]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Handle replies with no answers and no NS in validate_reply.
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
0fc2f313 2 and Copyright (c) 2012-2014 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3
SK		 28#include <nettle/nettle-meta.h>
29#include <gmp.h>
c3e0b9b6 30
e292e93d
GB		 31#define SERIAL_UNDEF -100
32#define SERIAL_EQ 0
33#define SERIAL_LT -1
34#define SERIAL_GT 1
35
86bec2d3
SK		 36/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
37static char *ds_digest_name(int digest)
38{
39 switch (digest)
40 {
41 case 1: return "sha1";
42 case 2: return "sha256";
43 case 3: return "gosthash94";
44 case 4: return "sha384";
45 default: return NULL;
46 }
47}
48
49/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
50static char *algo_digest_name(int algo)
51{
52 switch (algo)
53 {
54 case 1: return "md5";
55 case 3: return "sha1";
56 case 5: return "sha1";
57 case 6: return "sha1";
58 case 7: return "sha1";
59 case 8: return "sha256";
60 case 10: return "sha512";
61 case 12: return "gosthash94";
62 case 13: return "sha256";
63 case 14: return "sha384";
64 default: return NULL;
65 }
66}
67
68/* Find pointer to correct hash function in nettle library */
69static const struct nettle_hash *hash_find(char *name)
70{
71 int i;
72
73 if (!name)
74 return NULL;
75
76 for (i = 0; nettle_hashes[i]; i++)
77 {
78 if (strcmp(nettle_hashes[i]->name, name) == 0)
79 return nettle_hashes[i];
80 }
81
82 return NULL;
83}
84
85/* expand ctx and digest memory allocations if necessary and init hash function */
86static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
87{
88 static void *ctx = NULL;
89 static unsigned char *digest = NULL;
90 static unsigned int ctx_sz = 0;
91 static unsigned int digest_sz = 0;
92
93 void *new;
94
95 if (ctx_sz < hash->context_size)
96 {
97 if (!(new = whine_malloc(hash->context_size)))
98 return 0;
99 if (ctx)
100 free(ctx);
101 ctx = new;
102 ctx_sz = hash->context_size;
103 }
104
105 if (digest_sz < hash->digest_size)
106 {
107 if (!(new = whine_malloc(hash->digest_size)))
108 return 0;
109 if (digest)
110 free(digest);
111 digest = new;
112 digest_sz = hash->digest_size;
113 }
114
115 *ctxp = ctx;
116 *digestp = digest;
117
118 hash->init(ctx);
119
120 return 1;
121}
122
123static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
124 unsigned char *digest, int algo)
125{
126 unsigned char *p;
127 size_t exp_len;
128
129 static struct rsa_public_key *key = NULL;
130 static mpz_t sig_mpz;
131
132 if (key == NULL)
133 {
134 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
135 return 0;
136
137 nettle_rsa_public_key_init(key);
138 mpz_init(sig_mpz);
139 }
140
141 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
142 return 0;
143
144 key_len--;
145 if ((exp_len = *p++) == 0)
146 {
147 GETSHORT(exp_len, p);
148 key_len -= 2;
149 }
150
151 if (exp_len >= key_len)
152 return 0;
153
154 key->size = key_len - exp_len;
155 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
156 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
157
158 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
159
160 switch (algo)
161 {
162 case 1:
163 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
164 case 5: case 7:
165 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
166 case 8:
167 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
168 case 10:
169 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
170 }
171
172 return 0;
173}
174
175static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
176 unsigned char *digest, int algo)
177{
178 unsigned char *p;
179 unsigned int t;
180
181 static struct dsa_public_key *key = NULL;
182 static struct dsa_signature *sig_struct;
183
184 if (key == NULL)
185 {
186 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
187 !(key = whine_malloc(sizeof(struct dsa_public_key))))
188 return 0;
189
190 nettle_dsa_public_key_init(key);
191 nettle_dsa_signature_init(sig_struct);
192 }
193
194 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
195 return 0;
196
197 t = *p++;
198
199 if (key_len < (213 + (t * 24)))
200 return 0;
ebe95a83 201
86bec2d3
SK		 202 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
203 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
204 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
205 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
206
207 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
208 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
209
210 (void)algo;
ebe95a83 211
86bec2d3
SK		 212 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
213}
214
c152dc84
SK		 215#ifndef NO_NETTLE_ECC
216static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
217 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 218 unsigned char *digest, size_t digest_len, int algo)
219{
220 unsigned char *p;
221 unsigned int t;
222 struct ecc_point *key;
223
224 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
225 static mpz_t x, y;
226 static struct dsa_signature *sig_struct;
227
228 if (!sig_struct)
229 {
230 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
231 return 0;
232
233 nettle_dsa_signature_init(sig_struct);
234 mpz_init(x);
235 mpz_init(y);
236 }
237
238 switch (algo)
239 {
240 case 13:
241 if (!key_256)
242 {
243 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
244 return 0;
245
246 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
247 }
248
249 key = key_256;
250 t = 32;
251 break;
252
253 case 14:
254 if (!key_384)
255 {
256 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
257 return 0;
258
259 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
260 }
261
262 key = key_384;
263 t = 48;
264 break;
265
266 default:
267 return 0;
268 }
269
270 if (sig_len != 2*t || key_len != 2*t ||
271 (p = blockdata_retrieve(key_data, key_len, NULL)))
272 return 0;
273
274 mpz_import(x, t , 1, 1, 0, 0, p);
275 mpz_import(y, t , 1, 1, 0, 0, p + t);
276
277 if (!ecc_point_set(key, x, y))
278 return 0;
279
280 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
281 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
282
283 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
284}
c152dc84
SK		 285#endif
286
86bec2d3 287static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 288 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 289{
7b1eae4f
SK		 290 (void)digest_len;
291
86bec2d3
SK		 292 switch (algo)
293 {
294 case 1: case 5: case 7: case 8: case 10:
295 return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
296
297 case 3: case 6:
298 return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 299
300#ifndef NO_NETTLE_ECC
ebe95a83
SK		 301 case 13: case 14:
302 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 303#endif
304 }
86bec2d3
SK		 305
306 return 0;
307}
308
0fc2f313
SK		 309/* Convert from presentation format to wire format, in place.
310 Also map UC -> LC.
311 Note that using extract_name to get presentation format
312 then calling to_wire() removes compression and maps case,
313 thus generating names in canonical form.
314 Calling to_wire followed by from_wire is almost an identity,
315 except that the UC remains mapped to LC.
316*/
317static int to_wire(char *name)
7f0485cf 318{
0fc2f313
SK		 319 unsigned char *l, *p, term;
320 int len;
321
322 for (l = (unsigned char*)name; *l != 0; l = p)
323 {
324 for (p = l; *p != '.' && *p != 0; p++)
325 if (*p >= 'A' && *p <= 'Z')
326 *p = *p - 'A' + 'a';
327
328 term = *p;
329
330 if ((len = p - l) != 0)
331 memmove(l+1, l, len);
332 *l = len;
333
334 p++;
335
336 if (term == 0)
337 *p = 0;
338 }
339
340 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 341}
342
0fc2f313
SK		 343/* Note: no compression allowed in input. */
344static void from_wire(char *name)
13e435eb 345{
0fc2f313
SK		 346 unsigned char *l;
347 int len;
13e435eb 348
0fc2f313 349 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 350 {
0fc2f313
SK		 351 len = *l;
352 memmove(l, l+1, len);
353 l[len] = '.';
13e435eb 354 }
7f0485cf 355
e3f14558 356 if ((char *)l != name)
bd9b3cf5 357 *(l-1) = 0;
13e435eb
GB		 358}
359
5ada8885
SK		 360/* Input in presentation format */
361static int count_labels(char *name)
362{
363 int i;
364
365 if (*name == 0)
366 return 0;
367
368 for (i = 0; *name; name++)
369 if (*name == '.')
370 i++;
371
372 return i+1;
373}
374
5f8e58f4
SK		 375/* Implement RFC1982 wrapped compare for 32-bit numbers */
376static int serial_compare_32(unsigned long s1, unsigned long s2)
377{
378 if (s1 == s2)
379 return SERIAL_EQ;
0ca895f5 380
5f8e58f4
SK		 381 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
382 (s1 > s2 && (s1 - s2) > (1UL<<31)))
383 return SERIAL_LT;
384 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
385 (s1 > s2 && (s1 - s2) < (1UL<<31)))
386 return SERIAL_GT;
387 return SERIAL_UNDEF;
388}
0852d76b 389
5f8e58f4
SK		 390/* Check whether today/now is between date_start and date_end */
391static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 392{
5f8e58f4
SK		 393 unsigned long curtime = time(0);
394
395 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
396 return serial_compare_32(curtime, date_start) == SERIAL_GT
397 && serial_compare_32(curtime, date_end) == SERIAL_LT;
398}
f119ed38 399
5f8e58f4
SK		 400static u16 *get_desc(int type)
401{
402 /* List of RRtypes which include domains in the data.
403 0 -> domain
404 integer -> no of plain bytes
405 -1 -> end
406
407 zero is not a valid RRtype, so the final entry is returned for
408 anything which needs no mangling.
409 */
410
411 static u16 rr_desc[] =
412 {
413 T_NS, 0, -1,
414 T_MD, 0, -1,
415 T_MF, 0, -1,
416 T_CNAME, 0, -1,
417 T_SOA, 0, 0, -1,
418 T_MB, 0, -1,
419 T_MG, 0, -1,
420 T_MR, 0, -1,
421 T_PTR, 0, -1,
422 T_MINFO, 0, 0, -1,
423 T_MX, 2, 0, -1,
424 T_RP, 0, 0, -1,
425 T_AFSDB, 2, 0, -1,
426 T_RT, 2, 0, -1,
427 T_SIG, 18, 0, -1,
428 T_PX, 2, 0, 0, -1,
429 T_NXT, 0, -1,
430 T_KX, 2, 0, -1,
431 T_SRV, 6, 0, -1,
432 T_DNAME, 0, -1,
5f8e58f4
SK		 433 0, -1 /* wildcard/catchall */
434 };
435
436 u16 *p = rr_desc;
437
438 while (*p != type && *p != 0)
439 while (*p++ != (u16)-1);
f119ed38 440
5f8e58f4
SK		 441 return p+1;
442}
0852d76b 443
5f8e58f4
SK		 444/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
445 data, pointed to by *p, should be used raw. */
446static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff,
447 unsigned char **p, u16 **desc)
448{
449 int d = **desc;
450
451 (*desc)++;
452
453 /* No more data needs mangling */
454 if (d == (u16)-1)
455 return 0;
456
457 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
458 /* domain-name, canonicalise */
459 return to_wire(buff);
460 else
461 {
462 /* plain data preceding a domain-name, don't run off the end of the data */
463 if ((end - *p) < d)
464 d = end - *p;
465
466 if (d != 0)
467 {
468 memcpy(buff, *p, d);
469 *p += d;
470 }
471
472 return d;
473 }
0852d76b
GB		 474}
475
613ad15d
SK		 476static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
477{
478 unsigned char **p;
479 int new_sz = *sz;
480
481 if (new_sz > new)
482 return 1;
483
484 if (new >= 100)
485 return 0;
486
487 new_sz += 5;
488
489 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
490 return 0;
491
492 if (*wkspc)
493 {
494 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
495 free(*wkspc);
496 }
497
498 *wkspc = p;
499 *sz = new_sz;
00a5b5d4
SK		 500
501 return 1;
613ad15d
SK		 502}
503
5f8e58f4
SK		 504/* Bubble sort the RRset into the canonical order.
505 Note that the byte-streams from two RRs may get unsynced: consider
506 RRs which have two domain-names at the start and then other data.
507 The domain-names may have different lengths in each RR, but sort equal
508
509 ------------
510 |abcde|fghi|
511 ------------
512 |abcd|efghi|
513 ------------
514
515 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
516*/
517
518static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
519 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 520{
5f8e58f4 521 int swap, quit, i;
0fc2f313 522
5f8e58f4
SK		 523 do
524 {
525 for (swap = 0, i = 0; i < rrsetidx-1; i++)
526 {
527 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
528 u16 *dp1, *dp2;
529 unsigned char *end1, *end2;
5107ace1
SK		 530 /* Note that these have been determined to be OK previously,
531 so we don't need to check for NULL return here. */
5f8e58f4
SK		 532 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
533 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
534
535 p1 += 8; /* skip class, type, ttl */
536 GETSHORT(rdlen1, p1);
537 end1 = p1 + rdlen1;
538
539 p2 += 8; /* skip class, type, ttl */
540 GETSHORT(rdlen2, p2);
541 end2 = p2 + rdlen2;
542
543 dp1 = dp2 = rr_desc;
544
1486a9c7 545 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 546 {
1486a9c7
SK		 547 if (left1 != 0)
548 memmove(buff1, buff1 + len1 - left1, left1);
549
5f8e58f4
SK		 550 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
551 {
552 quit = 1;
553 len1 = end1 - p1;
554 memcpy(buff1 + left1, p1, len1);
555 }
556 len1 += left1;
557
1486a9c7
SK		 558 if (left2 != 0)
559 memmove(buff2, buff2 + len2 - left2, left2);
560
5f8e58f4
SK		 561 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
562 {
563 quit = 1;
564 len2 = end2 - p2;
565 memcpy(buff2 + left2, p2, len2);
566 }
567 len2 += left2;
568
569 if (len1 > len2)
1486a9c7 570 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 571 else
1486a9c7 572 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 573
6fd6dacb 574 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 575
4619d946 576 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 577 {
578 unsigned char *tmp = rrset[i+1];
579 rrset[i+1] = rrset[i];
580 rrset[i] = tmp;
581 swap = quit = 1;
582 }
6fd6dacb
SK		 583 else if (rc < 0)
584 quit = 1;
5f8e58f4
SK		 585 }
586 }
587 } while (swap);
588}
c3e0b9b6 589
5f8e58f4
SK		 590/* Validate a single RRset (class, type, name) in the supplied DNS reply
591 Return code:
592 STAT_SECURE if it validates.
5107ace1 593 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
00a5b5d4 594 STAT_NO_SIG no RRsigs found.
5f8e58f4
SK		 595 STAT_INSECURE can't validate (no RRSIG, bad packet).
596 STAT_BOGUS signature is wrong.
597 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
598
599 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
600 otherwise find the key in the cache.
5107ace1
SK		 601
602 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4
SK		 603*/
604static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class,
e7829aef 605 int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 606{
607 static unsigned char **rrset = NULL, **sigs = NULL;
608 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 609
5f8e58f4 610 unsigned char *p;
5ada8885 611 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 612 struct crec *crecp = NULL;
613 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
614 u16 *rr_desc = get_desc(type);
c3e0b9b6 615
5f8e58f4
SK		 616 if (!(p = skip_questions(header, plen)))
617 return STAT_INSECURE;
c3e0b9b6 618
5ada8885
SK		 619 name_labels = count_labels(name); /* For 4035 5.3.2 check */
620
621 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 622 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
623 j != 0; j--)
624 {
625 unsigned char *pstart, *pdata;
b98d22c1 626 int stype, sclass;
c3e0b9b6 627
5f8e58f4
SK		 628 pstart = p;
629
630 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
631 return STAT_INSECURE; /* bad packet */
632
633 GETSHORT(stype, p);
634 GETSHORT(sclass, p);
b98d22c1 635 p += 4; /* TTL */
5f8e58f4
SK		 636
637 pdata = p;
c3e0b9b6 638
5f8e58f4
SK		 639 GETSHORT(rdlen, p);
640
e7829aef
SK		 641 if (!CHECK_LEN(header, p, plen, rdlen))
642 return STAT_INSECURE;
643
5f8e58f4
SK		 644 if (res == 1 && sclass == class)
645 {
646 if (stype == type)
647 {
613ad15d
SK		 648 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
649 return STAT_INSECURE;
650
5f8e58f4
SK		 651 rrset[rrsetidx++] = pstart;
652 }
653
654 if (stype == T_RRSIG)
655 {
613ad15d
SK		 656 if (rdlen < 18)
657 return STAT_INSECURE; /* bad packet */
658
659 GETSHORT(type_covered, p);
660
661 if (type_covered == type)
662 {
663 if (!expand_workspace(&sigs, &sig_sz, sigidx))
664 return STAT_INSECURE;
665
666 sigs[sigidx++] = pdata;
667 }
668
669 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 670 }
671 }
613ad15d 672
5f8e58f4
SK		 673 if (!ADD_RDLEN(header, p, plen, rdlen))
674 return STAT_INSECURE;
675 }
c3e0b9b6 676
00a5b5d4
SK		 677 /* RRset empty */
678 if (rrsetidx == 0)
5f8e58f4 679 return STAT_INSECURE;
00a5b5d4
SK		 680
681 /* no RRSIGs */
682 if (sigidx == 0)
683 return STAT_NO_SIG;
5f8e58f4
SK		 684
685 /* Sort RRset records into canonical order.
d387380a 686 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 687 unused, and used as workspace by the sort. */
d387380a 688 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 689
690 /* Now try all the sigs to try and find one which validates */
691 for (j = 0; j <sigidx; j++)
692 {
d387380a 693 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 694 int i, wire_len, sig_len;
695 const struct nettle_hash *hash;
696 void *ctx;
d387380a 697 char *name_start;
5f8e58f4
SK		 698 u32 nsigttl;
699
700 p = sigs[j];
5ada8885 701 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 702 psav = p;
703
5ada8885 704 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 705 algo = *p++;
706 labels = *p++;
707 GETLONG(orig_ttl, p);
e7829aef
SK		 708 GETLONG(sig_expiration, p);
709 GETLONG(sig_inception, p);
5f8e58f4
SK		 710 GETSHORT(key_tag, p);
711
5f8e58f4
SK		 712 if (!extract_name(header, plen, &p, keyname, 1, 0))
713 return STAT_INSECURE;
d387380a
SK		 714
715 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
716 the name of the zone containing the RRset. We can't tell that
717 for certain, but we can check that the RRset name is equal to
718 or encloses the signers name, which should be enough to stop
719 an attacker using signatures made with the key of an unrelated
720 zone he controls. Note that the root key is always allowed. */
721 if (*keyname != 0)
722 {
723 int failed = 0;
724
725 for (name_start = name; !hostname_isequal(name_start, keyname); )
726 if ((name_start = strchr(name_start, '.')))
727 name_start++; /* chop a label off and try again */
728 else
729 {
730 failed = 1;
731 break;
732 }
733
734 /* Bad sig, try another */
735 if (failed)
736 continue;
737 }
5f8e58f4 738
d387380a 739 /* Other 5.3.1 checks */
e7829aef
SK		 740 if (!check_date_range(sig_inception, sig_expiration) ||
741 labels > name_labels ||
742 !(hash = hash_find(algo_digest_name(algo))) ||
743 !hash_init(hash, &ctx, &digest))
744 continue;
745
5f8e58f4
SK		 746 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
747 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
748 return STAT_NEED_KEY;
749
86bec2d3
SK		 750 sig = p;
751 sig_len = rdlen - (p - psav);
e7829aef 752
5f8e58f4
SK		 753 nsigttl = htonl(orig_ttl);
754
86bec2d3 755 hash->update(ctx, 18, psav);
5f8e58f4 756 wire_len = to_wire(keyname);
86bec2d3 757 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 758 from_wire(keyname);
759
5f8e58f4
SK		 760 for (i = 0; i < rrsetidx; ++i)
761 {
762 int seg;
763 unsigned char *end, *cp;
764 u16 len, *dp;
d387380a 765
5f8e58f4
SK		 766 p = rrset[i];
767 if (!extract_name(header, plen, &p, name, 1, 10))
768 return STAT_INSECURE;
5ada8885 769
d387380a
SK		 770 name_start = name;
771
5ada8885
SK		 772 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
773 if (labels < name_labels)
774 {
775 int k;
776 for (k = name_labels - labels; k != 0; k--)
777 while (*name_start != '.' && *name_start != 0)
778 name_start++;
779 name_start--;
780 *name_start = '*';
781 }
782
783 wire_len = to_wire(name_start);
86bec2d3
SK		 784 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
785 hash->update(ctx, 4, p); /* class and type */
786 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 787
788 p += 8; /* skip class, type, ttl */
789 GETSHORT(rdlen, p);
5ada8885
SK		 790 if (!CHECK_LEN(header, p, plen, rdlen))
791 return STAT_INSECURE;
792
5f8e58f4
SK		 793 end = p + rdlen;
794
795 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
796 cp = p;
797 dp = rr_desc;
798 for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
799 len += end - cp;
800 len = htons(len);
86bec2d3 801 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 802
803 /* Now canonicalise again and digest. */
804 cp = p;
805 dp = rr_desc;
806 while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
86bec2d3 807 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 808 if (cp != end)
86bec2d3 809 hash->update(ctx, end - cp, cp);
5f8e58f4 810 }
86bec2d3
SK		 811
812 hash->digest(ctx, hash->digest_size, digest);
813
5ada8885
SK		 814 /* namebuff used for workspace above, restore to leave unchanged on exit */
815 p = (unsigned char*)(rrset[0]);
816 extract_name(header, plen, &p, name, 1, 0);
817
5f8e58f4
SK		 818 if (key)
819 {
820 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 821 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 822 return STAT_SECURE;
823 }
824 else
825 {
826 /* iterate through all possible keys 4035 5.3.1 */
827 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 828 if (crecp->addr.key.algo == algo &&
829 crecp->addr.key.keytag == key_tag &&
824202ef 830 crecp->uid == class &&
ebe95a83 831 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 832 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 833 }
834 }
835
836 return STAT_BOGUS;
837}
838
0fc2f313 839/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 840 Put all DNSKEYs in the answer which are valid into the cache.
841 return codes:
842 STAT_INSECURE bad packet, no DNSKEYs in reply.
843 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313
SK		 844 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
845 or self-sign for DNSKEY RRset is not valid.
846 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 847*/
848int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
849{
0fc2f313 850 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 851 struct crec *crecp, *recp1;
8d718cbb 852 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 853 struct blockdata *key;
51ea3ca2 854 struct all_addr a;
c3e0b9b6 855
5f8e58f4
SK		 856 if (ntohs(header->qdcount) != 1 ||
857 !extract_name(header, plen, &p, name, 1, 4))
8d718cbb 858 return STAT_INSECURE;
5f8e58f4 859
c3e0b9b6
SK		 860 GETSHORT(qtype, p);
861 GETSHORT(qclass, p);
862
0fc2f313 863 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 864 return STAT_BOGUS;
c3e0b9b6 865
b8eac191 866 /* See if we have cached a DS record which validates this key */
0fc2f313
SK		 867 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
868 {
869 strcpy(keyname, name);
870 return STAT_NEED_DS;
871 }
b8eac191
SK		 872
873 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
874 if (crecp->flags & F_NEG)
875 return STAT_INSECURE;
876
0fc2f313 877 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 878 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 879 {
880 /* Ensure we have type, class TTL and length */
0fc2f313 881 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
c3e0b9b6
SK		 882 return STAT_INSECURE; /* bad packet */
883
884 GETSHORT(qtype, p);
885 GETSHORT(qclass, p);
886 GETLONG(ttl, p);
887 GETSHORT(rdlen, p);
6f468103 888
0fc2f313
SK		 889 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
890 return STAT_INSECURE; /* bad packet */
891
6f468103
SK		 892 if (qclass != class || qtype != T_DNSKEY || rc == 2)
893 {
894 p += rdlen;
895 continue;
896 }
897
0fc2f313 898 psave = p;
c3e0b9b6 899
c3e0b9b6 900 GETSHORT(flags, p);
0fc2f313 901 if (*p++ != 3)
f01d7be6 902 return STAT_BOGUS;
c3e0b9b6 903 algo = *p++;
0fc2f313 904 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 905 key = NULL;
c3e0b9b6 906
e7829aef
SK		 907 /* key must have zone key flag set */
908 if (flags & 0x100)
909 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 910
0fc2f313 911 p = psave;
e7829aef 912
0fc2f313 913 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 914 {
915 if (key)
916 blockdata_free(key);
917 return STAT_INSECURE; /* bad packet */
918 }
919
e7829aef
SK		 920 /* No zone key flag or malloc failure */
921 if (!key)
0fc2f313
SK		 922 continue;
923
924 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 925 {
926 void *ctx;
927 unsigned char *digest, *ds_digest;
928 const struct nettle_hash *hash;
929
51ea3ca2
SK		 930 if (recp1->addr.ds.algo == algo &&
931 recp1->addr.ds.keytag == keytag &&
824202ef 932 recp1->uid == class &&
51ea3ca2 933 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 934 hash_init(hash, &ctx, &digest))
0fc2f313 935
86bec2d3
SK		 936 {
937 int wire_len = to_wire(name);
938
939 /* Note that digest may be different between DSs, so
940 we can't move this outside the loop. */
941 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
942 hash->update(ctx, (unsigned int)rdlen, psave);
943 hash->digest(ctx, hash->digest_size, digest);
944
945 from_wire(name);
946
824202ef
SK		 947 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
948 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
949 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
f6a2b793 950 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 951 {
86bec2d3 952 valid = 1;
86bec2d3
SK		 953 break;
954 }
955 }
956 }
e7829aef 957 blockdata_free(key);
c3e0b9b6 958 }
c3e0b9b6 959
0fc2f313
SK		 960 if (valid)
961 {
8d718cbb 962 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 963 cache_start_insert();
964
965 p = skip_questions(header, plen);
966
967 for (j = ntohs(header->ancount); j != 0; j--)
968 {
969 /* Ensure we have type, class TTL and length */
970 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
971 return STAT_INSECURE; /* bad packet */
972
973 GETSHORT(qtype, p);
974 GETSHORT(qclass, p);
975 GETLONG(ttl, p);
976 GETSHORT(rdlen, p);
8d718cbb
SK		 977
978 if (!CHECK_LEN(header, p, plen, rdlen))
e7829aef 979 return STAT_INSECURE; /* bad packet */
e7829aef 980
8d718cbb 981 if (qclass == class && rc == 1)
e7829aef 982 {
8d718cbb 983 psave = p;
e7829aef 984
8d718cbb
SK		 985 if (qtype == T_DNSKEY)
986 {
987 if (rdlen < 4)
988 return STAT_INSECURE; /* bad packet */
989
990 GETSHORT(flags, p);
991 if (*p++ != 3)
f01d7be6 992 return STAT_BOGUS;
8d718cbb
SK		 993 algo = *p++;
994 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
995
996 /* Cache needs to known class for DNSSEC stuff */
997 a.addr.dnssec.class = class;
998
999 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1000 {
1001 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1002 blockdata_free(key);
1003 else
1004 {
1005 a.addr.keytag = keytag;
1006 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1007
1008 recp1->addr.key.keylen = rdlen - 4;
1009 recp1->addr.key.keydata = key;
1010 recp1->addr.key.algo = algo;
1011 recp1->addr.key.keytag = keytag;
1012 recp1->addr.key.flags = flags;
8d718cbb
SK		 1013 }
1014 }
1015 }
1016 else if (qtype == T_RRSIG)
1017 {
1018 /* RRSIG, cache if covers DNSKEY RRset */
1019 if (rdlen < 18)
1020 return STAT_INSECURE; /* bad packet */
1021
1022 GETSHORT(type_covered, p);
1023
1024 if (type_covered == T_DNSKEY)
1025 {
1026 a.addr.dnssec.class = class;
1027 a.addr.dnssec.type = type_covered;
1028
1029 algo = *p++;
1030 p += 13; /* labels, orig_ttl, expiration, inception */
1031 GETSHORT(keytag, p);
1032 if ((key = blockdata_alloc((char*)psave, rdlen)))
1033 {
1034 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1035 blockdata_free(key);
1036 else
1037 {
8d718cbb
SK		 1038 crecp->addr.sig.keydata = key;
1039 crecp->addr.sig.keylen = rdlen;
1040 crecp->addr.sig.keytag = keytag;
1041 crecp->addr.sig.type_covered = type_covered;
1042 crecp->addr.sig.algo = algo;
1043 }
1044 }
1045 }
1046 }
e7829aef 1047
8d718cbb 1048 p = psave;
e7829aef 1049 }
8d718cbb 1050
e7829aef
SK		 1051 if (!ADD_RDLEN(header, p, plen, rdlen))
1052 return STAT_INSECURE; /* bad packet */
1053 }
1054
0fc2f313
SK		 1055 /* commit cache insert. */
1056 cache_end_insert();
1057 return STAT_SECURE;
1058 }
1059
1060 log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1061 return STAT_BOGUS;
c3e0b9b6 1062}
0fc2f313 1063
c3e0b9b6
SK		 1064/* The DNS packet is expected to contain the answer to a DS query
1065 Put all DSs in the answer which are valid into the cache.
1066 return codes:
b8eac191 1067 STAT_INSECURE bad packet, no DS in reply, proven no DS in reply.
c3e0b9b6 1068 STAT_SECURE At least one valid DS found and in cache.
00a5b5d4 1069 STAT_NO_DS It's proved there's no DS here.
c3e0b9b6
SK		 1070 STAT_BOGUS At least one DS found, which fails validation.
1071 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1072*/
1073
1074int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1075{
51ea3ca2 1076 unsigned char *p = (unsigned char *)(header+1);
00a5b5d4 1077 int qtype, qclass, val, i, neganswer;
c3e0b9b6 1078
5f8e58f4 1079 if (ntohs(header->qdcount) != 1 ||
b8eac191 1080 !(p = skip_name(p, header, plen, 4)))
8d718cbb
SK		 1081 return STAT_INSECURE;
1082
c3e0b9b6
SK		 1083 GETSHORT(qtype, p);
1084 GETSHORT(qclass, p);
1085
b47b04c8
SK		 1086 if (qtype != T_DS || qclass != class)
1087 val = STAT_BOGUS;
1088 else
00a5b5d4
SK		 1089 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer);
1090
1091 if (val == STAT_NO_SIG)
1092 val = STAT_INSECURE;
51ea3ca2 1093
b8eac191
SK		 1094 p = (unsigned char *)(header+1);
1095 extract_name(header, plen, &p, name, 1, 4);
1096 p += 4; /* qtype, qclass */
1097
00a5b5d4
SK		 1098 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1099 return STAT_INSECURE;
1100
0fc2f313 1101 if (val == STAT_BOGUS)
b8eac191 1102 log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
b47b04c8 1103
00a5b5d4 1104 if ((val == STAT_SECURE || val == STAT_INSECURE) && neganswer)
b8eac191 1105 {
14db4212 1106 int rdlen, flags = F_FORWARD | F_DS | F_NEG;
b8eac191
SK		 1107 unsigned long ttl, minttl = ULONG_MAX;
1108 struct all_addr a;
00a5b5d4
SK		 1109
1110 if (RCODE(header) == NXDOMAIN)
1111 flags |= F_NXDOMAIN;
1112
1113 if (val == STAT_SECURE)
1114 flags |= F_DNSSECOK;
b8eac191
SK		 1115
1116 for (i = ntohs(header->nscount); i != 0; i--)
1117 {
00a5b5d4 1118 if (!(p = skip_name(p, header, plen, 0)))
b8eac191
SK		 1119 return STAT_INSECURE;
1120
1121 GETSHORT(qtype, p);
1122 GETSHORT(qclass, p);
1123 GETLONG(ttl, p);
1124 GETSHORT(rdlen, p);
1125
00a5b5d4 1126 if (!CHECK_LEN(header, p, plen, rdlen))
b8eac191 1127 return STAT_INSECURE; /* bad packet */
00a5b5d4
SK		 1128
1129 if (qclass != class || qtype != T_SOA)
b8eac191
SK		 1130 {
1131 p += rdlen;
1132 continue;
1133 }
1134
1135 if (ttl < minttl)
1136 minttl = ttl;
1137
1138 /* MNAME */
1139 if (!(p = skip_name(p, header, plen, 0)))
1140 return STAT_INSECURE;
1141 /* RNAME */
1142 if (!(p = skip_name(p, header, plen, 20)))
1143 return STAT_INSECURE;
1144 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1145
1146 GETLONG(ttl, p); /* minTTL */
1147 if (ttl < minttl)
1148 minttl = ttl;
00a5b5d4
SK		 1149
1150 break;
b8eac191
SK		 1151 }
1152
00a5b5d4
SK		 1153 if (i != 0)
1154 {
1155 cache_start_insert();
1156
1157 a.addr.dnssec.class = class;
1158 cache_insert(name, &a, now, ttl, flags);
1159
1160 cache_end_insert();
1161 }
b8eac191 1162
00a5b5d4 1163 return (val == STAT_SECURE) ? STAT_NO_DS : STAT_INSECURE;
b8eac191
SK		 1164 }
1165
51ea3ca2 1166 return val;
c3e0b9b6
SK		 1167}
1168
c5f4ec7d
SK		 1169/* 4034 6.1 */
1170static int hostname_cmp(const char *a, const char *b)
1171{
dbf72123
SK		 1172 char *sa, *ea, *ca, *sb, *eb, *cb;
1173 unsigned char ac, bc;
1174
1175 sa = ea = (char *)a + strlen(a);
1176 sb = eb = (char *)b + strlen(b);
1177
c5f4ec7d
SK		 1178 while (1)
1179 {
dbf72123
SK		 1180 while (sa != a && *(sa-1) != '.')
1181 sa--;
c5f4ec7d 1182
dbf72123
SK		 1183 while (sb != b && *(sb-1) != '.')
1184 sb--;
1185
1186 ca = sa;
1187 cb = sb;
1188
1189 while (1)
1190 {
1191 if (ca == ea)
1192 {
1193 if (cb == eb)
1194 break;
1195
1196 return -1;
1197 }
c5f4ec7d 1198
dbf72123
SK		 1199 if (cb == eb)
1200 return 1;
1201
1202 ac = (unsigned char) *ca++;
1203 bc = (unsigned char) *cb++;
1204
1205 if (ac >= 'A' && ac <= 'Z')
1206 ac += 'a' - 'A';
1207 if (bc >= 'A' && bc <= 'Z')
1208 bc += 'a' - 'A';
1209
979cdf9b 1210 if (ac < bc)
dbf72123
SK		 1211 return -1;
1212 else if (ac != bc)
1213 return 1;
1214 }
c5f4ec7d 1215
dbf72123
SK		 1216
1217 if (sa == a)
c5f4ec7d 1218 {
dbf72123
SK		 1219 if (sb == b)
1220 return 0;
c5f4ec7d 1221
dbf72123 1222 return -1;
c5f4ec7d
SK		 1223 }
1224
dbf72123
SK		 1225 if (sb == b)
1226 return 1;
c5f4ec7d 1227
dbf72123
SK		 1228 ea = sa--;
1229 eb = sb--;
c5f4ec7d
SK		 1230 }
1231}
1232
5107ace1
SK		 1233/* Find all the NSEC or NSEC3 records in a reply.
1234 return an array of pointers to them. */
1235static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1236{
1237 static unsigned char **nsecset = NULL;
1238 static int nsecset_sz = 0;
1239
1240 int type_found = -1;
1241 unsigned char *p = skip_questions(header, plen);
1242 int type, class, rdlen, i, nsecs_found;
1243
1244 /* Move to NS section */
1245 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1246 return 0;
1247
1248 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1249 {
1250 unsigned char *pstart = p;
1251
1252 if (!(p = skip_name(p, header, plen, 10)))
1253 return 0;
1254
1255 GETSHORT(type, p);
1256 GETSHORT(class, p);
1257 p += 4; /* TTL */
1258 GETSHORT(rdlen, p);
1259
1260 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1261 {
1262 /* No mixed NSECing 'round here, thankyouverymuch */
1263 if (type_found == T_NSEC && type == T_NSEC3)
1264 return 0;
1265 if (type_found == T_NSEC3 && type == T_NSEC)
1266 return 0;
1267
1268 type_found = type;
1269
613ad15d
SK		 1270 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1271 return 0;
1272
5107ace1
SK		 1273 nsecset[nsecs_found++] = pstart;
1274 }
613ad15d 1275
5107ace1
SK		 1276 if (!ADD_RDLEN(header, p, plen, rdlen))
1277 return 0;
1278 }
1279
1280 *nsecsetp = nsecset;
1281 *nsecsetl = nsecs_found;
1282
1283 return type_found;
1284}
1285
24187530 1286static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1287 char *workspace1, char *workspace2, char *name, int type)
1288{
1289 int i, rc, rdlen;
1290 unsigned char *p, *psave;
1291 int offset = (type & 0xff) >> 3;
1292 int mask = 0x80 >> (type & 0x07);
1293
1294 /* Find NSEC record that proves name doesn't exist */
1295 for (i = 0; i < nsec_count; i++)
1296 {
1297 p = nsecs[i];
1298 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1299 return STAT_INSECURE;
1300 p += 8; /* class, type, TTL */
1301 GETSHORT(rdlen, p);
1302 psave = p;
1303 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1304 return STAT_INSECURE;
1305
1306 rc = hostname_cmp(workspace1, name);
1307
1308 if (rc == 0)
1309 {
f01d7be6
SK		 1310 /* 4035 para 5.4. Last sentence */
1311 if (type == T_NSEC || type == T_RRSIG)
1312 return STAT_SECURE;
1313
5107ace1
SK		 1314 /* NSEC with the same name as the RR we're testing, check
1315 that the type in question doesn't appear in the type map */
1316 rdlen -= p - psave;
1317 /* rdlen is now length of type map, and p points to it */
1318
1319 while (rdlen >= 2)
1320 {
1321 if (!CHECK_LEN(header, p, plen, rdlen))
1322 return STAT_INSECURE;
1323
1324 if (p[0] == type >> 8)
1325 {
1326 /* Does the NSEC say our type exists? */
a857daa3 1327 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1328 return STAT_BOGUS;
1329
1330 break; /* finshed checking */
1331 }
1332
1333 rdlen -= p[1];
1334 p += p[1];
1335 }
1336
1337 return STAT_SECURE;
1338 }
1339 else if (rc == -1)
1340 {
1341 /* Normal case, name falls between NSEC name and next domain name,
1342 wrap around case, name falls between NSEC name (rc == -1) and end */
1343 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1344 return STAT_SECURE;
1345 }
1346 else
1347 {
1348 /* wrap around case, name falls between start and next domain name */
1349 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1350 return STAT_SECURE;
1351 }
1352 }
1353
1354 return STAT_BOGUS;
1355}
1356
1357/* return digest length, or zero on error */
1358static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1359 unsigned char *salt, int salt_len, int iterations)
1360{
1361 void *ctx;
1362 unsigned char *digest;
1363 int i;
1364
1365 if (!hash_init(hash, &ctx, &digest))
1366 return 0;
1367
1368 hash->update(ctx, to_wire(in), (unsigned char *)in);
1369 hash->update(ctx, salt_len, salt);
1370 hash->digest(ctx, hash->digest_size, digest);
1371
1372 for(i = 0; i < iterations; i++)
1373 {
1374 hash->update(ctx, hash->digest_size, digest);
1375 hash->update(ctx, salt_len, salt);
1376 hash->digest(ctx, hash->digest_size, digest);
1377 }
1378
1379 from_wire(in);
1380
1381 *out = digest;
1382 return hash->digest_size;
1383}
1384
1385/* Decode base32 to first "." or end of string */
1386static int base32_decode(char *in, unsigned char *out)
1387{
a857daa3 1388 int oc, on, c, mask, i;
5107ace1
SK		 1389 unsigned char *p = out;
1390
a857daa3 1391 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
5107ace1 1392 {
5107ace1
SK		 1393 if (c >= '0' && c <= '9')
1394 c -= '0';
1395 else if (c >= 'a' && c <= 'v')
1396 c -= 'a', c += 10;
1397 else if (c >= 'A' && c <= 'V')
1398 c -= 'A', c += 10;
1399 else
1400 return 0;
1401
1402 for (mask = 0x10, i = 0; i < 5; i++)
1403 {
a857daa3
SK		 1404 if (c & mask)
1405 oc |= 1;
1406 mask = mask >> 1;
1407 if (((++on) & 7) == 0)
1408 *p++ = oc;
1409 oc = oc << 1;
5107ace1
SK		 1410 }
1411 }
1412
1413 if ((on & 7) != 0)
1414 return 0;
1415
1416 return p - out;
1417}
1418
24187530 1419static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1420 char *workspace1, char *workspace2, char *name, int type)
1421{
a857daa3
SK		 1422 unsigned char *salt, *p, *digest;
1423 int digest_len, i, iterations, salt_len, hash_len, base32_len, algo = 0;
5107ace1
SK		 1424 struct nettle_hash const *hash;
1425 char *closest_encloser, *next_closest, *wildcard;
1426
1427 /* Look though the NSEC3 records to find the first one with
1428 an algorithm we support (currently only algo == 1).
1429
1430 Take the algo, iterations, and salt of that record
1431 as the ones we're going to use, and prune any
1432 that don't match. */
1433
1434 for (i = 0; i < nsec_count; i++)
1435 {
1436 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1437 return STAT_INSECURE; /* bad packet */
1438
1439 p += 10; /* type, class, TTL, rdlen */
1440 algo = *p++;
1441
1442 if (algo == 1)
1443 break; /* known algo */
1444 }
1445
1446 /* No usable NSEC3s */
1447 if (i == nsec_count)
1448 return STAT_BOGUS;
1449
1450 p++; /* flags */
1451 GETSHORT (iterations, p);
1452 salt_len = *p++;
1453 salt = p;
1454 if (!CHECK_LEN(header, salt, plen, salt_len))
1455 return STAT_INSECURE; /* bad packet */
1456
1457 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1458 for (i = 0; i < nsec_count; i++)
1459 {
1460 unsigned char *nsec3p = nsecs[i];
1461 int this_iter;
1462
1463 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1464
1465 if (!(p = skip_name(nsec3p, header, plen, 15)))
1466 return STAT_INSECURE; /* bad packet */
1467
1468 p += 10; /* type, class, TTL, rdlen */
1469
1470 if (*p++ != algo)
1471 continue;
1472
1473 p++; /* flags */
1474
a857daa3 1475 GETSHORT(this_iter, p);
5107ace1
SK		 1476 if (this_iter != iterations)
1477 continue;
1478
1479 if (salt_len != *p++)
1480 continue;
1481
1482 if (!CHECK_LEN(header, p, plen, salt_len))
1483 return STAT_INSECURE; /* bad packet */
1484
1485 if (memcmp(p, salt, salt_len) != 0)
1486 continue;
1487
1488 /* All match, put the pointer back */
1489 nsecs[i] = nsec3p;
1490 }
1491
1492 /* Algo is checked as 1 above */
1493 if (!(hash = hash_find("sha1")))
1494 return STAT_INSECURE;
1495
1496 /* Now, we need the "closest encloser NSEC3" */
1497 closest_encloser = name;
1498 next_closest = NULL;
1499
1500 do
1501 {
1502 if (*closest_encloser == '.')
1503 closest_encloser++;
c5f4ec7d 1504
a857daa3 1505 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1506 return STAT_INSECURE;
1507
1508 for (i = 0; i < nsec_count; i++)
1509 if ((p = nsecs[i]))
1510 {
5107ace1 1511 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1512 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1513 return STAT_INSECURE;
1514
a857daa3
SK		 1515 if (digest_len == base32_len &&
1516 memcmp(digest, workspace2, digest_len) == 0)
5107ace1
SK		 1517 break; /* Gotit */
1518 }
1519
1520 if (i != nsec_count)
1521 break;
1522
1523 next_closest = closest_encloser;
1524 }
1525 while ((closest_encloser = strchr(closest_encloser, '.')));
1526
1527 /* No usable NSEC3s */
1528 if (i == nsec_count)
1529 return STAT_BOGUS;
1530
1531 if (!next_closest)
1532 {
1533 /* We found an NSEC3 whose hashed name exactly matches the query, so
1534 Now we just need to check the type map. p points to the RR data for the record. */
a857daa3 1535 int rdlen;
5107ace1
SK		 1536 unsigned char *psave;
1537 int offset = (type & 0xff) >> 3;
1538 int mask = 0x80 >> (type & 0x07);
1539
1540 p += 8; /* class, type, TTL */
1541 GETSHORT(rdlen, p);
1542 psave = p;
1543 p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */
1544 hash_len = *p++;
1545 if (!CHECK_LEN(header, p, plen, hash_len))
1546 return STAT_INSECURE; /* bad packet */
1547 p += hash_len;
1548 rdlen -= p - psave;
1549
1550 while (rdlen >= 2)
1551 {
1552 if (!CHECK_LEN(header, p, plen, rdlen))
1553 return STAT_INSECURE;
1554
1555 if (p[0] == type >> 8)
1556 {
a857daa3
SK		 1557 /* Does the NSEC3 say our type exists? */
1558 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1559 return STAT_BOGUS;
1560
1561 break; /* finshed checking */
1562 }
1563
1564 rdlen -= p[1];
1565 p += p[1];
1566 }
1567
1568 return STAT_SECURE;
1569 }
1570
24187530 1571 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
a857daa3 1572 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1573 return STAT_INSECURE;
1574
1575 for (i = 0; i < nsec_count; i++)
1576 if ((p = nsecs[i]))
1577 {
a857daa3
SK		 1578 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1579 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1580 return STAT_INSECURE;
1581
1582 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1583 hash_len = *p++; /* p now points to next hashed name */
1584
1585 if (!CHECK_LEN(header, p, plen, hash_len))
1586 return STAT_INSECURE;
1587
a857daa3 1588 if (digest_len == base32_len && hash_len == base32_len)
5107ace1 1589 {
a857daa3 1590 if (memcmp(workspace2, digest, digest_len) <= 0)
5107ace1
SK		 1591 {
1592 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1593 wrap around case, name-hash falls between NSEC3 name-hash and end */
a857daa3 1594 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
5107ace1
SK		 1595 return STAT_SECURE;
1596 }
1597 else
1598 {
1599 /* wrap around case, name falls between start and next domain name */
a857daa3 1600 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
5107ace1
SK		 1601 return STAT_SECURE;
1602 }
1603 }
1604 }
1605
1606 /* Finally, check that there's no seat of wildcard synthesis */
1607 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1608 return STAT_BOGUS;
1609
1610 wildcard--;
1611 *wildcard = '*';
1612
a857daa3 1613 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1614 return STAT_INSECURE;
1615
1616 for (i = 0; i < nsec_count; i++)
1617 if ((p = nsecs[i]))
1618 {
5107ace1 1619 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1620 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1621 return STAT_INSECURE;
1622
1623 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1624 hash_len = *p++; /* p now points to next hashed name */
1625
1626 if (!CHECK_LEN(header, p, plen, hash_len))
1627 return STAT_INSECURE;
1628
a857daa3 1629 if (digest_len == base32_len && hash_len == base32_len)
5107ace1 1630 {
a857daa3 1631 if (memcmp(workspace2, digest, digest_len) <= 0)
5107ace1
SK		 1632 {
1633 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1634 wrap around case, name-hash falls between NSEC3 name-hash and end */
a857daa3 1635 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
5107ace1
SK		 1636 return STAT_SECURE;
1637 }
1638 else
1639 {
1640 /* wrap around case, name falls between start and next domain name */
a857daa3 1641 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
5107ace1
SK		 1642 return STAT_SECURE;
1643 }
1644 }
1645 }
1646
1647 return STAT_BOGUS;
1648}
1649
0fc2f313 1650/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1651/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
00a5b5d4 1652int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer)
adca3e9c 1653{
00a5b5d4
SK		 1654 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1655 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
5107ace1 1656 int i, j, rc, nsec_count, cname_count = 10;
00a5b5d4 1657 int nsec_type = 0, have_answer = 0;
adca3e9c 1658
00a5b5d4
SK		 1659 if (neganswer)
1660 *neganswer = 0;
1661
e3ec15af
SK		 1662 if (RCODE(header) == SERVFAIL)
1663 return STAT_BOGUS;
1664
c5f4ec7d 1665 if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1)
72ae2f3d 1666 return STAT_INSECURE;
00a5b5d4
SK		 1667
1668 qname = p1 = (unsigned char *)(header+1);
c5f4ec7d 1669
00a5b5d4
SK		 1670 if (!extract_name(header, plen, &p1, name, 1, 4))
1671 return STAT_INSECURE;
1672
1673 GETSHORT(qtype, p1);
1674 GETSHORT(qclass, p1);
1675 ans_start = p1;
1676
1677 /* Can't validate an RRISG query */
1678 if (qtype == T_RRSIG)
0fc2f313 1679 return STAT_INSECURE;
00a5b5d4
SK		 1680
1681 cname_loop:
1682 for (j = ntohs(header->ancount); j != 0; j--)
1683 {
1684 /* leave pointer to missing name in qname */
1685
1686 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1687 return STAT_INSECURE; /* bad packet */
1688
1689 GETSHORT(type2, p1);
1690 GETSHORT(class2, p1);
1691 p1 += 4; /* TTL */
1692 GETSHORT(rdlen2, p1);
1693
1694 if (rc == 1 && qclass == class2)
1695 {
1696 /* Do we have an answer for the question? */
1697 if (type2 == qtype)
1698 {
1699 have_answer = 1;
1700 break;
1701 }
1702 else if (type2 == T_CNAME)
1703 {
1704 qname = p1;
1705
1706 /* looped CNAMES */
1707 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1708 return STAT_INSECURE;
1709
1710 p1 = ans_start;
1711 goto cname_loop;
1712 }
1713 }
1714
1715 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1716 return STAT_INSECURE;
1717 }
0fc2f313 1718
00a5b5d4
SK		 1719 if (neganswer && !have_answer)
1720 *neganswer = 1;
0575610f
SK		 1721
1722 /* No data, therefore no sigs */
1723 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1724 return STAT_NO_SIG;
00a5b5d4 1725
0fc2f313 1726 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1727 {
0fc2f313
SK		 1728 if (!extract_name(header, plen, &p1, name, 1, 10))
1729 return STAT_INSECURE; /* bad packet */
1730
1731 GETSHORT(type1, p1);
1732 GETSHORT(class1, p1);
1733 p1 += 4; /* TTL */
1734 GETSHORT(rdlen1, p1);
1735
1736 /* Don't try and validate RRSIGs! */
1737 if (type1 != T_RRSIG)
1738 {
1739 /* Check if we've done this RRset already */
1740 for (p2 = ans_start, j = 0; j < i; j++)
1741 {
1742 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1743 return STAT_INSECURE; /* bad packet */
1744
1745 GETSHORT(type2, p2);
1746 GETSHORT(class2, p2);
1747 p2 += 4; /* TTL */
1748 GETSHORT(rdlen2, p2);
1749
1750 if (type2 == type1 && class2 == class1 && rc == 1)
1751 break; /* Done it before: name, type, class all match. */
1752
1753 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1754 return STAT_INSECURE;
1755 }
1756
1757 /* Not done, validate now */
51ea3ca2 1758 if (j == i)
0fc2f313 1759 {
8d718cbb
SK		 1760 int ttl, keytag, algo, digest, type_covered;
1761 unsigned char *psave;
1762 struct all_addr a;
1763 struct blockdata *key;
1764 struct crec *crecp;
1765
5107ace1
SK		 1766 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0);
1767
1768 if (rc == STAT_SECURE_WILDCARD)
1769 {
1770 /* An attacker replay a wildcard answer with a different
a857daa3 1771 answer and overlay a genuine RR. To prove this
5107ace1 1772 hasn't happened, the answer must prove that
a857daa3 1773 the gennuine record doesn't exist. Check that here. */
5107ace1
SK		 1774 if (!nsec_type)
1775 {
1776 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1);
1777
1778 if (nsec_type == 0)
1779 return STAT_INSECURE; /* Bad packet */
1780 if (nsec_type == -1)
1781 return STAT_BOGUS; /* No NSECs */
1782 }
1783
1784 if (nsec_type == T_NSEC)
24187530 1785 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1 1786 else
24187530 1787 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1
SK		 1788
1789 if (rc != STAT_SECURE)
1790 return rc;
1791 }
1792 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1793 {
1794 if (class)
1795 *class = class1; /* Class for DS or DNSKEY */
1796 return rc;
1797 }
5107ace1 1798
8d718cbb
SK		 1799 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1800 cache_start_insert();
1801
1802 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1803 {
8d718cbb
SK		 1804 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1805 return STAT_INSECURE; /* bad packet */
51ea3ca2 1806
8d718cbb
SK		 1807 GETSHORT(type2, p2);
1808 GETSHORT(class2, p2);
1809 GETLONG(ttl, p2);
1810 GETSHORT(rdlen2, p2);
1811
1812 if (!CHECK_LEN(header, p2, plen, rdlen2))
1813 return STAT_INSECURE; /* bad packet */
1814
1815 if (class2 == class1 && rc == 1)
1816 {
1817 psave = p2;
1818
1819 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1820 {
8d718cbb
SK		 1821 if (rdlen2 < 4)
1822 return STAT_INSECURE; /* bad packet */
1823
51ea3ca2
SK		 1824 GETSHORT(keytag, p2);
1825 algo = *p2++;
1826 digest = *p2++;
1827
1828 /* Cache needs to known class for DNSSEC stuff */
1829 a.addr.dnssec.class = class2;
1830
8d718cbb 1831 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1832 {
8d718cbb
SK		 1833 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1834 blockdata_free(key);
1835 else
1836 {
1837 a.addr.keytag = keytag;
1838 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1839 crecp->addr.ds.digest = digest;
1840 crecp->addr.ds.keydata = key;
1841 crecp->addr.ds.algo = algo;
1842 crecp->addr.ds.keytag = keytag;
8d718cbb
SK		 1843 crecp->addr.ds.keylen = rdlen2 - 4;
1844 }
1845 }
1846 }
1847 else if (type2 == T_RRSIG)
1848 {
1849 if (rdlen2 < 18)
1850 return STAT_INSECURE; /* bad packet */
51ea3ca2 1851
8d718cbb
SK		 1852 GETSHORT(type_covered, p2);
1853
1854 if (type_covered == type1 &&
1855 (type_covered == T_A || type_covered == T_AAAA ||
1856 type_covered == T_CNAME || type_covered == T_DS ||
1857 type_covered == T_DNSKEY || type_covered == T_PTR))
1858 {
1859 a.addr.dnssec.type = type_covered;
c8ca33f8 1860 a.addr.dnssec.class = class1;
8d718cbb
SK		 1861
1862 algo = *p2++;
1863 p2 += 13; /* labels, orig_ttl, expiration, inception */
1864 GETSHORT(keytag, p2);
1865
1866 if ((key = blockdata_alloc((char*)psave, rdlen2)))
1867 {
1868 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1869 blockdata_free(key);
1870 else
1871 {
8d718cbb
SK		 1872 crecp->addr.sig.keydata = key;
1873 crecp->addr.sig.keylen = rdlen2;
1874 crecp->addr.sig.keytag = keytag;
1875 crecp->addr.sig.type_covered = type_covered;
1876 crecp->addr.sig.algo = algo;
1877 }
1878 }
1879 }
51ea3ca2
SK		 1880 }
1881
8d718cbb 1882 p2 = psave;
51ea3ca2
SK		 1883 }
1884
8d718cbb
SK		 1885 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1886 return STAT_INSECURE; /* bad packet */
51ea3ca2 1887 }
8d718cbb
SK		 1888
1889 cache_end_insert();
0fc2f313
SK		 1890 }
1891 }
adca3e9c 1892
0fc2f313
SK		 1893 if (!ADD_RDLEN(header, p1, plen, rdlen1))
1894 return STAT_INSECURE;
adca3e9c
GB		 1895 }
1896
c5f4ec7d 1897 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
00a5b5d4
SK		 1898 if (have_answer)
1899 return STAT_SECURE;
1900
5107ace1 1901 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
5107ace1
SK		 1902 /* First marshall the NSEC records, if we've not done it previously */
1903 if (!nsec_type)
c5f4ec7d 1904 {
00a5b5d4 1905 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass);
c5f4ec7d 1906
5107ace1
SK		 1907 if (nsec_type == 0)
1908 return STAT_INSECURE; /* Bad packet */
1909 if (nsec_type == -1)
1910 return STAT_BOGUS; /* No NSECs */
c5f4ec7d 1911 }
00a5b5d4
SK		 1912
1913 /* Get name of missing answer */
1914 if (!extract_name(header, plen, &qname, name, 1, 0))
1915 return STAT_INSECURE;
5107ace1
SK		 1916
1917 if (nsec_type == T_NSEC)
00a5b5d4 1918 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
5107ace1 1919 else
00a5b5d4 1920 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
e292e93d
GB		 1921}
1922
00a5b5d4
SK		 1923/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
1924 Needed for proving answer in unsigned space.
1925 Return STAT_NEED_*
1926 STAT_BOGUS - error
1927 STAT_INSECURE - name of first non-secure record in name
1928*/
1929int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
1930{
1931 unsigned char *p = (unsigned char *)(header+1);
1932 int type, class, qtype, qclass, rdlen, j, rc;
1933 int cname_count = 10;
1934
1935 /* Get question */
1936 if (!extract_name(header, plen, &p, name, 1, 4))
1937 return STAT_BOGUS;
1938
1939 GETSHORT(qtype, p);
1940 GETSHORT(qclass, p);
1941
1942 while (1)
1943 {
1944 for (j = ntohs(header->ancount); j != 0; j--)
1945 {
1946 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1947 return STAT_BOGUS; /* bad packet */
1948
1949 GETSHORT(type, p);
1950 GETSHORT(class, p);
1951 p += 4; /* TTL */
1952 GETSHORT(rdlen, p);
1953
1954 /* Not target, loop */
1955 if (rc == 2 || qclass != class)
1956 {
1957 if (!ADD_RDLEN(header, p, plen, rdlen))
1958 return STAT_BOGUS;
1959 continue;
1960 }
1961
1962 /* Got to end of CNAME chain. */
1963 if (type != T_CNAME)
1964 return STAT_INSECURE;
1965
1966 /* validate CNAME chain, return if insecure or need more data */
1967 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, 0, 0, 0);
1968 if (rc != STAT_SECURE)
1969 {
1970 if (rc == STAT_NO_SIG)
1971 rc = STAT_INSECURE;
1972 return rc;
1973 }
1974
1975 /* Loop down CNAME chain/ */
1976 if (!cname_count-- ||
1977 !extract_name(header, plen, &p, name, 1, 0) ||
1978 !(p = skip_questions(header, plen)))
1979 return STAT_BOGUS;
1980
1981 break;
1982 }
1983
1984 /* End of CNAME chain */
1985 return STAT_INSECURE;
1986 }
1987}
1988
1989
3471f181 1990/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 1991int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 1992{
75ffc9bf
GB		 1993 if (alg == 1)
1994 {
1995 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
1996 See RFC4034, Appendix B.1 */
0fc2f313 1997 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 1998 }
1999 else
2000 {
1633e308 2001 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 2002 int i;
2003
0fc2f313
SK		 2004 for (i = 0; i < keylen; ++i)
2005 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 2006
0fc2f313
SK		 2007 ac += (ac >> 16) & 0xffff;
2008 return ac & 0xffff;
0304d28f 2009 }
3471f181 2010}
e292e93d 2011
5f8e58f4
SK		 2012size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2013{
2014 unsigned char *p;
610e782a 2015 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 2016
2017 if (addr->sa.sa_family == AF_INET)
2018 log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2019#ifdef HAVE_IPV6
2020 else
2021 log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2022#endif
2023
2024 header->qdcount = htons(1);
2025 header->ancount = htons(0);
2026 header->nscount = htons(0);
2027 header->arcount = htons(0);
e292e93d 2028
5f8e58f4
SK		 2029 header->hb3 = HB3_RD;
2030 SET_OPCODE(header, QUERY);
5b3bf921
SK		 2031 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2032 this allows it to select auth servers when one is returning bad data. */
2033 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 2034
2035 /* ID filled in later */
2036
2037 p = (unsigned char *)(header+1);
2038
2039 p = do_rfc1035_name(p, name);
2040 *p++ = 0;
2041 PUTSHORT(type, p);
2042 PUTSHORT(class, p);
2043
2044 return add_do_bit(header, p - (unsigned char *)header, end);
2045}
8a9be9e4 2046
613ad15d
SK		 2047/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2048 we've chopped out of the packet, or check they don't point into an elided part. */
2049static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2050{
2051 unsigned char *ansp = *namep;
2052
2053 while(1)
2054 {
2055 unsigned int label_type;
2056
2057 if (!CHECK_LEN(header, ansp, plen, 1))
2058 return 0;
2059
2060 label_type = (*ansp) & 0xc0;
2061
2062 if (label_type == 0xc0)
2063 {
2064 /* pointer for compression. */
00a5b5d4
SK		 2065 unsigned int offset;
2066 int i;
613ad15d
SK		 2067 unsigned char *p;
2068
2069 if (!CHECK_LEN(header, ansp, plen, 2))
2070 return 0;
2071
2072 offset = ((*ansp++) & 0x3f) << 8;
2073 offset |= *ansp++;
2074
2075 p = offset + (unsigned char *)header;
2076
2077 for (i = 0; i < rr_count; i++)
2078 if (p < rrs[i])
2079 break;
2080 else
2081 if (i & 1)
2082 offset -= rrs[i] - rrs[i-1];
2083
2084 /* does the pointer end up in an elided RR? */
2085 if (i & 1)
00a5b5d4 2086 return 0;
613ad15d
SK		 2087
2088 /* No, scale the pointer */
2089 if (fixup)
2090 {
2091 ansp -= 2;
2092 *ansp++ = (offset >> 8) | 0xc0;
2093 *ansp++ = offset & 0xff;
2094 }
2095 break;
2096 }
2097 else if (label_type == 0x80)
2098 return 0; /* reserved */
2099 else if (label_type == 0x40)
2100 {
2101 /* Extended label type */
2102 unsigned int count;
2103
2104 if (!CHECK_LEN(header, ansp, plen, 2))
2105 return 0;
2106
2107 if (((*ansp++) & 0x3f) != 1)
2108 return 0; /* we only understand bitstrings */
2109
2110 count = *(ansp++); /* Bits in bitstring */
2111
2112 if (count == 0) /* count == 0 means 256 bits */
2113 ansp += 32;
2114 else
2115 ansp += ((count-1)>>3)+1;
2116 }
2117 else
2118 { /* label type == 0 Bottom six bits is length */
2119 unsigned int len = (*ansp++) & 0x3f;
2120
2121 if (!ADD_RDLEN(header, ansp, plen, len))
2122 return 0;
2123
2124 if (len == 0)
2125 break; /* zero length label marks the end. */
2126 }
2127 }
2128
2129 *namep = ansp;
2130
2131 return 1;
2132}
2133
2134/* Go through RRs and check or fixup the domain names contained within */
2135static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2136{
2137 int i, type, class, rdlen;
00a5b5d4 2138 unsigned char *pp;
613ad15d
SK		 2139
2140 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2141 {
00a5b5d4
SK		 2142 pp = p;
2143
2144 if (!(p = skip_name(p, header, plen, 10)))
2145 return 0;
613ad15d
SK		 2146
2147 GETSHORT(type, p);
2148 GETSHORT(class, p);
2149 p += 4; /* TTL */
2150 GETSHORT(rdlen, p);
00a5b5d4 2151
613ad15d
SK		 2152 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2153 {
00a5b5d4
SK		 2154 /* fixup name of RR */
2155 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2156 return 0;
2157
613ad15d
SK		 2158 if (class == C_IN)
2159 {
2160 u16 *d;
14db4212
SK		 2161
2162 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
613ad15d
SK		 2163 {
2164 if (*d != 0)
2165 pp += *d;
2166 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2167 return 0;
2168 }
2169 }
2170 }
2171
2172 if (!ADD_RDLEN(header, p, plen, rdlen))
2173 return 0;
2174 }
2175
2176 return 1;
2177}
2178
2179
2180size_t filter_rrsigs(struct dns_header *header, size_t plen)
2181{
2182 static unsigned char **rrs;
2183 static int rr_sz = 0;
2184
2185 unsigned char *p = (unsigned char *)(header+1);
2186 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns;
2187
2188 if (ntohs(header->qdcount) != 1 ||
2189 !(p = skip_name(p, header, plen, 4)))
2190 return plen;
2191
2192 GETSHORT(qtype, p);
2193 GETSHORT(qclass, p);
2194
2195 /* First pass, find pointers to start and end of all the records we wish to elide:
2196 records added for DNSSEC, unless explicity queried for */
2197 for (rr_found = 0, chop_ns = 0, chop_an = 0, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2198 {
2199 unsigned char *pstart = p;
2200 int type, class;
2201
2202 if (!(p = skip_name(p, header, plen, 10)))
2203 return plen;
2204
2205 GETSHORT(type, p);
2206 GETSHORT(class, p);
2207 p += 4; /* TTL */
2208 GETSHORT(rdlen, p);
2209
2210 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2211 (type != qtype || class != qclass))
2212 {
2213 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2214 return plen;
2215
2216 rrs[rr_found++] = pstart;
2217
2218 if (!ADD_RDLEN(header, p, plen, rdlen))
2219 return plen;
2220
2221 rrs[rr_found++] = p;
2222
2223 if (i < ntohs(header->ancount))
2224 chop_an++;
2225 else
2226 chop_ns++;
2227 }
2228 else if (!ADD_RDLEN(header, p, plen, rdlen))
2229 return plen;
2230 }
2231
2232 /* Nothing to do. */
2233 if (rr_found == 0)
2234 return plen;
2235
2236 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2237 point to records we're going to elide. This is theoretically possible, but unlikely. If
2238 it happens, we give up and leave the answer unchanged. */
2239 p = (unsigned char *)(header+1);
2240
2241 /* question first */
2242 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2243 return plen;
2244 p += 4; /* qclass, qtype */
2245
2246 /* Now answers and NS */
2247 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2248 return plen;
2249
2250 /* Third pass, elide records */
2251 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2252 {
2253 unsigned char *start = rrs[i];
2254 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2255
2256 memmove(p, start, end-start);
2257 p += end-start;
2258 }
2259
2260 plen = p - (unsigned char *)header;
2261 header->ancount = htons(ntohs(header->ancount) - chop_an);
2262 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2263
2264 /* Fourth pass, fix up pointers in the remaining records */
2265 p = (unsigned char *)(header+1);
2266
2267 check_name(&p, header, plen, 1, rrs, rr_found);
2268 p += 4; /* qclass, qtype */
2269
2270 check_rrs(p, header, plen, 1, rrs, rr_found);
2271
2272 return plen;
2273}
2274
8a9be9e4
SK		 2275unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2276{
2277 int q;
2278 unsigned int len;
2279 unsigned char *p = (unsigned char *)(header+1);
2280 const struct nettle_hash *hash;
2281 void *ctx;
2282 unsigned char *digest;
5f8e58f4 2283
8a9be9e4
SK		 2284 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2285 return NULL;
2286
2287 for (q = ntohs(header->qdcount); q != 0; q--)
2288 {
2289 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 2290 break; /* bad packet */
8a9be9e4
SK		 2291
2292 len = to_wire(name);
2293 hash->update(ctx, len, (unsigned char *)name);
2294 /* CRC the class and type as well */
2295 hash->update(ctx, 4, p);
2296
2297 p += 4;
2298 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 2299 break; /* bad packet */
8a9be9e4 2300 }
703c7ff4
SK		 2301
2302 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 2303 return digest;
2304}
2305
0fc2f313 2306#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.