mirror of https://github.com/k3s-io/k3s
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
414 lines
10 KiB
414 lines
10 KiB
package dns
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha1"
|
|
"crypto/sha256"
|
|
"crypto/sha512"
|
|
"encoding/binary"
|
|
"encoding/hex"
|
|
"hash"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// HMAC hashing codes. These are transmitted as domain names.
|
|
const (
|
|
HmacSHA1 = "hmac-sha1."
|
|
HmacSHA224 = "hmac-sha224."
|
|
HmacSHA256 = "hmac-sha256."
|
|
HmacSHA384 = "hmac-sha384."
|
|
HmacSHA512 = "hmac-sha512."
|
|
|
|
HmacMD5 = "hmac-md5.sig-alg.reg.int." // Deprecated: HmacMD5 is no longer supported.
|
|
)
|
|
|
|
// TSIG is the RR the holds the transaction signature of a message.
|
|
// See RFC 2845 and RFC 4635.
|
|
type TSIG struct {
|
|
Hdr RR_Header
|
|
Algorithm string `dns:"domain-name"`
|
|
TimeSigned uint64 `dns:"uint48"`
|
|
Fudge uint16
|
|
MACSize uint16
|
|
MAC string `dns:"size-hex:MACSize"`
|
|
OrigId uint16
|
|
Error uint16
|
|
OtherLen uint16
|
|
OtherData string `dns:"size-hex:OtherLen"`
|
|
}
|
|
|
|
// TSIG has no official presentation format, but this will suffice.
|
|
|
|
func (rr *TSIG) String() string {
|
|
s := "\n;; TSIG PSEUDOSECTION:\n; " // add another semi-colon to signify TSIG does not have a presentation format
|
|
s += rr.Hdr.String() +
|
|
" " + rr.Algorithm +
|
|
" " + tsigTimeToString(rr.TimeSigned) +
|
|
" " + strconv.Itoa(int(rr.Fudge)) +
|
|
" " + strconv.Itoa(int(rr.MACSize)) +
|
|
" " + strings.ToUpper(rr.MAC) +
|
|
" " + strconv.Itoa(int(rr.OrigId)) +
|
|
" " + strconv.Itoa(int(rr.Error)) + // BIND prints NOERROR
|
|
" " + strconv.Itoa(int(rr.OtherLen)) +
|
|
" " + rr.OtherData
|
|
return s
|
|
}
|
|
|
|
func (rr *TSIG) parse(c *zlexer, origin string) *ParseError {
|
|
panic("dns: internal error: parse should never be called on TSIG")
|
|
}
|
|
|
|
// The following values must be put in wireformat, so that the MAC can be calculated.
|
|
// RFC 2845, section 3.4.2. TSIG Variables.
|
|
type tsigWireFmt struct {
|
|
// From RR_Header
|
|
Name string `dns:"domain-name"`
|
|
Class uint16
|
|
Ttl uint32
|
|
// Rdata of the TSIG
|
|
Algorithm string `dns:"domain-name"`
|
|
TimeSigned uint64 `dns:"uint48"`
|
|
Fudge uint16
|
|
// MACSize, MAC and OrigId excluded
|
|
Error uint16
|
|
OtherLen uint16
|
|
OtherData string `dns:"size-hex:OtherLen"`
|
|
}
|
|
|
|
// If we have the MAC use this type to convert it to wiredata. Section 3.4.3. Request MAC
|
|
type macWireFmt struct {
|
|
MACSize uint16
|
|
MAC string `dns:"size-hex:MACSize"`
|
|
}
|
|
|
|
// 3.3. Time values used in TSIG calculations
|
|
type timerWireFmt struct {
|
|
TimeSigned uint64 `dns:"uint48"`
|
|
Fudge uint16
|
|
}
|
|
|
|
// TsigGenerate fills out the TSIG record attached to the message.
|
|
// The message should contain
|
|
// a "stub" TSIG RR with the algorithm, key name (owner name of the RR),
|
|
// time fudge (defaults to 300 seconds) and the current time
|
|
// The TSIG MAC is saved in that Tsig RR.
|
|
// When TsigGenerate is called for the first time requestMAC is set to the empty string and
|
|
// timersOnly is false.
|
|
// If something goes wrong an error is returned, otherwise it is nil.
|
|
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
|
if m.IsTsig() == nil {
|
|
panic("dns: TSIG not last RR in additional")
|
|
}
|
|
// If we barf here, the caller is to blame
|
|
rawsecret, err := fromBase64([]byte(secret))
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
|
|
rr := m.Extra[len(m.Extra)-1].(*TSIG)
|
|
m.Extra = m.Extra[0 : len(m.Extra)-1] // kill the TSIG from the msg
|
|
mbuf, err := m.Pack()
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
buf, err := tsigBuffer(mbuf, rr, requestMAC, timersOnly)
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
|
|
t := new(TSIG)
|
|
var h hash.Hash
|
|
switch CanonicalName(rr.Algorithm) {
|
|
case HmacSHA1:
|
|
h = hmac.New(sha1.New, rawsecret)
|
|
case HmacSHA224:
|
|
h = hmac.New(sha256.New224, rawsecret)
|
|
case HmacSHA256:
|
|
h = hmac.New(sha256.New, rawsecret)
|
|
case HmacSHA384:
|
|
h = hmac.New(sha512.New384, rawsecret)
|
|
case HmacSHA512:
|
|
h = hmac.New(sha512.New, rawsecret)
|
|
default:
|
|
return nil, "", ErrKeyAlg
|
|
}
|
|
h.Write(buf)
|
|
// Copy all TSIG fields except MAC and its size, which are filled using the computed digest.
|
|
*t = *rr
|
|
t.MAC = hex.EncodeToString(h.Sum(nil))
|
|
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
|
|
|
tbuf := make([]byte, Len(t))
|
|
off, err := PackRR(t, tbuf, 0, nil, false)
|
|
if err != nil {
|
|
return nil, "", err
|
|
}
|
|
mbuf = append(mbuf, tbuf[:off]...)
|
|
// Update the ArCount directly in the buffer.
|
|
binary.BigEndian.PutUint16(mbuf[10:], uint16(len(m.Extra)+1))
|
|
|
|
return mbuf, t.MAC, nil
|
|
}
|
|
|
|
// TsigVerify verifies the TSIG on a message.
|
|
// If the signature does not validate err contains the
|
|
// error, otherwise it is nil.
|
|
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
|
return tsigVerify(msg, secret, requestMAC, timersOnly, uint64(time.Now().Unix()))
|
|
}
|
|
|
|
// actual implementation of TsigVerify, taking the current time ('now') as a parameter for the convenience of tests.
|
|
func tsigVerify(msg []byte, secret, requestMAC string, timersOnly bool, now uint64) error {
|
|
rawsecret, err := fromBase64([]byte(secret))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// Strip the TSIG from the incoming msg
|
|
stripped, tsig, err := stripTsig(msg)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
msgMAC, err := hex.DecodeString(tsig.MAC)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
buf, err := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
var h hash.Hash
|
|
switch CanonicalName(tsig.Algorithm) {
|
|
case HmacSHA1:
|
|
h = hmac.New(sha1.New, rawsecret)
|
|
case HmacSHA224:
|
|
h = hmac.New(sha256.New224, rawsecret)
|
|
case HmacSHA256:
|
|
h = hmac.New(sha256.New, rawsecret)
|
|
case HmacSHA384:
|
|
h = hmac.New(sha512.New384, rawsecret)
|
|
case HmacSHA512:
|
|
h = hmac.New(sha512.New, rawsecret)
|
|
default:
|
|
return ErrKeyAlg
|
|
}
|
|
h.Write(buf)
|
|
if !hmac.Equal(h.Sum(nil), msgMAC) {
|
|
return ErrSig
|
|
}
|
|
|
|
// Fudge factor works both ways. A message can arrive before it was signed because
|
|
// of clock skew.
|
|
// We check this after verifying the signature, following draft-ietf-dnsop-rfc2845bis
|
|
// instead of RFC2845, in order to prevent a security vulnerability as reported in CVE-2017-3142/3143.
|
|
ti := now - tsig.TimeSigned
|
|
if now < tsig.TimeSigned {
|
|
ti = tsig.TimeSigned - now
|
|
}
|
|
if uint64(tsig.Fudge) < ti {
|
|
return ErrTime
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Create a wiredata buffer for the MAC calculation.
|
|
func tsigBuffer(msgbuf []byte, rr *TSIG, requestMAC string, timersOnly bool) ([]byte, error) {
|
|
var buf []byte
|
|
if rr.TimeSigned == 0 {
|
|
rr.TimeSigned = uint64(time.Now().Unix())
|
|
}
|
|
if rr.Fudge == 0 {
|
|
rr.Fudge = 300 // Standard (RFC) default.
|
|
}
|
|
|
|
// Replace message ID in header with original ID from TSIG
|
|
binary.BigEndian.PutUint16(msgbuf[0:2], rr.OrigId)
|
|
|
|
if requestMAC != "" {
|
|
m := new(macWireFmt)
|
|
m.MACSize = uint16(len(requestMAC) / 2)
|
|
m.MAC = requestMAC
|
|
buf = make([]byte, len(requestMAC)) // long enough
|
|
n, err := packMacWire(m, buf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
buf = buf[:n]
|
|
}
|
|
|
|
tsigvar := make([]byte, DefaultMsgSize)
|
|
if timersOnly {
|
|
tsig := new(timerWireFmt)
|
|
tsig.TimeSigned = rr.TimeSigned
|
|
tsig.Fudge = rr.Fudge
|
|
n, err := packTimerWire(tsig, tsigvar)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
tsigvar = tsigvar[:n]
|
|
} else {
|
|
tsig := new(tsigWireFmt)
|
|
tsig.Name = CanonicalName(rr.Hdr.Name)
|
|
tsig.Class = ClassANY
|
|
tsig.Ttl = rr.Hdr.Ttl
|
|
tsig.Algorithm = CanonicalName(rr.Algorithm)
|
|
tsig.TimeSigned = rr.TimeSigned
|
|
tsig.Fudge = rr.Fudge
|
|
tsig.Error = rr.Error
|
|
tsig.OtherLen = rr.OtherLen
|
|
tsig.OtherData = rr.OtherData
|
|
n, err := packTsigWire(tsig, tsigvar)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
tsigvar = tsigvar[:n]
|
|
}
|
|
|
|
if requestMAC != "" {
|
|
x := append(buf, msgbuf...)
|
|
buf = append(x, tsigvar...)
|
|
} else {
|
|
buf = append(msgbuf, tsigvar...)
|
|
}
|
|
return buf, nil
|
|
}
|
|
|
|
// Strip the TSIG from the raw message.
|
|
func stripTsig(msg []byte) ([]byte, *TSIG, error) {
|
|
// Copied from msg.go's Unpack() Header, but modified.
|
|
var (
|
|
dh Header
|
|
err error
|
|
)
|
|
off, tsigoff := 0, 0
|
|
|
|
if dh, off, err = unpackMsgHdr(msg, off); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if dh.Arcount == 0 {
|
|
return nil, nil, ErrNoSig
|
|
}
|
|
|
|
// Rcode, see msg.go Unpack()
|
|
if int(dh.Bits&0xF) == RcodeNotAuth {
|
|
return nil, nil, ErrAuth
|
|
}
|
|
|
|
for i := 0; i < int(dh.Qdcount); i++ {
|
|
_, off, err = unpackQuestion(msg, off)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
}
|
|
|
|
_, off, err = unpackRRslice(int(dh.Ancount), msg, off)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
_, off, err = unpackRRslice(int(dh.Nscount), msg, off)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
rr := new(TSIG)
|
|
var extra RR
|
|
for i := 0; i < int(dh.Arcount); i++ {
|
|
tsigoff = off
|
|
extra, off, err = UnpackRR(msg, off)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if extra.Header().Rrtype == TypeTSIG {
|
|
rr = extra.(*TSIG)
|
|
// Adjust Arcount.
|
|
arcount := binary.BigEndian.Uint16(msg[10:])
|
|
binary.BigEndian.PutUint16(msg[10:], arcount-1)
|
|
break
|
|
}
|
|
}
|
|
if rr == nil {
|
|
return nil, nil, ErrNoSig
|
|
}
|
|
return msg[:tsigoff], rr, nil
|
|
}
|
|
|
|
// Translate the TSIG time signed into a date. There is no
|
|
// need for RFC1982 calculations as this date is 48 bits.
|
|
func tsigTimeToString(t uint64) string {
|
|
ti := time.Unix(int64(t), 0).UTC()
|
|
return ti.Format("20060102150405")
|
|
}
|
|
|
|
func packTsigWire(tw *tsigWireFmt, msg []byte) (int, error) {
|
|
// copied from zmsg.go TSIG packing
|
|
// RR_Header
|
|
off, err := PackDomainName(tw.Name, msg, 0, nil, false)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packUint16(tw.Class, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packUint32(tw.Ttl, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
|
|
off, err = PackDomainName(tw.Algorithm, msg, off, nil, false)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packUint48(tw.TimeSigned, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packUint16(tw.Fudge, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
|
|
off, err = packUint16(tw.Error, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packUint16(tw.OtherLen, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packStringHex(tw.OtherData, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
return off, nil
|
|
}
|
|
|
|
func packMacWire(mw *macWireFmt, msg []byte) (int, error) {
|
|
off, err := packUint16(mw.MACSize, msg, 0)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packStringHex(mw.MAC, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
return off, nil
|
|
}
|
|
|
|
func packTimerWire(tw *timerWireFmt, msg []byte) (int, error) {
|
|
off, err := packUint48(tw.TimeSigned, msg, 0)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
off, err = packUint16(tw.Fudge, msg, off)
|
|
if err != nil {
|
|
return off, err
|
|
}
|
|
return off, nil
|
|
}
|