]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix off-by-one overwrite.
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
0fc2f313 2 and Copyright (c) 2012-2014 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3
SK		 28#include <nettle/nettle-meta.h>
29#include <gmp.h>
c3e0b9b6 30
e292e93d
GB		 31#define SERIAL_UNDEF -100
32#define SERIAL_EQ 0
33#define SERIAL_LT -1
34#define SERIAL_GT 1
35
86bec2d3
SK		 36/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
37static char *ds_digest_name(int digest)
38{
39 switch (digest)
40 {
41 case 1: return "sha1";
42 case 2: return "sha256";
43 case 3: return "gosthash94";
44 case 4: return "sha384";
45 default: return NULL;
46 }
47}
48
49/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
50static char *algo_digest_name(int algo)
51{
52 switch (algo)
53 {
54 case 1: return "md5";
55 case 3: return "sha1";
56 case 5: return "sha1";
57 case 6: return "sha1";
58 case 7: return "sha1";
59 case 8: return "sha256";
60 case 10: return "sha512";
61 case 12: return "gosthash94";
62 case 13: return "sha256";
63 case 14: return "sha384";
64 default: return NULL;
65 }
66}
67
68/* Find pointer to correct hash function in nettle library */
69static const struct nettle_hash *hash_find(char *name)
70{
71 int i;
72
73 if (!name)
74 return NULL;
75
76 for (i = 0; nettle_hashes[i]; i++)
77 {
78 if (strcmp(nettle_hashes[i]->name, name) == 0)
79 return nettle_hashes[i];
80 }
81
82 return NULL;
83}
84
85/* expand ctx and digest memory allocations if necessary and init hash function */
86static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
87{
88 static void *ctx = NULL;
89 static unsigned char *digest = NULL;
90 static unsigned int ctx_sz = 0;
91 static unsigned int digest_sz = 0;
92
93 void *new;
94
95 if (ctx_sz < hash->context_size)
96 {
97 if (!(new = whine_malloc(hash->context_size)))
98 return 0;
99 if (ctx)
100 free(ctx);
101 ctx = new;
102 ctx_sz = hash->context_size;
103 }
104
105 if (digest_sz < hash->digest_size)
106 {
107 if (!(new = whine_malloc(hash->digest_size)))
108 return 0;
109 if (digest)
110 free(digest);
111 digest = new;
112 digest_sz = hash->digest_size;
113 }
114
115 *ctxp = ctx;
116 *digestp = digest;
117
118 hash->init(ctx);
119
120 return 1;
121}
122
123static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
124 unsigned char *digest, int algo)
125{
126 unsigned char *p;
127 size_t exp_len;
128
129 static struct rsa_public_key *key = NULL;
130 static mpz_t sig_mpz;
131
132 if (key == NULL)
133 {
134 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
135 return 0;
136
137 nettle_rsa_public_key_init(key);
138 mpz_init(sig_mpz);
139 }
140
141 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
142 return 0;
143
144 key_len--;
145 if ((exp_len = *p++) == 0)
146 {
147 GETSHORT(exp_len, p);
148 key_len -= 2;
149 }
150
151 if (exp_len >= key_len)
152 return 0;
153
154 key->size = key_len - exp_len;
155 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
156 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
157
158 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
159
160 switch (algo)
161 {
162 case 1:
163 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
164 case 5: case 7:
165 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
166 case 8:
167 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
168 case 10:
169 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
170 }
171
172 return 0;
173}
174
175static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
176 unsigned char *digest, int algo)
177{
178 unsigned char *p;
179 unsigned int t;
180
181 static struct dsa_public_key *key = NULL;
182 static struct dsa_signature *sig_struct;
183
184 if (key == NULL)
185 {
186 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
187 !(key = whine_malloc(sizeof(struct dsa_public_key))))
188 return 0;
189
190 nettle_dsa_public_key_init(key);
191 nettle_dsa_signature_init(sig_struct);
192 }
193
194 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
195 return 0;
196
197 t = *p++;
198
199 if (key_len < (213 + (t * 24)))
200 return 0;
ebe95a83 201
86bec2d3
SK		 202 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
203 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
204 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
205 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
206
207 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
208 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
209
210 (void)algo;
ebe95a83 211
86bec2d3
SK		 212 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
213}
214
c152dc84
SK		 215#ifndef NO_NETTLE_ECC
216static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
217 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 218 unsigned char *digest, size_t digest_len, int algo)
219{
220 unsigned char *p;
221 unsigned int t;
222 struct ecc_point *key;
223
224 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
225 static mpz_t x, y;
226 static struct dsa_signature *sig_struct;
227
228 if (!sig_struct)
229 {
230 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
231 return 0;
232
233 nettle_dsa_signature_init(sig_struct);
234 mpz_init(x);
235 mpz_init(y);
236 }
237
238 switch (algo)
239 {
240 case 13:
241 if (!key_256)
242 {
243 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
244 return 0;
245
246 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
247 }
248
249 key = key_256;
250 t = 32;
251 break;
252
253 case 14:
254 if (!key_384)
255 {
256 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
257 return 0;
258
259 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
260 }
261
262 key = key_384;
263 t = 48;
264 break;
265
266 default:
267 return 0;
268 }
269
270 if (sig_len != 2*t || key_len != 2*t ||
271 (p = blockdata_retrieve(key_data, key_len, NULL)))
272 return 0;
273
274 mpz_import(x, t , 1, 1, 0, 0, p);
275 mpz_import(y, t , 1, 1, 0, 0, p + t);
276
277 if (!ecc_point_set(key, x, y))
278 return 0;
279
280 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
281 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
282
283 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
284}
c152dc84
SK		 285#endif
286
86bec2d3 287static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 288 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 289{
7b1eae4f
SK		 290 (void)digest_len;
291
86bec2d3
SK		 292 switch (algo)
293 {
294 case 1: case 5: case 7: case 8: case 10:
295 return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
296
297 case 3: case 6:
298 return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 299
300#ifndef NO_NETTLE_ECC
ebe95a83
SK		 301 case 13: case 14:
302 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 303#endif
304 }
86bec2d3
SK		 305
306 return 0;
307}
308
0fc2f313
SK		 309/* Convert from presentation format to wire format, in place.
310 Also map UC -> LC.
311 Note that using extract_name to get presentation format
312 then calling to_wire() removes compression and maps case,
313 thus generating names in canonical form.
314 Calling to_wire followed by from_wire is almost an identity,
315 except that the UC remains mapped to LC.
316*/
317static int to_wire(char *name)
7f0485cf 318{
0fc2f313
SK		 319 unsigned char *l, *p, term;
320 int len;
321
322 for (l = (unsigned char*)name; *l != 0; l = p)
323 {
324 for (p = l; *p != '.' && *p != 0; p++)
325 if (*p >= 'A' && *p <= 'Z')
326 *p = *p - 'A' + 'a';
327
328 term = *p;
329
330 if ((len = p - l) != 0)
331 memmove(l+1, l, len);
332 *l = len;
333
334 p++;
335
336 if (term == 0)
337 *p = 0;
338 }
339
340 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 341}
342
0fc2f313
SK		 343/* Note: no compression allowed in input. */
344static void from_wire(char *name)
13e435eb 345{
0fc2f313
SK		 346 unsigned char *l;
347 int len;
13e435eb 348
0fc2f313 349 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 350 {
0fc2f313
SK		 351 len = *l;
352 memmove(l, l+1, len);
353 l[len] = '.';
13e435eb 354 }
7f0485cf 355
bd9b3cf5
SK		 356 if (l != name)
357 *(l-1) = 0;
13e435eb
GB		 358}
359
5ada8885
SK		 360/* Input in presentation format */
361static int count_labels(char *name)
362{
363 int i;
364
365 if (*name == 0)
366 return 0;
367
368 for (i = 0; *name; name++)
369 if (*name == '.')
370 i++;
371
372 return i+1;
373}
374
5f8e58f4
SK		 375/* Implement RFC1982 wrapped compare for 32-bit numbers */
376static int serial_compare_32(unsigned long s1, unsigned long s2)
377{
378 if (s1 == s2)
379 return SERIAL_EQ;
0ca895f5 380
5f8e58f4
SK		 381 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
382 (s1 > s2 && (s1 - s2) > (1UL<<31)))
383 return SERIAL_LT;
384 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
385 (s1 > s2 && (s1 - s2) < (1UL<<31)))
386 return SERIAL_GT;
387 return SERIAL_UNDEF;
388}
0852d76b 389
5f8e58f4
SK		 390/* Check whether today/now is between date_start and date_end */
391static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 392{
5f8e58f4
SK		 393 unsigned long curtime = time(0);
394
395 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
396 return serial_compare_32(curtime, date_start) == SERIAL_GT
397 && serial_compare_32(curtime, date_end) == SERIAL_LT;
398}
f119ed38 399
5f8e58f4
SK		 400static u16 *get_desc(int type)
401{
402 /* List of RRtypes which include domains in the data.
403 0 -> domain
404 integer -> no of plain bytes
405 -1 -> end
406
407 zero is not a valid RRtype, so the final entry is returned for
408 anything which needs no mangling.
409 */
410
411 static u16 rr_desc[] =
412 {
413 T_NS, 0, -1,
414 T_MD, 0, -1,
415 T_MF, 0, -1,
416 T_CNAME, 0, -1,
417 T_SOA, 0, 0, -1,
418 T_MB, 0, -1,
419 T_MG, 0, -1,
420 T_MR, 0, -1,
421 T_PTR, 0, -1,
422 T_MINFO, 0, 0, -1,
423 T_MX, 2, 0, -1,
424 T_RP, 0, 0, -1,
425 T_AFSDB, 2, 0, -1,
426 T_RT, 2, 0, -1,
427 T_SIG, 18, 0, -1,
428 T_PX, 2, 0, 0, -1,
429 T_NXT, 0, -1,
430 T_KX, 2, 0, -1,
431 T_SRV, 6, 0, -1,
432 T_DNAME, 0, -1,
5f8e58f4
SK		 433 0, -1 /* wildcard/catchall */
434 };
435
436 u16 *p = rr_desc;
437
438 while (*p != type && *p != 0)
439 while (*p++ != (u16)-1);
f119ed38 440
5f8e58f4
SK		 441 return p+1;
442}
0852d76b 443
5f8e58f4
SK		 444/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
445 data, pointed to by *p, should be used raw. */
446static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff,
447 unsigned char **p, u16 **desc)
448{
449 int d = **desc;
450
451 (*desc)++;
452
453 /* No more data needs mangling */
454 if (d == (u16)-1)
455 return 0;
456
457 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
458 /* domain-name, canonicalise */
459 return to_wire(buff);
460 else
461 {
462 /* plain data preceding a domain-name, don't run off the end of the data */
463 if ((end - *p) < d)
464 d = end - *p;
465
466 if (d != 0)
467 {
468 memcpy(buff, *p, d);
469 *p += d;
470 }
471
472 return d;
473 }
0852d76b
GB		 474}
475
613ad15d
SK		 476static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
477{
478 unsigned char **p;
479 int new_sz = *sz;
480
481 if (new_sz > new)
482 return 1;
483
484 if (new >= 100)
485 return 0;
486
487 new_sz += 5;
488
489 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
490 return 0;
491
492 if (*wkspc)
493 {
494 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
495 free(*wkspc);
496 }
497
498 *wkspc = p;
499 *sz = new_sz;
00a5b5d4
SK		 500
501 return 1;
613ad15d
SK		 502}
503
5f8e58f4
SK		 504/* Bubble sort the RRset into the canonical order.
505 Note that the byte-streams from two RRs may get unsynced: consider
506 RRs which have two domain-names at the start and then other data.
507 The domain-names may have different lengths in each RR, but sort equal
508
509 ------------
510 |abcde|fghi|
511 ------------
512 |abcd|efghi|
513 ------------
514
515 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
516*/
517
518static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
519 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 520{
5f8e58f4 521 int swap, quit, i;
0fc2f313 522
5f8e58f4
SK		 523 do
524 {
525 for (swap = 0, i = 0; i < rrsetidx-1; i++)
526 {
527 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
528 u16 *dp1, *dp2;
529 unsigned char *end1, *end2;
5107ace1
SK		 530 /* Note that these have been determined to be OK previously,
531 so we don't need to check for NULL return here. */
5f8e58f4
SK		 532 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
533 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
534
535 p1 += 8; /* skip class, type, ttl */
536 GETSHORT(rdlen1, p1);
537 end1 = p1 + rdlen1;
538
539 p2 += 8; /* skip class, type, ttl */
540 GETSHORT(rdlen2, p2);
541 end2 = p2 + rdlen2;
542
543 dp1 = dp2 = rr_desc;
544
1486a9c7 545 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 546 {
1486a9c7
SK		 547 if (left1 != 0)
548 memmove(buff1, buff1 + len1 - left1, left1);
549
5f8e58f4
SK		 550 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
551 {
552 quit = 1;
553 len1 = end1 - p1;
554 memcpy(buff1 + left1, p1, len1);
555 }
556 len1 += left1;
557
1486a9c7
SK		 558 if (left2 != 0)
559 memmove(buff2, buff2 + len2 - left2, left2);
560
5f8e58f4
SK		 561 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
562 {
563 quit = 1;
564 len2 = end2 - p2;
565 memcpy(buff2 + left2, p2, len2);
566 }
567 len2 += left2;
568
569 if (len1 > len2)
1486a9c7 570 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 571 else
1486a9c7 572 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 573
6fd6dacb 574 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 575
4619d946 576 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 577 {
578 unsigned char *tmp = rrset[i+1];
579 rrset[i+1] = rrset[i];
580 rrset[i] = tmp;
581 swap = quit = 1;
582 }
6fd6dacb
SK		 583 else if (rc < 0)
584 quit = 1;
5f8e58f4
SK		 585 }
586 }
587 } while (swap);
588}
c3e0b9b6 589
5f8e58f4
SK		 590/* Validate a single RRset (class, type, name) in the supplied DNS reply
591 Return code:
592 STAT_SECURE if it validates.
5107ace1 593 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
00a5b5d4 594 STAT_NO_SIG no RRsigs found.
5f8e58f4
SK		 595 STAT_INSECURE can't validate (no RRSIG, bad packet).
596 STAT_BOGUS signature is wrong.
597 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
598
599 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
600 otherwise find the key in the cache.
5107ace1
SK		 601
602 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4
SK		 603*/
604static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class,
e7829aef 605 int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 606{
607 static unsigned char **rrset = NULL, **sigs = NULL;
608 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 609
5f8e58f4 610 unsigned char *p;
5ada8885 611 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 612 struct crec *crecp = NULL;
613 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
614 u16 *rr_desc = get_desc(type);
c3e0b9b6 615
5f8e58f4
SK		 616 if (!(p = skip_questions(header, plen)))
617 return STAT_INSECURE;
c3e0b9b6 618
5ada8885
SK		 619 name_labels = count_labels(name); /* For 4035 5.3.2 check */
620
621 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 622 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
623 j != 0; j--)
624 {
625 unsigned char *pstart, *pdata;
b98d22c1 626 int stype, sclass;
c3e0b9b6 627
5f8e58f4
SK		 628 pstart = p;
629
630 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
631 return STAT_INSECURE; /* bad packet */
632
633 GETSHORT(stype, p);
634 GETSHORT(sclass, p);
b98d22c1 635 p += 4; /* TTL */
5f8e58f4
SK		 636
637 pdata = p;
c3e0b9b6 638
5f8e58f4
SK		 639 GETSHORT(rdlen, p);
640
e7829aef
SK		 641 if (!CHECK_LEN(header, p, plen, rdlen))
642 return STAT_INSECURE;
643
5f8e58f4
SK		 644 if (res == 1 && sclass == class)
645 {
646 if (stype == type)
647 {
613ad15d
SK		 648 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
649 return STAT_INSECURE;
650
5f8e58f4
SK		 651 rrset[rrsetidx++] = pstart;
652 }
653
654 if (stype == T_RRSIG)
655 {
613ad15d
SK		 656 if (rdlen < 18)
657 return STAT_INSECURE; /* bad packet */
658
659 GETSHORT(type_covered, p);
660
661 if (type_covered == type)
662 {
663 if (!expand_workspace(&sigs, &sig_sz, sigidx))
664 return STAT_INSECURE;
665
666 sigs[sigidx++] = pdata;
667 }
668
669 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 670 }
671 }
613ad15d 672
5f8e58f4
SK		 673 if (!ADD_RDLEN(header, p, plen, rdlen))
674 return STAT_INSECURE;
675 }
c3e0b9b6 676
00a5b5d4
SK		 677 /* RRset empty */
678 if (rrsetidx == 0)
5f8e58f4 679 return STAT_INSECURE;
00a5b5d4
SK		 680
681 /* no RRSIGs */
682 if (sigidx == 0)
683 return STAT_NO_SIG;
5f8e58f4
SK		 684
685 /* Sort RRset records into canonical order.
d387380a 686 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 687 unused, and used as workspace by the sort. */
d387380a 688 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 689
690 /* Now try all the sigs to try and find one which validates */
691 for (j = 0; j <sigidx; j++)
692 {
d387380a 693 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 694 int i, wire_len, sig_len;
695 const struct nettle_hash *hash;
696 void *ctx;
d387380a 697 char *name_start;
5f8e58f4
SK		 698 u32 nsigttl;
699
700 p = sigs[j];
5ada8885 701 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 702 psav = p;
703
5ada8885 704 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 705 algo = *p++;
706 labels = *p++;
707 GETLONG(orig_ttl, p);
e7829aef
SK		 708 GETLONG(sig_expiration, p);
709 GETLONG(sig_inception, p);
5f8e58f4
SK		 710 GETSHORT(key_tag, p);
711
5f8e58f4
SK		 712 if (!extract_name(header, plen, &p, keyname, 1, 0))
713 return STAT_INSECURE;
d387380a
SK		 714
715 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
716 the name of the zone containing the RRset. We can't tell that
717 for certain, but we can check that the RRset name is equal to
718 or encloses the signers name, which should be enough to stop
719 an attacker using signatures made with the key of an unrelated
720 zone he controls. Note that the root key is always allowed. */
721 if (*keyname != 0)
722 {
723 int failed = 0;
724
725 for (name_start = name; !hostname_isequal(name_start, keyname); )
726 if ((name_start = strchr(name_start, '.')))
727 name_start++; /* chop a label off and try again */
728 else
729 {
730 failed = 1;
731 break;
732 }
733
734 /* Bad sig, try another */
735 if (failed)
736 continue;
737 }
5f8e58f4 738
d387380a 739 /* Other 5.3.1 checks */
e7829aef
SK		 740 if (!check_date_range(sig_inception, sig_expiration) ||
741 labels > name_labels ||
742 !(hash = hash_find(algo_digest_name(algo))) ||
743 !hash_init(hash, &ctx, &digest))
744 continue;
745
5f8e58f4
SK		 746 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
747 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
748 return STAT_NEED_KEY;
749
86bec2d3
SK		 750 sig = p;
751 sig_len = rdlen - (p - psav);
e7829aef 752
5f8e58f4
SK		 753 nsigttl = htonl(orig_ttl);
754
86bec2d3 755 hash->update(ctx, 18, psav);
5f8e58f4 756 wire_len = to_wire(keyname);
86bec2d3 757 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 758 from_wire(keyname);
759
5f8e58f4
SK		 760 for (i = 0; i < rrsetidx; ++i)
761 {
762 int seg;
763 unsigned char *end, *cp;
764 u16 len, *dp;
d387380a 765
5f8e58f4
SK		 766 p = rrset[i];
767 if (!extract_name(header, plen, &p, name, 1, 10))
768 return STAT_INSECURE;
5ada8885 769
d387380a
SK		 770 name_start = name;
771
5ada8885
SK		 772 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
773 if (labels < name_labels)
774 {
775 int k;
776 for (k = name_labels - labels; k != 0; k--)
777 while (*name_start != '.' && *name_start != 0)
778 name_start++;
779 name_start--;
780 *name_start = '*';
781 }
782
783 wire_len = to_wire(name_start);
86bec2d3
SK		 784 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
785 hash->update(ctx, 4, p); /* class and type */
786 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 787
788 p += 8; /* skip class, type, ttl */
789 GETSHORT(rdlen, p);
5ada8885
SK		 790 if (!CHECK_LEN(header, p, plen, rdlen))
791 return STAT_INSECURE;
792
5f8e58f4
SK		 793 end = p + rdlen;
794
795 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
796 cp = p;
797 dp = rr_desc;
798 for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
799 len += end - cp;
800 len = htons(len);
86bec2d3 801 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 802
803 /* Now canonicalise again and digest. */
804 cp = p;
805 dp = rr_desc;
806 while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
86bec2d3 807 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 808 if (cp != end)
86bec2d3 809 hash->update(ctx, end - cp, cp);
5f8e58f4 810 }
86bec2d3
SK		 811
812 hash->digest(ctx, hash->digest_size, digest);
813
5ada8885
SK		 814 /* namebuff used for workspace above, restore to leave unchanged on exit */
815 p = (unsigned char*)(rrset[0]);
816 extract_name(header, plen, &p, name, 1, 0);
817
5f8e58f4
SK		 818 if (key)
819 {
820 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 821 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 822 return STAT_SECURE;
823 }
824 else
825 {
826 /* iterate through all possible keys 4035 5.3.1 */
827 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 828 if (crecp->addr.key.algo == algo &&
829 crecp->addr.key.keytag == key_tag &&
824202ef 830 crecp->uid == class &&
ebe95a83 831 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 832 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 833 }
834 }
835
836 return STAT_BOGUS;
837}
838
0fc2f313 839/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 840 Put all DNSKEYs in the answer which are valid into the cache.
841 return codes:
842 STAT_INSECURE bad packet, no DNSKEYs in reply.
843 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313
SK		 844 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
845 or self-sign for DNSKEY RRset is not valid.
846 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 847*/
848int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
849{
0fc2f313 850 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 851 struct crec *crecp, *recp1;
8d718cbb 852 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 853 struct blockdata *key;
51ea3ca2 854 struct all_addr a;
c3e0b9b6 855
5f8e58f4
SK		 856 if (ntohs(header->qdcount) != 1 ||
857 !extract_name(header, plen, &p, name, 1, 4))
8d718cbb 858 return STAT_INSECURE;
5f8e58f4 859
c3e0b9b6
SK		 860 GETSHORT(qtype, p);
861 GETSHORT(qclass, p);
862
0fc2f313 863 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 864 return STAT_BOGUS;
c3e0b9b6 865
b8eac191 866 /* See if we have cached a DS record which validates this key */
0fc2f313
SK		 867 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
868 {
869 strcpy(keyname, name);
870 return STAT_NEED_DS;
871 }
b8eac191
SK		 872
873 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
874 if (crecp->flags & F_NEG)
875 return STAT_INSECURE;
876
0fc2f313 877 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 878 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 879 {
880 /* Ensure we have type, class TTL and length */
0fc2f313 881 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
c3e0b9b6
SK		 882 return STAT_INSECURE; /* bad packet */
883
884 GETSHORT(qtype, p);
885 GETSHORT(qclass, p);
886 GETLONG(ttl, p);
887 GETSHORT(rdlen, p);
6f468103 888
0fc2f313
SK		 889 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
890 return STAT_INSECURE; /* bad packet */
891
6f468103
SK		 892 if (qclass != class || qtype != T_DNSKEY || rc == 2)
893 {
894 p += rdlen;
895 continue;
896 }
897
0fc2f313 898 psave = p;
c3e0b9b6 899
c3e0b9b6 900 GETSHORT(flags, p);
0fc2f313 901 if (*p++ != 3)
f01d7be6 902 return STAT_BOGUS;
c3e0b9b6 903 algo = *p++;
0fc2f313 904 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 905 key = NULL;
c3e0b9b6 906
e7829aef
SK		 907 /* key must have zone key flag set */
908 if (flags & 0x100)
909 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 910
0fc2f313 911 p = psave;
e7829aef 912
0fc2f313 913 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 914 {
915 if (key)
916 blockdata_free(key);
917 return STAT_INSECURE; /* bad packet */
918 }
919
e7829aef
SK		 920 /* No zone key flag or malloc failure */
921 if (!key)
0fc2f313
SK		 922 continue;
923
924 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 925 {
926 void *ctx;
927 unsigned char *digest, *ds_digest;
928 const struct nettle_hash *hash;
929
51ea3ca2
SK		 930 if (recp1->addr.ds.algo == algo &&
931 recp1->addr.ds.keytag == keytag &&
824202ef 932 recp1->uid == class &&
51ea3ca2 933 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 934 hash_init(hash, &ctx, &digest))
0fc2f313 935
86bec2d3
SK		 936 {
937 int wire_len = to_wire(name);
938
939 /* Note that digest may be different between DSs, so
940 we can't move this outside the loop. */
941 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
942 hash->update(ctx, (unsigned int)rdlen, psave);
943 hash->digest(ctx, hash->digest_size, digest);
944
945 from_wire(name);
946
824202ef
SK		 947 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
948 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
949 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
f6a2b793 950 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 951 {
86bec2d3 952 valid = 1;
86bec2d3
SK		 953 break;
954 }
955 }
956 }
e7829aef 957 blockdata_free(key);
c3e0b9b6 958 }
c3e0b9b6 959
0fc2f313
SK		 960 if (valid)
961 {
8d718cbb 962 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 963 cache_start_insert();
964
965 p = skip_questions(header, plen);
966
967 for (j = ntohs(header->ancount); j != 0; j--)
968 {
969 /* Ensure we have type, class TTL and length */
970 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
971 return STAT_INSECURE; /* bad packet */
972
973 GETSHORT(qtype, p);
974 GETSHORT(qclass, p);
975 GETLONG(ttl, p);
976 GETSHORT(rdlen, p);
8d718cbb
SK		 977
978 if (!CHECK_LEN(header, p, plen, rdlen))
e7829aef 979 return STAT_INSECURE; /* bad packet */
e7829aef 980
8d718cbb 981 if (qclass == class && rc == 1)
e7829aef 982 {
8d718cbb 983 psave = p;
e7829aef 984
8d718cbb
SK		 985 if (qtype == T_DNSKEY)
986 {
987 if (rdlen < 4)
988 return STAT_INSECURE; /* bad packet */
989
990 GETSHORT(flags, p);
991 if (*p++ != 3)
f01d7be6 992 return STAT_BOGUS;
8d718cbb
SK		 993 algo = *p++;
994 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
995
996 /* Cache needs to known class for DNSSEC stuff */
997 a.addr.dnssec.class = class;
998
999 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1000 {
1001 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1002 blockdata_free(key);
1003 else
1004 {
1005 a.addr.keytag = keytag;
1006 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1007
1008 recp1->addr.key.keylen = rdlen - 4;
1009 recp1->addr.key.keydata = key;
1010 recp1->addr.key.algo = algo;
1011 recp1->addr.key.keytag = keytag;
1012 recp1->addr.key.flags = flags;
8d718cbb
SK		 1013 }
1014 }
1015 }
1016 else if (qtype == T_RRSIG)
1017 {
1018 /* RRSIG, cache if covers DNSKEY RRset */
1019 if (rdlen < 18)
1020 return STAT_INSECURE; /* bad packet */
1021
1022 GETSHORT(type_covered, p);
1023
1024 if (type_covered == T_DNSKEY)
1025 {
1026 a.addr.dnssec.class = class;
1027 a.addr.dnssec.type = type_covered;
1028
1029 algo = *p++;
1030 p += 13; /* labels, orig_ttl, expiration, inception */
1031 GETSHORT(keytag, p);
1032 if ((key = blockdata_alloc((char*)psave, rdlen)))
1033 {
1034 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1035 blockdata_free(key);
1036 else
1037 {
8d718cbb
SK		 1038 crecp->addr.sig.keydata = key;
1039 crecp->addr.sig.keylen = rdlen;
1040 crecp->addr.sig.keytag = keytag;
1041 crecp->addr.sig.type_covered = type_covered;
1042 crecp->addr.sig.algo = algo;
1043 }
1044 }
1045 }
1046 }
e7829aef 1047
8d718cbb 1048 p = psave;
e7829aef 1049 }
8d718cbb 1050
e7829aef
SK		 1051 if (!ADD_RDLEN(header, p, plen, rdlen))
1052 return STAT_INSECURE; /* bad packet */
1053 }
1054
0fc2f313
SK		 1055 /* commit cache insert. */
1056 cache_end_insert();
1057 return STAT_SECURE;
1058 }
1059
1060 log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1061 return STAT_BOGUS;
c3e0b9b6 1062}
0fc2f313 1063
c3e0b9b6
SK		 1064/* The DNS packet is expected to contain the answer to a DS query
1065 Put all DSs in the answer which are valid into the cache.
1066 return codes:
b8eac191 1067 STAT_INSECURE bad packet, no DS in reply, proven no DS in reply.
c3e0b9b6 1068 STAT_SECURE At least one valid DS found and in cache.
00a5b5d4 1069 STAT_NO_DS It's proved there's no DS here.
c3e0b9b6
SK		 1070 STAT_BOGUS At least one DS found, which fails validation.
1071 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1072*/
1073
1074int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1075{
51ea3ca2 1076 unsigned char *p = (unsigned char *)(header+1);
00a5b5d4 1077 int qtype, qclass, val, i, neganswer;
c3e0b9b6 1078
5f8e58f4 1079 if (ntohs(header->qdcount) != 1 ||
b8eac191 1080 !(p = skip_name(p, header, plen, 4)))
8d718cbb
SK		 1081 return STAT_INSECURE;
1082
c3e0b9b6
SK		 1083 GETSHORT(qtype, p);
1084 GETSHORT(qclass, p);
1085
b47b04c8
SK		 1086 if (qtype != T_DS || qclass != class)
1087 val = STAT_BOGUS;
1088 else
00a5b5d4
SK		 1089 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer);
1090
1091 if (val == STAT_NO_SIG)
1092 val = STAT_INSECURE;
51ea3ca2 1093
b8eac191
SK		 1094 p = (unsigned char *)(header+1);
1095 extract_name(header, plen, &p, name, 1, 4);
1096 p += 4; /* qtype, qclass */
1097
00a5b5d4
SK		 1098 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1099 return STAT_INSECURE;
1100
0fc2f313 1101 if (val == STAT_BOGUS)
b8eac191 1102 log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
b47b04c8 1103
00a5b5d4 1104 if ((val == STAT_SECURE || val == STAT_INSECURE) && neganswer)
b8eac191 1105 {
14db4212 1106 int rdlen, flags = F_FORWARD | F_DS | F_NEG;
b8eac191
SK		 1107 unsigned long ttl, minttl = ULONG_MAX;
1108 struct all_addr a;
00a5b5d4
SK		 1109
1110 if (RCODE(header) == NXDOMAIN)
1111 flags |= F_NXDOMAIN;
1112
1113 if (val == STAT_SECURE)
1114 flags |= F_DNSSECOK;
b8eac191
SK		 1115
1116 for (i = ntohs(header->nscount); i != 0; i--)
1117 {
00a5b5d4 1118 if (!(p = skip_name(p, header, plen, 0)))
b8eac191
SK		 1119 return STAT_INSECURE;
1120
1121 GETSHORT(qtype, p);
1122 GETSHORT(qclass, p);
1123 GETLONG(ttl, p);
1124 GETSHORT(rdlen, p);
1125
00a5b5d4 1126 if (!CHECK_LEN(header, p, plen, rdlen))
b8eac191 1127 return STAT_INSECURE; /* bad packet */
00a5b5d4
SK		 1128
1129 if (qclass != class || qtype != T_SOA)
b8eac191
SK		 1130 {
1131 p += rdlen;
1132 continue;
1133 }
1134
1135 if (ttl < minttl)
1136 minttl = ttl;
1137
1138 /* MNAME */
1139 if (!(p = skip_name(p, header, plen, 0)))
1140 return STAT_INSECURE;
1141 /* RNAME */
1142 if (!(p = skip_name(p, header, plen, 20)))
1143 return STAT_INSECURE;
1144 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1145
1146 GETLONG(ttl, p); /* minTTL */
1147 if (ttl < minttl)
1148 minttl = ttl;
00a5b5d4
SK		 1149
1150 break;
b8eac191
SK		 1151 }
1152
00a5b5d4
SK		 1153 if (i != 0)
1154 {
1155 cache_start_insert();
1156
1157 a.addr.dnssec.class = class;
1158 cache_insert(name, &a, now, ttl, flags);
1159
1160 cache_end_insert();
1161 }
b8eac191 1162
00a5b5d4 1163 return (val == STAT_SECURE) ? STAT_NO_DS : STAT_INSECURE;
b8eac191
SK		 1164 }
1165
51ea3ca2 1166 return val;
c3e0b9b6
SK		 1167}
1168
c5f4ec7d
SK		 1169/* 4034 6.1 */
1170static int hostname_cmp(const char *a, const char *b)
1171{
dbf72123
SK		 1172 char *sa, *ea, *ca, *sb, *eb, *cb;
1173 unsigned char ac, bc;
1174
1175 sa = ea = (char *)a + strlen(a);
1176 sb = eb = (char *)b + strlen(b);
1177
c5f4ec7d
SK		 1178 while (1)
1179 {
dbf72123
SK		 1180 while (sa != a && *(sa-1) != '.')
1181 sa--;
c5f4ec7d 1182
dbf72123
SK		 1183 while (sb != b && *(sb-1) != '.')
1184 sb--;
1185
1186 ca = sa;
1187 cb = sb;
1188
1189 while (1)
1190 {
1191 if (ca == ea)
1192 {
1193 if (cb == eb)
1194 break;
1195
1196 return -1;
1197 }
c5f4ec7d 1198
dbf72123
SK		 1199 if (cb == eb)
1200 return 1;
1201
1202 ac = (unsigned char) *ca++;
1203 bc = (unsigned char) *cb++;
1204
1205 if (ac >= 'A' && ac <= 'Z')
1206 ac += 'a' - 'A';
1207 if (bc >= 'A' && bc <= 'Z')
1208 bc += 'a' - 'A';
1209
979cdf9b 1210 if (ac < bc)
dbf72123
SK		 1211 return -1;
1212 else if (ac != bc)
1213 return 1;
1214 }
c5f4ec7d 1215
dbf72123
SK		 1216
1217 if (sa == a)
c5f4ec7d 1218 {
dbf72123
SK		 1219 if (sb == b)
1220 return 0;
c5f4ec7d 1221
dbf72123 1222 return -1;
c5f4ec7d
SK		 1223 }
1224
dbf72123
SK		 1225 if (sb == b)
1226 return 1;
c5f4ec7d 1227
dbf72123
SK		 1228 ea = sa--;
1229 eb = sb--;
c5f4ec7d
SK		 1230 }
1231}
1232
5107ace1
SK		 1233/* Find all the NSEC or NSEC3 records in a reply.
1234 return an array of pointers to them. */
1235static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1236{
1237 static unsigned char **nsecset = NULL;
1238 static int nsecset_sz = 0;
1239
1240 int type_found = -1;
1241 unsigned char *p = skip_questions(header, plen);
1242 int type, class, rdlen, i, nsecs_found;
1243
1244 /* Move to NS section */
1245 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1246 return 0;
1247
1248 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1249 {
1250 unsigned char *pstart = p;
1251
1252 if (!(p = skip_name(p, header, plen, 10)))
1253 return 0;
1254
1255 GETSHORT(type, p);
1256 GETSHORT(class, p);
1257 p += 4; /* TTL */
1258 GETSHORT(rdlen, p);
1259
1260 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1261 {
1262 /* No mixed NSECing 'round here, thankyouverymuch */
1263 if (type_found == T_NSEC && type == T_NSEC3)
1264 return 0;
1265 if (type_found == T_NSEC3 && type == T_NSEC)
1266 return 0;
1267
1268 type_found = type;
1269
613ad15d
SK		 1270 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1271 return 0;
1272
5107ace1
SK		 1273 nsecset[nsecs_found++] = pstart;
1274 }
613ad15d 1275
5107ace1
SK		 1276 if (!ADD_RDLEN(header, p, plen, rdlen))
1277 return 0;
1278 }
1279
1280 *nsecsetp = nsecset;
1281 *nsecsetl = nsecs_found;
1282
1283 return type_found;
1284}
1285
24187530 1286static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1287 char *workspace1, char *workspace2, char *name, int type)
1288{
1289 int i, rc, rdlen;
1290 unsigned char *p, *psave;
1291 int offset = (type & 0xff) >> 3;
1292 int mask = 0x80 >> (type & 0x07);
1293
1294 /* Find NSEC record that proves name doesn't exist */
1295 for (i = 0; i < nsec_count; i++)
1296 {
1297 p = nsecs[i];
1298 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1299 return STAT_INSECURE;
1300 p += 8; /* class, type, TTL */
1301 GETSHORT(rdlen, p);
1302 psave = p;
1303 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1304 return STAT_INSECURE;
1305
1306 rc = hostname_cmp(workspace1, name);
1307
1308 if (rc == 0)
1309 {
f01d7be6
SK		 1310 /* 4035 para 5.4. Last sentence */
1311 if (type == T_NSEC || type == T_RRSIG)
1312 return STAT_SECURE;
1313
5107ace1
SK		 1314 /* NSEC with the same name as the RR we're testing, check
1315 that the type in question doesn't appear in the type map */
1316 rdlen -= p - psave;
1317 /* rdlen is now length of type map, and p points to it */
1318
1319 while (rdlen >= 2)
1320 {
1321 if (!CHECK_LEN(header, p, plen, rdlen))
1322 return STAT_INSECURE;
1323
1324 if (p[0] == type >> 8)
1325 {
1326 /* Does the NSEC say our type exists? */
a857daa3 1327 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1328 return STAT_BOGUS;
1329
1330 break; /* finshed checking */
1331 }
1332
1333 rdlen -= p[1];
1334 p += p[1];
1335 }
1336
1337 return STAT_SECURE;
1338 }
1339 else if (rc == -1)
1340 {
1341 /* Normal case, name falls between NSEC name and next domain name,
1342 wrap around case, name falls between NSEC name (rc == -1) and end */
1343 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1344 return STAT_SECURE;
1345 }
1346 else
1347 {
1348 /* wrap around case, name falls between start and next domain name */
1349 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1350 return STAT_SECURE;
1351 }
1352 }
1353
1354 return STAT_BOGUS;
1355}
1356
1357/* return digest length, or zero on error */
1358static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1359 unsigned char *salt, int salt_len, int iterations)
1360{
1361 void *ctx;
1362 unsigned char *digest;
1363 int i;
1364
1365 if (!hash_init(hash, &ctx, &digest))
1366 return 0;
1367
1368 hash->update(ctx, to_wire(in), (unsigned char *)in);
1369 hash->update(ctx, salt_len, salt);
1370 hash->digest(ctx, hash->digest_size, digest);
1371
1372 for(i = 0; i < iterations; i++)
1373 {
1374 hash->update(ctx, hash->digest_size, digest);
1375 hash->update(ctx, salt_len, salt);
1376 hash->digest(ctx, hash->digest_size, digest);
1377 }
1378
1379 from_wire(in);
1380
1381 *out = digest;
1382 return hash->digest_size;
1383}
1384
1385/* Decode base32 to first "." or end of string */
1386static int base32_decode(char *in, unsigned char *out)
1387{
a857daa3 1388 int oc, on, c, mask, i;
5107ace1
SK		 1389 unsigned char *p = out;
1390
a857daa3 1391 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
5107ace1 1392 {
5107ace1
SK		 1393 if (c >= '0' && c <= '9')
1394 c -= '0';
1395 else if (c >= 'a' && c <= 'v')
1396 c -= 'a', c += 10;
1397 else if (c >= 'A' && c <= 'V')
1398 c -= 'A', c += 10;
1399 else
1400 return 0;
1401
1402 for (mask = 0x10, i = 0; i < 5; i++)
1403 {
a857daa3
SK		 1404 if (c & mask)
1405 oc |= 1;
1406 mask = mask >> 1;
1407 if (((++on) & 7) == 0)
1408 *p++ = oc;
1409 oc = oc << 1;
5107ace1
SK		 1410 }
1411 }
1412
1413 if ((on & 7) != 0)
1414 return 0;
1415
1416 return p - out;
1417}
1418
24187530 1419static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
5107ace1
SK		 1420 char *workspace1, char *workspace2, char *name, int type)
1421{
a857daa3
SK		 1422 unsigned char *salt, *p, *digest;
1423 int digest_len, i, iterations, salt_len, hash_len, base32_len, algo = 0;
5107ace1
SK		 1424 struct nettle_hash const *hash;
1425 char *closest_encloser, *next_closest, *wildcard;
1426
1427 /* Look though the NSEC3 records to find the first one with
1428 an algorithm we support (currently only algo == 1).
1429
1430 Take the algo, iterations, and salt of that record
1431 as the ones we're going to use, and prune any
1432 that don't match. */
1433
1434 for (i = 0; i < nsec_count; i++)
1435 {
1436 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1437 return STAT_INSECURE; /* bad packet */
1438
1439 p += 10; /* type, class, TTL, rdlen */
1440 algo = *p++;
1441
1442 if (algo == 1)
1443 break; /* known algo */
1444 }
1445
1446 /* No usable NSEC3s */
1447 if (i == nsec_count)
1448 return STAT_BOGUS;
1449
1450 p++; /* flags */
1451 GETSHORT (iterations, p);
1452 salt_len = *p++;
1453 salt = p;
1454 if (!CHECK_LEN(header, salt, plen, salt_len))
1455 return STAT_INSECURE; /* bad packet */
1456
1457 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1458 for (i = 0; i < nsec_count; i++)
1459 {
1460 unsigned char *nsec3p = nsecs[i];
1461 int this_iter;
1462
1463 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1464
1465 if (!(p = skip_name(nsec3p, header, plen, 15)))
1466 return STAT_INSECURE; /* bad packet */
1467
1468 p += 10; /* type, class, TTL, rdlen */
1469
1470 if (*p++ != algo)
1471 continue;
1472
1473 p++; /* flags */
1474
a857daa3 1475 GETSHORT(this_iter, p);
5107ace1
SK		 1476 if (this_iter != iterations)
1477 continue;
1478
1479 if (salt_len != *p++)
1480 continue;
1481
1482 if (!CHECK_LEN(header, p, plen, salt_len))
1483 return STAT_INSECURE; /* bad packet */
1484
1485 if (memcmp(p, salt, salt_len) != 0)
1486 continue;
1487
1488 /* All match, put the pointer back */
1489 nsecs[i] = nsec3p;
1490 }
1491
1492 /* Algo is checked as 1 above */
1493 if (!(hash = hash_find("sha1")))
1494 return STAT_INSECURE;
1495
1496 /* Now, we need the "closest encloser NSEC3" */
1497 closest_encloser = name;
1498 next_closest = NULL;
1499
1500 do
1501 {
1502 if (*closest_encloser == '.')
1503 closest_encloser++;
c5f4ec7d 1504
a857daa3 1505 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1506 return STAT_INSECURE;
1507
1508 for (i = 0; i < nsec_count; i++)
1509 if ((p = nsecs[i]))
1510 {
5107ace1 1511 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1512 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1513 return STAT_INSECURE;
1514
a857daa3
SK		 1515 if (digest_len == base32_len &&
1516 memcmp(digest, workspace2, digest_len) == 0)
5107ace1
SK		 1517 break; /* Gotit */
1518 }
1519
1520 if (i != nsec_count)
1521 break;
1522
1523 next_closest = closest_encloser;
1524 }
1525 while ((closest_encloser = strchr(closest_encloser, '.')));
1526
1527 /* No usable NSEC3s */
1528 if (i == nsec_count)
1529 return STAT_BOGUS;
1530
1531 if (!next_closest)
1532 {
1533 /* We found an NSEC3 whose hashed name exactly matches the query, so
1534 Now we just need to check the type map. p points to the RR data for the record. */
a857daa3 1535 int rdlen;
5107ace1
SK		 1536 unsigned char *psave;
1537 int offset = (type & 0xff) >> 3;
1538 int mask = 0x80 >> (type & 0x07);
1539
1540 p += 8; /* class, type, TTL */
1541 GETSHORT(rdlen, p);
1542 psave = p;
1543 p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */
1544 hash_len = *p++;
1545 if (!CHECK_LEN(header, p, plen, hash_len))
1546 return STAT_INSECURE; /* bad packet */
1547 p += hash_len;
1548 rdlen -= p - psave;
1549
1550 while (rdlen >= 2)
1551 {
1552 if (!CHECK_LEN(header, p, plen, rdlen))
1553 return STAT_INSECURE;
1554
1555 if (p[0] == type >> 8)
1556 {
a857daa3
SK		 1557 /* Does the NSEC3 say our type exists? */
1558 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1559 return STAT_BOGUS;
1560
1561 break; /* finshed checking */
1562 }
1563
1564 rdlen -= p[1];
1565 p += p[1];
1566 }
1567
1568 return STAT_SECURE;
1569 }
1570
24187530 1571 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
a857daa3 1572 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1573 return STAT_INSECURE;
1574
1575 for (i = 0; i < nsec_count; i++)
1576 if ((p = nsecs[i]))
1577 {
a857daa3
SK		 1578 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1579 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1580 return STAT_INSECURE;
1581
1582 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1583 hash_len = *p++; /* p now points to next hashed name */
1584
1585 if (!CHECK_LEN(header, p, plen, hash_len))
1586 return STAT_INSECURE;
1587
a857daa3 1588 if (digest_len == base32_len && hash_len == base32_len)
5107ace1 1589 {
a857daa3 1590 if (memcmp(workspace2, digest, digest_len) <= 0)
5107ace1
SK		 1591 {
1592 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1593 wrap around case, name-hash falls between NSEC3 name-hash and end */
a857daa3 1594 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
5107ace1
SK		 1595 return STAT_SECURE;
1596 }
1597 else
1598 {
1599 /* wrap around case, name falls between start and next domain name */
a857daa3 1600 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
5107ace1
SK		 1601 return STAT_SECURE;
1602 }
1603 }
1604 }
1605
1606 /* Finally, check that there's no seat of wildcard synthesis */
1607 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1608 return STAT_BOGUS;
1609
1610 wildcard--;
1611 *wildcard = '*';
1612
a857daa3 1613 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
5107ace1
SK		 1614 return STAT_INSECURE;
1615
1616 for (i = 0; i < nsec_count; i++)
1617 if ((p = nsecs[i]))
1618 {
5107ace1 1619 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1620 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
5107ace1
SK		 1621 return STAT_INSECURE;
1622
1623 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1624 hash_len = *p++; /* p now points to next hashed name */
1625
1626 if (!CHECK_LEN(header, p, plen, hash_len))
1627 return STAT_INSECURE;
1628
a857daa3 1629 if (digest_len == base32_len && hash_len == base32_len)
5107ace1 1630 {
a857daa3 1631 if (memcmp(workspace2, digest, digest_len) <= 0)
5107ace1
SK		 1632 {
1633 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1634 wrap around case, name-hash falls between NSEC3 name-hash and end */
a857daa3 1635 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
5107ace1
SK		 1636 return STAT_SECURE;
1637 }
1638 else
1639 {
1640 /* wrap around case, name falls between start and next domain name */
a857daa3 1641 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
5107ace1
SK		 1642 return STAT_SECURE;
1643 }
1644 }
1645 }
1646
1647 return STAT_BOGUS;
1648}
1649
0fc2f313 1650/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1651/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
00a5b5d4 1652int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer)
adca3e9c 1653{
00a5b5d4
SK		 1654 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1655 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
5107ace1 1656 int i, j, rc, nsec_count, cname_count = 10;
00a5b5d4 1657 int nsec_type = 0, have_answer = 0;
adca3e9c 1658
00a5b5d4
SK		 1659 if (neganswer)
1660 *neganswer = 0;
1661
e3ec15af
SK		 1662 if (RCODE(header) == SERVFAIL)
1663 return STAT_BOGUS;
1664
c5f4ec7d 1665 if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1)
72ae2f3d 1666 return STAT_INSECURE;
00a5b5d4
SK		 1667
1668 qname = p1 = (unsigned char *)(header+1);
c5f4ec7d 1669
00a5b5d4
SK		 1670 if (!extract_name(header, plen, &p1, name, 1, 4))
1671 return STAT_INSECURE;
1672
1673 GETSHORT(qtype, p1);
1674 GETSHORT(qclass, p1);
1675 ans_start = p1;
1676
1677 /* Can't validate an RRISG query */
1678 if (qtype == T_RRSIG)
0fc2f313 1679 return STAT_INSECURE;
00a5b5d4
SK		 1680
1681 cname_loop:
1682 for (j = ntohs(header->ancount); j != 0; j--)
1683 {
1684 /* leave pointer to missing name in qname */
1685
1686 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1687 return STAT_INSECURE; /* bad packet */
1688
1689 GETSHORT(type2, p1);
1690 GETSHORT(class2, p1);
1691 p1 += 4; /* TTL */
1692 GETSHORT(rdlen2, p1);
1693
1694 if (rc == 1 && qclass == class2)
1695 {
1696 /* Do we have an answer for the question? */
1697 if (type2 == qtype)
1698 {
1699 have_answer = 1;
1700 break;
1701 }
1702 else if (type2 == T_CNAME)
1703 {
1704 qname = p1;
1705
1706 /* looped CNAMES */
1707 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1708 return STAT_INSECURE;
1709
1710 p1 = ans_start;
1711 goto cname_loop;
1712 }
1713 }
1714
1715 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1716 return STAT_INSECURE;
1717 }
0fc2f313 1718
00a5b5d4
SK		 1719 if (neganswer && !have_answer)
1720 *neganswer = 1;
1721
0fc2f313 1722 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1723 {
0fc2f313
SK		 1724 if (!extract_name(header, plen, &p1, name, 1, 10))
1725 return STAT_INSECURE; /* bad packet */
1726
1727 GETSHORT(type1, p1);
1728 GETSHORT(class1, p1);
1729 p1 += 4; /* TTL */
1730 GETSHORT(rdlen1, p1);
1731
1732 /* Don't try and validate RRSIGs! */
1733 if (type1 != T_RRSIG)
1734 {
1735 /* Check if we've done this RRset already */
1736 for (p2 = ans_start, j = 0; j < i; j++)
1737 {
1738 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1739 return STAT_INSECURE; /* bad packet */
1740
1741 GETSHORT(type2, p2);
1742 GETSHORT(class2, p2);
1743 p2 += 4; /* TTL */
1744 GETSHORT(rdlen2, p2);
1745
1746 if (type2 == type1 && class2 == class1 && rc == 1)
1747 break; /* Done it before: name, type, class all match. */
1748
1749 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1750 return STAT_INSECURE;
1751 }
1752
1753 /* Not done, validate now */
51ea3ca2 1754 if (j == i)
0fc2f313 1755 {
8d718cbb
SK		 1756 int ttl, keytag, algo, digest, type_covered;
1757 unsigned char *psave;
1758 struct all_addr a;
1759 struct blockdata *key;
1760 struct crec *crecp;
1761
5107ace1
SK		 1762 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0);
1763
1764 if (rc == STAT_SECURE_WILDCARD)
1765 {
1766 /* An attacker replay a wildcard answer with a different
a857daa3 1767 answer and overlay a genuine RR. To prove this
5107ace1 1768 hasn't happened, the answer must prove that
a857daa3 1769 the gennuine record doesn't exist. Check that here. */
5107ace1
SK		 1770 if (!nsec_type)
1771 {
1772 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1);
1773
1774 if (nsec_type == 0)
1775 return STAT_INSECURE; /* Bad packet */
1776 if (nsec_type == -1)
1777 return STAT_BOGUS; /* No NSECs */
1778 }
1779
1780 if (nsec_type == T_NSEC)
24187530 1781 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1 1782 else
24187530 1783 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
5107ace1
SK		 1784
1785 if (rc != STAT_SECURE)
1786 return rc;
1787 }
1788 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1789 {
1790 if (class)
1791 *class = class1; /* Class for DS or DNSKEY */
1792 return rc;
1793 }
5107ace1 1794
8d718cbb
SK		 1795 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1796 cache_start_insert();
1797
1798 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1799 {
8d718cbb
SK		 1800 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1801 return STAT_INSECURE; /* bad packet */
51ea3ca2 1802
8d718cbb
SK		 1803 GETSHORT(type2, p2);
1804 GETSHORT(class2, p2);
1805 GETLONG(ttl, p2);
1806 GETSHORT(rdlen2, p2);
1807
1808 if (!CHECK_LEN(header, p2, plen, rdlen2))
1809 return STAT_INSECURE; /* bad packet */
1810
1811 if (class2 == class1 && rc == 1)
1812 {
1813 psave = p2;
1814
1815 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1816 {
8d718cbb
SK		 1817 if (rdlen2 < 4)
1818 return STAT_INSECURE; /* bad packet */
1819
51ea3ca2
SK		 1820 GETSHORT(keytag, p2);
1821 algo = *p2++;
1822 digest = *p2++;
1823
1824 /* Cache needs to known class for DNSSEC stuff */
1825 a.addr.dnssec.class = class2;
1826
8d718cbb 1827 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1828 {
8d718cbb
SK		 1829 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1830 blockdata_free(key);
1831 else
1832 {
1833 a.addr.keytag = keytag;
1834 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1835 crecp->addr.ds.digest = digest;
1836 crecp->addr.ds.keydata = key;
1837 crecp->addr.ds.algo = algo;
1838 crecp->addr.ds.keytag = keytag;
8d718cbb
SK		 1839 crecp->addr.ds.keylen = rdlen2 - 4;
1840 }
1841 }
1842 }
1843 else if (type2 == T_RRSIG)
1844 {
1845 if (rdlen2 < 18)
1846 return STAT_INSECURE; /* bad packet */
51ea3ca2 1847
8d718cbb
SK		 1848 GETSHORT(type_covered, p2);
1849
1850 if (type_covered == type1 &&
1851 (type_covered == T_A || type_covered == T_AAAA ||
1852 type_covered == T_CNAME || type_covered == T_DS ||
1853 type_covered == T_DNSKEY || type_covered == T_PTR))
1854 {
1855 a.addr.dnssec.type = type_covered;
c8ca33f8 1856 a.addr.dnssec.class = class1;
8d718cbb
SK		 1857
1858 algo = *p2++;
1859 p2 += 13; /* labels, orig_ttl, expiration, inception */
1860 GETSHORT(keytag, p2);
1861
1862 if ((key = blockdata_alloc((char*)psave, rdlen2)))
1863 {
1864 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1865 blockdata_free(key);
1866 else
1867 {
8d718cbb
SK		 1868 crecp->addr.sig.keydata = key;
1869 crecp->addr.sig.keylen = rdlen2;
1870 crecp->addr.sig.keytag = keytag;
1871 crecp->addr.sig.type_covered = type_covered;
1872 crecp->addr.sig.algo = algo;
1873 }
1874 }
1875 }
51ea3ca2
SK		 1876 }
1877
8d718cbb 1878 p2 = psave;
51ea3ca2
SK		 1879 }
1880
8d718cbb
SK		 1881 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1882 return STAT_INSECURE; /* bad packet */
51ea3ca2 1883 }
8d718cbb
SK		 1884
1885 cache_end_insert();
0fc2f313
SK		 1886 }
1887 }
adca3e9c 1888
0fc2f313
SK		 1889 if (!ADD_RDLEN(header, p1, plen, rdlen1))
1890 return STAT_INSECURE;
adca3e9c
GB		 1891 }
1892
c5f4ec7d 1893 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
00a5b5d4
SK		 1894 if (have_answer)
1895 return STAT_SECURE;
1896
5107ace1 1897 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
5107ace1
SK		 1898 /* First marshall the NSEC records, if we've not done it previously */
1899 if (!nsec_type)
c5f4ec7d 1900 {
00a5b5d4 1901 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass);
c5f4ec7d 1902
5107ace1
SK		 1903 if (nsec_type == 0)
1904 return STAT_INSECURE; /* Bad packet */
1905 if (nsec_type == -1)
1906 return STAT_BOGUS; /* No NSECs */
c5f4ec7d 1907 }
00a5b5d4
SK		 1908
1909 /* Get name of missing answer */
1910 if (!extract_name(header, plen, &qname, name, 1, 0))
1911 return STAT_INSECURE;
5107ace1
SK		 1912
1913 if (nsec_type == T_NSEC)
00a5b5d4 1914 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
5107ace1 1915 else
00a5b5d4 1916 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
e292e93d
GB		 1917}
1918
00a5b5d4
SK		 1919/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
1920 Needed for proving answer in unsigned space.
1921 Return STAT_NEED_*
1922 STAT_BOGUS - error
1923 STAT_INSECURE - name of first non-secure record in name
1924*/
1925int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
1926{
1927 unsigned char *p = (unsigned char *)(header+1);
1928 int type, class, qtype, qclass, rdlen, j, rc;
1929 int cname_count = 10;
1930
1931 /* Get question */
1932 if (!extract_name(header, plen, &p, name, 1, 4))
1933 return STAT_BOGUS;
1934
1935 GETSHORT(qtype, p);
1936 GETSHORT(qclass, p);
1937
1938 while (1)
1939 {
1940 for (j = ntohs(header->ancount); j != 0; j--)
1941 {
1942 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1943 return STAT_BOGUS; /* bad packet */
1944
1945 GETSHORT(type, p);
1946 GETSHORT(class, p);
1947 p += 4; /* TTL */
1948 GETSHORT(rdlen, p);
1949
1950 /* Not target, loop */
1951 if (rc == 2 || qclass != class)
1952 {
1953 if (!ADD_RDLEN(header, p, plen, rdlen))
1954 return STAT_BOGUS;
1955 continue;
1956 }
1957
1958 /* Got to end of CNAME chain. */
1959 if (type != T_CNAME)
1960 return STAT_INSECURE;
1961
1962 /* validate CNAME chain, return if insecure or need more data */
1963 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, 0, 0, 0);
1964 if (rc != STAT_SECURE)
1965 {
1966 if (rc == STAT_NO_SIG)
1967 rc = STAT_INSECURE;
1968 return rc;
1969 }
1970
1971 /* Loop down CNAME chain/ */
1972 if (!cname_count-- ||
1973 !extract_name(header, plen, &p, name, 1, 0) ||
1974 !(p = skip_questions(header, plen)))
1975 return STAT_BOGUS;
1976
1977 break;
1978 }
1979
1980 /* End of CNAME chain */
1981 return STAT_INSECURE;
1982 }
1983}
1984
1985
3471f181 1986/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 1987int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 1988{
75ffc9bf
GB		 1989 if (alg == 1)
1990 {
1991 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
1992 See RFC4034, Appendix B.1 */
0fc2f313 1993 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 1994 }
1995 else
1996 {
1633e308 1997 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 1998 int i;
1999
0fc2f313
SK		 2000 for (i = 0; i < keylen; ++i)
2001 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 2002
0fc2f313
SK		 2003 ac += (ac >> 16) & 0xffff;
2004 return ac & 0xffff;
0304d28f 2005 }
3471f181 2006}
e292e93d 2007
5f8e58f4
SK		 2008size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2009{
2010 unsigned char *p;
610e782a 2011 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 2012
2013 if (addr->sa.sa_family == AF_INET)
2014 log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2015#ifdef HAVE_IPV6
2016 else
2017 log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2018#endif
2019
2020 header->qdcount = htons(1);
2021 header->ancount = htons(0);
2022 header->nscount = htons(0);
2023 header->arcount = htons(0);
e292e93d 2024
5f8e58f4
SK		 2025 header->hb3 = HB3_RD;
2026 SET_OPCODE(header, QUERY);
5b3bf921
SK		 2027 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2028 this allows it to select auth servers when one is returning bad data. */
2029 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 2030
2031 /* ID filled in later */
2032
2033 p = (unsigned char *)(header+1);
2034
2035 p = do_rfc1035_name(p, name);
2036 *p++ = 0;
2037 PUTSHORT(type, p);
2038 PUTSHORT(class, p);
2039
2040 return add_do_bit(header, p - (unsigned char *)header, end);
2041}
8a9be9e4 2042
613ad15d
SK		 2043/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2044 we've chopped out of the packet, or check they don't point into an elided part. */
2045static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2046{
2047 unsigned char *ansp = *namep;
2048
2049 while(1)
2050 {
2051 unsigned int label_type;
2052
2053 if (!CHECK_LEN(header, ansp, plen, 1))
2054 return 0;
2055
2056 label_type = (*ansp) & 0xc0;
2057
2058 if (label_type == 0xc0)
2059 {
2060 /* pointer for compression. */
00a5b5d4
SK		 2061 unsigned int offset;
2062 int i;
613ad15d
SK		 2063 unsigned char *p;
2064
2065 if (!CHECK_LEN(header, ansp, plen, 2))
2066 return 0;
2067
2068 offset = ((*ansp++) & 0x3f) << 8;
2069 offset |= *ansp++;
2070
2071 p = offset + (unsigned char *)header;
2072
2073 for (i = 0; i < rr_count; i++)
2074 if (p < rrs[i])
2075 break;
2076 else
2077 if (i & 1)
2078 offset -= rrs[i] - rrs[i-1];
2079
2080 /* does the pointer end up in an elided RR? */
2081 if (i & 1)
00a5b5d4 2082 return 0;
613ad15d
SK		 2083
2084 /* No, scale the pointer */
2085 if (fixup)
2086 {
2087 ansp -= 2;
2088 *ansp++ = (offset >> 8) | 0xc0;
2089 *ansp++ = offset & 0xff;
2090 }
2091 break;
2092 }
2093 else if (label_type == 0x80)
2094 return 0; /* reserved */
2095 else if (label_type == 0x40)
2096 {
2097 /* Extended label type */
2098 unsigned int count;
2099
2100 if (!CHECK_LEN(header, ansp, plen, 2))
2101 return 0;
2102
2103 if (((*ansp++) & 0x3f) != 1)
2104 return 0; /* we only understand bitstrings */
2105
2106 count = *(ansp++); /* Bits in bitstring */
2107
2108 if (count == 0) /* count == 0 means 256 bits */
2109 ansp += 32;
2110 else
2111 ansp += ((count-1)>>3)+1;
2112 }
2113 else
2114 { /* label type == 0 Bottom six bits is length */
2115 unsigned int len = (*ansp++) & 0x3f;
2116
2117 if (!ADD_RDLEN(header, ansp, plen, len))
2118 return 0;
2119
2120 if (len == 0)
2121 break; /* zero length label marks the end. */
2122 }
2123 }
2124
2125 *namep = ansp;
2126
2127 return 1;
2128}
2129
2130/* Go through RRs and check or fixup the domain names contained within */
2131static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2132{
2133 int i, type, class, rdlen;
00a5b5d4 2134 unsigned char *pp;
613ad15d
SK		 2135
2136 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2137 {
00a5b5d4
SK		 2138 pp = p;
2139
2140 if (!(p = skip_name(p, header, plen, 10)))
2141 return 0;
613ad15d
SK		 2142
2143 GETSHORT(type, p);
2144 GETSHORT(class, p);
2145 p += 4; /* TTL */
2146 GETSHORT(rdlen, p);
00a5b5d4 2147
613ad15d
SK		 2148 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2149 {
00a5b5d4
SK		 2150 /* fixup name of RR */
2151 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2152 return 0;
2153
613ad15d
SK		 2154 if (class == C_IN)
2155 {
2156 u16 *d;
14db4212
SK		 2157
2158 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
613ad15d
SK		 2159 {
2160 if (*d != 0)
2161 pp += *d;
2162 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2163 return 0;
2164 }
2165 }
2166 }
2167
2168 if (!ADD_RDLEN(header, p, plen, rdlen))
2169 return 0;
2170 }
2171
2172 return 1;
2173}
2174
2175
2176size_t filter_rrsigs(struct dns_header *header, size_t plen)
2177{
2178 static unsigned char **rrs;
2179 static int rr_sz = 0;
2180
2181 unsigned char *p = (unsigned char *)(header+1);
2182 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns;
2183
2184 if (ntohs(header->qdcount) != 1 ||
2185 !(p = skip_name(p, header, plen, 4)))
2186 return plen;
2187
2188 GETSHORT(qtype, p);
2189 GETSHORT(qclass, p);
2190
2191 /* First pass, find pointers to start and end of all the records we wish to elide:
2192 records added for DNSSEC, unless explicity queried for */
2193 for (rr_found = 0, chop_ns = 0, chop_an = 0, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2194 {
2195 unsigned char *pstart = p;
2196 int type, class;
2197
2198 if (!(p = skip_name(p, header, plen, 10)))
2199 return plen;
2200
2201 GETSHORT(type, p);
2202 GETSHORT(class, p);
2203 p += 4; /* TTL */
2204 GETSHORT(rdlen, p);
2205
2206 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2207 (type != qtype || class != qclass))
2208 {
2209 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2210 return plen;
2211
2212 rrs[rr_found++] = pstart;
2213
2214 if (!ADD_RDLEN(header, p, plen, rdlen))
2215 return plen;
2216
2217 rrs[rr_found++] = p;
2218
2219 if (i < ntohs(header->ancount))
2220 chop_an++;
2221 else
2222 chop_ns++;
2223 }
2224 else if (!ADD_RDLEN(header, p, plen, rdlen))
2225 return plen;
2226 }
2227
2228 /* Nothing to do. */
2229 if (rr_found == 0)
2230 return plen;
2231
2232 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2233 point to records we're going to elide. This is theoretically possible, but unlikely. If
2234 it happens, we give up and leave the answer unchanged. */
2235 p = (unsigned char *)(header+1);
2236
2237 /* question first */
2238 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2239 return plen;
2240 p += 4; /* qclass, qtype */
2241
2242 /* Now answers and NS */
2243 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2244 return plen;
2245
2246 /* Third pass, elide records */
2247 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2248 {
2249 unsigned char *start = rrs[i];
2250 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2251
2252 memmove(p, start, end-start);
2253 p += end-start;
2254 }
2255
2256 plen = p - (unsigned char *)header;
2257 header->ancount = htons(ntohs(header->ancount) - chop_an);
2258 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2259
2260 /* Fourth pass, fix up pointers in the remaining records */
2261 p = (unsigned char *)(header+1);
2262
2263 check_name(&p, header, plen, 1, rrs, rr_found);
2264 p += 4; /* qclass, qtype */
2265
2266 check_rrs(p, header, plen, 1, rrs, rr_found);
2267
2268 return plen;
2269}
2270
8a9be9e4
SK		 2271unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2272{
2273 int q;
2274 unsigned int len;
2275 unsigned char *p = (unsigned char *)(header+1);
2276 const struct nettle_hash *hash;
2277 void *ctx;
2278 unsigned char *digest;
5f8e58f4 2279
8a9be9e4
SK		 2280 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2281 return NULL;
2282
2283 for (q = ntohs(header->qdcount); q != 0; q--)
2284 {
2285 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 2286 break; /* bad packet */
8a9be9e4
SK		 2287
2288 len = to_wire(name);
2289 hash->update(ctx, len, (unsigned char *)name);
2290 /* CRC the class and type as well */
2291 hash->update(ctx, 4, p);
2292
2293 p += 4;
2294 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 2295 break; /* bad packet */
8a9be9e4 2296 }
703c7ff4
SK		 2297
2298 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 2299 return digest;
2300}
2301
0fc2f313 2302#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.