2014-11-01 22:32:46 +11:00
|
|
|
package dns
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto"
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/rsa"
|
2016-06-09 01:38:42 +10:00
|
|
|
"encoding/binary"
|
2014-11-01 22:32:46 +11:00
|
|
|
"math/big"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
2014-11-02 22:39:12 +11:00
|
|
|
// Sign signs a dns.Msg. It fills the signature with the appropriate data.
|
|
|
|
// The SIG record should have the SignerName, KeyTag, Algorithm, Inception
|
2014-11-01 22:32:46 +11:00
|
|
|
// and Expiration set.
|
2015-03-27 09:34:52 +11:00
|
|
|
func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) {
|
2014-11-01 22:32:46 +11:00
|
|
|
if k == nil {
|
|
|
|
return nil, ErrPrivKey
|
|
|
|
}
|
2021-02-26 03:01:55 +11:00
|
|
|
if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
|
2014-11-01 22:32:46 +11:00
|
|
|
return nil, ErrKey
|
|
|
|
}
|
2019-01-04 19:12:32 +11:00
|
|
|
|
|
|
|
rr.Hdr = RR_Header{Name: ".", Rrtype: TypeSIG, Class: ClassANY, Ttl: 0}
|
|
|
|
rr.OrigTtl, rr.TypeCovered, rr.Labels = 0, 0, 0
|
2014-11-01 22:32:46 +11:00
|
|
|
|
2018-11-30 10:33:41 +11:00
|
|
|
buf := make([]byte, m.Len()+Len(rr))
|
2014-11-01 22:32:46 +11:00
|
|
|
mbuf, err := m.PackBuffer(buf)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if &buf[0] != &mbuf[0] {
|
|
|
|
return nil, ErrBuf
|
|
|
|
}
|
|
|
|
off, err := PackRR(rr, buf, len(mbuf), nil, false)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
buf = buf[:off:cap(buf)]
|
2015-03-27 09:34:52 +11:00
|
|
|
|
|
|
|
hash, ok := AlgorithmToHash[rr.Algorithm]
|
|
|
|
if !ok {
|
2014-11-01 22:32:46 +11:00
|
|
|
return nil, ErrAlg
|
|
|
|
}
|
2015-03-27 09:34:52 +11:00
|
|
|
|
2014-11-01 22:32:46 +11:00
|
|
|
hasher := hash.New()
|
|
|
|
// Write SIG rdata
|
|
|
|
hasher.Write(buf[len(mbuf)+1+2+2+4+2:])
|
|
|
|
// Write message
|
|
|
|
hasher.Write(buf[:len(mbuf)])
|
|
|
|
|
2015-03-27 09:34:52 +11:00
|
|
|
signature, err := sign(k, hasher.Sum(nil), hash, rr.Algorithm)
|
2015-01-24 08:04:29 +11:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2014-11-01 22:32:46 +11:00
|
|
|
}
|
2015-03-27 09:34:52 +11:00
|
|
|
|
|
|
|
rr.Signature = toBase64(signature)
|
|
|
|
|
2017-02-02 18:33:49 +11:00
|
|
|
buf = append(buf, signature...)
|
2014-11-01 22:32:46 +11:00
|
|
|
if len(buf) > int(^uint16(0)) {
|
|
|
|
return nil, ErrBuf
|
|
|
|
}
|
|
|
|
// Adjust sig data length
|
|
|
|
rdoff := len(mbuf) + 1 + 2 + 2 + 4
|
2016-06-09 01:38:42 +10:00
|
|
|
rdlen := binary.BigEndian.Uint16(buf[rdoff:])
|
2017-02-02 18:33:49 +11:00
|
|
|
rdlen += uint16(len(signature))
|
2016-06-09 01:38:42 +10:00
|
|
|
binary.BigEndian.PutUint16(buf[rdoff:], rdlen)
|
2014-11-01 22:32:46 +11:00
|
|
|
// Adjust additional count
|
2016-06-09 01:38:42 +10:00
|
|
|
adc := binary.BigEndian.Uint16(buf[10:])
|
2015-02-19 20:58:33 +11:00
|
|
|
adc++
|
2016-06-09 01:38:42 +10:00
|
|
|
binary.BigEndian.PutUint16(buf[10:], adc)
|
2014-11-01 22:32:46 +11:00
|
|
|
return buf, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify validates the message buf using the key k.
|
|
|
|
// It's assumed that buf is a valid message from which rr was unpacked.
|
|
|
|
func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
|
|
|
if k == nil {
|
|
|
|
return ErrKey
|
|
|
|
}
|
2021-02-26 03:01:55 +11:00
|
|
|
if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
|
2014-11-01 22:32:46 +11:00
|
|
|
return ErrKey
|
|
|
|
}
|
|
|
|
|
|
|
|
var hash crypto.Hash
|
|
|
|
switch rr.Algorithm {
|
2020-10-24 22:55:21 +11:00
|
|
|
case RSASHA1:
|
2014-11-01 22:32:46 +11:00
|
|
|
hash = crypto.SHA1
|
|
|
|
case RSASHA256, ECDSAP256SHA256:
|
|
|
|
hash = crypto.SHA256
|
|
|
|
case ECDSAP384SHA384:
|
|
|
|
hash = crypto.SHA384
|
|
|
|
case RSASHA512:
|
|
|
|
hash = crypto.SHA512
|
|
|
|
default:
|
|
|
|
return ErrAlg
|
|
|
|
}
|
|
|
|
hasher := hash.New()
|
|
|
|
|
|
|
|
buflen := len(buf)
|
2016-06-09 01:38:42 +10:00
|
|
|
qdc := binary.BigEndian.Uint16(buf[4:])
|
|
|
|
anc := binary.BigEndian.Uint16(buf[6:])
|
|
|
|
auc := binary.BigEndian.Uint16(buf[8:])
|
|
|
|
adc := binary.BigEndian.Uint16(buf[10:])
|
2019-01-04 21:19:01 +11:00
|
|
|
offset := headerSize
|
2014-11-01 22:32:46 +11:00
|
|
|
var err error
|
|
|
|
for i := uint16(0); i < qdc && offset < buflen; i++ {
|
|
|
|
_, offset, err = UnpackDomainName(buf, offset)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2014-11-03 10:20:08 +11:00
|
|
|
// Skip past Type and Class
|
2014-11-01 22:32:46 +11:00
|
|
|
offset += 2 + 2
|
|
|
|
}
|
|
|
|
for i := uint16(1); i < anc+auc+adc && offset < buflen; i++ {
|
|
|
|
_, offset, err = UnpackDomainName(buf, offset)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2014-11-03 10:20:08 +11:00
|
|
|
// Skip past Type, Class and TTL
|
2014-11-01 22:32:46 +11:00
|
|
|
offset += 2 + 2 + 4
|
2014-11-03 10:20:08 +11:00
|
|
|
if offset+1 >= buflen {
|
|
|
|
continue
|
|
|
|
}
|
Fix dominikh/go-tools nits (#758)
* Remove unused functions and consts
* Address gosimple nits
* Address staticcheck nits
This excludes several that were intentional or weren't actual errors.
* Reduce size of lex struct
This reduces the size of the lex struct by 8 bytes from:
lex.token string: 0-16 (size 16, align 8)
lex.tokenUpper string: 16-32 (size 16, align 8)
lex.length int: 32-40 (size 8, align 8)
lex.err bool: 40-41 (size 1, align 1)
lex.value uint8: 41-42 (size 1, align 1)
padding: 42-48 (size 6, align 0)
lex.line int: 48-56 (size 8, align 8)
lex.column int: 56-64 (size 8, align 8)
lex.torc uint16: 64-66 (size 2, align 2)
padding: 66-72 (size 6, align 0)
lex.comment string: 72-88 (size 16, align 8)
to:
lex.token string: 0-16 (size 16, align 8)
lex.tokenUpper string: 16-32 (size 16, align 8)
lex.length int: 32-40 (size 8, align 8)
lex.err bool: 40-41 (size 1, align 1)
lex.value uint8: 41-42 (size 1, align 1)
lex.torc uint16: 42-44 (size 2, align 2)
padding: 44-48 (size 4, align 0)
lex.line int: 48-56 (size 8, align 8)
lex.column int: 56-64 (size 8, align 8)
lex.comment string: 64-80 (size 16, align 8)
* Reduce size of response struct
This reduces the size of the response struct by 8 bytes from:
response.msg []byte: 0-24 (size 24, align 8)
response.hijacked bool: 24-25 (size 1, align 1)
padding: 25-32 (size 7, align 0)
response.tsigStatus error: 32-48 (size 16, align 8)
response.tsigTimersOnly bool: 48-49 (size 1, align 1)
padding: 49-56 (size 7, align 0)
response.tsigRequestMAC string: 56-72 (size 16, align 8)
response.tsigSecret map[string]string: 72-80 (size 8, align 8)
response.udp *net.UDPConn: 80-88 (size 8, align 8)
response.tcp net.Conn: 88-104 (size 16, align 8)
response.udpSession *github.com/tmthrgd/dns.SessionUDP: 104-112 (size 8, align 8)
response.writer github.com/tmthrgd/dns.Writer: 112-128 (size 16, align 8)
response.wg *sync.WaitGroup: 128-136 (size 8, align 8)
to:
response.msg []byte: 0-24 (size 24, align 8)
response.hijacked bool: 24-25 (size 1, align 1)
response.tsigTimersOnly bool: 25-26 (size 1, align 1)
padding: 26-32 (size 6, align 0)
response.tsigStatus error: 32-48 (size 16, align 8)
response.tsigRequestMAC string: 48-64 (size 16, align 8)
response.tsigSecret map[string]string: 64-72 (size 8, align 8)
response.udp *net.UDPConn: 72-80 (size 8, align 8)
response.tcp net.Conn: 80-96 (size 16, align 8)
response.udpSession *github.com/tmthrgd/dns.SessionUDP: 96-104 (size 8, align 8)
response.writer github.com/tmthrgd/dns.Writer: 104-120 (size 16, align 8)
response.wg *sync.WaitGroup: 120-128 (size 8, align 8)
2018-09-27 04:32:05 +10:00
|
|
|
rdlen := binary.BigEndian.Uint16(buf[offset:])
|
2016-06-09 01:38:42 +10:00
|
|
|
offset += 2
|
2014-11-01 22:32:46 +11:00
|
|
|
offset += int(rdlen)
|
|
|
|
}
|
2014-11-03 10:20:08 +11:00
|
|
|
if offset >= buflen {
|
|
|
|
return &Error{err: "overflowing unpacking signed message"}
|
|
|
|
}
|
|
|
|
|
2014-11-01 22:32:46 +11:00
|
|
|
// offset should be just prior to SIG
|
|
|
|
bodyend := offset
|
2014-11-03 10:20:08 +11:00
|
|
|
// owner name SHOULD be root
|
2014-11-01 22:32:46 +11:00
|
|
|
_, offset, err = UnpackDomainName(buf, offset)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// Skip Type, Class, TTL, RDLen
|
|
|
|
offset += 2 + 2 + 4 + 2
|
|
|
|
sigstart := offset
|
2014-11-03 10:20:08 +11:00
|
|
|
// Skip Type Covered, Algorithm, Labels, Original TTL
|
|
|
|
offset += 2 + 1 + 1 + 4
|
|
|
|
if offset+4+4 >= buflen {
|
|
|
|
return &Error{err: "overflow unpacking signed message"}
|
2014-11-01 22:32:46 +11:00
|
|
|
}
|
2016-06-09 01:38:42 +10:00
|
|
|
expire := binary.BigEndian.Uint32(buf[offset:])
|
2014-11-03 10:20:08 +11:00
|
|
|
offset += 4
|
2016-06-09 01:38:42 +10:00
|
|
|
incept := binary.BigEndian.Uint32(buf[offset:])
|
2014-11-03 10:20:08 +11:00
|
|
|
offset += 4
|
2014-11-01 22:32:46 +11:00
|
|
|
now := uint32(time.Now().Unix())
|
|
|
|
if now < incept || now > expire {
|
|
|
|
return ErrTime
|
|
|
|
}
|
2014-11-03 10:20:08 +11:00
|
|
|
// Skip key tag
|
|
|
|
offset += 2
|
2014-11-01 22:32:46 +11:00
|
|
|
var signername string
|
|
|
|
signername, offset, err = UnpackDomainName(buf, offset)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// If key has come from the DNS name compression might
|
|
|
|
// have mangled the case of the name
|
2018-11-27 22:06:27 +11:00
|
|
|
if !strings.EqualFold(signername, k.Header().Name) {
|
2014-11-03 10:20:08 +11:00
|
|
|
return &Error{err: "signer name doesn't match key name"}
|
2014-11-01 22:32:46 +11:00
|
|
|
}
|
|
|
|
sigend := offset
|
|
|
|
hasher.Write(buf[sigstart:sigend])
|
|
|
|
hasher.Write(buf[:10])
|
|
|
|
hasher.Write([]byte{
|
|
|
|
byte((adc - 1) << 8),
|
|
|
|
byte(adc - 1),
|
|
|
|
})
|
|
|
|
hasher.Write(buf[12:bodyend])
|
|
|
|
|
|
|
|
hashed := hasher.Sum(nil)
|
|
|
|
sig := buf[sigend:]
|
|
|
|
switch k.Algorithm {
|
|
|
|
case RSASHA1, RSASHA256, RSASHA512:
|
|
|
|
pk := k.publicKeyRSA()
|
|
|
|
if pk != nil {
|
|
|
|
return rsa.VerifyPKCS1v15(pk, hash, hashed, sig)
|
|
|
|
}
|
|
|
|
case ECDSAP256SHA256, ECDSAP384SHA384:
|
2015-01-24 08:04:29 +11:00
|
|
|
pk := k.publicKeyECDSA()
|
2019-03-13 18:36:34 +11:00
|
|
|
r := new(big.Int).SetBytes(sig[:len(sig)/2])
|
|
|
|
s := new(big.Int).SetBytes(sig[len(sig)/2:])
|
2014-11-01 22:32:46 +11:00
|
|
|
if pk != nil {
|
|
|
|
if ecdsa.Verify(pk, hashed, r, s) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return ErrSig
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return ErrKeyAlg
|
|
|
|
}
|