]>
Commit | Line | Data |
---|---|---|
8d41ebd8 | 1 | /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com> |
0fc2f313 | 2 | and Copyright (c) 2012-2014 Simon Kelley |
8d41ebd8 GB |
3 | |
4 | This program is free software; you can redistribute it and/or modify | |
5 | it under the terms of the GNU General Public License as published by | |
6 | the Free Software Foundation; version 2 dated June, 1991, or | |
7 | (at your option) version 3 dated 29 June, 2007. | |
8 | ||
9 | This program is distributed in the hope that it will be useful, | |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | GNU General Public License for more details. | |
13 | ||
14 | You should have received a copy of the GNU General Public License | |
15 | along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | */ | |
e292e93d GB |
17 | |
18 | #include "dnsmasq.h" | |
0fc2f313 SK |
19 | |
20 | #ifdef HAVE_DNSSEC | |
21 | ||
86bec2d3 SK |
22 | #include <nettle/rsa.h> |
23 | #include <nettle/dsa.h> | |
c152dc84 SK |
24 | #ifndef NO_NETTLE_ECC |
25 | # include <nettle/ecdsa.h> | |
26 | # include <nettle/ecc-curve.h> | |
27 | #endif | |
86bec2d3 SK |
28 | #include <nettle/nettle-meta.h> |
29 | #include <gmp.h> | |
c3e0b9b6 | 30 | |
e292e93d GB |
31 | #define SERIAL_UNDEF -100 |
32 | #define SERIAL_EQ 0 | |
33 | #define SERIAL_LT -1 | |
34 | #define SERIAL_GT 1 | |
35 | ||
86bec2d3 SK |
36 | /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */ |
37 | static char *ds_digest_name(int digest) | |
38 | { | |
39 | switch (digest) | |
40 | { | |
41 | case 1: return "sha1"; | |
42 | case 2: return "sha256"; | |
43 | case 3: return "gosthash94"; | |
44 | case 4: return "sha384"; | |
45 | default: return NULL; | |
46 | } | |
47 | } | |
48 | ||
49 | /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */ | |
50 | static char *algo_digest_name(int algo) | |
51 | { | |
52 | switch (algo) | |
53 | { | |
54 | case 1: return "md5"; | |
55 | case 3: return "sha1"; | |
56 | case 5: return "sha1"; | |
57 | case 6: return "sha1"; | |
58 | case 7: return "sha1"; | |
59 | case 8: return "sha256"; | |
60 | case 10: return "sha512"; | |
61 | case 12: return "gosthash94"; | |
62 | case 13: return "sha256"; | |
63 | case 14: return "sha384"; | |
64 | default: return NULL; | |
65 | } | |
66 | } | |
67 | ||
68 | /* Find pointer to correct hash function in nettle library */ | |
69 | static const struct nettle_hash *hash_find(char *name) | |
70 | { | |
71 | int i; | |
72 | ||
73 | if (!name) | |
74 | return NULL; | |
75 | ||
76 | for (i = 0; nettle_hashes[i]; i++) | |
77 | { | |
78 | if (strcmp(nettle_hashes[i]->name, name) == 0) | |
79 | return nettle_hashes[i]; | |
80 | } | |
81 | ||
82 | return NULL; | |
83 | } | |
84 | ||
85 | /* expand ctx and digest memory allocations if necessary and init hash function */ | |
86 | static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp) | |
87 | { | |
88 | static void *ctx = NULL; | |
89 | static unsigned char *digest = NULL; | |
90 | static unsigned int ctx_sz = 0; | |
91 | static unsigned int digest_sz = 0; | |
92 | ||
93 | void *new; | |
94 | ||
95 | if (ctx_sz < hash->context_size) | |
96 | { | |
97 | if (!(new = whine_malloc(hash->context_size))) | |
98 | return 0; | |
99 | if (ctx) | |
100 | free(ctx); | |
101 | ctx = new; | |
102 | ctx_sz = hash->context_size; | |
103 | } | |
104 | ||
105 | if (digest_sz < hash->digest_size) | |
106 | { | |
107 | if (!(new = whine_malloc(hash->digest_size))) | |
108 | return 0; | |
109 | if (digest) | |
110 | free(digest); | |
111 | digest = new; | |
112 | digest_sz = hash->digest_size; | |
113 | } | |
114 | ||
115 | *ctxp = ctx; | |
116 | *digestp = digest; | |
117 | ||
118 | hash->init(ctx); | |
119 | ||
120 | return 1; | |
121 | } | |
122 | ||
123 | static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, | |
124 | unsigned char *digest, int algo) | |
125 | { | |
126 | unsigned char *p; | |
127 | size_t exp_len; | |
128 | ||
129 | static struct rsa_public_key *key = NULL; | |
130 | static mpz_t sig_mpz; | |
131 | ||
132 | if (key == NULL) | |
133 | { | |
134 | if (!(key = whine_malloc(sizeof(struct rsa_public_key)))) | |
135 | return 0; | |
136 | ||
137 | nettle_rsa_public_key_init(key); | |
138 | mpz_init(sig_mpz); | |
139 | } | |
140 | ||
141 | if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL))) | |
142 | return 0; | |
143 | ||
144 | key_len--; | |
145 | if ((exp_len = *p++) == 0) | |
146 | { | |
147 | GETSHORT(exp_len, p); | |
148 | key_len -= 2; | |
149 | } | |
150 | ||
151 | if (exp_len >= key_len) | |
152 | return 0; | |
153 | ||
154 | key->size = key_len - exp_len; | |
155 | mpz_import(key->e, exp_len, 1, 1, 0, 0, p); | |
156 | mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len); | |
157 | ||
158 | mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig); | |
159 | ||
160 | switch (algo) | |
161 | { | |
162 | case 1: | |
163 | return nettle_rsa_md5_verify_digest(key, digest, sig_mpz); | |
164 | case 5: case 7: | |
165 | return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz); | |
166 | case 8: | |
167 | return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz); | |
168 | case 10: | |
169 | return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz); | |
170 | } | |
171 | ||
172 | return 0; | |
173 | } | |
174 | ||
175 | static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, | |
176 | unsigned char *digest, int algo) | |
177 | { | |
178 | unsigned char *p; | |
179 | unsigned int t; | |
180 | ||
181 | static struct dsa_public_key *key = NULL; | |
182 | static struct dsa_signature *sig_struct; | |
183 | ||
184 | if (key == NULL) | |
185 | { | |
186 | if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) || | |
187 | !(key = whine_malloc(sizeof(struct dsa_public_key)))) | |
188 | return 0; | |
189 | ||
190 | nettle_dsa_public_key_init(key); | |
191 | nettle_dsa_signature_init(sig_struct); | |
192 | } | |
193 | ||
194 | if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL))) | |
195 | return 0; | |
196 | ||
197 | t = *p++; | |
198 | ||
199 | if (key_len < (213 + (t * 24))) | |
200 | return 0; | |
ebe95a83 | 201 | |
86bec2d3 SK |
202 | mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20; |
203 | mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8); | |
204 | mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8); | |
205 | mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8); | |
206 | ||
207 | mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1); | |
208 | mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21); | |
209 | ||
210 | (void)algo; | |
ebe95a83 | 211 | |
86bec2d3 SK |
212 | return nettle_dsa_sha1_verify_digest(key, digest, sig_struct); |
213 | } | |
214 | ||
c152dc84 SK |
215 | #ifndef NO_NETTLE_ECC |
216 | static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len, | |
217 | unsigned char *sig, size_t sig_len, | |
ebe95a83 SK |
218 | unsigned char *digest, size_t digest_len, int algo) |
219 | { | |
220 | unsigned char *p; | |
221 | unsigned int t; | |
222 | struct ecc_point *key; | |
223 | ||
224 | static struct ecc_point *key_256 = NULL, *key_384 = NULL; | |
225 | static mpz_t x, y; | |
226 | static struct dsa_signature *sig_struct; | |
227 | ||
228 | if (!sig_struct) | |
229 | { | |
230 | if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature)))) | |
231 | return 0; | |
232 | ||
233 | nettle_dsa_signature_init(sig_struct); | |
234 | mpz_init(x); | |
235 | mpz_init(y); | |
236 | } | |
237 | ||
238 | switch (algo) | |
239 | { | |
240 | case 13: | |
241 | if (!key_256) | |
242 | { | |
243 | if (!(key_256 = whine_malloc(sizeof(struct ecc_point)))) | |
244 | return 0; | |
245 | ||
246 | nettle_ecc_point_init(key_256, &nettle_secp_256r1); | |
247 | } | |
248 | ||
249 | key = key_256; | |
250 | t = 32; | |
251 | break; | |
252 | ||
253 | case 14: | |
254 | if (!key_384) | |
255 | { | |
256 | if (!(key_384 = whine_malloc(sizeof(struct ecc_point)))) | |
257 | return 0; | |
258 | ||
259 | nettle_ecc_point_init(key_384, &nettle_secp_384r1); | |
260 | } | |
261 | ||
262 | key = key_384; | |
263 | t = 48; | |
264 | break; | |
265 | ||
266 | default: | |
267 | return 0; | |
268 | } | |
269 | ||
270 | if (sig_len != 2*t || key_len != 2*t || | |
271 | (p = blockdata_retrieve(key_data, key_len, NULL))) | |
272 | return 0; | |
273 | ||
274 | mpz_import(x, t , 1, 1, 0, 0, p); | |
275 | mpz_import(y, t , 1, 1, 0, 0, p + t); | |
276 | ||
277 | if (!ecc_point_set(key, x, y)) | |
278 | return 0; | |
279 | ||
280 | mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig); | |
281 | mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t); | |
282 | ||
283 | return nettle_ecdsa_verify(key, digest_len, digest, sig_struct); | |
284 | } | |
c152dc84 SK |
285 | #endif |
286 | ||
86bec2d3 | 287 | static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len, |
ebe95a83 | 288 | unsigned char *digest, size_t digest_len, int algo) |
86bec2d3 | 289 | { |
7b1eae4f SK |
290 | (void)digest_len; |
291 | ||
86bec2d3 SK |
292 | switch (algo) |
293 | { | |
294 | case 1: case 5: case 7: case 8: case 10: | |
295 | return rsa_verify(key_data, key_len, sig, sig_len, digest, algo); | |
296 | ||
297 | case 3: case 6: | |
298 | return dsa_verify(key_data, key_len, sig, sig_len, digest, algo); | |
c152dc84 SK |
299 | |
300 | #ifndef NO_NETTLE_ECC | |
ebe95a83 SK |
301 | case 13: case 14: |
302 | return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo); | |
c152dc84 SK |
303 | #endif |
304 | } | |
86bec2d3 SK |
305 | |
306 | return 0; | |
307 | } | |
308 | ||
0fc2f313 SK |
309 | /* Convert from presentation format to wire format, in place. |
310 | Also map UC -> LC. | |
311 | Note that using extract_name to get presentation format | |
312 | then calling to_wire() removes compression and maps case, | |
313 | thus generating names in canonical form. | |
314 | Calling to_wire followed by from_wire is almost an identity, | |
315 | except that the UC remains mapped to LC. | |
316 | */ | |
317 | static int to_wire(char *name) | |
7f0485cf | 318 | { |
0fc2f313 SK |
319 | unsigned char *l, *p, term; |
320 | int len; | |
321 | ||
322 | for (l = (unsigned char*)name; *l != 0; l = p) | |
323 | { | |
324 | for (p = l; *p != '.' && *p != 0; p++) | |
325 | if (*p >= 'A' && *p <= 'Z') | |
326 | *p = *p - 'A' + 'a'; | |
327 | ||
328 | term = *p; | |
329 | ||
330 | if ((len = p - l) != 0) | |
331 | memmove(l+1, l, len); | |
332 | *l = len; | |
333 | ||
334 | p++; | |
335 | ||
336 | if (term == 0) | |
337 | *p = 0; | |
338 | } | |
339 | ||
340 | return l + 1 - (unsigned char *)name; | |
7f0485cf GB |
341 | } |
342 | ||
0fc2f313 SK |
343 | /* Note: no compression allowed in input. */ |
344 | static void from_wire(char *name) | |
13e435eb | 345 | { |
0fc2f313 SK |
346 | unsigned char *l; |
347 | int len; | |
13e435eb | 348 | |
0fc2f313 | 349 | for (l = (unsigned char *)name; *l != 0; l += len+1) |
13e435eb | 350 | { |
0fc2f313 SK |
351 | len = *l; |
352 | memmove(l, l+1, len); | |
353 | l[len] = '.'; | |
13e435eb | 354 | } |
7f0485cf | 355 | |
0fc2f313 | 356 | *(l-1) = 0; |
13e435eb GB |
357 | } |
358 | ||
5ada8885 SK |
359 | /* Input in presentation format */ |
360 | static int count_labels(char *name) | |
361 | { | |
362 | int i; | |
363 | ||
364 | if (*name == 0) | |
365 | return 0; | |
366 | ||
367 | for (i = 0; *name; name++) | |
368 | if (*name == '.') | |
369 | i++; | |
370 | ||
371 | return i+1; | |
372 | } | |
373 | ||
5f8e58f4 SK |
374 | /* Implement RFC1982 wrapped compare for 32-bit numbers */ |
375 | static int serial_compare_32(unsigned long s1, unsigned long s2) | |
376 | { | |
377 | if (s1 == s2) | |
378 | return SERIAL_EQ; | |
0ca895f5 | 379 | |
5f8e58f4 SK |
380 | if ((s1 < s2 && (s2 - s1) < (1UL<<31)) || |
381 | (s1 > s2 && (s1 - s2) > (1UL<<31))) | |
382 | return SERIAL_LT; | |
383 | if ((s1 < s2 && (s2 - s1) > (1UL<<31)) || | |
384 | (s1 > s2 && (s1 - s2) < (1UL<<31))) | |
385 | return SERIAL_GT; | |
386 | return SERIAL_UNDEF; | |
387 | } | |
0852d76b | 388 | |
5f8e58f4 SK |
389 | /* Check whether today/now is between date_start and date_end */ |
390 | static int check_date_range(unsigned long date_start, unsigned long date_end) | |
0852d76b | 391 | { |
5f8e58f4 SK |
392 | unsigned long curtime = time(0); |
393 | ||
394 | /* We must explicitly check against wanted values, because of SERIAL_UNDEF */ | |
395 | return serial_compare_32(curtime, date_start) == SERIAL_GT | |
396 | && serial_compare_32(curtime, date_end) == SERIAL_LT; | |
397 | } | |
f119ed38 | 398 | |
5f8e58f4 SK |
399 | static u16 *get_desc(int type) |
400 | { | |
401 | /* List of RRtypes which include domains in the data. | |
402 | 0 -> domain | |
403 | integer -> no of plain bytes | |
404 | -1 -> end | |
405 | ||
406 | zero is not a valid RRtype, so the final entry is returned for | |
407 | anything which needs no mangling. | |
408 | */ | |
409 | ||
410 | static u16 rr_desc[] = | |
411 | { | |
412 | T_NS, 0, -1, | |
413 | T_MD, 0, -1, | |
414 | T_MF, 0, -1, | |
415 | T_CNAME, 0, -1, | |
416 | T_SOA, 0, 0, -1, | |
417 | T_MB, 0, -1, | |
418 | T_MG, 0, -1, | |
419 | T_MR, 0, -1, | |
420 | T_PTR, 0, -1, | |
421 | T_MINFO, 0, 0, -1, | |
422 | T_MX, 2, 0, -1, | |
423 | T_RP, 0, 0, -1, | |
424 | T_AFSDB, 2, 0, -1, | |
425 | T_RT, 2, 0, -1, | |
426 | T_SIG, 18, 0, -1, | |
427 | T_PX, 2, 0, 0, -1, | |
428 | T_NXT, 0, -1, | |
429 | T_KX, 2, 0, -1, | |
430 | T_SRV, 6, 0, -1, | |
431 | T_DNAME, 0, -1, | |
5f8e58f4 SK |
432 | 0, -1 /* wildcard/catchall */ |
433 | }; | |
434 | ||
435 | u16 *p = rr_desc; | |
436 | ||
437 | while (*p != type && *p != 0) | |
438 | while (*p++ != (u16)-1); | |
f119ed38 | 439 | |
5f8e58f4 SK |
440 | return p+1; |
441 | } | |
0852d76b | 442 | |
5f8e58f4 SK |
443 | /* Return bytes of canonicalised rdata, when the return value is zero, the remaining |
444 | data, pointed to by *p, should be used raw. */ | |
445 | static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, | |
446 | unsigned char **p, u16 **desc) | |
447 | { | |
448 | int d = **desc; | |
449 | ||
450 | (*desc)++; | |
451 | ||
452 | /* No more data needs mangling */ | |
453 | if (d == (u16)-1) | |
454 | return 0; | |
455 | ||
456 | if (d == 0 && extract_name(header, plen, p, buff, 1, 0)) | |
457 | /* domain-name, canonicalise */ | |
458 | return to_wire(buff); | |
459 | else | |
460 | { | |
461 | /* plain data preceding a domain-name, don't run off the end of the data */ | |
462 | if ((end - *p) < d) | |
463 | d = end - *p; | |
464 | ||
465 | if (d != 0) | |
466 | { | |
467 | memcpy(buff, *p, d); | |
468 | *p += d; | |
469 | } | |
470 | ||
471 | return d; | |
472 | } | |
0852d76b GB |
473 | } |
474 | ||
5f8e58f4 SK |
475 | /* Bubble sort the RRset into the canonical order. |
476 | Note that the byte-streams from two RRs may get unsynced: consider | |
477 | RRs which have two domain-names at the start and then other data. | |
478 | The domain-names may have different lengths in each RR, but sort equal | |
479 | ||
480 | ------------ | |
481 | |abcde|fghi| | |
482 | ------------ | |
483 | |abcd|efghi| | |
484 | ------------ | |
485 | ||
486 | leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables. | |
487 | */ | |
488 | ||
489 | static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx, | |
490 | unsigned char **rrset, char *buff1, char *buff2) | |
c3e0b9b6 | 491 | { |
5f8e58f4 | 492 | int swap, quit, i; |
0fc2f313 | 493 | |
5f8e58f4 SK |
494 | do |
495 | { | |
496 | for (swap = 0, i = 0; i < rrsetidx-1; i++) | |
497 | { | |
498 | int rdlen1, rdlen2, left1, left2, len1, len2, len, rc; | |
499 | u16 *dp1, *dp2; | |
500 | unsigned char *end1, *end2; | |
5107ace1 SK |
501 | /* Note that these have been determined to be OK previously, |
502 | so we don't need to check for NULL return here. */ | |
5f8e58f4 SK |
503 | unsigned char *p1 = skip_name(rrset[i], header, plen, 10); |
504 | unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10); | |
505 | ||
506 | p1 += 8; /* skip class, type, ttl */ | |
507 | GETSHORT(rdlen1, p1); | |
508 | end1 = p1 + rdlen1; | |
509 | ||
510 | p2 += 8; /* skip class, type, ttl */ | |
511 | GETSHORT(rdlen2, p2); | |
512 | end2 = p2 + rdlen2; | |
513 | ||
514 | dp1 = dp2 = rr_desc; | |
515 | ||
1486a9c7 | 516 | for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;) |
5f8e58f4 | 517 | { |
1486a9c7 SK |
518 | if (left1 != 0) |
519 | memmove(buff1, buff1 + len1 - left1, left1); | |
520 | ||
5f8e58f4 SK |
521 | if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0) |
522 | { | |
523 | quit = 1; | |
524 | len1 = end1 - p1; | |
525 | memcpy(buff1 + left1, p1, len1); | |
526 | } | |
527 | len1 += left1; | |
528 | ||
1486a9c7 SK |
529 | if (left2 != 0) |
530 | memmove(buff2, buff2 + len2 - left2, left2); | |
531 | ||
5f8e58f4 SK |
532 | if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0) |
533 | { | |
534 | quit = 1; | |
535 | len2 = end2 - p2; | |
536 | memcpy(buff2 + left2, p2, len2); | |
537 | } | |
538 | len2 += left2; | |
539 | ||
540 | if (len1 > len2) | |
1486a9c7 | 541 | left1 = len1 - len2, left2 = 0, len = len2; |
5f8e58f4 | 542 | else |
1486a9c7 | 543 | left2 = len2 - len1, left1 = 0, len = len1; |
5f8e58f4 | 544 | |
6fd6dacb | 545 | rc = (len == 0) ? 0 : memcmp(buff1, buff2, len); |
5f8e58f4 | 546 | |
4619d946 | 547 | if (rc > 0 || (rc == 0 && quit && len1 > len2)) |
5f8e58f4 SK |
548 | { |
549 | unsigned char *tmp = rrset[i+1]; | |
550 | rrset[i+1] = rrset[i]; | |
551 | rrset[i] = tmp; | |
552 | swap = quit = 1; | |
553 | } | |
6fd6dacb SK |
554 | else if (rc < 0) |
555 | quit = 1; | |
5f8e58f4 SK |
556 | } |
557 | } | |
558 | } while (swap); | |
559 | } | |
c3e0b9b6 | 560 | |
5f8e58f4 SK |
561 | /* Validate a single RRset (class, type, name) in the supplied DNS reply |
562 | Return code: | |
563 | STAT_SECURE if it validates. | |
5107ace1 | 564 | STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion. |
5f8e58f4 SK |
565 | STAT_INSECURE can't validate (no RRSIG, bad packet). |
566 | STAT_BOGUS signature is wrong. | |
567 | STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname) | |
568 | ||
569 | if key is non-NULL, use that key, which has the algo and tag given in the params of those names, | |
570 | otherwise find the key in the cache. | |
5107ace1 SK |
571 | |
572 | name is unchanged on exit. keyname is used as workspace and trashed. | |
5f8e58f4 SK |
573 | */ |
574 | static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, | |
e7829aef | 575 | int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in) |
5f8e58f4 SK |
576 | { |
577 | static unsigned char **rrset = NULL, **sigs = NULL; | |
578 | static int rrset_sz = 0, sig_sz = 0; | |
0fc2f313 | 579 | |
5f8e58f4 | 580 | unsigned char *p; |
5ada8885 | 581 | int rrsetidx, sigidx, res, rdlen, j, name_labels; |
5f8e58f4 SK |
582 | struct crec *crecp = NULL; |
583 | int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag; | |
584 | u16 *rr_desc = get_desc(type); | |
c3e0b9b6 | 585 | |
5f8e58f4 SK |
586 | if (!(p = skip_questions(header, plen))) |
587 | return STAT_INSECURE; | |
c3e0b9b6 | 588 | |
5ada8885 SK |
589 | name_labels = count_labels(name); /* For 4035 5.3.2 check */ |
590 | ||
591 | /* look for RRSIGs for this RRset and get pointers to each RR in the set. */ | |
5f8e58f4 SK |
592 | for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount); |
593 | j != 0; j--) | |
594 | { | |
595 | unsigned char *pstart, *pdata; | |
b98d22c1 | 596 | int stype, sclass; |
c3e0b9b6 | 597 | |
5f8e58f4 SK |
598 | pstart = p; |
599 | ||
600 | if (!(res = extract_name(header, plen, &p, name, 0, 10))) | |
601 | return STAT_INSECURE; /* bad packet */ | |
602 | ||
603 | GETSHORT(stype, p); | |
604 | GETSHORT(sclass, p); | |
b98d22c1 | 605 | p += 4; /* TTL */ |
5f8e58f4 SK |
606 | |
607 | pdata = p; | |
c3e0b9b6 | 608 | |
5f8e58f4 SK |
609 | GETSHORT(rdlen, p); |
610 | ||
e7829aef SK |
611 | if (!CHECK_LEN(header, p, plen, rdlen)) |
612 | return STAT_INSECURE; | |
613 | ||
5f8e58f4 SK |
614 | if (res == 1 && sclass == class) |
615 | { | |
616 | if (stype == type) | |
617 | { | |
618 | if (rrsetidx == rrset_sz) | |
619 | { | |
620 | unsigned char **new; | |
621 | ||
bb201c21 SK |
622 | /* Protect against insane/maliciuos queries which bloat the workspace |
623 | and eat CPU in the sort */ | |
624 | if (rrsetidx >= 100) | |
625 | return STAT_INSECURE; | |
626 | ||
5f8e58f4 SK |
627 | /* expand */ |
628 | if (!(new = whine_malloc((rrset_sz + 5) * sizeof(unsigned char **)))) | |
629 | return STAT_INSECURE; | |
630 | ||
631 | if (rrset) | |
632 | { | |
633 | memcpy(new, rrset, rrset_sz * sizeof(unsigned char **)); | |
634 | free(rrset); | |
635 | } | |
636 | ||
637 | rrset = new; | |
638 | rrset_sz += 5; | |
639 | } | |
640 | rrset[rrsetidx++] = pstart; | |
641 | } | |
642 | ||
643 | if (stype == T_RRSIG) | |
644 | { | |
5ada8885 SK |
645 | if (rdlen < 18) |
646 | return STAT_INSECURE; /* bad packet */ | |
647 | ||
648 | GETSHORT(type_covered, p); | |
5ada8885 | 649 | |
e7829aef | 650 | if (type_covered == type) |
5ada8885 SK |
651 | { |
652 | if (sigidx == sig_sz) | |
653 | { | |
654 | unsigned char **new; | |
655 | ||
656 | /* expand */ | |
657 | if (!(new = whine_malloc((sig_sz + 5) * sizeof(unsigned char **)))) | |
658 | return STAT_INSECURE; | |
659 | ||
660 | if (sigs) | |
661 | { | |
662 | memcpy(new, sigs, sig_sz * sizeof(unsigned char **)); | |
663 | free(sigs); | |
664 | } | |
665 | ||
666 | sigs = new; | |
667 | sig_sz += 5; | |
668 | } | |
669 | ||
670 | sigs[sigidx++] = pdata; | |
e7829aef | 671 | } |
e7829aef | 672 | p = pdata + 2; /* restore for ADD_RDLEN */ |
5f8e58f4 SK |
673 | } |
674 | } | |
675 | ||
676 | if (!ADD_RDLEN(header, p, plen, rdlen)) | |
677 | return STAT_INSECURE; | |
678 | } | |
c3e0b9b6 | 679 | |
5f8e58f4 SK |
680 | /* RRset empty, no RRSIGs */ |
681 | if (rrsetidx == 0 || sigidx == 0) | |
682 | return STAT_INSECURE; | |
683 | ||
684 | /* Sort RRset records into canonical order. | |
d387380a | 685 | Note that at this point keyname and daemon->workspacename buffs are |
5f8e58f4 | 686 | unused, and used as workspace by the sort. */ |
d387380a | 687 | sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname); |
5f8e58f4 SK |
688 | |
689 | /* Now try all the sigs to try and find one which validates */ | |
690 | for (j = 0; j <sigidx; j++) | |
691 | { | |
d387380a | 692 | unsigned char *psav, *sig, *digest; |
86bec2d3 SK |
693 | int i, wire_len, sig_len; |
694 | const struct nettle_hash *hash; | |
695 | void *ctx; | |
d387380a | 696 | char *name_start; |
5f8e58f4 SK |
697 | u32 nsigttl; |
698 | ||
699 | p = sigs[j]; | |
5ada8885 | 700 | GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */ |
5f8e58f4 SK |
701 | psav = p; |
702 | ||
5ada8885 | 703 | p += 2; /* type_covered - already checked */ |
5f8e58f4 SK |
704 | algo = *p++; |
705 | labels = *p++; | |
706 | GETLONG(orig_ttl, p); | |
e7829aef SK |
707 | GETLONG(sig_expiration, p); |
708 | GETLONG(sig_inception, p); | |
5f8e58f4 SK |
709 | GETSHORT(key_tag, p); |
710 | ||
5f8e58f4 SK |
711 | if (!extract_name(header, plen, &p, keyname, 1, 0)) |
712 | return STAT_INSECURE; | |
d387380a SK |
713 | |
714 | /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal | |
715 | the name of the zone containing the RRset. We can't tell that | |
716 | for certain, but we can check that the RRset name is equal to | |
717 | or encloses the signers name, which should be enough to stop | |
718 | an attacker using signatures made with the key of an unrelated | |
719 | zone he controls. Note that the root key is always allowed. */ | |
720 | if (*keyname != 0) | |
721 | { | |
722 | int failed = 0; | |
723 | ||
724 | for (name_start = name; !hostname_isequal(name_start, keyname); ) | |
725 | if ((name_start = strchr(name_start, '.'))) | |
726 | name_start++; /* chop a label off and try again */ | |
727 | else | |
728 | { | |
729 | failed = 1; | |
730 | break; | |
731 | } | |
732 | ||
733 | /* Bad sig, try another */ | |
734 | if (failed) | |
735 | continue; | |
736 | } | |
5f8e58f4 | 737 | |
d387380a | 738 | /* Other 5.3.1 checks */ |
e7829aef SK |
739 | if (!check_date_range(sig_inception, sig_expiration) || |
740 | labels > name_labels || | |
741 | !(hash = hash_find(algo_digest_name(algo))) || | |
742 | !hash_init(hash, &ctx, &digest)) | |
743 | continue; | |
744 | ||
5f8e58f4 SK |
745 | /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */ |
746 | if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY))) | |
747 | return STAT_NEED_KEY; | |
748 | ||
86bec2d3 SK |
749 | sig = p; |
750 | sig_len = rdlen - (p - psav); | |
e7829aef | 751 | |
5f8e58f4 SK |
752 | nsigttl = htonl(orig_ttl); |
753 | ||
86bec2d3 | 754 | hash->update(ctx, 18, psav); |
5f8e58f4 | 755 | wire_len = to_wire(keyname); |
86bec2d3 | 756 | hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname); |
5f8e58f4 SK |
757 | from_wire(keyname); |
758 | ||
5f8e58f4 SK |
759 | for (i = 0; i < rrsetidx; ++i) |
760 | { | |
761 | int seg; | |
762 | unsigned char *end, *cp; | |
763 | u16 len, *dp; | |
d387380a | 764 | |
5f8e58f4 SK |
765 | p = rrset[i]; |
766 | if (!extract_name(header, plen, &p, name, 1, 10)) | |
767 | return STAT_INSECURE; | |
5ada8885 | 768 | |
d387380a SK |
769 | name_start = name; |
770 | ||
5ada8885 SK |
771 | /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */ |
772 | if (labels < name_labels) | |
773 | { | |
774 | int k; | |
775 | for (k = name_labels - labels; k != 0; k--) | |
776 | while (*name_start != '.' && *name_start != 0) | |
777 | name_start++; | |
778 | name_start--; | |
779 | *name_start = '*'; | |
780 | } | |
781 | ||
782 | wire_len = to_wire(name_start); | |
86bec2d3 SK |
783 | hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start); |
784 | hash->update(ctx, 4, p); /* class and type */ | |
785 | hash->update(ctx, 4, (unsigned char *)&nsigttl); | |
5f8e58f4 SK |
786 | |
787 | p += 8; /* skip class, type, ttl */ | |
788 | GETSHORT(rdlen, p); | |
5ada8885 SK |
789 | if (!CHECK_LEN(header, p, plen, rdlen)) |
790 | return STAT_INSECURE; | |
791 | ||
5f8e58f4 SK |
792 | end = p + rdlen; |
793 | ||
794 | /* canonicalise rdata and calculate length of same, use name buffer as workspace */ | |
795 | cp = p; | |
796 | dp = rr_desc; | |
797 | for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg); | |
798 | len += end - cp; | |
799 | len = htons(len); | |
86bec2d3 | 800 | hash->update(ctx, 2, (unsigned char *)&len); |
5f8e58f4 SK |
801 | |
802 | /* Now canonicalise again and digest. */ | |
803 | cp = p; | |
804 | dp = rr_desc; | |
805 | while ((seg = get_rdata(header, plen, end, name, &cp, &dp))) | |
86bec2d3 | 806 | hash->update(ctx, seg, (unsigned char *)name); |
5f8e58f4 | 807 | if (cp != end) |
86bec2d3 | 808 | hash->update(ctx, end - cp, cp); |
5f8e58f4 | 809 | } |
86bec2d3 SK |
810 | |
811 | hash->digest(ctx, hash->digest_size, digest); | |
812 | ||
5ada8885 SK |
813 | /* namebuff used for workspace above, restore to leave unchanged on exit */ |
814 | p = (unsigned char*)(rrset[0]); | |
815 | extract_name(header, plen, &p, name, 1, 0); | |
816 | ||
5f8e58f4 SK |
817 | if (key) |
818 | { | |
819 | if (algo_in == algo && keytag_in == key_tag && | |
ebe95a83 | 820 | verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo)) |
5f8e58f4 SK |
821 | return STAT_SECURE; |
822 | } | |
823 | else | |
824 | { | |
825 | /* iterate through all possible keys 4035 5.3.1 */ | |
826 | for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY)) | |
51ea3ca2 SK |
827 | if (crecp->addr.key.algo == algo && |
828 | crecp->addr.key.keytag == key_tag && | |
824202ef | 829 | crecp->uid == class && |
ebe95a83 | 830 | verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo)) |
5107ace1 | 831 | return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE; |
5f8e58f4 SK |
832 | } |
833 | } | |
834 | ||
835 | return STAT_BOGUS; | |
836 | } | |
837 | ||
0fc2f313 | 838 | /* The DNS packet is expected to contain the answer to a DNSKEY query. |
c3e0b9b6 SK |
839 | Put all DNSKEYs in the answer which are valid into the cache. |
840 | return codes: | |
841 | STAT_INSECURE bad packet, no DNSKEYs in reply. | |
842 | STAT_SECURE At least one valid DNSKEY found and in cache. | |
0fc2f313 SK |
843 | STAT_BOGUS No DNSKEYs found, which can be validated with DS, |
844 | or self-sign for DNSKEY RRset is not valid. | |
845 | STAT_NEED_DS DS records to validate a key not found, name in keyname | |
c3e0b9b6 SK |
846 | */ |
847 | int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class) | |
848 | { | |
0fc2f313 | 849 | unsigned char *psave, *p = (unsigned char *)(header+1); |
c3e0b9b6 | 850 | struct crec *crecp, *recp1; |
8d718cbb | 851 | int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered; |
c3e0b9b6 | 852 | struct blockdata *key; |
51ea3ca2 | 853 | struct all_addr a; |
c3e0b9b6 | 854 | |
5f8e58f4 SK |
855 | if (ntohs(header->qdcount) != 1 || |
856 | !extract_name(header, plen, &p, name, 1, 4)) | |
8d718cbb | 857 | return STAT_INSECURE; |
5f8e58f4 | 858 | |
c3e0b9b6 SK |
859 | GETSHORT(qtype, p); |
860 | GETSHORT(qclass, p); | |
861 | ||
0fc2f313 | 862 | if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0) |
f01d7be6 | 863 | return STAT_BOGUS; |
c3e0b9b6 | 864 | |
0fc2f313 SK |
865 | /* See if we have cached a DS record which validates this key */ |
866 | if (!(crecp = cache_find_by_name(NULL, name, now, F_DS))) | |
867 | { | |
868 | strcpy(keyname, name); | |
869 | return STAT_NEED_DS; | |
870 | } | |
871 | ||
0fc2f313 | 872 | /* NOTE, we need to find ONE DNSKEY which matches the DS */ |
e7829aef | 873 | for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--) |
c3e0b9b6 SK |
874 | { |
875 | /* Ensure we have type, class TTL and length */ | |
0fc2f313 | 876 | if (!(rc = extract_name(header, plen, &p, name, 0, 10))) |
c3e0b9b6 SK |
877 | return STAT_INSECURE; /* bad packet */ |
878 | ||
879 | GETSHORT(qtype, p); | |
880 | GETSHORT(qclass, p); | |
881 | GETLONG(ttl, p); | |
882 | GETSHORT(rdlen, p); | |
6f468103 | 883 | |
0fc2f313 SK |
884 | if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4) |
885 | return STAT_INSECURE; /* bad packet */ | |
886 | ||
6f468103 SK |
887 | if (qclass != class || qtype != T_DNSKEY || rc == 2) |
888 | { | |
889 | p += rdlen; | |
890 | continue; | |
891 | } | |
892 | ||
0fc2f313 | 893 | psave = p; |
c3e0b9b6 | 894 | |
c3e0b9b6 | 895 | GETSHORT(flags, p); |
0fc2f313 | 896 | if (*p++ != 3) |
f01d7be6 | 897 | return STAT_BOGUS; |
c3e0b9b6 | 898 | algo = *p++; |
0fc2f313 | 899 | keytag = dnskey_keytag(algo, flags, p, rdlen - 4); |
e7829aef | 900 | key = NULL; |
c3e0b9b6 | 901 | |
e7829aef SK |
902 | /* key must have zone key flag set */ |
903 | if (flags & 0x100) | |
904 | key = blockdata_alloc((char*)p, rdlen - 4); | |
c3e0b9b6 | 905 | |
0fc2f313 | 906 | p = psave; |
e7829aef | 907 | |
0fc2f313 | 908 | if (!ADD_RDLEN(header, p, plen, rdlen)) |
8d718cbb SK |
909 | { |
910 | if (key) | |
911 | blockdata_free(key); | |
912 | return STAT_INSECURE; /* bad packet */ | |
913 | } | |
914 | ||
e7829aef SK |
915 | /* No zone key flag or malloc failure */ |
916 | if (!key) | |
0fc2f313 SK |
917 | continue; |
918 | ||
919 | for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS)) | |
86bec2d3 SK |
920 | { |
921 | void *ctx; | |
922 | unsigned char *digest, *ds_digest; | |
923 | const struct nettle_hash *hash; | |
924 | ||
51ea3ca2 SK |
925 | if (recp1->addr.ds.algo == algo && |
926 | recp1->addr.ds.keytag == keytag && | |
824202ef | 927 | recp1->uid == class && |
51ea3ca2 | 928 | (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) && |
86bec2d3 | 929 | hash_init(hash, &ctx, &digest)) |
0fc2f313 | 930 | |
86bec2d3 SK |
931 | { |
932 | int wire_len = to_wire(name); | |
933 | ||
934 | /* Note that digest may be different between DSs, so | |
935 | we can't move this outside the loop. */ | |
936 | hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name); | |
937 | hash->update(ctx, (unsigned int)rdlen, psave); | |
938 | hash->digest(ctx, hash->digest_size, digest); | |
939 | ||
940 | from_wire(name); | |
941 | ||
824202ef SK |
942 | if (recp1->addr.ds.keylen == (int)hash->digest_size && |
943 | (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) && | |
944 | memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 && | |
f6a2b793 | 945 | validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE) |
86bec2d3 | 946 | { |
86bec2d3 | 947 | valid = 1; |
86bec2d3 SK |
948 | break; |
949 | } | |
950 | } | |
951 | } | |
e7829aef | 952 | blockdata_free(key); |
c3e0b9b6 | 953 | } |
c3e0b9b6 | 954 | |
0fc2f313 SK |
955 | if (valid) |
956 | { | |
8d718cbb | 957 | /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */ |
e7829aef SK |
958 | cache_start_insert(); |
959 | ||
960 | p = skip_questions(header, plen); | |
961 | ||
962 | for (j = ntohs(header->ancount); j != 0; j--) | |
963 | { | |
964 | /* Ensure we have type, class TTL and length */ | |
965 | if (!(rc = extract_name(header, plen, &p, name, 0, 10))) | |
966 | return STAT_INSECURE; /* bad packet */ | |
967 | ||
968 | GETSHORT(qtype, p); | |
969 | GETSHORT(qclass, p); | |
970 | GETLONG(ttl, p); | |
971 | GETSHORT(rdlen, p); | |
8d718cbb SK |
972 | |
973 | if (!CHECK_LEN(header, p, plen, rdlen)) | |
e7829aef | 974 | return STAT_INSECURE; /* bad packet */ |
e7829aef | 975 | |
8d718cbb | 976 | if (qclass == class && rc == 1) |
e7829aef | 977 | { |
8d718cbb | 978 | psave = p; |
e7829aef | 979 | |
8d718cbb SK |
980 | if (qtype == T_DNSKEY) |
981 | { | |
982 | if (rdlen < 4) | |
983 | return STAT_INSECURE; /* bad packet */ | |
984 | ||
985 | GETSHORT(flags, p); | |
986 | if (*p++ != 3) | |
f01d7be6 | 987 | return STAT_BOGUS; |
8d718cbb SK |
988 | algo = *p++; |
989 | keytag = dnskey_keytag(algo, flags, p, rdlen - 4); | |
990 | ||
991 | /* Cache needs to known class for DNSSEC stuff */ | |
992 | a.addr.dnssec.class = class; | |
993 | ||
994 | if ((key = blockdata_alloc((char*)p, rdlen - 4))) | |
995 | { | |
996 | if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))) | |
997 | blockdata_free(key); | |
998 | else | |
999 | { | |
1000 | a.addr.keytag = keytag; | |
1001 | log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u"); | |
1002 | ||
1003 | recp1->addr.key.keylen = rdlen - 4; | |
1004 | recp1->addr.key.keydata = key; | |
1005 | recp1->addr.key.algo = algo; | |
1006 | recp1->addr.key.keytag = keytag; | |
1007 | recp1->addr.key.flags = flags; | |
1008 | recp1->uid = class; | |
1009 | } | |
1010 | } | |
1011 | } | |
1012 | else if (qtype == T_RRSIG) | |
1013 | { | |
1014 | /* RRSIG, cache if covers DNSKEY RRset */ | |
1015 | if (rdlen < 18) | |
1016 | return STAT_INSECURE; /* bad packet */ | |
1017 | ||
1018 | GETSHORT(type_covered, p); | |
1019 | ||
1020 | if (type_covered == T_DNSKEY) | |
1021 | { | |
1022 | a.addr.dnssec.class = class; | |
1023 | a.addr.dnssec.type = type_covered; | |
1024 | ||
1025 | algo = *p++; | |
1026 | p += 13; /* labels, orig_ttl, expiration, inception */ | |
1027 | GETSHORT(keytag, p); | |
1028 | if ((key = blockdata_alloc((char*)psave, rdlen))) | |
1029 | { | |
1030 | if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS))) | |
1031 | blockdata_free(key); | |
1032 | else | |
1033 | { | |
1034 | crecp->uid = class; | |
1035 | crecp->addr.sig.keydata = key; | |
1036 | crecp->addr.sig.keylen = rdlen; | |
1037 | crecp->addr.sig.keytag = keytag; | |
1038 | crecp->addr.sig.type_covered = type_covered; | |
1039 | crecp->addr.sig.algo = algo; | |
1040 | } | |
1041 | } | |
1042 | } | |
1043 | } | |
e7829aef | 1044 | |
8d718cbb | 1045 | p = psave; |
e7829aef | 1046 | } |
8d718cbb | 1047 | |
e7829aef SK |
1048 | if (!ADD_RDLEN(header, p, plen, rdlen)) |
1049 | return STAT_INSECURE; /* bad packet */ | |
1050 | } | |
1051 | ||
0fc2f313 SK |
1052 | /* commit cache insert. */ |
1053 | cache_end_insert(); | |
1054 | return STAT_SECURE; | |
1055 | } | |
1056 | ||
1057 | log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY"); | |
1058 | return STAT_BOGUS; | |
c3e0b9b6 | 1059 | } |
0fc2f313 | 1060 | |
c3e0b9b6 SK |
1061 | /* The DNS packet is expected to contain the answer to a DS query |
1062 | Put all DSs in the answer which are valid into the cache. | |
1063 | return codes: | |
0fc2f313 | 1064 | STAT_INSECURE bad packet, no DS in reply. |
c3e0b9b6 SK |
1065 | STAT_SECURE At least one valid DS found and in cache. |
1066 | STAT_BOGUS At least one DS found, which fails validation. | |
1067 | STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname | |
1068 | */ | |
1069 | ||
1070 | int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class) | |
1071 | { | |
51ea3ca2 SK |
1072 | unsigned char *p = (unsigned char *)(header+1); |
1073 | int qtype, qclass, val; | |
c3e0b9b6 | 1074 | |
5f8e58f4 SK |
1075 | if (ntohs(header->qdcount) != 1 || |
1076 | !extract_name(header, plen, &p, name, 1, 4)) | |
8d718cbb SK |
1077 | return STAT_INSECURE; |
1078 | ||
c3e0b9b6 SK |
1079 | GETSHORT(qtype, p); |
1080 | GETSHORT(qclass, p); | |
1081 | ||
0fc2f313 | 1082 | if (qtype != T_DS || qclass != class || ntohs(header->ancount) == 0) |
f01d7be6 | 1083 | return STAT_BOGUS; |
0fc2f313 | 1084 | |
51ea3ca2 SK |
1085 | val = dnssec_validate_reply(now, header, plen, name, keyname, NULL); |
1086 | ||
0fc2f313 | 1087 | if (val == STAT_BOGUS) |
8d718cbb SK |
1088 | { |
1089 | p = (unsigned char *)(header+1); | |
1090 | extract_name(header, plen, &p, name, 1, 4); | |
1091 | log_query(F_UPSTREAM, name, NULL, "BOGUS DS"); | |
1092 | } | |
c3e0b9b6 | 1093 | |
51ea3ca2 | 1094 | return val; |
c3e0b9b6 SK |
1095 | } |
1096 | ||
c5f4ec7d SK |
1097 | /* 4034 6.1 */ |
1098 | static int hostname_cmp(const char *a, const char *b) | |
1099 | { | |
dbf72123 SK |
1100 | char *sa, *ea, *ca, *sb, *eb, *cb; |
1101 | unsigned char ac, bc; | |
1102 | ||
1103 | sa = ea = (char *)a + strlen(a); | |
1104 | sb = eb = (char *)b + strlen(b); | |
1105 | ||
c5f4ec7d SK |
1106 | while (1) |
1107 | { | |
dbf72123 SK |
1108 | while (sa != a && *(sa-1) != '.') |
1109 | sa--; | |
c5f4ec7d | 1110 | |
dbf72123 SK |
1111 | while (sb != b && *(sb-1) != '.') |
1112 | sb--; | |
1113 | ||
1114 | ca = sa; | |
1115 | cb = sb; | |
1116 | ||
1117 | while (1) | |
1118 | { | |
1119 | if (ca == ea) | |
1120 | { | |
1121 | if (cb == eb) | |
1122 | break; | |
1123 | ||
1124 | return -1; | |
1125 | } | |
c5f4ec7d | 1126 | |
dbf72123 SK |
1127 | if (cb == eb) |
1128 | return 1; | |
1129 | ||
1130 | ac = (unsigned char) *ca++; | |
1131 | bc = (unsigned char) *cb++; | |
1132 | ||
1133 | if (ac >= 'A' && ac <= 'Z') | |
1134 | ac += 'a' - 'A'; | |
1135 | if (bc >= 'A' && bc <= 'Z') | |
1136 | bc += 'a' - 'A'; | |
1137 | ||
979cdf9b | 1138 | if (ac < bc) |
dbf72123 SK |
1139 | return -1; |
1140 | else if (ac != bc) | |
1141 | return 1; | |
1142 | } | |
c5f4ec7d | 1143 | |
dbf72123 SK |
1144 | |
1145 | if (sa == a) | |
c5f4ec7d | 1146 | { |
dbf72123 SK |
1147 | if (sb == b) |
1148 | return 0; | |
c5f4ec7d | 1149 | |
dbf72123 | 1150 | return -1; |
c5f4ec7d SK |
1151 | } |
1152 | ||
dbf72123 SK |
1153 | if (sb == b) |
1154 | return 1; | |
c5f4ec7d | 1155 | |
dbf72123 SK |
1156 | ea = sa--; |
1157 | eb = sb--; | |
c5f4ec7d SK |
1158 | } |
1159 | } | |
1160 | ||
5107ace1 SK |
1161 | /* Find all the NSEC or NSEC3 records in a reply. |
1162 | return an array of pointers to them. */ | |
1163 | static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd) | |
1164 | { | |
1165 | static unsigned char **nsecset = NULL; | |
1166 | static int nsecset_sz = 0; | |
1167 | ||
1168 | int type_found = -1; | |
1169 | unsigned char *p = skip_questions(header, plen); | |
1170 | int type, class, rdlen, i, nsecs_found; | |
1171 | ||
1172 | /* Move to NS section */ | |
1173 | if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen))) | |
1174 | return 0; | |
1175 | ||
1176 | for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--) | |
1177 | { | |
1178 | unsigned char *pstart = p; | |
1179 | ||
1180 | if (!(p = skip_name(p, header, plen, 10))) | |
1181 | return 0; | |
1182 | ||
1183 | GETSHORT(type, p); | |
1184 | GETSHORT(class, p); | |
1185 | p += 4; /* TTL */ | |
1186 | GETSHORT(rdlen, p); | |
1187 | ||
1188 | if (class == class_reqd && (type == T_NSEC || type == T_NSEC3)) | |
1189 | { | |
1190 | /* No mixed NSECing 'round here, thankyouverymuch */ | |
1191 | if (type_found == T_NSEC && type == T_NSEC3) | |
1192 | return 0; | |
1193 | if (type_found == T_NSEC3 && type == T_NSEC) | |
1194 | return 0; | |
1195 | ||
1196 | type_found = type; | |
1197 | ||
1198 | if (nsecs_found == nsecset_sz) | |
1199 | { | |
1200 | unsigned char **new; | |
1201 | ||
1202 | /* Protect against insane/malicious queries which bloat the workspace | |
1203 | and eat CPU in the sort */ | |
1204 | if (nsecs_found >= 100) | |
1205 | return 0; | |
1206 | ||
1207 | /* expand */ | |
1208 | if (!(new = whine_malloc((nsecset_sz + 5) * sizeof(unsigned char **)))) | |
1209 | return 0; | |
1210 | ||
1211 | if (nsecset) | |
1212 | { | |
1213 | memcpy(new, nsecset, nsecset_sz * sizeof(unsigned char **)); | |
1214 | free(nsecset); | |
1215 | } | |
1216 | ||
1217 | nsecset = new; | |
1218 | nsecset_sz += 5; | |
1219 | } | |
1220 | ||
1221 | nsecset[nsecs_found++] = pstart; | |
1222 | } | |
1223 | ||
1224 | if (!ADD_RDLEN(header, p, plen, rdlen)) | |
1225 | return 0; | |
1226 | } | |
1227 | ||
1228 | *nsecsetp = nsecset; | |
1229 | *nsecsetl = nsecs_found; | |
1230 | ||
1231 | return type_found; | |
1232 | } | |
1233 | ||
1234 | static int prove_non_existance_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count, | |
1235 | char *workspace1, char *workspace2, char *name, int type) | |
1236 | { | |
1237 | int i, rc, rdlen; | |
1238 | unsigned char *p, *psave; | |
1239 | int offset = (type & 0xff) >> 3; | |
1240 | int mask = 0x80 >> (type & 0x07); | |
1241 | ||
1242 | /* Find NSEC record that proves name doesn't exist */ | |
1243 | for (i = 0; i < nsec_count; i++) | |
1244 | { | |
1245 | p = nsecs[i]; | |
1246 | if (!extract_name(header, plen, &p, workspace1, 1, 10)) | |
1247 | return STAT_INSECURE; | |
1248 | p += 8; /* class, type, TTL */ | |
1249 | GETSHORT(rdlen, p); | |
1250 | psave = p; | |
1251 | if (!extract_name(header, plen, &p, workspace2, 1, 10)) | |
1252 | return STAT_INSECURE; | |
1253 | ||
1254 | rc = hostname_cmp(workspace1, name); | |
1255 | ||
1256 | if (rc == 0) | |
1257 | { | |
f01d7be6 SK |
1258 | /* 4035 para 5.4. Last sentence */ |
1259 | if (type == T_NSEC || type == T_RRSIG) | |
1260 | return STAT_SECURE; | |
1261 | ||
5107ace1 SK |
1262 | /* NSEC with the same name as the RR we're testing, check |
1263 | that the type in question doesn't appear in the type map */ | |
1264 | rdlen -= p - psave; | |
1265 | /* rdlen is now length of type map, and p points to it */ | |
1266 | ||
1267 | while (rdlen >= 2) | |
1268 | { | |
1269 | if (!CHECK_LEN(header, p, plen, rdlen)) | |
1270 | return STAT_INSECURE; | |
1271 | ||
1272 | if (p[0] == type >> 8) | |
1273 | { | |
1274 | /* Does the NSEC say our type exists? */ | |
1275 | if (offset < p[1] && | |
1276 | (p[offset+2] & mask) != 0) | |
1277 | return STAT_BOGUS; | |
1278 | ||
1279 | break; /* finshed checking */ | |
1280 | } | |
1281 | ||
1282 | rdlen -= p[1]; | |
1283 | p += p[1]; | |
1284 | } | |
1285 | ||
1286 | return STAT_SECURE; | |
1287 | } | |
1288 | else if (rc == -1) | |
1289 | { | |
1290 | /* Normal case, name falls between NSEC name and next domain name, | |
1291 | wrap around case, name falls between NSEC name (rc == -1) and end */ | |
1292 | if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1) | |
1293 | return STAT_SECURE; | |
1294 | } | |
1295 | else | |
1296 | { | |
1297 | /* wrap around case, name falls between start and next domain name */ | |
1298 | if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1) | |
1299 | return STAT_SECURE; | |
1300 | } | |
1301 | } | |
1302 | ||
1303 | return STAT_BOGUS; | |
1304 | } | |
1305 | ||
1306 | /* return digest length, or zero on error */ | |
1307 | static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash, | |
1308 | unsigned char *salt, int salt_len, int iterations) | |
1309 | { | |
1310 | void *ctx; | |
1311 | unsigned char *digest; | |
1312 | int i; | |
1313 | ||
1314 | if (!hash_init(hash, &ctx, &digest)) | |
1315 | return 0; | |
1316 | ||
1317 | hash->update(ctx, to_wire(in), (unsigned char *)in); | |
1318 | hash->update(ctx, salt_len, salt); | |
1319 | hash->digest(ctx, hash->digest_size, digest); | |
1320 | ||
1321 | for(i = 0; i < iterations; i++) | |
1322 | { | |
1323 | hash->update(ctx, hash->digest_size, digest); | |
1324 | hash->update(ctx, salt_len, salt); | |
1325 | hash->digest(ctx, hash->digest_size, digest); | |
1326 | } | |
1327 | ||
1328 | from_wire(in); | |
1329 | ||
1330 | *out = digest; | |
1331 | return hash->digest_size; | |
1332 | } | |
1333 | ||
1334 | /* Decode base32 to first "." or end of string */ | |
1335 | static int base32_decode(char *in, unsigned char *out) | |
1336 | { | |
1337 | int oc = 0, on = 0, c, mask, i; | |
1338 | unsigned char *p = out; | |
1339 | ||
1340 | while (1) | |
1341 | { | |
1342 | c = *in++; | |
1343 | ||
1344 | if (c == 0 || c == '.') | |
1345 | break; | |
1346 | ||
1347 | if (c >= '0' && c <= '9') | |
1348 | c -= '0'; | |
1349 | else if (c >= 'a' && c <= 'v') | |
1350 | c -= 'a', c += 10; | |
1351 | else if (c >= 'A' && c <= 'V') | |
1352 | c -= 'A', c += 10; | |
1353 | else | |
1354 | return 0; | |
1355 | ||
1356 | for (mask = 0x10, i = 0; i < 5; i++) | |
1357 | { | |
1358 | if (c & mask) | |
1359 | oc |= 1; | |
1360 | mask = mask >> 1; | |
1361 | if (((++on) & 7) == 0) | |
1362 | *p++ = oc; | |
1363 | oc = oc << 1; | |
1364 | } | |
1365 | } | |
1366 | ||
1367 | if ((on & 7) != 0) | |
1368 | return 0; | |
1369 | ||
1370 | return p - out; | |
1371 | } | |
1372 | ||
1373 | static int prove_non_existance_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count, | |
1374 | char *workspace1, char *workspace2, char *name, int type) | |
1375 | { | |
1376 | unsigned char *salt, *p, *digest, hash_len; | |
1377 | int digest_size, i, iterations, salt_len, algo = 0; | |
1378 | struct nettle_hash const *hash; | |
1379 | char *closest_encloser, *next_closest, *wildcard; | |
1380 | ||
1381 | /* Look though the NSEC3 records to find the first one with | |
1382 | an algorithm we support (currently only algo == 1). | |
1383 | ||
1384 | Take the algo, iterations, and salt of that record | |
1385 | as the ones we're going to use, and prune any | |
1386 | that don't match. */ | |
1387 | ||
1388 | for (i = 0; i < nsec_count; i++) | |
1389 | { | |
1390 | if (!(p = skip_name(nsecs[i], header, plen, 15))) | |
1391 | return STAT_INSECURE; /* bad packet */ | |
1392 | ||
1393 | p += 10; /* type, class, TTL, rdlen */ | |
1394 | algo = *p++; | |
1395 | ||
1396 | if (algo == 1) | |
1397 | break; /* known algo */ | |
1398 | } | |
1399 | ||
1400 | /* No usable NSEC3s */ | |
1401 | if (i == nsec_count) | |
1402 | return STAT_BOGUS; | |
1403 | ||
1404 | p++; /* flags */ | |
1405 | GETSHORT (iterations, p); | |
1406 | salt_len = *p++; | |
1407 | salt = p; | |
1408 | if (!CHECK_LEN(header, salt, plen, salt_len)) | |
1409 | return STAT_INSECURE; /* bad packet */ | |
1410 | ||
1411 | /* Now prune so we only have NSEC3 records with same iterations, salt and algo */ | |
1412 | for (i = 0; i < nsec_count; i++) | |
1413 | { | |
1414 | unsigned char *nsec3p = nsecs[i]; | |
1415 | int this_iter; | |
1416 | ||
1417 | nsecs[i] = NULL; /* Speculative, will be restored if OK. */ | |
1418 | ||
1419 | if (!(p = skip_name(nsec3p, header, plen, 15))) | |
1420 | return STAT_INSECURE; /* bad packet */ | |
1421 | ||
1422 | p += 10; /* type, class, TTL, rdlen */ | |
1423 | ||
1424 | if (*p++ != algo) | |
1425 | continue; | |
1426 | ||
1427 | p++; /* flags */ | |
1428 | ||
1429 | GETSHORT (this_iter, p); | |
1430 | if (this_iter != iterations) | |
1431 | continue; | |
1432 | ||
1433 | if (salt_len != *p++) | |
1434 | continue; | |
1435 | ||
1436 | if (!CHECK_LEN(header, p, plen, salt_len)) | |
1437 | return STAT_INSECURE; /* bad packet */ | |
1438 | ||
1439 | if (memcmp(p, salt, salt_len) != 0) | |
1440 | continue; | |
1441 | ||
1442 | /* All match, put the pointer back */ | |
1443 | nsecs[i] = nsec3p; | |
1444 | } | |
1445 | ||
1446 | /* Algo is checked as 1 above */ | |
1447 | if (!(hash = hash_find("sha1"))) | |
1448 | return STAT_INSECURE; | |
1449 | ||
1450 | /* Now, we need the "closest encloser NSEC3" */ | |
1451 | closest_encloser = name; | |
1452 | next_closest = NULL; | |
1453 | ||
1454 | do | |
1455 | { | |
1456 | if (*closest_encloser == '.') | |
1457 | closest_encloser++; | |
c5f4ec7d | 1458 | |
5107ace1 SK |
1459 | if ((digest_size = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0) |
1460 | return STAT_INSECURE; | |
1461 | ||
1462 | for (i = 0; i < nsec_count; i++) | |
1463 | if ((p = nsecs[i])) | |
1464 | { | |
1465 | int base32_size; | |
1466 | ||
1467 | if (!extract_name(header, plen, &p, workspace1, 1, 0) || | |
1468 | !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2))) | |
1469 | return STAT_INSECURE; | |
1470 | ||
1471 | if (digest_size == base32_size && | |
1472 | memcmp(digest, workspace2, digest_size) == 0) | |
1473 | break; /* Gotit */ | |
1474 | } | |
1475 | ||
1476 | if (i != nsec_count) | |
1477 | break; | |
1478 | ||
1479 | next_closest = closest_encloser; | |
1480 | } | |
1481 | while ((closest_encloser = strchr(closest_encloser, '.'))); | |
1482 | ||
1483 | /* No usable NSEC3s */ | |
1484 | if (i == nsec_count) | |
1485 | return STAT_BOGUS; | |
1486 | ||
1487 | if (!next_closest) | |
1488 | { | |
1489 | /* We found an NSEC3 whose hashed name exactly matches the query, so | |
1490 | Now we just need to check the type map. p points to the RR data for the record. */ | |
1491 | int hash_len, rdlen; | |
1492 | unsigned char *psave; | |
1493 | int offset = (type & 0xff) >> 3; | |
1494 | int mask = 0x80 >> (type & 0x07); | |
1495 | ||
1496 | p += 8; /* class, type, TTL */ | |
1497 | GETSHORT(rdlen, p); | |
1498 | psave = p; | |
1499 | p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */ | |
1500 | hash_len = *p++; | |
1501 | if (!CHECK_LEN(header, p, plen, hash_len)) | |
1502 | return STAT_INSECURE; /* bad packet */ | |
1503 | p += hash_len; | |
1504 | rdlen -= p - psave; | |
1505 | ||
1506 | while (rdlen >= 2) | |
1507 | { | |
1508 | if (!CHECK_LEN(header, p, plen, rdlen)) | |
1509 | return STAT_INSECURE; | |
1510 | ||
1511 | if (p[0] == type >> 8) | |
1512 | { | |
1513 | /* Does the NSEC say our type exists? */ | |
1514 | if (offset < p[1] && | |
1515 | (p[offset+2] & mask) != 0) | |
1516 | return STAT_BOGUS; | |
1517 | ||
1518 | break; /* finshed checking */ | |
1519 | } | |
1520 | ||
1521 | rdlen -= p[1]; | |
1522 | p += p[1]; | |
1523 | } | |
1524 | ||
1525 | return STAT_SECURE; | |
1526 | } | |
1527 | ||
1528 | /* Look for NSEC3 that proves the non-existance of the next-closest encloser */ | |
1529 | if ((digest_size = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0) | |
1530 | return STAT_INSECURE; | |
1531 | ||
1532 | for (i = 0; i < nsec_count; i++) | |
1533 | if ((p = nsecs[i])) | |
1534 | { | |
1535 | int base32_size; | |
1536 | ||
1537 | if (!extract_name(header, plen, &p, workspace1, 1, 0) || | |
1538 | !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2))) | |
1539 | return STAT_INSECURE; | |
1540 | ||
1541 | p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */ | |
1542 | hash_len = *p++; /* p now points to next hashed name */ | |
1543 | ||
1544 | if (!CHECK_LEN(header, p, plen, hash_len)) | |
1545 | return STAT_INSECURE; | |
1546 | ||
1547 | if (digest_size == base32_size && hash_len == base32_size) | |
1548 | { | |
1549 | if (memcmp(workspace2, digest, digest_size) <= 0) | |
1550 | { | |
1551 | /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash, | |
1552 | wrap around case, name-hash falls between NSEC3 name-hash and end */ | |
f2e4c277 | 1553 | if (memcmp(p, digest, digest_size) > 0 || memcmp(workspace2, p, digest_size) > 0) |
5107ace1 SK |
1554 | return STAT_SECURE; |
1555 | } | |
1556 | else | |
1557 | { | |
1558 | /* wrap around case, name falls between start and next domain name */ | |
f2e4c277 | 1559 | if (memcmp(workspace2, p, digest_size) > 0 && memcmp(p, digest, digest_size) > 0) |
5107ace1 SK |
1560 | return STAT_SECURE; |
1561 | } | |
1562 | } | |
1563 | } | |
1564 | ||
1565 | /* Finally, check that there's no seat of wildcard synthesis */ | |
1566 | if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest) | |
1567 | return STAT_BOGUS; | |
1568 | ||
1569 | wildcard--; | |
1570 | *wildcard = '*'; | |
1571 | ||
1572 | if ((digest_size = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0) | |
1573 | return STAT_INSECURE; | |
1574 | ||
1575 | for (i = 0; i < nsec_count; i++) | |
1576 | if ((p = nsecs[i])) | |
1577 | { | |
1578 | int base32_size; | |
1579 | ||
1580 | if (!extract_name(header, plen, &p, workspace1, 1, 0) || | |
1581 | !(base32_size = base32_decode(workspace1, (unsigned char *)workspace2))) | |
1582 | return STAT_INSECURE; | |
1583 | ||
1584 | p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */ | |
1585 | hash_len = *p++; /* p now points to next hashed name */ | |
1586 | ||
1587 | if (!CHECK_LEN(header, p, plen, hash_len)) | |
1588 | return STAT_INSECURE; | |
1589 | ||
1590 | if (digest_size == base32_size && hash_len == base32_size) | |
1591 | { | |
1592 | if (memcmp(workspace2, digest, digest_size) <= 0) | |
1593 | { | |
1594 | /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash, | |
1595 | wrap around case, name-hash falls between NSEC3 name-hash and end */ | |
f2e4c277 | 1596 | if (memcmp(p, digest, digest_size) > 0 || memcmp(workspace2, p, digest_size) > 0) |
5107ace1 SK |
1597 | return STAT_SECURE; |
1598 | } | |
1599 | else | |
1600 | { | |
1601 | /* wrap around case, name falls between start and next domain name */ | |
f2e4c277 | 1602 | if (memcmp(workspace2, p, digest_size) > 0 && memcmp(p, digest, digest_size) > 0) |
5107ace1 SK |
1603 | return STAT_SECURE; |
1604 | } | |
1605 | } | |
1606 | } | |
1607 | ||
1608 | return STAT_BOGUS; | |
1609 | } | |
1610 | ||
0fc2f313 | 1611 | /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */ |
51ea3ca2 | 1612 | /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */ |
0fc2f313 | 1613 | int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class) |
adca3e9c | 1614 | { |
5107ace1 | 1615 | unsigned char *ans_start, *p1, *p2, **nsecs; |
0fc2f313 | 1616 | int type1, class1, rdlen1, type2, class2, rdlen2; |
5107ace1 SK |
1617 | int i, j, rc, nsec_count, cname_count = 10; |
1618 | int nsec_type = 0; | |
adca3e9c | 1619 | |
e3ec15af SK |
1620 | if (RCODE(header) == SERVFAIL) |
1621 | return STAT_BOGUS; | |
1622 | ||
c5f4ec7d | 1623 | if ((RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR) || ntohs(header->qdcount) != 1) |
72ae2f3d | 1624 | return STAT_INSECURE; |
c5f4ec7d | 1625 | |
0fc2f313 SK |
1626 | if (!(ans_start = skip_questions(header, plen))) |
1627 | return STAT_INSECURE; | |
1628 | ||
1629 | for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++) | |
adca3e9c | 1630 | { |
0fc2f313 SK |
1631 | if (!extract_name(header, plen, &p1, name, 1, 10)) |
1632 | return STAT_INSECURE; /* bad packet */ | |
1633 | ||
1634 | GETSHORT(type1, p1); | |
1635 | GETSHORT(class1, p1); | |
1636 | p1 += 4; /* TTL */ | |
1637 | GETSHORT(rdlen1, p1); | |
1638 | ||
1639 | /* Don't try and validate RRSIGs! */ | |
1640 | if (type1 != T_RRSIG) | |
1641 | { | |
1642 | /* Check if we've done this RRset already */ | |
1643 | for (p2 = ans_start, j = 0; j < i; j++) | |
1644 | { | |
1645 | if (!(rc = extract_name(header, plen, &p2, name, 0, 10))) | |
1646 | return STAT_INSECURE; /* bad packet */ | |
1647 | ||
1648 | GETSHORT(type2, p2); | |
1649 | GETSHORT(class2, p2); | |
1650 | p2 += 4; /* TTL */ | |
1651 | GETSHORT(rdlen2, p2); | |
1652 | ||
1653 | if (type2 == type1 && class2 == class1 && rc == 1) | |
1654 | break; /* Done it before: name, type, class all match. */ | |
1655 | ||
1656 | if (!ADD_RDLEN(header, p2, plen, rdlen2)) | |
1657 | return STAT_INSECURE; | |
1658 | } | |
1659 | ||
1660 | /* Not done, validate now */ | |
51ea3ca2 | 1661 | if (j == i) |
0fc2f313 | 1662 | { |
8d718cbb SK |
1663 | int ttl, keytag, algo, digest, type_covered; |
1664 | unsigned char *psave; | |
1665 | struct all_addr a; | |
1666 | struct blockdata *key; | |
1667 | struct crec *crecp; | |
1668 | ||
5107ace1 SK |
1669 | rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0); |
1670 | ||
1671 | if (rc == STAT_SECURE_WILDCARD) | |
1672 | { | |
1673 | /* An attacker replay a wildcard answer with a different | |
1674 | answer and overlay an genuine RR. To prove this | |
1675 | hasn't happened, the answer must prove that | |
1676 | a record doesn't exist. Check that here. */ | |
1677 | if (!nsec_type) | |
1678 | { | |
1679 | nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1); | |
1680 | ||
1681 | if (nsec_type == 0) | |
1682 | return STAT_INSECURE; /* Bad packet */ | |
1683 | if (nsec_type == -1) | |
1684 | return STAT_BOGUS; /* No NSECs */ | |
1685 | } | |
1686 | ||
1687 | if (nsec_type == T_NSEC) | |
1688 | rc = prove_non_existance_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1); | |
1689 | else | |
1690 | rc = prove_non_existance_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1); | |
1691 | ||
1692 | if (rc != STAT_SECURE) | |
1693 | return rc; | |
1694 | } | |
1695 | else if (rc != STAT_SECURE) | |
51ea3ca2 SK |
1696 | { |
1697 | if (class) | |
1698 | *class = class1; /* Class for DS or DNSKEY */ | |
1699 | return rc; | |
1700 | } | |
5107ace1 | 1701 | |
8d718cbb SK |
1702 | /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */ |
1703 | cache_start_insert(); | |
1704 | ||
1705 | for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++) | |
51ea3ca2 | 1706 | { |
8d718cbb SK |
1707 | if (!(rc = extract_name(header, plen, &p2, name, 0, 10))) |
1708 | return STAT_INSECURE; /* bad packet */ | |
51ea3ca2 | 1709 | |
8d718cbb SK |
1710 | GETSHORT(type2, p2); |
1711 | GETSHORT(class2, p2); | |
1712 | GETLONG(ttl, p2); | |
1713 | GETSHORT(rdlen2, p2); | |
1714 | ||
1715 | if (!CHECK_LEN(header, p2, plen, rdlen2)) | |
1716 | return STAT_INSECURE; /* bad packet */ | |
1717 | ||
1718 | if (class2 == class1 && rc == 1) | |
1719 | { | |
1720 | psave = p2; | |
1721 | ||
1722 | if (type1 == T_DS && type2 == T_DS) | |
51ea3ca2 | 1723 | { |
8d718cbb SK |
1724 | if (rdlen2 < 4) |
1725 | return STAT_INSECURE; /* bad packet */ | |
1726 | ||
51ea3ca2 SK |
1727 | GETSHORT(keytag, p2); |
1728 | algo = *p2++; | |
1729 | digest = *p2++; | |
1730 | ||
1731 | /* Cache needs to known class for DNSSEC stuff */ | |
1732 | a.addr.dnssec.class = class2; | |
1733 | ||
8d718cbb | 1734 | if ((key = blockdata_alloc((char*)p2, rdlen2 - 4))) |
51ea3ca2 | 1735 | { |
8d718cbb SK |
1736 | if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))) |
1737 | blockdata_free(key); | |
1738 | else | |
1739 | { | |
1740 | a.addr.keytag = keytag; | |
1741 | log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u"); | |
1742 | crecp->addr.ds.digest = digest; | |
1743 | crecp->addr.ds.keydata = key; | |
1744 | crecp->addr.ds.algo = algo; | |
1745 | crecp->addr.ds.keytag = keytag; | |
1746 | crecp->uid = class2; | |
1747 | crecp->addr.ds.keylen = rdlen2 - 4; | |
1748 | } | |
1749 | } | |
1750 | } | |
1751 | else if (type2 == T_RRSIG) | |
1752 | { | |
1753 | if (rdlen2 < 18) | |
1754 | return STAT_INSECURE; /* bad packet */ | |
51ea3ca2 | 1755 | |
8d718cbb SK |
1756 | GETSHORT(type_covered, p2); |
1757 | ||
1758 | if (type_covered == type1 && | |
1759 | (type_covered == T_A || type_covered == T_AAAA || | |
1760 | type_covered == T_CNAME || type_covered == T_DS || | |
1761 | type_covered == T_DNSKEY || type_covered == T_PTR)) | |
1762 | { | |
1763 | a.addr.dnssec.type = type_covered; | |
c8ca33f8 | 1764 | a.addr.dnssec.class = class1; |
8d718cbb SK |
1765 | |
1766 | algo = *p2++; | |
1767 | p2 += 13; /* labels, orig_ttl, expiration, inception */ | |
1768 | GETSHORT(keytag, p2); | |
1769 | ||
1770 | if ((key = blockdata_alloc((char*)psave, rdlen2))) | |
1771 | { | |
1772 | if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS))) | |
1773 | blockdata_free(key); | |
1774 | else | |
1775 | { | |
1776 | crecp->uid = class1; | |
1777 | crecp->addr.sig.keydata = key; | |
1778 | crecp->addr.sig.keylen = rdlen2; | |
1779 | crecp->addr.sig.keytag = keytag; | |
1780 | crecp->addr.sig.type_covered = type_covered; | |
1781 | crecp->addr.sig.algo = algo; | |
1782 | } | |
1783 | } | |
1784 | } | |
51ea3ca2 SK |
1785 | } |
1786 | ||
8d718cbb | 1787 | p2 = psave; |
51ea3ca2 SK |
1788 | } |
1789 | ||
8d718cbb SK |
1790 | if (!ADD_RDLEN(header, p2, plen, rdlen2)) |
1791 | return STAT_INSECURE; /* bad packet */ | |
51ea3ca2 | 1792 | } |
8d718cbb SK |
1793 | |
1794 | cache_end_insert(); | |
0fc2f313 SK |
1795 | } |
1796 | } | |
adca3e9c | 1797 | |
0fc2f313 SK |
1798 | if (!ADD_RDLEN(header, p1, plen, rdlen1)) |
1799 | return STAT_INSECURE; | |
adca3e9c GB |
1800 | } |
1801 | ||
c5f4ec7d SK |
1802 | /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */ |
1803 | ||
1804 | p1 = (unsigned char *)(header+1); | |
1805 | ||
1806 | if (!extract_name(header, plen, &p1, name, 1, 4)) | |
1807 | return STAT_INSECURE; | |
1808 | ||
1809 | GETSHORT(type1, p1); | |
1810 | GETSHORT(class1, p1); | |
1811 | ||
51ea3ca2 SK |
1812 | /* Can't validate RRSIG query */ |
1813 | if (type1 == T_RRSIG) | |
1814 | return STAT_INSECURE; | |
1815 | ||
c5f4ec7d SK |
1816 | cname_loop: |
1817 | for (j = ntohs(header->ancount); j != 0; j--) | |
1818 | { | |
1819 | if (!(rc = extract_name(header, plen, &p1, name, 0, 10))) | |
1820 | return STAT_INSECURE; /* bad packet */ | |
1821 | ||
1822 | GETSHORT(type2, p1); | |
1823 | GETSHORT(class2, p1); | |
1824 | p1 += 4; /* TTL */ | |
1825 | GETSHORT(rdlen2, p1); | |
1826 | ||
1827 | if (rc == 1 && class1 == class2) | |
1828 | { | |
1829 | /* Do we have an answer for the question? */ | |
1830 | if (type1 == type2) | |
5107ace1 | 1831 | return RCODE(header) == NXDOMAIN ? STAT_BOGUS : STAT_SECURE; |
c5f4ec7d SK |
1832 | else if (type2 == T_CNAME) |
1833 | { | |
1834 | /* looped CNAMES */ | |
1835 | if (!cname_count-- || | |
1836 | !extract_name(header, plen, &p1, name, 1, 0) || | |
1837 | !(p1 = skip_questions(header, plen))) | |
1838 | return STAT_INSECURE; | |
1839 | ||
1840 | goto cname_loop; | |
1841 | } | |
1842 | } | |
1843 | ||
1844 | if (!ADD_RDLEN(header, p1, plen, rdlen2)) | |
1845 | return STAT_INSECURE; | |
1846 | } | |
1847 | ||
5107ace1 | 1848 | /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */ |
c5f4ec7d | 1849 | |
5107ace1 SK |
1850 | /* First marshall the NSEC records, if we've not done it previously */ |
1851 | if (!nsec_type) | |
c5f4ec7d | 1852 | { |
5107ace1 | 1853 | nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1); |
c5f4ec7d | 1854 | |
5107ace1 SK |
1855 | if (nsec_type == 0) |
1856 | return STAT_INSECURE; /* Bad packet */ | |
1857 | if (nsec_type == -1) | |
1858 | return STAT_BOGUS; /* No NSECs */ | |
c5f4ec7d | 1859 | } |
5107ace1 SK |
1860 | |
1861 | if (nsec_type == T_NSEC) | |
1862 | return prove_non_existance_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1); | |
1863 | else | |
1864 | return prove_non_existance_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1); | |
e292e93d GB |
1865 | } |
1866 | ||
3471f181 | 1867 | /* Compute keytag (checksum to quickly index a key). See RFC4034 */ |
0fc2f313 | 1868 | int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen) |
3471f181 | 1869 | { |
75ffc9bf GB |
1870 | if (alg == 1) |
1871 | { | |
1872 | /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm. | |
1873 | See RFC4034, Appendix B.1 */ | |
0fc2f313 | 1874 | return key[keylen-4] * 256 + key[keylen-3]; |
75ffc9bf GB |
1875 | } |
1876 | else | |
1877 | { | |
1633e308 | 1878 | unsigned long ac = flags + 0x300 + alg; |
75ffc9bf GB |
1879 | int i; |
1880 | ||
0fc2f313 SK |
1881 | for (i = 0; i < keylen; ++i) |
1882 | ac += (i & 1) ? key[i] : key[i] << 8; | |
1633e308 | 1883 | |
0fc2f313 SK |
1884 | ac += (ac >> 16) & 0xffff; |
1885 | return ac & 0xffff; | |
0304d28f | 1886 | } |
3471f181 | 1887 | } |
e292e93d | 1888 | |
5f8e58f4 SK |
1889 | size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr) |
1890 | { | |
1891 | unsigned char *p; | |
610e782a | 1892 | char *types = querystr("dnssec-query", type); |
5f8e58f4 SK |
1893 | |
1894 | if (addr->sa.sa_family == AF_INET) | |
1895 | log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types); | |
1896 | #ifdef HAVE_IPV6 | |
1897 | else | |
1898 | log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types); | |
1899 | #endif | |
1900 | ||
1901 | header->qdcount = htons(1); | |
1902 | header->ancount = htons(0); | |
1903 | header->nscount = htons(0); | |
1904 | header->arcount = htons(0); | |
e292e93d | 1905 | |
5f8e58f4 SK |
1906 | header->hb3 = HB3_RD; |
1907 | SET_OPCODE(header, QUERY); | |
5b3bf921 SK |
1908 | /* For debugging, set Checking Disabled, otherwise, have the upstream check too, |
1909 | this allows it to select auth servers when one is returning bad data. */ | |
1910 | header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0; | |
5f8e58f4 SK |
1911 | |
1912 | /* ID filled in later */ | |
1913 | ||
1914 | p = (unsigned char *)(header+1); | |
1915 | ||
1916 | p = do_rfc1035_name(p, name); | |
1917 | *p++ = 0; | |
1918 | PUTSHORT(type, p); | |
1919 | PUTSHORT(class, p); | |
1920 | ||
1921 | return add_do_bit(header, p - (unsigned char *)header, end); | |
1922 | } | |
8a9be9e4 SK |
1923 | |
1924 | unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name) | |
1925 | { | |
1926 | int q; | |
1927 | unsigned int len; | |
1928 | unsigned char *p = (unsigned char *)(header+1); | |
1929 | const struct nettle_hash *hash; | |
1930 | void *ctx; | |
1931 | unsigned char *digest; | |
5f8e58f4 | 1932 | |
8a9be9e4 SK |
1933 | if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest)) |
1934 | return NULL; | |
1935 | ||
1936 | for (q = ntohs(header->qdcount); q != 0; q--) | |
1937 | { | |
1938 | if (!extract_name(header, plen, &p, name, 1, 4)) | |
7d23a66f | 1939 | break; /* bad packet */ |
8a9be9e4 SK |
1940 | |
1941 | len = to_wire(name); | |
1942 | hash->update(ctx, len, (unsigned char *)name); | |
1943 | /* CRC the class and type as well */ | |
1944 | hash->update(ctx, 4, p); | |
1945 | ||
1946 | p += 4; | |
1947 | if (!CHECK_LEN(header, p, plen, 0)) | |
7d23a66f | 1948 | break; /* bad packet */ |
8a9be9e4 | 1949 | } |
703c7ff4 SK |
1950 | |
1951 | hash->digest(ctx, hash->digest_size, digest); | |
8a9be9e4 SK |
1952 | return digest; |
1953 | } | |
1954 | ||
0fc2f313 | 1955 | #endif /* HAVE_DNSSEC */ |