]>
git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnssec.c
1 /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2015 Simon Kelley
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include <nettle/rsa.h>
23 #include <nettle/dsa.h>
25 # include <nettle/ecdsa.h>
26 # include <nettle/ecc-curve.h>
28 #include <nettle/nettle-meta.h>
29 #include <nettle/bignum.h>
31 /* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33 #ifdef dsa_params_init
34 #include <nettle/dsa-compat.h>
39 #define SERIAL_UNDEF -100
44 /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45 static char *ds_digest_name(int digest
)
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
57 /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58 static char *algo_digest_name(int algo
)
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
76 /* Find pointer to correct hash function in nettle library */
77 static const struct nettle_hash
*hash_find(char *name
)
84 for (i
= 0; nettle_hashes
[i
]; i
++)
86 if (strcmp(nettle_hashes
[i
]->name
, name
) == 0)
87 return nettle_hashes
[i
];
93 /* expand ctx and digest memory allocations if necessary and init hash function */
94 static int hash_init(const struct nettle_hash
*hash
, void **ctxp
, unsigned char **digestp
)
96 static void *ctx
= NULL
;
97 static unsigned char *digest
= NULL
;
98 static unsigned int ctx_sz
= 0;
99 static unsigned int digest_sz
= 0;
103 if (ctx_sz
< hash
->context_size
)
105 if (!(new = whine_malloc(hash
->context_size
)))
110 ctx_sz
= hash
->context_size
;
113 if (digest_sz
< hash
->digest_size
)
115 if (!(new = whine_malloc(hash
->digest_size
)))
120 digest_sz
= hash
->digest_size
;
131 static int dnsmasq_rsa_verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
132 unsigned char *digest
, int algo
)
137 static struct rsa_public_key
*key
= NULL
;
138 static mpz_t sig_mpz
;
142 if (!(key
= whine_malloc(sizeof(struct rsa_public_key
))))
145 nettle_rsa_public_key_init(key
);
149 if ((key_len
< 3) || !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
153 if ((exp_len
= *p
++) == 0)
155 GETSHORT(exp_len
, p
);
159 if (exp_len
>= key_len
)
162 key
->size
= key_len
- exp_len
;
163 mpz_import(key
->e
, exp_len
, 1, 1, 0, 0, p
);
164 mpz_import(key
->n
, key
->size
, 1, 1, 0, 0, p
+ exp_len
);
166 mpz_import(sig_mpz
, sig_len
, 1, 1, 0, 0, sig
);
171 return nettle_rsa_md5_verify_digest(key
, digest
, sig_mpz
);
173 return nettle_rsa_sha1_verify_digest(key
, digest
, sig_mpz
);
175 return nettle_rsa_sha256_verify_digest(key
, digest
, sig_mpz
);
177 return nettle_rsa_sha512_verify_digest(key
, digest
, sig_mpz
);
183 static int dnsmasq_dsa_verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
184 unsigned char *digest
, int algo
)
189 static struct dsa_public_key
*key
= NULL
;
190 static struct dsa_signature
*sig_struct
;
194 if (!(sig_struct
= whine_malloc(sizeof(struct dsa_signature
))) ||
195 !(key
= whine_malloc(sizeof(struct dsa_public_key
))))
198 nettle_dsa_public_key_init(key
);
199 nettle_dsa_signature_init(sig_struct
);
202 if ((sig_len
< 41) || !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
207 if (key_len
< (213 + (t
* 24)))
210 mpz_import(key
->q
, 20, 1, 1, 0, 0, p
); p
+= 20;
211 mpz_import(key
->p
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
212 mpz_import(key
->g
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
213 mpz_import(key
->y
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
215 mpz_import(sig_struct
->r
, 20, 1, 1, 0, 0, sig
+1);
216 mpz_import(sig_struct
->s
, 20, 1, 1, 0, 0, sig
+21);
220 return nettle_dsa_sha1_verify_digest(key
, digest
, sig_struct
);
223 #ifndef NO_NETTLE_ECC
224 static int dnsmasq_ecdsa_verify(struct blockdata
*key_data
, unsigned int key_len
,
225 unsigned char *sig
, size_t sig_len
,
226 unsigned char *digest
, size_t digest_len
, int algo
)
230 struct ecc_point
*key
;
232 static struct ecc_point
*key_256
= NULL
, *key_384
= NULL
;
234 static struct dsa_signature
*sig_struct
;
238 if (!(sig_struct
= whine_malloc(sizeof(struct dsa_signature
))))
241 nettle_dsa_signature_init(sig_struct
);
251 if (!(key_256
= whine_malloc(sizeof(struct ecc_point
))))
254 nettle_ecc_point_init(key_256
, &nettle_secp_256r1
);
264 if (!(key_384
= whine_malloc(sizeof(struct ecc_point
))))
267 nettle_ecc_point_init(key_384
, &nettle_secp_384r1
);
278 if (sig_len
!= 2*t
|| key_len
!= 2*t
||
279 !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
282 mpz_import(x
, t
, 1, 1, 0, 0, p
);
283 mpz_import(y
, t
, 1, 1, 0, 0, p
+ t
);
285 if (!ecc_point_set(key
, x
, y
))
288 mpz_import(sig_struct
->r
, t
, 1, 1, 0, 0, sig
);
289 mpz_import(sig_struct
->s
, t
, 1, 1, 0, 0, sig
+ t
);
291 return nettle_ecdsa_verify(key
, digest_len
, digest
, sig_struct
);
295 static int verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
296 unsigned char *digest
, size_t digest_len
, int algo
)
302 case 1: case 5: case 7: case 8: case 10:
303 return dnsmasq_rsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, algo
);
306 return dnsmasq_dsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, algo
);
308 #ifndef NO_NETTLE_ECC
310 return dnsmasq_ecdsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, digest_len
, algo
);
317 /* Convert from presentation format to wire format, in place.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
325 static int to_wire(char *name
)
327 unsigned char *l
, *p
, term
;
330 for (l
= (unsigned char*)name
; *l
!= 0; l
= p
)
332 for (p
= l
; *p
!= '.' && *p
!= 0; p
++)
333 if (*p
>= 'A' && *p
<= 'Z')
338 if ((len
= p
- l
) != 0)
339 memmove(l
+1, l
, len
);
348 return l
+ 1 - (unsigned char *)name
;
351 /* Note: no compression allowed in input. */
352 static void from_wire(char *name
)
357 for (l
= (unsigned char *)name
; *l
!= 0; l
+= len
+1)
360 memmove(l
, l
+1, len
);
364 if ((char *)l
!= name
)
368 /* Input in presentation format */
369 static int count_labels(char *name
)
376 for (i
= 0; *name
; name
++)
383 /* Implement RFC1982 wrapped compare for 32-bit numbers */
384 static int serial_compare_32(unsigned long s1
, unsigned long s2
)
389 if ((s1
< s2
&& (s2
- s1
) < (1UL<<31)) ||
390 (s1
> s2
&& (s1
- s2
) > (1UL<<31)))
392 if ((s1
< s2
&& (s2
- s1
) > (1UL<<31)) ||
393 (s1
> s2
&& (s1
- s2
) < (1UL<<31)))
398 /* Called at startup. If the timestamp file is configured and exists, put its mtime on
399 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
400 return -1 -> Cannot create file.
401 0 -> not using timestamp, or timestamp exists and is in past.
402 1 -> timestamp exists and is in future.
405 static time_t timestamp_time
;
406 static int back_to_the_future
;
408 int setup_timestamp(void)
412 back_to_the_future
= 0;
414 if (!daemon
->timestamp_file
)
417 if (stat(daemon
->timestamp_file
, &statbuf
) != -1)
419 timestamp_time
= statbuf
.st_mtime
;
421 if (difftime(timestamp_time
, time(0)) <= 0)
423 /* time already OK, update timestamp, and do key checking from the start. */
424 if (utime(daemon
->timestamp_file
, NULL
) == -1)
425 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
426 back_to_the_future
= 1;
434 /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
435 int fd
= open(daemon
->timestamp_file
, O_WRONLY
| O_CREAT
| O_NONBLOCK
| O_EXCL
, 0666);
438 struct utimbuf timbuf
;
442 timestamp_time
= timbuf
.actime
= timbuf
.modtime
= 1420070400; /* 1-1-2015 */
443 if (utime(daemon
->timestamp_file
, &timbuf
) == 0)
451 /* Check whether today/now is between date_start and date_end */
452 static int check_date_range(unsigned long date_start
, unsigned long date_end
)
454 unsigned long curtime
= time(0);
456 /* Checking timestamps may be temporarily disabled */
458 /* If the current time if _before_ the timestamp
459 on our persistent timestamp file, then assume the
460 time if not yet correct, and don't check the
461 key timestamps. As soon as the current time is
462 later then the timestamp, update the timestamp
463 and start checking keys */
464 if (daemon
->timestamp_file
)
466 if (back_to_the_future
== 0 && difftime(timestamp_time
, curtime
) <= 0)
468 if (utime(daemon
->timestamp_file
, NULL
) != 0)
469 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
471 back_to_the_future
= 1;
472 set_option_bool(OPT_DNSSEC_TIME
);
473 queue_event(EVENT_RELOAD
); /* purge cache */
476 if (back_to_the_future
== 0)
479 else if (option_bool(OPT_DNSSEC_TIME
))
482 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
483 return serial_compare_32(curtime
, date_start
) == SERIAL_GT
484 && serial_compare_32(curtime
, date_end
) == SERIAL_LT
;
487 static u16
*get_desc(int type
)
489 /* List of RRtypes which include domains in the data.
491 integer -> no of plain bytes
494 zero is not a valid RRtype, so the final entry is returned for
495 anything which needs no mangling.
498 static u16 rr_desc
[] =
520 0, -1 /* wildcard/catchall */
525 while (*p
!= type
&& *p
!= 0)
526 while (*p
++ != (u16
)-1);
531 /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
532 data, pointed to by *p, should be used raw. */
533 static int get_rdata(struct dns_header
*header
, size_t plen
, unsigned char *end
, char *buff
, int bufflen
,
534 unsigned char **p
, u16
**desc
)
538 /* No more data needs mangling */
541 /* If there's more data than we have space for, just return what fits,
542 we'll get called again for more chunks */
543 if (end
- *p
> bufflen
)
545 memcpy(buff
, *p
, bufflen
);
555 if (d
== 0 && extract_name(header
, plen
, p
, buff
, 1, 0))
556 /* domain-name, canonicalise */
557 return to_wire(buff
);
560 /* plain data preceding a domain-name, don't run off the end of the data */
574 static int expand_workspace(unsigned char ***wkspc
, int *sz
, int new)
587 if (!(p
= whine_malloc((new_sz
) * sizeof(unsigned char **))))
592 memcpy(p
, *wkspc
, *sz
* sizeof(unsigned char **));
602 /* Bubble sort the RRset into the canonical order.
603 Note that the byte-streams from two RRs may get unsynced: consider
604 RRs which have two domain-names at the start and then other data.
605 The domain-names may have different lengths in each RR, but sort equal
613 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
616 static void sort_rrset(struct dns_header
*header
, size_t plen
, u16
*rr_desc
, int rrsetidx
,
617 unsigned char **rrset
, char *buff1
, char *buff2
)
623 for (swap
= 0, i
= 0; i
< rrsetidx
-1; i
++)
625 int rdlen1
, rdlen2
, left1
, left2
, len1
, len2
, len
, rc
;
627 unsigned char *end1
, *end2
;
628 /* Note that these have been determined to be OK previously,
629 so we don't need to check for NULL return here. */
630 unsigned char *p1
= skip_name(rrset
[i
], header
, plen
, 10);
631 unsigned char *p2
= skip_name(rrset
[i
+1], header
, plen
, 10);
633 p1
+= 8; /* skip class, type, ttl */
634 GETSHORT(rdlen1
, p1
);
637 p2
+= 8; /* skip class, type, ttl */
638 GETSHORT(rdlen2
, p2
);
643 for (quit
= 0, left1
= 0, left2
= 0, len1
= 0, len2
= 0; !quit
;)
646 memmove(buff1
, buff1
+ len1
- left1
, left1
);
648 if ((len1
= get_rdata(header
, plen
, end1
, buff1
+ left1
, MAXDNAME
- left1
, &p1
, &dp1
)) == 0)
652 memcpy(buff1
+ left1
, p1
, len1
);
657 memmove(buff2
, buff2
+ len2
- left2
, left2
);
659 if ((len2
= get_rdata(header
, plen
, end2
, buff2
+ left2
, MAXDNAME
- left2
, &p2
, &dp2
)) == 0)
663 memcpy(buff2
+ left2
, p2
, len2
);
668 left1
= len1
- len2
, left2
= 0, len
= len2
;
670 left2
= len2
- len1
, left1
= 0, len
= len1
;
672 rc
= (len
== 0) ? 0 : memcmp(buff1
, buff2
, len
);
674 if (rc
> 0 || (rc
== 0 && quit
&& len1
> len2
))
676 unsigned char *tmp
= rrset
[i
+1];
677 rrset
[i
+1] = rrset
[i
];
688 /* Validate a single RRset (class, type, name) in the supplied DNS reply
690 STAT_SECURE if it validates.
691 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
692 (In this case *wildcard_out points to the "body" of the wildcard within name.)
693 STAT_NO_SIG no RRsigs found.
694 STAT_INSECURE RRset empty.
695 STAT_BOGUS signature is wrong, bad packet.
696 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
698 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
699 otherwise find the key in the cache.
701 name is unchanged on exit. keyname is used as workspace and trashed.
703 static int validate_rrset(time_t now
, struct dns_header
*header
, size_t plen
, int class, int type
,
704 char *name
, char *keyname
, char **wildcard_out
, struct blockdata
*key
, int keylen
, int algo_in
, int keytag_in
)
706 static unsigned char **rrset
= NULL
, **sigs
= NULL
;
707 static int rrset_sz
= 0, sig_sz
= 0;
710 int rrsetidx
, sigidx
, res
, rdlen
, j
, name_labels
;
711 struct crec
*crecp
= NULL
;
712 int type_covered
, algo
, labels
, orig_ttl
, sig_expiration
, sig_inception
, key_tag
;
713 u16
*rr_desc
= get_desc(type
);
716 *wildcard_out
= NULL
;
718 if (!(p
= skip_questions(header
, plen
)))
721 name_labels
= count_labels(name
); /* For 4035 5.3.2 check */
723 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
724 for (rrsetidx
= 0, sigidx
= 0, j
= ntohs(header
->ancount
) + ntohs(header
->nscount
);
727 unsigned char *pstart
, *pdata
;
732 if (!(res
= extract_name(header
, plen
, &p
, name
, 0, 10)))
733 return STAT_BOGUS
; /* bad packet */
743 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
746 if (res
== 1 && sclass
== class)
750 if (!expand_workspace(&rrset
, &rrset_sz
, rrsetidx
))
753 rrset
[rrsetidx
++] = pstart
;
756 if (stype
== T_RRSIG
)
759 return STAT_BOGUS
; /* bad packet */
761 GETSHORT(type_covered
, p
);
763 if (type_covered
== type
)
765 if (!expand_workspace(&sigs
, &sig_sz
, sigidx
))
768 sigs
[sigidx
++] = pdata
;
771 p
= pdata
+ 2; /* restore for ADD_RDLEN */
775 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
781 return STAT_INSECURE
;
787 /* Sort RRset records into canonical order.
788 Note that at this point keyname and daemon->workspacename buffs are
789 unused, and used as workspace by the sort. */
790 sort_rrset(header
, plen
, rr_desc
, rrsetidx
, rrset
, daemon
->workspacename
, keyname
);
792 /* Now try all the sigs to try and find one which validates */
793 for (j
= 0; j
<sigidx
; j
++)
795 unsigned char *psav
, *sig
, *digest
;
796 int i
, wire_len
, sig_len
;
797 const struct nettle_hash
*hash
;
803 GETSHORT(rdlen
, p
); /* rdlen >= 18 checked previously */
806 p
+= 2; /* type_covered - already checked */
809 GETLONG(orig_ttl
, p
);
810 GETLONG(sig_expiration
, p
);
811 GETLONG(sig_inception
, p
);
812 GETSHORT(key_tag
, p
);
814 if (!extract_name(header
, plen
, &p
, keyname
, 1, 0))
817 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
818 the name of the zone containing the RRset. We can't tell that
819 for certain, but we can check that the RRset name is equal to
820 or encloses the signers name, which should be enough to stop
821 an attacker using signatures made with the key of an unrelated
822 zone he controls. Note that the root key is always allowed. */
827 for (name_start
= name
; !hostname_isequal(name_start
, keyname
); )
828 if ((name_start
= strchr(name_start
, '.')))
829 name_start
++; /* chop a label off and try again */
836 /* Bad sig, try another */
841 /* Other 5.3.1 checks */
842 if (!check_date_range(sig_inception
, sig_expiration
) ||
843 labels
> name_labels
||
844 !(hash
= hash_find(algo_digest_name(algo
))) ||
845 !hash_init(hash
, &ctx
, &digest
))
848 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
849 if (!key
&& !(crecp
= cache_find_by_name(NULL
, keyname
, now
, F_DNSKEY
)))
850 return STAT_NEED_KEY
;
853 sig_len
= rdlen
- (p
- psav
);
855 nsigttl
= htonl(orig_ttl
);
857 hash
->update(ctx
, 18, psav
);
858 wire_len
= to_wire(keyname
);
859 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char*)keyname
);
862 for (i
= 0; i
< rrsetidx
; ++i
)
865 unsigned char *end
, *cp
;
869 if (!extract_name(header
, plen
, &p
, name
, 1, 10))
874 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
875 if (labels
< name_labels
)
878 for (k
= name_labels
- labels
; k
!= 0; k
--)
880 while (*name_start
!= '.' && *name_start
!= 0)
882 if (k
!= 1 && *name_start
== '.')
887 *wildcard_out
= name_start
+1;
893 wire_len
= to_wire(name_start
);
894 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char *)name_start
);
895 hash
->update(ctx
, 4, p
); /* class and type */
896 hash
->update(ctx
, 4, (unsigned char *)&nsigttl
);
898 p
+= 8; /* skip class, type, ttl */
900 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
905 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
908 for (len
= 0; (seg
= get_rdata(header
, plen
, end
, name
, MAXDNAME
, &cp
, &dp
)) != 0; len
+= seg
);
911 hash
->update(ctx
, 2, (unsigned char *)&len
);
913 /* Now canonicalise again and digest. */
916 while ((seg
= get_rdata(header
, plen
, end
, name
, MAXDNAME
, &cp
, &dp
)))
917 hash
->update(ctx
, seg
, (unsigned char *)name
);
919 hash
->update(ctx
, end
- cp
, cp
);
922 hash
->digest(ctx
, hash
->digest_size
, digest
);
924 /* namebuff used for workspace above, restore to leave unchanged on exit */
925 p
= (unsigned char*)(rrset
[0]);
926 extract_name(header
, plen
, &p
, name
, 1, 0);
930 if (algo_in
== algo
&& keytag_in
== key_tag
&&
931 verify(key
, keylen
, sig
, sig_len
, digest
, hash
->digest_size
, algo
))
936 /* iterate through all possible keys 4035 5.3.1 */
937 for (; crecp
; crecp
= cache_find_by_name(crecp
, keyname
, now
, F_DNSKEY
))
938 if (crecp
->addr
.key
.algo
== algo
&&
939 crecp
->addr
.key
.keytag
== key_tag
&&
940 crecp
->uid
== (unsigned int)class &&
941 verify(crecp
->addr
.key
.keydata
, crecp
->addr
.key
.keylen
, sig
, sig_len
, digest
, hash
->digest_size
, algo
))
942 return (labels
< name_labels
) ? STAT_SECURE_WILDCARD
: STAT_SECURE
;
949 /* The DNS packet is expected to contain the answer to a DNSKEY query.
950 Put all DNSKEYs in the answer which are valid into the cache.
952 STAT_SECURE At least one valid DNSKEY found and in cache.
953 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
954 or self-sign for DNSKEY RRset is not valid, bad packet.
955 STAT_NEED_DS DS records to validate a key not found, name in keyname
957 int dnssec_validate_by_ds(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
, int class)
959 unsigned char *psave
, *p
= (unsigned char *)(header
+1);
960 struct crec
*crecp
, *recp1
;
961 int rc
, j
, qtype
, qclass
, ttl
, rdlen
, flags
, algo
, valid
, keytag
, type_covered
;
962 struct blockdata
*key
;
965 if (ntohs(header
->qdcount
) != 1 ||
966 !extract_name(header
, plen
, &p
, name
, 1, 4))
972 if (qtype
!= T_DNSKEY
|| qclass
!= class || ntohs(header
->ancount
) == 0)
975 /* See if we have cached a DS record which validates this key */
976 if (!(crecp
= cache_find_by_name(NULL
, name
, now
, F_DS
)))
978 strcpy(keyname
, name
);
982 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
983 if (crecp
->flags
& F_NEG
)
984 return STAT_INSECURE
;
986 /* NOTE, we need to find ONE DNSKEY which matches the DS */
987 for (valid
= 0, j
= ntohs(header
->ancount
); j
!= 0 && !valid
; j
--)
989 /* Ensure we have type, class TTL and length */
990 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
991 return STAT_BOGUS
; /* bad packet */
998 if (!CHECK_LEN(header
, p
, plen
, rdlen
) || rdlen
< 4)
999 return STAT_BOGUS
; /* bad packet */
1001 if (qclass
!= class || qtype
!= T_DNSKEY
|| rc
== 2)
1013 keytag
= dnskey_keytag(algo
, flags
, p
, rdlen
- 4);
1016 /* key must have zone key flag set */
1018 key
= blockdata_alloc((char*)p
, rdlen
- 4);
1022 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1025 blockdata_free(key
);
1026 return STAT_BOGUS
; /* bad packet */
1029 /* No zone key flag or malloc failure */
1033 for (recp1
= crecp
; recp1
; recp1
= cache_find_by_name(recp1
, name
, now
, F_DS
))
1036 unsigned char *digest
, *ds_digest
;
1037 const struct nettle_hash
*hash
;
1039 if (recp1
->addr
.ds
.algo
== algo
&&
1040 recp1
->addr
.ds
.keytag
== keytag
&&
1041 recp1
->uid
== (unsigned int)class &&
1042 (hash
= hash_find(ds_digest_name(recp1
->addr
.ds
.digest
))) &&
1043 hash_init(hash
, &ctx
, &digest
))
1046 int wire_len
= to_wire(name
);
1048 /* Note that digest may be different between DSs, so
1049 we can't move this outside the loop. */
1050 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char *)name
);
1051 hash
->update(ctx
, (unsigned int)rdlen
, psave
);
1052 hash
->digest(ctx
, hash
->digest_size
, digest
);
1056 if (recp1
->addr
.ds
.keylen
== (int)hash
->digest_size
&&
1057 (ds_digest
= blockdata_retrieve(recp1
->addr
.key
.keydata
, recp1
->addr
.ds
.keylen
, NULL
)) &&
1058 memcmp(ds_digest
, digest
, recp1
->addr
.ds
.keylen
) == 0 &&
1059 validate_rrset(now
, header
, plen
, class, T_DNSKEY
, name
, keyname
, NULL
, key
, rdlen
- 4, algo
, keytag
) == STAT_SECURE
)
1066 blockdata_free(key
);
1071 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
1072 cache_start_insert();
1074 p
= skip_questions(header
, plen
);
1076 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
1078 /* Ensure we have type, class TTL and length */
1079 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
1080 return STAT_INSECURE
; /* bad packet */
1083 GETSHORT(qclass
, p
);
1087 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1088 return STAT_BOGUS
; /* bad packet */
1090 if (qclass
== class && rc
== 1)
1094 if (qtype
== T_DNSKEY
)
1097 return STAT_BOGUS
; /* bad packet */
1103 keytag
= dnskey_keytag(algo
, flags
, p
, rdlen
- 4);
1105 /* Cache needs to known class for DNSSEC stuff */
1106 a
.addr
.dnssec
.class = class;
1108 if ((key
= blockdata_alloc((char*)p
, rdlen
- 4)))
1110 if (!(recp1
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DNSSECOK
)))
1111 blockdata_free(key
);
1114 a
.addr
.keytag
= keytag
;
1115 log_query(F_NOEXTRA
| F_KEYTAG
| F_UPSTREAM
, name
, &a
, "DNSKEY keytag %u");
1117 recp1
->addr
.key
.keylen
= rdlen
- 4;
1118 recp1
->addr
.key
.keydata
= key
;
1119 recp1
->addr
.key
.algo
= algo
;
1120 recp1
->addr
.key
.keytag
= keytag
;
1121 recp1
->addr
.key
.flags
= flags
;
1125 else if (qtype
== T_RRSIG
)
1127 /* RRSIG, cache if covers DNSKEY RRset */
1129 return STAT_BOGUS
; /* bad packet */
1131 GETSHORT(type_covered
, p
);
1133 if (type_covered
== T_DNSKEY
)
1135 a
.addr
.dnssec
.class = class;
1136 a
.addr
.dnssec
.type
= type_covered
;
1139 p
+= 13; /* labels, orig_ttl, expiration, inception */
1140 GETSHORT(keytag
, p
);
1141 if ((key
= blockdata_alloc((char*)psave
, rdlen
)))
1143 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DS
)))
1144 blockdata_free(key
);
1147 crecp
->addr
.sig
.keydata
= key
;
1148 crecp
->addr
.sig
.keylen
= rdlen
;
1149 crecp
->addr
.sig
.keytag
= keytag
;
1150 crecp
->addr
.sig
.type_covered
= type_covered
;
1151 crecp
->addr
.sig
.algo
= algo
;
1160 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1161 return STAT_BOGUS
; /* bad packet */
1164 /* commit cache insert. */
1169 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, "BOGUS DNSKEY");
1173 /* The DNS packet is expected to contain the answer to a DS query
1174 Put all DSs in the answer which are valid into the cache.
1176 STAT_SECURE At least one valid DS found and in cache.
1177 STAT_NO_DS It's proved there's no DS here.
1178 STAT_NO_NS It's proved there's no DS _or_ NS here.
1179 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
1180 STAT_NEED_KEY DNSKEY records to validate a DS not found, name in keyname
1183 int dnssec_validate_ds(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
, int class)
1185 unsigned char *p
= (unsigned char *)(header
+1);
1186 int qtype
, qclass
, val
, i
, neganswer
, nons
;
1188 if (ntohs(header
->qdcount
) != 1 ||
1189 !(p
= skip_name(p
, header
, plen
, 4)))
1193 GETSHORT(qclass
, p
);
1195 if (qtype
!= T_DS
|| qclass
!= class)
1198 val
= dnssec_validate_reply(now
, header
, plen
, name
, keyname
, NULL
, &neganswer
, &nons
);
1199 /* Note dnssec_validate_reply() will have cached positive answers */
1201 if (val
== STAT_NO_SIG
|| val
== STAT_INSECURE
)
1204 p
= (unsigned char *)(header
+1);
1205 extract_name(header
, plen
, &p
, name
, 1, 4);
1206 p
+= 4; /* qtype, qclass */
1208 if (!(p
= skip_section(p
, ntohs(header
->ancount
), header
, plen
)))
1211 /* If the key needed to validate the DS is on the same domain as the DS, we'll
1212 loop getting nowhere. Stop that now. This can happen of the DS answer comes
1213 from the DS's zone, and not the parent zone. */
1214 if (val
== STAT_BOGUS
|| (val
== STAT_NEED_KEY
&& hostname_isequal(name
, keyname
)))
1216 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, "BOGUS DS");
1220 /* By here, the answer is proved secure, and a positive answer has been cached. */
1221 if (val
== STAT_SECURE
&& neganswer
)
1223 int rdlen
, flags
= F_FORWARD
| F_DS
| F_NEG
| F_DNSSECOK
;
1224 unsigned long ttl
, minttl
= ULONG_MAX
;
1227 if (RCODE(header
) == NXDOMAIN
)
1228 flags
|= F_NXDOMAIN
;
1230 /* We only cache validated DS records, DNSSECOK flag hijacked
1231 to store presence/absence of NS. */
1233 flags
&= ~F_DNSSECOK
;
1235 for (i
= ntohs(header
->nscount
); i
!= 0; i
--)
1237 if (!(p
= skip_name(p
, header
, plen
, 0)))
1241 GETSHORT(qclass
, p
);
1245 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1246 return STAT_BOGUS
; /* bad packet */
1248 if (qclass
!= class || qtype
!= T_SOA
)
1258 if (!(p
= skip_name(p
, header
, plen
, 0)))
1261 if (!(p
= skip_name(p
, header
, plen
, 20)))
1263 p
+= 16; /* SERIAL REFRESH RETRY EXPIRE */
1265 GETLONG(ttl
, p
); /* minTTL */
1274 cache_start_insert();
1276 a
.addr
.dnssec
.class = class;
1277 cache_insert(name
, &a
, now
, ttl
, flags
);
1281 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, nons
? "no delegation" : "no DS");
1284 return nons
? STAT_NO_NS
: STAT_NO_DS
;
1291 static int hostname_cmp(const char *a
, const char *b
)
1293 char *sa
, *ea
, *ca
, *sb
, *eb
, *cb
;
1294 unsigned char ac
, bc
;
1296 sa
= ea
= (char *)a
+ strlen(a
);
1297 sb
= eb
= (char *)b
+ strlen(b
);
1301 while (sa
!= a
&& *(sa
-1) != '.')
1304 while (sb
!= b
&& *(sb
-1) != '.')
1323 ac
= (unsigned char) *ca
++;
1324 bc
= (unsigned char) *cb
++;
1326 if (ac
>= 'A' && ac
<= 'Z')
1328 if (bc
>= 'A' && bc
<= 'Z')
1354 /* Find all the NSEC or NSEC3 records in a reply.
1355 return an array of pointers to them. */
1356 static int find_nsec_records(struct dns_header
*header
, size_t plen
, unsigned char ***nsecsetp
, int *nsecsetl
, int class_reqd
)
1358 static unsigned char **nsecset
= NULL
;
1359 static int nsecset_sz
= 0;
1362 unsigned char *p
= skip_questions(header
, plen
);
1363 int type
, class, rdlen
, i
, nsecs_found
;
1365 /* Move to NS section */
1366 if (!p
|| !(p
= skip_section(p
, ntohs(header
->ancount
), header
, plen
)))
1369 for (nsecs_found
= 0, i
= ntohs(header
->nscount
); i
!= 0; i
--)
1371 unsigned char *pstart
= p
;
1373 if (!(p
= skip_name(p
, header
, plen
, 10)))
1381 if (class == class_reqd
&& (type
== T_NSEC
|| type
== T_NSEC3
))
1383 /* No mixed NSECing 'round here, thankyouverymuch */
1384 if (type_found
== T_NSEC
&& type
== T_NSEC3
)
1386 if (type_found
== T_NSEC3
&& type
== T_NSEC
)
1391 if (!expand_workspace(&nsecset
, &nsecset_sz
, nsecs_found
))
1394 nsecset
[nsecs_found
++] = pstart
;
1397 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1401 *nsecsetp
= nsecset
;
1402 *nsecsetl
= nsecs_found
;
1407 static int prove_non_existence_nsec(struct dns_header
*header
, size_t plen
, unsigned char **nsecs
, int nsec_count
,
1408 char *workspace1
, char *workspace2
, char *name
, int type
, int *nons
)
1411 unsigned char *p
, *psave
;
1412 int offset
= (type
& 0xff) >> 3;
1413 int mask
= 0x80 >> (type
& 0x07);
1418 /* Find NSEC record that proves name doesn't exist */
1419 for (i
= 0; i
< nsec_count
; i
++)
1422 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 10))
1424 p
+= 8; /* class, type, TTL */
1427 if (!extract_name(header
, plen
, &p
, workspace2
, 1, 10))
1430 rc
= hostname_cmp(workspace1
, name
);
1434 /* 4035 para 5.4. Last sentence */
1435 if (type
== T_NSEC
|| type
== T_RRSIG
)
1438 /* NSEC with the same name as the RR we're testing, check
1439 that the type in question doesn't appear in the type map */
1441 /* rdlen is now length of type map, and p points to it */
1443 /* If we can prove that there's no NS record, return that information. */
1444 if (nons
&& rdlen
>= 2 && p
[0] == 0 && (p
[2] & (0x80 >> T_NS
)) == 0)
1449 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1452 if (p
[0] == type
>> 8)
1454 /* Does the NSEC say our type exists? */
1455 if (offset
< p
[1] && (p
[offset
+2] & mask
) != 0)
1458 break; /* finshed checking */
1469 /* Normal case, name falls between NSEC name and next domain name,
1470 wrap around case, name falls between NSEC name (rc == -1) and end */
1471 if (hostname_cmp(workspace2
, name
) == 1 || hostname_cmp(workspace1
, workspace2
) == 1)
1476 /* wrap around case, name falls between start and next domain name */
1477 if (hostname_cmp(workspace1
, workspace2
) == 1 && hostname_cmp(workspace2
, name
) == 1)
1485 /* return digest length, or zero on error */
1486 static int hash_name(char *in
, unsigned char **out
, struct nettle_hash
const *hash
,
1487 unsigned char *salt
, int salt_len
, int iterations
)
1490 unsigned char *digest
;
1493 if (!hash_init(hash
, &ctx
, &digest
))
1496 hash
->update(ctx
, to_wire(in
), (unsigned char *)in
);
1497 hash
->update(ctx
, salt_len
, salt
);
1498 hash
->digest(ctx
, hash
->digest_size
, digest
);
1500 for(i
= 0; i
< iterations
; i
++)
1502 hash
->update(ctx
, hash
->digest_size
, digest
);
1503 hash
->update(ctx
, salt_len
, salt
);
1504 hash
->digest(ctx
, hash
->digest_size
, digest
);
1510 return hash
->digest_size
;
1513 /* Decode base32 to first "." or end of string */
1514 static int base32_decode(char *in
, unsigned char *out
)
1516 int oc
, on
, c
, mask
, i
;
1517 unsigned char *p
= out
;
1519 for (c
= *in
, oc
= 0, on
= 0; c
!= 0 && c
!= '.'; c
= *++in
)
1521 if (c
>= '0' && c
<= '9')
1523 else if (c
>= 'a' && c
<= 'v')
1525 else if (c
>= 'A' && c
<= 'V')
1530 for (mask
= 0x10, i
= 0; i
< 5; i
++)
1535 if (((++on
) & 7) == 0)
1547 static int check_nsec3_coverage(struct dns_header
*header
, size_t plen
, int digest_len
, unsigned char *digest
, int type
,
1548 char *workspace1
, char *workspace2
, unsigned char **nsecs
, int nsec_count
, int *nons
)
1550 int i
, hash_len
, salt_len
, base32_len
, rdlen
;
1551 unsigned char *p
, *psave
;
1553 for (i
= 0; i
< nsec_count
; i
++)
1556 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 0) ||
1557 !(base32_len
= base32_decode(workspace1
, (unsigned char *)workspace2
)))
1560 p
+= 8; /* class, type, TTL */
1563 p
+= 4; /* algo, flags, iterations */
1564 salt_len
= *p
++; /* salt_len */
1565 p
+= salt_len
; /* salt */
1566 hash_len
= *p
++; /* p now points to next hashed name */
1568 if (!CHECK_LEN(header
, p
, plen
, hash_len
))
1571 if (digest_len
== base32_len
&& hash_len
== base32_len
)
1573 int rc
= memcmp(workspace2
, digest
, digest_len
);
1577 /* We found an NSEC3 whose hashed name exactly matches the query, so
1578 we just need to check the type map. p points to the RR data for the record. */
1580 int offset
= (type
& 0xff) >> 3;
1581 int mask
= 0x80 >> (type
& 0x07);
1583 p
+= hash_len
; /* skip next-domain hash */
1586 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1589 /* If we can prove that there's no NS record, return that information. */
1590 if (nons
&& rdlen
>= 2 && p
[0] == 0 && (p
[2] & (0x80 >> T_NS
)) == 0)
1595 if (p
[0] == type
>> 8)
1597 /* Does the NSEC3 say our type exists? */
1598 if (offset
< p
[1] && (p
[offset
+2] & mask
) != 0)
1601 break; /* finshed checking */
1612 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1613 wrap around case, name-hash falls between NSEC3 name-hash and end */
1614 if (memcmp(p
, digest
, digest_len
) > 0 || memcmp(workspace2
, p
, digest_len
) > 0)
1619 /* wrap around case, name falls between start and next domain name */
1620 if (memcmp(workspace2
, p
, digest_len
) > 0 && memcmp(p
, digest
, digest_len
) > 0)
1628 static int prove_non_existence_nsec3(struct dns_header
*header
, size_t plen
, unsigned char **nsecs
, int nsec_count
,
1629 char *workspace1
, char *workspace2
, char *name
, int type
, char *wildname
, int *nons
)
1631 unsigned char *salt
, *p
, *digest
;
1632 int digest_len
, i
, iterations
, salt_len
, base32_len
, algo
= 0;
1633 struct nettle_hash
const *hash
;
1634 char *closest_encloser
, *next_closest
, *wildcard
;
1639 /* Look though the NSEC3 records to find the first one with
1640 an algorithm we support (currently only algo == 1).
1642 Take the algo, iterations, and salt of that record
1643 as the ones we're going to use, and prune any
1644 that don't match. */
1646 for (i
= 0; i
< nsec_count
; i
++)
1648 if (!(p
= skip_name(nsecs
[i
], header
, plen
, 15)))
1649 return STAT_BOGUS
; /* bad packet */
1651 p
+= 10; /* type, class, TTL, rdlen */
1655 break; /* known algo */
1658 /* No usable NSEC3s */
1659 if (i
== nsec_count
)
1663 GETSHORT (iterations
, p
);
1666 if (!CHECK_LEN(header
, salt
, plen
, salt_len
))
1667 return STAT_BOGUS
; /* bad packet */
1669 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1670 for (i
= 0; i
< nsec_count
; i
++)
1672 unsigned char *nsec3p
= nsecs
[i
];
1675 nsecs
[i
] = NULL
; /* Speculative, will be restored if OK. */
1677 if (!(p
= skip_name(nsec3p
, header
, plen
, 15)))
1678 return STAT_BOGUS
; /* bad packet */
1680 p
+= 10; /* type, class, TTL, rdlen */
1687 GETSHORT(this_iter
, p
);
1688 if (this_iter
!= iterations
)
1691 if (salt_len
!= *p
++)
1694 if (!CHECK_LEN(header
, p
, plen
, salt_len
))
1695 return STAT_BOGUS
; /* bad packet */
1697 if (memcmp(p
, salt
, salt_len
) != 0)
1700 /* All match, put the pointer back */
1704 /* Algo is checked as 1 above */
1705 if (!(hash
= hash_find("sha1")))
1708 if ((digest_len
= hash_name(name
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1711 if (check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, nons
))
1714 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1715 or an answer inferred from a wildcard record. */
1716 closest_encloser
= name
;
1717 next_closest
= NULL
;
1721 if (*closest_encloser
== '.')
1724 if (wildname
&& hostname_isequal(closest_encloser
, wildname
))
1727 if ((digest_len
= hash_name(closest_encloser
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1730 for (i
= 0; i
< nsec_count
; i
++)
1733 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 0) ||
1734 !(base32_len
= base32_decode(workspace1
, (unsigned char *)workspace2
)))
1737 if (digest_len
== base32_len
&&
1738 memcmp(digest
, workspace2
, digest_len
) == 0)
1742 if (i
!= nsec_count
)
1745 next_closest
= closest_encloser
;
1747 while ((closest_encloser
= strchr(closest_encloser
, '.')));
1749 if (!closest_encloser
)
1752 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1753 if ((digest_len
= hash_name(next_closest
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1756 if (!check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, NULL
))
1759 /* Finally, check that there's no seat of wildcard synthesis */
1762 if (!(wildcard
= strchr(next_closest
, '.')) || wildcard
== next_closest
)
1768 if ((digest_len
= hash_name(wildcard
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1771 if (!check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, NULL
))
1778 /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1779 /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1780 int dnssec_validate_reply(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
,
1781 int *class, int *neganswer
, int *nons
)
1783 unsigned char *ans_start
, *qname
, *p1
, *p2
, **nsecs
;
1784 int type1
, class1
, rdlen1
, type2
, class2
, rdlen2
, qclass
, qtype
;
1785 int i
, j
, rc
, nsec_count
, cname_count
= CNAME_CHAIN
;
1786 int nsec_type
= 0, have_answer
= 0;
1791 if (RCODE(header
) == SERVFAIL
|| ntohs(header
->qdcount
) != 1)
1794 if (RCODE(header
) != NXDOMAIN
&& RCODE(header
) != NOERROR
)
1795 return STAT_INSECURE
;
1797 qname
= p1
= (unsigned char *)(header
+1);
1799 if (!extract_name(header
, plen
, &p1
, name
, 1, 4))
1802 GETSHORT(qtype
, p1
);
1803 GETSHORT(qclass
, p1
);
1809 /* Can't validate an RRISG query */
1810 if (qtype
== T_RRSIG
)
1811 return STAT_INSECURE
;
1814 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
1816 /* leave pointer to missing name in qname */
1818 if (!(rc
= extract_name(header
, plen
, &p1
, name
, 0, 10)))
1819 return STAT_BOGUS
; /* bad packet */
1821 GETSHORT(type2
, p1
);
1822 GETSHORT(class2
, p1
);
1824 GETSHORT(rdlen2
, p1
);
1826 if (rc
== 1 && qclass
== class2
)
1828 /* Do we have an answer for the question? */
1834 else if (type2
== T_CNAME
)
1839 if (!cname_count
-- || !extract_name(header
, plen
, &p1
, name
, 1, 0))
1847 if (!ADD_RDLEN(header
, p1
, plen
, rdlen2
))
1851 if (neganswer
&& !have_answer
)
1854 /* No data, therefore no sigs */
1855 if (ntohs(header
->ancount
) + ntohs(header
->nscount
) == 0)
1858 for (p1
= ans_start
, i
= 0; i
< ntohs(header
->ancount
) + ntohs(header
->nscount
); i
++)
1860 if (!extract_name(header
, plen
, &p1
, name
, 1, 10))
1861 return STAT_BOGUS
; /* bad packet */
1863 GETSHORT(type1
, p1
);
1864 GETSHORT(class1
, p1
);
1866 GETSHORT(rdlen1
, p1
);
1868 /* Don't try and validate RRSIGs! */
1869 if (type1
!= T_RRSIG
)
1871 /* Check if we've done this RRset already */
1872 for (p2
= ans_start
, j
= 0; j
< i
; j
++)
1874 if (!(rc
= extract_name(header
, plen
, &p2
, name
, 0, 10)))
1875 return STAT_BOGUS
; /* bad packet */
1877 GETSHORT(type2
, p2
);
1878 GETSHORT(class2
, p2
);
1880 GETSHORT(rdlen2
, p2
);
1882 if (type2
== type1
&& class2
== class1
&& rc
== 1)
1883 break; /* Done it before: name, type, class all match. */
1885 if (!ADD_RDLEN(header
, p2
, plen
, rdlen2
))
1889 /* Not done, validate now */
1892 int ttl
, keytag
, algo
, digest
, type_covered
;
1893 unsigned char *psave
;
1895 struct blockdata
*key
;
1898 int have_wildcard
= 0;
1900 rc
= validate_rrset(now
, header
, plen
, class1
, type1
, name
, keyname
, &wildname
, NULL
, 0, 0, 0);
1902 if (rc
== STAT_SECURE_WILDCARD
)
1906 /* An attacker replay a wildcard answer with a different
1907 answer and overlay a genuine RR. To prove this
1908 hasn't happened, the answer must prove that
1909 the gennuine record doesn't exist. Check that here. */
1910 if (!nsec_type
&& !(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, class1
)))
1911 return STAT_BOGUS
; /* No NSECs or bad packet */
1913 if (nsec_type
== T_NSEC
)
1914 rc
= prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, type1
, NULL
);
1916 rc
= prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
,
1917 keyname
, name
, type1
, wildname
, NULL
);
1919 if (rc
!= STAT_SECURE
)
1922 else if (rc
!= STAT_SECURE
)
1925 *class = class1
; /* Class for DS or DNSKEY */
1929 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1930 cache_start_insert();
1932 for (p2
= ans_start
, j
= 0; j
< ntohs(header
->ancount
); j
++)
1934 if (!(rc
= extract_name(header
, plen
, &p2
, name
, 0, 10)))
1935 return STAT_BOGUS
; /* bad packet */
1937 GETSHORT(type2
, p2
);
1938 GETSHORT(class2
, p2
);
1940 GETSHORT(rdlen2
, p2
);
1942 if (!CHECK_LEN(header
, p2
, plen
, rdlen2
))
1943 return STAT_BOGUS
; /* bad packet */
1945 if (class2
== class1
&& rc
== 1)
1949 if (type1
== T_DS
&& type2
== T_DS
)
1952 return STAT_BOGUS
; /* bad packet */
1954 GETSHORT(keytag
, p2
);
1958 /* Cache needs to known class for DNSSEC stuff */
1959 a
.addr
.dnssec
.class = class2
;
1961 if ((key
= blockdata_alloc((char*)p2
, rdlen2
- 4)))
1963 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DS
| F_DNSSECOK
)))
1964 blockdata_free(key
);
1967 a
.addr
.keytag
= keytag
;
1968 log_query(F_NOEXTRA
| F_KEYTAG
| F_UPSTREAM
, name
, &a
, "DS keytag %u");
1969 crecp
->addr
.ds
.digest
= digest
;
1970 crecp
->addr
.ds
.keydata
= key
;
1971 crecp
->addr
.ds
.algo
= algo
;
1972 crecp
->addr
.ds
.keytag
= keytag
;
1973 crecp
->addr
.ds
.keylen
= rdlen2
- 4;
1977 else if (type2
== T_RRSIG
)
1980 return STAT_BOGUS
; /* bad packet */
1982 GETSHORT(type_covered
, p2
);
1984 if (type_covered
== type1
&&
1985 (type_covered
== T_A
|| type_covered
== T_AAAA
||
1986 type_covered
== T_CNAME
|| type_covered
== T_DS
||
1987 type_covered
== T_DNSKEY
|| type_covered
== T_PTR
))
1989 a
.addr
.dnssec
.type
= type_covered
;
1990 a
.addr
.dnssec
.class = class1
;
1993 p2
+= 13; /* labels, orig_ttl, expiration, inception */
1994 GETSHORT(keytag
, p2
);
1996 /* We don't cache sigs for wildcard answers, because to reproduce the
1997 answer from the cache will require one or more NSEC/NSEC3 records
1998 which we don't cache. The lack of the RRSIG ensures that a query for
1999 this RRset asking for a secure answer will always be forwarded. */
2000 if (!have_wildcard
&& (key
= blockdata_alloc((char*)psave
, rdlen2
)))
2002 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DS
)))
2003 blockdata_free(key
);
2006 crecp
->addr
.sig
.keydata
= key
;
2007 crecp
->addr
.sig
.keylen
= rdlen2
;
2008 crecp
->addr
.sig
.keytag
= keytag
;
2009 crecp
->addr
.sig
.type_covered
= type_covered
;
2010 crecp
->addr
.sig
.algo
= algo
;
2019 if (!ADD_RDLEN(header
, p2
, plen
, rdlen2
))
2020 return STAT_BOGUS
; /* bad packet */
2027 if (!ADD_RDLEN(header
, p1
, plen
, rdlen1
))
2031 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
2035 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
2036 /* First marshall the NSEC records, if we've not done it previously */
2037 if (!nsec_type
&& !(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, qclass
)))
2038 return STAT_NO_SIG
; /* No NSECs, this is probably a dangling CNAME pointing into
2039 an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
2041 /* Get name of missing answer */
2042 if (!extract_name(header
, plen
, &qname
, name
, 1, 0))
2045 if (nsec_type
== T_NSEC
)
2046 return prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, qtype
, nons
);
2048 return prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, qtype
, NULL
, nons
);
2051 /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2052 Needed for proving answer in unsigned space.
2055 STAT_INSECURE - name of first non-secure record in name
2057 int dnssec_chase_cname(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
)
2059 unsigned char *p
= (unsigned char *)(header
+1);
2060 int type
, class, qclass
, rdlen
, j
, rc
;
2061 int cname_count
= CNAME_CHAIN
;
2064 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
2068 GETSHORT(qclass
, p
);
2072 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
2074 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
2075 return STAT_BOGUS
; /* bad packet */
2082 /* Not target, loop */
2083 if (rc
== 2 || qclass
!= class)
2085 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2090 /* Got to end of CNAME chain. */
2091 if (type
!= T_CNAME
)
2092 return STAT_INSECURE
;
2094 /* validate CNAME chain, return if insecure or need more data */
2095 rc
= validate_rrset(now
, header
, plen
, class, type
, name
, keyname
, NULL
, NULL
, 0, 0, 0);
2096 if (rc
!= STAT_SECURE
)
2098 if (rc
== STAT_NO_SIG
)
2103 /* Loop down CNAME chain/ */
2104 if (!cname_count
-- ||
2105 !extract_name(header
, plen
, &p
, name
, 1, 0) ||
2106 !(p
= skip_questions(header
, plen
)))
2112 /* End of CNAME chain */
2113 return STAT_INSECURE
;
2118 /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2119 int dnskey_keytag(int alg
, int flags
, unsigned char *key
, int keylen
)
2123 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2124 See RFC4034, Appendix B.1 */
2125 return key
[keylen
-4] * 256 + key
[keylen
-3];
2129 unsigned long ac
= flags
+ 0x300 + alg
;
2132 for (i
= 0; i
< keylen
; ++i
)
2133 ac
+= (i
& 1) ? key
[i
] : key
[i
] << 8;
2135 ac
+= (ac
>> 16) & 0xffff;
2140 size_t dnssec_generate_query(struct dns_header
*header
, char *end
, char *name
, int class, int type
, union mysockaddr
*addr
)
2143 char *types
= querystr("dnssec-query", type
);
2145 if (addr
->sa
.sa_family
== AF_INET
)
2146 log_query(F_NOEXTRA
| F_DNSSEC
| F_IPV4
, name
, (struct all_addr
*)&addr
->in
.sin_addr
, types
);
2149 log_query(F_NOEXTRA
| F_DNSSEC
| F_IPV6
, name
, (struct all_addr
*)&addr
->in6
.sin6_addr
, types
);
2152 header
->qdcount
= htons(1);
2153 header
->ancount
= htons(0);
2154 header
->nscount
= htons(0);
2155 header
->arcount
= htons(0);
2157 header
->hb3
= HB3_RD
;
2158 SET_OPCODE(header
, QUERY
);
2159 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2160 this allows it to select auth servers when one is returning bad data. */
2161 header
->hb4
= option_bool(OPT_DNSSEC_DEBUG
) ? HB4_CD
: 0;
2163 /* ID filled in later */
2165 p
= (unsigned char *)(header
+1);
2167 p
= do_rfc1035_name(p
, name
);
2172 return add_do_bit(header
, p
- (unsigned char *)header
, end
);
2175 /* Go through a domain name, find "pointers" and fix them up based on how many bytes
2176 we've chopped out of the packet, or check they don't point into an elided part. */
2177 static int check_name(unsigned char **namep
, struct dns_header
*header
, size_t plen
, int fixup
, unsigned char **rrs
, int rr_count
)
2179 unsigned char *ansp
= *namep
;
2183 unsigned int label_type
;
2185 if (!CHECK_LEN(header
, ansp
, plen
, 1))
2188 label_type
= (*ansp
) & 0xc0;
2190 if (label_type
== 0xc0)
2192 /* pointer for compression. */
2193 unsigned int offset
;
2197 if (!CHECK_LEN(header
, ansp
, plen
, 2))
2200 offset
= ((*ansp
++) & 0x3f) << 8;
2203 p
= offset
+ (unsigned char *)header
;
2205 for (i
= 0; i
< rr_count
; i
++)
2210 offset
-= rrs
[i
] - rrs
[i
-1];
2212 /* does the pointer end up in an elided RR? */
2216 /* No, scale the pointer */
2220 *ansp
++ = (offset
>> 8) | 0xc0;
2221 *ansp
++ = offset
& 0xff;
2225 else if (label_type
== 0x80)
2226 return 0; /* reserved */
2227 else if (label_type
== 0x40)
2229 /* Extended label type */
2232 if (!CHECK_LEN(header
, ansp
, plen
, 2))
2235 if (((*ansp
++) & 0x3f) != 1)
2236 return 0; /* we only understand bitstrings */
2238 count
= *(ansp
++); /* Bits in bitstring */
2240 if (count
== 0) /* count == 0 means 256 bits */
2243 ansp
+= ((count
-1)>>3)+1;
2246 { /* label type == 0 Bottom six bits is length */
2247 unsigned int len
= (*ansp
++) & 0x3f;
2249 if (!ADD_RDLEN(header
, ansp
, plen
, len
))
2253 break; /* zero length label marks the end. */
2262 /* Go through RRs and check or fixup the domain names contained within */
2263 static int check_rrs(unsigned char *p
, struct dns_header
*header
, size_t plen
, int fixup
, unsigned char **rrs
, int rr_count
)
2265 int i
, type
, class, rdlen
;
2268 for (i
= 0; i
< ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
); i
++)
2272 if (!(p
= skip_name(p
, header
, plen
, 10)))
2280 if (type
!= T_NSEC
&& type
!= T_NSEC3
&& type
!= T_RRSIG
)
2282 /* fixup name of RR */
2283 if (!check_name(&pp
, header
, plen
, fixup
, rrs
, rr_count
))
2290 for (pp
= p
, d
= get_desc(type
); *d
!= (u16
)-1; d
++)
2294 else if (!check_name(&pp
, header
, plen
, fixup
, rrs
, rr_count
))
2300 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2308 size_t filter_rrsigs(struct dns_header
*header
, size_t plen
)
2310 static unsigned char **rrs
;
2311 static int rr_sz
= 0;
2313 unsigned char *p
= (unsigned char *)(header
+1);
2314 int i
, rdlen
, qtype
, qclass
, rr_found
, chop_an
, chop_ns
, chop_ar
;
2316 if (ntohs(header
->qdcount
) != 1 ||
2317 !(p
= skip_name(p
, header
, plen
, 4)))
2321 GETSHORT(qclass
, p
);
2323 /* First pass, find pointers to start and end of all the records we wish to elide:
2324 records added for DNSSEC, unless explicity queried for */
2325 for (rr_found
= 0, chop_ns
= 0, chop_an
= 0, chop_ar
= 0, i
= 0;
2326 i
< ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
);
2329 unsigned char *pstart
= p
;
2332 if (!(p
= skip_name(p
, header
, plen
, 10)))
2340 if ((type
== T_NSEC
|| type
== T_NSEC3
|| type
== T_RRSIG
) &&
2341 (type
!= qtype
|| class != qclass
))
2343 if (!expand_workspace(&rrs
, &rr_sz
, rr_found
+ 1))
2346 rrs
[rr_found
++] = pstart
;
2348 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2351 rrs
[rr_found
++] = p
;
2353 if (i
< ntohs(header
->ancount
))
2355 else if (i
< (ntohs(header
->nscount
) + ntohs(header
->ancount
)))
2360 else if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2364 /* Nothing to do. */
2368 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2369 point to records we're going to elide. This is theoretically possible, but unlikely. If
2370 it happens, we give up and leave the answer unchanged. */
2371 p
= (unsigned char *)(header
+1);
2373 /* question first */
2374 if (!check_name(&p
, header
, plen
, 0, rrs
, rr_found
))
2376 p
+= 4; /* qclass, qtype */
2378 /* Now answers and NS */
2379 if (!check_rrs(p
, header
, plen
, 0, rrs
, rr_found
))
2382 /* Third pass, elide records */
2383 for (p
= rrs
[0], i
= 1; i
< rr_found
; i
+= 2)
2385 unsigned char *start
= rrs
[i
];
2386 unsigned char *end
= (i
!= rr_found
- 1) ? rrs
[i
+1] : ((unsigned char *)(header
+1)) + plen
;
2388 memmove(p
, start
, end
-start
);
2392 plen
= p
- (unsigned char *)header
;
2393 header
->ancount
= htons(ntohs(header
->ancount
) - chop_an
);
2394 header
->nscount
= htons(ntohs(header
->nscount
) - chop_ns
);
2395 header
->arcount
= htons(ntohs(header
->arcount
) - chop_ar
);
2397 /* Fourth pass, fix up pointers in the remaining records */
2398 p
= (unsigned char *)(header
+1);
2400 check_name(&p
, header
, plen
, 1, rrs
, rr_found
);
2401 p
+= 4; /* qclass, qtype */
2403 check_rrs(p
, header
, plen
, 1, rrs
, rr_found
);
2408 unsigned char* hash_questions(struct dns_header
*header
, size_t plen
, char *name
)
2412 unsigned char *p
= (unsigned char *)(header
+1);
2413 const struct nettle_hash
*hash
;
2415 unsigned char *digest
;
2417 if (!(hash
= hash_find("sha1")) || !hash_init(hash
, &ctx
, &digest
))
2420 for (q
= ntohs(header
->qdcount
); q
!= 0; q
--)
2422 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
2423 break; /* bad packet */
2425 len
= to_wire(name
);
2426 hash
->update(ctx
, len
, (unsigned char *)name
);
2427 /* CRC the class and type as well */
2428 hash
->update(ctx
, 4, p
);
2431 if (!CHECK_LEN(header
, p
, plen
, 0))
2432 break; /* bad packet */
2435 hash
->digest(ctx
, hash
->digest_size
, digest
);
2439 #endif /* HAVE_DNSSEC */