added domain_hint enforcementv0.3.0

author: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2021-10-02 20:23:51 +0200
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2021-10-02 20:23:51 +0200
commit: cc75064317725f5b4d58b8b364dbf0c9c431ec3e (patch)
tree: 7ee92c65d4340ecf910d0c966087f1b5a0ec404a
parent: 01d7bd4785be2c82cc4765ba6e27cbcf61188862 (diff)
8 files changed, 227 insertions, 27 deletions
diff --git a/cmd/sigsum_log_go/main.go b/cmd/sigsum_log_go/main.go
index 5af8563..b22dd40 100644
--- a/cmd/sigsum_log_go/main.go
+++ b/cmd/sigsum_log_go/main.go
@@ -25,6 +25,7 @@ import (
 	"git.sigsum.org/sigsum-log-go/pkg/state"
 	trillianWrapper "git.sigsum.org/sigsum-log-go/pkg/trillian"
 	"git.sigsum.org/sigsum-log-go/pkg/types"
+	"git.sigsum.org/sigsum-log-go/pkg/dns"
 )
 
 var (
@@ -134,6 +135,9 @@ func setupInstanceFromFlags() (*sigsum.Instance, error) {
 		return nil, fmt.Errorf("NewStateManager: %v", err)
 	}
 
+	// Setup DNS verifier
+	i.DNS = dns.NewDefaultResolver()
+
 	// Register HTTP endpoints
 	mux := http.NewServeMux()
 	http.Handle("/", mux)
diff --git a/cmd/tmp/dns/main.go b/cmd/tmp/dns/main.go
new file mode 100644
index 0000000..b493f15
--- /dev/null
+++ b/cmd/tmp/dns/main.go
@@ -0,0 +1,42 @@
+package main
+
+import (
+	"context"
+	"encoding/hex"
+	"flag"
+	"fmt"
+	"log"
+
+	"git.sigsum.org/sigsum-log-go/pkg/dns"
+	"git.sigsum.org/sigsum-log-go/pkg/types"
+)
+
+var (
+	vk          = flag.String("vk", "5aed7ffc3bc088221f6579567b2e6e3c4ac3579bd5e77670755179052c68d5d3", "verification key (hex)")
+	domain_hint = flag.String("domain_hint", "example.com", "domain name that is aware of public key hash in hex")
+)
+
+func main() {
+	flag.Parse()
+
+	var key [types.VerificationKeySize]byte
+	mustDecodeHex(*vk, key[:])
+
+	vf := dns.NewDefaultResolver()
+	if err := vf.Verify(context.Background(), *domain_hint, &key); err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println("Success!")
+}
+
+func mustDecodeHex(s string, buf []byte) {
+	b, err := hex.DecodeString(s)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if len(b) != len(buf) {
+		log.Fatal("bad flag: invalid buffer length")
+	}
+	copy(buf, b)
+}
diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go
index d6620f6..2b8050c 100644
--- a/cmd/tmp/submit/main.go
+++ b/cmd/tmp/submit/main.go
@@ -5,25 +5,66 @@ package main
 import (
 	"crypto/ed25519"
 	"crypto/rand"
+	"encoding/hex"
+	"flag"
 	"fmt"
+	"log"
 
 	"git.sigsum.org/sigsum-log-go/pkg/types"
 )
 
+var (
+	shardHint  = flag.Uint64("shard_hint", 0, "shard hint (decimal)")
+	checksum   = flag.String("checksum", "", "checksum (hex)")
+	sk         = flag.String("sk", "", "secret key (hex)")
+	domainHint = flag.String("domain_hint", "example.com", "domain hint (string)")
+	base_url   = flag.String("base_url", "localhost:6965", "base url (string)")
+)
+
 func main() {
-	checksum := [32]byte{}
+	flag.Parse()
+
+	var privBuf [64]byte
+	var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:])
+	mustDecodeHex(*sk, priv[:])
+
+	var c [types.HashSize]byte
+	if *checksum != "" {
+		mustDecodeHex(*checksum, c[:])
+	} else {
+		mustPutRandom(c[:])
+	}
+
 	msg := types.Message{
-		ShardHint: 0,
-		Checksum:  &checksum,
+		ShardHint: *shardHint,
+		Checksum:  &c,
 	}
+	sig := ed25519.Sign(priv, msg.Marshal())
 
-	vk, sk, err := ed25519.GenerateKey(rand.Reader)
+	fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n",
+		msg.ShardHint,
+		msg.Checksum[:],
+		sig,
+		priv.Public().(ed25519.PublicKey)[:],
+		*domainHint,
+		*base_url,
+	)
+}
+
+func mustDecodeHex(s string, buf []byte) {
+	b, err := hex.DecodeString(s)
 	if err != nil {
-		fmt.Printf("ed25519.GenerateKey: %v\n", err)
-		return
+		log.Fatal(err)
+	}
+	if len(b) != len(buf) {
+		log.Fatal("bad flag: invalid buffer length")
 	}
-	sig := ed25519.Sign(sk, msg.Marshal())
-	//fmt.Printf("sk: %x\nvk: %x\n", sk[:], vk[:])
+	copy(buf, b)
+}
 
-	fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- localhost:6965/sigsum/v0/add-leaf\n", msg.ShardHint, msg.Checksum[:], sig, vk[:], "example.com")
+func mustPutRandom(buf []byte) {
+	_, err := rand.Read(buf)
+	if err != nil {
+		log.Fatal(err)
+	}
 }
diff --git a/pkg/dns/dns.go b/pkg/dns/dns.go
new file mode 100644
index 0000000..7979119
--- /dev/null
+++ b/pkg/dns/dns.go
@@ -0,0 +1,40 @@
+package dns
+
+import (
+	"context"
+	"fmt"
+	"net"
+
+	"encoding/hex"
+
+	"git.sigsum.org/sigsum-log-go/pkg/types"
+)
+
+// Verifier can verify that a domain name is aware of a public key
+type Verifier interface {
+	Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error
+}
+
+// DefaultResolver implements the Verifier interface with Go's default resolver
+type DefaultResolver struct {
+	resolver net.Resolver
+}
+
+func NewDefaultResolver() Verifier {
+	return &DefaultResolver{}
+}
+
+func (dr *DefaultResolver) Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error {
+	rsp, err := dr.resolver.LookupTXT(ctx, name)
+	if err != nil {
+		return fmt.Errorf("domain name look-up failed: %v", err)
+	}
+
+	want := hex.EncodeToString(types.Hash(key[:])[:])
+	for _, got := range rsp {
+		if got == want {
+			return nil
+		}
+	}
+	return fmt.Errorf("%q is not aware of key hash %q", name, want)
+}
diff --git a/pkg/instance/endpoint.go b/pkg/instance/endpoint.go
index 2387263..a6d424d 100644
--- a/pkg/instance/endpoint.go
+++ b/pkg/instance/endpoint.go
@@ -9,7 +9,7 @@ import (
 
 func addLeaf(ctx context.Context, i *Instance, w http.ResponseWriter, r *http.Request) (int, error) {
 	glog.V(3).Info("handling add-entry request")
-	req, err := i.leafRequestFromHTTP(r)
+	req, err := i.leafRequestFromHTTP(ctx, r)
 	if err != nil {
 		return http.StatusBadRequest, err
 	}
diff --git a/pkg/instance/endpoint_test.go b/pkg/instance/endpoint_test.go
index 3ca72b2..29d5a8e 100644
--- a/pkg/instance/endpoint_test.go
+++ b/pkg/instance/endpoint_test.go
@@ -10,9 +10,9 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/golang/mock/gomock"
 	"git.sigsum.org/sigsum-log-go/pkg/mocks"
 	"git.sigsum.org/sigsum-log-go/pkg/types"
+	"github.com/golang/mock/gomock"
 )
 
 var (
@@ -72,11 +72,13 @@ func TestAddLeaf(t *testing.T) {
 		))
 	}
 	for _, table := range []struct {
-		description string
-		ascii       io.Reader // buffer used to populate HTTP request
-		expect      bool      // set if a mock answer is expected
-		err         error     // error from Trillian client
-		wantCode    int       // HTTP status ok
+		description    string
+		ascii          io.Reader // buffer used to populate HTTP request
+		expectTrillian bool      // expect Trillian client code path
+		errTrillian    error     // error from Trillian client
+		expectDNS      bool      // expect DNS verifier code path
+		errDNS         error     // error from DNS verifier
+		wantCode       int       // HTTP status ok
 	}{
 		// XXX introduce helper so that test params are not hardcoded
 		{
@@ -103,7 +105,7 @@ func TestAddLeaf(t *testing.T) {
 			wantCode: http.StatusBadRequest,
 		},
 		{
-			description: "invalid: bad request (shard hint is before shard start)",
+			description: "invalid: bad request (shard hint is after shard end)",
 			ascii: buf(21,
 				"0000000000000000000000000000000000000000000000000000000000000000",
 				"79c14f0ad9ab24ab98fe9d5ff59c3b91348789758aa092c6bfab2ac8890b41fb1d44d985e723184f9de42edb82b5ada14f494a96e361914d5366dd92379a1d04",
@@ -112,15 +114,27 @@ func TestAddLeaf(t *testing.T) {
 			wantCode: http.StatusBadRequest,
 		},
 		{
+			description: "invalid: failed verifying domain hint",
+			ascii: buf(10,
+				"0000000000000000000000000000000000000000000000000000000000000000",
+				"7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c",
+				"f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb",
+			),
+			expectDNS: true,
+			errDNS:    fmt.Errorf("something went wrong"),
+			wantCode:  http.StatusBadRequest,
+		},
+		{
 			description: "invalid: backend failure",
 			ascii: buf(10,
 				"0000000000000000000000000000000000000000000000000000000000000000",
 				"7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c",
 				"f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb",
 			),
-			expect:   true,
-			err:      fmt.Errorf("something went wrong"),
-			wantCode: http.StatusInternalServerError,
+			expectDNS:      true,
+			expectTrillian: true,
+			errTrillian:    fmt.Errorf("something went wrong"),
+			wantCode:       http.StatusInternalServerError,
 		},
 		{
 			description: "valid",
@@ -129,21 +143,27 @@ func TestAddLeaf(t *testing.T) {
 				"7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c",
 				"f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb",
 			),
-			expect:   true,
-			wantCode: http.StatusOK,
+			expectDNS:      true,
+			expectTrillian: true,
+			wantCode:       http.StatusOK,
 		},
 	} {
 		// Run deferred functions at the end of each iteration
 		func() {
 			ctrl := gomock.NewController(t)
 			defer ctrl.Finish()
+			dns := mocks.NewMockVerifier(ctrl)
+			if table.expectDNS {
+				dns.EXPECT().Verify(gomock.Any(), gomock.Any(), gomock.Any()).Return(table.errDNS)
+			}
 			client := mocks.NewMockClient(ctrl)
-			if table.expect {
-				client.EXPECT().AddLeaf(gomock.Any(), gomock.Any()).Return(table.err)
+			if table.expectTrillian {
+				client.EXPECT().AddLeaf(gomock.Any(), gomock.Any()).Return(table.errTrillian)
 			}
 			i := Instance{
 				Config: testConfig,
 				Client: client,
+				DNS:    dns,
 			}
 
 			// Create HTTP request
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go
index 31a9b73..fbfe4df 100644
--- a/pkg/instance/instance.go
+++ b/pkg/instance/instance.go
@@ -8,10 +8,11 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/golang/glog"
+	"git.sigsum.org/sigsum-log-go/pkg/dns"
 	"git.sigsum.org/sigsum-log-go/pkg/state"
 	"git.sigsum.org/sigsum-log-go/pkg/trillian"
 	"git.sigsum.org/sigsum-log-go/pkg/types"
+	"github.com/golang/glog"
 )
 
 // Config is a collection of log parameters
@@ -35,6 +36,7 @@ type Instance struct {
 	Client   trillian.Client    // provides access to the Trillian backend
 	Signer   crypto.Signer      // provides access to Ed25519 private key
 	Stateman state.StateManager // coordinates access to (co)signed tree heads
+	DNS      dns.Verifier       // checks if domain name knows a public key
 }
 
 // Handler implements the http.Handler interface, and contains a reference
@@ -92,7 +94,7 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, error) {
+func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*types.LeafRequest, error) {
 	var req types.LeafRequest
 	if err := req.UnmarshalASCII(r.Body); err != nil {
 		return nil, fmt.Errorf("UnmarshalASCII: %v", err)
@@ -110,7 +112,9 @@ func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, err
 	if req.ShardHint > i.ShardEnd {
 		return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, i.ShardEnd)
 	}
-	// TODO: check domain hint
+	if err := i.DNS.Verify(ctx, req.DomainHint, req.VerificationKey); err != nil {
+		return nil, fmt.Errorf("invalid domain hint: %v", err)
+	}
 	return &req, nil
 }
 
diff --git a/pkg/mocks/sigsum_dns.go b/pkg/mocks/sigsum_dns.go
new file mode 100644
index 0000000..ede237e
--- /dev/null
+++ b/pkg/mocks/sigsum_dns.go
@@ -0,0 +1,49 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: git.sigsum.org/sigsum-log-go/pkg/dns (interfaces: Verifier)
+
+// Package mocks is a generated GoMock package.
+package mocks
+
+import (
+	context "context"
+	reflect "reflect"
+
+	gomock "github.com/golang/mock/gomock"
+)
+
+// MockVerifier is a mock of Verifier interface.
+type MockVerifier struct {
+	ctrl     *gomock.Controller
+	recorder *MockVerifierMockRecorder
+}
+
+// MockVerifierMockRecorder is the mock recorder for MockVerifier.
+type MockVerifierMockRecorder struct {
+	mock *MockVerifier
+}
+
+// NewMockVerifier creates a new mock instance.
+func NewMockVerifier(ctrl *gomock.Controller) *MockVerifier {
+	mock := &MockVerifier{ctrl: ctrl}
+	mock.recorder = &MockVerifierMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockVerifier) EXPECT() *MockVerifierMockRecorder {
+	return m.recorder
+}
+
+// Verify mocks base method.
+func (m *MockVerifier) Verify(arg0 context.Context, arg1 string, arg2 *[32]byte) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Verify", arg0, arg1, arg2)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// Verify indicates an expected call of Verify.
+func (mr *MockVerifierMockRecorder) Verify(arg0, arg1, arg2 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Verify", reflect.TypeOf((*MockVerifier)(nil).Verify), arg0, arg1, arg2)
+}
author	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2021-10-02 20:23:51 +0200
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2021-10-02 20:23:51 +0200
commit	cc75064317725f5b4d58b8b364dbf0c9c431ec3e (patch)
tree	7ee92c65d4340ecf910d0c966087f1b5a0ec404a
parent	01d7bd4785be2c82cc4765ba6e27cbcf61188862 (diff)