func main() {
showHelp := flag.Bool("h", false, "display a short usage message and exit")
flag.Parse()
if *showHelp {
usage()
os.Exit(0)
}
if flag.NArg() == 0 {
usage()
os.Exit(1)
}
for _, baseName := range flag.Args() {
pubFileName := fmt.Sprintf("%s.pub", baseName)
privFileName := fmt.Sprintf("%s.key", baseName)
pub, priv, err := ed25519.GenerateKey(rand.Reader)
die.If(err)
err = ioutil.WriteFile(pubFileName, pub[:], 0644)
die.If(err)
err = ioutil.WriteFile(privFileName, priv[:], 0600)
die.If(err)
}
}
func loadID(privName, pubName string) {
if pubName != "" {
pubFile, err := os.Open(pubName)
die.If(err)
defer pubFile.Close()
idPub = new([32]byte)
_, err = io.ReadFull(pubFile, idPub[:])
die.If(err)
}
if privName != "" {
privFile, err := os.Open(privName)
die.If(err)
defer privFile.Close()
idPriv = new([64]byte)
_, err = io.ReadFull(privFile, idPriv[:])
die.If(err)
}
}
func sender(host string) {
conn, err := net.Dial("tcp", host)
die.If(err)
defer conn.Close()
sch, ok := schannel.Dial(conn, idPriv, idPub)
if !ok {
die.With("failed to set up secure channel")
}
fmt.Println("secure channel established")
if !sch.Rekey() {
die.With("rekey failed")
}
for {
var p = make([]byte, 8192)
n, err := os.Stdin.Read(p)
if err == io.EOF {
break
}
die.If(err)
if !sch.Send(p[:n]) {
die.With("failed to send message (sdata=%d, sctr=%d)",
sch.SData, sch.SCtr)
}
}
sctr := sch.SCtr()
sdata := sch.SData
if !sch.Close() {
die.With("failed to shutdown channel properly")
}
fmt.Println("Secure channel tore down")
fmt.Printf("\t%d messages totalling %d bytes sent\n",
sctr, sdata)
return
}
func main() {
flag.Parse()
for _, fileName := range flag.Args() {
in, err := ioutil.ReadFile(fileName)
die.If(err)
if p, _ := pem.Decode(in); p != nil {
if p.Type != "CERTIFICATE REQUEST" {
log.Fatal("INVALID FILE TYPE")
}
in = p.Bytes
}
csr, err := x509.ParseCertificateRequest(in)
die.If(err)
out, err := x509.MarshalPKIXPublicKey(csr.PublicKey)
die.If(err)
var t string
switch pub := csr.PublicKey.(type) {
case *rsa.PublicKey:
t = "RSA PUBLIC KEY"
case *ecdsa.PublicKey:
t = "EC PUBLIC KEY"
default:
die.With("unrecognised public key type %T", pub)
}
p := &pem.Block{
Type: t,
Bytes: out,
}
err = ioutil.WriteFile(fileName+".pub", pem.EncodeToMemory(p), 0644)
die.If(err)
fmt.Printf("[+] wrote %s.\n", fileName+".pub")
}
}
func listener(stayOpen bool, port string) {
ln, err := net.Listen("tcp", ":"+port)
die.If(err)
fmt.Println("Listening on", ":"+port)
for {
conn, err := ln.Accept()
if err != nil {
fmt.Printf("Connection error: %v\n", err)
continue
}
newChannel(conn)
if !stayOpen {
break
}
}
}
func main() {
quiet := flag.Bool("nl", false, "No line-numbering.")
flag.Parse()
if flag.NArg() < 2 || flag.NArg() > 3 {
usage()
os.Exit(1)
}
start, err := strconv.Atoi(flag.Arg(1))
die.If(err)
var end int
var offset bool
if flag.NArg() == 3 {
endStr := flag.Arg(2)
if endStr[0] == '+' {
offset = true
endStr = endStr[1:]
}
end, err = strconv.Atoi(endStr)
die.If(err)
if offset {
end += start
}
}
file, err := os.Open(flag.Arg(0))
die.If(err)
defer file.Close()
scanner := bufio.NewScanner(file)
// initial empty line to start numbering at 1.
var lines = make([]string, 1)
for scanner.Scan() {
lines = append(lines, scanner.Text())
}
if end == 0 {
end = len(lines) - 1
}
if end < start {
fmt.Fprintln(os.Stderr, "[!] end < start, swapping values")
tmp := end
end = start
start = tmp
}
var fmtStr string
if !*quiet {
maxLine := fmt.Sprintf("%d", len(lines))
fmtStr = fmt.Sprintf("%%0%dd: %%s", len(maxLine))
}
endFunc := func(n int) bool {
if n == 0 {
return false
}
if n > end {
return true
}
return false
}
fmtStr += "\n"
for i := start; !endFunc(i); i++ {
if *quiet {
fmt.Println(lines[i])
} else {
fmt.Printf(fmtStr, i, lines[i])
}
}
}
func main() {
var caFile, intFile string
var forceIntermediateBundle, revexp, verbose bool
flag.StringVar(&caFile, "ca", "", "CA certificate `bundle`")
flag.StringVar(&intFile, "i", "", "intermediate `bundle`")
flag.BoolVar(&forceIntermediateBundle, "f", false,
"force the use of the intermediate bundle, ignoring any intermediates bundled with certificate")
flag.BoolVar(&revexp, "r", false, "print revocation and expiry information")
flag.BoolVar(&verbose, "v", false, "verbose")
flag.Parse()
var roots *x509.CertPool
if caFile != "" {
var err error
if verbose {
fmt.Println("[+] loading root certificates from", caFile)
}
roots, err = helpers.LoadPEMCertPool(caFile)
die.If(err)
}
var ints *x509.CertPool
if intFile != "" {
var err error
if verbose {
fmt.Println("[+] loading intermediate certificates from", intFile)
}
ints, err = helpers.LoadPEMCertPool(caFile)
die.If(err)
} else {
ints = x509.NewCertPool()
}
if flag.NArg() != 1 {
fmt.Fprintf(os.Stderr, "Usage: %s [-ca bundle] [-i bundle] cert",
lib.ProgName())
}
fileData, err := ioutil.ReadFile(flag.Arg(0))
die.If(err)
chain, err := helpers.ParseCertificatesPEM(fileData)
die.If(err)
if verbose {
fmt.Printf("[+] %s has %d certificates\n", flag.Arg(0), len(chain))
}
cert := chain[0]
if len(chain) > 1 {
if !forceIntermediateBundle {
for _, intermediate := range chain[1:] {
if verbose {
fmt.Printf("[+] adding intermediate with SKI %x\n", intermediate.SubjectKeyId)
}
ints.AddCert(intermediate)
}
}
}
opts := x509.VerifyOptions{
Intermediates: ints,
Roots: roots,
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
}
_, err = cert.Verify(opts)
if err != nil {
fmt.Fprintf(os.Stderr, "Verification failed: %v\n", err)
os.Exit(1)
}
if verbose {
fmt.Println("OK")
}
if revexp {
printRevocation(cert)
}
}
func main() {
var keyFile, certFile string
flag.StringVar(&keyFile, "k", "", "TLS private `key` file")
flag.StringVar(&certFile, "c", "", "TLS `certificate` file")
flag.Parse()
in, err := ioutil.ReadFile(certFile)
die.If(err)
p, _ := pem.Decode(in)
if p != nil {
if p.Type != "CERTIFICATE" {
die.With("invalid certificate (type is %s)", p.Type)
}
in = p.Bytes
}
cert, err := x509.ParseCertificate(in)
die.If(err)
priv, err := loadKey(keyFile)
die.If(err)
switch pub := priv.Public().(type) {
case *rsa.PublicKey:
switch certPub := cert.PublicKey.(type) {
case *rsa.PublicKey:
if pub.N.Cmp(certPub.N) != 0 || pub.E != certPub.E {
fmt.Println("No match (public keys don't match).")
os.Exit(1)
}
fmt.Println("Match.")
return
case *ecdsa.PublicKey:
fmt.Println("No match (RSA private key, EC public key).")
os.Exit(1)
}
case *ecdsa.PublicKey:
privCurve := getECCurve(pub)
certCurve := getECCurve(cert.PublicKey)
log.Printf("priv: %d\tcert: %d\n", privCurve, certCurve)
if certCurve == curveRSA {
fmt.Println("No match (private key is EC, certificate is RSA).")
os.Exit(1)
} else if privCurve == curveInvalid {
fmt.Println("No match (invalid private key curve).")
os.Exit(1)
} else if privCurve != certCurve {
fmt.Println("No match (EC curves don't match).")
os.Exit(1)
}
certPub := cert.PublicKey.(*ecdsa.PublicKey)
if pub.X.Cmp(certPub.X) != 0 {
fmt.Println("No match (public keys don't match).")
os.Exit(1)
}
if pub.Y.Cmp(certPub.Y) != 0 {
fmt.Println("No match (public keys don't match).")
os.Exit(1)
}
fmt.Println("Match.")
default:
fmt.Printf("Unrecognised private key type: %T\n", priv.Public())
os.Exit(1)
}
}
