tImplement client-side secret decryption - tordam - A library for peer discovery inside the Tor network (HTM) git clone https://git.parazyd.org/tordam (DIR) Log (DIR) Files (DIR) Refs (DIR) README (DIR) LICENSE --- (DIR) commit 9ccd7d978c8cd941c256558a0604e173bcefadf8 (DIR) parent 7c47b35dce0cd702516e30b03032ca06f5630978 (HTM) Author: parazyd <parazyd@dyne.org> Date: Thu, 7 Dec 2017 22:32:38 +0100 Implement client-side secret decryption Diffstat: M go/dam/dam.go | 11 +++++++++++ M go/ddir/ddir.go | 6 +++++- M go/lib/crypto.go | 13 +++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) --- (DIR) diff --git a/go/dam/dam.go b/go/dam/dam.go t@@ -69,4 +69,15 @@ func main() { log.Println("Unsuccessful reply from directory.") log.Fatalln("Server replied:", m.Secret) } + + if resp.StatusCode == 200 { + log.Println("Successful reply from directory.") + decodedSecret, err := base64.StdEncoding.DecodeString(m.Secret) + lib.CheckError(err) + + decrypted, err := lib.DecryptMsg([]byte(decodedSecret), key) + lib.CheckError(err) + + log.Println(string(decrypted)) + } } (DIR) diff --git a/go/ddir/ddir.go b/go/ddir/ddir.go t@@ -63,11 +63,15 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { randString, err := lib.GenRandomASCII(64) lib.CheckError(err) + // FIXME: delete this line after debug mode + log.Println("Secret:", randString) + secret, err := lib.EncryptMsg([]byte(randString), pubkey) lib.CheckError(err) + encodedSecret := base64.StdEncoding.EncodeToString(secret) ret := map[string]string{ - "secret": string(secret), + "secret": encodedSecret, } jsonVal, err := json.Marshal(ret) lib.CheckError(err) (DIR) diff --git a/go/lib/crypto.go b/go/lib/crypto.go t@@ -93,6 +93,7 @@ func SignMsg(message []byte, privkey *rsa.PrivateKey) []byte { } // EncryptMsg encrypts a given []byte message using a given RSA public key. +// Returns the encrypted message in []byte form. func EncryptMsg(message []byte, pubkey *rsa.PublicKey) ([]byte, error) { log.Println("Encrypting message...") rng := rand.Reader t@@ -103,6 +104,18 @@ func EncryptMsg(message []byte, pubkey *rsa.PublicKey) ([]byte, error) { return msg, nil } +// DecryptMsg decrypts a given []byte message using a given RSA private key. +// Returns the decrypted message in []byte form. +func DecryptMsg(message []byte, privkey *rsa.PrivateKey) ([]byte, error) { + log.Println("Decrypting message...") + rng := rand.Reader + + msg, err := rsa.DecryptPKCS1v15(rng, privkey, message) + CheckError(err) + + return msg, nil +} + // VerifyMsg verifies a []byte message and []byte signature against a given // RSA pubkey. func VerifyMsg(message []byte, signature []byte, pubkey *rsa.PublicKey) (bool, error) {