]>
Commit | Line | Data |
---|---|---|
e292e93d GB |
1 | |
2 | #include "dnsmasq.h" | |
d322de06 | 3 | #include "dnssec-crypto.h" |
e292e93d GB |
4 | #include <assert.h> |
5 | ||
6299ffbe GB |
6 | /* Maximum length in octects of a domain name, in wire format */ |
7 | #define MAXCDNAME 256 | |
8 | ||
e292e93d GB |
9 | #define SERIAL_UNDEF -100 |
10 | #define SERIAL_EQ 0 | |
11 | #define SERIAL_LT -1 | |
12 | #define SERIAL_GT 1 | |
13 | ||
e292e93d GB |
14 | /* Implement RFC1982 wrapped compare for 32-bit numbers */ |
15 | static int serial_compare_32(unsigned long s1, unsigned long s2) | |
16 | { | |
17 | if (s1 == s2) | |
18 | return SERIAL_EQ; | |
19 | ||
20 | if ((s1 < s2 && (s2 - s1) < (1UL<<31)) || | |
21 | (s1 > s2 && (s1 - s2) > (1UL<<31))) | |
22 | return SERIAL_LT; | |
23 | if ((s1 < s2 && (s2 - s1) > (1UL<<31)) || | |
24 | (s1 > s2 && (s1 - s2) < (1UL<<31))) | |
25 | return SERIAL_GT; | |
26 | return SERIAL_UNDEF; | |
27 | } | |
28 | ||
29 | /* Extract a DNS name from wire format, without handling compression. This is | |
30 | faster than extract_name() and does not require access to the full dns | |
31 | packet. */ | |
32 | static int extract_name_no_compression(unsigned char *rr, int maxlen, char *buf) | |
33 | { | |
34 | unsigned char *start=rr, *end = rr+maxlen; | |
35 | int count; | |
36 | ||
37 | while (rr < end && *rr != 0) | |
38 | { | |
39 | count = *rr++; | |
6445c8ed | 40 | while (count-- > 0 && rr < end) |
e292e93d GB |
41 | { |
42 | *buf = *rr++; | |
b98f7715 GB |
43 | if (!isascii(*buf) || iscntrl(*buf) || *buf == '.') |
44 | return 0; | |
e292e93d GB |
45 | if (*buf >= 'A' && *buf <= 'Z') |
46 | *buf += 'a' - 'A'; | |
47 | buf++; | |
79333a24 | 48 | } |
e292e93d GB |
49 | *buf++ = '.'; |
50 | } | |
dd090561 | 51 | /* Remove trailing dot (if any) */ |
2ef843dd GB |
52 | if (rr != start) |
53 | *(--buf) = 0; | |
e292e93d GB |
54 | if (rr == end) |
55 | return 0; | |
dd090561 | 56 | /* Trailing \0 in source data must be consumed */ |
79333a24 | 57 | return rr-start+1; |
e292e93d GB |
58 | } |
59 | ||
6299ffbe GB |
60 | /* process_domain_name() - do operations with domain names in canonicalized wire format. |
61 | * | |
62 | * Handling domain names in wire format can be done with buffers as large as MAXCDNAME (256), | |
63 | * while the representation format (as created by, eg., extract_name) requires MAXDNAME (1024). | |
64 | * | |
65 | * With "canonicalized wire format", we mean the standard DNS wire format, eg: | |
66 | * | |
67 | * <3>www<7>example<3>org<0> | |
68 | * | |
69 | * with all ÅSCII letters converted to lowercase, and no wire-level compression. | |
70 | * | |
71 | * The function works with two different buffers: | |
72 | * - Input buffer: 'rdata' is a pointer to the actual wire data, and 'rdlen' is | |
73 | * the total length till the end of the rdata or DNS packet section. Both | |
74 | * variables are updated after processing the domain name, so that rdata points | |
75 | * after it, and rdlen is decreased by the amount of the processed octects. | |
76 | * - Output buffer: 'out' points to it. In some cases, this buffer can be prefilled | |
77 | * and used as additional input (see below). | |
78 | * | |
79 | * The argument "action" decides what to do with the submitted domain name: | |
80 | * | |
81 | * PDN_EXTRACT: | |
82 | * Extract the domain name from input buffer into the output buffer, possibly uncompressing it. | |
83 | * Return the length of the domain name in the output buffer in octects, or zero if error. | |
84 | * | |
85 | * PDN_COMPARE: | |
86 | * Compare the domain name in the input buffer and the one in the output buffer (ignoring | |
87 | * differences in compression). Returns 0 in case of error, a positive number | |
88 | * if they are equal, or a negative number if they are different. This function always | |
89 | * consumes the whole name in the input buffer (there is no early exit). | |
90 | * | |
91 | * PDN_ORDER: | |
92 | * Order between the domain name in the input buffer and the domain name in the output buffer. | |
93 | * Returns 0 if the names are equal, 1 if input > output, or -1 if input < output. This | |
94 | * function early-exits when it finds a difference, so rdata might not be fully updated. | |
95 | * | |
96 | * Notice: because of compression, rdata/rdlen might be updated with a different quantity than | |
97 | * the returned number of octects. For instance, if we extract a compressed domain name, rdata/rdlen | |
98 | * might be updated only by 2 bytes (that is, rdata is incresed by 2, and rdlen decreased by 2), | |
99 | * because it then reuses existing data elsewhere in the DNS packet, while the return value might be | |
100 | * larger, reflecting the total number of octects composing the domain name. | |
101 | * | |
102 | */ | |
103 | #define PDN_EXTRACT 0 | |
104 | #define PDN_COMPARE 1 | |
105 | #define PDN_ORDER 2 | |
106 | static int process_domain_name(struct dns_header *header, size_t pktlen, | |
107 | unsigned char** rdata, size_t* rdlen, | |
108 | unsigned char *out, int action) | |
109 | { | |
110 | int hops = 0, total = 0, i; | |
111 | unsigned char label_type; | |
112 | unsigned char *end = (unsigned char *)header + pktlen; | |
113 | unsigned char count; unsigned char *p = *rdata; | |
114 | int nonequal = 0; | |
115 | ||
116 | #define PROCESS(ch) \ | |
117 | do { \ | |
118 | if (action == PWN_EXTRACT) \ | |
119 | *out++ = ch; \ | |
120 | else if (action == PWN_COMPARE) \ | |
121 | { \ | |
122 | if (*out++ != ch) \ | |
123 | nonequal = 1; \ | |
124 | } \ | |
125 | else if (action == PWN_ORDER) \ | |
126 | { \ | |
127 | char _ch = *out++; \ | |
128 | if (ch < _ch) \ | |
129 | return -1; \ | |
130 | else if (_ch > ch) \ | |
131 | return 1; \ | |
132 | } \ | |
133 | } while (0) | |
134 | ||
135 | while (1) | |
136 | { | |
137 | if (p >= end) | |
138 | return 0; | |
139 | if (!(count = *p++)) | |
140 | break; | |
141 | label_type = count & 0xC0; | |
142 | if (label_type == 0xC0) | |
143 | { | |
144 | if (p >= end) | |
145 | return 0; | |
146 | if (hops == 0) | |
147 | { | |
148 | if (p - *rdata > *rdlen) | |
149 | return 0; | |
150 | *rdlen -= p - *rdata; | |
151 | *rdata = p; | |
152 | } | |
153 | if (++hops == 256) | |
154 | return 0; | |
155 | p = (unsigned char*)header + (count & 0x3F) * 256 + *p; | |
156 | } | |
157 | else if (label_type == 0x00) | |
158 | { | |
159 | if (p+count-1 >= end) | |
160 | return 0; | |
161 | total += count+1; | |
162 | if (total >= MAXCDNAME) | |
163 | return 0; | |
164 | PROCESS(count); | |
165 | for (i = 0; i < count; ++i) | |
166 | { | |
167 | unsigned char ch = *p++; | |
168 | if (ch >= 'A' && ch <= 'Z') | |
169 | ch += 'a' - 'A'; | |
170 | PROCESS(ch); | |
171 | } | |
172 | } | |
173 | else | |
174 | return 0; /* unsupported label_type */ | |
175 | } | |
176 | ||
177 | if (hops == 0) | |
178 | { | |
179 | if (p - *rdata > *rdlen) | |
180 | return 0; | |
181 | *rdlen -= p - *rdata; | |
182 | *rdata = p; | |
183 | } | |
184 | ++total; | |
185 | if (total >= MAXCDNAME) | |
186 | return 0; | |
187 | PROCESS(0); | |
188 | ||
189 | /* If we arrived here without early-exit, they're equal */ | |
190 | if (action == PWN_ORDER) | |
191 | return 0; | |
192 | return nonequal ? -total : total; | |
193 | ||
194 | #undef PROCESS | |
195 | } | |
196 | ||
197 | ||
198 | /* RDATA meta-description. | |
199 | * | |
200 | * RFC4034 §6.2 introduces the concept of a "canonical form of a RR". This canonical | |
201 | * form is used in two important points within the DNSSEC protocol/algorithm: | |
202 | * | |
203 | * 1) When computing the hash for verifying the RRSIG signature, we need to do it on | |
204 | * the canonical form. | |
205 | * 2) When ordering a RRset in canonical order (§6.3), we need to lexicographically sort | |
206 | * the RRs in canonical form. | |
207 | * | |
208 | * The canonical form of a RR is specifically tricky because it also affects the RDATA, | |
209 | * which is different for each RR type; in fact, RFC4034 says that "domain names in | |
210 | * RDATA must be canonicalized" (= uncompressed and lower-cased). | |
211 | * | |
212 | * To handle this correctly, we then need a way to describe how the RDATA section is | |
213 | * composed for each RR type; we don't need to describe every field, but just to specify | |
214 | * where domain names are. The following array contains this description, and it is | |
215 | * used by rrset_canonical_order() and verifyalg_add_rdata(), to adjust their behaviour | |
216 | * for each RR type. | |
217 | * | |
218 | * The format of the description is very easy, for instance: | |
219 | * | |
220 | * { 12, RDESC_DOMAIN, RDESC_DOMAIN, 4, RDESC_DOMAIN, RDESC_END } | |
221 | * | |
222 | * This means that this (ficticious) RR type has a RDATA section containing 12 octects | |
223 | * (we don't care what they contain), followed by 2 domain names, followed by 4 octects, | |
224 | * followed by 1 domain name, and then followed by an unspecificied number of octects (0 | |
225 | * or more). | |
226 | */ | |
227 | ||
228 | #define RDESC_DOMAIN -1 | |
229 | #define RDESC_END 0 | |
230 | static const int rdata_description[][8] = | |
231 | { | |
232 | /**/ { RDESC_END }, | |
233 | /* 1: A */ { RDESC_END }, | |
234 | /* 2: NS */ { RDESC_DOMAIN, RDESC_END }, | |
235 | /* 3: .. */ { RDESC_END }, | |
236 | /* 4: .. */ { RDESC_END }, | |
237 | /* 5: CNAME */ { RDESC_DOMAIN, RDESC_END }, | |
238 | }; | |
239 | ||
240 | ||
e292e93d GB |
241 | /* Check whether today/now is between date_start and date_end */ |
242 | static int check_date_range(unsigned long date_start, unsigned long date_end) | |
243 | { | |
244 | /* TODO: double-check that time(0) is the correct time we are looking for */ | |
245 | /* TODO: dnssec requires correct timing; implement SNTP in dnsmasq? */ | |
246 | unsigned long curtime = time(0); | |
247 | ||
248 | /* We must explicitly check against wanted values, because of SERIAL_UNDEF */ | |
41de7442 GB |
249 | return serial_compare_32(curtime, date_start) == SERIAL_GT |
250 | && serial_compare_32(curtime, date_end) == SERIAL_LT; | |
e292e93d GB |
251 | } |
252 | ||
253 | /* Sort RRs within a RRset in canonical order, according to RFC4034, §6.3 | |
254 | Notice that the RRDATA sections have been already normalized, so a memcpy | |
255 | is sufficient. | |
256 | NOTE: r1/r2 point immediately after the owner name. */ | |
257 | static int rrset_canonical_order(const void *r1, const void *r2) | |
258 | { | |
259 | int r1len, r2len, res; | |
0decc869 | 260 | const unsigned char *pr1=*(unsigned char**)r1, *pr2=*(unsigned char**)r2; |
e292e93d GB |
261 | |
262 | pr1 += 8; pr2 += 8; | |
263 | GETSHORT(r1len, pr1); GETSHORT(r2len, pr2); | |
264 | ||
265 | /* Lexicographically compare RDATA (thus, if equal, smaller length wins) */ | |
266 | res = memcmp(pr1, pr2, MIN(r1len, r2len)); | |
267 | if (res == 0) | |
268 | { | |
269 | if (r1len < r2len) | |
270 | return -1; | |
271 | else | |
272 | /* NOTE: RFC2181 says that an RRset is not allowed to contain duplicate | |
273 | records. If it happens, it is a protocol error and anything goes. */ | |
274 | return 1; | |
275 | } | |
276 | ||
277 | return res; | |
278 | } | |
279 | ||
adca3e9c GB |
280 | typedef struct PendingRRSIGValidation |
281 | { | |
282 | VerifyAlgCtx *alg; | |
283 | char *signer_name; | |
284 | int keytag; | |
285 | } PendingRRSIGValidation; | |
286 | ||
7f0485cf GB |
287 | /* strchrnul - like strchr, but when character is not found, returns a pointer to the terminating \0. |
288 | ||
289 | This is an existing C GNU extension, but it's easier to reimplement it, | |
290 | rather than tweaking with configure. */ | |
291 | static char *strchrnul(char *str, char ch) | |
292 | { | |
293 | while (*str && *str != ch) | |
294 | str++; | |
295 | return str; | |
296 | } | |
297 | ||
13e435eb GB |
298 | /* Pass a domain name through a verification hash function. |
299 | ||
300 | We must pass domain names in DNS wire format, but uncompressed. | |
301 | This means that we cannot directly use raw data from the original | |
302 | message since it might be compressed. */ | |
303 | static void verifyalg_add_data_domain(VerifyAlgCtx *alg, char* name) | |
304 | { | |
305 | unsigned char len; char *p; | |
306 | ||
7f0485cf | 307 | do |
13e435eb | 308 | { |
7f0485cf GB |
309 | p = strchrnul(name, '.'); |
310 | if ((len = p-name)) | |
311 | { | |
312 | alg->vtbl->add_data(alg, &len, 1); | |
313 | alg->vtbl->add_data(alg, name, len); | |
314 | } | |
13e435eb GB |
315 | name = p+1; |
316 | } | |
7f0485cf GB |
317 | while (*p); |
318 | ||
319 | alg->vtbl->add_data(alg, "\0", 1); | |
13e435eb GB |
320 | } |
321 | ||
0852d76b GB |
322 | /* Pass a DNS domain name in wire format through a hash function. Returns the |
323 | total number of bytes passed through the function or 0 in case of errors. | |
324 | Updates the rdata pointer moving it further within the RR. | |
325 | ||
326 | If alg is NULL, go in dry run mode (still correctly updates rdata and return | |
327 | the correct total). | |
328 | ||
329 | The function canonicalizes the domain name (RFC 4034, §6.2), which basically | |
330 | means conversion to lower case, and uncompression. */ | |
331 | static int verifyalg_add_data_wire_domain(VerifyAlgCtx *alg, struct dns_header *header, size_t pktlen, | |
332 | unsigned char** rdata) | |
333 | { | |
334 | int hops = 0, total = 0; | |
335 | unsigned char label_type; | |
336 | unsigned char *end = (unsigned char *)header + pktlen; | |
337 | unsigned char count; unsigned char *p = *rdata; | |
338 | ||
339 | while (1) | |
340 | { | |
341 | if (p >= end) | |
342 | return 0; | |
343 | if (!(count = *p++)) | |
344 | break; | |
345 | label_type = count & 0xC0; | |
346 | if (label_type == 0xC0) | |
347 | { | |
348 | if (p >= end) | |
349 | return 0; | |
350 | p = (unsigned char*)header + (count & 0x3F) * 256 + *p; | |
351 | if (hops == 0) | |
352 | *rdata = p; | |
353 | if (++hops == 256) | |
354 | return 0; | |
355 | } | |
356 | else if (label_type == 0x00) | |
357 | { | |
358 | if (p+count-1 >= end) | |
359 | return 0; | |
360 | if (alg) | |
361 | { | |
362 | alg->vtbl->add_data(alg, &count, 1); | |
363 | /* TODO: missing conversion to lower-case and alphabet check */ | |
364 | alg->vtbl->add_data(alg, p, count); | |
365 | } | |
366 | total += count+1; | |
367 | p += count; | |
368 | } | |
369 | else | |
370 | return 0; /* unsupported label_type */ | |
371 | } | |
372 | ||
373 | if (hops == 0) | |
374 | *rdata = p; | |
375 | if (alg) | |
376 | alg->vtbl->add_data(alg, &count, 1); | |
377 | return total+1; | |
378 | } | |
379 | ||
380 | /* Pass a resource record's rdata field through a verification hash function. | |
381 | ||
382 | We must pass the record in DNS wire format, but if the record contains domain names, | |
383 | they must be uncompressed. This makes things very tricky, because */ | |
384 | static int verifyalg_add_rdata(VerifyAlgCtx *alg, int sigtype, struct dns_header *header, size_t pktlen, | |
385 | unsigned char *rdata) | |
386 | { | |
387 | unsigned char *p; | |
388 | int res; unsigned short rdlen; | |
389 | ||
390 | GETSHORT(rdlen, rdata); | |
391 | p = rdata; | |
392 | ||
393 | switch (sigtype) | |
394 | { | |
395 | /* TODO: missing lots of RR types, see RFC4034, §6.2 */ | |
d1ca25ca | 396 | case T_NS: |
0852d76b GB |
397 | case T_CNAME: |
398 | if (!(res = verifyalg_add_data_wire_domain(NULL, header, pktlen, &p))) | |
399 | return 0; | |
400 | if (p - rdata > rdlen) | |
401 | return 0; | |
402 | rdlen = htons(res); | |
403 | alg->vtbl->add_data(alg, &rdlen, 2); | |
404 | verifyalg_add_data_wire_domain(alg, header, pktlen, &rdata); | |
405 | break; | |
406 | ||
407 | default: | |
408 | alg->vtbl->add_data(alg, rdata-2, rdlen+2); | |
409 | break; | |
410 | } | |
411 | return 1; | |
412 | } | |
413 | ||
414 | ||
adca3e9c GB |
415 | static int begin_rrsig_validation(struct dns_header *header, size_t pktlen, |
416 | unsigned char *reply, int count, char *owner, | |
417 | int sigclass, int sigrdlen, unsigned char *sig, | |
418 | PendingRRSIGValidation *out) | |
e292e93d GB |
419 | { |
420 | int i, res; | |
421 | int sigtype, sigalg, siglbl; | |
422 | unsigned char *sigrdata = sig; | |
423 | unsigned long sigttl, date_end, date_start; | |
424 | unsigned char* p = reply; | |
425 | char* signer_name = daemon->namebuff; | |
13e435eb | 426 | int signer_name_rdlen; |
e292e93d GB |
427 | int keytag; |
428 | void *rrset[16]; /* TODO: max RRset size? */ | |
429 | int rrsetidx = 0; | |
430 | ||
431 | if (sigrdlen < 18) | |
432 | return 0; | |
433 | GETSHORT(sigtype, sig); | |
434 | sigalg = *sig++; | |
435 | siglbl = *sig++; | |
436 | GETLONG(sigttl, sig); | |
437 | GETLONG(date_end, sig); | |
438 | GETLONG(date_start, sig); | |
439 | GETSHORT(keytag, sig); | |
440 | sigrdlen -= 18; | |
441 | ||
adca3e9c | 442 | if (!verifyalg_supported(sigalg)) |
e292e93d GB |
443 | { |
444 | printf("RRSIG algorithm not supported: %d\n", sigalg); | |
445 | return 0; | |
446 | } | |
447 | ||
d31d057a | 448 | if (!check_date_range(date_start, date_end)) |
e292e93d GB |
449 | { |
450 | printf("RRSIG outside date range\n"); | |
451 | return 0; | |
452 | } | |
453 | ||
454 | /* Iterate within the answer and find the RRsets matching the current RRsig */ | |
455 | for (i = 0; i < count; ++i) | |
456 | { | |
457 | int qtype, qclass, rdlen; | |
458 | if (!(res = extract_name(header, pktlen, &p, owner, 0, 10))) | |
459 | return 0; | |
460 | rrset[rrsetidx] = p; | |
461 | GETSHORT(qtype, p); | |
462 | GETSHORT(qclass, p); | |
463 | p += 4; /* skip ttl */ | |
464 | GETSHORT(rdlen, p); | |
465 | if (res == 1 && qtype == sigtype && qclass == sigclass) | |
466 | { | |
467 | ++rrsetidx; | |
382e38f4 GB |
468 | if (rrsetidx == countof(rrset)) |
469 | { | |
470 | /* Internal buffer too small */ | |
471 | printf("internal buffer too small for this RRset\n"); | |
472 | return 0; | |
473 | } | |
e292e93d GB |
474 | } |
475 | p += rdlen; | |
476 | } | |
477 | ||
478 | /* Sort RRset records in canonical order. */ | |
479 | qsort(rrset, rrsetidx, sizeof(void*), rrset_canonical_order); | |
480 | ||
50a96b62 GB |
481 | /* Skip through the signer name; we don't extract it right now because |
482 | we don't want to overwrite the single daemon->namebuff which contains | |
483 | the owner name. We'll get to this later. */ | |
484 | if (!(p = skip_name(sig, header, pktlen, 0))) | |
e292e93d | 485 | return 0; |
50a96b62 GB |
486 | signer_name_rdlen = p - sig; |
487 | sig = p; sigrdlen -= signer_name_rdlen; | |
13e435eb | 488 | |
e292e93d GB |
489 | /* Now initialize the signature verification algorithm and process the whole |
490 | RRset */ | |
adca3e9c GB |
491 | VerifyAlgCtx *alg = verifyalg_alloc(sigalg); |
492 | if (!alg) | |
493 | return 0; | |
494 | if (!alg->vtbl->set_signature(alg, sig, sigrdlen)) | |
e292e93d GB |
495 | return 0; |
496 | ||
4b0eecbb GB |
497 | sigtype = htons(sigtype); |
498 | sigclass = htons(sigclass); | |
499 | sigttl = htonl(sigttl); | |
500 | ||
adca3e9c | 501 | alg->vtbl->begin_data(alg); |
13e435eb | 502 | alg->vtbl->add_data(alg, sigrdata, 18+signer_name_rdlen); |
e292e93d GB |
503 | for (i = 0; i < rrsetidx; ++i) |
504 | { | |
13e435eb GB |
505 | p = (unsigned char*)(rrset[i]); |
506 | ||
507 | verifyalg_add_data_domain(alg, owner); | |
adca3e9c GB |
508 | alg->vtbl->add_data(alg, &sigtype, 2); |
509 | alg->vtbl->add_data(alg, &sigclass, 2); | |
510 | alg->vtbl->add_data(alg, &sigttl, 4); | |
e292e93d | 511 | |
e292e93d | 512 | p += 8; |
0852d76b GB |
513 | if (!verifyalg_add_rdata(alg, ntohs(sigtype), header, pktlen, p)) |
514 | return 0; | |
e292e93d | 515 | } |
adca3e9c | 516 | alg->vtbl->end_data(alg); |
e292e93d | 517 | |
50a96b62 GB |
518 | /* We don't need the owner name anymore; now extract the signer name */ |
519 | if (!extract_name_no_compression(sigrdata+18, signer_name_rdlen, signer_name)) | |
520 | return 0; | |
521 | ||
adca3e9c GB |
522 | out->alg = alg; |
523 | out->keytag = keytag; | |
524 | out->signer_name = signer_name; | |
525 | return 1; | |
526 | } | |
527 | ||
528 | static int end_rrsig_validation(PendingRRSIGValidation *val, struct crec *crec_dnskey) | |
529 | { | |
a7338645 | 530 | /* FIXME: keydata is non-contiguous */ |
708bcd2d | 531 | return val->alg->vtbl->verify(val->alg, crec_dnskey->addr.key.keydata, crec_dnskey->uid); |
adca3e9c GB |
532 | } |
533 | ||
534 | static void dnssec_parserrsig(struct dns_header *header, size_t pktlen, | |
535 | unsigned char *reply, int count, char *owner, | |
536 | int sigclass, int sigrdlen, unsigned char *sig) | |
537 | { | |
538 | PendingRRSIGValidation val; | |
539 | ||
540 | /* Initiate the RRSIG validation process. The pending state is returned into val. */ | |
541 | if (!begin_rrsig_validation(header, pktlen, reply, count, owner, sigclass, sigrdlen, sig, &val)) | |
542 | return; | |
543 | ||
544 | printf("RRSIG: querying cache for DNSKEY %s (keytag: %d)\n", val.signer_name, val.keytag); | |
20bccd49 GB |
545 | |
546 | /* Look in the cache for *all* the DNSKEYs with matching signer_name and keytag */ | |
adca3e9c GB |
547 | char onekey = 0; |
548 | struct crec *crecp = NULL; | |
a55ce08c | 549 | while ((crecp = cache_find_by_name(crecp, val.signer_name, time(0), F_DNSKEY))) /* TODO: time(0) */ |
adca3e9c GB |
550 | { |
551 | onekey = 1; | |
552 | ||
20bccd49 GB |
553 | if (crecp->addr.key.keytag == val.keytag |
554 | && crecp->addr.key.algo == verifyalg_algonum(val.alg)) | |
555 | { | |
556 | printf("RRSIG: found DNSKEY %d in cache, attempting validation\n", val.keytag); | |
adca3e9c | 557 | |
20bccd49 GB |
558 | if (end_rrsig_validation(&val, crecp)) |
559 | printf("Validation OK\n"); | |
560 | else | |
561 | printf("Validation FAILED\n"); | |
562 | } | |
adca3e9c GB |
563 | } |
564 | ||
565 | if (!onekey) | |
566 | { | |
ccca70cb | 567 | printf("DNSKEY not found, need to fetch it\n"); |
adca3e9c GB |
568 | /* TODO: store PendingRRSIGValidation in routing table, |
569 | fetch key (and make it go through dnssec_parskey), then complete validation. */ | |
570 | } | |
e292e93d GB |
571 | } |
572 | ||
3471f181 GB |
573 | /* Compute keytag (checksum to quickly index a key). See RFC4034 */ |
574 | static int dnskey_keytag(unsigned char *rdata, int rdlen) | |
575 | { | |
576 | unsigned long ac; | |
577 | int i; | |
578 | ||
579 | ac = 0; | |
580 | for (i = 0; i < rdlen; ++i) | |
581 | ac += (i & 1) ? rdata[i] : rdata[i] << 8; | |
582 | ac += (ac >> 16) & 0xFFFF; | |
583 | return ac & 0xFFFF; | |
584 | } | |
585 | ||
586 | int dnssec_parsekey(struct dns_header *header, size_t pktlen, char *owner, unsigned long ttl, | |
587 | int rdlen, unsigned char *rdata) | |
588 | { | |
589 | int flags, proto, alg; | |
590 | struct keydata *key; struct crec *crecp; | |
3471f181 GB |
591 | unsigned char *ordata = rdata; int ordlen = rdlen; |
592 | ||
593 | CHECKED_GETSHORT(flags, rdata, rdlen); | |
594 | CHECKED_GETCHAR(proto, rdata, rdlen); | |
595 | CHECKED_GETCHAR(alg, rdata, rdlen); | |
596 | ||
597 | if (proto != 3) | |
598 | return 0; | |
0d829ebc GB |
599 | /* Skip non-signing keys (as specified in RFC4034 */ |
600 | if (!(flags & 0x100)) | |
601 | return 0; | |
3471f181 | 602 | |
a55ce08c | 603 | key = keydata_alloc((char*)rdata, rdlen); |
3471f181 | 604 | |
3471f181 GB |
605 | /* TODO: time(0) is correct here? */ |
606 | crecp = cache_insert(owner, NULL, time(0), ttl, F_FORWARD | F_DNSKEY); | |
607 | if (crecp) | |
608 | { | |
609 | /* TODO: improve union not to name "uid" this field */ | |
610 | crecp->uid = rdlen; | |
611 | crecp->addr.key.keydata = key; | |
612 | crecp->addr.key.algo = alg; | |
613 | crecp->addr.key.keytag = dnskey_keytag(ordata, ordlen); | |
614 | printf("DNSKEY: storing key for %s (keytag: %d)\n", owner, crecp->addr.key.keytag); | |
615 | } | |
616 | else | |
617 | { | |
618 | keydata_free(key); | |
619 | /* TODO: if insertion really might fail, verify we don't depend on cache | |
620 | insertion success for validation workflow correctness */ | |
621 | printf("DNSKEY: cache insertion failure\n"); | |
622 | return 0; | |
623 | } | |
3471f181 GB |
624 | return 1; |
625 | } | |
626 | ||
627 | int dnssec_parseds(struct dns_header *header, size_t pktlen, char *owner, unsigned long ttl, | |
628 | int rdlen, unsigned char *rdata) | |
629 | { | |
630 | return 0; | |
631 | } | |
e292e93d GB |
632 | |
633 | int dnssec_validate(struct dns_header *header, size_t pktlen) | |
634 | { | |
635 | unsigned char *p, *reply; | |
636 | char *owner = daemon->namebuff; | |
23c21766 | 637 | int i, s, qtype, qclass, rdlen; |
e292e93d | 638 | unsigned long ttl; |
23c21766 | 639 | int slen[3] = { ntohs(header->ancount), ntohs(header->nscount), ntohs(header->arcount) }; |
e292e93d | 640 | |
23c21766 | 641 | if (slen[0] + slen[1] + slen[2] == 0) |
e292e93d GB |
642 | return 0; |
643 | if (!(reply = p = skip_questions(header, pktlen))) | |
644 | return 0; | |
d0edff7d GB |
645 | |
646 | /* First, process DNSKEY/DS records and add them to the cache. */ | |
647 | cache_start_insert(); | |
23c21766 | 648 | for (i = 0; i < slen[0]; i++) |
e292e93d GB |
649 | { |
650 | if (!extract_name(header, pktlen, &p, owner, 1, 10)) | |
651 | return 0; | |
652 | GETSHORT(qtype, p); | |
653 | GETSHORT(qclass, p); | |
654 | GETLONG(ttl, p); | |
655 | GETSHORT(rdlen, p); | |
3471f181 GB |
656 | if (qtype == T_DS) |
657 | { | |
658 | printf("DS found\n"); | |
659 | dnssec_parseds(header, pktlen, owner, ttl, rdlen, p); | |
660 | } | |
661 | else if (qtype == T_DNSKEY) | |
662 | { | |
663 | printf("DNSKEY found\n"); | |
47f99dd2 | 664 | dnssec_parsekey(header, pktlen, owner, ttl, rdlen, p); |
3471f181 | 665 | } |
4137b84e GB |
666 | p += rdlen; |
667 | } | |
d0edff7d | 668 | cache_end_insert(); |
4137b84e | 669 | |
d0edff7d | 670 | /* After we have cached DNSKEY/DS records, start looking for RRSIGs. |
4137b84e GB |
671 | We want to do this in a separate step because we want the cache |
672 | to be already populated with DNSKEYs before parsing signatures. */ | |
673 | p = reply; | |
23c21766 | 674 | for (s = 0; s < 3; ++s) |
4137b84e | 675 | { |
23c21766 GB |
676 | reply = p; |
677 | for (i = 0; i < slen[s]; i++) | |
e292e93d | 678 | { |
23c21766 GB |
679 | if (!extract_name(header, pktlen, &p, owner, 1, 10)) |
680 | return 0; | |
681 | GETSHORT(qtype, p); | |
682 | GETSHORT(qclass, p); | |
683 | GETLONG(ttl, p); | |
684 | GETSHORT(rdlen, p); | |
685 | if (qtype == T_RRSIG) | |
686 | { | |
687 | printf("RRSIG found (owner: %s)\n", owner); | |
688 | /* TODO: missing logic. We should only validate RRSIGs for which we | |
689 | have a valid DNSKEY that is referenced by a DS record upstream. | |
690 | There is a memory vs CPU conflict here; should we validate everything | |
691 | to save memory and thus waste CPU, or better first acquire all information | |
692 | (wasting memory) and then doing the minimum CPU computations required? */ | |
693 | dnssec_parserrsig(header, pktlen, reply, slen[s], owner, qclass, rdlen, p); | |
694 | } | |
695 | p += rdlen; | |
4137b84e | 696 | } |
e292e93d | 697 | } |
4137b84e | 698 | |
e292e93d GB |
699 | return 1; |
700 | } |