]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
An NSEC record cannot attest to its own non-existance!
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
0fc2f313 2 and Copyright (c) 2012-2014 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3
SK		 28#include <nettle/nettle-meta.h>
29#include <gmp.h>
c3e0b9b6 30
e292e93d
GB		 31#define SERIAL_UNDEF -100
32#define SERIAL_EQ 0
33#define SERIAL_LT -1
34#define SERIAL_GT 1
35
86bec2d3
SK		 36/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
37static char *ds_digest_name(int digest)
38{
39 switch (digest)
40 {
41 case 1: return "sha1";
42 case 2: return "sha256";
43 case 3: return "gosthash94";
44 case 4: return "sha384";
45 default: return NULL;
46 }
47}
48
49/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
50static char *algo_digest_name(int algo)
51{
52 switch (algo)
53 {
54 case 1: return "md5";
55 case 3: return "sha1";
56 case 5: return "sha1";
57 case 6: return "sha1";
58 case 7: return "sha1";
59 case 8: return "sha256";
60 case 10: return "sha512";
61 case 12: return "gosthash94";
62 case 13: return "sha256";
63 case 14: return "sha384";
64 default: return NULL;
65 }
66}
67
68/* Find pointer to correct hash function in nettle library */
69static const struct nettle_hash *hash_find(char *name)
70{
71 int i;
72
73 if (!name)
74 return NULL;
75
76 for (i = 0; nettle_hashes[i]; i++)
77 {
78 if (strcmp(nettle_hashes[i]->name, name) == 0)
79 return nettle_hashes[i];
80 }
81
82 return NULL;
83}
84
85/* expand ctx and digest memory allocations if necessary and init hash function */
86static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
87{
88 static void *ctx = NULL;
89 static unsigned char *digest = NULL;
90 static unsigned int ctx_sz = 0;
91 static unsigned int digest_sz = 0;
92
93 void *new;
94
95 if (ctx_sz < hash->context_size)
96 {
97 if (!(new = whine_malloc(hash->context_size)))
98 return 0;
99 if (ctx)
100 free(ctx);
101 ctx = new;
102 ctx_sz = hash->context_size;
103 }
104
105 if (digest_sz < hash->digest_size)
106 {
107 if (!(new = whine_malloc(hash->digest_size)))
108 return 0;
109 if (digest)
110 free(digest);
111 digest = new;
112 digest_sz = hash->digest_size;
113 }
114
115 *ctxp = ctx;
116 *digestp = digest;
117
118 hash->init(ctx);
119
120 return 1;
121}
122
123static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
124 unsigned char *digest, int algo)
125{
126 unsigned char *p;
127 size_t exp_len;
128
129 static struct rsa_public_key *key = NULL;
130 static mpz_t sig_mpz;
131
132 if (key == NULL)
133 {
134 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
135 return 0;
136
137 nettle_rsa_public_key_init(key);
138 mpz_init(sig_mpz);
139 }
140
141 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
142 return 0;
143
144 key_len--;
145 if ((exp_len = *p++) == 0)
146 {
147 GETSHORT(exp_len, p);
148 key_len -= 2;
149 }
150
151 if (exp_len >= key_len)
152 return 0;
153
154 key->size = key_len - exp_len;
155 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
156 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
157
158 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
159
160 switch (algo)
161 {
162 case 1:
163 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
164 case 5: case 7:
165 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
166 case 8:
167 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
168 case 10:
169 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
170 }
171
172 return 0;
173}
174
175static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
176 unsigned char *digest, int algo)
177{
178 unsigned char *p;
179 unsigned int t;
180
181 static struct dsa_public_key *key = NULL;
182 static struct dsa_signature *sig_struct;
183
184 if (key == NULL)
185 {
186 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
187 !(key = whine_malloc(sizeof(struct dsa_public_key))))
188 return 0;
189
190 nettle_dsa_public_key_init(key);
191 nettle_dsa_signature_init(sig_struct);
192 }
193
194 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
195 return 0;
196
197 t = *p++;
198
199 if (key_len < (213 + (t * 24)))
200 return 0;
ebe95a83 201
86bec2d3
SK		 202 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
203 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
204 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
205 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
206
207 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
208 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
209
210 (void)algo;
ebe95a83 211
86bec2d3
SK		 212 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
213}
214
c152dc84
SK		 215#ifndef NO_NETTLE_ECC
216static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
217 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 218 unsigned char *digest, size_t digest_len, int algo)
219{
220 unsigned char *p;
221 unsigned int t;
222 struct ecc_point *key;
223
224 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
225 static mpz_t x, y;
226 static struct dsa_signature *sig_struct;
227
228 if (!sig_struct)
229 {
230 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
231 return 0;
232
233 nettle_dsa_signature_init(sig_struct);
234 mpz_init(x);
235 mpz_init(y);
236 }
237
238 switch (algo)
239 {
240 case 13:
241 if (!key_256)
242 {
243 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
244 return 0;
245
246 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
247 }
248
249 key = key_256;
250 t = 32;
251 break;
252
253 case 14:
254 if (!key_384)
255 {
256 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
257 return 0;
258
259 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
260 }
261
262 key = key_384;
263 t = 48;
264 break;
265
266 default:
267 return 0;
268 }
269
270 if (sig_len != 2*t || key_len != 2*t ||
271 (p = blockdata_retrieve(key_data, key_len, NULL)))
272 return 0;
273
274 mpz_import(x, t , 1, 1, 0, 0, p);
275 mpz_import(y, t , 1, 1, 0, 0, p + t);
276
277 if (!ecc_point_set(key, x, y))
278 return 0;
279
280 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
281 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
282
283 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
284}
c152dc84
SK		 285#endif
286
86bec2d3 287static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 288 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 289{
7b1eae4f
SK		 290 (void)digest_len;
291
86bec2d3
SK		 292 switch (algo)
293 {
294 case 1: case 5: case 7: case 8: case 10:
295 return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
296
297 case 3: case 6:
298 return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 299
300#ifndef NO_NETTLE_ECC
ebe95a83
SK		 301 case 13: case 14:
302 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 303#endif
304 }
86bec2d3
SK		 305
306 return 0;
307}
308
0fc2f313
SK		 309/* Convert from presentation format to wire format, in place.
310 Also map UC -> LC.
311 Note that using extract_name to get presentation format
312 then calling to_wire() removes compression and maps case,
313 thus generating names in canonical form.
314 Calling to_wire followed by from_wire is almost an identity,
315 except that the UC remains mapped to LC.
316*/
317static int to_wire(char *name)
7f0485cf 318{
0fc2f313
SK		 319 unsigned char *l, *p, term;
320 int len;
321
322 for (l = (unsigned char*)name; *l != 0; l = p)
323 {
324 for (p = l; *p != '.' && *p != 0; p++)
325 if (*p >= 'A' && *p <= 'Z')
326 *p = *p - 'A' + 'a';
327
328 term = *p;
329
330 if ((len = p - l) != 0)
331 memmove(l+1, l, len);
332 *l = len;
333
334 p++;
335
336 if (term == 0)
337 *p = 0;
338 }
339
340 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 341}
342
0fc2f313
SK		 343/* Note: no compression allowed in input. */
344static void from_wire(char *name)
13e435eb 345{
0fc2f313
SK		 346 unsigned char *l;
347 int len;
13e435eb 348
0fc2f313 349 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 350 {
0fc2f313
SK		 351 len = *l;
352 memmove(l, l+1, len);
353 l[len] = '.';
13e435eb 354 }
7f0485cf 355
0fc2f313 356 *(l-1) = 0;
13e435eb
GB		 357}
358
5ada8885
SK		 359/* Input in presentation format */
360static int count_labels(char *name)
361{
362 int i;
363
364 if (*name == 0)
365 return 0;
366
367 for (i = 0; *name; name++)
368 if (*name == '.')
369 i++;
370
371 return i+1;
372}
373
5f8e58f4
SK		 374/* Implement RFC1982 wrapped compare for 32-bit numbers */
375static int serial_compare_32(unsigned long s1, unsigned long s2)
376{
377 if (s1 == s2)
378 return SERIAL_EQ;
0ca895f5 379
5f8e58f4
SK		 380 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
381 (s1 > s2 && (s1 - s2) > (1UL<<31)))
382 return SERIAL_LT;
383 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
384 (s1 > s2 && (s1 - s2) < (1UL<<31)))
385 return SERIAL_GT;
386 return SERIAL_UNDEF;
387}
0852d76b 388
5f8e58f4
SK		 389/* Check whether today/now is between date_start and date_end */
390static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 391{
5f8e58f4
SK		 392 unsigned long curtime = time(0);
393
394 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
395 return serial_compare_32(curtime, date_start) == SERIAL_GT
396 && serial_compare_32(curtime, date_end) == SERIAL_LT;
397}
f119ed38 398
5f8e58f4
SK		 399static u16 *get_desc(int type)
400{
401 /* List of RRtypes which include domains in the data.
402 0 -> domain
403 integer -> no of plain bytes
404 -1 -> end
405
406 zero is not a valid RRtype, so the final entry is returned for
407 anything which needs no mangling.
408 */
409
410 static u16 rr_desc[] =
411 {
412 T_NS, 0, -1,
413 T_MD, 0, -1,
414 T_MF, 0, -1,
415 T_CNAME, 0, -1,
416 T_SOA, 0, 0, -1,
417 T_MB, 0, -1,
418 T_MG, 0, -1,
419 T_MR, 0, -1,
420 T_PTR, 0, -1,
421 T_MINFO, 0, 0, -1,
422 T_MX, 2, 0, -1,
423 T_RP, 0, 0, -1,
424 T_AFSDB, 2, 0, -1,
425 T_RT, 2, 0, -1,
426 T_SIG, 18, 0, -1,
427 T_PX, 2, 0, 0, -1,
428 T_NXT, 0, -1,
429 T_KX, 2, 0, -1,
430 T_SRV, 6, 0, -1,
431 T_DNAME, 0, -1,
5f8e58f4
SK		 432 0, -1 /* wildcard/catchall */
433 };
434
435 u16 *p = rr_desc;
436
437 while (*p != type && *p != 0)
438 while (*p++ != (u16)-1);
f119ed38 439
5f8e58f4
SK		 440 return p+1;
441}
0852d76b 442
5f8e58f4
SK		 443/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
444 data, pointed to by *p, should be used raw. */
445static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff,
446 unsigned char **p, u16 **desc)
447{
448 int d = **desc;
449
450 (*desc)++;
451
452 /* No more data needs mangling */
453 if (d == (u16)-1)
454 return 0;
455
456 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
457 /* domain-name, canonicalise */
458 return to_wire(buff);
459 else
460 {
461 /* plain data preceding a domain-name, don't run off the end of the data */
462 if ((end - *p) < d)
463 d = end - *p;
464
465 if (d != 0)
466 {
467 memcpy(buff, *p, d);
468 *p += d;
469 }
470
471 return d;
472 }
0852d76b
GB		 473}
474
5f8e58f4
SK		 475/* Bubble sort the RRset into the canonical order.
476 Note that the byte-streams from two RRs may get unsynced: consider
477 RRs which have two domain-names at the start and then other data.
478 The domain-names may have different lengths in each RR, but sort equal
479
480 ------------
481 |abcde|fghi|
482 ------------
483 |abcd|efghi|
484 ------------
485
486 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
487*/
488
489static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
490 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 491{
5f8e58f4 492 int swap, quit, i;
0fc2f313 493
5f8e58f4
SK		 494 do
495 {
496 for (swap = 0, i = 0; i < rrsetidx-1; i++)
497 {
498 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
499 u16 *dp1, *dp2;
500 unsigned char *end1, *end2;
5107ace1
SK		 501 /* Note that these have been determined to be OK previously,
502 so we don't need to check for NULL return here. */
5f8e58f4
SK		 503 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
504 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
505
506 p1 += 8; /* skip class, type, ttl */
507 GETSHORT(rdlen1, p1);
508 end1 = p1 + rdlen1;
509
510 p2 += 8; /* skip class, type, ttl */
511 GETSHORT(rdlen2, p2);
512 end2 = p2 + rdlen2;
513
514 dp1 = dp2 = rr_desc;
515
1486a9c7 516 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 517 {
1486a9c7
SK		 518 if (left1 != 0)
519 memmove(buff1, buff1 + len1 - left1, left1);
520
5f8e58f4
SK		 521 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
522 {
523 quit = 1;
524 len1 = end1 - p1;
525 memcpy(buff1 + left1, p1, len1);
526 }
527 len1 += left1;
528
1486a9c7
SK		 529 if (left2 != 0)
530 memmove(buff2, buff2 + len2 - left2, left2);
531
5f8e58f4
SK		 532 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
533 {
534 quit = 1;
535 len2 = end2 - p2;
536 memcpy(buff2 + left2, p2, len2);
537 }
538 len2 += left2;
539
540 if (len1 > len2)
1486a9c7 541 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 542 else
1486a9c7 543 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 544
6fd6dacb 545 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 546
4619d946 547 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 548 {
549 unsigned char *tmp = rrset[i+1];
550 rrset[i+1] = rrset[i];
551 rrset[i] = tmp;
552 swap = quit = 1;
553 }
6fd6dacb
SK		 554 else if (rc < 0)
555 quit = 1;
5f8e58f4
SK		 556 }
557 }
558 } while (swap);
559}
c3e0b9b6 560
5f8e58f4
SK		 561/* Validate a single RRset (class, type, name) in the supplied DNS reply
562 Return code:
563 STAT_SECURE if it validates.
5107ace1 564 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
5f8e58f4
SK		 565 STAT_INSECURE can't validate (no RRSIG, bad packet).
566 STAT_BOGUS signature is wrong.
567 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
568
569 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
570 otherwise find the key in the cache.
5107ace1
SK		 571
572 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4
SK		 573*/
574static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class,
e7829aef 575 int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 576{
577 static unsigned char **rrset = NULL, **sigs = NULL;
578 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 579
5f8e58f4 580 unsigned char *p;
5ada8885 581 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 582 struct crec *crecp = NULL;
583 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
584 u16 *rr_desc = get_desc(type);
c3e0b9b6 585
5f8e58f4
SK		 586 if (!(p = skip_questions(header, plen)))
587 return STAT_INSECURE;
c3e0b9b6 588
5ada8885
SK		 589 name_labels = count_labels(name); /* For 4035 5.3.2 check */
590
591 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 592 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
593 j != 0; j--)
594 {
595 unsigned char *pstart, *pdata;
b98d22c1 596 int stype, sclass;
c3e0b9b6 597
5f8e58f4
SK		 598 pstart = p;
599
600 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
601 return STAT_INSECURE; /* bad packet */
602
603 GETSHORT(stype, p);
604 GETSHORT(sclass, p);
b98d22c1 605 p += 4; /* TTL */
5f8e58f4
SK		 606
607 pdata = p;
c3e0b9b6 608
5f8e58f4
SK		 609 GETSHORT(rdlen, p);
610
e7829aef
SK		 611 if (!CHECK_LEN(header, p, plen, rdlen))
612 return STAT_INSECURE;
613
5f8e58f4
SK		 614 if (res == 1 && sclass == class)
615 {
616 if (stype == type)
617 {
618 if (rrsetidx == rrset_sz)
619 {
620 unsigned char **new;
621
bb201c21
SK		 622 /* Protect against insane/maliciuos queries which bloat the workspace
623 and eat CPU in the sort */
624 if (rrsetidx >= 100)
625 return STAT_INSECURE;
626
5f8e58f4
SK		 627 /* expand */
628 if (!(new = whine_malloc((rrset_sz + 5) * sizeof(unsigned char **))))
629 return STAT_INSECURE;
630
631 if (rrset)
632 {
633 memcpy(new, rrset, rrset_sz * sizeof(unsigned char **));
634 free(rrset);
635 }
636
637 rrset = new;
638 rrset_sz += 5;
639 }
640 rrset[rrsetidx++] = pstart;
641 }
642
643 if (stype == T_RRSIG)
644 {
5ada8885
SK		 645 if (rdlen < 18)
646 return STAT_INSECURE; /* bad packet */
647
648 GETSHORT(type_covered, p);
5ada8885 649
e7829aef 650 if (type_covered == type)
5ada8885
SK		 651 {
652 if (sigidx == sig_sz)
653 {
654 unsigned char **new;
655
656 /* expand */
657 if (!(new = whine_malloc((sig_sz + 5) * sizeof(unsigned char **))))
658 return STAT_INSECURE;
659
660 if (sigs)
661 {
662 memcpy(new, sigs, sig_sz * sizeof(unsigned char **));
663 free(sigs);
664 }
665
666 sigs = new;
667 sig_sz += 5;
668 }
669
670 sigs[sigidx++] = pdata;
e7829aef 671 }
e7829aef 672 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 673 }
674 }
675
676 if (!ADD_RDLEN(header, p, plen, rdlen))
677 return STAT_INSECURE;
678 }
c3e0b9b6 679
5f8e58f4
SK		 680 /* RRset empty, no RRSIGs */
681 if (rrsetidx == 0 || sigidx == 0)
682 return STAT_INSECURE;
683
684 /* Sort RRset records into canonical order.
d387380a 685 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 686 unused, and used as workspace by the sort. */
d387380a 687 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 688
689 /* Now try all the sigs to try and find one which validates */
690 for (j = 0; j <sigidx; j++)
691 {
d387380a 692 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 693 int i, wire_len, sig_len;
694 const struct nettle_hash *hash;
695 void *ctx;
d387380a 696 char *name_start;
5f8e58f4
SK		 697 u32 nsigttl;
698
699 p = sigs[j];
5ada8885 700 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 701 psav = p;
702
5ada8885 703 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 704 algo = *p++;
705 labels = *p++;
706 GETLONG(orig_ttl, p);
e7829aef
SK		 707 GETLONG(sig_expiration, p);
708 GETLONG(sig_inception, p);
5f8e58f4
SK		 709 GETSHORT(key_tag, p);
710
5f8e58f4
SK		 711 if (!extract_name(header, plen, &p, keyname, 1, 0))
712 return STAT_INSECURE;
d387380a
SK		 713
714 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
715 the name of the zone containing the RRset. We can't tell that
716 for certain, but we can check that the RRset name is equal to
717 or encloses the signers name, which should be enough to stop
718 an attacker using signatures made with the key of an unrelated
719 zone he controls. Note that the root key is always allowed. */
720 if (*keyname != 0)
721 {
722 int failed = 0;
723
724 for (name_start = name; !hostname_isequal(name_start, keyname); )
725 if ((name_start = strchr(name_start, '.')))
726 name_start++; /* chop a label off and try again */
727 else
728 {
729 failed = 1;
730 break;
731 }
732
733 /* Bad sig, try another */
734 if (failed)
735 continue;
736 }
5f8e58f4 737
d387380a 738 /* Other 5.3.1 checks */
e7829aef
SK		 739 if (!check_date_range(sig_inception, sig_expiration) ||
740 labels > name_labels ||
741 !(hash = hash_find(algo_digest_name(algo))) ||
742 !hash_init(hash, &ctx, &digest))
743 continue;
744
5f8e58f4
SK		 745 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
746 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
747 return STAT_NEED_KEY;
748
86bec2d3
SK		 749 sig = p;
750 sig_len = rdlen - (p - psav);
e7829aef 751
5f8e58f4
SK		 752 nsigttl = htonl(orig_ttl);
753
86bec2d3 754 hash->update(ctx, 18, psav);
5f8e58f4 755 wire_len = to_wire(keyname);
86bec2d3 756 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 757 from_wire(keyname);
758
5f8e58f4
SK		 759 for (i = 0; i < rrsetidx; ++i)
760 {
761 int seg;
762 unsigned char *end, *cp;
763 u16 len, *dp;
d387380a 764
5f8e58f4
SK		 765 p = rrset[i];
766 if (!extract_name(header, plen, &p, name, 1, 10))
767 return STAT_INSECURE;
5ada8885 768
d387380a
SK		 769 name_start = name;
770
5ada8885
SK		 771 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
772 if (labels < name_labels)
773 {
774 int k;
775 for (k = name_labels - labels; k != 0; k--)
776 while (*name_start != '.' && *name_start != 0)
777 name_start++;
778 name_start--;
779 *name_start = '*';
780 }
781
782 wire_len = to_wire(name_start);
86bec2d3
SK		 783 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
784 hash->update(ctx, 4, p); /* class and type */
785 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 786
787 p += 8; /* skip class, type, ttl */
788 GETSHORT(rdlen, p);
5ada8885
SK		 789 if (!CHECK_LEN(header, p, plen, rdlen))
790 return STAT_INSECURE;
791
5f8e58f4
SK		 792 end = p + rdlen;
793
794 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
795 cp = p;
796 dp = rr_desc;
797 for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
798 len += end - cp;
799 len = htons(len);
86bec2d3 800 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 801
802 /* Now canonicalise again and digest. */
803 cp = p;
804 dp = rr_desc;
805 while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
86bec2d3 806 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 807 if (cp != end)
86bec2d3 808 hash->update(ctx, end - cp, cp);
5f8e58f4 809 }
86bec2d3
SK		 810
811 hash->digest(ctx, hash->digest_size, digest);
812
5ada8885
SK		 813 /* namebuff used for workspace above, restore to leave unchanged on exit */
814 p = (unsigned char*)(rrset[0]);
815 extract_name(header, plen, &p, name, 1, 0);
816
5f8e58f4
SK		 817 if (key)
818 {
819 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 820 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 821 return STAT_SECURE;
822 }
823 else
824 {
825 /* iterate through all possible keys 4035 5.3.1 */
826 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 827 if (crecp->addr.key.algo == algo &&
828 crecp->addr.key.keytag == key_tag &&
824202ef 829 crecp->uid == class &&
ebe95a83 830 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 831 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 832 }
833 }
834
835 return STAT_BOGUS;
836}
837
0fc2f313 838/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 839 Put all DNSKEYs in the answer which are valid into the cache.
840 return codes:
841 STAT_INSECURE bad packet, no DNSKEYs in reply.
842 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313
SK		 843 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
844 or self-sign for DNSKEY RRset is not valid.
845 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 846*/
847int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
848{
0fc2f313 849 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 850 struct crec *crecp, *recp1;
8d718cbb 851 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 852 struct blockdata *key;
51ea3ca2 853 struct all_addr a;
c3e0b9b6 854
5f8e58f4
SK		 855 if (ntohs(header->qdcount) != 1 ||
856 !extract_name(header, plen, &p, name, 1, 4))
8d718cbb 857 return STAT_INSECURE;
5f8e58f4 858
c3e0b9b6
SK		 859 GETSHORT(qtype, p);
860 GETSHORT(qclass, p);
861
0fc2f313 862 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 863 return STAT_BOGUS;
c3e0b9b6 864
0fc2f313
SK		 865 /* See if we have cached a DS record which validates this key */
866 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
867 {
868 strcpy(keyname, name);
869 return STAT_NEED_DS;
870 }
871
0fc2f313 872 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 873 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 874 {
875 /* Ensure we have type, class TTL and length */
0fc2f313 876 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
c3e0b9b6
SK		 877 return STAT_INSECURE; /* bad packet */
878
879 GETSHORT(qtype, p);
880 GETSHORT(qclass, p);
881 GETLONG(ttl, p);
882 GETSHORT(rdlen, p);
6f468103 883
0fc2f313
SK		 884 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
885 return STAT_INSECURE; /* bad packet */
886
6f468103
SK		 887 if (qclass != class || qtype != T_DNSKEY || rc == 2)
888 {
889 p += rdlen;
890 continue;
891 }
892
0fc2f313 893 psave = p;
c3e0b9b6 894
c3e0b9b6 895 GETSHORT(flags, p);
0fc2f313 896 if (*p++ != 3)
f01d7be6 897 return STAT_BOGUS;
c3e0b9b6 898 algo = *p++;
0fc2f313 899 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 900 key = NULL;
c3e0b9b6 901
e7829aef
SK		 902 /* key must have zone key flag set */
903 if (flags & 0x100)
904 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 905
0fc2f313 906 p = psave;
e7829aef 907
0fc2f313 908 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 909 {
910 if (key)
911 blockdata_free(key);
912 return STAT_INSECURE; /* bad packet */
913 }
914
e7829aef
SK		 915 /* No zone key flag or malloc failure */
916 if (!key)
0fc2f313
SK		 917 continue;
918
919 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 920 {
921 void *ctx;
922 unsigned char *digest, *ds_digest;
923 const struct nettle_hash *hash;
924
51ea3ca2
SK		 925 if (recp1->addr.ds.algo == algo &&
926 recp1->addr.ds.keytag == keytag &&
824202ef 927 recp1->uid == class &&
51ea3ca2 928 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 929 hash_init(hash, &ctx, &digest))
0fc2f313 930
86bec2d3
SK		 931 {
932 int wire_len = to_wire(name);
933
934 /* Note that digest may be different between DSs, so
935 we can't move this outside the loop. */
936 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
937 hash->update(ctx, (unsigned int)rdlen, psave);
938 hash->digest(ctx, hash->digest_size, digest);
939
940 from_wire(name);
941
824202ef
SK		 942 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
943 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
944 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
f6a2b793 945 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 946 {
86bec2d3 947 valid = 1;
86bec2d3
SK		 948 break;
949 }
950 }
951 }
e7829aef 952 blockdata_free(key);
c3e0b9b6 953 }
c3e0b9b6 954
0fc2f313
SK		 955 if (valid)
956 {
8d718cbb 957 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 958 cache_start_insert();
959
960 p = skip_questions(header, plen);
961
962 for (j = ntohs(header->ancount); j != 0; j--)
963 {
964 /* Ensure we have type, class TTL and length */
965 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
966 return STAT_INSECURE; /* bad packet */
967
968 GETSHORT(qtype, p);
969 GETSHORT(qclass, p);
970 GETLONG(ttl, p);
971 GETSHORT(rdlen, p);
8d718cbb
SK		 972
973 if (!CHECK_LEN(header, p, plen, rdlen))
e7829aef 974 return STAT_INSECURE; /* bad packet */
e7829aef 975
8d718cbb 976 if (qclass == class && rc == 1)
e7829aef 977 {
8d718cbb 978 psave = p;
e7829aef 979
8d718cbb
SK		 980 if (qtype == T_DNSKEY)
981 {
982 if (rdlen < 4)
983 return STAT_INSECURE; /* bad packet */
984
985 GETSHORT(flags, p);
986 if (*p++ != 3)
f01d7be6 987 return STAT_BOGUS;
8d718cbb
SK		 988 algo = *p++;
989 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
990
991 /* Cache needs to known class for DNSSEC stuff */
992 a.addr.dnssec.class = class;
993
994 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
995 {
996 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
997 blockdata_free(key);
998 else
999 {
1000 a.addr.keytag = keytag;
1001 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1002
1003 recp1->addr.key.keylen = rdlen - 4;
1004 recp1->addr.key.keydata = key;
1005 recp1->addr.key.algo = algo;
1006 recp1->addr.key.keytag = keytag;
1007 recp1->addr.key.flags = flags;
1008 recp1->uid = class;
1009 }
1010 }
1011 }
1012 else if (qtype == T_RRSIG)
1013 {
1014 /* RRSIG, cache if covers DNSKEY RRset */
1015 if (rdlen < 18)
1016 return STAT_INSECURE; /* bad packet */
1017
1018 GETSHORT(type_covered, p);
1019
1020 if (type_covered == T_DNSKEY)
1021 {
1022 a.addr.dnssec.class = class;
1023 a.addr.dnssec.type = type_covered;
1024
1025 algo = *p++;
1026 p += 13; /* labels, orig_ttl, expiration, inception */
1027 GETSHORT(keytag, p);
1028 if ((key = blockdata_alloc((char*)psave, rdlen)))
1029 {
1030 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1031 blockdata_free(key);
1032 else
1033 {
1034 crecp->uid = class;
1035 crecp->addr.sig.keydata = key;
1036 crecp->addr.sig.keylen = rdlen;
1037 crecp->addr.sig.keytag = keytag;
1038 crecp->addr.sig.type_covered = type_covered;
1039 crecp->addr.sig.algo = algo;
1040 }
1041 }
1042 }
1043 }
e7829aef 1044
8d718cbb 1045 p = psave;
e7829aef 1046 }
8d718cbb 1047
e7829aef
SK		 1048 if (!ADD_RDLEN(header, p, plen, rdlen))
1049 return STAT_INSECURE; /* bad packet */
1050 }
1051
0fc2f313
SK		 1052 /* commit cache insert. */
1053 cache_end_insert();
1054 return STAT_SECURE;
1055 }
1056
1057 log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1058 return STAT_BOGUS;
c3e0b9b6 1059}
0fc2f313 1060
c3e0b9b6
SK		 1061/* The DNS packet is expected to contain the answer to a DS query
1062 Put all DSs in the answer which are valid into the cache.
1063 return codes:
0fc2f313 1064 STAT_INSECURE bad packet, no DS in reply.
c3e0b9b6
SK		 1065 STAT_SECURE At least one valid DS found and in cache.
1066 STAT_BOGUS At least one DS found, which fails validation.
1067 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1068*/
1069
1070int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1071{
51ea3ca2
SK		 1072 unsigned char *p = (unsigned char *)(header+1);
1073 int qtype, qclass, val;
c3e0b9b6 1074
5f8e58f4
SK		 1075 if (ntohs(header->qdcount) != 1 ||
1076 !extract_name(header, plen, &p, name, 1, 4))
8d718cbb
SK		 1077 return STAT_INSECURE;
1078
c3e0b9b6
SK		 1079 GETSHORT(qtype, p);
1080 GETSHORT(qclass, p);
1081
0fc2f313 1082 if (qtype != T_DS || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 1083 return STAT_BOGUS;
0fc2f313 1084
51ea3ca2
SK		 1085 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL);
1086
0fc2f313 1087 if (val == STAT_BOGUS)
8d718cbb
SK		 1088 {
1089 p = (unsigned char *)(header+1);
1090 extract_name(header, plen, &p, name, 1, 4);
1091 log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
1092 }
c3e0b9b6 1093
51ea3ca2 1094 return val;
c3e0b9b6
SK		 1095}
1096
c5f4ec7d
SK		 1097/* 4034 6.1 */
1098static int hostname_cmp(const char *a, const char *b)
1099{
dbf72123
SK		 1100 char *sa, *ea, *ca, *sb, *eb, *cb;
1101 unsigned char ac, bc;
1102
1103 sa = ea = (char *)a + strlen(a);
1104 sb = eb = (char *)b + strlen(b);
1105
c5f4ec7d
SK		 1106 while (1)
1107 {
dbf72123
SK		 1108 while (sa != a && *(sa-1) != '.')
1109 sa--;
c5f4ec7d 1110
dbf72123
SK		 1111 while (sb != b && *(sb-1) != '.')
1112 sb--;
1113
1114 ca = sa;
1115 cb = sb;
1116
1117 while (1)
1118 {
1119 if (ca == ea)
1120 {
1121 if (cb == eb)
1122 break;
1123
1124 return -1;
1125 }
c5f4ec7d 1126
dbf72123
SK		 1127 if (cb == eb)
1128 return 1;
1129
1130 ac = (unsigned char) *ca++;
1131 bc = (unsigned char) *cb++;
1132
1133 if (ac >= 'A' && ac <= 'Z')
1134 ac += 'a' - 'A';
1135 if (bc >= 'A' && bc <= 'Z')
1136 bc += 'a' - 'A';
1137
979cdf9b 1138 if (ac < bc)
dbf72123
SK		 1139 return -1;
1140 else if (ac != bc)
1141 return 1;
1142 }
c5f4ec7d 1143
dbf72123
SK		 1144
1145 if (sa == a)
c5f4ec7d 1146 {
dbf72123
SK		 1147 if (sb == b)
1148 return 0;
c5f4ec7d 1149
dbf72123 1150 return -1;
c5f4ec7d
SK		 1151 }
1152
dbf72123
SK		 1153 if (sb == b)
1154 return 1;
c5f4ec7d 1155
dbf72123
SK		 1156 ea = sa--;
1157 eb = sb--;
c5f4ec7d
SK		 1158 }
1159}
1160
5107ace1
SK		 1161/* Find all the NSEC or NSEC3 records in a reply.
1162 return an array of pointers to them. */
1163static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1164{
1165 static unsigned char **nsecset = NULL;
1166 static int nsecset_sz = 0;
1167
1168 int type_found = -1;
1169 unsigned char *p = skip_questions(header, plen);
1170 int type, class, rdlen, i, nsecs_found;
1171
1172 /* Move to NS section */
1173 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1174 return 0;
1175
1176 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1177 {
1178 unsigned char *pstart = p;
1179
1180 if (!(p = skip_name(p, header, plen, 10)))
1181 return 0;
1182
1183 GETSHORT(type, p);
1184 GETSHORT(class, p);
1185 p += 4; /* TTL */
1186 GETSHORT(rdlen, p);
1187
1188 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1189 {
1190 /* No mixed NSECing 'round here, thankyouverymuch */
1191 if (type_found == T_NSEC && type == T_NSEC3)
1192 return 0;
1193 if (type_found == T_NSEC3 && type == T_NSEC)
1194 return 0;
1195
1196 type_found = type;
1197
1198 if (nsecs_found == nsecset_sz)
1199 {
1200 unsigned char **new;
1201
1202 /* Protect against insane/malicious queries which bloat the workspace
1203 and eat CPU in the sort */
1204 if (nsecs_found >= 100)
1205 return 0;
1206
1207 /* expand */
1208 if (!(new = whine_malloc((nsecset_sz + 5) * sizeof(unsigned char **))))
1209 return 0;
1210
1211 if (nsecset)
1212 {
1213 memcpy(new, nsecset, nsecset_sz * sizeof(unsigned char **));
1214 free(nsecset);
1215 }
1216
1217 nsecset = new;
1218 nsecset_sz += 5;
1219 }
1220
1221 nsecset[nsecs_found++] = pstart;
1222 }
1223
1224 if (!ADD_RDLEN(header, p, plen, rdlen))
1225 return 0;
1226 }
1227
1228 *nsecsetp = nsecset;
1229 *nsecsetl = nsecs_found;
1230
1231 return type_found;
1232}
1233
1234static int prove_non_existance_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1235 char *workspace1, char *workspace2, char *name, int type)
1236{
1237 int i, rc, rdlen;
1238 unsigned char *p, *psave;
1239 int offset = (type & 0xff) >> 3;
1240 int mask = 0x80 >> (type & 0x07);
1241
1242 /* Find NSEC record that proves name doesn't exist */
1243 for (i = 0; i < nsec_count; i++)
1244 {
1245 p = nsecs[i];
1246 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1247 return STAT_INSECURE;
1248 p += 8; /* class, type, TTL */
1249 GETSHORT(rdlen, p);
1250 psave = p;
1251 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1252 return STAT_INSECURE;
1253
1254 rc = hostname_cmp(workspace1, name);
1255
1256 if (rc == 0)
1257 {
f01d7be6
SK		 1258 /* 4035 para 5.4. Last sentence */
1259 if (type == T_NSEC || type == T_RRSIG)
1260 return STAT_SECURE;
1261
5107ace1
SK		 1262 /* NSEC with the same name as the RR we're testing, check
1263 that the type in question doesn't appear in the type map */
1264 rdlen -= p - psave;
1265 /* rdlen is now length of type map, and p points to it */
1266
1267 while (rdlen >= 2)
1268 {
1269 if (!CHECK_LEN(header, p, plen, rdlen))
1270 return STAT_INSECURE;
1271
1272 if (p[0] == type >> 8)
1273 {
1274 /* Does the NSEC say our type exists? */
1275 if (offset < p[1] &&
1276 (p[offset+2] & mask) != 0)
1277 return STAT_BOGUS;
1278
1279 break; /* finshed checking */
1280 }
1281
1282 rdlen -= p[1];
1283 p += p[1];
1284 }
1285
1286 return STAT_SECURE;
1287 }
1288 else if (rc == -1)
1289 {
1290 /* Normal case, name falls between NSEC name and next domain name,
1291 wrap around case, name falls between NSEC name (rc == -1) and end */
1292 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1293 return STAT_SECURE;
1294 }
1295 else
1296 {
1297 /* wrap around case, name falls between start and next domain name */
1298 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1299 return STAT_SECURE;
1300 }
1301 }
1302
1303 return STAT_BOGUS;
1304}
1305
1306/* return digest length, or zero on error */
1307static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1308 unsigned char *salt, int salt_len, int iterations)
1309{
1310 void *ctx;
1311 unsigned char *digest;
1312 int i;
1313
1314 if (!hash_init(hash, &ctx, &digest))
1315 return 0;
1316
1317 hash->update(ctx, to_wire(in), (unsigned char *)in);
1318 hash->update(ctx, salt_len, salt);
1319 hash->digest(ctx, hash->digest_size, digest);
1320
1321 for(i = 0; i < iterations; i++)
1322 {
1323 hash->update(ctx, hash->digest_size, digest);
1324 hash->update(ctx, salt_len, salt);
1325 hash->digest(ctx, hash->digest_size, digest);
1326 }
1327
1328 from_wire(in);
1329
1330 *out = digest;
1331 return hash->digest_size;
1332}
1333
1334/* Decode base32 to first "." or end of string */
1335static int base32_decode(char *in, unsigned char *out)
1336{
1337 int oc = 0, on = 0, c, mask, i;
1338 unsigned char *p = out;
1339
1340 while (1)
1341 {
1342 c = *in++;
1343
1344 if (c == 0 || c == '.')
1345 break;
1346
1347 if (c >= '0' && c <= '9')
1348 c -= '0';
1349 else if (c >= 'a' && c <= 'v')
1350 c -= 'a', c += 10;
1351 else if (c >= 'A' && c <= 'V')
1352 c -= 'A', c += 10;
1353 else
1354 return 0;
1355
1356 for (mask = 0x10, i = 0; i < 5; i++)
1357 {
1358 if (c & mask)
1359 oc |= 1;
1360 mask = mask >> 1;
1361 if (((++on) & 7) == 0)
1362 *p++ = oc;
1363 oc = oc << 1;
1364 }
1365 }
1366
1367 if ((on & 7) != 0)
1368 return 0;
1369
1370 return p - out;
1371}
1372
1373static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1374 char *workspace1, char *workspace2, char *name, int type)
1375{
1376 unsigned char *salt, *p, *digest, hash_len;
1377 int digest_size, i, iterations, salt_len, algo = 0;
1378 struct nettle_hash const *hash;
1379 char *closest_encloser, *next_closest, *wildcard;
1380
1381 /* Look though the NSEC3 records to find the first one with
1382 an algorithm we support (currently only algo == 1).
1383
1384 Take the algo, iterations, and salt of that record
1385 as the ones we're going to use, and prune any
1386 that don't match. */
1387
1388 for (i = 0; i < nsec_count; i++)
1389 {
1390 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1391 return STAT_INSECURE; /* bad packet */
1392
1393 p += 10; /* type, class, TTL, rdlen */
1394 algo = *p++;
1395
1396 if (algo == 1)
1397 break; /* known algo */
1398 }
1399
1400 /* No usable NSEC3s */
1401 if (i == nsec_count)
1402 return STAT_BOGUS;
1403
1404 p++; /* flags */
1405 GETSHORT (iterations, p);
1406 salt_len = *p++;
1407 salt = p;
1408 if (!CHECK_LEN(header, salt, plen, salt_len))
1409 return STAT_INSECURE; /* bad packet */
1410
1411 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1412 for (i = 0; i < nsec_count; i++)
1413 {
1414 unsigned char *nsec3p = nsecs[i];
1415 int this_iter;
1416
1417 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1418
1419 if (!(p = skip_name(nsec3p, header, plen, 15)))
1420 return STAT_INSECURE; /* bad packet */
1421
1422 p += 10; /* type, class, TTL, rdlen */
1423
1424 if (*p++ != algo)
1425 continue;
1426
1427 p++; /* flags */
1428
1429 GETSHORT (this_iter, p);
1430 if (this_iter != iterations)
1431 continue;
1432
1433 if (salt_len != *p++)
1434 continue;
1435
1436 if (!CHECK_LEN(header, p, plen, salt_len))
1437 return STAT_INSECURE; /* bad packet */
1438
1439 if (memcmp(p, salt, salt_len) != 0)
1440 continue;
1441
1442 /* All match, put the pointer back */
1443 nsecs[i] = nsec3p;
1444 }
1445
1446 /* Algo is checked as 1 above */
1447 if (!(hash = hash_find("sha1")))
1448 return STAT_INSECURE;
1449
1450 /* Now, we need the "closest encloser NSEC3" */
1451 closest_encloser = name;
1452 next_closest = NULL;
1453
1454 do
1455 {
1456 if (*closest_encloser == '.')
1457 closest_encloser++;
c5f4ec7d 1458
5107ace1
SK		 1459 if ((digest_size = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1460 return STAT_INSECURE;
1461
1462 for (i = 0; i < nsec_count; i++)
1463 if ((p = nsecs[i]))
1464 {
1465 int base32_size;
1466
1467 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1468 !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2)))
1469 return STAT_INSECURE;
1470
1471 if (digest_size == base32_size &&
1472 memcmp(digest, workspace2, digest_size) == 0)
1473 break; /* Gotit */
1474 }
1475
1476 if (i != nsec_count)
1477 break;
1478
1479 next_closest = closest_encloser;
1480 }
1481 while ((closest_encloser = strchr(closest_encloser, '.')));
1482
1483 /* No usable NSEC3s */
1484 if (i == nsec_count)
1485 return STAT_BOGUS;
1486
1487 if (!next_closest)
1488 {
1489 /* We found an NSEC3 whose hashed name exactly matches the query, so
1490 Now we just need to check the type map. p points to the RR data for the record. */
1491 int hash_len, rdlen;
1492 unsigned char *psave;
1493 int offset = (type & 0xff) >> 3;
1494 int mask = 0x80 >> (type & 0x07);
1495
1496 p += 8; /* class, type, TTL */
1497 GETSHORT(rdlen, p);
1498 psave = p;
1499 p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */
1500 hash_len = *p++;
1501 if (!CHECK_LEN(header, p, plen, hash_len))
1502 return STAT_INSECURE; /* bad packet */
1503 p += hash_len;
1504 rdlen -= p - psave;
1505
1506 while (rdlen >= 2)
1507 {
1508 if (!CHECK_LEN(header, p, plen, rdlen))
1509 return STAT_INSECURE;
1510
1511 if (p[0] == type >> 8)
1512 {
1513 /* Does the NSEC say our type exists? */
1514 if (offset < p[1] &&
1515 (p[offset+2] & mask) != 0)
1516 return STAT_BOGUS;
1517
1518 break; /* finshed checking */
1519 }
1520
1521 rdlen -= p[1];
1522 p += p[1];
1523 }
1524
1525 return STAT_SECURE;
1526 }
1527
1528 /* Look for NSEC3 that proves the non-existance of the next-closest encloser */
1529 if ((digest_size = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1530 return STAT_INSECURE;
1531
1532 for (i = 0; i < nsec_count; i++)
1533 if ((p = nsecs[i]))
1534 {
1535 int base32_size;
1536
1537 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1538 !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2)))
1539 return STAT_INSECURE;
1540
1541 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1542 hash_len = *p++; /* p now points to next hashed name */
1543
1544 if (!CHECK_LEN(header, p, plen, hash_len))
1545 return STAT_INSECURE;
1546
1547 if (digest_size == base32_size && hash_len == base32_size)
1548 {
1549 if (memcmp(workspace2, digest, digest_size) <= 0)
1550 {
1551 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1552 wrap around case, name-hash falls between NSEC3 name-hash and end */
f2e4c277 1553 if (memcmp(p, digest, digest_size) > 0 || memcmp(workspace2, p, digest_size) > 0)
5107ace1
SK		 1554 return STAT_SECURE;
1555 }
1556 else
1557 {
1558 /* wrap around case, name falls between start and next domain name */
f2e4c277 1559 if (memcmp(workspace2, p, digest_size) > 0 && memcmp(p, digest, digest_size) > 0)
5107ace1
SK		 1560 return STAT_SECURE;
1561 }
1562 }
1563 }
1564
1565 /* Finally, check that there's no seat of wildcard synthesis */
1566 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1567 return STAT_BOGUS;
1568
1569 wildcard--;
1570 *wildcard = '*';
1571
1572 if ((digest_size = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1573 return STAT_INSECURE;
1574
1575 for (i = 0; i < nsec_count; i++)
1576 if ((p = nsecs[i]))
1577 {
1578 int base32_size;
1579
1580 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1581 !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2)))
1582 return STAT_INSECURE;
1583
1584 p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1585 hash_len = *p++; /* p now points to next hashed name */
1586
1587 if (!CHECK_LEN(header, p, plen, hash_len))
1588 return STAT_INSECURE;
1589
1590 if (digest_size == base32_size && hash_len == base32_size)
1591 {
1592 if (memcmp(workspace2, digest, digest_size) <= 0)
1593 {
1594 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1595 wrap around case, name-hash falls between NSEC3 name-hash and end */
f2e4c277 1596 if (memcmp(p, digest, digest_size) > 0 || memcmp(workspace2, p, digest_size) > 0)
5107ace1
SK		 1597 return STAT_SECURE;
1598 }
1599 else
1600 {
1601 /* wrap around case, name falls between start and next domain name */
f2e4c277 1602 if (memcmp(workspace2, p, digest_size) > 0 && memcmp(p, digest, digest_size) > 0)
5107ace1
SK		 1603 return STAT_SECURE;
1604 }
1605 }
1606 }
1607
1608 return STAT_BOGUS;
1609}
1610
0fc2f313 1611/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1612/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
0fc2f313 1613int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class)
adca3e9c 1614{
5107ace1 1615 unsigned char *ans_start, *p1, *p2, **nsecs;
0fc2f313 1616 int type1, class1, rdlen1, type2, class2, rdlen2;
5107ace1
SK		 1617 int i, j, rc, nsec_count, cname_count = 10;
1618 int nsec_type = 0;
adca3e9c 1619
e3ec15af
SK		 1620 if (RCODE(header) == SERVFAIL)
1621 return STAT_BOGUS;
1622
c5f4ec7d 1623 if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1)
72ae2f3d 1624 return STAT_INSECURE;
c5f4ec7d 1625
0fc2f313
SK		 1626 if (!(ans_start = skip_questions(header, plen)))
1627 return STAT_INSECURE;
1628
1629 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1630 {
0fc2f313
SK		 1631 if (!extract_name(header, plen, &p1, name, 1, 10))
1632 return STAT_INSECURE; /* bad packet */
1633
1634 GETSHORT(type1, p1);
1635 GETSHORT(class1, p1);
1636 p1 += 4; /* TTL */
1637 GETSHORT(rdlen1, p1);
1638
1639 /* Don't try and validate RRSIGs! */
1640 if (type1 != T_RRSIG)
1641 {
1642 /* Check if we've done this RRset already */
1643 for (p2 = ans_start, j = 0; j < i; j++)
1644 {
1645 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1646 return STAT_INSECURE; /* bad packet */
1647
1648 GETSHORT(type2, p2);
1649 GETSHORT(class2, p2);
1650 p2 += 4; /* TTL */
1651 GETSHORT(rdlen2, p2);
1652
1653 if (type2 == type1 && class2 == class1 && rc == 1)
1654 break; /* Done it before: name, type, class all match. */
1655
1656 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1657 return STAT_INSECURE;
1658 }
1659
1660 /* Not done, validate now */
51ea3ca2 1661 if (j == i)
0fc2f313 1662 {
8d718cbb
SK		 1663 int ttl, keytag, algo, digest, type_covered;
1664 unsigned char *psave;
1665 struct all_addr a;
1666 struct blockdata *key;
1667 struct crec *crecp;
1668
5107ace1
SK		 1669 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0);
1670
1671 if (rc == STAT_SECURE_WILDCARD)
1672 {
1673 /* An attacker replay a wildcard answer with a different
1674 answer and overlay an genuine RR. To prove this
1675 hasn't happened, the answer must prove that
1676 a record doesn't exist. Check that here. */
1677 if (!nsec_type)
1678 {
1679 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1);
1680
1681 if (nsec_type == 0)
1682 return STAT_INSECURE; /* Bad packet */
1683 if (nsec_type == -1)
1684 return STAT_BOGUS; /* No NSECs */
1685 }
1686
1687 if (nsec_type == T_NSEC)
1688 rc = prove_non_existance_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
1689 else
1690 rc = prove_non_existance_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
1691
1692 if (rc != STAT_SECURE)
1693 return rc;
1694 }
1695 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1696 {
1697 if (class)
1698 *class = class1; /* Class for DS or DNSKEY */
1699 return rc;
1700 }
5107ace1 1701
8d718cbb
SK		 1702 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1703 cache_start_insert();
1704
1705 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1706 {
8d718cbb
SK		 1707 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1708 return STAT_INSECURE; /* bad packet */
51ea3ca2 1709
8d718cbb
SK		 1710 GETSHORT(type2, p2);
1711 GETSHORT(class2, p2);
1712 GETLONG(ttl, p2);
1713 GETSHORT(rdlen2, p2);
1714
1715 if (!CHECK_LEN(header, p2, plen, rdlen2))
1716 return STAT_INSECURE; /* bad packet */
1717
1718 if (class2 == class1 && rc == 1)
1719 {
1720 psave = p2;
1721
1722 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1723 {
8d718cbb
SK		 1724 if (rdlen2 < 4)
1725 return STAT_INSECURE; /* bad packet */
1726
51ea3ca2
SK		 1727 GETSHORT(keytag, p2);
1728 algo = *p2++;
1729 digest = *p2++;
1730
1731 /* Cache needs to known class for DNSSEC stuff */
1732 a.addr.dnssec.class = class2;
1733
8d718cbb 1734 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1735 {
8d718cbb
SK		 1736 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1737 blockdata_free(key);
1738 else
1739 {
1740 a.addr.keytag = keytag;
1741 log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1742 crecp->addr.ds.digest = digest;
1743 crecp->addr.ds.keydata = key;
1744 crecp->addr.ds.algo = algo;
1745 crecp->addr.ds.keytag = keytag;
1746 crecp->uid = class2;
1747 crecp->addr.ds.keylen = rdlen2 - 4;
1748 }
1749 }
1750 }
1751 else if (type2 == T_RRSIG)
1752 {
1753 if (rdlen2 < 18)
1754 return STAT_INSECURE; /* bad packet */
51ea3ca2 1755
8d718cbb
SK		 1756 GETSHORT(type_covered, p2);
1757
1758 if (type_covered == type1 &&
1759 (type_covered == T_A || type_covered == T_AAAA ||
1760 type_covered == T_CNAME || type_covered == T_DS ||
1761 type_covered == T_DNSKEY || type_covered == T_PTR))
1762 {
1763 a.addr.dnssec.type = type_covered;
c8ca33f8 1764 a.addr.dnssec.class = class1;
8d718cbb
SK		 1765
1766 algo = *p2++;
1767 p2 += 13; /* labels, orig_ttl, expiration, inception */
1768 GETSHORT(keytag, p2);
1769
1770 if ((key = blockdata_alloc((char*)psave, rdlen2)))
1771 {
1772 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1773 blockdata_free(key);
1774 else
1775 {
1776 crecp->uid = class1;
1777 crecp->addr.sig.keydata = key;
1778 crecp->addr.sig.keylen = rdlen2;
1779 crecp->addr.sig.keytag = keytag;
1780 crecp->addr.sig.type_covered = type_covered;
1781 crecp->addr.sig.algo = algo;
1782 }
1783 }
1784 }
51ea3ca2
SK		 1785 }
1786
8d718cbb 1787 p2 = psave;
51ea3ca2
SK		 1788 }
1789
8d718cbb
SK		 1790 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1791 return STAT_INSECURE; /* bad packet */
51ea3ca2 1792 }
8d718cbb
SK		 1793
1794 cache_end_insert();
0fc2f313
SK		 1795 }
1796 }
adca3e9c 1797
0fc2f313
SK		 1798 if (!ADD_RDLEN(header, p1, plen, rdlen1))
1799 return STAT_INSECURE;
adca3e9c
GB		 1800 }
1801
c5f4ec7d
SK		 1802 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
1803
1804 p1 = (unsigned char *)(header+1);
1805
1806 if (!extract_name(header, plen, &p1, name, 1, 4))
1807 return STAT_INSECURE;
1808
1809 GETSHORT(type1, p1);
1810 GETSHORT(class1, p1);
1811
51ea3ca2
SK		 1812 /* Can't validate RRSIG query */
1813 if (type1 == T_RRSIG)
1814 return STAT_INSECURE;
1815
c5f4ec7d
SK		 1816 cname_loop:
1817 for (j = ntohs(header->ancount); j != 0; j--)
1818 {
1819 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1820 return STAT_INSECURE; /* bad packet */
1821
1822 GETSHORT(type2, p1);
1823 GETSHORT(class2, p1);
1824 p1 += 4; /* TTL */
1825 GETSHORT(rdlen2, p1);
1826
1827 if (rc == 1 && class1 == class2)
1828 {
1829 /* Do we have an answer for the question? */
1830 if (type1 == type2)
5107ace1 1831 return RCODE(header) == NXDOMAIN ? STAT_BOGUS : STAT_SECURE;
c5f4ec7d
SK		 1832 else if (type2 == T_CNAME)
1833 {
1834 /* looped CNAMES */
1835 if (!cname_count-- ||
1836 !extract_name(header, plen, &p1, name, 1, 0) ||
1837 !(p1 = skip_questions(header, plen)))
1838 return STAT_INSECURE;
1839
1840 goto cname_loop;
1841 }
1842 }
1843
1844 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1845 return STAT_INSECURE;
1846 }
1847
5107ace1 1848 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
c5f4ec7d 1849
5107ace1
SK		 1850 /* First marshall the NSEC records, if we've not done it previously */
1851 if (!nsec_type)
c5f4ec7d 1852 {
5107ace1 1853 nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1);
c5f4ec7d 1854
5107ace1
SK		 1855 if (nsec_type == 0)
1856 return STAT_INSECURE; /* Bad packet */
1857 if (nsec_type == -1)
1858 return STAT_BOGUS; /* No NSECs */
c5f4ec7d 1859 }
5107ace1
SK		 1860
1861 if (nsec_type == T_NSEC)
1862 return prove_non_existance_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
1863 else
1864 return prove_non_existance_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
e292e93d
GB		 1865}
1866
3471f181 1867/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 1868int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 1869{
75ffc9bf
GB		 1870 if (alg == 1)
1871 {
1872 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
1873 See RFC4034, Appendix B.1 */
0fc2f313 1874 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 1875 }
1876 else
1877 {
1633e308 1878 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 1879 int i;
1880
0fc2f313
SK		 1881 for (i = 0; i < keylen; ++i)
1882 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 1883
0fc2f313
SK		 1884 ac += (ac >> 16) & 0xffff;
1885 return ac & 0xffff;
0304d28f 1886 }
3471f181 1887}
e292e93d 1888
5f8e58f4
SK		 1889size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
1890{
1891 unsigned char *p;
610e782a 1892 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 1893
1894 if (addr->sa.sa_family == AF_INET)
1895 log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
1896#ifdef HAVE_IPV6
1897 else
1898 log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
1899#endif
1900
1901 header->qdcount = htons(1);
1902 header->ancount = htons(0);
1903 header->nscount = htons(0);
1904 header->arcount = htons(0);
e292e93d 1905
5f8e58f4
SK		 1906 header->hb3 = HB3_RD;
1907 SET_OPCODE(header, QUERY);
5b3bf921
SK		 1908 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
1909 this allows it to select auth servers when one is returning bad data. */
1910 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 1911
1912 /* ID filled in later */
1913
1914 p = (unsigned char *)(header+1);
1915
1916 p = do_rfc1035_name(p, name);
1917 *p++ = 0;
1918 PUTSHORT(type, p);
1919 PUTSHORT(class, p);
1920
1921 return add_do_bit(header, p - (unsigned char *)header, end);
1922}
8a9be9e4
SK		 1923
1924unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
1925{
1926 int q;
1927 unsigned int len;
1928 unsigned char *p = (unsigned char *)(header+1);
1929 const struct nettle_hash *hash;
1930 void *ctx;
1931 unsigned char *digest;
5f8e58f4 1932
8a9be9e4
SK		 1933 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
1934 return NULL;
1935
1936 for (q = ntohs(header->qdcount); q != 0; q--)
1937 {
1938 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 1939 break; /* bad packet */
8a9be9e4
SK		 1940
1941 len = to_wire(name);
1942 hash->update(ctx, len, (unsigned char *)name);
1943 /* CRC the class and type as well */
1944 hash->update(ctx, 4, p);
1945
1946 p += 4;
1947 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 1948 break; /* bad packet */
8a9be9e4 1949 }
703c7ff4
SK		 1950
1951 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 1952 return digest;
1953}
1954
0fc2f313 1955#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.