mirrors/nebula
1
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-06 02:30:57 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add ability to keygen public key from private key.

Browse source
This commit is contained in:
Soham S Gumaste 2025-05-30 15:22:38 -05:00
parent 39cf202c70
commit cefc65fcf7
No known key found for this signature in database
2 changed files with 30 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

26
cmd/nebula-cert/keygen.go
View file

@ -15,6 +15,7 @@ type keygenFlags struct {
set *flag.FlagSet set *flag.FlagSet
outKeyPath *string outKeyPath *string
outPubPath *string outPubPath *string
inKeyPath *string
curve *string curve *string
p11url *string p11url *string
} }
@ -24,6 +25,7 @@ func newKeygenFlags() *keygenFlags {
cf.set.Usage = func() {} cf.set.Usage = func() {}
cf.outPubPath = cf.set.String("out-pub", "", "Required: path to write the public key to") cf.outPubPath = cf.set.String("out-pub", "", "Required: path to write the public key to")
cf.outKeyPath = cf.set.String("out-key", "", "Required: path to write the private key to") cf.outKeyPath = cf.set.String("out-key", "", "Required: path to write the private key to")
cf.inKeyPath = cf.set.String("in-key", "", "Optional: Path to existing private key")
cf.curve = cf.set.String("curve", "25519", "ECDH Curve (25519, P256)") cf.curve = cf.set.String("curve", "25519", "ECDH Curve (25519, P256)")
cf.p11url = p11Flag(cf.set) cf.p11url = p11Flag(cf.set)
return &cf return &cf
@ -40,7 +42,9 @@ func keygen(args []string, out io.Writer, errOut io.Writer) error {
if !isP11 { if !isP11 {
if err = mustFlagString("out-key", cf.outKeyPath); err != nil { if err = mustFlagString("out-key", cf.outKeyPath); err != nil {
return err if *cf.inKeyPath == "" {
return err
}
} }
} }
if err = mustFlagString("out-pub", cf.outPubPath); err != nil { if err = mustFlagString("out-pub", cf.outPubPath); err != nil {
@ -59,8 +63,22 @@ func keygen(args []string, out io.Writer, errOut io.Writer) error {
} else { } else {
switch *cf.curve { switch *cf.curve {
case "25519", "X25519", "Curve25519", "CURVE25519": case "25519", "X25519", "Curve25519", "CURVE25519":
pub, rawPriv = x25519Keypair() if *cf.inKeyPath == "" {
curve = cert.Curve_CURVE25519 pub, rawPriv = x25519Keypair()
curve = cert.Curve_CURVE25519
} else {
rawBytes, err := os.ReadFile(*cf.inKeyPath)
if err != nil {
return err
}
rawPriv, _, _, err = cert.UnmarshalPrivateKeyFromPEM(rawBytes)
if err != nil {
return err
}
pub, _ = x25519KeyFromPriv(rawPriv)
}
case "P256": case "P256":
pub, rawPriv = p256Keypair() pub, rawPriv = p256Keypair()
curve = cert.Curve_P256 curve = cert.Curve_P256
@ -81,7 +99,7 @@ func keygen(args []string, out io.Writer, errOut io.Writer) error {
if err != nil { if err != nil {
return fmt.Errorf("error while getting public key: %w", err) return fmt.Errorf("error while getting public key: %w", err)
} }
} else { } else if *cf.inKeyPath == "" {
err = os.WriteFile(*cf.outKeyPath, cert.MarshalPrivateKeyToPEM(curve, rawPriv), 0600) err = os.WriteFile(*cf.outKeyPath, cert.MarshalPrivateKeyToPEM(curve, rawPriv), 0600)
if err != nil { if err != nil {
return fmt.Errorf("error while writing out-key: %s", err) return fmt.Errorf("error while writing out-key: %s", err)

8
cmd/nebula-cert/sign.go
View file

@ -404,6 +404,14 @@ func newKeypair(curve cert.Curve) ([]byte, []byte) {
} }
} }
func x25519KeyFromPriv(priv []byte) ([]byte, []byte) {
pubkey, err := curve25519.X25519(priv, curve25519.Basepoint)
if err != nil {
panic(err)
}
return pubkey, priv
}
func x25519Keypair() ([]byte, []byte) { func x25519Keypair() ([]byte, []byte) {
privkey := make([]byte, 32) privkey := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, privkey); err != nil { if _, err := io.ReadFull(rand.Reader, privkey); err != nil {