very rough su3 creation and signing

2014-12-10 01:10:37 -06:00
parent 2d445337c8
commit a2891a2bc6
11 changed files with 511 additions and 19 deletions
--- a/cmd/keygen.go
+++ b/cmd/keygen.go
@@ -0,0 +1,88 @@
+package cmd
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"math/big"
+	"os"
+	"time"
+
+	"github.com/codegangsta/cli"
+)
+
+func NewKeygenCommand() cli.Command {
+	return cli.Command{
+		Name:        "keygen",
+		Usage:       "Generate keys for reseed Su3 signing",
+		Description: "Generate keys for reseed Su3 signing",
+		Action:      keygenAction,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "signer",
+				Usage: "Your email address (ex. something@mail.i2p)",
+			},
+		},
+	}
+}
+
+func keygenAction(c *cli.Context) {
+	//"CN=" + cname + ",OU=" + ou + ",O=I2P Anonymous Network,L=XX,ST=XX,C=XX",
+	template := &x509.Certificate{
+		BasicConstraintsValid: true,
+		IsCA:         true,
+		SubjectKeyId: []byte{1, 2, 3},
+		SerialNumber: big.NewInt(1234),
+		Subject: pkix.Name{
+			Organization:       []string{"I2P Anonymous Network"},
+			OrganizationalUnit: []string{"I2P"},
+			Locality:           []string{"XX"},
+			StreetAddress:      []string{"XX"},
+			Country:            []string{"XX"},
+		},
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().AddDate(10, 0, 0),
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+	}
+
+	// generate private key
+	privatekey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	publickey := &privatekey.PublicKey
+
+	// create a self-signed certificate. template = parent
+	var parent = template
+	cert, err := x509.CreateCertificate(rand.Reader, template, parent, publickey, privatekey)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	// save private key
+	pemfile, err := os.Create("reseed_private.pem")
+	if err != nil {
+		log.Fatalf("failed to open reseed_cert.pem for writing: %s", err)
+	}
+	var pemkey = &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(privatekey)}
+	pem.Encode(pemfile, pemkey)
+	pemfile.Close()
+	fmt.Println("private key saved to reseed_private.pem")
+
+	// save cert
+	certOut, err := os.Create("reseed_cert.pem")
+	if err != nil {
+		log.Fatalf("failed to open reseed_cert.pem for writing: %s", err)
+	}
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
+	certOut.Close()
+	fmt.Println("certificate saved to reseed_cert.pem")
+}
--- a/cmd/reseeder.go
+++ b/cmd/reseeder.go
@@ -1,18 +1,20 @@
 package cmd

 import (
+	"fmt"
 	"log"
+	"net/http"

-	// "github.com/MDrollette/go-i2p/reseed"
+	"github.com/MDrollette/go-i2p/reseed"
 	"github.com/codegangsta/cli"
 )

-func NewReseederCommand() cli.Command {
+func NewReseedCommand() cli.Command {
 	return cli.Command{
-		Name:        "reseeder",
+		Name:        "reseed",
 		Usage:       "Start a reseed server",
 		Description: "Start a reseed server",
-		Action:      reseederAction,
+		Action:      reseedAction,
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "addr",
@@ -23,6 +25,24 @@ func NewReseederCommand() cli.Command {
 	}
 }

-func reseederAction(c *cli.Context) {
+func reseedAction(c *cli.Context) {
 	log.Println("Starting server on", c.String("addr"))
+
+	netdb := reseed.NewLocalNetDb(c.Args().Get(0))
+	reseeder := reseed.NewReseeder(netdb)
+
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		peer := reseeder.Peer(r)
+		seeds, err := reseeder.Seed(peer)
+		if nil != err {
+			fmt.Fprintf(w, "Problem: '%s'", err)
+			return
+		}
+
+		for _, s := range seeds {
+			fmt.Fprintf(w, "%s\n", s.Name)
+		}
+	})
+
+	http.ListenAndServe("127.0.0.1:9090", nil)
 }
--- a/cmd/su3.go
+++ b/cmd/su3.go
@@ -0,0 +1,60 @@
+package cmd
+
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"io/ioutil"
+	"log"
+	"net/http"
+
+	"github.com/MDrollette/go-i2p/reseed"
+	"github.com/MDrollette/go-i2p/su3"
+	"github.com/codegangsta/cli"
+)
+
+func NewSu3Command() cli.Command {
+	return cli.Command{
+		Name:        "su3",
+		Usage:       "Do SU3 things",
+		Description: "Do SU3 things",
+		Action:      su3Action,
+		Flags:       []cli.Flag{},
+	}
+}
+
+func su3Action(c *cli.Context) {
+	netdb := reseed.NewLocalNetDb(c.Args().Get(0))
+	reseeder := reseed.NewReseeder(netdb)
+
+	// make a fake request to get a peer
+	r, _ := http.NewRequest("GET", "/i2pseeds.su3", nil)
+
+	peer := reseeder.Peer(r)
+	seeds, err := reseeder.Seed(peer)
+	if nil != err {
+		log.Fatalln(err)
+		return
+	}
+
+	// load our signing privKey
+	privPem, err := ioutil.ReadFile("reseed_private.pem")
+	if nil != err {
+		log.Fatalln(err)
+		return
+	}
+	privDer, _ := pem.Decode(privPem)
+	privKey, err := x509.ParsePKCS1PrivateKey(privDer.Bytes)
+	if nil != err {
+		log.Fatalln(err)
+		return
+	}
+
+	// create an SU3 from the seed
+	su3File, err := reseeder.CreateSu3(seeds)
+	su3File.SetSignerId("matt@drollette.com")
+	// sign the su3 with our key
+	su3File.Sign(privKey, su3.SIGTYPE_RSA_SHA512)
+
+	//write the file to disk
+	ioutil.WriteFile("i2pseeds.su3", su3File.Bytes(), 0777)
+}
--- a/cmd/verify.go
+++ b/cmd/verify.go
@@ -30,11 +30,11 @@ func su3VerifyAction(c *cli.Context) {
 		panic(err)
 	}

+	fmt.Println(su3File.String())
+
 	if err := su3File.VerifySignature(); nil != err {
 		panic(err)
 	}

-	fmt.Println(su3File.String())
-
 	fmt.Println("Verified signature.")
 }