MITM: recreating private/public keys all the time

signer.go

@@ -4,18 +4,22 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"fmt"
 	"math/big"
-	"math/rand"
-	"net"
+	mathrand "math/rand"
 	"runtime"
+	"net"
 	"sort"
+	"strings"
 	"time"
+	"github.com/patrickmn/go-cache"
+	"sync/atomic"
 )
 
 func hashSorted(lst []string) []byte {
@@ -36,8 +40,86 @@ func hashSortedBigInt(lst []string) *big.Int {
 }
 
 var goproxySignerVersion = ":goroxy1"
+var certprivRSA crypto.Signer
+var certprivECDSA crypto.Signer
+var crtCache = cache.New(20*time.Minute, 10*time.Minute)
+var serialCA uint64 = 9999
 
 func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err error) {
+	key := strings.Join(hosts[:], "/")
+	value, exist := crtCache.Get(key)
+	if exist {
+		cert = value.(*tls.Certificate)
+		return
+	}
+
+    cert, err = generateCertificate(ca, hosts)
+
+	crtCache.Add(key, cert, cache.DefaultExpiration)
+
+	return
+}
+
+func generateCertificate(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err error) {
+	var x509ca *x509.Certificate
+
+	// Use the provided ca and not the global GoproxyCa for certificate generation.
+	if x509ca, err = x509.ParseCertificate(ca.Certificate[0]); err != nil {
+		return
+	}
+	start := time.Unix(0, 0)
+	end, err := time.Parse("2006-01-02", "2049-12-31")
+	if err != nil {
+		panic(err)
+	}
+
+	template := x509.Certificate{
+		// TODO(elazar): instead of this ugly hack, just encode the certificate and hash the binary form.
+		SerialNumber: new(big.Int).SetUint64(atomic.AddUint64(&serialCA, 1)),
+		Issuer:       x509ca.Subject,
+		Subject: pkix.Name{
+			Organization: []string{"GoProxy untrusted MITM proxy Inc"},
+		},
+		NotBefore: start,
+		NotAfter:  end,
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+	for _, h := range hosts {
+		if ip := net.ParseIP(h); ip != nil {
+			template.IPAddresses = append(template.IPAddresses, ip)
+		} else {
+			template.DNSNames = append(template.DNSNames, h)
+			template.Subject.CommonName = h
+		}
+	}
+
+	var certpriv crypto.Signer
+
+	switch ca.PrivateKey.(type) {
+	case *rsa.PrivateKey:
+		certpriv = certprivRSA
+	case *ecdsa.PrivateKey:
+		certpriv = certprivECDSA
+	default:
+		err = fmt.Errorf("unsupported key type %T", ca.PrivateKey)
+	}
+
+	var derBytes []byte
+	if derBytes, err = x509.CreateCertificate(rand.Reader, &template, x509ca, certpriv.Public(), ca.PrivateKey); err != nil {
+		return
+	}
+
+	return &tls.Certificate{
+		Certificate: [][]byte{derBytes, ca.Certificate[0]},
+		PrivateKey:  certpriv,
+	}, nil
+}
+
+
+func signHostOld(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err error) {
 	var x509ca *x509.Certificate
 
 	// Use the provided ca and not the global GoproxyCa for certificate generation.
@@ -50,7 +132,7 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 		panic(err)
 	}
 
-	serial := big.NewInt(rand.Int63())
+	serial := big.NewInt(mathrand.Int63())
 	template := x509.Certificate{
 		// TODO(elazar): instead of this ugly hack, just encode the certificate and hash the binary form.
 		SerialNumber: serial,
@@ -74,7 +156,7 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 		}
 	}
 
-	hash := hashSorted(append(hosts, goproxySignerVersion, ":"+runtime.Version()))
+	hash := hashSorted(append(hosts, goproxySignerVersion, ":" + runtime.Version()))
 	var csprng CounterEncryptorRand
 	if csprng, err = NewCounterEncryptorRandFromKey(ca.PrivateKey, hash); err != nil {
 		return
@@ -105,6 +187,7 @@ func signHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 }
 
 func init() {
-	// Avoid deterministic random numbers
-	rand.Seed(time.Now().UnixNano())
+	serialCA = uint64(time.Now().Unix() * 1000000000)
+	certprivRSA, _ = rsa.GenerateKey(rand.Reader, 2048);
+	certprivECDSA, _ = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 }