Strona główna Odkrywaj Pomoc
Zaloguj się
yosoyhendrix
/
psiphon-tunnel-core
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 95bbdce6ce
Gałęzie Tagi
psiphon-tunnel-...
/
psiphon
/
package.go

package.go 2.5 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. /*
    2. 

  2.  * Copyright (c) 2015, Psiphon Inc.
    3. 

  3.  * All rights reserved.
    4. 

  4.  *
    5. 

  5.  * This program is free software: you can redistribute it and/or modify
    6. 

  6.  * it under the terms of the GNU General Public License as published by
    7. 

  7.  * the Free Software Foundation, either version 3 of the License, or
    8. 

  8.  * (at your option) any later version.
    9. 

  9.  *
    10. 

  10.  * This program is distributed in the hope that it will be useful,
    11. 

  11.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13.  * GNU General Public License for more details.
    14. 

  14.  *
    15. 

  15.  * You should have received a copy of the GNU General Public License
    16. 

  16.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17.  *
    18. 

  18.  */
    19. 

  19. 

  20. package psiphon
    21. 

  21. 

  22. import (
    23. 

  23. 	"crypto"
    24. 

  24. 	"crypto/rsa"
    25. 

  25. 	"crypto/sha256"
    26. 

  26. 	"crypto/x509"
    27. 

  27. 	"encoding/base64"
    28. 

  28. 	"encoding/json"
    29. 

  29. 	"errors"
    30. 

  30. )
    31. 

  31. 

  32. // AuthenticatedDataPackage is a JSON record containing some Psiphon data
    33. 

  33. // payload, such as list of Psiphon server entries. As it may be downloaded
    34. 

  34. // from various sources, it is digitally signed so that the data may be
    35. 

  35. // authenticated.
    36. 

  36. type AuthenticatedDataPackage struct {
    37. 

  37. 	Data                   string `json:"data"`
    38. 

  38. 	SigningPublicKeyDigest string `json:"signingPublicKeyDigest"`
    39. 

  39. 	Signature              string `json:"signature"`
    40. 

  40. }
    41. 

  41. 

  42. func ReadAuthenticatedDataPackage(
    43. 

  43. 	rawPackage []byte, signingPublicKey string) (data string, err error) {
    44. 

  44. 

  45. 	var authenticatedDataPackage *AuthenticatedDataPackage
    46. 

  46. 	err = json.Unmarshal(rawPackage, &authenticatedDataPackage)
    47. 

  47. 	if err != nil {
    48. 

  48. 		return "", ContextError(err)
    49. 

  49. 	}
    50. 

  50. 

  51. 	derEncodedPublicKey, err := base64.StdEncoding.DecodeString(signingPublicKey)
    52. 

  52. 	if err != nil {
    53. 

  53. 		return "", ContextError(err)
    54. 

  54. 	}
    55. 

  55. 	publicKey, err := x509.ParsePKIXPublicKey(derEncodedPublicKey)
    56. 

  56. 	if err != nil {
    57. 

  57. 		return "", ContextError(err)
    58. 

  58. 	}
    59. 

  59. 	rsaPublicKey, ok := publicKey.(*rsa.PublicKey)
    60. 

  60. 	if !ok {
    61. 

  61. 		return "", ContextError(errors.New("unexpected signing public key type"))
    62. 

  62. 	}
    63. 

  63. 	signature, err := base64.StdEncoding.DecodeString(authenticatedDataPackage.Signature)
    64. 

  64. 	if err != nil {
    65. 

  65. 		return "", ContextError(err)
    66. 

  66. 	}
    67. 

  67. 	// TODO: can distinguish signed-with-different-key from other errors:
    68. 

  68. 	// match digest(publicKey) against authenticatedDataPackage.SigningPublicKeyDigest
    69. 

  69. 	hash := sha256.New()
    70. 

  70. 	hash.Write([]byte(authenticatedDataPackage.Data))
    71. 

  71. 	digest := hash.Sum(nil)
    72. 

  72. 	err = rsa.VerifyPKCS1v15(rsaPublicKey, crypto.SHA256, digest, signature)
    73. 

  73. 	if err != nil {
    74. 

  74. 		return "", ContextError(err)
    75. 

  75. 	}
    76. 

  76. 

  77. 	return authenticatedDataPackage.Data, nil
    78. 

  78. }
    79.