]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Log port of requestor when doing extra logging.
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
0fc2f313 2 and Copyright (c) 2012-2014 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3 28#include <nettle/nettle-meta.h>
063efb33
SK		 29#include <nettle/bignum.h>
30
cdb755c5
SK		 31/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33#ifdef dsa_params_init
34#include <nettle/dsa-compat.h>
35#endif
36
c3e0b9b6 37
e292e93d
GB		 38#define SERIAL_UNDEF -100
39#define SERIAL_EQ 0
40#define SERIAL_LT -1
41#define SERIAL_GT 1
42
86bec2d3
SK		 43/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
44static char *ds_digest_name(int digest)
45{
46 switch (digest)
47 {
48 case 1: return "sha1";
49 case 2: return "sha256";
50 case 3: return "gosthash94";
51 case 4: return "sha384";
52 default: return NULL;
53 }
54}
55
56/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
57static char *algo_digest_name(int algo)
58{
59 switch (algo)
60 {
61 case 1: return "md5";
62 case 3: return "sha1";
63 case 5: return "sha1";
64 case 6: return "sha1";
65 case 7: return "sha1";
66 case 8: return "sha256";
67 case 10: return "sha512";
68 case 12: return "gosthash94";
69 case 13: return "sha256";
70 case 14: return "sha384";
71 default: return NULL;
72 }
73}
74
75/* Find pointer to correct hash function in nettle library */
76static const struct nettle_hash *hash_find(char *name)
77{
78 int i;
79
80 if (!name)
81 return NULL;
82
83 for (i = 0; nettle_hashes[i]; i++)
84 {
85 if (strcmp(nettle_hashes[i]->name, name) == 0)
86 return nettle_hashes[i];
87 }
88
89 return NULL;
90}
91
92/* expand ctx and digest memory allocations if necessary and init hash function */
93static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
94{
95 static void *ctx = NULL;
96 static unsigned char *digest = NULL;
97 static unsigned int ctx_sz = 0;
98 static unsigned int digest_sz = 0;
99
100 void *new;
101
102 if (ctx_sz < hash->context_size)
103 {
104 if (!(new = whine_malloc(hash->context_size)))
105 return 0;
106 if (ctx)
107 free(ctx);
108 ctx = new;
109 ctx_sz = hash->context_size;
110 }
111
112 if (digest_sz < hash->digest_size)
113 {
114 if (!(new = whine_malloc(hash->digest_size)))
115 return 0;
116 if (digest)
117 free(digest);
118 digest = new;
119 digest_sz = hash->digest_size;
120 }
121
122 *ctxp = ctx;
123 *digestp = digest;
124
125 hash->init(ctx);
126
127 return 1;
128}
129
cdb755c5
SK		 130static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
131 unsigned char *digest, int algo)
86bec2d3
SK		 132{
133 unsigned char *p;
134 size_t exp_len;
135
136 static struct rsa_public_key *key = NULL;
137 static mpz_t sig_mpz;
138
139 if (key == NULL)
140 {
141 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
142 return 0;
143
144 nettle_rsa_public_key_init(key);
145 mpz_init(sig_mpz);
146 }
147
148 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
149 return 0;
150
151 key_len--;
152 if ((exp_len = *p++) == 0)
153 {
154 GETSHORT(exp_len, p);
155 key_len -= 2;
156 }
157
158 if (exp_len >= key_len)
159 return 0;
160
161 key->size = key_len - exp_len;
162 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
163 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
164
165 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
166
167 switch (algo)
168 {
169 case 1:
170 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
171 case 5: case 7:
172 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
173 case 8:
174 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
175 case 10:
176 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
177 }
178
179 return 0;
180}
181
cdb755c5
SK		 182static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
183 unsigned char *digest, int algo)
86bec2d3
SK		 184{
185 unsigned char *p;
186 unsigned int t;
187
188 static struct dsa_public_key *key = NULL;
189 static struct dsa_signature *sig_struct;
190
191 if (key == NULL)
192 {
193 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
194 !(key = whine_malloc(sizeof(struct dsa_public_key))))
195 return 0;
196
197 nettle_dsa_public_key_init(key);
198 nettle_dsa_signature_init(sig_struct);
199 }
200
201 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
202 return 0;
203
204 t = *p++;
205
206 if (key_len < (213 + (t * 24)))
207 return 0;
ebe95a83 208
86bec2d3
SK		 209 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
210 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
211 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
212 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
213
214 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
215 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
216
217 (void)algo;
ebe95a83 218
86bec2d3
SK		 219 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
220}
221
c152dc84
SK		 222#ifndef NO_NETTLE_ECC
223static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
224 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 225 unsigned char *digest, size_t digest_len, int algo)
226{
227 unsigned char *p;
228 unsigned int t;
229 struct ecc_point *key;
230
231 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
232 static mpz_t x, y;
233 static struct dsa_signature *sig_struct;
234
235 if (!sig_struct)
236 {
237 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
238 return 0;
239
240 nettle_dsa_signature_init(sig_struct);
241 mpz_init(x);
242 mpz_init(y);
243 }
244
245 switch (algo)
246 {
247 case 13:
248 if (!key_256)
249 {
250 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
251 return 0;
252
253 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
254 }
255
256 key = key_256;
257 t = 32;
258 break;
259
260 case 14:
261 if (!key_384)
262 {
263 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
264 return 0;
265
266 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
267 }
268
269 key = key_384;
270 t = 48;
271 break;
272
273 default:
274 return 0;
275 }
276
277 if (sig_len != 2*t || key_len != 2*t ||
278 (p = blockdata_retrieve(key_data, key_len, NULL)))
279 return 0;
280
281 mpz_import(x, t , 1, 1, 0, 0, p);
282 mpz_import(y, t , 1, 1, 0, 0, p + t);
283
284 if (!ecc_point_set(key, x, y))
285 return 0;
286
287 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
288 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
289
290 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
291}
c152dc84
SK		 292#endif
293
86bec2d3 294static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 295 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 296{
7b1eae4f
SK		 297 (void)digest_len;
298
86bec2d3
SK		 299 switch (algo)
300 {
301 case 1: case 5: case 7: case 8: case 10:
cdb755c5 302 return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
86bec2d3
SK		 303
304 case 3: case 6:
cdb755c5 305 return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 306
307#ifndef NO_NETTLE_ECC
ebe95a83
SK		 308 case 13: case 14:
309 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 310#endif
311 }
86bec2d3
SK		 312
313 return 0;
314}
315
0fc2f313
SK		 316/* Convert from presentation format to wire format, in place.
317 Also map UC -> LC.
318 Note that using extract_name to get presentation format
319 then calling to_wire() removes compression and maps case,
320 thus generating names in canonical form.
321 Calling to_wire followed by from_wire is almost an identity,
322 except that the UC remains mapped to LC.
323*/
324static int to_wire(char *name)
7f0485cf 325{
0fc2f313
SK		 326 unsigned char *l, *p, term;
327 int len;
328
329 for (l = (unsigned char*)name; *l != 0; l = p)
330 {
331 for (p = l; *p != '.' && *p != 0; p++)
332 if (*p >= 'A' && *p <= 'Z')
333 *p = *p - 'A' + 'a';
334
335 term = *p;
336
337 if ((len = p - l) != 0)
338 memmove(l+1, l, len);
339 *l = len;
340
341 p++;
342
343 if (term == 0)
344 *p = 0;
345 }
346
347 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 348}
349
0fc2f313
SK		 350/* Note: no compression allowed in input. */
351static void from_wire(char *name)
13e435eb 352{
0fc2f313
SK		 353 unsigned char *l;
354 int len;
13e435eb 355
0fc2f313 356 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 357 {
0fc2f313
SK		 358 len = *l;
359 memmove(l, l+1, len);
360 l[len] = '.';
13e435eb 361 }
7f0485cf 362
e3f14558 363 if ((char *)l != name)
bd9b3cf5 364 *(l-1) = 0;
13e435eb
GB		 365}
366
5ada8885
SK		 367/* Input in presentation format */
368static int count_labels(char *name)
369{
370 int i;
371
372 if (*name == 0)
373 return 0;
374
375 for (i = 0; *name; name++)
376 if (*name == '.')
377 i++;
378
379 return i+1;
380}
381
5f8e58f4
SK		 382/* Implement RFC1982 wrapped compare for 32-bit numbers */
383static int serial_compare_32(unsigned long s1, unsigned long s2)
384{
385 if (s1 == s2)
386 return SERIAL_EQ;
0ca895f5 387
5f8e58f4
SK		 388 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
389 (s1 > s2 && (s1 - s2) > (1UL<<31)))
390 return SERIAL_LT;
391 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
392 (s1 > s2 && (s1 - s2) < (1UL<<31)))
393 return SERIAL_GT;
394 return SERIAL_UNDEF;
395}
0852d76b 396
5f8e58f4
SK		 397/* Check whether today/now is between date_start and date_end */
398static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 399{
e98bd52e
SK		 400 unsigned long curtime;
401
402 /* Checking timestamps may be temporarily disabled */
403 if (option_bool(OPT_DNSSEC_TIME))
404 return 1;
405
406 curtime = time(0);
5f8e58f4
SK		 407
408 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
409 return serial_compare_32(curtime, date_start) == SERIAL_GT
410 && serial_compare_32(curtime, date_end) == SERIAL_LT;
411}
f119ed38 412
5f8e58f4
SK		 413static u16 *get_desc(int type)
414{
415 /* List of RRtypes which include domains in the data.
416 0 -> domain
417 integer -> no of plain bytes
418 -1 -> end
419
420 zero is not a valid RRtype, so the final entry is returned for
421 anything which needs no mangling.
422 */
423
424 static u16 rr_desc[] =
425 {
426 T_NS, 0, -1,
427 T_MD, 0, -1,
428 T_MF, 0, -1,
429 T_CNAME, 0, -1,
430 T_SOA, 0, 0, -1,
431 T_MB, 0, -1,
432 T_MG, 0, -1,
433 T_MR, 0, -1,
434 T_PTR, 0, -1,
435 T_MINFO, 0, 0, -1,
436 T_MX, 2, 0, -1,
437 T_RP, 0, 0, -1,
438 T_AFSDB, 2, 0, -1,
439 T_RT, 2, 0, -1,
440 T_SIG, 18, 0, -1,
441 T_PX, 2, 0, 0, -1,
442 T_NXT, 0, -1,
443 T_KX, 2, 0, -1,
444 T_SRV, 6, 0, -1,
445 T_DNAME, 0, -1,
5f8e58f4
SK		 446 0, -1 /* wildcard/catchall */
447 };
448
449 u16 *p = rr_desc;
450
451 while (*p != type && *p != 0)
452 while (*p++ != (u16)-1);
f119ed38 453
5f8e58f4
SK		 454 return p+1;
455}
0852d76b 456
5f8e58f4
SK		 457/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
458 data, pointed to by *p, should be used raw. */
094b5c3d 459static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
5f8e58f4
SK		 460 unsigned char **p, u16 **desc)
461{
462 int d = **desc;
463
5f8e58f4
SK		 464 /* No more data needs mangling */
465 if (d == (u16)-1)
094b5c3d
SK		 466 {
467 /* If there's more data than we have space for, just return what fits,
468 we'll get called again for more chunks */
469 if (end - *p > bufflen)
470 {
471 memcpy(buff, *p, bufflen);
472 *p += bufflen;
473 return bufflen;
474 }
475
476 return 0;
477 }
478
479 (*desc)++;
5f8e58f4
SK		 480
481 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
482 /* domain-name, canonicalise */
483 return to_wire(buff);
484 else
485 {
486 /* plain data preceding a domain-name, don't run off the end of the data */
487 if ((end - *p) < d)
488 d = end - *p;
489
490 if (d != 0)
491 {
492 memcpy(buff, *p, d);
493 *p += d;
494 }
495
496 return d;
497 }
0852d76b
GB		 498}
499
613ad15d
SK		 500static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
501{
502 unsigned char **p;
503 int new_sz = *sz;
504
505 if (new_sz > new)
506 return 1;
507
508 if (new >= 100)
509 return 0;
510
511 new_sz += 5;
512
513 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
514 return 0;
515
516 if (*wkspc)
517 {
518 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
519 free(*wkspc);
520 }
521
522 *wkspc = p;
523 *sz = new_sz;
00a5b5d4
SK		 524
525 return 1;
613ad15d
SK		 526}
527
5f8e58f4
SK		 528/* Bubble sort the RRset into the canonical order.
529 Note that the byte-streams from two RRs may get unsynced: consider
530 RRs which have two domain-names at the start and then other data.
531 The domain-names may have different lengths in each RR, but sort equal
532
533 ------------
534 |abcde|fghi|
535 ------------
536 |abcd|efghi|
537 ------------
538
539 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
540*/
541
542static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
543 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 544{
5f8e58f4 545 int swap, quit, i;
0fc2f313 546
5f8e58f4
SK		 547 do
548 {
549 for (swap = 0, i = 0; i < rrsetidx-1; i++)
550 {
551 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
552 u16 *dp1, *dp2;
553 unsigned char *end1, *end2;
5107ace1
SK		 554 /* Note that these have been determined to be OK previously,
555 so we don't need to check for NULL return here. */
5f8e58f4
SK		 556 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
557 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
558
559 p1 += 8; /* skip class, type, ttl */
560 GETSHORT(rdlen1, p1);
561 end1 = p1 + rdlen1;
562
563 p2 += 8; /* skip class, type, ttl */
564 GETSHORT(rdlen2, p2);
565 end2 = p2 + rdlen2;
566
567 dp1 = dp2 = rr_desc;
568
1486a9c7 569 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 570 {
1486a9c7
SK		 571 if (left1 != 0)
572 memmove(buff1, buff1 + len1 - left1, left1);
573
094b5c3d 574 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
5f8e58f4
SK		 575 {
576 quit = 1;
577 len1 = end1 - p1;
578 memcpy(buff1 + left1, p1, len1);
579 }
580 len1 += left1;
581
1486a9c7
SK		 582 if (left2 != 0)
583 memmove(buff2, buff2 + len2 - left2, left2);
584
094b5c3d 585 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
5f8e58f4
SK		 586 {
587 quit = 1;
588 len2 = end2 - p2;
589 memcpy(buff2 + left2, p2, len2);
590 }
591 len2 += left2;
592
593 if (len1 > len2)
1486a9c7 594 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 595 else
1486a9c7 596 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 597
6fd6dacb 598 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 599
4619d946 600 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 601 {
602 unsigned char *tmp = rrset[i+1];
603 rrset[i+1] = rrset[i];
604 rrset[i] = tmp;
605 swap = quit = 1;
606 }
6fd6dacb
SK		 607 else if (rc < 0)
608 quit = 1;
5f8e58f4
SK		 609 }
610 }
611 } while (swap);
612}
c3e0b9b6 613
5f8e58f4
SK		 614/* Validate a single RRset (class, type, name) in the supplied DNS reply
615 Return code:
616 STAT_SECURE if it validates.
5107ace1 617 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
fbc52057 618 (In this case *wildcard_out points to the "body" of the wildcard within name.)
00a5b5d4 619 STAT_NO_SIG no RRsigs found.
87070192
SK		 620 STAT_INSECURE RRset empty.
621 STAT_BOGUS signature is wrong, bad packet.
5f8e58f4
SK		 622 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
623
624 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
625 otherwise find the key in the cache.
5107ace1
SK		 626
627 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4 628*/
fbc52057
SK		 629static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
630 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 631{
632 static unsigned char **rrset = NULL, **sigs = NULL;
633 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 634
5f8e58f4 635 unsigned char *p;
5ada8885 636 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 637 struct crec *crecp = NULL;
638 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
639 u16 *rr_desc = get_desc(type);
83d2ed09
SK		 640
641 if (wildcard_out)
642 *wildcard_out = NULL;
643
5f8e58f4 644 if (!(p = skip_questions(header, plen)))
87070192 645 return STAT_BOGUS;
83d2ed09 646
5ada8885
SK		 647 name_labels = count_labels(name); /* For 4035 5.3.2 check */
648
649 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 650 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
651 j != 0; j--)
652 {
653 unsigned char *pstart, *pdata;
b98d22c1 654 int stype, sclass;
c3e0b9b6 655
5f8e58f4
SK		 656 pstart = p;
657
658 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
87070192 659 return STAT_BOGUS; /* bad packet */
5f8e58f4
SK		 660
661 GETSHORT(stype, p);
662 GETSHORT(sclass, p);
b98d22c1 663 p += 4; /* TTL */
5f8e58f4
SK		 664
665 pdata = p;
c3e0b9b6 666
5f8e58f4
SK		 667 GETSHORT(rdlen, p);
668
e7829aef 669 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 670 return STAT_BOGUS;
e7829aef 671
5f8e58f4
SK		 672 if (res == 1 && sclass == class)
673 {
674 if (stype == type)
675 {
613ad15d 676 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
87070192 677 return STAT_BOGUS;
613ad15d 678
5f8e58f4
SK		 679 rrset[rrsetidx++] = pstart;
680 }
681
682 if (stype == T_RRSIG)
683 {
613ad15d 684 if (rdlen < 18)
87070192 685 return STAT_BOGUS; /* bad packet */
613ad15d
SK		 686
687 GETSHORT(type_covered, p);
688
689 if (type_covered == type)
690 {
691 if (!expand_workspace(&sigs, &sig_sz, sigidx))
87070192 692 return STAT_BOGUS;
613ad15d
SK		 693
694 sigs[sigidx++] = pdata;
695 }
696
697 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 698 }
699 }
613ad15d 700
5f8e58f4 701 if (!ADD_RDLEN(header, p, plen, rdlen))
87070192 702 return STAT_BOGUS;
5f8e58f4 703 }
c3e0b9b6 704
00a5b5d4
SK		 705 /* RRset empty */
706 if (rrsetidx == 0)
5f8e58f4 707 return STAT_INSECURE;
00a5b5d4
SK		 708
709 /* no RRSIGs */
710 if (sigidx == 0)
711 return STAT_NO_SIG;
5f8e58f4
SK		 712
713 /* Sort RRset records into canonical order.
d387380a 714 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 715 unused, and used as workspace by the sort. */
d387380a 716 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 717
718 /* Now try all the sigs to try and find one which validates */
719 for (j = 0; j <sigidx; j++)
720 {
d387380a 721 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 722 int i, wire_len, sig_len;
723 const struct nettle_hash *hash;
724 void *ctx;
d387380a 725 char *name_start;
5f8e58f4
SK		 726 u32 nsigttl;
727
728 p = sigs[j];
5ada8885 729 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 730 psav = p;
731
5ada8885 732 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 733 algo = *p++;
734 labels = *p++;
735 GETLONG(orig_ttl, p);
e7829aef
SK		 736 GETLONG(sig_expiration, p);
737 GETLONG(sig_inception, p);
5f8e58f4
SK		 738 GETSHORT(key_tag, p);
739
5f8e58f4 740 if (!extract_name(header, plen, &p, keyname, 1, 0))
87070192 741 return STAT_BOGUS;
d387380a
SK		 742
743 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
744 the name of the zone containing the RRset. We can't tell that
745 for certain, but we can check that the RRset name is equal to
746 or encloses the signers name, which should be enough to stop
747 an attacker using signatures made with the key of an unrelated
748 zone he controls. Note that the root key is always allowed. */
749 if (*keyname != 0)
750 {
751 int failed = 0;
752
753 for (name_start = name; !hostname_isequal(name_start, keyname); )
754 if ((name_start = strchr(name_start, '.')))
755 name_start++; /* chop a label off and try again */
756 else
757 {
758 failed = 1;
759 break;
760 }
761
762 /* Bad sig, try another */
763 if (failed)
764 continue;
765 }
5f8e58f4 766
d387380a 767 /* Other 5.3.1 checks */
e7829aef
SK		 768 if (!check_date_range(sig_inception, sig_expiration) ||
769 labels > name_labels ||
770 !(hash = hash_find(algo_digest_name(algo))) ||
771 !hash_init(hash, &ctx, &digest))
772 continue;
773
5f8e58f4
SK		 774 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
775 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
776 return STAT_NEED_KEY;
777
86bec2d3
SK		 778 sig = p;
779 sig_len = rdlen - (p - psav);
e7829aef 780
5f8e58f4
SK		 781 nsigttl = htonl(orig_ttl);
782
86bec2d3 783 hash->update(ctx, 18, psav);
5f8e58f4 784 wire_len = to_wire(keyname);
86bec2d3 785 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 786 from_wire(keyname);
787
5f8e58f4
SK		 788 for (i = 0; i < rrsetidx; ++i)
789 {
790 int seg;
791 unsigned char *end, *cp;
792 u16 len, *dp;
d387380a 793
5f8e58f4
SK		 794 p = rrset[i];
795 if (!extract_name(header, plen, &p, name, 1, 10))
87070192 796 return STAT_BOGUS;
5ada8885 797
d387380a
SK		 798 name_start = name;
799
5ada8885
SK		 800 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
801 if (labels < name_labels)
802 {
803 int k;
804 for (k = name_labels - labels; k != 0; k--)
fbc52057
SK		 805 {
806 while (*name_start != '.' && *name_start != 0)
807 name_start++;
0b1008d3 808 if (k != 1 && *name_start == '.')
fbc52057
SK		 809 name_start++;
810 }
811
812 if (wildcard_out)
813 *wildcard_out = name_start+1;
814
5ada8885
SK		 815 name_start--;
816 *name_start = '*';
817 }
818
819 wire_len = to_wire(name_start);
86bec2d3
SK		 820 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
821 hash->update(ctx, 4, p); /* class and type */
822 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 823
824 p += 8; /* skip class, type, ttl */
825 GETSHORT(rdlen, p);
5ada8885 826 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 827 return STAT_BOGUS;
5ada8885 828
5f8e58f4
SK		 829 end = p + rdlen;
830
831 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
832 cp = p;
833 dp = rr_desc;
094b5c3d 834 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
5f8e58f4
SK		 835 len += end - cp;
836 len = htons(len);
86bec2d3 837 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 838
839 /* Now canonicalise again and digest. */
840 cp = p;
841 dp = rr_desc;
094b5c3d 842 while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
86bec2d3 843 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 844 if (cp != end)
86bec2d3 845 hash->update(ctx, end - cp, cp);
5f8e58f4 846 }
86bec2d3
SK		 847
848 hash->digest(ctx, hash->digest_size, digest);
849
5ada8885
SK		 850 /* namebuff used for workspace above, restore to leave unchanged on exit */
851 p = (unsigned char*)(rrset[0]);
852 extract_name(header, plen, &p, name, 1, 0);
853
5f8e58f4
SK		 854 if (key)
855 {
856 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 857 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 858 return STAT_SECURE;
859 }
860 else
861 {
862 /* iterate through all possible keys 4035 5.3.1 */
863 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 864 if (crecp->addr.key.algo == algo &&
865 crecp->addr.key.keytag == key_tag &&
3f7483e8 866 crecp->uid == (unsigned int)class &&
ebe95a83 867 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 868 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 869 }
870 }
871
872 return STAT_BOGUS;
873}
874
0fc2f313 875/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 876 Put all DNSKEYs in the answer which are valid into the cache.
877 return codes:
97e618a0 878 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313 879 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
87070192 880 or self-sign for DNSKEY RRset is not valid, bad packet.
0fc2f313 881 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 882*/
883int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
884{
0fc2f313 885 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 886 struct crec *crecp, *recp1;
8d718cbb 887 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 888 struct blockdata *key;
51ea3ca2 889 struct all_addr a;
c3e0b9b6 890
5f8e58f4
SK		 891 if (ntohs(header->qdcount) != 1 ||
892 !extract_name(header, plen, &p, name, 1, 4))
87070192 893 return STAT_BOGUS;
5f8e58f4 894
c3e0b9b6
SK		 895 GETSHORT(qtype, p);
896 GETSHORT(qclass, p);
897
97e618a0 898 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 899 return STAT_BOGUS;
c3e0b9b6 900
b8eac191 901 /* See if we have cached a DS record which validates this key */
0fc2f313
SK		 902 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
903 {
904 strcpy(keyname, name);
905 return STAT_NEED_DS;
906 }
b8eac191
SK		 907
908 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
909 if (crecp->flags & F_NEG)
910 return STAT_INSECURE;
911
0fc2f313 912 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 913 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 914 {
915 /* Ensure we have type, class TTL and length */
0fc2f313 916 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
87070192 917 return STAT_BOGUS; /* bad packet */
c3e0b9b6
SK		 918
919 GETSHORT(qtype, p);
920 GETSHORT(qclass, p);
921 GETLONG(ttl, p);
922 GETSHORT(rdlen, p);
6f468103 923
0fc2f313 924 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
87070192 925 return STAT_BOGUS; /* bad packet */
0fc2f313 926
6f468103
SK		 927 if (qclass != class || qtype != T_DNSKEY || rc == 2)
928 {
929 p += rdlen;
930 continue;
931 }
932
0fc2f313 933 psave = p;
c3e0b9b6 934
c3e0b9b6 935 GETSHORT(flags, p);
0fc2f313 936 if (*p++ != 3)
f01d7be6 937 return STAT_BOGUS;
c3e0b9b6 938 algo = *p++;
0fc2f313 939 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 940 key = NULL;
c3e0b9b6 941
e7829aef
SK		 942 /* key must have zone key flag set */
943 if (flags & 0x100)
944 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 945
0fc2f313 946 p = psave;
e7829aef 947
0fc2f313 948 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 949 {
950 if (key)
951 blockdata_free(key);
87070192 952 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 953 }
954
e7829aef
SK		 955 /* No zone key flag or malloc failure */
956 if (!key)
0fc2f313
SK		 957 continue;
958
959 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 960 {
961 void *ctx;
962 unsigned char *digest, *ds_digest;
963 const struct nettle_hash *hash;
964
51ea3ca2
SK		 965 if (recp1->addr.ds.algo == algo &&
966 recp1->addr.ds.keytag == keytag &&
3f7483e8 967 recp1->uid == (unsigned int)class &&
51ea3ca2 968 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 969 hash_init(hash, &ctx, &digest))
0fc2f313 970
86bec2d3
SK		 971 {
972 int wire_len = to_wire(name);
973
974 /* Note that digest may be different between DSs, so
975 we can't move this outside the loop. */
976 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
977 hash->update(ctx, (unsigned int)rdlen, psave);
978 hash->digest(ctx, hash->digest_size, digest);
979
980 from_wire(name);
981
824202ef
SK		 982 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
983 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
984 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
fbc52057 985 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 986 {
86bec2d3 987 valid = 1;
86bec2d3
SK		 988 break;
989 }
990 }
991 }
e7829aef 992 blockdata_free(key);
c3e0b9b6 993 }
c3e0b9b6 994
0fc2f313
SK		 995 if (valid)
996 {
8d718cbb 997 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 998 cache_start_insert();
999
1000 p = skip_questions(header, plen);
1001
1002 for (j = ntohs(header->ancount); j != 0; j--)
1003 {
1004 /* Ensure we have type, class TTL and length */
1005 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1006 return STAT_INSECURE; /* bad packet */
1007
1008 GETSHORT(qtype, p);
1009 GETSHORT(qclass, p);
1010 GETLONG(ttl, p);
1011 GETSHORT(rdlen, p);
8d718cbb
SK		 1012
1013 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1014 return STAT_BOGUS; /* bad packet */
e7829aef 1015
8d718cbb 1016 if (qclass == class && rc == 1)
e7829aef 1017 {
8d718cbb 1018 psave = p;
e7829aef 1019
8d718cbb
SK		 1020 if (qtype == T_DNSKEY)
1021 {
1022 if (rdlen < 4)
87070192 1023 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1024
1025 GETSHORT(flags, p);
1026 if (*p++ != 3)
f01d7be6 1027 return STAT_BOGUS;
8d718cbb
SK		 1028 algo = *p++;
1029 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1030
1031 /* Cache needs to known class for DNSSEC stuff */
1032 a.addr.dnssec.class = class;
1033
1034 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1035 {
1036 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1037 blockdata_free(key);
1038 else
1039 {
1040 a.addr.keytag = keytag;
25cf5e37 1041 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
8d718cbb
SK		 1042
1043 recp1->addr.key.keylen = rdlen - 4;
1044 recp1->addr.key.keydata = key;
1045 recp1->addr.key.algo = algo;
1046 recp1->addr.key.keytag = keytag;
1047 recp1->addr.key.flags = flags;
8d718cbb
SK		 1048 }
1049 }
1050 }
1051 else if (qtype == T_RRSIG)
1052 {
1053 /* RRSIG, cache if covers DNSKEY RRset */
1054 if (rdlen < 18)
87070192 1055 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1056
1057 GETSHORT(type_covered, p);
1058
1059 if (type_covered == T_DNSKEY)
1060 {
1061 a.addr.dnssec.class = class;
1062 a.addr.dnssec.type = type_covered;
1063
1064 algo = *p++;
1065 p += 13; /* labels, orig_ttl, expiration, inception */
1066 GETSHORT(keytag, p);
1067 if ((key = blockdata_alloc((char*)psave, rdlen)))
1068 {
1069 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1070 blockdata_free(key);
1071 else
1072 {
8d718cbb
SK		 1073 crecp->addr.sig.keydata = key;
1074 crecp->addr.sig.keylen = rdlen;
1075 crecp->addr.sig.keytag = keytag;
1076 crecp->addr.sig.type_covered = type_covered;
1077 crecp->addr.sig.algo = algo;
1078 }
1079 }
1080 }
1081 }
e7829aef 1082
8d718cbb 1083 p = psave;
e7829aef 1084 }
8d718cbb 1085
e7829aef 1086 if (!ADD_RDLEN(header, p, plen, rdlen))
87070192 1087 return STAT_BOGUS; /* bad packet */
e7829aef
SK		 1088 }
1089
0fc2f313
SK		 1090 /* commit cache insert. */
1091 cache_end_insert();
1092 return STAT_SECURE;
1093 }
1094
25cf5e37 1095 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
0fc2f313 1096 return STAT_BOGUS;
c3e0b9b6 1097}
0fc2f313 1098
c3e0b9b6
SK		 1099/* The DNS packet is expected to contain the answer to a DS query
1100 Put all DSs in the answer which are valid into the cache.
1101 return codes:
c3e0b9b6 1102 STAT_SECURE At least one valid DS found and in cache.
00a5b5d4 1103 STAT_NO_DS It's proved there's no DS here.
97e618a0
SK		 1104 STAT_NO_NS It's proved there's no DS _or_ NS here.
1105 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
c3e0b9b6
SK		 1106 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1107*/
1108
1109int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1110{
51ea3ca2 1111 unsigned char *p = (unsigned char *)(header+1);
97e618a0 1112 int qtype, qclass, val, i, neganswer, nons;
c3e0b9b6 1113
5f8e58f4 1114 if (ntohs(header->qdcount) != 1 ||
b8eac191 1115 !(p = skip_name(p, header, plen, 4)))
87070192 1116 return STAT_BOGUS;
8d718cbb 1117
c3e0b9b6
SK		 1118 GETSHORT(qtype, p);
1119 GETSHORT(qclass, p);
1120
b47b04c8
SK		 1121 if (qtype != T_DS || qclass != class)
1122 val = STAT_BOGUS;
1123 else
97e618a0
SK		 1124 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
1125 /* Note dnssec_validate_reply() will have cached positive answers */
1126
1127 if (val == STAT_NO_SIG || val == STAT_INSECURE)
1128 val = STAT_BOGUS;
51ea3ca2 1129
b8eac191
SK		 1130 p = (unsigned char *)(header+1);
1131 extract_name(header, plen, &p, name, 1, 4);
1132 p += 4; /* qtype, qclass */
1133
00a5b5d4 1134 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
97e618a0 1135 val = STAT_BOGUS;
00a5b5d4 1136
0fc2f313 1137 if (val == STAT_BOGUS)
b8eac191 1138 {
25cf5e37 1139 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
97e618a0
SK		 1140 return STAT_BOGUS;
1141 }
1142
1143 /* By here, the answer is proved secure, and a positive answer has been cached. */
1144 if (val == STAT_SECURE && neganswer)
1145 {
1146 int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
b8eac191
SK		 1147 unsigned long ttl, minttl = ULONG_MAX;
1148 struct all_addr a;
00a5b5d4
SK		 1149
1150 if (RCODE(header) == NXDOMAIN)
1151 flags |= F_NXDOMAIN;
1152
97e618a0
SK		 1153 /* We only cache validated DS records, DNSSECOK flag hijacked
1154 to store presence/absence of NS. */
1155 if (nons)
1156 flags &= ~F_DNSSECOK;
b8eac191
SK		 1157
1158 for (i = ntohs(header->nscount); i != 0; i--)
1159 {
00a5b5d4 1160 if (!(p = skip_name(p, header, plen, 0)))
87070192 1161 return STAT_BOGUS;
b8eac191
SK		 1162
1163 GETSHORT(qtype, p);
1164 GETSHORT(qclass, p);
1165 GETLONG(ttl, p);
1166 GETSHORT(rdlen, p);
1167
00a5b5d4 1168 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1169 return STAT_BOGUS; /* bad packet */
00a5b5d4
SK		 1170
1171 if (qclass != class || qtype != T_SOA)
b8eac191
SK		 1172 {
1173 p += rdlen;
1174 continue;
1175 }
1176
1177 if (ttl < minttl)
1178 minttl = ttl;
1179
1180 /* MNAME */
1181 if (!(p = skip_name(p, header, plen, 0)))
87070192 1182 return STAT_BOGUS;
b8eac191
SK		 1183 /* RNAME */
1184 if (!(p = skip_name(p, header, plen, 20)))
87070192 1185 return STAT_BOGUS;
b8eac191
SK		 1186 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1187
1188 GETLONG(ttl, p); /* minTTL */
1189 if (ttl < minttl)
1190 minttl = ttl;
00a5b5d4
SK		 1191
1192 break;
b8eac191
SK		 1193 }
1194
00a5b5d4
SK		 1195 if (i != 0)
1196 {
1197 cache_start_insert();
1198
1199 a.addr.dnssec.class = class;
1200 cache_insert(name, &a, now, ttl, flags);
1201
97e618a0
SK		 1202 cache_end_insert();
1203
25cf5e37 1204 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
00a5b5d4 1205 }
b8eac191 1206
97e618a0 1207 return nons ? STAT_NO_NS : STAT_NO_DS;
b8eac191
SK		 1208 }
1209
51ea3ca2 1210 return val;
c3e0b9b6
SK		 1211}
1212
c5f4ec7d
SK		 1213/* 4034 6.1 */
1214static int hostname_cmp(const char *a, const char *b)
1215{
dbf72123
SK		 1216 char *sa, *ea, *ca, *sb, *eb, *cb;
1217 unsigned char ac, bc;
1218
1219 sa = ea = (char *)a + strlen(a);
1220 sb = eb = (char *)b + strlen(b);
1221
c5f4ec7d
SK		 1222 while (1)
1223 {
dbf72123
SK		 1224 while (sa != a && *(sa-1) != '.')
1225 sa--;
c5f4ec7d 1226
dbf72123
SK		 1227 while (sb != b && *(sb-1) != '.')
1228 sb--;
1229
1230 ca = sa;
1231 cb = sb;
1232
1233 while (1)
1234 {
1235 if (ca == ea)
1236 {
1237 if (cb == eb)
1238 break;
1239
1240 return -1;
1241 }
c5f4ec7d 1242
dbf72123
SK		 1243 if (cb == eb)
1244 return 1;
1245
1246 ac = (unsigned char) *ca++;
1247 bc = (unsigned char) *cb++;
1248
1249 if (ac >= 'A' && ac <= 'Z')
1250 ac += 'a' - 'A';
1251 if (bc >= 'A' && bc <= 'Z')
1252 bc += 'a' - 'A';
1253
979cdf9b 1254 if (ac < bc)
dbf72123
SK		 1255 return -1;
1256 else if (ac != bc)
1257 return 1;
1258 }
c5f4ec7d 1259
dbf72123
SK		 1260
1261 if (sa == a)
c5f4ec7d 1262 {
dbf72123
SK		 1263 if (sb == b)
1264 return 0;
c5f4ec7d 1265
dbf72123 1266 return -1;
c5f4ec7d
SK		 1267 }
1268
dbf72123
SK		 1269 if (sb == b)
1270 return 1;
c5f4ec7d 1271
dbf72123
SK		 1272 ea = sa--;
1273 eb = sb--;
c5f4ec7d
SK		 1274 }
1275}
1276
5107ace1
SK		 1277/* Find all the NSEC or NSEC3 records in a reply.
1278 return an array of pointers to them. */
1279static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1280{
1281 static unsigned char **nsecset = NULL;
1282 static int nsecset_sz = 0;
1283
87070192 1284 int type_found = 0;
5107ace1
SK		 1285 unsigned char *p = skip_questions(header, plen);
1286 int type, class, rdlen, i, nsecs_found;
1287
1288 /* Move to NS section */
1289 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1290 return 0;
1291
1292 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1293 {
1294 unsigned char *pstart = p;
1295
1296 if (!(p = skip_name(p, header, plen, 10)))
1297 return 0;
1298
1299 GETSHORT(type, p);
1300 GETSHORT(class, p);
1301 p += 4; /* TTL */
1302 GETSHORT(rdlen, p);
1303
1304 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1305 {
1306 /* No mixed NSECing 'round here, thankyouverymuch */
1307 if (type_found == T_NSEC && type == T_NSEC3)
1308 return 0;
1309 if (type_found == T_NSEC3 && type == T_NSEC)
1310 return 0;
1311
1312 type_found = type;
1313
613ad15d
SK		 1314 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1315 return 0;
1316
5107ace1
SK		 1317 nsecset[nsecs_found++] = pstart;
1318 }
613ad15d 1319
5107ace1
SK		 1320 if (!ADD_RDLEN(header, p, plen, rdlen))
1321 return 0;
1322 }
1323
1324 *nsecsetp = nsecset;
1325 *nsecsetl = nsecs_found;
1326
1327 return type_found;
1328}
1329
24187530 1330static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
97e618a0 1331 char *workspace1, char *workspace2, char *name, int type, int *nons)
5107ace1
SK		 1332{
1333 int i, rc, rdlen;
1334 unsigned char *p, *psave;
1335 int offset = (type & 0xff) >> 3;
1336 int mask = 0x80 >> (type & 0x07);
97e618a0
SK		 1337
1338 if (nons)
1339 *nons = 0;
5107ace1
SK		 1340
1341 /* Find NSEC record that proves name doesn't exist */
1342 for (i = 0; i < nsec_count; i++)
1343 {
1344 p = nsecs[i];
1345 if (!extract_name(header, plen, &p, workspace1, 1, 10))
87070192 1346 return STAT_BOGUS;
5107ace1
SK		 1347 p += 8; /* class, type, TTL */
1348 GETSHORT(rdlen, p);
1349 psave = p;
1350 if (!extract_name(header, plen, &p, workspace2, 1, 10))
87070192 1351 return STAT_BOGUS;
5107ace1
SK		 1352
1353 rc = hostname_cmp(workspace1, name);
1354
1355 if (rc == 0)
1356 {
f01d7be6
SK		 1357 /* 4035 para 5.4. Last sentence */
1358 if (type == T_NSEC || type == T_RRSIG)
1359 return STAT_SECURE;
1360
5107ace1
SK		 1361 /* NSEC with the same name as the RR we're testing, check
1362 that the type in question doesn't appear in the type map */
1363 rdlen -= p - psave;
1364 /* rdlen is now length of type map, and p points to it */
1365
97e618a0
SK		 1366 /* If we can prove that there's no NS record, return that information. */
1367 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1368 *nons = 1;
1369
5107ace1
SK		 1370 while (rdlen >= 2)
1371 {
1372 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1373 return STAT_BOGUS;
5107ace1
SK		 1374
1375 if (p[0] == type >> 8)
1376 {
1377 /* Does the NSEC say our type exists? */
a857daa3 1378 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1379 return STAT_BOGUS;
1380
1381 break; /* finshed checking */
1382 }
1383
1384 rdlen -= p[1];
1385 p += p[1];
1386 }
1387
1388 return STAT_SECURE;
1389 }
1390 else if (rc == -1)
1391 {
1392 /* Normal case, name falls between NSEC name and next domain name,
1393 wrap around case, name falls between NSEC name (rc == -1) and end */
1394 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1395 return STAT_SECURE;
1396 }
1397 else
1398 {
1399 /* wrap around case, name falls between start and next domain name */
1400 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1401 return STAT_SECURE;
1402 }
1403 }
1404
1405 return STAT_BOGUS;
1406}
1407
1408/* return digest length, or zero on error */
1409static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1410 unsigned char *salt, int salt_len, int iterations)
1411{
1412 void *ctx;
1413 unsigned char *digest;
1414 int i;
1415
1416 if (!hash_init(hash, &ctx, &digest))
1417 return 0;
1418
1419 hash->update(ctx, to_wire(in), (unsigned char *)in);
1420 hash->update(ctx, salt_len, salt);
1421 hash->digest(ctx, hash->digest_size, digest);
1422
1423 for(i = 0; i < iterations; i++)
1424 {
1425 hash->update(ctx, hash->digest_size, digest);
1426 hash->update(ctx, salt_len, salt);
1427 hash->digest(ctx, hash->digest_size, digest);
1428 }
1429
1430 from_wire(in);
1431
1432 *out = digest;
1433 return hash->digest_size;
1434}
1435
1436/* Decode base32 to first "." or end of string */
1437static int base32_decode(char *in, unsigned char *out)
1438{
a857daa3 1439 int oc, on, c, mask, i;
5107ace1
SK		 1440 unsigned char *p = out;
1441
a857daa3 1442 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
5107ace1 1443 {
5107ace1
SK		 1444 if (c >= '0' && c <= '9')
1445 c -= '0';
1446 else if (c >= 'a' && c <= 'v')
1447 c -= 'a', c += 10;
1448 else if (c >= 'A' && c <= 'V')
1449 c -= 'A', c += 10;
1450 else
1451 return 0;
1452
1453 for (mask = 0x10, i = 0; i < 5; i++)
1454 {
a857daa3
SK		 1455 if (c & mask)
1456 oc |= 1;
1457 mask = mask >> 1;
1458 if (((++on) & 7) == 0)
1459 *p++ = oc;
1460 oc = oc << 1;
5107ace1
SK		 1461 }
1462 }
1463
1464 if ((on & 7) != 0)
1465 return 0;
1466
1467 return p - out;
1468}
1469
fbc52057 1470static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
97e618a0 1471 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
fbc52057
SK		 1472{
1473 int i, hash_len, salt_len, base32_len, rdlen;
1474 unsigned char *p, *psave;
1475
1476 for (i = 0; i < nsec_count; i++)
1477 if ((p = nsecs[i]))
1478 {
1479 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1480 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1481 return 0;
1482
1483 p += 8; /* class, type, TTL */
1484 GETSHORT(rdlen, p);
1485 psave = p;
1486 p += 4; /* algo, flags, iterations */
1487 salt_len = *p++; /* salt_len */
1488 p += salt_len; /* salt */
1489 hash_len = *p++; /* p now points to next hashed name */
1490
1491 if (!CHECK_LEN(header, p, plen, hash_len))
1492 return 0;
1493
1494 if (digest_len == base32_len && hash_len == base32_len)
1495 {
1496 int rc = memcmp(workspace2, digest, digest_len);
1497
1498 if (rc == 0)
1499 {
1500 /* We found an NSEC3 whose hashed name exactly matches the query, so
1501 we just need to check the type map. p points to the RR data for the record. */
1502
1503 int offset = (type & 0xff) >> 3;
1504 int mask = 0x80 >> (type & 0x07);
1505
1506 p += hash_len; /* skip next-domain hash */
1507 rdlen -= p - psave;
1508
1509 if (!CHECK_LEN(header, p, plen, rdlen))
1510 return 0;
1511
97e618a0
SK		 1512 /* If we can prove that there's no NS record, return that information. */
1513 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1514 *nons = 1;
1515
fbc52057
SK		 1516 while (rdlen >= 2)
1517 {
1518 if (p[0] == type >> 8)
1519 {
1520 /* Does the NSEC3 say our type exists? */
1521 if (offset < p[1] && (p[offset+2] & mask) != 0)
1522 return STAT_BOGUS;
1523
1524 break; /* finshed checking */
1525 }
1526
1527 rdlen -= p[1];
1528 p += p[1];
1529 }
1530
1531 return 1;
1532 }
1533 else if (rc <= 0)
1534 {
1535 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1536 wrap around case, name-hash falls between NSEC3 name-hash and end */
1537 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1538 return 1;
1539 }
1540 else
1541 {
1542 /* wrap around case, name falls between start and next domain name */
1543 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1544 return 1;
1545 }
1546 }
1547 }
1548 return 0;
1549}
1550
24187530 1551static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
97e618a0 1552 char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
5107ace1 1553{
a857daa3 1554 unsigned char *salt, *p, *digest;
fbc52057 1555 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
5107ace1
SK		 1556 struct nettle_hash const *hash;
1557 char *closest_encloser, *next_closest, *wildcard;
97e618a0
SK		 1558
1559 if (nons)
1560 *nons = 0;
1561
5107ace1
SK		 1562 /* Look though the NSEC3 records to find the first one with
1563 an algorithm we support (currently only algo == 1).
1564
1565 Take the algo, iterations, and salt of that record
1566 as the ones we're going to use, and prune any
1567 that don't match. */
1568
1569 for (i = 0; i < nsec_count; i++)
1570 {
1571 if (!(p = skip_name(nsecs[i], header, plen, 15)))
87070192 1572 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1573
1574 p += 10; /* type, class, TTL, rdlen */
1575 algo = *p++;
1576
1577 if (algo == 1)
1578 break; /* known algo */
1579 }
1580
1581 /* No usable NSEC3s */
1582 if (i == nsec_count)
1583 return STAT_BOGUS;
1584
1585 p++; /* flags */
1586 GETSHORT (iterations, p);
1587 salt_len = *p++;
1588 salt = p;
1589 if (!CHECK_LEN(header, salt, plen, salt_len))
87070192 1590 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1591
1592 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1593 for (i = 0; i < nsec_count; i++)
1594 {
1595 unsigned char *nsec3p = nsecs[i];
1596 int this_iter;
1597
1598 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1599
1600 if (!(p = skip_name(nsec3p, header, plen, 15)))
87070192 1601 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1602
1603 p += 10; /* type, class, TTL, rdlen */
1604
1605 if (*p++ != algo)
1606 continue;
1607
1608 p++; /* flags */
1609
a857daa3 1610 GETSHORT(this_iter, p);
5107ace1
SK		 1611 if (this_iter != iterations)
1612 continue;
1613
1614 if (salt_len != *p++)
1615 continue;
1616
1617 if (!CHECK_LEN(header, p, plen, salt_len))
87070192 1618 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1619
1620 if (memcmp(p, salt, salt_len) != 0)
1621 continue;
1622
1623 /* All match, put the pointer back */
1624 nsecs[i] = nsec3p;
1625 }
1626
1627 /* Algo is checked as 1 above */
1628 if (!(hash = hash_find("sha1")))
87070192 1629 return STAT_BOGUS;
5107ace1 1630
fbc52057
SK		 1631 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1632 return STAT_BOGUS;
1633
97e618a0 1634 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
fbc52057
SK		 1635 return STAT_SECURE;
1636
1637 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1638 or an answer inferred from a wildcard record. */
5107ace1
SK		 1639 closest_encloser = name;
1640 next_closest = NULL;
1641
1642 do
1643 {
1644 if (*closest_encloser == '.')
1645 closest_encloser++;
c5f4ec7d 1646
fbc52057
SK		 1647 if (wildname && hostname_isequal(closest_encloser, wildname))
1648 break;
1649
a857daa3 1650 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
87070192 1651 return STAT_BOGUS;
5107ace1
SK		 1652
1653 for (i = 0; i < nsec_count; i++)
1654 if ((p = nsecs[i]))
1655 {
5107ace1 1656 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1657 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
87070192 1658 return STAT_BOGUS;
5107ace1 1659
a857daa3
SK		 1660 if (digest_len == base32_len &&
1661 memcmp(digest, workspace2, digest_len) == 0)
5107ace1
SK		 1662 break; /* Gotit */
1663 }
1664
1665 if (i != nsec_count)
1666 break;
1667
1668 next_closest = closest_encloser;
1669 }
1670 while ((closest_encloser = strchr(closest_encloser, '.')));
1671
fbc52057 1672 if (!closest_encloser)
5107ace1
SK		 1673 return STAT_BOGUS;
1674
24187530 1675 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
a857daa3 1676 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
87070192 1677 return STAT_BOGUS;
5107ace1 1678
97e618a0 1679 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
87070192 1680 return STAT_BOGUS;
5107ace1 1681
fbc52057
SK		 1682 /* Finally, check that there's no seat of wildcard synthesis */
1683 if (!wildname)
1684 {
1685 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1686 return STAT_BOGUS;
1687
1688 wildcard--;
1689 *wildcard = '*';
1690
1691 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1692 return STAT_BOGUS;
1693
97e618a0 1694 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
fbc52057
SK		 1695 return STAT_BOGUS;
1696 }
5107ace1 1697
fbc52057 1698 return STAT_SECURE;
5107ace1
SK		 1699}
1700
0fc2f313 1701/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1702/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
97e618a0
SK		 1703int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1704 int *class, int *neganswer, int *nons)
adca3e9c 1705{
00a5b5d4
SK		 1706 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1707 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1fbe4d2f 1708 int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
00a5b5d4 1709 int nsec_type = 0, have_answer = 0;
adca3e9c 1710
00a5b5d4
SK		 1711 if (neganswer)
1712 *neganswer = 0;
1713
87070192 1714 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
e3ec15af
SK		 1715 return STAT_BOGUS;
1716
87070192 1717 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
72ae2f3d 1718 return STAT_INSECURE;
00a5b5d4
SK		 1719
1720 qname = p1 = (unsigned char *)(header+1);
c5f4ec7d 1721
00a5b5d4 1722 if (!extract_name(header, plen, &p1, name, 1, 4))
87070192 1723 return STAT_BOGUS;
00a5b5d4
SK		 1724
1725 GETSHORT(qtype, p1);
1726 GETSHORT(qclass, p1);
1727 ans_start = p1;
9d1b22aa
SK		 1728
1729 if (qtype == T_ANY)
1730 have_answer = 1;
00a5b5d4
SK		 1731
1732 /* Can't validate an RRISG query */
1733 if (qtype == T_RRSIG)
0fc2f313 1734 return STAT_INSECURE;
00a5b5d4
SK		 1735
1736 cname_loop:
1737 for (j = ntohs(header->ancount); j != 0; j--)
1738 {
1739 /* leave pointer to missing name in qname */
1740
1741 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
87070192 1742 return STAT_BOGUS; /* bad packet */
00a5b5d4
SK		 1743
1744 GETSHORT(type2, p1);
1745 GETSHORT(class2, p1);
1746 p1 += 4; /* TTL */
1747 GETSHORT(rdlen2, p1);
1748
1749 if (rc == 1 && qclass == class2)
1750 {
1751 /* Do we have an answer for the question? */
1752 if (type2 == qtype)
1753 {
1754 have_answer = 1;
1755 break;
1756 }
1757 else if (type2 == T_CNAME)
1758 {
1759 qname = p1;
1760
1761 /* looped CNAMES */
1762 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
87070192 1763 return STAT_BOGUS;
00a5b5d4
SK		 1764
1765 p1 = ans_start;
1766 goto cname_loop;
1767 }
1768 }
1769
1770 if (!ADD_RDLEN(header, p1, plen, rdlen2))
87070192 1771 return STAT_BOGUS;
00a5b5d4 1772 }
0fc2f313 1773
00a5b5d4
SK		 1774 if (neganswer && !have_answer)
1775 *neganswer = 1;
0575610f
SK		 1776
1777 /* No data, therefore no sigs */
1778 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1779 return STAT_NO_SIG;
00a5b5d4 1780
0fc2f313 1781 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1782 {
0fc2f313 1783 if (!extract_name(header, plen, &p1, name, 1, 10))
87070192 1784 return STAT_BOGUS; /* bad packet */
0fc2f313
SK		 1785
1786 GETSHORT(type1, p1);
1787 GETSHORT(class1, p1);
1788 p1 += 4; /* TTL */
1789 GETSHORT(rdlen1, p1);
1790
1791 /* Don't try and validate RRSIGs! */
1792 if (type1 != T_RRSIG)
1793 {
1794 /* Check if we've done this RRset already */
1795 for (p2 = ans_start, j = 0; j < i; j++)
1796 {
1797 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
87070192 1798 return STAT_BOGUS; /* bad packet */
0fc2f313
SK		 1799
1800 GETSHORT(type2, p2);
1801 GETSHORT(class2, p2);
1802 p2 += 4; /* TTL */
1803 GETSHORT(rdlen2, p2);
1804
1805 if (type2 == type1 && class2 == class1 && rc == 1)
1806 break; /* Done it before: name, type, class all match. */
1807
1808 if (!ADD_RDLEN(header, p2, plen, rdlen2))
87070192 1809 return STAT_BOGUS;
0fc2f313
SK		 1810 }
1811
1812 /* Not done, validate now */
51ea3ca2 1813 if (j == i)
0fc2f313 1814 {
8d718cbb
SK		 1815 int ttl, keytag, algo, digest, type_covered;
1816 unsigned char *psave;
1817 struct all_addr a;
1818 struct blockdata *key;
1819 struct crec *crecp;
fbc52057
SK		 1820 char *wildname;
1821
1822 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
5107ace1
SK		 1823
1824 if (rc == STAT_SECURE_WILDCARD)
1825 {
1826 /* An attacker replay a wildcard answer with a different
a857daa3 1827 answer and overlay a genuine RR. To prove this
5107ace1 1828 hasn't happened, the answer must prove that
a857daa3 1829 the gennuine record doesn't exist. Check that here. */
87070192
SK		 1830 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1831 return STAT_BOGUS; /* No NSECs or bad packet */
5107ace1
SK		 1832
1833 if (nsec_type == T_NSEC)
97e618a0 1834 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
5107ace1 1835 else
97e618a0
SK		 1836 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
1837 keyname, name, type1, wildname, NULL);
1838
5107ace1
SK		 1839 if (rc != STAT_SECURE)
1840 return rc;
1841 }
1842 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1843 {
1844 if (class)
1845 *class = class1; /* Class for DS or DNSKEY */
1846 return rc;
1847 }
5107ace1 1848
8d718cbb
SK		 1849 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1850 cache_start_insert();
1851
1852 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1853 {
8d718cbb 1854 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
87070192 1855 return STAT_BOGUS; /* bad packet */
51ea3ca2 1856
8d718cbb
SK		 1857 GETSHORT(type2, p2);
1858 GETSHORT(class2, p2);
1859 GETLONG(ttl, p2);
1860 GETSHORT(rdlen2, p2);
1861
1862 if (!CHECK_LEN(header, p2, plen, rdlen2))
87070192 1863 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1864
1865 if (class2 == class1 && rc == 1)
1866 {
1867 psave = p2;
1868
1869 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1870 {
8d718cbb 1871 if (rdlen2 < 4)
87070192 1872 return STAT_BOGUS; /* bad packet */
8d718cbb 1873
51ea3ca2
SK		 1874 GETSHORT(keytag, p2);
1875 algo = *p2++;
1876 digest = *p2++;
1877
1878 /* Cache needs to known class for DNSSEC stuff */
1879 a.addr.dnssec.class = class2;
1880
8d718cbb 1881 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1882 {
8d718cbb
SK		 1883 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1884 blockdata_free(key);
1885 else
1886 {
1887 a.addr.keytag = keytag;
25cf5e37 1888 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
8d718cbb
SK		 1889 crecp->addr.ds.digest = digest;
1890 crecp->addr.ds.keydata = key;
1891 crecp->addr.ds.algo = algo;
1892 crecp->addr.ds.keytag = keytag;
8d718cbb
SK		 1893 crecp->addr.ds.keylen = rdlen2 - 4;
1894 }
1895 }
1896 }
1897 else if (type2 == T_RRSIG)
1898 {
1899 if (rdlen2 < 18)
87070192 1900 return STAT_BOGUS; /* bad packet */
51ea3ca2 1901
8d718cbb
SK		 1902 GETSHORT(type_covered, p2);
1903
1904 if (type_covered == type1 &&
1905 (type_covered == T_A || type_covered == T_AAAA ||
1906 type_covered == T_CNAME || type_covered == T_DS ||
1907 type_covered == T_DNSKEY || type_covered == T_PTR))
1908 {
1909 a.addr.dnssec.type = type_covered;
c8ca33f8 1910 a.addr.dnssec.class = class1;
8d718cbb
SK		 1911
1912 algo = *p2++;
1913 p2 += 13; /* labels, orig_ttl, expiration, inception */
1914 GETSHORT(keytag, p2);
1915
1916 if ((key = blockdata_alloc((char*)psave, rdlen2)))
1917 {
1918 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1919 blockdata_free(key);
1920 else
1921 {
8d718cbb
SK		 1922 crecp->addr.sig.keydata = key;
1923 crecp->addr.sig.keylen = rdlen2;
1924 crecp->addr.sig.keytag = keytag;
1925 crecp->addr.sig.type_covered = type_covered;
1926 crecp->addr.sig.algo = algo;
1927 }
1928 }
1929 }
51ea3ca2
SK		 1930 }
1931
8d718cbb 1932 p2 = psave;
51ea3ca2
SK		 1933 }
1934
8d718cbb 1935 if (!ADD_RDLEN(header, p2, plen, rdlen2))
87070192 1936 return STAT_BOGUS; /* bad packet */
51ea3ca2 1937 }
8d718cbb
SK		 1938
1939 cache_end_insert();
0fc2f313
SK		 1940 }
1941 }
adca3e9c 1942
0fc2f313 1943 if (!ADD_RDLEN(header, p1, plen, rdlen1))
87070192 1944 return STAT_BOGUS;
adca3e9c
GB		 1945 }
1946
c5f4ec7d 1947 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
00a5b5d4
SK		 1948 if (have_answer)
1949 return STAT_SECURE;
1950
5107ace1 1951 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
5107ace1 1952 /* First marshall the NSEC records, if we've not done it previously */
87070192
SK		 1953 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
1954 return STAT_BOGUS; /* No NSECs */
00a5b5d4
SK		 1955
1956 /* Get name of missing answer */
1957 if (!extract_name(header, plen, &qname, name, 1, 0))
87070192 1958 return STAT_BOGUS;
5107ace1
SK		 1959
1960 if (nsec_type == T_NSEC)
97e618a0 1961 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
5107ace1 1962 else
97e618a0 1963 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
e292e93d
GB		 1964}
1965
00a5b5d4
SK		 1966/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
1967 Needed for proving answer in unsigned space.
1968 Return STAT_NEED_*
1969 STAT_BOGUS - error
1970 STAT_INSECURE - name of first non-secure record in name
1971*/
1972int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
1973{
1974 unsigned char *p = (unsigned char *)(header+1);
c07d30dc 1975 int type, class, qclass, rdlen, j, rc;
1fbe4d2f 1976 int cname_count = CNAME_CHAIN;
00a5b5d4
SK		 1977
1978 /* Get question */
1979 if (!extract_name(header, plen, &p, name, 1, 4))
1980 return STAT_BOGUS;
1981
c07d30dc 1982 p +=2; /* type */
00a5b5d4
SK		 1983 GETSHORT(qclass, p);
1984
1985 while (1)
1986 {
1987 for (j = ntohs(header->ancount); j != 0; j--)
1988 {
1989 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1990 return STAT_BOGUS; /* bad packet */
1991
1992 GETSHORT(type, p);
1993 GETSHORT(class, p);
1994 p += 4; /* TTL */
1995 GETSHORT(rdlen, p);
1996
1997 /* Not target, loop */
1998 if (rc == 2 || qclass != class)
1999 {
2000 if (!ADD_RDLEN(header, p, plen, rdlen))
2001 return STAT_BOGUS;
2002 continue;
2003 }
2004
2005 /* Got to end of CNAME chain. */
2006 if (type != T_CNAME)
2007 return STAT_INSECURE;
2008
2009 /* validate CNAME chain, return if insecure or need more data */
fbc52057 2010 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
00a5b5d4
SK		 2011 if (rc != STAT_SECURE)
2012 {
2013 if (rc == STAT_NO_SIG)
2014 rc = STAT_INSECURE;
2015 return rc;
2016 }
2017
2018 /* Loop down CNAME chain/ */
2019 if (!cname_count-- ||
2020 !extract_name(header, plen, &p, name, 1, 0) ||
2021 !(p = skip_questions(header, plen)))
2022 return STAT_BOGUS;
2023
2024 break;
2025 }
2026
2027 /* End of CNAME chain */
2028 return STAT_INSECURE;
2029 }
2030}
2031
2032
3471f181 2033/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 2034int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 2035{
75ffc9bf
GB		 2036 if (alg == 1)
2037 {
2038 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2039 See RFC4034, Appendix B.1 */
0fc2f313 2040 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 2041 }
2042 else
2043 {
1633e308 2044 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 2045 int i;
2046
0fc2f313
SK		 2047 for (i = 0; i < keylen; ++i)
2048 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 2049
0fc2f313
SK		 2050 ac += (ac >> 16) & 0xffff;
2051 return ac & 0xffff;
0304d28f 2052 }
3471f181 2053}
e292e93d 2054
5f8e58f4
SK		 2055size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2056{
2057 unsigned char *p;
610e782a 2058 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 2059
2060 if (addr->sa.sa_family == AF_INET)
25cf5e37 2061 log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
5f8e58f4
SK		 2062#ifdef HAVE_IPV6
2063 else
25cf5e37 2064 log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
5f8e58f4
SK		 2065#endif
2066
2067 header->qdcount = htons(1);
2068 header->ancount = htons(0);
2069 header->nscount = htons(0);
2070 header->arcount = htons(0);
e292e93d 2071
5f8e58f4
SK		 2072 header->hb3 = HB3_RD;
2073 SET_OPCODE(header, QUERY);
5b3bf921
SK		 2074 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2075 this allows it to select auth servers when one is returning bad data. */
2076 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 2077
2078 /* ID filled in later */
2079
2080 p = (unsigned char *)(header+1);
2081
2082 p = do_rfc1035_name(p, name);
2083 *p++ = 0;
2084 PUTSHORT(type, p);
2085 PUTSHORT(class, p);
2086
2087 return add_do_bit(header, p - (unsigned char *)header, end);
2088}
8a9be9e4 2089
613ad15d
SK		 2090/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2091 we've chopped out of the packet, or check they don't point into an elided part. */
2092static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2093{
2094 unsigned char *ansp = *namep;
2095
2096 while(1)
2097 {
2098 unsigned int label_type;
2099
2100 if (!CHECK_LEN(header, ansp, plen, 1))
2101 return 0;
2102
2103 label_type = (*ansp) & 0xc0;
2104
2105 if (label_type == 0xc0)
2106 {
2107 /* pointer for compression. */
00a5b5d4
SK		 2108 unsigned int offset;
2109 int i;
613ad15d
SK		 2110 unsigned char *p;
2111
2112 if (!CHECK_LEN(header, ansp, plen, 2))
2113 return 0;
2114
2115 offset = ((*ansp++) & 0x3f) << 8;
2116 offset |= *ansp++;
2117
2118 p = offset + (unsigned char *)header;
2119
2120 for (i = 0; i < rr_count; i++)
2121 if (p < rrs[i])
2122 break;
2123 else
2124 if (i & 1)
2125 offset -= rrs[i] - rrs[i-1];
2126
2127 /* does the pointer end up in an elided RR? */
2128 if (i & 1)
00a5b5d4 2129 return 0;
613ad15d
SK		 2130
2131 /* No, scale the pointer */
2132 if (fixup)
2133 {
2134 ansp -= 2;
2135 *ansp++ = (offset >> 8) | 0xc0;
2136 *ansp++ = offset & 0xff;
2137 }
2138 break;
2139 }
2140 else if (label_type == 0x80)
2141 return 0; /* reserved */
2142 else if (label_type == 0x40)
2143 {
2144 /* Extended label type */
2145 unsigned int count;
2146
2147 if (!CHECK_LEN(header, ansp, plen, 2))
2148 return 0;
2149
2150 if (((*ansp++) & 0x3f) != 1)
2151 return 0; /* we only understand bitstrings */
2152
2153 count = *(ansp++); /* Bits in bitstring */
2154
2155 if (count == 0) /* count == 0 means 256 bits */
2156 ansp += 32;
2157 else
2158 ansp += ((count-1)>>3)+1;
2159 }
2160 else
2161 { /* label type == 0 Bottom six bits is length */
2162 unsigned int len = (*ansp++) & 0x3f;
2163
2164 if (!ADD_RDLEN(header, ansp, plen, len))
2165 return 0;
2166
2167 if (len == 0)
2168 break; /* zero length label marks the end. */
2169 }
2170 }
2171
2172 *namep = ansp;
2173
2174 return 1;
2175}
2176
2177/* Go through RRs and check or fixup the domain names contained within */
2178static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2179{
2180 int i, type, class, rdlen;
00a5b5d4 2181 unsigned char *pp;
613ad15d 2182
50f86ce8 2183 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
613ad15d 2184 {
00a5b5d4
SK		 2185 pp = p;
2186
2187 if (!(p = skip_name(p, header, plen, 10)))
2188 return 0;
613ad15d
SK		 2189
2190 GETSHORT(type, p);
2191 GETSHORT(class, p);
2192 p += 4; /* TTL */
2193 GETSHORT(rdlen, p);
00a5b5d4 2194
613ad15d
SK		 2195 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2196 {
00a5b5d4
SK		 2197 /* fixup name of RR */
2198 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2199 return 0;
2200
613ad15d
SK		 2201 if (class == C_IN)
2202 {
2203 u16 *d;
14db4212
SK		 2204
2205 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
613ad15d
SK		 2206 {
2207 if (*d != 0)
2208 pp += *d;
2209 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2210 return 0;
2211 }
2212 }
2213 }
2214
2215 if (!ADD_RDLEN(header, p, plen, rdlen))
2216 return 0;
2217 }
2218
2219 return 1;
2220}
2221
2222
2223size_t filter_rrsigs(struct dns_header *header, size_t plen)
2224{
2225 static unsigned char **rrs;
2226 static int rr_sz = 0;
2227
2228 unsigned char *p = (unsigned char *)(header+1);
50f86ce8 2229 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
613ad15d
SK		 2230
2231 if (ntohs(header->qdcount) != 1 ||
2232 !(p = skip_name(p, header, plen, 4)))
2233 return plen;
2234
2235 GETSHORT(qtype, p);
2236 GETSHORT(qclass, p);
2237
2238 /* First pass, find pointers to start and end of all the records we wish to elide:
2239 records added for DNSSEC, unless explicity queried for */
50f86ce8
SK		 2240 for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
2241 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2242 i++)
613ad15d
SK		 2243 {
2244 unsigned char *pstart = p;
2245 int type, class;
2246
2247 if (!(p = skip_name(p, header, plen, 10)))
2248 return plen;
2249
2250 GETSHORT(type, p);
2251 GETSHORT(class, p);
2252 p += 4; /* TTL */
2253 GETSHORT(rdlen, p);
2254
2255 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2256 (type != qtype || class != qclass))
2257 {
2258 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2259 return plen;
2260
2261 rrs[rr_found++] = pstart;
2262
2263 if (!ADD_RDLEN(header, p, plen, rdlen))
2264 return plen;
2265
2266 rrs[rr_found++] = p;
2267
2268 if (i < ntohs(header->ancount))
2269 chop_an++;
e6096e64 2270 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
613ad15d 2271 chop_ns++;
50f86ce8
SK		 2272 else
2273 chop_ar++;
613ad15d
SK		 2274 }
2275 else if (!ADD_RDLEN(header, p, plen, rdlen))
2276 return plen;
2277 }
2278
2279 /* Nothing to do. */
2280 if (rr_found == 0)
2281 return plen;
2282
2283 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2284 point to records we're going to elide. This is theoretically possible, but unlikely. If
2285 it happens, we give up and leave the answer unchanged. */
2286 p = (unsigned char *)(header+1);
2287
2288 /* question first */
2289 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2290 return plen;
2291 p += 4; /* qclass, qtype */
2292
2293 /* Now answers and NS */
2294 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2295 return plen;
2296
2297 /* Third pass, elide records */
2298 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2299 {
2300 unsigned char *start = rrs[i];
2301 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2302
2303 memmove(p, start, end-start);
2304 p += end-start;
2305 }
2306
2307 plen = p - (unsigned char *)header;
2308 header->ancount = htons(ntohs(header->ancount) - chop_an);
2309 header->nscount = htons(ntohs(header->nscount) - chop_ns);
50f86ce8
SK		 2310 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2311
613ad15d
SK		 2312 /* Fourth pass, fix up pointers in the remaining records */
2313 p = (unsigned char *)(header+1);
2314
2315 check_name(&p, header, plen, 1, rrs, rr_found);
2316 p += 4; /* qclass, qtype */
2317
2318 check_rrs(p, header, plen, 1, rrs, rr_found);
2319
2320 return plen;
2321}
2322
8a9be9e4
SK		 2323unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2324{
2325 int q;
2326 unsigned int len;
2327 unsigned char *p = (unsigned char *)(header+1);
2328 const struct nettle_hash *hash;
2329 void *ctx;
2330 unsigned char *digest;
5f8e58f4 2331
8a9be9e4
SK		 2332 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2333 return NULL;
2334
2335 for (q = ntohs(header->qdcount); q != 0; q--)
2336 {
2337 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 2338 break; /* bad packet */
8a9be9e4
SK		 2339
2340 len = to_wire(name);
2341 hash->update(ctx, len, (unsigned char *)name);
2342 /* CRC the class and type as well */
2343 hash->update(ctx, 4, p);
2344
2345 p += 4;
2346 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 2347 break; /* bad packet */
8a9be9e4 2348 }
703c7ff4
SK		 2349
2350 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 2351 return digest;
2352}
2353
0fc2f313 2354#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.