Пример #1
0
func main() {
	showHelp := flag.Bool("h", false, "display a short usage message and exit")
	flag.Parse()

	if *showHelp {
		usage()
		os.Exit(0)
	}

	if flag.NArg() == 0 {
		usage()
		os.Exit(1)
	}

	for _, baseName := range flag.Args() {
		pubFileName := fmt.Sprintf("%s.pub", baseName)
		privFileName := fmt.Sprintf("%s.key", baseName)

		pub, priv, err := ed25519.GenerateKey(rand.Reader)
		die.If(err)

		err = ioutil.WriteFile(pubFileName, pub[:], 0644)
		die.If(err)

		err = ioutil.WriteFile(privFileName, priv[:], 0600)
		die.If(err)
	}
}
Пример #2
0
func loadID(privName, pubName string) {
	if pubName != "" {
		pubFile, err := os.Open(pubName)
		die.If(err)
		defer pubFile.Close()

		idPub = new([32]byte)
		_, err = io.ReadFull(pubFile, idPub[:])
		die.If(err)
	}

	if privName != "" {
		privFile, err := os.Open(privName)
		die.If(err)
		defer privFile.Close()

		idPriv = new([64]byte)
		_, err = io.ReadFull(privFile, idPriv[:])
		die.If(err)
	}
}
Пример #3
0
func sender(host string) {
	conn, err := net.Dial("tcp", host)
	die.If(err)
	defer conn.Close()

	sch, ok := schannel.Dial(conn, idPriv, idPub)
	if !ok {
		die.With("failed to set up secure channel")
	}
	fmt.Println("secure channel established")

	if !sch.Rekey() {
		die.With("rekey failed")
	}

	for {
		var p = make([]byte, 8192)
		n, err := os.Stdin.Read(p)
		if err == io.EOF {
			break
		}
		die.If(err)

		if !sch.Send(p[:n]) {
			die.With("failed to send message (sdata=%d, sctr=%d)",
				sch.SData, sch.SCtr)
		}
	}

	sctr := sch.SCtr()
	sdata := sch.SData
	if !sch.Close() {
		die.With("failed to shutdown channel properly")
	}
	fmt.Println("Secure channel tore down")
	fmt.Printf("\t%d messages totalling %d bytes sent\n",
		sctr, sdata)

	return
}
Пример #4
0
func main() {
	flag.Parse()

	for _, fileName := range flag.Args() {
		in, err := ioutil.ReadFile(fileName)
		die.If(err)

		if p, _ := pem.Decode(in); p != nil {
			if p.Type != "CERTIFICATE REQUEST" {
				log.Fatal("INVALID FILE TYPE")
			}
			in = p.Bytes
		}

		csr, err := x509.ParseCertificateRequest(in)
		die.If(err)

		out, err := x509.MarshalPKIXPublicKey(csr.PublicKey)
		die.If(err)

		var t string
		switch pub := csr.PublicKey.(type) {
		case *rsa.PublicKey:
			t = "RSA PUBLIC KEY"
		case *ecdsa.PublicKey:
			t = "EC PUBLIC KEY"
		default:
			die.With("unrecognised public key type %T", pub)
		}

		p := &pem.Block{
			Type:  t,
			Bytes: out,
		}

		err = ioutil.WriteFile(fileName+".pub", pem.EncodeToMemory(p), 0644)
		die.If(err)
		fmt.Printf("[+] wrote %s.\n", fileName+".pub")
	}
}
Пример #5
0
func listener(stayOpen bool, port string) {
	ln, err := net.Listen("tcp", ":"+port)
	die.If(err)

	fmt.Println("Listening on", ":"+port)
	for {
		conn, err := ln.Accept()
		if err != nil {
			fmt.Printf("Connection error: %v\n", err)
			continue
		}

		newChannel(conn)
		if !stayOpen {
			break
		}
	}
}
Пример #6
0
func main() {
	quiet := flag.Bool("nl", false, "No line-numbering.")
	flag.Parse()

	if flag.NArg() < 2 || flag.NArg() > 3 {
		usage()
		os.Exit(1)
	}

	start, err := strconv.Atoi(flag.Arg(1))
	die.If(err)

	var end int
	var offset bool
	if flag.NArg() == 3 {
		endStr := flag.Arg(2)
		if endStr[0] == '+' {
			offset = true
			endStr = endStr[1:]
		}
		end, err = strconv.Atoi(endStr)
		die.If(err)
		if offset {
			end += start
		}
	}

	file, err := os.Open(flag.Arg(0))
	die.If(err)
	defer file.Close()

	scanner := bufio.NewScanner(file)

	// initial empty line to start numbering at 1.
	var lines = make([]string, 1)
	for scanner.Scan() {
		lines = append(lines, scanner.Text())
	}

	if end == 0 {
		end = len(lines) - 1
	}

	if end < start {
		fmt.Fprintln(os.Stderr, "[!] end < start, swapping values")
		tmp := end
		end = start
		start = tmp
	}

	var fmtStr string

	if !*quiet {
		maxLine := fmt.Sprintf("%d", len(lines))
		fmtStr = fmt.Sprintf("%%0%dd: %%s", len(maxLine))
	}

	endFunc := func(n int) bool {
		if n == 0 {
			return false
		}

		if n > end {
			return true
		}
		return false
	}

	fmtStr += "\n"
	for i := start; !endFunc(i); i++ {
		if *quiet {
			fmt.Println(lines[i])
		} else {
			fmt.Printf(fmtStr, i, lines[i])
		}
	}
}
Пример #7
0
func main() {
	var caFile, intFile string
	var forceIntermediateBundle, revexp, verbose bool
	flag.StringVar(&caFile, "ca", "", "CA certificate `bundle`")
	flag.StringVar(&intFile, "i", "", "intermediate `bundle`")
	flag.BoolVar(&forceIntermediateBundle, "f", false,
		"force the use of the intermediate bundle, ignoring any intermediates bundled with certificate")
	flag.BoolVar(&revexp, "r", false, "print revocation and expiry information")
	flag.BoolVar(&verbose, "v", false, "verbose")
	flag.Parse()

	var roots *x509.CertPool
	if caFile != "" {
		var err error
		if verbose {
			fmt.Println("[+] loading root certificates from", caFile)
		}
		roots, err = helpers.LoadPEMCertPool(caFile)
		die.If(err)
	}

	var ints *x509.CertPool
	if intFile != "" {
		var err error
		if verbose {
			fmt.Println("[+] loading intermediate certificates from", intFile)
		}
		ints, err = helpers.LoadPEMCertPool(caFile)
		die.If(err)
	} else {
		ints = x509.NewCertPool()
	}

	if flag.NArg() != 1 {
		fmt.Fprintf(os.Stderr, "Usage: %s [-ca bundle] [-i bundle] cert",
			lib.ProgName())
	}

	fileData, err := ioutil.ReadFile(flag.Arg(0))
	die.If(err)

	chain, err := helpers.ParseCertificatesPEM(fileData)
	die.If(err)
	if verbose {
		fmt.Printf("[+] %s has %d certificates\n", flag.Arg(0), len(chain))
	}

	cert := chain[0]
	if len(chain) > 1 {
		if !forceIntermediateBundle {
			for _, intermediate := range chain[1:] {
				if verbose {
					fmt.Printf("[+] adding intermediate with SKI %x\n", intermediate.SubjectKeyId)
				}

				ints.AddCert(intermediate)
			}
		}
	}

	opts := x509.VerifyOptions{
		Intermediates: ints,
		Roots:         roots,
		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
	}

	_, err = cert.Verify(opts)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Verification failed: %v\n", err)
		os.Exit(1)
	}

	if verbose {
		fmt.Println("OK")
	}

	if revexp {
		printRevocation(cert)
	}
}
Пример #8
0
func main() {
	var keyFile, certFile string
	flag.StringVar(&keyFile, "k", "", "TLS private `key` file")
	flag.StringVar(&certFile, "c", "", "TLS `certificate` file")
	flag.Parse()

	in, err := ioutil.ReadFile(certFile)
	die.If(err)

	p, _ := pem.Decode(in)
	if p != nil {
		if p.Type != "CERTIFICATE" {
			die.With("invalid certificate (type is %s)", p.Type)
		}
		in = p.Bytes
	}
	cert, err := x509.ParseCertificate(in)
	die.If(err)

	priv, err := loadKey(keyFile)
	die.If(err)

	switch pub := priv.Public().(type) {
	case *rsa.PublicKey:
		switch certPub := cert.PublicKey.(type) {
		case *rsa.PublicKey:
			if pub.N.Cmp(certPub.N) != 0 || pub.E != certPub.E {
				fmt.Println("No match (public keys don't match).")
				os.Exit(1)
			}
			fmt.Println("Match.")
			return
		case *ecdsa.PublicKey:
			fmt.Println("No match (RSA private key, EC public key).")
			os.Exit(1)
		}
	case *ecdsa.PublicKey:
		privCurve := getECCurve(pub)
		certCurve := getECCurve(cert.PublicKey)
		log.Printf("priv: %d\tcert: %d\n", privCurve, certCurve)

		if certCurve == curveRSA {
			fmt.Println("No match (private key is EC, certificate is RSA).")
			os.Exit(1)
		} else if privCurve == curveInvalid {
			fmt.Println("No match (invalid private key curve).")
			os.Exit(1)
		} else if privCurve != certCurve {
			fmt.Println("No match (EC curves don't match).")
			os.Exit(1)
		}

		certPub := cert.PublicKey.(*ecdsa.PublicKey)
		if pub.X.Cmp(certPub.X) != 0 {
			fmt.Println("No match (public keys don't match).")
			os.Exit(1)
		}

		if pub.Y.Cmp(certPub.Y) != 0 {
			fmt.Println("No match (public keys don't match).")
			os.Exit(1)
		}

		fmt.Println("Match.")
	default:
		fmt.Printf("Unrecognised private key type: %T\n", priv.Public())
		os.Exit(1)
	}
}