]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #18863 from keszybz/cmdline-escaping
[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "alloc-util.h"
4 #include "dns-domain.h"
5 #include "fd-util.h"
6 #include "fileio.h"
7 #include "gcrypt-util.h"
8 #include "hexdecoct.h"
9 #include "memory-util.h"
10 #include "resolved-dns-dnssec.h"
11 #include "resolved-dns-packet.h"
12 #include "sort-util.h"
13 #include "string-table.h"
14
15 #define VERIFY_RRS_MAX 256
16 #define MAX_KEY_SIZE (32*1024)
17
18 /* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
19 #define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
20
21 /* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value */
22 #define NSEC3_ITERATIONS_MAX 2500
23
24 /*
25 * The DNSSEC Chain of trust:
26 *
27 * Normal RRs are protected via RRSIG RRs in combination with DNSKEY RRs, all in the same zone
28 * DNSKEY RRs are either protected like normal RRs, or via a DS from a zone "higher" up the tree
29 * DS RRs are protected like normal RRs
30 *
31 * Example chain:
32 * Normal RR → RRSIG/DNSKEY+ → DS → RRSIG/DNSKEY+ → DS → ... → DS → RRSIG/DNSKEY+ → DS
33 */
34
35 uint16_t dnssec_keytag(DnsResourceRecord *dnskey, bool mask_revoke) {
36 const uint8_t *p;
37 uint32_t sum, f;
38 size_t i;
39
40 /* The algorithm from RFC 4034, Appendix B. */
41
42 assert(dnskey);
43 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
44
45 f = (uint32_t) dnskey->dnskey.flags;
46
47 if (mask_revoke)
48 f &= ~DNSKEY_FLAG_REVOKE;
49
50 sum = f + ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);
51
52 p = dnskey->dnskey.key;
53
54 for (i = 0; i < dnskey->dnskey.key_size; i++)
55 sum += (i & 1) == 0 ? (uint32_t) p[i] << 8 : (uint32_t) p[i];
56
57 sum += (sum >> 16) & UINT32_C(0xFFFF);
58
59 return sum & UINT32_C(0xFFFF);
60 }
61
62 #if HAVE_GCRYPT
63
64 static int rr_compare(DnsResourceRecord * const *a, DnsResourceRecord * const *b) {
65 const DnsResourceRecord *x = *a, *y = *b;
66 size_t m;
67 int r;
68
69 /* Let's order the RRs according to RFC 4034, Section 6.3 */
70
71 assert(x);
72 assert(x->wire_format);
73 assert(y);
74 assert(y->wire_format);
75
76 m = MIN(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
77
78 r = memcmp(DNS_RESOURCE_RECORD_RDATA(x), DNS_RESOURCE_RECORD_RDATA(y), m);
79 if (r != 0)
80 return r;
81
82 return CMP(DNS_RESOURCE_RECORD_RDATA_SIZE(x), DNS_RESOURCE_RECORD_RDATA_SIZE(y));
83 }
84
85 static int dnssec_rsa_verify_raw(
86 const char *hash_algorithm,
87 const void *signature, size_t signature_size,
88 const void *data, size_t data_size,
89 const void *exponent, size_t exponent_size,
90 const void *modulus, size_t modulus_size) {
91
92 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
93 gcry_mpi_t n = NULL, e = NULL, s = NULL;
94 gcry_error_t ge;
95 int r;
96
97 assert(hash_algorithm);
98
99 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature, signature_size, NULL);
100 if (ge != 0) {
101 r = -EIO;
102 goto finish;
103 }
104
105 ge = gcry_mpi_scan(&e, GCRYMPI_FMT_USG, exponent, exponent_size, NULL);
106 if (ge != 0) {
107 r = -EIO;
108 goto finish;
109 }
110
111 ge = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, modulus, modulus_size, NULL);
112 if (ge != 0) {
113 r = -EIO;
114 goto finish;
115 }
116
117 ge = gcry_sexp_build(&signature_sexp,
118 NULL,
119 "(sig-val (rsa (s %m)))",
120 s);
121
122 if (ge != 0) {
123 r = -EIO;
124 goto finish;
125 }
126
127 ge = gcry_sexp_build(&data_sexp,
128 NULL,
129 "(data (flags pkcs1) (hash %s %b))",
130 hash_algorithm,
131 (int) data_size,
132 data);
133 if (ge != 0) {
134 r = -EIO;
135 goto finish;
136 }
137
138 ge = gcry_sexp_build(&public_key_sexp,
139 NULL,
140 "(public-key (rsa (n %m) (e %m)))",
141 n,
142 e);
143 if (ge != 0) {
144 r = -EIO;
145 goto finish;
146 }
147
148 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
149 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
150 r = 0;
151 else if (ge != 0) {
152 log_debug("RSA signature check failed: %s", gpg_strerror(ge));
153 r = -EIO;
154 } else
155 r = 1;
156
157 finish:
158 if (e)
159 gcry_mpi_release(e);
160 if (n)
161 gcry_mpi_release(n);
162 if (s)
163 gcry_mpi_release(s);
164
165 if (public_key_sexp)
166 gcry_sexp_release(public_key_sexp);
167 if (signature_sexp)
168 gcry_sexp_release(signature_sexp);
169 if (data_sexp)
170 gcry_sexp_release(data_sexp);
171
172 return r;
173 }
174
175 static int dnssec_rsa_verify(
176 const char *hash_algorithm,
177 const void *hash, size_t hash_size,
178 DnsResourceRecord *rrsig,
179 DnsResourceRecord *dnskey) {
180
181 size_t exponent_size, modulus_size;
182 void *exponent, *modulus;
183
184 assert(hash_algorithm);
185 assert(hash);
186 assert(hash_size > 0);
187 assert(rrsig);
188 assert(dnskey);
189
190 if (*(uint8_t*) dnskey->dnskey.key == 0) {
191 /* exponent is > 255 bytes long */
192
193 exponent = (uint8_t*) dnskey->dnskey.key + 3;
194 exponent_size =
195 ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |
196 ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);
197
198 if (exponent_size < 256)
199 return -EINVAL;
200
201 if (3 + exponent_size >= dnskey->dnskey.key_size)
202 return -EINVAL;
203
204 modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;
205 modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;
206
207 } else {
208 /* exponent is <= 255 bytes long */
209
210 exponent = (uint8_t*) dnskey->dnskey.key + 1;
211 exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];
212
213 if (exponent_size <= 0)
214 return -EINVAL;
215
216 if (1 + exponent_size >= dnskey->dnskey.key_size)
217 return -EINVAL;
218
219 modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;
220 modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;
221 }
222
223 return dnssec_rsa_verify_raw(
224 hash_algorithm,
225 rrsig->rrsig.signature, rrsig->rrsig.signature_size,
226 hash, hash_size,
227 exponent, exponent_size,
228 modulus, modulus_size);
229 }
230
231 static int dnssec_ecdsa_verify_raw(
232 const char *hash_algorithm,
233 const char *curve,
234 const void *signature_r, size_t signature_r_size,
235 const void *signature_s, size_t signature_s_size,
236 const void *data, size_t data_size,
237 const void *key, size_t key_size) {
238
239 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
240 gcry_mpi_t q = NULL, r = NULL, s = NULL;
241 gcry_error_t ge;
242 int k;
243
244 assert(hash_algorithm);
245
246 ge = gcry_mpi_scan(&r, GCRYMPI_FMT_USG, signature_r, signature_r_size, NULL);
247 if (ge != 0) {
248 k = -EIO;
249 goto finish;
250 }
251
252 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature_s, signature_s_size, NULL);
253 if (ge != 0) {
254 k = -EIO;
255 goto finish;
256 }
257
258 ge = gcry_mpi_scan(&q, GCRYMPI_FMT_USG, key, key_size, NULL);
259 if (ge != 0) {
260 k = -EIO;
261 goto finish;
262 }
263
264 ge = gcry_sexp_build(&signature_sexp,
265 NULL,
266 "(sig-val (ecdsa (r %m) (s %m)))",
267 r,
268 s);
269 if (ge != 0) {
270 k = -EIO;
271 goto finish;
272 }
273
274 ge = gcry_sexp_build(&data_sexp,
275 NULL,
276 "(data (flags rfc6979) (hash %s %b))",
277 hash_algorithm,
278 (int) data_size,
279 data);
280 if (ge != 0) {
281 k = -EIO;
282 goto finish;
283 }
284
285 ge = gcry_sexp_build(&public_key_sexp,
286 NULL,
287 "(public-key (ecc (curve %s) (q %m)))",
288 curve,
289 q);
290 if (ge != 0) {
291 k = -EIO;
292 goto finish;
293 }
294
295 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
296 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
297 k = 0;
298 else if (ge != 0) {
299 log_debug("ECDSA signature check failed: %s", gpg_strerror(ge));
300 k = -EIO;
301 } else
302 k = 1;
303 finish:
304 if (r)
305 gcry_mpi_release(r);
306 if (s)
307 gcry_mpi_release(s);
308 if (q)
309 gcry_mpi_release(q);
310
311 if (public_key_sexp)
312 gcry_sexp_release(public_key_sexp);
313 if (signature_sexp)
314 gcry_sexp_release(signature_sexp);
315 if (data_sexp)
316 gcry_sexp_release(data_sexp);
317
318 return k;
319 }
320
321 static int dnssec_ecdsa_verify(
322 const char *hash_algorithm,
323 int algorithm,
324 const void *hash, size_t hash_size,
325 DnsResourceRecord *rrsig,
326 DnsResourceRecord *dnskey) {
327
328 const char *curve;
329 size_t key_size;
330 uint8_t *q;
331
332 assert(hash);
333 assert(hash_size);
334 assert(rrsig);
335 assert(dnskey);
336
337 if (algorithm == DNSSEC_ALGORITHM_ECDSAP256SHA256) {
338 key_size = 32;
339 curve = "NIST P-256";
340 } else if (algorithm == DNSSEC_ALGORITHM_ECDSAP384SHA384) {
341 key_size = 48;
342 curve = "NIST P-384";
343 } else
344 return -EOPNOTSUPP;
345
346 if (dnskey->dnskey.key_size != key_size * 2)
347 return -EINVAL;
348
349 if (rrsig->rrsig.signature_size != key_size * 2)
350 return -EINVAL;
351
352 q = newa(uint8_t, key_size*2 + 1);
353 q[0] = 0x04; /* Prepend 0x04 to indicate an uncompressed key */
354 memcpy(q+1, dnskey->dnskey.key, key_size*2);
355
356 return dnssec_ecdsa_verify_raw(
357 hash_algorithm,
358 curve,
359 rrsig->rrsig.signature, key_size,
360 (uint8_t*) rrsig->rrsig.signature + key_size, key_size,
361 hash, hash_size,
362 q, key_size*2+1);
363 }
364
365 #if GCRYPT_VERSION_NUMBER >= 0x010600
366 static int dnssec_eddsa_verify_raw(
367 const char *curve,
368 const void *signature_r, size_t signature_r_size,
369 const void *signature_s, size_t signature_s_size,
370 const void *data, size_t data_size,
371 const void *key, size_t key_size) {
372
373 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
374 gcry_error_t ge;
375 int k;
376
377 ge = gcry_sexp_build(&signature_sexp,
378 NULL,
379 "(sig-val (eddsa (r %b) (s %b)))",
380 (int) signature_r_size,
381 signature_r,
382 (int) signature_s_size,
383 signature_s);
384 if (ge != 0) {
385 k = -EIO;
386 goto finish;
387 }
388
389 ge = gcry_sexp_build(&data_sexp,
390 NULL,
391 "(data (flags eddsa) (hash-algo sha512) (value %b))",
392 (int) data_size,
393 data);
394 if (ge != 0) {
395 k = -EIO;
396 goto finish;
397 }
398
399 ge = gcry_sexp_build(&public_key_sexp,
400 NULL,
401 "(public-key (ecc (curve %s) (flags eddsa) (q %b)))",
402 curve,
403 (int) key_size,
404 key);
405 if (ge != 0) {
406 k = -EIO;
407 goto finish;
408 }
409
410 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
411 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
412 k = 0;
413 else if (ge != 0) {
414 log_debug("EdDSA signature check failed: %s", gpg_strerror(ge));
415 k = -EIO;
416 } else
417 k = 1;
418 finish:
419 if (public_key_sexp)
420 gcry_sexp_release(public_key_sexp);
421 if (signature_sexp)
422 gcry_sexp_release(signature_sexp);
423 if (data_sexp)
424 gcry_sexp_release(data_sexp);
425
426 return k;
427 }
428
429 static int dnssec_eddsa_verify(
430 int algorithm,
431 const void *data, size_t data_size,
432 DnsResourceRecord *rrsig,
433 DnsResourceRecord *dnskey) {
434 const char *curve;
435 size_t key_size;
436
437 if (algorithm == DNSSEC_ALGORITHM_ED25519) {
438 curve = "Ed25519";
439 key_size = 32;
440 } else
441 return -EOPNOTSUPP;
442
443 if (dnskey->dnskey.key_size != key_size)
444 return -EINVAL;
445
446 if (rrsig->rrsig.signature_size != key_size * 2)
447 return -EINVAL;
448
449 return dnssec_eddsa_verify_raw(
450 curve,
451 rrsig->rrsig.signature, key_size,
452 (uint8_t*) rrsig->rrsig.signature + key_size, key_size,
453 data, data_size,
454 dnskey->dnskey.key, key_size);
455 }
456 #endif
457
458 static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
459 gcry_md_write(md, &v, sizeof(v));
460 }
461
462 static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
463 v = htobe16(v);
464 gcry_md_write(md, &v, sizeof(v));
465 }
466
467 static void fwrite_uint8(FILE *fp, uint8_t v) {
468 fwrite(&v, sizeof(v), 1, fp);
469 }
470
471 static void fwrite_uint16(FILE *fp, uint16_t v) {
472 v = htobe16(v);
473 fwrite(&v, sizeof(v), 1, fp);
474 }
475
476 static void fwrite_uint32(FILE *fp, uint32_t v) {
477 v = htobe32(v);
478 fwrite(&v, sizeof(v), 1, fp);
479 }
480
481 static int dnssec_rrsig_prepare(DnsResourceRecord *rrsig) {
482 int n_key_labels, n_signer_labels;
483 const char *name;
484 int r;
485
486 /* Checks whether the specified RRSIG RR is somewhat valid, and initializes the .n_skip_labels_source and
487 * .n_skip_labels_signer fields so that we can use them later on. */
488
489 assert(rrsig);
490 assert(rrsig->key->type == DNS_TYPE_RRSIG);
491
492 /* Check if this RRSIG RR is already prepared */
493 if (rrsig->n_skip_labels_source != UINT_MAX)
494 return 0;
495
496 if (rrsig->rrsig.inception > rrsig->rrsig.expiration)
497 return -EINVAL;
498
499 name = dns_resource_key_name(rrsig->key);
500
501 n_key_labels = dns_name_count_labels(name);
502 if (n_key_labels < 0)
503 return n_key_labels;
504 if (rrsig->rrsig.labels > n_key_labels)
505 return -EINVAL;
506
507 n_signer_labels = dns_name_count_labels(rrsig->rrsig.signer);
508 if (n_signer_labels < 0)
509 return n_signer_labels;
510 if (n_signer_labels > rrsig->rrsig.labels)
511 return -EINVAL;
512
513 r = dns_name_skip(name, n_key_labels - n_signer_labels, &name);
514 if (r < 0)
515 return r;
516 if (r == 0)
517 return -EINVAL;
518
519 /* Check if the signer is really a suffix of us */
520 r = dns_name_equal(name, rrsig->rrsig.signer);
521 if (r < 0)
522 return r;
523 if (r == 0)
524 return -EINVAL;
525
526 rrsig->n_skip_labels_source = n_key_labels - rrsig->rrsig.labels;
527 rrsig->n_skip_labels_signer = n_key_labels - n_signer_labels;
528
529 return 0;
530 }
531
532 static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
533 usec_t expiration, inception, skew;
534
535 assert(rrsig);
536 assert(rrsig->key->type == DNS_TYPE_RRSIG);
537
538 if (realtime == USEC_INFINITY)
539 realtime = now(CLOCK_REALTIME);
540
541 expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
542 inception = rrsig->rrsig.inception * USEC_PER_SEC;
543
544 /* Consider inverted validity intervals as expired */
545 if (inception > expiration)
546 return true;
547
548 /* Permit a certain amount of clock skew of 10% of the valid
549 * time range. This takes inspiration from unbound's
550 * resolver. */
551 skew = (expiration - inception) / 10;
552 if (skew > SKEW_MAX)
553 skew = SKEW_MAX;
554
555 if (inception < skew)
556 inception = 0;
557 else
558 inception -= skew;
559
560 if (expiration + skew < expiration)
561 expiration = USEC_INFINITY;
562 else
563 expiration += skew;
564
565 return realtime < inception || realtime > expiration;
566 }
567
568 static int algorithm_to_gcrypt_md(uint8_t algorithm) {
569
570 /* Translates a DNSSEC signature algorithm into a gcrypt
571 * digest identifier.
572 *
573 * Note that we implement all algorithms listed as "Must
574 * implement" and "Recommended to Implement" in RFC6944. We
575 * don't implement any algorithms that are listed as
576 * "Optional" or "Must Not Implement". Specifically, we do not
577 * implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
578 * GOST-ECC. */
579
580 switch (algorithm) {
581
582 case DNSSEC_ALGORITHM_RSASHA1:
583 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
584 return GCRY_MD_SHA1;
585
586 case DNSSEC_ALGORITHM_RSASHA256:
587 case DNSSEC_ALGORITHM_ECDSAP256SHA256:
588 return GCRY_MD_SHA256;
589
590 case DNSSEC_ALGORITHM_ECDSAP384SHA384:
591 return GCRY_MD_SHA384;
592
593 case DNSSEC_ALGORITHM_RSASHA512:
594 return GCRY_MD_SHA512;
595
596 default:
597 return -EOPNOTSUPP;
598 }
599 }
600
601 static void dnssec_fix_rrset_ttl(
602 DnsResourceRecord *list[],
603 unsigned n,
604 DnsResourceRecord *rrsig,
605 usec_t realtime) {
606
607 unsigned k;
608
609 assert(list);
610 assert(n > 0);
611 assert(rrsig);
612
613 for (k = 0; k < n; k++) {
614 DnsResourceRecord *rr = list[k];
615
616 /* Pick the TTL as the minimum of the RR's TTL, the
617 * RR's original TTL according to the RRSIG and the
618 * RRSIG's own TTL, see RFC 4035, Section 5.3.3 */
619 rr->ttl = MIN3(rr->ttl, rrsig->rrsig.original_ttl, rrsig->ttl);
620 rr->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
621
622 /* Copy over information about the signer and wildcard source of synthesis */
623 rr->n_skip_labels_source = rrsig->n_skip_labels_source;
624 rr->n_skip_labels_signer = rrsig->n_skip_labels_signer;
625 }
626
627 rrsig->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
628 }
629
630 int dnssec_verify_rrset(
631 DnsAnswer *a,
632 const DnsResourceKey *key,
633 DnsResourceRecord *rrsig,
634 DnsResourceRecord *dnskey,
635 usec_t realtime,
636 DnssecResult *result) {
637
638 uint8_t wire_format_name[DNS_WIRE_FORMAT_HOSTNAME_MAX];
639 DnsResourceRecord **list, *rr;
640 const char *source, *name;
641 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
642 int r, md_algorithm;
643 size_t k, n = 0;
644 size_t sig_size = 0;
645 _cleanup_free_ char *sig_data = NULL;
646 _cleanup_fclose_ FILE *f = NULL;
647 size_t hash_size;
648 void *hash;
649 bool wildcard;
650
651 assert(key);
652 assert(rrsig);
653 assert(dnskey);
654 assert(result);
655 assert(rrsig->key->type == DNS_TYPE_RRSIG);
656 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
657
658 /* Verifies that the RRSet matches the specified "key" in "a",
659 * using the signature "rrsig" and the key "dnskey". It's
660 * assumed that RRSIG and DNSKEY match. */
661
662 r = dnssec_rrsig_prepare(rrsig);
663 if (r == -EINVAL) {
664 *result = DNSSEC_INVALID;
665 return r;
666 }
667 if (r < 0)
668 return r;
669
670 r = dnssec_rrsig_expired(rrsig, realtime);
671 if (r < 0)
672 return r;
673 if (r > 0) {
674 *result = DNSSEC_SIGNATURE_EXPIRED;
675 return 0;
676 }
677
678 name = dns_resource_key_name(key);
679
680 /* Some keys may only appear signed in the zone apex, and are invalid anywhere else. (SOA, NS...) */
681 if (dns_type_apex_only(rrsig->rrsig.type_covered)) {
682 r = dns_name_equal(rrsig->rrsig.signer, name);
683 if (r < 0)
684 return r;
685 if (r == 0) {
686 *result = DNSSEC_INVALID;
687 return 0;
688 }
689 }
690
691 /* OTOH DS RRs may not appear in the zone apex, but are valid everywhere else. */
692 if (rrsig->rrsig.type_covered == DNS_TYPE_DS) {
693 r = dns_name_equal(rrsig->rrsig.signer, name);
694 if (r < 0)
695 return r;
696 if (r > 0) {
697 *result = DNSSEC_INVALID;
698 return 0;
699 }
700 }
701
702 /* Determine the "Source of Synthesis" and whether this is a wildcard RRSIG */
703 r = dns_name_suffix(name, rrsig->rrsig.labels, &source);
704 if (r < 0)
705 return r;
706 if (r > 0 && !dns_type_may_wildcard(rrsig->rrsig.type_covered)) {
707 /* We refuse to validate NSEC3 or SOA RRs that are synthesized from wildcards */
708 *result = DNSSEC_INVALID;
709 return 0;
710 }
711 if (r == 1) {
712 /* If we stripped a single label, then let's see if that maybe was "*". If so, we are not really
713 * synthesized from a wildcard, we are the wildcard itself. Treat that like a normal name. */
714 r = dns_name_startswith(name, "*");
715 if (r < 0)
716 return r;
717 if (r > 0)
718 source = name;
719
720 wildcard = r == 0;
721 } else
722 wildcard = r > 0;
723
724 /* Collect all relevant RRs in a single array, so that we can look at the RRset */
725 list = newa(DnsResourceRecord *, dns_answer_size(a));
726
727 DNS_ANSWER_FOREACH(rr, a) {
728 r = dns_resource_key_equal(key, rr->key);
729 if (r < 0)
730 return r;
731 if (r == 0)
732 continue;
733
734 /* We need the wire format for ordering, and digest calculation */
735 r = dns_resource_record_to_wire_format(rr, true);
736 if (r < 0)
737 return r;
738
739 list[n++] = rr;
740
741 if (n > VERIFY_RRS_MAX)
742 return -E2BIG;
743 }
744
745 if (n <= 0)
746 return -ENODATA;
747
748 /* Bring the RRs into canonical order */
749 typesafe_qsort(list, n, rr_compare);
750
751 f = open_memstream_unlocked(&sig_data, &sig_size);
752 if (!f)
753 return -ENOMEM;
754
755 fwrite_uint16(f, rrsig->rrsig.type_covered);
756 fwrite_uint8(f, rrsig->rrsig.algorithm);
757 fwrite_uint8(f, rrsig->rrsig.labels);
758 fwrite_uint32(f, rrsig->rrsig.original_ttl);
759 fwrite_uint32(f, rrsig->rrsig.expiration);
760 fwrite_uint32(f, rrsig->rrsig.inception);
761 fwrite_uint16(f, rrsig->rrsig.key_tag);
762
763 r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
764 if (r < 0)
765 return r;
766 fwrite(wire_format_name, 1, r, f);
767
768 /* Convert the source of synthesis into wire format */
769 r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
770 if (r < 0)
771 return r;
772
773 for (k = 0; k < n; k++) {
774 size_t l;
775
776 rr = list[k];
777
778 /* Hash the source of synthesis. If this is a wildcard, then prefix it with the *. label */
779 if (wildcard)
780 fwrite((uint8_t[]) { 1, '*'}, sizeof(uint8_t), 2, f);
781 fwrite(wire_format_name, 1, r, f);
782
783 fwrite_uint16(f, rr->key->type);
784 fwrite_uint16(f, rr->key->class);
785 fwrite_uint32(f, rrsig->rrsig.original_ttl);
786
787 l = DNS_RESOURCE_RECORD_RDATA_SIZE(rr);
788 assert(l <= 0xFFFF);
789
790 fwrite_uint16(f, (uint16_t) l);
791 fwrite(DNS_RESOURCE_RECORD_RDATA(rr), 1, l, f);
792 }
793
794 r = fflush_and_check(f);
795 if (r < 0)
796 return r;
797
798 initialize_libgcrypt(false);
799
800 switch (rrsig->rrsig.algorithm) {
801 #if GCRYPT_VERSION_NUMBER >= 0x010600
802 case DNSSEC_ALGORITHM_ED25519:
803 break;
804 #else
805 case DNSSEC_ALGORITHM_ED25519:
806 #endif
807 case DNSSEC_ALGORITHM_ED448:
808 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
809 return 0;
810 default:
811 /* OK, the RRs are now in canonical order. Let's calculate the digest */
812 md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
813 if (md_algorithm == -EOPNOTSUPP) {
814 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
815 return 0;
816 }
817 if (md_algorithm < 0)
818 return md_algorithm;
819
820 gcry_md_open(&md, md_algorithm, 0);
821 if (!md)
822 return -EIO;
823
824 hash_size = gcry_md_get_algo_dlen(md_algorithm);
825 assert(hash_size > 0);
826
827 gcry_md_write(md, sig_data, sig_size);
828
829 hash = gcry_md_read(md, 0);
830 if (!hash)
831 return -EIO;
832 }
833
834 switch (rrsig->rrsig.algorithm) {
835
836 case DNSSEC_ALGORITHM_RSASHA1:
837 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
838 case DNSSEC_ALGORITHM_RSASHA256:
839 case DNSSEC_ALGORITHM_RSASHA512:
840 r = dnssec_rsa_verify(
841 gcry_md_algo_name(md_algorithm),
842 hash, hash_size,
843 rrsig,
844 dnskey);
845 break;
846
847 case DNSSEC_ALGORITHM_ECDSAP256SHA256:
848 case DNSSEC_ALGORITHM_ECDSAP384SHA384:
849 r = dnssec_ecdsa_verify(
850 gcry_md_algo_name(md_algorithm),
851 rrsig->rrsig.algorithm,
852 hash, hash_size,
853 rrsig,
854 dnskey);
855 break;
856 #if GCRYPT_VERSION_NUMBER >= 0x010600
857 case DNSSEC_ALGORITHM_ED25519:
858 r = dnssec_eddsa_verify(
859 rrsig->rrsig.algorithm,
860 sig_data, sig_size,
861 rrsig,
862 dnskey);
863 break;
864 #endif
865 }
866 if (r < 0)
867 return r;
868
869 /* Now, fix the ttl, expiry, and remember the synthesizing source and the signer */
870 if (r > 0)
871 dnssec_fix_rrset_ttl(list, n, rrsig, realtime);
872
873 if (r == 0)
874 *result = DNSSEC_INVALID;
875 else if (wildcard)
876 *result = DNSSEC_VALIDATED_WILDCARD;
877 else
878 *result = DNSSEC_VALIDATED;
879
880 return 0;
881 }
882
883 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
884
885 assert(rrsig);
886 assert(dnskey);
887
888 /* Checks if the specified DNSKEY RR matches the key used for
889 * the signature in the specified RRSIG RR */
890
891 if (rrsig->key->type != DNS_TYPE_RRSIG)
892 return -EINVAL;
893
894 if (dnskey->key->type != DNS_TYPE_DNSKEY)
895 return 0;
896 if (dnskey->key->class != rrsig->key->class)
897 return 0;
898 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
899 return 0;
900 if (!revoked_ok && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
901 return 0;
902 if (dnskey->dnskey.protocol != 3)
903 return 0;
904 if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)
905 return 0;
906
907 if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag)
908 return 0;
909
910 return dns_name_equal(dns_resource_key_name(dnskey->key), rrsig->rrsig.signer);
911 }
912
913 int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
914 assert(key);
915 assert(rrsig);
916
917 /* Checks if the specified RRSIG RR protects the RRSet of the specified RR key. */
918
919 if (rrsig->key->type != DNS_TYPE_RRSIG)
920 return 0;
921 if (rrsig->key->class != key->class)
922 return 0;
923 if (rrsig->rrsig.type_covered != key->type)
924 return 0;
925
926 return dns_name_equal(dns_resource_key_name(rrsig->key), dns_resource_key_name(key));
927 }
928
929 int dnssec_verify_rrset_search(
930 DnsAnswer *a,
931 const DnsResourceKey *key,
932 DnsAnswer *validated_dnskeys,
933 usec_t realtime,
934 DnssecResult *result,
935 DnsResourceRecord **ret_rrsig) {
936
937 bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
938 DnsResourceRecord *rrsig;
939 int r;
940
941 assert(key);
942 assert(result);
943
944 /* Verifies all RRs from "a" that match the key "key" against DNSKEYs in "validated_dnskeys" */
945
946 if (!a || a->n_rrs <= 0)
947 return -ENODATA;
948
949 /* Iterate through each RRSIG RR. */
950 DNS_ANSWER_FOREACH(rrsig, a) {
951 DnsResourceRecord *dnskey;
952 DnsAnswerFlags flags;
953
954 /* Is this an RRSIG RR that applies to RRs matching our key? */
955 r = dnssec_key_match_rrsig(key, rrsig);
956 if (r < 0)
957 return r;
958 if (r == 0)
959 continue;
960
961 found_rrsig = true;
962
963 /* Look for a matching key */
964 DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {
965 DnssecResult one_result;
966
967 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
968 continue;
969
970 /* Is this a DNSKEY RR that matches they key of our RRSIG? */
971 r = dnssec_rrsig_match_dnskey(rrsig, dnskey, false);
972 if (r < 0)
973 return r;
974 if (r == 0)
975 continue;
976
977 /* Take the time here, if it isn't set yet, so
978 * that we do all validations with the same
979 * time. */
980 if (realtime == USEC_INFINITY)
981 realtime = now(CLOCK_REALTIME);
982
983 /* Yay, we found a matching RRSIG with a matching
984 * DNSKEY, awesome. Now let's verify all entries of
985 * the RRSet against the RRSIG and DNSKEY
986 * combination. */
987
988 r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);
989 if (r < 0)
990 return r;
991
992 switch (one_result) {
993
994 case DNSSEC_VALIDATED:
995 case DNSSEC_VALIDATED_WILDCARD:
996 /* Yay, the RR has been validated,
997 * return immediately, but fix up the expiry */
998 if (ret_rrsig)
999 *ret_rrsig = rrsig;
1000
1001 *result = one_result;
1002 return 0;
1003
1004 case DNSSEC_INVALID:
1005 /* If the signature is invalid, let's try another
1006 key and/or signature. After all they
1007 key_tags and stuff are not unique, and
1008 might be shared by multiple keys. */
1009 found_invalid = true;
1010 continue;
1011
1012 case DNSSEC_UNSUPPORTED_ALGORITHM:
1013 /* If the key algorithm is
1014 unsupported, try another
1015 RRSIG/DNSKEY pair, but remember we
1016 encountered this, so that we can
1017 return a proper error when we
1018 encounter nothing better. */
1019 found_unsupported_algorithm = true;
1020 continue;
1021
1022 case DNSSEC_SIGNATURE_EXPIRED:
1023 /* If the signature is expired, try
1024 another one, but remember it, so
1025 that we can return this */
1026 found_expired_rrsig = true;
1027 continue;
1028
1029 default:
1030 assert_not_reached("Unexpected DNSSEC validation result");
1031 }
1032 }
1033 }
1034
1035 if (found_expired_rrsig)
1036 *result = DNSSEC_SIGNATURE_EXPIRED;
1037 else if (found_unsupported_algorithm)
1038 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
1039 else if (found_invalid)
1040 *result = DNSSEC_INVALID;
1041 else if (found_rrsig)
1042 *result = DNSSEC_MISSING_KEY;
1043 else
1044 *result = DNSSEC_NO_SIGNATURE;
1045
1046 if (ret_rrsig)
1047 *ret_rrsig = NULL;
1048
1049 return 0;
1050 }
1051
1052 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
1053 DnsResourceRecord *rr;
1054 int r;
1055
1056 /* Checks whether there's at least one RRSIG in 'a' that protects RRs of the specified key */
1057
1058 DNS_ANSWER_FOREACH(rr, a) {
1059 r = dnssec_key_match_rrsig(key, rr);
1060 if (r < 0)
1061 return r;
1062 if (r > 0)
1063 return 1;
1064 }
1065
1066 return 0;
1067 }
1068
1069 static int digest_to_gcrypt_md(uint8_t algorithm) {
1070
1071 /* Translates a DNSSEC digest algorithm into a gcrypt digest identifier */
1072
1073 switch (algorithm) {
1074
1075 case DNSSEC_DIGEST_SHA1:
1076 return GCRY_MD_SHA1;
1077
1078 case DNSSEC_DIGEST_SHA256:
1079 return GCRY_MD_SHA256;
1080
1081 case DNSSEC_DIGEST_SHA384:
1082 return GCRY_MD_SHA384;
1083
1084 default:
1085 return -EOPNOTSUPP;
1086 }
1087 }
1088
1089 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
1090 uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
1091 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
1092 gcry_error_t err;
1093 size_t hash_size;
1094 int md_algorithm, r;
1095 void *result;
1096
1097 assert(dnskey);
1098 assert(ds);
1099
1100 /* Implements DNSKEY verification by a DS, according to RFC 4035, section 5.2 */
1101
1102 if (dnskey->key->type != DNS_TYPE_DNSKEY)
1103 return -EINVAL;
1104 if (ds->key->type != DNS_TYPE_DS)
1105 return -EINVAL;
1106 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
1107 return -EKEYREJECTED;
1108 if (!mask_revoke && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
1109 return -EKEYREJECTED;
1110 if (dnskey->dnskey.protocol != 3)
1111 return -EKEYREJECTED;
1112
1113 if (dnskey->dnskey.algorithm != ds->ds.algorithm)
1114 return 0;
1115 if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)
1116 return 0;
1117
1118 initialize_libgcrypt(false);
1119
1120 md_algorithm = digest_to_gcrypt_md(ds->ds.digest_type);
1121 if (md_algorithm < 0)
1122 return md_algorithm;
1123
1124 hash_size = gcry_md_get_algo_dlen(md_algorithm);
1125 assert(hash_size > 0);
1126
1127 if (ds->ds.digest_size != hash_size)
1128 return 0;
1129
1130 r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof(wire_format), true);
1131 if (r < 0)
1132 return r;
1133
1134 err = gcry_md_open(&md, md_algorithm, 0);
1135 if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
1136 return -EIO;
1137
1138 gcry_md_write(md, wire_format, r);
1139 if (mask_revoke)
1140 md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
1141 else
1142 md_add_uint16(md, dnskey->dnskey.flags);
1143 md_add_uint8(md, dnskey->dnskey.protocol);
1144 md_add_uint8(md, dnskey->dnskey.algorithm);
1145 gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
1146
1147 result = gcry_md_read(md, 0);
1148 if (!result)
1149 return -EIO;
1150
1151 return memcmp(result, ds->ds.digest, ds->ds.digest_size) == 0;
1152 }
1153
1154 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
1155 DnsResourceRecord *ds;
1156 DnsAnswerFlags flags;
1157 int r;
1158
1159 assert(dnskey);
1160
1161 if (dnskey->key->type != DNS_TYPE_DNSKEY)
1162 return 0;
1163
1164 DNS_ANSWER_FOREACH_FLAGS(ds, flags, validated_ds) {
1165
1166 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
1167 continue;
1168
1169 if (ds->key->type != DNS_TYPE_DS)
1170 continue;
1171 if (ds->key->class != dnskey->key->class)
1172 continue;
1173
1174 r = dns_name_equal(dns_resource_key_name(dnskey->key), dns_resource_key_name(ds->key));
1175 if (r < 0)
1176 return r;
1177 if (r == 0)
1178 continue;
1179
1180 r = dnssec_verify_dnskey_by_ds(dnskey, ds, false);
1181 if (IN_SET(r, -EKEYREJECTED, -EOPNOTSUPP))
1182 return 0; /* The DNSKEY is revoked or otherwise invalid, or we don't support the digest algorithm */
1183 if (r < 0)
1184 return r;
1185 if (r > 0)
1186 return 1;
1187 }
1188
1189 return 0;
1190 }
1191
1192 static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
1193
1194 /* Translates a DNSSEC NSEC3 hash algorithm into a gcrypt digest identifier */
1195
1196 switch (algorithm) {
1197
1198 case NSEC3_ALGORITHM_SHA1:
1199 return GCRY_MD_SHA1;
1200
1201 default:
1202 return -EOPNOTSUPP;
1203 }
1204 }
1205
1206 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
1207 uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
1208 _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
1209 gcry_error_t err;
1210 size_t hash_size;
1211 int algorithm;
1212 void *result;
1213 unsigned k;
1214 int r;
1215
1216 assert(nsec3);
1217 assert(name);
1218 assert(ret);
1219
1220 if (nsec3->key->type != DNS_TYPE_NSEC3)
1221 return -EINVAL;
1222
1223 if (nsec3->nsec3.iterations > NSEC3_ITERATIONS_MAX)
1224 return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
1225 "Ignoring NSEC3 RR %s with excessive number of iterations.",
1226 dns_resource_record_to_string(nsec3));
1227
1228 algorithm = nsec3_hash_to_gcrypt_md(nsec3->nsec3.algorithm);
1229 if (algorithm < 0)
1230 return algorithm;
1231
1232 initialize_libgcrypt(false);
1233
1234 hash_size = gcry_md_get_algo_dlen(algorithm);
1235 assert(hash_size > 0);
1236
1237 if (nsec3->nsec3.next_hashed_name_size != hash_size)
1238 return -EINVAL;
1239
1240 r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
1241 if (r < 0)
1242 return r;
1243
1244 err = gcry_md_open(&md, algorithm, 0);
1245 if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
1246 return -EIO;
1247
1248 gcry_md_write(md, wire_format, r);
1249 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
1250
1251 result = gcry_md_read(md, 0);
1252 if (!result)
1253 return -EIO;
1254
1255 for (k = 0; k < nsec3->nsec3.iterations; k++) {
1256 uint8_t tmp[hash_size];
1257 memcpy(tmp, result, hash_size);
1258
1259 gcry_md_reset(md);
1260 gcry_md_write(md, tmp, hash_size);
1261 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
1262
1263 result = gcry_md_read(md, 0);
1264 if (!result)
1265 return -EIO;
1266 }
1267
1268 memcpy(ret, result, hash_size);
1269 return (int) hash_size;
1270 }
1271
1272 static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
1273 const char *a, *b;
1274 int r;
1275
1276 assert(rr);
1277
1278 if (rr->key->type != DNS_TYPE_NSEC3)
1279 return 0;
1280
1281 /* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
1282 if (!IN_SET(rr->nsec3.flags, 0, 1))
1283 return 0;
1284
1285 /* Ignore NSEC3 RRs whose algorithm we don't know */
1286 if (nsec3_hash_to_gcrypt_md(rr->nsec3.algorithm) < 0)
1287 return 0;
1288 /* Ignore NSEC3 RRs with an excessive number of required iterations */
1289 if (rr->nsec3.iterations > NSEC3_ITERATIONS_MAX)
1290 return 0;
1291
1292 /* Ignore NSEC3 RRs generated from wildcards. If these NSEC3 RRs weren't correctly signed we can't make this
1293 * check (since rr->n_skip_labels_source is -1), but that's OK, as we won't trust them anyway in that case. */
1294 if (!IN_SET(rr->n_skip_labels_source, 0, UINT_MAX))
1295 return 0;
1296 /* Ignore NSEC3 RRs that are located anywhere else than one label below the zone */
1297 if (!IN_SET(rr->n_skip_labels_signer, 1, UINT_MAX))
1298 return 0;
1299
1300 if (!nsec3)
1301 return 1;
1302
1303 /* If a second NSEC3 RR is specified, also check if they are from the same zone. */
1304
1305 if (nsec3 == rr) /* Shortcut */
1306 return 1;
1307
1308 if (rr->key->class != nsec3->key->class)
1309 return 0;
1310 if (rr->nsec3.algorithm != nsec3->nsec3.algorithm)
1311 return 0;
1312 if (rr->nsec3.iterations != nsec3->nsec3.iterations)
1313 return 0;
1314 if (rr->nsec3.salt_size != nsec3->nsec3.salt_size)
1315 return 0;
1316 if (memcmp_safe(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
1317 return 0;
1318
1319 a = dns_resource_key_name(rr->key);
1320 r = dns_name_parent(&a); /* strip off hash */
1321 if (r <= 0)
1322 return r;
1323
1324 b = dns_resource_key_name(nsec3->key);
1325 r = dns_name_parent(&b); /* strip off hash */
1326 if (r <= 0)
1327 return r;
1328
1329 /* Make sure both have the same parent */
1330 return dns_name_equal(a, b);
1331 }
1332
1333 static int nsec3_hashed_domain_format(const uint8_t *hashed, size_t hashed_size, const char *zone, char **ret) {
1334 _cleanup_free_ char *l = NULL;
1335 char *j;
1336
1337 assert(hashed);
1338 assert(hashed_size > 0);
1339 assert(zone);
1340 assert(ret);
1341
1342 l = base32hexmem(hashed, hashed_size, false);
1343 if (!l)
1344 return -ENOMEM;
1345
1346 j = strjoin(l, ".", zone);
1347 if (!j)
1348 return -ENOMEM;
1349
1350 *ret = j;
1351 return (int) hashed_size;
1352 }
1353
1354 static int nsec3_hashed_domain_make(DnsResourceRecord *nsec3, const char *domain, const char *zone, char **ret) {
1355 uint8_t hashed[DNSSEC_HASH_SIZE_MAX];
1356 int hashed_size;
1357
1358 assert(nsec3);
1359 assert(domain);
1360 assert(zone);
1361 assert(ret);
1362
1363 hashed_size = dnssec_nsec3_hash(nsec3, domain, hashed);
1364 if (hashed_size < 0)
1365 return hashed_size;
1366
1367 return nsec3_hashed_domain_format(hashed, (size_t) hashed_size, zone, ret);
1368 }
1369
1370 /* See RFC 5155, Section 8
1371 * First try to find a NSEC3 record that matches our query precisely, if that fails, find the closest
1372 * enclosure. Secondly, find a proof that there is no closer enclosure and either a proof that there
1373 * is no wildcard domain as a direct descendant of the closest enclosure, or find an NSEC3 record that
1374 * matches the wildcard domain.
1375 *
1376 * Based on this we can prove either the existence of the record in @key, or NXDOMAIN or NODATA, or
1377 * that there is no proof either way. The latter is the case if a proof of non-existence of a given
1378 * name uses an NSEC3 record with the opt-out bit set. Lastly, if we are given insufficient NSEC3 records
1379 * to conclude anything we indicate this by returning NO_RR. */
1380 static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
1381 _cleanup_free_ char *next_closer_domain = NULL, *wildcard_domain = NULL;
1382 const char *zone, *p, *pp = NULL, *wildcard;
1383 DnsResourceRecord *rr, *enclosure_rr, *zone_rr, *wildcard_rr = NULL;
1384 DnsAnswerFlags flags;
1385 int hashed_size, r;
1386 bool a, no_closer = false, no_wildcard = false, optout = false;
1387
1388 assert(key);
1389 assert(result);
1390
1391 /* First step, find the zone name and the NSEC3 parameters of the zone.
1392 * it is sufficient to look for the longest common suffix we find with
1393 * any NSEC3 RR in the response. Any NSEC3 record will do as all NSEC3
1394 * records from a given zone in a response must use the same
1395 * parameters. */
1396 zone = dns_resource_key_name(key);
1397 for (;;) {
1398 DNS_ANSWER_FOREACH_FLAGS(zone_rr, flags, answer) {
1399 r = nsec3_is_good(zone_rr, NULL);
1400 if (r < 0)
1401 return r;
1402 if (r == 0)
1403 continue;
1404
1405 r = dns_name_equal_skip(dns_resource_key_name(zone_rr->key), 1, zone);
1406 if (r < 0)
1407 return r;
1408 if (r > 0)
1409 goto found_zone;
1410 }
1411
1412 /* Strip one label from the front */
1413 r = dns_name_parent(&zone);
1414 if (r < 0)
1415 return r;
1416 if (r == 0)
1417 break;
1418 }
1419
1420 *result = DNSSEC_NSEC_NO_RR;
1421 return 0;
1422
1423 found_zone:
1424 /* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */
1425 p = dns_resource_key_name(key);
1426 for (;;) {
1427 _cleanup_free_ char *hashed_domain = NULL;
1428
1429 hashed_size = nsec3_hashed_domain_make(zone_rr, p, zone, &hashed_domain);
1430 if (hashed_size == -EOPNOTSUPP) {
1431 *result = DNSSEC_NSEC_UNSUPPORTED_ALGORITHM;
1432 return 0;
1433 }
1434 if (hashed_size < 0)
1435 return hashed_size;
1436
1437 DNS_ANSWER_FOREACH_FLAGS(enclosure_rr, flags, answer) {
1438
1439 r = nsec3_is_good(enclosure_rr, zone_rr);
1440 if (r < 0)
1441 return r;
1442 if (r == 0)
1443 continue;
1444
1445 if (enclosure_rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
1446 continue;
1447
1448 r = dns_name_equal(dns_resource_key_name(enclosure_rr->key), hashed_domain);
1449 if (r < 0)
1450 return r;
1451 if (r > 0) {
1452 a = flags & DNS_ANSWER_AUTHENTICATED;
1453 goto found_closest_encloser;
1454 }
1455 }
1456
1457 /* We didn't find the closest encloser with this name,
1458 * but let's remember this domain name, it might be
1459 * the next closer name */
1460
1461 pp = p;
1462
1463 /* Strip one label from the front */
1464 r = dns_name_parent(&p);
1465 if (r < 0)
1466 return r;
1467 if (r == 0)
1468 break;
1469 }
1470
1471 *result = DNSSEC_NSEC_NO_RR;
1472 return 0;
1473
1474 found_closest_encloser:
1475 /* We found a closest encloser in 'p'; next closer is 'pp' */
1476
1477 if (!pp) {
1478 /* We have an exact match! If we area looking for a DS RR, then we must insist that we got the NSEC3 RR
1479 * from the parent. Otherwise the one from the child. Do so, by checking whether SOA and NS are
1480 * appropriately set. */
1481
1482 if (key->type == DNS_TYPE_DS) {
1483 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1484 return -EBADMSG;
1485 } else {
1486 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
1487 !bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1488 return -EBADMSG;
1489 }
1490
1491 /* No next closer NSEC3 RR. That means there's a direct NSEC3 RR for our key. */
1492 if (bitmap_isset(enclosure_rr->nsec3.types, key->type))
1493 *result = DNSSEC_NSEC_FOUND;
1494 else if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_CNAME))
1495 *result = DNSSEC_NSEC_CNAME;
1496 else
1497 *result = DNSSEC_NSEC_NODATA;
1498
1499 if (authenticated)
1500 *authenticated = a;
1501 if (ttl)
1502 *ttl = enclosure_rr->ttl;
1503
1504 return 0;
1505 }
1506
1507 /* Ensure this is not a DNAME domain, see RFC5155, section 8.3. */
1508 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_DNAME))
1509 return -EBADMSG;
1510
1511 /* Ensure that this data is from the delegated domain
1512 * (i.e. originates from the "lower" DNS server), and isn't
1513 * just glue records (i.e. doesn't originate from the "upper"
1514 * DNS server). */
1515 if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
1516 !bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
1517 return -EBADMSG;
1518
1519 /* Prove that there is no next closer and whether or not there is a wildcard domain. */
1520
1521 wildcard = strjoina("*.", p);
1522 r = nsec3_hashed_domain_make(enclosure_rr, wildcard, zone, &wildcard_domain);
1523 if (r < 0)
1524 return r;
1525 if (r != hashed_size)
1526 return -EBADMSG;
1527
1528 r = nsec3_hashed_domain_make(enclosure_rr, pp, zone, &next_closer_domain);
1529 if (r < 0)
1530 return r;
1531 if (r != hashed_size)
1532 return -EBADMSG;
1533
1534 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1535 _cleanup_free_ char *next_hashed_domain = NULL;
1536
1537 r = nsec3_is_good(rr, zone_rr);
1538 if (r < 0)
1539 return r;
1540 if (r == 0)
1541 continue;
1542
1543 r = nsec3_hashed_domain_format(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, zone, &next_hashed_domain);
1544 if (r < 0)
1545 return r;
1546
1547 r = dns_name_between(dns_resource_key_name(rr->key), next_closer_domain, next_hashed_domain);
1548 if (r < 0)
1549 return r;
1550 if (r > 0) {
1551 if (rr->nsec3.flags & 1)
1552 optout = true;
1553
1554 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1555
1556 no_closer = true;
1557 }
1558
1559 r = dns_name_equal(dns_resource_key_name(rr->key), wildcard_domain);
1560 if (r < 0)
1561 return r;
1562 if (r > 0) {
1563 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1564
1565 wildcard_rr = rr;
1566 }
1567
1568 r = dns_name_between(dns_resource_key_name(rr->key), wildcard_domain, next_hashed_domain);
1569 if (r < 0)
1570 return r;
1571 if (r > 0) {
1572 if (rr->nsec3.flags & 1)
1573 /* This only makes sense if we have a wildcard delegation, which is
1574 * very unlikely, see RFC 4592, Section 4.2, but we cannot rely on
1575 * this not happening, so hence cannot simply conclude NXDOMAIN as
1576 * we would wish */
1577 optout = true;
1578
1579 a = a && (flags & DNS_ANSWER_AUTHENTICATED);
1580
1581 no_wildcard = true;
1582 }
1583 }
1584
1585 if (wildcard_rr && no_wildcard)
1586 return -EBADMSG;
1587
1588 if (!no_closer) {
1589 *result = DNSSEC_NSEC_NO_RR;
1590 return 0;
1591 }
1592
1593 if (wildcard_rr) {
1594 /* A wildcard exists that matches our query. */
1595 if (optout)
1596 /* This is not specified in any RFC to the best of my knowledge, but
1597 * if the next closer enclosure is covered by an opt-out NSEC3 RR
1598 * it means that we cannot prove that the source of synthesis is
1599 * correct, as there may be a closer match. */
1600 *result = DNSSEC_NSEC_OPTOUT;
1601 else if (bitmap_isset(wildcard_rr->nsec3.types, key->type))
1602 *result = DNSSEC_NSEC_FOUND;
1603 else if (bitmap_isset(wildcard_rr->nsec3.types, DNS_TYPE_CNAME))
1604 *result = DNSSEC_NSEC_CNAME;
1605 else
1606 *result = DNSSEC_NSEC_NODATA;
1607 } else {
1608 if (optout)
1609 /* The RFC only specifies that we have to care for optout for NODATA for
1610 * DS records. However, children of an insecure opt-out delegation should
1611 * also be considered opt-out, rather than verified NXDOMAIN.
1612 * Note that we do not require a proof of wildcard non-existence if the
1613 * next closer domain is covered by an opt-out, as that would not provide
1614 * any additional information. */
1615 *result = DNSSEC_NSEC_OPTOUT;
1616 else if (no_wildcard)
1617 *result = DNSSEC_NSEC_NXDOMAIN;
1618 else {
1619 *result = DNSSEC_NSEC_NO_RR;
1620
1621 return 0;
1622 }
1623 }
1624
1625 if (authenticated)
1626 *authenticated = a;
1627
1628 if (ttl)
1629 *ttl = enclosure_rr->ttl;
1630
1631 return 0;
1632 }
1633
1634 static int dnssec_nsec_wildcard_equal(DnsResourceRecord *rr, const char *name) {
1635 char label[DNS_LABEL_MAX];
1636 const char *n;
1637 int r;
1638
1639 assert(rr);
1640 assert(rr->key->type == DNS_TYPE_NSEC);
1641
1642 /* Checks whether the specified RR has a name beginning in "*.", and if the rest is a suffix of our name */
1643
1644 if (rr->n_skip_labels_source != 1)
1645 return 0;
1646
1647 n = dns_resource_key_name(rr->key);
1648 r = dns_label_unescape(&n, label, sizeof label, 0);
1649 if (r <= 0)
1650 return r;
1651 if (r != 1 || label[0] != '*')
1652 return 0;
1653
1654 return dns_name_endswith(name, n);
1655 }
1656
1657 static int dnssec_nsec_in_path(DnsResourceRecord *rr, const char *name) {
1658 const char *nn, *common_suffix;
1659 int r;
1660
1661 assert(rr);
1662 assert(rr->key->type == DNS_TYPE_NSEC);
1663
1664 /* Checks whether the specified nsec RR indicates that name is an empty non-terminal (ENT)
1665 *
1666 * A couple of examples:
1667 *
1668 * NSEC bar → waldo.foo.bar: indicates that foo.bar exists and is an ENT
1669 * NSEC waldo.foo.bar → yyy.zzz.xoo.bar: indicates that xoo.bar and zzz.xoo.bar exist and are ENTs
1670 * NSEC yyy.zzz.xoo.bar → bar: indicates pretty much nothing about ENTs
1671 */
1672
1673 /* First, determine parent of next domain. */
1674 nn = rr->nsec.next_domain_name;
1675 r = dns_name_parent(&nn);
1676 if (r <= 0)
1677 return r;
1678
1679 /* If the name we just determined is not equal or child of the name we are interested in, then we can't say
1680 * anything at all. */
1681 r = dns_name_endswith(nn, name);
1682 if (r <= 0)
1683 return r;
1684
1685 /* If the name we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */
1686 r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
1687 if (r < 0)
1688 return r;
1689
1690 return dns_name_endswith(name, common_suffix);
1691 }
1692
1693 static int dnssec_nsec_from_parent_zone(DnsResourceRecord *rr, const char *name) {
1694 int r;
1695
1696 assert(rr);
1697 assert(rr->key->type == DNS_TYPE_NSEC);
1698
1699 /* Checks whether this NSEC originates to the parent zone or the child zone. */
1700
1701 r = dns_name_parent(&name);
1702 if (r <= 0)
1703 return r;
1704
1705 r = dns_name_equal(name, dns_resource_key_name(rr->key));
1706 if (r <= 0)
1707 return r;
1708
1709 /* DNAME, and NS without SOA is an indication for a delegation. */
1710 if (bitmap_isset(rr->nsec.types, DNS_TYPE_DNAME))
1711 return 1;
1712
1713 if (bitmap_isset(rr->nsec.types, DNS_TYPE_NS) && !bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1714 return 1;
1715
1716 return 0;
1717 }
1718
1719 static int dnssec_nsec_covers(DnsResourceRecord *rr, const char *name) {
1720 const char *signer;
1721 int r;
1722
1723 assert(rr);
1724 assert(rr->key->type == DNS_TYPE_NSEC);
1725
1726 /* Checks whether the name is covered by this NSEC RR. This means, that the name is somewhere below the NSEC's
1727 * signer name, and between the NSEC's two names. */
1728
1729 r = dns_resource_record_signer(rr, &signer);
1730 if (r < 0)
1731 return r;
1732
1733 r = dns_name_endswith(name, signer); /* this NSEC isn't suitable the name is not in the signer's domain */
1734 if (r <= 0)
1735 return r;
1736
1737 return dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
1738 }
1739
1740 static int dnssec_nsec_generate_wildcard(DnsResourceRecord *rr, const char *name, char **wc) {
1741 const char *common_suffix1, *common_suffix2, *signer;
1742 int r, labels1, labels2;
1743
1744 assert(rr);
1745 assert(rr->key->type == DNS_TYPE_NSEC);
1746
1747 /* Generates "Wildcard at the Closest Encloser" for the given name and NSEC RR. */
1748
1749 r = dns_resource_record_signer(rr, &signer);
1750 if (r < 0)
1751 return r;
1752
1753 r = dns_name_endswith(name, signer); /* this NSEC isn't suitable the name is not in the signer's domain */
1754 if (r <= 0)
1755 return r;
1756
1757 r = dns_name_common_suffix(name, dns_resource_key_name(rr->key), &common_suffix1);
1758 if (r < 0)
1759 return r;
1760
1761 r = dns_name_common_suffix(name, rr->nsec.next_domain_name, &common_suffix2);
1762 if (r < 0)
1763 return r;
1764
1765 labels1 = dns_name_count_labels(common_suffix1);
1766 if (labels1 < 0)
1767 return labels1;
1768
1769 labels2 = dns_name_count_labels(common_suffix2);
1770 if (labels2 < 0)
1771 return labels2;
1772
1773 if (labels1 > labels2)
1774 r = dns_name_concat("*", common_suffix1, 0, wc);
1775 else
1776 r = dns_name_concat("*", common_suffix2, 0, wc);
1777
1778 if (r < 0)
1779 return r;
1780
1781 return 0;
1782 }
1783
1784 int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
1785 bool have_nsec3 = false, covering_rr_authenticated = false, wildcard_rr_authenticated = false;
1786 DnsResourceRecord *rr, *covering_rr = NULL, *wildcard_rr = NULL;
1787 DnsAnswerFlags flags;
1788 const char *name;
1789 int r;
1790
1791 assert(key);
1792 assert(result);
1793
1794 /* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
1795
1796 name = dns_resource_key_name(key);
1797
1798 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1799
1800 if (rr->key->class != key->class)
1801 continue;
1802
1803 have_nsec3 = have_nsec3 || (rr->key->type == DNS_TYPE_NSEC3);
1804
1805 if (rr->key->type != DNS_TYPE_NSEC)
1806 continue;
1807
1808 /* The following checks only make sense for NSEC RRs that are not expanded from a wildcard */
1809 r = dns_resource_record_is_synthetic(rr);
1810 if (r == -ENODATA) /* No signing RR known. */
1811 continue;
1812 if (r < 0)
1813 return r;
1814 if (r > 0)
1815 continue;
1816
1817 /* Check if this is a direct match. If so, we have encountered a NODATA case */
1818 r = dns_name_equal(dns_resource_key_name(rr->key), name);
1819 if (r < 0)
1820 return r;
1821 if (r == 0) {
1822 /* If it's not a direct match, maybe it's a wild card match? */
1823 r = dnssec_nsec_wildcard_equal(rr, name);
1824 if (r < 0)
1825 return r;
1826 }
1827 if (r > 0) {
1828 if (key->type == DNS_TYPE_DS) {
1829 /* If we look for a DS RR and the server sent us the NSEC RR of the child zone
1830 * we have a problem. For DS RRs we want the NSEC RR from the parent */
1831 if (bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1832 continue;
1833 } else {
1834 /* For all RR types, ensure that if NS is set SOA is set too, so that we know
1835 * we got the child's NSEC. */
1836 if (bitmap_isset(rr->nsec.types, DNS_TYPE_NS) &&
1837 !bitmap_isset(rr->nsec.types, DNS_TYPE_SOA))
1838 continue;
1839 }
1840
1841 if (bitmap_isset(rr->nsec.types, key->type))
1842 *result = DNSSEC_NSEC_FOUND;
1843 else if (bitmap_isset(rr->nsec.types, DNS_TYPE_CNAME))
1844 *result = DNSSEC_NSEC_CNAME;
1845 else
1846 *result = DNSSEC_NSEC_NODATA;
1847
1848 if (authenticated)
1849 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1850 if (ttl)
1851 *ttl = rr->ttl;
1852
1853 return 0;
1854 }
1855
1856 /* Check if the name we are looking for is an empty non-terminal within the owner or next name
1857 * of the NSEC RR. */
1858 r = dnssec_nsec_in_path(rr, name);
1859 if (r < 0)
1860 return r;
1861 if (r > 0) {
1862 *result = DNSSEC_NSEC_NODATA;
1863
1864 if (authenticated)
1865 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1866 if (ttl)
1867 *ttl = rr->ttl;
1868
1869 return 0;
1870 }
1871
1872 /* The following two "covering" checks, are not useful if the NSEC is from the parent */
1873 r = dnssec_nsec_from_parent_zone(rr, name);
1874 if (r < 0)
1875 return r;
1876 if (r > 0)
1877 continue;
1878
1879 /* Check if this NSEC RR proves the absence of an explicit RR under this name */
1880 r = dnssec_nsec_covers(rr, name);
1881 if (r < 0)
1882 return r;
1883 if (r > 0 && (!covering_rr || !covering_rr_authenticated)) {
1884 covering_rr = rr;
1885 covering_rr_authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1886 }
1887 }
1888
1889 if (covering_rr) {
1890 _cleanup_free_ char *wc = NULL;
1891 r = dnssec_nsec_generate_wildcard(covering_rr, name, &wc);
1892 if (r < 0)
1893 return r;
1894
1895 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1896
1897 if (rr->key->class != key->class)
1898 continue;
1899
1900 if (rr->key->type != DNS_TYPE_NSEC)
1901 continue;
1902
1903 /* Check if this NSEC RR proves the nonexistence of the wildcard */
1904 r = dnssec_nsec_covers(rr, wc);
1905 if (r < 0)
1906 return r;
1907 if (r > 0 && (!wildcard_rr || !wildcard_rr_authenticated)) {
1908 wildcard_rr = rr;
1909 wildcard_rr_authenticated = flags & DNS_ANSWER_AUTHENTICATED;
1910 }
1911 }
1912 }
1913
1914 if (covering_rr && wildcard_rr) {
1915 /* If we could prove that neither the name itself, nor the wildcard at the closest encloser exists, we
1916 * proved the NXDOMAIN case. */
1917 *result = DNSSEC_NSEC_NXDOMAIN;
1918
1919 if (authenticated)
1920 *authenticated = covering_rr_authenticated && wildcard_rr_authenticated;
1921 if (ttl)
1922 *ttl = MIN(covering_rr->ttl, wildcard_rr->ttl);
1923
1924 return 0;
1925 }
1926
1927 /* OK, this was not sufficient. Let's see if NSEC3 can help. */
1928 if (have_nsec3)
1929 return dnssec_test_nsec3(answer, key, result, authenticated, ttl);
1930
1931 /* No appropriate NSEC RR found, report this. */
1932 *result = DNSSEC_NSEC_NO_RR;
1933 return 0;
1934 }
1935
1936 static int dnssec_nsec_test_enclosed(DnsAnswer *answer, uint16_t type, const char *name, const char *zone, bool *authenticated) {
1937 DnsResourceRecord *rr;
1938 DnsAnswerFlags flags;
1939 int r;
1940
1941 assert(name);
1942 assert(zone);
1943
1944 /* Checks whether there's an NSEC/NSEC3 that proves that the specified 'name' is non-existing in the specified
1945 * 'zone'. The 'zone' must be a suffix of the 'name'. */
1946
1947 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1948 bool found = false;
1949
1950 if (rr->key->type != type && type != DNS_TYPE_ANY)
1951 continue;
1952
1953 switch (rr->key->type) {
1954
1955 case DNS_TYPE_NSEC:
1956
1957 /* We only care for NSEC RRs from the indicated zone */
1958 r = dns_resource_record_is_signer(rr, zone);
1959 if (r < 0)
1960 return r;
1961 if (r == 0)
1962 continue;
1963
1964 r = dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
1965 if (r < 0)
1966 return r;
1967
1968 found = r > 0;
1969 break;
1970
1971 case DNS_TYPE_NSEC3: {
1972 _cleanup_free_ char *hashed_domain = NULL, *next_hashed_domain = NULL;
1973
1974 /* We only care for NSEC3 RRs from the indicated zone */
1975 r = dns_resource_record_is_signer(rr, zone);
1976 if (r < 0)
1977 return r;
1978 if (r == 0)
1979 continue;
1980
1981 r = nsec3_is_good(rr, NULL);
1982 if (r < 0)
1983 return r;
1984 if (r == 0)
1985 break;
1986
1987 /* Format the domain we are testing with the NSEC3 RR's hash function */
1988 r = nsec3_hashed_domain_make(
1989 rr,
1990 name,
1991 zone,
1992 &hashed_domain);
1993 if (r < 0)
1994 return r;
1995 if ((size_t) r != rr->nsec3.next_hashed_name_size)
1996 break;
1997
1998 /* Format the NSEC3's next hashed name as proper domain name */
1999 r = nsec3_hashed_domain_format(
2000 rr->nsec3.next_hashed_name,
2001 rr->nsec3.next_hashed_name_size,
2002 zone,
2003 &next_hashed_domain);
2004 if (r < 0)
2005 return r;
2006
2007 r = dns_name_between(dns_resource_key_name(rr->key), hashed_domain, next_hashed_domain);
2008 if (r < 0)
2009 return r;
2010
2011 found = r > 0;
2012 break;
2013 }
2014
2015 default:
2016 continue;
2017 }
2018
2019 if (found) {
2020 if (authenticated)
2021 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
2022 return 1;
2023 }
2024 }
2025
2026 return 0;
2027 }
2028
2029 static int dnssec_test_positive_wildcard_nsec3(
2030 DnsAnswer *answer,
2031 const char *name,
2032 const char *source,
2033 const char *zone,
2034 bool *authenticated) {
2035
2036 const char *next_closer = NULL;
2037 int r;
2038
2039 /* Run a positive NSEC3 wildcard proof. Specifically:
2040 *
2041 * A proof that the "next closer" of the generating wildcard does not exist.
2042 *
2043 * Note a key difference between the NSEC3 and NSEC versions of the proof. NSEC RRs don't have to exist for
2044 * empty non-transients. NSEC3 RRs however have to. This means it's sufficient to check if the next closer name
2045 * exists for the NSEC3 RR and we are done.
2046 *
2047 * To prove that a.b.c.d.e.f is rightfully synthesized from a wildcard *.d.e.f all we have to check is that
2048 * c.d.e.f does not exist. */
2049
2050 for (;;) {
2051 next_closer = name;
2052 r = dns_name_parent(&name);
2053 if (r <= 0)
2054 return r;
2055
2056 r = dns_name_equal(name, source);
2057 if (r < 0)
2058 return r;
2059 if (r > 0)
2060 break;
2061 }
2062
2063 return dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC3, next_closer, zone, authenticated);
2064 }
2065
2066 static int dnssec_test_positive_wildcard_nsec(
2067 DnsAnswer *answer,
2068 const char *name,
2069 const char *source,
2070 const char *zone,
2071 bool *_authenticated) {
2072
2073 bool authenticated = true;
2074 int r;
2075
2076 /* Run a positive NSEC wildcard proof. Specifically:
2077 *
2078 * A proof that there's neither a wildcard name nor a non-wildcard name that is a suffix of the name "name" and
2079 * a prefix of the synthesizing source "source" in the zone "zone".
2080 *
2081 * See RFC 5155, Section 8.8 and RFC 4035, Section 5.3.4
2082 *
2083 * Note that if we want to prove that a.b.c.d.e.f is rightfully synthesized from a wildcard *.d.e.f, then we
2084 * have to prove that none of the following exist:
2085 *
2086 * 1) a.b.c.d.e.f
2087 * 2) *.b.c.d.e.f
2088 * 3) b.c.d.e.f
2089 * 4) *.c.d.e.f
2090 * 5) c.d.e.f
2091 */
2092
2093 for (;;) {
2094 _cleanup_free_ char *wc = NULL;
2095 bool a = false;
2096
2097 /* Check if there's an NSEC or NSEC3 RR that proves that the mame we determined is really non-existing,
2098 * i.e between the owner name and the next name of an NSEC RR. */
2099 r = dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC, name, zone, &a);
2100 if (r <= 0)
2101 return r;
2102
2103 authenticated = authenticated && a;
2104
2105 /* Strip one label off */
2106 r = dns_name_parent(&name);
2107 if (r <= 0)
2108 return r;
2109
2110 /* Did we reach the source of synthesis? */
2111 r = dns_name_equal(name, source);
2112 if (r < 0)
2113 return r;
2114 if (r > 0) {
2115 /* Successful exit */
2116 *_authenticated = authenticated;
2117 return 1;
2118 }
2119
2120 /* Safety check, that the source of synthesis is still our suffix */
2121 r = dns_name_endswith(name, source);
2122 if (r < 0)
2123 return r;
2124 if (r == 0)
2125 return -EBADMSG;
2126
2127 /* Replace the label we stripped off with an asterisk */
2128 wc = strjoin("*.", name);
2129 if (!wc)
2130 return -ENOMEM;
2131
2132 /* And check if the proof holds for the asterisk name, too */
2133 r = dnssec_nsec_test_enclosed(answer, DNS_TYPE_NSEC, wc, zone, &a);
2134 if (r <= 0)
2135 return r;
2136
2137 authenticated = authenticated && a;
2138 /* In the next iteration we'll check the non-asterisk-prefixed version */
2139 }
2140 }
2141
2142 int dnssec_test_positive_wildcard(
2143 DnsAnswer *answer,
2144 const char *name,
2145 const char *source,
2146 const char *zone,
2147 bool *authenticated) {
2148
2149 int r;
2150
2151 assert(name);
2152 assert(source);
2153 assert(zone);
2154 assert(authenticated);
2155
2156 r = dns_answer_contains_zone_nsec3(answer, zone);
2157 if (r < 0)
2158 return r;
2159 if (r > 0)
2160 return dnssec_test_positive_wildcard_nsec3(answer, name, source, zone, authenticated);
2161 else
2162 return dnssec_test_positive_wildcard_nsec(answer, name, source, zone, authenticated);
2163 }
2164
2165 #else
2166
2167 int dnssec_verify_rrset(
2168 DnsAnswer *a,
2169 const DnsResourceKey *key,
2170 DnsResourceRecord *rrsig,
2171 DnsResourceRecord *dnskey,
2172 usec_t realtime,
2173 DnssecResult *result) {
2174
2175 return -EOPNOTSUPP;
2176 }
2177
2178 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
2179
2180 return -EOPNOTSUPP;
2181 }
2182
2183 int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
2184
2185 return -EOPNOTSUPP;
2186 }
2187
2188 int dnssec_verify_rrset_search(
2189 DnsAnswer *a,
2190 const DnsResourceKey *key,
2191 DnsAnswer *validated_dnskeys,
2192 usec_t realtime,
2193 DnssecResult *result,
2194 DnsResourceRecord **ret_rrsig) {
2195
2196 return -EOPNOTSUPP;
2197 }
2198
2199 int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
2200
2201 return -EOPNOTSUPP;
2202 }
2203
2204 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
2205
2206 return -EOPNOTSUPP;
2207 }
2208
2209 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
2210
2211 return -EOPNOTSUPP;
2212 }
2213
2214 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
2215
2216 return -EOPNOTSUPP;
2217 }
2218
2219 int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
2220
2221 return -EOPNOTSUPP;
2222 }
2223
2224 int dnssec_test_positive_wildcard(
2225 DnsAnswer *answer,
2226 const char *name,
2227 const char *source,
2228 const char *zone,
2229 bool *authenticated) {
2230
2231 return -EOPNOTSUPP;
2232 }
2233
2234 #endif
2235
2236 static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
2237 [DNSSEC_VALIDATED] = "validated",
2238 [DNSSEC_VALIDATED_WILDCARD] = "validated-wildcard",
2239 [DNSSEC_INVALID] = "invalid",
2240 [DNSSEC_SIGNATURE_EXPIRED] = "signature-expired",
2241 [DNSSEC_UNSUPPORTED_ALGORITHM] = "unsupported-algorithm",
2242 [DNSSEC_NO_SIGNATURE] = "no-signature",
2243 [DNSSEC_MISSING_KEY] = "missing-key",
2244 [DNSSEC_UNSIGNED] = "unsigned",
2245 [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
2246 [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
2247 [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server",
2248 };
2249 DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
2250
2251 static const char* const dnssec_verdict_table[_DNSSEC_VERDICT_MAX] = {
2252 [DNSSEC_SECURE] = "secure",
2253 [DNSSEC_INSECURE] = "insecure",
2254 [DNSSEC_BOGUS] = "bogus",
2255 [DNSSEC_INDETERMINATE] = "indeterminate",
2256 };
2257 DEFINE_STRING_TABLE_LOOKUP(dnssec_verdict, DnssecVerdict);
Unnamed repository; edit this file 'description' to name the repository.