-- |
-- Module      : Crypto.Store.PKCS8
-- License     : BSD-style
-- Maintainer  : Olivier Chéron <olivier.cheron@gmail.com>
-- Stability   : experimental
-- Portability : unknown
--
-- Private-Key Information Syntax, aka PKCS #8.
--
-- Presents an API similar to "Data.X509.Memory" and "Data.X509.File" but
-- allows to write private keys and provides support for password-based
-- encryption.
--
-- Functions to read a private key return an object wrapped in the
-- 'OptProtected' data type.
--
-- Functions related to public keys, certificates and CRLs are available from
-- "Crypto.Store.X509".
{-# LANGUAGE FlexibleContexts #-}
{-# LANGUAGE FlexibleInstances #-}
{-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE UndecidableInstances #-}
module Crypto.Store.PKCS8
    ( readKeyFile
    , readKeyFileFromMemory
    , pemToKey
    , writeKeyFile
    , writeKeyFileToMemory
    , keyToPEM
    , writeEncryptedKeyFile
    , writeEncryptedKeyFileToMemory
    , encryptKeyToPEM
    -- * Serialization formats
    , PrivateKeyFormat(..)
    , FormattedKey(..)
    -- * Password-based protection
    , ProtectionPassword
    , emptyNotTerminated
    , fromProtectionPassword
    , toProtectionPassword
    , OptProtected(..)
    , recover
    , recoverA
    -- * Reading and writing PEM files
    , readPEMs
    , writePEMs
    ) where

import Control.Applicative
import Control.Monad (void, when)

import Data.ASN1.Types
import Data.ASN1.BinaryEncoding
import Data.ASN1.BitArray
import Data.ASN1.Encoding
import Data.ByteArray (ByteArrayAccess, convert)
import Data.Maybe
import qualified Data.X509 as X509
import qualified Data.ByteString as B
import           Crypto.Error
import           Crypto.Number.Serialize (i2osp, i2ospOf_, os2ip)
import qualified Crypto.PubKey.Curve25519 as X25519
import qualified Crypto.PubKey.Curve448 as X448
import qualified Crypto.PubKey.DSA as DSA
import qualified Crypto.PubKey.ECC.ECDSA as ECDSA
import qualified Crypto.PubKey.Ed25519 as Ed25519
import qualified Crypto.PubKey.Ed448 as Ed448
import qualified Crypto.PubKey.RSA as RSA

import Crypto.Store.ASN1.Generate
import Crypto.Store.ASN1.Parse
import Crypto.Store.CMS.Attribute
import Crypto.Store.CMS.Util
import Crypto.Store.Error
import Crypto.Store.PEM
import Crypto.Store.PKCS5
import Crypto.Store.PKCS8.EC
import Crypto.Store.Util

-- | Data type for objects that are possibly protected with a password.
data OptProtected a = Unprotected a
                      -- ^ Value is unprotected
                    | Protected (ProtectionPassword -> Either StoreError a)
                      -- ^ Value is protected with a password

instance Functor OptProtected where
    fmap :: forall a b. (a -> b) -> OptProtected a -> OptProtected b
fmap a -> b
f (Unprotected a
x) = b -> OptProtected b
forall a. a -> OptProtected a
Unprotected (a -> b
f a
x)
    fmap a -> b
f (Protected ProtectionPassword -> Either StoreError a
g)   = (ProtectionPassword -> Either StoreError b) -> OptProtected b
forall a.
(ProtectionPassword -> Either StoreError a) -> OptProtected a
Protected ((a -> b) -> Either StoreError a -> Either StoreError b
forall a b. (a -> b) -> Either StoreError a -> Either StoreError b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap a -> b
f (Either StoreError a -> Either StoreError b)
-> (ProtectionPassword -> Either StoreError a)
-> ProtectionPassword
-> Either StoreError b
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ProtectionPassword -> Either StoreError a
g)

-- | Try to recover an 'OptProtected' content using the specified password.
recover :: ProtectionPassword -> OptProtected a -> Either StoreError a
recover :: forall a.
ProtectionPassword -> OptProtected a -> Either StoreError a
recover ProtectionPassword
_   (Unprotected a
x) = a -> Either StoreError a
forall a b. b -> Either a b
Right a
x
recover ProtectionPassword
pwd (Protected ProtectionPassword -> Either StoreError a
f)   = ProtectionPassword -> Either StoreError a
f ProtectionPassword
pwd

-- | Try to recover an 'OptProtected' content in an applicative context.  The
-- applicative password is used if necessary.
--
-- > import qualified Data.ByteString as B
-- > import           Crypto.Store.PKCS8
-- >
-- > [encryptedKey] <- readKeyFile "privkey.pem"
-- > let askForPassword = putStr "Please enter password: " >> B.getLine
-- > result <- recoverA (toProtectionPassword <$> askForPassword) encryptedKey
-- > case result of
-- >     Left err  -> putStrLn $ "Unable to recover key: " ++ show err
-- >     Right key -> print key
recoverA :: Applicative f
         => f ProtectionPassword
         -> OptProtected a
         -> f (Either StoreError a)
recoverA :: forall (f :: * -> *) a.
Applicative f =>
f ProtectionPassword -> OptProtected a -> f (Either StoreError a)
recoverA f ProtectionPassword
_   (Unprotected a
x) = Either StoreError a -> f (Either StoreError a)
forall a. a -> f a
forall (f :: * -> *) a. Applicative f => a -> f a
pure (a -> Either StoreError a
forall a b. b -> Either a b
Right a
x)
recoverA f ProtectionPassword
get (Protected ProtectionPassword -> Either StoreError a
f)   = (ProtectionPassword -> Either StoreError a)
-> f ProtectionPassword -> f (Either StoreError a)
forall a b. (a -> b) -> f a -> f b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap ProtectionPassword -> Either StoreError a
f f ProtectionPassword
get


-- Reading from PEM format

-- | Read private keys from a PEM file.
readKeyFile :: FilePath -> IO [OptProtected X509.PrivKey]
readKeyFile :: FilePath -> IO [OptProtected PrivKey]
readKeyFile FilePath
path = [PEM] -> [OptProtected PrivKey]
accumulate ([PEM] -> [OptProtected PrivKey])
-> IO [PEM] -> IO [OptProtected PrivKey]
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> FilePath -> IO [PEM]
readPEMs FilePath
path

-- | Read private keys from a bytearray in PEM format.
readKeyFileFromMemory :: B.ByteString -> [OptProtected X509.PrivKey]
readKeyFileFromMemory :: ByteString -> [OptProtected PrivKey]
readKeyFileFromMemory = (FilePath -> [OptProtected PrivKey])
-> ([PEM] -> [OptProtected PrivKey])
-> Either FilePath [PEM]
-> [OptProtected PrivKey]
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either ([OptProtected PrivKey] -> FilePath -> [OptProtected PrivKey]
forall a b. a -> b -> a
const []) [PEM] -> [OptProtected PrivKey]
accumulate (Either FilePath [PEM] -> [OptProtected PrivKey])
-> (ByteString -> Either FilePath [PEM])
-> ByteString
-> [OptProtected PrivKey]
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ByteString -> Either FilePath [PEM]
pemParseBS

accumulate :: [PEM] -> [OptProtected X509.PrivKey]
accumulate :: [PEM] -> [OptProtected PrivKey]
accumulate = [Maybe (OptProtected PrivKey)] -> [OptProtected PrivKey]
forall a. [Maybe a] -> [a]
catMaybes ([Maybe (OptProtected PrivKey)] -> [OptProtected PrivKey])
-> ([PEM] -> [Maybe (OptProtected PrivKey)])
-> [PEM]
-> [OptProtected PrivKey]
forall b c a. (b -> c) -> (a -> b) -> a -> c
. (PEM
 -> [Maybe (OptProtected PrivKey)]
 -> [Maybe (OptProtected PrivKey)])
-> [Maybe (OptProtected PrivKey)]
-> [PEM]
-> [Maybe (OptProtected PrivKey)]
forall a b. (a -> b -> b) -> b -> [a] -> b
forall (t :: * -> *) a b.
Foldable t =>
(a -> b -> b) -> b -> t a -> b
foldr (([Maybe (OptProtected PrivKey)]
 -> PEM -> [Maybe (OptProtected PrivKey)])
-> PEM
-> [Maybe (OptProtected PrivKey)]
-> [Maybe (OptProtected PrivKey)]
forall a b c. (a -> b -> c) -> b -> a -> c
flip [Maybe (OptProtected PrivKey)]
-> PEM -> [Maybe (OptProtected PrivKey)]
pemToKey) []

-- | Read a private key from a 'PEM' element and add it to the accumulator list.
pemToKey :: [Maybe (OptProtected X509.PrivKey)] -> PEM -> [Maybe (OptProtected X509.PrivKey)]
pemToKey :: [Maybe (OptProtected PrivKey)]
-> PEM -> [Maybe (OptProtected PrivKey)]
pemToKey [Maybe (OptProtected PrivKey)]
acc PEM
pem =
    case BER -> ByteString -> Either ASN1Error [ASN1]
forall a.
ASN1Decoding a =>
a -> ByteString -> Either ASN1Error [ASN1]
decodeASN1' BER
BER (PEM -> ByteString
pemContent PEM
pem) of
        Left ASN1Error
_     -> [Maybe (OptProtected PrivKey)]
acc
        Right [ASN1]
asn1 -> ParseASN1 () (OptProtected PrivKey)
-> [ASN1] -> Maybe (OptProtected PrivKey)
forall {a}. ParseASN1 () a -> [ASN1] -> Maybe a
run (FilePath -> ParseASN1 () (OptProtected PrivKey)
getParser (FilePath -> ParseASN1 () (OptProtected PrivKey))
-> FilePath -> ParseASN1 () (OptProtected PrivKey)
forall a b. (a -> b) -> a -> b
$ PEM -> FilePath
pemName PEM
pem) [ASN1]
asn1 Maybe (OptProtected PrivKey)
-> [Maybe (OptProtected PrivKey)] -> [Maybe (OptProtected PrivKey)]
forall a. a -> [a] -> [a]
: [Maybe (OptProtected PrivKey)]
acc

  where
    run :: ParseASN1 () a -> [ASN1] -> Maybe a
run ParseASN1 () a
p = (FilePath -> Maybe a)
-> (a -> Maybe a) -> Either FilePath a -> Maybe a
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either (Maybe a -> FilePath -> Maybe a
forall a b. a -> b -> a
const Maybe a
forall a. Maybe a
Nothing) a -> Maybe a
forall a. a -> Maybe a
Just (Either FilePath a -> Maybe a)
-> ([ASN1] -> Either FilePath a) -> [ASN1] -> Maybe a
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ParseASN1 () a -> [ASN1] -> Either FilePath a
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath a
runParseASN1 ParseASN1 () a
p

    allTypes :: ParseASN1 () PrivKey
allTypes  = FormattedKey PrivKey -> PrivKey
forall a. FormattedKey a -> a
unFormat (FormattedKey PrivKey -> PrivKey)
-> ParseASN1 () (FormattedKey PrivKey) -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () (FormattedKey PrivKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
    rsa :: ParseASN1 () PrivKey
rsa       = PrivateKey -> PrivKey
X509.PrivKeyRSA (PrivateKey -> PrivKey)
-> (FormattedKey PrivateKey -> PrivateKey)
-> FormattedKey PrivateKey
-> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. FormattedKey PrivateKey -> PrivateKey
forall a. FormattedKey a -> a
unFormat (FormattedKey PrivateKey -> PrivKey)
-> ParseASN1 () (FormattedKey PrivateKey) -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () (FormattedKey PrivateKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
    dsa :: ParseASN1 () PrivKey
dsa       = PrivateKey -> PrivKey
X509.PrivKeyDSA (PrivateKey -> PrivKey)
-> (FormattedKey KeyPair -> PrivateKey)
-> FormattedKey KeyPair
-> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. KeyPair -> PrivateKey
DSA.toPrivateKey (KeyPair -> PrivateKey)
-> (FormattedKey KeyPair -> KeyPair)
-> FormattedKey KeyPair
-> PrivateKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. FormattedKey KeyPair -> KeyPair
forall a. FormattedKey a -> a
unFormat (FormattedKey KeyPair -> PrivKey)
-> ParseASN1 () (FormattedKey KeyPair) -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () (FormattedKey KeyPair)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
    ecdsa :: ParseASN1 () PrivKey
ecdsa     = PrivKeyEC -> PrivKey
X509.PrivKeyEC (PrivKeyEC -> PrivKey)
-> (FormattedKey PrivKeyEC -> PrivKeyEC)
-> FormattedKey PrivKeyEC
-> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. FormattedKey PrivKeyEC -> PrivKeyEC
forall a. FormattedKey a -> a
unFormat (FormattedKey PrivKeyEC -> PrivKey)
-> ParseASN1 () (FormattedKey PrivKeyEC) -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () (FormattedKey PrivKeyEC)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
    x25519 :: ParseASN1 () PrivKey
x25519    = SecretKey -> PrivKey
X509.PrivKeyX25519 (SecretKey -> PrivKey)
-> ParseASN1 () SecretKey -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () SecretKey
forall e a. ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern
    x448 :: ParseASN1 () PrivKey
x448      = SecretKey -> PrivKey
X509.PrivKeyX448 (SecretKey -> PrivKey)
-> ParseASN1 () SecretKey -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () SecretKey
forall e a. ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern
    ed25519 :: ParseASN1 () PrivKey
ed25519   = SecretKey -> PrivKey
X509.PrivKeyEd25519 (SecretKey -> PrivKey)
-> ParseASN1 () SecretKey -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () SecretKey
forall e a. ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern
    ed448 :: ParseASN1 () PrivKey
ed448     = SecretKey -> PrivKey
X509.PrivKeyEd448 (SecretKey -> PrivKey)
-> ParseASN1 () SecretKey -> ParseASN1 () PrivKey
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () SecretKey
forall e a. ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern
    encrypted :: ParseASN1 () (ProtectionPassword -> Either StoreError PrivKey)
encrypted = (ProtectionPassword -> Either StoreError ByteString)
-> ProtectionPassword -> Either StoreError PrivKey
forall {t}.
(t -> Either StoreError ByteString)
-> t -> Either StoreError PrivKey
inner ((ProtectionPassword -> Either StoreError ByteString)
 -> ProtectionPassword -> Either StoreError PrivKey)
-> (PKCS5 -> ProtectionPassword -> Either StoreError ByteString)
-> PKCS5
-> ProtectionPassword
-> Either StoreError PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PKCS5 -> ProtectionPassword -> Either StoreError ByteString
decrypt (PKCS5 -> ProtectionPassword -> Either StoreError PrivKey)
-> ParseASN1 () PKCS5
-> ParseASN1 () (ProtectionPassword -> Either StoreError PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PKCS5
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

    getParser :: FilePath -> ParseASN1 () (OptProtected PrivKey)
getParser FilePath
"PRIVATE KEY"           = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
allTypes
    getParser FilePath
"RSA PRIVATE KEY"       = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
rsa
    getParser FilePath
"DSA PRIVATE KEY"       = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
dsa
    getParser FilePath
"EC PRIVATE KEY"        = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
ecdsa
    getParser FilePath
"X25519 PRIVATE KEY"    = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
x25519
    getParser FilePath
"X448 PRIVATE KEY"      = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
x448
    getParser FilePath
"ED25519 PRIVATE KEY"   = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
ed25519
    getParser FilePath
"ED448 PRIVATE KEY"     = PrivKey -> OptProtected PrivKey
forall a. a -> OptProtected a
Unprotected (PrivKey -> OptProtected PrivKey)
-> ParseASN1 () PrivKey -> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () PrivKey
ed448
    getParser FilePath
"ENCRYPTED PRIVATE KEY" = (ProtectionPassword -> Either StoreError PrivKey)
-> OptProtected PrivKey
forall a.
(ProtectionPassword -> Either StoreError a) -> OptProtected a
Protected   ((ProtectionPassword -> Either StoreError PrivKey)
 -> OptProtected PrivKey)
-> ParseASN1 () (ProtectionPassword -> Either StoreError PrivKey)
-> ParseASN1 () (OptProtected PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 () (ProtectionPassword -> Either StoreError PrivKey)
encrypted
    getParser FilePath
_                       = ParseASN1 () (OptProtected PrivKey)
forall a. ParseASN1 () a
forall (f :: * -> *) a. Alternative f => f a
empty

    inner :: (t -> Either StoreError ByteString)
-> t -> Either StoreError PrivKey
inner t -> Either StoreError ByteString
decfn t
pwd = do
        ByteString
decrypted <- t -> Either StoreError ByteString
decfn t
pwd
        [ASN1]
asn1 <- (ASN1Error -> StoreError)
-> Either ASN1Error [ASN1] -> Either StoreError [ASN1]
forall a b c. (a -> b) -> Either a c -> Either b c
mapLeft ASN1Error -> StoreError
DecodingError (Either ASN1Error [ASN1] -> Either StoreError [ASN1])
-> Either ASN1Error [ASN1] -> Either StoreError [ASN1]
forall a b. (a -> b) -> a -> b
$ BER -> ByteString -> Either ASN1Error [ASN1]
forall a.
ASN1Decoding a =>
a -> ByteString -> Either ASN1Error [ASN1]
decodeASN1' BER
BER ByteString
decrypted
        case ParseASN1 () PrivKey -> [ASN1] -> Maybe PrivKey
forall {a}. ParseASN1 () a -> [ASN1] -> Maybe a
run ParseASN1 () PrivKey
allTypes [ASN1]
asn1 of
            Maybe PrivKey
Nothing -> StoreError -> Either StoreError PrivKey
forall a b. a -> Either a b
Left (FilePath -> StoreError
ParseFailure FilePath
"No key parsed after decryption")
            Just PrivKey
k  -> PrivKey -> Either StoreError PrivKey
forall a. a -> Either StoreError a
forall (m :: * -> *) a. Monad m => a -> m a
return PrivKey
k


-- Writing to PEM format

-- | Write unencrypted private keys to a PEM file.
writeKeyFile :: PrivateKeyFormat -> FilePath -> [X509.PrivKey] -> IO ()
writeKeyFile :: PrivateKeyFormat -> FilePath -> [PrivKey] -> IO ()
writeKeyFile PrivateKeyFormat
fmt FilePath
path = FilePath -> [PEM] -> IO ()
writePEMs FilePath
path ([PEM] -> IO ()) -> ([PrivKey] -> [PEM]) -> [PrivKey] -> IO ()
forall b c a. (b -> c) -> (a -> b) -> a -> c
. (PrivKey -> PEM) -> [PrivKey] -> [PEM]
forall a b. (a -> b) -> [a] -> [b]
map (PrivateKeyFormat -> PrivKey -> PEM
keyToPEM PrivateKeyFormat
fmt)

-- | Write unencrypted private keys to a bytearray in PEM format.
writeKeyFileToMemory :: PrivateKeyFormat -> [X509.PrivKey] -> B.ByteString
writeKeyFileToMemory :: PrivateKeyFormat -> [PrivKey] -> ByteString
writeKeyFileToMemory PrivateKeyFormat
fmt = [PEM] -> ByteString
pemsWriteBS ([PEM] -> ByteString)
-> ([PrivKey] -> [PEM]) -> [PrivKey] -> ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
. (PrivKey -> PEM) -> [PrivKey] -> [PEM]
forall a b. (a -> b) -> [a] -> [b]
map (PrivateKeyFormat -> PrivKey -> PEM
keyToPEM PrivateKeyFormat
fmt)

-- | Write a PKCS #8 encrypted private key to a PEM file.
--
-- If multiple keys need to be stored in the same file, use functions
-- 'encryptKeyToPEM' and 'writePEMs'.
--
-- Fresh 'EncryptionScheme' parameters should be generated for each key to
-- encrypt.
writeEncryptedKeyFile :: FilePath
                      -> EncryptionScheme -> ProtectionPassword -> X509.PrivKey
                      -> IO (Either StoreError ())
writeEncryptedKeyFile :: FilePath
-> EncryptionScheme
-> ProtectionPassword
-> PrivKey
-> IO (Either StoreError ())
writeEncryptedKeyFile FilePath
path EncryptionScheme
alg ProtectionPassword
pwd PrivKey
privKey =
    let pem :: Either StoreError PEM
pem = EncryptionScheme
-> ProtectionPassword -> PrivKey -> Either StoreError PEM
encryptKeyToPEM EncryptionScheme
alg ProtectionPassword
pwd PrivKey
privKey
     in (StoreError -> IO (Either StoreError ()))
-> (PEM -> IO (Either StoreError ()))
-> Either StoreError PEM
-> IO (Either StoreError ())
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either (Either StoreError () -> IO (Either StoreError ())
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return (Either StoreError () -> IO (Either StoreError ()))
-> (StoreError -> Either StoreError ())
-> StoreError
-> IO (Either StoreError ())
forall b c a. (b -> c) -> (a -> b) -> a -> c
. StoreError -> Either StoreError ()
forall a b. a -> Either a b
Left) ((() -> Either StoreError ()) -> IO () -> IO (Either StoreError ())
forall a b. (a -> b) -> IO a -> IO b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap () -> Either StoreError ()
forall a b. b -> Either a b
Right (IO () -> IO (Either StoreError ()))
-> (PEM -> IO ()) -> PEM -> IO (Either StoreError ())
forall b c a. (b -> c) -> (a -> b) -> a -> c
. FilePath -> [PEM] -> IO ()
writePEMs FilePath
path ([PEM] -> IO ()) -> (PEM -> [PEM]) -> PEM -> IO ()
forall b c a. (b -> c) -> (a -> b) -> a -> c
. (PEM -> [PEM] -> [PEM]
forall a. a -> [a] -> [a]
:[])) Either StoreError PEM
pem

-- | Write a PKCS #8 encrypted private key to a bytearray in PEM format.
--
-- If multiple keys need to be stored in the same bytearray, use functions
-- 'encryptKeyToPEM' and 'pemWriteBS' or 'pemWriteLBS'.
--
-- Fresh 'EncryptionScheme' parameters should be generated for each key to
-- encrypt.
writeEncryptedKeyFileToMemory :: EncryptionScheme -> ProtectionPassword
                              -> X509.PrivKey -> Either StoreError B.ByteString
writeEncryptedKeyFileToMemory :: EncryptionScheme
-> ProtectionPassword -> PrivKey -> Either StoreError ByteString
writeEncryptedKeyFileToMemory EncryptionScheme
alg ProtectionPassword
pwd PrivKey
privKey =
    PEM -> ByteString
pemWriteBS (PEM -> ByteString)
-> Either StoreError PEM -> Either StoreError ByteString
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> EncryptionScheme
-> ProtectionPassword -> PrivKey -> Either StoreError PEM
encryptKeyToPEM EncryptionScheme
alg ProtectionPassword
pwd PrivKey
privKey

-- | Generate an unencrypted PEM for a private key.
keyToPEM :: PrivateKeyFormat -> X509.PrivKey -> PEM
keyToPEM :: PrivateKeyFormat -> PrivKey -> PEM
keyToPEM PrivateKeyFormat
TraditionalFormat = PrivKey -> PEM
keyToTraditionalPEM
keyToPEM PrivateKeyFormat
PKCS8Format       = PrivKey -> PEM
keyToModernPEM

keyToTraditionalPEM :: X509.PrivKey -> PEM
keyToTraditionalPEM :: PrivKey -> PEM
keyToTraditionalPEM PrivKey
privKey =
    FilePath -> ByteString -> PEM
mkPEM (FilePath
typeTag FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
" PRIVATE KEY") (ASN1PS -> ByteString
encodeASN1S ASN1PS
asn1)
  where (FilePath
typeTag, ASN1PS
asn1) = PrivKey -> (FilePath, ASN1PS)
forall e. ASN1Elem e => PrivKey -> (FilePath, ASN1Stream e)
traditionalPrivKeyASN1S PrivKey
privKey

traditionalPrivKeyASN1S :: ASN1Elem e => X509.PrivKey -> (String, ASN1Stream e)
traditionalPrivKeyASN1S :: forall e. ASN1Elem e => PrivKey -> (FilePath, ASN1Stream e)
traditionalPrivKeyASN1S PrivKey
privKey =
    case PrivKey
privKey of
        X509.PrivKeyRSA PrivateKey
k -> (FilePath
"RSA", PrivateKey -> ASN1Stream e
forall {e} {a}.
ProduceASN1Object e (Traditional a) =>
a -> ASN1Stream e
traditional PrivateKey
k)
        X509.PrivKeyDSA PrivateKey
k -> (FilePath
"DSA", KeyPair -> ASN1Stream e
forall {e} {a}.
ProduceASN1Object e (Traditional a) =>
a -> ASN1Stream e
traditional (PrivateKey -> KeyPair
dsaPrivToPair PrivateKey
k))
        X509.PrivKeyEC  PrivKeyEC
k -> (FilePath
"EC",  PrivKeyEC -> ASN1Stream e
forall {e} {a}.
ProduceASN1Object e (Traditional a) =>
a -> ASN1Stream e
traditional PrivKeyEC
k)
        X509.PrivKeyX25519  SecretKey
k -> (FilePath
"X25519",  SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
tradModern SecretKey
k)
        X509.PrivKeyX448    SecretKey
k -> (FilePath
"X448",    SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
tradModern SecretKey
k)
        X509.PrivKeyEd25519 SecretKey
k -> (FilePath
"ED25519", SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
tradModern SecretKey
k)
        X509.PrivKeyEd448   SecretKey
k -> (FilePath
"ED448",   SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
tradModern SecretKey
k)
  where
    traditional :: a -> ASN1Stream e
traditional a
a = Traditional a -> ASN1Stream e
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s (a -> Traditional a
forall a. a -> Traditional a
Traditional a
a)
    tradModern :: a -> ASN1Stream e
tradModern a
a  = Modern a -> ASN1Stream e
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s ([Attribute] -> a -> Modern a
forall a. [Attribute] -> a -> Modern a
Modern [] a
a)

keyToModernPEM :: X509.PrivKey -> PEM
keyToModernPEM :: PrivKey -> PEM
keyToModernPEM PrivKey
privKey = FilePath -> ByteString -> PEM
mkPEM FilePath
"PRIVATE KEY" (ASN1PS -> ByteString
encodeASN1S ASN1PS
asn1)
  where asn1 :: ASN1PS
asn1 = [Attribute] -> PrivKey -> ASN1PS
forall e. ASN1Elem e => [Attribute] -> PrivKey -> ASN1Stream e
modernPrivKeyASN1S [] PrivKey
privKey

modernPrivKeyASN1S :: ASN1Elem e => [Attribute] -> X509.PrivKey -> ASN1Stream e
modernPrivKeyASN1S :: forall e. ASN1Elem e => [Attribute] -> PrivKey -> ASN1Stream e
modernPrivKeyASN1S [Attribute]
attrs PrivKey
privKey =
    case PrivKey
privKey of
        X509.PrivKeyRSA PrivateKey
k -> PrivateKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern PrivateKey
k
        X509.PrivKeyDSA PrivateKey
k -> KeyPair -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern (PrivateKey -> KeyPair
dsaPrivToPair PrivateKey
k)
        X509.PrivKeyEC  PrivKeyEC
k -> PrivKeyEC -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern PrivKeyEC
k
        X509.PrivKeyX25519  SecretKey
k -> SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern SecretKey
k
        X509.PrivKeyX448    SecretKey
k -> SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern SecretKey
k
        X509.PrivKeyEd25519 SecretKey
k -> SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern SecretKey
k
        X509.PrivKeyEd448   SecretKey
k -> SecretKey -> ASN1Stream e
forall {e} {a}. ProduceASN1Object e (Modern a) => a -> ASN1Stream e
modern SecretKey
k
  where
    modern :: a -> ASN1Stream e
modern a
a = Modern a -> ASN1Stream e
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s ([Attribute] -> a -> Modern a
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs a
a)

-- | Generate a PKCS #8 encrypted PEM for a private key.
--
-- Fresh 'EncryptionScheme' parameters should be generated for each key to
-- encrypt.
encryptKeyToPEM :: EncryptionScheme -> ProtectionPassword -> X509.PrivKey
                -> Either StoreError PEM
encryptKeyToPEM :: EncryptionScheme
-> ProtectionPassword -> PrivKey -> Either StoreError PEM
encryptKeyToPEM EncryptionScheme
alg ProtectionPassword
pwd PrivKey
privKey = PKCS5 -> PEM
forall {obj}. ProduceASN1Object ASN1P obj => obj -> PEM
toPEM (PKCS5 -> PEM) -> Either StoreError PKCS5 -> Either StoreError PEM
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> EncryptionScheme
-> ProtectionPassword -> ByteString -> Either StoreError PKCS5
encrypt EncryptionScheme
alg ProtectionPassword
pwd ByteString
bs
  where bs :: ByteString
bs = PEM -> ByteString
pemContent (PrivKey -> PEM
keyToModernPEM PrivKey
privKey)
        toPEM :: obj -> PEM
toPEM obj
pkcs8 = FilePath -> ByteString -> PEM
mkPEM FilePath
"ENCRYPTED PRIVATE KEY" (obj -> ByteString
forall obj. ProduceASN1Object ASN1P obj => obj -> ByteString
encodeASN1Object obj
pkcs8)

mkPEM :: String -> B.ByteString -> PEM
mkPEM :: FilePath -> ByteString -> PEM
mkPEM FilePath
name ByteString
bs = PEM { pemName :: FilePath
pemName = FilePath
name, pemHeader :: [(FilePath, ByteString)]
pemHeader = [], pemContent :: ByteString
pemContent = ByteString
bs}


-- Private key formats: traditional (SSLeay compatible) and modern (PKCS #8)

-- | Private-key serialization format.
--
-- Encryption in traditional format is not supported currently.
data PrivateKeyFormat = TraditionalFormat -- ^ SSLeay compatible
                      | PKCS8Format       -- ^ PKCS #8
                      deriving (Int -> PrivateKeyFormat -> FilePath -> FilePath
[PrivateKeyFormat] -> FilePath -> FilePath
PrivateKeyFormat -> FilePath
(Int -> PrivateKeyFormat -> FilePath -> FilePath)
-> (PrivateKeyFormat -> FilePath)
-> ([PrivateKeyFormat] -> FilePath -> FilePath)
-> Show PrivateKeyFormat
forall a.
(Int -> a -> FilePath -> FilePath)
-> (a -> FilePath) -> ([a] -> FilePath -> FilePath) -> Show a
$cshowsPrec :: Int -> PrivateKeyFormat -> FilePath -> FilePath
showsPrec :: Int -> PrivateKeyFormat -> FilePath -> FilePath
$cshow :: PrivateKeyFormat -> FilePath
show :: PrivateKeyFormat -> FilePath
$cshowList :: [PrivateKeyFormat] -> FilePath -> FilePath
showList :: [PrivateKeyFormat] -> FilePath -> FilePath
Show,PrivateKeyFormat -> PrivateKeyFormat -> Bool
(PrivateKeyFormat -> PrivateKeyFormat -> Bool)
-> (PrivateKeyFormat -> PrivateKeyFormat -> Bool)
-> Eq PrivateKeyFormat
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: PrivateKeyFormat -> PrivateKeyFormat -> Bool
== :: PrivateKeyFormat -> PrivateKeyFormat -> Bool
$c/= :: PrivateKeyFormat -> PrivateKeyFormat -> Bool
/= :: PrivateKeyFormat -> PrivateKeyFormat -> Bool
Eq)

newtype Traditional a = Traditional { forall a. Traditional a -> a
unTraditional :: a }

parseTraditional :: ParseASN1Object e (Traditional a) => ParseASN1 e a
parseTraditional :: forall e a. ParseASN1Object e (Traditional a) => ParseASN1 e a
parseTraditional = Traditional a -> a
forall a. Traditional a -> a
unTraditional (Traditional a -> a)
-> ParseASN1 e (Traditional a) -> ParseASN1 e a
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Traditional a)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

data Modern a = Modern [Attribute] a

instance Functor Modern where
    fmap :: forall a b. (a -> b) -> Modern a -> Modern b
fmap a -> b
f (Modern [Attribute]
attrs a
a) = [Attribute] -> b -> Modern b
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs (a -> b
f a
a)

parseModern :: ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern :: forall e a. ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern = Modern a -> a
forall {a}. Modern a -> a
unModern (Modern a -> a) -> ParseASN1 e (Modern a) -> ParseASN1 e a
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern a)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
  where unModern :: Modern a -> a
unModern (Modern [Attribute]
_ a
a) = a
a

-- | A key associated with format.  Allows to implement 'ASN1Object' instances.
data FormattedKey a = FormattedKey PrivateKeyFormat a
    deriving (Int -> FormattedKey a -> FilePath -> FilePath
[FormattedKey a] -> FilePath -> FilePath
FormattedKey a -> FilePath
(Int -> FormattedKey a -> FilePath -> FilePath)
-> (FormattedKey a -> FilePath)
-> ([FormattedKey a] -> FilePath -> FilePath)
-> Show (FormattedKey a)
forall a. Show a => Int -> FormattedKey a -> FilePath -> FilePath
forall a. Show a => [FormattedKey a] -> FilePath -> FilePath
forall a. Show a => FormattedKey a -> FilePath
forall a.
(Int -> a -> FilePath -> FilePath)
-> (a -> FilePath) -> ([a] -> FilePath -> FilePath) -> Show a
$cshowsPrec :: forall a. Show a => Int -> FormattedKey a -> FilePath -> FilePath
showsPrec :: Int -> FormattedKey a -> FilePath -> FilePath
$cshow :: forall a. Show a => FormattedKey a -> FilePath
show :: FormattedKey a -> FilePath
$cshowList :: forall a. Show a => [FormattedKey a] -> FilePath -> FilePath
showList :: [FormattedKey a] -> FilePath -> FilePath
Show,FormattedKey a -> FormattedKey a -> Bool
(FormattedKey a -> FormattedKey a -> Bool)
-> (FormattedKey a -> FormattedKey a -> Bool)
-> Eq (FormattedKey a)
forall a. Eq a => FormattedKey a -> FormattedKey a -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: forall a. Eq a => FormattedKey a -> FormattedKey a -> Bool
== :: FormattedKey a -> FormattedKey a -> Bool
$c/= :: forall a. Eq a => FormattedKey a -> FormattedKey a -> Bool
/= :: FormattedKey a -> FormattedKey a -> Bool
Eq)

instance Functor FormattedKey where
    fmap :: forall a b. (a -> b) -> FormattedKey a -> FormattedKey b
fmap a -> b
f (FormattedKey PrivateKeyFormat
fmt a
a) = PrivateKeyFormat -> b -> FormattedKey b
forall a. PrivateKeyFormat -> a -> FormattedKey a
FormattedKey PrivateKeyFormat
fmt (a -> b
f a
a)

instance (ProduceASN1Object e (Traditional a), ProduceASN1Object e (Modern a)) => ProduceASN1Object e (FormattedKey a) where
    asn1s :: FormattedKey a -> ASN1Stream e
asn1s (FormattedKey PrivateKeyFormat
TraditionalFormat a
k) = Traditional a -> ASN1Stream e
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s (a -> Traditional a
forall a. a -> Traditional a
Traditional a
k)
    asn1s (FormattedKey PrivateKeyFormat
PKCS8Format a
k)       = Modern a -> ASN1Stream e
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s ([Attribute] -> a -> Modern a
forall a. [Attribute] -> a -> Modern a
Modern [] a
k)

instance (Monoid e, ParseASN1Object e (Traditional a), ParseASN1Object e (Modern a)) => ParseASN1Object e (FormattedKey a) where
    parse :: ParseASN1 e (FormattedKey a)
parse = (a -> FormattedKey a
forall {a}. a -> FormattedKey a
modern (a -> FormattedKey a)
-> ParseASN1 e a -> ParseASN1 e (FormattedKey a)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e a
forall e a. ParseASN1Object e (Modern a) => ParseASN1 e a
parseModern) ParseASN1 e (FormattedKey a)
-> ParseASN1 e (FormattedKey a) -> ParseASN1 e (FormattedKey a)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> (a -> FormattedKey a
forall {a}. a -> FormattedKey a
traditional (a -> FormattedKey a)
-> ParseASN1 e a -> ParseASN1 e (FormattedKey a)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e a
forall e a. ParseASN1Object e (Traditional a) => ParseASN1 e a
parseTraditional)
      where
        traditional :: a -> FormattedKey a
traditional = PrivateKeyFormat -> a -> FormattedKey a
forall a. PrivateKeyFormat -> a -> FormattedKey a
FormattedKey PrivateKeyFormat
TraditionalFormat
        modern :: a -> FormattedKey a
modern      = PrivateKeyFormat -> a -> FormattedKey a
forall a. PrivateKeyFormat -> a -> FormattedKey a
FormattedKey PrivateKeyFormat
PKCS8Format

unFormat :: FormattedKey a -> a
unFormat :: forall a. FormattedKey a -> a
unFormat (FormattedKey PrivateKeyFormat
_ a
a) = a
a


-- Private Keys

instance ASN1Object (FormattedKey X509.PrivKey) where
    toASN1 :: FormattedKey PrivKey -> ASN1S
toASN1   = FormattedKey PrivKey -> ASN1S
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s
    fromASN1 :: [ASN1] -> Either FilePath (FormattedKey PrivKey, [ASN1])
fromASN1 = ParseASN1 () (FormattedKey PrivKey)
-> [ASN1] -> Either FilePath (FormattedKey PrivKey, [ASN1])
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath (a, [ASN1])
runParseASN1State ParseASN1 () (FormattedKey PrivKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

instance ASN1Elem e => ProduceASN1Object e (Traditional X509.PrivKey) where
    asn1s :: Traditional PrivKey -> ASN1Stream e
asn1s (Traditional PrivKey
privKey) = (FilePath, ASN1Stream e) -> ASN1Stream e
forall a b. (a, b) -> b
snd ((FilePath, ASN1Stream e) -> ASN1Stream e)
-> (FilePath, ASN1Stream e) -> ASN1Stream e
forall a b. (a -> b) -> a -> b
$ PrivKey -> (FilePath, ASN1Stream e)
forall e. ASN1Elem e => PrivKey -> (FilePath, ASN1Stream e)
traditionalPrivKeyASN1S PrivKey
privKey

instance Monoid e => ParseASN1Object e (Traditional X509.PrivKey) where
    parse :: ParseASN1 e (Traditional PrivKey)
parse = ParseASN1 e (Traditional PrivKey)
rsa ParseASN1 e (Traditional PrivKey)
-> ParseASN1 e (Traditional PrivKey)
-> ParseASN1 e (Traditional PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Traditional PrivKey)
dsa ParseASN1 e (Traditional PrivKey)
-> ParseASN1 e (Traditional PrivKey)
-> ParseASN1 e (Traditional PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Traditional PrivKey)
ecdsa
      where
        rsa :: ParseASN1 e (Traditional PrivKey)
rsa   = PrivKey -> Traditional PrivKey
forall a. a -> Traditional a
Traditional (PrivKey -> Traditional PrivKey)
-> (Traditional PrivateKey -> PrivKey)
-> Traditional PrivateKey
-> Traditional PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PrivateKey -> PrivKey
X509.PrivKeyRSA (PrivateKey -> PrivKey)
-> (Traditional PrivateKey -> PrivateKey)
-> Traditional PrivateKey
-> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Traditional PrivateKey -> PrivateKey
forall a. Traditional a -> a
unTraditional (Traditional PrivateKey -> Traditional PrivKey)
-> ParseASN1 e (Traditional PrivateKey)
-> ParseASN1 e (Traditional PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Traditional PrivateKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        dsa :: ParseASN1 e (Traditional PrivKey)
dsa   = PrivKey -> Traditional PrivKey
forall a. a -> Traditional a
Traditional (PrivKey -> Traditional PrivKey)
-> (Traditional KeyPair -> PrivKey)
-> Traditional KeyPair
-> Traditional PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PrivateKey -> PrivKey
X509.PrivKeyDSA (PrivateKey -> PrivKey)
-> (Traditional KeyPair -> PrivateKey)
-> Traditional KeyPair
-> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. KeyPair -> PrivateKey
DSA.toPrivateKey (KeyPair -> PrivateKey)
-> (Traditional KeyPair -> KeyPair)
-> Traditional KeyPair
-> PrivateKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Traditional KeyPair -> KeyPair
forall a. Traditional a -> a
unTraditional (Traditional KeyPair -> Traditional PrivKey)
-> ParseASN1 e (Traditional KeyPair)
-> ParseASN1 e (Traditional PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Traditional KeyPair)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        ecdsa :: ParseASN1 e (Traditional PrivKey)
ecdsa = PrivKey -> Traditional PrivKey
forall a. a -> Traditional a
Traditional (PrivKey -> Traditional PrivKey)
-> (Traditional PrivKeyEC -> PrivKey)
-> Traditional PrivKeyEC
-> Traditional PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PrivKeyEC -> PrivKey
X509.PrivKeyEC (PrivKeyEC -> PrivKey)
-> (Traditional PrivKeyEC -> PrivKeyEC)
-> Traditional PrivKeyEC
-> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Traditional PrivKeyEC -> PrivKeyEC
forall a. Traditional a -> a
unTraditional (Traditional PrivKeyEC -> Traditional PrivKey)
-> ParseASN1 e (Traditional PrivKeyEC)
-> ParseASN1 e (Traditional PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Traditional PrivKeyEC)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

instance ASN1Elem e => ProduceASN1Object e (Modern X509.PrivKey) where
    asn1s :: Modern PrivKey -> ASN1Stream e
asn1s (Modern [Attribute]
attrs PrivKey
privKey) = [Attribute] -> PrivKey -> ASN1Stream e
forall e. ASN1Elem e => [Attribute] -> PrivKey -> ASN1Stream e
modernPrivKeyASN1S [Attribute]
attrs PrivKey
privKey

instance Monoid e => ParseASN1Object e (Modern X509.PrivKey) where
    parse :: ParseASN1 e (Modern PrivKey)
parse = ParseASN1 e (Modern PrivKey)
rsa ParseASN1 e (Modern PrivKey)
-> ParseASN1 e (Modern PrivKey) -> ParseASN1 e (Modern PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Modern PrivKey)
dsa ParseASN1 e (Modern PrivKey)
-> ParseASN1 e (Modern PrivKey) -> ParseASN1 e (Modern PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Modern PrivKey)
ecdsa ParseASN1 e (Modern PrivKey)
-> ParseASN1 e (Modern PrivKey) -> ParseASN1 e (Modern PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Modern PrivKey)
x25519 ParseASN1 e (Modern PrivKey)
-> ParseASN1 e (Modern PrivKey) -> ParseASN1 e (Modern PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Modern PrivKey)
x448 ParseASN1 e (Modern PrivKey)
-> ParseASN1 e (Modern PrivKey) -> ParseASN1 e (Modern PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Modern PrivKey)
ed25519 ParseASN1 e (Modern PrivKey)
-> ParseASN1 e (Modern PrivKey) -> ParseASN1 e (Modern PrivKey)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Modern PrivKey)
ed448
      where
        rsa :: ParseASN1 e (Modern PrivKey)
rsa   = (PrivateKey -> PrivKey) -> Modern PrivateKey -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap PrivateKey -> PrivKey
X509.PrivKeyRSA  (Modern PrivateKey -> Modern PrivKey)
-> ParseASN1 e (Modern PrivateKey) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern PrivateKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        dsa :: ParseASN1 e (Modern PrivKey)
dsa   = (KeyPair -> PrivKey) -> Modern KeyPair -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap (PrivateKey -> PrivKey
X509.PrivKeyDSA (PrivateKey -> PrivKey)
-> (KeyPair -> PrivateKey) -> KeyPair -> PrivKey
forall b c a. (b -> c) -> (a -> b) -> a -> c
. KeyPair -> PrivateKey
DSA.toPrivateKey) (Modern KeyPair -> Modern PrivKey)
-> ParseASN1 e (Modern KeyPair) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern KeyPair)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        ecdsa :: ParseASN1 e (Modern PrivKey)
ecdsa = (PrivKeyEC -> PrivKey) -> Modern PrivKeyEC -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap PrivKeyEC -> PrivKey
X509.PrivKeyEC (Modern PrivKeyEC -> Modern PrivKey)
-> ParseASN1 e (Modern PrivKeyEC) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern PrivKeyEC)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        x25519 :: ParseASN1 e (Modern PrivKey)
x25519  = (SecretKey -> PrivKey) -> Modern SecretKey -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap SecretKey -> PrivKey
X509.PrivKeyX25519 (Modern SecretKey -> Modern PrivKey)
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern SecretKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        x448 :: ParseASN1 e (Modern PrivKey)
x448    = (SecretKey -> PrivKey) -> Modern SecretKey -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap SecretKey -> PrivKey
X509.PrivKeyX448 (Modern SecretKey -> Modern PrivKey)
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern SecretKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        ed25519 :: ParseASN1 e (Modern PrivKey)
ed25519 = (SecretKey -> PrivKey) -> Modern SecretKey -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap SecretKey -> PrivKey
X509.PrivKeyEd25519 (Modern SecretKey -> Modern PrivKey)
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern SecretKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse
        ed448 :: ParseASN1 e (Modern PrivKey)
ed448   = (SecretKey -> PrivKey) -> Modern SecretKey -> Modern PrivKey
forall a b. (a -> b) -> Modern a -> Modern b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap SecretKey -> PrivKey
X509.PrivKeyEd448 (Modern SecretKey -> Modern PrivKey)
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern PrivKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> ParseASN1 e (Modern SecretKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

skipVersion :: Monoid e => ParseASN1 e ()
skipVersion :: forall e. Monoid e => ParseASN1 e ()
skipVersion = do
    IntVal Integer
v <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    Bool -> ParseASN1 e () -> ParseASN1 e ()
forall (f :: * -> *). Applicative f => Bool -> f () -> f ()
when (Integer
v Integer -> Integer -> Bool
forall a. Eq a => a -> a -> Bool
/= Integer
0 Bool -> Bool -> Bool
&& Integer
v Integer -> Integer -> Bool
forall a. Eq a => a -> a -> Bool
/= Integer
1) (ParseASN1 e () -> ParseASN1 e ())
-> ParseASN1 e () -> ParseASN1 e ()
forall a b. (a -> b) -> a -> b
$
        FilePath -> ParseASN1 e ()
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: parsed invalid version: " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ Integer -> FilePath
forall a. Show a => a -> FilePath
show Integer
v)

skipPublicKey :: Monoid e => ParseASN1 e ()
skipPublicKey :: forall e. Monoid e => ParseASN1 e ()
skipPublicKey = ParseASN1 e (Maybe ByteString) -> ParseASN1 e ()
forall (f :: * -> *) a. Functor f => f a -> f ()
void ((ByteString -> Maybe ByteString)
-> ParseASN1 e ByteString -> ParseASN1 e (Maybe ByteString)
forall a b. (a -> b) -> ParseASN1 e a -> ParseASN1 e b
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
fmap ByteString -> Maybe ByteString
forall a. a -> Maybe a
Just ParseASN1 e ByteString
parseTaggedPrimitive ParseASN1 e (Maybe ByteString)
-> ParseASN1 e (Maybe ByteString) -> ParseASN1 e (Maybe ByteString)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> Maybe ByteString -> ParseASN1 e (Maybe ByteString)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe ByteString
forall a. Maybe a
Nothing)
  where parseTaggedPrimitive :: ParseASN1 e ByteString
parseTaggedPrimitive = do { Other ASN1Class
_ Int
1 ByteString
bs <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext; ByteString -> ParseASN1 e ByteString
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ByteString
bs }

parseAttrKeys :: Monoid e => ParseASN1 e ([Attribute], B.ByteString)
parseAttrKeys :: forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys = do
    OctetString ByteString
bs <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    [Attribute]
attrs <- ASN1ConstructionType -> ParseASN1 e [Attribute]
forall e.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e [Attribute]
parseAttributes (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0)
    ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipPublicKey
    ([Attribute], ByteString) -> ParseASN1 e ([Attribute], ByteString)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ([Attribute]
attrs, ByteString
bs)


-- RSA

instance ASN1Object (FormattedKey RSA.PrivateKey) where
    toASN1 :: FormattedKey PrivateKey -> ASN1S
toASN1   = FormattedKey PrivateKey -> ASN1S
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s
    fromASN1 :: [ASN1] -> Either FilePath (FormattedKey PrivateKey, [ASN1])
fromASN1 = ParseASN1 () (FormattedKey PrivateKey)
-> [ASN1] -> Either FilePath (FormattedKey PrivateKey, [ASN1])
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath (a, [ASN1])
runParseASN1State ParseASN1 () (FormattedKey PrivateKey)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

instance ASN1Elem e => ProduceASN1Object e (Traditional RSA.PrivateKey) where
    asn1s :: Traditional PrivateKey -> ASN1Stream e
asn1s (Traditional PrivateKey
privKey) =
        ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
n ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
e ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
d ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
p1 ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
p2 ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
pexp1 ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
pexp2 ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
pcoef)
      where
        pubKey :: PublicKey
pubKey = PrivateKey -> PublicKey
RSA.private_pub PrivateKey
privKey

        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        n :: ASN1Stream e
n     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PublicKey -> Integer
RSA.public_n PublicKey
pubKey)
        e :: ASN1Stream e
e     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PublicKey -> Integer
RSA.public_e PublicKey
pubKey)
        d :: ASN1Stream e
d     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PrivateKey -> Integer
RSA.private_d PrivateKey
privKey)
        p1 :: ASN1Stream e
p1    = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PrivateKey -> Integer
RSA.private_p PrivateKey
privKey)
        p2 :: ASN1Stream e
p2    = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PrivateKey -> Integer
RSA.private_q PrivateKey
privKey)
        pexp1 :: ASN1Stream e
pexp1 = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PrivateKey -> Integer
RSA.private_dP PrivateKey
privKey)
        pexp2 :: ASN1Stream e
pexp2 = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PrivateKey -> Integer
RSA.private_dQ PrivateKey
privKey)
        pcoef :: ASN1Stream e
pcoef = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (PrivateKey -> Integer
RSA.private_qinv PrivateKey
privKey)

instance Monoid e => ParseASN1Object e (Traditional RSA.PrivateKey) where
    parse :: ParseASN1 e (Traditional PrivateKey)
parse = ASN1ConstructionType
-> ParseASN1 e (Traditional PrivateKey)
-> ParseASN1 e (Traditional PrivateKey)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Traditional PrivateKey)
 -> ParseASN1 e (Traditional PrivateKey))
-> ParseASN1 e (Traditional PrivateKey)
-> ParseASN1 e (Traditional PrivateKey)
forall a b. (a -> b) -> a -> b
$ do
        IntVal Integer
0 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
n <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
e <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
d <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
p1 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
p2 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
pexp1 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
pexp2 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
pcoef <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        let pubKey :: PublicKey
pubKey  = RSA.PublicKey { public_size :: Int
RSA.public_size = Integer -> Int
numBytes Integer
n
                                    , public_n :: Integer
RSA.public_n    = Integer
n
                                    , public_e :: Integer
RSA.public_e    = Integer
e
                                    }
            privKey :: PrivateKey
privKey = RSA.PrivateKey { private_pub :: PublicKey
RSA.private_pub  = PublicKey
pubKey
                                    , private_d :: Integer
RSA.private_d    = Integer
d
                                    , private_p :: Integer
RSA.private_p    = Integer
p1
                                    , private_q :: Integer
RSA.private_q    = Integer
p2
                                    , private_dP :: Integer
RSA.private_dP   = Integer
pexp1
                                    , private_dQ :: Integer
RSA.private_dQ   = Integer
pexp2
                                    , private_qinv :: Integer
RSA.private_qinv = Integer
pcoef
                                    }
        Traditional PrivateKey -> ParseASN1 e (Traditional PrivateKey)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return (PrivateKey -> Traditional PrivateKey
forall a. a -> Traditional a
Traditional PrivateKey
privKey)

instance ASN1Elem e => ProduceASN1Object e (Modern RSA.PrivateKey) where
    asn1s :: Modern PrivateKey -> ASN1Stream e
asn1s (Modern [Attribute]
attrs PrivateKey
privKey) =
        ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
alg ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        alg :: ASN1Stream e
alg   = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
oid ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
forall e. ASN1Elem e => ASN1Stream e
gNull)
        oid :: ASN1Stream e
oid   = OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
2,Integer
840,Integer
113549,Integer
1,Integer
1,Integer
1]
        bs :: ASN1Stream e
bs    = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (Traditional PrivateKey -> ByteString
forall obj. ProduceASN1Object ASN1P obj => obj -> ByteString
encodeASN1Object (Traditional PrivateKey -> ByteString)
-> Traditional PrivateKey -> ByteString
forall a b. (a -> b) -> a -> b
$ PrivateKey -> Traditional PrivateKey
forall a. a -> Traditional a
Traditional PrivateKey
privKey)
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern RSA.PrivateKey) where
    parse :: ParseASN1 e (Modern PrivateKey)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern PrivateKey)
-> ParseASN1 e (Modern PrivateKey)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern PrivateKey)
 -> ParseASN1 e (Modern PrivateKey))
-> ParseASN1 e (Modern PrivateKey)
-> ParseASN1 e (Modern PrivateKey)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        ASN1
Null <- ASN1ConstructionType -> ParseASN1 e ASN1 -> ParseASN1 e ASN1
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e ASN1 -> ParseASN1 e ASN1)
-> ParseASN1 e ASN1 -> ParseASN1 e ASN1
forall a b. (a -> b) -> a -> b
$ do
                    OID [Integer
1,Integer
2,Integer
840,Integer
113549,Integer
1,Integer
1,Integer
1] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                    ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        let inner :: Either ASN1Error [ASN1]
inner = BER -> ByteString -> Either ASN1Error [ASN1]
forall a.
ASN1Decoding a =>
a -> ByteString -> Either ASN1Error [ASN1]
decodeASN1' BER
BER ByteString
bs
            strError :: ASN1Error -> Either FilePath b
strError = FilePath -> Either FilePath b
forall a b. a -> Either a b
Left (FilePath -> Either FilePath b)
-> (ASN1Error -> FilePath) -> ASN1Error -> Either FilePath b
forall b c a. (b -> c) -> (a -> b) -> a -> c
.  (FilePath
"PKCS8: error decoding inner RSA: " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++) (FilePath -> FilePath)
-> (ASN1Error -> FilePath) -> ASN1Error -> FilePath
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Error -> FilePath
forall a. Show a => a -> FilePath
show
        case (ASN1Error -> Either FilePath PrivateKey)
-> ([ASN1] -> Either FilePath PrivateKey)
-> Either ASN1Error [ASN1]
-> Either FilePath PrivateKey
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either ASN1Error -> Either FilePath PrivateKey
forall {b}. ASN1Error -> Either FilePath b
strError (ParseASN1 () PrivateKey -> [ASN1] -> Either FilePath PrivateKey
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath a
runParseASN1 ParseASN1 () PrivateKey
forall e a. ParseASN1Object e (Traditional a) => ParseASN1 e a
parseTraditional) Either ASN1Error [ASN1]
inner of
             Left FilePath
err -> FilePath -> ParseASN1 e (Modern PrivateKey)
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: error parsing inner RSA: " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
err)
             Right PrivateKey
privKey -> Modern PrivateKey -> ParseASN1 e (Modern PrivateKey)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ([Attribute] -> PrivateKey -> Modern PrivateKey
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs PrivateKey
privKey)


-- DSA

instance ASN1Object (FormattedKey DSA.KeyPair) where
    toASN1 :: FormattedKey KeyPair -> ASN1S
toASN1   = FormattedKey KeyPair -> ASN1S
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s
    fromASN1 :: [ASN1] -> Either FilePath (FormattedKey KeyPair, [ASN1])
fromASN1 = ParseASN1 () (FormattedKey KeyPair)
-> [ASN1] -> Either FilePath (FormattedKey KeyPair, [ASN1])
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath (a, [ASN1])
runParseASN1State ParseASN1 () (FormattedKey KeyPair)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

instance ASN1Elem e => ProduceASN1Object e (Traditional DSA.KeyPair) where
    asn1s :: Traditional KeyPair -> ASN1Stream e
asn1s (Traditional (DSA.KeyPair Params
params Integer
pub Integer
priv)) =
        ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Params -> ASN1Stream e
forall e. ASN1Elem e => Params -> ASN1Stream e
pqgASN1S Params
params ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
pub' ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
priv')
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        pub' :: ASN1Stream e
pub'  = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
pub
        priv' :: ASN1Stream e
priv' = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
priv

instance Monoid e => ParseASN1Object e (Traditional DSA.KeyPair) where
    parse :: ParseASN1 e (Traditional KeyPair)
parse = ASN1ConstructionType
-> ParseASN1 e (Traditional KeyPair)
-> ParseASN1 e (Traditional KeyPair)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Traditional KeyPair)
 -> ParseASN1 e (Traditional KeyPair))
-> ParseASN1 e (Traditional KeyPair)
-> ParseASN1 e (Traditional KeyPair)
forall a b. (a -> b) -> a -> b
$ do
        IntVal Integer
0 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        Params
params <- ParseASN1 e Params
forall e. Monoid e => ParseASN1 e Params
parsePQG
        IntVal Integer
pub <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        IntVal Integer
priv <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        Traditional KeyPair -> ParseASN1 e (Traditional KeyPair)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return (KeyPair -> Traditional KeyPair
forall a. a -> Traditional a
Traditional (KeyPair -> Traditional KeyPair) -> KeyPair -> Traditional KeyPair
forall a b. (a -> b) -> a -> b
$ Params -> Integer -> Integer -> KeyPair
DSA.KeyPair Params
params Integer
pub Integer
priv)

instance ASN1Elem e => ProduceASN1Object e (Modern DSA.KeyPair) where
    asn1s :: Modern KeyPair -> ASN1Stream e
asn1s (Modern [Attribute]
attrs (DSA.KeyPair Params
params Integer
_ Integer
priv)) =
        ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
alg ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        alg :: ASN1Stream e
alg   = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
oid ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
pr)
        oid :: ASN1Stream e
oid   = OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
2,Integer
840,Integer
10040,Integer
4,Integer
1]
        pr :: ASN1Stream e
pr    = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (Params -> ASN1Stream e
forall e. ASN1Elem e => Params -> ASN1Stream e
pqgASN1S Params
params)
        bs :: ASN1Stream e
bs    = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (ASN1PS -> ByteString
encodeASN1S (ASN1PS -> ByteString) -> ASN1PS -> ByteString
forall a b. (a -> b) -> a -> b
$ Integer -> ASN1PS
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
priv)
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern DSA.KeyPair) where
    parse :: ParseASN1 e (Modern KeyPair)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern KeyPair) -> ParseASN1 e (Modern KeyPair)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern KeyPair) -> ParseASN1 e (Modern KeyPair))
-> ParseASN1 e (Modern KeyPair) -> ParseASN1 e (Modern KeyPair)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        Params
params <- ASN1ConstructionType -> ParseASN1 e Params -> ParseASN1 e Params
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e Params -> ParseASN1 e Params)
-> ParseASN1 e Params -> ParseASN1 e Params
forall a b. (a -> b) -> a -> b
$ do
                      OID [Integer
1,Integer
2,Integer
840,Integer
10040,Integer
4,Integer
1] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                      ASN1ConstructionType -> ParseASN1 e Params -> ParseASN1 e Params
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence ParseASN1 e Params
forall e. Monoid e => ParseASN1 e Params
parsePQG
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        case BER -> ByteString -> Either ASN1Error [ASN1]
forall a.
ASN1Decoding a =>
a -> ByteString -> Either ASN1Error [ASN1]
decodeASN1' BER
BER ByteString
bs of
            Right [IntVal Integer
priv] ->
                let pub :: Integer
pub = Params -> Integer -> Integer
DSA.calculatePublic Params
params Integer
priv
                 in Modern KeyPair -> ParseASN1 e (Modern KeyPair)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ([Attribute] -> KeyPair -> Modern KeyPair
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs (KeyPair -> Modern KeyPair) -> KeyPair -> Modern KeyPair
forall a b. (a -> b) -> a -> b
$ Params -> Integer -> Integer -> KeyPair
DSA.KeyPair Params
params Integer
pub Integer
priv)
            Right [ASN1]
_ -> FilePath -> ParseASN1 e (Modern KeyPair)
forall e a. FilePath -> ParseASN1 e a
throwParseError FilePath
"PKCS8: invalid format when parsing inner DSA"
            Left  ASN1Error
e -> FilePath -> ParseASN1 e (Modern KeyPair)
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: error parsing inner DSA: " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ ASN1Error -> FilePath
forall a. Show a => a -> FilePath
show ASN1Error
e)

pqgASN1S :: ASN1Elem e => DSA.Params -> ASN1Stream e
pqgASN1S :: forall e. ASN1Elem e => Params -> ASN1Stream e
pqgASN1S Params
params = ASN1Stream e
p ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
q ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
g
  where p :: ASN1Stream e
p = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (Params -> Integer
DSA.params_p Params
params)
        q :: ASN1Stream e
q = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (Params -> Integer
DSA.params_q Params
params)
        g :: ASN1Stream e
g = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal (Params -> Integer
DSA.params_g Params
params)

parsePQG :: Monoid e => ParseASN1 e DSA.Params
parsePQG :: forall e. Monoid e => ParseASN1 e Params
parsePQG = do
    IntVal Integer
p <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    IntVal Integer
q <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    IntVal Integer
g <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    Params -> ParseASN1 e Params
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return DSA.Params { params_p :: Integer
DSA.params_p = Integer
p
                      , params_q :: Integer
DSA.params_q = Integer
q
                      , params_g :: Integer
DSA.params_g = Integer
g
                      }

dsaPrivToPair :: DSA.PrivateKey -> DSA.KeyPair
dsaPrivToPair :: PrivateKey -> KeyPair
dsaPrivToPair PrivateKey
k = Params -> Integer -> Integer -> KeyPair
DSA.KeyPair Params
params Integer
pub Integer
x
  where pub :: Integer
pub     = Params -> Integer -> Integer
DSA.calculatePublic Params
params Integer
x
        params :: Params
params  = PrivateKey -> Params
DSA.private_params PrivateKey
k
        x :: Integer
x       = PrivateKey -> Integer
DSA.private_x PrivateKey
k


-- ECDSA

instance ASN1Object (FormattedKey X509.PrivKeyEC) where
    toASN1 :: FormattedKey PrivKeyEC -> ASN1S
toASN1   = FormattedKey PrivKeyEC -> ASN1S
forall e obj. ProduceASN1Object e obj => obj -> ASN1Stream e
asn1s
    fromASN1 :: [ASN1] -> Either FilePath (FormattedKey PrivKeyEC, [ASN1])
fromASN1 = ParseASN1 () (FormattedKey PrivKeyEC)
-> [ASN1] -> Either FilePath (FormattedKey PrivKeyEC, [ASN1])
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath (a, [ASN1])
runParseASN1State ParseASN1 () (FormattedKey PrivKeyEC)
forall e obj. ParseASN1Object e obj => ParseASN1 e obj
parse

instance ASN1Elem e => ProduceASN1Object e (Traditional X509.PrivKeyEC) where
    asn1s :: Traditional PrivKeyEC -> ASN1Stream e
asn1s = Bool -> PrivKeyEC -> ASN1Stream e
forall e. ASN1Elem e => Bool -> PrivKeyEC -> ASN1Stream e
innerEcdsaASN1S Bool
True (PrivKeyEC -> ASN1Stream e)
-> (Traditional PrivKeyEC -> PrivKeyEC)
-> Traditional PrivKeyEC
-> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. Traditional PrivKeyEC -> PrivKeyEC
forall a. Traditional a -> a
unTraditional

instance Monoid e => ParseASN1Object e (Traditional X509.PrivKeyEC) where
    parse :: ParseASN1 e (Traditional PrivKeyEC)
parse = PrivKeyEC -> Traditional PrivKeyEC
forall a. a -> Traditional a
Traditional (PrivKeyEC -> Traditional PrivKeyEC)
-> ParseASN1 e PrivKeyEC -> ParseASN1 e (Traditional PrivKeyEC)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> Maybe (Integer -> PrivKeyEC) -> ParseASN1 e PrivKeyEC
forall e.
Monoid e =>
Maybe (Integer -> PrivKeyEC) -> ParseASN1 e PrivKeyEC
parseInnerEcdsa Maybe (Integer -> PrivKeyEC)
forall a. Maybe a
Nothing

instance ASN1Elem e => ProduceASN1Object e (Modern X509.PrivKeyEC) where
    asn1s :: Modern PrivKeyEC -> ASN1Stream e
asn1s (Modern [Attribute]
attrs PrivKeyEC
privKey) = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
f ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        f :: ASN1Stream e
f     = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
oid ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. PrivKeyEC -> ASN1Stream e
forall e. ASN1Elem e => PrivKeyEC -> ASN1Stream e
curveFnASN1S PrivKeyEC
privKey)
        oid :: ASN1Stream e
oid   = OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
2,Integer
840,Integer
10045,Integer
2,Integer
1]
        bs :: ASN1Stream e
bs    = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (ASN1PS -> ByteString
encodeASN1S ASN1PS
inner)
        inner :: ASN1PS
inner = Bool -> PrivKeyEC -> ASN1PS
forall e. ASN1Elem e => Bool -> PrivKeyEC -> ASN1Stream e
innerEcdsaASN1S Bool
False PrivKeyEC
privKey
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern X509.PrivKeyEC) where
    parse :: ParseASN1 e (Modern PrivKeyEC)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern PrivKeyEC) -> ParseASN1 e (Modern PrivKeyEC)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern PrivKeyEC) -> ParseASN1 e (Modern PrivKeyEC))
-> ParseASN1 e (Modern PrivKeyEC) -> ParseASN1 e (Modern PrivKeyEC)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        Integer -> PrivKeyEC
f <- ASN1ConstructionType
-> ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Integer -> PrivKeyEC)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Integer -> PrivKeyEC)
 -> ParseASN1 e (Integer -> PrivKeyEC))
-> ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Integer -> PrivKeyEC)
forall a b. (a -> b) -> a -> b
$ do
            OID [Integer
1,Integer
2,Integer
840,Integer
10045,Integer
2,Integer
1] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
            ParseASN1 e (Integer -> PrivKeyEC)
forall e. Monoid e => ParseASN1 e (Integer -> PrivKeyEC)
parseCurveFn
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        let inner :: Either ASN1Error [ASN1]
inner = BER -> ByteString -> Either ASN1Error [ASN1]
forall a.
ASN1Decoding a =>
a -> ByteString -> Either ASN1Error [ASN1]
decodeASN1' BER
BER ByteString
bs
            strError :: ASN1Error -> Either FilePath b
strError = FilePath -> Either FilePath b
forall a b. a -> Either a b
Left (FilePath -> Either FilePath b)
-> (ASN1Error -> FilePath) -> ASN1Error -> Either FilePath b
forall b c a. (b -> c) -> (a -> b) -> a -> c
.  (FilePath
"PKCS8: error decoding inner EC: " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++) (FilePath -> FilePath)
-> (ASN1Error -> FilePath) -> ASN1Error -> FilePath
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Error -> FilePath
forall a. Show a => a -> FilePath
show
        case (ASN1Error -> Either FilePath PrivKeyEC)
-> ([ASN1] -> Either FilePath PrivKeyEC)
-> Either ASN1Error [ASN1]
-> Either FilePath PrivKeyEC
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either ASN1Error -> Either FilePath PrivKeyEC
forall {b}. ASN1Error -> Either FilePath b
strError (ParseASN1 () PrivKeyEC -> [ASN1] -> Either FilePath PrivKeyEC
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath a
runParseASN1 (ParseASN1 () PrivKeyEC -> [ASN1] -> Either FilePath PrivKeyEC)
-> ParseASN1 () PrivKeyEC -> [ASN1] -> Either FilePath PrivKeyEC
forall a b. (a -> b) -> a -> b
$ Maybe (Integer -> PrivKeyEC) -> ParseASN1 () PrivKeyEC
forall e.
Monoid e =>
Maybe (Integer -> PrivKeyEC) -> ParseASN1 e PrivKeyEC
parseInnerEcdsa (Maybe (Integer -> PrivKeyEC) -> ParseASN1 () PrivKeyEC)
-> Maybe (Integer -> PrivKeyEC) -> ParseASN1 () PrivKeyEC
forall a b. (a -> b) -> a -> b
$ (Integer -> PrivKeyEC) -> Maybe (Integer -> PrivKeyEC)
forall a. a -> Maybe a
Just Integer -> PrivKeyEC
f) Either ASN1Error [ASN1]
inner of
            Left FilePath
err -> FilePath -> ParseASN1 e (Modern PrivKeyEC)
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: error parsing inner EC: " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
err)
            Right PrivKeyEC
privKey -> Modern PrivKeyEC -> ParseASN1 e (Modern PrivKeyEC)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ([Attribute] -> PrivKeyEC -> Modern PrivKeyEC
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs PrivKeyEC
privKey)

innerEcdsaASN1S :: ASN1Elem e => Bool -> X509.PrivKeyEC -> ASN1Stream e
innerEcdsaASN1S :: forall e. ASN1Elem e => Bool -> PrivKeyEC -> ASN1Stream e
innerEcdsaASN1S Bool
addC PrivKeyEC
k
    | Bool
addC      = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
ds ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
c0 ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
c1)
    | Bool
otherwise = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
ds ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
c1)
  where
    curve :: Curve
curve = Curve -> Maybe Curve -> Curve
forall a. a -> Maybe a -> a
fromMaybe (FilePath -> Curve
forall a. HasCallStack => FilePath -> a
error FilePath
"PKCS8: invalid EC parameters") (PrivKeyEC -> Maybe Curve
ecPrivKeyCurve PrivKeyEC
k)
    bytes :: Int
bytes = Curve -> Int
curveOrderBytes Curve
curve

    v :: ASN1Stream e
v  = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
1
    ds :: ASN1Stream e
ds = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (Int -> Integer -> ByteString
forall ba. ByteArray ba => Int -> Integer -> ba
i2ospOf_ Int
bytes (PrivKeyEC -> Integer
X509.privkeyEC_priv PrivKeyEC
k))
    c0 :: ASN1Stream e
c0 = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) (PrivKeyEC -> ASN1Stream e
forall e. ASN1Elem e => PrivKeyEC -> ASN1Stream e
curveFnASN1S PrivKeyEC
k)
    c1 :: ASN1Stream e
c1 = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
1) ASN1Stream e
pub

    pub :: ASN1Stream e
pub = BitArray -> ASN1Stream e
forall e. ASN1Elem e => BitArray -> ASN1Stream e
gBitString (ByteString -> Int -> BitArray
toBitArray ByteString
sp Int
0)
    X509.SerializedPoint ByteString
sp = Curve -> Integer -> SerializedPoint
getSerializedPoint Curve
curve (PrivKeyEC -> Integer
X509.privkeyEC_priv PrivKeyEC
k)

parseInnerEcdsa :: Monoid e
                => Maybe (ECDSA.PrivateNumber -> X509.PrivKeyEC)
                -> ParseASN1 e X509.PrivKeyEC
parseInnerEcdsa :: forall e.
Monoid e =>
Maybe (Integer -> PrivKeyEC) -> ParseASN1 e PrivKeyEC
parseInnerEcdsa Maybe (Integer -> PrivKeyEC)
fn = ASN1ConstructionType
-> ParseASN1 e PrivKeyEC -> ParseASN1 e PrivKeyEC
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e PrivKeyEC -> ParseASN1 e PrivKeyEC)
-> ParseASN1 e PrivKeyEC -> ParseASN1 e PrivKeyEC
forall a b. (a -> b) -> a -> b
$ do
    IntVal Integer
1 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    OctetString ByteString
ds <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
    let d :: Integer
d = ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
ds
    Maybe (Integer -> PrivKeyEC)
m <- ASN1ConstructionType
-> ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Maybe (Integer -> PrivKeyEC))
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e (Maybe a)
onNextContainerMaybe (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) ParseASN1 e (Integer -> PrivKeyEC)
forall e. Monoid e => ParseASN1 e (Integer -> PrivKeyEC)
parseCurveFn
    Maybe BitArray
_ <- ASN1ConstructionType
-> ParseASN1 e BitArray -> ParseASN1 e (Maybe BitArray)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e (Maybe a)
onNextContainerMaybe (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
1) ParseASN1 e BitArray
parsePK
    case Maybe (Integer -> PrivKeyEC)
fn Maybe (Integer -> PrivKeyEC)
-> Maybe (Integer -> PrivKeyEC) -> Maybe (Integer -> PrivKeyEC)
forall a. Maybe a -> Maybe a -> Maybe a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> Maybe (Integer -> PrivKeyEC)
m of
        Maybe (Integer -> PrivKeyEC)
Nothing     -> FilePath -> ParseASN1 e PrivKeyEC
forall e a. FilePath -> ParseASN1 e a
throwParseError FilePath
"PKCS8: no curve found in EC private key"
        Just Integer -> PrivKeyEC
getKey -> PrivKeyEC -> ParseASN1 e PrivKeyEC
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return (Integer -> PrivKeyEC
getKey Integer
d)
  where
    parsePK :: ParseASN1 e BitArray
parsePK = do { BitString BitArray
bs <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext; BitArray -> ParseASN1 e BitArray
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return BitArray
bs }

curveFnASN1S :: ASN1Elem e => X509.PrivKeyEC -> ASN1Stream e
curveFnASN1S :: forall e. ASN1Elem e => PrivKeyEC -> ASN1Stream e
curveFnASN1S X509.PrivKeyEC_Named{Integer
CurveName
privkeyEC_priv :: PrivKeyEC -> Integer
privkeyEC_name :: CurveName
privkeyEC_priv :: Integer
privkeyEC_name :: PrivKeyEC -> CurveName
..} = OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID (CurveName -> OID
curveNameOID CurveName
privkeyEC_name)
curveFnASN1S X509.PrivKeyEC_Prime{Integer
SerializedPoint
privkeyEC_priv :: PrivKeyEC -> Integer
privkeyEC_priv :: Integer
privkeyEC_a :: Integer
privkeyEC_b :: Integer
privkeyEC_prime :: Integer
privkeyEC_generator :: SerializedPoint
privkeyEC_order :: Integer
privkeyEC_cofactor :: Integer
privkeyEC_seed :: Integer
privkeyEC_a :: PrivKeyEC -> Integer
privkeyEC_b :: PrivKeyEC -> Integer
privkeyEC_prime :: PrivKeyEC -> Integer
privkeyEC_generator :: PrivKeyEC -> SerializedPoint
privkeyEC_order :: PrivKeyEC -> Integer
privkeyEC_cofactor :: PrivKeyEC -> Integer
privkeyEC_seed :: PrivKeyEC -> Integer
..} =
    ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
prime ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
abSeed ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
gen ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
o ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
c)
  where
    X509.SerializedPoint ByteString
generator = SerializedPoint
privkeyEC_generator
    bytes :: Int
bytes  = Integer -> Int
numBytes Integer
privkeyEC_prime

    v :: ASN1Stream e
v      = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
1

    prime :: ASN1Stream e
prime  = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
oid ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
p)
    oid :: ASN1Stream e
oid    = OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
2,Integer
840,Integer
10045,Integer
1,Integer
1]
    p :: ASN1Stream e
p      = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
privkeyEC_prime

    abSeed :: ASN1Stream e
abSeed = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
a ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
b ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
seed)
    a :: ASN1Stream e
a      = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (Int -> Integer -> ByteString
forall ba. ByteArray ba => Int -> Integer -> ba
i2ospOf_ Int
bytes Integer
privkeyEC_a)
    b :: ASN1Stream e
b      = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (Int -> Integer -> ByteString
forall ba. ByteArray ba => Int -> Integer -> ba
i2ospOf_ Int
bytes Integer
privkeyEC_b)
    seed :: ASN1Stream e
seed   = if Integer
privkeyEC_seed Integer -> Integer -> Bool
forall a. Ord a => a -> a -> Bool
> Integer
0
                 then BitArray -> ASN1Stream e
forall e. ASN1Elem e => BitArray -> ASN1Stream e
gBitString (ByteString -> Int -> BitArray
toBitArray (Integer -> ByteString
forall ba. ByteArray ba => Integer -> ba
i2osp Integer
privkeyEC_seed) Int
0)
                 else ASN1Stream e
forall a. a -> a
id

    gen :: ASN1Stream e
gen    = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString ByteString
generator
    o :: ASN1Stream e
o      = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
privkeyEC_order
    c :: ASN1Stream e
c      = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
privkeyEC_cofactor

parseCurveFn :: Monoid e => ParseASN1 e (ECDSA.PrivateNumber -> X509.PrivKeyEC)
parseCurveFn :: forall e. Monoid e => ParseASN1 e (Integer -> PrivKeyEC)
parseCurveFn = ParseASN1 e (Integer -> PrivKeyEC)
parseNamedCurve ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Integer -> PrivKeyEC)
forall a. ParseASN1 e a -> ParseASN1 e a -> ParseASN1 e a
forall (f :: * -> *) a. Alternative f => f a -> f a -> f a
<|> ParseASN1 e (Integer -> PrivKeyEC)
parsePrimeCurve
  where
    parseNamedCurve :: ParseASN1 e (Integer -> PrivKeyEC)
parseNamedCurve = do
        OID OID
oid <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        case OID -> Maybe CurveName
lookupCurveNameByOID OID
oid of
            Just CurveName
name -> (Integer -> PrivKeyEC) -> ParseASN1 e (Integer -> PrivKeyEC)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ((Integer -> PrivKeyEC) -> ParseASN1 e (Integer -> PrivKeyEC))
-> (Integer -> PrivKeyEC) -> ParseASN1 e (Integer -> PrivKeyEC)
forall a b. (a -> b) -> a -> b
$ \Integer
d ->
                            X509.PrivKeyEC_Named
                                { privkeyEC_name :: CurveName
X509.privkeyEC_name = CurveName
name
                                , privkeyEC_priv :: Integer
X509.privkeyEC_priv = Integer
d
                                }
            Maybe CurveName
Nothing -> FilePath -> ParseASN1 e (Integer -> PrivKeyEC)
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: unknown EC curve with OID " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ OID -> FilePath
forall a. Show a => a -> FilePath
show OID
oid)

    parsePrimeCurve :: ParseASN1 e (Integer -> PrivKeyEC)
parsePrimeCurve =
        ASN1ConstructionType
-> ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Integer -> PrivKeyEC)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Integer -> PrivKeyEC)
 -> ParseASN1 e (Integer -> PrivKeyEC))
-> ParseASN1 e (Integer -> PrivKeyEC)
-> ParseASN1 e (Integer -> PrivKeyEC)
forall a b. (a -> b) -> a -> b
$ do
            IntVal Integer
1 <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
            Integer
prime <- ASN1ConstructionType -> ParseASN1 e Integer -> ParseASN1 e Integer
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e Integer -> ParseASN1 e Integer)
-> ParseASN1 e Integer -> ParseASN1 e Integer
forall a b. (a -> b) -> a -> b
$ do
                OID [Integer
1,Integer
2,Integer
840,Integer
10045,Integer
1,Integer
1] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                IntVal Integer
prime <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                Integer -> ParseASN1 e Integer
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return Integer
prime
            (ByteString
a, ByteString
b, Integer
seed) <- ASN1ConstructionType
-> ParseASN1 e (ByteString, ByteString, Integer)
-> ParseASN1 e (ByteString, ByteString, Integer)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (ByteString, ByteString, Integer)
 -> ParseASN1 e (ByteString, ByteString, Integer))
-> ParseASN1 e (ByteString, ByteString, Integer)
-> ParseASN1 e (ByteString, ByteString, Integer)
forall a b. (a -> b) -> a -> b
$ do
                OctetString ByteString
a <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                OctetString ByteString
b <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                Integer
seed <- ParseASN1 e Integer
parseOptionalSeed
                (ByteString, ByteString, Integer)
-> ParseASN1 e (ByteString, ByteString, Integer)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return (ByteString
a, ByteString
b, Integer
seed)
            OctetString ByteString
generator <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
            IntVal Integer
order <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
            IntVal Integer
cofactor <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
            (Integer -> PrivKeyEC) -> ParseASN1 e (Integer -> PrivKeyEC)
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return ((Integer -> PrivKeyEC) -> ParseASN1 e (Integer -> PrivKeyEC))
-> (Integer -> PrivKeyEC) -> ParseASN1 e (Integer -> PrivKeyEC)
forall a b. (a -> b) -> a -> b
$ \Integer
d ->
                X509.PrivKeyEC_Prime
                    { privkeyEC_priv :: Integer
X509.privkeyEC_priv      = Integer
d
                    , privkeyEC_a :: Integer
X509.privkeyEC_a         = ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
a
                    , privkeyEC_b :: Integer
X509.privkeyEC_b         = ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip ByteString
b
                    , privkeyEC_prime :: Integer
X509.privkeyEC_prime     = Integer
prime
                    , privkeyEC_generator :: SerializedPoint
X509.privkeyEC_generator = ByteString -> SerializedPoint
X509.SerializedPoint ByteString
generator
                    , privkeyEC_order :: Integer
X509.privkeyEC_order     = Integer
order
                    , privkeyEC_cofactor :: Integer
X509.privkeyEC_cofactor  = Integer
cofactor
                    , privkeyEC_seed :: Integer
X509.privkeyEC_seed      = Integer
seed
                    }

    parseOptionalSeed :: ParseASN1 e Integer
parseOptionalSeed = do
        Bool
seedAvail <- ParseASN1 e Bool
forall e. ParseASN1 e Bool
hasNext
        if Bool
seedAvail
            then do BitString BitArray
seed <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
                    Integer -> ParseASN1 e Integer
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return (ByteString -> Integer
forall ba. ByteArrayAccess ba => ba -> Integer
os2ip (ByteString -> Integer) -> ByteString -> Integer
forall a b. (a -> b) -> a -> b
$ BitArray -> ByteString
bitArrayGetData BitArray
seed)
            else Integer -> ParseASN1 e Integer
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return Integer
0


-- X25519, X448, Ed25519, Ed448

instance ASN1Elem e => ProduceASN1Object e (Modern X25519.SecretKey) where
    asn1s :: Modern SecretKey -> ASN1Stream e
asn1s (Modern [Attribute]
attrs SecretKey
privKey) = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
alg ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        alg :: ASN1Stream e
alg   = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
3,Integer
101,Integer
110])
        bs :: ASN1Stream e
bs    = SecretKey -> ASN1Stream e
forall e key.
(ASN1Elem e, ByteArrayAccess key) =>
key -> ASN1Stream e
innerEddsaASN1S SecretKey
privKey
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern X25519.SecretKey) where
    parse :: ParseASN1 e (Modern SecretKey)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey))
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        ASN1ConstructionType -> ParseASN1 e () -> ParseASN1 e ()
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e () -> ParseASN1 e ())
-> ParseASN1 e () -> ParseASN1 e ()
forall a b. (a -> b) -> a -> b
$ do { OID [Integer
1,Integer
3,Integer
101,Integer
110] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext; () -> ParseASN1 e ()
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return () }
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        [Attribute] -> SecretKey -> Modern SecretKey
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs (SecretKey -> Modern SecretKey)
-> ParseASN1 e SecretKey -> ParseASN1 e (Modern SecretKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> FilePath
-> (ByteString -> CryptoFailable SecretKey)
-> ByteString
-> ParseASN1 e SecretKey
forall e key.
Monoid e =>
FilePath
-> (ByteString -> CryptoFailable key)
-> ByteString
-> ParseASN1 e key
parseInnerEddsa FilePath
"X25519" ByteString -> CryptoFailable SecretKey
forall bs. ByteArrayAccess bs => bs -> CryptoFailable SecretKey
X25519.secretKey ByteString
bs

instance ASN1Elem e => ProduceASN1Object e (Modern X448.SecretKey) where
    asn1s :: Modern SecretKey -> ASN1Stream e
asn1s (Modern [Attribute]
attrs SecretKey
privKey) = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
alg ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        alg :: ASN1Stream e
alg   = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
3,Integer
101,Integer
111])
        bs :: ASN1Stream e
bs    = SecretKey -> ASN1Stream e
forall e key.
(ASN1Elem e, ByteArrayAccess key) =>
key -> ASN1Stream e
innerEddsaASN1S SecretKey
privKey
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern X448.SecretKey) where
    parse :: ParseASN1 e (Modern SecretKey)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey))
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        ASN1ConstructionType -> ParseASN1 e () -> ParseASN1 e ()
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e () -> ParseASN1 e ())
-> ParseASN1 e () -> ParseASN1 e ()
forall a b. (a -> b) -> a -> b
$ do { OID [Integer
1,Integer
3,Integer
101,Integer
111] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext; () -> ParseASN1 e ()
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return () }
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        [Attribute] -> SecretKey -> Modern SecretKey
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs (SecretKey -> Modern SecretKey)
-> ParseASN1 e SecretKey -> ParseASN1 e (Modern SecretKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> FilePath
-> (ByteString -> CryptoFailable SecretKey)
-> ByteString
-> ParseASN1 e SecretKey
forall e key.
Monoid e =>
FilePath
-> (ByteString -> CryptoFailable key)
-> ByteString
-> ParseASN1 e key
parseInnerEddsa FilePath
"X448" ByteString -> CryptoFailable SecretKey
forall bs. ByteArrayAccess bs => bs -> CryptoFailable SecretKey
X448.secretKey ByteString
bs

instance ASN1Elem e => ProduceASN1Object e (Modern Ed25519.SecretKey) where
    asn1s :: Modern SecretKey -> ASN1Stream e
asn1s (Modern [Attribute]
attrs SecretKey
privKey) = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
alg ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        alg :: ASN1Stream e
alg   = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
3,Integer
101,Integer
112])
        bs :: ASN1Stream e
bs    = SecretKey -> ASN1Stream e
forall e key.
(ASN1Elem e, ByteArrayAccess key) =>
key -> ASN1Stream e
innerEddsaASN1S SecretKey
privKey
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern Ed25519.SecretKey) where
    parse :: ParseASN1 e (Modern SecretKey)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey))
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        ASN1ConstructionType -> ParseASN1 e () -> ParseASN1 e ()
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e () -> ParseASN1 e ())
-> ParseASN1 e () -> ParseASN1 e ()
forall a b. (a -> b) -> a -> b
$ do { OID [Integer
1,Integer
3,Integer
101,Integer
112] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext; () -> ParseASN1 e ()
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return () }
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        [Attribute] -> SecretKey -> Modern SecretKey
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs (SecretKey -> Modern SecretKey)
-> ParseASN1 e SecretKey -> ParseASN1 e (Modern SecretKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> FilePath
-> (ByteString -> CryptoFailable SecretKey)
-> ByteString
-> ParseASN1 e SecretKey
forall e key.
Monoid e =>
FilePath
-> (ByteString -> CryptoFailable key)
-> ByteString
-> ParseASN1 e key
parseInnerEddsa FilePath
"Ed25519" ByteString -> CryptoFailable SecretKey
forall ba. ByteArrayAccess ba => ba -> CryptoFailable SecretKey
Ed25519.secretKey ByteString
bs

instance ASN1Elem e => ProduceASN1Object e (Modern Ed448.SecretKey) where
    asn1s :: Modern SecretKey -> ASN1Stream e
asn1s (Modern [Attribute]
attrs SecretKey
privKey) = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (ASN1Stream e
v ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
alg ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
bs ASN1Stream e -> ASN1Stream e -> ASN1Stream e
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Stream e
att)
      where
        v :: ASN1Stream e
v     = Integer -> ASN1Stream e
forall e. ASN1Elem e => Integer -> ASN1Stream e
gIntVal Integer
0
        alg :: ASN1Stream e
alg   = ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> ASN1Stream e -> ASN1Stream e
asn1Container ASN1ConstructionType
Sequence (OID -> ASN1Stream e
forall e. ASN1Elem e => OID -> ASN1Stream e
gOID [Integer
1,Integer
3,Integer
101,Integer
113])
        bs :: ASN1Stream e
bs    = SecretKey -> ASN1Stream e
forall e key.
(ASN1Elem e, ByteArrayAccess key) =>
key -> ASN1Stream e
innerEddsaASN1S SecretKey
privKey
        att :: ASN1Stream e
att   = ASN1ConstructionType -> [Attribute] -> ASN1Stream e
forall e.
ASN1Elem e =>
ASN1ConstructionType -> [Attribute] -> ASN1Stream e
attributesASN1S (ASN1Class -> Int -> ASN1ConstructionType
Container ASN1Class
Context Int
0) [Attribute]
attrs

instance Monoid e => ParseASN1Object e (Modern Ed448.SecretKey) where
    parse :: ParseASN1 e (Modern SecretKey)
parse = ASN1ConstructionType
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey))
-> ParseASN1 e (Modern SecretKey) -> ParseASN1 e (Modern SecretKey)
forall a b. (a -> b) -> a -> b
$ do
        ParseASN1 e ()
forall e. Monoid e => ParseASN1 e ()
skipVersion
        ASN1ConstructionType -> ParseASN1 e () -> ParseASN1 e ()
forall e a.
Monoid e =>
ASN1ConstructionType -> ParseASN1 e a -> ParseASN1 e a
onNextContainer ASN1ConstructionType
Sequence (ParseASN1 e () -> ParseASN1 e ())
-> ParseASN1 e () -> ParseASN1 e ()
forall a b. (a -> b) -> a -> b
$ do { OID [Integer
1,Integer
3,Integer
101,Integer
113] <- ParseASN1 e ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext; () -> ParseASN1 e ()
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return () }
        ([Attribute]
attrs, ByteString
bs) <- ParseASN1 e ([Attribute], ByteString)
forall e. Monoid e => ParseASN1 e ([Attribute], ByteString)
parseAttrKeys
        [Attribute] -> SecretKey -> Modern SecretKey
forall a. [Attribute] -> a -> Modern a
Modern [Attribute]
attrs (SecretKey -> Modern SecretKey)
-> ParseASN1 e SecretKey -> ParseASN1 e (Modern SecretKey)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
<$> FilePath
-> (ByteString -> CryptoFailable SecretKey)
-> ByteString
-> ParseASN1 e SecretKey
forall e key.
Monoid e =>
FilePath
-> (ByteString -> CryptoFailable key)
-> ByteString
-> ParseASN1 e key
parseInnerEddsa FilePath
"Ed448" ByteString -> CryptoFailable SecretKey
forall ba. ByteArrayAccess ba => ba -> CryptoFailable SecretKey
Ed448.secretKey ByteString
bs

innerEddsaASN1S :: (ASN1Elem e, ByteArrayAccess key) => key -> ASN1Stream e
innerEddsaASN1S :: forall e key.
(ASN1Elem e, ByteArrayAccess key) =>
key -> ASN1Stream e
innerEddsaASN1S key
key = ByteString -> ASN1Stream e
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (ASN1PS -> ByteString
encodeASN1S ASN1PS
inner)
  where inner :: ASN1PS
inner = ByteString -> ASN1PS
forall e. ASN1Elem e => ByteString -> ASN1Stream e
gOctetString (key -> ByteString
forall bin bout.
(ByteArrayAccess bin, ByteArray bout) =>
bin -> bout
convert key
key)

parseInnerEddsa :: Monoid e
                => String
                -> (B.ByteString -> CryptoFailable key)
                -> B.ByteString
                -> ParseASN1 e key
parseInnerEddsa :: forall e key.
Monoid e =>
FilePath
-> (ByteString -> CryptoFailable key)
-> ByteString
-> ParseASN1 e key
parseInnerEddsa FilePath
name ByteString -> CryptoFailable key
buildKey ByteString
input =
    case (ASN1Error -> Either FilePath key)
-> ([ASN1] -> Either FilePath key)
-> Either ASN1Error [ASN1]
-> Either FilePath key
forall a c b. (a -> c) -> (b -> c) -> Either a b -> c
either ASN1Error -> Either FilePath key
forall {b}. ASN1Error -> Either FilePath b
strError (ParseASN1 () key -> [ASN1] -> Either FilePath key
forall a. ParseASN1 () a -> [ASN1] -> Either FilePath a
runParseASN1 ParseASN1 () key
parser) (BER -> ByteString -> Either ASN1Error [ASN1]
forall a.
ASN1Decoding a =>
a -> ByteString -> Either ASN1Error [ASN1]
decodeASN1' BER
BER ByteString
input) of
        Left FilePath
err -> FilePath -> ParseASN1 e key
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: error parsing inner " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
name FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
": " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
err)
        Right key
privKey -> key -> ParseASN1 e key
forall a. a -> ParseASN1 e a
forall (m :: * -> *) a. Monad m => a -> m a
return key
privKey
  where
    innerMsg :: FilePath
innerMsg = FilePath
"PKCS8: error decoding inner " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
name FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
": "
    strError :: ASN1Error -> Either FilePath b
strError = FilePath -> Either FilePath b
forall a b. a -> Either a b
Left (FilePath -> Either FilePath b)
-> (ASN1Error -> FilePath) -> ASN1Error -> Either FilePath b
forall b c a. (b -> c) -> (a -> b) -> a -> c
. (FilePath
innerMsg FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++) (FilePath -> FilePath)
-> (ASN1Error -> FilePath) -> ASN1Error -> FilePath
forall b c a. (b -> c) -> (a -> b) -> a -> c
. ASN1Error -> FilePath
forall a. Show a => a -> FilePath
show
    parser :: ParseASN1 () key
parser   = do
        OctetString ByteString
bs <- ParseASN1 () ASN1
forall e. Monoid e => ParseASN1 e ASN1
getNext
        case ByteString -> CryptoFailable key
buildKey ByteString
bs of
            CryptoPassed key
privKey -> key -> ParseASN1 () key
forall a. a -> ParseASN1 () a
forall (m :: * -> *) a. Monad m => a -> m a
return key
privKey
            CryptoFailed CryptoError
_       ->
                FilePath -> ParseASN1 () key
forall e a. FilePath -> ParseASN1 e a
throwParseError (FilePath
"PKCS8: parsed invalid " FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
name FilePath -> FilePath -> FilePath
forall a. [a] -> [a] -> [a]
++ FilePath
" secret key")