aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-10-02 20:23:51 +0200
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-10-02 20:23:51 +0200
commitcc75064317725f5b4d58b8b364dbf0c9c431ec3e (patch)
tree7ee92c65d4340ecf910d0c966087f1b5a0ec404a
parent01d7bd4785be2c82cc4765ba6e27cbcf61188862 (diff)
added domain_hint enforcementv0.3.0
-rw-r--r--cmd/sigsum_log_go/main.go4
-rw-r--r--cmd/tmp/dns/main.go42
-rw-r--r--cmd/tmp/submit/main.go59
-rw-r--r--pkg/dns/dns.go40
-rw-r--r--pkg/instance/endpoint.go2
-rw-r--r--pkg/instance/endpoint_test.go48
-rw-r--r--pkg/instance/instance.go10
-rw-r--r--pkg/mocks/sigsum_dns.go49
8 files changed, 227 insertions, 27 deletions
diff --git a/cmd/sigsum_log_go/main.go b/cmd/sigsum_log_go/main.go
index 5af8563..b22dd40 100644
--- a/cmd/sigsum_log_go/main.go
+++ b/cmd/sigsum_log_go/main.go
@@ -25,6 +25,7 @@ import (
"git.sigsum.org/sigsum-log-go/pkg/state"
trillianWrapper "git.sigsum.org/sigsum-log-go/pkg/trillian"
"git.sigsum.org/sigsum-log-go/pkg/types"
+ "git.sigsum.org/sigsum-log-go/pkg/dns"
)
var (
@@ -134,6 +135,9 @@ func setupInstanceFromFlags() (*sigsum.Instance, error) {
return nil, fmt.Errorf("NewStateManager: %v", err)
}
+ // Setup DNS verifier
+ i.DNS = dns.NewDefaultResolver()
+
// Register HTTP endpoints
mux := http.NewServeMux()
http.Handle("/", mux)
diff --git a/cmd/tmp/dns/main.go b/cmd/tmp/dns/main.go
new file mode 100644
index 0000000..b493f15
--- /dev/null
+++ b/cmd/tmp/dns/main.go
@@ -0,0 +1,42 @@
+package main
+
+import (
+ "context"
+ "encoding/hex"
+ "flag"
+ "fmt"
+ "log"
+
+ "git.sigsum.org/sigsum-log-go/pkg/dns"
+ "git.sigsum.org/sigsum-log-go/pkg/types"
+)
+
+var (
+ vk = flag.String("vk", "5aed7ffc3bc088221f6579567b2e6e3c4ac3579bd5e77670755179052c68d5d3", "verification key (hex)")
+ domain_hint = flag.String("domain_hint", "example.com", "domain name that is aware of public key hash in hex")
+)
+
+func main() {
+ flag.Parse()
+
+ var key [types.VerificationKeySize]byte
+ mustDecodeHex(*vk, key[:])
+
+ vf := dns.NewDefaultResolver()
+ if err := vf.Verify(context.Background(), *domain_hint, &key); err != nil {
+ log.Fatal(err)
+ }
+
+ fmt.Println("Success!")
+}
+
+func mustDecodeHex(s string, buf []byte) {
+ b, err := hex.DecodeString(s)
+ if err != nil {
+ log.Fatal(err)
+ }
+ if len(b) != len(buf) {
+ log.Fatal("bad flag: invalid buffer length")
+ }
+ copy(buf, b)
+}
diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go
index d6620f6..2b8050c 100644
--- a/cmd/tmp/submit/main.go
+++ b/cmd/tmp/submit/main.go
@@ -5,25 +5,66 @@ package main
import (
"crypto/ed25519"
"crypto/rand"
+ "encoding/hex"
+ "flag"
"fmt"
+ "log"
"git.sigsum.org/sigsum-log-go/pkg/types"
)
+var (
+ shardHint = flag.Uint64("shard_hint", 0, "shard hint (decimal)")
+ checksum = flag.String("checksum", "", "checksum (hex)")
+ sk = flag.String("sk", "", "secret key (hex)")
+ domainHint = flag.String("domain_hint", "example.com", "domain hint (string)")
+ base_url = flag.String("base_url", "localhost:6965", "base url (string)")
+)
+
func main() {
- checksum := [32]byte{}
+ flag.Parse()
+
+ var privBuf [64]byte
+ var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:])
+ mustDecodeHex(*sk, priv[:])
+
+ var c [types.HashSize]byte
+ if *checksum != "" {
+ mustDecodeHex(*checksum, c[:])
+ } else {
+ mustPutRandom(c[:])
+ }
+
msg := types.Message{
- ShardHint: 0,
- Checksum: &checksum,
+ ShardHint: *shardHint,
+ Checksum: &c,
}
+ sig := ed25519.Sign(priv, msg.Marshal())
- vk, sk, err := ed25519.GenerateKey(rand.Reader)
+ fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n",
+ msg.ShardHint,
+ msg.Checksum[:],
+ sig,
+ priv.Public().(ed25519.PublicKey)[:],
+ *domainHint,
+ *base_url,
+ )
+}
+
+func mustDecodeHex(s string, buf []byte) {
+ b, err := hex.DecodeString(s)
if err != nil {
- fmt.Printf("ed25519.GenerateKey: %v\n", err)
- return
+ log.Fatal(err)
+ }
+ if len(b) != len(buf) {
+ log.Fatal("bad flag: invalid buffer length")
}
- sig := ed25519.Sign(sk, msg.Marshal())
- //fmt.Printf("sk: %x\nvk: %x\n", sk[:], vk[:])
+ copy(buf, b)
+}
- fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- localhost:6965/sigsum/v0/add-leaf\n", msg.ShardHint, msg.Checksum[:], sig, vk[:], "example.com")
+func mustPutRandom(buf []byte) {
+ _, err := rand.Read(buf)
+ if err != nil {
+ log.Fatal(err)
+ }
}
diff --git a/pkg/dns/dns.go b/pkg/dns/dns.go
new file mode 100644
index 0000000..7979119
--- /dev/null
+++ b/pkg/dns/dns.go
@@ -0,0 +1,40 @@
+package dns
+
+import (
+ "context"
+ "fmt"
+ "net"
+
+ "encoding/hex"
+
+ "git.sigsum.org/sigsum-log-go/pkg/types"
+)
+
+// Verifier can verify that a domain name is aware of a public key
+type Verifier interface {
+ Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error
+}
+
+// DefaultResolver implements the Verifier interface with Go's default resolver
+type DefaultResolver struct {
+ resolver net.Resolver
+}
+
+func NewDefaultResolver() Verifier {
+ return &DefaultResolver{}
+}
+
+func (dr *DefaultResolver) Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error {
+ rsp, err := dr.resolver.LookupTXT(ctx, name)
+ if err != nil {
+ return fmt.Errorf("domain name look-up failed: %v", err)
+ }
+
+ want := hex.EncodeToString(types.Hash(key[:])[:])
+ for _, got := range rsp {
+ if got == want {
+ return nil
+ }
+ }
+ return fmt.Errorf("%q is not aware of key hash %q", name, want)
+}
diff --git a/pkg/instance/endpoint.go b/pkg/instance/endpoint.go
index 2387263..a6d424d 100644
--- a/pkg/instance/endpoint.go
+++ b/pkg/instance/endpoint.go
@@ -9,7 +9,7 @@ import (
func addLeaf(ctx context.Context, i *Instance, w http.ResponseWriter, r *http.Request) (int, error) {
glog.V(3).Info("handling add-entry request")
- req, err := i.leafRequestFromHTTP(r)
+ req, err := i.leafRequestFromHTTP(ctx, r)
if err != nil {
return http.StatusBadRequest, err
}
diff --git a/pkg/instance/endpoint_test.go b/pkg/instance/endpoint_test.go
index 3ca72b2..29d5a8e 100644
--- a/pkg/instance/endpoint_test.go
+++ b/pkg/instance/endpoint_test.go
@@ -10,9 +10,9 @@ import (
"net/http/httptest"
"testing"
- "github.com/golang/mock/gomock"
"git.sigsum.org/sigsum-log-go/pkg/mocks"
"git.sigsum.org/sigsum-log-go/pkg/types"
+ "github.com/golang/mock/gomock"
)
var (
@@ -72,11 +72,13 @@ func TestAddLeaf(t *testing.T) {
))
}
for _, table := range []struct {
- description string
- ascii io.Reader // buffer used to populate HTTP request
- expect bool // set if a mock answer is expected
- err error // error from Trillian client
- wantCode int // HTTP status ok
+ description string
+ ascii io.Reader // buffer used to populate HTTP request
+ expectTrillian bool // expect Trillian client code path
+ errTrillian error // error from Trillian client
+ expectDNS bool // expect DNS verifier code path
+ errDNS error // error from DNS verifier
+ wantCode int // HTTP status ok
}{
// XXX introduce helper so that test params are not hardcoded
{
@@ -103,7 +105,7 @@ func TestAddLeaf(t *testing.T) {
wantCode: http.StatusBadRequest,
},
{
- description: "invalid: bad request (shard hint is before shard start)",
+ description: "invalid: bad request (shard hint is after shard end)",
ascii: buf(21,
"0000000000000000000000000000000000000000000000000000000000000000",
"79c14f0ad9ab24ab98fe9d5ff59c3b91348789758aa092c6bfab2ac8890b41fb1d44d985e723184f9de42edb82b5ada14f494a96e361914d5366dd92379a1d04",
@@ -112,15 +114,27 @@ func TestAddLeaf(t *testing.T) {
wantCode: http.StatusBadRequest,
},
{
+ description: "invalid: failed verifying domain hint",
+ ascii: buf(10,
+ "0000000000000000000000000000000000000000000000000000000000000000",
+ "7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c",
+ "f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb",
+ ),
+ expectDNS: true,
+ errDNS: fmt.Errorf("something went wrong"),
+ wantCode: http.StatusBadRequest,
+ },
+ {
description: "invalid: backend failure",
ascii: buf(10,
"0000000000000000000000000000000000000000000000000000000000000000",
"7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c",
"f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb",
),
- expect: true,
- err: fmt.Errorf("something went wrong"),
- wantCode: http.StatusInternalServerError,
+ expectDNS: true,
+ expectTrillian: true,
+ errTrillian: fmt.Errorf("something went wrong"),
+ wantCode: http.StatusInternalServerError,
},
{
description: "valid",
@@ -129,21 +143,27 @@ func TestAddLeaf(t *testing.T) {
"7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c",
"f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb",
),
- expect: true,
- wantCode: http.StatusOK,
+ expectDNS: true,
+ expectTrillian: true,
+ wantCode: http.StatusOK,
},
} {
// Run deferred functions at the end of each iteration
func() {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
+ dns := mocks.NewMockVerifier(ctrl)
+ if table.expectDNS {
+ dns.EXPECT().Verify(gomock.Any(), gomock.Any(), gomock.Any()).Return(table.errDNS)
+ }
client := mocks.NewMockClient(ctrl)
- if table.expect {
- client.EXPECT().AddLeaf(gomock.Any(), gomock.Any()).Return(table.err)
+ if table.expectTrillian {
+ client.EXPECT().AddLeaf(gomock.Any(), gomock.Any()).Return(table.errTrillian)
}
i := Instance{
Config: testConfig,
Client: client,
+ DNS: dns,
}
// Create HTTP request
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go
index 31a9b73..fbfe4df 100644
--- a/pkg/instance/instance.go
+++ b/pkg/instance/instance.go
@@ -8,10 +8,11 @@ import (
"net/http"
"time"
- "github.com/golang/glog"
+ "git.sigsum.org/sigsum-log-go/pkg/dns"
"git.sigsum.org/sigsum-log-go/pkg/state"
"git.sigsum.org/sigsum-log-go/pkg/trillian"
"git.sigsum.org/sigsum-log-go/pkg/types"
+ "github.com/golang/glog"
)
// Config is a collection of log parameters
@@ -35,6 +36,7 @@ type Instance struct {
Client trillian.Client // provides access to the Trillian backend
Signer crypto.Signer // provides access to Ed25519 private key
Stateman state.StateManager // coordinates access to (co)signed tree heads
+ DNS dns.Verifier // checks if domain name knows a public key
}
// Handler implements the http.Handler interface, and contains a reference
@@ -92,7 +94,7 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}
-func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, error) {
+func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*types.LeafRequest, error) {
var req types.LeafRequest
if err := req.UnmarshalASCII(r.Body); err != nil {
return nil, fmt.Errorf("UnmarshalASCII: %v", err)
@@ -110,7 +112,9 @@ func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, err
if req.ShardHint > i.ShardEnd {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, i.ShardEnd)
}
- // TODO: check domain hint
+ if err := i.DNS.Verify(ctx, req.DomainHint, req.VerificationKey); err != nil {
+ return nil, fmt.Errorf("invalid domain hint: %v", err)
+ }
return &req, nil
}
diff --git a/pkg/mocks/sigsum_dns.go b/pkg/mocks/sigsum_dns.go
new file mode 100644
index 0000000..ede237e
--- /dev/null
+++ b/pkg/mocks/sigsum_dns.go
@@ -0,0 +1,49 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: git.sigsum.org/sigsum-log-go/pkg/dns (interfaces: Verifier)
+
+// Package mocks is a generated GoMock package.
+package mocks
+
+import (
+ context "context"
+ reflect "reflect"
+
+ gomock "github.com/golang/mock/gomock"
+)
+
+// MockVerifier is a mock of Verifier interface.
+type MockVerifier struct {
+ ctrl *gomock.Controller
+ recorder *MockVerifierMockRecorder
+}
+
+// MockVerifierMockRecorder is the mock recorder for MockVerifier.
+type MockVerifierMockRecorder struct {
+ mock *MockVerifier
+}
+
+// NewMockVerifier creates a new mock instance.
+func NewMockVerifier(ctrl *gomock.Controller) *MockVerifier {
+ mock := &MockVerifier{ctrl: ctrl}
+ mock.recorder = &MockVerifierMockRecorder{mock}
+ return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockVerifier) EXPECT() *MockVerifierMockRecorder {
+ return m.recorder
+}
+
+// Verify mocks base method.
+func (m *MockVerifier) Verify(arg0 context.Context, arg1 string, arg2 *[32]byte) error {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "Verify", arg0, arg1, arg2)
+ ret0, _ := ret[0].(error)
+ return ret0
+}
+
+// Verify indicates an expected call of Verify.
+func (mr *MockVerifierMockRecorder) Verify(arg0, arg1, arg2 interface{}) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Verify", reflect.TypeOf((*MockVerifier)(nil).Verify), arg0, arg1, arg2)
+}