Fix dns value encoding to be compliant with acme v01 spec

[r0ro]

"The record provisioned to the DNS is the base64url encoding of this digest"

[jsha]

Nice catch, thanks!

[jsha]

Actually, I realized this problem should be caught by more than just the integration test. Can you check if there's an appropriate unittest for this code path? If so, please fix it to make sure it catches this bug. If not, could you write one?

Thanks,
Jacob

[r0ro]

I think I saw some unit test for dns01 but it was marked as 'coverage' only test since it relies on network data.
I won't be able to work on this before the end of December. When do you plan on updating the staging server ?
I think it's important to merge this before the next update.

Le 18 déc. 2015 à 19:52, Jacob Hoffman-Andrews notifications@github.com a écrit :

Actually, I realized this problem should be caught by more than just the integration test. Can you check if there's an appropriate unittest for this code path? If so, please fix it to make sure it catches this bug. If not, could you write one?

Thanks,
Jacob

—
Reply to this email directly or view it on GitHub.

[jmhodges]

Thank for this change! Please write a unit test. It's important for the long health of this project and the DNS challenge itself. Integration tests won't cover all the possibilities now or in the future as the project grows.

On top of that, deploys to production are going to be, at most, very rare and narrow in their purview over the holidays. The DNS challenge is very unlikely to be turned in prod on anytime before January.

But even if that were not the case, it's important for us to take a deliberate, calm path of forward momentum. We're helping encrypt the entire web! A big deal!

Anyway, thanks again for handling this!

[jmhodges]

Your schedule, of course, is not ours. We may beat you to having time to fix this with a test in place.

[r0ro]

now with some test

You should update the _acme-challenge.good.bin.coffee TXT record to the value "LPsIwTo7o8BoG0-vjCyGQGBWSVIPxI-i_X336eUOQZo" to fix the TestDNSValidationLive. It's the expected value for the expectedToken (https://github.com/letsencrypt/boulder/blob/master/va/validation-authority_test.go#L70)

[jmhodges]

LGTM

Thank you!

[r0ro]

merged with master

[janeczku]

base64.RawURLEncoding omits the pad character(s). This should use base64.URLEncoding to be really compliant with the acme spec.

[janeczku]

According to acme v01 spec the "(t)he record provisioned to the DNS is the base64url encoding of [the SHA-256 digest]."

"base64url" encoding is specified in RFC 4648 section 5 and is subject to the section 3.2 provisions concerning padding of encoded data:

"Implementations MUST include appropriate pad characters at the end of encoded data unless the specification referring to this document explicitly states otherwise."

The acme 01 specification does not state to omit pad characters in the dns value, accordingly a compliant implementation of the dns-01 challenge has to use padded base64url encoded data when provisioning/validating the TXT record.

Since boulder does a byte-to-byte comparison of the encoded data this is critical!

/cc @r0ro @jmhodges

[r0ro]

The spec says:

"For Base64 encoding, we use the variant defined in [RFC7515]. The important features of this encoding are (1) that it uses the URL-safe character set, and (2) that "=" padding characters are stripped."

I think it also applies for dns value

But perhaps the best solution would be to accept both variants ?

Le 1 janv. 2016 à 16:00, Jan B notifications@github.com a écrit :

According to acme v01 spec the "(t)he record provisioned to the DNS is the base64url encoding of [the SHA-256 digest]."

"base64url" encoding is defined in RFC 4648 section 5 and is subject to the section 3.2 provisions concerning padding of encoded data:

"Implementations MUST include appropriate pad characters at the end of encoded data unless the specification referring to this document explicitly states otherwise."

Since the acme 01 specification does not state to omit pad characters in the dns value, a compliant implementation of the dns-01 challenge has to use padded base64url encoded SHA256 digest when provisioning/validating the TXT record.

/cc @r0ro @jmhodges

—
Reply to this email directly or view it on GitHub.

[jhass]

+1 for being tolerant to both.

[janeczku]

@r0ro I don't see how that provision applies to encoding of key authorization resources. When read in context it specifies the encoding of JSON message data:

"Since JSON is a text-based format, binary fields are Base64-encoded. For Base64 encoding, we use the variant defined in {{RFC7515}}. The important features of this encoding are (1) that it uses the URL-safe character set, and (2) that "=" padding characters are stripped."

But i see how the spec leaves room for interpretation in that regard. And i agree that the safest solution is to accept both forms.

[jmhodges]

No, we will only allow the one that lines up with all of the other challenges as implemented.

The spec is in draft and can be clarified and Postel's Law is a quick way to build insecure software.

[r0ro]

so the current pull request is ok ?

[jsha]

*sha256

[jsha]

Basically LGTM. There's a small comment typo, and this needs update to latest master anyhow.

[r0ro]

Don't forget to update the TXT entry for _acme-challenge.good.bin.coffee to LPsIwTo7o8BoG0-vjCyGQGBWSVIPxI-i_X336eUOQZo

[r0ro]

_acme-challenge.good.bin.coffee TXT record is still outdated, I don't know who is able to update its value to match the expected value from validation-authority_test.go

[jcjones]

Update is rolling out; sorry I missed this.