Implement SIG(0) signing and verification
This is based on @miekg's sig0 branch. That branch diverged from master and I didn't want to wander off on a rebase. As implemented there's no allowance for multi-envelope (TCP) support. TODO: * unpackUint32() could be moved out and used elsewhere * tests * multi-envelope support (if useful)
This commit is contained in:
Andrew Tunnell-Jones
parent
5bccac1c47
commit
91b8c69a22
2
msg.go
2
msg.go
|
|
@ -110,6 +110,7 @@ var TypeToString = map[uint16]string{
|
|||
TypeIPSECKEY: "IPSECKEY",
|
||||
TypeISDN: "ISDN",
|
||||
TypeIXFR: "IXFR", // Meta RR
|
||||
TypeKEY: "KEY",
|
||||
TypeKX: "KX",
|
||||
TypeL32: "L32",
|
||||
TypeL64: "L64",
|
||||
|
|
@ -140,6 +141,7 @@ var TypeToString = map[uint16]string{
|
|||
TypeRP: "RP",
|
||||
TypeRRSIG: "RRSIG",
|
||||
TypeRT: "RT",
|
||||
TypeSIG: "SIG",
|
||||
TypeSOA: "SOA",
|
||||
TypeSPF: "SPF",
|
||||
TypeSRV: "SRV",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,264 @@
|
|||
// Copyright 2011 Miek Gieben. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// SIG(0)
|
||||
//
|
||||
// From RFC 2931:
|
||||
//
|
||||
// SIG(0) provides protection for DNS transactions and requests ....
|
||||
// ... protection for glue records, DNS requests, protection for message headers
|
||||
// on requests and responses, and protection of the overall integrity of a response.
|
||||
//
|
||||
//
|
||||
package dns
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/dsa"
|
||||
"crypto/ecdsa"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"fmt"
|
||||
"math/big"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
// Sign signs a dns.Msg it fills the signature data with the appropriate data.
|
||||
// The SIG records should have the SignerName, KeyTag, Algorithm, Inception
|
||||
// and Expiration set.
|
||||
func (rr *SIG) Sign(k PrivateKey, m *Msg) ([]byte, error) {
|
||||
if k == nil {
|
||||
return nil, ErrPrivKey
|
||||
}
|
||||
if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
|
||||
return nil, ErrKey
|
||||
}
|
||||
rr.Header().Rrtype = TypeSIG
|
||||
rr.Header().Class = ClassANY
|
||||
rr.Header().Ttl = 0
|
||||
rr.Header().Name = "."
|
||||
rr.OrigTtl = 0
|
||||
rr.TypeCovered = 0
|
||||
rr.Labels = 0
|
||||
|
||||
buflen := m.Len() + rr.len()
|
||||
switch k := k.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
buflen += len(k.N.Bytes())
|
||||
case *dsa.PrivateKey:
|
||||
buflen += 40
|
||||
case *ecdsa.PrivateKey:
|
||||
buflen += 96
|
||||
default:
|
||||
return nil, ErrPrivKey
|
||||
}
|
||||
buf := make([]byte, m.Len()+rr.len()+buflen)
|
||||
mbuf, err := m.PackBuffer(buf)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if &buf[0] != &mbuf[0] {
|
||||
return nil, ErrBuf
|
||||
}
|
||||
off, err := PackRR(rr, buf, len(mbuf), nil, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
buf = buf[:off:cap(buf)]
|
||||
var hash crypto.Hash
|
||||
switch rr.Algorithm {
|
||||
case DSA, RSASHA1:
|
||||
hash = crypto.SHA1
|
||||
case RSASHA256, ECDSAP256SHA256:
|
||||
hash = crypto.SHA256
|
||||
case ECDSAP384SHA384:
|
||||
hash = crypto.SHA384
|
||||
case RSASHA512:
|
||||
hash = crypto.SHA512
|
||||
default:
|
||||
return nil, ErrAlg
|
||||
}
|
||||
hasher := hash.New()
|
||||
// Write SIG rdata
|
||||
hasher.Write(buf[len(mbuf)+1+2+2+4+2:])
|
||||
// Write message
|
||||
hasher.Write(buf[:len(mbuf)])
|
||||
hashed := hasher.Sum(nil)
|
||||
|
||||
var sig []byte
|
||||
switch p := k.(type) {
|
||||
case *dsa.PrivateKey:
|
||||
t := byte((len(p.PublicKey.Y.Bytes()) - 64) / 8)
|
||||
r1, s1, err := dsa.Sign(rand.Reader, p, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sig = make([]byte, 0, 1+len(r1.Bytes())+len(s1.Bytes()))
|
||||
sig = append(sig, t)
|
||||
sig = append(sig, r1.Bytes()...)
|
||||
sig = append(sig, s1.Bytes()...)
|
||||
case *rsa.PrivateKey:
|
||||
sig, err = rsa.SignPKCS1v15(rand.Reader, p, hash, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case *ecdsa.PrivateKey:
|
||||
r1, s1, err := ecdsa.Sign(rand.Reader, p, hashed)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sig = r1.Bytes()
|
||||
sig = append(sig, s1.Bytes()...)
|
||||
default:
|
||||
return nil, ErrAlg
|
||||
}
|
||||
rr.Signature = unpackBase64(sig)
|
||||
buf = append(buf, sig...)
|
||||
if len(buf) > int(^uint16(0)) {
|
||||
return nil, ErrBuf
|
||||
}
|
||||
// Adjust sig data length
|
||||
rdoff := len(mbuf) + 1 + 2 + 2 + 4
|
||||
rdlen, _ := unpackUint16(buf, rdoff)
|
||||
rdlen += uint16(len(sig))
|
||||
buf[rdoff], buf[rdoff+1] = packUint16(rdlen)
|
||||
// Adjust additional count
|
||||
adc, _ := unpackUint16(buf, 10)
|
||||
adc += 1
|
||||
buf[10], buf[11] = packUint16(adc)
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
// Verify validates the message buf using the key k.
|
||||
// It's assumed that buf is a valid message from which rr was unpacked.
|
||||
func (rr *SIG) Verify(k *KEY, buf []byte) error {
|
||||
if k == nil {
|
||||
return ErrKey
|
||||
}
|
||||
if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
|
||||
return ErrKey
|
||||
}
|
||||
|
||||
var hash crypto.Hash
|
||||
switch rr.Algorithm {
|
||||
case DSA, RSASHA1:
|
||||
hash = crypto.SHA1
|
||||
case RSASHA256, ECDSAP256SHA256:
|
||||
hash = crypto.SHA256
|
||||
case ECDSAP384SHA384:
|
||||
hash = crypto.SHA384
|
||||
case RSASHA512:
|
||||
hash = crypto.SHA512
|
||||
default:
|
||||
return ErrAlg
|
||||
}
|
||||
hasher := hash.New()
|
||||
|
||||
buflen := len(buf)
|
||||
qdc, _ := unpackUint16(buf, 4)
|
||||
anc, _ := unpackUint16(buf, 6)
|
||||
auc, _ := unpackUint16(buf, 8)
|
||||
adc, offset := unpackUint16(buf, 10)
|
||||
var err error
|
||||
for i := uint16(0); i < qdc && offset < buflen; i++ {
|
||||
// decode a name
|
||||
_, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// skip past Type and Class
|
||||
offset += 2 + 2
|
||||
}
|
||||
for i := uint16(1); i < anc+auc+adc && offset < buflen; i++ {
|
||||
// decode a name
|
||||
_, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// skip past Type, Class and TTL
|
||||
offset += 2 + 2 + 4
|
||||
var rdlen uint16
|
||||
rdlen, offset = unpackUint16(buf, offset)
|
||||
offset += int(rdlen)
|
||||
}
|
||||
// offset should be just prior to SIG
|
||||
bodyend := offset
|
||||
// Owner name SHOULD be root
|
||||
_, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Skip Type, Class, TTL, RDLen
|
||||
offset += 2 + 2 + 4 + 2
|
||||
sigstart := offset
|
||||
offset += 2 + 1 + 1 + 4 // skip Type Covered, Algorithm, Labels, Original TTL
|
||||
// TODO: This should be moved out and used elsewhere
|
||||
unpackUint32 := func(buf []byte, off int) (uint32, int) {
|
||||
r := uint32(buf[off])<<24 | uint32(buf[off+1])<<16 | uint32(buf[off+2])<<8 | uint32(buf[off+3])
|
||||
return r, off + 4
|
||||
}
|
||||
var expire, incept uint32
|
||||
expire, offset = unpackUint32(buf, offset)
|
||||
incept, offset = unpackUint32(buf, offset)
|
||||
now := uint32(time.Now().Unix())
|
||||
if now < incept || now > expire {
|
||||
return ErrTime
|
||||
}
|
||||
offset += 2 // skip key tag
|
||||
var signername string
|
||||
signername, offset, err = UnpackDomainName(buf, offset)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// If key has come from the DNS name compression might
|
||||
// have mangled the case of the name
|
||||
if strings.ToLower(signername) != strings.ToLower(k.Header().Name) {
|
||||
return fmt.Errorf("Signer name doesn't match key name")
|
||||
}
|
||||
sigend := offset
|
||||
hasher.Write(buf[sigstart:sigend])
|
||||
hasher.Write(buf[:10])
|
||||
hasher.Write([]byte{
|
||||
byte((adc - 1) << 8),
|
||||
byte(adc - 1),
|
||||
})
|
||||
hasher.Write(buf[12:bodyend])
|
||||
|
||||
hashed := hasher.Sum(nil)
|
||||
sig := buf[sigend:]
|
||||
switch k.Algorithm {
|
||||
case DSA:
|
||||
pk := k.publicKeyDSA()
|
||||
sig = sig[1:]
|
||||
r := big.NewInt(0)
|
||||
r.SetBytes(sig[:len(sig)/2])
|
||||
s := big.NewInt(0)
|
||||
s.SetBytes(sig[len(sig)/2:])
|
||||
if pk != nil {
|
||||
if dsa.Verify(pk, hashed, r, s) {
|
||||
return nil
|
||||
}
|
||||
return ErrSig
|
||||
}
|
||||
case RSASHA1, RSASHA256, RSASHA512:
|
||||
pk := k.publicKeyRSA()
|
||||
if pk != nil {
|
||||
return rsa.VerifyPKCS1v15(pk, hash, hashed, sig)
|
||||
}
|
||||
case ECDSAP256SHA256, ECDSAP384SHA384:
|
||||
pk := k.publicKeyCurve()
|
||||
r := big.NewInt(0)
|
||||
r.SetBytes(sig[:len(sig)/2])
|
||||
s := big.NewInt(0)
|
||||
s.SetBytes(sig[len(sig)/2:])
|
||||
if pk != nil {
|
||||
if ecdsa.Verify(pk, hashed, r, s) {
|
||||
return nil
|
||||
}
|
||||
return ErrSig
|
||||
}
|
||||
}
|
||||
return ErrKeyAlg
|
||||
}
|
||||
11
types.go
11
types.go
|
|
@ -818,6 +818,11 @@ func (rr *LOC) String() string {
|
|||
return s
|
||||
}
|
||||
|
||||
// SIG is identical to RRSIG and nowadays only used for SIG(0), RFC2931.
|
||||
type SIG struct {
|
||||
RRSIG
|
||||
}
|
||||
|
||||
type RRSIG struct {
|
||||
Hdr RR_Header
|
||||
TypeCovered uint16
|
||||
|
|
@ -1049,6 +1054,10 @@ func (rr *IPSECKEY) len() int {
|
|||
base64.StdEncoding.DecodedLen(len(rr.PublicKey))
|
||||
}
|
||||
|
||||
type KEY struct {
|
||||
DNSKEY
|
||||
}
|
||||
|
||||
type DNSKEY struct {
|
||||
Hdr RR_Header
|
||||
Flags uint16
|
||||
|
|
@ -1652,6 +1661,7 @@ var typeToRR = map[uint16]func() RR{
|
|||
TypeDHCID: func() RR { return new(DHCID) },
|
||||
TypeDLV: func() RR { return new(DLV) },
|
||||
TypeDNAME: func() RR { return new(DNAME) },
|
||||
TypeKEY: func() RR { return new(KEY) },
|
||||
TypeDNSKEY: func() RR { return new(DNSKEY) },
|
||||
TypeDS: func() RR { return new(DS) },
|
||||
TypeEUI48: func() RR { return new(EUI48) },
|
||||
|
|
@ -1689,6 +1699,7 @@ var typeToRR = map[uint16]func() RR{
|
|||
TypeRKEY: func() RR { return new(RKEY) },
|
||||
TypeRP: func() RR { return new(RP) },
|
||||
TypePX: func() RR { return new(PX) },
|
||||
TypeSIG: func() RR { return new(SIG) },
|
||||
TypeRRSIG: func() RR { return new(RRSIG) },
|
||||
TypeRT: func() RR { return new(RT) },
|
||||
TypeSOA: func() RR { return new(SOA) },
|
||||
|
|
|
|||
18
zscan_rr.go
18
zscan_rr.go
|
|
@ -1065,6 +1065,14 @@ func setOPENPGPKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, strin
|
|||
return rr, nil, c1
|
||||
}
|
||||
|
||||
func setSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setRRSIG(h, c, o, f)
|
||||
if r != nil {
|
||||
return &SIG{*r.(*RRSIG)} , e, s
|
||||
}
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
func setRRSIG(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(RRSIG)
|
||||
rr.Hdr = h
|
||||
|
|
@ -1452,6 +1460,14 @@ func setSSHFP(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
|||
return rr, nil, ""
|
||||
}
|
||||
|
||||
func setKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
r, e, s := setDNSKEY(h, c, o, f)
|
||||
if r != nil {
|
||||
return &KEY{*r.(*DNSKEY)} , e, s
|
||||
}
|
||||
return nil, e, s
|
||||
}
|
||||
|
||||
func setDNSKEY(h RR_Header, c chan lex, o, f string) (RR, *ParseError, string) {
|
||||
rr := new(DNSKEY)
|
||||
rr.Hdr = h
|
||||
|
|
@ -2159,6 +2175,7 @@ var typeToparserFunc = map[uint16]parserFunc{
|
|||
TypeDHCID: parserFunc{setDHCID, true},
|
||||
TypeDLV: parserFunc{setDLV, true},
|
||||
TypeDNAME: parserFunc{setDNAME, false},
|
||||
TypeKEY: parserFunc{setKEY, true},
|
||||
TypeDNSKEY: parserFunc{setDNSKEY, true},
|
||||
TypeDS: parserFunc{setDS, true},
|
||||
TypeEID: parserFunc{setEID, true},
|
||||
|
|
@ -2194,6 +2211,7 @@ var typeToparserFunc = map[uint16]parserFunc{
|
|||
TypeOPENPGPKEY: parserFunc{setOPENPGPKEY, true},
|
||||
TypePTR: parserFunc{setPTR, false},
|
||||
TypePX: parserFunc{setPX, false},
|
||||
TypeSIG: parserFunc{setSIG, true},
|
||||
TypeRKEY: parserFunc{setRKEY, true},
|
||||
TypeRP: parserFunc{setRP, false},
|
||||
TypeRRSIG: parserFunc{setRRSIG, true},
|
||||
|
|
|
|||
Loading…
Reference in New Issue