECDSAGenerateKey(curve)
+	return string(out), err
+}
+
+func (f *CryptoFuncs) ECDSADerivePublicKey(privateKey string) (string, error) {
+	if err := checkExperimental(f.ctx); err != nil {
+		return "", err
+	}
+	out, err := crypto.ECDSADerivePublicKey([]byte(privateKey))
+	return string(out), err
+}
+
 // EncryptAES -
 func (f *CryptoFuncs) EncryptAES(key string, args ...interface{}) ([]byte, error) {
 	k, msg, err := parseAESArgs(key, args...)
diff --git a/funcs/crypto_test.go b/funcs/crypto_test.go
index 5faa3c6a..d14b37e6 100644
--- a/funcs/crypto_test.go
+++ b/funcs/crypto_test.go
@@ -115,6 +115,37 @@ func TestRSAGenerateKey(t *testing.T) {
 		"-----END RSA PRIVATE KEY-----\n"))
 }
 
+func TestECDSAGenerateKey(t *testing.T) {
+	c := testCryptoNS()
+	_, err := c.ECDSAGenerateKey("")
+	assert.Error(t, err)
+
+	_, err = c.ECDSAGenerateKey(0, "P-999", true)
+	assert.Error(t, err)
+
+	key, err := c.ECDSAGenerateKey("P-256")
+	assert.NoError(t, err)
+	assert.True(t, strings.HasPrefix(key,
+		"-----BEGIN EC PRIVATE KEY-----"))
+	assert.True(t, strings.HasSuffix(key,
+		"-----END EC PRIVATE KEY-----\n"))
+}
+
+func TestECDSADerivePublicKey(t *testing.T) {
+	c := testCryptoNS()
+
+	_, err := c.ECDSADerivePublicKey("")
+	assert.Error(t, err)
+
+	key, _ := c.ECDSAGenerateKey("P-256")
+	pub, err := c.ECDSADerivePublicKey(key)
+	assert.NoError(t, err)
+	assert.True(t, strings.HasPrefix(pub,
+		"-----BEGIN PUBLIC KEY-----"))
+	assert.True(t, strings.HasSuffix(pub,
+		"-----END PUBLIC KEY-----\n"))
+}
+
 func TestRSACrypt(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping slow test")
-- 
cgit v1.2.3