// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509

import (
	
	
	
	
	
	
	
	
)

// pkcs8 reflects an ASN.1, PKCS #8 PrivateKey. See
// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
// and RFC 5208.
type pkcs8 struct {
	Version    int
	Algo       pkix.AlgorithmIdentifier
	PrivateKey []byte
	// optional attributes omitted.
}

// ParsePKCS8PrivateKey parses an unencrypted private key in PKCS #8, ASN.1 DER form.
//
// It returns a *[rsa.PrivateKey], an *[ecdsa.PrivateKey], an [ed25519.PrivateKey] (not
// a pointer), or an *[ecdh.PrivateKey] (for X25519). More types might be supported
// in the future.
//
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
//
// Before Go 1.24, the CRT parameters of RSA keys were ignored and recomputed.
// To restore the old behavior, use the GODEBUG=x509rsacrt=0 environment variable.
func ( []byte) ( any,  error) {
	var  pkcs8
	if ,  := asn1.Unmarshal(, &);  != nil {
		if ,  := asn1.Unmarshal(, &ecPrivateKey{});  == nil {
			return nil, errors.New("x509: failed to parse private key (use ParseECPrivateKey instead for this key format)")
		}
		if ,  := asn1.Unmarshal(, &pkcs1PrivateKey{});  == nil {
			return nil, errors.New("x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)")
		}
		return nil, 
	}
	switch {
	case .Algo.Algorithm.Equal(oidPublicKeyRSA):
		,  = ParsePKCS1PrivateKey(.PrivateKey)
		if  != nil {
			return nil, errors.New("x509: failed to parse RSA private key embedded in PKCS#8: " + .Error())
		}
		return , nil

	case .Algo.Algorithm.Equal(oidPublicKeyECDSA):
		 := .Algo.Parameters.FullBytes
		 := new(asn1.ObjectIdentifier)
		if ,  := asn1.Unmarshal(, );  != nil {
			 = nil
		}
		,  = parseECPrivateKey(, .PrivateKey)
		if  != nil {
			return nil, errors.New("x509: failed to parse EC private key embedded in PKCS#8: " + .Error())
		}
		return , nil

	case .Algo.Algorithm.Equal(oidPublicKeyEd25519):
		if  := len(.Algo.Parameters.FullBytes);  != 0 {
			return nil, errors.New("x509: invalid Ed25519 private key parameters")
		}
		var  []byte
		if ,  := asn1.Unmarshal(.PrivateKey, &);  != nil {
			return nil, fmt.Errorf("x509: invalid Ed25519 private key: %v", )
		}
		if  := len();  != ed25519.SeedSize {
			return nil, fmt.Errorf("x509: invalid Ed25519 private key length: %d", )
		}
		return ed25519.NewKeyFromSeed(), nil

	case .Algo.Algorithm.Equal(oidPublicKeyX25519):
		if  := len(.Algo.Parameters.FullBytes);  != 0 {
			return nil, errors.New("x509: invalid X25519 private key parameters")
		}
		var  []byte
		if ,  := asn1.Unmarshal(.PrivateKey, &);  != nil {
			return nil, fmt.Errorf("x509: invalid X25519 private key: %v", )
		}
		return ecdh.X25519().NewPrivateKey()

	default:
		return nil, fmt.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", .Algo.Algorithm)
	}
}

// MarshalPKCS8PrivateKey converts a private key to PKCS #8, ASN.1 DER form.
//
// The following key types are currently supported: *[rsa.PrivateKey],
// *[ecdsa.PrivateKey], [ed25519.PrivateKey] (not a pointer), and *[ecdh.PrivateKey].
// Unsupported key types result in an error.
//
// This kind of key is commonly encoded in PEM blocks of type "PRIVATE KEY".
//
// MarshalPKCS8PrivateKey runs [rsa.PrivateKey.Precompute] on RSA keys.
func ( any) ([]byte, error) {
	var  pkcs8

	switch k := .(type) {
	case *rsa.PrivateKey:
		.Algo = pkix.AlgorithmIdentifier{
			Algorithm:  oidPublicKeyRSA,
			Parameters: asn1.NullRawValue,
		}
		.Precompute()
		if  := .Validate();  != nil {
			return nil, 
		}
		.PrivateKey = MarshalPKCS1PrivateKey()

	case *ecdsa.PrivateKey:
		,  := oidFromNamedCurve(.Curve)
		if ! {
			return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")
		}
		,  := asn1.Marshal()
		if  != nil {
			return nil, errors.New("x509: failed to marshal curve OID: " + .Error())
		}
		.Algo = pkix.AlgorithmIdentifier{
			Algorithm: oidPublicKeyECDSA,
			Parameters: asn1.RawValue{
				FullBytes: ,
			},
		}
		if .PrivateKey,  = marshalECPrivateKeyWithOID(, nil);  != nil {
			return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + .Error())
		}

	case ed25519.PrivateKey:
		.Algo = pkix.AlgorithmIdentifier{
			Algorithm: oidPublicKeyEd25519,
		}
		,  := asn1.Marshal(.Seed())
		if  != nil {
			return nil, fmt.Errorf("x509: failed to marshal private key: %v", )
		}
		.PrivateKey = 

	case *ecdh.PrivateKey:
		if .Curve() == ecdh.X25519() {
			.Algo = pkix.AlgorithmIdentifier{
				Algorithm: oidPublicKeyX25519,
			}
			var  error
			if .PrivateKey,  = asn1.Marshal(.Bytes());  != nil {
				return nil, fmt.Errorf("x509: failed to marshal private key: %v", )
			}
		} else {
			,  := oidFromECDHCurve(.Curve())
			if ! {
				return nil, errors.New("x509: unknown curve while marshaling to PKCS#8")
			}
			,  := asn1.Marshal()
			if  != nil {
				return nil, errors.New("x509: failed to marshal curve OID: " + .Error())
			}
			.Algo = pkix.AlgorithmIdentifier{
				Algorithm: oidPublicKeyECDSA,
				Parameters: asn1.RawValue{
					FullBytes: ,
				},
			}
			if .PrivateKey,  = marshalECDHPrivateKey();  != nil {
				return nil, errors.New("x509: failed to marshal EC private key while building PKCS#8: " + .Error())
			}
		}

	default:
		return nil, fmt.Errorf("x509: unknown key type while marshaling PKCS#8: %T", )
	}

	return asn1.Marshal()
}