]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / blob
? search:


2f5776b5edae2749e767232490271c5fb33832b4
[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "alloc-util.h"
4 #include "dns-domain.h"
5 #include "fd-util.h"
6 #include "fileio.h"
7 #include "gcrypt-util.h"
8 #include "hexdecoct.h"
9 #include "memory-util.h"
10 #include "resolved-dns-dnssec.h"
11 #include "resolved-dns-packet.h"
12 #include "sort-util.h"
13 #include "string-table.h"
14
15 #define VERIFY_RRS_MAX 256
16 #define MAX_KEY_SIZE (32*1024)
17
18 /* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
19 #define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
20
21 /* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value */
22 #define NSEC3_ITERATIONS_MAX 2500
23
24 /*
25 * The DNSSEC Chain of trust:
26 *
27 * Normal RRs are protected via RRSIG RRs in combination with DNSKEY RRs, all in the same zone
28 * DNSKEY RRs are either protected like normal RRs, or via a DS from a zone "higher" up the tree
29 * DS RRs are protected like normal RRs
30 *
31 * Example chain:
32 * Normal RR → RRSIG/DNSKEY+ → DS → RRSIG/DNSKEY+ → DS → ... → DS → RRSIG/DNSKEY+ → DS
33 */
34
35 uint16_t dnssec_keytag(DnsResourceRecord *dnskey, bool mask_revoke) {
36 const uint8_t *p;
37 uint32_t sum, f;
38 size_t i;
39
40 /* The algorithm from RFC 4034, Appendix B. */
41
42 assert(dnskey);
43 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
44
45 f = (uint32_t) dnskey->dnskey.flags;
46
47 if (mask_revoke)
48 f &= ~DNSKEY_FLAG_REVOKE;
49
50 sum = f + ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);
51
52 p = dnskey->dnskey.key;
53
54 for (i = 0; i < dnskey->dnskey.key_size; i++)
55 sum += (i & 1) == 0 ? (uint32_t) p[i] << 8 : (uint32_t) p[i];
56
57 sum += (sum >> 16) & UINT32_C(0xFFFF);
58
59 return sum & UINT32_C(0xFFFF);
60 }
61
62 #if HAVE_GCRYPT
63
64 static int rr_compare(DnsResourceRecord * const *a, DnsResourceRecord * const *b) {
65 const DnsResourceRecord *x = *a, *y = *b;
66 size_t m;
67 int r;
68
69 /* Let's order the RRs according to RFC 4034, Section 6.3 */
70
71 assert(x);
72 assert(x->wire_format);
73 assert(y);
74 assert(y->wire_format);
75
76 m = MIN(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
77
78 r = memcmp(DNS_RESOURCE_RECORD_RDATA(x), DNS_RESOURCE_RECORD_RDATA(y), m);
79 if (r != 0)
80 return r;
81
82 return CMP(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
83 }
84
85 static int dnssec_rsa_verify_raw(
86 const char *hash_algorithm,
87 const void *signature, size_t signature_size,
88 const void *data, size_t data_size,
89 const void *exponent, size_t exponent_size,
90 const void *modulus, size_t modulus_size) {
91
92 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
93 gcry_mpi_t n = NULL, e = NULL, s = NULL;
94 gcry_error_t ge;
95 int r;
96
97 assert(hash_algorithm);
98
99 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature, signature_size, NULL);
100 if (ge != 0) {
101 r = -EIO;
102 goto finish;
103 }
104
105 ge = gcry_mpi_scan(&e, GCRYMPI_FMT_USG, exponent, exponent_size, NULL);
106 if (ge != 0) {
107 r = -EIO;
108 goto finish;
109 }
110
111 ge = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, modulus, modulus_size, NULL);
112 if (ge != 0) {
113 r = -EIO;
114 goto finish;
115 }
116
117 ge = gcry_sexp_build(&signature_sexp,
118 NULL,
119 "(sig-val (rsa (s %m)))",
120 s);
121
122 if (ge != 0) {
123 r = -EIO;
124 goto finish;
125 }
126
127 ge = gcry_sexp_build(&data_sexp,
128 NULL,
129 "(data (flags pkcs1) (hash %s %b))",
130 hash_algorithm,
131 (int) data_size,
132 data);
133 if (ge != 0) {
134 r = -EIO;
135 goto finish;
136 }
137
138 ge = gcry_sexp_build(&public_key_sexp,
139 NULL,
140 "(public-key (rsa (n %m) (e %m)))",
141 n,
142 e);
143 if (ge != 0) {
144 r = -EIO;
145 goto finish;
146 }
147
148 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
149 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
150 r = 0;
151 else if (ge != 0) {
152 log_debug("RSA signature check failed: %s", gpg_strerror(ge));
153 r = -EIO;
154 } else
155 r = 1;
156
157 finish:
158 if (e)
159 gcry_mpi_release(e);
160 if (n)
161 gcry_mpi_release(n);
162 if (s)
163 gcry_mpi_release(s);
164
165 if (public_key_sexp)
166 gcry_sexp_release(public_key_sexp);
167 if (signature_sexp)
168 gcry_sexp_release(signature_sexp);
169 if (data_sexp)
170 gcry_sexp_release(data_sexp);
171
172 return r;
173 }
174
175 static int dnssec_rsa_verify(
176 const char *hash_algorithm,
177 const void *hash, size_t hash_size,
178 DnsResourceRecord *rrsig,
179 DnsResourceRecord *dnskey) {
180
181 size_t exponent_size, modulus_size;
182 void *exponent, *modulus;
183
184 assert(hash_algorithm);
185 assert(hash);
186 assert(hash_size > 0);
187 assert(rrsig);
188 assert(dnskey);
189
190 if (*(uint8_t*) dnskey->dnskey.key == 0) {
191 /* exponent is > 255 bytes long */
192
193 exponent = (uint8_t*) dnskey->dnskey.key + 3;
194 exponent_size =
195 ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |
196 ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);
197
198 if (exponent_size < 256)
199 return -EINVAL;
200
201 if (3 + exponent_size >= dnskey->dnskey.key_size)
202 return -EINVAL;
203
204 modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;
205 modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;
206
207 } else {
208 /* exponent is <= 255 bytes long */
209
210 exponent = (uint8_t*) dnskey->dnskey.key + 1;
211 exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];
212
213 if (exponent_size <= 0)
214 return -EINVAL;
215
216 if (1 + exponent_size >= dnskey->dnskey.key_size)
217 return -EINVAL;
218
219 modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;
220 modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;
221 }
222
223 return dnssec_rsa_verify_raw(
224 hash_algorithm,
225 rrsig->rrsig.signature, rrsig->rrsig.signature_size,
226 hash, hash_size,
227 exponent, exponent_size,
228 modulus, modulus_size);
229 }
230
231 static int dnssec_ecdsa_verify_raw(
232 const char *hash_algorithm,
233 const char *curve,
234 const void *signature_r, size_t signature_r_size,
235 const void *signature_s, size_t signature_s_size,
236 const void *data, size_t data_size,
237 const void *key, size_t key_size) {
238
239 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
240 gcry_mpi_t q = NULL, r = NULL, s = NULL;
241 gcry_error_t ge;
242 int k;
243
244 assert(hash_algorithm);
245
246 ge = gcry_mpi_scan(&r, GCRYMPI_FMT_USG, signature_r, signature_r_size, NULL);
247 if (ge != 0) {
248 k = -EIO;
249 goto finish;
250 }
251
252 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature_s, signature_s_size, NULL);
253 if (ge != 0) {
254 k = -EIO;
255 goto finish;
256 }
257
258 ge = gcry_mpi_scan(&q, GCRYMPI_FMT_USG, key, key_size, NULL);
259 if (ge != 0) {
260 k = -EIO;
261 goto finish;
262 }
263
264 ge = gcry_sexp_build(&signature_sexp,
265 NULL,
266 "(sig-val (ecdsa (r %m) (s %m)))",
267 r,
268 s);
269 if (ge != 0) {
270 k = -EIO;
271 goto finish;
272 }
273
274 ge = gcry_sexp_build(&data_sexp,
275 NULL,
276 "(data (flags rfc6979) (hash %s %b))",
277 hash_algorithm,
278 (int) data_size,
279 data);
280 if (ge != 0) {
281 k = -EIO;
282 goto finish;
283 }
284
285 ge = gcry_sexp_build(&public_key_sexp,
286 NULL,
287 "(public-key (ecc (curve %s) (q %m)))",
288 curve,
289 q);
290 if (ge != 0) {
291 k = -EIO;
292 goto finish;
293 }
294
295 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
296 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
297 k = 0;
298 else if (ge != 0) {
299 log_debug("ECDSA signature check failed: %s", gpg_strerror(ge));
300 k = -EIO;
301 } else
302 k = 1;
303 finish:
304 if (r)
305 gcry_mpi_release(r);
306 if (s)
307 gcry_mpi_release(s);
308 if (q)
309 gcry_mpi_release(q);
310
311 if (public_key_sexp)
312 gcry_sexp_release(public_key_sexp);
313 if (signature_sexp)
314 gcry_sexp_release(signature_sexp);
315 if (data_sexp)
316 gcry_sexp_release(data_sexp);
317
318 return k;
319 }
320
321 static int dnssec_ecdsa_verify(
322 const char *hash_algorithm,
323 int algorithm,
324 const void *hash, size_t hash_size,
325 DnsResourceRecord *rrsig,
326 DnsResourceRecord *dnskey) {
327
328 const char *curve;
329 size_t key_size;
330 uint8_t *q;
331
332 assert(hash);
333 assert(hash_size);
334 assert(rrsig);
335 assert(dnskey);
336
337 if (algorithm == DNSSEC_ALGORITHM_ECDSAP256SHA256) {
338 key_size = 32;
339 curve = "NIST P-256";
340 } else if (algorithm == DNSSEC_ALGORITHM_ECDSAP384SHA384) {
341 key_size = 48;
342 curve = "NIST P-384";
343 } else
344 return -EOPNOTSUPP;
345
346 if (dnskey->dnskey.key_size != key_size * 2)
347 return -EINVAL;
348
349 if (rrsig->rrsig.signature_size != key_size * 2)
350 return -EINVAL;
351
352 q = newa(uint8_t, key_size*2 + 1);
353 q[0] = 0x04; /* Prepend 0x04 to indicate an uncompressed key */
354 memcpy(q+1, dnskey->dnskey.key, key_size*2);
355
356 return dnssec_ecdsa_verify_raw(
357 hash_algorithm,
358 curve,
359 rrsig->rrsig.signature, key_size,
360 (uint8_t*) rrsig->rrsig.signature + key_size, key_size,
361 hash, hash_size,
362 q, key_size*2+1);
363 }
364
365 #if GCRYPT_VERSION_NUMBER >= 0x010600
366 static int dnssec_eddsa_verify_raw(
367 const char *curve,
368 const void *signature_r, size_t signature_r_size,
369 const void *signature_s, size_t signature_s_size,
370 const void *data, size_t data_size,
371 const void *key, size_t key_size) {
372
373 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
374 gcry_error_t ge;
375 int k;
376
377 ge = gcry_sexp_build(&signature_sexp,
378 NULL,
379 "(sig-val (eddsa (r %b) (s %b)))",
380 (int) signature_r_size,
381 signature_r,
382 (int) signature_s_size,
383 signature_s);
384 if (ge != 0) {
385 k = -EIO;
386 goto finish;
387 }
388
389 ge = gcry_sexp_build(&data_sexp,
390 NULL,
391 "(data (flags eddsa) (hash-algo sha512) (value %b))",
392 (int) data_size,
393 data);
394 if (ge != 0) {
395 k = -EIO;
396 goto finish;
397 }
398
399 ge = gcry_sexp_build(&public_key_sexp,
400 NULL,
401 "(public-key (ecc (curve %s) (flags eddsa) (q %b)))",
402 curve,
403 (int) key_size,
404 key);
405 if (ge != 0) {
406 k = -EIO;
407 goto finish;
408 }
409
410 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
411 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
412 k = 0;
413 else if (ge != 0) {
414 log_debug("EdDSA signature check failed: %s", gpg_strerror(ge));
415 k = -EIO;
416 } else
417 k = 1;
418 finish:
419 if (public_key_sexp)
420 gcry_sexp_release(public_key_sexp);
421 if (signature_sexp)
422 gcry_sexp_release(signature_sexp);
423 if (data_sexp)
424 gcry_sexp_release(data_sexp);
425
426 return k;
427 }
428
429 static int dnssec_eddsa_verify(
430 int algorithm,
431 const void *data, size_t data_size,
432 DnsResourceRecord *rrsig,
433 DnsResourceRecord *dnskey) {
434 const char *curve;
435 size_t key_size;
436
437 if (algorithm == DNSSEC_ALGORITHM_ED25519) {
438 curve = "Ed25519";
439 key_size = 32;
440 } else
441 return -EOPNOTSUPP;
442
443 if (dnskey->dnskey.key_size != key_size)
444 return -EINVAL;
445
446 if (rrsig->rrsig.signature_size != key_size * 2)
447 return -EINVAL;
448
449 return dnssec_eddsa_verify_raw(
450 curve,
451 rrsig->rrsig.signature, key_size,
452 (uint8_t*) rrsig->rrsig.signature + key_size, key_size,
453 data, data_size,
454 dnskey->dnskey.key, key_size);
455 }
456 #endif
457
458 static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
459 gcry_md_write(md, &v, sizeof(v));
460 }
461
462 static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
463 v = htobe16(v);
464 gcry_md_write(md, &v, sizeof(v));
465 }
466
467 static void fwrite_uint8(FILE *fp, uint8_t v) {
468 fwrite(&v, sizeof(v), 1, fp);
469 }
470
471 static void fwrite_uint16(FILE *fp, uint16_t v) {
472 v = htobe16(v);
473 fwrite(&v, sizeof(v), 1, fp);
474 }
475
476 static void fwrite_uint32(FILE *fp, uint32_t v) {
477 v = htobe32(v);
478 fwrite(&v, sizeof(v), 1, fp);
479 }
480
481 static int dnssec_rrsig_prepare(DnsResourceRecord *rrsig) {
482 int n_key_labels, n_signer_labels;
483 const char *name;
484 int r;
485
486 /* Checks whether the specified RRSIG RR is somewhat valid, and initializes the .n_skip_labels_source and
487 * .n_skip_labels_signer fields so that we can use them later on. */
488
489 assert(rrsig);
490 assert(rrsig->key->type == DNS_TYPE_RRSIG);
491
492 /* Check if this RRSIG RR is already prepared */
493 if (rrsig->n_skip_labels_source != (unsigned) -1)
494 return 0;
495
496 if (rrsig->rrsig.inception > rrsig->rrsig.expiration)
497 return -EINVAL;
498
499 name = dns_resource_key_name(rrsig->key);
500
501 n_key_labels = dns_name_count_labels(name);
502 if (n_key_labels < 0)
503 return n_key_labels;
504 if (rrsig->rrsig.labels > n_key_labels)
505 return -EINVAL;
506
507 n_signer_labels = dns_name_count_labels(rrsig->rrsig.signer);
508 if (n_signer_labels < 0)
509 return n_signer_labels;
510 if (n_signer_labels > rrsig->rrsig.labels)
511 return -EINVAL;
512
513 r = dns_name_skip(name, n_key_labels - n_signer_labels, &name);
514 if (r < 0)
515 return r;
516 if (r == 0)
517 return -EINVAL;
518
519 /* Check if the signer is really a suffix of us */
520 r = dns_name_equal(name, rrsig->rrsig.signer);
521 if (r < 0)
522 return r;
523 if (r == 0)
524 return -EINVAL;
525
526 rrsig->n_skip_labels_source = n_key_labels - rrsig->rrsig.labels;
527 rrsig->n_skip_labels_signer = n_key_labels - n_signer_labels;
528
529 return 0;
530 }
531
532 static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
533 usec_t expiration, inception, skew;
534
535 assert(rrsig);
536 assert(rrsig->key->type == DNS_TYPE_RRSIG);
537
538 if (realtime == USEC_INFINITY)
539 realtime = now(CLOCK_REALTIME);
540
541 expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
542 inception = rrsig->rrsig.inception * USEC_PER_SEC;
543
544 /* Consider inverted validity intervals as expired */
545 if (inception > expiration)
546 return true;
547
548 /* Permit a certain amount of clock skew of 10% of the valid
549 * time range. This takes inspiration from unbound's
550 * resolver. */
551 skew = (expiration - inception) / 10;
552 if (skew > SKEW_MAX)
553 skew = SKEW_MAX;
554
555 if (inception < skew)
556 inception = 0;
557 else
558 inception -= skew;
559
560 if (expiration + skew < expiration)
561 expiration = USEC_INFINITY;
562 else
563 expiration += skew;
564
565 return realtime < inception || realtime > expiration;
566 }
567
568 static int algorithm_to_gcrypt_md(uint8_t algorithm) {
569
570 /* Translates a DNSSEC signature algorithm into a gcrypt
571 * digest identifier.
572 *
573 * Note that we implement all algorithms listed as "Must
574 * implement" and "Recommended to Implement" in RFC6944. We
575 * don't implement any algorithms that are listed as
576 * "Optional" or "Must Not Implement". Specifically, we do not
577 * implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
578 * GOST-ECC. */
579
580 switch (algorithm) {
581
582 case DNSSEC_ALGORITHM_RSASHA1:
583 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
584 return GCRY_MD_SHA1;
585
586 case DNSSEC_ALGORITHM_RSASHA256:
587 case DNSSEC_ALGORITHM_ECDSAP256SHA256:
588 return GCRY_MD_SHA256;
589
590 case DNSSEC_ALGORITHM_ECDSAP384SHA384:
591 return GCRY_MD_SHA384;
592
593 case DNSSEC_ALGORITHM_RSASHA512:
594 return GCRY_MD_SHA512;
595
596 default:
597 return -EOPNOTSUPP;
598 }
599 }
600
601 static void dnssec_fix_rrset_ttl(
602 DnsResourceRecord *list[],
603 unsigned n,
604 DnsResourceRecord *rrsig,
605 usec_t realtime) {
606
607 unsigned k;
608
609 assert(list);
610 assert(n > 0);
611 assert(rrsig);
612
613 for (k = 0; k < n; k++) {
614 DnsResourceRecord *rr = list[k];
615
616 /* Pick the TTL as the minimum of the RR's TTL, the
617 * RR's original TTL according to the RRSIG and the
618 * RRSIG's own TTL, see RFC 4035, Section 5.3.3 */
619 rr->ttl = MIN3(rr->ttl, rrsig->rrsig.original_ttl, rrsig->ttl);
620 rr->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
621
622 /* Copy over information about the signer and wildcard source of synthesis */
623 rr->n_skip_labels_source = rrsig->n_skip_labels_source;
624 rr->n_skip_labels_signer = rrsig->n_skip_labels_signer;
625 }
626
627 rrsig->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
628 }
629
630 int dnssec_verify_rrset(
631 DnsAnswer *a,
632 const DnsResourceKey *key,
633 DnsResourceRecord *rrsig,
634 DnsResourceRecord *dnskey,
635 usec_t realtime,
636 DnssecResult *result) {
637
638 uint8_t wire_format_name[DNS_WIRE_FORMAT_HOSTNAME_MAX];
639 DnsResourceRecord **list, *rr;
640 const char *source, *name;
641 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
642 int r, md_algorithm;
643 size_t k, n = 0;
644 size_t sig_size = 0;
645 _cleanup_free_ char *sig_data = NULL;
646 _cleanup_fclose_ FILE *f = NULL;
647 size_t hash_size;
648 void *hash;
649 bool wildcard;
650
651 assert(key);
652 assert(rrsig);
653 assert(dnskey);
654 assert(result);
655 assert(rrsig->key->type == DNS_TYPE_RRSIG);
656 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
657
658 /* Verifies that the RRSet matches the specified "key" in "a",
659 * using the signature "rrsig" and the key "dnskey". It's
660 * assumed that RRSIG and DNSKEY match. */
661
662 r = dnssec_rrsig_prepare(rrsig);
663 if (r == -EINVAL) {
664 *result = DNSSEC_INVALID;
665 return r;
666 }
667 if (r < 0)
668 return r;
669
670 r = dnssec_rrsig_expired(rrsig, realtime);
671 if (r < 0)
672 return r;
673 if (r > 0) {
674 *result = DNSSEC_SIGNATURE_EXPIRED;
675 return 0;
676 }
677
678 name = dns_resource_key_name(key);
679
680 /* Some keys may only appear signed in the zone apex, and are invalid anywhere else. (SOA, NS...) */
681 if (dns_type_apex_only(rrsig->rrsig.type_covered)) {
682 r = dns_name_equal(rrsig->rrsig.signer, name);
683 if (r < 0)
684 return r;
685 if (r == 0) {
686 *result = DNSSEC_INVALID;
687 return 0;
688 }
689 }
690
691 /* OTOH DS RRs may not appear in the zone apex, but are valid everywhere else. */
692 if (rrsig->rrsig.type_covered == DNS_TYPE_DS) {
693 r = dns_name_equal(rrsig->rrsig.signer, name);
694 if (r < 0)
695 return r;
696 if (r > 0) {
697 *result = DNSSEC_INVALID;
698 return 0;
699 }
700 }
701
702 /* Determine the "Source of Synthesis" and whether this is a wildcard RRSIG */
703 r = dns_name_suffix(name, rrsig->rrsig.labels, &source);
704 if (r < 0)
705 return r;
706 if (r > 0 && !dns_type_may_wildcard(rrsig->rrsig.type_covered)) {
707 /* We refuse to validate NSEC3 or SOA RRs that are synthesized from wildcards */
708 *result = DNSSEC_INVALID;
709 return 0;
710 }
711 if (r == 1) {
712 /* If we stripped a single label, then let's see if that maybe was "*". If so, we are not really
713 * synthesized from a wildcard, we are the wildcard itself. Treat that like a normal name. */
714 r = dns_name_startswith(name, "*");
715 if (r < 0)
716 return r;
717 if (r > 0)
718 source = name;
719
720 wildcard = r == 0;
721 } else
722 wildcard = r > 0;
723
724 /* Collect all relevant RRs in a single array, so that we can look at the RRset */
725 list = newa(DnsResourceRecord *, dns_answer_size(a));
726
727 DNS_ANSWER_FOREACH(rr, a) {
728 r = dns_resource_key_equal(key, rr->key);
729 if (r < 0)
730 return r;
731 if (r == 0)
732 continue;
733
734 /* We need the wire format for ordering, and digest calculation */
735 r = dns_resource_record_to_wire_format(rr, true);
736 if (r < 0)
737 return r;
738
739 list[n++] = rr;
740
741 if (n > VERIFY_RRS_MAX)
742 return -E2BIG;
743 }
744
745 if (n <= 0)
746 return -ENODATA;
747
748 /* Bring the RRs into canonical order */
749 typesafe_qsort(list, n, rr_compare);
750
751 f = open_memstream_unlocked(&sig_data, &sig_size);
752 if (!f)
753 return -ENOMEM;
754
755 fwrite_uint16(f, rrsig->rrsig.type_covered);
756 fwrite_uint8(f, rrsig->rrsig.algorithm);
757 fwrite_uint8(f, rrsig->rrsig.labels);
758 fwrite_uint32(f, rrsig->rrsig.original_ttl);
759 fwrite_uint32(f, rrsig->rrsig.expiration);
760 fwrite_uint32(f, rrsig->rrsig.inception);
761 fwrite_uint16(f, rrsig->rrsig.key_tag);
762
763 r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
764 if (r < 0)
765 return r;
766 fwrite(wire_format_name, 1, r, f);
767
768 /* Convert the source of synthesis into wire format */
769 r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
770 if (r < 0)
771 return r;
772
773 for (k = 0; k < n; k++) {
774 size_t l;
775
776 rr = list[k];
777
778 /* Hash the source of synthesis. If this is a wildcard, then prefix it with the *. label */
779 if (wildcard)
780 fwrite((uint8_t[]) { 1, '*'}, sizeof(uint8_t), 2, f);
781 fwrite(wire_format_name, 1, r, f);
782
783 fwrite_uint16(f, rr->key->type);
784 fwrite_uint16(f, rr->key->class);
785 fwrite_uint32(f, rrsig->rrsig.original_ttl);
786
787 l = DNS_RESOURCE_RECORD_RDATA_SIZE(rr);
788 assert(l <= 0xFFFF);
789
790 fwrite_uint16(f, (uint16_t) l);
791 fwrite(DNS_RESOURCE_RECORD_RDATA(rr), 1, l, f);
792 }
793
794 r = fflush_and_check(f);
795 if (r < 0)
796 return r;
797
798 initialize_libgcrypt(false);
799
800 switch (rrsig->rrsig.algorithm) {
801 #if GCRYPT_VERSION_NUMBER >= 0x010600
802 case DNSSEC_ALGORITHM_ED25519:
803 break;
804 #else
805 case DNSSEC_ALGORITHM_ED25519:
806 #endif
807 case DNSSEC_ALGORITHM_ED448:
808 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
809 return 0;
810 default:
811 /* OK, the RRs are now in canonical order. Let's calculate the digest */
812 md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
813 if (md_algorithm == -EOPNOTSUPP) {
814 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
815 return 0;
816 }
817 if (md_algorithm < 0)
818 return md_algorithm;
819
820 gcry_md_open(&md, md_algorithm, 0);
821 if (!md)
822 return -EIO;
823
824 hash_size = gcry_md_get_algo_dlen(md_algorithm);
825 assert(hash_size > 0);
826
827 gcry_md_write(md, sig_data, sig_size);
828
829 hash = gcry_md_read(md, 0);
830 if (!hash)
831 return -EIO;
832 }
833
834 switch (rrsig->rrsig.algorithm) {
835
836 case DNSSEC_ALGORITHM_RSASHA1:
837 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
838 case DNSSEC_ALGORITHM_RSASHA256:
839 case DNSSEC_ALGORITHM_RSASHA512:
840 r = dnssec_rsa_verify(
841 gcry_md_algo_name(md_algorithm),
842 hash, hash_size,
843 rrsig,
844 dnskey);
845 break;
846
847 case DNSSEC_ALGORITHM_ECDSAP256SHA256:
848 case DNSSEC_ALGORITHM_ECDSAP384SHA384:
849 r = dnssec_ecdsa_verify(
850 gcry_md_algo_name(md_algorithm),
851 rrsig->rrsig.algorithm,
852 hash, hash_size,
853 rrsig,
854 dnskey);
855 break;
856 #if GCRYPT_VERSION_NUMBER >= 0x010600
857 case DNSSEC_ALGORITHM_ED25519:
858 r = dnssec_eddsa_verify(
859 rrsig->rrsig.algorithm,
860 sig_data, sig_size,
861 rrsig,
862 dnskey);
863 break;
864 #endif
865 }
866 if (r < 0)
867 return r;
868
869 /* Now, fix the ttl, expiry, and remember the synthesizing source and the signer */
870 if (r > 0)
871 dnssec_fix_rrset_ttl(list, n, rrsig, realtime);
872
873 if (r == 0)
874 *result = DNSSEC_INVALID;
875 else if (wildcard)
876 *result = DNSSEC_VALIDATED_WILDCARD;
877 else
878 *result = DNSSEC_VALIDATED;
879
880 return 0;
881 }
882
883 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
884
885 assert(rrsig);
886 assert(dnskey);
887
888 /* Checks if the specified DNSKEY RR matches the key used for
889 * the signature in the specified RRSIG RR */
890
891 if (rrsig->key->type != DNS_TYPE_RRSIG)
892 return -EINVAL;
893
894 if (dnskey->key->type != DNS_TYPE_DNSKEY)
895 return 0;
896 if (dnskey->key->class != rrsig->key->class)
897 return 0;
898 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
899 return 0;
900 if (!revoked_ok && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
901 return 0;
902 if (dnskey->dnskey.protocol != 3)
903 return 0;
904 if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)
905 return 0;
906
907 if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag)
908 return 0;
909
910 return dns_name_equal(dns_resource_key_name(dnskey->key), rrsig->rrsig.signer);
911 }
912
913 int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
914 assert(key);
915 assert(rrsig);
916
917 /* Checks if the specified RRSIG RR protects the RRSet of the specified RR key. */
918
919 if (rrsig->key->type != DNS_TYPE_RRSIG)
920 return 0;
921 if (rrsig->key->class != key->class)
922 return 0;
923 if (rrsig->rrsig.type_covered != key->type)
924 return 0;
925
926 return dns_name_equal(dns_resource_key_name(rrsig->key), dns_resource_key_name(key));
927 }
928
929 int dnssec_verify_rrset_search(
930 DnsAnswer *a,
931 const DnsResourceKey *key,
932 DnsAnswer *validated_dnskeys,
933 usec_t realtime,
934 DnssecResult *result,
935 DnsResourceRecord **ret_rrsig) {
936
937 bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
938 DnsResourceRecord *rrsig;
939 int r;
940
941 assert(key);
942 assert(result);
943
944 /* Verifies all RRs from "a" that match the key "key" against DNSKEYs in "validated_dnskeys" */
945
946 if (!a || a->n_rrs <= 0)
947 return -ENODATA;
948
949 /* Iterate through each RRSIG RR. */
950 DNS_ANSWER_FOREACH(rrsig, a) {
951 DnsResourceRecord *dnskey;
952 DnsAnswerFlags flags;
953
954 /* Is this an RRSIG RR that applies to RRs matching our key? */
955 r = dnssec_key_match_rrsig(key, rrsig);
956 if (r < 0)
957 return r;
958 if (r == 0)
959 continue;
960
961 found_rrsig = true;
962
963 /* Look for a matching key */
964 DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {
965 DnssecResult one_result;
966
967 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
968 continue;
969
970 /* Is this a DNSKEY RR that matches they key of our RRSIG? */
971 r = dnssec_rrsig_match_dnskey(rrsig, dnskey, false);
972 if (r < 0)
973 return r;
974 if (r == 0)
975 continue;
976
977 /* Take the time here, if it isn't set yet, so
978 * that we do all validations with the same
979 * time. */
980 if (realtime == USEC_INFINITY)
981 realtime = now(CLOCK_REALTIME);
982
983 /* Yay, we found a matching RRSIG with a matching
984 * DNSKEY, awesome. Now let's verify all entries of
985 * the RRSet against the RRSIG and DNSKEY
986 * combination. */
987
988 r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);
989 if (r < 0)
990 return r;
991
992 switch (one_result) {
993
994 case DNSSEC_VALIDATED:
995 case DNSSEC_VALIDATED_WILDCARD:
996 /* Yay, the RR has been validated,
997 * return immediately, but fix up the expiry */
998 if (ret_rrsig)
999 *ret_rrsig = rrsig;
1000
1001 *result = one_result;
1002 return 0;
1003
1004 case DNSSEC_INVALID:
1005 /* If the signature is invalid, let's try another
1006 key and/or signature. After all they
1007 key_tags and stuff are not unique, and
1008 might be shared by multiple keys. */
1009 found_invalid = true;
1010 continue;
1011
1012 case DNSSEC_UNSUPPORTED_ALGORITHM:
1013 /* If the key algorithm is
1014 unsupported, try another
1015 RRSIG/DNSKEY pair, but remember we
1016 encountered this, so that we can
1017 return a proper error when we
1018 encounter nothing better. */
1019 found_unsupported_algorithm = true;
1020 continue;
1021
1022 case DNSSEC_SIGNATURE_EXPIRED:
1023 /* If the signature is expired, try
1024 another one, but remember it, so
1025 that we can return this */
1026 found_expired_rrsig = true;
1027 continue;
1028
1029 default:
1030 assert_not_reached("Unexpected DNSSEC validation result");
1031 }
1032 }
1033 }
1034
1035 if (found_expired_rrsig)
1036 *result = DNSSEC_SIGNATURE_EXPIRED;
1037 else if (found_unsupported_algorithm)
1038 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
1039 else if (found_invalid)
1040 *result = DNSSEC_INVALID;
1041 else if (found_rrsig)
1042 *result = DNSSEC_MISSING_KEY;
1043 else
1044 *result = DNSSEC_NO_SIGNATURE;
1045
1046 if (ret_rrsig)
1047 *ret_rrsig = NULL;
1048
1049 return 0;
1050 }
1051
1052 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
1053 DnsResourceRecord *rr;
1054 int r;
1055
1056 /* Checks whether there's at least one RRSIG in 'a' that protects RRs of the specified key */
1057
1058 DNS_ANSWER_FOREACH(rr, a) {
1059 r = dnssec_key_match_rrsig(key, rr);
1060 if (r < 0)
1061 return r;
1062 if (r > 0)
1063 return 1;
1064 }
1065
1066 return 0;
1067 }
1068
1069 static int digest_to_gcrypt_md(uint8_t algorithm) {
1070
1071 /* Translates a DNSSEC digest algorithm into a gcrypt digest identifier */
1072
1073 switch (algorithm) {
1074
1075 case DNSSEC_DIGEST_SHA1:
1076 return GCRY_MD_SHA1;
1077
1078 case DNSSEC_DIGEST_SHA256:
1079 return GCRY_MD_SHA256;
1080
1081 case DNSSEC_DIGEST_SHA384:
1082 return GCRY_MD_SHA384;
1083
1084 default:
1085 return -EOPNOTSUPP;
1086 }
1087 }
1088
1089 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
1090 uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
1091 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
1092 size_t hash_size;
1093 int md_algorithm, r;
1094 void *result;
1095
1096 assert(dnskey);
1097 assert(ds);
1098
1099 /* Implements DNSKEY verification by a DS, according to RFC 4035, section 5.2 */
1100
1101 if (dnskey->key->type != DNS_TYPE_DNSKEY)
1102 return -EINVAL;
1103 if (ds->key->type != DNS_TYPE_DS)
1104 return -EINVAL;
1105 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
1106 return -EKEYREJECTED;
1107 if (!mask_revoke && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
1108 return -EKEYREJECTED;
1109 if (dnskey->dnskey.protocol != 3)
1110 return -EKEYREJECTED;
1111
1112 if (dnskey->dnskey.algorithm != ds->ds.algorithm)
1113 return 0;
1114 if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)
1115 return 0;
1116
1117 initialize_libgcrypt(false);
1118
1119 md_algorithm = digest_to_gcrypt_md(ds->ds.digest_type);
1120 if (md_algorithm < 0)
1121 return md_algorithm;
1122
1123 hash_size = gcry_md_get_algo_dlen(md_algorithm);
1124 assert(hash_size > 0);
1125
1126 if (ds->ds.digest_size != hash_size)
1127 return 0;
1128
1129 r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof(wire_format), true);
1130 if (r < 0)
1131 return r;
1132
1133 gcry_md_open(&md, md_algorithm, 0);
1134 if (!md)
1135 return -EIO;
1136
1137 gcry_md_write(md, wire_format, r);
1138 if (mask_revoke)
1139 md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
1140 else
1141 md_add_uint16(md, dnskey->dnskey.flags);
1142 md_add_uint8(md, dnskey->dnskey.protocol);
1143 md_add_uint8(md, dnskey->dnskey.algorithm);
1144 gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
1145
1146 result = gcry_md_read(md, 0);
1147 if (!result)
1148 return -EIO;
1149
1150 return memcmp(result, ds->ds.digest, ds->ds.digest_size) == 0;
1151 }
1152
1153 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
1154 DnsResourceRecord *ds;
1155 DnsAnswerFlags flags;
1156 int r;
1157
1158 assert(dnskey);
1159
1160 if (dnskey->key->type != DNS_TYPE_DNSKEY)
1161 return 0;
1162
1163 DNS_ANSWER_FOREACH_FLAGS(ds, flags, validated_ds) {
1164
1165 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
1166 continue;
1167
1168 if (ds->key->type != DNS_TYPE_DS)
1169 continue;
1170 if (ds->key->class != dnskey->key->class)
1171 continue;
1172
1173 r = dns_name_equal(dns_resource_key_name(dnskey->key), dns_resource_key_name(ds->key));
1174 if (r < 0)
1175 return r;
1176 if (r == 0)
1177 continue;
1178
1179 r = dnssec_verify_dnskey_by_ds(dnskey, ds, false);
1180 if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP))
1181 return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
1182 if (r < 0)
1183 return r;
1184 if (r > 0)
1185 return 1;
1186 }
1187
1188 return 0;
1189 }
1190
1191 static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
1192
1193 /* Translates a DNSSEC NSEC3 hash algorithm into a gcrypt digest identifier */
1194
1195 switch (algorithm) {
1196
1197 case NSEC3_ALGORITHM_SHA1:
1198 return GCRY_MD_SHA1;
1199
1200 default:
1201 return -EOPNOTSUPP;
1202 }
1203 }
1204
1205 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
1206 uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
1207 gcry_md_hd_t md = NULL;
1208 size_t hash_size;
1209 int algorithm;
1210 void *result;
1211 unsigned k;
1212 int r;
1213
1214 assert(nsec3);
1215 assert(name);
1216 assert(ret);
1217
1218 if (nsec3->key->type != DNS_TYPE_NSEC3)
1219 return -EINVAL;
1220
1221 if (nsec3->nsec3.iterations > NSEC3_ITERATIONS_MAX)
1222 return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
1223 "Ignoring NSEC3 RR %s with excessive number of iterations.",
1224 dns_resource_record_to_string(nsec3));
1225
1226 algorithm = nsec3_hash_to_gcrypt_md(nsec3->nsec3.algorithm);
1227 if (algorithm < 0)
1228 return algorithm;
1229
1230 initialize_libgcrypt(false);
1231
1232 hash_size = gcry_md_get_algo_dlen(algorithm);
1233 assert(hash_size > 0);
1234
1235 if (nsec3->nsec3.next_hashed_name_size != hash_size)
1236 return -EINVAL;
1237
1238 r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
1239 if (r < 0)
1240 return r;
1241
1242 gcry_md_open(&md, algorithm, 0);
1243 if (!md)
1244 return -EIO;
1245
1246 gcry_md_write(md, wire_format, r);
1247 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
1248
1249 result = gcry_md_read(md, 0);
1250 if (!result) {
1251 r = -EIO;
1252 goto finish;
1253 }
1254
1255 for (k = 0; k < nsec3->nsec3.iterations; k++) {
1256 uint8_t tmp[hash_size];
1257 memcpy(tmp, result, hash_size);
1258
1259 gcry_md_reset(md);
1260 gcry_md_write(md, tmp, hash_size);
1261 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
1262
1263 result = gcry_md_read(md, 0);
1264 if (!result) {
1265 r = -EIO;
1266 goto finish;
1267 }
1268 }
1269
1270 memcpy(ret, result, hash_size);
1271 r = (int) hash_size;
1272
1273 finish:
1274 gcry_md_close(md);
1275 return r;
1276 }
1277
1278 static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
1279 const char *a, *b;
1280 int r;
1281
1282 assert(rr);
1283
1284 if (rr->key->type != DNS_TYPE_NSEC3)
1285 return 0;
1286
1287 /* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
1288 if (!IN_SET(rr->nsec3.flags, 0, 1))
1289 return 0;
1290
1291 /* Ignore NSEC3 RRs whose algorithm we don't know */
1292 if (nsec3_hash_to_gcrypt_md(rr->nsec3.algorithm) < 0)
1293 return 0;
1294 /* Ignore NSEC3 RRs with an excessive number of required iterations */
1295 if (rr->nsec3.iterations > NSEC3_ITERATIONS_MAX)
1296 return 0;
1297
1298 /* Ignore NSEC3 RRs generated from wildcards. If these NSEC3 RRs weren't correctly signed we can't make this
1299 * check (since rr->n_skip_labels_source is -1), but that's OK, as we won't trust them anyway in that case. */
1300 if (!IN_SET(rr->n_skip_labels_source, 0, (unsigned) -1))
1301 return 0;
1302 /* Ignore NSEC3 RRs that are located anywhere else than one label below the zone */
1303 if (!IN_SET(rr->n_skip_labels_signer, 1, (unsigned) -1))
1304 return 0;
1305
1306 if (!nsec3)
1307 return 1;
1308
1309 /* If a second NSEC3 RR is specified, also check if they are from the same zone. */
1310
1311 if (nsec3 == rr) /* Shortcut */
1312 return 1;
1313
1314 if (rr->key->class != nsec3->key->class)
1315 return 0;
1316 if (rr->nsec3.algorithm != nsec3->nsec3.algorithm)
1317 return 0;
1318 if (rr->nsec3.iterations != nsec3->nsec3.iterations)
1319 return 0;
1320 if (rr->nsec3.salt_size != nsec3->nsec3.salt_size)
1321 return 0;
1322 if (memcmp_safe(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
1323 return 0;
1324
1325 a = dns_resource_key_name(rr->key);
1326 r = dns_name_parent(&a); /* strip off hash */
1327 if (r <= 0)
1328 return r;
1329
1330 b = dns_resource_key_name(nsec3->key);
1331 r = dns_name_parent(&b); /* strip off hash */
1332 if (r <= 0)
1333 return r;
1334
1335 /* Make sure both have the same parent */
1336 return dns_name_equal(a, b);
1337 }
1338
1339 static int nsec3_hashed_domain_format(const uint8_t *hashed, size_t hashed_size, const char *zone, char **ret) {
1340 _cleanup_free_ char *l = NULL;
1341 char *j;
1342
1343 assert(hashed);
1344 assert(hashed_size > 0);
1345 assert(zone);
1346 assert(ret);
1347
1348 l = base32hexmem(hashed, hashed_size, false);
1349 if (!l)
1350 return -ENOMEM;
1351
1352 j = strjoin(l, ".", zone);
1353 if (!j)
1354 return -ENOMEM;
1355
1356 *ret = j;
1357 return (int) hashed_size;
1358 }
1359
1360 static int nsec3_hashed_domain_make(DnsResourceRecord *nsec3, const char *domain, const char *zone, char **ret) {
1361 uint8_t hashed[DNSSEC_HASH_SIZE_MAX];
1362 int hashed_size;
1363
1364 assert(nsec3);
1365 assert(domain);
1366 assert(zone);
1367 assert(ret);
1368
1369 hashed_size = dnssec_nsec3_hash(nsec3, domain, hashed);
1370 if (hashed_size < 0)
1371 return hashed_size;
1372
1373 return nsec3_hashed_domain_format(hashed, (size_t) hashed_size, zone, ret);
1374 }
1375
1376 /* See RFC 5155, Section 8
1377 * First try to find a NSEC3 record that matches our query precisely, if that fails, find the closest
1378 * enclosure. Secondly, find a proof that there is no closer enclosure and either a proof that there
1379 * is no wildcard domain as a direct descendant of the closest enclosure, or find an NSEC3 record that
1380 * matches the wildcard domain.
1381 *
1382 * Based on this we can prove either the existence of the record in @key, or NXDOMAIN or NODATA, or
1383 * that there is no proof either way. The latter is the case if a proof of non-existence of a given
1384 * name uses an NSEC3 record with the opt-out bit set. Lastly, if we are given insufficient NSEC3 records
1385 * to conclude anything we indicate this by returning NO_RR. */
1386 static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
1387 _cleanup_free_ char *next_closer_domain = NULL, *wildcard_domain = NULL;
1388 const char *zone, *p, *pp = NULL, *wildcard;
1389 DnsResourceRecord *rr, *enclosure_rr, *zone_rr, *wildcard_rr = NULL;
1390 DnsAnswerFlags flags;
1391 int hashed_size, r;
1392 bool a, no_closer = false, no_wildcard = false, optout = false;
1393
1394 assert(key);
1395 assert(result);
1396
1397 /* First step, find the zone name and the NSEC3 parameters of the zone.
1398 * it is sufficient to look for the longest common suffix we find with
1399 * any NSEC3 RR in the response. Any NSEC3 record will do as all NSEC3
1400 * records from a given zone in a response must use the same
1401 * parameters. */
1402 zone = dns_resource_key_name(key);
1403 for (;;) {
1404 DNS_ANSWER_FOREACH_FLAGS(zone_rr, flags, answer) {
1405 r = nsec3_is_good(zone_rr, NULL);
1406 if (r < 0)
1407 return r;
1408 if (r == 0)
1409 continue;
1410
1411 r = dns_name_equal_skip(dns_resource_key_name(zone_rr->key), 1, zone);
1412 if (r < 0)
1413 return r;
1414 if (r > 0)
1415 goto found_zone;
1416 }
1417
1418 /* Strip one label from the front */
1419 r = dns_name_parent(&zone);
1420 if (r < 0)
1421 return r;
1422 if (r == 0)
1423 break;
1424 }
1425
1426 *result = DNSSEC_NSEC_NO_RR;
1427 return 0;
1428
1429 found_zone:
1430 /* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */
1431 p = dns_resource_key_name(key);
1432 for (;;) {
1433 _cleanup_free_ char *hashed_domain = NULL;
1434
1435 hashed_size = nsec3_hashed_domain_make(zone_rr, p, zone, &hashed_domain);
1436 if (hashed_size == -EOPNOTSUPP) {
1437 *result = DNSSEC_NSEC_UNSUPPORTED_ALGORITHM;
1438 return 0;
1439 }
1440 if (hashed_size < 0)
1441 return hashed_size;
1442
1443 DNS_ANSWER_FOREACH_FLAGS(enclosure_rr, flags, answer) {
1444
1445 r = nsec3_is_good(enclosure_rr, zone_rr);
1446 if (r < 0)
1447 return r;
1448 if (r == 0)
1449 continue;
1450
1451 if (enclosure_rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
1452 continue;
1453
1454 r = dns_name_equal(dns_resource_key_name(enclosure_rr->key), hashed_domain);
1455 if (r < 0)
1456 return r;
1457 if (r > 0) {
1458 a = flags & DNS_ANSWER_AUTHENTICATED;
1459 goto found_closest_encloser;
1460 }
1461 }
1462
1463 /* We didn't find the closest encloser with this name,
1464 * but let's remember this domain name, it might be
1465 * the next closer name */
1466
1467 pp = p;
1468
1469 /* Strip one label from the front */
1470 r = dns_name_parent(&p);
1471 if (r < 0)
1472 return r;
1473 if (r == 0)
1474 break;
1475 }
1476
1477 *result = DNSSEC_NSEC_NO_RR;
1478 return 0;
1479
1480 found_closest_encloser:
1481 /* We found a closest encloser in 'p'; next closer is 'pp' */
1482
1483 if (!pp) {
1484 /* We have an exact match! If we area looking for a DS RR, then we must insist that we got the NSEC3 RR
1485 * from the parent. Otherwise the one from the child. Do so, by checking whether SOA and NS are
1486 * appropriately set. */
1487
1488 if (key->type == DNS_TYPE_DS) {
1489 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1490 return -EBADMSG;
1491 } else {
1492 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
1493 !bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1494 return -EBADMSG;
1495 }
1496
1497 /* No next closer NSEC3 RR. That means there's a direct NSEC3 RR for our key. */
1498 if (bitmap_isset(enclosure_rr->nsec3.types, key->type))
1499 *result = DNSSEC_NSEC_FOUND;
1500 else if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_CNAME))
1501 *result = DNSSEC_NSEC_CNAME;
1502 else
1503 *result = DNSSEC_NSEC_NODATA;
1504
1505 if (authenticated)
1506 *authenticated = a;
1507 if (ttl)
1508 *ttl = enclosure_rr->ttl;
1509
1510 return 0;
1511 }
1512
1513 /* Ensure this is not a DNAME domain, see RFC5155, section 8.3. */
1514 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_DNAME))
1515 return -EBADMSG;
1516
1517 /* Ensure that this data is from the delegated domain
1518 * (i.e. originates from the "lower" DNS server), and isn't
1519 * just glue records (i.e. doesn't originate from the "upper"
1520 * DNS server). */
1521 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
1522 !bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1523 return -EBADMSG;
1524
1525 /* Prove that there is no next closer and whether or not there is a wildcard domain. */
1526
1527 wildcard = strjoina("*.", p);
1528 r = nsec3_hashed_domain_make(enclosure_rr, wildcard, zone, &wildcard_domain);
1529 if (r < 0)
1530 return r;
1531 if (r != hashed_size)
1532 return -EBADMSG;
1533
1534 r = nsec3_hashed_domain_make(enclosure_rr, pp, zone, &next_closer_domain);
1535 if (r < 0)
1536 return r;
1537 if (r != hashed_size)
1538 return -EBADMSG;
1539
1540 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1541 _cleanup_free_ char *next_hashed_domain = NULL;
1542
1543 r = nsec3_is_good(rr, zone_rr);
1544 if (r < 0)
1545 return r;
1546 if (r == 0)
1547 continue;
1548
1549 r = nsec3_hashed_domain_format(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, zone, &next_hashed_domain);
1550 if (r < 0)
1551 return r;
1552
1553 r = dns_name_between(dns_resource_key_name(rr->key), next_closer_domain, next_hashed_domain);
1554 if (r < 0)
1555 return r;
1556 if (r > 0) {
1557 if (rr->nsec3.flags & 1)
1558 optout = true;
1559
1560 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1561
1562 no_closer = true;
1563 }
1564
1565 r = dns_name_equal(dns_resource_key_name(rr->key), wildcard_domain);
1566 if (r < 0)
1567 return r;
1568 if (r > 0) {
1569 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1570
1571 wildcard_rr = rr;
1572 }
1573
1574 r = dns_name_between(dns_resource_key_name(rr->key), wildcard_domain, next_hashed_domain);
1575 if (r < 0)
1576 return r;
1577 if (r > 0) {
1578 if (rr->nsec3.flags & 1)
1579 /* This only makes sense if we have a wildcard delegation, which is
1580 * very unlikely, see RFC 4592, Section 4.2, but we cannot rely on
1581 * this not happening, so hence cannot simply conclude NXDOMAIN as
1582 * we would wish */
1583 optout = true;
1584
1585 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1586
1587 no_wildcard = true;
1588 }
1589 }
1590
1591 if (wildcard_rr && no_wildcard)
1592 return -EBADMSG;
1593
1594 if (!no_closer) {
1595 *result = DNSSEC_NSEC_NO_RR;
1596 return 0;
1597 }
1598
1599 if (wildcard_rr) {
1600 /* A wildcard exists that matches our query. */
1601 if (optout)
1602 /* This is not specified in any RFC to the best of my knowledge, but
1603 * if the next closer enclosure is covered by an opt-out NSEC3 RR
1604 * it means that we cannot prove that the source of synthesis is
1605 * correct, as there may be a closer match. */
1606 *result = DNSSEC_NSEC_OPTOUT;
1607 else if (bitmap_isset(wildcard_rr->nsec3.types, key->type))
1608 *result = DNSSEC_NSEC_FOUND;
1609 else if (bitmap_isset(wildcard_rr->nsec3.types, DNS_TYPE_CNAME))
1610 *result = DNSSEC_NSEC_CNAME;
1611 else
1612 *result = DNSSEC_NSEC_NODATA;
1613 } else {
1614 if (optout)
1615 /* The RFC only specifies that we have to care for optout for NODATA for
1616 * DS records. However, children of an insecure opt-out delegation should
1617 * also be considered opt-out, rather than verified NXDOMAIN.
1618 * Note that we do not require a proof of wildcard non-existence if the
1619 * next closer domain is covered by an opt-out, as that would not provide
1620 * any additional information. */
1621 *result = DNSSEC_NSEC_OPTOUT;
1622 else if (no_wildcard)
1623 *result = DNSSEC_NSEC_NXDOMAIN;
1624 else {
1625 *result = DNSSEC_NSEC_NO_RR;
1626
1627 return 0;
1628 }
1629 }
1630
1631 if (authenticated)
1632 *authenticated = a;
1633
1634 if (ttl)
1635 *ttl = enclosure_rr->ttl;
1636
1637 return 0;
1638 }
1639
1640 static int dnssec_nsec_wildcard_equal(DnsResourceRecord *rr, const char *name) {
1641 char label[DNS_LABEL_MAX];
1642 const char *n;
1643 int r;
1644
1645 assert(rr);
1646 assert(rr->key->type == DNS_TYPE_NSEC);
1647
1648 /* Checks whether the specified RR has a name beginning in "*.", and if the rest is a suffix of our name */
1649
1650 if (rr->n_skip_labels_source != 1)
1651 return 0;
1652
1653 n = dns_resource_key_name(rr->key);
1654 r = dns_label_unescape(&n, label, sizeof label, 0);
1655 if (r <= 0)
1656 return r;
1657 if (r != 1 || label[0] != '*')
1658 return 0;
1659
1660 return dns_name_endswith(name, n);
1661 }
1662
1663 static int dnssec_nsec_in_path(DnsResourceRecord *rr, const char *name) {
1664 const char *nn, *common_suffix;
1665 int r;
1666
1667 assert(rr);
1668 assert(rr->key->type == DNS_TYPE_NSEC);
1669
1670 /* Checks whether the specified nsec RR indicates that name is an empty non-terminal (ENT)
1671 *
1672 * A couple of examples:
1673 *
1674 * NSEC bar → waldo.foo.bar: indicates that foo.bar exists and is an ENT
1675 * NSEC waldo.foo.bar → yyy.zzz.xoo.bar: indicates that xoo.bar and zzz.xoo.bar exist and are ENTs
1676 * NSEC yyy.zzz.xoo.bar → bar: indicates pretty much nothing about ENTs
1677 */
1678
1679 /* First, determine parent of next domain. */
1680 nn = rr->nsec.next_domain_name;
1681 r = dns_name_parent(&nn);
1682 if (r <= 0)
1683 return r;
1684
1685 /* If the name we just determined is not equal or child of the name we are interested in, then we can't say
1686 * anything at all. */
1687 r = dns_name_endswith(nn, name);
1688 if (r <= 0)
1689 return r;
1690
1691 /* If the name we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */
1692 r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
1693 if (r < 0)
1694 return r;
1695
1696 return dns_name_endswith(name, common_suffix);
1697 }
1698
1699 static int dnssec_nsec_from_parent_zone(DnsResourceRecord *rr, const char *name) {
1700 int r;
1701
1702 assert(rr);
1703 assert(rr->key->type == DNS_TYPE_NSEC);
1704
1705 /* Checks whether this NSEC originates to the parent zone or the child zone. */
1706
1707 r = dns_name_parent(&name);
1708 if (r <= 0)
1709 return r;
1710
1711 r = dns_name_equal(name, dns_resource_key_name(rr->key));
1712 if (r <= 0)
1713 return r;
1714
1715 /* DNAME, and NS without SOA is an indication for a delegation. */
1716 if (bitmap_isset(rr->nsec.types, DNS_TYPE_DNAME))
1717 return 1;
1718
1719 if (bitmap_isset(rr->nsec.types, DNS_TYPE_NS) && !bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1720 return 1;
1721
1722 return 0;
1723 }
1724
1725 static int dnssec_nsec_covers(DnsResourceRecord *rr, const char *name) {
1726 const char *signer;
1727 int r;
1728
1729 assert(rr);
1730 assert(rr->key->type == DNS_TYPE_NSEC);
1731
1732 /* Checks whether the name is covered by this NSEC RR. This means, that the name is somewhere below the NSEC's
1733 * signer name, and between the NSEC's two names. */
1734
1735 r = dns_resource_record_signer(rr, &signer);
1736 if (r < 0)
1737 return r;
1738
1739 r = dns_name_endswith(name, signer); /* this NSEC isn't suitable the name is not in the signer's domain */
1740 if (r <= 0)
1741 return r;
1742
1743 return dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
1744 }
1745
1746 static int dnssec_nsec_generate_wildcard(DnsResourceRecord *rr, const char *name, char **wc) {
1747 const char *common_suffix1, *common_suffix2, *signer;
1748 int r, labels1, labels2;
1749
1750 assert(rr);
1751 assert(rr->key->type == DNS_TYPE_NSEC);
1752
1753 /* Generates "Wildcard at the Closest Encloser" for the given name and NSEC RR. */
1754
1755 r = dns_resource_record_signer(rr, &signer);
1756 if (r < 0)
1757 return r;
1758
1759 r = dns_name_endswith(name, signer); /* this NSEC isn't suitable the name is not in the signer's domain */
1760 if (r <= 0)
1761 return r;
1762
1763 r = dns_name_common_suffix(name, dns_resource_key_name(rr->key), &common_suffix1);
1764 if (r < 0)
1765 return r;
1766
1767 r = dns_name_common_suffix(name, rr->nsec.next_domain_name, &common_suffix2);
1768 if (r < 0)
1769 return r;
1770
1771 labels1 = dns_name_count_labels(common_suffix1);
1772 if (labels1 < 0)
1773 return labels1;
1774
1775 labels2 = dns_name_count_labels(common_suffix2);
1776 if (labels2 < 0)
1777 return labels2;
1778
1779 if (labels1 > labels2)
1780 r = dns_name_concat("*", common_suffix1, 0, wc);
1781 else
1782 r = dns_name_concat("*", common_suffix2, 0, wc);
1783
1784 if (r < 0)
1785 return r;
1786
1787 return 0;
1788 }
1789
1790 int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
1791 bool have_nsec3 = false, covering_rr_authenticated = false, wildcard_rr_authenticated = false;
1792 DnsResourceRecord *rr, *covering_rr = NULL, *wildcard_rr = NULL;
1793 DnsAnswerFlags flags;
1794 const char *name;
1795 int r;
1796
1797 assert(key);
1798 assert(result);
1799
1800 /* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
1801
1802 name = dns_resource_key_name(key);
1803
1804 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1805
1806 if (rr->key->class != key->class)
1807 continue;
1808
1809 have_nsec3 = have_nsec3 || (rr->key->type == DNS_TYPE_NSEC3);
1810
1811 if (rr->key->type != DNS_TYPE_NSEC)
1812 continue;
1813
1814 /* The following checks only make sense for NSEC RRs that are not expanded from a wildcard */
1815 r = dns_resource_record_is_synthetic(rr);
1816 if (r == -ENODATA) /* No signing RR known. */
1817 continue;
1818 if (r < 0)
1819 return r;
1820 if (r > 0)
1821 continue;
1822
1823 /* Check if this is a direct match. If so, we have encountered a NODATA case */
1824 r = dns_name_equal(dns_resource_key_name(rr->key), name);
1825 if (r < 0)
1826 return r;
1827 if (r == 0) {
1828 /* If it's not a direct match, maybe it's a wild card match? */
1829 r = dnssec_nsec_wildcard_equal(rr, name);
1830 if (r < 0)
1831 return r;
1832 }
1833 if (r > 0) {
1834 if (key->type == DNS_TYPE_DS) {
1835 /* If we look for a DS RR and the server sent us the NSEC RR of the child zone
1836 * we have a problem. For DS RRs we want the NSEC RR from the parent */
1837 if (bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1838 continue;
1839 } else {
1840 /* For all RR types, ensure that if NS is set SOA is set too, so that we know
1841 * we got the child's NSEC. */
1842 if (bitmap_isset(rr->nsec.types, DNS_TYPE_NS) &&
1843 !bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1844 continue;
1845 }
1846
1847 if (bitmap_isset(rr->nsec.types, key->type))
1848 *result = DNSSEC_NSEC_FOUND;
1849 else if (bitmap_isset(rr->nsec.types, DNS_TYPE_CNAME))
1850 *result = DNSSEC_NSEC_CNAME;
1851 else
1852 *result = DNSSEC_NSEC_NODATA;
1853
1854 if (authenticated)
1855 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1856 if (ttl)
1857 *ttl = rr->ttl;
1858
1859 return 0;
1860 }
1861
1862 /* Check if the name we are looking for is an empty non-terminal within the owner or next name
1863 * of the NSEC RR. */
1864 r = dnssec_nsec_in_path(rr, name);
1865 if (r < 0)
1866 return r;
1867 if (r > 0) {
1868 *result = DNSSEC_NSEC_NODATA;
1869
1870 if (authenticated)
1871 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1872 if (ttl)
1873 *ttl = rr->ttl;
1874
1875 return 0;
1876 }
1877
1878 /* The following two "covering" checks, are not useful if the NSEC is from the parent */
1879 r = dnssec_nsec_from_parent_zone(rr, name);
1880 if (r < 0)
1881 return r;
1882 if (r > 0)
1883 continue;
1884
1885 /* Check if this NSEC RR proves the absence of an explicit RR under this name */
1886 r = dnssec_nsec_covers(rr, name);
1887 if (r < 0)
1888 return r;
1889 if (r > 0 && (!covering_rr || !covering_rr_authenticated)) {
1890 covering_rr = rr;
1891 covering_rr_authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1892 }
1893 }
1894
1895 if (covering_rr) {
1896 _cleanup_free_ char *wc = NULL;
1897 r = dnssec_nsec_generate_wildcard(covering_rr, name, &wc);
1898 if (r < 0)
1899 return r;
1900
1901 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1902
1903 if (rr->key->class != key->class)
1904 continue;
1905
1906 if (rr->key->type != DNS_TYPE_NSEC)
1907 continue;
1908
1909 /* Check if this NSEC RR proves the nonexistence of the wildcard */
1910 r = dnssec_nsec_covers(rr, wc);
1911 if (r < 0)
1912 return r;
1913 if (r > 0 && (!wildcard_rr || !wildcard_rr_authenticated)) {
1914 wildcard_rr = rr;
1915 wildcard_rr_authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1916 }
1917 }
1918 }
1919
1920 if (covering_rr && wildcard_rr) {
1921 /* If we could prove that neither the name itself, nor the wildcard at the closest encloser exists, we
1922 * proved the NXDOMAIN case. */
1923 *result = DNSSEC_NSEC_NXDOMAIN;
1924
1925 if (authenticated)
1926 *authenticated = covering_rr_authenticated && wildcard_rr_authenticated;
1927 if (ttl)
1928 *ttl = MIN(covering_rr->ttl, wildcard_rr->ttl);
1929
1930 return 0;
1931 }
1932
1933 /* OK, this was not sufficient. Let's see if NSEC3 can help. */
1934 if (have_nsec3)
1935 return dnssec_test_nsec3(answer, key, result, authenticated, ttl);
1936
1937 /* No appropriate NSEC RR found, report this. */
1938 *result = DNSSEC_NSEC_NO_RR;
1939 return 0;
1940 }
1941
1942 static int dnssec_nsec_test_enclosed(DnsAnswer *answer, uint16_t type, const char *name, const char *zone, bool *authenticated) {
1943 DnsResourceRecord *rr;
1944 DnsAnswerFlags flags;
1945 int r;
1946
1947 assert(name);
1948 assert(zone);
1949
1950 /* Checks whether there's an NSEC/NSEC3 that proves that the specified 'name' is non-existing in the specified
1951 * 'zone'. The 'zone' must be a suffix of the 'name'. */
1952
1953 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1954 bool found = false;
1955
1956 if (rr->key->type != type && type != DNS_TYPE_ANY)
1957 continue;
1958
1959 switch (rr->key->type) {
1960
1961 case DNS_TYPE_NSEC:
1962
1963 /* We only care for NSEC RRs from the indicated zone */
1964 r = dns_resource_record_is_signer(rr, zone);
1965 if (r < 0)
1966 return r;
1967 if (r == 0)
1968 continue;
1969
1970 r = dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
1971 if (r < 0)
1972 return r;
1973
1974 found = r > 0;
1975 break;
1976
1977 case DNS_TYPE_NSEC3: {
1978 _cleanup_free_ char *hashed_domain = NULL, *next_hashed_domain = NULL;
1979
1980 /* We only care for NSEC3 RRs from the indicated zone */
1981 r = dns_resource_record_is_signer(rr, zone);
1982 if (r < 0)
1983 return r;
1984 if (r == 0)
1985 continue;
1986
1987 r = nsec3_is_good(rr, NULL);
1988 if (r < 0)
1989 return r;
1990 if (r == 0)
1991 break;
1992
1993 /* Format the domain we are testing with the NSEC3 RR's hash function */
1994 r = nsec3_hashed_domain_make(
1995 rr,
1996 name,
1997 zone,
1998 &hashed_domain);
1999 if (r < 0)
2000 return r;
2001 if ((size_t) r != rr->nsec3.next_hashed_name_size)
2002 break;
2003
2004 /* Format the NSEC3's next hashed name as proper domain name */
2005 r = nsec3_hashed_domain_format(
2006 rr->nsec3.next_hashed_name,
2007 rr->nsec3.next_hashed_name_size,
2008 zone,
2009 &next_hashed_domain);
2010 if (r < 0)
2011 return r;
2012
2013 r = dns_name_between(dns_resource_key_name(rr->key), hashed_domain, next_hashed_domain);
2014 if (r < 0)
2015 return r;
2016
2017 found = r > 0;
2018 break;
2019 }
2020
2021 default:
2022 continue;
2023 }
2024
2025 if (found) {
2026 if (authenticated)
2027 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
2028 return 1;
2029 }
2030 }
2031
2032 return 0;
2033 }
2034
2035 static int dnssec_test_positive_wildcard_nsec3(
2036 DnsAnswer *answer,
2037 const char *name,
2038 const char *source,
2039 const char *zone,
2040 bool *authenticated) {
2041
2042 const char *next_closer = NULL;
2043 int r;
2044
2045 /* Run a positive NSEC3 wildcard proof. Specifically:
2046 *
2047 * A proof that the "next closer" of the generating wildcard does not exist.
2048 *
2049 * Note a key difference between the NSEC3 and NSEC versions of the proof. NSEC RRs don't have to exist for
2050 * empty non-transients. NSEC3 RRs however have to. This means it's sufficient to check if the next closer name
2051 * exists for the NSEC3 RR and we are done.
2052 *
2053 * To prove that a.b.c.d.e.f is rightfully synthesized from a wildcard *.d.e.f all we have to check is that
2054 * c.d.e.f does not exist. */
2055
2056 for (;;) {
2057 next_closer = name;
2058 r = dns_name_parent(&name);
2059 if (r <= 0)
2060 return r;
2061
2062 r = dns_name_equal(name, source);
2063 if (r < 0)
2064 return r;
2065 if (r > 0)
2066 break;
2067 }
2068
2069 return dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC3, next_closer, zone, authenticated);
2070 }
2071
2072 static int dnssec_test_positive_wildcard_nsec(
2073 DnsAnswer *answer,
2074 const char *name,
2075 const char *source,
2076 const char *zone,
2077 bool *_authenticated) {
2078
2079 bool authenticated = true;
2080 int r;
2081
2082 /* Run a positive NSEC wildcard proof. Specifically:
2083 *
2084 * A proof that there's neither a wildcard name nor a non-wildcard name that is a suffix of the name "name" and
2085 * a prefix of the synthesizing source "source" in the zone "zone".
2086 *
2087 * See RFC 5155, Section 8.8 and RFC 4035, Section 5.3.4
2088 *
2089 * Note that if we want to prove that a.b.c.d.e.f is rightfully synthesized from a wildcard *.d.e.f, then we
2090 * have to prove that none of the following exist:
2091 *
2092 * 1) a.b.c.d.e.f
2093 * 2) *.b.c.d.e.f
2094 * 3) b.c.d.e.f
2095 * 4) *.c.d.e.f
2096 * 5) c.d.e.f
2097 */
2098
2099 for (;;) {
2100 _cleanup_free_ char *wc = NULL;
2101 bool a = false;
2102
2103 /* Check if there's an NSEC or NSEC3 RR that proves that the mame we determined is really non-existing,
2104 * i.e between the owner name and the next name of an NSEC RR. */
2105 r = dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC, name, zone, &a);
2106 if (r <= 0)
2107 return r;
2108
2109 authenticated = authenticated && a;
2110
2111 /* Strip one label off */
2112 r = dns_name_parent(&name);
2113 if (r <= 0)
2114 return r;
2115
2116 /* Did we reach the source of synthesis? */
2117 r = dns_name_equal(name, source);
2118 if (r < 0)
2119 return r;
2120 if (r > 0) {
2121 /* Successful exit */
2122 *_authenticated = authenticated;
2123 return 1;
2124 }
2125
2126 /* Safety check, that the source of synthesis is still our suffix */
2127 r = dns_name_endswith(name, source);
2128 if (r < 0)
2129 return r;
2130 if (r == 0)
2131 return -EBADMSG;
2132
2133 /* Replace the label we stripped off with an asterisk */
2134 wc = strjoin("*.", name);
2135 if (!wc)
2136 return -ENOMEM;
2137
2138 /* And check if the proof holds for the asterisk name, too */
2139 r = dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC, wc, zone, &a);
2140 if (r <= 0)
2141 return r;
2142
2143 authenticated = authenticated && a;
2144 /* In the next iteration we'll check the non-asterisk-prefixed version */
2145 }
2146 }
2147
2148 int dnssec_test_positive_wildcard(
2149 DnsAnswer *answer,
2150 const char *name,
2151 const char *source,
2152 const char *zone,
2153 bool *authenticated) {
2154
2155 int r;
2156
2157 assert(name);
2158 assert(source);
2159 assert(zone);
2160 assert(authenticated);
2161
2162 r = dns_answer_contains_zone_nsec3(answer, zone);
2163 if (r < 0)
2164 return r;
2165 if (r > 0)
2166 return dnssec_test_positive_wildcard_nsec3(answer, name, source, zone, authenticated);
2167 else
2168 return dnssec_test_positive_wildcard_nsec(answer, name, source, zone, authenticated);
2169 }
2170
2171 #else
2172
2173 int dnssec_verify_rrset(
2174 DnsAnswer *a,
2175 const DnsResourceKey *key,
2176 DnsResourceRecord *rrsig,
2177 DnsResourceRecord *dnskey,
2178 usec_t realtime,
2179 DnssecResult *result) {
2180
2181 return -EOPNOTSUPP;
2182 }
2183
2184 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
2185
2186 return -EOPNOTSUPP;
2187 }
2188
2189 int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
2190
2191 return -EOPNOTSUPP;
2192 }
2193
2194 int dnssec_verify_rrset_search(
2195 DnsAnswer *a,
2196 const DnsResourceKey *key,
2197 DnsAnswer *validated_dnskeys,
2198 usec_t realtime,
2199 DnssecResult *result,
2200 DnsResourceRecord **ret_rrsig) {
2201
2202 return -EOPNOTSUPP;
2203 }
2204
2205 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
2206
2207 return -EOPNOTSUPP;
2208 }
2209
2210 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
2211
2212 return -EOPNOTSUPP;
2213 }
2214
2215 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
2216
2217 return -EOPNOTSUPP;
2218 }
2219
2220 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
2221
2222 return -EOPNOTSUPP;
2223 }
2224
2225 int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
2226
2227 return -EOPNOTSUPP;
2228 }
2229
2230 int dnssec_test_positive_wildcard(
2231 DnsAnswer *answer,
2232 const char *name,
2233 const char *source,
2234 const char *zone,
2235 bool *authenticated) {
2236
2237 return -EOPNOTSUPP;
2238 }
2239
2240 #endif
2241
2242 static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
2243 [DNSSEC_VALIDATED] = "validated",
2244 [DNSSEC_VALIDATED_WILDCARD] = "validated-wildcard",
2245 [DNSSEC_INVALID] = "invalid",
2246 [DNSSEC_SIGNATURE_EXPIRED] = "signature-expired",
2247 [DNSSEC_UNSUPPORTED_ALGORITHM] = "unsupported-algorithm",
2248 [DNSSEC_NO_SIGNATURE] = "no-signature",
2249 [DNSSEC_MISSING_KEY] = "missing-key",
2250 [DNSSEC_UNSIGNED] = "unsigned",
2251 [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
2252 [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
2253 [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server",
2254 };
2255 DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
2256
2257 static const char* const dnssec_verdict_table[_DNSSEC_VERDICT_MAX] = {
2258 [DNSSEC_SECURE] = "secure",
2259 [DNSSEC_INSECURE] = "insecure",
2260 [DNSSEC_BOGUS] = "bogus",
2261 [DNSSEC_INDETERMINATE] = "indeterminate",
2262 };
2263 DEFINE_STRING_TABLE_LOOKUP(dnssec_verdict, DnssecVerdict);
Unnamed repository; edit this file 'description' to name the repository.