]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix build failure in new inotify code on BSD.
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
0fc2f313 2 and Copyright (c) 2012-2014 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3 28#include <nettle/nettle-meta.h>
063efb33
SK		 29#include <nettle/bignum.h>
30
cdb755c5
SK		 31/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33#ifdef dsa_params_init
34#include <nettle/dsa-compat.h>
35#endif
36
c3e0b9b6 37
e292e93d
GB		 38#define SERIAL_UNDEF -100
39#define SERIAL_EQ 0
40#define SERIAL_LT -1
41#define SERIAL_GT 1
42
86bec2d3
SK		 43/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
44static char *ds_digest_name(int digest)
45{
46 switch (digest)
47 {
48 case 1: return "sha1";
49 case 2: return "sha256";
50 case 3: return "gosthash94";
51 case 4: return "sha384";
52 default: return NULL;
53 }
54}
55
56/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
57static char *algo_digest_name(int algo)
58{
59 switch (algo)
60 {
61 case 1: return "md5";
62 case 3: return "sha1";
63 case 5: return "sha1";
64 case 6: return "sha1";
65 case 7: return "sha1";
66 case 8: return "sha256";
67 case 10: return "sha512";
68 case 12: return "gosthash94";
69 case 13: return "sha256";
70 case 14: return "sha384";
71 default: return NULL;
72 }
73}
74
75/* Find pointer to correct hash function in nettle library */
76static const struct nettle_hash *hash_find(char *name)
77{
78 int i;
79
80 if (!name)
81 return NULL;
82
83 for (i = 0; nettle_hashes[i]; i++)
84 {
85 if (strcmp(nettle_hashes[i]->name, name) == 0)
86 return nettle_hashes[i];
87 }
88
89 return NULL;
90}
91
92/* expand ctx and digest memory allocations if necessary and init hash function */
93static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
94{
95 static void *ctx = NULL;
96 static unsigned char *digest = NULL;
97 static unsigned int ctx_sz = 0;
98 static unsigned int digest_sz = 0;
99
100 void *new;
101
102 if (ctx_sz < hash->context_size)
103 {
104 if (!(new = whine_malloc(hash->context_size)))
105 return 0;
106 if (ctx)
107 free(ctx);
108 ctx = new;
109 ctx_sz = hash->context_size;
110 }
111
112 if (digest_sz < hash->digest_size)
113 {
114 if (!(new = whine_malloc(hash->digest_size)))
115 return 0;
116 if (digest)
117 free(digest);
118 digest = new;
119 digest_sz = hash->digest_size;
120 }
121
122 *ctxp = ctx;
123 *digestp = digest;
124
125 hash->init(ctx);
126
127 return 1;
128}
129
cdb755c5
SK		 130static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
131 unsigned char *digest, int algo)
86bec2d3
SK		 132{
133 unsigned char *p;
134 size_t exp_len;
135
136 static struct rsa_public_key *key = NULL;
137 static mpz_t sig_mpz;
138
139 if (key == NULL)
140 {
141 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
142 return 0;
143
144 nettle_rsa_public_key_init(key);
145 mpz_init(sig_mpz);
146 }
147
148 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
149 return 0;
150
151 key_len--;
152 if ((exp_len = *p++) == 0)
153 {
154 GETSHORT(exp_len, p);
155 key_len -= 2;
156 }
157
158 if (exp_len >= key_len)
159 return 0;
160
161 key->size = key_len - exp_len;
162 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
163 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
164
165 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
166
167 switch (algo)
168 {
169 case 1:
170 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
171 case 5: case 7:
172 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
173 case 8:
174 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
175 case 10:
176 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
177 }
178
179 return 0;
180}
181
cdb755c5
SK		 182static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
183 unsigned char *digest, int algo)
86bec2d3
SK		 184{
185 unsigned char *p;
186 unsigned int t;
187
188 static struct dsa_public_key *key = NULL;
189 static struct dsa_signature *sig_struct;
190
191 if (key == NULL)
192 {
193 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
194 !(key = whine_malloc(sizeof(struct dsa_public_key))))
195 return 0;
196
197 nettle_dsa_public_key_init(key);
198 nettle_dsa_signature_init(sig_struct);
199 }
200
201 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
202 return 0;
203
204 t = *p++;
205
206 if (key_len < (213 + (t * 24)))
207 return 0;
ebe95a83 208
86bec2d3
SK		 209 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
210 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
211 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
212 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
213
214 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
215 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
216
217 (void)algo;
ebe95a83 218
86bec2d3
SK		 219 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
220}
221
c152dc84
SK		 222#ifndef NO_NETTLE_ECC
223static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
224 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 225 unsigned char *digest, size_t digest_len, int algo)
226{
227 unsigned char *p;
228 unsigned int t;
229 struct ecc_point *key;
230
231 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
232 static mpz_t x, y;
233 static struct dsa_signature *sig_struct;
234
235 if (!sig_struct)
236 {
237 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
238 return 0;
239
240 nettle_dsa_signature_init(sig_struct);
241 mpz_init(x);
242 mpz_init(y);
243 }
244
245 switch (algo)
246 {
247 case 13:
248 if (!key_256)
249 {
250 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
251 return 0;
252
253 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
254 }
255
256 key = key_256;
257 t = 32;
258 break;
259
260 case 14:
261 if (!key_384)
262 {
263 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
264 return 0;
265
266 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
267 }
268
269 key = key_384;
270 t = 48;
271 break;
272
273 default:
274 return 0;
275 }
276
277 if (sig_len != 2*t || key_len != 2*t ||
278 (p = blockdata_retrieve(key_data, key_len, NULL)))
279 return 0;
280
281 mpz_import(x, t , 1, 1, 0, 0, p);
282 mpz_import(y, t , 1, 1, 0, 0, p + t);
283
284 if (!ecc_point_set(key, x, y))
285 return 0;
286
287 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
288 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
289
290 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
291}
c152dc84
SK		 292#endif
293
86bec2d3 294static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 295 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 296{
7b1eae4f
SK		 297 (void)digest_len;
298
86bec2d3
SK		 299 switch (algo)
300 {
301 case 1: case 5: case 7: case 8: case 10:
cdb755c5 302 return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
86bec2d3
SK		 303
304 case 3: case 6:
cdb755c5 305 return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 306
307#ifndef NO_NETTLE_ECC
ebe95a83
SK		 308 case 13: case 14:
309 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 310#endif
311 }
86bec2d3
SK		 312
313 return 0;
314}
315
0fc2f313
SK		 316/* Convert from presentation format to wire format, in place.
317 Also map UC -> LC.
318 Note that using extract_name to get presentation format
319 then calling to_wire() removes compression and maps case,
320 thus generating names in canonical form.
321 Calling to_wire followed by from_wire is almost an identity,
322 except that the UC remains mapped to LC.
323*/
324static int to_wire(char *name)
7f0485cf 325{
0fc2f313
SK		 326 unsigned char *l, *p, term;
327 int len;
328
329 for (l = (unsigned char*)name; *l != 0; l = p)
330 {
331 for (p = l; *p != '.' && *p != 0; p++)
332 if (*p >= 'A' && *p <= 'Z')
333 *p = *p - 'A' + 'a';
334
335 term = *p;
336
337 if ((len = p - l) != 0)
338 memmove(l+1, l, len);
339 *l = len;
340
341 p++;
342
343 if (term == 0)
344 *p = 0;
345 }
346
347 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 348}
349
0fc2f313
SK		 350/* Note: no compression allowed in input. */
351static void from_wire(char *name)
13e435eb 352{
0fc2f313
SK		 353 unsigned char *l;
354 int len;
13e435eb 355
0fc2f313 356 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 357 {
0fc2f313
SK		 358 len = *l;
359 memmove(l, l+1, len);
360 l[len] = '.';
13e435eb 361 }
7f0485cf 362
e3f14558 363 if ((char *)l != name)
bd9b3cf5 364 *(l-1) = 0;
13e435eb
GB		 365}
366
5ada8885
SK		 367/* Input in presentation format */
368static int count_labels(char *name)
369{
370 int i;
371
372 if (*name == 0)
373 return 0;
374
375 for (i = 0; *name; name++)
376 if (*name == '.')
377 i++;
378
379 return i+1;
380}
381
5f8e58f4
SK		 382/* Implement RFC1982 wrapped compare for 32-bit numbers */
383static int serial_compare_32(unsigned long s1, unsigned long s2)
384{
385 if (s1 == s2)
386 return SERIAL_EQ;
0ca895f5 387
5f8e58f4
SK		 388 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
389 (s1 > s2 && (s1 - s2) > (1UL<<31)))
390 return SERIAL_LT;
391 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
392 (s1 > s2 && (s1 - s2) < (1UL<<31)))
393 return SERIAL_GT;
394 return SERIAL_UNDEF;
395}
0852d76b 396
5f8e58f4
SK		 397/* Check whether today/now is between date_start and date_end */
398static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 399{
e98bd52e
SK		 400 unsigned long curtime;
401
402 /* Checking timestamps may be temporarily disabled */
403 if (option_bool(OPT_DNSSEC_TIME))
404 return 1;
405
406 curtime = time(0);
5f8e58f4
SK		 407
408 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
409 return serial_compare_32(curtime, date_start) == SERIAL_GT
410 && serial_compare_32(curtime, date_end) == SERIAL_LT;
411}
f119ed38 412
5f8e58f4
SK		 413static u16 *get_desc(int type)
414{
415 /* List of RRtypes which include domains in the data.
416 0 -> domain
417 integer -> no of plain bytes
418 -1 -> end
419
420 zero is not a valid RRtype, so the final entry is returned for
421 anything which needs no mangling.
422 */
423
424 static u16 rr_desc[] =
425 {
426 T_NS, 0, -1,
427 T_MD, 0, -1,
428 T_MF, 0, -1,
429 T_CNAME, 0, -1,
430 T_SOA, 0, 0, -1,
431 T_MB, 0, -1,
432 T_MG, 0, -1,
433 T_MR, 0, -1,
434 T_PTR, 0, -1,
435 T_MINFO, 0, 0, -1,
436 T_MX, 2, 0, -1,
437 T_RP, 0, 0, -1,
438 T_AFSDB, 2, 0, -1,
439 T_RT, 2, 0, -1,
440 T_SIG, 18, 0, -1,
441 T_PX, 2, 0, 0, -1,
442 T_NXT, 0, -1,
443 T_KX, 2, 0, -1,
444 T_SRV, 6, 0, -1,
445 T_DNAME, 0, -1,
5f8e58f4
SK		 446 0, -1 /* wildcard/catchall */
447 };
448
449 u16 *p = rr_desc;
450
451 while (*p != type && *p != 0)
452 while (*p++ != (u16)-1);
f119ed38 453
5f8e58f4
SK		 454 return p+1;
455}
0852d76b 456
5f8e58f4
SK		 457/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
458 data, pointed to by *p, should be used raw. */
094b5c3d 459static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
5f8e58f4
SK		 460 unsigned char **p, u16 **desc)
461{
462 int d = **desc;
463
5f8e58f4
SK		 464 /* No more data needs mangling */
465 if (d == (u16)-1)
094b5c3d
SK		 466 {
467 /* If there's more data than we have space for, just return what fits,
468 we'll get called again for more chunks */
469 if (end - *p > bufflen)
470 {
471 memcpy(buff, *p, bufflen);
472 *p += bufflen;
473 return bufflen;
474 }
475
476 return 0;
477 }
478
479 (*desc)++;
5f8e58f4
SK		 480
481 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
482 /* domain-name, canonicalise */
483 return to_wire(buff);
484 else
485 {
486 /* plain data preceding a domain-name, don't run off the end of the data */
487 if ((end - *p) < d)
488 d = end - *p;
489
490 if (d != 0)
491 {
492 memcpy(buff, *p, d);
493 *p += d;
494 }
495
496 return d;
497 }
0852d76b
GB		 498}
499
613ad15d
SK		 500static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
501{
502 unsigned char **p;
503 int new_sz = *sz;
504
505 if (new_sz > new)
506 return 1;
507
508 if (new >= 100)
509 return 0;
510
511 new_sz += 5;
512
513 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
514 return 0;
515
516 if (*wkspc)
517 {
518 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
519 free(*wkspc);
520 }
521
522 *wkspc = p;
523 *sz = new_sz;
00a5b5d4
SK		 524
525 return 1;
613ad15d
SK		 526}
527
5f8e58f4
SK		 528/* Bubble sort the RRset into the canonical order.
529 Note that the byte-streams from two RRs may get unsynced: consider
530 RRs which have two domain-names at the start and then other data.
531 The domain-names may have different lengths in each RR, but sort equal
532
533 ------------
534 |abcde|fghi|
535 ------------
536 |abcd|efghi|
537 ------------
538
539 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
540*/
541
542static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
543 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 544{
5f8e58f4 545 int swap, quit, i;
0fc2f313 546
5f8e58f4
SK		 547 do
548 {
549 for (swap = 0, i = 0; i < rrsetidx-1; i++)
550 {
551 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
552 u16 *dp1, *dp2;
553 unsigned char *end1, *end2;
5107ace1
SK		 554 /* Note that these have been determined to be OK previously,
555 so we don't need to check for NULL return here. */
5f8e58f4
SK		 556 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
557 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
558
559 p1 += 8; /* skip class, type, ttl */
560 GETSHORT(rdlen1, p1);
561 end1 = p1 + rdlen1;
562
563 p2 += 8; /* skip class, type, ttl */
564 GETSHORT(rdlen2, p2);
565 end2 = p2 + rdlen2;
566
567 dp1 = dp2 = rr_desc;
568
1486a9c7 569 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 570 {
1486a9c7
SK		 571 if (left1 != 0)
572 memmove(buff1, buff1 + len1 - left1, left1);
573
094b5c3d 574 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
5f8e58f4
SK		 575 {
576 quit = 1;
577 len1 = end1 - p1;
578 memcpy(buff1 + left1, p1, len1);
579 }
580 len1 += left1;
581
1486a9c7
SK		 582 if (left2 != 0)
583 memmove(buff2, buff2 + len2 - left2, left2);
584
094b5c3d 585 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
5f8e58f4
SK		 586 {
587 quit = 1;
588 len2 = end2 - p2;
589 memcpy(buff2 + left2, p2, len2);
590 }
591 len2 += left2;
592
593 if (len1 > len2)
1486a9c7 594 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 595 else
1486a9c7 596 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 597
6fd6dacb 598 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 599
4619d946 600 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 601 {
602 unsigned char *tmp = rrset[i+1];
603 rrset[i+1] = rrset[i];
604 rrset[i] = tmp;
605 swap = quit = 1;
606 }
6fd6dacb
SK		 607 else if (rc < 0)
608 quit = 1;
5f8e58f4
SK		 609 }
610 }
611 } while (swap);
612}
c3e0b9b6 613
5f8e58f4
SK		 614/* Validate a single RRset (class, type, name) in the supplied DNS reply
615 Return code:
616 STAT_SECURE if it validates.
5107ace1 617 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
fbc52057 618 (In this case *wildcard_out points to the "body" of the wildcard within name.)
00a5b5d4 619 STAT_NO_SIG no RRsigs found.
87070192
SK		 620 STAT_INSECURE RRset empty.
621 STAT_BOGUS signature is wrong, bad packet.
5f8e58f4
SK		 622 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
623
624 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
625 otherwise find the key in the cache.
5107ace1
SK		 626
627 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4 628*/
fbc52057
SK		 629static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
630 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 631{
632 static unsigned char **rrset = NULL, **sigs = NULL;
633 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 634
5f8e58f4 635 unsigned char *p;
5ada8885 636 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 637 struct crec *crecp = NULL;
638 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
639 u16 *rr_desc = get_desc(type);
83d2ed09
SK		 640
641 if (wildcard_out)
642 *wildcard_out = NULL;
643
5f8e58f4 644 if (!(p = skip_questions(header, plen)))
87070192 645 return STAT_BOGUS;
83d2ed09 646
5ada8885
SK		 647 name_labels = count_labels(name); /* For 4035 5.3.2 check */
648
649 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 650 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
651 j != 0; j--)
652 {
653 unsigned char *pstart, *pdata;
b98d22c1 654 int stype, sclass;
c3e0b9b6 655
5f8e58f4
SK		 656 pstart = p;
657
658 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
87070192 659 return STAT_BOGUS; /* bad packet */
5f8e58f4
SK		 660
661 GETSHORT(stype, p);
662 GETSHORT(sclass, p);
b98d22c1 663 p += 4; /* TTL */
5f8e58f4
SK		 664
665 pdata = p;
c3e0b9b6 666
5f8e58f4
SK		 667 GETSHORT(rdlen, p);
668
e7829aef 669 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 670 return STAT_BOGUS;
e7829aef 671
5f8e58f4
SK		 672 if (res == 1 && sclass == class)
673 {
674 if (stype == type)
675 {
613ad15d 676 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
87070192 677 return STAT_BOGUS;
613ad15d 678
5f8e58f4
SK		 679 rrset[rrsetidx++] = pstart;
680 }
681
682 if (stype == T_RRSIG)
683 {
613ad15d 684 if (rdlen < 18)
87070192 685 return STAT_BOGUS; /* bad packet */
613ad15d
SK		 686
687 GETSHORT(type_covered, p);
688
689 if (type_covered == type)
690 {
691 if (!expand_workspace(&sigs, &sig_sz, sigidx))
87070192 692 return STAT_BOGUS;
613ad15d
SK		 693
694 sigs[sigidx++] = pdata;
695 }
696
697 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 698 }
699 }
613ad15d 700
5f8e58f4 701 if (!ADD_RDLEN(header, p, plen, rdlen))
87070192 702 return STAT_BOGUS;
5f8e58f4 703 }
c3e0b9b6 704
00a5b5d4
SK		 705 /* RRset empty */
706 if (rrsetidx == 0)
5f8e58f4 707 return STAT_INSECURE;
00a5b5d4
SK		 708
709 /* no RRSIGs */
710 if (sigidx == 0)
711 return STAT_NO_SIG;
5f8e58f4
SK		 712
713 /* Sort RRset records into canonical order.
d387380a 714 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 715 unused, and used as workspace by the sort. */
d387380a 716 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 717
718 /* Now try all the sigs to try and find one which validates */
719 for (j = 0; j <sigidx; j++)
720 {
d387380a 721 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 722 int i, wire_len, sig_len;
723 const struct nettle_hash *hash;
724 void *ctx;
d387380a 725 char *name_start;
5f8e58f4
SK		 726 u32 nsigttl;
727
728 p = sigs[j];
5ada8885 729 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 730 psav = p;
731
5ada8885 732 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 733 algo = *p++;
734 labels = *p++;
735 GETLONG(orig_ttl, p);
e7829aef
SK		 736 GETLONG(sig_expiration, p);
737 GETLONG(sig_inception, p);
5f8e58f4
SK		 738 GETSHORT(key_tag, p);
739
5f8e58f4 740 if (!extract_name(header, plen, &p, keyname, 1, 0))
87070192 741 return STAT_BOGUS;
d387380a
SK		 742
743 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
744 the name of the zone containing the RRset. We can't tell that
745 for certain, but we can check that the RRset name is equal to
746 or encloses the signers name, which should be enough to stop
747 an attacker using signatures made with the key of an unrelated
748 zone he controls. Note that the root key is always allowed. */
749 if (*keyname != 0)
750 {
751 int failed = 0;
752
753 for (name_start = name; !hostname_isequal(name_start, keyname); )
754 if ((name_start = strchr(name_start, '.')))
755 name_start++; /* chop a label off and try again */
756 else
757 {
758 failed = 1;
759 break;
760 }
761
762 /* Bad sig, try another */
763 if (failed)
764 continue;
765 }
5f8e58f4 766
d387380a 767 /* Other 5.3.1 checks */
e7829aef
SK		 768 if (!check_date_range(sig_inception, sig_expiration) ||
769 labels > name_labels ||
770 !(hash = hash_find(algo_digest_name(algo))) ||
771 !hash_init(hash, &ctx, &digest))
772 continue;
773
5f8e58f4
SK		 774 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
775 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
776 return STAT_NEED_KEY;
777
86bec2d3
SK		 778 sig = p;
779 sig_len = rdlen - (p - psav);
e7829aef 780
5f8e58f4
SK		 781 nsigttl = htonl(orig_ttl);
782
86bec2d3 783 hash->update(ctx, 18, psav);
5f8e58f4 784 wire_len = to_wire(keyname);
86bec2d3 785 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 786 from_wire(keyname);
787
5f8e58f4
SK		 788 for (i = 0; i < rrsetidx; ++i)
789 {
790 int seg;
791 unsigned char *end, *cp;
792 u16 len, *dp;
d387380a 793
5f8e58f4
SK		 794 p = rrset[i];
795 if (!extract_name(header, plen, &p, name, 1, 10))
87070192 796 return STAT_BOGUS;
5ada8885 797
d387380a
SK		 798 name_start = name;
799
5ada8885
SK		 800 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
801 if (labels < name_labels)
802 {
803 int k;
804 for (k = name_labels - labels; k != 0; k--)
fbc52057
SK		 805 {
806 while (*name_start != '.' && *name_start != 0)
807 name_start++;
0b1008d3 808 if (k != 1 && *name_start == '.')
fbc52057
SK		 809 name_start++;
810 }
811
812 if (wildcard_out)
813 *wildcard_out = name_start+1;
814
5ada8885
SK		 815 name_start--;
816 *name_start = '*';
817 }
818
819 wire_len = to_wire(name_start);
86bec2d3
SK		 820 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
821 hash->update(ctx, 4, p); /* class and type */
822 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 823
824 p += 8; /* skip class, type, ttl */
825 GETSHORT(rdlen, p);
5ada8885 826 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 827 return STAT_BOGUS;
5ada8885 828
5f8e58f4
SK		 829 end = p + rdlen;
830
831 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
832 cp = p;
833 dp = rr_desc;
094b5c3d 834 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
5f8e58f4
SK		 835 len += end - cp;
836 len = htons(len);
86bec2d3 837 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 838
839 /* Now canonicalise again and digest. */
840 cp = p;
841 dp = rr_desc;
094b5c3d 842 while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
86bec2d3 843 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 844 if (cp != end)
86bec2d3 845 hash->update(ctx, end - cp, cp);
5f8e58f4 846 }
86bec2d3
SK		 847
848 hash->digest(ctx, hash->digest_size, digest);
849
5ada8885
SK		 850 /* namebuff used for workspace above, restore to leave unchanged on exit */
851 p = (unsigned char*)(rrset[0]);
852 extract_name(header, plen, &p, name, 1, 0);
853
5f8e58f4
SK		 854 if (key)
855 {
856 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 857 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 858 return STAT_SECURE;
859 }
860 else
861 {
862 /* iterate through all possible keys 4035 5.3.1 */
863 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 864 if (crecp->addr.key.algo == algo &&
865 crecp->addr.key.keytag == key_tag &&
3f7483e8 866 crecp->uid == (unsigned int)class &&
ebe95a83 867 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 868 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 869 }
870 }
871
872 return STAT_BOGUS;
873}
874
0fc2f313 875/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 876 Put all DNSKEYs in the answer which are valid into the cache.
877 return codes:
87070192 878 STAT_INSECURE No DNSKEYs in reply.
c3e0b9b6 879 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313 880 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
87070192 881 or self-sign for DNSKEY RRset is not valid, bad packet.
0fc2f313 882 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 883*/
884int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
885{
0fc2f313 886 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 887 struct crec *crecp, *recp1;
8d718cbb 888 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 889 struct blockdata *key;
51ea3ca2 890 struct all_addr a;
c3e0b9b6 891
5f8e58f4
SK		 892 if (ntohs(header->qdcount) != 1 ||
893 !extract_name(header, plen, &p, name, 1, 4))
87070192 894 return STAT_BOGUS;
5f8e58f4 895
c3e0b9b6
SK		 896 GETSHORT(qtype, p);
897 GETSHORT(qclass, p);
898
87070192 899 if (qtype != T_DNSKEY || qclass != class)
f01d7be6 900 return STAT_BOGUS;
87070192
SK		 901
902 if (ntohs(header->ancount) == 0)
903 return STAT_INSECURE;
c3e0b9b6 904
b8eac191 905 /* See if we have cached a DS record which validates this key */
0fc2f313
SK		 906 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
907 {
908 strcpy(keyname, name);
909 return STAT_NEED_DS;
910 }
b8eac191
SK		 911
912 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
913 if (crecp->flags & F_NEG)
914 return STAT_INSECURE;
915
0fc2f313 916 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 917 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 918 {
919 /* Ensure we have type, class TTL and length */
0fc2f313 920 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
87070192 921 return STAT_BOGUS; /* bad packet */
c3e0b9b6
SK		 922
923 GETSHORT(qtype, p);
924 GETSHORT(qclass, p);
925 GETLONG(ttl, p);
926 GETSHORT(rdlen, p);
6f468103 927
0fc2f313 928 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
87070192 929 return STAT_BOGUS; /* bad packet */
0fc2f313 930
6f468103
SK		 931 if (qclass != class || qtype != T_DNSKEY || rc == 2)
932 {
933 p += rdlen;
934 continue;
935 }
936
0fc2f313 937 psave = p;
c3e0b9b6 938
c3e0b9b6 939 GETSHORT(flags, p);
0fc2f313 940 if (*p++ != 3)
f01d7be6 941 return STAT_BOGUS;
c3e0b9b6 942 algo = *p++;
0fc2f313 943 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 944 key = NULL;
c3e0b9b6 945
e7829aef
SK		 946 /* key must have zone key flag set */
947 if (flags & 0x100)
948 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 949
0fc2f313 950 p = psave;
e7829aef 951
0fc2f313 952 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 953 {
954 if (key)
955 blockdata_free(key);
87070192 956 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 957 }
958
e7829aef
SK		 959 /* No zone key flag or malloc failure */
960 if (!key)
0fc2f313
SK		 961 continue;
962
963 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 964 {
965 void *ctx;
966 unsigned char *digest, *ds_digest;
967 const struct nettle_hash *hash;
968
51ea3ca2
SK		 969 if (recp1->addr.ds.algo == algo &&
970 recp1->addr.ds.keytag == keytag &&
3f7483e8 971 recp1->uid == (unsigned int)class &&
51ea3ca2 972 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 973 hash_init(hash, &ctx, &digest))
0fc2f313 974
86bec2d3
SK		 975 {
976 int wire_len = to_wire(name);
977
978 /* Note that digest may be different between DSs, so
979 we can't move this outside the loop. */
980 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
981 hash->update(ctx, (unsigned int)rdlen, psave);
982 hash->digest(ctx, hash->digest_size, digest);
983
984 from_wire(name);
985
824202ef
SK		 986 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
987 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
988 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
fbc52057 989 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 990 {
86bec2d3 991 valid = 1;
86bec2d3
SK		 992 break;
993 }
994 }
995 }
e7829aef 996 blockdata_free(key);
c3e0b9b6 997 }
c3e0b9b6 998
0fc2f313
SK		 999 if (valid)
1000 {
8d718cbb 1001 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 1002 cache_start_insert();
1003
1004 p = skip_questions(header, plen);
1005
1006 for (j = ntohs(header->ancount); j != 0; j--)
1007 {
1008 /* Ensure we have type, class TTL and length */
1009 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1010 return STAT_INSECURE; /* bad packet */
1011
1012 GETSHORT(qtype, p);
1013 GETSHORT(qclass, p);
1014 GETLONG(ttl, p);
1015 GETSHORT(rdlen, p);
8d718cbb
SK		 1016
1017 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1018 return STAT_BOGUS; /* bad packet */
e7829aef 1019
8d718cbb 1020 if (qclass == class && rc == 1)
e7829aef 1021 {
8d718cbb 1022 psave = p;
e7829aef 1023
8d718cbb
SK		 1024 if (qtype == T_DNSKEY)
1025 {
1026 if (rdlen < 4)
87070192 1027 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1028
1029 GETSHORT(flags, p);
1030 if (*p++ != 3)
f01d7be6 1031 return STAT_BOGUS;
8d718cbb
SK		 1032 algo = *p++;
1033 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1034
1035 /* Cache needs to known class for DNSSEC stuff */
1036 a.addr.dnssec.class = class;
1037
1038 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1039 {
1040 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1041 blockdata_free(key);
1042 else
1043 {
1044 a.addr.keytag = keytag;
1045 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1046
1047 recp1->addr.key.keylen = rdlen - 4;
1048 recp1->addr.key.keydata = key;
1049 recp1->addr.key.algo = algo;
1050 recp1->addr.key.keytag = keytag;
1051 recp1->addr.key.flags = flags;
8d718cbb
SK		 1052 }
1053 }
1054 }
1055 else if (qtype == T_RRSIG)
1056 {
1057 /* RRSIG, cache if covers DNSKEY RRset */
1058 if (rdlen < 18)
87070192 1059 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1060
1061 GETSHORT(type_covered, p);
1062
1063 if (type_covered == T_DNSKEY)
1064 {
1065 a.addr.dnssec.class = class;
1066 a.addr.dnssec.type = type_covered;
1067
1068 algo = *p++;
1069 p += 13; /* labels, orig_ttl, expiration, inception */
1070 GETSHORT(keytag, p);
1071 if ((key = blockdata_alloc((char*)psave, rdlen)))
1072 {
1073 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1074 blockdata_free(key);
1075 else
1076 {
8d718cbb
SK		 1077 crecp->addr.sig.keydata = key;
1078 crecp->addr.sig.keylen = rdlen;
1079 crecp->addr.sig.keytag = keytag;
1080 crecp->addr.sig.type_covered = type_covered;
1081 crecp->addr.sig.algo = algo;
1082 }
1083 }
1084 }
1085 }
e7829aef 1086
8d718cbb 1087 p = psave;
e7829aef 1088 }
8d718cbb 1089
e7829aef 1090 if (!ADD_RDLEN(header, p, plen, rdlen))
87070192 1091 return STAT_BOGUS; /* bad packet */
e7829aef
SK		 1092 }
1093
0fc2f313
SK		 1094 /* commit cache insert. */
1095 cache_end_insert();
1096 return STAT_SECURE;
1097 }
1098
1099 log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1100 return STAT_BOGUS;
c3e0b9b6 1101}
0fc2f313 1102
c3e0b9b6
SK		 1103/* The DNS packet is expected to contain the answer to a DS query
1104 Put all DSs in the answer which are valid into the cache.
1105 return codes:
87070192 1106 STAT_INSECURE no DS in reply or not signed.
c3e0b9b6 1107 STAT_SECURE At least one valid DS found and in cache.
00a5b5d4 1108 STAT_NO_DS It's proved there's no DS here.
87070192 1109 STAT_BOGUS At least one DS found, which fails validation, bad packet.
c3e0b9b6
SK		 1110 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1111*/
1112
1113int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1114{
51ea3ca2 1115 unsigned char *p = (unsigned char *)(header+1);
00a5b5d4 1116 int qtype, qclass, val, i, neganswer;
c3e0b9b6 1117
5f8e58f4 1118 if (ntohs(header->qdcount) != 1 ||
b8eac191 1119 !(p = skip_name(p, header, plen, 4)))
87070192 1120 return STAT_BOGUS;
8d718cbb 1121
c3e0b9b6
SK		 1122 GETSHORT(qtype, p);
1123 GETSHORT(qclass, p);
1124
b47b04c8
SK		 1125 if (qtype != T_DS || qclass != class)
1126 val = STAT_BOGUS;
1127 else
00a5b5d4
SK		 1128 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer);
1129
1130 if (val == STAT_NO_SIG)
1131 val = STAT_INSECURE;
51ea3ca2 1132
b8eac191
SK		 1133 p = (unsigned char *)(header+1);
1134 extract_name(header, plen, &p, name, 1, 4);
1135 p += 4; /* qtype, qclass */
1136
00a5b5d4 1137 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
87070192 1138 return STAT_BOGUS;
00a5b5d4 1139
0fc2f313 1140 if (val == STAT_BOGUS)
b8eac191 1141 log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
b47b04c8 1142
00a5b5d4 1143 if ((val == STAT_SECURE || val == STAT_INSECURE) && neganswer)
b8eac191 1144 {
14db4212 1145 int rdlen, flags = F_FORWARD | F_DS | F_NEG;
b8eac191
SK		 1146 unsigned long ttl, minttl = ULONG_MAX;
1147 struct all_addr a;
00a5b5d4
SK		 1148
1149 if (RCODE(header) == NXDOMAIN)
1150 flags |= F_NXDOMAIN;
1151
1152 if (val == STAT_SECURE)
1153 flags |= F_DNSSECOK;
b8eac191
SK		 1154
1155 for (i = ntohs(header->nscount); i != 0; i--)
1156 {
00a5b5d4 1157 if (!(p = skip_name(p, header, plen, 0)))
87070192 1158 return STAT_BOGUS;
b8eac191
SK		 1159
1160 GETSHORT(qtype, p);
1161 GETSHORT(qclass, p);
1162 GETLONG(ttl, p);
1163 GETSHORT(rdlen, p);
1164
00a5b5d4 1165 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1166 return STAT_BOGUS; /* bad packet */
00a5b5d4
SK		 1167
1168 if (qclass != class || qtype != T_SOA)
b8eac191
SK		 1169 {
1170 p += rdlen;
1171 continue;
1172 }
1173
1174 if (ttl < minttl)
1175 minttl = ttl;
1176
1177 /* MNAME */
1178 if (!(p = skip_name(p, header, plen, 0)))
87070192 1179 return STAT_BOGUS;
b8eac191
SK		 1180 /* RNAME */
1181 if (!(p = skip_name(p, header, plen, 20)))
87070192 1182 return STAT_BOGUS;
b8eac191
SK		 1183 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1184
1185 GETLONG(ttl, p); /* minTTL */
1186 if (ttl < minttl)
1187 minttl = ttl;
00a5b5d4
SK		 1188
1189 break;
b8eac191
SK		 1190 }
1191
00a5b5d4
SK		 1192 if (i != 0)
1193 {
1194 cache_start_insert();
1195
1196 a.addr.dnssec.class = class;
1197 cache_insert(name, &a, now, ttl, flags);
1198
1199 cache_end_insert();
1200 }
b8eac191 1201
00a5b5d4 1202 return (val == STAT_SECURE) ? STAT_NO_DS : STAT_INSECURE;
b8eac191
SK		 1203 }
1204
51ea3ca2 1205 return val;
c3e0b9b6
SK		 1206}
1207
c5f4ec7d
SK		 1208/* 4034 6.1 */
1209static int hostname_cmp(const char *a, const char *b)
1210{
dbf72123
SK		 1211 char *sa, *ea, *ca, *sb, *eb, *cb;
1212 unsigned char ac, bc;
1213
1214 sa = ea = (char *)a + strlen(a);
1215 sb = eb = (char *)b + strlen(b);
1216
c5f4ec7d
SK		 1217 while (1)
1218 {
dbf72123
SK		 1219 while (sa != a && *(sa-1) != '.')
1220 sa--;
c5f4ec7d 1221
dbf72123
SK		 1222 while (sb != b && *(sb-1) != '.')
1223 sb--;
1224
1225 ca = sa;
1226 cb = sb;
1227
1228 while (1)
1229 {
1230 if (ca == ea)
1231 {
1232 if (cb == eb)
1233 break;
1234
1235 return -1;
1236 }
c5f4ec7d 1237
dbf72123
SK		 1238 if (cb == eb)
1239 return 1;
1240
1241 ac = (unsigned char) *ca++;
1242 bc = (unsigned char) *cb++;
1243
1244 if (ac >= 'A' && ac <= 'Z')
1245 ac += 'a' - 'A';
1246 if (bc >= 'A' && bc <= 'Z')
1247 bc += 'a' - 'A';
1248
979cdf9b 1249 if (ac < bc)
dbf72123
SK		 1250 return -1;
1251 else if (ac != bc)
1252 return 1;
1253 }
c5f4ec7d 1254
dbf72123
SK		 1255
1256 if (sa == a)
c5f4ec7d 1257 {
dbf72123
SK		 1258 if (sb == b)
1259 return 0;
c5f4ec7d 1260
dbf72123 1261 return -1;
c5f4ec7d
SK		 1262 }
1263
dbf72123
SK		 1264 if (sb == b)
1265 return 1;
c5f4ec7d 1266
dbf72123
SK		 1267 ea = sa--;
1268 eb = sb--;
c5f4ec7d
SK		 1269 }
1270}
1271
5107ace1
SK		 1272/* Find all the NSEC or NSEC3 records in a reply.
1273 return an array of pointers to them. */
1274static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1275{
1276 static unsigned char **nsecset = NULL;
1277 static int nsecset_sz = 0;
1278
87070192 1279 int type_found = 0;
5107ace1
SK		 1280 unsigned char *p = skip_questions(header, plen);
1281 int type, class, rdlen, i, nsecs_found;
1282
1283 /* Move to NS section */
1284 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1285 return 0;
1286
1287 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1288 {
1289 unsigned char *pstart = p;
1290
1291 if (!(p = skip_name(p, header, plen, 10)))
1292 return 0;
1293
1294 GETSHORT(type, p);
1295 GETSHORT(class, p);
1296 p += 4; /* TTL */
1297 GETSHORT(rdlen, p);
1298
1299 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1300 {
1301 /* No mixed NSECing 'round here, thankyouverymuch */
1302 if (type_found == T_NSEC && type == T_NSEC3)
1303 return 0;
1304 if (type_found == T_NSEC3 && type == T_NSEC)
1305 return 0;
1306
1307 type_found = type;
1308
613ad15d
SK		 1309 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1310 return 0;
1311
5107ace1
SK		 1312 nsecset[nsecs_found++] = pstart;
1313 }
613ad15d 1314
5107ace1
SK		 1315 if (!ADD_RDLEN(header, p, plen, rdlen))
1316 return 0;
1317 }
1318
1319 *nsecsetp = nsecset;
1320 *nsecsetl = nsecs_found;
1321
1322 return type_found;
1323}
1324
24187530 1325static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1326 char *workspace1, char *workspace2, char *name, int type)
1327{
1328 int i, rc, rdlen;
1329 unsigned char *p, *psave;
1330 int offset = (type & 0xff) >> 3;
1331 int mask = 0x80 >> (type & 0x07);
1332
1333 /* Find NSEC record that proves name doesn't exist */
1334 for (i = 0; i < nsec_count; i++)
1335 {
1336 p = nsecs[i];
1337 if (!extract_name(header, plen, &p, workspace1, 1, 10))
87070192 1338 return STAT_BOGUS;
5107ace1
SK		 1339 p += 8; /* class, type, TTL */
1340 GETSHORT(rdlen, p);
1341 psave = p;
1342 if (!extract_name(header, plen, &p, workspace2, 1, 10))
87070192 1343 return STAT_BOGUS;
5107ace1
SK		 1344
1345 rc = hostname_cmp(workspace1, name);
1346
1347 if (rc == 0)
1348 {
f01d7be6
SK		 1349 /* 4035 para 5.4. Last sentence */
1350 if (type == T_NSEC || type == T_RRSIG)
1351 return STAT_SECURE;
1352
5107ace1
SK		 1353 /* NSEC with the same name as the RR we're testing, check
1354 that the type in question doesn't appear in the type map */
1355 rdlen -= p - psave;
1356 /* rdlen is now length of type map, and p points to it */
1357
1358 while (rdlen >= 2)
1359 {
1360 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1361 return STAT_BOGUS;
5107ace1
SK		 1362
1363 if (p[0] == type >> 8)
1364 {
1365 /* Does the NSEC say our type exists? */
a857daa3 1366 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1367 return STAT_BOGUS;
1368
1369 break; /* finshed checking */
1370 }
1371
1372 rdlen -= p[1];
1373 p += p[1];
1374 }
1375
1376 return STAT_SECURE;
1377 }
1378 else if (rc == -1)
1379 {
1380 /* Normal case, name falls between NSEC name and next domain name,
1381 wrap around case, name falls between NSEC name (rc == -1) and end */
1382 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1383 return STAT_SECURE;
1384 }
1385 else
1386 {
1387 /* wrap around case, name falls between start and next domain name */
1388 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1389 return STAT_SECURE;
1390 }
1391 }
1392
1393 return STAT_BOGUS;
1394}
1395
1396/* return digest length, or zero on error */
1397static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1398 unsigned char *salt, int salt_len, int iterations)
1399{
1400 void *ctx;
1401 unsigned char *digest;
1402 int i;
1403
1404 if (!hash_init(hash, &ctx, &digest))
1405 return 0;
1406
1407 hash->update(ctx, to_wire(in), (unsigned char *)in);
1408 hash->update(ctx, salt_len, salt);
1409 hash->digest(ctx, hash->digest_size, digest);
1410
1411 for(i = 0; i < iterations; i++)
1412 {
1413 hash->update(ctx, hash->digest_size, digest);
1414 hash->update(ctx, salt_len, salt);
1415 hash->digest(ctx, hash->digest_size, digest);
1416 }
1417
1418 from_wire(in);
1419
1420 *out = digest;
1421 return hash->digest_size;
1422}
1423
1424/* Decode base32 to first "." or end of string */
1425static int base32_decode(char *in, unsigned char *out)
1426{
a857daa3 1427 int oc, on, c, mask, i;
5107ace1
SK		 1428 unsigned char *p = out;
1429
a857daa3 1430 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
5107ace1 1431 {
5107ace1
SK		 1432 if (c >= '0' && c <= '9')
1433 c -= '0';
1434 else if (c >= 'a' && c <= 'v')
1435 c -= 'a', c += 10;
1436 else if (c >= 'A' && c <= 'V')
1437 c -= 'A', c += 10;
1438 else
1439 return 0;
1440
1441 for (mask = 0x10, i = 0; i < 5; i++)
1442 {
a857daa3
SK		 1443 if (c & mask)
1444 oc |= 1;
1445 mask = mask >> 1;
1446 if (((++on) & 7) == 0)
1447 *p++ = oc;
1448 oc = oc << 1;
5107ace1
SK		 1449 }
1450 }
1451
1452 if ((on & 7) != 0)
1453 return 0;
1454
1455 return p - out;
1456}
1457
fbc52057
SK		 1458static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1459 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count)
1460{
1461 int i, hash_len, salt_len, base32_len, rdlen;
1462 unsigned char *p, *psave;
1463
1464 for (i = 0; i < nsec_count; i++)
1465 if ((p = nsecs[i]))
1466 {
1467 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1468 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1469 return 0;
1470
1471 p += 8; /* class, type, TTL */
1472 GETSHORT(rdlen, p);
1473 psave = p;
1474 p += 4; /* algo, flags, iterations */
1475 salt_len = *p++; /* salt_len */
1476 p += salt_len; /* salt */
1477 hash_len = *p++; /* p now points to next hashed name */
1478
1479 if (!CHECK_LEN(header, p, plen, hash_len))
1480 return 0;
1481
1482 if (digest_len == base32_len && hash_len == base32_len)
1483 {
1484 int rc = memcmp(workspace2, digest, digest_len);
1485
1486 if (rc == 0)
1487 {
1488 /* We found an NSEC3 whose hashed name exactly matches the query, so
1489 we just need to check the type map. p points to the RR data for the record. */
1490
1491 int offset = (type & 0xff) >> 3;
1492 int mask = 0x80 >> (type & 0x07);
1493
1494 p += hash_len; /* skip next-domain hash */
1495 rdlen -= p - psave;
1496
1497 if (!CHECK_LEN(header, p, plen, rdlen))
1498 return 0;
1499
1500 while (rdlen >= 2)
1501 {
1502 if (p[0] == type >> 8)
1503 {
1504 /* Does the NSEC3 say our type exists? */
1505 if (offset < p[1] && (p[offset+2] & mask) != 0)
1506 return STAT_BOGUS;
1507
1508 break; /* finshed checking */
1509 }
1510
1511 rdlen -= p[1];
1512 p += p[1];
1513 }
1514
1515 return 1;
1516 }
1517 else if (rc <= 0)
1518 {
1519 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1520 wrap around case, name-hash falls between NSEC3 name-hash and end */
1521 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1522 return 1;
1523 }
1524 else
1525 {
1526 /* wrap around case, name falls between start and next domain name */
1527 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1528 return 1;
1529 }
1530 }
1531 }
1532 return 0;
1533}
1534
24187530 1535static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
fbc52057 1536 char *workspace1, char *workspace2, char *name, int type, char *wildname)
5107ace1 1537{
a857daa3 1538 unsigned char *salt, *p, *digest;
fbc52057 1539 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
5107ace1
SK		 1540 struct nettle_hash const *hash;
1541 char *closest_encloser, *next_closest, *wildcard;
1542
1543 /* Look though the NSEC3 records to find the first one with
1544 an algorithm we support (currently only algo == 1).
1545
1546 Take the algo, iterations, and salt of that record
1547 as the ones we're going to use, and prune any
1548 that don't match. */
1549
1550 for (i = 0; i < nsec_count; i++)
1551 {
1552 if (!(p = skip_name(nsecs[i], header, plen, 15)))
87070192 1553 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1554
1555 p += 10; /* type, class, TTL, rdlen */
1556 algo = *p++;
1557
1558 if (algo == 1)
1559 break; /* known algo */
1560 }
1561
1562 /* No usable NSEC3s */
1563 if (i == nsec_count)
1564 return STAT_BOGUS;
1565
1566 p++; /* flags */
1567 GETSHORT (iterations, p);
1568 salt_len = *p++;
1569 salt = p;
1570 if (!CHECK_LEN(header, salt, plen, salt_len))
87070192 1571 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1572
1573 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1574 for (i = 0; i < nsec_count; i++)
1575 {
1576 unsigned char *nsec3p = nsecs[i];
1577 int this_iter;
1578
1579 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1580
1581 if (!(p = skip_name(nsec3p, header, plen, 15)))
87070192 1582 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1583
1584 p += 10; /* type, class, TTL, rdlen */
1585
1586 if (*p++ != algo)
1587 continue;
1588
1589 p++; /* flags */
1590
a857daa3 1591 GETSHORT(this_iter, p);
5107ace1
SK		 1592 if (this_iter != iterations)
1593 continue;
1594
1595 if (salt_len != *p++)
1596 continue;
1597
1598 if (!CHECK_LEN(header, p, plen, salt_len))
87070192 1599 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1600
1601 if (memcmp(p, salt, salt_len) != 0)
1602 continue;
1603
1604 /* All match, put the pointer back */
1605 nsecs[i] = nsec3p;
1606 }
1607
1608 /* Algo is checked as 1 above */
1609 if (!(hash = hash_find("sha1")))
87070192 1610 return STAT_BOGUS;
5107ace1 1611
fbc52057
SK		 1612 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1613 return STAT_BOGUS;
1614
1615 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
1616 return STAT_SECURE;
1617
1618 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1619 or an answer inferred from a wildcard record. */
5107ace1
SK		 1620 closest_encloser = name;
1621 next_closest = NULL;
1622
1623 do
1624 {
1625 if (*closest_encloser == '.')
1626 closest_encloser++;
c5f4ec7d 1627
fbc52057
SK		 1628 if (wildname && hostname_isequal(closest_encloser, wildname))
1629 break;
1630
a857daa3 1631 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
87070192 1632 return STAT_BOGUS;
5107ace1
SK		 1633
1634 for (i = 0; i < nsec_count; i++)
1635 if ((p = nsecs[i]))
1636 {
5107ace1 1637 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1638 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
87070192 1639 return STAT_BOGUS;
5107ace1 1640
a857daa3
SK		 1641 if (digest_len == base32_len &&
1642 memcmp(digest, workspace2, digest_len) == 0)
5107ace1
SK		 1643 break; /* Gotit */
1644 }
1645
1646 if (i != nsec_count)
1647 break;
1648
1649 next_closest = closest_encloser;
1650 }
1651 while ((closest_encloser = strchr(closest_encloser, '.')));
1652
fbc52057 1653 if (!closest_encloser)
5107ace1
SK		 1654 return STAT_BOGUS;
1655
24187530 1656 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
a857daa3 1657 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
87070192 1658 return STAT_BOGUS;
5107ace1 1659
fbc52057 1660 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
87070192 1661 return STAT_BOGUS;
5107ace1 1662
fbc52057
SK		 1663 /* Finally, check that there's no seat of wildcard synthesis */
1664 if (!wildname)
1665 {
1666 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1667 return STAT_BOGUS;
1668
1669 wildcard--;
1670 *wildcard = '*';
1671
1672 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1673 return STAT_BOGUS;
1674
1675 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count))
1676 return STAT_BOGUS;
1677 }
5107ace1 1678
fbc52057 1679 return STAT_SECURE;
5107ace1
SK		 1680}
1681
0fc2f313 1682/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1683/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
00a5b5d4 1684int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer)
adca3e9c 1685{
00a5b5d4
SK		 1686 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1687 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1fbe4d2f 1688 int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
00a5b5d4 1689 int nsec_type = 0, have_answer = 0;
adca3e9c 1690
00a5b5d4
SK		 1691 if (neganswer)
1692 *neganswer = 0;
1693
87070192 1694 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
e3ec15af
SK		 1695 return STAT_BOGUS;
1696
87070192 1697 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
72ae2f3d 1698 return STAT_INSECURE;
00a5b5d4
SK		 1699
1700 qname = p1 = (unsigned char *)(header+1);
c5f4ec7d 1701
00a5b5d4 1702 if (!extract_name(header, plen, &p1, name, 1, 4))
87070192 1703 return STAT_BOGUS;
00a5b5d4
SK		 1704
1705 GETSHORT(qtype, p1);
1706 GETSHORT(qclass, p1);
1707 ans_start = p1;
9d1b22aa
SK		 1708
1709 if (qtype == T_ANY)
1710 have_answer = 1;
00a5b5d4
SK		 1711
1712 /* Can't validate an RRISG query */
1713 if (qtype == T_RRSIG)
0fc2f313 1714 return STAT_INSECURE;
00a5b5d4
SK		 1715
1716 cname_loop:
1717 for (j = ntohs(header->ancount); j != 0; j--)
1718 {
1719 /* leave pointer to missing name in qname */
1720
1721 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
87070192 1722 return STAT_BOGUS; /* bad packet */
00a5b5d4
SK		 1723
1724 GETSHORT(type2, p1);
1725 GETSHORT(class2, p1);
1726 p1 += 4; /* TTL */
1727 GETSHORT(rdlen2, p1);
1728
1729 if (rc == 1 && qclass == class2)
1730 {
1731 /* Do we have an answer for the question? */
1732 if (type2 == qtype)
1733 {
1734 have_answer = 1;
1735 break;
1736 }
1737 else if (type2 == T_CNAME)
1738 {
1739 qname = p1;
1740
1741 /* looped CNAMES */
1742 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
87070192 1743 return STAT_BOGUS;
00a5b5d4
SK		 1744
1745 p1 = ans_start;
1746 goto cname_loop;
1747 }
1748 }
1749
1750 if (!ADD_RDLEN(header, p1, plen, rdlen2))
87070192 1751 return STAT_BOGUS;
00a5b5d4 1752 }
0fc2f313 1753
00a5b5d4
SK		 1754 if (neganswer && !have_answer)
1755 *neganswer = 1;
0575610f
SK		 1756
1757 /* No data, therefore no sigs */
1758 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1759 return STAT_NO_SIG;
00a5b5d4 1760
0fc2f313 1761 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1762 {
0fc2f313 1763 if (!extract_name(header, plen, &p1, name, 1, 10))
87070192 1764 return STAT_BOGUS; /* bad packet */
0fc2f313
SK		 1765
1766 GETSHORT(type1, p1);
1767 GETSHORT(class1, p1);
1768 p1 += 4; /* TTL */
1769 GETSHORT(rdlen1, p1);
1770
1771 /* Don't try and validate RRSIGs! */
1772 if (type1 != T_RRSIG)
1773 {
1774 /* Check if we've done this RRset already */
1775 for (p2 = ans_start, j = 0; j < i; j++)
1776 {
1777 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
87070192 1778 return STAT_BOGUS; /* bad packet */
0fc2f313
SK		 1779
1780 GETSHORT(type2, p2);
1781 GETSHORT(class2, p2);
1782 p2 += 4; /* TTL */
1783 GETSHORT(rdlen2, p2);
1784
1785 if (type2 == type1 && class2 == class1 && rc == 1)
1786 break; /* Done it before: name, type, class all match. */
1787
1788 if (!ADD_RDLEN(header, p2, plen, rdlen2))
87070192 1789 return STAT_BOGUS;
0fc2f313
SK		 1790 }
1791
1792 /* Not done, validate now */
51ea3ca2 1793 if (j == i)
0fc2f313 1794 {
8d718cbb
SK		 1795 int ttl, keytag, algo, digest, type_covered;
1796 unsigned char *psave;
1797 struct all_addr a;
1798 struct blockdata *key;
1799 struct crec *crecp;
fbc52057
SK		 1800 char *wildname;
1801
1802 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
5107ace1
SK		 1803
1804 if (rc == STAT_SECURE_WILDCARD)
1805 {
1806 /* An attacker replay a wildcard answer with a different
a857daa3 1807 answer and overlay a genuine RR. To prove this
5107ace1 1808 hasn't happened, the answer must prove that
a857daa3 1809 the gennuine record doesn't exist. Check that here. */
87070192
SK		 1810 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1811 return STAT_BOGUS; /* No NSECs or bad packet */
5107ace1
SK		 1812
1813 if (nsec_type == T_NSEC)
24187530 1814 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1 1815 else
fbc52057 1816 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, wildname);
5107ace1
SK		 1817
1818 if (rc != STAT_SECURE)
1819 return rc;
1820 }
1821 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1822 {
1823 if (class)
1824 *class = class1; /* Class for DS or DNSKEY */
1825 return rc;
1826 }
5107ace1 1827
8d718cbb
SK		 1828 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1829 cache_start_insert();
1830
1831 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1832 {
8d718cbb 1833 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
87070192 1834 return STAT_BOGUS; /* bad packet */
51ea3ca2 1835
8d718cbb
SK		 1836 GETSHORT(type2, p2);
1837 GETSHORT(class2, p2);
1838 GETLONG(ttl, p2);
1839 GETSHORT(rdlen2, p2);
1840
1841 if (!CHECK_LEN(header, p2, plen, rdlen2))
87070192 1842 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1843
1844 if (class2 == class1 && rc == 1)
1845 {
1846 psave = p2;
1847
1848 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1849 {
8d718cbb 1850 if (rdlen2 < 4)
87070192 1851 return STAT_BOGUS; /* bad packet */
8d718cbb 1852
51ea3ca2
SK		 1853 GETSHORT(keytag, p2);
1854 algo = *p2++;
1855 digest = *p2++;
1856
1857 /* Cache needs to known class for DNSSEC stuff */
1858 a.addr.dnssec.class = class2;
1859
8d718cbb 1860 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1861 {
8d718cbb
SK		 1862 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1863 blockdata_free(key);
1864 else
1865 {
1866 a.addr.keytag = keytag;
1867 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1868 crecp->addr.ds.digest = digest;
1869 crecp->addr.ds.keydata = key;
1870 crecp->addr.ds.algo = algo;
1871 crecp->addr.ds.keytag = keytag;
8d718cbb
SK		 1872 crecp->addr.ds.keylen = rdlen2 - 4;
1873 }
1874 }
1875 }
1876 else if (type2 == T_RRSIG)
1877 {
1878 if (rdlen2 < 18)
87070192 1879 return STAT_BOGUS; /* bad packet */
51ea3ca2 1880
8d718cbb
SK		 1881 GETSHORT(type_covered, p2);
1882
1883 if (type_covered == type1 &&
1884 (type_covered == T_A || type_covered == T_AAAA ||
1885 type_covered == T_CNAME || type_covered == T_DS ||
1886 type_covered == T_DNSKEY || type_covered == T_PTR))
1887 {
1888 a.addr.dnssec.type = type_covered;
c8ca33f8 1889 a.addr.dnssec.class = class1;
8d718cbb
SK		 1890
1891 algo = *p2++;
1892 p2 += 13; /* labels, orig_ttl, expiration, inception */
1893 GETSHORT(keytag, p2);
1894
1895 if ((key = blockdata_alloc((char*)psave, rdlen2)))
1896 {
1897 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1898 blockdata_free(key);
1899 else
1900 {
8d718cbb
SK		 1901 crecp->addr.sig.keydata = key;
1902 crecp->addr.sig.keylen = rdlen2;
1903 crecp->addr.sig.keytag = keytag;
1904 crecp->addr.sig.type_covered = type_covered;
1905 crecp->addr.sig.algo = algo;
1906 }
1907 }
1908 }
51ea3ca2
SK		 1909 }
1910
8d718cbb 1911 p2 = psave;
51ea3ca2
SK		 1912 }
1913
8d718cbb 1914 if (!ADD_RDLEN(header, p2, plen, rdlen2))
87070192 1915 return STAT_BOGUS; /* bad packet */
51ea3ca2 1916 }
8d718cbb
SK		 1917
1918 cache_end_insert();
0fc2f313
SK		 1919 }
1920 }
adca3e9c 1921
0fc2f313 1922 if (!ADD_RDLEN(header, p1, plen, rdlen1))
87070192 1923 return STAT_BOGUS;
adca3e9c
GB		 1924 }
1925
c5f4ec7d 1926 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
00a5b5d4
SK		 1927 if (have_answer)
1928 return STAT_SECURE;
1929
5107ace1 1930 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
5107ace1 1931 /* First marshall the NSEC records, if we've not done it previously */
87070192
SK		 1932 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
1933 return STAT_BOGUS; /* No NSECs */
00a5b5d4
SK		 1934
1935 /* Get name of missing answer */
1936 if (!extract_name(header, plen, &qname, name, 1, 0))
87070192 1937 return STAT_BOGUS;
5107ace1
SK		 1938
1939 if (nsec_type == T_NSEC)
00a5b5d4 1940 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
5107ace1 1941 else
fbc52057 1942 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL);
e292e93d
GB		 1943}
1944
00a5b5d4
SK		 1945/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
1946 Needed for proving answer in unsigned space.
1947 Return STAT_NEED_*
1948 STAT_BOGUS - error
1949 STAT_INSECURE - name of first non-secure record in name
1950*/
1951int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
1952{
1953 unsigned char *p = (unsigned char *)(header+1);
c07d30dc 1954 int type, class, qclass, rdlen, j, rc;
1fbe4d2f 1955 int cname_count = CNAME_CHAIN;
00a5b5d4
SK		 1956
1957 /* Get question */
1958 if (!extract_name(header, plen, &p, name, 1, 4))
1959 return STAT_BOGUS;
1960
c07d30dc 1961 p +=2; /* type */
00a5b5d4
SK		 1962 GETSHORT(qclass, p);
1963
1964 while (1)
1965 {
1966 for (j = ntohs(header->ancount); j != 0; j--)
1967 {
1968 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1969 return STAT_BOGUS; /* bad packet */
1970
1971 GETSHORT(type, p);
1972 GETSHORT(class, p);
1973 p += 4; /* TTL */
1974 GETSHORT(rdlen, p);
1975
1976 /* Not target, loop */
1977 if (rc == 2 || qclass != class)
1978 {
1979 if (!ADD_RDLEN(header, p, plen, rdlen))
1980 return STAT_BOGUS;
1981 continue;
1982 }
1983
1984 /* Got to end of CNAME chain. */
1985 if (type != T_CNAME)
1986 return STAT_INSECURE;
1987
1988 /* validate CNAME chain, return if insecure or need more data */
fbc52057 1989 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
00a5b5d4
SK		 1990 if (rc != STAT_SECURE)
1991 {
1992 if (rc == STAT_NO_SIG)
1993 rc = STAT_INSECURE;
1994 return rc;
1995 }
1996
1997 /* Loop down CNAME chain/ */
1998 if (!cname_count-- ||
1999 !extract_name(header, plen, &p, name, 1, 0) ||
2000 !(p = skip_questions(header, plen)))
2001 return STAT_BOGUS;
2002
2003 break;
2004 }
2005
2006 /* End of CNAME chain */
2007 return STAT_INSECURE;
2008 }
2009}
2010
2011
3471f181 2012/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 2013int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 2014{
75ffc9bf
GB		 2015 if (alg == 1)
2016 {
2017 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2018 See RFC4034, Appendix B.1 */
0fc2f313 2019 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 2020 }
2021 else
2022 {
1633e308 2023 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 2024 int i;
2025
0fc2f313
SK		 2026 for (i = 0; i < keylen; ++i)
2027 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 2028
0fc2f313
SK		 2029 ac += (ac >> 16) & 0xffff;
2030 return ac & 0xffff;
0304d28f 2031 }
3471f181 2032}
e292e93d 2033
5f8e58f4
SK		 2034size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2035{
2036 unsigned char *p;
610e782a 2037 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 2038
2039 if (addr->sa.sa_family == AF_INET)
2040 log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2041#ifdef HAVE_IPV6
2042 else
2043 log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2044#endif
2045
2046 header->qdcount = htons(1);
2047 header->ancount = htons(0);
2048 header->nscount = htons(0);
2049 header->arcount = htons(0);
e292e93d 2050
5f8e58f4
SK		 2051 header->hb3 = HB3_RD;
2052 SET_OPCODE(header, QUERY);
5b3bf921
SK		 2053 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2054 this allows it to select auth servers when one is returning bad data. */
2055 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 2056
2057 /* ID filled in later */
2058
2059 p = (unsigned char *)(header+1);
2060
2061 p = do_rfc1035_name(p, name);
2062 *p++ = 0;
2063 PUTSHORT(type, p);
2064 PUTSHORT(class, p);
2065
2066 return add_do_bit(header, p - (unsigned char *)header, end);
2067}
8a9be9e4 2068
613ad15d
SK		 2069/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2070 we've chopped out of the packet, or check they don't point into an elided part. */
2071static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2072{
2073 unsigned char *ansp = *namep;
2074
2075 while(1)
2076 {
2077 unsigned int label_type;
2078
2079 if (!CHECK_LEN(header, ansp, plen, 1))
2080 return 0;
2081
2082 label_type = (*ansp) & 0xc0;
2083
2084 if (label_type == 0xc0)
2085 {
2086 /* pointer for compression. */
00a5b5d4
SK		 2087 unsigned int offset;
2088 int i;
613ad15d
SK		 2089 unsigned char *p;
2090
2091 if (!CHECK_LEN(header, ansp, plen, 2))
2092 return 0;
2093
2094 offset = ((*ansp++) & 0x3f) << 8;
2095 offset |= *ansp++;
2096
2097 p = offset + (unsigned char *)header;
2098
2099 for (i = 0; i < rr_count; i++)
2100 if (p < rrs[i])
2101 break;
2102 else
2103 if (i & 1)
2104 offset -= rrs[i] - rrs[i-1];
2105
2106 /* does the pointer end up in an elided RR? */
2107 if (i & 1)
00a5b5d4 2108 return 0;
613ad15d
SK		 2109
2110 /* No, scale the pointer */
2111 if (fixup)
2112 {
2113 ansp -= 2;
2114 *ansp++ = (offset >> 8) | 0xc0;
2115 *ansp++ = offset & 0xff;
2116 }
2117 break;
2118 }
2119 else if (label_type == 0x80)
2120 return 0; /* reserved */
2121 else if (label_type == 0x40)
2122 {
2123 /* Extended label type */
2124 unsigned int count;
2125
2126 if (!CHECK_LEN(header, ansp, plen, 2))
2127 return 0;
2128
2129 if (((*ansp++) & 0x3f) != 1)
2130 return 0; /* we only understand bitstrings */
2131
2132 count = *(ansp++); /* Bits in bitstring */
2133
2134 if (count == 0) /* count == 0 means 256 bits */
2135 ansp += 32;
2136 else
2137 ansp += ((count-1)>>3)+1;
2138 }
2139 else
2140 { /* label type == 0 Bottom six bits is length */
2141 unsigned int len = (*ansp++) & 0x3f;
2142
2143 if (!ADD_RDLEN(header, ansp, plen, len))
2144 return 0;
2145
2146 if (len == 0)
2147 break; /* zero length label marks the end. */
2148 }
2149 }
2150
2151 *namep = ansp;
2152
2153 return 1;
2154}
2155
2156/* Go through RRs and check or fixup the domain names contained within */
2157static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2158{
2159 int i, type, class, rdlen;
00a5b5d4 2160 unsigned char *pp;
613ad15d 2161
50f86ce8 2162 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
613ad15d 2163 {
00a5b5d4
SK		 2164 pp = p;
2165
2166 if (!(p = skip_name(p, header, plen, 10)))
2167 return 0;
613ad15d
SK		 2168
2169 GETSHORT(type, p);
2170 GETSHORT(class, p);
2171 p += 4; /* TTL */
2172 GETSHORT(rdlen, p);
00a5b5d4 2173
613ad15d
SK		 2174 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2175 {
00a5b5d4
SK		 2176 /* fixup name of RR */
2177 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2178 return 0;
2179
613ad15d
SK		 2180 if (class == C_IN)
2181 {
2182 u16 *d;
14db4212
SK		 2183
2184 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
613ad15d
SK		 2185 {
2186 if (*d != 0)
2187 pp += *d;
2188 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2189 return 0;
2190 }
2191 }
2192 }
2193
2194 if (!ADD_RDLEN(header, p, plen, rdlen))
2195 return 0;
2196 }
2197
2198 return 1;
2199}
2200
2201
2202size_t filter_rrsigs(struct dns_header *header, size_t plen)
2203{
2204 static unsigned char **rrs;
2205 static int rr_sz = 0;
2206
2207 unsigned char *p = (unsigned char *)(header+1);
50f86ce8 2208 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
613ad15d
SK		 2209
2210 if (ntohs(header->qdcount) != 1 ||
2211 !(p = skip_name(p, header, plen, 4)))
2212 return plen;
2213
2214 GETSHORT(qtype, p);
2215 GETSHORT(qclass, p);
2216
2217 /* First pass, find pointers to start and end of all the records we wish to elide:
2218 records added for DNSSEC, unless explicity queried for */
50f86ce8
SK		 2219 for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
2220 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2221 i++)
613ad15d
SK		 2222 {
2223 unsigned char *pstart = p;
2224 int type, class;
2225
2226 if (!(p = skip_name(p, header, plen, 10)))
2227 return plen;
2228
2229 GETSHORT(type, p);
2230 GETSHORT(class, p);
2231 p += 4; /* TTL */
2232 GETSHORT(rdlen, p);
2233
2234 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2235 (type != qtype || class != qclass))
2236 {
2237 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2238 return plen;
2239
2240 rrs[rr_found++] = pstart;
2241
2242 if (!ADD_RDLEN(header, p, plen, rdlen))
2243 return plen;
2244
2245 rrs[rr_found++] = p;
2246
2247 if (i < ntohs(header->ancount))
2248 chop_an++;
e6096e64 2249 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
613ad15d 2250 chop_ns++;
50f86ce8
SK		 2251 else
2252 chop_ar++;
613ad15d
SK		 2253 }
2254 else if (!ADD_RDLEN(header, p, plen, rdlen))
2255 return plen;
2256 }
2257
2258 /* Nothing to do. */
2259 if (rr_found == 0)
2260 return plen;
2261
2262 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2263 point to records we're going to elide. This is theoretically possible, but unlikely. If
2264 it happens, we give up and leave the answer unchanged. */
2265 p = (unsigned char *)(header+1);
2266
2267 /* question first */
2268 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2269 return plen;
2270 p += 4; /* qclass, qtype */
2271
2272 /* Now answers and NS */
2273 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2274 return plen;
2275
2276 /* Third pass, elide records */
2277 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2278 {
2279 unsigned char *start = rrs[i];
2280 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2281
2282 memmove(p, start, end-start);
2283 p += end-start;
2284 }
2285
2286 plen = p - (unsigned char *)header;
2287 header->ancount = htons(ntohs(header->ancount) - chop_an);
2288 header->nscount = htons(ntohs(header->nscount) - chop_ns);
50f86ce8
SK		 2289 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2290
613ad15d
SK		 2291 /* Fourth pass, fix up pointers in the remaining records */
2292 p = (unsigned char *)(header+1);
2293
2294 check_name(&p, header, plen, 1, rrs, rr_found);
2295 p += 4; /* qclass, qtype */
2296
2297 check_rrs(p, header, plen, 1, rrs, rr_found);
2298
2299 return plen;
2300}
2301
8a9be9e4
SK		 2302unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2303{
2304 int q;
2305 unsigned int len;
2306 unsigned char *p = (unsigned char *)(header+1);
2307 const struct nettle_hash *hash;
2308 void *ctx;
2309 unsigned char *digest;
5f8e58f4 2310
8a9be9e4
SK		 2311 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2312 return NULL;
2313
2314 for (q = ntohs(header->qdcount); q != 0; q--)
2315 {
2316 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 2317 break; /* bad packet */
8a9be9e4
SK		 2318
2319 len = to_wire(name);
2320 hash->update(ctx, len, (unsigned char *)name);
2321 /* CRC the class and type as well */
2322 hash->update(ctx, 4, p);
2323
2324 p += 4;
2325 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 2326 break; /* bad packet */
8a9be9e4 2327 }
703c7ff4
SK		 2328
2329 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 2330 return digest;
2331}
2332
0fc2f313 2333#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.