Marshal private keys in the PKCS #8 format

cbandy · cbandy · commit 8ca1b0801837 · 2023-05-06T09:58:58.000-05:00
This format allows for different private key algorithms.
diff --git a/internal/patroni/reconcile_test.go b/internal/patroni/reconcile_test.go
@@ -74,9 +74,9 @@ func TestReconcileInstanceCertificates(t *testing.T) {
 	dataCert, _ := certFile(leaf.PrivateKey, leaf.Certificate)
 	assert.Assert(t,
 		cmp.Regexp(`^`+
-			`-----BEGIN [^ ]+ PRIVATE KEY-----\n`+
+			`-----BEGIN PRIVATE KEY-----\n`+
 			`([^-]+\n)+`+
-			`-----END [^ ]+ PRIVATE KEY-----\n`+
+			`-----END PRIVATE KEY-----\n`+
 			`-----BEGIN CERTIFICATE-----\n`+
 			`([^-]+\n)+`+
 			`-----END CERTIFICATE-----\n`+
diff --git a/internal/pki/encoding.go b/internal/pki/encoding.go
@@ -31,6 +31,10 @@ const (
 	// pemLabelECDSAKey is the textual encoding label for an elliptic curve private key
 	// according to RFC 5915. See https://tools.ietf.org/html/rfc5915.
 	pemLabelECDSAKey = "EC PRIVATE KEY"
+
+	// pemLabelPKCS8Key is the textual encoding label for a PKCS #8 private key
+	// according to RFC 5958. See https://tools.ietf.org/html/rfc5958.
+	pemLabelPKCS8Key = "PRIVATE KEY"
 )
 
 var (
@@ -79,13 +83,13 @@ func (k PrivateKey) MarshalText() ([]byte, error) {
 		k.ecdsa = new(ecdsa.PrivateKey)
 	}
 
-	der, err := x509.MarshalECPrivateKey(k.ecdsa)
+	der, err := x509.MarshalPKCS8PrivateKey(k.ecdsa)
 	if err != nil {
 		return nil, err
 	}
 
 	return pem.EncodeToMemory(&pem.Block{
-		Type:  pemLabelECDSAKey,
+		Type:  pemLabelPKCS8Key,
 		Bytes: der,
 	}), nil
 }
@@ -94,13 +98,28 @@ func (k PrivateKey) MarshalText() ([]byte, error) {
 func (k *PrivateKey) UnmarshalText(data []byte) error {
 	block, _ := pem.Decode(data)
 
-	if block == nil || block.Type != pemLabelECDSAKey {
+	switch {
+	case block == nil:
+		fallthrough
+	default:
 		return fmt.Errorf("not a PEM-encoded private key")
-	}
 
-	key, err := x509.ParseECPrivateKey(block.Bytes)
-	if err == nil {
-		k.ecdsa = key
+	case block.Type == pemLabelECDSAKey:
+		key, err := x509.ParseECPrivateKey(block.Bytes)
+		if err == nil {
+			k.ecdsa = key
+		}
+		return err
+
+	case block.Type == pemLabelPKCS8Key:
+		key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+		if err == nil {
+			if ecdsa, ok := key.(*ecdsa.PrivateKey); ok {
+				k.ecdsa = ecdsa
+			} else {
+				return fmt.Errorf("wrong private key algorithm: %T", key)
+			}
+		}
+		return err
 	}
-	return err
 }
diff --git a/internal/pki/encoding_test.go b/internal/pki/encoding_test.go
@@ -17,6 +17,7 @@ package pki
 
 import (
 	"bytes"
+	"errors"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -118,8 +119,8 @@ func TestPrivateKeyTextMarshaling(t *testing.T) {
 	key := root.PrivateKey
 	txt, err := key.MarshalText()
 	assert.NilError(t, err)
-	assert.Assert(t, bytes.HasPrefix(txt, []byte("-----BEGIN EC PRIVATE KEY-----\n")), "got %q", txt)
-	assert.Assert(t, bytes.HasSuffix(txt, []byte("\n-----END EC PRIVATE KEY-----\n")), "got %q", txt)
+	assert.Assert(t, bytes.HasPrefix(txt, []byte("-----BEGIN PRIVATE KEY-----\n")), "got %q", txt)
+	assert.Assert(t, bytes.HasSuffix(txt, []byte("\n-----END PRIVATE KEY-----\n")), "got %q", txt)
 
 	t.Run("RoundTrip", func(t *testing.T) {
 		var sink PrivateKey
@@ -140,18 +141,67 @@ func TestPrivateKeyTextMarshaling(t *testing.T) {
 		assert.DeepEqual(t, key, sink)
 	})
 
-	t.Run("EncodedEmpty", func(t *testing.T) {
-		txt := []byte("-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----\n")
+	t.Run("UnmarshalEllipticCurveSEC1", func(t *testing.T) {
+		t.Run("EncodedEmpty", func(t *testing.T) {
+			txt := []byte("-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----\n")
 
-		var sink PrivateKey
-		assert.ErrorContains(t, sink.UnmarshalText(txt), "asn1")
+			var sink PrivateKey
+			assert.ErrorContains(t, sink.UnmarshalText(txt), "asn1")
+		})
+
+		t.Run("EncodedGarbage", func(t *testing.T) {
+			txt := []byte("-----BEGIN EC PRIVATE KEY-----\nasdfasdf\n-----END EC PRIVATE KEY-----\n")
+
+			var sink PrivateKey
+			assert.ErrorContains(t, sink.UnmarshalText(txt), "asn1")
+		})
+
+		t.Run("GeneratedByOpenSSL", func(t *testing.T) {
+			openssl := require.OpenSSL(t)
+
+			// The "openssl ecparam" command generates elliptic curve keys.
+			cmd := exec.Command(openssl, "ecparam",
+				"-genkey", "-name", "prime256v1", "-outform", "PEM", "-noout", "-text")
+
+			output, err := cmd.CombinedOutput()
+			assert.NilError(t, err, "%q\n%s", cmd.Args, output)
+
+			var sink PrivateKey
+			assert.NilError(t, sink.UnmarshalText(output))
+		})
 	})
 
-	t.Run("EncodedGarbage", func(t *testing.T) {
-		txt := []byte("-----BEGIN EC PRIVATE KEY-----\nasdfasdf\n-----END EC PRIVATE KEY-----\n")
+	t.Run("UnmarshalPKCS8", func(t *testing.T) {
+		t.Run("EncodedEmpty", func(t *testing.T) {
+			txt := []byte("-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n")
 
-		var sink PrivateKey
-		assert.ErrorContains(t, sink.UnmarshalText(txt), "asn1")
+			var sink PrivateKey
+			assert.ErrorContains(t, sink.UnmarshalText(txt), "asn1")
+		})
+
+		t.Run("EncodedGarbage", func(t *testing.T) {
+			txt := []byte("-----BEGIN PRIVATE KEY-----\nasdfasdf\n-----END PRIVATE KEY-----\n")
+
+			var sink PrivateKey
+			assert.ErrorContains(t, sink.UnmarshalText(txt), "asn1")
+		})
+
+		t.Run("WrongAlgorithm", func(t *testing.T) {
+			openssl := require.OpenSSL(t)
+			rsa, err := exec.Command("sh", "-ceu",
+				`"$1" genrsa | "$1" pkcs8 -topk8 -nocrypt`,
+				"--", openssl,
+			).Output()
+
+			if exit := (*exec.ExitError)(nil); errors.As(err, &exit) {
+				assert.NilError(t, err, "\n%s", exit.Stderr)
+			} else {
+				assert.NilError(t, err)
+			}
+
+			var sink PrivateKey
+			assert.ErrorContains(t, sink.UnmarshalText(rsa), "algorithm: *rsa")
+		})
 	})
 
 	t.Run("ReadByOpenSSL", func(t *testing.T) {
