]> git.ipfire.org Git - people/ms/dnsmasq.git/blame - src/dnssec.c
projects / people / ms / dnsmasq.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add --dnssec-timestamp option and facility.
[people/ms/dnsmasq.git] / src / dnssec.c
CommitLineData
8d41ebd8 1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
aff33962 2 and Copyright (c) 2012-2015 Simon Kelley
8d41ebd8
GB		 3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
e292e93d
GB		 17
18#include "dnsmasq.h"
0fc2f313
SK		 19
20#ifdef HAVE_DNSSEC
21
86bec2d3
SK		 22#include <nettle/rsa.h>
23#include <nettle/dsa.h>
c152dc84
SK		 24#ifndef NO_NETTLE_ECC
25# include <nettle/ecdsa.h>
26# include <nettle/ecc-curve.h>
27#endif
86bec2d3 28#include <nettle/nettle-meta.h>
063efb33
SK		 29#include <nettle/bignum.h>
30
cdb755c5
SK		 31/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33#ifdef dsa_params_init
34#include <nettle/dsa-compat.h>
35#endif
36
f6e62e2a 37#include <utime.h>
c3e0b9b6 38
e292e93d
GB		 39#define SERIAL_UNDEF -100
40#define SERIAL_EQ 0
41#define SERIAL_LT -1
42#define SERIAL_GT 1
43
86bec2d3
SK		 44/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45static char *ds_digest_name(int digest)
46{
47 switch (digest)
48 {
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
53 default: return NULL;
54 }
55}
56
57/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58static char *algo_digest_name(int algo)
59{
60 switch (algo)
61 {
62 case 1: return "md5";
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
72 default: return NULL;
73 }
74}
75
76/* Find pointer to correct hash function in nettle library */
77static const struct nettle_hash *hash_find(char *name)
78{
79 int i;
80
81 if (!name)
82 return NULL;
83
84 for (i = 0; nettle_hashes[i]; i++)
85 {
86 if (strcmp(nettle_hashes[i]->name, name) == 0)
87 return nettle_hashes[i];
88 }
89
90 return NULL;
91}
92
93/* expand ctx and digest memory allocations if necessary and init hash function */
94static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
95{
96 static void *ctx = NULL;
97 static unsigned char *digest = NULL;
98 static unsigned int ctx_sz = 0;
99 static unsigned int digest_sz = 0;
100
101 void *new;
102
103 if (ctx_sz < hash->context_size)
104 {
105 if (!(new = whine_malloc(hash->context_size)))
106 return 0;
107 if (ctx)
108 free(ctx);
109 ctx = new;
110 ctx_sz = hash->context_size;
111 }
112
113 if (digest_sz < hash->digest_size)
114 {
115 if (!(new = whine_malloc(hash->digest_size)))
116 return 0;
117 if (digest)
118 free(digest);
119 digest = new;
120 digest_sz = hash->digest_size;
121 }
122
123 *ctxp = ctx;
124 *digestp = digest;
125
126 hash->init(ctx);
127
128 return 1;
129}
130
cdb755c5
SK		 131static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
132 unsigned char *digest, int algo)
86bec2d3
SK		 133{
134 unsigned char *p;
135 size_t exp_len;
136
137 static struct rsa_public_key *key = NULL;
138 static mpz_t sig_mpz;
139
140 if (key == NULL)
141 {
142 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
143 return 0;
144
145 nettle_rsa_public_key_init(key);
146 mpz_init(sig_mpz);
147 }
148
149 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
150 return 0;
151
152 key_len--;
153 if ((exp_len = *p++) == 0)
154 {
155 GETSHORT(exp_len, p);
156 key_len -= 2;
157 }
158
159 if (exp_len >= key_len)
160 return 0;
161
162 key->size = key_len - exp_len;
163 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
164 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
165
166 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
167
168 switch (algo)
169 {
170 case 1:
171 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
172 case 5: case 7:
173 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
174 case 8:
175 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
176 case 10:
177 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
178 }
179
180 return 0;
181}
182
cdb755c5
SK		 183static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
184 unsigned char *digest, int algo)
86bec2d3
SK		 185{
186 unsigned char *p;
187 unsigned int t;
188
189 static struct dsa_public_key *key = NULL;
190 static struct dsa_signature *sig_struct;
191
192 if (key == NULL)
193 {
194 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
195 !(key = whine_malloc(sizeof(struct dsa_public_key))))
196 return 0;
197
198 nettle_dsa_public_key_init(key);
199 nettle_dsa_signature_init(sig_struct);
200 }
201
202 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
203 return 0;
204
205 t = *p++;
206
207 if (key_len < (213 + (t * 24)))
208 return 0;
ebe95a83 209
86bec2d3
SK		 210 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
211 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
212 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
213 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
214
215 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
216 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
217
218 (void)algo;
ebe95a83 219
86bec2d3
SK		 220 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
221}
222
c152dc84
SK		 223#ifndef NO_NETTLE_ECC
224static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
225 unsigned char *sig, size_t sig_len,
ebe95a83
SK		 226 unsigned char *digest, size_t digest_len, int algo)
227{
228 unsigned char *p;
229 unsigned int t;
230 struct ecc_point *key;
231
232 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
233 static mpz_t x, y;
234 static struct dsa_signature *sig_struct;
235
236 if (!sig_struct)
237 {
238 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
239 return 0;
240
241 nettle_dsa_signature_init(sig_struct);
242 mpz_init(x);
243 mpz_init(y);
244 }
245
246 switch (algo)
247 {
248 case 13:
249 if (!key_256)
250 {
251 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
252 return 0;
253
254 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
255 }
256
257 key = key_256;
258 t = 32;
259 break;
260
261 case 14:
262 if (!key_384)
263 {
264 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
265 return 0;
266
267 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
268 }
269
270 key = key_384;
271 t = 48;
272 break;
273
274 default:
275 return 0;
276 }
277
278 if (sig_len != 2*t || key_len != 2*t ||
6ef15b34 279 !(p = blockdata_retrieve(key_data, key_len, NULL)))
ebe95a83
SK		 280 return 0;
281
282 mpz_import(x, t , 1, 1, 0, 0, p);
283 mpz_import(y, t , 1, 1, 0, 0, p + t);
284
285 if (!ecc_point_set(key, x, y))
286 return 0;
287
288 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
289 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
290
291 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
292}
c152dc84
SK		 293#endif
294
86bec2d3 295static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
ebe95a83 296 unsigned char *digest, size_t digest_len, int algo)
86bec2d3 297{
7b1eae4f
SK		 298 (void)digest_len;
299
86bec2d3
SK		 300 switch (algo)
301 {
302 case 1: case 5: case 7: case 8: case 10:
cdb755c5 303 return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
86bec2d3
SK		 304
305 case 3: case 6:
cdb755c5 306 return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
c152dc84
SK		 307
308#ifndef NO_NETTLE_ECC
ebe95a83
SK		 309 case 13: case 14:
310 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
c152dc84
SK		 311#endif
312 }
86bec2d3
SK		 313
314 return 0;
315}
316
0fc2f313
SK		 317/* Convert from presentation format to wire format, in place.
318 Also map UC -> LC.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
324*/
325static int to_wire(char *name)
7f0485cf 326{
0fc2f313
SK		 327 unsigned char *l, *p, term;
328 int len;
329
330 for (l = (unsigned char*)name; *l != 0; l = p)
331 {
332 for (p = l; *p != '.' && *p != 0; p++)
333 if (*p >= 'A' && *p <= 'Z')
334 *p = *p - 'A' + 'a';
335
336 term = *p;
337
338 if ((len = p - l) != 0)
339 memmove(l+1, l, len);
340 *l = len;
341
342 p++;
343
344 if (term == 0)
345 *p = 0;
346 }
347
348 return l + 1 - (unsigned char *)name;
7f0485cf
GB		 349}
350
0fc2f313
SK		 351/* Note: no compression allowed in input. */
352static void from_wire(char *name)
13e435eb 353{
0fc2f313
SK		 354 unsigned char *l;
355 int len;
13e435eb 356
0fc2f313 357 for (l = (unsigned char *)name; *l != 0; l += len+1)
13e435eb 358 {
0fc2f313
SK		 359 len = *l;
360 memmove(l, l+1, len);
361 l[len] = '.';
13e435eb 362 }
7f0485cf 363
e3f14558 364 if ((char *)l != name)
bd9b3cf5 365 *(l-1) = 0;
13e435eb
GB		 366}
367
5ada8885
SK		 368/* Input in presentation format */
369static int count_labels(char *name)
370{
371 int i;
372
373 if (*name == 0)
374 return 0;
375
376 for (i = 0; *name; name++)
377 if (*name == '.')
378 i++;
379
380 return i+1;
381}
382
5f8e58f4
SK		 383/* Implement RFC1982 wrapped compare for 32-bit numbers */
384static int serial_compare_32(unsigned long s1, unsigned long s2)
385{
386 if (s1 == s2)
387 return SERIAL_EQ;
0ca895f5 388
5f8e58f4
SK		 389 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
390 (s1 > s2 && (s1 - s2) > (1UL<<31)))
391 return SERIAL_LT;
392 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
393 (s1 > s2 && (s1 - s2) < (1UL<<31)))
394 return SERIAL_GT;
395 return SERIAL_UNDEF;
396}
0852d76b 397
f6e62e2a
SK		 398/* Called at startup. If the timestamp file is configured and exists, put its mtime on
399 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
400 Change the ownership to the user we'll be running as, so that we can update the mtime.
401*/
402static time_t timestamp_time;
403static int back_to_the_future;
404
405int setup_timestamp(uid_t uid)
406{
407 struct stat statbuf;
408
409 back_to_the_future = 0;
410
411 if (!option_bool(OPT_DNSSEC_VALID) || !daemon->timestamp_file)
412 return 0;
413
414 if (stat(daemon->timestamp_file, &statbuf) != -1)
415 {
416 timestamp_time = statbuf.st_mtime;
417 check_and_exit:
418 if (difftime(timestamp_time, time(0)) <= 0)
419 {
420 /* time already OK, update timestamp, and do key checking from the start. */
421 if (utime(daemon->timestamp_file, NULL) == -1)
422 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
423 back_to_the_future = 1;
424 return 0;
425 }
426 return 1;
427 }
428
429 if (errno == ENOENT)
430 {
431 int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK, 0666);
432 if (fd != -1)
433 {
434 struct utimbuf timbuf;
435
436 close(fd);
437
438 timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
439 if (utime(daemon->timestamp_file, &timbuf) == 0 &&
440 (getuid() != 0 || chown(daemon->timestamp_file, uid, -1) == 0))
441 goto check_and_exit;
442 }
443 }
444
445 die(_("Cannot create timestamp file %s: %s" ), daemon->timestamp_file, EC_BADCONF);
446 return 0;
447}
448
5f8e58f4
SK		 449/* Check whether today/now is between date_start and date_end */
450static int check_date_range(unsigned long date_start, unsigned long date_end)
0852d76b 451{
f6e62e2a
SK		 452 unsigned long curtime = time(0);
453
e98bd52e 454 /* Checking timestamps may be temporarily disabled */
f6e62e2a
SK		 455
456 /* If the current time if _before_ the timestamp
457 on our persistent timestamp file, then assume the
458 time if not yet correct, and don't check the
459 key timestamps. As soon as the current time is
460 later then the timestamp, update the timestamp
461 and start checking keys */
462 if (daemon->timestamp_file)
463 {
464 if (back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
465 {
466 if (utime(daemon->timestamp_file, NULL) != 0)
467 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
468
469 back_to_the_future = 1;
470 set_option_bool(OPT_DNSSEC_TIME);
471 queue_event(EVENT_RELOAD); /* purge cache */
472 }
473
474 if (back_to_the_future == 0)
475 return 1;
476 }
477 else if (option_bool(OPT_DNSSEC_TIME))
e98bd52e
SK		 478 return 1;
479
5f8e58f4
SK		 480 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
481 return serial_compare_32(curtime, date_start) == SERIAL_GT
482 && serial_compare_32(curtime, date_end) == SERIAL_LT;
483}
f119ed38 484
5f8e58f4
SK		 485static u16 *get_desc(int type)
486{
487 /* List of RRtypes which include domains in the data.
488 0 -> domain
489 integer -> no of plain bytes
490 -1 -> end
491
492 zero is not a valid RRtype, so the final entry is returned for
493 anything which needs no mangling.
494 */
495
496 static u16 rr_desc[] =
497 {
498 T_NS, 0, -1,
499 T_MD, 0, -1,
500 T_MF, 0, -1,
501 T_CNAME, 0, -1,
502 T_SOA, 0, 0, -1,
503 T_MB, 0, -1,
504 T_MG, 0, -1,
505 T_MR, 0, -1,
506 T_PTR, 0, -1,
507 T_MINFO, 0, 0, -1,
508 T_MX, 2, 0, -1,
509 T_RP, 0, 0, -1,
510 T_AFSDB, 2, 0, -1,
511 T_RT, 2, 0, -1,
512 T_SIG, 18, 0, -1,
513 T_PX, 2, 0, 0, -1,
514 T_NXT, 0, -1,
515 T_KX, 2, 0, -1,
516 T_SRV, 6, 0, -1,
517 T_DNAME, 0, -1,
5f8e58f4
SK		 518 0, -1 /* wildcard/catchall */
519 };
520
521 u16 *p = rr_desc;
522
523 while (*p != type && *p != 0)
524 while (*p++ != (u16)-1);
f119ed38 525
5f8e58f4
SK		 526 return p+1;
527}
0852d76b 528
5f8e58f4
SK		 529/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
530 data, pointed to by *p, should be used raw. */
094b5c3d 531static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
5f8e58f4
SK		 532 unsigned char **p, u16 **desc)
533{
534 int d = **desc;
535
5f8e58f4
SK		 536 /* No more data needs mangling */
537 if (d == (u16)-1)
094b5c3d
SK		 538 {
539 /* If there's more data than we have space for, just return what fits,
540 we'll get called again for more chunks */
541 if (end - *p > bufflen)
542 {
543 memcpy(buff, *p, bufflen);
544 *p += bufflen;
545 return bufflen;
546 }
547
548 return 0;
549 }
550
551 (*desc)++;
5f8e58f4
SK		 552
553 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
554 /* domain-name, canonicalise */
555 return to_wire(buff);
556 else
557 {
558 /* plain data preceding a domain-name, don't run off the end of the data */
559 if ((end - *p) < d)
560 d = end - *p;
561
562 if (d != 0)
563 {
564 memcpy(buff, *p, d);
565 *p += d;
566 }
567
568 return d;
569 }
0852d76b
GB		 570}
571
613ad15d
SK		 572static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
573{
574 unsigned char **p;
575 int new_sz = *sz;
576
577 if (new_sz > new)
578 return 1;
579
580 if (new >= 100)
581 return 0;
582
583 new_sz += 5;
584
585 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
586 return 0;
587
588 if (*wkspc)
589 {
590 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
591 free(*wkspc);
592 }
593
594 *wkspc = p;
595 *sz = new_sz;
00a5b5d4
SK		 596
597 return 1;
613ad15d
SK		 598}
599
5f8e58f4
SK		 600/* Bubble sort the RRset into the canonical order.
601 Note that the byte-streams from two RRs may get unsynced: consider
602 RRs which have two domain-names at the start and then other data.
603 The domain-names may have different lengths in each RR, but sort equal
604
605 ------------
606 |abcde|fghi|
607 ------------
608 |abcd|efghi|
609 ------------
610
611 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
612*/
613
614static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
615 unsigned char **rrset, char *buff1, char *buff2)
c3e0b9b6 616{
5f8e58f4 617 int swap, quit, i;
0fc2f313 618
5f8e58f4
SK		 619 do
620 {
621 for (swap = 0, i = 0; i < rrsetidx-1; i++)
622 {
623 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
624 u16 *dp1, *dp2;
625 unsigned char *end1, *end2;
5107ace1
SK		 626 /* Note that these have been determined to be OK previously,
627 so we don't need to check for NULL return here. */
5f8e58f4
SK		 628 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
629 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
630
631 p1 += 8; /* skip class, type, ttl */
632 GETSHORT(rdlen1, p1);
633 end1 = p1 + rdlen1;
634
635 p2 += 8; /* skip class, type, ttl */
636 GETSHORT(rdlen2, p2);
637 end2 = p2 + rdlen2;
638
639 dp1 = dp2 = rr_desc;
640
1486a9c7 641 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
5f8e58f4 642 {
1486a9c7
SK		 643 if (left1 != 0)
644 memmove(buff1, buff1 + len1 - left1, left1);
645
094b5c3d 646 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
5f8e58f4
SK		 647 {
648 quit = 1;
649 len1 = end1 - p1;
650 memcpy(buff1 + left1, p1, len1);
651 }
652 len1 += left1;
653
1486a9c7
SK		 654 if (left2 != 0)
655 memmove(buff2, buff2 + len2 - left2, left2);
656
094b5c3d 657 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
5f8e58f4
SK		 658 {
659 quit = 1;
660 len2 = end2 - p2;
661 memcpy(buff2 + left2, p2, len2);
662 }
663 len2 += left2;
664
665 if (len1 > len2)
1486a9c7 666 left1 = len1 - len2, left2 = 0, len = len2;
5f8e58f4 667 else
1486a9c7 668 left2 = len2 - len1, left1 = 0, len = len1;
5f8e58f4 669
6fd6dacb 670 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
5f8e58f4 671
4619d946 672 if (rc > 0 || (rc == 0 && quit && len1 > len2))
5f8e58f4
SK		 673 {
674 unsigned char *tmp = rrset[i+1];
675 rrset[i+1] = rrset[i];
676 rrset[i] = tmp;
677 swap = quit = 1;
678 }
6fd6dacb
SK		 679 else if (rc < 0)
680 quit = 1;
5f8e58f4
SK		 681 }
682 }
683 } while (swap);
684}
c3e0b9b6 685
5f8e58f4
SK		 686/* Validate a single RRset (class, type, name) in the supplied DNS reply
687 Return code:
688 STAT_SECURE if it validates.
5107ace1 689 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
fbc52057 690 (In this case *wildcard_out points to the "body" of the wildcard within name.)
00a5b5d4 691 STAT_NO_SIG no RRsigs found.
87070192
SK		 692 STAT_INSECURE RRset empty.
693 STAT_BOGUS signature is wrong, bad packet.
5f8e58f4
SK		 694 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
695
696 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
697 otherwise find the key in the cache.
5107ace1
SK		 698
699 name is unchanged on exit. keyname is used as workspace and trashed.
5f8e58f4 700*/
fbc52057
SK		 701static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
702 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
5f8e58f4
SK		 703{
704 static unsigned char **rrset = NULL, **sigs = NULL;
705 static int rrset_sz = 0, sig_sz = 0;
0fc2f313 706
5f8e58f4 707 unsigned char *p;
5ada8885 708 int rrsetidx, sigidx, res, rdlen, j, name_labels;
5f8e58f4
SK		 709 struct crec *crecp = NULL;
710 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
711 u16 *rr_desc = get_desc(type);
83d2ed09
SK		 712
713 if (wildcard_out)
714 *wildcard_out = NULL;
715
5f8e58f4 716 if (!(p = skip_questions(header, plen)))
87070192 717 return STAT_BOGUS;
83d2ed09 718
5ada8885
SK		 719 name_labels = count_labels(name); /* For 4035 5.3.2 check */
720
721 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
5f8e58f4
SK		 722 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
723 j != 0; j--)
724 {
725 unsigned char *pstart, *pdata;
b98d22c1 726 int stype, sclass;
c3e0b9b6 727
5f8e58f4
SK		 728 pstart = p;
729
730 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
87070192 731 return STAT_BOGUS; /* bad packet */
5f8e58f4
SK		 732
733 GETSHORT(stype, p);
734 GETSHORT(sclass, p);
b98d22c1 735 p += 4; /* TTL */
5f8e58f4
SK		 736
737 pdata = p;
c3e0b9b6 738
5f8e58f4
SK		 739 GETSHORT(rdlen, p);
740
e7829aef 741 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 742 return STAT_BOGUS;
e7829aef 743
5f8e58f4
SK		 744 if (res == 1 && sclass == class)
745 {
746 if (stype == type)
747 {
613ad15d 748 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
87070192 749 return STAT_BOGUS;
613ad15d 750
5f8e58f4
SK		 751 rrset[rrsetidx++] = pstart;
752 }
753
754 if (stype == T_RRSIG)
755 {
613ad15d 756 if (rdlen < 18)
87070192 757 return STAT_BOGUS; /* bad packet */
613ad15d
SK		 758
759 GETSHORT(type_covered, p);
760
761 if (type_covered == type)
762 {
763 if (!expand_workspace(&sigs, &sig_sz, sigidx))
87070192 764 return STAT_BOGUS;
613ad15d
SK		 765
766 sigs[sigidx++] = pdata;
767 }
768
769 p = pdata + 2; /* restore for ADD_RDLEN */
5f8e58f4
SK		 770 }
771 }
613ad15d 772
5f8e58f4 773 if (!ADD_RDLEN(header, p, plen, rdlen))
87070192 774 return STAT_BOGUS;
5f8e58f4 775 }
c3e0b9b6 776
00a5b5d4
SK		 777 /* RRset empty */
778 if (rrsetidx == 0)
5f8e58f4 779 return STAT_INSECURE;
00a5b5d4
SK		 780
781 /* no RRSIGs */
782 if (sigidx == 0)
783 return STAT_NO_SIG;
5f8e58f4
SK		 784
785 /* Sort RRset records into canonical order.
d387380a 786 Note that at this point keyname and daemon->workspacename buffs are
5f8e58f4 787 unused, and used as workspace by the sort. */
d387380a 788 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
5f8e58f4
SK		 789
790 /* Now try all the sigs to try and find one which validates */
791 for (j = 0; j <sigidx; j++)
792 {
d387380a 793 unsigned char *psav, *sig, *digest;
86bec2d3
SK		 794 int i, wire_len, sig_len;
795 const struct nettle_hash *hash;
796 void *ctx;
d387380a 797 char *name_start;
5f8e58f4
SK		 798 u32 nsigttl;
799
800 p = sigs[j];
5ada8885 801 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
5f8e58f4
SK		 802 psav = p;
803
5ada8885 804 p += 2; /* type_covered - already checked */
5f8e58f4
SK		 805 algo = *p++;
806 labels = *p++;
807 GETLONG(orig_ttl, p);
e7829aef
SK		 808 GETLONG(sig_expiration, p);
809 GETLONG(sig_inception, p);
5f8e58f4
SK		 810 GETSHORT(key_tag, p);
811
5f8e58f4 812 if (!extract_name(header, plen, &p, keyname, 1, 0))
87070192 813 return STAT_BOGUS;
d387380a
SK		 814
815 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
816 the name of the zone containing the RRset. We can't tell that
817 for certain, but we can check that the RRset name is equal to
818 or encloses the signers name, which should be enough to stop
819 an attacker using signatures made with the key of an unrelated
820 zone he controls. Note that the root key is always allowed. */
821 if (*keyname != 0)
822 {
823 int failed = 0;
824
825 for (name_start = name; !hostname_isequal(name_start, keyname); )
826 if ((name_start = strchr(name_start, '.')))
827 name_start++; /* chop a label off and try again */
828 else
829 {
830 failed = 1;
831 break;
832 }
833
834 /* Bad sig, try another */
835 if (failed)
836 continue;
837 }
5f8e58f4 838
d387380a 839 /* Other 5.3.1 checks */
e7829aef
SK		 840 if (!check_date_range(sig_inception, sig_expiration) ||
841 labels > name_labels ||
842 !(hash = hash_find(algo_digest_name(algo))) ||
843 !hash_init(hash, &ctx, &digest))
844 continue;
845
5f8e58f4
SK		 846 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
847 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
848 return STAT_NEED_KEY;
849
86bec2d3
SK		 850 sig = p;
851 sig_len = rdlen - (p - psav);
e7829aef 852
5f8e58f4
SK		 853 nsigttl = htonl(orig_ttl);
854
86bec2d3 855 hash->update(ctx, 18, psav);
5f8e58f4 856 wire_len = to_wire(keyname);
86bec2d3 857 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
5f8e58f4
SK		 858 from_wire(keyname);
859
5f8e58f4
SK		 860 for (i = 0; i < rrsetidx; ++i)
861 {
862 int seg;
863 unsigned char *end, *cp;
864 u16 len, *dp;
d387380a 865
5f8e58f4
SK		 866 p = rrset[i];
867 if (!extract_name(header, plen, &p, name, 1, 10))
87070192 868 return STAT_BOGUS;
5ada8885 869
d387380a
SK		 870 name_start = name;
871
5ada8885
SK		 872 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
873 if (labels < name_labels)
874 {
875 int k;
876 for (k = name_labels - labels; k != 0; k--)
fbc52057
SK		 877 {
878 while (*name_start != '.' && *name_start != 0)
879 name_start++;
0b1008d3 880 if (k != 1 && *name_start == '.')
fbc52057
SK		 881 name_start++;
882 }
883
884 if (wildcard_out)
885 *wildcard_out = name_start+1;
886
5ada8885
SK		 887 name_start--;
888 *name_start = '*';
889 }
890
891 wire_len = to_wire(name_start);
86bec2d3
SK		 892 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
893 hash->update(ctx, 4, p); /* class and type */
894 hash->update(ctx, 4, (unsigned char *)&nsigttl);
5f8e58f4
SK		 895
896 p += 8; /* skip class, type, ttl */
897 GETSHORT(rdlen, p);
5ada8885 898 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 899 return STAT_BOGUS;
5ada8885 900
5f8e58f4
SK		 901 end = p + rdlen;
902
903 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
904 cp = p;
905 dp = rr_desc;
094b5c3d 906 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
5f8e58f4
SK		 907 len += end - cp;
908 len = htons(len);
86bec2d3 909 hash->update(ctx, 2, (unsigned char *)&len);
5f8e58f4
SK		 910
911 /* Now canonicalise again and digest. */
912 cp = p;
913 dp = rr_desc;
094b5c3d 914 while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
86bec2d3 915 hash->update(ctx, seg, (unsigned char *)name);
5f8e58f4 916 if (cp != end)
86bec2d3 917 hash->update(ctx, end - cp, cp);
5f8e58f4 918 }
86bec2d3
SK		 919
920 hash->digest(ctx, hash->digest_size, digest);
921
5ada8885
SK		 922 /* namebuff used for workspace above, restore to leave unchanged on exit */
923 p = (unsigned char*)(rrset[0]);
924 extract_name(header, plen, &p, name, 1, 0);
925
5f8e58f4
SK		 926 if (key)
927 {
928 if (algo_in == algo && keytag_in == key_tag &&
ebe95a83 929 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
5f8e58f4
SK		 930 return STAT_SECURE;
931 }
932 else
933 {
934 /* iterate through all possible keys 4035 5.3.1 */
935 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
51ea3ca2
SK		 936 if (crecp->addr.key.algo == algo &&
937 crecp->addr.key.keytag == key_tag &&
3f7483e8 938 crecp->uid == (unsigned int)class &&
ebe95a83 939 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
5107ace1 940 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
5f8e58f4
SK		 941 }
942 }
943
944 return STAT_BOGUS;
945}
946
0fc2f313 947/* The DNS packet is expected to contain the answer to a DNSKEY query.
c3e0b9b6
SK		 948 Put all DNSKEYs in the answer which are valid into the cache.
949 return codes:
97e618a0 950 STAT_SECURE At least one valid DNSKEY found and in cache.
0fc2f313 951 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
87070192 952 or self-sign for DNSKEY RRset is not valid, bad packet.
0fc2f313 953 STAT_NEED_DS DS records to validate a key not found, name in keyname
c3e0b9b6
SK		 954*/
955int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
956{
0fc2f313 957 unsigned char *psave, *p = (unsigned char *)(header+1);
c3e0b9b6 958 struct crec *crecp, *recp1;
8d718cbb 959 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
c3e0b9b6 960 struct blockdata *key;
51ea3ca2 961 struct all_addr a;
c3e0b9b6 962
5f8e58f4
SK		 963 if (ntohs(header->qdcount) != 1 ||
964 !extract_name(header, plen, &p, name, 1, 4))
87070192 965 return STAT_BOGUS;
5f8e58f4 966
c3e0b9b6
SK		 967 GETSHORT(qtype, p);
968 GETSHORT(qclass, p);
969
97e618a0 970 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
f01d7be6 971 return STAT_BOGUS;
c3e0b9b6 972
b8eac191 973 /* See if we have cached a DS record which validates this key */
0fc2f313
SK		 974 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
975 {
976 strcpy(keyname, name);
977 return STAT_NEED_DS;
978 }
b8eac191
SK		 979
980 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
981 if (crecp->flags & F_NEG)
982 return STAT_INSECURE;
983
0fc2f313 984 /* NOTE, we need to find ONE DNSKEY which matches the DS */
e7829aef 985 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
c3e0b9b6
SK		 986 {
987 /* Ensure we have type, class TTL and length */
0fc2f313 988 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
87070192 989 return STAT_BOGUS; /* bad packet */
c3e0b9b6
SK		 990
991 GETSHORT(qtype, p);
992 GETSHORT(qclass, p);
993 GETLONG(ttl, p);
994 GETSHORT(rdlen, p);
6f468103 995
0fc2f313 996 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
87070192 997 return STAT_BOGUS; /* bad packet */
0fc2f313 998
6f468103
SK		 999 if (qclass != class || qtype != T_DNSKEY || rc == 2)
1000 {
1001 p += rdlen;
1002 continue;
1003 }
1004
0fc2f313 1005 psave = p;
c3e0b9b6 1006
c3e0b9b6 1007 GETSHORT(flags, p);
0fc2f313 1008 if (*p++ != 3)
f01d7be6 1009 return STAT_BOGUS;
c3e0b9b6 1010 algo = *p++;
0fc2f313 1011 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
e7829aef 1012 key = NULL;
c3e0b9b6 1013
e7829aef
SK		 1014 /* key must have zone key flag set */
1015 if (flags & 0x100)
1016 key = blockdata_alloc((char*)p, rdlen - 4);
c3e0b9b6 1017
0fc2f313 1018 p = psave;
e7829aef 1019
0fc2f313 1020 if (!ADD_RDLEN(header, p, plen, rdlen))
8d718cbb
SK		 1021 {
1022 if (key)
1023 blockdata_free(key);
87070192 1024 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1025 }
1026
e7829aef
SK		 1027 /* No zone key flag or malloc failure */
1028 if (!key)
0fc2f313
SK		 1029 continue;
1030
1031 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
86bec2d3
SK		 1032 {
1033 void *ctx;
1034 unsigned char *digest, *ds_digest;
1035 const struct nettle_hash *hash;
1036
51ea3ca2
SK		 1037 if (recp1->addr.ds.algo == algo &&
1038 recp1->addr.ds.keytag == keytag &&
3f7483e8 1039 recp1->uid == (unsigned int)class &&
51ea3ca2 1040 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
86bec2d3 1041 hash_init(hash, &ctx, &digest))
0fc2f313 1042
86bec2d3
SK		 1043 {
1044 int wire_len = to_wire(name);
1045
1046 /* Note that digest may be different between DSs, so
1047 we can't move this outside the loop. */
1048 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
1049 hash->update(ctx, (unsigned int)rdlen, psave);
1050 hash->digest(ctx, hash->digest_size, digest);
1051
1052 from_wire(name);
1053
824202ef
SK		 1054 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
1055 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
1056 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
fbc52057 1057 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
86bec2d3 1058 {
86bec2d3 1059 valid = 1;
86bec2d3
SK		 1060 break;
1061 }
1062 }
1063 }
e7829aef 1064 blockdata_free(key);
c3e0b9b6 1065 }
c3e0b9b6 1066
0fc2f313
SK		 1067 if (valid)
1068 {
8d718cbb 1069 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
e7829aef
SK		 1070 cache_start_insert();
1071
1072 p = skip_questions(header, plen);
1073
1074 for (j = ntohs(header->ancount); j != 0; j--)
1075 {
1076 /* Ensure we have type, class TTL and length */
1077 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1078 return STAT_INSECURE; /* bad packet */
1079
1080 GETSHORT(qtype, p);
1081 GETSHORT(qclass, p);
1082 GETLONG(ttl, p);
1083 GETSHORT(rdlen, p);
8d718cbb
SK		 1084
1085 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1086 return STAT_BOGUS; /* bad packet */
e7829aef 1087
8d718cbb 1088 if (qclass == class && rc == 1)
e7829aef 1089 {
8d718cbb 1090 psave = p;
e7829aef 1091
8d718cbb
SK		 1092 if (qtype == T_DNSKEY)
1093 {
1094 if (rdlen < 4)
87070192 1095 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1096
1097 GETSHORT(flags, p);
1098 if (*p++ != 3)
f01d7be6 1099 return STAT_BOGUS;
8d718cbb
SK		 1100 algo = *p++;
1101 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1102
1103 /* Cache needs to known class for DNSSEC stuff */
1104 a.addr.dnssec.class = class;
1105
1106 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1107 {
1108 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1109 blockdata_free(key);
1110 else
1111 {
1112 a.addr.keytag = keytag;
25cf5e37 1113 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
8d718cbb
SK		 1114
1115 recp1->addr.key.keylen = rdlen - 4;
1116 recp1->addr.key.keydata = key;
1117 recp1->addr.key.algo = algo;
1118 recp1->addr.key.keytag = keytag;
1119 recp1->addr.key.flags = flags;
8d718cbb
SK		 1120 }
1121 }
1122 }
1123 else if (qtype == T_RRSIG)
1124 {
1125 /* RRSIG, cache if covers DNSKEY RRset */
1126 if (rdlen < 18)
87070192 1127 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1128
1129 GETSHORT(type_covered, p);
1130
1131 if (type_covered == T_DNSKEY)
1132 {
1133 a.addr.dnssec.class = class;
1134 a.addr.dnssec.type = type_covered;
1135
1136 algo = *p++;
1137 p += 13; /* labels, orig_ttl, expiration, inception */
1138 GETSHORT(keytag, p);
1139 if ((key = blockdata_alloc((char*)psave, rdlen)))
1140 {
1141 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1142 blockdata_free(key);
1143 else
1144 {
8d718cbb
SK		 1145 crecp->addr.sig.keydata = key;
1146 crecp->addr.sig.keylen = rdlen;
1147 crecp->addr.sig.keytag = keytag;
1148 crecp->addr.sig.type_covered = type_covered;
1149 crecp->addr.sig.algo = algo;
1150 }
1151 }
1152 }
1153 }
e7829aef 1154
8d718cbb 1155 p = psave;
e7829aef 1156 }
8d718cbb 1157
e7829aef 1158 if (!ADD_RDLEN(header, p, plen, rdlen))
87070192 1159 return STAT_BOGUS; /* bad packet */
e7829aef
SK		 1160 }
1161
0fc2f313
SK		 1162 /* commit cache insert. */
1163 cache_end_insert();
1164 return STAT_SECURE;
1165 }
1166
25cf5e37 1167 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
0fc2f313 1168 return STAT_BOGUS;
c3e0b9b6 1169}
0fc2f313 1170
c3e0b9b6
SK		 1171/* The DNS packet is expected to contain the answer to a DS query
1172 Put all DSs in the answer which are valid into the cache.
1173 return codes:
c3e0b9b6 1174 STAT_SECURE At least one valid DS found and in cache.
00a5b5d4 1175 STAT_NO_DS It's proved there's no DS here.
97e618a0
SK		 1176 STAT_NO_NS It's proved there's no DS _or_ NS here.
1177 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
c3e0b9b6
SK		 1178 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1179*/
1180
1181int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1182{
51ea3ca2 1183 unsigned char *p = (unsigned char *)(header+1);
97e618a0 1184 int qtype, qclass, val, i, neganswer, nons;
c3e0b9b6 1185
5f8e58f4 1186 if (ntohs(header->qdcount) != 1 ||
b8eac191 1187 !(p = skip_name(p, header, plen, 4)))
87070192 1188 return STAT_BOGUS;
8d718cbb 1189
c3e0b9b6
SK		 1190 GETSHORT(qtype, p);
1191 GETSHORT(qclass, p);
1192
b47b04c8
SK		 1193 if (qtype != T_DS || qclass != class)
1194 val = STAT_BOGUS;
1195 else
97e618a0
SK		 1196 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
1197 /* Note dnssec_validate_reply() will have cached positive answers */
1198
1199 if (val == STAT_NO_SIG || val == STAT_INSECURE)
1200 val = STAT_BOGUS;
51ea3ca2 1201
b8eac191
SK		 1202 p = (unsigned char *)(header+1);
1203 extract_name(header, plen, &p, name, 1, 4);
1204 p += 4; /* qtype, qclass */
1205
00a5b5d4 1206 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
97e618a0 1207 val = STAT_BOGUS;
00a5b5d4 1208
0fc2f313 1209 if (val == STAT_BOGUS)
b8eac191 1210 {
25cf5e37 1211 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
97e618a0
SK		 1212 return STAT_BOGUS;
1213 }
1214
1215 /* By here, the answer is proved secure, and a positive answer has been cached. */
1216 if (val == STAT_SECURE && neganswer)
1217 {
1218 int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
b8eac191
SK		 1219 unsigned long ttl, minttl = ULONG_MAX;
1220 struct all_addr a;
00a5b5d4
SK		 1221
1222 if (RCODE(header) == NXDOMAIN)
1223 flags |= F_NXDOMAIN;
1224
97e618a0
SK		 1225 /* We only cache validated DS records, DNSSECOK flag hijacked
1226 to store presence/absence of NS. */
1227 if (nons)
1228 flags &= ~F_DNSSECOK;
b8eac191
SK		 1229
1230 for (i = ntohs(header->nscount); i != 0; i--)
1231 {
00a5b5d4 1232 if (!(p = skip_name(p, header, plen, 0)))
87070192 1233 return STAT_BOGUS;
b8eac191
SK		 1234
1235 GETSHORT(qtype, p);
1236 GETSHORT(qclass, p);
1237 GETLONG(ttl, p);
1238 GETSHORT(rdlen, p);
1239
00a5b5d4 1240 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1241 return STAT_BOGUS; /* bad packet */
00a5b5d4
SK		 1242
1243 if (qclass != class || qtype != T_SOA)
b8eac191
SK		 1244 {
1245 p += rdlen;
1246 continue;
1247 }
1248
1249 if (ttl < minttl)
1250 minttl = ttl;
1251
1252 /* MNAME */
1253 if (!(p = skip_name(p, header, plen, 0)))
87070192 1254 return STAT_BOGUS;
b8eac191
SK		 1255 /* RNAME */
1256 if (!(p = skip_name(p, header, plen, 20)))
87070192 1257 return STAT_BOGUS;
b8eac191
SK		 1258 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1259
1260 GETLONG(ttl, p); /* minTTL */
1261 if (ttl < minttl)
1262 minttl = ttl;
00a5b5d4
SK		 1263
1264 break;
b8eac191
SK		 1265 }
1266
00a5b5d4
SK		 1267 if (i != 0)
1268 {
1269 cache_start_insert();
1270
1271 a.addr.dnssec.class = class;
1272 cache_insert(name, &a, now, ttl, flags);
1273
97e618a0
SK		 1274 cache_end_insert();
1275
25cf5e37 1276 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
00a5b5d4 1277 }
b8eac191 1278
97e618a0 1279 return nons ? STAT_NO_NS : STAT_NO_DS;
b8eac191
SK		 1280 }
1281
51ea3ca2 1282 return val;
c3e0b9b6
SK		 1283}
1284
c5f4ec7d
SK		 1285/* 4034 6.1 */
1286static int hostname_cmp(const char *a, const char *b)
1287{
dbf72123
SK		 1288 char *sa, *ea, *ca, *sb, *eb, *cb;
1289 unsigned char ac, bc;
1290
1291 sa = ea = (char *)a + strlen(a);
1292 sb = eb = (char *)b + strlen(b);
1293
c5f4ec7d
SK		 1294 while (1)
1295 {
dbf72123
SK		 1296 while (sa != a && *(sa-1) != '.')
1297 sa--;
c5f4ec7d 1298
dbf72123
SK		 1299 while (sb != b && *(sb-1) != '.')
1300 sb--;
1301
1302 ca = sa;
1303 cb = sb;
1304
1305 while (1)
1306 {
1307 if (ca == ea)
1308 {
1309 if (cb == eb)
1310 break;
1311
1312 return -1;
1313 }
c5f4ec7d 1314
dbf72123
SK		 1315 if (cb == eb)
1316 return 1;
1317
1318 ac = (unsigned char) *ca++;
1319 bc = (unsigned char) *cb++;
1320
1321 if (ac >= 'A' && ac <= 'Z')
1322 ac += 'a' - 'A';
1323 if (bc >= 'A' && bc <= 'Z')
1324 bc += 'a' - 'A';
1325
979cdf9b 1326 if (ac < bc)
dbf72123
SK		 1327 return -1;
1328 else if (ac != bc)
1329 return 1;
1330 }
c5f4ec7d 1331
dbf72123
SK		 1332
1333 if (sa == a)
c5f4ec7d 1334 {
dbf72123
SK		 1335 if (sb == b)
1336 return 0;
c5f4ec7d 1337
dbf72123 1338 return -1;
c5f4ec7d
SK		 1339 }
1340
dbf72123
SK		 1341 if (sb == b)
1342 return 1;
c5f4ec7d 1343
dbf72123
SK		 1344 ea = sa--;
1345 eb = sb--;
c5f4ec7d
SK		 1346 }
1347}
1348
5107ace1
SK		 1349/* Find all the NSEC or NSEC3 records in a reply.
1350 return an array of pointers to them. */
1351static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1352{
1353 static unsigned char **nsecset = NULL;
1354 static int nsecset_sz = 0;
1355
87070192 1356 int type_found = 0;
5107ace1
SK		 1357 unsigned char *p = skip_questions(header, plen);
1358 int type, class, rdlen, i, nsecs_found;
1359
1360 /* Move to NS section */
1361 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1362 return 0;
1363
1364 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1365 {
1366 unsigned char *pstart = p;
1367
1368 if (!(p = skip_name(p, header, plen, 10)))
1369 return 0;
1370
1371 GETSHORT(type, p);
1372 GETSHORT(class, p);
1373 p += 4; /* TTL */
1374 GETSHORT(rdlen, p);
1375
1376 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1377 {
1378 /* No mixed NSECing 'round here, thankyouverymuch */
1379 if (type_found == T_NSEC && type == T_NSEC3)
1380 return 0;
1381 if (type_found == T_NSEC3 && type == T_NSEC)
1382 return 0;
1383
1384 type_found = type;
1385
613ad15d
SK		 1386 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1387 return 0;
1388
5107ace1
SK		 1389 nsecset[nsecs_found++] = pstart;
1390 }
613ad15d 1391
5107ace1
SK		 1392 if (!ADD_RDLEN(header, p, plen, rdlen))
1393 return 0;
1394 }
1395
1396 *nsecsetp = nsecset;
1397 *nsecsetl = nsecs_found;
1398
1399 return type_found;
1400}
1401
24187530 1402static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
97e618a0 1403 char *workspace1, char *workspace2, char *name, int type, int *nons)
5107ace1
SK		 1404{
1405 int i, rc, rdlen;
1406 unsigned char *p, *psave;
1407 int offset = (type & 0xff) >> 3;
1408 int mask = 0x80 >> (type & 0x07);
97e618a0
SK		 1409
1410 if (nons)
1411 *nons = 0;
5107ace1
SK		 1412
1413 /* Find NSEC record that proves name doesn't exist */
1414 for (i = 0; i < nsec_count; i++)
1415 {
1416 p = nsecs[i];
1417 if (!extract_name(header, plen, &p, workspace1, 1, 10))
87070192 1418 return STAT_BOGUS;
5107ace1
SK		 1419 p += 8; /* class, type, TTL */
1420 GETSHORT(rdlen, p);
1421 psave = p;
1422 if (!extract_name(header, plen, &p, workspace2, 1, 10))
87070192 1423 return STAT_BOGUS;
5107ace1
SK		 1424
1425 rc = hostname_cmp(workspace1, name);
1426
1427 if (rc == 0)
1428 {
f01d7be6
SK		 1429 /* 4035 para 5.4. Last sentence */
1430 if (type == T_NSEC || type == T_RRSIG)
1431 return STAT_SECURE;
1432
5107ace1
SK		 1433 /* NSEC with the same name as the RR we're testing, check
1434 that the type in question doesn't appear in the type map */
1435 rdlen -= p - psave;
1436 /* rdlen is now length of type map, and p points to it */
1437
97e618a0
SK		 1438 /* If we can prove that there's no NS record, return that information. */
1439 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1440 *nons = 1;
1441
5107ace1
SK		 1442 while (rdlen >= 2)
1443 {
1444 if (!CHECK_LEN(header, p, plen, rdlen))
87070192 1445 return STAT_BOGUS;
5107ace1
SK		 1446
1447 if (p[0] == type >> 8)
1448 {
1449 /* Does the NSEC say our type exists? */
a857daa3 1450 if (offset < p[1] && (p[offset+2] & mask) != 0)
5107ace1
SK		 1451 return STAT_BOGUS;
1452
1453 break; /* finshed checking */
1454 }
1455
1456 rdlen -= p[1];
1457 p += p[1];
1458 }
1459
1460 return STAT_SECURE;
1461 }
1462 else if (rc == -1)
1463 {
1464 /* Normal case, name falls between NSEC name and next domain name,
1465 wrap around case, name falls between NSEC name (rc == -1) and end */
1466 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1467 return STAT_SECURE;
1468 }
1469 else
1470 {
1471 /* wrap around case, name falls between start and next domain name */
1472 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1473 return STAT_SECURE;
1474 }
1475 }
1476
1477 return STAT_BOGUS;
1478}
1479
1480/* return digest length, or zero on error */
1481static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1482 unsigned char *salt, int salt_len, int iterations)
1483{
1484 void *ctx;
1485 unsigned char *digest;
1486 int i;
1487
1488 if (!hash_init(hash, &ctx, &digest))
1489 return 0;
1490
1491 hash->update(ctx, to_wire(in), (unsigned char *)in);
1492 hash->update(ctx, salt_len, salt);
1493 hash->digest(ctx, hash->digest_size, digest);
1494
1495 for(i = 0; i < iterations; i++)
1496 {
1497 hash->update(ctx, hash->digest_size, digest);
1498 hash->update(ctx, salt_len, salt);
1499 hash->digest(ctx, hash->digest_size, digest);
1500 }
1501
1502 from_wire(in);
1503
1504 *out = digest;
1505 return hash->digest_size;
1506}
1507
1508/* Decode base32 to first "." or end of string */
1509static int base32_decode(char *in, unsigned char *out)
1510{
a857daa3 1511 int oc, on, c, mask, i;
5107ace1
SK		 1512 unsigned char *p = out;
1513
a857daa3 1514 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
5107ace1 1515 {
5107ace1
SK		 1516 if (c >= '0' && c <= '9')
1517 c -= '0';
1518 else if (c >= 'a' && c <= 'v')
1519 c -= 'a', c += 10;
1520 else if (c >= 'A' && c <= 'V')
1521 c -= 'A', c += 10;
1522 else
1523 return 0;
1524
1525 for (mask = 0x10, i = 0; i < 5; i++)
1526 {
a857daa3
SK		 1527 if (c & mask)
1528 oc |= 1;
1529 mask = mask >> 1;
1530 if (((++on) & 7) == 0)
1531 *p++ = oc;
1532 oc = oc << 1;
5107ace1
SK		 1533 }
1534 }
1535
1536 if ((on & 7) != 0)
1537 return 0;
1538
1539 return p - out;
1540}
1541
fbc52057 1542static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
97e618a0 1543 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
fbc52057
SK		 1544{
1545 int i, hash_len, salt_len, base32_len, rdlen;
1546 unsigned char *p, *psave;
1547
1548 for (i = 0; i < nsec_count; i++)
1549 if ((p = nsecs[i]))
1550 {
1551 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1552 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1553 return 0;
1554
1555 p += 8; /* class, type, TTL */
1556 GETSHORT(rdlen, p);
1557 psave = p;
1558 p += 4; /* algo, flags, iterations */
1559 salt_len = *p++; /* salt_len */
1560 p += salt_len; /* salt */
1561 hash_len = *p++; /* p now points to next hashed name */
1562
1563 if (!CHECK_LEN(header, p, plen, hash_len))
1564 return 0;
1565
1566 if (digest_len == base32_len && hash_len == base32_len)
1567 {
1568 int rc = memcmp(workspace2, digest, digest_len);
1569
1570 if (rc == 0)
1571 {
1572 /* We found an NSEC3 whose hashed name exactly matches the query, so
1573 we just need to check the type map. p points to the RR data for the record. */
1574
1575 int offset = (type & 0xff) >> 3;
1576 int mask = 0x80 >> (type & 0x07);
1577
1578 p += hash_len; /* skip next-domain hash */
1579 rdlen -= p - psave;
1580
1581 if (!CHECK_LEN(header, p, plen, rdlen))
1582 return 0;
1583
97e618a0
SK		 1584 /* If we can prove that there's no NS record, return that information. */
1585 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1586 *nons = 1;
1587
fbc52057
SK		 1588 while (rdlen >= 2)
1589 {
1590 if (p[0] == type >> 8)
1591 {
1592 /* Does the NSEC3 say our type exists? */
1593 if (offset < p[1] && (p[offset+2] & mask) != 0)
1594 return STAT_BOGUS;
1595
1596 break; /* finshed checking */
1597 }
1598
1599 rdlen -= p[1];
1600 p += p[1];
1601 }
1602
1603 return 1;
1604 }
1605 else if (rc <= 0)
1606 {
1607 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1608 wrap around case, name-hash falls between NSEC3 name-hash and end */
1609 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1610 return 1;
1611 }
1612 else
1613 {
1614 /* wrap around case, name falls between start and next domain name */
1615 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1616 return 1;
1617 }
1618 }
1619 }
1620 return 0;
1621}
1622
24187530 1623static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
97e618a0 1624 char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
5107ace1 1625{
a857daa3 1626 unsigned char *salt, *p, *digest;
fbc52057 1627 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
5107ace1
SK		 1628 struct nettle_hash const *hash;
1629 char *closest_encloser, *next_closest, *wildcard;
97e618a0
SK		 1630
1631 if (nons)
1632 *nons = 0;
1633
5107ace1
SK		 1634 /* Look though the NSEC3 records to find the first one with
1635 an algorithm we support (currently only algo == 1).
1636
1637 Take the algo, iterations, and salt of that record
1638 as the ones we're going to use, and prune any
1639 that don't match. */
1640
1641 for (i = 0; i < nsec_count; i++)
1642 {
1643 if (!(p = skip_name(nsecs[i], header, plen, 15)))
87070192 1644 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1645
1646 p += 10; /* type, class, TTL, rdlen */
1647 algo = *p++;
1648
1649 if (algo == 1)
1650 break; /* known algo */
1651 }
1652
1653 /* No usable NSEC3s */
1654 if (i == nsec_count)
1655 return STAT_BOGUS;
1656
1657 p++; /* flags */
1658 GETSHORT (iterations, p);
1659 salt_len = *p++;
1660 salt = p;
1661 if (!CHECK_LEN(header, salt, plen, salt_len))
87070192 1662 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1663
1664 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1665 for (i = 0; i < nsec_count; i++)
1666 {
1667 unsigned char *nsec3p = nsecs[i];
1668 int this_iter;
1669
1670 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1671
1672 if (!(p = skip_name(nsec3p, header, plen, 15)))
87070192 1673 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1674
1675 p += 10; /* type, class, TTL, rdlen */
1676
1677 if (*p++ != algo)
1678 continue;
1679
1680 p++; /* flags */
1681
a857daa3 1682 GETSHORT(this_iter, p);
5107ace1
SK		 1683 if (this_iter != iterations)
1684 continue;
1685
1686 if (salt_len != *p++)
1687 continue;
1688
1689 if (!CHECK_LEN(header, p, plen, salt_len))
87070192 1690 return STAT_BOGUS; /* bad packet */
5107ace1
SK		 1691
1692 if (memcmp(p, salt, salt_len) != 0)
1693 continue;
1694
1695 /* All match, put the pointer back */
1696 nsecs[i] = nsec3p;
1697 }
1698
1699 /* Algo is checked as 1 above */
1700 if (!(hash = hash_find("sha1")))
87070192 1701 return STAT_BOGUS;
5107ace1 1702
fbc52057
SK		 1703 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1704 return STAT_BOGUS;
1705
97e618a0 1706 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
fbc52057
SK		 1707 return STAT_SECURE;
1708
1709 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1710 or an answer inferred from a wildcard record. */
5107ace1
SK		 1711 closest_encloser = name;
1712 next_closest = NULL;
1713
1714 do
1715 {
1716 if (*closest_encloser == '.')
1717 closest_encloser++;
c5f4ec7d 1718
fbc52057
SK		 1719 if (wildname && hostname_isequal(closest_encloser, wildname))
1720 break;
1721
a857daa3 1722 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
87070192 1723 return STAT_BOGUS;
5107ace1
SK		 1724
1725 for (i = 0; i < nsec_count; i++)
1726 if ((p = nsecs[i]))
1727 {
5107ace1 1728 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
a857daa3 1729 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
87070192 1730 return STAT_BOGUS;
5107ace1 1731
a857daa3
SK		 1732 if (digest_len == base32_len &&
1733 memcmp(digest, workspace2, digest_len) == 0)
5107ace1
SK		 1734 break; /* Gotit */
1735 }
1736
1737 if (i != nsec_count)
1738 break;
1739
1740 next_closest = closest_encloser;
1741 }
1742 while ((closest_encloser = strchr(closest_encloser, '.')));
1743
fbc52057 1744 if (!closest_encloser)
5107ace1
SK		 1745 return STAT_BOGUS;
1746
24187530 1747 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
a857daa3 1748 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
87070192 1749 return STAT_BOGUS;
5107ace1 1750
97e618a0 1751 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
87070192 1752 return STAT_BOGUS;
5107ace1 1753
fbc52057
SK		 1754 /* Finally, check that there's no seat of wildcard synthesis */
1755 if (!wildname)
1756 {
1757 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1758 return STAT_BOGUS;
1759
1760 wildcard--;
1761 *wildcard = '*';
1762
1763 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1764 return STAT_BOGUS;
1765
97e618a0 1766 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
fbc52057
SK		 1767 return STAT_BOGUS;
1768 }
5107ace1 1769
fbc52057 1770 return STAT_SECURE;
5107ace1
SK		 1771}
1772
0fc2f313 1773/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
51ea3ca2 1774/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
97e618a0
SK		 1775int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1776 int *class, int *neganswer, int *nons)
adca3e9c 1777{
00a5b5d4
SK		 1778 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1779 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1fbe4d2f 1780 int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
00a5b5d4 1781 int nsec_type = 0, have_answer = 0;
adca3e9c 1782
00a5b5d4
SK		 1783 if (neganswer)
1784 *neganswer = 0;
1785
87070192 1786 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
e3ec15af
SK		 1787 return STAT_BOGUS;
1788
87070192 1789 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
72ae2f3d 1790 return STAT_INSECURE;
00a5b5d4
SK		 1791
1792 qname = p1 = (unsigned char *)(header+1);
c5f4ec7d 1793
00a5b5d4 1794 if (!extract_name(header, plen, &p1, name, 1, 4))
87070192 1795 return STAT_BOGUS;
00a5b5d4
SK		 1796
1797 GETSHORT(qtype, p1);
1798 GETSHORT(qclass, p1);
1799 ans_start = p1;
9d1b22aa
SK		 1800
1801 if (qtype == T_ANY)
1802 have_answer = 1;
00a5b5d4
SK		 1803
1804 /* Can't validate an RRISG query */
1805 if (qtype == T_RRSIG)
0fc2f313 1806 return STAT_INSECURE;
00a5b5d4
SK		 1807
1808 cname_loop:
1809 for (j = ntohs(header->ancount); j != 0; j--)
1810 {
1811 /* leave pointer to missing name in qname */
1812
1813 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
87070192 1814 return STAT_BOGUS; /* bad packet */
00a5b5d4
SK		 1815
1816 GETSHORT(type2, p1);
1817 GETSHORT(class2, p1);
1818 p1 += 4; /* TTL */
1819 GETSHORT(rdlen2, p1);
1820
1821 if (rc == 1 && qclass == class2)
1822 {
1823 /* Do we have an answer for the question? */
1824 if (type2 == qtype)
1825 {
1826 have_answer = 1;
1827 break;
1828 }
1829 else if (type2 == T_CNAME)
1830 {
1831 qname = p1;
1832
1833 /* looped CNAMES */
1834 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
87070192 1835 return STAT_BOGUS;
00a5b5d4
SK		 1836
1837 p1 = ans_start;
1838 goto cname_loop;
1839 }
1840 }
1841
1842 if (!ADD_RDLEN(header, p1, plen, rdlen2))
87070192 1843 return STAT_BOGUS;
00a5b5d4 1844 }
0fc2f313 1845
00a5b5d4
SK		 1846 if (neganswer && !have_answer)
1847 *neganswer = 1;
0575610f
SK		 1848
1849 /* No data, therefore no sigs */
1850 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1851 return STAT_NO_SIG;
00a5b5d4 1852
0fc2f313 1853 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
adca3e9c 1854 {
0fc2f313 1855 if (!extract_name(header, plen, &p1, name, 1, 10))
87070192 1856 return STAT_BOGUS; /* bad packet */
0fc2f313
SK		 1857
1858 GETSHORT(type1, p1);
1859 GETSHORT(class1, p1);
1860 p1 += 4; /* TTL */
1861 GETSHORT(rdlen1, p1);
1862
1863 /* Don't try and validate RRSIGs! */
1864 if (type1 != T_RRSIG)
1865 {
1866 /* Check if we've done this RRset already */
1867 for (p2 = ans_start, j = 0; j < i; j++)
1868 {
1869 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
87070192 1870 return STAT_BOGUS; /* bad packet */
0fc2f313
SK		 1871
1872 GETSHORT(type2, p2);
1873 GETSHORT(class2, p2);
1874 p2 += 4; /* TTL */
1875 GETSHORT(rdlen2, p2);
1876
1877 if (type2 == type1 && class2 == class1 && rc == 1)
1878 break; /* Done it before: name, type, class all match. */
1879
1880 if (!ADD_RDLEN(header, p2, plen, rdlen2))
87070192 1881 return STAT_BOGUS;
0fc2f313
SK		 1882 }
1883
1884 /* Not done, validate now */
51ea3ca2 1885 if (j == i)
0fc2f313 1886 {
8d718cbb
SK		 1887 int ttl, keytag, algo, digest, type_covered;
1888 unsigned char *psave;
1889 struct all_addr a;
1890 struct blockdata *key;
1891 struct crec *crecp;
fbc52057 1892 char *wildname;
5e321739 1893 int have_wildcard = 0;
fbc52057
SK		 1894
1895 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
5107ace1
SK		 1896
1897 if (rc == STAT_SECURE_WILDCARD)
1898 {
5e321739
SK		 1899 have_wildcard = 1;
1900
5107ace1 1901 /* An attacker replay a wildcard answer with a different
a857daa3 1902 answer and overlay a genuine RR. To prove this
5107ace1 1903 hasn't happened, the answer must prove that
a857daa3 1904 the gennuine record doesn't exist. Check that here. */
87070192
SK		 1905 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1906 return STAT_BOGUS; /* No NSECs or bad packet */
5107ace1
SK		 1907
1908 if (nsec_type == T_NSEC)
97e618a0 1909 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
5107ace1 1910 else
97e618a0
SK		 1911 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
1912 keyname, name, type1, wildname, NULL);
1913
5107ace1
SK		 1914 if (rc != STAT_SECURE)
1915 return rc;
1916 }
1917 else if (rc != STAT_SECURE)
51ea3ca2
SK		 1918 {
1919 if (class)
1920 *class = class1; /* Class for DS or DNSKEY */
1921 return rc;
1922 }
5107ace1 1923
8d718cbb
SK		 1924 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1925 cache_start_insert();
1926
1927 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
51ea3ca2 1928 {
8d718cbb 1929 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
87070192 1930 return STAT_BOGUS; /* bad packet */
51ea3ca2 1931
8d718cbb
SK		 1932 GETSHORT(type2, p2);
1933 GETSHORT(class2, p2);
1934 GETLONG(ttl, p2);
1935 GETSHORT(rdlen2, p2);
1936
1937 if (!CHECK_LEN(header, p2, plen, rdlen2))
87070192 1938 return STAT_BOGUS; /* bad packet */
8d718cbb
SK		 1939
1940 if (class2 == class1 && rc == 1)
1941 {
1942 psave = p2;
1943
1944 if (type1 == T_DS && type2 == T_DS)
51ea3ca2 1945 {
8d718cbb 1946 if (rdlen2 < 4)
87070192 1947 return STAT_BOGUS; /* bad packet */
8d718cbb 1948
51ea3ca2
SK		 1949 GETSHORT(keytag, p2);
1950 algo = *p2++;
1951 digest = *p2++;
1952
1953 /* Cache needs to known class for DNSSEC stuff */
1954 a.addr.dnssec.class = class2;
1955
8d718cbb 1956 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
51ea3ca2 1957 {
8d718cbb
SK		 1958 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1959 blockdata_free(key);
1960 else
1961 {
1962 a.addr.keytag = keytag;
25cf5e37 1963 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
8d718cbb
SK		 1964 crecp->addr.ds.digest = digest;
1965 crecp->addr.ds.keydata = key;
1966 crecp->addr.ds.algo = algo;
1967 crecp->addr.ds.keytag = keytag;
8d718cbb
SK		 1968 crecp->addr.ds.keylen = rdlen2 - 4;
1969 }
1970 }
1971 }
1972 else if (type2 == T_RRSIG)
1973 {
1974 if (rdlen2 < 18)
87070192 1975 return STAT_BOGUS; /* bad packet */
51ea3ca2 1976
8d718cbb
SK		 1977 GETSHORT(type_covered, p2);
1978
1979 if (type_covered == type1 &&
1980 (type_covered == T_A || type_covered == T_AAAA ||
1981 type_covered == T_CNAME || type_covered == T_DS ||
1982 type_covered == T_DNSKEY || type_covered == T_PTR))
1983 {
1984 a.addr.dnssec.type = type_covered;
c8ca33f8 1985 a.addr.dnssec.class = class1;
8d718cbb
SK		 1986
1987 algo = *p2++;
1988 p2 += 13; /* labels, orig_ttl, expiration, inception */
1989 GETSHORT(keytag, p2);
1990
5e321739
SK		 1991 /* We don't cache sigs for wildcard answers, because to reproduce the
1992 answer from the cache will require one or more NSEC/NSEC3 records
1993 which we don't cache. The lack of the RRSIG ensures that a query for
1994 this RRset asking for a secure answer will always be forwarded. */
1995 if (!have_wildcard && (key = blockdata_alloc((char*)psave, rdlen2)))
8d718cbb
SK		 1996 {
1997 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1998 blockdata_free(key);
1999 else
2000 {
8d718cbb
SK		 2001 crecp->addr.sig.keydata = key;
2002 crecp->addr.sig.keylen = rdlen2;
2003 crecp->addr.sig.keytag = keytag;
2004 crecp->addr.sig.type_covered = type_covered;
2005 crecp->addr.sig.algo = algo;
2006 }
2007 }
2008 }
51ea3ca2
SK		 2009 }
2010
8d718cbb 2011 p2 = psave;
51ea3ca2
SK		 2012 }
2013
8d718cbb 2014 if (!ADD_RDLEN(header, p2, plen, rdlen2))
87070192 2015 return STAT_BOGUS; /* bad packet */
51ea3ca2 2016 }
8d718cbb
SK		 2017
2018 cache_end_insert();
0fc2f313
SK		 2019 }
2020 }
adca3e9c 2021
0fc2f313 2022 if (!ADD_RDLEN(header, p1, plen, rdlen1))
87070192 2023 return STAT_BOGUS;
adca3e9c
GB		 2024 }
2025
c5f4ec7d 2026 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
00a5b5d4
SK		 2027 if (have_answer)
2028 return STAT_SECURE;
2029
5107ace1 2030 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
5107ace1 2031 /* First marshall the NSEC records, if we've not done it previously */
87070192
SK		 2032 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
2033 return STAT_BOGUS; /* No NSECs */
00a5b5d4
SK		 2034
2035 /* Get name of missing answer */
2036 if (!extract_name(header, plen, &qname, name, 1, 0))
87070192 2037 return STAT_BOGUS;
5107ace1
SK		 2038
2039 if (nsec_type == T_NSEC)
97e618a0 2040 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
5107ace1 2041 else
97e618a0 2042 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
e292e93d
GB		 2043}
2044
00a5b5d4
SK		 2045/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2046 Needed for proving answer in unsigned space.
2047 Return STAT_NEED_*
2048 STAT_BOGUS - error
2049 STAT_INSECURE - name of first non-secure record in name
2050*/
2051int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
2052{
2053 unsigned char *p = (unsigned char *)(header+1);
c07d30dc 2054 int type, class, qclass, rdlen, j, rc;
1fbe4d2f 2055 int cname_count = CNAME_CHAIN;
00a5b5d4
SK		 2056
2057 /* Get question */
2058 if (!extract_name(header, plen, &p, name, 1, 4))
2059 return STAT_BOGUS;
2060
c07d30dc 2061 p +=2; /* type */
00a5b5d4
SK		 2062 GETSHORT(qclass, p);
2063
2064 while (1)
2065 {
2066 for (j = ntohs(header->ancount); j != 0; j--)
2067 {
2068 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
2069 return STAT_BOGUS; /* bad packet */
2070
2071 GETSHORT(type, p);
2072 GETSHORT(class, p);
2073 p += 4; /* TTL */
2074 GETSHORT(rdlen, p);
2075
2076 /* Not target, loop */
2077 if (rc == 2 || qclass != class)
2078 {
2079 if (!ADD_RDLEN(header, p, plen, rdlen))
2080 return STAT_BOGUS;
2081 continue;
2082 }
2083
2084 /* Got to end of CNAME chain. */
2085 if (type != T_CNAME)
2086 return STAT_INSECURE;
2087
2088 /* validate CNAME chain, return if insecure or need more data */
fbc52057 2089 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
00a5b5d4
SK		 2090 if (rc != STAT_SECURE)
2091 {
2092 if (rc == STAT_NO_SIG)
2093 rc = STAT_INSECURE;
2094 return rc;
2095 }
2096
2097 /* Loop down CNAME chain/ */
2098 if (!cname_count-- ||
2099 !extract_name(header, plen, &p, name, 1, 0) ||
2100 !(p = skip_questions(header, plen)))
2101 return STAT_BOGUS;
2102
2103 break;
2104 }
2105
2106 /* End of CNAME chain */
2107 return STAT_INSECURE;
2108 }
2109}
2110
2111
3471f181 2112/* Compute keytag (checksum to quickly index a key). See RFC4034 */
0fc2f313 2113int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
3471f181 2114{
75ffc9bf
GB		 2115 if (alg == 1)
2116 {
2117 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2118 See RFC4034, Appendix B.1 */
0fc2f313 2119 return key[keylen-4] * 256 + key[keylen-3];
75ffc9bf
GB		 2120 }
2121 else
2122 {
1633e308 2123 unsigned long ac = flags + 0x300 + alg;
75ffc9bf
GB		 2124 int i;
2125
0fc2f313
SK		 2126 for (i = 0; i < keylen; ++i)
2127 ac += (i & 1) ? key[i] : key[i] << 8;
1633e308 2128
0fc2f313
SK		 2129 ac += (ac >> 16) & 0xffff;
2130 return ac & 0xffff;
0304d28f 2131 }
3471f181 2132}
e292e93d 2133
5f8e58f4
SK		 2134size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2135{
2136 unsigned char *p;
610e782a 2137 char *types = querystr("dnssec-query", type);
5f8e58f4
SK		 2138
2139 if (addr->sa.sa_family == AF_INET)
25cf5e37 2140 log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
5f8e58f4
SK		 2141#ifdef HAVE_IPV6
2142 else
25cf5e37 2143 log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
5f8e58f4
SK		 2144#endif
2145
2146 header->qdcount = htons(1);
2147 header->ancount = htons(0);
2148 header->nscount = htons(0);
2149 header->arcount = htons(0);
e292e93d 2150
5f8e58f4
SK		 2151 header->hb3 = HB3_RD;
2152 SET_OPCODE(header, QUERY);
5b3bf921
SK		 2153 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2154 this allows it to select auth servers when one is returning bad data. */
2155 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
5f8e58f4
SK		 2156
2157 /* ID filled in later */
2158
2159 p = (unsigned char *)(header+1);
2160
2161 p = do_rfc1035_name(p, name);
2162 *p++ = 0;
2163 PUTSHORT(type, p);
2164 PUTSHORT(class, p);
2165
2166 return add_do_bit(header, p - (unsigned char *)header, end);
2167}
8a9be9e4 2168
613ad15d
SK		 2169/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2170 we've chopped out of the packet, or check they don't point into an elided part. */
2171static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2172{
2173 unsigned char *ansp = *namep;
2174
2175 while(1)
2176 {
2177 unsigned int label_type;
2178
2179 if (!CHECK_LEN(header, ansp, plen, 1))
2180 return 0;
2181
2182 label_type = (*ansp) & 0xc0;
2183
2184 if (label_type == 0xc0)
2185 {
2186 /* pointer for compression. */
00a5b5d4
SK		 2187 unsigned int offset;
2188 int i;
613ad15d
SK		 2189 unsigned char *p;
2190
2191 if (!CHECK_LEN(header, ansp, plen, 2))
2192 return 0;
2193
2194 offset = ((*ansp++) & 0x3f) << 8;
2195 offset |= *ansp++;
2196
2197 p = offset + (unsigned char *)header;
2198
2199 for (i = 0; i < rr_count; i++)
2200 if (p < rrs[i])
2201 break;
2202 else
2203 if (i & 1)
2204 offset -= rrs[i] - rrs[i-1];
2205
2206 /* does the pointer end up in an elided RR? */
2207 if (i & 1)
00a5b5d4 2208 return 0;
613ad15d
SK		 2209
2210 /* No, scale the pointer */
2211 if (fixup)
2212 {
2213 ansp -= 2;
2214 *ansp++ = (offset >> 8) | 0xc0;
2215 *ansp++ = offset & 0xff;
2216 }
2217 break;
2218 }
2219 else if (label_type == 0x80)
2220 return 0; /* reserved */
2221 else if (label_type == 0x40)
2222 {
2223 /* Extended label type */
2224 unsigned int count;
2225
2226 if (!CHECK_LEN(header, ansp, plen, 2))
2227 return 0;
2228
2229 if (((*ansp++) & 0x3f) != 1)
2230 return 0; /* we only understand bitstrings */
2231
2232 count = *(ansp++); /* Bits in bitstring */
2233
2234 if (count == 0) /* count == 0 means 256 bits */
2235 ansp += 32;
2236 else
2237 ansp += ((count-1)>>3)+1;
2238 }
2239 else
2240 { /* label type == 0 Bottom six bits is length */
2241 unsigned int len = (*ansp++) & 0x3f;
2242
2243 if (!ADD_RDLEN(header, ansp, plen, len))
2244 return 0;
2245
2246 if (len == 0)
2247 break; /* zero length label marks the end. */
2248 }
2249 }
2250
2251 *namep = ansp;
2252
2253 return 1;
2254}
2255
2256/* Go through RRs and check or fixup the domain names contained within */
2257static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2258{
2259 int i, type, class, rdlen;
00a5b5d4 2260 unsigned char *pp;
613ad15d 2261
50f86ce8 2262 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
613ad15d 2263 {
00a5b5d4
SK		 2264 pp = p;
2265
2266 if (!(p = skip_name(p, header, plen, 10)))
2267 return 0;
613ad15d
SK		 2268
2269 GETSHORT(type, p);
2270 GETSHORT(class, p);
2271 p += 4; /* TTL */
2272 GETSHORT(rdlen, p);
00a5b5d4 2273
613ad15d
SK		 2274 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2275 {
00a5b5d4
SK		 2276 /* fixup name of RR */
2277 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2278 return 0;
2279
613ad15d
SK		 2280 if (class == C_IN)
2281 {
2282 u16 *d;
14db4212
SK		 2283
2284 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
613ad15d
SK		 2285 {
2286 if (*d != 0)
2287 pp += *d;
2288 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2289 return 0;
2290 }
2291 }
2292 }
2293
2294 if (!ADD_RDLEN(header, p, plen, rdlen))
2295 return 0;
2296 }
2297
2298 return 1;
2299}
2300
2301
2302size_t filter_rrsigs(struct dns_header *header, size_t plen)
2303{
2304 static unsigned char **rrs;
2305 static int rr_sz = 0;
2306
2307 unsigned char *p = (unsigned char *)(header+1);
50f86ce8 2308 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
613ad15d
SK		 2309
2310 if (ntohs(header->qdcount) != 1 ||
2311 !(p = skip_name(p, header, plen, 4)))
2312 return plen;
2313
2314 GETSHORT(qtype, p);
2315 GETSHORT(qclass, p);
2316
2317 /* First pass, find pointers to start and end of all the records we wish to elide:
2318 records added for DNSSEC, unless explicity queried for */
50f86ce8
SK		 2319 for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
2320 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2321 i++)
613ad15d
SK		 2322 {
2323 unsigned char *pstart = p;
2324 int type, class;
2325
2326 if (!(p = skip_name(p, header, plen, 10)))
2327 return plen;
2328
2329 GETSHORT(type, p);
2330 GETSHORT(class, p);
2331 p += 4; /* TTL */
2332 GETSHORT(rdlen, p);
2333
2334 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2335 (type != qtype || class != qclass))
2336 {
2337 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2338 return plen;
2339
2340 rrs[rr_found++] = pstart;
2341
2342 if (!ADD_RDLEN(header, p, plen, rdlen))
2343 return plen;
2344
2345 rrs[rr_found++] = p;
2346
2347 if (i < ntohs(header->ancount))
2348 chop_an++;
e6096e64 2349 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
613ad15d 2350 chop_ns++;
50f86ce8
SK		 2351 else
2352 chop_ar++;
613ad15d
SK		 2353 }
2354 else if (!ADD_RDLEN(header, p, plen, rdlen))
2355 return plen;
2356 }
2357
2358 /* Nothing to do. */
2359 if (rr_found == 0)
2360 return plen;
2361
2362 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2363 point to records we're going to elide. This is theoretically possible, but unlikely. If
2364 it happens, we give up and leave the answer unchanged. */
2365 p = (unsigned char *)(header+1);
2366
2367 /* question first */
2368 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2369 return plen;
2370 p += 4; /* qclass, qtype */
2371
2372 /* Now answers and NS */
2373 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2374 return plen;
2375
2376 /* Third pass, elide records */
2377 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2378 {
2379 unsigned char *start = rrs[i];
2380 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2381
2382 memmove(p, start, end-start);
2383 p += end-start;
2384 }
2385
2386 plen = p - (unsigned char *)header;
2387 header->ancount = htons(ntohs(header->ancount) - chop_an);
2388 header->nscount = htons(ntohs(header->nscount) - chop_ns);
50f86ce8
SK		 2389 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2390
613ad15d
SK		 2391 /* Fourth pass, fix up pointers in the remaining records */
2392 p = (unsigned char *)(header+1);
2393
2394 check_name(&p, header, plen, 1, rrs, rr_found);
2395 p += 4; /* qclass, qtype */
2396
2397 check_rrs(p, header, plen, 1, rrs, rr_found);
2398
2399 return plen;
2400}
2401
8a9be9e4
SK		 2402unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2403{
2404 int q;
2405 unsigned int len;
2406 unsigned char *p = (unsigned char *)(header+1);
2407 const struct nettle_hash *hash;
2408 void *ctx;
2409 unsigned char *digest;
5f8e58f4 2410
8a9be9e4
SK		 2411 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2412 return NULL;
2413
2414 for (q = ntohs(header->qdcount); q != 0; q--)
2415 {
2416 if (!extract_name(header, plen, &p, name, 1, 4))
7d23a66f 2417 break; /* bad packet */
8a9be9e4
SK		 2418
2419 len = to_wire(name);
2420 hash->update(ctx, len, (unsigned char *)name);
2421 /* CRC the class and type as well */
2422 hash->update(ctx, 4, p);
2423
2424 p += 4;
2425 if (!CHECK_LEN(header, p, plen, 0))
7d23a66f 2426 break; /* bad packet */
8a9be9e4 2427 }
703c7ff4
SK		 2428
2429 hash->digest(ctx, hash->digest_size, digest);
8a9be9e4
SK		 2430 return digest;
2431}
2432
0fc2f313 2433#endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.