func sender(host string) {
conn, err := net.Dial("tcp", host)
die.If(err)
defer conn.Close()
sch, ok := schannel.Dial(conn, idPriv, idPub)
if !ok {
die.With("failed to set up secure channel")
}
fmt.Println("secure channel established")
if !sch.Rekey() {
die.With("rekey failed")
}
for {
var p = make([]byte, 8192)
n, err := os.Stdin.Read(p)
if err == io.EOF {
break
}
die.If(err)
if !sch.Send(p[:n]) {
die.With("failed to send message (sdata=%d, sctr=%d)",
sch.SData, sch.SCtr)
}
}
sctr := sch.SCtr()
sdata := sch.SData
if !sch.Close() {
die.With("failed to shutdown channel properly")
}
fmt.Println("Secure channel tore down")
fmt.Printf("\t%d messages totalling %d bytes sent\n",
sctr, sdata)
return
}
func main() {
flag.Parse()
for _, fileName := range flag.Args() {
in, err := ioutil.ReadFile(fileName)
die.If(err)
if p, _ := pem.Decode(in); p != nil {
if p.Type != "CERTIFICATE REQUEST" {
log.Fatal("INVALID FILE TYPE")
}
in = p.Bytes
}
csr, err := x509.ParseCertificateRequest(in)
die.If(err)
out, err := x509.MarshalPKIXPublicKey(csr.PublicKey)
die.If(err)
var t string
switch pub := csr.PublicKey.(type) {
case *rsa.PublicKey:
t = "RSA PUBLIC KEY"
case *ecdsa.PublicKey:
t = "EC PUBLIC KEY"
default:
die.With("unrecognised public key type %T", pub)
}
p := &pem.Block{
Type: t,
Bytes: out,
}
err = ioutil.WriteFile(fileName+".pub", pem.EncodeToMemory(p), 0644)
die.If(err)
fmt.Printf("[+] wrote %s.\n", fileName+".pub")
}
}
func main() {
var keyFile, certFile string
flag.StringVar(&keyFile, "k", "", "TLS private `key` file")
flag.StringVar(&certFile, "c", "", "TLS `certificate` file")
flag.Parse()
in, err := ioutil.ReadFile(certFile)
die.If(err)
p, _ := pem.Decode(in)
if p != nil {
if p.Type != "CERTIFICATE" {
die.With("invalid certificate (type is %s)", p.Type)
}
in = p.Bytes
}
cert, err := x509.ParseCertificate(in)
die.If(err)
priv, err := loadKey(keyFile)
die.If(err)
switch pub := priv.Public().(type) {
case *rsa.PublicKey:
switch certPub := cert.PublicKey.(type) {
case *rsa.PublicKey:
if pub.N.Cmp(certPub.N) != 0 || pub.E != certPub.E {
fmt.Println("No match (public keys don't match).")
os.Exit(1)
}
fmt.Println("Match.")
return
case *ecdsa.PublicKey:
fmt.Println("No match (RSA private key, EC public key).")
os.Exit(1)
}
case *ecdsa.PublicKey:
privCurve := getECCurve(pub)
certCurve := getECCurve(cert.PublicKey)
log.Printf("priv: %d\tcert: %d\n", privCurve, certCurve)
if certCurve == curveRSA {
fmt.Println("No match (private key is EC, certificate is RSA).")
os.Exit(1)
} else if privCurve == curveInvalid {
fmt.Println("No match (invalid private key curve).")
os.Exit(1)
} else if privCurve != certCurve {
fmt.Println("No match (EC curves don't match).")
os.Exit(1)
}
certPub := cert.PublicKey.(*ecdsa.PublicKey)
if pub.X.Cmp(certPub.X) != 0 {
fmt.Println("No match (public keys don't match).")
os.Exit(1)
}
if pub.Y.Cmp(certPub.Y) != 0 {
fmt.Println("No match (public keys don't match).")
os.Exit(1)
}
fmt.Println("Match.")
default:
fmt.Printf("Unrecognised private key type: %T\n", priv.Public())
os.Exit(1)
}
}