]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnssec.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update DNSSEC timestamp file on process TERM.
[people/ms/dnsmasq.git] / src / dnssec.c
1 /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2015 Simon Kelley
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include "dnsmasq.h"
19
20 #ifdef HAVE_DNSSEC
21
22 #include <nettle/rsa.h>
23 #include <nettle/dsa.h>
24 #ifndef NO_NETTLE_ECC
25 # include <nettle/ecdsa.h>
26 # include <nettle/ecc-curve.h>
27 #endif
28 #include <nettle/nettle-meta.h>
29 #include <nettle/bignum.h>
30
31 /* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33 #ifdef dsa_params_init
34 #include <nettle/dsa-compat.h>
35 #endif
36
37 #include <utime.h>
38
39 #define SERIAL_UNDEF -100
40 #define SERIAL_EQ 0
41 #define SERIAL_LT -1
42 #define SERIAL_GT 1
43
44 /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45 static char *ds_digest_name(int digest)
46 {
47 switch (digest)
48 {
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
53 default: return NULL;
54 }
55 }
56
57 /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58 static char *algo_digest_name(int algo)
59 {
60 switch (algo)
61 {
62 case 1: return "md5";
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
72 default: return NULL;
73 }
74 }
75
76 /* Find pointer to correct hash function in nettle library */
77 static const struct nettle_hash *hash_find(char *name)
78 {
79 int i;
80
81 if (!name)
82 return NULL;
83
84 for (i = 0; nettle_hashes[i]; i++)
85 {
86 if (strcmp(nettle_hashes[i]->name, name) == 0)
87 return nettle_hashes[i];
88 }
89
90 return NULL;
91 }
92
93 /* expand ctx and digest memory allocations if necessary and init hash function */
94 static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
95 {
96 static void *ctx = NULL;
97 static unsigned char *digest = NULL;
98 static unsigned int ctx_sz = 0;
99 static unsigned int digest_sz = 0;
100
101 void *new;
102
103 if (ctx_sz < hash->context_size)
104 {
105 if (!(new = whine_malloc(hash->context_size)))
106 return 0;
107 if (ctx)
108 free(ctx);
109 ctx = new;
110 ctx_sz = hash->context_size;
111 }
112
113 if (digest_sz < hash->digest_size)
114 {
115 if (!(new = whine_malloc(hash->digest_size)))
116 return 0;
117 if (digest)
118 free(digest);
119 digest = new;
120 digest_sz = hash->digest_size;
121 }
122
123 *ctxp = ctx;
124 *digestp = digest;
125
126 hash->init(ctx);
127
128 return 1;
129 }
130
131 static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
132 unsigned char *digest, int algo)
133 {
134 unsigned char *p;
135 size_t exp_len;
136
137 static struct rsa_public_key *key = NULL;
138 static mpz_t sig_mpz;
139
140 if (key == NULL)
141 {
142 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
143 return 0;
144
145 nettle_rsa_public_key_init(key);
146 mpz_init(sig_mpz);
147 }
148
149 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
150 return 0;
151
152 key_len--;
153 if ((exp_len = *p++) == 0)
154 {
155 GETSHORT(exp_len, p);
156 key_len -= 2;
157 }
158
159 if (exp_len >= key_len)
160 return 0;
161
162 key->size = key_len - exp_len;
163 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
164 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
165
166 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
167
168 switch (algo)
169 {
170 case 1:
171 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
172 case 5: case 7:
173 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
174 case 8:
175 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
176 case 10:
177 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
178 }
179
180 return 0;
181 }
182
183 static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
184 unsigned char *digest, int algo)
185 {
186 unsigned char *p;
187 unsigned int t;
188
189 static struct dsa_public_key *key = NULL;
190 static struct dsa_signature *sig_struct;
191
192 if (key == NULL)
193 {
194 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
195 !(key = whine_malloc(sizeof(struct dsa_public_key))))
196 return 0;
197
198 nettle_dsa_public_key_init(key);
199 nettle_dsa_signature_init(sig_struct);
200 }
201
202 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
203 return 0;
204
205 t = *p++;
206
207 if (key_len < (213 + (t * 24)))
208 return 0;
209
210 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
211 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
212 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
213 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
214
215 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
216 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
217
218 (void)algo;
219
220 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
221 }
222
223 #ifndef NO_NETTLE_ECC
224 static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
225 unsigned char *sig, size_t sig_len,
226 unsigned char *digest, size_t digest_len, int algo)
227 {
228 unsigned char *p;
229 unsigned int t;
230 struct ecc_point *key;
231
232 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
233 static mpz_t x, y;
234 static struct dsa_signature *sig_struct;
235
236 if (!sig_struct)
237 {
238 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
239 return 0;
240
241 nettle_dsa_signature_init(sig_struct);
242 mpz_init(x);
243 mpz_init(y);
244 }
245
246 switch (algo)
247 {
248 case 13:
249 if (!key_256)
250 {
251 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
252 return 0;
253
254 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
255 }
256
257 key = key_256;
258 t = 32;
259 break;
260
261 case 14:
262 if (!key_384)
263 {
264 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
265 return 0;
266
267 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
268 }
269
270 key = key_384;
271 t = 48;
272 break;
273
274 default:
275 return 0;
276 }
277
278 if (sig_len != 2*t || key_len != 2*t ||
279 !(p = blockdata_retrieve(key_data, key_len, NULL)))
280 return 0;
281
282 mpz_import(x, t , 1, 1, 0, 0, p);
283 mpz_import(y, t , 1, 1, 0, 0, p + t);
284
285 if (!ecc_point_set(key, x, y))
286 return 0;
287
288 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
289 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
290
291 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
292 }
293 #endif
294
295 static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
296 unsigned char *digest, size_t digest_len, int algo)
297 {
298 (void)digest_len;
299
300 switch (algo)
301 {
302 case 1: case 5: case 7: case 8: case 10:
303 return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
304
305 case 3: case 6:
306 return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
307
308 #ifndef NO_NETTLE_ECC
309 case 13: case 14:
310 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
311 #endif
312 }
313
314 return 0;
315 }
316
317 /* Convert from presentation format to wire format, in place.
318 Also map UC -> LC.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
324
325 Note that both /000 and '.' are allowed within labels. These get
326 represented in presentation format using NAME_ESCAPE as an escape
327 character. In theory, if all the characters in a name were /000 or
328 '.' or NAME_ESCAPE then all would have to be escaped, so the
329 presentation format would be twice as long as the spec (1024).
330 The buffers are all delcared as 2049 (allowing for the trailing zero)
331 for this reason.
332 */
333 static int to_wire(char *name)
334 {
335 unsigned char *l, *p, *q, term;
336 int len;
337
338 for (l = (unsigned char*)name; *l != 0; l = p)
339 {
340 for (p = l; *p != '.' && *p != 0; p++)
341 if (*p >= 'A' && *p <= 'Z')
342 *p = *p - 'A' + 'a';
343 else if (*p == NAME_ESCAPE)
344 {
345 for (q = p; *q; q++)
346 *q = *(q+1);
347 (*p)--;
348 }
349 term = *p;
350
351 if ((len = p - l) != 0)
352 memmove(l+1, l, len);
353 *l = len;
354
355 p++;
356
357 if (term == 0)
358 *p = 0;
359 }
360
361 return l + 1 - (unsigned char *)name;
362 }
363
364 /* Note: no compression allowed in input. */
365 static void from_wire(char *name)
366 {
367 unsigned char *l, *p, *last;
368 int len;
369
370 for (last = (unsigned char *)name; *last != 0; last += *last+1);
371
372 for (l = (unsigned char *)name; *l != 0; l += len+1)
373 {
374 len = *l;
375 memmove(l, l+1, len);
376 for (p = l; p < l + len; p++)
377 if (*p == '.' || *p == 0 || *p == NAME_ESCAPE)
378 {
379 memmove(p+1, p, 1 + last - p);
380 len++;
381 *p++ = NAME_ESCAPE;
382 (*p)++;
383 }
384
385 l[len] = '.';
386 }
387
388 if ((char *)l != name)
389 *(l-1) = 0;
390 }
391
392 /* Input in presentation format */
393 static int count_labels(char *name)
394 {
395 int i;
396
397 if (*name == 0)
398 return 0;
399
400 for (i = 0; *name; name++)
401 if (*name == '.')
402 i++;
403
404 return i+1;
405 }
406
407 /* Implement RFC1982 wrapped compare for 32-bit numbers */
408 static int serial_compare_32(unsigned long s1, unsigned long s2)
409 {
410 if (s1 == s2)
411 return SERIAL_EQ;
412
413 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
414 (s1 > s2 && (s1 - s2) > (1UL<<31)))
415 return SERIAL_LT;
416 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
417 (s1 > s2 && (s1 - s2) < (1UL<<31)))
418 return SERIAL_GT;
419 return SERIAL_UNDEF;
420 }
421
422 /* Called at startup. If the timestamp file is configured and exists, put its mtime on
423 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
424 return -1 -> Cannot create file.
425 0 -> not using timestamp, or timestamp exists and is in past.
426 1 -> timestamp exists and is in future.
427 */
428
429 static time_t timestamp_time;
430
431 int setup_timestamp(void)
432 {
433 struct stat statbuf;
434
435 daemon->back_to_the_future = 0;
436
437 if (!daemon->timestamp_file)
438 return 0;
439
440 if (stat(daemon->timestamp_file, &statbuf) != -1)
441 {
442 timestamp_time = statbuf.st_mtime;
443 check_and_exit:
444 if (difftime(timestamp_time, time(0)) <= 0)
445 {
446 /* time already OK, update timestamp, and do key checking from the start. */
447 if (utime(daemon->timestamp_file, NULL) == -1)
448 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
449 daemon->back_to_the_future = 1;
450 return 0;
451 }
452 return 1;
453 }
454
455 if (errno == ENOENT)
456 {
457 /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
458 int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666);
459 if (fd != -1)
460 {
461 struct utimbuf timbuf;
462
463 close(fd);
464
465 timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
466 if (utime(daemon->timestamp_file, &timbuf) == 0)
467 goto check_and_exit;
468 }
469 }
470
471 return -1;
472 }
473
474 /* Check whether today/now is between date_start and date_end */
475 static int check_date_range(unsigned long date_start, unsigned long date_end)
476 {
477 unsigned long curtime = time(0);
478
479 /* Checking timestamps may be temporarily disabled */
480
481 /* If the current time if _before_ the timestamp
482 on our persistent timestamp file, then assume the
483 time if not yet correct, and don't check the
484 key timestamps. As soon as the current time is
485 later then the timestamp, update the timestamp
486 and start checking keys */
487 if (daemon->timestamp_file)
488 {
489 if (daemon->back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
490 {
491 if (utime(daemon->timestamp_file, NULL) != 0)
492 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
493
494 daemon->back_to_the_future = 1;
495 set_option_bool(OPT_DNSSEC_TIME);
496 queue_event(EVENT_RELOAD); /* purge cache */
497 }
498
499 if (daemon->back_to_the_future == 0)
500 return 1;
501 }
502 else if (option_bool(OPT_DNSSEC_TIME))
503 return 1;
504
505 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
506 return serial_compare_32(curtime, date_start) == SERIAL_GT
507 && serial_compare_32(curtime, date_end) == SERIAL_LT;
508 }
509
510 static u16 *get_desc(int type)
511 {
512 /* List of RRtypes which include domains in the data.
513 0 -> domain
514 integer -> no of plain bytes
515 -1 -> end
516
517 zero is not a valid RRtype, so the final entry is returned for
518 anything which needs no mangling.
519 */
520
521 static u16 rr_desc[] =
522 {
523 T_NS, 0, -1,
524 T_MD, 0, -1,
525 T_MF, 0, -1,
526 T_CNAME, 0, -1,
527 T_SOA, 0, 0, -1,
528 T_MB, 0, -1,
529 T_MG, 0, -1,
530 T_MR, 0, -1,
531 T_PTR, 0, -1,
532 T_MINFO, 0, 0, -1,
533 T_MX, 2, 0, -1,
534 T_RP, 0, 0, -1,
535 T_AFSDB, 2, 0, -1,
536 T_RT, 2, 0, -1,
537 T_SIG, 18, 0, -1,
538 T_PX, 2, 0, 0, -1,
539 T_NXT, 0, -1,
540 T_KX, 2, 0, -1,
541 T_SRV, 6, 0, -1,
542 T_DNAME, 0, -1,
543 0, -1 /* wildcard/catchall */
544 };
545
546 u16 *p = rr_desc;
547
548 while (*p != type && *p != 0)
549 while (*p++ != (u16)-1);
550
551 return p+1;
552 }
553
554 /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
555 data, pointed to by *p, should be used raw. */
556 static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
557 unsigned char **p, u16 **desc)
558 {
559 int d = **desc;
560
561 /* No more data needs mangling */
562 if (d == (u16)-1)
563 {
564 /* If there's more data than we have space for, just return what fits,
565 we'll get called again for more chunks */
566 if (end - *p > bufflen)
567 {
568 memcpy(buff, *p, bufflen);
569 *p += bufflen;
570 return bufflen;
571 }
572
573 return 0;
574 }
575
576 (*desc)++;
577
578 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
579 /* domain-name, canonicalise */
580 return to_wire(buff);
581 else
582 {
583 /* plain data preceding a domain-name, don't run off the end of the data */
584 if ((end - *p) < d)
585 d = end - *p;
586
587 if (d != 0)
588 {
589 memcpy(buff, *p, d);
590 *p += d;
591 }
592
593 return d;
594 }
595 }
596
597 static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
598 {
599 unsigned char **p;
600 int new_sz = *sz;
601
602 if (new_sz > new)
603 return 1;
604
605 if (new >= 100)
606 return 0;
607
608 new_sz += 5;
609
610 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
611 return 0;
612
613 if (*wkspc)
614 {
615 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
616 free(*wkspc);
617 }
618
619 *wkspc = p;
620 *sz = new_sz;
621
622 return 1;
623 }
624
625 /* Bubble sort the RRset into the canonical order.
626 Note that the byte-streams from two RRs may get unsynced: consider
627 RRs which have two domain-names at the start and then other data.
628 The domain-names may have different lengths in each RR, but sort equal
629
630 ------------
631 |abcde|fghi|
632 ------------
633 |abcd|efghi|
634 ------------
635
636 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
637 */
638
639 static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
640 unsigned char **rrset, char *buff1, char *buff2)
641 {
642 int swap, quit, i;
643
644 do
645 {
646 for (swap = 0, i = 0; i < rrsetidx-1; i++)
647 {
648 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
649 u16 *dp1, *dp2;
650 unsigned char *end1, *end2;
651 /* Note that these have been determined to be OK previously,
652 so we don't need to check for NULL return here. */
653 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
654 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
655
656 p1 += 8; /* skip class, type, ttl */
657 GETSHORT(rdlen1, p1);
658 end1 = p1 + rdlen1;
659
660 p2 += 8; /* skip class, type, ttl */
661 GETSHORT(rdlen2, p2);
662 end2 = p2 + rdlen2;
663
664 dp1 = dp2 = rr_desc;
665
666 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
667 {
668 if (left1 != 0)
669 memmove(buff1, buff1 + len1 - left1, left1);
670
671 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0)
672 {
673 quit = 1;
674 len1 = end1 - p1;
675 memcpy(buff1 + left1, p1, len1);
676 }
677 len1 += left1;
678
679 if (left2 != 0)
680 memmove(buff2, buff2 + len2 - left2, left2);
681
682 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0)
683 {
684 quit = 1;
685 len2 = end2 - p2;
686 memcpy(buff2 + left2, p2, len2);
687 }
688 len2 += left2;
689
690 if (len1 > len2)
691 left1 = len1 - len2, left2 = 0, len = len2;
692 else
693 left2 = len2 - len1, left1 = 0, len = len1;
694
695 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
696
697 if (rc > 0 || (rc == 0 && quit && len1 > len2))
698 {
699 unsigned char *tmp = rrset[i+1];
700 rrset[i+1] = rrset[i];
701 rrset[i] = tmp;
702 swap = quit = 1;
703 }
704 else if (rc < 0)
705 quit = 1;
706 }
707 }
708 } while (swap);
709 }
710
711 /* Validate a single RRset (class, type, name) in the supplied DNS reply
712 Return code:
713 STAT_SECURE if it validates.
714 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
715 (In this case *wildcard_out points to the "body" of the wildcard within name.)
716 STAT_NO_SIG no RRsigs found.
717 STAT_INSECURE RRset empty.
718 STAT_BOGUS signature is wrong, bad packet.
719 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
720
721 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
722 otherwise find the key in the cache.
723
724 name is unchanged on exit. keyname is used as workspace and trashed.
725 */
726 static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
727 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
728 {
729 static unsigned char **rrset = NULL, **sigs = NULL;
730 static int rrset_sz = 0, sig_sz = 0;
731
732 unsigned char *p;
733 int rrsetidx, sigidx, res, rdlen, j, name_labels;
734 struct crec *crecp = NULL;
735 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
736 u16 *rr_desc = get_desc(type);
737
738 if (wildcard_out)
739 *wildcard_out = NULL;
740
741 if (!(p = skip_questions(header, plen)))
742 return STAT_BOGUS;
743
744 name_labels = count_labels(name); /* For 4035 5.3.2 check */
745
746 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
747 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
748 j != 0; j--)
749 {
750 unsigned char *pstart, *pdata;
751 int stype, sclass;
752
753 pstart = p;
754
755 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
756 return STAT_BOGUS; /* bad packet */
757
758 GETSHORT(stype, p);
759 GETSHORT(sclass, p);
760 p += 4; /* TTL */
761
762 pdata = p;
763
764 GETSHORT(rdlen, p);
765
766 if (!CHECK_LEN(header, p, plen, rdlen))
767 return STAT_BOGUS;
768
769 if (res == 1 && sclass == class)
770 {
771 if (stype == type)
772 {
773 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
774 return STAT_BOGUS;
775
776 rrset[rrsetidx++] = pstart;
777 }
778
779 if (stype == T_RRSIG)
780 {
781 if (rdlen < 18)
782 return STAT_BOGUS; /* bad packet */
783
784 GETSHORT(type_covered, p);
785
786 if (type_covered == type)
787 {
788 if (!expand_workspace(&sigs, &sig_sz, sigidx))
789 return STAT_BOGUS;
790
791 sigs[sigidx++] = pdata;
792 }
793
794 p = pdata + 2; /* restore for ADD_RDLEN */
795 }
796 }
797
798 if (!ADD_RDLEN(header, p, plen, rdlen))
799 return STAT_BOGUS;
800 }
801
802 /* RRset empty */
803 if (rrsetidx == 0)
804 return STAT_INSECURE;
805
806 /* no RRSIGs */
807 if (sigidx == 0)
808 return STAT_NO_SIG;
809
810 /* Sort RRset records into canonical order.
811 Note that at this point keyname and daemon->workspacename buffs are
812 unused, and used as workspace by the sort. */
813 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
814
815 /* Now try all the sigs to try and find one which validates */
816 for (j = 0; j <sigidx; j++)
817 {
818 unsigned char *psav, *sig, *digest;
819 int i, wire_len, sig_len;
820 const struct nettle_hash *hash;
821 void *ctx;
822 char *name_start;
823 u32 nsigttl;
824
825 p = sigs[j];
826 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
827 psav = p;
828
829 p += 2; /* type_covered - already checked */
830 algo = *p++;
831 labels = *p++;
832 GETLONG(orig_ttl, p);
833 GETLONG(sig_expiration, p);
834 GETLONG(sig_inception, p);
835 GETSHORT(key_tag, p);
836
837 if (!extract_name(header, plen, &p, keyname, 1, 0))
838 return STAT_BOGUS;
839
840 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
841 the name of the zone containing the RRset. We can't tell that
842 for certain, but we can check that the RRset name is equal to
843 or encloses the signers name, which should be enough to stop
844 an attacker using signatures made with the key of an unrelated
845 zone he controls. Note that the root key is always allowed. */
846 if (*keyname != 0)
847 {
848 int failed = 0;
849
850 for (name_start = name; !hostname_isequal(name_start, keyname); )
851 if ((name_start = strchr(name_start, '.')))
852 name_start++; /* chop a label off and try again */
853 else
854 {
855 failed = 1;
856 break;
857 }
858
859 /* Bad sig, try another */
860 if (failed)
861 continue;
862 }
863
864 /* Other 5.3.1 checks */
865 if (!check_date_range(sig_inception, sig_expiration) ||
866 labels > name_labels ||
867 !(hash = hash_find(algo_digest_name(algo))) ||
868 !hash_init(hash, &ctx, &digest))
869 continue;
870
871 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
872 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
873 return STAT_NEED_KEY;
874
875 sig = p;
876 sig_len = rdlen - (p - psav);
877
878 nsigttl = htonl(orig_ttl);
879
880 hash->update(ctx, 18, psav);
881 wire_len = to_wire(keyname);
882 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
883 from_wire(keyname);
884
885 for (i = 0; i < rrsetidx; ++i)
886 {
887 int seg;
888 unsigned char *end, *cp;
889 u16 len, *dp;
890
891 p = rrset[i];
892 if (!extract_name(header, plen, &p, name, 1, 10))
893 return STAT_BOGUS;
894
895 name_start = name;
896
897 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
898 if (labels < name_labels)
899 {
900 int k;
901 for (k = name_labels - labels; k != 0; k--)
902 {
903 while (*name_start != '.' && *name_start != 0)
904 name_start++;
905 if (k != 1 && *name_start == '.')
906 name_start++;
907 }
908
909 if (wildcard_out)
910 *wildcard_out = name_start+1;
911
912 name_start--;
913 *name_start = '*';
914 }
915
916 wire_len = to_wire(name_start);
917 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
918 hash->update(ctx, 4, p); /* class and type */
919 hash->update(ctx, 4, (unsigned char *)&nsigttl);
920
921 p += 8; /* skip class, type, ttl */
922 GETSHORT(rdlen, p);
923 if (!CHECK_LEN(header, p, plen, rdlen))
924 return STAT_BOGUS;
925
926 end = p + rdlen;
927
928 /* canonicalise rdata and calculate length of same, use name buffer as workspace.
929 Note that name buffer is twice MAXDNAME long in DNSSEC mode. */
930 cp = p;
931 dp = rr_desc;
932 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg);
933 len += end - cp;
934 len = htons(len);
935 hash->update(ctx, 2, (unsigned char *)&len);
936
937 /* Now canonicalise again and digest. */
938 cp = p;
939 dp = rr_desc;
940 while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)))
941 hash->update(ctx, seg, (unsigned char *)name);
942 if (cp != end)
943 hash->update(ctx, end - cp, cp);
944 }
945
946 hash->digest(ctx, hash->digest_size, digest);
947
948 /* namebuff used for workspace above, restore to leave unchanged on exit */
949 p = (unsigned char*)(rrset[0]);
950 extract_name(header, plen, &p, name, 1, 0);
951
952 if (key)
953 {
954 if (algo_in == algo && keytag_in == key_tag &&
955 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
956 return STAT_SECURE;
957 }
958 else
959 {
960 /* iterate through all possible keys 4035 5.3.1 */
961 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
962 if (crecp->addr.key.algo == algo &&
963 crecp->addr.key.keytag == key_tag &&
964 crecp->uid == (unsigned int)class &&
965 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
966 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
967 }
968 }
969
970 return STAT_BOGUS;
971 }
972
973 /* The DNS packet is expected to contain the answer to a DNSKEY query.
974 Put all DNSKEYs in the answer which are valid into the cache.
975 return codes:
976 STAT_SECURE At least one valid DNSKEY found and in cache.
977 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
978 or self-sign for DNSKEY RRset is not valid, bad packet.
979 STAT_NEED_DS DS records to validate a key not found, name in keyname
980 */
981 int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
982 {
983 unsigned char *psave, *p = (unsigned char *)(header+1);
984 struct crec *crecp, *recp1;
985 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
986 struct blockdata *key;
987 struct all_addr a;
988
989 if (ntohs(header->qdcount) != 1 ||
990 !extract_name(header, plen, &p, name, 1, 4))
991 return STAT_BOGUS;
992
993 GETSHORT(qtype, p);
994 GETSHORT(qclass, p);
995
996 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
997 return STAT_BOGUS;
998
999 /* See if we have cached a DS record which validates this key */
1000 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
1001 {
1002 strcpy(keyname, name);
1003 return STAT_NEED_DS;
1004 }
1005
1006 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
1007 if (crecp->flags & F_NEG)
1008 return STAT_INSECURE_DS;
1009
1010 /* NOTE, we need to find ONE DNSKEY which matches the DS */
1011 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
1012 {
1013 /* Ensure we have type, class TTL and length */
1014 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1015 return STAT_BOGUS; /* bad packet */
1016
1017 GETSHORT(qtype, p);
1018 GETSHORT(qclass, p);
1019 GETLONG(ttl, p);
1020 GETSHORT(rdlen, p);
1021
1022 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
1023 return STAT_BOGUS; /* bad packet */
1024
1025 if (qclass != class || qtype != T_DNSKEY || rc == 2)
1026 {
1027 p += rdlen;
1028 continue;
1029 }
1030
1031 psave = p;
1032
1033 GETSHORT(flags, p);
1034 if (*p++ != 3)
1035 return STAT_BOGUS;
1036 algo = *p++;
1037 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1038 key = NULL;
1039
1040 /* key must have zone key flag set */
1041 if (flags & 0x100)
1042 key = blockdata_alloc((char*)p, rdlen - 4);
1043
1044 p = psave;
1045
1046 if (!ADD_RDLEN(header, p, plen, rdlen))
1047 {
1048 if (key)
1049 blockdata_free(key);
1050 return STAT_BOGUS; /* bad packet */
1051 }
1052
1053 /* No zone key flag or malloc failure */
1054 if (!key)
1055 continue;
1056
1057 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
1058 {
1059 void *ctx;
1060 unsigned char *digest, *ds_digest;
1061 const struct nettle_hash *hash;
1062
1063 if (recp1->addr.ds.algo == algo &&
1064 recp1->addr.ds.keytag == keytag &&
1065 recp1->uid == (unsigned int)class &&
1066 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
1067 hash_init(hash, &ctx, &digest))
1068
1069 {
1070 int wire_len = to_wire(name);
1071
1072 /* Note that digest may be different between DSs, so
1073 we can't move this outside the loop. */
1074 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
1075 hash->update(ctx, (unsigned int)rdlen, psave);
1076 hash->digest(ctx, hash->digest_size, digest);
1077
1078 from_wire(name);
1079
1080 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
1081 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
1082 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
1083 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
1084 {
1085 valid = 1;
1086 break;
1087 }
1088 }
1089 }
1090 blockdata_free(key);
1091 }
1092
1093 if (valid)
1094 {
1095 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
1096 cache_start_insert();
1097
1098 p = skip_questions(header, plen);
1099
1100 for (j = ntohs(header->ancount); j != 0; j--)
1101 {
1102 /* Ensure we have type, class TTL and length */
1103 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1104 return STAT_INSECURE; /* bad packet */
1105
1106 GETSHORT(qtype, p);
1107 GETSHORT(qclass, p);
1108 GETLONG(ttl, p);
1109 GETSHORT(rdlen, p);
1110
1111 if (!CHECK_LEN(header, p, plen, rdlen))
1112 return STAT_BOGUS; /* bad packet */
1113
1114 if (qclass == class && rc == 1)
1115 {
1116 psave = p;
1117
1118 if (qtype == T_DNSKEY)
1119 {
1120 if (rdlen < 4)
1121 return STAT_BOGUS; /* bad packet */
1122
1123 GETSHORT(flags, p);
1124 if (*p++ != 3)
1125 return STAT_BOGUS;
1126 algo = *p++;
1127 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1128
1129 /* Cache needs to known class for DNSSEC stuff */
1130 a.addr.dnssec.class = class;
1131
1132 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1133 {
1134 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1135 blockdata_free(key);
1136 else
1137 {
1138 a.addr.keytag = keytag;
1139 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1140
1141 recp1->addr.key.keylen = rdlen - 4;
1142 recp1->addr.key.keydata = key;
1143 recp1->addr.key.algo = algo;
1144 recp1->addr.key.keytag = keytag;
1145 recp1->addr.key.flags = flags;
1146 }
1147 }
1148 }
1149 else if (qtype == T_RRSIG)
1150 {
1151 /* RRSIG, cache if covers DNSKEY RRset */
1152 if (rdlen < 18)
1153 return STAT_BOGUS; /* bad packet */
1154
1155 GETSHORT(type_covered, p);
1156
1157 if (type_covered == T_DNSKEY)
1158 {
1159 a.addr.dnssec.class = class;
1160 a.addr.dnssec.type = type_covered;
1161
1162 algo = *p++;
1163 p += 13; /* labels, orig_ttl, expiration, inception */
1164 GETSHORT(keytag, p);
1165 if ((key = blockdata_alloc((char*)psave, rdlen)))
1166 {
1167 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1168 blockdata_free(key);
1169 else
1170 {
1171 crecp->addr.sig.keydata = key;
1172 crecp->addr.sig.keylen = rdlen;
1173 crecp->addr.sig.keytag = keytag;
1174 crecp->addr.sig.type_covered = type_covered;
1175 crecp->addr.sig.algo = algo;
1176 }
1177 }
1178 }
1179 }
1180
1181 p = psave;
1182 }
1183
1184 if (!ADD_RDLEN(header, p, plen, rdlen))
1185 return STAT_BOGUS; /* bad packet */
1186 }
1187
1188 /* commit cache insert. */
1189 cache_end_insert();
1190 return STAT_SECURE;
1191 }
1192
1193 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1194 return STAT_BOGUS;
1195 }
1196
1197 /* The DNS packet is expected to contain the answer to a DS query
1198 Put all DSs in the answer which are valid into the cache.
1199 return codes:
1200 STAT_SECURE At least one valid DS found and in cache.
1201 STAT_NO_DS It's proved there's no DS here.
1202 STAT_NO_NS It's proved there's no DS _or_ NS here.
1203 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
1204 STAT_NEED_KEY DNSKEY records to validate a DS not found, name in keyname
1205 */
1206
1207 int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1208 {
1209 unsigned char *p = (unsigned char *)(header+1);
1210 int qtype, qclass, val, i, neganswer, nons;
1211
1212 if (ntohs(header->qdcount) != 1 ||
1213 !(p = skip_name(p, header, plen, 4)))
1214 return STAT_BOGUS;
1215
1216 GETSHORT(qtype, p);
1217 GETSHORT(qclass, p);
1218
1219 if (qtype != T_DS || qclass != class)
1220 val = STAT_BOGUS;
1221 else
1222 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
1223 /* Note dnssec_validate_reply() will have cached positive answers */
1224
1225 if (val == STAT_INSECURE)
1226 val = STAT_BOGUS;
1227
1228 p = (unsigned char *)(header+1);
1229 extract_name(header, plen, &p, name, 1, 4);
1230 p += 4; /* qtype, qclass */
1231
1232 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1233 val = STAT_BOGUS;
1234
1235 /* If we return STAT_NO_SIG, name contains the name of the DS query */
1236 if (val == STAT_NO_SIG)
1237 {
1238 *keyname = 0;
1239 return val;
1240 }
1241
1242 /* If the key needed to validate the DS is on the same domain as the DS, we'll
1243 loop getting nowhere. Stop that now. This can happen of the DS answer comes
1244 from the DS's zone, and not the parent zone. */
1245 if (val == STAT_BOGUS || (val == STAT_NEED_KEY && hostname_isequal(name, keyname)))
1246 {
1247 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
1248 return STAT_BOGUS;
1249 }
1250
1251 /* By here, the answer is proved secure, and a positive answer has been cached. */
1252 if (val == STAT_SECURE && neganswer)
1253 {
1254 int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
1255 unsigned long ttl, minttl = ULONG_MAX;
1256 struct all_addr a;
1257
1258 if (RCODE(header) == NXDOMAIN)
1259 flags |= F_NXDOMAIN;
1260
1261 /* We only cache validated DS records, DNSSECOK flag hijacked
1262 to store presence/absence of NS. */
1263 if (nons)
1264 flags &= ~F_DNSSECOK;
1265
1266 for (i = ntohs(header->nscount); i != 0; i--)
1267 {
1268 if (!(p = skip_name(p, header, plen, 0)))
1269 return STAT_BOGUS;
1270
1271 GETSHORT(qtype, p);
1272 GETSHORT(qclass, p);
1273 GETLONG(ttl, p);
1274 GETSHORT(rdlen, p);
1275
1276 if (!CHECK_LEN(header, p, plen, rdlen))
1277 return STAT_BOGUS; /* bad packet */
1278
1279 if (qclass != class || qtype != T_SOA)
1280 {
1281 p += rdlen;
1282 continue;
1283 }
1284
1285 if (ttl < minttl)
1286 minttl = ttl;
1287
1288 /* MNAME */
1289 if (!(p = skip_name(p, header, plen, 0)))
1290 return STAT_BOGUS;
1291 /* RNAME */
1292 if (!(p = skip_name(p, header, plen, 20)))
1293 return STAT_BOGUS;
1294 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1295
1296 GETLONG(ttl, p); /* minTTL */
1297 if (ttl < minttl)
1298 minttl = ttl;
1299
1300 break;
1301 }
1302
1303 if (i != 0)
1304 {
1305 cache_start_insert();
1306
1307 a.addr.dnssec.class = class;
1308 cache_insert(name, &a, now, ttl, flags);
1309
1310 cache_end_insert();
1311
1312 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
1313 }
1314
1315 return nons ? STAT_NO_NS : STAT_NO_DS;
1316 }
1317
1318 return val;
1319 }
1320
1321 /* 4034 6.1 */
1322 static int hostname_cmp(const char *a, const char *b)
1323 {
1324 char *sa, *ea, *ca, *sb, *eb, *cb;
1325 unsigned char ac, bc;
1326
1327 sa = ea = (char *)a + strlen(a);
1328 sb = eb = (char *)b + strlen(b);
1329
1330 while (1)
1331 {
1332 while (sa != a && *(sa-1) != '.')
1333 sa--;
1334
1335 while (sb != b && *(sb-1) != '.')
1336 sb--;
1337
1338 ca = sa;
1339 cb = sb;
1340
1341 while (1)
1342 {
1343 if (ca == ea)
1344 {
1345 if (cb == eb)
1346 break;
1347
1348 return -1;
1349 }
1350
1351 if (cb == eb)
1352 return 1;
1353
1354 ac = (unsigned char) *ca++;
1355 bc = (unsigned char) *cb++;
1356
1357 if (ac >= 'A' && ac <= 'Z')
1358 ac += 'a' - 'A';
1359 if (bc >= 'A' && bc <= 'Z')
1360 bc += 'a' - 'A';
1361
1362 if (ac < bc)
1363 return -1;
1364 else if (ac != bc)
1365 return 1;
1366 }
1367
1368
1369 if (sa == a)
1370 {
1371 if (sb == b)
1372 return 0;
1373
1374 return -1;
1375 }
1376
1377 if (sb == b)
1378 return 1;
1379
1380 ea = sa--;
1381 eb = sb--;
1382 }
1383 }
1384
1385 /* Find all the NSEC or NSEC3 records in a reply.
1386 return an array of pointers to them. */
1387 static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1388 {
1389 static unsigned char **nsecset = NULL;
1390 static int nsecset_sz = 0;
1391
1392 int type_found = 0;
1393 unsigned char *p = skip_questions(header, plen);
1394 int type, class, rdlen, i, nsecs_found;
1395
1396 /* Move to NS section */
1397 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1398 return 0;
1399
1400 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1401 {
1402 unsigned char *pstart = p;
1403
1404 if (!(p = skip_name(p, header, plen, 10)))
1405 return 0;
1406
1407 GETSHORT(type, p);
1408 GETSHORT(class, p);
1409 p += 4; /* TTL */
1410 GETSHORT(rdlen, p);
1411
1412 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1413 {
1414 /* No mixed NSECing 'round here, thankyouverymuch */
1415 if (type_found == T_NSEC && type == T_NSEC3)
1416 return 0;
1417 if (type_found == T_NSEC3 && type == T_NSEC)
1418 return 0;
1419
1420 type_found = type;
1421
1422 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1423 return 0;
1424
1425 nsecset[nsecs_found++] = pstart;
1426 }
1427
1428 if (!ADD_RDLEN(header, p, plen, rdlen))
1429 return 0;
1430 }
1431
1432 *nsecsetp = nsecset;
1433 *nsecsetl = nsecs_found;
1434
1435 return type_found;
1436 }
1437
1438 static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1439 char *workspace1, char *workspace2, char *name, int type, int *nons)
1440 {
1441 int i, rc, rdlen;
1442 unsigned char *p, *psave;
1443 int offset = (type & 0xff) >> 3;
1444 int mask = 0x80 >> (type & 0x07);
1445
1446 if (nons)
1447 *nons = 0;
1448
1449 /* Find NSEC record that proves name doesn't exist */
1450 for (i = 0; i < nsec_count; i++)
1451 {
1452 p = nsecs[i];
1453 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1454 return STAT_BOGUS;
1455 p += 8; /* class, type, TTL */
1456 GETSHORT(rdlen, p);
1457 psave = p;
1458 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1459 return STAT_BOGUS;
1460
1461 rc = hostname_cmp(workspace1, name);
1462
1463 if (rc == 0)
1464 {
1465 /* 4035 para 5.4. Last sentence */
1466 if (type == T_NSEC || type == T_RRSIG)
1467 return STAT_SECURE;
1468
1469 /* NSEC with the same name as the RR we're testing, check
1470 that the type in question doesn't appear in the type map */
1471 rdlen -= p - psave;
1472 /* rdlen is now length of type map, and p points to it */
1473
1474 /* If we can prove that there's no NS record, return that information. */
1475 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1476 *nons = 1;
1477
1478 while (rdlen >= 2)
1479 {
1480 if (!CHECK_LEN(header, p, plen, rdlen))
1481 return STAT_BOGUS;
1482
1483 if (p[0] == type >> 8)
1484 {
1485 /* Does the NSEC say our type exists? */
1486 if (offset < p[1] && (p[offset+2] & mask) != 0)
1487 return STAT_BOGUS;
1488
1489 break; /* finshed checking */
1490 }
1491
1492 rdlen -= p[1];
1493 p += p[1];
1494 }
1495
1496 return STAT_SECURE;
1497 }
1498 else if (rc == -1)
1499 {
1500 /* Normal case, name falls between NSEC name and next domain name,
1501 wrap around case, name falls between NSEC name (rc == -1) and end */
1502 if (hostname_cmp(workspace2, name) >= 0 || hostname_cmp(workspace1, workspace2) >= 0)
1503 return STAT_SECURE;
1504 }
1505 else
1506 {
1507 /* wrap around case, name falls between start and next domain name */
1508 if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
1509 return STAT_SECURE;
1510 }
1511 }
1512
1513 return STAT_BOGUS;
1514 }
1515
1516 /* return digest length, or zero on error */
1517 static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1518 unsigned char *salt, int salt_len, int iterations)
1519 {
1520 void *ctx;
1521 unsigned char *digest;
1522 int i;
1523
1524 if (!hash_init(hash, &ctx, &digest))
1525 return 0;
1526
1527 hash->update(ctx, to_wire(in), (unsigned char *)in);
1528 hash->update(ctx, salt_len, salt);
1529 hash->digest(ctx, hash->digest_size, digest);
1530
1531 for(i = 0; i < iterations; i++)
1532 {
1533 hash->update(ctx, hash->digest_size, digest);
1534 hash->update(ctx, salt_len, salt);
1535 hash->digest(ctx, hash->digest_size, digest);
1536 }
1537
1538 from_wire(in);
1539
1540 *out = digest;
1541 return hash->digest_size;
1542 }
1543
1544 /* Decode base32 to first "." or end of string */
1545 static int base32_decode(char *in, unsigned char *out)
1546 {
1547 int oc, on, c, mask, i;
1548 unsigned char *p = out;
1549
1550 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
1551 {
1552 if (c >= '0' && c <= '9')
1553 c -= '0';
1554 else if (c >= 'a' && c <= 'v')
1555 c -= 'a', c += 10;
1556 else if (c >= 'A' && c <= 'V')
1557 c -= 'A', c += 10;
1558 else
1559 return 0;
1560
1561 for (mask = 0x10, i = 0; i < 5; i++)
1562 {
1563 if (c & mask)
1564 oc |= 1;
1565 mask = mask >> 1;
1566 if (((++on) & 7) == 0)
1567 *p++ = oc;
1568 oc = oc << 1;
1569 }
1570 }
1571
1572 if ((on & 7) != 0)
1573 return 0;
1574
1575 return p - out;
1576 }
1577
1578 static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1579 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
1580 {
1581 int i, hash_len, salt_len, base32_len, rdlen;
1582 unsigned char *p, *psave;
1583
1584 for (i = 0; i < nsec_count; i++)
1585 if ((p = nsecs[i]))
1586 {
1587 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1588 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1589 return 0;
1590
1591 p += 8; /* class, type, TTL */
1592 GETSHORT(rdlen, p);
1593 psave = p;
1594 p += 4; /* algo, flags, iterations */
1595 salt_len = *p++; /* salt_len */
1596 p += salt_len; /* salt */
1597 hash_len = *p++; /* p now points to next hashed name */
1598
1599 if (!CHECK_LEN(header, p, plen, hash_len))
1600 return 0;
1601
1602 if (digest_len == base32_len && hash_len == base32_len)
1603 {
1604 int rc = memcmp(workspace2, digest, digest_len);
1605
1606 if (rc == 0)
1607 {
1608 /* We found an NSEC3 whose hashed name exactly matches the query, so
1609 we just need to check the type map. p points to the RR data for the record. */
1610
1611 int offset = (type & 0xff) >> 3;
1612 int mask = 0x80 >> (type & 0x07);
1613
1614 p += hash_len; /* skip next-domain hash */
1615 rdlen -= p - psave;
1616
1617 if (!CHECK_LEN(header, p, plen, rdlen))
1618 return 0;
1619
1620 /* If we can prove that there's no NS record, return that information. */
1621 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1622 *nons = 1;
1623
1624 while (rdlen >= 2)
1625 {
1626 if (p[0] == type >> 8)
1627 {
1628 /* Does the NSEC3 say our type exists? */
1629 if (offset < p[1] && (p[offset+2] & mask) != 0)
1630 return STAT_BOGUS;
1631
1632 break; /* finshed checking */
1633 }
1634
1635 rdlen -= p[1];
1636 p += p[1];
1637 }
1638
1639 return 1;
1640 }
1641 else if (rc < 0)
1642 {
1643 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1644 wrap around case, name-hash falls between NSEC3 name-hash and end */
1645 if (memcmp(p, digest, digest_len) >= 0 || memcmp(workspace2, p, digest_len) >= 0)
1646 return 1;
1647 }
1648 else
1649 {
1650 /* wrap around case, name falls between start and next domain name */
1651 if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
1652 return 1;
1653 }
1654 }
1655 }
1656 return 0;
1657 }
1658
1659 static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1660 char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
1661 {
1662 unsigned char *salt, *p, *digest;
1663 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
1664 struct nettle_hash const *hash;
1665 char *closest_encloser, *next_closest, *wildcard;
1666
1667 if (nons)
1668 *nons = 0;
1669
1670 /* Look though the NSEC3 records to find the first one with
1671 an algorithm we support (currently only algo == 1).
1672
1673 Take the algo, iterations, and salt of that record
1674 as the ones we're going to use, and prune any
1675 that don't match. */
1676
1677 for (i = 0; i < nsec_count; i++)
1678 {
1679 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1680 return STAT_BOGUS; /* bad packet */
1681
1682 p += 10; /* type, class, TTL, rdlen */
1683 algo = *p++;
1684
1685 if (algo == 1)
1686 break; /* known algo */
1687 }
1688
1689 /* No usable NSEC3s */
1690 if (i == nsec_count)
1691 return STAT_BOGUS;
1692
1693 p++; /* flags */
1694 GETSHORT (iterations, p);
1695 salt_len = *p++;
1696 salt = p;
1697 if (!CHECK_LEN(header, salt, plen, salt_len))
1698 return STAT_BOGUS; /* bad packet */
1699
1700 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1701 for (i = 0; i < nsec_count; i++)
1702 {
1703 unsigned char *nsec3p = nsecs[i];
1704 int this_iter;
1705
1706 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1707
1708 if (!(p = skip_name(nsec3p, header, plen, 15)))
1709 return STAT_BOGUS; /* bad packet */
1710
1711 p += 10; /* type, class, TTL, rdlen */
1712
1713 if (*p++ != algo)
1714 continue;
1715
1716 p++; /* flags */
1717
1718 GETSHORT(this_iter, p);
1719 if (this_iter != iterations)
1720 continue;
1721
1722 if (salt_len != *p++)
1723 continue;
1724
1725 if (!CHECK_LEN(header, p, plen, salt_len))
1726 return STAT_BOGUS; /* bad packet */
1727
1728 if (memcmp(p, salt, salt_len) != 0)
1729 continue;
1730
1731 /* All match, put the pointer back */
1732 nsecs[i] = nsec3p;
1733 }
1734
1735 /* Algo is checked as 1 above */
1736 if (!(hash = hash_find("sha1")))
1737 return STAT_BOGUS;
1738
1739 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1740 return STAT_BOGUS;
1741
1742 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
1743 return STAT_SECURE;
1744
1745 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1746 or an answer inferred from a wildcard record. */
1747 closest_encloser = name;
1748 next_closest = NULL;
1749
1750 do
1751 {
1752 if (*closest_encloser == '.')
1753 closest_encloser++;
1754
1755 if (wildname && hostname_isequal(closest_encloser, wildname))
1756 break;
1757
1758 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1759 return STAT_BOGUS;
1760
1761 for (i = 0; i < nsec_count; i++)
1762 if ((p = nsecs[i]))
1763 {
1764 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1765 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1766 return STAT_BOGUS;
1767
1768 if (digest_len == base32_len &&
1769 memcmp(digest, workspace2, digest_len) == 0)
1770 break; /* Gotit */
1771 }
1772
1773 if (i != nsec_count)
1774 break;
1775
1776 next_closest = closest_encloser;
1777 }
1778 while ((closest_encloser = strchr(closest_encloser, '.')));
1779
1780 if (!closest_encloser)
1781 return STAT_BOGUS;
1782
1783 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1784 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1785 return STAT_BOGUS;
1786
1787 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1788 return STAT_BOGUS;
1789
1790 /* Finally, check that there's no seat of wildcard synthesis */
1791 if (!wildname)
1792 {
1793 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1794 return STAT_BOGUS;
1795
1796 wildcard--;
1797 *wildcard = '*';
1798
1799 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1800 return STAT_BOGUS;
1801
1802 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1803 return STAT_BOGUS;
1804 }
1805
1806 return STAT_SECURE;
1807 }
1808
1809 /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1810 /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1811 int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1812 int *class, int *neganswer, int *nons)
1813 {
1814 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1815 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1816 int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
1817 int nsec_type = 0, have_answer = 0;
1818
1819 if (neganswer)
1820 *neganswer = 0;
1821
1822 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1823 return STAT_BOGUS;
1824
1825 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1826 return STAT_INSECURE;
1827
1828 qname = p1 = (unsigned char *)(header+1);
1829
1830 if (!extract_name(header, plen, &p1, name, 1, 4))
1831 return STAT_BOGUS;
1832
1833 GETSHORT(qtype, p1);
1834 GETSHORT(qclass, p1);
1835 ans_start = p1;
1836
1837 if (qtype == T_ANY)
1838 have_answer = 1;
1839
1840 /* Can't validate an RRISG query */
1841 if (qtype == T_RRSIG)
1842 return STAT_INSECURE;
1843
1844 cname_loop:
1845 for (j = ntohs(header->ancount); j != 0; j--)
1846 {
1847 /* leave pointer to missing name in qname */
1848
1849 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1850 return STAT_BOGUS; /* bad packet */
1851
1852 GETSHORT(type2, p1);
1853 GETSHORT(class2, p1);
1854 p1 += 4; /* TTL */
1855 GETSHORT(rdlen2, p1);
1856
1857 if (rc == 1 && qclass == class2)
1858 {
1859 /* Do we have an answer for the question? */
1860 if (type2 == qtype)
1861 {
1862 have_answer = 1;
1863 break;
1864 }
1865 else if (type2 == T_CNAME)
1866 {
1867 qname = p1;
1868
1869 /* looped CNAMES */
1870 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1871 return STAT_BOGUS;
1872
1873 p1 = ans_start;
1874 goto cname_loop;
1875 }
1876 }
1877
1878 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1879 return STAT_BOGUS;
1880 }
1881
1882 if (neganswer && !have_answer)
1883 *neganswer = 1;
1884
1885 /* No data, therefore no sigs */
1886 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1887 {
1888 *keyname = 0;
1889 return STAT_NO_SIG;
1890 }
1891
1892 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1893 {
1894 if (!extract_name(header, plen, &p1, name, 1, 10))
1895 return STAT_BOGUS; /* bad packet */
1896
1897 GETSHORT(type1, p1);
1898 GETSHORT(class1, p1);
1899 p1 += 4; /* TTL */
1900 GETSHORT(rdlen1, p1);
1901
1902 /* Don't try and validate RRSIGs! */
1903 if (type1 != T_RRSIG)
1904 {
1905 /* Check if we've done this RRset already */
1906 for (p2 = ans_start, j = 0; j < i; j++)
1907 {
1908 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1909 return STAT_BOGUS; /* bad packet */
1910
1911 GETSHORT(type2, p2);
1912 GETSHORT(class2, p2);
1913 p2 += 4; /* TTL */
1914 GETSHORT(rdlen2, p2);
1915
1916 if (type2 == type1 && class2 == class1 && rc == 1)
1917 break; /* Done it before: name, type, class all match. */
1918
1919 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1920 return STAT_BOGUS;
1921 }
1922
1923 /* Not done, validate now */
1924 if (j == i)
1925 {
1926 int ttl, keytag, algo, digest, type_covered;
1927 unsigned char *psave;
1928 struct all_addr a;
1929 struct blockdata *key;
1930 struct crec *crecp;
1931 char *wildname;
1932 int have_wildcard = 0;
1933
1934 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
1935
1936 if (rc == STAT_SECURE_WILDCARD)
1937 {
1938 have_wildcard = 1;
1939
1940 /* An attacker replay a wildcard answer with a different
1941 answer and overlay a genuine RR. To prove this
1942 hasn't happened, the answer must prove that
1943 the gennuine record doesn't exist. Check that here. */
1944 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1945 return STAT_BOGUS; /* No NSECs or bad packet */
1946
1947 if (nsec_type == T_NSEC)
1948 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
1949 else
1950 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
1951 keyname, name, type1, wildname, NULL);
1952
1953 if (rc != STAT_SECURE)
1954 return rc;
1955 }
1956 else if (rc != STAT_SECURE)
1957 {
1958 if (class)
1959 *class = class1; /* Class for DS or DNSKEY */
1960
1961 if (rc == STAT_NO_SIG)
1962 {
1963 /* If we dropped off the end of a CNAME chain, return
1964 STAT_NO_SIG and the last name is keyname. This is used for proving non-existence
1965 if DS records in CNAME chains. */
1966 if (cname_count == CNAME_CHAIN || i < ntohs(header->ancount))
1967 /* No CNAME chain, or no sig in answer section, return empty name. */
1968 *keyname = 0;
1969 else if (!extract_name(header, plen, &qname, keyname, 1, 0))
1970 return STAT_BOGUS;
1971 }
1972
1973 return rc;
1974 }
1975
1976 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1977 cache_start_insert();
1978
1979 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
1980 {
1981 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1982 return STAT_BOGUS; /* bad packet */
1983
1984 GETSHORT(type2, p2);
1985 GETSHORT(class2, p2);
1986 GETLONG(ttl, p2);
1987 GETSHORT(rdlen2, p2);
1988
1989 if (!CHECK_LEN(header, p2, plen, rdlen2))
1990 return STAT_BOGUS; /* bad packet */
1991
1992 if (class2 == class1 && rc == 1)
1993 {
1994 psave = p2;
1995
1996 if (type1 == T_DS && type2 == T_DS)
1997 {
1998 if (rdlen2 < 4)
1999 return STAT_BOGUS; /* bad packet */
2000
2001 GETSHORT(keytag, p2);
2002 algo = *p2++;
2003 digest = *p2++;
2004
2005 /* Cache needs to known class for DNSSEC stuff */
2006 a.addr.dnssec.class = class2;
2007
2008 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
2009 {
2010 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
2011 blockdata_free(key);
2012 else
2013 {
2014 a.addr.keytag = keytag;
2015 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
2016 crecp->addr.ds.digest = digest;
2017 crecp->addr.ds.keydata = key;
2018 crecp->addr.ds.algo = algo;
2019 crecp->addr.ds.keytag = keytag;
2020 crecp->addr.ds.keylen = rdlen2 - 4;
2021 }
2022 }
2023 }
2024 else if (type2 == T_RRSIG)
2025 {
2026 if (rdlen2 < 18)
2027 return STAT_BOGUS; /* bad packet */
2028
2029 GETSHORT(type_covered, p2);
2030
2031 if (type_covered == type1 &&
2032 (type_covered == T_A || type_covered == T_AAAA ||
2033 type_covered == T_CNAME || type_covered == T_DS ||
2034 type_covered == T_DNSKEY || type_covered == T_PTR))
2035 {
2036 a.addr.dnssec.type = type_covered;
2037 a.addr.dnssec.class = class1;
2038
2039 algo = *p2++;
2040 p2 += 13; /* labels, orig_ttl, expiration, inception */
2041 GETSHORT(keytag, p2);
2042
2043 /* We don't cache sigs for wildcard answers, because to reproduce the
2044 answer from the cache will require one or more NSEC/NSEC3 records
2045 which we don't cache. The lack of the RRSIG ensures that a query for
2046 this RRset asking for a secure answer will always be forwarded. */
2047 if (!have_wildcard && (key = blockdata_alloc((char*)psave, rdlen2)))
2048 {
2049 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
2050 blockdata_free(key);
2051 else
2052 {
2053 crecp->addr.sig.keydata = key;
2054 crecp->addr.sig.keylen = rdlen2;
2055 crecp->addr.sig.keytag = keytag;
2056 crecp->addr.sig.type_covered = type_covered;
2057 crecp->addr.sig.algo = algo;
2058 }
2059 }
2060 }
2061 }
2062
2063 p2 = psave;
2064 }
2065
2066 if (!ADD_RDLEN(header, p2, plen, rdlen2))
2067 return STAT_BOGUS; /* bad packet */
2068 }
2069
2070 cache_end_insert();
2071 }
2072 }
2073
2074 if (!ADD_RDLEN(header, p1, plen, rdlen1))
2075 return STAT_BOGUS;
2076 }
2077
2078 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
2079 if (have_answer)
2080 return STAT_SECURE;
2081
2082 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
2083 /* First marshall the NSEC records, if we've not done it previously */
2084 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
2085 {
2086 /* No NSEC records. If we dropped off the end of a CNAME chain, return
2087 STAT_NO_SIG and the last name is keyname. This is used for proving non-existence
2088 if DS records in CNAME chains. */
2089 if (cname_count == CNAME_CHAIN) /* No CNAME chain, return empty name. */
2090 *keyname = 0;
2091 else if (!extract_name(header, plen, &qname, keyname, 1, 0))
2092 return STAT_BOGUS;
2093 return STAT_NO_SIG; /* No NSECs, this is probably a dangling CNAME pointing into
2094 an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
2095 }
2096
2097 /* Get name of missing answer */
2098 if (!extract_name(header, plen, &qname, name, 1, 0))
2099 return STAT_BOGUS;
2100
2101 if (nsec_type == T_NSEC)
2102 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
2103 else
2104 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
2105 }
2106
2107 /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2108 Needed for proving answer in unsigned space.
2109 Return STAT_NEED_*
2110 STAT_BOGUS - error
2111 STAT_INSECURE - name of first non-secure record in name
2112 */
2113 int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
2114 {
2115 unsigned char *p = (unsigned char *)(header+1);
2116 int type, class, qclass, rdlen, j, rc;
2117 int cname_count = CNAME_CHAIN;
2118 char *wildname;
2119
2120 /* Get question */
2121 if (!extract_name(header, plen, &p, name, 1, 4))
2122 return STAT_BOGUS;
2123
2124 p +=2; /* type */
2125 GETSHORT(qclass, p);
2126
2127 while (1)
2128 {
2129 for (j = ntohs(header->ancount); j != 0; j--)
2130 {
2131 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
2132 return STAT_BOGUS; /* bad packet */
2133
2134 GETSHORT(type, p);
2135 GETSHORT(class, p);
2136 p += 4; /* TTL */
2137 GETSHORT(rdlen, p);
2138
2139 /* Not target, loop */
2140 if (rc == 2 || qclass != class)
2141 {
2142 if (!ADD_RDLEN(header, p, plen, rdlen))
2143 return STAT_BOGUS;
2144 continue;
2145 }
2146
2147 /* Got to end of CNAME chain. */
2148 if (type != T_CNAME)
2149 return STAT_INSECURE;
2150
2151 /* validate CNAME chain, return if insecure or need more data */
2152 rc = validate_rrset(now, header, plen, class, type, name, keyname, &wildname, NULL, 0, 0, 0);
2153
2154 if (rc == STAT_SECURE_WILDCARD)
2155 {
2156 int nsec_type, nsec_count, i;
2157 unsigned char **nsecs;
2158
2159 /* An attacker can replay a wildcard answer with a different
2160 answer and overlay a genuine RR. To prove this
2161 hasn't happened, the answer must prove that
2162 the genuine record doesn't exist. Check that here. */
2163 if (!(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class)))
2164 return STAT_BOGUS; /* No NSECs or bad packet */
2165
2166 /* Note that we're called here because something didn't validate in validate_reply,
2167 so we can't assume that any NSEC records have been validated. We do them by steam here */
2168
2169 for (i = 0; i < nsec_count; i++)
2170 {
2171 unsigned char *p1 = nsecs[i];
2172
2173 if (!extract_name(header, plen, &p1, daemon->workspacename, 1, 0))
2174 return STAT_BOGUS;
2175
2176 rc = validate_rrset(now, header, plen, class, nsec_type, daemon->workspacename, keyname, NULL, NULL, 0, 0, 0);
2177
2178 /* NSECs can't be wildcards. */
2179 if (rc == STAT_SECURE_WILDCARD)
2180 rc = STAT_BOGUS;
2181
2182 if (rc != STAT_SECURE)
2183 return rc;
2184 }
2185
2186 if (nsec_type == T_NSEC)
2187 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type, NULL);
2188 else
2189 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
2190 keyname, name, type, wildname, NULL);
2191
2192 if (rc != STAT_SECURE)
2193 return rc;
2194 }
2195
2196 if (rc != STAT_SECURE)
2197 {
2198 if (rc == STAT_NO_SIG)
2199 rc = STAT_INSECURE;
2200 return rc;
2201 }
2202
2203 /* Loop down CNAME chain/ */
2204 if (!cname_count-- ||
2205 !extract_name(header, plen, &p, name, 1, 0) ||
2206 !(p = skip_questions(header, plen)))
2207 return STAT_BOGUS;
2208
2209 break;
2210 }
2211
2212 /* End of CNAME chain */
2213 return STAT_INSECURE;
2214 }
2215 }
2216
2217
2218 /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2219 int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
2220 {
2221 if (alg == 1)
2222 {
2223 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2224 See RFC4034, Appendix B.1 */
2225 return key[keylen-4] * 256 + key[keylen-3];
2226 }
2227 else
2228 {
2229 unsigned long ac = flags + 0x300 + alg;
2230 int i;
2231
2232 for (i = 0; i < keylen; ++i)
2233 ac += (i & 1) ? key[i] : key[i] << 8;
2234
2235 ac += (ac >> 16) & 0xffff;
2236 return ac & 0xffff;
2237 }
2238 }
2239
2240 size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class,
2241 int type, union mysockaddr *addr, int edns_pktsz)
2242 {
2243 unsigned char *p;
2244 char *types = querystr("dnssec-query", type);
2245 size_t ret;
2246
2247 if (addr->sa.sa_family == AF_INET)
2248 log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2249 #ifdef HAVE_IPV6
2250 else
2251 log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2252 #endif
2253
2254 header->qdcount = htons(1);
2255 header->ancount = htons(0);
2256 header->nscount = htons(0);
2257 header->arcount = htons(0);
2258
2259 header->hb3 = HB3_RD;
2260 SET_OPCODE(header, QUERY);
2261 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2262 this allows it to select auth servers when one is returning bad data. */
2263 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2264
2265 /* ID filled in later */
2266
2267 p = (unsigned char *)(header+1);
2268
2269 p = do_rfc1035_name(p, name);
2270 *p++ = 0;
2271 PUTSHORT(type, p);
2272 PUTSHORT(class, p);
2273
2274 ret = add_do_bit(header, p - (unsigned char *)header, end);
2275
2276 if (find_pseudoheader(header, ret, NULL, &p, NULL))
2277 PUTSHORT(edns_pktsz, p);
2278
2279 return ret;
2280 }
2281
2282 /* Go through a domain name, find "pointers" and fix them up based on how many bytes
2283 we've chopped out of the packet, or check they don't point into an elided part. */
2284 static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2285 {
2286 unsigned char *ansp = *namep;
2287
2288 while(1)
2289 {
2290 unsigned int label_type;
2291
2292 if (!CHECK_LEN(header, ansp, plen, 1))
2293 return 0;
2294
2295 label_type = (*ansp) & 0xc0;
2296
2297 if (label_type == 0xc0)
2298 {
2299 /* pointer for compression. */
2300 unsigned int offset;
2301 int i;
2302 unsigned char *p;
2303
2304 if (!CHECK_LEN(header, ansp, plen, 2))
2305 return 0;
2306
2307 offset = ((*ansp++) & 0x3f) << 8;
2308 offset |= *ansp++;
2309
2310 p = offset + (unsigned char *)header;
2311
2312 for (i = 0; i < rr_count; i++)
2313 if (p < rrs[i])
2314 break;
2315 else
2316 if (i & 1)
2317 offset -= rrs[i] - rrs[i-1];
2318
2319 /* does the pointer end up in an elided RR? */
2320 if (i & 1)
2321 return 0;
2322
2323 /* No, scale the pointer */
2324 if (fixup)
2325 {
2326 ansp -= 2;
2327 *ansp++ = (offset >> 8) | 0xc0;
2328 *ansp++ = offset & 0xff;
2329 }
2330 break;
2331 }
2332 else if (label_type == 0x80)
2333 return 0; /* reserved */
2334 else if (label_type == 0x40)
2335 {
2336 /* Extended label type */
2337 unsigned int count;
2338
2339 if (!CHECK_LEN(header, ansp, plen, 2))
2340 return 0;
2341
2342 if (((*ansp++) & 0x3f) != 1)
2343 return 0; /* we only understand bitstrings */
2344
2345 count = *(ansp++); /* Bits in bitstring */
2346
2347 if (count == 0) /* count == 0 means 256 bits */
2348 ansp += 32;
2349 else
2350 ansp += ((count-1)>>3)+1;
2351 }
2352 else
2353 { /* label type == 0 Bottom six bits is length */
2354 unsigned int len = (*ansp++) & 0x3f;
2355
2356 if (!ADD_RDLEN(header, ansp, plen, len))
2357 return 0;
2358
2359 if (len == 0)
2360 break; /* zero length label marks the end. */
2361 }
2362 }
2363
2364 *namep = ansp;
2365
2366 return 1;
2367 }
2368
2369 /* Go through RRs and check or fixup the domain names contained within */
2370 static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2371 {
2372 int i, type, class, rdlen;
2373 unsigned char *pp;
2374
2375 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
2376 {
2377 pp = p;
2378
2379 if (!(p = skip_name(p, header, plen, 10)))
2380 return 0;
2381
2382 GETSHORT(type, p);
2383 GETSHORT(class, p);
2384 p += 4; /* TTL */
2385 GETSHORT(rdlen, p);
2386
2387 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2388 {
2389 /* fixup name of RR */
2390 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2391 return 0;
2392
2393 if (class == C_IN)
2394 {
2395 u16 *d;
2396
2397 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
2398 {
2399 if (*d != 0)
2400 pp += *d;
2401 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2402 return 0;
2403 }
2404 }
2405 }
2406
2407 if (!ADD_RDLEN(header, p, plen, rdlen))
2408 return 0;
2409 }
2410
2411 return 1;
2412 }
2413
2414
2415 size_t filter_rrsigs(struct dns_header *header, size_t plen)
2416 {
2417 static unsigned char **rrs;
2418 static int rr_sz = 0;
2419
2420 unsigned char *p = (unsigned char *)(header+1);
2421 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
2422
2423 if (ntohs(header->qdcount) != 1 ||
2424 !(p = skip_name(p, header, plen, 4)))
2425 return plen;
2426
2427 GETSHORT(qtype, p);
2428 GETSHORT(qclass, p);
2429
2430 /* First pass, find pointers to start and end of all the records we wish to elide:
2431 records added for DNSSEC, unless explicity queried for */
2432 for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
2433 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2434 i++)
2435 {
2436 unsigned char *pstart = p;
2437 int type, class;
2438
2439 if (!(p = skip_name(p, header, plen, 10)))
2440 return plen;
2441
2442 GETSHORT(type, p);
2443 GETSHORT(class, p);
2444 p += 4; /* TTL */
2445 GETSHORT(rdlen, p);
2446
2447 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2448 (type != qtype || class != qclass))
2449 {
2450 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2451 return plen;
2452
2453 rrs[rr_found++] = pstart;
2454
2455 if (!ADD_RDLEN(header, p, plen, rdlen))
2456 return plen;
2457
2458 rrs[rr_found++] = p;
2459
2460 if (i < ntohs(header->ancount))
2461 chop_an++;
2462 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
2463 chop_ns++;
2464 else
2465 chop_ar++;
2466 }
2467 else if (!ADD_RDLEN(header, p, plen, rdlen))
2468 return plen;
2469 }
2470
2471 /* Nothing to do. */
2472 if (rr_found == 0)
2473 return plen;
2474
2475 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2476 point to records we're going to elide. This is theoretically possible, but unlikely. If
2477 it happens, we give up and leave the answer unchanged. */
2478 p = (unsigned char *)(header+1);
2479
2480 /* question first */
2481 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2482 return plen;
2483 p += 4; /* qclass, qtype */
2484
2485 /* Now answers and NS */
2486 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2487 return plen;
2488
2489 /* Third pass, elide records */
2490 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2491 {
2492 unsigned char *start = rrs[i];
2493 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2494
2495 memmove(p, start, end-start);
2496 p += end-start;
2497 }
2498
2499 plen = p - (unsigned char *)header;
2500 header->ancount = htons(ntohs(header->ancount) - chop_an);
2501 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2502 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2503
2504 /* Fourth pass, fix up pointers in the remaining records */
2505 p = (unsigned char *)(header+1);
2506
2507 check_name(&p, header, plen, 1, rrs, rr_found);
2508 p += 4; /* qclass, qtype */
2509
2510 check_rrs(p, header, plen, 1, rrs, rr_found);
2511
2512 return plen;
2513 }
2514
2515 unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2516 {
2517 int q;
2518 unsigned int len;
2519 unsigned char *p = (unsigned char *)(header+1);
2520 const struct nettle_hash *hash;
2521 void *ctx;
2522 unsigned char *digest;
2523
2524 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2525 return NULL;
2526
2527 for (q = ntohs(header->qdcount); q != 0; q--)
2528 {
2529 if (!extract_name(header, plen, &p, name, 1, 4))
2530 break; /* bad packet */
2531
2532 len = to_wire(name);
2533 hash->update(ctx, len, (unsigned char *)name);
2534 /* CRC the class and type as well */
2535 hash->update(ctx, 4, p);
2536
2537 p += 4;
2538 if (!CHECK_LEN(header, p, plen, 0))
2539 break; /* bad packet */
2540 }
2541
2542 hash->digest(ctx, hash->digest_size, digest);
2543 return digest;
2544 }
2545
2546 #endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.