From 5e1193f19d3deea94c3d2ab7e21efcc06f8bd0f6 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 30 Sep 2008 13:06:07 +0000
Subject: [PATCH] SHA256 support.

git-svn-id: file:///svn/unbound/trunk@1275 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog                            |  2 +
 testcode/unitverify.c                    | 10 +++
 testdata/Kexample.com.+008+01443.ds      |  1 +
 testdata/Kexample.com.+008+01443.key     |  1 +
 testdata/Kexample.com.+008+01443.private | 10 +++
 testdata/Kexample.com.+009+54034.ds      |  1 +
 testdata/Kexample.com.+009+54034.key     |  1 +
 testdata/Kexample.com.+009+54034.private | 10 +++
 testdata/test_signatures.10              | 24 ++++++++
 testdata/test_signatures.9               | 23 +++++++
 validator/val_sigcrypt.c                 | 77 +++++++++++++++++++++---
 11 files changed, 153 insertions(+), 7 deletions(-)
 create mode 100644 testdata/Kexample.com.+008+01443.ds
 create mode 100644 testdata/Kexample.com.+008+01443.key
 create mode 100644 testdata/Kexample.com.+008+01443.private
 create mode 100644 testdata/Kexample.com.+009+54034.ds
 create mode 100644 testdata/Kexample.com.+009+54034.key
 create mode 100644 testdata/Kexample.com.+009+54034.private
 create mode 100644 testdata/test_signatures.10
 create mode 100644 testdata/test_signatures.9

diff --git a/doc/Changelog b/doc/Changelog
index f49afa40c..fe13d2734 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,8 @@
 30 September 2008: Wouter
 	- fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.
 	- tests for sha256 support and downgrade resistance.
+	- RSASHA256 and RSASHA512 support (using the draft in dnsext),
+	  using the drafted protocol numbers.
 
 29 September 2008: Wouter
 	- EDNS lameness detection, if EDNS packets are dropped this is
diff --git a/testcode/unitverify.c b/testcode/unitverify.c
index 43ec4a1c6..915a01844 100644
--- a/testcode/unitverify.c
+++ b/testcode/unitverify.c
@@ -140,6 +140,9 @@ should_be_bogus(struct ub_packed_rrset_key* rrset)
 		entry.data;
 	if(d->rrsig_count == 0)
 		return 1;
+	/* name 'bogus' as first label signals bogus */
+	if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0)
+		return 1;
 	return 0;
 }
 
@@ -468,6 +471,13 @@ verify_test()
 	verifytest_file("testdata/test_signatures.6", "20080416005004");
 	verifytest_file("testdata/test_signatures.7", "20070829144150");
 	verifytest_file("testdata/test_signatures.8", "20070829144150");
+#ifdef SHA256_DIGEST_LENGTH
+	verifytest_file("testdata/test_signatures.9", "20070829144150");
+	verifytest_file("testdata/test_signatures.11", "20070829144150");
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+	verifytest_file("testdata/test_signatures.10", "20070829144150");
+#endif
 	dstest_file("testdata/test_ds_sig.1");
 	nsectest();
 	nsec3_hash_test("testdata/test_nsec3_hash.1");
diff --git a/testdata/Kexample.com.+008+01443.ds b/testdata/Kexample.com.+008+01443.ds
new file mode 100644
index 000000000..3e031f9b3
--- /dev/null
+++ b/testdata/Kexample.com.+008+01443.ds
@@ -0,0 +1 @@
+example.com.	3600	IN	DS	1443 8 1 54f8ccd08089fd8b7c1b51d487eadf1c527dece4 ; xihaz-mufit-bybem-nezam-ryzuc-rugyt-gucyv-pulec-sygyl-tiriv-goxox
diff --git a/testdata/Kexample.com.+008+01443.key b/testdata/Kexample.com.+008+01443.key
new file mode 100644
index 000000000..61b39f45e
--- /dev/null
+++ b/testdata/Kexample.com.+008+01443.key
@@ -0,0 +1 @@
+example.com.	3600	IN	DNSKEY	256 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1443 (zsk), size = 1024b}
diff --git a/testdata/Kexample.com.+008+01443.private b/testdata/Kexample.com.+008+01443.private
new file mode 100644
index 000000000..4d70dd39c
--- /dev/null
+++ b/testdata/Kexample.com.+008+01443.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 8 (RSASHA256)
+Modulus: t31aqPMTY/KfPbU4bl2hJ/2EXMyvl2HPPbBpne9Nr7SjmvsCNMCqYDXIf8Hf5oAyKFSbm5xlJ9Wqjv6Q5pETzIWP1qK86YDWfX4kt68mr+jK9DKPFA3ZBvz0vJo1RPmgpkiIv67LKE1bcoNHdJJtD8YHBA0MdVxmL4kNHdELSvs=
+PublicExponent: AQAB
+PrivateExponent: azCanqnpgPDCX90Wyzp9I4xxH3kfdrLXyzTcbjvWyTcggC/0WPbYUP36U8/hSZlIM9FBWgVh/oROb9x8r4S+6DT5k3tdhI303AL6bC8x1PBCzHjXBmYa9JvPKx/7a1hpSVOw9iJJh0Y4IclrfA8Ssdqxkj5QdNvR1CqDYTvIH/E=
+Prime1: 4yIEKoY9ew1mX7+MUA8T1sGp64VzTiFpnn/8eomwdYVEsX6Sg563qLEn6IuORxrqCz8Ae3qfgVkT0J96ArURsw==
+Prime2: zs9dU2j2jlToxIXtKu+YeO7QCKd1gVP6beI9IxjMYm21opsVvJ/xMlHu9aocGuCgvfmFyu/ShhsF/IPlFkvtmQ==
+Exponent1: EAy8TKD1wTc+L6/iY1ndZgSDVFA2yKOVygxzM9l87aEALKasBb72bWYvUsBhymZ9eVP3XcJZeRNpUgmi3oQa/w==
+Exponent2: nukr9wmyWo/YBBo8sT9F07b9V4kFe4jB52luPOezNPbEGNw+CaCEv3vBuDcsPWLZYOC488Tv6WgeY3gdsdJKEQ==
+Coefficient: Fr7ARq2yRTv8+1ZAAwv2gbDa92RZxdZzj9hpC+/64kjCxq5//2haIhU/wtgDbBlr99Uk90cXf6F8AeaqCYgjLQ==
diff --git a/testdata/Kexample.com.+009+54034.ds b/testdata/Kexample.com.+009+54034.ds
new file mode 100644
index 000000000..3d88960e8
--- /dev/null
+++ b/testdata/Kexample.com.+009+54034.ds
@@ -0,0 +1 @@
+example.com.	3600	IN	DS	54034 9 1 59793aa41c0bfb8d71c686761370d29af7a9ae9b ; xikel-nyvap-gelyb-ryvom-teses-kecul-kegel-begon-potap-nuron-roxex
diff --git a/testdata/Kexample.com.+009+54034.key b/testdata/Kexample.com.+009+54034.key
new file mode 100644
index 000000000..88bed34ad
--- /dev/null
+++ b/testdata/Kexample.com.+009+54034.key
@@ -0,0 +1 @@
+example.com.	3600	IN	DNSKEY	256 3 9 AwEAAeHRRbGrk8zEVeSLNlELTGcvJLEiv+OJp1HWhq+kitN3p+IjLT2YmV2p43ReRiPSBDjzsf/8VPKCsGaDeli0/cq3u0s54ft8KB9lYbMDKg0LQkDdjVY2Ah5l7FRZGDn+AnmxWlZ3mp8ZREs2NCtQW5GOiKzZtJfftUZ9f8PXemIV ;{id = 54034 (zsk), size = 1024b}
diff --git a/testdata/Kexample.com.+009+54034.private b/testdata/Kexample.com.+009+54034.private
new file mode 100644
index 000000000..415dbfa39
--- /dev/null
+++ b/testdata/Kexample.com.+009+54034.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 9 (RSASHA512)
+Modulus: 4dFFsauTzMRV5Is2UQtMZy8ksSK/44mnUdaGr6SK03en4iMtPZiZXanjdF5GI9IEOPOx//xU8oKwZoN6WLT9yre7Sznh+3woH2VhswMqDQtCQN2NVjYCHmXsVFkYOf4CebFaVneanxlESzY0K1BbkY6IrNm0l9+1Rn1/w9d6YhU=
+PublicExponent: AQAB
+PrivateExponent: ODgdncoVldkbeTafYzXo45d9DwyTsVZH7bv29CuG1HbpuQcA8GDZbdQp6IK/+5MBshwZqJ1tmKKowBzjjMoilKnEZcn8ca9/L9Vr0Mgv5L7UDHkcAYa3rTmvXEowCJ7lrZYxiV/VFa5lMdRhuJPwffV2r8PxcRdNOIT7cNROMlE=
+Prime1: 9MoMzIuhQzBpVxKKoxVVpWaDoFS5iTiSuHay5jS9gu8uffPap6utGuyz24pWcPkEd1wrOdgMoGbzZq+RI/Azyw==
+Prime2: 7CjLOWY8aYfR2WhaVSZmdPieuClR4m26WZowZJL7tolGnwxdyo9mbCC8K3l9rBfGC93pM2R3h2GoWJY94G3Fnw==
+Exponent1: WvzfVQhxoK/V9++EaKn9c8VvF6FmdYL5xmcYiEkCSDDvbxG9LKW7ak6ha/E3wDZPWq5/wrhzuQuLXZfUsy8NkQ==
+Exponent2: bHXT2BnXNxR00We2zRKkzaX9p1D61YZVpp9FCHvk9RGZCKTyUnyHqrNiGIlkqWwFvh994eeLafb1DTJ7Wp6vuw==
+Coefficient: as42vfVFq5hx39EOBiOS1m+2CYzLLIPI7vh8xAi1lOJiTEzmujGVZ9VYETFenAp/S1ZfDznZU47hoWqtImxJ3g==
diff --git a/testdata/test_signatures.10 b/testdata/test_signatures.10
new file mode 100644
index 000000000..42d9ef1e0
--- /dev/null
+++ b/testdata/test_signatures.10
@@ -0,0 +1,24 @@
+; Signature test file
+
+; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. 
+; later entries are verified with it.
+
+; Test RSASHA512 signatures.
+
+; RSA key from ldns tool
+ENTRY_BEGIN
+SECTION QUESTION
+sub.example.com.	IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 9 AwEAAeHRRbGrk8zEVeSLNlELTGcvJLEiv+OJp1HWhq+kitN3p+IjLT2YmV2p43ReRiPSBDjzsf/8VPKCsGaDeli0/cq3u0s54ft8KB9lYbMDKg0LQkDdjVY2Ah5l7FRZGDn+AnmxWlZ3mp8ZREs2NCtQW5GOiKzZtJfftUZ9f8PXemIV ;{id = 54034 (zsk), size = 1024b}
+ENTRY_END
+
+; entry to test
+ENTRY_BEGIN
+SECTION QUESTION
+www.example.com.    IN      A 
+SECTION ANSWER
+www.example.com.	3600	IN	A	192.0.2.66
+www.example.com.	3600	IN	RRSIG	A 9 3 3600 20070926134150 20070829134150 54034 example.com. FASMRTKfNKrj4o5gEkwfIjlqw2o03ZaoT95TcEdhBW80iyhi3cN3FESX7cquyqQ3AoA3i7OU5bqFVeLoQq9zeE8G2qHklpSPjrEFPHB/HKPtweb5rk4+yZqo9b0G375We12sZWHY5/gpaL2zVgX5A3j2H78rlfM7EMVnOEOIc0Y= ;{id = 54034}
+ENTRY_END
+
diff --git a/testdata/test_signatures.9 b/testdata/test_signatures.9
new file mode 100644
index 000000000..0c44ffaf9
--- /dev/null
+++ b/testdata/test_signatures.9
@@ -0,0 +1,23 @@
+; Signature test file
+
+; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. 
+; later entries are verified with it.
+
+; Test RSASHA256 signatures.
+
+; RSA key from ldns tool
+ENTRY_BEGIN
+SECTION QUESTION
+sub.example.com.	IN DNSKEY
+SECTION ANSWER
+example.com.	3600	IN	DNSKEY	256 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1443 (zsk), size = 1024b}
+ENTRY_END
+
+; entry to test
+ENTRY_BEGIN
+SECTION QUESTION
+www.example.com.    IN      A 
+SECTION ANSWER
+www.example.com.	3600	IN	A	192.0.2.66
+www.example.com.	3600	IN	RRSIG	A 8 3 3600 20070926134150 20070829134150 1443 example.com. sX+BZ6Qdq0Td/THR1HgOnWh9URNP03KMEgjpnRGbS74NqlmlqLU3HcimOT/lUD7xsZTeOIWw5kAcQePxU3UrjS5gsIttIXAfrHFmOtTsyb0O4w0/RpR0QYxRl1hk4zQRPzHeEkgxNTe+y9V9gYe7iv9OddXsfwEnmqQiXk+tdsU= ;{id = 1443}
+ENTRY_END
diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c
index f24a79d7e..883855012 100644
--- a/validator/val_sigcrypt.c
+++ b/validator/val_sigcrypt.c
@@ -370,6 +370,12 @@ dnskey_algo_id_is_supported(int id)
 	case LDNS_RSASHA1:
 	case LDNS_RSASHA1_NSEC3:
 	case LDNS_RSAMD5:
+#ifdef SHA256_DIGEST_LENGTH
+	case LDNS_RSASHA256:
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+	case LDNS_RSASHA512:
+#endif
 		return 1;
 	default:
 		return 0;
@@ -400,26 +406,65 @@ int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
 		dnskey_idx));
 }
 
+/**
+ * Fillup needed algorithm array for DNSKEY set
+ * @param dnskey: the key
+ * @param num: number of DNSKEY RRs.
+ * @param needs: array per algorithm.
+ * @return the number of algorithms that need valid signatures
+ */
+static size_t
+dnskeyset_needs(struct ub_packed_rrset_key* dnskey, size_t num,
+	uint8_t needs[])
+{
+	uint8_t algo;
+	size_t i, total = 0;
+
+	memset(needs, 0, sizeof(uint8_t)*256);
+	for(i=0; i<num; i++) {
+		algo = (uint8_t)dnskey_get_algo(dnskey, i);
+		if(needs[algo] == 0) {
+			needs[algo] = 1;
+			total++;
+		}
+	}
+	return total;
+}
+
 enum sec_status 
 dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
 	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey)
 {
 	enum sec_status sec;
-	size_t i, num;
+	size_t i, num, numneeds;
 	rbtree_t* sortree = NULL;
+	/* make sure that for all DNSKEY algorithms there are valid sigs */
+	uint8_t needs[256]; /* 1 if need sig for that algorithm */
+
 	num = rrset_get_sigcount(rrset);
 	if(num == 0) {
 		verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
 			"signatures");
 		return sec_status_bogus;
 	}
+
+	numneeds = dnskeyset_needs(dnskey, num, needs);
 	for(i=0; i<num; i++) {
 		sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset, 
 			dnskey, i, &sortree);
-		if(sec == sec_status_secure)
-			return sec;
+		/* see which algorithm has been fixed up */
+		if(sec == sec_status_secure) {
+			uint8_t a = (uint8_t)dnskey_get_algo(dnskey, i);
+			if(needs[a] == 1) {
+				needs[a] = 0;
+				numneeds --;
+				if(numneeds == 0) /* done! */
+					return sec;
+			}
+		}
 	}
-	verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
+	verbose(VERB_ALGO, "rrset failed to verify: no valid signatures for "
+		"%d algorithms", (int)numneeds);
 	return sec_status_bogus;
 }
 
@@ -1256,18 +1301,36 @@ setup_key_digest(int algo, EVP_PKEY* evp_key, const EVP_MD** digest_type,
 			break;
 		case LDNS_RSASHA1:
 		case LDNS_RSASHA1_NSEC3:
+#ifdef SHA256_DIGEST_LENGTH
+		case LDNS_RSASHA256:
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+		case LDNS_RSASHA512:
+#endif
 			rsa = ldns_key_buf2rsa_raw(key, keylen);
 			if(!rsa) {
 				verbose(VERB_QUERY, "verify: "
-					"ldns_key_buf2rsa_raw SHA1 failed");
+					"ldns_key_buf2rsa_raw SHA failed");
 				return 0;
 			}
 			if(EVP_PKEY_assign_RSA(evp_key, rsa) == 0) {
 				verbose(VERB_QUERY, "verify: "
-					"EVP_PKEY_assign_RSA SHA1 failed");
+					"EVP_PKEY_assign_RSA SHA failed");
 				return 0;
 			}
-			*digest_type = EVP_sha1();
+
+			/* select SHA version */
+#ifdef SHA256_DIGEST_LENGTH
+			if(algo == LDNS_RSASHA256)
+				*digest_type = EVP_sha256();
+			else
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+				if(algo == LDNS_RSASHA512)
+				*digest_type = EVP_sha512();
+			else
+#endif
+				*digest_type = EVP_sha1();
 
 			break;
 		case LDNS_RSAMD5:
-- 
2.47.3