Exemple #1
0
func ParseDigiListFromStrings(ss []string) (
	dl *DigiList, rest []string, err error) {

	var (
		sk     *rsa.PublicKey
		title  string
		t      xu.Timestamp
		digSig []byte
	)
	if len(ss) < 4 {
		err = TooShortForDigiList
	}
	if err == nil {
		sk, err = xc.RSAPubKeyFromDisk([]byte(ss[0]))
	}
	if err == nil {
		title = ss[1]
		t, err = xu.ParseTimestamp(ss[2])
	}
	if err == nil {
		digSig, err = base64.StdEncoding.DecodeString(ss[3])
	}
	if err == nil {
		dl = &DigiList{sk, title, t, digSig}
		rest = ss[4:]
	}
	return
}
Exemple #2
0
// TestTestDir executes the helloAndReply protocl manually, so to speak.
// Its handling of IVs *does not follow current practice* in that the
// IV is incorporated in the message.
func (s *XLSuite) TestTestDir(c *C) {
	if VERBOSITY > 0 {
		fmt.Println("\nTEST_DATA_DIR")
	}

	// 001 READ AND INTERPRET test_dir/regCred.dat //////////////////

	// 101. Read and parse regCred.dat
	rcFile := path.Join("testData/regCred", "regCred.dat")
	rcData, err := ioutil.ReadFile(rcFile)
	c.Assert(err, IsNil)
	c.Assert(len(rcData) > 0, Equals, true)
	rc, err := ParseRegCred(string(rcData))
	c.Assert(err, IsNil)
	c.Assert(rc, NotNil)

	// 102. Read name.str and compare regCred name
	nameFile := path.Join("testData/regCred", "name.str")
	name, err := ioutil.ReadFile(nameFile)
	c.Assert(err, IsNil)
	c.Assert(rc.Name, Equals, string(name))

	// 103. Read id and compare regCred ID
	idFile := path.Join("testData/regCred", "id")
	id, err := ioutil.ReadFile(idFile)
	c.Assert(err, IsNil)
	c.Assert(rc.ID.Value(), DeepEquals, id)

	// 104. Read ck-rsa.pub and compare regCred commsPubKey
	ckFile := path.Join("testData/regCred", "ck-rsa.pub")
	ckStr, err := ioutil.ReadFile(ckFile)
	c.Assert(err, IsNil)
	ckObj, err := xc.RSAPubKeyFromDisk(ckStr)
	c.Assert(rc.CommsPubKey, DeepEquals, ckObj)

	// 105. Read sk-rsa.pub and compare regCred sigPubKey
	skFile := path.Join("testData/regCred", "sk-rsa.pub")
	skStr, err := ioutil.ReadFile(skFile)
	c.Assert(err, IsNil)
	skObj, err := xc.RSAPubKeyFromDisk(skStr)
	c.Assert(rc.SigPubKey, DeepEquals, skObj)

	// 106. Read endPoints and compare endPoints
	epFile := path.Join("testData/regCred", "endPoints")
	epStr, err := ioutil.ReadFile(epFile)
	c.Assert(err, IsNil)
	strLen := len(epStr)
	if (strLen > 0) && (epStr[strLen-1] == '\n') {
		epStr = epStr[:strLen-1]
	}
	var eps []string
	if len(epStr) > 0 {
		eps = strings.Split(string(epStr), "\n")
	}
	epsFromObj := rc.EndPoints
	epCount := len(epsFromObj)
	c.Assert(epCount, Equals, len(eps))
	for i := 0; i < epCount; i++ {
		c.Assert(epsFromObj[i].String(), Equals, eps[i])
	}

	// 107. Read version.str and compare version
	versionFile := path.Join("testData/regCred", "version.str")
	versionBin, err := ioutil.ReadFile(versionFile)
	c.Assert(err, IsNil)
	versionStr := string(versionBin) // string, dotted quad
	c.Assert(rc.Version.String(), Equals, versionStr)

	// 002 HELLO - REPLY TESTS //////////////////////////////////////

	// 201. Read key_rsa as key *rsa.PrivateKey
	keyFile := path.Join("testData/helloAndReply", "key-rsa")
	kd, err := ioutil.ReadFile(keyFile)
	c.Assert(err, IsNil)
	c.Assert(len(kd) > 0, Equals, true)
	key, err := xc.RSAPrivateKeyFromDisk(kd)
	c.Assert(err, IsNil)
	c.Assert(key, NotNil)

	// 202. Extract public key as pubkey *rsa.PublicKey
	pubKey := key.PublicKey

	// 203. Read key_rsa.pub as pubkey2 *rsa.PublicKey
	pubKeyFile := path.Join("testData/helloAndReply", "key-rsa.pub")
	pkd, err := ioutil.ReadFile(pubKeyFile)
	c.Assert(err, IsNil)
	c.Assert(len(pkd) > 0, Equals, true)
	pubKey2, err := xc.RSAPubKeyFromDisk(pkd)
	c.Assert(err, IsNil)
	c.Assert(pubKey2, NotNil)

	// 204. Verify pubkey == pubkey2
	c.Assert(&pubKey, DeepEquals, pubKey2)

	// 205. Read version1.str as v1Str
	v1File := path.Join("testData/helloAndReply", "version1.str")
	v, err := ioutil.ReadFile(v1File)
	c.Assert(err, IsNil)
	c.Assert(len(v) > 0, Equals, true)
	v1Str := string(v)

	// 206. Read version1 as []byte
	v1File = path.Join("testData/helloAndReply", "version1")
	version1, err := ioutil.ReadFile(v1File)
	c.Assert(err, IsNil)
	c.Assert(len(version1), Equals, 4) // length of DecimalVersion

	// 207. Convert version1 to dv1 DecimalVersion
	dv1, err := xu.VersionFromBytes(version1)
	c.Assert(err, IsNil)

	// 208. Verify v1Str == dv1.String()
	c.Assert(v1Str, Equals, dv1.String())

	// 209-212 same as 205-208 for version2 -------------------------

	// 209. Read version2.str as v2Str
	v2File := path.Join("testData/helloAndReply", "version2.str")
	v, err = ioutil.ReadFile(v2File)
	c.Assert(err, IsNil)
	c.Assert(len(v) > 0, Equals, true)
	v2Str := string(v)

	// 210. Read version2 as []byte
	v2File = path.Join("testData/helloAndReply", "version2")
	version2, err := ioutil.ReadFile(v2File)
	c.Assert(err, IsNil)
	c.Assert(len(version2), Equals, 4) // length of DecimalVersion

	// 211. Convert version2 to dv2 DecimalVersion
	dv2, err := xu.VersionFromBytes(version2)
	c.Assert(err, IsNil)

	// 212. Verify v2Str == dv2.String()
	c.Assert(v2Str, Equals, dv2.String())

	// 213-216 read iv1, key1, salt1, hello-data as []byte ----------

	iv1, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "iv1"))
	c.Assert(err, IsNil)

	key1, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "key1"))
	c.Assert(err, IsNil)

	salt1, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "salt1"))
	c.Assert(err, IsNil)

	helloData, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "hello-data"))
	c.Assert(err, IsNil)

	// 217. helloPlain = iv1 + key1 + salt1 + version1
	var helloPlain []byte
	helloPlain = append(helloPlain, iv1...)
	helloPlain = append(helloPlain, key1...)
	helloPlain = append(helloPlain, salt1...)
	helloPlain = append(helloPlain, version1...)

	// 218. Verify helloPlain == helloData
	bytes.Equal(helloPlain, helloData)

	// 219. Read hello-encrypted as []byte
	helloEncrypted, err := ioutil.ReadFile(
		path.Join("testData/helloAndReply", "hello-encrypted"))
	c.Assert(err, IsNil)

	// 220. Decrypt helloEncrypted using key => helloDecrypted
	helloDecrypted, err := rsa.DecryptOAEP(sha1.New(), rand.Reader,
		key, helloEncrypted, nil)
	c.Assert(err, IsNil)
	c.Assert(len(helloDecrypted) == 0, Equals, false)

	// 221. Verify helloDecrypted == helloData
	c.Assert(bytes.Equal(helloDecrypted, helloData), Equals, true)

	// 222-226 read iv2, key2, salt2, padding, reply-data as []byte -

	iv2, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "iv2"))
	c.Assert(err, IsNil)

	key2, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "key2"))
	c.Assert(err, IsNil)

	salt2, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "salt2"))
	c.Assert(err, IsNil)

	padding, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "padding"))
	c.Assert(err, IsNil)

	replyData, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "reply-data"))
	c.Assert(err, IsNil)

	// 227. helloReply = concat iv2, key2, salt2, version2, salt1, padding
	var helloReply []byte
	helloReply = append(helloReply, iv2...)
	helloReply = append(helloReply, key2...)
	helloReply = append(helloReply, salt2...)
	helloReply = append(helloReply, version2...)
	helloReply = append(helloReply, salt1...)
	helloReply = append(helloReply, padding...)

	// 228. Verify helloReply == replyData
	// DEBUG
	//fmt.Printf("len helloReply %d, len replyData %d\n",
	//	len(helloReply), len(replyData))
	//for i := 0; i < len(helloReply); i++ {
	//	if helloReply[i] != replyData[i] {
	//		fmt.Printf("%02d %02x %02x\n", i, helloReply[i], replyData[i])
	//	}
	//}
	// END
	c.Assert(bytes.Equal(replyData, helloReply), Equals, true)

	// 229. Create aesEngineS1 from iv1, key1
	aesEngineS1, err := aes.NewCipher(key1) // what happens on the server
	c.Assert(err, IsNil)
	c.Assert(aesEngineS1, NotNil)
	aesEncrypter1 := cipher.NewCBCEncrypter(aesEngineS1, iv1)

	// 230. helloReplyMsg = aesEngineS1.encrypt(helloReply)
	helloReplyMsg := make([]byte, len(helloReply))       // includes padding
	aesEncrypter1.CryptBlocks(helloReplyMsg, helloReply) // dest <-src

	// 231. Read reply-encrypted as replyEncrypted []byte
	replyEncrypted, err := ioutil.ReadFile(path.Join("testData/helloAndReply", "reply-encrypted"))
	c.Assert(err, IsNil)

	// 232. Verify helloReplyMsg == replyEncrypted
	c.Assert(bytes.Equal(helloReplyMsg, replyEncrypted), Equals, true)

	// 233. Create aesEngineC1 from iv1, key1
	aesEngineC1, err := aes.NewCipher(key1) // what happens on the client
	c.Assert(err, IsNil)
	c.Assert(aesEngineC1, NotNil)
	aesDecrypter1c := cipher.NewCBCDecrypter(aesEngineC1, iv1)

	// 234. Use aesEngineC1.decrypt(replyEncrypted) => replyDecrypted
	replyDecrypted := make([]byte, len(replyEncrypted))
	aesDecrypter1c.CryptBlocks(replyDecrypted, replyEncrypted)

	// 235. Verify replyDecrypted == replyData (both with padding)
	c.Assert(bytes.Equal(replyData, replyDecrypted), Equals, true)
}
Exemple #3
0
// Read the header part of a signed list that has been serialized in disk
// format, returning a pointer to the deserialized object or an error.
// Subclasses should call this to get a pointer to the BuildList part
// of the subclass struct.  If the subclass is an XXXList, then expect
// the calling routine to be ParseXXXList()
//
func ParseSignedBList(in io.Reader) (sList *SignedBList, err error) {

	var (
		line   []byte
		pubKey *rsa.PublicKey
		title  string
		t      xu.Timestamp // binary form
	)
	bin := bufio.NewReader(in)

	// Read the header part -----------------------------------------
	line, err = xc.NextLineWithoutCRLF(bin)
	if err == nil {
		title = string(line)
		line, err = xc.NextLineWithoutCRLF(bin)
		if err == nil {
			t, err = xu.ParseTimestamp(string(line))
			if err == nil {
				line, err = xc.NextLineWithoutCRLF(bin)
				if err == nil {
					line = append(line, 10) // NEWLINE
					pubKey, err = xc.RSAPubKeyFromDisk(line)
					if err == nil {
						line, err = xc.NextLineWithoutCRLF(bin)
						if err == nil {
							if !bytes.Equal(line, xc.CONTENT_START) {
								err = xc.MissingContentStart
							}
						}
					}
				}
			}
		}
	}

	// Build and populate the SignedBList object ---------------------
	if err == nil {
		var bList *xc.BuildList
		bList, err = xc.NewBuildList(title, t)
		if err == nil {
			sList = &SignedBList{
				PubKey:    pubKey,
				BuildList: *bList,
			}
			// Read the content lines and then the dig sig ----------
			err = ReadContents(bin, sList, true) // true = is signed
			if err == nil {
				// try to read the digital signature line
				var digSig []byte
				line, err = xc.NextLineWithoutCRLF(bin)
				if err == nil || err == io.EOF {
					digSig, err = base64.StdEncoding.DecodeString(string(line))
					if err == nil || err == io.EOF {
						sList.SetDigSig(digSig)
						if err == io.EOF {
							err = nil
						}
					}
				}
			}

		}
	}
	return
}
Exemple #4
0
func ParseRegCred(s string) (rc *RegCred, err error) {

	var (
		line    string
		parts   []string
		name    string
		nodeID  *xi.NodeID
		ck, sk  *rsa.PublicKey
		e       []xt.EndPointI
		version xu.DecimalVersion
	)
	ss := strings.Split(s, "\n")
	line, err = xc.NextNBLine(&ss)
	if (err == nil) && (line != "regCred {") {
		err = IllFormedRegCred
	}
	if err == nil {
		line, err = xc.NextNBLine(&ss)
		if err == nil {
			parts = strings.Split(line, ": ")
			if len(parts) == 2 && parts[0] == "Name" {
				name = strings.TrimLeft(parts[1], " \t")
			} else {
				err = IllFormedRegCred
			}
		}
	}
	if err == nil {
		var id []byte
		line, err = xc.NextNBLine(&ss)
		if err == nil {
			parts = strings.Split(line, ": ")
			if len(parts) == 2 && parts[0] == "ID" {
				id, err = hex.DecodeString(parts[1])
			} else {
				err = IllFormedRegCred
			}
		}
		if err == nil {
			nodeID, err = xi.New(id)
		}
	}
	if err == nil {
		line, err = xc.NextNBLine(&ss)
		if err == nil {
			parts = strings.Split(line, ": ")
			if len(parts) == 2 && parts[0] == "CommsPubKey" {
				ck, err = xc.RSAPubKeyFromDisk([]byte(parts[1]))
			} else {
				err = IllFormedRegCred
			}
		}
	}
	if err == nil {
		line, err = xc.NextNBLine(&ss)
		if err == nil {
			parts = strings.Split(line, ": ")
			if len(parts) == 2 && parts[0] == "SigPubKey" {
				sk, err = xc.RSAPubKeyFromDisk([]byte(parts[1]))
			} else {
				err = IllFormedRegCred
			}
		}
	}
	if err == nil {
		line, err = xc.NextNBLine(&ss)
		if err == nil {
			// collect EndPoints section; this should be turned into a
			// utility function
			if line == "EndPoints {" {
				for err == nil {
					line = strings.TrimSpace(ss[0]) // peek
					if line == "}" {
						break
					}
					line, err = xc.NextNBLine(&ss)
					if err == nil {
						line = strings.TrimSpace(line)
						parts := strings.Split(line, ": ")
						if len(parts) != 2 || parts[0] != "TcpEndPoint" {
							err = IllFormedRegCred
						} else {
							var ep xt.EndPointI
							ep, err = xt.NewTcpEndPoint(parts[1])
							if err == nil {
								e = append(e, ep)
							}
						}
					}
				}
				if err == nil {
					line, err = xc.NextNBLine(&ss)
					if (err == nil) && (line != "}") {
						err = MissingClosingBrace
					}
				}
			} else {
				err = MissingEndPointsSection
			}
		}
	}
	if err == nil {
		line, err = xc.NextNBLine(&ss)
		if err == nil {
			parts = strings.Split(line, ": ")
			if len(parts) == 2 && parts[0] == "Version" {
				version, err = xu.ParseDecimalVersion(parts[1])
			} else {
				err = IllFormedRegCred
			}
		}
	}
	if err == nil {
		rc = &RegCred{
			Name:        name,
			ID:          nodeID,
			CommsPubKey: ck,
			SigPubKey:   sk,
			EndPoints:   e,
			Version:     version,
		}
	}
	return
}