diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-02 20:23:51 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2021-10-02 20:23:51 +0200 |
commit | cc75064317725f5b4d58b8b364dbf0c9c431ec3e (patch) | |
tree | 7ee92c65d4340ecf910d0c966087f1b5a0ec404a /cmd | |
parent | 01d7bd4785be2c82cc4765ba6e27cbcf61188862 (diff) |
added domain_hint enforcementv0.3.0
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/sigsum_log_go/main.go | 4 | ||||
-rw-r--r-- | cmd/tmp/dns/main.go | 42 | ||||
-rw-r--r-- | cmd/tmp/submit/main.go | 59 |
3 files changed, 96 insertions, 9 deletions
diff --git a/cmd/sigsum_log_go/main.go b/cmd/sigsum_log_go/main.go index 5af8563..b22dd40 100644 --- a/cmd/sigsum_log_go/main.go +++ b/cmd/sigsum_log_go/main.go @@ -25,6 +25,7 @@ import ( "git.sigsum.org/sigsum-log-go/pkg/state" trillianWrapper "git.sigsum.org/sigsum-log-go/pkg/trillian" "git.sigsum.org/sigsum-log-go/pkg/types" + "git.sigsum.org/sigsum-log-go/pkg/dns" ) var ( @@ -134,6 +135,9 @@ func setupInstanceFromFlags() (*sigsum.Instance, error) { return nil, fmt.Errorf("NewStateManager: %v", err) } + // Setup DNS verifier + i.DNS = dns.NewDefaultResolver() + // Register HTTP endpoints mux := http.NewServeMux() http.Handle("/", mux) diff --git a/cmd/tmp/dns/main.go b/cmd/tmp/dns/main.go new file mode 100644 index 0000000..b493f15 --- /dev/null +++ b/cmd/tmp/dns/main.go @@ -0,0 +1,42 @@ +package main + +import ( + "context" + "encoding/hex" + "flag" + "fmt" + "log" + + "git.sigsum.org/sigsum-log-go/pkg/dns" + "git.sigsum.org/sigsum-log-go/pkg/types" +) + +var ( + vk = flag.String("vk", "5aed7ffc3bc088221f6579567b2e6e3c4ac3579bd5e77670755179052c68d5d3", "verification key (hex)") + domain_hint = flag.String("domain_hint", "example.com", "domain name that is aware of public key hash in hex") +) + +func main() { + flag.Parse() + + var key [types.VerificationKeySize]byte + mustDecodeHex(*vk, key[:]) + + vf := dns.NewDefaultResolver() + if err := vf.Verify(context.Background(), *domain_hint, &key); err != nil { + log.Fatal(err) + } + + fmt.Println("Success!") +} + +func mustDecodeHex(s string, buf []byte) { + b, err := hex.DecodeString(s) + if err != nil { + log.Fatal(err) + } + if len(b) != len(buf) { + log.Fatal("bad flag: invalid buffer length") + } + copy(buf, b) +} diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go index d6620f6..2b8050c 100644 --- a/cmd/tmp/submit/main.go +++ b/cmd/tmp/submit/main.go @@ -5,25 +5,66 @@ package main import ( "crypto/ed25519" "crypto/rand" + "encoding/hex" + "flag" "fmt" + "log" "git.sigsum.org/sigsum-log-go/pkg/types" ) +var ( + shardHint = flag.Uint64("shard_hint", 0, "shard hint (decimal)") + checksum = flag.String("checksum", "", "checksum (hex)") + sk = flag.String("sk", "", "secret key (hex)") + domainHint = flag.String("domain_hint", "example.com", "domain hint (string)") + base_url = flag.String("base_url", "localhost:6965", "base url (string)") +) + func main() { - checksum := [32]byte{} + flag.Parse() + + var privBuf [64]byte + var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:]) + mustDecodeHex(*sk, priv[:]) + + var c [types.HashSize]byte + if *checksum != "" { + mustDecodeHex(*checksum, c[:]) + } else { + mustPutRandom(c[:]) + } + msg := types.Message{ - ShardHint: 0, - Checksum: &checksum, + ShardHint: *shardHint, + Checksum: &c, } + sig := ed25519.Sign(priv, msg.Marshal()) - vk, sk, err := ed25519.GenerateKey(rand.Reader) + fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n", + msg.ShardHint, + msg.Checksum[:], + sig, + priv.Public().(ed25519.PublicKey)[:], + *domainHint, + *base_url, + ) +} + +func mustDecodeHex(s string, buf []byte) { + b, err := hex.DecodeString(s) if err != nil { - fmt.Printf("ed25519.GenerateKey: %v\n", err) - return + log.Fatal(err) + } + if len(b) != len(buf) { + log.Fatal("bad flag: invalid buffer length") } - sig := ed25519.Sign(sk, msg.Marshal()) - //fmt.Printf("sk: %x\nvk: %x\n", sk[:], vk[:]) + copy(buf, b) +} - fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- localhost:6965/sigsum/v0/add-leaf\n", msg.ShardHint, msg.Checksum[:], sig, vk[:], "example.com") +func mustPutRandom(buf []byte) { + _, err := rand.Read(buf) + if err != nil { + log.Fatal(err) + } } |