// KeyCallBack implements a callback function to request keys from file-descriptor func KeyCallBack(keyMgtFd int) (*os.File, func(*message.Curve25519Key) *message.Curve25519Key) { knownKeys := make(map[message.Curve25519Key]message.Curve25519Key) fd := os.NewFile(uintptr(keyMgtFd), "fd/"+strconv.Itoa(keyMgtFd)) return fd, func(pubkey *message.Curve25519Key) *message.Curve25519Key { // KeyCallBack func(*Curve25519Key) *Curve25519Key log.Sync() if v, ok := knownKeys[*pubkey]; ok { // Return from cache if we can return &v } b := make([]byte, 120) log.Dataf("STATUS (KeyMGTRequest):\t%s\n", utils.B58encode(pubkey[:])) log.Sync() n, _ := fd.Read(b) if n == 0 { log.Datas("STATUS (KeyMGT):\tREAD FAILURE\n") return nil } log.Datas("STATUS (KeyMGT):\tREAD DONE\n") k1, k2 := utils.ParseKeyPair(strings.Trim(string(b[:n]), " \t\r\n")) if k1 != nil { pub1 := message.GenPubKey(k1) // Add to cache knownKeys[*pub1] = *k1 } if k2 != nil { pub2 := message.GenPubKey(k2) // Add to cache knownKeys[*pub2] = *k2 } if v, ok := knownKeys[*pubkey]; ok { // Return from cache if we can return &v } return nil } }
// CmdPost posts a message func CmdPost() int { var inData []byte var err error if OptionsVar.Server == "" { log.Fatal("Server must be specified: --server") return 1 } maxInData := int64(GlobalConfigVar.BodyLength-(message.Curve25519KeySize*2)) * 5 inData, err = inputData(OptionsVar.Infile, maxInData) if err != nil { log.Fatalf("No input data: %s\n", err) return 1 } log.Datas("STATUS (Process):\tPOST\n") proto := repproto.New(OptionsVar.Socksserver, OptionsVar.Server) err = proto.PostSpecific(OptionsVar.Server, inData) if err != nil { log.Fatalf("Output failed: %s\n", err) log.Datas("STATUS (Result):\tFAIL\n") } else { log.Datas("STATUS (Result):\tDONE\n") } log.Sync() return 0 }
// selectPrivKey returns the selected private key as string. // privkeyOpt is the data given on the commandline // privkeyConfig is the data from the config file, which must be a key // privkeyDefault is the default to use when the commandline option was empty // supported commandline options are // "" : (empty string) use default // "-" : read from stdin, // number : read from filedescriptor number // "tty" : query user on tty // key : return the key func selectPrivKey(privkeyOpt, privkeyConfig, privkeyDefault string) string { readFd := -1 if privkeyOpt == "" { privkeyOpt = privkeyDefault } if privkeyOpt == "config" { return privkeyConfig } if privkeyOpt == "tty" { pass, err := readPassTTY("Private key(s): ") if err != nil { return "" } return string(pass) } if privkeyOpt == "-" { readFd = 0 } fdI, err := strconv.Atoi(privkeyOpt) if err == nil { readFd = fdI } if readFd >= 0 { // Read from file descriptor log.Sync() fd := os.NewFile(uintptr(readFd), "fd/"+strconv.Itoa(readFd)) defer fd.Close() b := make([]byte, 120) log.Datas("STATUS (KeyMGT):\tENTER KEY\n") log.Sync() n, _ := fd.Read(b) log.Datas("STATUS (KeyMGT):\tREAD DONE\n") if n == 0 { return "" } return strings.Trim(string(b[:n]), " \t\r\n") } return privkeyOpt }
// CmdEncrypt encrypts data. func CmdEncrypt() int { var privkey, embedConstantPrivKey, embedTemporaryPrivKey, embedConstantPubKey, embedTemporaryPubKey *message.Curve25519Key var err error var inData, encMessage []byte var meta *message.MetaDataSend var signKeyPair *message.SignKeyPair var removeFile string if OptionsVar.Server == "" { getPeers(false) } // OptionsVar.anonymous . disable private key and signkey if OptionsVar.Anonymous { OptionsVar.Signkey = "" OptionsVar.Privkey = "" GlobalConfigVar.PrivateKey = "" } mindelay := uint32(OptionsVar.Mindelay) maxdelay := uint32(OptionsVar.Maxdelay) // Read input data maxInData := int64(GlobalConfigVar.BodyLength - (message.Curve25519KeySize * 2) - innerHeader) //maxInData := int64(MsgSizeLimit) if OptionsVar.Repost { maxInData -= utils.RepostHeaderSize - message.KeyHeaderSize - message.SignHeaderSize } log.Debugf("Size limit: %d\n", maxInData) inData, err = inputData(OptionsVar.Infile, maxInData) if err != nil { log.Fatalf("No input data: %s\n", err) return 1 } // Verify list contents if OptionsVar.MessageType == message.MsgTypeList { err := utils.VerifyListContent(inData) if err != nil { log.Errorf("Could not verify list input: %s\n", err) return 1 } } // Select private key to use privkeystr := selectPrivKey(OptionsVar.Privkey, GlobalConfigVar.PrivateKey, "") // Parse privkey if privkeystr != "" { privkey = new(message.Curve25519Key) copy(privkey[:], utils.B58decode(privkeystr)) } // Generate embedded keypairs if OptionsVar.Embedkey { if OptionsVar.Notrace || privkey == nil { embedConstantPrivKey, err = message.GenLongTermKey(OptionsVar.Hidden, OptionsVar.Sync) if err != nil { log.Errorf("Key generation error:%s\n", err) return 1 } } else { embedConstantPrivKey = privkey } embedConstantPubKey = message.GenPubKey(embedConstantPrivKey) embedTemporaryPrivKey, err = message.GenRandomKey() if err != nil { log.Errorf("Key generation error:%s\n", err) return 1 } embedTemporaryPubKey = message.GenPubKey(embedTemporaryPrivKey) } embedded := utils.EncodeEmbedded(embedConstantPubKey, embedTemporaryPubKey) recipientConstantPubKey, recipientTemporaryPubKey := utils.ParseKeyPair(OptionsVar.Recipientkey) // Find a signature keypair if we can signKeyDir := "" if GlobalConfigVar.KeyDir != "" { signKeyDir = GlobalConfigVar.KeyDir } if OptionsVar.Signdir != "" { signKeyDir = OptionsVar.Signdir } if OptionsVar.Signkey != "" { var d []byte d, err = utils.MaxReadFile(2048, OptionsVar.Signkey) if err == nil { signKeyPair = new(message.SignKeyPair) kp, err := signKeyPair.Unmarshal(d) if err != nil { log.Errorf("Sign keypair decode error: %s\n", err) signKeyPair = nil } else { signKeyPair = kp } } else { log.Errorf("Sign keypair read error: %s\n", err) } } if signKeyPair == nil && signKeyDir != "" { var d []byte d, removeFile, err = utils.ReadRandomFile(signKeyDir, 2048) if err == nil { signKeyPair = new(message.SignKeyPair) kp, err := signKeyPair.Unmarshal(d) if err != nil { log.Errorf("Sign keypair decode error: %s\n", err) signKeyPair = nil removeFile = "" } else { signKeyPair = kp } } else { log.Errorf("Sign keypair read error: %s\n", err) } } // Set up sender parameters sender := message.Sender{ Signer: signKeyPair, SenderPrivateKey: privkey, ReceiveConstantPublicKey: recipientConstantPubKey, ReceiveTemporaryPublicKey: recipientTemporaryPubKey, TotalLength: GlobalConfigVar.BodyLength, PadToLength: GlobalConfigVar.PadToLength, HashCashBits: GlobalConfigVar.MinHashCash, } // We want encryption output in realtime log.Sync() inData = append(embedded, inData...) if OptionsVar.Repost { // Generate a repost-message encMessage, meta, err = sender.EncryptRepost(byte(OptionsVar.MessageType), inData) if err == nil { rph := utils.EncodeRepostHeader(meta.PadKey, mindelay, maxdelay) encMessage = append(rph[:], encMessage...) log.Datas("STATUS (Process):\tPREPOST\n") log.Dataf("STATUS (RepostSettings):\t%d %d\n", mindelay, maxdelay) } } else { // Generate a normal message encMessage, meta, err = sender.Encrypt(byte(OptionsVar.MessageType), inData) if err == nil { log.Datas("STATUS (Process):\tPOST\n") } } if err != nil { log.Fatalf("Encryption failed: %s\n", err) return 1 } log.Sync() // Output. repost is only written to stdout or file if OptionsVar.Outfile == "-" || (OptionsVar.Repost && OptionsVar.Outfile == "") { err = utils.WriteStdout(encMessage) // Display data as necessary if err == nil { log.Dataf("STATUS (RecPubKey):\t%s\n", utils.B58encode(meta.ReceiverConstantPubKey[:])) if OptionsVar.Embedkey { log.Dataf("STATUS (EmbedPublicKey):\t%s_%s\n", utils.B58encode(embedConstantPubKey[:]), utils.B58encode(embedTemporaryPubKey[:])) log.Dataf("STATUS (EmbedPrivateKey):\t%s_%s\n", utils.B58encode(embedConstantPrivKey[:]), utils.B58encode(embedTemporaryPrivKey[:])) } if meta.MessageKey != nil { log.Dataf("STATUS (ListInput):\tNULL %s %s\n", utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) log.Dataf("STATUS (Message):\t%s_%s\n", utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) } else { log.Dataf("STATUS (ListInput):\tNULL %s NULL\n", utils.B58encode(meta.MessageID[:])) log.Dataf("STATUS (MessageID):\t%s\n", utils.B58encode(meta.MessageID[:])) } } } else if OptionsVar.Outfile != "" || OptionsVar.Repost { err = utils.WriteNewFile(OptionsVar.Outfile, encMessage) // Display data as necessary log.Dataf("STATUS (RecPubKey):\t%s\n", utils.B58encode(meta.ReceiverConstantPubKey[:])) if err == nil { if OptionsVar.Embedkey { log.Dataf("STATUS (EmbedPublicKey):\t%s_%s\n", utils.B58encode(embedConstantPubKey[:]), utils.B58encode(embedTemporaryPubKey[:])) log.Dataf("STATUS (EmbedPrivateKey):\t%s_%s\n", utils.B58encode(embedConstantPrivKey[:]), utils.B58encode(embedTemporaryPrivKey[:])) } if meta.MessageKey != nil { log.Dataf("STATUS (ListInput):\tNULL %s %s\n", utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) log.Dataf("STATUS (Message):\t%s_%s\n", utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) log.Printf("Pastebin Address:\t%s_%s\n", utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) } else { log.Dataf("STATUS (ListInput):\tNULL %s NULL\n", utils.B58encode(meta.MessageID[:])) log.Dataf("STATUS (MessageID):\t%s\n", utils.B58encode(meta.MessageID[:])) log.Printf("Pastebin Address:\t%s\n", utils.B58encode(meta.MessageID[:])) } } } else { // Post to server server := OptionsVar.Server proto := repproto.New(OptionsVar.Socksserver, OptionsVar.Server, GlobalConfigVar.PasteServers...) if server == "" { server, err = proto.Post(meta.MessageID[:], encMessage) } else { err = proto.PostSpecific(server, encMessage) } sep := "/" if server != "" && server[len(server)-1] == '/' { sep = "" } if err == nil { if meta.MessageKey != nil { log.Dataf("STATUS (URL):\t%s/%s_%s\n", server, utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) } if OptionsVar.Embedkey { log.Dataf("STATUS (EmbedPublicKey):\t%s_%s\n", utils.B58encode(embedConstantPubKey[:]), utils.B58encode(embedTemporaryPubKey[:])) log.Dataf("STATUS (EmbedPrivateKey):\t%s_%s\n", utils.B58encode(embedConstantPrivKey[:]), utils.B58encode(embedTemporaryPrivKey[:])) } if meta.MessageKey != nil { log.Dataf("STATUS (ListInput):\t%s %s %s\n", server, utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) log.Dataf("STATUS (Message):\t%s_%s\n", utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) log.Printf("Pastebin Address:\t%s%s%s_%s\n", server, sep, utils.B58encode(meta.MessageID[:]), utils.B58encode(meta.MessageKey[:])) } else { log.Dataf("STATUS (ListInput):\t%s %s NULL\n", server, utils.B58encode(meta.MessageID[:])) log.Dataf("STATUS (MessageID):\t%s\n", utils.B58encode(meta.MessageID[:])) log.Printf("Pastebin Address:\t%s%s%s\n", server, sep, utils.B58encode(meta.MessageID[:])) } } } if err != nil { log.Fatalf("Output failed: %s\n", err) log.Sync() return 1 } if removeFile != "" { // Operation has been successful, remove signer keyfile (if any) os.Remove(removeFile) } return 0 }
// CmdDecrypt implements decryption functions func CmdDecrypt() int { var inData, decMessage []byte var err error var meta *message.MetaDataRecieve var privkeystr string var nullKey message.Curve25519Key if OptionsVar.Server == "" { getPeers(false) } if OptionsVar.Stmdir != "" && !isDir(OptionsVar.Stmdir) { log.Fatalf("stmdir does not exist or is no directory: %s\n", OptionsVar.Stmdir) return 1 } // Read input data maxInData := int64(GlobalConfigVar.BodyLength+message.KeyHeaderSize+message.SignHeaderSize) * 4 // Read data from stdin or file if len(flag.Args()) == 0 { inData, err = inputData(OptionsVar.Infile, maxInData) if err != nil { log.Fatalf("No input data: %s\n", err) return 1 } } else { // read data from server (Get). CMDLine is [server/]messageid[_privatekey] var messageidcl []byte var server string server, messageidcl, privkeystr = cmdlineURLparse(flag.Args()...) if server == "" { server = OptionsVar.Server } proto := repproto.New(OptionsVar.Socksserver, OptionsVar.Server, GlobalConfigVar.PasteServers...) if server == "" { server, inData, err = proto.Get(messageidcl) } else { inData, err = proto.GetSpecific(server, messageidcl) } if err != nil { log.Fatalf("Fetch error: %s\n", err) return 1 } log.Dataf("STATUS (FetchServer):\t%s\n", server) } if len(inData) < (message.KeyHeaderSize+message.SignHeaderSize)*4 { log.Fatals("No input data.\n") return 1 } // Set up receiver parameters receiver := message.Receiver{ HashCashBits: GlobalConfigVar.MinHashCash, } if OptionsVar.Senderkey != "" { receiver.SenderPublicKey, _ = utils.ParseKeyPair(OptionsVar.Senderkey) } // Select private key to use if OptionsVar.Keymgt < 0 { if privkeystr == "" { // might have been set from commandline privkeystr = selectPrivKey(OptionsVar.Privkey, GlobalConfigVar.PrivateKey, "tty") } // Parse privkey if privkeystr != "" { receiver.ReceiveConstantPrivateKey, receiver.ReceiveTemporaryPrivateKey = utils.ParseKeyPair(privkeystr) } } else { // Register callback, OptionsVar.keymgt == fd keyMgtFile, callback := KeyCallBack(OptionsVar.Keymgt) defer keyMgtFile.Close() receiver.KeyCallBack = callback } log.Datas("STATUS (Process):\tREAD\n") // Decrypt decMessage, meta, err = receiver.Decrypt(inData) if err != nil { log.Fatalf("%s\n", err) return 1 } log.Dataf("STATUS (MessageID):\t%s\n", utils.B58encode(meta.MessageID[:])) log.Dataf("STATUS (RecPubKey):\t%s\n", utils.B58encode(meta.ReceiveConstantPublicKey[:])) log.Dataf("STATUS (SenderPubKey):\t%s\n", utils.B58encode(meta.SenderConstantPublicKey[:])) // Get replyKeys embedConstant, embedTemporary := utils.DecodeEmbedded(decMessage[:message.Curve25519KeySize*2]) if *embedConstant != nullKey { log.Dataf("STATUS (EmbedPublicKey):\t%s_%s\n", utils.B58encode(embedConstant[:]), utils.B58encode(embedTemporary[:])) } // If messageType list: print list to DATA if meta.MessageType == message.MsgTypeList { log.Datas("STATUS (Process):\tLIST\n") err := utils.VerifyListContent(decMessage[message.Curve25519KeySize*2:]) if err != nil { log.Fatalf("%s\n", err) return 1 } lines := bytes.Split(decMessage[message.Curve25519KeySize*2:], []byte("\n")) for _, l := range lines { log.Dataf("STATUS (ListItem):\t%s\n", string(l)) } return 0 } decMessage = decMessage[message.Curve25519KeySize*2:] // meta.MessageType if meta.MessageType == message.MsgTypeRepost { log.Datas("STATUS (Process):\tREPOST\n") // If messageType repost: get padkey,mindelay,maxdelay. Repad padkey, minDelay, maxDelay := utils.DecodeRepostHeader(decMessage[:utils.RepostHeaderSize]) timePoint := utils.STM(int(minDelay), int(maxDelay)) log.Dataf("STATUS (STM):\t%d %d %d\n", minDelay, maxDelay, timePoint) repostMsgt := message.RePad(decMessage[utils.RepostHeaderSize:], padkey, GlobalConfigVar.BodyLength) signHeader := new([message.SignHeaderSize]byte) copy(signHeader[:], repostMsgt[:message.SignHeaderSize]) details, err := message.VerifySignature(*signHeader, GlobalConfigVar.MinHashCash) if err != nil { log.Fatalf("%s\n", err) return 1 } msgIDMsg := message.CalcMessageID(repostMsgt) if *msgIDMsg != details.MsgID { log.Fatals("MessageID conflict\n") return 1 } log.Dataf("STATUS (MessageIDSig):\t%s\n", utils.B58encode(details.MsgID[:])) log.Dataf("STATUS (PubKeySig):\t%s\n", utils.B58encode(details.PublicKey[:])) log.Dataf("STATUS (NonceSig):\t%x\n", details.HashCashNonce[:]) log.Dataf("STATUS (BitsSig):\t%d\n", details.HashCashBits) decMessage = message.EncodeBase64(repostMsgt) if OptionsVar.Stmdir != "" { // Exist/Dir test done early filename := fmt.Sprintf("%s%s%d.%s", OptionsVar.Stmdir, string(os.PathSeparator), timePoint, utils.B58encode(msgIDMsg[:])) log.Dataf("STATUS (STMFile):\t%s\n", filename) err := utils.WriteNewFile(filename, decMessage) if err != nil { log.Fatalf("%s\n", err) return 1 } return 0 } } err = outputData(OptionsVar.Outfile, decMessage) if err != nil { log.Fatalf("Output failed: %s\n", err) return 1 } return 0 }