]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Check that unsigned replies come from unsigned zones if --dnssec-check-unsigned set.
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
0fc2f313 2 and Copyright (c) 2012-2014 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3
SK		 28#include <nettle/nettle-meta.h>
29#include <gmp.h>
c3e0b9b6 30
e292e93d
GB		 31#define SERIAL_UNDEF -100
32#define SERIAL_EQ 0
33#define SERIAL_LT -1
34#define SERIAL_GT 1
35
86bec2d3
SK		 36/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
37static char *ds_digest_name(int digest)
38{
39 switch (digest)
40 {
41 case 1: return "sha1";
42 case 2: return "sha256";
43 case 3: return "gosthash94";
44 case 4: return "sha384";
45 default: return NULL;
46 }
47}
48
49/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
50static char *algo_digest_name(int algo)
51{
52 switch (algo)
53 {
54 case 1: return "md5";
55 case 3: return "sha1";
56 case 5: return "sha1";
57 case 6: return "sha1";
58 case 7: return "sha1";
59 case 8: return "sha256";
60 case 10: return "sha512";
61 case 12: return "gosthash94";
62 case 13: return "sha256";
63 case 14: return "sha384";
64 default: return NULL;
65 }
66}
67
68/* Find pointer to correct hash function in nettle library */
69static const struct nettle_hash *hash_find(char *name)
70{
71 int i;
72
73 if (!name)
74 return NULL;
75
76 for (i = 0; nettle_hashes[i]; i++)
77 {
78 if (strcmp(nettle_hashes[i]->name, name) == 0)
79 return nettle_hashes[i];
80 }
81
82 return NULL;
83}
84
85/* expand ctx and digest memory allocations if necessary and init hash function */
86static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
87{
88 static void *ctx = NULL;
89 static unsigned char *digest = NULL;
90 static unsigned int ctx_sz = 0;
91 static unsigned int digest_sz = 0;
92
93 void *new;
94
95 if (ctx_sz < hash->context_size)
96 {
97 if (!(new = whine_malloc(hash->context_size)))
98 return 0;
99 if (ctx)
100 free(ctx);
101 ctx = new;
102 ctx_sz = hash->context_size;
103 }
104
105 if (digest_sz < hash->digest_size)
106 {
107 if (!(new = whine_malloc(hash->digest_size)))
108 return 0;
109 if (digest)
110 free(digest);
111 digest = new;
112 digest_sz = hash->digest_size;
113 }
114
115 *ctxp = ctx;
116 *digestp = digest;
117
118 hash->init(ctx);
119
120 return 1;
121}
122
123static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
124 unsigned char *digest, int algo)
125{
126 unsigned char *p;
127 size_t exp_len;
128
129 static struct rsa_public_key *key = NULL;
130 static mpz_t sig_mpz;
131
132 if (key == NULL)
133 {
134 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
135 return 0;
136
137 nettle_rsa_public_key_init(key);
138 mpz_init(sig_mpz);
139 }
140
141 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
142 return 0;
143
144 key_len--;
145 if ((exp_len = *p++) == 0)
146 {
147 GETSHORT(exp_len, p);
148 key_len -= 2;
149 }
150
151 if (exp_len >= key_len)
152 return 0;
153
154 key->size = key_len - exp_len;
155 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
156 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
157
158 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
159
160 switch (algo)
161 {
162 case 1:
163 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
164 case 5: case 7:
165 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
166 case 8:
167 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
168 case 10:
169 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
170 }
171
172 return 0;
173}
174
175static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
176 unsigned char *digest, int algo)
177{
178 unsigned char *p;
179 unsigned int t;
180
181 static struct dsa_public_key *key = NULL;
182 static struct dsa_signature *sig_struct;
183
184 if (key == NULL)
185 {
186 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
187 !(key = whine_malloc(sizeof(struct dsa_public_key))))
188 return 0;
189
190 nettle_dsa_public_key_init(key);
191 nettle_dsa_signature_init(sig_struct);
192 }
193
194 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
195 return 0;
196
197 t = *p++;
198
199 if (key_len < (213 + (t * 24)))
200 return 0;
ebe95a83 201
86bec2d3
SK		 202 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
203 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
204 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
205 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
206
207 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
208 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
209
210 (void)algo;
ebe95a83 211
86bec2d3
SK		 212 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
213}
214
c152dc84
SK		 215#ifndef NO_NETTLE_ECC
216static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
217 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 218 unsigned char *digest, size_t digest_len, int algo)
219{
220 unsigned char *p;
221 unsigned int t;
222 struct ecc_point *key;
223
224 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
225 static mpz_t x, y;
226 static struct dsa_signature *sig_struct;
227
228 if (!sig_struct)
229 {
230 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
231 return 0;
232
233 nettle_dsa_signature_init(sig_struct);
234 mpz_init(x);
235 mpz_init(y);
236 }
237
238 switch (algo)
239 {
240 case 13:
241 if (!key_256)
242 {
243 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
244 return 0;
245
246 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
247 }
248
249 key = key_256;
250 t = 32;
251 break;
252
253 case 14:
254 if (!key_384)
255 {
256 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
257 return 0;
258
259 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
260 }
261
262 key = key_384;
263 t = 48;
264 break;
265
266 default:
267 return 0;
268 }
269
270 if (sig_len != 2*t || key_len != 2*t ||
271 (p = blockdata_retrieve(key_data, key_len, NULL)))
272 return 0;
273
274 mpz_import(x, t , 1, 1, 0, 0, p);
275 mpz_import(y, t , 1, 1, 0, 0, p + t);
276
277 if (!ecc_point_set(key, x, y))
278 return 0;
279
280 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
281 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
282
283 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
284}
c152dc84
SK		 285#endif
286
86bec2d3 287static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 288 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 289{
7b1eae4f
SK		 290 (void)digest_len;
291
86bec2d3
SK		 292 switch (algo)
293 {
294 case 1: case 5: case 7: case 8: case 10:
295 return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
296
297 case 3: case 6:
298 return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 299
300#ifndef NO_NETTLE_ECC
ebe95a83
SK		 301 case 13: case 14:
302 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 303#endif
304 }
86bec2d3
SK		 305
306 return 0;
307}
308
0fc2f313
SK		 309/* Convert from presentation format to wire format, in place.
310 Also map UC -> LC.
311 Note that using extract_name to get presentation format
312 then calling to_wire() removes compression and maps case,
313 thus generating names in canonical form.
314 Calling to_wire followed by from_wire is almost an identity,
315 except that the UC remains mapped to LC.
316*/
317static int to_wire(char *name)
7f0485cf 318{
0fc2f313
SK		 319 unsigned char *l, *p, term;
320 int len;
321
322 for (l = (unsigned char*)name; *l != 0; l = p)
323 {
324 for (p = l; *p != '.' && *p != 0; p++)
325 if (*p >= 'A' && *p <= 'Z')
326 *p = *p - 'A' + 'a';
327
328 term = *p;
329
330 if ((len = p - l) != 0)
331 memmove(l+1, l, len);
332 *l = len;
333
334 p++;
335
336 if (term == 0)
337 *p = 0;
338 }
339
340 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 341}
342
0fc2f313
SK		 343/* Note: no compression allowed in input. */
344static void from_wire(char *name)
13e435eb 345{
0fc2f313
SK		 346 unsigned char *l;
347 int len;
13e435eb 348
0fc2f313 349 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 350 {
0fc2f313
SK		 351 len = *l;
352 memmove(l, l+1, len);
353 l[len] = '.';
13e435eb 354 }
7f0485cf 355
0fc2f313 356 *(l-1) = 0;
13e435eb
GB		 357}
358
5ada8885
SK		 359/* Input in presentation format */
360static int count_labels(char *name)
361{
362 int i;
363
364 if (*name == 0)
365 return 0;
366
367 for (i = 0; *name; name++)
368 if (*name == '.')
369 i++;
370
371 return i+1;
372}
373
5f8e58f4
SK		 374/* Implement RFC1982 wrapped compare for 32-bit numbers */
375static int serial_compare_32(unsigned long s1, unsigned long s2)
376{
377 if (s1 == s2)
378 return SERIAL_EQ;
0ca895f5 379
5f8e58f4
SK		 380 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
381 (s1 > s2 && (s1 - s2) > (1UL<<31)))
382 return SERIAL_LT;
383 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
384 (s1 > s2 && (s1 - s2) < (1UL<<31)))
385 return SERIAL_GT;
386 return SERIAL_UNDEF;
387}
0852d76b 388
5f8e58f4
SK		 389/* Check whether today/now is between date_start and date_end */
390static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 391{
5f8e58f4
SK		 392 unsigned long curtime = time(0);
393
394 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
395 return serial_compare_32(curtime, date_start) == SERIAL_GT
396 && serial_compare_32(curtime, date_end) == SERIAL_LT;
397}
f119ed38 398
5f8e58f4
SK		 399static u16 *get_desc(int type)
400{
401 /* List of RRtypes which include domains in the data.
402 0 -> domain
403 integer -> no of plain bytes
404 -1 -> end
405
406 zero is not a valid RRtype, so the final entry is returned for
407 anything which needs no mangling.
408 */
409
410 static u16 rr_desc[] =
411 {
412 T_NS, 0, -1,
413 T_MD, 0, -1,
414 T_MF, 0, -1,
415 T_CNAME, 0, -1,
416 T_SOA, 0, 0, -1,
417 T_MB, 0, -1,
418 T_MG, 0, -1,
419 T_MR, 0, -1,
420 T_PTR, 0, -1,
421 T_MINFO, 0, 0, -1,
422 T_MX, 2, 0, -1,
423 T_RP, 0, 0, -1,
424 T_AFSDB, 2, 0, -1,
425 T_RT, 2, 0, -1,
426 T_SIG, 18, 0, -1,
427 T_PX, 2, 0, 0, -1,
428 T_NXT, 0, -1,
429 T_KX, 2, 0, -1,
430 T_SRV, 6, 0, -1,
431 T_DNAME, 0, -1,
5f8e58f4
SK		 432 0, -1 /* wildcard/catchall */
433 };
434
435 u16 *p = rr_desc;
436
437 while (*p != type && *p != 0)
438 while (*p++ != (u16)-1);
f119ed38 439
5f8e58f4
SK		 440 return p+1;
441}
0852d76b 442
5f8e58f4
SK		 443/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
444 data, pointed to by *p, should be used raw. */
445static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff,
446 unsigned char **p, u16 **desc)
447{
448 int d = **desc;
449
450 (*desc)++;
451
452 /* No more data needs mangling */
453 if (d == (u16)-1)
454 return 0;
455
456 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
457 /* domain-name, canonicalise */
458 return to_wire(buff);
459 else
460 {
461 /* plain data preceding a domain-name, don't run off the end of the data */
462 if ((end - *p) < d)
463 d = end - *p;
464
465 if (d != 0)
466 {
467 memcpy(buff, *p, d);
468 *p += d;
469 }
470
471 return d;
472 }
0852d76b
GB		 473}
474
613ad15d
SK		 475static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
476{
477 unsigned char **p;
478 int new_sz = *sz;
479
480 if (new_sz > new)
481 return 1;
482
483 if (new >= 100)
484 return 0;
485
486 new_sz += 5;
487
488 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
489 return 0;
490
491 if (*wkspc)
492 {
493 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
494 free(*wkspc);
495 }
496
497 *wkspc = p;
498 *sz = new_sz;
00a5b5d4
SK		 499
500 return 1;
613ad15d
SK		 501}
502
5f8e58f4
SK		 503/* Bubble sort the RRset into the canonical order.
504 Note that the byte-streams from two RRs may get unsynced: consider
505 RRs which have two domain-names at the start and then other data.
506 The domain-names may have different lengths in each RR, but sort equal
507
508 ------------
509 |abcde|fghi|
510 ------------
511 |abcd|efghi|
512 ------------
513
514 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
515*/
516
517static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
518 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 519{
5f8e58f4 520 int swap, quit, i;
0fc2f313 521
5f8e58f4
SK		 522 do
523 {
524 for (swap = 0, i = 0; i < rrsetidx-1; i++)
525 {
526 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
527 u16 *dp1, *dp2;
528 unsigned char *end1, *end2;
5107ace1
SK		 529 /* Note that these have been determined to be OK previously,
530 so we don't need to check for NULL return here. */
5f8e58f4
SK		 531 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
532 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
533
534 p1 += 8; /* skip class, type, ttl */
535 GETSHORT(rdlen1, p1);
536 end1 = p1 + rdlen1;
537
538 p2 += 8; /* skip class, type, ttl */
539 GETSHORT(rdlen2, p2);
540 end2 = p2 + rdlen2;
541
542 dp1 = dp2 = rr_desc;
543
1486a9c7 544 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 545 {
1486a9c7
SK		 546 if (left1 != 0)
547 memmove(buff1, buff1 + len1 - left1, left1);
548
5f8e58f4
SK		 549 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
550 {
551 quit = 1;
552 len1 = end1 - p1;
553 memcpy(buff1 + left1, p1, len1);
554 }
555 len1 += left1;
556
1486a9c7
SK		 557 if (left2 != 0)
558 memmove(buff2, buff2 + len2 - left2, left2);
559
5f8e58f4
SK		 560 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
561 {
562 quit = 1;
563 len2 = end2 - p2;
564 memcpy(buff2 + left2, p2, len2);
565 }
566 len2 += left2;
567
568 if (len1 > len2)
1486a9c7 569 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 570 else
1486a9c7 571 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 572
6fd6dacb 573 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 574
4619d946 575 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 576 {
577 unsigned char *tmp = rrset[i+1];
578 rrset[i+1] = rrset[i];
579 rrset[i] = tmp;
580 swap = quit = 1;
581 }
6fd6dacb
SK		 582 else if (rc < 0)
583 quit = 1;
5f8e58f4
SK		 584 }
585 }
586 } while (swap);
587}
c3e0b9b6 588
5f8e58f4
SK		 589/* Validate a single RRset (class, type, name) in the supplied DNS reply
590 Return code:
591 STAT_SECURE if it validates.
5107ace1 592 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
00a5b5d4 593 STAT_NO_SIG no RRsigs found.
5f8e58f4
SK		 594 STAT_INSECURE can't validate (no RRSIG, bad packet).
595 STAT_BOGUS signature is wrong.
596 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
597
598 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
599 otherwise find the key in the cache.
5107ace1
SK		 600
601 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4
SK		 602*/
603static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class,
e7829aef 604 int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 605{
606 static unsigned char **rrset = NULL, **sigs = NULL;
607 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 608
5f8e58f4 609 unsigned char *p;
5ada8885 610 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 611 struct crec *crecp = NULL;
612 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
613 u16 *rr_desc = get_desc(type);
c3e0b9b6 614
5f8e58f4
SK		 615 if (!(p = skip_questions(header, plen)))
616 return STAT_INSECURE;
c3e0b9b6 617
5ada8885
SK		 618 name_labels = count_labels(name); /* For 4035 5.3.2 check */
619
620 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 621 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
622 j != 0; j--)
623 {
624 unsigned char *pstart, *pdata;
b98d22c1 625 int stype, sclass;
c3e0b9b6 626
5f8e58f4
SK		 627 pstart = p;
628
629 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
630 return STAT_INSECURE; /* bad packet */
631
632 GETSHORT(stype, p);
633 GETSHORT(sclass, p);
b98d22c1 634 p += 4; /* TTL */
5f8e58f4
SK		 635
636 pdata = p;
c3e0b9b6 637
5f8e58f4
SK		 638 GETSHORT(rdlen, p);
639
e7829aef
SK		 640 if (!CHECK_LEN(header, p, plen, rdlen))
641 return STAT_INSECURE;
642
5f8e58f4
SK		 643 if (res == 1 && sclass == class)
644 {
645 if (stype == type)
646 {
613ad15d
SK		 647 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
648 return STAT_INSECURE;
649
5f8e58f4
SK		 650 rrset[rrsetidx++] = pstart;
651 }
652
653 if (stype == T_RRSIG)
654 {
613ad15d
SK		 655 if (rdlen < 18)
656 return STAT_INSECURE; /* bad packet */
657
658 GETSHORT(type_covered, p);
659
660 if (type_covered == type)
661 {
662 if (!expand_workspace(&sigs, &sig_sz, sigidx))
663 return STAT_INSECURE;
664
665 sigs[sigidx++] = pdata;
666 }
667
668 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 669 }
670 }
613ad15d 671
5f8e58f4
SK		 672 if (!ADD_RDLEN(header, p, plen, rdlen))
673 return STAT_INSECURE;
674 }
c3e0b9b6 675
00a5b5d4
SK		 676 /* RRset empty */
677 if (rrsetidx == 0)
5f8e58f4 678 return STAT_INSECURE;
00a5b5d4
SK		 679
680 /* no RRSIGs */
681 if (sigidx == 0)
682 return STAT_NO_SIG;
5f8e58f4
SK		 683
684 /* Sort RRset records into canonical order.
d387380a 685 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 686 unused, and used as workspace by the sort. */
d387380a 687 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 688
689 /* Now try all the sigs to try and find one which validates */
690 for (j = 0; j <sigidx; j++)
691 {
d387380a 692 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 693 int i, wire_len, sig_len;
694 const struct nettle_hash *hash;
695 void *ctx;
d387380a 696 char *name_start;
5f8e58f4
SK		 697 u32 nsigttl;
698
699 p = sigs[j];
5ada8885 700 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 701 psav = p;
702
5ada8885 703 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 704 algo = *p++;
705 labels = *p++;
706 GETLONG(orig_ttl, p);
e7829aef
SK		 707 GETLONG(sig_expiration, p);
708 GETLONG(sig_inception, p);
5f8e58f4
SK		 709 GETSHORT(key_tag, p);
710
5f8e58f4
SK		 711 if (!extract_name(header, plen, &p, keyname, 1, 0))
712 return STAT_INSECURE;
d387380a
SK		 713
714 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
715 the name of the zone containing the RRset. We can't tell that
716 for certain, but we can check that the RRset name is equal to
717 or encloses the signers name, which should be enough to stop
718 an attacker using signatures made with the key of an unrelated
719 zone he controls. Note that the root key is always allowed. */
720 if (*keyname != 0)
721 {
722 int failed = 0;
723
724 for (name_start = name; !hostname_isequal(name_start, keyname); )
725 if ((name_start = strchr(name_start, '.')))
726 name_start++; /* chop a label off and try again */
727 else
728 {
729 failed = 1;
730 break;
731 }
732
733 /* Bad sig, try another */
734 if (failed)
735 continue;
736 }
5f8e58f4 737
d387380a 738 /* Other 5.3.1 checks */
e7829aef
SK		 739 if (!check_date_range(sig_inception, sig_expiration) ||
740 labels > name_labels ||
741 !(hash = hash_find(algo_digest_name(algo))) ||
742 !hash_init(hash, &ctx, &digest))
743 continue;
744
5f8e58f4
SK		 745 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
746 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
747 return STAT_NEED_KEY;
748
86bec2d3
SK		 749 sig = p;
750 sig_len = rdlen - (p - psav);
e7829aef 751
5f8e58f4
SK		 752 nsigttl = htonl(orig_ttl);
753
86bec2d3 754 hash->update(ctx, 18, psav);
5f8e58f4 755 wire_len = to_wire(keyname);
86bec2d3 756 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 757 from_wire(keyname);
758
5f8e58f4
SK		 759 for (i = 0; i < rrsetidx; ++i)
760 {
761 int seg;
762 unsigned char *end, *cp;
763 u16 len, *dp;
d387380a 764
5f8e58f4
SK		 765 p = rrset[i];
766 if (!extract_name(header, plen, &p, name, 1, 10))
767 return STAT_INSECURE;
5ada8885 768
d387380a
SK		 769 name_start = name;
770
5ada8885
SK		 771 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
772 if (labels < name_labels)
773 {
774 int k;
775 for (k = name_labels - labels; k != 0; k--)
776 while (*name_start != '.' && *name_start != 0)
777 name_start++;
778 name_start--;
779 *name_start = '*';
780 }
781
782 wire_len = to_wire(name_start);
86bec2d3
SK		 783 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
784 hash->update(ctx, 4, p); /* class and type */
785 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 786
787 p += 8; /* skip class, type, ttl */
788 GETSHORT(rdlen, p);
5ada8885
SK		 789 if (!CHECK_LEN(header, p, plen, rdlen))
790 return STAT_INSECURE;
791
5f8e58f4
SK		 792 end = p + rdlen;
793
794 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
795 cp = p;
796 dp = rr_desc;
797 for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
798 len += end - cp;
799 len = htons(len);
86bec2d3 800 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 801
802 /* Now canonicalise again and digest. */
803 cp = p;
804 dp = rr_desc;
805 while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
86bec2d3 806 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 807 if (cp != end)
86bec2d3 808 hash->update(ctx, end - cp, cp);
5f8e58f4 809 }
86bec2d3
SK		 810
811 hash->digest(ctx, hash->digest_size, digest);
812
5ada8885
SK		 813 /* namebuff used for workspace above, restore to leave unchanged on exit */
814 p = (unsigned char*)(rrset[0]);
815 extract_name(header, plen, &p, name, 1, 0);
816
5f8e58f4
SK		 817 if (key)
818 {
819 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 820 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 821 return STAT_SECURE;
822 }
823 else
824 {
825 /* iterate through all possible keys 4035 5.3.1 */
826 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 827 if (crecp->addr.key.algo == algo &&
828 crecp->addr.key.keytag == key_tag &&
824202ef 829 crecp->uid == class &&
ebe95a83 830 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 831 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 832 }
833 }
834
835 return STAT_BOGUS;
836}
837
0fc2f313 838/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 839 Put all DNSKEYs in the answer which are valid into the cache.
840 return codes:
841 STAT_INSECURE bad packet, no DNSKEYs in reply.
842 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313
SK		 843 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
844 or self-sign for DNSKEY RRset is not valid.
845 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 846*/
847int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
848{
0fc2f313 849 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 850 struct crec *crecp, *recp1;
8d718cbb 851 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 852 struct blockdata *key;
51ea3ca2 853 struct all_addr a;
c3e0b9b6 854
5f8e58f4
SK		 855 if (ntohs(header->qdcount) != 1 ||
856 !extract_name(header, plen, &p, name, 1, 4))
8d718cbb 857 return STAT_INSECURE;
5f8e58f4 858
c3e0b9b6
SK		 859 GETSHORT(qtype, p);
860 GETSHORT(qclass, p);
861
0fc2f313 862 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 863 return STAT_BOGUS;
c3e0b9b6 864
b8eac191 865 /* See if we have cached a DS record which validates this key */
0fc2f313
SK		 866 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
867 {
868 strcpy(keyname, name);
869 return STAT_NEED_DS;
870 }
b8eac191
SK		 871
872 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
873 if (crecp->flags & F_NEG)
874 return STAT_INSECURE;
875
0fc2f313 876 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 877 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 878 {
879 /* Ensure we have type, class TTL and length */
0fc2f313 880 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
c3e0b9b6
SK		 881 return STAT_INSECURE; /* bad packet */
882
883 GETSHORT(qtype, p);
884 GETSHORT(qclass, p);
885 GETLONG(ttl, p);
886 GETSHORT(rdlen, p);
6f468103 887
0fc2f313
SK		 888 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
889 return STAT_INSECURE; /* bad packet */
890
6f468103
SK		 891 if (qclass != class || qtype != T_DNSKEY || rc == 2)
892 {
893 p += rdlen;
894 continue;
895 }
896
0fc2f313 897 psave = p;
c3e0b9b6 898
c3e0b9b6 899 GETSHORT(flags, p);
0fc2f313 900 if (*p++ != 3)
f01d7be6 901 return STAT_BOGUS;
c3e0b9b6 902 algo = *p++;
0fc2f313 903 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 904 key = NULL;
c3e0b9b6 905
e7829aef
SK		 906 /* key must have zone key flag set */
907 if (flags & 0x100)
908 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 909
0fc2f313 910 p = psave;
e7829aef 911
0fc2f313 912 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 913 {
914 if (key)
915 blockdata_free(key);
916 return STAT_INSECURE; /* bad packet */
917 }
918
e7829aef
SK		 919 /* No zone key flag or malloc failure */
920 if (!key)
0fc2f313
SK		 921 continue;
922
923 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 924 {
925 void *ctx;
926 unsigned char *digest, *ds_digest;
927 const struct nettle_hash *hash;
928
51ea3ca2
SK		 929 if (recp1->addr.ds.algo == algo &&
930 recp1->addr.ds.keytag == keytag &&
824202ef 931 recp1->uid == class &&
51ea3ca2 932 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 933 hash_init(hash, &ctx, &digest))
0fc2f313 934
86bec2d3
SK		 935 {
936 int wire_len = to_wire(name);
937
938 /* Note that digest may be different between DSs, so
939 we can't move this outside the loop. */
940 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
941 hash->update(ctx, (unsigned int)rdlen, psave);
942 hash->digest(ctx, hash->digest_size, digest);
943
944 from_wire(name);
945
824202ef
SK		 946 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
947 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
948 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
f6a2b793 949 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 950 {
86bec2d3 951 valid = 1;
86bec2d3
SK		 952 break;
953 }
954 }
955 }
e7829aef 956 blockdata_free(key);
c3e0b9b6 957 }
c3e0b9b6 958
0fc2f313
SK		 959 if (valid)
960 {
8d718cbb 961 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 962 cache_start_insert();
963
964 p = skip_questions(header, plen);
965
966 for (j = ntohs(header->ancount); j != 0; j--)
967 {
968 /* Ensure we have type, class TTL and length */
969 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
970 return STAT_INSECURE; /* bad packet */
971
972 GETSHORT(qtype, p);
973 GETSHORT(qclass, p);
974 GETLONG(ttl, p);
975 GETSHORT(rdlen, p);
8d718cbb
SK		 976
977 if (!CHECK_LEN(header, p, plen, rdlen))
e7829aef 978 return STAT_INSECURE; /* bad packet */
e7829aef 979
8d718cbb 980 if (qclass == class && rc == 1)
e7829aef 981 {
8d718cbb 982 psave = p;
e7829aef 983
8d718cbb
SK		 984 if (qtype == T_DNSKEY)
985 {
986 if (rdlen < 4)
987 return STAT_INSECURE; /* bad packet */
988
989 GETSHORT(flags, p);
990 if (*p++ != 3)
f01d7be6 991 return STAT_BOGUS;
8d718cbb
SK		 992 algo = *p++;
993 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
994
995 /* Cache needs to known class for DNSSEC stuff */
996 a.addr.dnssec.class = class;
997
998 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
999 {
1000 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1001 blockdata_free(key);
1002 else
1003 {
1004 a.addr.keytag = keytag;
1005 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1006
1007 recp1->addr.key.keylen = rdlen - 4;
1008 recp1->addr.key.keydata = key;
1009 recp1->addr.key.algo = algo;
1010 recp1->addr.key.keytag = keytag;
1011 recp1->addr.key.flags = flags;
8d718cbb
SK		 1012 }
1013 }
1014 }
1015 else if (qtype == T_RRSIG)
1016 {
1017 /* RRSIG, cache if covers DNSKEY RRset */
1018 if (rdlen < 18)
1019 return STAT_INSECURE; /* bad packet */
1020
1021 GETSHORT(type_covered, p);
1022
1023 if (type_covered == T_DNSKEY)
1024 {
1025 a.addr.dnssec.class = class;
1026 a.addr.dnssec.type = type_covered;
1027
1028 algo = *p++;
1029 p += 13; /* labels, orig_ttl, expiration, inception */
1030 GETSHORT(keytag, p);
1031 if ((key = blockdata_alloc((char*)psave, rdlen)))
1032 {
1033 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1034 blockdata_free(key);
1035 else
1036 {
8d718cbb
SK		 1037 crecp->addr.sig.keydata = key;
1038 crecp->addr.sig.keylen = rdlen;
1039 crecp->addr.sig.keytag = keytag;
1040 crecp->addr.sig.type_covered = type_covered;
1041 crecp->addr.sig.algo = algo;
1042 }
1043 }
1044 }
1045 }
e7829aef 1046
8d718cbb 1047 p = psave;
e7829aef 1048 }
8d718cbb 1049
e7829aef
SK		 1050 if (!ADD_RDLEN(header, p, plen, rdlen))
1051 return STAT_INSECURE; /* bad packet */
1052 }
1053
0fc2f313
SK		 1054 /* commit cache insert. */
1055 cache_end_insert();
1056 return STAT_SECURE;
1057 }
1058
1059 log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1060 return STAT_BOGUS;
c3e0b9b6 1061}
0fc2f313 1062
c3e0b9b6
SK		 1063/* The DNS packet is expected to contain the answer to a DS query
1064 Put all DSs in the answer which are valid into the cache.
1065 return codes:
b8eac191 1066 STAT_INSECURE bad packet, no DS in reply, proven no DS in reply.
c3e0b9b6 1067 STAT_SECURE At least one valid DS found and in cache.
00a5b5d4 1068 STAT_NO_DS It's proved there's no DS here.
c3e0b9b6
SK		 1069 STAT_BOGUS At least one DS found, which fails validation.
1070 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1071*/
1072
1073int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1074{
51ea3ca2 1075 unsigned char *p = (unsigned char *)(header+1);
00a5b5d4 1076 int qtype, qclass, val, i, neganswer;
c3e0b9b6 1077
5f8e58f4 1078 if (ntohs(header->qdcount) != 1 ||
b8eac191 1079 !(p = skip_name(p, header, plen, 4)))
8d718cbb
SK		 1080 return STAT_INSECURE;
1081
c3e0b9b6
SK		 1082 GETSHORT(qtype, p);
1083 GETSHORT(qclass, p);
1084
b47b04c8
SK		 1085 if (qtype != T_DS || qclass != class)
1086 val = STAT_BOGUS;
1087 else
00a5b5d4
SK		 1088 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer);
1089
1090 if (val == STAT_NO_SIG)
1091 val = STAT_INSECURE;
51ea3ca2 1092
b8eac191
SK		 1093 p = (unsigned char *)(header+1);
1094 extract_name(header, plen, &p, name, 1, 4);
1095 p += 4; /* qtype, qclass */
1096
00a5b5d4
SK		 1097 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1098 return STAT_INSECURE;
1099
0fc2f313 1100 if (val == STAT_BOGUS)
b8eac191 1101 log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
b47b04c8 1102
00a5b5d4 1103 if ((val == STAT_SECURE || val == STAT_INSECURE) && neganswer)
b8eac191 1104 {
00a5b5d4 1105 int rdlen, flags = F_FORWARD | F_DS | F_NEG ;
b8eac191
SK		 1106 unsigned long ttl, minttl = ULONG_MAX;
1107 struct all_addr a;
00a5b5d4
SK		 1108
1109 if (RCODE(header) == NXDOMAIN)
1110 flags |= F_NXDOMAIN;
1111
1112 if (val == STAT_SECURE)
1113 flags |= F_DNSSECOK;
b8eac191
SK		 1114
1115 for (i = ntohs(header->nscount); i != 0; i--)
1116 {
00a5b5d4 1117 if (!(p = skip_name(p, header, plen, 0)))
b8eac191
SK		 1118 return STAT_INSECURE;
1119
1120 GETSHORT(qtype, p);
1121 GETSHORT(qclass, p);
1122 GETLONG(ttl, p);
1123 GETSHORT(rdlen, p);
1124
00a5b5d4 1125 if (!CHECK_LEN(header, p, plen, rdlen))
b8eac191 1126 return STAT_INSECURE; /* bad packet */
00a5b5d4
SK		 1127
1128 if (qclass != class || qtype != T_SOA)
b8eac191
SK		 1129 {
1130 p += rdlen;
1131 continue;
1132 }
1133
1134 if (ttl < minttl)
1135 minttl = ttl;
1136
1137 /* MNAME */
1138 if (!(p = skip_name(p, header, plen, 0)))
1139 return STAT_INSECURE;
1140 /* RNAME */
1141 if (!(p = skip_name(p, header, plen, 20)))
1142 return STAT_INSECURE;
1143 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1144
1145 GETLONG(ttl, p); /* minTTL */
1146 if (ttl < minttl)
1147 minttl = ttl;
00a5b5d4
SK		 1148
1149 break;
b8eac191
SK		 1150 }
1151
00a5b5d4
SK		 1152 if (i != 0)
1153 {
1154 cache_start_insert();
1155
1156 a.addr.dnssec.class = class;
1157 cache_insert(name, &a, now, ttl, flags);
1158
1159 cache_end_insert();
1160 }
b8eac191 1161
00a5b5d4 1162 return (val == STAT_SECURE) ? STAT_NO_DS : STAT_INSECURE;
b8eac191
SK		 1163 }
1164
51ea3ca2 1165 return val;
c3e0b9b6
SK		 1166}
1167
c5f4ec7d
SK		 1168/* 4034 6.1 */
1169static int hostname_cmp(const char *a, const char *b)
1170{
dbf72123
SK		 1171 char *sa, *ea, *ca, *sb, *eb, *cb;
1172 unsigned char ac, bc;
1173
1174 sa = ea = (char *)a + strlen(a);
1175 sb = eb = (char *)b + strlen(b);
1176
c5f4ec7d
SK		 1177 while (1)
1178 {
dbf72123
SK		 1179 while (sa != a && *(sa-1) != '.')
1180 sa--;
c5f4ec7d 1181
dbf72123
SK		 1182 while (sb != b && *(sb-1) != '.')
1183 sb--;
1184
1185 ca = sa;
1186 cb = sb;
1187
1188 while (1)
1189 {
1190 if (ca == ea)
1191 {
1192 if (cb == eb)
1193 break;
1194
1195 return -1;
1196 }
c5f4ec7d 1197
dbf72123
SK		 1198 if (cb == eb)
1199 return 1;
1200
1201 ac = (unsigned char) *ca++;
1202 bc = (unsigned char) *cb++;
1203
1204 if (ac >= 'A' && ac <= 'Z')
1205 ac += 'a' - 'A';
1206 if (bc >= 'A' && bc <= 'Z')
1207 bc += 'a' - 'A';
1208
979cdf9b 1209 if (ac < bc)
dbf72123
SK		 1210 return -1;
1211 else if (ac != bc)
1212 return 1;
1213 }
c5f4ec7d 1214
dbf72123
SK		 1215
1216 if (sa == a)
c5f4ec7d 1217 {
dbf72123
SK		 1218 if (sb == b)
1219 return 0;
c5f4ec7d 1220
dbf72123 1221 return -1;
c5f4ec7d
SK		 1222 }
1223
dbf72123
SK		 1224 if (sb == b)
1225 return 1;
c5f4ec7d 1226
dbf72123
SK		 1227 ea = sa--;
1228 eb = sb--;
c5f4ec7d
SK		 1229 }
1230}
1231
5107ace1
SK		 1232/* Find all the NSEC or NSEC3 records in a reply.
1233 return an array of pointers to them. */
1234static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1235{
1236 static unsigned char **nsecset = NULL;
1237 static int nsecset_sz = 0;
1238
1239 int type_found = -1;
1240 unsigned char *p = skip_questions(header, plen);
1241 int type, class, rdlen, i, nsecs_found;
1242
1243 /* Move to NS section */
1244 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1245 return 0;
1246
1247 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1248 {
1249 unsigned char *pstart = p;
1250
1251 if (!(p = skip_name(p, header, plen, 10)))
1252 return 0;
1253
1254 GETSHORT(type, p);
1255 GETSHORT(class, p);
1256 p += 4; /* TTL */
1257 GETSHORT(rdlen, p);
1258
1259 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1260 {
1261 /* No mixed NSECing 'round here, thankyouverymuch */
1262 if (type_found == T_NSEC && type == T_NSEC3)
1263 return 0;
1264 if (type_found == T_NSEC3 && type == T_NSEC)
1265 return 0;
1266
1267 type_found = type;
1268
613ad15d
SK		 1269 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1270 return 0;
1271
5107ace1
SK		 1272 nsecset[nsecs_found++] = pstart;
1273 }
613ad15d 1274
5107ace1
SK		 1275 if (!ADD_RDLEN(header, p, plen, rdlen))
1276 return 0;
1277 }
1278
1279 *nsecsetp = nsecset;
1280 *nsecsetl = nsecs_found;
1281
1282 return type_found;
1283}
1284
24187530 1285static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1286 char *workspace1, char *workspace2, char *name, int type)
1287{
1288 int i, rc, rdlen;
1289 unsigned char *p, *psave;
1290 int offset = (type & 0xff) >> 3;
1291 int mask = 0x80 >> (type & 0x07);
1292
1293 /* Find NSEC record that proves name doesn't exist */
1294 for (i = 0; i < nsec_count; i++)
1295 {
1296 p = nsecs[i];
1297 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1298 return STAT_INSECURE;
1299 p += 8; /* class, type, TTL */
1300 GETSHORT(rdlen, p);
1301 psave = p;
1302 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1303 return STAT_INSECURE;
1304
1305 rc = hostname_cmp(workspace1, name);
1306
1307 if (rc == 0)
1308 {
f01d7be6
SK		 1309 /* 4035 para 5.4. Last sentence */
1310 if (type == T_NSEC || type == T_RRSIG)
1311 return STAT_SECURE;
1312
5107ace1
SK		 1313 /* NSEC with the same name as the RR we're testing, check
1314 that the type in question doesn't appear in the type map */
1315 rdlen -= p - psave;
1316 /* rdlen is now length of type map, and p points to it */
1317
1318 while (rdlen >= 2)
1319 {
1320 if (!CHECK_LEN(header, p, plen, rdlen))
1321 return STAT_INSECURE;
1322
1323 if (p[0] == type >> 8)
1324 {
1325 /* Does the NSEC say our type exists? */
a857daa3 1326 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1327 return STAT_BOGUS;
1328
1329 break; /* finshed checking */
1330 }
1331
1332 rdlen -= p[1];
1333 p += p[1];
1334 }
1335
1336 return STAT_SECURE;
1337 }
1338 else if (rc == -1)
1339 {
1340 /* Normal case, name falls between NSEC name and next domain name,
1341 wrap around case, name falls between NSEC name (rc == -1) and end */
1342 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1343 return STAT_SECURE;
1344 }
1345 else
1346 {
1347 /* wrap around case, name falls between start and next domain name */
1348 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1349 return STAT_SECURE;
1350 }
1351 }
1352
1353 return STAT_BOGUS;
1354}
1355
1356/* return digest length, or zero on error */
1357static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1358 unsigned char *salt, int salt_len, int iterations)
1359{
1360 void *ctx;
1361 unsigned char *digest;
1362 int i;
1363
1364 if (!hash_init(hash, &ctx, &digest))
1365 return 0;
1366
1367 hash->update(ctx, to_wire(in), (unsigned char *)in);
1368 hash->update(ctx, salt_len, salt);
1369 hash->digest(ctx, hash->digest_size, digest);
1370
1371 for(i = 0; i < iterations; i++)
1372 {
1373 hash->update(ctx, hash->digest_size, digest);
1374 hash->update(ctx, salt_len, salt);
1375 hash->digest(ctx, hash->digest_size, digest);
1376 }
1377
1378 from_wire(in);
1379
1380 *out = digest;
1381 return hash->digest_size;
1382}
1383
1384/* Decode base32 to first "." or end of string */
1385static int base32_decode(char *in, unsigned char *out)
1386{
a857daa3 1387 int oc, on, c, mask, i;
5107ace1
SK		 1388 unsigned char *p = out;
1389
a857daa3 1390 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
5107ace1 1391 {
5107ace1
SK		 1392 if (c >= '0' && c <= '9')
1393 c -= '0';
1394 else if (c >= 'a' && c <= 'v')
1395 c -= 'a', c += 10;
1396 else if (c >= 'A' && c <= 'V')
1397 c -= 'A', c += 10;
1398 else
1399 return 0;
1400
1401 for (mask = 0x10, i = 0; i < 5; i++)
1402 {
a857daa3
SK		 1403 if (c & mask)
1404 oc |= 1;
1405 mask = mask >> 1;
1406 if (((++on) & 7) == 0)
1407 *p++ = oc;
1408 oc = oc << 1;
5107ace1
SK		 1409 }
1410 }
1411
1412 if ((on & 7) != 0)
1413 return 0;
1414
1415 return p - out;
1416}
1417
24187530 1418static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1419 char *workspace1, char *workspace2, char *name, int type)
1420{
a857daa3
SK		 1421 unsigned char *salt, *p, *digest;
1422 int digest_len, i, iterations, salt_len, hash_len, base32_len, algo = 0;
5107ace1
SK		 1423 struct nettle_hash const *hash;
1424 char *closest_encloser, *next_closest, *wildcard;
1425
1426 /* Look though the NSEC3 records to find the first one with
1427 an algorithm we support (currently only algo == 1).
1428
1429 Take the algo, iterations, and salt of that record
1430 as the ones we're going to use, and prune any
1431 that don't match. */
1432
1433 for (i = 0; i < nsec_count; i++)
1434 {
1435 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1436 return STAT_INSECURE; /* bad packet */
1437
1438 p += 10; /* type, class, TTL, rdlen */
1439 algo = *p++;
1440
1441 if (algo == 1)
1442 break; /* known algo */
1443 }
1444
1445 /* No usable NSEC3s */
1446 if (i == nsec_count)
1447 return STAT_BOGUS;
1448
1449 p++; /* flags */
1450 GETSHORT (iterations, p);
1451 salt_len = *p++;
1452 salt = p;
1453 if (!CHECK_LEN(header, salt, plen, salt_len))
1454 return STAT_INSECURE; /* bad packet */
1455
1456 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1457 for (i = 0; i < nsec_count; i++)
1458 {
1459 unsigned char *nsec3p = nsecs[i];
1460 int this_iter;
1461
1462 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1463
1464 if (!(p = skip_name(nsec3p, header, plen, 15)))
1465 return STAT_INSECURE; /* bad packet */
1466
1467 p += 10; /* type, class, TTL, rdlen */
1468
1469 if (*p++ != algo)
1470 continue;
1471
1472 p++; /* flags */
1473
a857daa3 1474 GETSHORT(this_iter, p);
5107ace1
SK		 1475 if (this_iter != iterations)
1476 continue;
1477
1478 if (salt_len != *p++)
1479 continue;
1480
1481 if (!CHECK_LEN(header, p, plen, salt_len))
1482 return STAT_INSECURE; /* bad packet */
1483
1484 if (memcmp(p, salt, salt_len) != 0)
1485 continue;
1486
1487 /* All match, put the pointer back */
1488 nsecs[i] = nsec3p;
1489 }
1490
1491 /* Algo is checked as 1 above */
1492 if (!(hash = hash_find("sha1")))
1493 return STAT_INSECURE;
1494
1495 /* Now, we need the "closest encloser NSEC3" */
1496 closest_encloser = name;
1497 next_closest = NULL;
1498
1499 do
1500 {
1501 if (*closest_encloser == '.')
1502 closest_encloser++;
c5f4ec7d 1503
a857daa3 1504 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1505 return STAT_INSECURE;
1506
1507 for (i = 0; i < nsec_count; i++)
1508 if ((p = nsecs[i]))
1509 {
5107ace1 1510 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1511 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1512 return STAT_INSECURE;
1513
a857daa3
SK		 1514 if (digest_len == base32_len &&
1515 memcmp(digest, workspace2, digest_len) == 0)
5107ace1
SK		 1516 break; /* Gotit */
1517 }
1518
1519 if (i != nsec_count)
1520 break;
1521
1522 next_closest = closest_encloser;
1523 }
1524 while ((closest_encloser = strchr(closest_encloser, '.')));
1525
1526 /* No usable NSEC3s */
1527 if (i == nsec_count)
1528 return STAT_BOGUS;
1529
1530 if (!next_closest)
1531 {
1532 /* We found an NSEC3 whose hashed name exactly matches the query, so
1533 Now we just need to check the type map. p points to the RR data for the record. */
a857daa3 1534 int rdlen;
5107ace1
SK		 1535 unsigned char *psave;
1536 int offset = (type & 0xff) >> 3;
1537 int mask = 0x80 >> (type & 0x07);
1538
1539 p += 8; /* class, type, TTL */
1540 GETSHORT(rdlen, p);
1541 psave = p;
1542 p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */
1543 hash_len = *p++;
1544 if (!CHECK_LEN(header, p, plen, hash_len))
1545 return STAT_INSECURE; /* bad packet */
1546 p += hash_len;
1547 rdlen -= p - psave;
1548
1549 while (rdlen >= 2)
1550 {
1551 if (!CHECK_LEN(header, p, plen, rdlen))
1552 return STAT_INSECURE;
1553
1554 if (p[0] == type >> 8)
1555 {
a857daa3
SK		 1556 /* Does the NSEC3 say our type exists? */
1557 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1558 return STAT_BOGUS;
1559
1560 break; /* finshed checking */
1561 }
1562
1563 rdlen -= p[1];
1564 p += p[1];
1565 }
1566
1567 return STAT_SECURE;
1568 }
1569
24187530 1570 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
a857daa3 1571 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1572 return STAT_INSECURE;
1573
1574 for (i = 0; i < nsec_count; i++)
1575 if ((p = nsecs[i]))
1576 {
a857daa3
SK		 1577 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1578 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1579 return STAT_INSECURE;
1580
1581 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1582 hash_len = *p++; /* p now points to next hashed name */
1583
1584 if (!CHECK_LEN(header, p, plen, hash_len))
1585 return STAT_INSECURE;
1586
a857daa3 1587 if (digest_len == base32_len && hash_len == base32_len)
5107ace1 1588 {
a857daa3 1589 if (memcmp(workspace2, digest, digest_len) <= 0)
5107ace1
SK		 1590 {
1591 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1592 wrap around case, name-hash falls between NSEC3 name-hash and end */
a857daa3 1593 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
5107ace1
SK		 1594 return STAT_SECURE;
1595 }
1596 else
1597 {
1598 /* wrap around case, name falls between start and next domain name */
a857daa3 1599 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
5107ace1
SK		 1600 return STAT_SECURE;
1601 }
1602 }
1603 }
1604
1605 /* Finally, check that there's no seat of wildcard synthesis */
1606 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1607 return STAT_BOGUS;
1608
1609 wildcard--;
1610 *wildcard = '*';
1611
a857daa3 1612 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1613 return STAT_INSECURE;
1614
1615 for (i = 0; i < nsec_count; i++)
1616 if ((p = nsecs[i]))
1617 {
5107ace1 1618 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1619 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1620 return STAT_INSECURE;
1621
1622 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1623 hash_len = *p++; /* p now points to next hashed name */
1624
1625 if (!CHECK_LEN(header, p, plen, hash_len))
1626 return STAT_INSECURE;
1627
a857daa3 1628 if (digest_len == base32_len && hash_len == base32_len)
5107ace1 1629 {
a857daa3 1630 if (memcmp(workspace2, digest, digest_len) <= 0)
5107ace1
SK		 1631 {
1632 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1633 wrap around case, name-hash falls between NSEC3 name-hash and end */
a857daa3 1634 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
5107ace1
SK		 1635 return STAT_SECURE;
1636 }
1637 else
1638 {
1639 /* wrap around case, name falls between start and next domain name */
a857daa3 1640 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
5107ace1
SK		 1641 return STAT_SECURE;
1642 }
1643 }
1644 }
1645
1646 return STAT_BOGUS;
1647}
1648
0fc2f313 1649/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1650/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
00a5b5d4 1651int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer)
adca3e9c 1652{
00a5b5d4
SK		 1653 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1654 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
5107ace1 1655 int i, j, rc, nsec_count, cname_count = 10;
00a5b5d4 1656 int nsec_type = 0, have_answer = 0;
adca3e9c 1657
00a5b5d4
SK		 1658 if (neganswer)
1659 *neganswer = 0;
1660
e3ec15af
SK		 1661 if (RCODE(header) == SERVFAIL)
1662 return STAT_BOGUS;
1663
c5f4ec7d 1664 if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1)
72ae2f3d 1665 return STAT_INSECURE;
00a5b5d4
SK		 1666
1667 qname = p1 = (unsigned char *)(header+1);
c5f4ec7d 1668
00a5b5d4
SK		 1669 if (!extract_name(header, plen, &p1, name, 1, 4))
1670 return STAT_INSECURE;
1671
1672 GETSHORT(qtype, p1);
1673 GETSHORT(qclass, p1);
1674 ans_start = p1;
1675
1676 /* Can't validate an RRISG query */
1677 if (qtype == T_RRSIG)
0fc2f313 1678 return STAT_INSECURE;
00a5b5d4
SK		 1679
1680 cname_loop:
1681 for (j = ntohs(header->ancount); j != 0; j--)
1682 {
1683 /* leave pointer to missing name in qname */
1684
1685 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1686 return STAT_INSECURE; /* bad packet */
1687
1688 GETSHORT(type2, p1);
1689 GETSHORT(class2, p1);
1690 p1 += 4; /* TTL */
1691 GETSHORT(rdlen2, p1);
1692
1693 if (rc == 1 && qclass == class2)
1694 {
1695 /* Do we have an answer for the question? */
1696 if (type2 == qtype)
1697 {
1698 have_answer = 1;
1699 break;
1700 }
1701 else if (type2 == T_CNAME)
1702 {
1703 qname = p1;
1704
1705 /* looped CNAMES */
1706 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1707 return STAT_INSECURE;
1708
1709 p1 = ans_start;
1710 goto cname_loop;
1711 }
1712 }
1713
1714 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1715 return STAT_INSECURE;
1716 }
0fc2f313 1717
00a5b5d4
SK		 1718 if (neganswer && !have_answer)
1719 *neganswer = 1;
1720
0fc2f313 1721 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1722 {
0fc2f313
SK		 1723 if (!extract_name(header, plen, &p1, name, 1, 10))
1724 return STAT_INSECURE; /* bad packet */
1725
1726 GETSHORT(type1, p1);
1727 GETSHORT(class1, p1);
1728 p1 += 4; /* TTL */
1729 GETSHORT(rdlen1, p1);
1730
1731 /* Don't try and validate RRSIGs! */
1732 if (type1 != T_RRSIG)
1733 {
1734 /* Check if we've done this RRset already */
1735 for (p2 = ans_start, j = 0; j < i; j++)
1736 {
1737 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1738 return STAT_INSECURE; /* bad packet */
1739
1740 GETSHORT(type2, p2);
1741 GETSHORT(class2, p2);
1742 p2 += 4; /* TTL */
1743 GETSHORT(rdlen2, p2);
1744
1745 if (type2 == type1 && class2 == class1 && rc == 1)
1746 break; /* Done it before: name, type, class all match. */
1747
1748 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1749 return STAT_INSECURE;
1750 }
1751
1752 /* Not done, validate now */
51ea3ca2 1753 if (j == i)
0fc2f313 1754 {
8d718cbb
SK		 1755 int ttl, keytag, algo, digest, type_covered;
1756 unsigned char *psave;
1757 struct all_addr a;
1758 struct blockdata *key;
1759 struct crec *crecp;
1760
5107ace1
SK		 1761 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0);
1762
1763 if (rc == STAT_SECURE_WILDCARD)
1764 {
1765 /* An attacker replay a wildcard answer with a different
a857daa3 1766 answer and overlay a genuine RR. To prove this
5107ace1 1767 hasn't happened, the answer must prove that
a857daa3 1768 the gennuine record doesn't exist. Check that here. */
5107ace1
SK		 1769 if (!nsec_type)
1770 {
1771 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1);
1772
1773 if (nsec_type == 0)
1774 return STAT_INSECURE; /* Bad packet */
1775 if (nsec_type == -1)
1776 return STAT_BOGUS; /* No NSECs */
1777 }
1778
1779 if (nsec_type == T_NSEC)
24187530 1780 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1 1781 else
24187530 1782 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1
SK		 1783
1784 if (rc != STAT_SECURE)
1785 return rc;
1786 }
1787 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1788 {
1789 if (class)
1790 *class = class1; /* Class for DS or DNSKEY */
1791 return rc;
1792 }
5107ace1 1793
8d718cbb
SK		 1794 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1795 cache_start_insert();
1796
1797 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1798 {
8d718cbb
SK		 1799 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1800 return STAT_INSECURE; /* bad packet */
51ea3ca2 1801
8d718cbb
SK		 1802 GETSHORT(type2, p2);
1803 GETSHORT(class2, p2);
1804 GETLONG(ttl, p2);
1805 GETSHORT(rdlen2, p2);
1806
1807 if (!CHECK_LEN(header, p2, plen, rdlen2))
1808 return STAT_INSECURE; /* bad packet */
1809
1810 if (class2 == class1 && rc == 1)
1811 {
1812 psave = p2;
1813
1814 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1815 {
8d718cbb
SK		 1816 if (rdlen2 < 4)
1817 return STAT_INSECURE; /* bad packet */
1818
51ea3ca2
SK		 1819 GETSHORT(keytag, p2);
1820 algo = *p2++;
1821 digest = *p2++;
1822
1823 /* Cache needs to known class for DNSSEC stuff */
1824 a.addr.dnssec.class = class2;
1825
8d718cbb 1826 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1827 {
8d718cbb
SK		 1828 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1829 blockdata_free(key);
1830 else
1831 {
1832 a.addr.keytag = keytag;
1833 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1834 crecp->addr.ds.digest = digest;
1835 crecp->addr.ds.keydata = key;
1836 crecp->addr.ds.algo = algo;
1837 crecp->addr.ds.keytag = keytag;
8d718cbb
SK		 1838 crecp->addr.ds.keylen = rdlen2 - 4;
1839 }
1840 }
1841 }
1842 else if (type2 == T_RRSIG)
1843 {
1844 if (rdlen2 < 18)
1845 return STAT_INSECURE; /* bad packet */
51ea3ca2 1846
8d718cbb
SK		 1847 GETSHORT(type_covered, p2);
1848
1849 if (type_covered == type1 &&
1850 (type_covered == T_A || type_covered == T_AAAA ||
1851 type_covered == T_CNAME || type_covered == T_DS ||
1852 type_covered == T_DNSKEY || type_covered == T_PTR))
1853 {
1854 a.addr.dnssec.type = type_covered;
c8ca33f8 1855 a.addr.dnssec.class = class1;
8d718cbb
SK		 1856
1857 algo = *p2++;
1858 p2 += 13; /* labels, orig_ttl, expiration, inception */
1859 GETSHORT(keytag, p2);
1860
1861 if ((key = blockdata_alloc((char*)psave, rdlen2)))
1862 {
1863 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1864 blockdata_free(key);
1865 else
1866 {
8d718cbb
SK		 1867 crecp->addr.sig.keydata = key;
1868 crecp->addr.sig.keylen = rdlen2;
1869 crecp->addr.sig.keytag = keytag;
1870 crecp->addr.sig.type_covered = type_covered;
1871 crecp->addr.sig.algo = algo;
1872 }
1873 }
1874 }
51ea3ca2
SK		 1875 }
1876
8d718cbb 1877 p2 = psave;
51ea3ca2
SK		 1878 }
1879
8d718cbb
SK		 1880 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1881 return STAT_INSECURE; /* bad packet */
51ea3ca2 1882 }
8d718cbb
SK		 1883
1884 cache_end_insert();
0fc2f313
SK		 1885 }
1886 }
adca3e9c 1887
0fc2f313
SK		 1888 if (!ADD_RDLEN(header, p1, plen, rdlen1))
1889 return STAT_INSECURE;
adca3e9c
GB		 1890 }
1891
c5f4ec7d 1892 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
00a5b5d4
SK		 1893 if (have_answer)
1894 return STAT_SECURE;
1895
5107ace1 1896 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
5107ace1
SK		 1897 /* First marshall the NSEC records, if we've not done it previously */
1898 if (!nsec_type)
c5f4ec7d 1899 {
00a5b5d4 1900 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass);
c5f4ec7d 1901
5107ace1
SK		 1902 if (nsec_type == 0)
1903 return STAT_INSECURE; /* Bad packet */
1904 if (nsec_type == -1)
1905 return STAT_BOGUS; /* No NSECs */
c5f4ec7d 1906 }
00a5b5d4
SK		 1907
1908 /* Get name of missing answer */
1909 if (!extract_name(header, plen, &qname, name, 1, 0))
1910 return STAT_INSECURE;
5107ace1
SK		 1911
1912 if (nsec_type == T_NSEC)
00a5b5d4 1913 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
5107ace1 1914 else
00a5b5d4 1915 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
e292e93d
GB		 1916}
1917
00a5b5d4
SK		 1918/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
1919 Needed for proving answer in unsigned space.
1920 Return STAT_NEED_*
1921 STAT_BOGUS - error
1922 STAT_INSECURE - name of first non-secure record in name
1923*/
1924int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
1925{
1926 unsigned char *p = (unsigned char *)(header+1);
1927 int type, class, qtype, qclass, rdlen, j, rc;
1928 int cname_count = 10;
1929
1930 /* Get question */
1931 if (!extract_name(header, plen, &p, name, 1, 4))
1932 return STAT_BOGUS;
1933
1934 GETSHORT(qtype, p);
1935 GETSHORT(qclass, p);
1936
1937 while (1)
1938 {
1939 for (j = ntohs(header->ancount); j != 0; j--)
1940 {
1941 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1942 return STAT_BOGUS; /* bad packet */
1943
1944 GETSHORT(type, p);
1945 GETSHORT(class, p);
1946 p += 4; /* TTL */
1947 GETSHORT(rdlen, p);
1948
1949 /* Not target, loop */
1950 if (rc == 2 || qclass != class)
1951 {
1952 if (!ADD_RDLEN(header, p, plen, rdlen))
1953 return STAT_BOGUS;
1954 continue;
1955 }
1956
1957 /* Got to end of CNAME chain. */
1958 if (type != T_CNAME)
1959 return STAT_INSECURE;
1960
1961 /* validate CNAME chain, return if insecure or need more data */
1962 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, 0, 0, 0);
1963 if (rc != STAT_SECURE)
1964 {
1965 if (rc == STAT_NO_SIG)
1966 rc = STAT_INSECURE;
1967 return rc;
1968 }
1969
1970 /* Loop down CNAME chain/ */
1971 if (!cname_count-- ||
1972 !extract_name(header, plen, &p, name, 1, 0) ||
1973 !(p = skip_questions(header, plen)))
1974 return STAT_BOGUS;
1975
1976 break;
1977 }
1978
1979 /* End of CNAME chain */
1980 return STAT_INSECURE;
1981 }
1982}
1983
1984
3471f181 1985/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 1986int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 1987{
75ffc9bf
GB		 1988 if (alg == 1)
1989 {
1990 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
1991 See RFC4034, Appendix B.1 */
0fc2f313 1992 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 1993 }
1994 else
1995 {
1633e308 1996 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 1997 int i;
1998
0fc2f313
SK		 1999 for (i = 0; i < keylen; ++i)
2000 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 2001
0fc2f313
SK		 2002 ac += (ac >> 16) & 0xffff;
2003 return ac & 0xffff;
0304d28f 2004 }
3471f181 2005}
e292e93d 2006
5f8e58f4
SK		 2007size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2008{
2009 unsigned char *p;
610e782a 2010 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 2011
2012 if (addr->sa.sa_family == AF_INET)
2013 log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2014#ifdef HAVE_IPV6
2015 else
2016 log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2017#endif
2018
2019 header->qdcount = htons(1);
2020 header->ancount = htons(0);
2021 header->nscount = htons(0);
2022 header->arcount = htons(0);
e292e93d 2023
5f8e58f4
SK		 2024 header->hb3 = HB3_RD;
2025 SET_OPCODE(header, QUERY);
5b3bf921
SK		 2026 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2027 this allows it to select auth servers when one is returning bad data. */
2028 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 2029
2030 /* ID filled in later */
2031
2032 p = (unsigned char *)(header+1);
2033
2034 p = do_rfc1035_name(p, name);
2035 *p++ = 0;
2036 PUTSHORT(type, p);
2037 PUTSHORT(class, p);
2038
2039 return add_do_bit(header, p - (unsigned char *)header, end);
2040}
8a9be9e4 2041
613ad15d
SK		 2042/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2043 we've chopped out of the packet, or check they don't point into an elided part. */
2044static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2045{
2046 unsigned char *ansp = *namep;
2047
2048 while(1)
2049 {
2050 unsigned int label_type;
2051
2052 if (!CHECK_LEN(header, ansp, plen, 1))
2053 return 0;
2054
2055 label_type = (*ansp) & 0xc0;
2056
2057 if (label_type == 0xc0)
2058 {
2059 /* pointer for compression. */
00a5b5d4
SK		 2060 unsigned int offset;
2061 int i;
613ad15d
SK		 2062 unsigned char *p;
2063
2064 if (!CHECK_LEN(header, ansp, plen, 2))
2065 return 0;
2066
2067 offset = ((*ansp++) & 0x3f) << 8;
2068 offset |= *ansp++;
2069
2070 p = offset + (unsigned char *)header;
2071
2072 for (i = 0; i < rr_count; i++)
2073 if (p < rrs[i])
2074 break;
2075 else
2076 if (i & 1)
2077 offset -= rrs[i] - rrs[i-1];
2078
2079 /* does the pointer end up in an elided RR? */
2080 if (i & 1)
00a5b5d4 2081 return 0;
613ad15d
SK		 2082
2083 /* No, scale the pointer */
2084 if (fixup)
2085 {
2086 ansp -= 2;
2087 *ansp++ = (offset >> 8) | 0xc0;
2088 *ansp++ = offset & 0xff;
2089 }
2090 break;
2091 }
2092 else if (label_type == 0x80)
2093 return 0; /* reserved */
2094 else if (label_type == 0x40)
2095 {
2096 /* Extended label type */
2097 unsigned int count;
2098
2099 if (!CHECK_LEN(header, ansp, plen, 2))
2100 return 0;
2101
2102 if (((*ansp++) & 0x3f) != 1)
2103 return 0; /* we only understand bitstrings */
2104
2105 count = *(ansp++); /* Bits in bitstring */
2106
2107 if (count == 0) /* count == 0 means 256 bits */
2108 ansp += 32;
2109 else
2110 ansp += ((count-1)>>3)+1;
2111 }
2112 else
2113 { /* label type == 0 Bottom six bits is length */
2114 unsigned int len = (*ansp++) & 0x3f;
2115
2116 if (!ADD_RDLEN(header, ansp, plen, len))
2117 return 0;
2118
2119 if (len == 0)
2120 break; /* zero length label marks the end. */
2121 }
2122 }
2123
2124 *namep = ansp;
2125
2126 return 1;
2127}
2128
2129/* Go through RRs and check or fixup the domain names contained within */
2130static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2131{
2132 int i, type, class, rdlen;
00a5b5d4 2133 unsigned char *pp;
613ad15d
SK		 2134
2135 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2136 {
00a5b5d4
SK		 2137 pp = p;
2138
2139 if (!(p = skip_name(p, header, plen, 10)))
2140 return 0;
613ad15d
SK		 2141
2142 GETSHORT(type, p);
2143 GETSHORT(class, p);
2144 p += 4; /* TTL */
2145 GETSHORT(rdlen, p);
00a5b5d4 2146
613ad15d
SK		 2147 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2148 {
00a5b5d4
SK		 2149 /* fixup name of RR */
2150 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2151 return 0;
2152
613ad15d
SK		 2153 if (class == C_IN)
2154 {
2155 u16 *d;
2156 unsigned char *pp = p;
2157
2158 for (d = get_desc(type); *d != (u16)-1; d++)
2159 {
2160 if (*d != 0)
2161 pp += *d;
2162 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2163 return 0;
2164 }
2165 }
2166 }
2167
2168 if (!ADD_RDLEN(header, p, plen, rdlen))
2169 return 0;
2170 }
2171
2172 return 1;
2173}
2174
2175
2176size_t filter_rrsigs(struct dns_header *header, size_t plen)
2177{
2178 static unsigned char **rrs;
2179 static int rr_sz = 0;
2180
2181 unsigned char *p = (unsigned char *)(header+1);
2182 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns;
2183
2184 if (ntohs(header->qdcount) != 1 ||
2185 !(p = skip_name(p, header, plen, 4)))
2186 return plen;
2187
2188 GETSHORT(qtype, p);
2189 GETSHORT(qclass, p);
2190
2191 /* First pass, find pointers to start and end of all the records we wish to elide:
2192 records added for DNSSEC, unless explicity queried for */
2193 for (rr_found = 0, chop_ns = 0, chop_an = 0, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2194 {
2195 unsigned char *pstart = p;
2196 int type, class;
2197
2198 if (!(p = skip_name(p, header, plen, 10)))
2199 return plen;
2200
2201 GETSHORT(type, p);
2202 GETSHORT(class, p);
2203 p += 4; /* TTL */
2204 GETSHORT(rdlen, p);
2205
2206 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2207 (type != qtype || class != qclass))
2208 {
2209 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2210 return plen;
2211
2212 rrs[rr_found++] = pstart;
2213
2214 if (!ADD_RDLEN(header, p, plen, rdlen))
2215 return plen;
2216
2217 rrs[rr_found++] = p;
2218
2219 if (i < ntohs(header->ancount))
2220 chop_an++;
2221 else
2222 chop_ns++;
2223 }
2224 else if (!ADD_RDLEN(header, p, plen, rdlen))
2225 return plen;
2226 }
2227
2228 /* Nothing to do. */
2229 if (rr_found == 0)
2230 return plen;
2231
2232 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2233 point to records we're going to elide. This is theoretically possible, but unlikely. If
2234 it happens, we give up and leave the answer unchanged. */
2235 p = (unsigned char *)(header+1);
2236
2237 /* question first */
2238 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2239 return plen;
2240 p += 4; /* qclass, qtype */
2241
2242 /* Now answers and NS */
2243 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2244 return plen;
2245
2246 /* Third pass, elide records */
2247 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2248 {
2249 unsigned char *start = rrs[i];
2250 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2251
2252 memmove(p, start, end-start);
2253 p += end-start;
2254 }
2255
2256 plen = p - (unsigned char *)header;
2257 header->ancount = htons(ntohs(header->ancount) - chop_an);
2258 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2259
2260 /* Fourth pass, fix up pointers in the remaining records */
2261 p = (unsigned char *)(header+1);
2262
2263 check_name(&p, header, plen, 1, rrs, rr_found);
2264 p += 4; /* qclass, qtype */
2265
2266 check_rrs(p, header, plen, 1, rrs, rr_found);
2267
2268 return plen;
2269}
2270
8a9be9e4
SK		 2271unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2272{
2273 int q;
2274 unsigned int len;
2275 unsigned char *p = (unsigned char *)(header+1);
2276 const struct nettle_hash *hash;
2277 void *ctx;
2278 unsigned char *digest;
5f8e58f4 2279
8a9be9e4
SK		 2280 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2281 return NULL;
2282
2283 for (q = ntohs(header->qdcount); q != 0; q--)
2284 {
2285 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 2286 break; /* bad packet */
8a9be9e4
SK		 2287
2288 len = to_wire(name);
2289 hash->update(ctx, len, (unsigned char *)name);
2290 /* CRC the class and type as well */
2291 hash->update(ctx, 4, p);
2292
2293 p += 4;
2294 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 2295 break; /* bad packet */
8a9be9e4 2296 }
703c7ff4
SK		 2297
2298 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 2299 return digest;
2300}
2301
0fc2f313 2302#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.