]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gcrypt: do not ignore return values
[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "alloc-util.h"
4 #include "dns-domain.h"
5 #include "fd-util.h"
6 #include "fileio.h"
7 #include "gcrypt-util.h"
8 #include "hexdecoct.h"
9 #include "memory-util.h"
10 #include "resolved-dns-dnssec.h"
11 #include "resolved-dns-packet.h"
12 #include "sort-util.h"
13 #include "string-table.h"
14
15 #define VERIFY_RRS_MAX 256
16 #define MAX_KEY_SIZE (32*1024)
17
18 /* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
19 #define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
20
21 /* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value */
22 #define NSEC3_ITERATIONS_MAX 2500
23
24 /*
25 * The DNSSEC Chain of trust:
26 *
27 * Normal RRs are protected via RRSIG RRs in combination with DNSKEY RRs, all in the same zone
28 * DNSKEY RRs are either protected like normal RRs, or via a DS from a zone "higher" up the tree
29 * DS RRs are protected like normal RRs
30 *
31 * Example chain:
32 * Normal RR → RRSIG/DNSKEY+ → DS → RRSIG/DNSKEY+ → DS → ... → DS → RRSIG/DNSKEY+ → DS
33 */
34
35 uint16_t dnssec_keytag(DnsResourceRecord *dnskey, bool mask_revoke) {
36 const uint8_t *p;
37 uint32_t sum, f;
38 size_t i;
39
40 /* The algorithm from RFC 4034, Appendix B. */
41
42 assert(dnskey);
43 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
44
45 f = (uint32_t) dnskey->dnskey.flags;
46
47 if (mask_revoke)
48 f &= ~DNSKEY_FLAG_REVOKE;
49
50 sum = f + ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);
51
52 p = dnskey->dnskey.key;
53
54 for (i = 0; i < dnskey->dnskey.key_size; i++)
55 sum += (i & 1) == 0 ? (uint32_t) p[i] << 8 : (uint32_t) p[i];
56
57 sum += (sum >> 16) & UINT32_C(0xFFFF);
58
59 return sum & UINT32_C(0xFFFF);
60 }
61
62 #if HAVE_GCRYPT
63
64 static int rr_compare(DnsResourceRecord * const *a, DnsResourceRecord * const *b) {
65 const DnsResourceRecord *x = *a, *y = *b;
66 size_t m;
67 int r;
68
69 /* Let's order the RRs according to RFC 4034, Section 6.3 */
70
71 assert(x);
72 assert(x->wire_format);
73 assert(y);
74 assert(y->wire_format);
75
76 m = MIN(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
77
78 r = memcmp(DNS_RESOURCE_RECORD_RDATA(x), DNS_RESOURCE_RECORD_RDATA(y), m);
79 if (r != 0)
80 return r;
81
82 return CMP(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
83 }
84
85 static int dnssec_rsa_verify_raw(
86 const char *hash_algorithm,
87 const void *signature, size_t signature_size,
88 const void *data, size_t data_size,
89 const void *exponent, size_t exponent_size,
90 const void *modulus, size_t modulus_size) {
91
92 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
93 gcry_mpi_t n = NULL, e = NULL, s = NULL;
94 gcry_error_t ge;
95 int r;
96
97 assert(hash_algorithm);
98
99 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature, signature_size, NULL);
100 if (ge != 0) {
101 r = -EIO;
102 goto finish;
103 }
104
105 ge = gcry_mpi_scan(&e, GCRYMPI_FMT_USG, exponent, exponent_size, NULL);
106 if (ge != 0) {
107 r = -EIO;
108 goto finish;
109 }
110
111 ge = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, modulus, modulus_size, NULL);
112 if (ge != 0) {
113 r = -EIO;
114 goto finish;
115 }
116
117 ge = gcry_sexp_build(&signature_sexp,
118 NULL,
119 "(sig-val (rsa (s %m)))",
120 s);
121
122 if (ge != 0) {
123 r = -EIO;
124 goto finish;
125 }
126
127 ge = gcry_sexp_build(&data_sexp,
128 NULL,
129 "(data (flags pkcs1) (hash %s %b))",
130 hash_algorithm,
131 (int) data_size,
132 data);
133 if (ge != 0) {
134 r = -EIO;
135 goto finish;
136 }
137
138 ge = gcry_sexp_build(&public_key_sexp,
139 NULL,
140 "(public-key (rsa (n %m) (e %m)))",
141 n,
142 e);
143 if (ge != 0) {
144 r = -EIO;
145 goto finish;
146 }
147
148 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
149 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
150 r = 0;
151 else if (ge != 0) {
152 log_debug("RSA signature check failed: %s", gpg_strerror(ge));
153 r = -EIO;
154 } else
155 r = 1;
156
157 finish:
158 if (e)
159 gcry_mpi_release(e);
160 if (n)
161 gcry_mpi_release(n);
162 if (s)
163 gcry_mpi_release(s);
164
165 if (public_key_sexp)
166 gcry_sexp_release(public_key_sexp);
167 if (signature_sexp)
168 gcry_sexp_release(signature_sexp);
169 if (data_sexp)
170 gcry_sexp_release(data_sexp);
171
172 return r;
173 }
174
175 static int dnssec_rsa_verify(
176 const char *hash_algorithm,
177 const void *hash, size_t hash_size,
178 DnsResourceRecord *rrsig,
179 DnsResourceRecord *dnskey) {
180
181 size_t exponent_size, modulus_size;
182 void *exponent, *modulus;
183
184 assert(hash_algorithm);
185 assert(hash);
186 assert(hash_size > 0);
187 assert(rrsig);
188 assert(dnskey);
189
190 if (*(uint8_t*) dnskey->dnskey.key == 0) {
191 /* exponent is > 255 bytes long */
192
193 exponent = (uint8_t*) dnskey->dnskey.key + 3;
194 exponent_size =
195 ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |
196 ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);
197
198 if (exponent_size < 256)
199 return -EINVAL;
200
201 if (3 + exponent_size >= dnskey->dnskey.key_size)
202 return -EINVAL;
203
204 modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;
205 modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;
206
207 } else {
208 /* exponent is <= 255 bytes long */
209
210 exponent = (uint8_t*) dnskey->dnskey.key + 1;
211 exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];
212
213 if (exponent_size <= 0)
214 return -EINVAL;
215
216 if (1 + exponent_size >= dnskey->dnskey.key_size)
217 return -EINVAL;
218
219 modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;
220 modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;
221 }
222
223 return dnssec_rsa_verify_raw(
224 hash_algorithm,
225 rrsig->rrsig.signature, rrsig->rrsig.signature_size,
226 hash, hash_size,
227 exponent, exponent_size,
228 modulus, modulus_size);
229 }
230
231 static int dnssec_ecdsa_verify_raw(
232 const char *hash_algorithm,
233 const char *curve,
234 const void *signature_r, size_t signature_r_size,
235 const void *signature_s, size_t signature_s_size,
236 const void *data, size_t data_size,
237 const void *key, size_t key_size) {
238
239 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
240 gcry_mpi_t q = NULL, r = NULL, s = NULL;
241 gcry_error_t ge;
242 int k;
243
244 assert(hash_algorithm);
245
246 ge = gcry_mpi_scan(&r, GCRYMPI_FMT_USG, signature_r, signature_r_size, NULL);
247 if (ge != 0) {
248 k = -EIO;
249 goto finish;
250 }
251
252 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature_s, signature_s_size, NULL);
253 if (ge != 0) {
254 k = -EIO;
255 goto finish;
256 }
257
258 ge = gcry_mpi_scan(&q, GCRYMPI_FMT_USG, key, key_size, NULL);
259 if (ge != 0) {
260 k = -EIO;
261 goto finish;
262 }
263
264 ge = gcry_sexp_build(&signature_sexp,
265 NULL,
266 "(sig-val (ecdsa (r %m) (s %m)))",
267 r,
268 s);
269 if (ge != 0) {
270 k = -EIO;
271 goto finish;
272 }
273
274 ge = gcry_sexp_build(&data_sexp,
275 NULL,
276 "(data (flags rfc6979) (hash %s %b))",
277 hash_algorithm,
278 (int) data_size,
279 data);
280 if (ge != 0) {
281 k = -EIO;
282 goto finish;
283 }
284
285 ge = gcry_sexp_build(&public_key_sexp,
286 NULL,
287 "(public-key (ecc (curve %s) (q %m)))",
288 curve,
289 q);
290 if (ge != 0) {
291 k = -EIO;
292 goto finish;
293 }
294
295 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
296 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
297 k = 0;
298 else if (ge != 0) {
299 log_debug("ECDSA signature check failed: %s", gpg_strerror(ge));
300 k = -EIO;
301 } else
302 k = 1;
303 finish:
304 if (r)
305 gcry_mpi_release(r);
306 if (s)
307 gcry_mpi_release(s);
308 if (q)
309 gcry_mpi_release(q);
310
311 if (public_key_sexp)
312 gcry_sexp_release(public_key_sexp);
313 if (signature_sexp)
314 gcry_sexp_release(signature_sexp);
315 if (data_sexp)
316 gcry_sexp_release(data_sexp);
317
318 return k;
319 }
320
321 static int dnssec_ecdsa_verify(
322 const char *hash_algorithm,
323 int algorithm,
324 const void *hash, size_t hash_size,
325 DnsResourceRecord *rrsig,
326 DnsResourceRecord *dnskey) {
327
328 const char *curve;
329 size_t key_size;
330 uint8_t *q;
331
332 assert(hash);
333 assert(hash_size);
334 assert(rrsig);
335 assert(dnskey);
336
337 if (algorithm == DNSSEC_ALGORITHM_ECDSAP256SHA256) {
338 key_size = 32;
339 curve = "NIST P-256";
340 } else if (algorithm == DNSSEC_ALGORITHM_ECDSAP384SHA384) {
341 key_size = 48;
342 curve = "NIST P-384";
343 } else
344 return -EOPNOTSUPP;
345
346 if (dnskey->dnskey.key_size != key_size * 2)
347 return -EINVAL;
348
349 if (rrsig->rrsig.signature_size != key_size * 2)
350 return -EINVAL;
351
352 q = newa(uint8_t, key_size*2 + 1);
353 q[0] = 0x04; /* Prepend 0x04 to indicate an uncompressed key */
354 memcpy(q+1, dnskey->dnskey.key, key_size*2);
355
356 return dnssec_ecdsa_verify_raw(
357 hash_algorithm,
358 curve,
359 rrsig->rrsig.signature, key_size,
360 (uint8_t*) rrsig->rrsig.signature + key_size, key_size,
361 hash, hash_size,
362 q, key_size*2+1);
363 }
364
365 #if GCRYPT_VERSION_NUMBER >= 0x010600
366 static int dnssec_eddsa_verify_raw(
367 const char *curve,
368 const void *signature_r, size_t signature_r_size,
369 const void *signature_s, size_t signature_s_size,
370 const void *data, size_t data_size,
371 const void *key, size_t key_size) {
372
373 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
374 gcry_error_t ge;
375 int k;
376
377 ge = gcry_sexp_build(&signature_sexp,
378 NULL,
379 "(sig-val (eddsa (r %b) (s %b)))",
380 (int) signature_r_size,
381 signature_r,
382 (int) signature_s_size,
383 signature_s);
384 if (ge != 0) {
385 k = -EIO;
386 goto finish;
387 }
388
389 ge = gcry_sexp_build(&data_sexp,
390 NULL,
391 "(data (flags eddsa) (hash-algo sha512) (value %b))",
392 (int) data_size,
393 data);
394 if (ge != 0) {
395 k = -EIO;
396 goto finish;
397 }
398
399 ge = gcry_sexp_build(&public_key_sexp,
400 NULL,
401 "(public-key (ecc (curve %s) (flags eddsa) (q %b)))",
402 curve,
403 (int) key_size,
404 key);
405 if (ge != 0) {
406 k = -EIO;
407 goto finish;
408 }
409
410 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
411 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
412 k = 0;
413 else if (ge != 0) {
414 log_debug("EdDSA signature check failed: %s", gpg_strerror(ge));
415 k = -EIO;
416 } else
417 k = 1;
418 finish:
419 if (public_key_sexp)
420 gcry_sexp_release(public_key_sexp);
421 if (signature_sexp)
422 gcry_sexp_release(signature_sexp);
423 if (data_sexp)
424 gcry_sexp_release(data_sexp);
425
426 return k;
427 }
428
429 static int dnssec_eddsa_verify(
430 int algorithm,
431 const void *data, size_t data_size,
432 DnsResourceRecord *rrsig,
433 DnsResourceRecord *dnskey) {
434 const char *curve;
435 size_t key_size;
436
437 if (algorithm == DNSSEC_ALGORITHM_ED25519) {
438 curve = "Ed25519";
439 key_size = 32;
440 } else
441 return -EOPNOTSUPP;
442
443 if (dnskey->dnskey.key_size != key_size)
444 return -EINVAL;
445
446 if (rrsig->rrsig.signature_size != key_size * 2)
447 return -EINVAL;
448
449 return dnssec_eddsa_verify_raw(
450 curve,
451 rrsig->rrsig.signature, key_size,
452 (uint8_t*) rrsig->rrsig.signature + key_size, key_size,
453 data, data_size,
454 dnskey->dnskey.key, key_size);
455 }
456 #endif
457
458 static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
459 gcry_md_write(md, &v, sizeof(v));
460 }
461
462 static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
463 v = htobe16(v);
464 gcry_md_write(md, &v, sizeof(v));
465 }
466
467 static void fwrite_uint8(FILE *fp, uint8_t v) {
468 fwrite(&v, sizeof(v), 1, fp);
469 }
470
471 static void fwrite_uint16(FILE *fp, uint16_t v) {
472 v = htobe16(v);
473 fwrite(&v, sizeof(v), 1, fp);
474 }
475
476 static void fwrite_uint32(FILE *fp, uint32_t v) {
477 v = htobe32(v);
478 fwrite(&v, sizeof(v), 1, fp);
479 }
480
481 static int dnssec_rrsig_prepare(DnsResourceRecord *rrsig) {
482 int n_key_labels, n_signer_labels;
483 const char *name;
484 int r;
485
486 /* Checks whether the specified RRSIG RR is somewhat valid, and initializes the .n_skip_labels_source and
487 * .n_skip_labels_signer fields so that we can use them later on. */
488
489 assert(rrsig);
490 assert(rrsig->key->type == DNS_TYPE_RRSIG);
491
492 /* Check if this RRSIG RR is already prepared */
493 if (rrsig->n_skip_labels_source != UINT_MAX)
494 return 0;
495
496 if (rrsig->rrsig.inception > rrsig->rrsig.expiration)
497 return -EINVAL;
498
499 name = dns_resource_key_name(rrsig->key);
500
501 n_key_labels = dns_name_count_labels(name);
502 if (n_key_labels < 0)
503 return n_key_labels;
504 if (rrsig->rrsig.labels > n_key_labels)
505 return -EINVAL;
506
507 n_signer_labels = dns_name_count_labels(rrsig->rrsig.signer);
508 if (n_signer_labels < 0)
509 return n_signer_labels;
510 if (n_signer_labels > rrsig->rrsig.labels)
511 return -EINVAL;
512
513 r = dns_name_skip(name, n_key_labels - n_signer_labels, &name);
514 if (r < 0)
515 return r;
516 if (r == 0)
517 return -EINVAL;
518
519 /* Check if the signer is really a suffix of us */
520 r = dns_name_equal(name, rrsig->rrsig.signer);
521 if (r < 0)
522 return r;
523 if (r == 0)
524 return -EINVAL;
525
526 rrsig->n_skip_labels_source = n_key_labels - rrsig->rrsig.labels;
527 rrsig->n_skip_labels_signer = n_key_labels - n_signer_labels;
528
529 return 0;
530 }
531
532 static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
533 usec_t expiration, inception, skew;
534
535 assert(rrsig);
536 assert(rrsig->key->type == DNS_TYPE_RRSIG);
537
538 if (realtime == USEC_INFINITY)
539 realtime = now(CLOCK_REALTIME);
540
541 expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
542 inception = rrsig->rrsig.inception * USEC_PER_SEC;
543
544 /* Consider inverted validity intervals as expired */
545 if (inception > expiration)
546 return true;
547
548 /* Permit a certain amount of clock skew of 10% of the valid
549 * time range. This takes inspiration from unbound's
550 * resolver. */
551 skew = (expiration - inception) / 10;
552 if (skew > SKEW_MAX)
553 skew = SKEW_MAX;
554
555 if (inception < skew)
556 inception = 0;
557 else
558 inception -= skew;
559
560 if (expiration + skew < expiration)
561 expiration = USEC_INFINITY;
562 else
563 expiration += skew;
564
565 return realtime < inception || realtime > expiration;
566 }
567
568 static int algorithm_to_gcrypt_md(uint8_t algorithm) {
569
570 /* Translates a DNSSEC signature algorithm into a gcrypt
571 * digest identifier.
572 *
573 * Note that we implement all algorithms listed as "Must
574 * implement" and "Recommended to Implement" in RFC6944. We
575 * don't implement any algorithms that are listed as
576 * "Optional" or "Must Not Implement". Specifically, we do not
577 * implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
578 * GOST-ECC. */
579
580 switch (algorithm) {
581
582 case DNSSEC_ALGORITHM_RSASHA1:
583 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
584 return GCRY_MD_SHA1;
585
586 case DNSSEC_ALGORITHM_RSASHA256:
587 case DNSSEC_ALGORITHM_ECDSAP256SHA256:
588 return GCRY_MD_SHA256;
589
590 case DNSSEC_ALGORITHM_ECDSAP384SHA384:
591 return GCRY_MD_SHA384;
592
593 case DNSSEC_ALGORITHM_RSASHA512:
594 return GCRY_MD_SHA512;
595
596 default:
597 return -EOPNOTSUPP;
598 }
599 }
600
601 static void dnssec_fix_rrset_ttl(
602 DnsResourceRecord *list[],
603 unsigned n,
604 DnsResourceRecord *rrsig,
605 usec_t realtime) {
606
607 unsigned k;
608
609 assert(list);
610 assert(n > 0);
611 assert(rrsig);
612
613 for (k = 0; k < n; k++) {
614 DnsResourceRecord *rr = list[k];
615
616 /* Pick the TTL as the minimum of the RR's TTL, the
617 * RR's original TTL according to the RRSIG and the
618 * RRSIG's own TTL, see RFC 4035, Section 5.3.3 */
619 rr->ttl = MIN3(rr->ttl, rrsig->rrsig.original_ttl, rrsig->ttl);
620 rr->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
621
622 /* Copy over information about the signer and wildcard source of synthesis */
623 rr->n_skip_labels_source = rrsig->n_skip_labels_source;
624 rr->n_skip_labels_signer = rrsig->n_skip_labels_signer;
625 }
626
627 rrsig->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
628 }
629
630 int dnssec_verify_rrset(
631 DnsAnswer *a,
632 const DnsResourceKey *key,
633 DnsResourceRecord *rrsig,
634 DnsResourceRecord *dnskey,
635 usec_t realtime,
636 DnssecResult *result) {
637
638 uint8_t wire_format_name[DNS_WIRE_FORMAT_HOSTNAME_MAX];
639 DnsResourceRecord **list, *rr;
640 const char *source, *name;
641 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
642 int r, md_algorithm;
643 size_t k, n = 0;
644 size_t sig_size = 0;
645 _cleanup_free_ char *sig_data = NULL;
646 _cleanup_fclose_ FILE *f = NULL;
647 size_t hash_size;
648 void *hash;
649 bool wildcard;
650
651 assert(key);
652 assert(rrsig);
653 assert(dnskey);
654 assert(result);
655 assert(rrsig->key->type == DNS_TYPE_RRSIG);
656 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
657
658 /* Verifies that the RRSet matches the specified "key" in "a",
659 * using the signature "rrsig" and the key "dnskey". It's
660 * assumed that RRSIG and DNSKEY match. */
661
662 r = dnssec_rrsig_prepare(rrsig);
663 if (r == -EINVAL) {
664 *result = DNSSEC_INVALID;
665 return r;
666 }
667 if (r < 0)
668 return r;
669
670 r = dnssec_rrsig_expired(rrsig, realtime);
671 if (r < 0)
672 return r;
673 if (r > 0) {
674 *result = DNSSEC_SIGNATURE_EXPIRED;
675 return 0;
676 }
677
678 name = dns_resource_key_name(key);
679
680 /* Some keys may only appear signed in the zone apex, and are invalid anywhere else. (SOA, NS...) */
681 if (dns_type_apex_only(rrsig->rrsig.type_covered)) {
682 r = dns_name_equal(rrsig->rrsig.signer, name);
683 if (r < 0)
684 return r;
685 if (r == 0) {
686 *result = DNSSEC_INVALID;
687 return 0;
688 }
689 }
690
691 /* OTOH DS RRs may not appear in the zone apex, but are valid everywhere else. */
692 if (rrsig->rrsig.type_covered == DNS_TYPE_DS) {
693 r = dns_name_equal(rrsig->rrsig.signer, name);
694 if (r < 0)
695 return r;
696 if (r > 0) {
697 *result = DNSSEC_INVALID;
698 return 0;
699 }
700 }
701
702 /* Determine the "Source of Synthesis" and whether this is a wildcard RRSIG */
703 r = dns_name_suffix(name, rrsig->rrsig.labels, &source);
704 if (r < 0)
705 return r;
706 if (r > 0 && !dns_type_may_wildcard(rrsig->rrsig.type_covered)) {
707 /* We refuse to validate NSEC3 or SOA RRs that are synthesized from wildcards */
708 *result = DNSSEC_INVALID;
709 return 0;
710 }
711 if (r == 1) {
712 /* If we stripped a single label, then let's see if that maybe was "*". If so, we are not really
713 * synthesized from a wildcard, we are the wildcard itself. Treat that like a normal name. */
714 r = dns_name_startswith(name, "*");
715 if (r < 0)
716 return r;
717 if (r > 0)
718 source = name;
719
720 wildcard = r == 0;
721 } else
722 wildcard = r > 0;
723
724 /* Collect all relevant RRs in a single array, so that we can look at the RRset */
725 list = newa(DnsResourceRecord *, dns_answer_size(a));
726
727 DNS_ANSWER_FOREACH(rr, a) {
728 r = dns_resource_key_equal(key, rr->key);
729 if (r < 0)
730 return r;
731 if (r == 0)
732 continue;
733
734 /* We need the wire format for ordering, and digest calculation */
735 r = dns_resource_record_to_wire_format(rr, true);
736 if (r < 0)
737 return r;
738
739 list[n++] = rr;
740
741 if (n > VERIFY_RRS_MAX)
742 return -E2BIG;
743 }
744
745 if (n <= 0)
746 return -ENODATA;
747
748 /* Bring the RRs into canonical order */
749 typesafe_qsort(list, n, rr_compare);
750
751 f = open_memstream_unlocked(&sig_data, &sig_size);
752 if (!f)
753 return -ENOMEM;
754
755 fwrite_uint16(f, rrsig->rrsig.type_covered);
756 fwrite_uint8(f, rrsig->rrsig.algorithm);
757 fwrite_uint8(f, rrsig->rrsig.labels);
758 fwrite_uint32(f, rrsig->rrsig.original_ttl);
759 fwrite_uint32(f, rrsig->rrsig.expiration);
760 fwrite_uint32(f, rrsig->rrsig.inception);
761 fwrite_uint16(f, rrsig->rrsig.key_tag);
762
763 r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
764 if (r < 0)
765 return r;
766 fwrite(wire_format_name, 1, r, f);
767
768 /* Convert the source of synthesis into wire format */
769 r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
770 if (r < 0)
771 return r;
772
773 for (k = 0; k < n; k++) {
774 size_t l;
775
776 rr = list[k];
777
778 /* Hash the source of synthesis. If this is a wildcard, then prefix it with the *. label */
779 if (wildcard)
780 fwrite((uint8_t[]) { 1, '*'}, sizeof(uint8_t), 2, f);
781 fwrite(wire_format_name, 1, r, f);
782
783 fwrite_uint16(f, rr->key->type);
784 fwrite_uint16(f, rr->key->class);
785 fwrite_uint32(f, rrsig->rrsig.original_ttl);
786
787 l = DNS_RESOURCE_RECORD_RDATA_SIZE(rr);
788 assert(l <= 0xFFFF);
789
790 fwrite_uint16(f, (uint16_t) l);
791 fwrite(DNS_RESOURCE_RECORD_RDATA(rr), 1, l, f);
792 }
793
794 r = fflush_and_check(f);
795 if (r < 0)
796 return r;
797
798 initialize_libgcrypt(false);
799
800 switch (rrsig->rrsig.algorithm) {
801 #if GCRYPT_VERSION_NUMBER >= 0x010600
802 case DNSSEC_ALGORITHM_ED25519:
803 break;
804 #else
805 case DNSSEC_ALGORITHM_ED25519:
806 #endif
807 case DNSSEC_ALGORITHM_ED448:
808 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
809 return 0;
810 default:
811 /* OK, the RRs are now in canonical order. Let's calculate the digest */
812 md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
813 if (md_algorithm == -EOPNOTSUPP) {
814 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
815 return 0;
816 }
817 if (md_algorithm < 0)
818 return md_algorithm;
819
820 gcry_md_open(&md, md_algorithm, 0);
821 if (!md)
822 return -EIO;
823
824 hash_size = gcry_md_get_algo_dlen(md_algorithm);
825 assert(hash_size > 0);
826
827 gcry_md_write(md, sig_data, sig_size);
828
829 hash = gcry_md_read(md, 0);
830 if (!hash)
831 return -EIO;
832 }
833
834 switch (rrsig->rrsig.algorithm) {
835
836 case DNSSEC_ALGORITHM_RSASHA1:
837 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
838 case DNSSEC_ALGORITHM_RSASHA256:
839 case DNSSEC_ALGORITHM_RSASHA512:
840 r = dnssec_rsa_verify(
841 gcry_md_algo_name(md_algorithm),
842 hash, hash_size,
843 rrsig,
844 dnskey);
845 break;
846
847 case DNSSEC_ALGORITHM_ECDSAP256SHA256:
848 case DNSSEC_ALGORITHM_ECDSAP384SHA384:
849 r = dnssec_ecdsa_verify(
850 gcry_md_algo_name(md_algorithm),
851 rrsig->rrsig.algorithm,
852 hash, hash_size,
853 rrsig,
854 dnskey);
855 break;
856 #if GCRYPT_VERSION_NUMBER >= 0x010600
857 case DNSSEC_ALGORITHM_ED25519:
858 r = dnssec_eddsa_verify(
859 rrsig->rrsig.algorithm,
860 sig_data, sig_size,
861 rrsig,
862 dnskey);
863 break;
864 #endif
865 }
866 if (r < 0)
867 return r;
868
869 /* Now, fix the ttl, expiry, and remember the synthesizing source and the signer */
870 if (r > 0)
871 dnssec_fix_rrset_ttl(list, n, rrsig, realtime);
872
873 if (r == 0)
874 *result = DNSSEC_INVALID;
875 else if (wildcard)
876 *result = DNSSEC_VALIDATED_WILDCARD;
877 else
878 *result = DNSSEC_VALIDATED;
879
880 return 0;
881 }
882
883 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
884
885 assert(rrsig);
886 assert(dnskey);
887
888 /* Checks if the specified DNSKEY RR matches the key used for
889 * the signature in the specified RRSIG RR */
890
891 if (rrsig->key->type != DNS_TYPE_RRSIG)
892 return -EINVAL;
893
894 if (dnskey->key->type != DNS_TYPE_DNSKEY)
895 return 0;
896 if (dnskey->key->class != rrsig->key->class)
897 return 0;
898 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
899 return 0;
900 if (!revoked_ok && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
901 return 0;
902 if (dnskey->dnskey.protocol != 3)
903 return 0;
904 if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)
905 return 0;
906
907 if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag)
908 return 0;
909
910 return dns_name_equal(dns_resource_key_name(dnskey->key), rrsig->rrsig.signer);
911 }
912
913 int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
914 assert(key);
915 assert(rrsig);
916
917 /* Checks if the specified RRSIG RR protects the RRSet of the specified RR key. */
918
919 if (rrsig->key->type != DNS_TYPE_RRSIG)
920 return 0;
921 if (rrsig->key->class != key->class)
922 return 0;
923 if (rrsig->rrsig.type_covered != key->type)
924 return 0;
925
926 return dns_name_equal(dns_resource_key_name(rrsig->key), dns_resource_key_name(key));
927 }
928
929 int dnssec_verify_rrset_search(
930 DnsAnswer *a,
931 const DnsResourceKey *key,
932 DnsAnswer *validated_dnskeys,
933 usec_t realtime,
934 DnssecResult *result,
935 DnsResourceRecord **ret_rrsig) {
936
937 bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
938 DnsResourceRecord *rrsig;
939 int r;
940
941 assert(key);
942 assert(result);
943
944 /* Verifies all RRs from "a" that match the key "key" against DNSKEYs in "validated_dnskeys" */
945
946 if (!a || a->n_rrs <= 0)
947 return -ENODATA;
948
949 /* Iterate through each RRSIG RR. */
950 DNS_ANSWER_FOREACH(rrsig, a) {
951 DnsResourceRecord *dnskey;
952 DnsAnswerFlags flags;
953
954 /* Is this an RRSIG RR that applies to RRs matching our key? */
955 r = dnssec_key_match_rrsig(key, rrsig);
956 if (r < 0)
957 return r;
958 if (r == 0)
959 continue;
960
961 found_rrsig = true;
962
963 /* Look for a matching key */
964 DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {
965 DnssecResult one_result;
966
967 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
968 continue;
969
970 /* Is this a DNSKEY RR that matches they key of our RRSIG? */
971 r = dnssec_rrsig_match_dnskey(rrsig, dnskey, false);
972 if (r < 0)
973 return r;
974 if (r == 0)
975 continue;
976
977 /* Take the time here, if it isn't set yet, so
978 * that we do all validations with the same
979 * time. */
980 if (realtime == USEC_INFINITY)
981 realtime = now(CLOCK_REALTIME);
982
983 /* Yay, we found a matching RRSIG with a matching
984 * DNSKEY, awesome. Now let's verify all entries of
985 * the RRSet against the RRSIG and DNSKEY
986 * combination. */
987
988 r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);
989 if (r < 0)
990 return r;
991
992 switch (one_result) {
993
994 case DNSSEC_VALIDATED:
995 case DNSSEC_VALIDATED_WILDCARD:
996 /* Yay, the RR has been validated,
997 * return immediately, but fix up the expiry */
998 if (ret_rrsig)
999 *ret_rrsig = rrsig;
1000
1001 *result = one_result;
1002 return 0;
1003
1004 case DNSSEC_INVALID:
1005 /* If the signature is invalid, let's try another
1006 key and/or signature. After all they
1007 key_tags and stuff are not unique, and
1008 might be shared by multiple keys. */
1009 found_invalid = true;
1010 continue;
1011
1012 case DNSSEC_UNSUPPORTED_ALGORITHM:
1013 /* If the key algorithm is
1014 unsupported, try another
1015 RRSIG/DNSKEY pair, but remember we
1016 encountered this, so that we can
1017 return a proper error when we
1018 encounter nothing better. */
1019 found_unsupported_algorithm = true;
1020 continue;
1021
1022 case DNSSEC_SIGNATURE_EXPIRED:
1023 /* If the signature is expired, try
1024 another one, but remember it, so
1025 that we can return this */
1026 found_expired_rrsig = true;
1027 continue;
1028
1029 default:
1030 assert_not_reached("Unexpected DNSSEC validation result");
1031 }
1032 }
1033 }
1034
1035 if (found_expired_rrsig)
1036 *result = DNSSEC_SIGNATURE_EXPIRED;
1037 else if (found_unsupported_algorithm)
1038 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
1039 else if (found_invalid)
1040 *result = DNSSEC_INVALID;
1041 else if (found_rrsig)
1042 *result = DNSSEC_MISSING_KEY;
1043 else
1044 *result = DNSSEC_NO_SIGNATURE;
1045
1046 if (ret_rrsig)
1047 *ret_rrsig = NULL;
1048
1049 return 0;
1050 }
1051
1052 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
1053 DnsResourceRecord *rr;
1054 int r;
1055
1056 /* Checks whether there's at least one RRSIG in 'a' that protects RRs of the specified key */
1057
1058 DNS_ANSWER_FOREACH(rr, a) {
1059 r = dnssec_key_match_rrsig(key, rr);
1060 if (r < 0)
1061 return r;
1062 if (r > 0)
1063 return 1;
1064 }
1065
1066 return 0;
1067 }
1068
1069 static int digest_to_gcrypt_md(uint8_t algorithm) {
1070
1071 /* Translates a DNSSEC digest algorithm into a gcrypt digest identifier */
1072
1073 switch (algorithm) {
1074
1075 case DNSSEC_DIGEST_SHA1:
1076 return GCRY_MD_SHA1;
1077
1078 case DNSSEC_DIGEST_SHA256:
1079 return GCRY_MD_SHA256;
1080
1081 case DNSSEC_DIGEST_SHA384:
1082 return GCRY_MD_SHA384;
1083
1084 default:
1085 return -EOPNOTSUPP;
1086 }
1087 }
1088
1089 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
1090 uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
1091 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
1092 gcry_error_t err;
1093 size_t hash_size;
1094 int md_algorithm, r;
1095 void *result;
1096
1097 assert(dnskey);
1098 assert(ds);
1099
1100 /* Implements DNSKEY verification by a DS, according to RFC 4035, section 5.2 */
1101
1102 if (dnskey->key->type != DNS_TYPE_DNSKEY)
1103 return -EINVAL;
1104 if (ds->key->type != DNS_TYPE_DS)
1105 return -EINVAL;
1106 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
1107 return -EKEYREJECTED;
1108 if (!mask_revoke && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
1109 return -EKEYREJECTED;
1110 if (dnskey->dnskey.protocol != 3)
1111 return -EKEYREJECTED;
1112
1113 if (dnskey->dnskey.algorithm != ds->ds.algorithm)
1114 return 0;
1115 if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)
1116 return 0;
1117
1118 initialize_libgcrypt(false);
1119
1120 md_algorithm = digest_to_gcrypt_md(ds->ds.digest_type);
1121 if (md_algorithm < 0)
1122 return md_algorithm;
1123
1124 hash_size = gcry_md_get_algo_dlen(md_algorithm);
1125 assert(hash_size > 0);
1126
1127 if (ds->ds.digest_size != hash_size)
1128 return 0;
1129
1130 r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof(wire_format), true);
1131 if (r < 0)
1132 return r;
1133
1134 err = gcry_md_open(&md, md_algorithm, 0);
1135 if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
1136 return -EIO;
1137
1138 gcry_md_write(md, wire_format, r);
1139 if (mask_revoke)
1140 md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
1141 else
1142 md_add_uint16(md, dnskey->dnskey.flags);
1143 md_add_uint8(md, dnskey->dnskey.protocol);
1144 md_add_uint8(md, dnskey->dnskey.algorithm);
1145 gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
1146
1147 result = gcry_md_read(md, 0);
1148 if (!result)
1149 return -EIO;
1150
1151 return memcmp(result, ds->ds.digest, ds->ds.digest_size) == 0;
1152 }
1153
1154 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
1155 DnsResourceRecord *ds;
1156 DnsAnswerFlags flags;
1157 int r;
1158
1159 assert(dnskey);
1160
1161 if (dnskey->key->type != DNS_TYPE_DNSKEY)
1162 return 0;
1163
1164 DNS_ANSWER_FOREACH_FLAGS(ds, flags, validated_ds) {
1165
1166 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
1167 continue;
1168
1169 if (ds->key->type != DNS_TYPE_DS)
1170 continue;
1171 if (ds->key->class != dnskey->key->class)
1172 continue;
1173
1174 r = dns_name_equal(dns_resource_key_name(dnskey->key), dns_resource_key_name(ds->key));
1175 if (r < 0)
1176 return r;
1177 if (r == 0)
1178 continue;
1179
1180 r = dnssec_verify_dnskey_by_ds(dnskey, ds, false);
1181 if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP))
1182 return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
1183 if (r < 0)
1184 return r;
1185 if (r > 0)
1186 return 1;
1187 }
1188
1189 return 0;
1190 }
1191
1192 static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
1193
1194 /* Translates a DNSSEC NSEC3 hash algorithm into a gcrypt digest identifier */
1195
1196 switch (algorithm) {
1197
1198 case NSEC3_ALGORITHM_SHA1:
1199 return GCRY_MD_SHA1;
1200
1201 default:
1202 return -EOPNOTSUPP;
1203 }
1204 }
1205
1206 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
1207 uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
1208 gcry_md_hd_t md = NULL;
1209 gcry_error_t err;
1210 size_t hash_size;
1211 int algorithm;
1212 void *result;
1213 unsigned k;
1214 int r;
1215
1216 assert(nsec3);
1217 assert(name);
1218 assert(ret);
1219
1220 if (nsec3->key->type != DNS_TYPE_NSEC3)
1221 return -EINVAL;
1222
1223 if (nsec3->nsec3.iterations > NSEC3_ITERATIONS_MAX)
1224 return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
1225 "Ignoring NSEC3 RR %s with excessive number of iterations.",
1226 dns_resource_record_to_string(nsec3));
1227
1228 algorithm = nsec3_hash_to_gcrypt_md(nsec3->nsec3.algorithm);
1229 if (algorithm < 0)
1230 return algorithm;
1231
1232 initialize_libgcrypt(false);
1233
1234 hash_size = gcry_md_get_algo_dlen(algorithm);
1235 assert(hash_size > 0);
1236
1237 if (nsec3->nsec3.next_hashed_name_size != hash_size)
1238 return -EINVAL;
1239
1240 r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
1241 if (r < 0)
1242 return r;
1243
1244 err = gcry_md_open(&md, algorithm, 0);
1245 if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
1246 return -EIO;
1247
1248 gcry_md_write(md, wire_format, r);
1249 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
1250
1251 result = gcry_md_read(md, 0);
1252 if (!result) {
1253 r = -EIO;
1254 goto finish;
1255 }
1256
1257 for (k = 0; k < nsec3->nsec3.iterations; k++) {
1258 uint8_t tmp[hash_size];
1259 memcpy(tmp, result, hash_size);
1260
1261 gcry_md_reset(md);
1262 gcry_md_write(md, tmp, hash_size);
1263 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
1264
1265 result = gcry_md_read(md, 0);
1266 if (!result) {
1267 r = -EIO;
1268 goto finish;
1269 }
1270 }
1271
1272 memcpy(ret, result, hash_size);
1273 r = (int) hash_size;
1274
1275 finish:
1276 gcry_md_close(md);
1277 return r;
1278 }
1279
1280 static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
1281 const char *a, *b;
1282 int r;
1283
1284 assert(rr);
1285
1286 if (rr->key->type != DNS_TYPE_NSEC3)
1287 return 0;
1288
1289 /* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
1290 if (!IN_SET(rr->nsec3.flags, 0, 1))
1291 return 0;
1292
1293 /* Ignore NSEC3 RRs whose algorithm we don't know */
1294 if (nsec3_hash_to_gcrypt_md(rr->nsec3.algorithm) < 0)
1295 return 0;
1296 /* Ignore NSEC3 RRs with an excessive number of required iterations */
1297 if (rr->nsec3.iterations > NSEC3_ITERATIONS_MAX)
1298 return 0;
1299
1300 /* Ignore NSEC3 RRs generated from wildcards. If these NSEC3 RRs weren't correctly signed we can't make this
1301 * check (since rr->n_skip_labels_source is -1), but that's OK, as we won't trust them anyway in that case. */
1302 if (!IN_SET(rr->n_skip_labels_source, 0, UINT_MAX))
1303 return 0;
1304 /* Ignore NSEC3 RRs that are located anywhere else than one label below the zone */
1305 if (!IN_SET(rr->n_skip_labels_signer, 1, UINT_MAX))
1306 return 0;
1307
1308 if (!nsec3)
1309 return 1;
1310
1311 /* If a second NSEC3 RR is specified, also check if they are from the same zone. */
1312
1313 if (nsec3 == rr) /* Shortcut */
1314 return 1;
1315
1316 if (rr->key->class != nsec3->key->class)
1317 return 0;
1318 if (rr->nsec3.algorithm != nsec3->nsec3.algorithm)
1319 return 0;
1320 if (rr->nsec3.iterations != nsec3->nsec3.iterations)
1321 return 0;
1322 if (rr->nsec3.salt_size != nsec3->nsec3.salt_size)
1323 return 0;
1324 if (memcmp_safe(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
1325 return 0;
1326
1327 a = dns_resource_key_name(rr->key);
1328 r = dns_name_parent(&a); /* strip off hash */
1329 if (r <= 0)
1330 return r;
1331
1332 b = dns_resource_key_name(nsec3->key);
1333 r = dns_name_parent(&b); /* strip off hash */
1334 if (r <= 0)
1335 return r;
1336
1337 /* Make sure both have the same parent */
1338 return dns_name_equal(a, b);
1339 }
1340
1341 static int nsec3_hashed_domain_format(const uint8_t *hashed, size_t hashed_size, const char *zone, char **ret) {
1342 _cleanup_free_ char *l = NULL;
1343 char *j;
1344
1345 assert(hashed);
1346 assert(hashed_size > 0);
1347 assert(zone);
1348 assert(ret);
1349
1350 l = base32hexmem(hashed, hashed_size, false);
1351 if (!l)
1352 return -ENOMEM;
1353
1354 j = strjoin(l, ".", zone);
1355 if (!j)
1356 return -ENOMEM;
1357
1358 *ret = j;
1359 return (int) hashed_size;
1360 }
1361
1362 static int nsec3_hashed_domain_make(DnsResourceRecord *nsec3, const char *domain, const char *zone, char **ret) {
1363 uint8_t hashed[DNSSEC_HASH_SIZE_MAX];
1364 int hashed_size;
1365
1366 assert(nsec3);
1367 assert(domain);
1368 assert(zone);
1369 assert(ret);
1370
1371 hashed_size = dnssec_nsec3_hash(nsec3, domain, hashed);
1372 if (hashed_size < 0)
1373 return hashed_size;
1374
1375 return nsec3_hashed_domain_format(hashed, (size_t) hashed_size, zone, ret);
1376 }
1377
1378 /* See RFC 5155, Section 8
1379 * First try to find a NSEC3 record that matches our query precisely, if that fails, find the closest
1380 * enclosure. Secondly, find a proof that there is no closer enclosure and either a proof that there
1381 * is no wildcard domain as a direct descendant of the closest enclosure, or find an NSEC3 record that
1382 * matches the wildcard domain.
1383 *
1384 * Based on this we can prove either the existence of the record in @key, or NXDOMAIN or NODATA, or
1385 * that there is no proof either way. The latter is the case if a proof of non-existence of a given
1386 * name uses an NSEC3 record with the opt-out bit set. Lastly, if we are given insufficient NSEC3 records
1387 * to conclude anything we indicate this by returning NO_RR. */
1388 static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
1389 _cleanup_free_ char *next_closer_domain = NULL, *wildcard_domain = NULL;
1390 const char *zone, *p, *pp = NULL, *wildcard;
1391 DnsResourceRecord *rr, *enclosure_rr, *zone_rr, *wildcard_rr = NULL;
1392 DnsAnswerFlags flags;
1393 int hashed_size, r;
1394 bool a, no_closer = false, no_wildcard = false, optout = false;
1395
1396 assert(key);
1397 assert(result);
1398
1399 /* First step, find the zone name and the NSEC3 parameters of the zone.
1400 * it is sufficient to look for the longest common suffix we find with
1401 * any NSEC3 RR in the response. Any NSEC3 record will do as all NSEC3
1402 * records from a given zone in a response must use the same
1403 * parameters. */
1404 zone = dns_resource_key_name(key);
1405 for (;;) {
1406 DNS_ANSWER_FOREACH_FLAGS(zone_rr, flags, answer) {
1407 r = nsec3_is_good(zone_rr, NULL);
1408 if (r < 0)
1409 return r;
1410 if (r == 0)
1411 continue;
1412
1413 r = dns_name_equal_skip(dns_resource_key_name(zone_rr->key), 1, zone);
1414 if (r < 0)
1415 return r;
1416 if (r > 0)
1417 goto found_zone;
1418 }
1419
1420 /* Strip one label from the front */
1421 r = dns_name_parent(&zone);
1422 if (r < 0)
1423 return r;
1424 if (r == 0)
1425 break;
1426 }
1427
1428 *result = DNSSEC_NSEC_NO_RR;
1429 return 0;
1430
1431 found_zone:
1432 /* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */
1433 p = dns_resource_key_name(key);
1434 for (;;) {
1435 _cleanup_free_ char *hashed_domain = NULL;
1436
1437 hashed_size = nsec3_hashed_domain_make(zone_rr, p, zone, &hashed_domain);
1438 if (hashed_size == -EOPNOTSUPP) {
1439 *result = DNSSEC_NSEC_UNSUPPORTED_ALGORITHM;
1440 return 0;
1441 }
1442 if (hashed_size < 0)
1443 return hashed_size;
1444
1445 DNS_ANSWER_FOREACH_FLAGS(enclosure_rr, flags, answer) {
1446
1447 r = nsec3_is_good(enclosure_rr, zone_rr);
1448 if (r < 0)
1449 return r;
1450 if (r == 0)
1451 continue;
1452
1453 if (enclosure_rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
1454 continue;
1455
1456 r = dns_name_equal(dns_resource_key_name(enclosure_rr->key), hashed_domain);
1457 if (r < 0)
1458 return r;
1459 if (r > 0) {
1460 a = flags & DNS_ANSWER_AUTHENTICATED;
1461 goto found_closest_encloser;
1462 }
1463 }
1464
1465 /* We didn't find the closest encloser with this name,
1466 * but let's remember this domain name, it might be
1467 * the next closer name */
1468
1469 pp = p;
1470
1471 /* Strip one label from the front */
1472 r = dns_name_parent(&p);
1473 if (r < 0)
1474 return r;
1475 if (r == 0)
1476 break;
1477 }
1478
1479 *result = DNSSEC_NSEC_NO_RR;
1480 return 0;
1481
1482 found_closest_encloser:
1483 /* We found a closest encloser in 'p'; next closer is 'pp' */
1484
1485 if (!pp) {
1486 /* We have an exact match! If we area looking for a DS RR, then we must insist that we got the NSEC3 RR
1487 * from the parent. Otherwise the one from the child. Do so, by checking whether SOA and NS are
1488 * appropriately set. */
1489
1490 if (key->type == DNS_TYPE_DS) {
1491 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1492 return -EBADMSG;
1493 } else {
1494 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
1495 !bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1496 return -EBADMSG;
1497 }
1498
1499 /* No next closer NSEC3 RR. That means there's a direct NSEC3 RR for our key. */
1500 if (bitmap_isset(enclosure_rr->nsec3.types, key->type))
1501 *result = DNSSEC_NSEC_FOUND;
1502 else if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_CNAME))
1503 *result = DNSSEC_NSEC_CNAME;
1504 else
1505 *result = DNSSEC_NSEC_NODATA;
1506
1507 if (authenticated)
1508 *authenticated = a;
1509 if (ttl)
1510 *ttl = enclosure_rr->ttl;
1511
1512 return 0;
1513 }
1514
1515 /* Ensure this is not a DNAME domain, see RFC5155, section 8.3. */
1516 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_DNAME))
1517 return -EBADMSG;
1518
1519 /* Ensure that this data is from the delegated domain
1520 * (i.e. originates from the "lower" DNS server), and isn't
1521 * just glue records (i.e. doesn't originate from the "upper"
1522 * DNS server). */
1523 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
1524 !bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1525 return -EBADMSG;
1526
1527 /* Prove that there is no next closer and whether or not there is a wildcard domain. */
1528
1529 wildcard = strjoina("*.", p);
1530 r = nsec3_hashed_domain_make(enclosure_rr, wildcard, zone, &wildcard_domain);
1531 if (r < 0)
1532 return r;
1533 if (r != hashed_size)
1534 return -EBADMSG;
1535
1536 r = nsec3_hashed_domain_make(enclosure_rr, pp, zone, &next_closer_domain);
1537 if (r < 0)
1538 return r;
1539 if (r != hashed_size)
1540 return -EBADMSG;
1541
1542 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1543 _cleanup_free_ char *next_hashed_domain = NULL;
1544
1545 r = nsec3_is_good(rr, zone_rr);
1546 if (r < 0)
1547 return r;
1548 if (r == 0)
1549 continue;
1550
1551 r = nsec3_hashed_domain_format(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, zone, &next_hashed_domain);
1552 if (r < 0)
1553 return r;
1554
1555 r = dns_name_between(dns_resource_key_name(rr->key), next_closer_domain, next_hashed_domain);
1556 if (r < 0)
1557 return r;
1558 if (r > 0) {
1559 if (rr->nsec3.flags & 1)
1560 optout = true;
1561
1562 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1563
1564 no_closer = true;
1565 }
1566
1567 r = dns_name_equal(dns_resource_key_name(rr->key), wildcard_domain);
1568 if (r < 0)
1569 return r;
1570 if (r > 0) {
1571 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1572
1573 wildcard_rr = rr;
1574 }
1575
1576 r = dns_name_between(dns_resource_key_name(rr->key), wildcard_domain, next_hashed_domain);
1577 if (r < 0)
1578 return r;
1579 if (r > 0) {
1580 if (rr->nsec3.flags & 1)
1581 /* This only makes sense if we have a wildcard delegation, which is
1582 * very unlikely, see RFC 4592, Section 4.2, but we cannot rely on
1583 * this not happening, so hence cannot simply conclude NXDOMAIN as
1584 * we would wish */
1585 optout = true;
1586
1587 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1588
1589 no_wildcard = true;
1590 }
1591 }
1592
1593 if (wildcard_rr && no_wildcard)
1594 return -EBADMSG;
1595
1596 if (!no_closer) {
1597 *result = DNSSEC_NSEC_NO_RR;
1598 return 0;
1599 }
1600
1601 if (wildcard_rr) {
1602 /* A wildcard exists that matches our query. */
1603 if (optout)
1604 /* This is not specified in any RFC to the best of my knowledge, but
1605 * if the next closer enclosure is covered by an opt-out NSEC3 RR
1606 * it means that we cannot prove that the source of synthesis is
1607 * correct, as there may be a closer match. */
1608 *result = DNSSEC_NSEC_OPTOUT;
1609 else if (bitmap_isset(wildcard_rr->nsec3.types, key->type))
1610 *result = DNSSEC_NSEC_FOUND;
1611 else if (bitmap_isset(wildcard_rr->nsec3.types, DNS_TYPE_CNAME))
1612 *result = DNSSEC_NSEC_CNAME;
1613 else
1614 *result = DNSSEC_NSEC_NODATA;
1615 } else {
1616 if (optout)
1617 /* The RFC only specifies that we have to care for optout for NODATA for
1618 * DS records. However, children of an insecure opt-out delegation should
1619 * also be considered opt-out, rather than verified NXDOMAIN.
1620 * Note that we do not require a proof of wildcard non-existence if the
1621 * next closer domain is covered by an opt-out, as that would not provide
1622 * any additional information. */
1623 *result = DNSSEC_NSEC_OPTOUT;
1624 else if (no_wildcard)
1625 *result = DNSSEC_NSEC_NXDOMAIN;
1626 else {
1627 *result = DNSSEC_NSEC_NO_RR;
1628
1629 return 0;
1630 }
1631 }
1632
1633 if (authenticated)
1634 *authenticated = a;
1635
1636 if (ttl)
1637 *ttl = enclosure_rr->ttl;
1638
1639 return 0;
1640 }
1641
1642 static int dnssec_nsec_wildcard_equal(DnsResourceRecord *rr, const char *name) {
1643 char label[DNS_LABEL_MAX];
1644 const char *n;
1645 int r;
1646
1647 assert(rr);
1648 assert(rr->key->type == DNS_TYPE_NSEC);
1649
1650 /* Checks whether the specified RR has a name beginning in "*.", and if the rest is a suffix of our name */
1651
1652 if (rr->n_skip_labels_source != 1)
1653 return 0;
1654
1655 n = dns_resource_key_name(rr->key);
1656 r = dns_label_unescape(&n, label, sizeof label, 0);
1657 if (r <= 0)
1658 return r;
1659 if (r != 1 || label[0] != '*')
1660 return 0;
1661
1662 return dns_name_endswith(name, n);
1663 }
1664
1665 static int dnssec_nsec_in_path(DnsResourceRecord *rr, const char *name) {
1666 const char *nn, *common_suffix;
1667 int r;
1668
1669 assert(rr);
1670 assert(rr->key->type == DNS_TYPE_NSEC);
1671
1672 /* Checks whether the specified nsec RR indicates that name is an empty non-terminal (ENT)
1673 *
1674 * A couple of examples:
1675 *
1676 * NSEC bar → waldo.foo.bar: indicates that foo.bar exists and is an ENT
1677 * NSEC waldo.foo.bar → yyy.zzz.xoo.bar: indicates that xoo.bar and zzz.xoo.bar exist and are ENTs
1678 * NSEC yyy.zzz.xoo.bar → bar: indicates pretty much nothing about ENTs
1679 */
1680
1681 /* First, determine parent of next domain. */
1682 nn = rr->nsec.next_domain_name;
1683 r = dns_name_parent(&nn);
1684 if (r <= 0)
1685 return r;
1686
1687 /* If the name we just determined is not equal or child of the name we are interested in, then we can't say
1688 * anything at all. */
1689 r = dns_name_endswith(nn, name);
1690 if (r <= 0)
1691 return r;
1692
1693 /* If the name we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */
1694 r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
1695 if (r < 0)
1696 return r;
1697
1698 return dns_name_endswith(name, common_suffix);
1699 }
1700
1701 static int dnssec_nsec_from_parent_zone(DnsResourceRecord *rr, const char *name) {
1702 int r;
1703
1704 assert(rr);
1705 assert(rr->key->type == DNS_TYPE_NSEC);
1706
1707 /* Checks whether this NSEC originates to the parent zone or the child zone. */
1708
1709 r = dns_name_parent(&name);
1710 if (r <= 0)
1711 return r;
1712
1713 r = dns_name_equal(name, dns_resource_key_name(rr->key));
1714 if (r <= 0)
1715 return r;
1716
1717 /* DNAME, and NS without SOA is an indication for a delegation. */
1718 if (bitmap_isset(rr->nsec.types, DNS_TYPE_DNAME))
1719 return 1;
1720
1721 if (bitmap_isset(rr->nsec.types, DNS_TYPE_NS) && !bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1722 return 1;
1723
1724 return 0;
1725 }
1726
1727 static int dnssec_nsec_covers(DnsResourceRecord *rr, const char *name) {
1728 const char *signer;
1729 int r;
1730
1731 assert(rr);
1732 assert(rr->key->type == DNS_TYPE_NSEC);
1733
1734 /* Checks whether the name is covered by this NSEC RR. This means, that the name is somewhere below the NSEC's
1735 * signer name, and between the NSEC's two names. */
1736
1737 r = dns_resource_record_signer(rr, &signer);
1738 if (r < 0)
1739 return r;
1740
1741 r = dns_name_endswith(name, signer); /* this NSEC isn't suitable the name is not in the signer's domain */
1742 if (r <= 0)
1743 return r;
1744
1745 return dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
1746 }
1747
1748 static int dnssec_nsec_generate_wildcard(DnsResourceRecord *rr, const char *name, char **wc) {
1749 const char *common_suffix1, *common_suffix2, *signer;
1750 int r, labels1, labels2;
1751
1752 assert(rr);
1753 assert(rr->key->type == DNS_TYPE_NSEC);
1754
1755 /* Generates "Wildcard at the Closest Encloser" for the given name and NSEC RR. */
1756
1757 r = dns_resource_record_signer(rr, &signer);
1758 if (r < 0)
1759 return r;
1760
1761 r = dns_name_endswith(name, signer); /* this NSEC isn't suitable the name is not in the signer's domain */
1762 if (r <= 0)
1763 return r;
1764
1765 r = dns_name_common_suffix(name, dns_resource_key_name(rr->key), &common_suffix1);
1766 if (r < 0)
1767 return r;
1768
1769 r = dns_name_common_suffix(name, rr->nsec.next_domain_name, &common_suffix2);
1770 if (r < 0)
1771 return r;
1772
1773 labels1 = dns_name_count_labels(common_suffix1);
1774 if (labels1 < 0)
1775 return labels1;
1776
1777 labels2 = dns_name_count_labels(common_suffix2);
1778 if (labels2 < 0)
1779 return labels2;
1780
1781 if (labels1 > labels2)
1782 r = dns_name_concat("*", common_suffix1, 0, wc);
1783 else
1784 r = dns_name_concat("*", common_suffix2, 0, wc);
1785
1786 if (r < 0)
1787 return r;
1788
1789 return 0;
1790 }
1791
1792 int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
1793 bool have_nsec3 = false, covering_rr_authenticated = false, wildcard_rr_authenticated = false;
1794 DnsResourceRecord *rr, *covering_rr = NULL, *wildcard_rr = NULL;
1795 DnsAnswerFlags flags;
1796 const char *name;
1797 int r;
1798
1799 assert(key);
1800 assert(result);
1801
1802 /* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
1803
1804 name = dns_resource_key_name(key);
1805
1806 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1807
1808 if (rr->key->class != key->class)
1809 continue;
1810
1811 have_nsec3 = have_nsec3 || (rr->key->type == DNS_TYPE_NSEC3);
1812
1813 if (rr->key->type != DNS_TYPE_NSEC)
1814 continue;
1815
1816 /* The following checks only make sense for NSEC RRs that are not expanded from a wildcard */
1817 r = dns_resource_record_is_synthetic(rr);
1818 if (r == -ENODATA) /* No signing RR known. */
1819 continue;
1820 if (r < 0)
1821 return r;
1822 if (r > 0)
1823 continue;
1824
1825 /* Check if this is a direct match. If so, we have encountered a NODATA case */
1826 r = dns_name_equal(dns_resource_key_name(rr->key), name);
1827 if (r < 0)
1828 return r;
1829 if (r == 0) {
1830 /* If it's not a direct match, maybe it's a wild card match? */
1831 r = dnssec_nsec_wildcard_equal(rr, name);
1832 if (r < 0)
1833 return r;
1834 }
1835 if (r > 0) {
1836 if (key->type == DNS_TYPE_DS) {
1837 /* If we look for a DS RR and the server sent us the NSEC RR of the child zone
1838 * we have a problem. For DS RRs we want the NSEC RR from the parent */
1839 if (bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1840 continue;
1841 } else {
1842 /* For all RR types, ensure that if NS is set SOA is set too, so that we know
1843 * we got the child's NSEC. */
1844 if (bitmap_isset(rr->nsec.types, DNS_TYPE_NS) &&
1845 !bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1846 continue;
1847 }
1848
1849 if (bitmap_isset(rr->nsec.types, key->type))
1850 *result = DNSSEC_NSEC_FOUND;
1851 else if (bitmap_isset(rr->nsec.types, DNS_TYPE_CNAME))
1852 *result = DNSSEC_NSEC_CNAME;
1853 else
1854 *result = DNSSEC_NSEC_NODATA;
1855
1856 if (authenticated)
1857 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1858 if (ttl)
1859 *ttl = rr->ttl;
1860
1861 return 0;
1862 }
1863
1864 /* Check if the name we are looking for is an empty non-terminal within the owner or next name
1865 * of the NSEC RR. */
1866 r = dnssec_nsec_in_path(rr, name);
1867 if (r < 0)
1868 return r;
1869 if (r > 0) {
1870 *result = DNSSEC_NSEC_NODATA;
1871
1872 if (authenticated)
1873 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1874 if (ttl)
1875 *ttl = rr->ttl;
1876
1877 return 0;
1878 }
1879
1880 /* The following two "covering" checks, are not useful if the NSEC is from the parent */
1881 r = dnssec_nsec_from_parent_zone(rr, name);
1882 if (r < 0)
1883 return r;
1884 if (r > 0)
1885 continue;
1886
1887 /* Check if this NSEC RR proves the absence of an explicit RR under this name */
1888 r = dnssec_nsec_covers(rr, name);
1889 if (r < 0)
1890 return r;
1891 if (r > 0 && (!covering_rr || !covering_rr_authenticated)) {
1892 covering_rr = rr;
1893 covering_rr_authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1894 }
1895 }
1896
1897 if (covering_rr) {
1898 _cleanup_free_ char *wc = NULL;
1899 r = dnssec_nsec_generate_wildcard(covering_rr, name, &wc);
1900 if (r < 0)
1901 return r;
1902
1903 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1904
1905 if (rr->key->class != key->class)
1906 continue;
1907
1908 if (rr->key->type != DNS_TYPE_NSEC)
1909 continue;
1910
1911 /* Check if this NSEC RR proves the nonexistence of the wildcard */
1912 r = dnssec_nsec_covers(rr, wc);
1913 if (r < 0)
1914 return r;
1915 if (r > 0 && (!wildcard_rr || !wildcard_rr_authenticated)) {
1916 wildcard_rr = rr;
1917 wildcard_rr_authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1918 }
1919 }
1920 }
1921
1922 if (covering_rr && wildcard_rr) {
1923 /* If we could prove that neither the name itself, nor the wildcard at the closest encloser exists, we
1924 * proved the NXDOMAIN case. */
1925 *result = DNSSEC_NSEC_NXDOMAIN;
1926
1927 if (authenticated)
1928 *authenticated = covering_rr_authenticated && wildcard_rr_authenticated;
1929 if (ttl)
1930 *ttl = MIN(covering_rr->ttl, wildcard_rr->ttl);
1931
1932 return 0;
1933 }
1934
1935 /* OK, this was not sufficient. Let's see if NSEC3 can help. */
1936 if (have_nsec3)
1937 return dnssec_test_nsec3(answer, key, result, authenticated, ttl);
1938
1939 /* No appropriate NSEC RR found, report this. */
1940 *result = DNSSEC_NSEC_NO_RR;
1941 return 0;
1942 }
1943
1944 static int dnssec_nsec_test_enclosed(DnsAnswer *answer, uint16_t type, const char *name, const char *zone, bool *authenticated) {
1945 DnsResourceRecord *rr;
1946 DnsAnswerFlags flags;
1947 int r;
1948
1949 assert(name);
1950 assert(zone);
1951
1952 /* Checks whether there's an NSEC/NSEC3 that proves that the specified 'name' is non-existing in the specified
1953 * 'zone'. The 'zone' must be a suffix of the 'name'. */
1954
1955 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1956 bool found = false;
1957
1958 if (rr->key->type != type && type != DNS_TYPE_ANY)
1959 continue;
1960
1961 switch (rr->key->type) {
1962
1963 case DNS_TYPE_NSEC:
1964
1965 /* We only care for NSEC RRs from the indicated zone */
1966 r = dns_resource_record_is_signer(rr, zone);
1967 if (r < 0)
1968 return r;
1969 if (r == 0)
1970 continue;
1971
1972 r = dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
1973 if (r < 0)
1974 return r;
1975
1976 found = r > 0;
1977 break;
1978
1979 case DNS_TYPE_NSEC3: {
1980 _cleanup_free_ char *hashed_domain = NULL, *next_hashed_domain = NULL;
1981
1982 /* We only care for NSEC3 RRs from the indicated zone */
1983 r = dns_resource_record_is_signer(rr, zone);
1984 if (r < 0)
1985 return r;
1986 if (r == 0)
1987 continue;
1988
1989 r = nsec3_is_good(rr, NULL);
1990 if (r < 0)
1991 return r;
1992 if (r == 0)
1993 break;
1994
1995 /* Format the domain we are testing with the NSEC3 RR's hash function */
1996 r = nsec3_hashed_domain_make(
1997 rr,
1998 name,
1999 zone,
2000 &hashed_domain);
2001 if (r < 0)
2002 return r;
2003 if ((size_t) r != rr->nsec3.next_hashed_name_size)
2004 break;
2005
2006 /* Format the NSEC3's next hashed name as proper domain name */
2007 r = nsec3_hashed_domain_format(
2008 rr->nsec3.next_hashed_name,
2009 rr->nsec3.next_hashed_name_size,
2010 zone,
2011 &next_hashed_domain);
2012 if (r < 0)
2013 return r;
2014
2015 r = dns_name_between(dns_resource_key_name(rr->key), hashed_domain, next_hashed_domain);
2016 if (r < 0)
2017 return r;
2018
2019 found = r > 0;
2020 break;
2021 }
2022
2023 default:
2024 continue;
2025 }
2026
2027 if (found) {
2028 if (authenticated)
2029 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
2030 return 1;
2031 }
2032 }
2033
2034 return 0;
2035 }
2036
2037 static int dnssec_test_positive_wildcard_nsec3(
2038 DnsAnswer *answer,
2039 const char *name,
2040 const char *source,
2041 const char *zone,
2042 bool *authenticated) {
2043
2044 const char *next_closer = NULL;
2045 int r;
2046
2047 /* Run a positive NSEC3 wildcard proof. Specifically:
2048 *
2049 * A proof that the "next closer" of the generating wildcard does not exist.
2050 *
2051 * Note a key difference between the NSEC3 and NSEC versions of the proof. NSEC RRs don't have to exist for
2052 * empty non-transients. NSEC3 RRs however have to. This means it's sufficient to check if the next closer name
2053 * exists for the NSEC3 RR and we are done.
2054 *
2055 * To prove that a.b.c.d.e.f is rightfully synthesized from a wildcard *.d.e.f all we have to check is that
2056 * c.d.e.f does not exist. */
2057
2058 for (;;) {
2059 next_closer = name;
2060 r = dns_name_parent(&name);
2061 if (r <= 0)
2062 return r;
2063
2064 r = dns_name_equal(name, source);
2065 if (r < 0)
2066 return r;
2067 if (r > 0)
2068 break;
2069 }
2070
2071 return dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC3, next_closer, zone, authenticated);
2072 }
2073
2074 static int dnssec_test_positive_wildcard_nsec(
2075 DnsAnswer *answer,
2076 const char *name,
2077 const char *source,
2078 const char *zone,
2079 bool *_authenticated) {
2080
2081 bool authenticated = true;
2082 int r;
2083
2084 /* Run a positive NSEC wildcard proof. Specifically:
2085 *
2086 * A proof that there's neither a wildcard name nor a non-wildcard name that is a suffix of the name "name" and
2087 * a prefix of the synthesizing source "source" in the zone "zone".
2088 *
2089 * See RFC 5155, Section 8.8 and RFC 4035, Section 5.3.4
2090 *
2091 * Note that if we want to prove that a.b.c.d.e.f is rightfully synthesized from a wildcard *.d.e.f, then we
2092 * have to prove that none of the following exist:
2093 *
2094 * 1) a.b.c.d.e.f
2095 * 2) *.b.c.d.e.f
2096 * 3) b.c.d.e.f
2097 * 4) *.c.d.e.f
2098 * 5) c.d.e.f
2099 */
2100
2101 for (;;) {
2102 _cleanup_free_ char *wc = NULL;
2103 bool a = false;
2104
2105 /* Check if there's an NSEC or NSEC3 RR that proves that the mame we determined is really non-existing,
2106 * i.e between the owner name and the next name of an NSEC RR. */
2107 r = dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC, name, zone, &a);
2108 if (r <= 0)
2109 return r;
2110
2111 authenticated = authenticated && a;
2112
2113 /* Strip one label off */
2114 r = dns_name_parent(&name);
2115 if (r <= 0)
2116 return r;
2117
2118 /* Did we reach the source of synthesis? */
2119 r = dns_name_equal(name, source);
2120 if (r < 0)
2121 return r;
2122 if (r > 0) {
2123 /* Successful exit */
2124 *_authenticated = authenticated;
2125 return 1;
2126 }
2127
2128 /* Safety check, that the source of synthesis is still our suffix */
2129 r = dns_name_endswith(name, source);
2130 if (r < 0)
2131 return r;
2132 if (r == 0)
2133 return -EBADMSG;
2134
2135 /* Replace the label we stripped off with an asterisk */
2136 wc = strjoin("*.", name);
2137 if (!wc)
2138 return -ENOMEM;
2139
2140 /* And check if the proof holds for the asterisk name, too */
2141 r = dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC, wc, zone, &a);
2142 if (r <= 0)
2143 return r;
2144
2145 authenticated = authenticated && a;
2146 /* In the next iteration we'll check the non-asterisk-prefixed version */
2147 }
2148 }
2149
2150 int dnssec_test_positive_wildcard(
2151 DnsAnswer *answer,
2152 const char *name,
2153 const char *source,
2154 const char *zone,
2155 bool *authenticated) {
2156
2157 int r;
2158
2159 assert(name);
2160 assert(source);
2161 assert(zone);
2162 assert(authenticated);
2163
2164 r = dns_answer_contains_zone_nsec3(answer, zone);
2165 if (r < 0)
2166 return r;
2167 if (r > 0)
2168 return dnssec_test_positive_wildcard_nsec3(answer, name, source, zone, authenticated);
2169 else
2170 return dnssec_test_positive_wildcard_nsec(answer, name, source, zone, authenticated);
2171 }
2172
2173 #else
2174
2175 int dnssec_verify_rrset(
2176 DnsAnswer *a,
2177 const DnsResourceKey *key,
2178 DnsResourceRecord *rrsig,
2179 DnsResourceRecord *dnskey,
2180 usec_t realtime,
2181 DnssecResult *result) {
2182
2183 return -EOPNOTSUPP;
2184 }
2185
2186 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
2187
2188 return -EOPNOTSUPP;
2189 }
2190
2191 int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
2192
2193 return -EOPNOTSUPP;
2194 }
2195
2196 int dnssec_verify_rrset_search(
2197 DnsAnswer *a,
2198 const DnsResourceKey *key,
2199 DnsAnswer *validated_dnskeys,
2200 usec_t realtime,
2201 DnssecResult *result,
2202 DnsResourceRecord **ret_rrsig) {
2203
2204 return -EOPNOTSUPP;
2205 }
2206
2207 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
2208
2209 return -EOPNOTSUPP;
2210 }
2211
2212 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
2213
2214 return -EOPNOTSUPP;
2215 }
2216
2217 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
2218
2219 return -EOPNOTSUPP;
2220 }
2221
2222 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
2223
2224 return -EOPNOTSUPP;
2225 }
2226
2227 int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
2228
2229 return -EOPNOTSUPP;
2230 }
2231
2232 int dnssec_test_positive_wildcard(
2233 DnsAnswer *answer,
2234 const char *name,
2235 const char *source,
2236 const char *zone,
2237 bool *authenticated) {
2238
2239 return -EOPNOTSUPP;
2240 }
2241
2242 #endif
2243
2244 static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
2245 [DNSSEC_VALIDATED] = "validated",
2246 [DNSSEC_VALIDATED_WILDCARD] = "validated-wildcard",
2247 [DNSSEC_INVALID] = "invalid",
2248 [DNSSEC_SIGNATURE_EXPIRED] = "signature-expired",
2249 [DNSSEC_UNSUPPORTED_ALGORITHM] = "unsupported-algorithm",
2250 [DNSSEC_NO_SIGNATURE] = "no-signature",
2251 [DNSSEC_MISSING_KEY] = "missing-key",
2252 [DNSSEC_UNSIGNED] = "unsigned",
2253 [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
2254 [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
2255 [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server",
2256 };
2257 DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
2258
2259 static const char* const dnssec_verdict_table[_DNSSEC_VERDICT_MAX] = {
2260 [DNSSEC_SECURE] = "secure",
2261 [DNSSEC_INSECURE] = "insecure",
2262 [DNSSEC_BOGUS] = "bogus",
2263 [DNSSEC_INDETERMINATE] = "indeterminate",
2264 };
2265 DEFINE_STRING_TABLE_LOOKUP(dnssec_verdict, DnssecVerdict);
Unnamed repository; edit this file 'description' to name the repository.