electrum-bitcoinprivate/lib/dnssec.py

#!/usr/bin/env python
#
# Electrum - lightweight Bitcoin client
# Copyright (C) 2015 Thomas Voegtlin
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.


# Check DNSSEC trust chain.
# Todo: verify expiration dates
#
# Based on
#  http://backreference.org/2010/11/17/dnssec-verification-with-dig/
#  https://github.com/rthalley/dnspython/blob/master/tests/test_dnssec.py


import traceback
import sys
import time
import struct


import dns.name
import dns.query
import dns.dnssec
import dns.message
import dns.resolver
import dns.rdatatype
import dns.rdtypes.ANY.NS
import dns.rdtypes.ANY.CNAME
import dns.rdtypes.ANY.DLV
import dns.rdtypes.ANY.DNSKEY
import dns.rdtypes.ANY.DS
import dns.rdtypes.ANY.NSEC
import dns.rdtypes.ANY.NSEC3
import dns.rdtypes.ANY.NSEC3PARAM
import dns.rdtypes.ANY.RRSIG
import dns.rdtypes.ANY.SOA
import dns.rdtypes.ANY.TXT
import dns.rdtypes.IN.A
import dns.rdtypes.IN.AAAA
from dns.exception import DNSException


"""
Pure-Python version of dns.dnssec._validate_rsig
Uses tlslite instead of PyCrypto
"""
def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
    from dns.dnssec import ValidationFailure, ECKeyWrapper, ECDSAP256SHA256, ECDSAP384SHA384
    from dns.dnssec import _find_candidate_keys, _make_hash, _is_rsa, _to_rdata, _make_algorithm_id

    if isinstance(origin, (str, unicode)):
        origin = dns.name.from_text(origin, dns.name.root)

    for candidate_key in _find_candidate_keys(keys, rrsig):
        if not candidate_key:
            raise ValidationFailure, 'unknown key'

        # For convenience, allow the rrset to be specified as a (name, rdataset)
        # tuple as well as a proper rrset
        if isinstance(rrset, tuple):
            rrname = rrset[0]
            rdataset = rrset[1]
        else:
            rrname = rrset.name
            rdataset = rrset

        if now is None:
            now = time.time()
        if rrsig.expiration < now:
            raise ValidationFailure, 'expired'
        if rrsig.inception > now:
            raise ValidationFailure, 'not yet valid'

        hash = _make_hash(rrsig.algorithm)

        if _is_rsa(rrsig.algorithm):
            from tlslite.utils.keyfactory import _createPublicRSAKey
            from tlslite.utils.cryptomath import bytesToNumber
            keyptr = candidate_key.key
            (bytes,) = struct.unpack('!B', keyptr[0:1])
            keyptr = keyptr[1:]
            if bytes == 0:
                (bytes,) = struct.unpack('!H', keyptr[0:2])
                keyptr = keyptr[2:]
            rsa_e = keyptr[0:bytes]
            rsa_n = keyptr[bytes:]
            n = bytesToNumber(bytearray(rsa_n))
            e = bytesToNumber(bytearray(rsa_e))
            pubkey = _createPublicRSAKey(n, e)
            sig = rrsig.signature

        elif _is_ecdsa(rrsig.algorithm):
            if rrsig.algorithm == ECDSAP256SHA256:
                curve = ecdsa.curves.NIST256p
                key_len = 32
                digest_len = 32
            elif rrsig.algorithm == ECDSAP384SHA384:
                curve = ecdsa.curves.NIST384p
                key_len = 48
                digest_len = 48
            else:
                # shouldn't happen
                raise ValidationFailure, 'unknown ECDSA curve'
            keyptr = candidate_key.key
            x = ecdsa.util.string_to_number(keyptr[0:key_len])
            y = ecdsa.util.string_to_number(keyptr[key_len:key_len * 2])
            assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
            point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)
            verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point,
                                                                      curve)
            pubkey = ECKeyWrapper(verifying_key, key_len)
            r = rrsig.signature[:key_len]
            s = rrsig.signature[key_len:]
            sig = ecdsa.ecdsa.Signature(ecdsa.util.string_to_number(r),
                                        ecdsa.util.string_to_number(s))

        else:
            raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm

        hash.update(_to_rdata(rrsig, origin)[:18])
        hash.update(rrsig.signer.to_digestable(origin))

        if rrsig.labels < len(rrname) - 1:
            suffix = rrname.split(rrsig.labels + 1)[1]
            rrname = dns.name.from_text('*', suffix)
        rrnamebuf = rrname.to_digestable(origin)
        rrfixed = struct.pack('!HHI', rdataset.rdtype, rdataset.rdclass,
                              rrsig.original_ttl)
        rrlist = sorted(rdataset);
        for rr in rrlist:
            hash.update(rrnamebuf)
            hash.update(rrfixed)
            rrdata = rr.to_digestable(origin)
            rrlen = struct.pack('!H', len(rrdata))
            hash.update(rrlen)
            hash.update(rrdata)

        digest = hash.digest()

        if _is_rsa(rrsig.algorithm):
            digest = _make_algorithm_id(rrsig.algorithm) + digest
            if pubkey.verify(bytearray(sig), bytearray(digest)):
                return

        elif _is_ecdsa(rrsig.algorithm):
            if pubkey.verify(digest, sig):
                return

        else:
            raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm

    raise ValidationFailure, 'verify failure'


# replace validate_rrsig
dns.dnssec._validate_rrsig = python_validate_rrsig
dns.dnssec.validate_rrsig = python_validate_rrsig
dns.dnssec.validate = dns.dnssec._validate


from util import print_error


# hard-coded root KSK
root_KSK = dns.rrset.from_text('.', 15202, 'IN', 'DNSKEY', '257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=')


def check_query(ns, sub, _type, keys):
    q = dns.message.make_query(sub, _type, want_dnssec=True)
    response = dns.query.tcp(q, ns, timeout=5)
    assert response.rcode() == 0, 'No answer'
    answer = response.answer
    assert len(answer) != 0, ('No DNS record found', sub, _type)
    assert len(answer) != 1, ('No DNSSEC record found', sub, _type)
    if answer[0].rdtype == dns.rdatatype.RRSIG:
        rrsig, rrset = answer
    elif answer[1].rdtype == dns.rdatatype.RRSIG:
        rrset, rrsig = answer
    else:
        raise BaseException('No signature set in record')
    if keys is None:
        keys = {dns.name.from_text(sub):rrset}
    dns.dnssec.validate(rrset, rrsig, keys)
    return rrset


def get_and_validate(ns, url, _type):
    # get trusted root keys
    root_rrset = check_query(ns, '', dns.rdatatype.DNSKEY, {dns.name.root: root_KSK})
    keys = {dns.name.root: root_rrset}
    # top-down verification
    parts = url.split('.')
    for i in range(len(parts), 0, -1):
        sub = '.'.join(parts[i-1:])
        name = dns.name.from_text(sub)
        # If server is authoritative, don't fetch DNSKEY
        query = dns.message.make_query(sub, dns.rdatatype.NS)
        response = dns.query.udp(query, ns, 3)
        assert response.rcode() == dns.rcode.NOERROR, "query error"
        rrset = response.authority[0] if len(response.authority) > 0 else response.answer[0]
        rr = rrset[0]
        if rr.rdtype == dns.rdatatype.SOA:
            continue
        # get DNSKEY (self-signed)
        rrset = check_query(ns, sub, dns.rdatatype.DNSKEY, None)
        # get DS (signed by parent)
        ds_rrset = check_query(ns, sub, dns.rdatatype.DS, keys)
        # verify that a signed DS validates DNSKEY
        for ds in ds_rrset:
            for dnskey in rrset:
                htype = 'SHA256' if ds.digest_type == 2 else 'SHA1'
                good_ds = dns.dnssec.make_ds(name, dnskey, htype)
                if ds == good_ds:
                    break
            else:
                continue
            break
        else:
            raise BaseException("DS does not match DNSKEY")
        # set key for next iteration
        keys = {name: rrset}
    # get TXT record (signed by zone)
    rrset = check_query(ns, url, _type, keys)
    return rrset


def query(url, rtype):
    resolver = dns.resolver.get_default_resolver()
    # 8.8.8.8 is Google's public DNS server
    resolver.nameservers = ['8.8.8.8']
    ns = resolver.nameservers[0]
    try:
        out = get_and_validate(ns, url, rtype)
        validated = True
    except BaseException as e:
        #traceback.print_exc(file=sys.stderr)
        print_error("DNSSEC error:", str(e))
        out = resolver.query(url, rtype)
        validated = False
    return out, validated
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`#!/usr/bin/env python`
			`#`
			`# Electrum - lightweight Bitcoin client`
			`# Copyright (C) 2015 Thomas Voegtlin`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`



			`# Check DNSSEC trust chain.`
			`# Todo: verify expiration dates`
			`#`
			`# Based on`
			`# http://backreference.org/2010/11/17/dnssec-verification-with-dig/`
			`# https://github.com/rthalley/dnspython/blob/master/tests/test_dnssec.py`
do not use pycrypto for DNSSEC validation 2015-07-29 13:06:44 -07:00
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00
			`import traceback`
			`import sys`
do not use pycrypto for DNSSEC validation 2015-07-29 13:06:44 -07:00			`import time`
			`import struct`

add DNSSEC chain validation 2015-07-08 10:20:54 -07:00
			`import dns.name`
			`import dns.query`
			`import dns.dnssec`
			`import dns.message`
			`import dns.resolver`
			`import dns.rdatatype`
			`import dns.rdtypes.ANY.NS`
			`import dns.rdtypes.ANY.CNAME`
			`import dns.rdtypes.ANY.DLV`
			`import dns.rdtypes.ANY.DNSKEY`
			`import dns.rdtypes.ANY.DS`
			`import dns.rdtypes.ANY.NSEC`
			`import dns.rdtypes.ANY.NSEC3`
			`import dns.rdtypes.ANY.NSEC3PARAM`
			`import dns.rdtypes.ANY.RRSIG`
			`import dns.rdtypes.ANY.SOA`
			`import dns.rdtypes.ANY.TXT`
			`import dns.rdtypes.IN.A`
			`import dns.rdtypes.IN.AAAA`
			`from dns.exception import DNSException`


do not use pycrypto for DNSSEC validation 2015-07-29 13:06:44 -07:00
			`"""`
			`Pure-Python version of dns.dnssec._validate_rsig`
			`Uses tlslite instead of PyCrypto`
			`"""`
			`def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):`
fix imports, cleanup 2015-07-29 13:16:36 -07:00			`from dns.dnssec import ValidationFailure, ECKeyWrapper, ECDSAP256SHA256, ECDSAP384SHA384`
do not use pycrypto for DNSSEC validation 2015-07-29 13:06:44 -07:00			`from dns.dnssec import _find_candidate_keys, _make_hash, _is_rsa, _to_rdata, _make_algorithm_id`

			`if isinstance(origin, (str, unicode)):`
			`origin = dns.name.from_text(origin, dns.name.root)`

			`for candidate_key in _find_candidate_keys(keys, rrsig):`
			`if not candidate_key:`
			`raise ValidationFailure, 'unknown key'`

			`# For convenience, allow the rrset to be specified as a (name, rdataset)`
			`# tuple as well as a proper rrset`
			`if isinstance(rrset, tuple):`
			`rrname = rrset[0]`
			`rdataset = rrset[1]`
			`else:`
			`rrname = rrset.name`
			`rdataset = rrset`

			`if now is None:`
			`now = time.time()`
			`if rrsig.expiration < now:`
			`raise ValidationFailure, 'expired'`
			`if rrsig.inception > now:`
			`raise ValidationFailure, 'not yet valid'`

			`hash = _make_hash(rrsig.algorithm)`

			`if _is_rsa(rrsig.algorithm):`
			`from tlslite.utils.keyfactory import _createPublicRSAKey`
			`from tlslite.utils.cryptomath import bytesToNumber`
			`keyptr = candidate_key.key`
			`(bytes,) = struct.unpack('!B', keyptr[0:1])`
			`keyptr = keyptr[1:]`
			`if bytes == 0:`
			`(bytes,) = struct.unpack('!H', keyptr[0:2])`
			`keyptr = keyptr[2:]`
			`rsa_e = keyptr[0:bytes]`
			`rsa_n = keyptr[bytes:]`
			`n = bytesToNumber(bytearray(rsa_n))`
			`e = bytesToNumber(bytearray(rsa_e))`
			`pubkey = _createPublicRSAKey(n, e)`
			`sig = rrsig.signature`

			`elif _is_ecdsa(rrsig.algorithm):`
			`if rrsig.algorithm == ECDSAP256SHA256:`
			`curve = ecdsa.curves.NIST256p`
			`key_len = 32`
			`digest_len = 32`
			`elif rrsig.algorithm == ECDSAP384SHA384:`
			`curve = ecdsa.curves.NIST384p`
			`key_len = 48`
			`digest_len = 48`
			`else:`
			`# shouldn't happen`
			`raise ValidationFailure, 'unknown ECDSA curve'`
			`keyptr = candidate_key.key`
			`x = ecdsa.util.string_to_number(keyptr[0:key_len])`
			`y = ecdsa.util.string_to_number(keyptr[key_len:key_len * 2])`
			`assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)`
			`point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)`
			`verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point,`
			`curve)`
			`pubkey = ECKeyWrapper(verifying_key, key_len)`
			`r = rrsig.signature[:key_len]`
			`s = rrsig.signature[key_len:]`
			`sig = ecdsa.ecdsa.Signature(ecdsa.util.string_to_number(r),`
			`ecdsa.util.string_to_number(s))`

			`else:`
			`raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm`

			`hash.update(_to_rdata(rrsig, origin)[:18])`
			`hash.update(rrsig.signer.to_digestable(origin))`

			`if rrsig.labels < len(rrname) - 1:`
			`suffix = rrname.split(rrsig.labels + 1)[1]`
			`rrname = dns.name.from_text('*', suffix)`
			`rrnamebuf = rrname.to_digestable(origin)`
			`rrfixed = struct.pack('!HHI', rdataset.rdtype, rdataset.rdclass,`
			`rrsig.original_ttl)`
			`rrlist = sorted(rdataset);`
			`for rr in rrlist:`
			`hash.update(rrnamebuf)`
			`hash.update(rrfixed)`
			`rrdata = rr.to_digestable(origin)`
			`rrlen = struct.pack('!H', len(rrdata))`
			`hash.update(rrlen)`
			`hash.update(rrdata)`

			`digest = hash.digest()`

			`if _is_rsa(rrsig.algorithm):`
			`digest = _make_algorithm_id(rrsig.algorithm) + digest`
			`if pubkey.verify(bytearray(sig), bytearray(digest)):`
			`return`

			`elif _is_ecdsa(rrsig.algorithm):`
			`if pubkey.verify(digest, sig):`
			`return`

			`else:`
			`raise ValidationFailure, 'unknown algorithm %u' % rrsig.algorithm`

			`raise ValidationFailure, 'verify failure'`


			`# replace validate_rrsig`
			`dns.dnssec._validate_rrsig = python_validate_rrsig`
			`dns.dnssec.validate_rrsig = python_validate_rrsig`
			`dns.dnssec.validate = dns.dnssec._validate`



add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`from util import print_error`


			`# hard-coded root KSK`
			`root_KSK = dns.rrset.from_text('.', 15202, 'IN', 'DNSKEY', '257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=')`



			`def check_query(ns, sub, _type, keys):`
			`q = dns.message.make_query(sub, _type, want_dnssec=True)`
			`response = dns.query.tcp(q, ns, timeout=5)`
			`assert response.rcode() == 0, 'No answer'`
			`answer = response.answer`
dnssec: fix hash, and skip SOA 2015-07-09 00:02:39 -07:00			`assert len(answer) != 0, ('No DNS record found', sub, _type)`
			`assert len(answer) != 1, ('No DNSSEC record found', sub, _type)`
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`if answer[0].rdtype == dns.rdatatype.RRSIG:`
			`rrsig, rrset = answer`
dnssec: fix hash, and skip SOA 2015-07-09 00:02:39 -07:00			`elif answer[1].rdtype == dns.rdatatype.RRSIG:`
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`rrset, rrsig = answer`
dnssec: fix hash, and skip SOA 2015-07-09 00:02:39 -07:00			`else:`
			`raise BaseException('No signature set in record')`
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`if keys is None:`
			`keys = {dns.name.from_text(sub):rrset}`
			`dns.dnssec.validate(rrset, rrsig, keys)`
			`return rrset`


			`def get_and_validate(ns, url, _type):`
			`# get trusted root keys`
			`root_rrset = check_query(ns, '', dns.rdatatype.DNSKEY, {dns.name.root: root_KSK})`
			`keys = {dns.name.root: root_rrset}`
			`# top-down verification`
			`parts = url.split('.')`
			`for i in range(len(parts), 0, -1):`
			`sub = '.'.join(parts[i-1:])`
			`name = dns.name.from_text(sub)`
dnssec: fix hash, and skip SOA 2015-07-09 00:02:39 -07:00			`# If server is authoritative, don't fetch DNSKEY`
			`query = dns.message.make_query(sub, dns.rdatatype.NS)`
			`response = dns.query.udp(query, ns, 3)`
			`assert response.rcode() == dns.rcode.NOERROR, "query error"`
			`rrset = response.authority[0] if len(response.authority) > 0 else response.answer[0]`
			`rr = rrset[0]`
			`if rr.rdtype == dns.rdatatype.SOA:`
			`continue`
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`# get DNSKEY (self-signed)`
			`rrset = check_query(ns, sub, dns.rdatatype.DNSKEY, None)`
			`# get DS (signed by parent)`
			`ds_rrset = check_query(ns, sub, dns.rdatatype.DS, keys)`
			`# verify that a signed DS validates DNSKEY`
			`for ds in ds_rrset:`
			`for dnskey in rrset:`
dnssec: fix hash, and skip SOA 2015-07-09 00:02:39 -07:00			`htype = 'SHA256' if ds.digest_type == 2 else 'SHA1'`
			`good_ds = dns.dnssec.make_ds(name, dnskey, htype)`
add DNSSEC chain validation 2015-07-08 10:20:54 -07:00			`if ds == good_ds:`
			`break`
			`else:`
			`continue`
			`break`
			`else:`
			`raise BaseException("DS does not match DNSKEY")`
			`# set key for next iteration`
			`keys = {name: rrset}`
			`# get TXT record (signed by zone)`
			`rrset = check_query(ns, url, _type, keys)`
			`return rrset`


			`def query(url, rtype):`
			`resolver = dns.resolver.get_default_resolver()`
			`# 8.8.8.8 is Google's public DNS server`
			`resolver.nameservers = ['8.8.8.8']`
			`ns = resolver.nameservers[0]`
			`try:`
			`out = get_and_validate(ns, url, rtype)`
			`validated = True`
			`except BaseException as e:`
			`#traceback.print_exc(file=sys.stderr)`
			`print_error("DNSSEC error:", str(e))`
			`out = resolver.query(url, rtype)`
			`validated = False`
			`return out, validated`