]>
git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnssec.c
1 /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2015 Simon Kelley
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include <nettle/rsa.h>
23 #include <nettle/dsa.h>
25 # include <nettle/ecdsa.h>
26 # include <nettle/ecc-curve.h>
28 #include <nettle/nettle-meta.h>
29 #include <nettle/bignum.h>
31 /* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33 #ifdef dsa_params_init
34 #include <nettle/dsa-compat.h>
39 #define SERIAL_UNDEF -100
44 /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45 static char *ds_digest_name(int digest
)
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
57 /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58 static char *algo_digest_name(int algo
)
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
76 /* Find pointer to correct hash function in nettle library */
77 static const struct nettle_hash
*hash_find(char *name
)
84 for (i
= 0; nettle_hashes
[i
]; i
++)
86 if (strcmp(nettle_hashes
[i
]->name
, name
) == 0)
87 return nettle_hashes
[i
];
93 /* expand ctx and digest memory allocations if necessary and init hash function */
94 static int hash_init(const struct nettle_hash
*hash
, void **ctxp
, unsigned char **digestp
)
96 static void *ctx
= NULL
;
97 static unsigned char *digest
= NULL
;
98 static unsigned int ctx_sz
= 0;
99 static unsigned int digest_sz
= 0;
103 if (ctx_sz
< hash
->context_size
)
105 if (!(new = whine_malloc(hash
->context_size
)))
110 ctx_sz
= hash
->context_size
;
113 if (digest_sz
< hash
->digest_size
)
115 if (!(new = whine_malloc(hash
->digest_size
)))
120 digest_sz
= hash
->digest_size
;
131 static int dnsmasq_rsa_verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
132 unsigned char *digest
, int algo
)
137 static struct rsa_public_key
*key
= NULL
;
138 static mpz_t sig_mpz
;
142 if (!(key
= whine_malloc(sizeof(struct rsa_public_key
))))
145 nettle_rsa_public_key_init(key
);
149 if ((key_len
< 3) || !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
153 if ((exp_len
= *p
++) == 0)
155 GETSHORT(exp_len
, p
);
159 if (exp_len
>= key_len
)
162 key
->size
= key_len
- exp_len
;
163 mpz_import(key
->e
, exp_len
, 1, 1, 0, 0, p
);
164 mpz_import(key
->n
, key
->size
, 1, 1, 0, 0, p
+ exp_len
);
166 mpz_import(sig_mpz
, sig_len
, 1, 1, 0, 0, sig
);
171 return nettle_rsa_md5_verify_digest(key
, digest
, sig_mpz
);
173 return nettle_rsa_sha1_verify_digest(key
, digest
, sig_mpz
);
175 return nettle_rsa_sha256_verify_digest(key
, digest
, sig_mpz
);
177 return nettle_rsa_sha512_verify_digest(key
, digest
, sig_mpz
);
183 static int dnsmasq_dsa_verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
184 unsigned char *digest
, int algo
)
189 static struct dsa_public_key
*key
= NULL
;
190 static struct dsa_signature
*sig_struct
;
194 if (!(sig_struct
= whine_malloc(sizeof(struct dsa_signature
))) ||
195 !(key
= whine_malloc(sizeof(struct dsa_public_key
))))
198 nettle_dsa_public_key_init(key
);
199 nettle_dsa_signature_init(sig_struct
);
202 if ((sig_len
< 41) || !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
207 if (key_len
< (213 + (t
* 24)))
210 mpz_import(key
->q
, 20, 1, 1, 0, 0, p
); p
+= 20;
211 mpz_import(key
->p
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
212 mpz_import(key
->g
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
213 mpz_import(key
->y
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
215 mpz_import(sig_struct
->r
, 20, 1, 1, 0, 0, sig
+1);
216 mpz_import(sig_struct
->s
, 20, 1, 1, 0, 0, sig
+21);
220 return nettle_dsa_sha1_verify_digest(key
, digest
, sig_struct
);
223 #ifndef NO_NETTLE_ECC
224 static int dnsmasq_ecdsa_verify(struct blockdata
*key_data
, unsigned int key_len
,
225 unsigned char *sig
, size_t sig_len
,
226 unsigned char *digest
, size_t digest_len
, int algo
)
230 struct ecc_point
*key
;
232 static struct ecc_point
*key_256
= NULL
, *key_384
= NULL
;
234 static struct dsa_signature
*sig_struct
;
238 if (!(sig_struct
= whine_malloc(sizeof(struct dsa_signature
))))
241 nettle_dsa_signature_init(sig_struct
);
251 if (!(key_256
= whine_malloc(sizeof(struct ecc_point
))))
254 nettle_ecc_point_init(key_256
, &nettle_secp_256r1
);
264 if (!(key_384
= whine_malloc(sizeof(struct ecc_point
))))
267 nettle_ecc_point_init(key_384
, &nettle_secp_384r1
);
278 if (sig_len
!= 2*t
|| key_len
!= 2*t
||
279 !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
282 mpz_import(x
, t
, 1, 1, 0, 0, p
);
283 mpz_import(y
, t
, 1, 1, 0, 0, p
+ t
);
285 if (!ecc_point_set(key
, x
, y
))
288 mpz_import(sig_struct
->r
, t
, 1, 1, 0, 0, sig
);
289 mpz_import(sig_struct
->s
, t
, 1, 1, 0, 0, sig
+ t
);
291 return nettle_ecdsa_verify(key
, digest_len
, digest
, sig_struct
);
295 static int verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
296 unsigned char *digest
, size_t digest_len
, int algo
)
302 case 1: case 5: case 7: case 8: case 10:
303 return dnsmasq_rsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, algo
);
306 return dnsmasq_dsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, algo
);
308 #ifndef NO_NETTLE_ECC
310 return dnsmasq_ecdsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, digest_len
, algo
);
317 /* Convert from presentation format to wire format, in place.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
325 Note that both /000 and '.' are allowed within labels. These get
326 represented in presentation format using NAME_ESCAPE as an escape
327 character. In theory, if all the characters in a name were /000 or
328 '.' or NAME_ESCAPE then all would have to be escaped, so the
329 presentation format would be twice as long as the spec (1024).
330 The buffers are all delcared as 2049 (allowing for the trailing zero)
333 static int to_wire(char *name
)
335 unsigned char *l
, *p
, *q
, term
;
338 for (l
= (unsigned char*)name
; *l
!= 0; l
= p
)
340 for (p
= l
; *p
!= '.' && *p
!= 0; p
++)
341 if (*p
>= 'A' && *p
<= 'Z')
343 else if (*p
== NAME_ESCAPE
)
351 if ((len
= p
- l
) != 0)
352 memmove(l
+1, l
, len
);
361 return l
+ 1 - (unsigned char *)name
;
364 /* Note: no compression allowed in input. */
365 static void from_wire(char *name
)
367 unsigned char *l
, *p
, *last
;
370 for (last
= (unsigned char *)name
; *last
!= 0; last
+= *last
+1);
372 for (l
= (unsigned char *)name
; *l
!= 0; l
+= len
+1)
375 memmove(l
, l
+1, len
);
376 for (p
= l
; p
< l
+ len
; p
++)
377 if (*p
== '.' || *p
== 0 || *p
== NAME_ESCAPE
)
379 memmove(p
+1, p
, 1 + last
- p
);
388 if ((char *)l
!= name
)
392 /* Input in presentation format */
393 static int count_labels(char *name
)
400 for (i
= 0; *name
; name
++)
407 /* Implement RFC1982 wrapped compare for 32-bit numbers */
408 static int serial_compare_32(unsigned long s1
, unsigned long s2
)
413 if ((s1
< s2
&& (s2
- s1
) < (1UL<<31)) ||
414 (s1
> s2
&& (s1
- s2
) > (1UL<<31)))
416 if ((s1
< s2
&& (s2
- s1
) > (1UL<<31)) ||
417 (s1
> s2
&& (s1
- s2
) < (1UL<<31)))
422 /* Called at startup. If the timestamp file is configured and exists, put its mtime on
423 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
424 return -1 -> Cannot create file.
425 0 -> not using timestamp, or timestamp exists and is in past.
426 1 -> timestamp exists and is in future.
429 static time_t timestamp_time
;
431 int setup_timestamp(void)
435 daemon
->back_to_the_future
= 0;
437 if (!daemon
->timestamp_file
)
440 if (stat(daemon
->timestamp_file
, &statbuf
) != -1)
442 timestamp_time
= statbuf
.st_mtime
;
444 if (difftime(timestamp_time
, time(0)) <= 0)
446 /* time already OK, update timestamp, and do key checking from the start. */
447 if (utime(daemon
->timestamp_file
, NULL
) == -1)
448 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
449 daemon
->back_to_the_future
= 1;
457 /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
458 int fd
= open(daemon
->timestamp_file
, O_WRONLY
| O_CREAT
| O_NONBLOCK
| O_EXCL
, 0666);
461 struct utimbuf timbuf
;
465 timestamp_time
= timbuf
.actime
= timbuf
.modtime
= 1420070400; /* 1-1-2015 */
466 if (utime(daemon
->timestamp_file
, &timbuf
) == 0)
474 /* Check whether today/now is between date_start and date_end */
475 static int check_date_range(unsigned long date_start
, unsigned long date_end
)
477 unsigned long curtime
= time(0);
479 /* Checking timestamps may be temporarily disabled */
481 /* If the current time if _before_ the timestamp
482 on our persistent timestamp file, then assume the
483 time if not yet correct, and don't check the
484 key timestamps. As soon as the current time is
485 later then the timestamp, update the timestamp
486 and start checking keys */
487 if (daemon
->timestamp_file
)
489 if (daemon
->back_to_the_future
== 0 && difftime(timestamp_time
, curtime
) <= 0)
491 if (utime(daemon
->timestamp_file
, NULL
) != 0)
492 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
494 daemon
->back_to_the_future
= 1;
495 set_option_bool(OPT_DNSSEC_TIME
);
496 queue_event(EVENT_RELOAD
); /* purge cache */
499 if (daemon
->back_to_the_future
== 0)
502 else if (option_bool(OPT_DNSSEC_TIME
))
505 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
506 return serial_compare_32(curtime
, date_start
) == SERIAL_GT
507 && serial_compare_32(curtime
, date_end
) == SERIAL_LT
;
510 static u16
*get_desc(int type
)
512 /* List of RRtypes which include domains in the data.
514 integer -> no of plain bytes
517 zero is not a valid RRtype, so the final entry is returned for
518 anything which needs no mangling.
521 static u16 rr_desc
[] =
543 0, -1 /* wildcard/catchall */
548 while (*p
!= type
&& *p
!= 0)
549 while (*p
++ != (u16
)-1);
554 /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
555 data, pointed to by *p, should be used raw. */
556 static int get_rdata(struct dns_header
*header
, size_t plen
, unsigned char *end
, char *buff
, int bufflen
,
557 unsigned char **p
, u16
**desc
)
561 /* No more data needs mangling */
564 /* If there's more data than we have space for, just return what fits,
565 we'll get called again for more chunks */
566 if (end
- *p
> bufflen
)
568 memcpy(buff
, *p
, bufflen
);
578 if (d
== 0 && extract_name(header
, plen
, p
, buff
, 1, 0))
579 /* domain-name, canonicalise */
580 return to_wire(buff
);
583 /* plain data preceding a domain-name, don't run off the end of the data */
597 static int expand_workspace(unsigned char ***wkspc
, int *sz
, int new)
610 if (!(p
= whine_malloc((new_sz
) * sizeof(unsigned char **))))
615 memcpy(p
, *wkspc
, *sz
* sizeof(unsigned char **));
625 /* Bubble sort the RRset into the canonical order.
626 Note that the byte-streams from two RRs may get unsynced: consider
627 RRs which have two domain-names at the start and then other data.
628 The domain-names may have different lengths in each RR, but sort equal
636 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
639 static void sort_rrset(struct dns_header
*header
, size_t plen
, u16
*rr_desc
, int rrsetidx
,
640 unsigned char **rrset
, char *buff1
, char *buff2
)
646 for (swap
= 0, i
= 0; i
< rrsetidx
-1; i
++)
648 int rdlen1
, rdlen2
, left1
, left2
, len1
, len2
, len
, rc
;
650 unsigned char *end1
, *end2
;
651 /* Note that these have been determined to be OK previously,
652 so we don't need to check for NULL return here. */
653 unsigned char *p1
= skip_name(rrset
[i
], header
, plen
, 10);
654 unsigned char *p2
= skip_name(rrset
[i
+1], header
, plen
, 10);
656 p1
+= 8; /* skip class, type, ttl */
657 GETSHORT(rdlen1
, p1
);
660 p2
+= 8; /* skip class, type, ttl */
661 GETSHORT(rdlen2
, p2
);
666 for (quit
= 0, left1
= 0, left2
= 0, len1
= 0, len2
= 0; !quit
;)
669 memmove(buff1
, buff1
+ len1
- left1
, left1
);
671 if ((len1
= get_rdata(header
, plen
, end1
, buff1
+ left1
, (MAXDNAME
* 2) - left1
, &p1
, &dp1
)) == 0)
675 memcpy(buff1
+ left1
, p1
, len1
);
680 memmove(buff2
, buff2
+ len2
- left2
, left2
);
682 if ((len2
= get_rdata(header
, plen
, end2
, buff2
+ left2
, (MAXDNAME
*2) - left2
, &p2
, &dp2
)) == 0)
686 memcpy(buff2
+ left2
, p2
, len2
);
691 left1
= len1
- len2
, left2
= 0, len
= len2
;
693 left2
= len2
- len1
, left1
= 0, len
= len1
;
695 rc
= (len
== 0) ? 0 : memcmp(buff1
, buff2
, len
);
697 if (rc
> 0 || (rc
== 0 && quit
&& len1
> len2
))
699 unsigned char *tmp
= rrset
[i
+1];
700 rrset
[i
+1] = rrset
[i
];
711 /* Validate a single RRset (class, type, name) in the supplied DNS reply
713 STAT_SECURE if it validates.
714 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
715 (In this case *wildcard_out points to the "body" of the wildcard within name.)
716 STAT_NO_SIG no RRsigs found.
717 STAT_INSECURE RRset empty.
718 STAT_BOGUS signature is wrong, bad packet.
719 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
721 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
722 otherwise find the key in the cache.
724 name is unchanged on exit. keyname is used as workspace and trashed.
726 static int validate_rrset(time_t now
, struct dns_header
*header
, size_t plen
, int class, int type
,
727 char *name
, char *keyname
, char **wildcard_out
, struct blockdata
*key
, int keylen
, int algo_in
, int keytag_in
)
729 static unsigned char **rrset
= NULL
, **sigs
= NULL
;
730 static int rrset_sz
= 0, sig_sz
= 0;
733 int rrsetidx
, sigidx
, res
, rdlen
, j
, name_labels
;
734 struct crec
*crecp
= NULL
;
735 int type_covered
, algo
, labels
, orig_ttl
, sig_expiration
, sig_inception
, key_tag
;
736 u16
*rr_desc
= get_desc(type
);
739 *wildcard_out
= NULL
;
741 if (!(p
= skip_questions(header
, plen
)))
744 name_labels
= count_labels(name
); /* For 4035 5.3.2 check */
746 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
747 for (rrsetidx
= 0, sigidx
= 0, j
= ntohs(header
->ancount
) + ntohs(header
->nscount
);
750 unsigned char *pstart
, *pdata
;
755 if (!(res
= extract_name(header
, plen
, &p
, name
, 0, 10)))
756 return STAT_BOGUS
; /* bad packet */
766 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
769 if (res
== 1 && sclass
== class)
773 if (!expand_workspace(&rrset
, &rrset_sz
, rrsetidx
))
776 rrset
[rrsetidx
++] = pstart
;
779 if (stype
== T_RRSIG
)
782 return STAT_BOGUS
; /* bad packet */
784 GETSHORT(type_covered
, p
);
786 if (type_covered
== type
)
788 if (!expand_workspace(&sigs
, &sig_sz
, sigidx
))
791 sigs
[sigidx
++] = pdata
;
794 p
= pdata
+ 2; /* restore for ADD_RDLEN */
798 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
804 return STAT_INSECURE
;
810 /* Sort RRset records into canonical order.
811 Note that at this point keyname and daemon->workspacename buffs are
812 unused, and used as workspace by the sort. */
813 sort_rrset(header
, plen
, rr_desc
, rrsetidx
, rrset
, daemon
->workspacename
, keyname
);
815 /* Now try all the sigs to try and find one which validates */
816 for (j
= 0; j
<sigidx
; j
++)
818 unsigned char *psav
, *sig
, *digest
;
819 int i
, wire_len
, sig_len
;
820 const struct nettle_hash
*hash
;
826 GETSHORT(rdlen
, p
); /* rdlen >= 18 checked previously */
829 p
+= 2; /* type_covered - already checked */
832 GETLONG(orig_ttl
, p
);
833 GETLONG(sig_expiration
, p
);
834 GETLONG(sig_inception
, p
);
835 GETSHORT(key_tag
, p
);
837 if (!extract_name(header
, plen
, &p
, keyname
, 1, 0))
840 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
841 the name of the zone containing the RRset. We can't tell that
842 for certain, but we can check that the RRset name is equal to
843 or encloses the signers name, which should be enough to stop
844 an attacker using signatures made with the key of an unrelated
845 zone he controls. Note that the root key is always allowed. */
850 for (name_start
= name
; !hostname_isequal(name_start
, keyname
); )
851 if ((name_start
= strchr(name_start
, '.')))
852 name_start
++; /* chop a label off and try again */
859 /* Bad sig, try another */
864 /* Other 5.3.1 checks */
865 if (!check_date_range(sig_inception
, sig_expiration
) ||
866 labels
> name_labels
||
867 !(hash
= hash_find(algo_digest_name(algo
))) ||
868 !hash_init(hash
, &ctx
, &digest
))
871 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
872 if (!key
&& !(crecp
= cache_find_by_name(NULL
, keyname
, now
, F_DNSKEY
)))
873 return STAT_NEED_KEY
;
876 sig_len
= rdlen
- (p
- psav
);
878 nsigttl
= htonl(orig_ttl
);
880 hash
->update(ctx
, 18, psav
);
881 wire_len
= to_wire(keyname
);
882 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char*)keyname
);
885 for (i
= 0; i
< rrsetidx
; ++i
)
888 unsigned char *end
, *cp
;
892 if (!extract_name(header
, plen
, &p
, name
, 1, 10))
897 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
898 if (labels
< name_labels
)
901 for (k
= name_labels
- labels
; k
!= 0; k
--)
903 while (*name_start
!= '.' && *name_start
!= 0)
905 if (k
!= 1 && *name_start
== '.')
910 *wildcard_out
= name_start
+1;
916 wire_len
= to_wire(name_start
);
917 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char *)name_start
);
918 hash
->update(ctx
, 4, p
); /* class and type */
919 hash
->update(ctx
, 4, (unsigned char *)&nsigttl
);
921 p
+= 8; /* skip class, type, ttl */
923 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
928 /* canonicalise rdata and calculate length of same, use name buffer as workspace.
929 Note that name buffer is twice MAXDNAME long in DNSSEC mode. */
932 for (len
= 0; (seg
= get_rdata(header
, plen
, end
, name
, MAXDNAME
* 2, &cp
, &dp
)) != 0; len
+= seg
);
935 hash
->update(ctx
, 2, (unsigned char *)&len
);
937 /* Now canonicalise again and digest. */
940 while ((seg
= get_rdata(header
, plen
, end
, name
, MAXDNAME
* 2, &cp
, &dp
)))
941 hash
->update(ctx
, seg
, (unsigned char *)name
);
943 hash
->update(ctx
, end
- cp
, cp
);
946 hash
->digest(ctx
, hash
->digest_size
, digest
);
948 /* namebuff used for workspace above, restore to leave unchanged on exit */
949 p
= (unsigned char*)(rrset
[0]);
950 extract_name(header
, plen
, &p
, name
, 1, 0);
954 if (algo_in
== algo
&& keytag_in
== key_tag
&&
955 verify(key
, keylen
, sig
, sig_len
, digest
, hash
->digest_size
, algo
))
960 /* iterate through all possible keys 4035 5.3.1 */
961 for (; crecp
; crecp
= cache_find_by_name(crecp
, keyname
, now
, F_DNSKEY
))
962 if (crecp
->addr
.key
.algo
== algo
&&
963 crecp
->addr
.key
.keytag
== key_tag
&&
964 crecp
->uid
== (unsigned int)class &&
965 verify(crecp
->addr
.key
.keydata
, crecp
->addr
.key
.keylen
, sig
, sig_len
, digest
, hash
->digest_size
, algo
))
966 return (labels
< name_labels
) ? STAT_SECURE_WILDCARD
: STAT_SECURE
;
973 /* The DNS packet is expected to contain the answer to a DNSKEY query.
974 Put all DNSKEYs in the answer which are valid into the cache.
976 STAT_SECURE At least one valid DNSKEY found and in cache.
977 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
978 or self-sign for DNSKEY RRset is not valid, bad packet.
979 STAT_NEED_DS DS records to validate a key not found, name in keyname
981 int dnssec_validate_by_ds(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
, int class)
983 unsigned char *psave
, *p
= (unsigned char *)(header
+1);
984 struct crec
*crecp
, *recp1
;
985 int rc
, j
, qtype
, qclass
, ttl
, rdlen
, flags
, algo
, valid
, keytag
, type_covered
;
986 struct blockdata
*key
;
989 if (ntohs(header
->qdcount
) != 1 ||
990 !extract_name(header
, plen
, &p
, name
, 1, 4))
996 if (qtype
!= T_DNSKEY
|| qclass
!= class || ntohs(header
->ancount
) == 0)
999 /* See if we have cached a DS record which validates this key */
1000 if (!(crecp
= cache_find_by_name(NULL
, name
, now
, F_DS
)))
1002 strcpy(keyname
, name
);
1003 return STAT_NEED_DS
;
1006 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
1007 if (crecp
->flags
& F_NEG
)
1008 return STAT_INSECURE_DS
;
1010 /* NOTE, we need to find ONE DNSKEY which matches the DS */
1011 for (valid
= 0, j
= ntohs(header
->ancount
); j
!= 0 && !valid
; j
--)
1013 /* Ensure we have type, class TTL and length */
1014 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
1015 return STAT_BOGUS
; /* bad packet */
1018 GETSHORT(qclass
, p
);
1022 if (!CHECK_LEN(header
, p
, plen
, rdlen
) || rdlen
< 4)
1023 return STAT_BOGUS
; /* bad packet */
1025 if (qclass
!= class || qtype
!= T_DNSKEY
|| rc
== 2)
1037 keytag
= dnskey_keytag(algo
, flags
, p
, rdlen
- 4);
1040 /* key must have zone key flag set */
1042 key
= blockdata_alloc((char*)p
, rdlen
- 4);
1046 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1049 blockdata_free(key
);
1050 return STAT_BOGUS
; /* bad packet */
1053 /* No zone key flag or malloc failure */
1057 for (recp1
= crecp
; recp1
; recp1
= cache_find_by_name(recp1
, name
, now
, F_DS
))
1060 unsigned char *digest
, *ds_digest
;
1061 const struct nettle_hash
*hash
;
1063 if (recp1
->addr
.ds
.algo
== algo
&&
1064 recp1
->addr
.ds
.keytag
== keytag
&&
1065 recp1
->uid
== (unsigned int)class &&
1066 (hash
= hash_find(ds_digest_name(recp1
->addr
.ds
.digest
))) &&
1067 hash_init(hash
, &ctx
, &digest
))
1070 int wire_len
= to_wire(name
);
1072 /* Note that digest may be different between DSs, so
1073 we can't move this outside the loop. */
1074 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char *)name
);
1075 hash
->update(ctx
, (unsigned int)rdlen
, psave
);
1076 hash
->digest(ctx
, hash
->digest_size
, digest
);
1080 if (recp1
->addr
.ds
.keylen
== (int)hash
->digest_size
&&
1081 (ds_digest
= blockdata_retrieve(recp1
->addr
.key
.keydata
, recp1
->addr
.ds
.keylen
, NULL
)) &&
1082 memcmp(ds_digest
, digest
, recp1
->addr
.ds
.keylen
) == 0 &&
1083 validate_rrset(now
, header
, plen
, class, T_DNSKEY
, name
, keyname
, NULL
, key
, rdlen
- 4, algo
, keytag
) == STAT_SECURE
)
1090 blockdata_free(key
);
1095 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
1096 cache_start_insert();
1098 p
= skip_questions(header
, plen
);
1100 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
1102 /* Ensure we have type, class TTL and length */
1103 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
1104 return STAT_INSECURE
; /* bad packet */
1107 GETSHORT(qclass
, p
);
1111 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1112 return STAT_BOGUS
; /* bad packet */
1114 if (qclass
== class && rc
== 1)
1118 if (qtype
== T_DNSKEY
)
1121 return STAT_BOGUS
; /* bad packet */
1127 keytag
= dnskey_keytag(algo
, flags
, p
, rdlen
- 4);
1129 /* Cache needs to known class for DNSSEC stuff */
1130 a
.addr
.dnssec
.class = class;
1132 if ((key
= blockdata_alloc((char*)p
, rdlen
- 4)))
1134 if (!(recp1
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DNSSECOK
)))
1135 blockdata_free(key
);
1138 a
.addr
.keytag
= keytag
;
1139 log_query(F_NOEXTRA
| F_KEYTAG
| F_UPSTREAM
, name
, &a
, "DNSKEY keytag %u");
1141 recp1
->addr
.key
.keylen
= rdlen
- 4;
1142 recp1
->addr
.key
.keydata
= key
;
1143 recp1
->addr
.key
.algo
= algo
;
1144 recp1
->addr
.key
.keytag
= keytag
;
1145 recp1
->addr
.key
.flags
= flags
;
1149 else if (qtype
== T_RRSIG
)
1151 /* RRSIG, cache if covers DNSKEY RRset */
1153 return STAT_BOGUS
; /* bad packet */
1155 GETSHORT(type_covered
, p
);
1157 if (type_covered
== T_DNSKEY
)
1159 a
.addr
.dnssec
.class = class;
1160 a
.addr
.dnssec
.type
= type_covered
;
1163 p
+= 13; /* labels, orig_ttl, expiration, inception */
1164 GETSHORT(keytag
, p
);
1165 if ((key
= blockdata_alloc((char*)psave
, rdlen
)))
1167 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DS
)))
1168 blockdata_free(key
);
1171 crecp
->addr
.sig
.keydata
= key
;
1172 crecp
->addr
.sig
.keylen
= rdlen
;
1173 crecp
->addr
.sig
.keytag
= keytag
;
1174 crecp
->addr
.sig
.type_covered
= type_covered
;
1175 crecp
->addr
.sig
.algo
= algo
;
1184 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1185 return STAT_BOGUS
; /* bad packet */
1188 /* commit cache insert. */
1193 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, "BOGUS DNSKEY");
1197 /* The DNS packet is expected to contain the answer to a DS query
1198 Put all DSs in the answer which are valid into the cache.
1200 STAT_SECURE At least one valid DS found and in cache.
1201 STAT_NO_DS It's proved there's no DS here.
1202 STAT_NO_NS It's proved there's no DS _or_ NS here.
1203 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
1204 STAT_NEED_KEY DNSKEY records to validate a DS not found, name in keyname
1207 int dnssec_validate_ds(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
, int class)
1209 unsigned char *p
= (unsigned char *)(header
+1);
1210 int qtype
, qclass
, val
, i
, neganswer
, nons
;
1212 if (ntohs(header
->qdcount
) != 1 ||
1213 !(p
= skip_name(p
, header
, plen
, 4)))
1217 GETSHORT(qclass
, p
);
1219 if (qtype
!= T_DS
|| qclass
!= class)
1222 val
= dnssec_validate_reply(now
, header
, plen
, name
, keyname
, NULL
, &neganswer
, &nons
);
1223 /* Note dnssec_validate_reply() will have cached positive answers */
1225 if (val
== STAT_INSECURE
)
1228 p
= (unsigned char *)(header
+1);
1229 extract_name(header
, plen
, &p
, name
, 1, 4);
1230 p
+= 4; /* qtype, qclass */
1232 if (!(p
= skip_section(p
, ntohs(header
->ancount
), header
, plen
)))
1235 /* If we return STAT_NO_SIG, name contains the name of the DS query */
1236 if (val
== STAT_NO_SIG
)
1242 /* If the key needed to validate the DS is on the same domain as the DS, we'll
1243 loop getting nowhere. Stop that now. This can happen of the DS answer comes
1244 from the DS's zone, and not the parent zone. */
1245 if (val
== STAT_BOGUS
|| (val
== STAT_NEED_KEY
&& hostname_isequal(name
, keyname
)))
1247 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, "BOGUS DS");
1251 /* By here, the answer is proved secure, and a positive answer has been cached. */
1252 if (val
== STAT_SECURE
&& neganswer
)
1254 int rdlen
, flags
= F_FORWARD
| F_DS
| F_NEG
| F_DNSSECOK
;
1255 unsigned long ttl
, minttl
= ULONG_MAX
;
1258 if (RCODE(header
) == NXDOMAIN
)
1259 flags
|= F_NXDOMAIN
;
1261 /* We only cache validated DS records, DNSSECOK flag hijacked
1262 to store presence/absence of NS. */
1264 flags
&= ~F_DNSSECOK
;
1266 for (i
= ntohs(header
->nscount
); i
!= 0; i
--)
1268 if (!(p
= skip_name(p
, header
, plen
, 0)))
1272 GETSHORT(qclass
, p
);
1276 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1277 return STAT_BOGUS
; /* bad packet */
1279 if (qclass
!= class || qtype
!= T_SOA
)
1289 if (!(p
= skip_name(p
, header
, plen
, 0)))
1292 if (!(p
= skip_name(p
, header
, plen
, 20)))
1294 p
+= 16; /* SERIAL REFRESH RETRY EXPIRE */
1296 GETLONG(ttl
, p
); /* minTTL */
1305 cache_start_insert();
1307 a
.addr
.dnssec
.class = class;
1308 cache_insert(name
, &a
, now
, ttl
, flags
);
1312 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, nons
? "no delegation" : "no DS");
1315 return nons
? STAT_NO_NS
: STAT_NO_DS
;
1322 static int hostname_cmp(const char *a
, const char *b
)
1324 char *sa
, *ea
, *ca
, *sb
, *eb
, *cb
;
1325 unsigned char ac
, bc
;
1327 sa
= ea
= (char *)a
+ strlen(a
);
1328 sb
= eb
= (char *)b
+ strlen(b
);
1332 while (sa
!= a
&& *(sa
-1) != '.')
1335 while (sb
!= b
&& *(sb
-1) != '.')
1354 ac
= (unsigned char) *ca
++;
1355 bc
= (unsigned char) *cb
++;
1357 if (ac
>= 'A' && ac
<= 'Z')
1359 if (bc
>= 'A' && bc
<= 'Z')
1385 /* Find all the NSEC or NSEC3 records in a reply.
1386 return an array of pointers to them. */
1387 static int find_nsec_records(struct dns_header
*header
, size_t plen
, unsigned char ***nsecsetp
, int *nsecsetl
, int class_reqd
)
1389 static unsigned char **nsecset
= NULL
;
1390 static int nsecset_sz
= 0;
1393 unsigned char *p
= skip_questions(header
, plen
);
1394 int type
, class, rdlen
, i
, nsecs_found
;
1396 /* Move to NS section */
1397 if (!p
|| !(p
= skip_section(p
, ntohs(header
->ancount
), header
, plen
)))
1400 for (nsecs_found
= 0, i
= ntohs(header
->nscount
); i
!= 0; i
--)
1402 unsigned char *pstart
= p
;
1404 if (!(p
= skip_name(p
, header
, plen
, 10)))
1412 if (class == class_reqd
&& (type
== T_NSEC
|| type
== T_NSEC3
))
1414 /* No mixed NSECing 'round here, thankyouverymuch */
1415 if (type_found
== T_NSEC
&& type
== T_NSEC3
)
1417 if (type_found
== T_NSEC3
&& type
== T_NSEC
)
1422 if (!expand_workspace(&nsecset
, &nsecset_sz
, nsecs_found
))
1425 nsecset
[nsecs_found
++] = pstart
;
1428 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1432 *nsecsetp
= nsecset
;
1433 *nsecsetl
= nsecs_found
;
1438 static int prove_non_existence_nsec(struct dns_header
*header
, size_t plen
, unsigned char **nsecs
, int nsec_count
,
1439 char *workspace1
, char *workspace2
, char *name
, int type
, int *nons
)
1442 unsigned char *p
, *psave
;
1443 int offset
= (type
& 0xff) >> 3;
1444 int mask
= 0x80 >> (type
& 0x07);
1449 /* Find NSEC record that proves name doesn't exist */
1450 for (i
= 0; i
< nsec_count
; i
++)
1453 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 10))
1455 p
+= 8; /* class, type, TTL */
1458 if (!extract_name(header
, plen
, &p
, workspace2
, 1, 10))
1461 rc
= hostname_cmp(workspace1
, name
);
1465 /* 4035 para 5.4. Last sentence */
1466 if (type
== T_NSEC
|| type
== T_RRSIG
)
1469 /* NSEC with the same name as the RR we're testing, check
1470 that the type in question doesn't appear in the type map */
1472 /* rdlen is now length of type map, and p points to it */
1474 /* If we can prove that there's no NS record, return that information. */
1475 if (nons
&& rdlen
>= 2 && p
[0] == 0 && (p
[2] & (0x80 >> T_NS
)) == 0)
1480 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1483 if (p
[0] == type
>> 8)
1485 /* Does the NSEC say our type exists? */
1486 if (offset
< p
[1] && (p
[offset
+2] & mask
) != 0)
1489 break; /* finshed checking */
1500 /* Normal case, name falls between NSEC name and next domain name,
1501 wrap around case, name falls between NSEC name (rc == -1) and end */
1502 if (hostname_cmp(workspace2
, name
) >= 0 || hostname_cmp(workspace1
, workspace2
) >= 0)
1507 /* wrap around case, name falls between start and next domain name */
1508 if (hostname_cmp(workspace1
, workspace2
) >= 0 && hostname_cmp(workspace2
, name
) >=0 )
1516 /* return digest length, or zero on error */
1517 static int hash_name(char *in
, unsigned char **out
, struct nettle_hash
const *hash
,
1518 unsigned char *salt
, int salt_len
, int iterations
)
1521 unsigned char *digest
;
1524 if (!hash_init(hash
, &ctx
, &digest
))
1527 hash
->update(ctx
, to_wire(in
), (unsigned char *)in
);
1528 hash
->update(ctx
, salt_len
, salt
);
1529 hash
->digest(ctx
, hash
->digest_size
, digest
);
1531 for(i
= 0; i
< iterations
; i
++)
1533 hash
->update(ctx
, hash
->digest_size
, digest
);
1534 hash
->update(ctx
, salt_len
, salt
);
1535 hash
->digest(ctx
, hash
->digest_size
, digest
);
1541 return hash
->digest_size
;
1544 /* Decode base32 to first "." or end of string */
1545 static int base32_decode(char *in
, unsigned char *out
)
1547 int oc
, on
, c
, mask
, i
;
1548 unsigned char *p
= out
;
1550 for (c
= *in
, oc
= 0, on
= 0; c
!= 0 && c
!= '.'; c
= *++in
)
1552 if (c
>= '0' && c
<= '9')
1554 else if (c
>= 'a' && c
<= 'v')
1556 else if (c
>= 'A' && c
<= 'V')
1561 for (mask
= 0x10, i
= 0; i
< 5; i
++)
1566 if (((++on
) & 7) == 0)
1578 static int check_nsec3_coverage(struct dns_header
*header
, size_t plen
, int digest_len
, unsigned char *digest
, int type
,
1579 char *workspace1
, char *workspace2
, unsigned char **nsecs
, int nsec_count
, int *nons
)
1581 int i
, hash_len
, salt_len
, base32_len
, rdlen
;
1582 unsigned char *p
, *psave
;
1584 for (i
= 0; i
< nsec_count
; i
++)
1587 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 0) ||
1588 !(base32_len
= base32_decode(workspace1
, (unsigned char *)workspace2
)))
1591 p
+= 8; /* class, type, TTL */
1594 p
+= 4; /* algo, flags, iterations */
1595 salt_len
= *p
++; /* salt_len */
1596 p
+= salt_len
; /* salt */
1597 hash_len
= *p
++; /* p now points to next hashed name */
1599 if (!CHECK_LEN(header
, p
, plen
, hash_len
))
1602 if (digest_len
== base32_len
&& hash_len
== base32_len
)
1604 int rc
= memcmp(workspace2
, digest
, digest_len
);
1608 /* We found an NSEC3 whose hashed name exactly matches the query, so
1609 we just need to check the type map. p points to the RR data for the record. */
1611 int offset
= (type
& 0xff) >> 3;
1612 int mask
= 0x80 >> (type
& 0x07);
1614 p
+= hash_len
; /* skip next-domain hash */
1617 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1620 /* If we can prove that there's no NS record, return that information. */
1621 if (nons
&& rdlen
>= 2 && p
[0] == 0 && (p
[2] & (0x80 >> T_NS
)) == 0)
1626 if (p
[0] == type
>> 8)
1628 /* Does the NSEC3 say our type exists? */
1629 if (offset
< p
[1] && (p
[offset
+2] & mask
) != 0)
1632 break; /* finshed checking */
1643 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1644 wrap around case, name-hash falls between NSEC3 name-hash and end */
1645 if (memcmp(p
, digest
, digest_len
) >= 0 || memcmp(workspace2
, p
, digest_len
) >= 0)
1650 /* wrap around case, name falls between start and next domain name */
1651 if (memcmp(workspace2
, p
, digest_len
) >= 0 && memcmp(p
, digest
, digest_len
) >= 0)
1659 static int prove_non_existence_nsec3(struct dns_header
*header
, size_t plen
, unsigned char **nsecs
, int nsec_count
,
1660 char *workspace1
, char *workspace2
, char *name
, int type
, char *wildname
, int *nons
)
1662 unsigned char *salt
, *p
, *digest
;
1663 int digest_len
, i
, iterations
, salt_len
, base32_len
, algo
= 0;
1664 struct nettle_hash
const *hash
;
1665 char *closest_encloser
, *next_closest
, *wildcard
;
1670 /* Look though the NSEC3 records to find the first one with
1671 an algorithm we support (currently only algo == 1).
1673 Take the algo, iterations, and salt of that record
1674 as the ones we're going to use, and prune any
1675 that don't match. */
1677 for (i
= 0; i
< nsec_count
; i
++)
1679 if (!(p
= skip_name(nsecs
[i
], header
, plen
, 15)))
1680 return STAT_BOGUS
; /* bad packet */
1682 p
+= 10; /* type, class, TTL, rdlen */
1686 break; /* known algo */
1689 /* No usable NSEC3s */
1690 if (i
== nsec_count
)
1694 GETSHORT (iterations
, p
);
1697 if (!CHECK_LEN(header
, salt
, plen
, salt_len
))
1698 return STAT_BOGUS
; /* bad packet */
1700 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1701 for (i
= 0; i
< nsec_count
; i
++)
1703 unsigned char *nsec3p
= nsecs
[i
];
1706 nsecs
[i
] = NULL
; /* Speculative, will be restored if OK. */
1708 if (!(p
= skip_name(nsec3p
, header
, plen
, 15)))
1709 return STAT_BOGUS
; /* bad packet */
1711 p
+= 10; /* type, class, TTL, rdlen */
1718 GETSHORT(this_iter
, p
);
1719 if (this_iter
!= iterations
)
1722 if (salt_len
!= *p
++)
1725 if (!CHECK_LEN(header
, p
, plen
, salt_len
))
1726 return STAT_BOGUS
; /* bad packet */
1728 if (memcmp(p
, salt
, salt_len
) != 0)
1731 /* All match, put the pointer back */
1735 /* Algo is checked as 1 above */
1736 if (!(hash
= hash_find("sha1")))
1739 if ((digest_len
= hash_name(name
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1742 if (check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, nons
))
1745 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1746 or an answer inferred from a wildcard record. */
1747 closest_encloser
= name
;
1748 next_closest
= NULL
;
1752 if (*closest_encloser
== '.')
1755 if (wildname
&& hostname_isequal(closest_encloser
, wildname
))
1758 if ((digest_len
= hash_name(closest_encloser
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1761 for (i
= 0; i
< nsec_count
; i
++)
1764 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 0) ||
1765 !(base32_len
= base32_decode(workspace1
, (unsigned char *)workspace2
)))
1768 if (digest_len
== base32_len
&&
1769 memcmp(digest
, workspace2
, digest_len
) == 0)
1773 if (i
!= nsec_count
)
1776 next_closest
= closest_encloser
;
1778 while ((closest_encloser
= strchr(closest_encloser
, '.')));
1780 if (!closest_encloser
)
1783 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1784 if ((digest_len
= hash_name(next_closest
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1787 if (!check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, NULL
))
1790 /* Finally, check that there's no seat of wildcard synthesis */
1793 if (!(wildcard
= strchr(next_closest
, '.')) || wildcard
== next_closest
)
1799 if ((digest_len
= hash_name(wildcard
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1802 if (!check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, NULL
))
1809 /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1810 /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1811 int dnssec_validate_reply(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
,
1812 int *class, int *neganswer
, int *nons
)
1814 unsigned char *ans_start
, *qname
, *p1
, *p2
, **nsecs
;
1815 int type1
, class1
, rdlen1
, type2
, class2
, rdlen2
, qclass
, qtype
;
1816 int i
, j
, rc
, nsec_count
, cname_count
= CNAME_CHAIN
;
1817 int nsec_type
= 0, have_answer
= 0;
1822 if (RCODE(header
) == SERVFAIL
|| ntohs(header
->qdcount
) != 1)
1825 if (RCODE(header
) != NXDOMAIN
&& RCODE(header
) != NOERROR
)
1826 return STAT_INSECURE
;
1828 qname
= p1
= (unsigned char *)(header
+1);
1830 if (!extract_name(header
, plen
, &p1
, name
, 1, 4))
1833 GETSHORT(qtype
, p1
);
1834 GETSHORT(qclass
, p1
);
1840 /* Can't validate an RRISG query */
1841 if (qtype
== T_RRSIG
)
1842 return STAT_INSECURE
;
1845 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
1847 /* leave pointer to missing name in qname */
1849 if (!(rc
= extract_name(header
, plen
, &p1
, name
, 0, 10)))
1850 return STAT_BOGUS
; /* bad packet */
1852 GETSHORT(type2
, p1
);
1853 GETSHORT(class2
, p1
);
1855 GETSHORT(rdlen2
, p1
);
1857 if (rc
== 1 && qclass
== class2
)
1859 /* Do we have an answer for the question? */
1865 else if (type2
== T_CNAME
)
1870 if (!cname_count
-- || !extract_name(header
, plen
, &p1
, name
, 1, 0))
1878 if (!ADD_RDLEN(header
, p1
, plen
, rdlen2
))
1882 if (neganswer
&& !have_answer
)
1885 /* No data, therefore no sigs */
1886 if (ntohs(header
->ancount
) + ntohs(header
->nscount
) == 0)
1892 for (p1
= ans_start
, i
= 0; i
< ntohs(header
->ancount
) + ntohs(header
->nscount
); i
++)
1894 if (!extract_name(header
, plen
, &p1
, name
, 1, 10))
1895 return STAT_BOGUS
; /* bad packet */
1897 GETSHORT(type1
, p1
);
1898 GETSHORT(class1
, p1
);
1900 GETSHORT(rdlen1
, p1
);
1902 /* Don't try and validate RRSIGs! */
1903 if (type1
!= T_RRSIG
)
1905 /* Check if we've done this RRset already */
1906 for (p2
= ans_start
, j
= 0; j
< i
; j
++)
1908 if (!(rc
= extract_name(header
, plen
, &p2
, name
, 0, 10)))
1909 return STAT_BOGUS
; /* bad packet */
1911 GETSHORT(type2
, p2
);
1912 GETSHORT(class2
, p2
);
1914 GETSHORT(rdlen2
, p2
);
1916 if (type2
== type1
&& class2
== class1
&& rc
== 1)
1917 break; /* Done it before: name, type, class all match. */
1919 if (!ADD_RDLEN(header
, p2
, plen
, rdlen2
))
1923 /* Not done, validate now */
1926 int ttl
, keytag
, algo
, digest
, type_covered
;
1927 unsigned char *psave
;
1929 struct blockdata
*key
;
1932 int have_wildcard
= 0;
1934 rc
= validate_rrset(now
, header
, plen
, class1
, type1
, name
, keyname
, &wildname
, NULL
, 0, 0, 0);
1936 if (rc
== STAT_SECURE_WILDCARD
)
1940 /* An attacker replay a wildcard answer with a different
1941 answer and overlay a genuine RR. To prove this
1942 hasn't happened, the answer must prove that
1943 the gennuine record doesn't exist. Check that here. */
1944 if (!nsec_type
&& !(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, class1
)))
1945 return STAT_BOGUS
; /* No NSECs or bad packet */
1947 if (nsec_type
== T_NSEC
)
1948 rc
= prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, type1
, NULL
);
1950 rc
= prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
,
1951 keyname
, name
, type1
, wildname
, NULL
);
1953 if (rc
!= STAT_SECURE
)
1956 else if (rc
!= STAT_SECURE
)
1959 *class = class1
; /* Class for DS or DNSKEY */
1961 if (rc
== STAT_NO_SIG
)
1963 /* If we dropped off the end of a CNAME chain, return
1964 STAT_NO_SIG and the last name is keyname. This is used for proving non-existence
1965 if DS records in CNAME chains. */
1966 if (cname_count
== CNAME_CHAIN
|| i
< ntohs(header
->ancount
))
1967 /* No CNAME chain, or no sig in answer section, return empty name. */
1969 else if (!extract_name(header
, plen
, &qname
, keyname
, 1, 0))
1976 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1977 cache_start_insert();
1979 for (p2
= ans_start
, j
= 0; j
< ntohs(header
->ancount
); j
++)
1981 if (!(rc
= extract_name(header
, plen
, &p2
, name
, 0, 10)))
1982 return STAT_BOGUS
; /* bad packet */
1984 GETSHORT(type2
, p2
);
1985 GETSHORT(class2
, p2
);
1987 GETSHORT(rdlen2
, p2
);
1989 if (!CHECK_LEN(header
, p2
, plen
, rdlen2
))
1990 return STAT_BOGUS
; /* bad packet */
1992 if (class2
== class1
&& rc
== 1)
1996 if (type1
== T_DS
&& type2
== T_DS
)
1999 return STAT_BOGUS
; /* bad packet */
2001 GETSHORT(keytag
, p2
);
2005 /* Cache needs to known class for DNSSEC stuff */
2006 a
.addr
.dnssec
.class = class2
;
2008 if ((key
= blockdata_alloc((char*)p2
, rdlen2
- 4)))
2010 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DS
| F_DNSSECOK
)))
2011 blockdata_free(key
);
2014 a
.addr
.keytag
= keytag
;
2015 log_query(F_NOEXTRA
| F_KEYTAG
| F_UPSTREAM
, name
, &a
, "DS keytag %u");
2016 crecp
->addr
.ds
.digest
= digest
;
2017 crecp
->addr
.ds
.keydata
= key
;
2018 crecp
->addr
.ds
.algo
= algo
;
2019 crecp
->addr
.ds
.keytag
= keytag
;
2020 crecp
->addr
.ds
.keylen
= rdlen2
- 4;
2024 else if (type2
== T_RRSIG
)
2027 return STAT_BOGUS
; /* bad packet */
2029 GETSHORT(type_covered
, p2
);
2031 if (type_covered
== type1
&&
2032 (type_covered
== T_A
|| type_covered
== T_AAAA
||
2033 type_covered
== T_CNAME
|| type_covered
== T_DS
||
2034 type_covered
== T_DNSKEY
|| type_covered
== T_PTR
))
2036 a
.addr
.dnssec
.type
= type_covered
;
2037 a
.addr
.dnssec
.class = class1
;
2040 p2
+= 13; /* labels, orig_ttl, expiration, inception */
2041 GETSHORT(keytag
, p2
);
2043 /* We don't cache sigs for wildcard answers, because to reproduce the
2044 answer from the cache will require one or more NSEC/NSEC3 records
2045 which we don't cache. The lack of the RRSIG ensures that a query for
2046 this RRset asking for a secure answer will always be forwarded. */
2047 if (!have_wildcard
&& (key
= blockdata_alloc((char*)psave
, rdlen2
)))
2049 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DS
)))
2050 blockdata_free(key
);
2053 crecp
->addr
.sig
.keydata
= key
;
2054 crecp
->addr
.sig
.keylen
= rdlen2
;
2055 crecp
->addr
.sig
.keytag
= keytag
;
2056 crecp
->addr
.sig
.type_covered
= type_covered
;
2057 crecp
->addr
.sig
.algo
= algo
;
2066 if (!ADD_RDLEN(header
, p2
, plen
, rdlen2
))
2067 return STAT_BOGUS
; /* bad packet */
2074 if (!ADD_RDLEN(header
, p1
, plen
, rdlen1
))
2078 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
2082 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
2083 /* First marshall the NSEC records, if we've not done it previously */
2084 if (!nsec_type
&& !(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, qclass
)))
2086 /* No NSEC records. If we dropped off the end of a CNAME chain, return
2087 STAT_NO_SIG and the last name is keyname. This is used for proving non-existence
2088 if DS records in CNAME chains. */
2089 if (cname_count
== CNAME_CHAIN
) /* No CNAME chain, return empty name. */
2091 else if (!extract_name(header
, plen
, &qname
, keyname
, 1, 0))
2093 return STAT_NO_SIG
; /* No NSECs, this is probably a dangling CNAME pointing into
2094 an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
2097 /* Get name of missing answer */
2098 if (!extract_name(header
, plen
, &qname
, name
, 1, 0))
2101 if (nsec_type
== T_NSEC
)
2102 return prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, qtype
, nons
);
2104 return prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, qtype
, NULL
, nons
);
2107 /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2108 Needed for proving answer in unsigned space.
2111 STAT_INSECURE - name of first non-secure record in name
2113 int dnssec_chase_cname(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
)
2115 unsigned char *p
= (unsigned char *)(header
+1);
2116 int type
, class, qclass
, rdlen
, j
, rc
;
2117 int cname_count
= CNAME_CHAIN
;
2121 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
2125 GETSHORT(qclass
, p
);
2129 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
2131 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
2132 return STAT_BOGUS
; /* bad packet */
2139 /* Not target, loop */
2140 if (rc
== 2 || qclass
!= class)
2142 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2147 /* Got to end of CNAME chain. */
2148 if (type
!= T_CNAME
)
2149 return STAT_INSECURE
;
2151 /* validate CNAME chain, return if insecure or need more data */
2152 rc
= validate_rrset(now
, header
, plen
, class, type
, name
, keyname
, &wildname
, NULL
, 0, 0, 0);
2154 if (rc
== STAT_SECURE_WILDCARD
)
2156 int nsec_type
, nsec_count
, i
;
2157 unsigned char **nsecs
;
2159 /* An attacker can replay a wildcard answer with a different
2160 answer and overlay a genuine RR. To prove this
2161 hasn't happened, the answer must prove that
2162 the genuine record doesn't exist. Check that here. */
2163 if (!(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, class)))
2164 return STAT_BOGUS
; /* No NSECs or bad packet */
2166 /* Note that we're called here because something didn't validate in validate_reply,
2167 so we can't assume that any NSEC records have been validated. We do them by steam here */
2169 for (i
= 0; i
< nsec_count
; i
++)
2171 unsigned char *p1
= nsecs
[i
];
2173 if (!extract_name(header
, plen
, &p1
, daemon
->workspacename
, 1, 0))
2176 rc
= validate_rrset(now
, header
, plen
, class, nsec_type
, daemon
->workspacename
, keyname
, NULL
, NULL
, 0, 0, 0);
2178 /* NSECs can't be wildcards. */
2179 if (rc
== STAT_SECURE_WILDCARD
)
2182 if (rc
!= STAT_SECURE
)
2186 if (nsec_type
== T_NSEC
)
2187 rc
= prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, type
, NULL
);
2189 rc
= prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
,
2190 keyname
, name
, type
, wildname
, NULL
);
2192 if (rc
!= STAT_SECURE
)
2196 if (rc
!= STAT_SECURE
)
2198 if (rc
== STAT_NO_SIG
)
2203 /* Loop down CNAME chain/ */
2204 if (!cname_count
-- ||
2205 !extract_name(header
, plen
, &p
, name
, 1, 0) ||
2206 !(p
= skip_questions(header
, plen
)))
2212 /* End of CNAME chain */
2213 return STAT_INSECURE
;
2218 /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2219 int dnskey_keytag(int alg
, int flags
, unsigned char *key
, int keylen
)
2223 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2224 See RFC4034, Appendix B.1 */
2225 return key
[keylen
-4] * 256 + key
[keylen
-3];
2229 unsigned long ac
= flags
+ 0x300 + alg
;
2232 for (i
= 0; i
< keylen
; ++i
)
2233 ac
+= (i
& 1) ? key
[i
] : key
[i
] << 8;
2235 ac
+= (ac
>> 16) & 0xffff;
2240 size_t dnssec_generate_query(struct dns_header
*header
, char *end
, char *name
, int class,
2241 int type
, union mysockaddr
*addr
, int edns_pktsz
)
2244 char *types
= querystr("dnssec-query", type
);
2247 if (addr
->sa
.sa_family
== AF_INET
)
2248 log_query(F_NOEXTRA
| F_DNSSEC
| F_IPV4
, name
, (struct all_addr
*)&addr
->in
.sin_addr
, types
);
2251 log_query(F_NOEXTRA
| F_DNSSEC
| F_IPV6
, name
, (struct all_addr
*)&addr
->in6
.sin6_addr
, types
);
2254 header
->qdcount
= htons(1);
2255 header
->ancount
= htons(0);
2256 header
->nscount
= htons(0);
2257 header
->arcount
= htons(0);
2259 header
->hb3
= HB3_RD
;
2260 SET_OPCODE(header
, QUERY
);
2261 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2262 this allows it to select auth servers when one is returning bad data. */
2263 header
->hb4
= option_bool(OPT_DNSSEC_DEBUG
) ? HB4_CD
: 0;
2265 /* ID filled in later */
2267 p
= (unsigned char *)(header
+1);
2269 p
= do_rfc1035_name(p
, name
);
2274 ret
= add_do_bit(header
, p
- (unsigned char *)header
, end
);
2276 if (find_pseudoheader(header
, ret
, NULL
, &p
, NULL
))
2277 PUTSHORT(edns_pktsz
, p
);
2282 /* Go through a domain name, find "pointers" and fix them up based on how many bytes
2283 we've chopped out of the packet, or check they don't point into an elided part. */
2284 static int check_name(unsigned char **namep
, struct dns_header
*header
, size_t plen
, int fixup
, unsigned char **rrs
, int rr_count
)
2286 unsigned char *ansp
= *namep
;
2290 unsigned int label_type
;
2292 if (!CHECK_LEN(header
, ansp
, plen
, 1))
2295 label_type
= (*ansp
) & 0xc0;
2297 if (label_type
== 0xc0)
2299 /* pointer for compression. */
2300 unsigned int offset
;
2304 if (!CHECK_LEN(header
, ansp
, plen
, 2))
2307 offset
= ((*ansp
++) & 0x3f) << 8;
2310 p
= offset
+ (unsigned char *)header
;
2312 for (i
= 0; i
< rr_count
; i
++)
2317 offset
-= rrs
[i
] - rrs
[i
-1];
2319 /* does the pointer end up in an elided RR? */
2323 /* No, scale the pointer */
2327 *ansp
++ = (offset
>> 8) | 0xc0;
2328 *ansp
++ = offset
& 0xff;
2332 else if (label_type
== 0x80)
2333 return 0; /* reserved */
2334 else if (label_type
== 0x40)
2336 /* Extended label type */
2339 if (!CHECK_LEN(header
, ansp
, plen
, 2))
2342 if (((*ansp
++) & 0x3f) != 1)
2343 return 0; /* we only understand bitstrings */
2345 count
= *(ansp
++); /* Bits in bitstring */
2347 if (count
== 0) /* count == 0 means 256 bits */
2350 ansp
+= ((count
-1)>>3)+1;
2353 { /* label type == 0 Bottom six bits is length */
2354 unsigned int len
= (*ansp
++) & 0x3f;
2356 if (!ADD_RDLEN(header
, ansp
, plen
, len
))
2360 break; /* zero length label marks the end. */
2369 /* Go through RRs and check or fixup the domain names contained within */
2370 static int check_rrs(unsigned char *p
, struct dns_header
*header
, size_t plen
, int fixup
, unsigned char **rrs
, int rr_count
)
2372 int i
, type
, class, rdlen
;
2375 for (i
= 0; i
< ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
); i
++)
2379 if (!(p
= skip_name(p
, header
, plen
, 10)))
2387 if (type
!= T_NSEC
&& type
!= T_NSEC3
&& type
!= T_RRSIG
)
2389 /* fixup name of RR */
2390 if (!check_name(&pp
, header
, plen
, fixup
, rrs
, rr_count
))
2397 for (pp
= p
, d
= get_desc(type
); *d
!= (u16
)-1; d
++)
2401 else if (!check_name(&pp
, header
, plen
, fixup
, rrs
, rr_count
))
2407 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2415 size_t filter_rrsigs(struct dns_header
*header
, size_t plen
)
2417 static unsigned char **rrs
;
2418 static int rr_sz
= 0;
2420 unsigned char *p
= (unsigned char *)(header
+1);
2421 int i
, rdlen
, qtype
, qclass
, rr_found
, chop_an
, chop_ns
, chop_ar
;
2423 if (ntohs(header
->qdcount
) != 1 ||
2424 !(p
= skip_name(p
, header
, plen
, 4)))
2428 GETSHORT(qclass
, p
);
2430 /* First pass, find pointers to start and end of all the records we wish to elide:
2431 records added for DNSSEC, unless explicity queried for */
2432 for (rr_found
= 0, chop_ns
= 0, chop_an
= 0, chop_ar
= 0, i
= 0;
2433 i
< ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
);
2436 unsigned char *pstart
= p
;
2439 if (!(p
= skip_name(p
, header
, plen
, 10)))
2447 if ((type
== T_NSEC
|| type
== T_NSEC3
|| type
== T_RRSIG
) &&
2448 (type
!= qtype
|| class != qclass
))
2450 if (!expand_workspace(&rrs
, &rr_sz
, rr_found
+ 1))
2453 rrs
[rr_found
++] = pstart
;
2455 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2458 rrs
[rr_found
++] = p
;
2460 if (i
< ntohs(header
->ancount
))
2462 else if (i
< (ntohs(header
->nscount
) + ntohs(header
->ancount
)))
2467 else if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2471 /* Nothing to do. */
2475 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2476 point to records we're going to elide. This is theoretically possible, but unlikely. If
2477 it happens, we give up and leave the answer unchanged. */
2478 p
= (unsigned char *)(header
+1);
2480 /* question first */
2481 if (!check_name(&p
, header
, plen
, 0, rrs
, rr_found
))
2483 p
+= 4; /* qclass, qtype */
2485 /* Now answers and NS */
2486 if (!check_rrs(p
, header
, plen
, 0, rrs
, rr_found
))
2489 /* Third pass, elide records */
2490 for (p
= rrs
[0], i
= 1; i
< rr_found
; i
+= 2)
2492 unsigned char *start
= rrs
[i
];
2493 unsigned char *end
= (i
!= rr_found
- 1) ? rrs
[i
+1] : ((unsigned char *)(header
+1)) + plen
;
2495 memmove(p
, start
, end
-start
);
2499 plen
= p
- (unsigned char *)header
;
2500 header
->ancount
= htons(ntohs(header
->ancount
) - chop_an
);
2501 header
->nscount
= htons(ntohs(header
->nscount
) - chop_ns
);
2502 header
->arcount
= htons(ntohs(header
->arcount
) - chop_ar
);
2504 /* Fourth pass, fix up pointers in the remaining records */
2505 p
= (unsigned char *)(header
+1);
2507 check_name(&p
, header
, plen
, 1, rrs
, rr_found
);
2508 p
+= 4; /* qclass, qtype */
2510 check_rrs(p
, header
, plen
, 1, rrs
, rr_found
);
2515 unsigned char* hash_questions(struct dns_header
*header
, size_t plen
, char *name
)
2519 unsigned char *p
= (unsigned char *)(header
+1);
2520 const struct nettle_hash
*hash
;
2522 unsigned char *digest
;
2524 if (!(hash
= hash_find("sha1")) || !hash_init(hash
, &ctx
, &digest
))
2527 for (q
= ntohs(header
->qdcount
); q
!= 0; q
--)
2529 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
2530 break; /* bad packet */
2532 len
= to_wire(name
);
2533 hash
->update(ctx
, len
, (unsigned char *)name
);
2534 /* CRC the class and type as well */
2535 hash
->update(ctx
, 4, p
);
2538 if (!CHECK_LEN(header
, p
, plen
, 0))
2539 break; /* bad packet */
2542 hash
->digest(ctx
, hash
->digest_size
, digest
);
2546 #endif /* HAVE_DNSSEC */