From cc75064317725f5b4d58b8b364dbf0c9c431ec3e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Sat, 2 Oct 2021 20:23:51 +0200 Subject: added domain_hint enforcement --- cmd/sigsum_log_go/main.go | 4 +++ cmd/tmp/dns/main.go | 42 ++++++++++++++++++++++++++++++ cmd/tmp/submit/main.go | 59 ++++++++++++++++++++++++++++++++++++------- pkg/dns/dns.go | 40 +++++++++++++++++++++++++++++ pkg/instance/endpoint.go | 2 +- pkg/instance/endpoint_test.go | 48 +++++++++++++++++++++++++---------- pkg/instance/instance.go | 10 +++++--- pkg/mocks/sigsum_dns.go | 49 +++++++++++++++++++++++++++++++++++ 8 files changed, 227 insertions(+), 27 deletions(-) create mode 100644 cmd/tmp/dns/main.go create mode 100644 pkg/dns/dns.go create mode 100644 pkg/mocks/sigsum_dns.go diff --git a/cmd/sigsum_log_go/main.go b/cmd/sigsum_log_go/main.go index 5af8563..b22dd40 100644 --- a/cmd/sigsum_log_go/main.go +++ b/cmd/sigsum_log_go/main.go @@ -25,6 +25,7 @@ import ( "git.sigsum.org/sigsum-log-go/pkg/state" trillianWrapper "git.sigsum.org/sigsum-log-go/pkg/trillian" "git.sigsum.org/sigsum-log-go/pkg/types" + "git.sigsum.org/sigsum-log-go/pkg/dns" ) var ( @@ -134,6 +135,9 @@ func setupInstanceFromFlags() (*sigsum.Instance, error) { return nil, fmt.Errorf("NewStateManager: %v", err) } + // Setup DNS verifier + i.DNS = dns.NewDefaultResolver() + // Register HTTP endpoints mux := http.NewServeMux() http.Handle("/", mux) diff --git a/cmd/tmp/dns/main.go b/cmd/tmp/dns/main.go new file mode 100644 index 0000000..b493f15 --- /dev/null +++ b/cmd/tmp/dns/main.go @@ -0,0 +1,42 @@ +package main + +import ( + "context" + "encoding/hex" + "flag" + "fmt" + "log" + + "git.sigsum.org/sigsum-log-go/pkg/dns" + "git.sigsum.org/sigsum-log-go/pkg/types" +) + +var ( + vk = flag.String("vk", "5aed7ffc3bc088221f6579567b2e6e3c4ac3579bd5e77670755179052c68d5d3", "verification key (hex)") + domain_hint = flag.String("domain_hint", "example.com", "domain name that is aware of public key hash in hex") +) + +func main() { + flag.Parse() + + var key [types.VerificationKeySize]byte + mustDecodeHex(*vk, key[:]) + + vf := dns.NewDefaultResolver() + if err := vf.Verify(context.Background(), *domain_hint, &key); err != nil { + log.Fatal(err) + } + + fmt.Println("Success!") +} + +func mustDecodeHex(s string, buf []byte) { + b, err := hex.DecodeString(s) + if err != nil { + log.Fatal(err) + } + if len(b) != len(buf) { + log.Fatal("bad flag: invalid buffer length") + } + copy(buf, b) +} diff --git a/cmd/tmp/submit/main.go b/cmd/tmp/submit/main.go index d6620f6..2b8050c 100644 --- a/cmd/tmp/submit/main.go +++ b/cmd/tmp/submit/main.go @@ -5,25 +5,66 @@ package main import ( "crypto/ed25519" "crypto/rand" + "encoding/hex" + "flag" "fmt" + "log" "git.sigsum.org/sigsum-log-go/pkg/types" ) +var ( + shardHint = flag.Uint64("shard_hint", 0, "shard hint (decimal)") + checksum = flag.String("checksum", "", "checksum (hex)") + sk = flag.String("sk", "", "secret key (hex)") + domainHint = flag.String("domain_hint", "example.com", "domain hint (string)") + base_url = flag.String("base_url", "localhost:6965", "base url (string)") +) + func main() { - checksum := [32]byte{} + flag.Parse() + + var privBuf [64]byte + var priv ed25519.PrivateKey = ed25519.PrivateKey(privBuf[:]) + mustDecodeHex(*sk, priv[:]) + + var c [types.HashSize]byte + if *checksum != "" { + mustDecodeHex(*checksum, c[:]) + } else { + mustPutRandom(c[:]) + } + msg := types.Message{ - ShardHint: 0, - Checksum: &checksum, + ShardHint: *shardHint, + Checksum: &c, } + sig := ed25519.Sign(priv, msg.Marshal()) - vk, sk, err := ed25519.GenerateKey(rand.Reader) + fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- %s/sigsum/v0/add-leaf\n", + msg.ShardHint, + msg.Checksum[:], + sig, + priv.Public().(ed25519.PublicKey)[:], + *domainHint, + *base_url, + ) +} + +func mustDecodeHex(s string, buf []byte) { + b, err := hex.DecodeString(s) if err != nil { - fmt.Printf("ed25519.GenerateKey: %v\n", err) - return + log.Fatal(err) + } + if len(b) != len(buf) { + log.Fatal("bad flag: invalid buffer length") } - sig := ed25519.Sign(sk, msg.Marshal()) - //fmt.Printf("sk: %x\nvk: %x\n", sk[:], vk[:]) + copy(buf, b) +} - fmt.Printf("echo \"shard_hint=%d\nchecksum=%x\nsignature=%x\nverification_key=%x\ndomain_hint=%s\" | curl --data-binary @- localhost:6965/sigsum/v0/add-leaf\n", msg.ShardHint, msg.Checksum[:], sig, vk[:], "example.com") +func mustPutRandom(buf []byte) { + _, err := rand.Read(buf) + if err != nil { + log.Fatal(err) + } } diff --git a/pkg/dns/dns.go b/pkg/dns/dns.go new file mode 100644 index 0000000..7979119 --- /dev/null +++ b/pkg/dns/dns.go @@ -0,0 +1,40 @@ +package dns + +import ( + "context" + "fmt" + "net" + + "encoding/hex" + + "git.sigsum.org/sigsum-log-go/pkg/types" +) + +// Verifier can verify that a domain name is aware of a public key +type Verifier interface { + Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error +} + +// DefaultResolver implements the Verifier interface with Go's default resolver +type DefaultResolver struct { + resolver net.Resolver +} + +func NewDefaultResolver() Verifier { + return &DefaultResolver{} +} + +func (dr *DefaultResolver) Verify(ctx context.Context, name string, key *[types.VerificationKeySize]byte) error { + rsp, err := dr.resolver.LookupTXT(ctx, name) + if err != nil { + return fmt.Errorf("domain name look-up failed: %v", err) + } + + want := hex.EncodeToString(types.Hash(key[:])[:]) + for _, got := range rsp { + if got == want { + return nil + } + } + return fmt.Errorf("%q is not aware of key hash %q", name, want) +} diff --git a/pkg/instance/endpoint.go b/pkg/instance/endpoint.go index 2387263..a6d424d 100644 --- a/pkg/instance/endpoint.go +++ b/pkg/instance/endpoint.go @@ -9,7 +9,7 @@ import ( func addLeaf(ctx context.Context, i *Instance, w http.ResponseWriter, r *http.Request) (int, error) { glog.V(3).Info("handling add-entry request") - req, err := i.leafRequestFromHTTP(r) + req, err := i.leafRequestFromHTTP(ctx, r) if err != nil { return http.StatusBadRequest, err } diff --git a/pkg/instance/endpoint_test.go b/pkg/instance/endpoint_test.go index 3ca72b2..29d5a8e 100644 --- a/pkg/instance/endpoint_test.go +++ b/pkg/instance/endpoint_test.go @@ -10,9 +10,9 @@ import ( "net/http/httptest" "testing" - "github.com/golang/mock/gomock" "git.sigsum.org/sigsum-log-go/pkg/mocks" "git.sigsum.org/sigsum-log-go/pkg/types" + "github.com/golang/mock/gomock" ) var ( @@ -72,11 +72,13 @@ func TestAddLeaf(t *testing.T) { )) } for _, table := range []struct { - description string - ascii io.Reader // buffer used to populate HTTP request - expect bool // set if a mock answer is expected - err error // error from Trillian client - wantCode int // HTTP status ok + description string + ascii io.Reader // buffer used to populate HTTP request + expectTrillian bool // expect Trillian client code path + errTrillian error // error from Trillian client + expectDNS bool // expect DNS verifier code path + errDNS error // error from DNS verifier + wantCode int // HTTP status ok }{ // XXX introduce helper so that test params are not hardcoded { @@ -103,7 +105,7 @@ func TestAddLeaf(t *testing.T) { wantCode: http.StatusBadRequest, }, { - description: "invalid: bad request (shard hint is before shard start)", + description: "invalid: bad request (shard hint is after shard end)", ascii: buf(21, "0000000000000000000000000000000000000000000000000000000000000000", "79c14f0ad9ab24ab98fe9d5ff59c3b91348789758aa092c6bfab2ac8890b41fb1d44d985e723184f9de42edb82b5ada14f494a96e361914d5366dd92379a1d04", @@ -111,6 +113,17 @@ func TestAddLeaf(t *testing.T) { ), wantCode: http.StatusBadRequest, }, + { + description: "invalid: failed verifying domain hint", + ascii: buf(10, + "0000000000000000000000000000000000000000000000000000000000000000", + "7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c", + "f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb", + ), + expectDNS: true, + errDNS: fmt.Errorf("something went wrong"), + wantCode: http.StatusBadRequest, + }, { description: "invalid: backend failure", ascii: buf(10, @@ -118,9 +131,10 @@ func TestAddLeaf(t *testing.T) { "7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c", "f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb", ), - expect: true, - err: fmt.Errorf("something went wrong"), - wantCode: http.StatusInternalServerError, + expectDNS: true, + expectTrillian: true, + errTrillian: fmt.Errorf("something went wrong"), + wantCode: http.StatusInternalServerError, }, { description: "valid", @@ -129,21 +143,27 @@ func TestAddLeaf(t *testing.T) { "7df253d2578c6c20b90832245ad6f981077454667796b3d507336a89ee878a2eae6b96e6d8de84fe8c1acf4b3aaffd482b657b65d94ed5e6be6320492147f90c", "f6eef8e94ddf1396682871257e670a1d9b627cf460daade7c36d218b2866befb", ), - expect: true, - wantCode: http.StatusOK, + expectDNS: true, + expectTrillian: true, + wantCode: http.StatusOK, }, } { // Run deferred functions at the end of each iteration func() { ctrl := gomock.NewController(t) defer ctrl.Finish() + dns := mocks.NewMockVerifier(ctrl) + if table.expectDNS { + dns.EXPECT().Verify(gomock.Any(), gomock.Any(), gomock.Any()).Return(table.errDNS) + } client := mocks.NewMockClient(ctrl) - if table.expect { - client.EXPECT().AddLeaf(gomock.Any(), gomock.Any()).Return(table.err) + if table.expectTrillian { + client.EXPECT().AddLeaf(gomock.Any(), gomock.Any()).Return(table.errTrillian) } i := Instance{ Config: testConfig, Client: client, + DNS: dns, } // Create HTTP request diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go index 31a9b73..fbfe4df 100644 --- a/pkg/instance/instance.go +++ b/pkg/instance/instance.go @@ -8,10 +8,11 @@ import ( "net/http" "time" - "github.com/golang/glog" + "git.sigsum.org/sigsum-log-go/pkg/dns" "git.sigsum.org/sigsum-log-go/pkg/state" "git.sigsum.org/sigsum-log-go/pkg/trillian" "git.sigsum.org/sigsum-log-go/pkg/types" + "github.com/golang/glog" ) // Config is a collection of log parameters @@ -35,6 +36,7 @@ type Instance struct { Client trillian.Client // provides access to the Trillian backend Signer crypto.Signer // provides access to Ed25519 private key Stateman state.StateManager // coordinates access to (co)signed tree heads + DNS dns.Verifier // checks if domain name knows a public key } // Handler implements the http.Handler interface, and contains a reference @@ -92,7 +94,7 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } -func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, error) { +func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*types.LeafRequest, error) { var req types.LeafRequest if err := req.UnmarshalASCII(r.Body); err != nil { return nil, fmt.Errorf("UnmarshalASCII: %v", err) @@ -110,7 +112,9 @@ func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, err if req.ShardHint > i.ShardEnd { return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, i.ShardEnd) } - // TODO: check domain hint + if err := i.DNS.Verify(ctx, req.DomainHint, req.VerificationKey); err != nil { + return nil, fmt.Errorf("invalid domain hint: %v", err) + } return &req, nil } diff --git a/pkg/mocks/sigsum_dns.go b/pkg/mocks/sigsum_dns.go new file mode 100644 index 0000000..ede237e --- /dev/null +++ b/pkg/mocks/sigsum_dns.go @@ -0,0 +1,49 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: git.sigsum.org/sigsum-log-go/pkg/dns (interfaces: Verifier) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + context "context" + reflect "reflect" + + gomock "github.com/golang/mock/gomock" +) + +// MockVerifier is a mock of Verifier interface. +type MockVerifier struct { + ctrl *gomock.Controller + recorder *MockVerifierMockRecorder +} + +// MockVerifierMockRecorder is the mock recorder for MockVerifier. +type MockVerifierMockRecorder struct { + mock *MockVerifier +} + +// NewMockVerifier creates a new mock instance. +func NewMockVerifier(ctrl *gomock.Controller) *MockVerifier { + mock := &MockVerifier{ctrl: ctrl} + mock.recorder = &MockVerifierMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockVerifier) EXPECT() *MockVerifierMockRecorder { + return m.recorder +} + +// Verify mocks base method. +func (m *MockVerifier) Verify(arg0 context.Context, arg1 string, arg2 *[32]byte) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Verify", arg0, arg1, arg2) + ret0, _ := ret[0].(error) + return ret0 +} + +// Verify indicates an expected call of Verify. +func (mr *MockVerifierMockRecorder) Verify(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Verify", reflect.TypeOf((*MockVerifier)(nil).Verify), arg0, arg1, arg2) +} -- cgit v1.2.3