func RandomString(n int) string { randInt, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64)) if err != nil { panic(err) } buf := make([]byte, n) for n, cache, remaining := n-1, randInt.Int64(), charMax; n >= 0; { if remaining == 0 { randInt, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64)) if err != nil { panic(err) } cache, remaining = randInt.Int64(), charMax } if idx := int(cache & charMask); idx < len(charBytes) { buf[n] = charBytes[idx] n-- } cache >>= charBits remaining-- } return string(buf) }
func TestTripartiteDiffieHellman(t *testing.T) { a, _ := rand.Int(rand.Reader, Order) b, _ := rand.Int(rand.Reader, Order) c, _ := rand.Int(rand.Reader, Order) pa := new(G1).ScalarBaseMult(a) qa := new(G2).ScalarBaseMult(a) pb := new(G1).ScalarBaseMult(b) qb := new(G2).ScalarBaseMult(b) pc := new(G1).ScalarBaseMult(c) qc := new(G2).ScalarBaseMult(c) k1 := Pair(pb, qc) k1.ScalarMult(k1, a) k1Bytes := k1.Marshal() k2 := Pair(pc, qa) k2.ScalarMult(k2, b) k2Bytes := k2.Marshal() k3 := Pair(pa, qb) k3.ScalarMult(k3, c) k3Bytes := k3.Marshal() if !bytes.Equal(k1Bytes, k2Bytes) || !bytes.Equal(k2Bytes, k3Bytes) { t.Errorf("keys didn't agree") } }
func (self *DHGroup) GeneratePrivateKey(randReader io.Reader) (key *DHKey, err error) { if randReader == nil { randReader = rand.Reader } // x should be in (0, p). // alternative approach: // x, err := big.Add(rand.Int(randReader, big.Sub(p, big.NewInt(1))), big.NewInt(1)) // // However, since x is highly unlikely to be zero if p is big enough, // we would rather use an iterative approach below, // which is more efficient in terms of exptected running time. x, err := rand.Int(randReader, self.p) if err != nil { return } zero := big.NewInt(0) for x.Cmp(zero) == 0 { x, err = rand.Int(randReader, self.p) if err != nil { return } } key = new(DHKey) key.x = x // y = g ^ x mod p key.y = new(big.Int).Exp(self.g, x, self.p) key.group = self return }
func ExamplePair() { // This implements the tripartite Diffie-Hellman algorithm from "A One // Round Protocol for Tripartite Diffie-Hellman", A. Joux. // http://www.springerlink.com/content/cddc57yyva0hburb/fulltext.pdf // Each of three parties, a, b and c, generate a private value. a, _ := rand.Int(rand.Reader, Order) b, _ := rand.Int(rand.Reader, Order) c, _ := rand.Int(rand.Reader, Order) // Then each party calculates g₁ and g₂ times their private value. pa := new(G1).ScalarBaseMult(a) qa := new(G2).ScalarBaseMult(a) pb := new(G1).ScalarBaseMult(b) qb := new(G2).ScalarBaseMult(b) pc := new(G1).ScalarBaseMult(c) qc := new(G2).ScalarBaseMult(c) // Now each party exchanges its public values with the other two and // all parties can calculate the shared key. k1 := Pair(pb, qc) k1.ScalarMult(k1, a) k2 := Pair(pc, qa) k2.ScalarMult(k2, b) k3 := Pair(pa, qb) k3.ScalarMult(k3, c) // k1, k2 and k3 will all be equal. }
// TestConcurrentSameData tests between 100 and 200 concurrent writes of // identical data to the API. func (s *TestSuite) TestConcurrentSameData(c *C) { b, err := rand.Int(rand.Reader, big.NewInt(int64(100))) c.Assert(err, IsNil) count := 100 + int(b.Int64()) wg := sync.WaitGroup{} wg.Add(count) bi, err := rand.Int(rand.Reader, big.NewInt(int64(int(MiB)-1))) c.Assert(err, IsNil) size := int(bi.Int64()) + 1 value := make([]byte, size) _, err = rand.Read(value) c.Assert(err, IsNil) writer := func() { resp, err := http.Post(s.url, "", bytes.NewBuffer(value)) defer resp.Body.Close() c.Assert(err, IsNil) if resp.StatusCode != 200 && resp.StatusCode != 201 { c.Fatal("Expected status 200 or 201, but got", resp.StatusCode) } // Done wg.Done() } for i := 0; i < count; i++ { go writer() } wg.Wait() }
func VoteOne(c elliptic.Curve, px *big.Int, py *big.Int) *Checkbox { var err error h := new(Checkbox) h.s, err = rand.Int(rand.Reader, c.Params().N) if err != nil { panic("this shouldn't happen") } h.ax, h.ay = c.ScalarBaseMult(h.s.Bytes()) tx, ty := c.ScalarMult(px, py, h.s.Bytes()) h.bx, h.by = c.Add(tx, ty, c.Params().Gx, c.Params().Gy) //TODO: refactor: lots of similar logic here but parts very //c2, r2 fake, c1 r1 genuine //Form the faked challenge h.c2, err = rand.Int(rand.Reader, c.Params().N) if err != nil { panic("this shouldn't happen") } h.r2, err = rand.Int(rand.Reader, c.Params().N) if err != nil { panic("this shouldn't happen") } //Compute the commitments v3, v4 as the verifier will v3x, v3y := doublescalarmult(c, c.Params().Gx, c.Params().Gy, h.r2.Bytes(), h.ax, h.ay, h.c2.Bytes()) v4x, v4y := doublescalarmult(c, px, py, h.r2.Bytes(), h.bx, h.by, h.c2.Bytes()) //Commit to other side s1, err := rand.Int(rand.Reader, c.Params().N) if err != nil { panic("something deeply wrong") } v1x, v1y := c.ScalarBaseMult(s1.Bytes()) v2x, v2y := c.ScalarMult(px, py, s1.Bytes()) //Compute the total challenge var entries [6][]byte entries[0] = elliptic.Marshal(c, h.ax, h.ay) entries[1] = elliptic.Marshal(c, h.bx, h.by) entries[2] = elliptic.Marshal(c, v1x, v1y) entries[3] = elliptic.Marshal(c, v2x, v2y) entries[4] = elliptic.Marshal(c, v3x, v3y) entries[5] = elliptic.Marshal(c, v4x, v4y) challenge := sha256.Sum256(bytes.Join(entries[:], []byte{})) ctot := big.NewInt(0) ctot.SetBytes(challenge[:]) ctot.Mod(ctot, c.Params().N) h.c1 = big.NewInt(0) h.c1.Sub(ctot, h.c2) h.c1.Mod(h.c1, c.Params().N) //r=s1-c1*h.s t := big.NewInt(0) t.Mul(h.c1, h.s) t.Mod(t, c.Params().N) t.Sub(s1, t) t.Mod(t, c.Params().N) h.r1 = t return h }
/** * Tests that the key is correctly updated in each node's storage system. */ func testSingleProposerUpdateKey(doneChan chan bool) { key := "b" // send first proposal randint, _ := crand.Int(crand.Reader, big.NewInt(math.MaxInt64)) rand.Seed(randint.Int64()) value := rand.Uint32() if _, ok := pt.cliMap[1]; !ok { LOGE.Println("FAIL: missing node 1") doneChan <- false return } pnum, err := pt.GetNextProposalNumber(key, 1) reply, err := pt.Propose(key, value, pnum.N, 1) if err != nil { printFailErr("Propose", err) doneChan <- false return } // send second proposal randint, _ = crand.Int(crand.Reader, big.NewInt(math.MaxInt64)) rand.Seed(randint.Int64()) value = rand.Uint32() pnum2, err := pt.GetNextProposalNumber(key, 1) // the proposal numbers should be monotonically increasing if pnum.N >= pnum2.N { LOGE.Println("FAIL: newer proposal number is less than or equal to older proposal number") doneChan <- false return } reply, err = pt.Propose(key, value, pnum2.N, 1) if err != nil { printFailErr("Propose", err) doneChan <- false return } if !checkProposeReply(reply, key, value) { doneChan <- false return } if !checkGetValueAll(key, value) { doneChan <- false return } doneChan <- true }
func getNewIds() (dlId, cookieName string) { dlId = "" for { _, ex := currentBounces[dlId] if !ex && (len(dlId) > 0) { break } r, _ := rand.Int(rand.Reader, big.NewInt(maxRand)) dlId = fmt.Sprintf("%s", hex.EncodeToString(r.Bytes())) } r, _ := rand.Int(rand.Reader, big.NewInt(maxRand)) cookieName = fmt.Sprintf("Dl-%s", hex.EncodeToString(r.Bytes())) return }
// Generates and opens a temporary file with a defined prefix and suffix // This is the same api as ioutil.TempFile accept it accepts a suffix // TODO: see if this is too slow func TempFile(dir, prefix string, suffix string) (f *os.File, err error) { if dir == "" { dir = os.TempDir() } // The maximum size of random file count // TODO: see if we can do this at package scope somehow var maxRand *big.Int = big.NewInt(0) maxRand.SetString("FFFFFFFFFFFFFFFF", 16) var randNum *big.Int for i := 0; i < 10000; i++ { // Generate random part of the path name randNum, err = rand.Int(rand.Reader, maxRand) if err != nil { return } // Transform to an int randString := hex.EncodeToString(randNum.Bytes()) // Attempt to open file and fail if it already exists name := filepath.Join(dir, prefix+randString+suffix) f, err = os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600) if os.IsExist(err) { continue } break } return }
func (s *Sessions) Begin(userid string, displayName, photoUrl *string) ( *http.Cookie, error) { n, err := rand.Int(rand.Reader, big.NewInt(1<<62)) if err != nil { return nil, err } sid := n.String() var uv userView uv.Id = userid if displayName != nil { uv.Name = *displayName } else { uv.Name = "" } if photoUrl != nil { uv.PhotoUrl = *photoUrl } else { uv.PhotoUrl = "/images/unknown_avatar.png" } s.lock.Lock() s.sidToUser[sid] = uv s.lock.Unlock() cookie := http.Cookie{ Name: sidCookie, Value: sid, } return &cookie, nil }
// Encrypt encrypts the given message to the given public key. The result is a // pair of integers. Errors can result from reading random, or because msg is // too large to be encrypted to the public key. func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { pLen := (pub.P.BitLen() + 7) / 8 if len(msg) > pLen-11 { err = errors.New("elgamal: message too long") return } // EM = 0x02 || PS || 0x00 || M em := make([]byte, pLen-1) em[0] = 2 ps, mm := em[1:len(em)-len(msg)-1], em[len(em)-len(msg):] err = nonZeroRandomBytes(ps, random) if err != nil { return } em[len(em)-len(msg)-1] = 0 copy(mm, msg) m := new(big.Int).SetBytes(em) k, err := rand.Int(random, pub.P) if err != nil { return } c1 = new(big.Int).Exp(pub.G, k, pub.P) s := new(big.Int).Exp(pub.Y, k, pub.P) c2 = s.Mul(s, m) c2.Mod(c2, pub.P) return }
func generateRandomName() string { n, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64)) if err != nil { log.Fatalf("Unable to generate random container name: %v\n", err) } return fmt.Sprintf("image-inspector-%016x", n) }
func (s realSource) generate() *big.Int { randInt, err := rand.Int(rand.Reader, maxBigInt) if err != nil { panic(err) } return randInt }
func Handler(rw http.ResponseWriter, req *http.Request) { requestLogId, err := rand.Int(rand.Reader, big.NewInt(999999)) if err != nil { glog.Errorf("Failed to get a random number. Err:%s", err) } context.Set(req, RequestLogIdKey, fmt.Sprintf("%06d", requestLogId)) if glog.V(2) { glog.Infof("Session request tagged %06d started with url: %s", requestLogId, req.URL) } checkCredentials(req) router := mux.NewRouter() router.HandleFunc("/session/users", doUser).Methods("PUT") router.HandleFunc("/session/user/{SysUserId}", doUser).Methods("POST") router.HandleFunc("/session/user/{EmailAddr}/token/{Token}", verifyEmail).Methods("GET") router.HandleFunc("/session/login", doLogin).Methods("POST") router.HandleFunc("/session/login", getLogin).Methods("GET") router.HandleFunc("/session/reset/{EmailAddr}", getResetToken).Methods("GET") router.HandleFunc("/session/reset/{EmailAddr}/token/{Token}", useResetToken).Methods("GET") router.HandleFunc("/session/logout", doLogout).Methods("POST") router.ServeHTTP(rw, req) }
func (ka *dheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { var q *big.Int if p := config.Bugs.DHGroupPrime; p != nil { ka.p = p ka.g = big.NewInt(2) q = p } else { // 2048-bit MODP Group with 256-bit Prime Order Subgroup (RFC // 5114, Section 2.3) ka.p, _ = new(big.Int).SetString("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", 16) ka.g, _ = new(big.Int).SetString("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", 16) q, _ = new(big.Int).SetString("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", 16) } var err error ka.xOurs, err = rand.Int(config.rand(), q) if err != nil { return nil, err } yOurs := new(big.Int).Exp(ka.g, ka.xOurs, ka.p) // http://tools.ietf.org/html/rfc5246#section-7.4.3 pBytes := ka.p.Bytes() gBytes := ka.g.Bytes() yBytes := yOurs.Bytes() serverDHParams := make([]byte, 0, 2+len(pBytes)+2+len(gBytes)+2+len(yBytes)) serverDHParams = append(serverDHParams, byte(len(pBytes)>>8), byte(len(pBytes))) serverDHParams = append(serverDHParams, pBytes...) serverDHParams = append(serverDHParams, byte(len(gBytes)>>8), byte(len(gBytes))) serverDHParams = append(serverDHParams, gBytes...) serverDHParams = append(serverDHParams, byte(len(yBytes)>>8), byte(len(yBytes))) serverDHParams = append(serverDHParams, yBytes...) return ka.auth.signParameters(config, cert, clientHello, hello, serverDHParams) }
// Generate a new cyclic group and generator of given bits size. func New(random io.Reader, bits int) (*Group, error) { for { // Generate a large prime of size 'bits'-1 q, err := rand.Prime(random, bits-1) if err != nil { return nil, err } // Calculate the safe prime p=2q+1 of order 'bits' p := new(big.Int).Mul(q, big.NewInt(2)) p = new(big.Int).Add(p, big.NewInt(1)) // Probability of p being non-prime is negligible if p.ProbablyPrime(negligibleExp / 2) { for { // Generate a generator of p a, err := rand.Int(random, p) if err != nil { return nil, err } // Ensure generator order is not 2 (efficiency) if b := new(big.Int).Exp(a, big.NewInt(2), p); b.Cmp(big.NewInt(1)) == 0 { continue } // Return if generator order is q if b := new(big.Int).Exp(a, q, p); b.Cmp(big.NewInt(1)) == 0 { return &Group{p, a}, nil } } } } }
func generateCert(privKey *rsa.PrivateKey, domain string) ([]byte, error) { serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { return nil, err } template := x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ CommonName: "ACME Challenge TEMP", }, NotBefore: time.Now(), NotAfter: time.Now().Add(365), KeyUsage: x509.KeyUsageKeyEncipherment, BasicConstraintsValid: true, DNSNames: []string{domain}, } derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey) if err != nil { return nil, err } return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}), nil }
// randInt returns a random number from 0 to max - 1. func randInt(max int) int { b, err := rand.Int(rand.Reader, big.NewInt(int64(max))) if err != nil { log.Fatal(err) } return int(b.Int64()) }
func rand(max *big.Int) int64 { i, err := urandom.Int(urandom.Reader, max) if err != nil { return prandom.Int63n(max.Int64()) } return i.Int64() }
func main() { spec := options.NewOptions(mySpec).SetParseCallback(MyParseCallback) opt := spec.Parse(os.Args[1:]) fmt.Printf("I will concatenate the files: %q\n", opt.Extra) if n { fmt.Println("I will number each line") } if e { fmt.Println("I will escape each line") } if r != 1 { fmt.Printf("I will repeat each line %d times\n", r) } if v > 0 { fmt.Printf("I will be verbose (level %d)\n", v) } fmt.Printf("Input charset: %s\n", in) fmt.Printf("Output charset: %s\n", out) fmt.Printf("Chance for a cookie: %.2f\n", c) var max = big.NewInt(1000) rnd, _ := rand.Int(rand.Reader, max) if cInt > rnd.Int64() { fmt.Println("*** You got a cookie! Yay! ***") } }
func (crtkit *CertKit) GenerateServer(subject pkix.Name, host, email string, NotBefore ...time.Time) error { var e error var derBytes []byte var notBefore time.Time priv, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { return errors.New(fmt.Sprintf("failed to generate private key: %s", err)) } if len(NotBefore) > 0 { notBefore = NotBefore[0] } else { notBefore = time.Now() } serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128)) if err != nil { return errors.New(fmt.Sprintf("failed to generate serial number: %s", err)) } if host == "" { host, _ = os.Hostname() } Goose.Generator.Logf(6, "Certificate authority used: %#v", crtkit.CACert) template := x509.Certificate{ SerialNumber: serialNumber, Subject: subject, IsCA: false, NotBefore: notBefore, NotAfter: notBefore.Add(365 * 24 * time.Hour), DNSNames: []string{host, strings.Split(host, ".")[0]}, AuthorityKeyId: crtkit.CACert.SubjectKeyId, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, BasicConstraintsValid: true, } Goose.Generator.Logf(4, "X509 Template: %#v", template) if crtkit.CACert.CRLDistributionPoints != nil { template.CRLDistributionPoints = crtkit.CACert.CRLDistributionPoints } else { Goose.Generator.Logf(1, "Certificate authority without CRL distribution points") } crtkit.ServerKey = priv crtkit.ServerCert = &template derBytes, e = x509.CreateCertificate(rand.Reader, &template, crtkit.CACert, &priv.PublicKey, crtkit.CAKey) if e != nil { return errors.New(fmt.Sprintf("Failed to create certificate: %s", e)) } Goose.Generator.Logf(4, "DER Certificate: %s", derBytes) crtkit.ServerCertPem = pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) crtkit.ServerKeyPem = pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) Goose.Generator.Logf(4, "PEM Certificate: %s", crtkit.ServerCertPem) return nil }
// GenerateSerialNumber generates a serial number suitable for a certificate func GenerateSerialNumber() (*big.Int, error) { serial, err := rand.Int(rand.Reader, (&big.Int{}).Exp(big.NewInt(2), big.NewInt(159), nil)) if err != nil { return nil, InternalError{Err: fmt.Sprintf("error generating serial number: %v", err)} } return serial, nil }
// This function handles the create requests. func create_keys(base int, count int, r [2]int) { var key int for i := 0; i < count; i++ { key = base + i m, _ := rand.Int(rand.Reader, big.NewInt(int64(r[1]-r[0]))) r1 := int(m.Int64()) + r[0] value := RandStringBytesRmndr(r1) start = time.Now() _, err := client.Set(toString(key), value, 1000) elapsed := time.Since(start) log.Println("key %s took %s", key, elapsed) // This part is helpful in generating the commandline report var errStr string if err != nil { errStr = err.Error() } results <- &result{ errStr: errStr, duration: elapsed, } } defer wg.Done() }
// TestAESRelatedUtilFunctions tests various functions commonly used in fabric wrt AES func TestAESRelatedUtilFunctions(t *testing.T) { key, err := GetRandomBytes(32) if err != nil { t.Fatalf("Failed generating AES key [%s]", err) } for i := 1; i < 100; i++ { l, err := rand.Int(rand.Reader, big.NewInt(1024)) if err != nil { t.Fatalf("Failed generating AES key [%s]", err) } msg, err := GetRandomBytes(int(l.Int64()) + 1) if err != nil { t.Fatalf("Failed generating AES key [%s]", err) } ct, err := AESCBCPKCS7Encrypt(key, msg) if err != nil { t.Fatalf("Failed encrypting [%s]", err) } msg2, err := AESCBCPKCS7Decrypt(key, ct) if err != nil { t.Fatalf("Failed decrypting [%s]", err) } if 0 != bytes.Compare(msg, msg2) { t.Fatalf("Wrong decryption output [%x][%x]", msg, msg2) } } }
func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain string) ([]byte, error) { serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { return nil, err } if expiration.IsZero() { expiration = time.Now().Add(365) } template := x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ CommonName: "ACME Challenge TEMP", }, NotBefore: time.Now(), NotAfter: expiration, KeyUsage: x509.KeyUsageKeyEncipherment, BasicConstraintsValid: true, DNSNames: []string{domain}, } return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey) }
/** * Tests that a single proposal should be able to * successfully be committed to every node. */ func testSingleProposerSingleProposal(doneChan chan bool) { key := "a" randint, _ := crand.Int(crand.Reader, big.NewInt(math.MaxInt64)) rand.Seed(randint.Int64()) value := rand.Uint32() if _, ok := pt.cliMap[1]; !ok { LOGE.Println("FAIL: missing node 1") doneChan <- false return } pnum, err := pt.GetNextProposalNumber(key, 1) reply, err := pt.Propose(key, value, pnum.N, 1) if err != nil { printFailErr("Propose", err) doneChan <- false return } if !checkProposeReply(reply, key, value) { doneChan <- false return } if !checkGetValueAll(key, value) { doneChan <- false return } doneChan <- true }
// newTemplate returns a partially-filled template. // It should be further populated based on whether the cert is for a CA or node. func newTemplate(commonName string) (*x509.Certificate, error) { // Generate a random serial number. serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { return nil, err } notBefore := timeutil.Now().Add(validFrom) notAfter := notBefore.Add(validFor) cert := &x509.Certificate{ SerialNumber: serialNumber, Subject: pkix.Name{ Organization: []string{"Cockroach"}, CommonName: commonName, }, NotBefore: notBefore, NotAfter: notAfter, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, } return cert, nil }
func (s source) Int63() int64 { i, err := crand.Int(s, maxInt63) if err != nil { panic(fmt.Errorf("crypto/rand.Int returned error: %v", err)) } return i.Int64() }
func NewSignedCertificate(cfg CertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error) { serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64)) if err != nil { return nil, err } certTmpl := x509.Certificate{ Subject: pkix.Name{ CommonName: cfg.CommonName, Organization: caCert.Subject.Organization, }, DNSNames: cfg.AltNames.DNSNames, IPAddresses: cfg.AltNames.IPs, SerialNumber: serial, NotBefore: caCert.NotBefore, NotAfter: time.Now().Add(Duration365d).UTC(), KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, } certDERBytes, err := x509.CreateCertificate(rand.Reader, &certTmpl, caCert, key.Public(), caKey) if err != nil { return nil, err } return x509.ParseCertificate(certDERBytes) }
func SessionMiddleware(cs *sessions.CookieStore) routing.Handler { return func(c *routing.Context) error { session, err := cs.Get(c.Request, SESSION_NAME) if err != nil { return routing.NewHTTPError(http.StatusInternalServerError, err.Error()) } if session.IsNew { randId, _ := rand.Int(rand.Reader, big.NewInt(100000)) randInt, _ := rand.Int(rand.Reader, big.NewInt(3)) session.Values["id"] = randId.String() session.Values["uid"] = randInt.String() } session.Save(c.Request, c.Response) return nil } }