// Init initializes a StandardRicochetService with the cryptographic key given
// by filename.
func (srs *StandardRicochetService) Init(filename string) error {
	srs.ricochet = new(Ricochet)
	srs.ricochet.Init()

	pemData, err := ioutil.ReadFile(filename)

	if err != nil {
		return errors.New("Could not setup ricochet service: could not read private key")
	}

	block, _ := pem.Decode(pemData)
	if block == nil || block.Type != "RSA PRIVATE KEY" {
		return errors.New("Could not setup ricochet service: no valid PEM data found")
	}

	srs.privateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		return errors.New("Could not setup ricochet service: could not parse private key")
	}

	publicKeyBytes, _ := asn1.Marshal(rsa.PublicKey{
		N: srs.privateKey.PublicKey.N,
		E: srs.privateKey.PublicKey.E,
	})

	srs.serverHostname = utils.GetTorHostname(publicKeyBytes)
	log.Printf("Initialised ricochet service for %s", srs.serverHostname)

	return nil
}
Beispiel #2
0
// ValidateProof determines if the given public key and signature align with the
// already established challenge vector for this communication
// Prerequisites:
//              * Must have previously connected to a service
//              * Client and Server must have already sent their respective cookies (Authenticate and ConfirmAuthChannel)
func (oc *OpenConnection) ValidateProof(channel int32, publicKeyBytes []byte, signature []byte) bool {

	if oc.authHandler[channel] == nil {
		return false
	}

	provisionalHostname := utils.GetTorHostname(publicKeyBytes)
	publicKey := new(rsa.PublicKey)
	_, err := asn1.Unmarshal(publicKeyBytes, publicKey)
	if err != nil {
		return false
	}
	challenge := oc.authHandler[channel].GenChallenge(provisionalHostname, oc.MyHostname)
	err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, challenge[:], signature)
	if err == nil {
		oc.OtherHostname = provisionalHostname
		return true
	}
	return false

}