Archives
/
ncdns
mirror of https://github.com/namecoin/ncdns
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

TLS: Add compressed pubkey support

Browse Source
pull/134/head
Jeremy Rand 3 years ago
parent 1fced9acba
commit 88affcd3fe
No known key found for this signature in database
GPG Key ID: FD7550C2EB800711
3 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File

6
.cirrus.yml
Unescape Escape View File

@ -13,6 +13,8 @@ task:
- source testdata/move_to_gopath.bash - source testdata/move_to_gopath.bash
fetch_script: fetch_script:
- go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/... - go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
- go generate github.com/namecoin/x509-compressed/...
- go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
lint_script: lint_script:
- cd $(go env GOPATH)/src/github.com/$CIRRUS_REPO_FULL_NAME/ - cd $(go env GOPATH)/src/github.com/$CIRRUS_REPO_FULL_NAME/
- golangci-lint run --no-config --enable-all --disable gochecknoglobals,gomnd $GOLANGCI_ARGS -v --timeout 5m --out-format json > $CIRRUS_WORKING_DIR/lint-report.json - golangci-lint run --no-config --enable-all --disable gochecknoglobals,gomnd $GOLANGCI_ARGS -v --timeout 5m --out-format json > $CIRRUS_WORKING_DIR/lint-report.json
@ -59,6 +61,8 @@ task:
- source testdata/move_to_gopath.bash - source testdata/move_to_gopath.bash
fetch_script: fetch_script:
- go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/... - go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
- go generate github.com/namecoin/x509-compressed/...
- go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
test_script: go test -tags "$GOX_TAGS" -v github.com/$CIRRUS_REPO_FULL_NAME/... test_script: go test -tags "$GOX_TAGS" -v github.com/$CIRRUS_REPO_FULL_NAME/...
env: env:
GOX_TAGS: "" GOX_TAGS: ""
@ -85,6 +89,8 @@ task:
fetch_script: fetch_script:
- go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/... - go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
- GOOS=windows GOARCH=amd64 go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/... - GOOS=windows GOARCH=amd64 go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
- go generate github.com/namecoin/x509-compressed/...
- go get -tags "$GOX_TAGS" -d -v -t github.com/$CIRRUS_REPO_FULL_NAME/...
build_script: build_script:
- rm -rf idist - rm -rf idist
- CGO_ENABLED=1 gox -tags="$GOX_TAGS" -parallel=8 -osarch 'linux/386 linux/amd64 linux/arm linux/arm64 linux/ppc64le' -output "$GOPATH/releasing/idist/$CIRRUS_REPO_NAME-$CIRRUS_TAG-{{.OS}}_{{.Arch}}/bin/{{.Dir}}" github.com/$CIRRUS_REPO_FULL_NAME/... - CGO_ENABLED=1 gox -tags="$GOX_TAGS" -parallel=8 -osarch 'linux/386 linux/amd64 linux/arm linux/arm64 linux/ppc64le' -output "$GOPATH/releasing/idist/$CIRRUS_REPO_NAME-$CIRRUS_TAG-{{.OS}}_{{.Arch}}/bin/{{.Dir}}" github.com/$CIRRUS_REPO_FULL_NAME/...

10
README.md
Unescape Escape View File

@ -96,9 +96,13 @@ Option A: Using Go build commands (works on any platform):
familar with Go, setting it to the path to an empty directory will suffice. familar with Go, setting it to the path to an empty directory will suffice.
The directory will be filled with build files.) The directory will be filled with build files.)
2. Run `go get -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be 2. Run `go get -d -t -u github.com/namecoin/ncdns/...`. The ncdns source code will be
retrieved automatically, and ncdns will be built. The binaries will be at retrieved automatically.
$GOPATH/bin/ncdns..
3. Run `go generate github.com/namecoin/x509_compressed/...`. The compressed public key patch will be applied.
4. Run `go get -t -u github.com/namecoin/ncdns/...`. ncdns will be built. The binaries will be at
$GOPATH/bin/ncdns.
Option B: Using Makefile (non-Windows platforms): Option B: Using Makefile (non-Windows platforms):

45
ncdomain/convert_tls.go
Unescape Escape View File

@ -13,6 +13,7 @@ import (
"github.com/namecoin/ncdns/certdehydrate" "github.com/namecoin/ncdns/certdehydrate"
"github.com/namecoin/ncdns/util" "github.com/namecoin/ncdns/util"
x509_compressed "github.com/namecoin/x509-compressed/x509"
) )
type Value struct { type Value struct {
@ -77,34 +78,34 @@ func parseTLSADehydrated(tlsa1dehydrated interface{}, v *Value) error {
func parseTLSADANE(tlsa1dane interface{}, v *Value) error { func parseTLSADANE(tlsa1dane interface{}, v *Value) error {
if tlsa, ok := tlsa1dane.([]interface{}); ok { if tlsa, ok := tlsa1dane.([]interface{}); ok {
// Format: ["443", "tcp", 1, 2, 3, "base64 certificate data"] // Format: [1, 2, 3, "base64 certificate data"]
if len(tlsa) < 4 { if len(tlsa) < 4 {
return fmt.Errorf("TLSA item must have six items") return fmt.Errorf("TLSA item must have four items")
} }
a1, ok := tlsa[0].(float64) a1, ok := tlsa[0].(float64)
if !ok { if !ok {
return fmt.Errorf("Third item in TLSA value must be an integer (usage)") return fmt.Errorf("First item in TLSA value must be an integer (usage)")
} }
a2, ok := tlsa[1].(float64) a2, ok := tlsa[1].(float64)
if !ok { if !ok {
return fmt.Errorf("Fourth item in TLSA value must be an integer (selector)") return fmt.Errorf("Second item in TLSA value must be an integer (selector)")
} }
a3, ok := tlsa[2].(float64) a3, ok := tlsa[2].(float64)
if !ok { if !ok {
return fmt.Errorf("Fifth item in TLSA value must be an integer (match type)") return fmt.Errorf("Third item in TLSA value must be an integer (match type)")
} }
a4, ok := tlsa[3].(string) a4, ok := tlsa[3].(string)
if !ok { if !ok {
return fmt.Errorf("Sixth item in TLSA value must be a string (certificate)") return fmt.Errorf("Fourth item in TLSA value must be a string (certificate)")
} }
a4b, err := base64.StdEncoding.DecodeString(a4) a4b, err := base64.StdEncoding.DecodeString(a4)
if err != nil { if err != nil {
return fmt.Errorf("Fourth item in DS value must be valid base64: %v", err) return fmt.Errorf("Fourth item in TLSA value must be valid base64: %v", err)
} }
a4h := hex.EncodeToString(a4b) a4h := hex.EncodeToString(a4b)
@ -118,6 +119,36 @@ func parseTLSADANE(tlsa1dane interface{}, v *Value) error {
Certificate: strings.ToUpper(a4h), Certificate: strings.ToUpper(a4h),
}) })
// Handle compressed public keys specially
// Check if this TLSA is a public key preimage
if uint8(a2) == 1 && uint8(a3) == 0 {
pubDecompressed, err := x509_compressed.ParsePKIXPublicKey(a4b)
if err != nil {
return nil
}
pubDecompressedBytes, err := x509.MarshalPKIXPublicKey(pubDecompressed)
if err != nil {
return nil
}
pubDecompressedHex := hex.EncodeToString(pubDecompressedBytes)
if pubDecompressedHex == a4h {
// The pubkey wasn't compressed, so decompressing had no impact.
return nil
}
v.TLSA = append(v.TLSA, &dns.TLSA{
Hdr: dns.RR_Header{Name: "", Rrtype: dns.TypeTLSA, Class: dns.ClassINET,
Ttl: defaultTTL},
Usage: uint8(a1),
Selector: uint8(a2),
MatchingType: uint8(a3),
Certificate: strings.ToUpper(pubDecompressedHex),
})
}
return nil return nil
} else { } else {
return fmt.Errorf("TLSA item must be an array") return fmt.Errorf("TLSA item must be an array")

Write Preview
Loading…
Cancel
Save