]>
git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnssec.c
1 /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2015 Simon Kelley
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 #include <nettle/rsa.h>
23 #include <nettle/dsa.h>
25 # include <nettle/ecdsa.h>
26 # include <nettle/ecc-curve.h>
28 #include <nettle/nettle-meta.h>
29 #include <nettle/bignum.h>
31 /* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33 #ifdef dsa_params_init
34 #include <nettle/dsa-compat.h>
39 #define SERIAL_UNDEF -100
44 /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45 static char *ds_digest_name(int digest
)
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
57 /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58 static char *algo_digest_name(int algo
)
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
76 /* Find pointer to correct hash function in nettle library */
77 static const struct nettle_hash
*hash_find(char *name
)
84 for (i
= 0; nettle_hashes
[i
]; i
++)
86 if (strcmp(nettle_hashes
[i
]->name
, name
) == 0)
87 return nettle_hashes
[i
];
93 /* expand ctx and digest memory allocations if necessary and init hash function */
94 static int hash_init(const struct nettle_hash
*hash
, void **ctxp
, unsigned char **digestp
)
96 static void *ctx
= NULL
;
97 static unsigned char *digest
= NULL
;
98 static unsigned int ctx_sz
= 0;
99 static unsigned int digest_sz
= 0;
103 if (ctx_sz
< hash
->context_size
)
105 if (!(new = whine_malloc(hash
->context_size
)))
110 ctx_sz
= hash
->context_size
;
113 if (digest_sz
< hash
->digest_size
)
115 if (!(new = whine_malloc(hash
->digest_size
)))
120 digest_sz
= hash
->digest_size
;
131 static int dnsmasq_rsa_verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
132 unsigned char *digest
, int algo
)
137 static struct rsa_public_key
*key
= NULL
;
138 static mpz_t sig_mpz
;
142 if (!(key
= whine_malloc(sizeof(struct rsa_public_key
))))
145 nettle_rsa_public_key_init(key
);
149 if ((key_len
< 3) || !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
153 if ((exp_len
= *p
++) == 0)
155 GETSHORT(exp_len
, p
);
159 if (exp_len
>= key_len
)
162 key
->size
= key_len
- exp_len
;
163 mpz_import(key
->e
, exp_len
, 1, 1, 0, 0, p
);
164 mpz_import(key
->n
, key
->size
, 1, 1, 0, 0, p
+ exp_len
);
166 mpz_import(sig_mpz
, sig_len
, 1, 1, 0, 0, sig
);
171 return nettle_rsa_md5_verify_digest(key
, digest
, sig_mpz
);
173 return nettle_rsa_sha1_verify_digest(key
, digest
, sig_mpz
);
175 return nettle_rsa_sha256_verify_digest(key
, digest
, sig_mpz
);
177 return nettle_rsa_sha512_verify_digest(key
, digest
, sig_mpz
);
183 static int dnsmasq_dsa_verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
184 unsigned char *digest
, int algo
)
189 static struct dsa_public_key
*key
= NULL
;
190 static struct dsa_signature
*sig_struct
;
194 if (!(sig_struct
= whine_malloc(sizeof(struct dsa_signature
))) ||
195 !(key
= whine_malloc(sizeof(struct dsa_public_key
))))
198 nettle_dsa_public_key_init(key
);
199 nettle_dsa_signature_init(sig_struct
);
202 if ((sig_len
< 41) || !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
207 if (key_len
< (213 + (t
* 24)))
210 mpz_import(key
->q
, 20, 1, 1, 0, 0, p
); p
+= 20;
211 mpz_import(key
->p
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
212 mpz_import(key
->g
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
213 mpz_import(key
->y
, 64 + (t
*8), 1, 1, 0, 0, p
); p
+= 64 + (t
*8);
215 mpz_import(sig_struct
->r
, 20, 1, 1, 0, 0, sig
+1);
216 mpz_import(sig_struct
->s
, 20, 1, 1, 0, 0, sig
+21);
220 return nettle_dsa_sha1_verify_digest(key
, digest
, sig_struct
);
223 #ifndef NO_NETTLE_ECC
224 static int dnsmasq_ecdsa_verify(struct blockdata
*key_data
, unsigned int key_len
,
225 unsigned char *sig
, size_t sig_len
,
226 unsigned char *digest
, size_t digest_len
, int algo
)
230 struct ecc_point
*key
;
232 static struct ecc_point
*key_256
= NULL
, *key_384
= NULL
;
234 static struct dsa_signature
*sig_struct
;
238 if (!(sig_struct
= whine_malloc(sizeof(struct dsa_signature
))))
241 nettle_dsa_signature_init(sig_struct
);
251 if (!(key_256
= whine_malloc(sizeof(struct ecc_point
))))
254 nettle_ecc_point_init(key_256
, &nettle_secp_256r1
);
264 if (!(key_384
= whine_malloc(sizeof(struct ecc_point
))))
267 nettle_ecc_point_init(key_384
, &nettle_secp_384r1
);
278 if (sig_len
!= 2*t
|| key_len
!= 2*t
||
279 !(p
= blockdata_retrieve(key_data
, key_len
, NULL
)))
282 mpz_import(x
, t
, 1, 1, 0, 0, p
);
283 mpz_import(y
, t
, 1, 1, 0, 0, p
+ t
);
285 if (!ecc_point_set(key
, x
, y
))
288 mpz_import(sig_struct
->r
, t
, 1, 1, 0, 0, sig
);
289 mpz_import(sig_struct
->s
, t
, 1, 1, 0, 0, sig
+ t
);
291 return nettle_ecdsa_verify(key
, digest_len
, digest
, sig_struct
);
295 static int verify(struct blockdata
*key_data
, unsigned int key_len
, unsigned char *sig
, size_t sig_len
,
296 unsigned char *digest
, size_t digest_len
, int algo
)
302 case 1: case 5: case 7: case 8: case 10:
303 return dnsmasq_rsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, algo
);
306 return dnsmasq_dsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, algo
);
308 #ifndef NO_NETTLE_ECC
310 return dnsmasq_ecdsa_verify(key_data
, key_len
, sig
, sig_len
, digest
, digest_len
, algo
);
317 /* Convert from presentation format to wire format, in place.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
325 static int to_wire(char *name
)
327 unsigned char *l
, *p
, term
;
330 for (l
= (unsigned char*)name
; *l
!= 0; l
= p
)
332 for (p
= l
; *p
!= '.' && *p
!= 0; p
++)
333 if (*p
>= 'A' && *p
<= 'Z')
338 if ((len
= p
- l
) != 0)
339 memmove(l
+1, l
, len
);
348 return l
+ 1 - (unsigned char *)name
;
351 /* Note: no compression allowed in input. */
352 static void from_wire(char *name
)
357 for (l
= (unsigned char *)name
; *l
!= 0; l
+= len
+1)
360 memmove(l
, l
+1, len
);
364 if ((char *)l
!= name
)
368 /* Input in presentation format */
369 static int count_labels(char *name
)
376 for (i
= 0; *name
; name
++)
383 /* Implement RFC1982 wrapped compare for 32-bit numbers */
384 static int serial_compare_32(unsigned long s1
, unsigned long s2
)
389 if ((s1
< s2
&& (s2
- s1
) < (1UL<<31)) ||
390 (s1
> s2
&& (s1
- s2
) > (1UL<<31)))
392 if ((s1
< s2
&& (s2
- s1
) > (1UL<<31)) ||
393 (s1
> s2
&& (s1
- s2
) < (1UL<<31)))
398 /* Called at startup. If the timestamp file is configured and exists, put its mtime on
399 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
400 Change the ownership to the user we'll be running as, so that we can update the mtime.
402 static time_t timestamp_time
;
403 static int back_to_the_future
;
405 int setup_timestamp(uid_t uid
)
409 back_to_the_future
= 0;
411 if (!option_bool(OPT_DNSSEC_VALID
) || !daemon
->timestamp_file
)
414 if (stat(daemon
->timestamp_file
, &statbuf
) != -1)
416 timestamp_time
= statbuf
.st_mtime
;
418 if (difftime(timestamp_time
, time(0)) <= 0)
420 /* time already OK, update timestamp, and do key checking from the start. */
421 if (utime(daemon
->timestamp_file
, NULL
) == -1)
422 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
423 back_to_the_future
= 1;
431 int fd
= open(daemon
->timestamp_file
, O_WRONLY
| O_CREAT
| O_NONBLOCK
, 0666);
434 struct utimbuf timbuf
;
438 timestamp_time
= timbuf
.actime
= timbuf
.modtime
= 1420070400; /* 1-1-2015 */
439 if (utime(daemon
->timestamp_file
, &timbuf
) == 0 &&
440 (getuid() != 0 || chown(daemon
->timestamp_file
, uid
, -1) == 0))
445 die(_("Cannot create timestamp file %s: %s" ), daemon
->timestamp_file
, EC_BADCONF
);
449 /* Check whether today/now is between date_start and date_end */
450 static int check_date_range(unsigned long date_start
, unsigned long date_end
)
452 unsigned long curtime
= time(0);
454 /* Checking timestamps may be temporarily disabled */
456 /* If the current time if _before_ the timestamp
457 on our persistent timestamp file, then assume the
458 time if not yet correct, and don't check the
459 key timestamps. As soon as the current time is
460 later then the timestamp, update the timestamp
461 and start checking keys */
462 if (daemon
->timestamp_file
)
464 if (back_to_the_future
== 0 && difftime(timestamp_time
, curtime
) <= 0)
466 if (utime(daemon
->timestamp_file
, NULL
) != 0)
467 my_syslog(LOG_ERR
, _("failed to update mtime on %s: %s"), daemon
->timestamp_file
, strerror(errno
));
469 back_to_the_future
= 1;
470 set_option_bool(OPT_DNSSEC_TIME
);
471 queue_event(EVENT_RELOAD
); /* purge cache */
474 if (back_to_the_future
== 0)
477 else if (option_bool(OPT_DNSSEC_TIME
))
480 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
481 return serial_compare_32(curtime
, date_start
) == SERIAL_GT
482 && serial_compare_32(curtime
, date_end
) == SERIAL_LT
;
485 static u16
*get_desc(int type
)
487 /* List of RRtypes which include domains in the data.
489 integer -> no of plain bytes
492 zero is not a valid RRtype, so the final entry is returned for
493 anything which needs no mangling.
496 static u16 rr_desc
[] =
518 0, -1 /* wildcard/catchall */
523 while (*p
!= type
&& *p
!= 0)
524 while (*p
++ != (u16
)-1);
529 /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
530 data, pointed to by *p, should be used raw. */
531 static int get_rdata(struct dns_header
*header
, size_t plen
, unsigned char *end
, char *buff
, int bufflen
,
532 unsigned char **p
, u16
**desc
)
536 /* No more data needs mangling */
539 /* If there's more data than we have space for, just return what fits,
540 we'll get called again for more chunks */
541 if (end
- *p
> bufflen
)
543 memcpy(buff
, *p
, bufflen
);
553 if (d
== 0 && extract_name(header
, plen
, p
, buff
, 1, 0))
554 /* domain-name, canonicalise */
555 return to_wire(buff
);
558 /* plain data preceding a domain-name, don't run off the end of the data */
572 static int expand_workspace(unsigned char ***wkspc
, int *sz
, int new)
585 if (!(p
= whine_malloc((new_sz
) * sizeof(unsigned char **))))
590 memcpy(p
, *wkspc
, *sz
* sizeof(unsigned char **));
600 /* Bubble sort the RRset into the canonical order.
601 Note that the byte-streams from two RRs may get unsynced: consider
602 RRs which have two domain-names at the start and then other data.
603 The domain-names may have different lengths in each RR, but sort equal
611 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
614 static void sort_rrset(struct dns_header
*header
, size_t plen
, u16
*rr_desc
, int rrsetidx
,
615 unsigned char **rrset
, char *buff1
, char *buff2
)
621 for (swap
= 0, i
= 0; i
< rrsetidx
-1; i
++)
623 int rdlen1
, rdlen2
, left1
, left2
, len1
, len2
, len
, rc
;
625 unsigned char *end1
, *end2
;
626 /* Note that these have been determined to be OK previously,
627 so we don't need to check for NULL return here. */
628 unsigned char *p1
= skip_name(rrset
[i
], header
, plen
, 10);
629 unsigned char *p2
= skip_name(rrset
[i
+1], header
, plen
, 10);
631 p1
+= 8; /* skip class, type, ttl */
632 GETSHORT(rdlen1
, p1
);
635 p2
+= 8; /* skip class, type, ttl */
636 GETSHORT(rdlen2
, p2
);
641 for (quit
= 0, left1
= 0, left2
= 0, len1
= 0, len2
= 0; !quit
;)
644 memmove(buff1
, buff1
+ len1
- left1
, left1
);
646 if ((len1
= get_rdata(header
, plen
, end1
, buff1
+ left1
, MAXDNAME
- left1
, &p1
, &dp1
)) == 0)
650 memcpy(buff1
+ left1
, p1
, len1
);
655 memmove(buff2
, buff2
+ len2
- left2
, left2
);
657 if ((len2
= get_rdata(header
, plen
, end2
, buff2
+ left2
, MAXDNAME
- left2
, &p2
, &dp2
)) == 0)
661 memcpy(buff2
+ left2
, p2
, len2
);
666 left1
= len1
- len2
, left2
= 0, len
= len2
;
668 left2
= len2
- len1
, left1
= 0, len
= len1
;
670 rc
= (len
== 0) ? 0 : memcmp(buff1
, buff2
, len
);
672 if (rc
> 0 || (rc
== 0 && quit
&& len1
> len2
))
674 unsigned char *tmp
= rrset
[i
+1];
675 rrset
[i
+1] = rrset
[i
];
686 /* Validate a single RRset (class, type, name) in the supplied DNS reply
688 STAT_SECURE if it validates.
689 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
690 (In this case *wildcard_out points to the "body" of the wildcard within name.)
691 STAT_NO_SIG no RRsigs found.
692 STAT_INSECURE RRset empty.
693 STAT_BOGUS signature is wrong, bad packet.
694 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
696 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
697 otherwise find the key in the cache.
699 name is unchanged on exit. keyname is used as workspace and trashed.
701 static int validate_rrset(time_t now
, struct dns_header
*header
, size_t plen
, int class, int type
,
702 char *name
, char *keyname
, char **wildcard_out
, struct blockdata
*key
, int keylen
, int algo_in
, int keytag_in
)
704 static unsigned char **rrset
= NULL
, **sigs
= NULL
;
705 static int rrset_sz
= 0, sig_sz
= 0;
708 int rrsetidx
, sigidx
, res
, rdlen
, j
, name_labels
;
709 struct crec
*crecp
= NULL
;
710 int type_covered
, algo
, labels
, orig_ttl
, sig_expiration
, sig_inception
, key_tag
;
711 u16
*rr_desc
= get_desc(type
);
714 *wildcard_out
= NULL
;
716 if (!(p
= skip_questions(header
, plen
)))
719 name_labels
= count_labels(name
); /* For 4035 5.3.2 check */
721 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
722 for (rrsetidx
= 0, sigidx
= 0, j
= ntohs(header
->ancount
) + ntohs(header
->nscount
);
725 unsigned char *pstart
, *pdata
;
730 if (!(res
= extract_name(header
, plen
, &p
, name
, 0, 10)))
731 return STAT_BOGUS
; /* bad packet */
741 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
744 if (res
== 1 && sclass
== class)
748 if (!expand_workspace(&rrset
, &rrset_sz
, rrsetidx
))
751 rrset
[rrsetidx
++] = pstart
;
754 if (stype
== T_RRSIG
)
757 return STAT_BOGUS
; /* bad packet */
759 GETSHORT(type_covered
, p
);
761 if (type_covered
== type
)
763 if (!expand_workspace(&sigs
, &sig_sz
, sigidx
))
766 sigs
[sigidx
++] = pdata
;
769 p
= pdata
+ 2; /* restore for ADD_RDLEN */
773 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
779 return STAT_INSECURE
;
785 /* Sort RRset records into canonical order.
786 Note that at this point keyname and daemon->workspacename buffs are
787 unused, and used as workspace by the sort. */
788 sort_rrset(header
, plen
, rr_desc
, rrsetidx
, rrset
, daemon
->workspacename
, keyname
);
790 /* Now try all the sigs to try and find one which validates */
791 for (j
= 0; j
<sigidx
; j
++)
793 unsigned char *psav
, *sig
, *digest
;
794 int i
, wire_len
, sig_len
;
795 const struct nettle_hash
*hash
;
801 GETSHORT(rdlen
, p
); /* rdlen >= 18 checked previously */
804 p
+= 2; /* type_covered - already checked */
807 GETLONG(orig_ttl
, p
);
808 GETLONG(sig_expiration
, p
);
809 GETLONG(sig_inception
, p
);
810 GETSHORT(key_tag
, p
);
812 if (!extract_name(header
, plen
, &p
, keyname
, 1, 0))
815 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
816 the name of the zone containing the RRset. We can't tell that
817 for certain, but we can check that the RRset name is equal to
818 or encloses the signers name, which should be enough to stop
819 an attacker using signatures made with the key of an unrelated
820 zone he controls. Note that the root key is always allowed. */
825 for (name_start
= name
; !hostname_isequal(name_start
, keyname
); )
826 if ((name_start
= strchr(name_start
, '.')))
827 name_start
++; /* chop a label off and try again */
834 /* Bad sig, try another */
839 /* Other 5.3.1 checks */
840 if (!check_date_range(sig_inception
, sig_expiration
) ||
841 labels
> name_labels
||
842 !(hash
= hash_find(algo_digest_name(algo
))) ||
843 !hash_init(hash
, &ctx
, &digest
))
846 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
847 if (!key
&& !(crecp
= cache_find_by_name(NULL
, keyname
, now
, F_DNSKEY
)))
848 return STAT_NEED_KEY
;
851 sig_len
= rdlen
- (p
- psav
);
853 nsigttl
= htonl(orig_ttl
);
855 hash
->update(ctx
, 18, psav
);
856 wire_len
= to_wire(keyname
);
857 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char*)keyname
);
860 for (i
= 0; i
< rrsetidx
; ++i
)
863 unsigned char *end
, *cp
;
867 if (!extract_name(header
, plen
, &p
, name
, 1, 10))
872 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
873 if (labels
< name_labels
)
876 for (k
= name_labels
- labels
; k
!= 0; k
--)
878 while (*name_start
!= '.' && *name_start
!= 0)
880 if (k
!= 1 && *name_start
== '.')
885 *wildcard_out
= name_start
+1;
891 wire_len
= to_wire(name_start
);
892 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char *)name_start
);
893 hash
->update(ctx
, 4, p
); /* class and type */
894 hash
->update(ctx
, 4, (unsigned char *)&nsigttl
);
896 p
+= 8; /* skip class, type, ttl */
898 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
903 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
906 for (len
= 0; (seg
= get_rdata(header
, plen
, end
, name
, MAXDNAME
, &cp
, &dp
)) != 0; len
+= seg
);
909 hash
->update(ctx
, 2, (unsigned char *)&len
);
911 /* Now canonicalise again and digest. */
914 while ((seg
= get_rdata(header
, plen
, end
, name
, MAXDNAME
, &cp
, &dp
)))
915 hash
->update(ctx
, seg
, (unsigned char *)name
);
917 hash
->update(ctx
, end
- cp
, cp
);
920 hash
->digest(ctx
, hash
->digest_size
, digest
);
922 /* namebuff used for workspace above, restore to leave unchanged on exit */
923 p
= (unsigned char*)(rrset
[0]);
924 extract_name(header
, plen
, &p
, name
, 1, 0);
928 if (algo_in
== algo
&& keytag_in
== key_tag
&&
929 verify(key
, keylen
, sig
, sig_len
, digest
, hash
->digest_size
, algo
))
934 /* iterate through all possible keys 4035 5.3.1 */
935 for (; crecp
; crecp
= cache_find_by_name(crecp
, keyname
, now
, F_DNSKEY
))
936 if (crecp
->addr
.key
.algo
== algo
&&
937 crecp
->addr
.key
.keytag
== key_tag
&&
938 crecp
->uid
== (unsigned int)class &&
939 verify(crecp
->addr
.key
.keydata
, crecp
->addr
.key
.keylen
, sig
, sig_len
, digest
, hash
->digest_size
, algo
))
940 return (labels
< name_labels
) ? STAT_SECURE_WILDCARD
: STAT_SECURE
;
947 /* The DNS packet is expected to contain the answer to a DNSKEY query.
948 Put all DNSKEYs in the answer which are valid into the cache.
950 STAT_SECURE At least one valid DNSKEY found and in cache.
951 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
952 or self-sign for DNSKEY RRset is not valid, bad packet.
953 STAT_NEED_DS DS records to validate a key not found, name in keyname
955 int dnssec_validate_by_ds(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
, int class)
957 unsigned char *psave
, *p
= (unsigned char *)(header
+1);
958 struct crec
*crecp
, *recp1
;
959 int rc
, j
, qtype
, qclass
, ttl
, rdlen
, flags
, algo
, valid
, keytag
, type_covered
;
960 struct blockdata
*key
;
963 if (ntohs(header
->qdcount
) != 1 ||
964 !extract_name(header
, plen
, &p
, name
, 1, 4))
970 if (qtype
!= T_DNSKEY
|| qclass
!= class || ntohs(header
->ancount
) == 0)
973 /* See if we have cached a DS record which validates this key */
974 if (!(crecp
= cache_find_by_name(NULL
, name
, now
, F_DS
)))
976 strcpy(keyname
, name
);
980 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
981 if (crecp
->flags
& F_NEG
)
982 return STAT_INSECURE
;
984 /* NOTE, we need to find ONE DNSKEY which matches the DS */
985 for (valid
= 0, j
= ntohs(header
->ancount
); j
!= 0 && !valid
; j
--)
987 /* Ensure we have type, class TTL and length */
988 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
989 return STAT_BOGUS
; /* bad packet */
996 if (!CHECK_LEN(header
, p
, plen
, rdlen
) || rdlen
< 4)
997 return STAT_BOGUS
; /* bad packet */
999 if (qclass
!= class || qtype
!= T_DNSKEY
|| rc
== 2)
1011 keytag
= dnskey_keytag(algo
, flags
, p
, rdlen
- 4);
1014 /* key must have zone key flag set */
1016 key
= blockdata_alloc((char*)p
, rdlen
- 4);
1020 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1023 blockdata_free(key
);
1024 return STAT_BOGUS
; /* bad packet */
1027 /* No zone key flag or malloc failure */
1031 for (recp1
= crecp
; recp1
; recp1
= cache_find_by_name(recp1
, name
, now
, F_DS
))
1034 unsigned char *digest
, *ds_digest
;
1035 const struct nettle_hash
*hash
;
1037 if (recp1
->addr
.ds
.algo
== algo
&&
1038 recp1
->addr
.ds
.keytag
== keytag
&&
1039 recp1
->uid
== (unsigned int)class &&
1040 (hash
= hash_find(ds_digest_name(recp1
->addr
.ds
.digest
))) &&
1041 hash_init(hash
, &ctx
, &digest
))
1044 int wire_len
= to_wire(name
);
1046 /* Note that digest may be different between DSs, so
1047 we can't move this outside the loop. */
1048 hash
->update(ctx
, (unsigned int)wire_len
, (unsigned char *)name
);
1049 hash
->update(ctx
, (unsigned int)rdlen
, psave
);
1050 hash
->digest(ctx
, hash
->digest_size
, digest
);
1054 if (recp1
->addr
.ds
.keylen
== (int)hash
->digest_size
&&
1055 (ds_digest
= blockdata_retrieve(recp1
->addr
.key
.keydata
, recp1
->addr
.ds
.keylen
, NULL
)) &&
1056 memcmp(ds_digest
, digest
, recp1
->addr
.ds
.keylen
) == 0 &&
1057 validate_rrset(now
, header
, plen
, class, T_DNSKEY
, name
, keyname
, NULL
, key
, rdlen
- 4, algo
, keytag
) == STAT_SECURE
)
1064 blockdata_free(key
);
1069 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
1070 cache_start_insert();
1072 p
= skip_questions(header
, plen
);
1074 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
1076 /* Ensure we have type, class TTL and length */
1077 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
1078 return STAT_INSECURE
; /* bad packet */
1081 GETSHORT(qclass
, p
);
1085 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1086 return STAT_BOGUS
; /* bad packet */
1088 if (qclass
== class && rc
== 1)
1092 if (qtype
== T_DNSKEY
)
1095 return STAT_BOGUS
; /* bad packet */
1101 keytag
= dnskey_keytag(algo
, flags
, p
, rdlen
- 4);
1103 /* Cache needs to known class for DNSSEC stuff */
1104 a
.addr
.dnssec
.class = class;
1106 if ((key
= blockdata_alloc((char*)p
, rdlen
- 4)))
1108 if (!(recp1
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DNSSECOK
)))
1109 blockdata_free(key
);
1112 a
.addr
.keytag
= keytag
;
1113 log_query(F_NOEXTRA
| F_KEYTAG
| F_UPSTREAM
, name
, &a
, "DNSKEY keytag %u");
1115 recp1
->addr
.key
.keylen
= rdlen
- 4;
1116 recp1
->addr
.key
.keydata
= key
;
1117 recp1
->addr
.key
.algo
= algo
;
1118 recp1
->addr
.key
.keytag
= keytag
;
1119 recp1
->addr
.key
.flags
= flags
;
1123 else if (qtype
== T_RRSIG
)
1125 /* RRSIG, cache if covers DNSKEY RRset */
1127 return STAT_BOGUS
; /* bad packet */
1129 GETSHORT(type_covered
, p
);
1131 if (type_covered
== T_DNSKEY
)
1133 a
.addr
.dnssec
.class = class;
1134 a
.addr
.dnssec
.type
= type_covered
;
1137 p
+= 13; /* labels, orig_ttl, expiration, inception */
1138 GETSHORT(keytag
, p
);
1139 if ((key
= blockdata_alloc((char*)psave
, rdlen
)))
1141 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DS
)))
1142 blockdata_free(key
);
1145 crecp
->addr
.sig
.keydata
= key
;
1146 crecp
->addr
.sig
.keylen
= rdlen
;
1147 crecp
->addr
.sig
.keytag
= keytag
;
1148 crecp
->addr
.sig
.type_covered
= type_covered
;
1149 crecp
->addr
.sig
.algo
= algo
;
1158 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1159 return STAT_BOGUS
; /* bad packet */
1162 /* commit cache insert. */
1167 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, "BOGUS DNSKEY");
1171 /* The DNS packet is expected to contain the answer to a DS query
1172 Put all DSs in the answer which are valid into the cache.
1174 STAT_SECURE At least one valid DS found and in cache.
1175 STAT_NO_DS It's proved there's no DS here.
1176 STAT_NO_NS It's proved there's no DS _or_ NS here.
1177 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
1178 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1181 int dnssec_validate_ds(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
, int class)
1183 unsigned char *p
= (unsigned char *)(header
+1);
1184 int qtype
, qclass
, val
, i
, neganswer
, nons
;
1186 if (ntohs(header
->qdcount
) != 1 ||
1187 !(p
= skip_name(p
, header
, plen
, 4)))
1191 GETSHORT(qclass
, p
);
1193 if (qtype
!= T_DS
|| qclass
!= class)
1196 val
= dnssec_validate_reply(now
, header
, plen
, name
, keyname
, NULL
, &neganswer
, &nons
);
1197 /* Note dnssec_validate_reply() will have cached positive answers */
1199 if (val
== STAT_NO_SIG
|| val
== STAT_INSECURE
)
1202 p
= (unsigned char *)(header
+1);
1203 extract_name(header
, plen
, &p
, name
, 1, 4);
1204 p
+= 4; /* qtype, qclass */
1206 if (!(p
= skip_section(p
, ntohs(header
->ancount
), header
, plen
)))
1209 if (val
== STAT_BOGUS
)
1211 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, "BOGUS DS");
1215 /* By here, the answer is proved secure, and a positive answer has been cached. */
1216 if (val
== STAT_SECURE
&& neganswer
)
1218 int rdlen
, flags
= F_FORWARD
| F_DS
| F_NEG
| F_DNSSECOK
;
1219 unsigned long ttl
, minttl
= ULONG_MAX
;
1222 if (RCODE(header
) == NXDOMAIN
)
1223 flags
|= F_NXDOMAIN
;
1225 /* We only cache validated DS records, DNSSECOK flag hijacked
1226 to store presence/absence of NS. */
1228 flags
&= ~F_DNSSECOK
;
1230 for (i
= ntohs(header
->nscount
); i
!= 0; i
--)
1232 if (!(p
= skip_name(p
, header
, plen
, 0)))
1236 GETSHORT(qclass
, p
);
1240 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1241 return STAT_BOGUS
; /* bad packet */
1243 if (qclass
!= class || qtype
!= T_SOA
)
1253 if (!(p
= skip_name(p
, header
, plen
, 0)))
1256 if (!(p
= skip_name(p
, header
, plen
, 20)))
1258 p
+= 16; /* SERIAL REFRESH RETRY EXPIRE */
1260 GETLONG(ttl
, p
); /* minTTL */
1269 cache_start_insert();
1271 a
.addr
.dnssec
.class = class;
1272 cache_insert(name
, &a
, now
, ttl
, flags
);
1276 log_query(F_NOEXTRA
| F_UPSTREAM
, name
, NULL
, nons
? "no delegation" : "no DS");
1279 return nons
? STAT_NO_NS
: STAT_NO_DS
;
1286 static int hostname_cmp(const char *a
, const char *b
)
1288 char *sa
, *ea
, *ca
, *sb
, *eb
, *cb
;
1289 unsigned char ac
, bc
;
1291 sa
= ea
= (char *)a
+ strlen(a
);
1292 sb
= eb
= (char *)b
+ strlen(b
);
1296 while (sa
!= a
&& *(sa
-1) != '.')
1299 while (sb
!= b
&& *(sb
-1) != '.')
1318 ac
= (unsigned char) *ca
++;
1319 bc
= (unsigned char) *cb
++;
1321 if (ac
>= 'A' && ac
<= 'Z')
1323 if (bc
>= 'A' && bc
<= 'Z')
1349 /* Find all the NSEC or NSEC3 records in a reply.
1350 return an array of pointers to them. */
1351 static int find_nsec_records(struct dns_header
*header
, size_t plen
, unsigned char ***nsecsetp
, int *nsecsetl
, int class_reqd
)
1353 static unsigned char **nsecset
= NULL
;
1354 static int nsecset_sz
= 0;
1357 unsigned char *p
= skip_questions(header
, plen
);
1358 int type
, class, rdlen
, i
, nsecs_found
;
1360 /* Move to NS section */
1361 if (!p
|| !(p
= skip_section(p
, ntohs(header
->ancount
), header
, plen
)))
1364 for (nsecs_found
= 0, i
= ntohs(header
->nscount
); i
!= 0; i
--)
1366 unsigned char *pstart
= p
;
1368 if (!(p
= skip_name(p
, header
, plen
, 10)))
1376 if (class == class_reqd
&& (type
== T_NSEC
|| type
== T_NSEC3
))
1378 /* No mixed NSECing 'round here, thankyouverymuch */
1379 if (type_found
== T_NSEC
&& type
== T_NSEC3
)
1381 if (type_found
== T_NSEC3
&& type
== T_NSEC
)
1386 if (!expand_workspace(&nsecset
, &nsecset_sz
, nsecs_found
))
1389 nsecset
[nsecs_found
++] = pstart
;
1392 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
1396 *nsecsetp
= nsecset
;
1397 *nsecsetl
= nsecs_found
;
1402 static int prove_non_existence_nsec(struct dns_header
*header
, size_t plen
, unsigned char **nsecs
, int nsec_count
,
1403 char *workspace1
, char *workspace2
, char *name
, int type
, int *nons
)
1406 unsigned char *p
, *psave
;
1407 int offset
= (type
& 0xff) >> 3;
1408 int mask
= 0x80 >> (type
& 0x07);
1413 /* Find NSEC record that proves name doesn't exist */
1414 for (i
= 0; i
< nsec_count
; i
++)
1417 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 10))
1419 p
+= 8; /* class, type, TTL */
1422 if (!extract_name(header
, plen
, &p
, workspace2
, 1, 10))
1425 rc
= hostname_cmp(workspace1
, name
);
1429 /* 4035 para 5.4. Last sentence */
1430 if (type
== T_NSEC
|| type
== T_RRSIG
)
1433 /* NSEC with the same name as the RR we're testing, check
1434 that the type in question doesn't appear in the type map */
1436 /* rdlen is now length of type map, and p points to it */
1438 /* If we can prove that there's no NS record, return that information. */
1439 if (nons
&& rdlen
>= 2 && p
[0] == 0 && (p
[2] & (0x80 >> T_NS
)) == 0)
1444 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1447 if (p
[0] == type
>> 8)
1449 /* Does the NSEC say our type exists? */
1450 if (offset
< p
[1] && (p
[offset
+2] & mask
) != 0)
1453 break; /* finshed checking */
1464 /* Normal case, name falls between NSEC name and next domain name,
1465 wrap around case, name falls between NSEC name (rc == -1) and end */
1466 if (hostname_cmp(workspace2
, name
) == 1 || hostname_cmp(workspace1
, workspace2
) == 1)
1471 /* wrap around case, name falls between start and next domain name */
1472 if (hostname_cmp(workspace1
, workspace2
) == 1 && hostname_cmp(workspace2
, name
) == 1)
1480 /* return digest length, or zero on error */
1481 static int hash_name(char *in
, unsigned char **out
, struct nettle_hash
const *hash
,
1482 unsigned char *salt
, int salt_len
, int iterations
)
1485 unsigned char *digest
;
1488 if (!hash_init(hash
, &ctx
, &digest
))
1491 hash
->update(ctx
, to_wire(in
), (unsigned char *)in
);
1492 hash
->update(ctx
, salt_len
, salt
);
1493 hash
->digest(ctx
, hash
->digest_size
, digest
);
1495 for(i
= 0; i
< iterations
; i
++)
1497 hash
->update(ctx
, hash
->digest_size
, digest
);
1498 hash
->update(ctx
, salt_len
, salt
);
1499 hash
->digest(ctx
, hash
->digest_size
, digest
);
1505 return hash
->digest_size
;
1508 /* Decode base32 to first "." or end of string */
1509 static int base32_decode(char *in
, unsigned char *out
)
1511 int oc
, on
, c
, mask
, i
;
1512 unsigned char *p
= out
;
1514 for (c
= *in
, oc
= 0, on
= 0; c
!= 0 && c
!= '.'; c
= *++in
)
1516 if (c
>= '0' && c
<= '9')
1518 else if (c
>= 'a' && c
<= 'v')
1520 else if (c
>= 'A' && c
<= 'V')
1525 for (mask
= 0x10, i
= 0; i
< 5; i
++)
1530 if (((++on
) & 7) == 0)
1542 static int check_nsec3_coverage(struct dns_header
*header
, size_t plen
, int digest_len
, unsigned char *digest
, int type
,
1543 char *workspace1
, char *workspace2
, unsigned char **nsecs
, int nsec_count
, int *nons
)
1545 int i
, hash_len
, salt_len
, base32_len
, rdlen
;
1546 unsigned char *p
, *psave
;
1548 for (i
= 0; i
< nsec_count
; i
++)
1551 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 0) ||
1552 !(base32_len
= base32_decode(workspace1
, (unsigned char *)workspace2
)))
1555 p
+= 8; /* class, type, TTL */
1558 p
+= 4; /* algo, flags, iterations */
1559 salt_len
= *p
++; /* salt_len */
1560 p
+= salt_len
; /* salt */
1561 hash_len
= *p
++; /* p now points to next hashed name */
1563 if (!CHECK_LEN(header
, p
, plen
, hash_len
))
1566 if (digest_len
== base32_len
&& hash_len
== base32_len
)
1568 int rc
= memcmp(workspace2
, digest
, digest_len
);
1572 /* We found an NSEC3 whose hashed name exactly matches the query, so
1573 we just need to check the type map. p points to the RR data for the record. */
1575 int offset
= (type
& 0xff) >> 3;
1576 int mask
= 0x80 >> (type
& 0x07);
1578 p
+= hash_len
; /* skip next-domain hash */
1581 if (!CHECK_LEN(header
, p
, plen
, rdlen
))
1584 /* If we can prove that there's no NS record, return that information. */
1585 if (nons
&& rdlen
>= 2 && p
[0] == 0 && (p
[2] & (0x80 >> T_NS
)) == 0)
1590 if (p
[0] == type
>> 8)
1592 /* Does the NSEC3 say our type exists? */
1593 if (offset
< p
[1] && (p
[offset
+2] & mask
) != 0)
1596 break; /* finshed checking */
1607 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1608 wrap around case, name-hash falls between NSEC3 name-hash and end */
1609 if (memcmp(p
, digest
, digest_len
) > 0 || memcmp(workspace2
, p
, digest_len
) > 0)
1614 /* wrap around case, name falls between start and next domain name */
1615 if (memcmp(workspace2
, p
, digest_len
) > 0 && memcmp(p
, digest
, digest_len
) > 0)
1623 static int prove_non_existence_nsec3(struct dns_header
*header
, size_t plen
, unsigned char **nsecs
, int nsec_count
,
1624 char *workspace1
, char *workspace2
, char *name
, int type
, char *wildname
, int *nons
)
1626 unsigned char *salt
, *p
, *digest
;
1627 int digest_len
, i
, iterations
, salt_len
, base32_len
, algo
= 0;
1628 struct nettle_hash
const *hash
;
1629 char *closest_encloser
, *next_closest
, *wildcard
;
1634 /* Look though the NSEC3 records to find the first one with
1635 an algorithm we support (currently only algo == 1).
1637 Take the algo, iterations, and salt of that record
1638 as the ones we're going to use, and prune any
1639 that don't match. */
1641 for (i
= 0; i
< nsec_count
; i
++)
1643 if (!(p
= skip_name(nsecs
[i
], header
, plen
, 15)))
1644 return STAT_BOGUS
; /* bad packet */
1646 p
+= 10; /* type, class, TTL, rdlen */
1650 break; /* known algo */
1653 /* No usable NSEC3s */
1654 if (i
== nsec_count
)
1658 GETSHORT (iterations
, p
);
1661 if (!CHECK_LEN(header
, salt
, plen
, salt_len
))
1662 return STAT_BOGUS
; /* bad packet */
1664 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1665 for (i
= 0; i
< nsec_count
; i
++)
1667 unsigned char *nsec3p
= nsecs
[i
];
1670 nsecs
[i
] = NULL
; /* Speculative, will be restored if OK. */
1672 if (!(p
= skip_name(nsec3p
, header
, plen
, 15)))
1673 return STAT_BOGUS
; /* bad packet */
1675 p
+= 10; /* type, class, TTL, rdlen */
1682 GETSHORT(this_iter
, p
);
1683 if (this_iter
!= iterations
)
1686 if (salt_len
!= *p
++)
1689 if (!CHECK_LEN(header
, p
, plen
, salt_len
))
1690 return STAT_BOGUS
; /* bad packet */
1692 if (memcmp(p
, salt
, salt_len
) != 0)
1695 /* All match, put the pointer back */
1699 /* Algo is checked as 1 above */
1700 if (!(hash
= hash_find("sha1")))
1703 if ((digest_len
= hash_name(name
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1706 if (check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, nons
))
1709 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1710 or an answer inferred from a wildcard record. */
1711 closest_encloser
= name
;
1712 next_closest
= NULL
;
1716 if (*closest_encloser
== '.')
1719 if (wildname
&& hostname_isequal(closest_encloser
, wildname
))
1722 if ((digest_len
= hash_name(closest_encloser
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1725 for (i
= 0; i
< nsec_count
; i
++)
1728 if (!extract_name(header
, plen
, &p
, workspace1
, 1, 0) ||
1729 !(base32_len
= base32_decode(workspace1
, (unsigned char *)workspace2
)))
1732 if (digest_len
== base32_len
&&
1733 memcmp(digest
, workspace2
, digest_len
) == 0)
1737 if (i
!= nsec_count
)
1740 next_closest
= closest_encloser
;
1742 while ((closest_encloser
= strchr(closest_encloser
, '.')));
1744 if (!closest_encloser
)
1747 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1748 if ((digest_len
= hash_name(next_closest
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1751 if (!check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, NULL
))
1754 /* Finally, check that there's no seat of wildcard synthesis */
1757 if (!(wildcard
= strchr(next_closest
, '.')) || wildcard
== next_closest
)
1763 if ((digest_len
= hash_name(wildcard
, &digest
, hash
, salt
, salt_len
, iterations
)) == 0)
1766 if (!check_nsec3_coverage(header
, plen
, digest_len
, digest
, type
, workspace1
, workspace2
, nsecs
, nsec_count
, NULL
))
1773 /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1774 /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1775 int dnssec_validate_reply(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
,
1776 int *class, int *neganswer
, int *nons
)
1778 unsigned char *ans_start
, *qname
, *p1
, *p2
, **nsecs
;
1779 int type1
, class1
, rdlen1
, type2
, class2
, rdlen2
, qclass
, qtype
;
1780 int i
, j
, rc
, nsec_count
, cname_count
= CNAME_CHAIN
;
1781 int nsec_type
= 0, have_answer
= 0;
1786 if (RCODE(header
) == SERVFAIL
|| ntohs(header
->qdcount
) != 1)
1789 if (RCODE(header
) != NXDOMAIN
&& RCODE(header
) != NOERROR
)
1790 return STAT_INSECURE
;
1792 qname
= p1
= (unsigned char *)(header
+1);
1794 if (!extract_name(header
, plen
, &p1
, name
, 1, 4))
1797 GETSHORT(qtype
, p1
);
1798 GETSHORT(qclass
, p1
);
1804 /* Can't validate an RRISG query */
1805 if (qtype
== T_RRSIG
)
1806 return STAT_INSECURE
;
1809 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
1811 /* leave pointer to missing name in qname */
1813 if (!(rc
= extract_name(header
, plen
, &p1
, name
, 0, 10)))
1814 return STAT_BOGUS
; /* bad packet */
1816 GETSHORT(type2
, p1
);
1817 GETSHORT(class2
, p1
);
1819 GETSHORT(rdlen2
, p1
);
1821 if (rc
== 1 && qclass
== class2
)
1823 /* Do we have an answer for the question? */
1829 else if (type2
== T_CNAME
)
1834 if (!cname_count
-- || !extract_name(header
, plen
, &p1
, name
, 1, 0))
1842 if (!ADD_RDLEN(header
, p1
, plen
, rdlen2
))
1846 if (neganswer
&& !have_answer
)
1849 /* No data, therefore no sigs */
1850 if (ntohs(header
->ancount
) + ntohs(header
->nscount
) == 0)
1853 for (p1
= ans_start
, i
= 0; i
< ntohs(header
->ancount
) + ntohs(header
->nscount
); i
++)
1855 if (!extract_name(header
, plen
, &p1
, name
, 1, 10))
1856 return STAT_BOGUS
; /* bad packet */
1858 GETSHORT(type1
, p1
);
1859 GETSHORT(class1
, p1
);
1861 GETSHORT(rdlen1
, p1
);
1863 /* Don't try and validate RRSIGs! */
1864 if (type1
!= T_RRSIG
)
1866 /* Check if we've done this RRset already */
1867 for (p2
= ans_start
, j
= 0; j
< i
; j
++)
1869 if (!(rc
= extract_name(header
, plen
, &p2
, name
, 0, 10)))
1870 return STAT_BOGUS
; /* bad packet */
1872 GETSHORT(type2
, p2
);
1873 GETSHORT(class2
, p2
);
1875 GETSHORT(rdlen2
, p2
);
1877 if (type2
== type1
&& class2
== class1
&& rc
== 1)
1878 break; /* Done it before: name, type, class all match. */
1880 if (!ADD_RDLEN(header
, p2
, plen
, rdlen2
))
1884 /* Not done, validate now */
1887 int ttl
, keytag
, algo
, digest
, type_covered
;
1888 unsigned char *psave
;
1890 struct blockdata
*key
;
1893 int have_wildcard
= 0;
1895 rc
= validate_rrset(now
, header
, plen
, class1
, type1
, name
, keyname
, &wildname
, NULL
, 0, 0, 0);
1897 if (rc
== STAT_SECURE_WILDCARD
)
1901 /* An attacker replay a wildcard answer with a different
1902 answer and overlay a genuine RR. To prove this
1903 hasn't happened, the answer must prove that
1904 the gennuine record doesn't exist. Check that here. */
1905 if (!nsec_type
&& !(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, class1
)))
1906 return STAT_BOGUS
; /* No NSECs or bad packet */
1908 if (nsec_type
== T_NSEC
)
1909 rc
= prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, type1
, NULL
);
1911 rc
= prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
,
1912 keyname
, name
, type1
, wildname
, NULL
);
1914 if (rc
!= STAT_SECURE
)
1917 else if (rc
!= STAT_SECURE
)
1920 *class = class1
; /* Class for DS or DNSKEY */
1924 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1925 cache_start_insert();
1927 for (p2
= ans_start
, j
= 0; j
< ntohs(header
->ancount
); j
++)
1929 if (!(rc
= extract_name(header
, plen
, &p2
, name
, 0, 10)))
1930 return STAT_BOGUS
; /* bad packet */
1932 GETSHORT(type2
, p2
);
1933 GETSHORT(class2
, p2
);
1935 GETSHORT(rdlen2
, p2
);
1937 if (!CHECK_LEN(header
, p2
, plen
, rdlen2
))
1938 return STAT_BOGUS
; /* bad packet */
1940 if (class2
== class1
&& rc
== 1)
1944 if (type1
== T_DS
&& type2
== T_DS
)
1947 return STAT_BOGUS
; /* bad packet */
1949 GETSHORT(keytag
, p2
);
1953 /* Cache needs to known class for DNSSEC stuff */
1954 a
.addr
.dnssec
.class = class2
;
1956 if ((key
= blockdata_alloc((char*)p2
, rdlen2
- 4)))
1958 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DS
| F_DNSSECOK
)))
1959 blockdata_free(key
);
1962 a
.addr
.keytag
= keytag
;
1963 log_query(F_NOEXTRA
| F_KEYTAG
| F_UPSTREAM
, name
, &a
, "DS keytag %u");
1964 crecp
->addr
.ds
.digest
= digest
;
1965 crecp
->addr
.ds
.keydata
= key
;
1966 crecp
->addr
.ds
.algo
= algo
;
1967 crecp
->addr
.ds
.keytag
= keytag
;
1968 crecp
->addr
.ds
.keylen
= rdlen2
- 4;
1972 else if (type2
== T_RRSIG
)
1975 return STAT_BOGUS
; /* bad packet */
1977 GETSHORT(type_covered
, p2
);
1979 if (type_covered
== type1
&&
1980 (type_covered
== T_A
|| type_covered
== T_AAAA
||
1981 type_covered
== T_CNAME
|| type_covered
== T_DS
||
1982 type_covered
== T_DNSKEY
|| type_covered
== T_PTR
))
1984 a
.addr
.dnssec
.type
= type_covered
;
1985 a
.addr
.dnssec
.class = class1
;
1988 p2
+= 13; /* labels, orig_ttl, expiration, inception */
1989 GETSHORT(keytag
, p2
);
1991 /* We don't cache sigs for wildcard answers, because to reproduce the
1992 answer from the cache will require one or more NSEC/NSEC3 records
1993 which we don't cache. The lack of the RRSIG ensures that a query for
1994 this RRset asking for a secure answer will always be forwarded. */
1995 if (!have_wildcard
&& (key
= blockdata_alloc((char*)psave
, rdlen2
)))
1997 if (!(crecp
= cache_insert(name
, &a
, now
, ttl
, F_FORWARD
| F_DNSKEY
| F_DS
)))
1998 blockdata_free(key
);
2001 crecp
->addr
.sig
.keydata
= key
;
2002 crecp
->addr
.sig
.keylen
= rdlen2
;
2003 crecp
->addr
.sig
.keytag
= keytag
;
2004 crecp
->addr
.sig
.type_covered
= type_covered
;
2005 crecp
->addr
.sig
.algo
= algo
;
2014 if (!ADD_RDLEN(header
, p2
, plen
, rdlen2
))
2015 return STAT_BOGUS
; /* bad packet */
2022 if (!ADD_RDLEN(header
, p1
, plen
, rdlen1
))
2026 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
2030 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
2031 /* First marshall the NSEC records, if we've not done it previously */
2032 if (!nsec_type
&& !(nsec_type
= find_nsec_records(header
, plen
, &nsecs
, &nsec_count
, qclass
)))
2033 return STAT_BOGUS
; /* No NSECs */
2035 /* Get name of missing answer */
2036 if (!extract_name(header
, plen
, &qname
, name
, 1, 0))
2039 if (nsec_type
== T_NSEC
)
2040 return prove_non_existence_nsec(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, qtype
, nons
);
2042 return prove_non_existence_nsec3(header
, plen
, nsecs
, nsec_count
, daemon
->workspacename
, keyname
, name
, qtype
, NULL
, nons
);
2045 /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2046 Needed for proving answer in unsigned space.
2049 STAT_INSECURE - name of first non-secure record in name
2051 int dnssec_chase_cname(time_t now
, struct dns_header
*header
, size_t plen
, char *name
, char *keyname
)
2053 unsigned char *p
= (unsigned char *)(header
+1);
2054 int type
, class, qclass
, rdlen
, j
, rc
;
2055 int cname_count
= CNAME_CHAIN
;
2058 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
2062 GETSHORT(qclass
, p
);
2066 for (j
= ntohs(header
->ancount
); j
!= 0; j
--)
2068 if (!(rc
= extract_name(header
, plen
, &p
, name
, 0, 10)))
2069 return STAT_BOGUS
; /* bad packet */
2076 /* Not target, loop */
2077 if (rc
== 2 || qclass
!= class)
2079 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2084 /* Got to end of CNAME chain. */
2085 if (type
!= T_CNAME
)
2086 return STAT_INSECURE
;
2088 /* validate CNAME chain, return if insecure or need more data */
2089 rc
= validate_rrset(now
, header
, plen
, class, type
, name
, keyname
, NULL
, NULL
, 0, 0, 0);
2090 if (rc
!= STAT_SECURE
)
2092 if (rc
== STAT_NO_SIG
)
2097 /* Loop down CNAME chain/ */
2098 if (!cname_count
-- ||
2099 !extract_name(header
, plen
, &p
, name
, 1, 0) ||
2100 !(p
= skip_questions(header
, plen
)))
2106 /* End of CNAME chain */
2107 return STAT_INSECURE
;
2112 /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2113 int dnskey_keytag(int alg
, int flags
, unsigned char *key
, int keylen
)
2117 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2118 See RFC4034, Appendix B.1 */
2119 return key
[keylen
-4] * 256 + key
[keylen
-3];
2123 unsigned long ac
= flags
+ 0x300 + alg
;
2126 for (i
= 0; i
< keylen
; ++i
)
2127 ac
+= (i
& 1) ? key
[i
] : key
[i
] << 8;
2129 ac
+= (ac
>> 16) & 0xffff;
2134 size_t dnssec_generate_query(struct dns_header
*header
, char *end
, char *name
, int class, int type
, union mysockaddr
*addr
)
2137 char *types
= querystr("dnssec-query", type
);
2139 if (addr
->sa
.sa_family
== AF_INET
)
2140 log_query(F_NOEXTRA
| F_DNSSEC
| F_IPV4
, name
, (struct all_addr
*)&addr
->in
.sin_addr
, types
);
2143 log_query(F_NOEXTRA
| F_DNSSEC
| F_IPV6
, name
, (struct all_addr
*)&addr
->in6
.sin6_addr
, types
);
2146 header
->qdcount
= htons(1);
2147 header
->ancount
= htons(0);
2148 header
->nscount
= htons(0);
2149 header
->arcount
= htons(0);
2151 header
->hb3
= HB3_RD
;
2152 SET_OPCODE(header
, QUERY
);
2153 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2154 this allows it to select auth servers when one is returning bad data. */
2155 header
->hb4
= option_bool(OPT_DNSSEC_DEBUG
) ? HB4_CD
: 0;
2157 /* ID filled in later */
2159 p
= (unsigned char *)(header
+1);
2161 p
= do_rfc1035_name(p
, name
);
2166 return add_do_bit(header
, p
- (unsigned char *)header
, end
);
2169 /* Go through a domain name, find "pointers" and fix them up based on how many bytes
2170 we've chopped out of the packet, or check they don't point into an elided part. */
2171 static int check_name(unsigned char **namep
, struct dns_header
*header
, size_t plen
, int fixup
, unsigned char **rrs
, int rr_count
)
2173 unsigned char *ansp
= *namep
;
2177 unsigned int label_type
;
2179 if (!CHECK_LEN(header
, ansp
, plen
, 1))
2182 label_type
= (*ansp
) & 0xc0;
2184 if (label_type
== 0xc0)
2186 /* pointer for compression. */
2187 unsigned int offset
;
2191 if (!CHECK_LEN(header
, ansp
, plen
, 2))
2194 offset
= ((*ansp
++) & 0x3f) << 8;
2197 p
= offset
+ (unsigned char *)header
;
2199 for (i
= 0; i
< rr_count
; i
++)
2204 offset
-= rrs
[i
] - rrs
[i
-1];
2206 /* does the pointer end up in an elided RR? */
2210 /* No, scale the pointer */
2214 *ansp
++ = (offset
>> 8) | 0xc0;
2215 *ansp
++ = offset
& 0xff;
2219 else if (label_type
== 0x80)
2220 return 0; /* reserved */
2221 else if (label_type
== 0x40)
2223 /* Extended label type */
2226 if (!CHECK_LEN(header
, ansp
, plen
, 2))
2229 if (((*ansp
++) & 0x3f) != 1)
2230 return 0; /* we only understand bitstrings */
2232 count
= *(ansp
++); /* Bits in bitstring */
2234 if (count
== 0) /* count == 0 means 256 bits */
2237 ansp
+= ((count
-1)>>3)+1;
2240 { /* label type == 0 Bottom six bits is length */
2241 unsigned int len
= (*ansp
++) & 0x3f;
2243 if (!ADD_RDLEN(header
, ansp
, plen
, len
))
2247 break; /* zero length label marks the end. */
2256 /* Go through RRs and check or fixup the domain names contained within */
2257 static int check_rrs(unsigned char *p
, struct dns_header
*header
, size_t plen
, int fixup
, unsigned char **rrs
, int rr_count
)
2259 int i
, type
, class, rdlen
;
2262 for (i
= 0; i
< ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
); i
++)
2266 if (!(p
= skip_name(p
, header
, plen
, 10)))
2274 if (type
!= T_NSEC
&& type
!= T_NSEC3
&& type
!= T_RRSIG
)
2276 /* fixup name of RR */
2277 if (!check_name(&pp
, header
, plen
, fixup
, rrs
, rr_count
))
2284 for (pp
= p
, d
= get_desc(type
); *d
!= (u16
)-1; d
++)
2288 else if (!check_name(&pp
, header
, plen
, fixup
, rrs
, rr_count
))
2294 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2302 size_t filter_rrsigs(struct dns_header
*header
, size_t plen
)
2304 static unsigned char **rrs
;
2305 static int rr_sz
= 0;
2307 unsigned char *p
= (unsigned char *)(header
+1);
2308 int i
, rdlen
, qtype
, qclass
, rr_found
, chop_an
, chop_ns
, chop_ar
;
2310 if (ntohs(header
->qdcount
) != 1 ||
2311 !(p
= skip_name(p
, header
, plen
, 4)))
2315 GETSHORT(qclass
, p
);
2317 /* First pass, find pointers to start and end of all the records we wish to elide:
2318 records added for DNSSEC, unless explicity queried for */
2319 for (rr_found
= 0, chop_ns
= 0, chop_an
= 0, chop_ar
= 0, i
= 0;
2320 i
< ntohs(header
->ancount
) + ntohs(header
->nscount
) + ntohs(header
->arcount
);
2323 unsigned char *pstart
= p
;
2326 if (!(p
= skip_name(p
, header
, plen
, 10)))
2334 if ((type
== T_NSEC
|| type
== T_NSEC3
|| type
== T_RRSIG
) &&
2335 (type
!= qtype
|| class != qclass
))
2337 if (!expand_workspace(&rrs
, &rr_sz
, rr_found
+ 1))
2340 rrs
[rr_found
++] = pstart
;
2342 if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2345 rrs
[rr_found
++] = p
;
2347 if (i
< ntohs(header
->ancount
))
2349 else if (i
< (ntohs(header
->nscount
) + ntohs(header
->ancount
)))
2354 else if (!ADD_RDLEN(header
, p
, plen
, rdlen
))
2358 /* Nothing to do. */
2362 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2363 point to records we're going to elide. This is theoretically possible, but unlikely. If
2364 it happens, we give up and leave the answer unchanged. */
2365 p
= (unsigned char *)(header
+1);
2367 /* question first */
2368 if (!check_name(&p
, header
, plen
, 0, rrs
, rr_found
))
2370 p
+= 4; /* qclass, qtype */
2372 /* Now answers and NS */
2373 if (!check_rrs(p
, header
, plen
, 0, rrs
, rr_found
))
2376 /* Third pass, elide records */
2377 for (p
= rrs
[0], i
= 1; i
< rr_found
; i
+= 2)
2379 unsigned char *start
= rrs
[i
];
2380 unsigned char *end
= (i
!= rr_found
- 1) ? rrs
[i
+1] : ((unsigned char *)(header
+1)) + plen
;
2382 memmove(p
, start
, end
-start
);
2386 plen
= p
- (unsigned char *)header
;
2387 header
->ancount
= htons(ntohs(header
->ancount
) - chop_an
);
2388 header
->nscount
= htons(ntohs(header
->nscount
) - chop_ns
);
2389 header
->arcount
= htons(ntohs(header
->arcount
) - chop_ar
);
2391 /* Fourth pass, fix up pointers in the remaining records */
2392 p
= (unsigned char *)(header
+1);
2394 check_name(&p
, header
, plen
, 1, rrs
, rr_found
);
2395 p
+= 4; /* qclass, qtype */
2397 check_rrs(p
, header
, plen
, 1, rrs
, rr_found
);
2402 unsigned char* hash_questions(struct dns_header
*header
, size_t plen
, char *name
)
2406 unsigned char *p
= (unsigned char *)(header
+1);
2407 const struct nettle_hash
*hash
;
2409 unsigned char *digest
;
2411 if (!(hash
= hash_find("sha1")) || !hash_init(hash
, &ctx
, &digest
))
2414 for (q
= ntohs(header
->qdcount
); q
!= 0; q
--)
2416 if (!extract_name(header
, plen
, &p
, name
, 1, 4))
2417 break; /* bad packet */
2419 len
= to_wire(name
);
2420 hash
->update(ctx
, len
, (unsigned char *)name
);
2421 /* CRC the class and type as well */
2422 hash
->update(ctx
, 4, p
);
2425 if (!CHECK_LEN(header
, p
, plen
, 0))
2426 break; /* bad packet */
2429 hash
->digest(ctx
, hash
->digest_size
, digest
);
2433 #endif /* HAVE_DNSSEC */