func testCertificates(ch <-chan []byte, wg *sync.WaitGroup) { var h detectcoll.Hash if *md5 { h = detectcoll.NewMD5() } else { if *thorough { h = detectcoll.NewSHA1Thorough() } else { h = detectcoll.NewSHA1() } } for blob := range ch { cert, err := x509.ParseCertificate(blob) if err != nil { // log.Printf("Error in cert %v: %s", err, base64.StdEncoding.EncodeToString(blob)) continue } h.Write(cert.RawTBSCertificate) if sum, ok := h.DetectSum(nil); !ok { log.Printf("Certificate has possible collision (hash=%x)", sum) log.Print(base64.StdEncoding.EncodeToString(blob)) } h.Reset() } wg.Done() }
func printModuli(ch <-chan []byte) { smallest := big.NewInt(65537) for blob := range ch { cert, err := x509.ParseCertificate(blob) if err != nil { log.Printf("Error in cert %v: %s", err, base64.StdEncoding.EncodeToString(blob)) continue } if cert.PublicKeyAlgorithm != x509.RSA { log.Printf("Skipping non-RSA certificate") continue } pk := cert.PublicKey.(*rsa.PublicKey) if pk.N.Cmp(smallest) < 1 { log.Printf("Skipping small/negative modulus") continue } fmt.Printf("%x,%s\n", pk.N, base64.StdEncoding.EncodeToString(cert.Raw)) } }