Пример #1
0
func sender(host string) {
	conn, err := net.Dial("tcp", host)
	die.If(err)
	defer conn.Close()

	sch, ok := schannel.Dial(conn, idPriv, idPub)
	if !ok {
		die.With("failed to set up secure channel")
	}
	fmt.Println("secure channel established")

	if !sch.Rekey() {
		die.With("rekey failed")
	}

	for {
		var p = make([]byte, 8192)
		n, err := os.Stdin.Read(p)
		if err == io.EOF {
			break
		}
		die.If(err)

		if !sch.Send(p[:n]) {
			die.With("failed to send message (sdata=%d, sctr=%d)",
				sch.SData, sch.SCtr)
		}
	}

	sctr := sch.SCtr()
	sdata := sch.SData
	if !sch.Close() {
		die.With("failed to shutdown channel properly")
	}
	fmt.Println("Secure channel tore down")
	fmt.Printf("\t%d messages totalling %d bytes sent\n",
		sctr, sdata)

	return
}
Пример #2
0
func main() {
	flag.Parse()

	for _, fileName := range flag.Args() {
		in, err := ioutil.ReadFile(fileName)
		die.If(err)

		if p, _ := pem.Decode(in); p != nil {
			if p.Type != "CERTIFICATE REQUEST" {
				log.Fatal("INVALID FILE TYPE")
			}
			in = p.Bytes
		}

		csr, err := x509.ParseCertificateRequest(in)
		die.If(err)

		out, err := x509.MarshalPKIXPublicKey(csr.PublicKey)
		die.If(err)

		var t string
		switch pub := csr.PublicKey.(type) {
		case *rsa.PublicKey:
			t = "RSA PUBLIC KEY"
		case *ecdsa.PublicKey:
			t = "EC PUBLIC KEY"
		default:
			die.With("unrecognised public key type %T", pub)
		}

		p := &pem.Block{
			Type:  t,
			Bytes: out,
		}

		err = ioutil.WriteFile(fileName+".pub", pem.EncodeToMemory(p), 0644)
		die.If(err)
		fmt.Printf("[+] wrote %s.\n", fileName+".pub")
	}
}
Пример #3
0
func main() {
	var keyFile, certFile string
	flag.StringVar(&keyFile, "k", "", "TLS private `key` file")
	flag.StringVar(&certFile, "c", "", "TLS `certificate` file")
	flag.Parse()

	in, err := ioutil.ReadFile(certFile)
	die.If(err)

	p, _ := pem.Decode(in)
	if p != nil {
		if p.Type != "CERTIFICATE" {
			die.With("invalid certificate (type is %s)", p.Type)
		}
		in = p.Bytes
	}
	cert, err := x509.ParseCertificate(in)
	die.If(err)

	priv, err := loadKey(keyFile)
	die.If(err)

	switch pub := priv.Public().(type) {
	case *rsa.PublicKey:
		switch certPub := cert.PublicKey.(type) {
		case *rsa.PublicKey:
			if pub.N.Cmp(certPub.N) != 0 || pub.E != certPub.E {
				fmt.Println("No match (public keys don't match).")
				os.Exit(1)
			}
			fmt.Println("Match.")
			return
		case *ecdsa.PublicKey:
			fmt.Println("No match (RSA private key, EC public key).")
			os.Exit(1)
		}
	case *ecdsa.PublicKey:
		privCurve := getECCurve(pub)
		certCurve := getECCurve(cert.PublicKey)
		log.Printf("priv: %d\tcert: %d\n", privCurve, certCurve)

		if certCurve == curveRSA {
			fmt.Println("No match (private key is EC, certificate is RSA).")
			os.Exit(1)
		} else if privCurve == curveInvalid {
			fmt.Println("No match (invalid private key curve).")
			os.Exit(1)
		} else if privCurve != certCurve {
			fmt.Println("No match (EC curves don't match).")
			os.Exit(1)
		}

		certPub := cert.PublicKey.(*ecdsa.PublicKey)
		if pub.X.Cmp(certPub.X) != 0 {
			fmt.Println("No match (public keys don't match).")
			os.Exit(1)
		}

		if pub.Y.Cmp(certPub.Y) != 0 {
			fmt.Println("No match (public keys don't match).")
			os.Exit(1)
		}

		fmt.Println("Match.")
	default:
		fmt.Printf("Unrecognised private key type: %T\n", priv.Public())
		os.Exit(1)
	}
}