]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnssec.c
projects / people / ms / dnsmasq.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add --dnssec-timestamp option and facility.
[people/ms/dnsmasq.git] / src / dnssec.c
1 /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2015 Simon Kelley
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include "dnsmasq.h"
19
20 #ifdef HAVE_DNSSEC
21
22 #include <nettle/rsa.h>
23 #include <nettle/dsa.h>
24 #ifndef NO_NETTLE_ECC
25 # include <nettle/ecdsa.h>
26 # include <nettle/ecc-curve.h>
27 #endif
28 #include <nettle/nettle-meta.h>
29 #include <nettle/bignum.h>
30
31 /* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33 #ifdef dsa_params_init
34 #include <nettle/dsa-compat.h>
35 #endif
36
37 #include <utime.h>
38
39 #define SERIAL_UNDEF -100
40 #define SERIAL_EQ 0
41 #define SERIAL_LT -1
42 #define SERIAL_GT 1
43
44 /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45 static char *ds_digest_name(int digest)
46 {
47 switch (digest)
48 {
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
53 default: return NULL;
54 }
55 }
56
57 /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58 static char *algo_digest_name(int algo)
59 {
60 switch (algo)
61 {
62 case 1: return "md5";
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
72 default: return NULL;
73 }
74 }
75
76 /* Find pointer to correct hash function in nettle library */
77 static const struct nettle_hash *hash_find(char *name)
78 {
79 int i;
80
81 if (!name)
82 return NULL;
83
84 for (i = 0; nettle_hashes[i]; i++)
85 {
86 if (strcmp(nettle_hashes[i]->name, name) == 0)
87 return nettle_hashes[i];
88 }
89
90 return NULL;
91 }
92
93 /* expand ctx and digest memory allocations if necessary and init hash function */
94 static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
95 {
96 static void *ctx = NULL;
97 static unsigned char *digest = NULL;
98 static unsigned int ctx_sz = 0;
99 static unsigned int digest_sz = 0;
100
101 void *new;
102
103 if (ctx_sz < hash->context_size)
104 {
105 if (!(new = whine_malloc(hash->context_size)))
106 return 0;
107 if (ctx)
108 free(ctx);
109 ctx = new;
110 ctx_sz = hash->context_size;
111 }
112
113 if (digest_sz < hash->digest_size)
114 {
115 if (!(new = whine_malloc(hash->digest_size)))
116 return 0;
117 if (digest)
118 free(digest);
119 digest = new;
120 digest_sz = hash->digest_size;
121 }
122
123 *ctxp = ctx;
124 *digestp = digest;
125
126 hash->init(ctx);
127
128 return 1;
129 }
130
131 static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
132 unsigned char *digest, int algo)
133 {
134 unsigned char *p;
135 size_t exp_len;
136
137 static struct rsa_public_key *key = NULL;
138 static mpz_t sig_mpz;
139
140 if (key == NULL)
141 {
142 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
143 return 0;
144
145 nettle_rsa_public_key_init(key);
146 mpz_init(sig_mpz);
147 }
148
149 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
150 return 0;
151
152 key_len--;
153 if ((exp_len = *p++) == 0)
154 {
155 GETSHORT(exp_len, p);
156 key_len -= 2;
157 }
158
159 if (exp_len >= key_len)
160 return 0;
161
162 key->size = key_len - exp_len;
163 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
164 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
165
166 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
167
168 switch (algo)
169 {
170 case 1:
171 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
172 case 5: case 7:
173 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
174 case 8:
175 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
176 case 10:
177 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
178 }
179
180 return 0;
181 }
182
183 static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
184 unsigned char *digest, int algo)
185 {
186 unsigned char *p;
187 unsigned int t;
188
189 static struct dsa_public_key *key = NULL;
190 static struct dsa_signature *sig_struct;
191
192 if (key == NULL)
193 {
194 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
195 !(key = whine_malloc(sizeof(struct dsa_public_key))))
196 return 0;
197
198 nettle_dsa_public_key_init(key);
199 nettle_dsa_signature_init(sig_struct);
200 }
201
202 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
203 return 0;
204
205 t = *p++;
206
207 if (key_len < (213 + (t * 24)))
208 return 0;
209
210 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
211 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
212 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
213 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
214
215 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
216 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
217
218 (void)algo;
219
220 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
221 }
222
223 #ifndef NO_NETTLE_ECC
224 static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
225 unsigned char *sig, size_t sig_len,
226 unsigned char *digest, size_t digest_len, int algo)
227 {
228 unsigned char *p;
229 unsigned int t;
230 struct ecc_point *key;
231
232 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
233 static mpz_t x, y;
234 static struct dsa_signature *sig_struct;
235
236 if (!sig_struct)
237 {
238 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
239 return 0;
240
241 nettle_dsa_signature_init(sig_struct);
242 mpz_init(x);
243 mpz_init(y);
244 }
245
246 switch (algo)
247 {
248 case 13:
249 if (!key_256)
250 {
251 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
252 return 0;
253
254 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
255 }
256
257 key = key_256;
258 t = 32;
259 break;
260
261 case 14:
262 if (!key_384)
263 {
264 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
265 return 0;
266
267 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
268 }
269
270 key = key_384;
271 t = 48;
272 break;
273
274 default:
275 return 0;
276 }
277
278 if (sig_len != 2*t || key_len != 2*t ||
279 !(p = blockdata_retrieve(key_data, key_len, NULL)))
280 return 0;
281
282 mpz_import(x, t , 1, 1, 0, 0, p);
283 mpz_import(y, t , 1, 1, 0, 0, p + t);
284
285 if (!ecc_point_set(key, x, y))
286 return 0;
287
288 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
289 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
290
291 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
292 }
293 #endif
294
295 static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
296 unsigned char *digest, size_t digest_len, int algo)
297 {
298 (void)digest_len;
299
300 switch (algo)
301 {
302 case 1: case 5: case 7: case 8: case 10:
303 return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
304
305 case 3: case 6:
306 return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
307
308 #ifndef NO_NETTLE_ECC
309 case 13: case 14:
310 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
311 #endif
312 }
313
314 return 0;
315 }
316
317 /* Convert from presentation format to wire format, in place.
318 Also map UC -> LC.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
324 */
325 static int to_wire(char *name)
326 {
327 unsigned char *l, *p, term;
328 int len;
329
330 for (l = (unsigned char*)name; *l != 0; l = p)
331 {
332 for (p = l; *p != '.' && *p != 0; p++)
333 if (*p >= 'A' && *p <= 'Z')
334 *p = *p - 'A' + 'a';
335
336 term = *p;
337
338 if ((len = p - l) != 0)
339 memmove(l+1, l, len);
340 *l = len;
341
342 p++;
343
344 if (term == 0)
345 *p = 0;
346 }
347
348 return l + 1 - (unsigned char *)name;
349 }
350
351 /* Note: no compression allowed in input. */
352 static void from_wire(char *name)
353 {
354 unsigned char *l;
355 int len;
356
357 for (l = (unsigned char *)name; *l != 0; l += len+1)
358 {
359 len = *l;
360 memmove(l, l+1, len);
361 l[len] = '.';
362 }
363
364 if ((char *)l != name)
365 *(l-1) = 0;
366 }
367
368 /* Input in presentation format */
369 static int count_labels(char *name)
370 {
371 int i;
372
373 if (*name == 0)
374 return 0;
375
376 for (i = 0; *name; name++)
377 if (*name == '.')
378 i++;
379
380 return i+1;
381 }
382
383 /* Implement RFC1982 wrapped compare for 32-bit numbers */
384 static int serial_compare_32(unsigned long s1, unsigned long s2)
385 {
386 if (s1 == s2)
387 return SERIAL_EQ;
388
389 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
390 (s1 > s2 && (s1 - s2) > (1UL<<31)))
391 return SERIAL_LT;
392 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
393 (s1 > s2 && (s1 - s2) < (1UL<<31)))
394 return SERIAL_GT;
395 return SERIAL_UNDEF;
396 }
397
398 /* Called at startup. If the timestamp file is configured and exists, put its mtime on
399 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
400 Change the ownership to the user we'll be running as, so that we can update the mtime.
401 */
402 static time_t timestamp_time;
403 static int back_to_the_future;
404
405 int setup_timestamp(uid_t uid)
406 {
407 struct stat statbuf;
408
409 back_to_the_future = 0;
410
411 if (!option_bool(OPT_DNSSEC_VALID) || !daemon->timestamp_file)
412 return 0;
413
414 if (stat(daemon->timestamp_file, &statbuf) != -1)
415 {
416 timestamp_time = statbuf.st_mtime;
417 check_and_exit:
418 if (difftime(timestamp_time, time(0)) <= 0)
419 {
420 /* time already OK, update timestamp, and do key checking from the start. */
421 if (utime(daemon->timestamp_file, NULL) == -1)
422 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
423 back_to_the_future = 1;
424 return 0;
425 }
426 return 1;
427 }
428
429 if (errno == ENOENT)
430 {
431 int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK, 0666);
432 if (fd != -1)
433 {
434 struct utimbuf timbuf;
435
436 close(fd);
437
438 timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
439 if (utime(daemon->timestamp_file, &timbuf) == 0 &&
440 (getuid() != 0 || chown(daemon->timestamp_file, uid, -1) == 0))
441 goto check_and_exit;
442 }
443 }
444
445 die(_("Cannot create timestamp file %s: %s" ), daemon->timestamp_file, EC_BADCONF);
446 return 0;
447 }
448
449 /* Check whether today/now is between date_start and date_end */
450 static int check_date_range(unsigned long date_start, unsigned long date_end)
451 {
452 unsigned long curtime = time(0);
453
454 /* Checking timestamps may be temporarily disabled */
455
456 /* If the current time if _before_ the timestamp
457 on our persistent timestamp file, then assume the
458 time if not yet correct, and don't check the
459 key timestamps. As soon as the current time is
460 later then the timestamp, update the timestamp
461 and start checking keys */
462 if (daemon->timestamp_file)
463 {
464 if (back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
465 {
466 if (utime(daemon->timestamp_file, NULL) != 0)
467 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
468
469 back_to_the_future = 1;
470 set_option_bool(OPT_DNSSEC_TIME);
471 queue_event(EVENT_RELOAD); /* purge cache */
472 }
473
474 if (back_to_the_future == 0)
475 return 1;
476 }
477 else if (option_bool(OPT_DNSSEC_TIME))
478 return 1;
479
480 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
481 return serial_compare_32(curtime, date_start) == SERIAL_GT
482 && serial_compare_32(curtime, date_end) == SERIAL_LT;
483 }
484
485 static u16 *get_desc(int type)
486 {
487 /* List of RRtypes which include domains in the data.
488 0 -> domain
489 integer -> no of plain bytes
490 -1 -> end
491
492 zero is not a valid RRtype, so the final entry is returned for
493 anything which needs no mangling.
494 */
495
496 static u16 rr_desc[] =
497 {
498 T_NS, 0, -1,
499 T_MD, 0, -1,
500 T_MF, 0, -1,
501 T_CNAME, 0, -1,
502 T_SOA, 0, 0, -1,
503 T_MB, 0, -1,
504 T_MG, 0, -1,
505 T_MR, 0, -1,
506 T_PTR, 0, -1,
507 T_MINFO, 0, 0, -1,
508 T_MX, 2, 0, -1,
509 T_RP, 0, 0, -1,
510 T_AFSDB, 2, 0, -1,
511 T_RT, 2, 0, -1,
512 T_SIG, 18, 0, -1,
513 T_PX, 2, 0, 0, -1,
514 T_NXT, 0, -1,
515 T_KX, 2, 0, -1,
516 T_SRV, 6, 0, -1,
517 T_DNAME, 0, -1,
518 0, -1 /* wildcard/catchall */
519 };
520
521 u16 *p = rr_desc;
522
523 while (*p != type && *p != 0)
524 while (*p++ != (u16)-1);
525
526 return p+1;
527 }
528
529 /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
530 data, pointed to by *p, should be used raw. */
531 static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
532 unsigned char **p, u16 **desc)
533 {
534 int d = **desc;
535
536 /* No more data needs mangling */
537 if (d == (u16)-1)
538 {
539 /* If there's more data than we have space for, just return what fits,
540 we'll get called again for more chunks */
541 if (end - *p > bufflen)
542 {
543 memcpy(buff, *p, bufflen);
544 *p += bufflen;
545 return bufflen;
546 }
547
548 return 0;
549 }
550
551 (*desc)++;
552
553 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
554 /* domain-name, canonicalise */
555 return to_wire(buff);
556 else
557 {
558 /* plain data preceding a domain-name, don't run off the end of the data */
559 if ((end - *p) < d)
560 d = end - *p;
561
562 if (d != 0)
563 {
564 memcpy(buff, *p, d);
565 *p += d;
566 }
567
568 return d;
569 }
570 }
571
572 static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
573 {
574 unsigned char **p;
575 int new_sz = *sz;
576
577 if (new_sz > new)
578 return 1;
579
580 if (new >= 100)
581 return 0;
582
583 new_sz += 5;
584
585 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
586 return 0;
587
588 if (*wkspc)
589 {
590 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
591 free(*wkspc);
592 }
593
594 *wkspc = p;
595 *sz = new_sz;
596
597 return 1;
598 }
599
600 /* Bubble sort the RRset into the canonical order.
601 Note that the byte-streams from two RRs may get unsynced: consider
602 RRs which have two domain-names at the start and then other data.
603 The domain-names may have different lengths in each RR, but sort equal
604
605 ------------
606 |abcde|fghi|
607 ------------
608 |abcd|efghi|
609 ------------
610
611 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
612 */
613
614 static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
615 unsigned char **rrset, char *buff1, char *buff2)
616 {
617 int swap, quit, i;
618
619 do
620 {
621 for (swap = 0, i = 0; i < rrsetidx-1; i++)
622 {
623 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
624 u16 *dp1, *dp2;
625 unsigned char *end1, *end2;
626 /* Note that these have been determined to be OK previously,
627 so we don't need to check for NULL return here. */
628 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
629 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
630
631 p1 += 8; /* skip class, type, ttl */
632 GETSHORT(rdlen1, p1);
633 end1 = p1 + rdlen1;
634
635 p2 += 8; /* skip class, type, ttl */
636 GETSHORT(rdlen2, p2);
637 end2 = p2 + rdlen2;
638
639 dp1 = dp2 = rr_desc;
640
641 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
642 {
643 if (left1 != 0)
644 memmove(buff1, buff1 + len1 - left1, left1);
645
646 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
647 {
648 quit = 1;
649 len1 = end1 - p1;
650 memcpy(buff1 + left1, p1, len1);
651 }
652 len1 += left1;
653
654 if (left2 != 0)
655 memmove(buff2, buff2 + len2 - left2, left2);
656
657 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
658 {
659 quit = 1;
660 len2 = end2 - p2;
661 memcpy(buff2 + left2, p2, len2);
662 }
663 len2 += left2;
664
665 if (len1 > len2)
666 left1 = len1 - len2, left2 = 0, len = len2;
667 else
668 left2 = len2 - len1, left1 = 0, len = len1;
669
670 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
671
672 if (rc > 0 || (rc == 0 && quit && len1 > len2))
673 {
674 unsigned char *tmp = rrset[i+1];
675 rrset[i+1] = rrset[i];
676 rrset[i] = tmp;
677 swap = quit = 1;
678 }
679 else if (rc < 0)
680 quit = 1;
681 }
682 }
683 } while (swap);
684 }
685
686 /* Validate a single RRset (class, type, name) in the supplied DNS reply
687 Return code:
688 STAT_SECURE if it validates.
689 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
690 (In this case *wildcard_out points to the "body" of the wildcard within name.)
691 STAT_NO_SIG no RRsigs found.
692 STAT_INSECURE RRset empty.
693 STAT_BOGUS signature is wrong, bad packet.
694 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
695
696 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
697 otherwise find the key in the cache.
698
699 name is unchanged on exit. keyname is used as workspace and trashed.
700 */
701 static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
702 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
703 {
704 static unsigned char **rrset = NULL, **sigs = NULL;
705 static int rrset_sz = 0, sig_sz = 0;
706
707 unsigned char *p;
708 int rrsetidx, sigidx, res, rdlen, j, name_labels;
709 struct crec *crecp = NULL;
710 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
711 u16 *rr_desc = get_desc(type);
712
713 if (wildcard_out)
714 *wildcard_out = NULL;
715
716 if (!(p = skip_questions(header, plen)))
717 return STAT_BOGUS;
718
719 name_labels = count_labels(name); /* For 4035 5.3.2 check */
720
721 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
722 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
723 j != 0; j--)
724 {
725 unsigned char *pstart, *pdata;
726 int stype, sclass;
727
728 pstart = p;
729
730 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
731 return STAT_BOGUS; /* bad packet */
732
733 GETSHORT(stype, p);
734 GETSHORT(sclass, p);
735 p += 4; /* TTL */
736
737 pdata = p;
738
739 GETSHORT(rdlen, p);
740
741 if (!CHECK_LEN(header, p, plen, rdlen))
742 return STAT_BOGUS;
743
744 if (res == 1 && sclass == class)
745 {
746 if (stype == type)
747 {
748 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
749 return STAT_BOGUS;
750
751 rrset[rrsetidx++] = pstart;
752 }
753
754 if (stype == T_RRSIG)
755 {
756 if (rdlen < 18)
757 return STAT_BOGUS; /* bad packet */
758
759 GETSHORT(type_covered, p);
760
761 if (type_covered == type)
762 {
763 if (!expand_workspace(&sigs, &sig_sz, sigidx))
764 return STAT_BOGUS;
765
766 sigs[sigidx++] = pdata;
767 }
768
769 p = pdata + 2; /* restore for ADD_RDLEN */
770 }
771 }
772
773 if (!ADD_RDLEN(header, p, plen, rdlen))
774 return STAT_BOGUS;
775 }
776
777 /* RRset empty */
778 if (rrsetidx == 0)
779 return STAT_INSECURE;
780
781 /* no RRSIGs */
782 if (sigidx == 0)
783 return STAT_NO_SIG;
784
785 /* Sort RRset records into canonical order.
786 Note that at this point keyname and daemon->workspacename buffs are
787 unused, and used as workspace by the sort. */
788 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
789
790 /* Now try all the sigs to try and find one which validates */
791 for (j = 0; j <sigidx; j++)
792 {
793 unsigned char *psav, *sig, *digest;
794 int i, wire_len, sig_len;
795 const struct nettle_hash *hash;
796 void *ctx;
797 char *name_start;
798 u32 nsigttl;
799
800 p = sigs[j];
801 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
802 psav = p;
803
804 p += 2; /* type_covered - already checked */
805 algo = *p++;
806 labels = *p++;
807 GETLONG(orig_ttl, p);
808 GETLONG(sig_expiration, p);
809 GETLONG(sig_inception, p);
810 GETSHORT(key_tag, p);
811
812 if (!extract_name(header, plen, &p, keyname, 1, 0))
813 return STAT_BOGUS;
814
815 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
816 the name of the zone containing the RRset. We can't tell that
817 for certain, but we can check that the RRset name is equal to
818 or encloses the signers name, which should be enough to stop
819 an attacker using signatures made with the key of an unrelated
820 zone he controls. Note that the root key is always allowed. */
821 if (*keyname != 0)
822 {
823 int failed = 0;
824
825 for (name_start = name; !hostname_isequal(name_start, keyname); )
826 if ((name_start = strchr(name_start, '.')))
827 name_start++; /* chop a label off and try again */
828 else
829 {
830 failed = 1;
831 break;
832 }
833
834 /* Bad sig, try another */
835 if (failed)
836 continue;
837 }
838
839 /* Other 5.3.1 checks */
840 if (!check_date_range(sig_inception, sig_expiration) ||
841 labels > name_labels ||
842 !(hash = hash_find(algo_digest_name(algo))) ||
843 !hash_init(hash, &ctx, &digest))
844 continue;
845
846 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
847 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
848 return STAT_NEED_KEY;
849
850 sig = p;
851 sig_len = rdlen - (p - psav);
852
853 nsigttl = htonl(orig_ttl);
854
855 hash->update(ctx, 18, psav);
856 wire_len = to_wire(keyname);
857 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
858 from_wire(keyname);
859
860 for (i = 0; i < rrsetidx; ++i)
861 {
862 int seg;
863 unsigned char *end, *cp;
864 u16 len, *dp;
865
866 p = rrset[i];
867 if (!extract_name(header, plen, &p, name, 1, 10))
868 return STAT_BOGUS;
869
870 name_start = name;
871
872 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
873 if (labels < name_labels)
874 {
875 int k;
876 for (k = name_labels - labels; k != 0; k--)
877 {
878 while (*name_start != '.' && *name_start != 0)
879 name_start++;
880 if (k != 1 && *name_start == '.')
881 name_start++;
882 }
883
884 if (wildcard_out)
885 *wildcard_out = name_start+1;
886
887 name_start--;
888 *name_start = '*';
889 }
890
891 wire_len = to_wire(name_start);
892 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
893 hash->update(ctx, 4, p); /* class and type */
894 hash->update(ctx, 4, (unsigned char *)&nsigttl);
895
896 p += 8; /* skip class, type, ttl */
897 GETSHORT(rdlen, p);
898 if (!CHECK_LEN(header, p, plen, rdlen))
899 return STAT_BOGUS;
900
901 end = p + rdlen;
902
903 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
904 cp = p;
905 dp = rr_desc;
906 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
907 len += end - cp;
908 len = htons(len);
909 hash->update(ctx, 2, (unsigned char *)&len);
910
911 /* Now canonicalise again and digest. */
912 cp = p;
913 dp = rr_desc;
914 while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
915 hash->update(ctx, seg, (unsigned char *)name);
916 if (cp != end)
917 hash->update(ctx, end - cp, cp);
918 }
919
920 hash->digest(ctx, hash->digest_size, digest);
921
922 /* namebuff used for workspace above, restore to leave unchanged on exit */
923 p = (unsigned char*)(rrset[0]);
924 extract_name(header, plen, &p, name, 1, 0);
925
926 if (key)
927 {
928 if (algo_in == algo && keytag_in == key_tag &&
929 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
930 return STAT_SECURE;
931 }
932 else
933 {
934 /* iterate through all possible keys 4035 5.3.1 */
935 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
936 if (crecp->addr.key.algo == algo &&
937 crecp->addr.key.keytag == key_tag &&
938 crecp->uid == (unsigned int)class &&
939 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
940 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
941 }
942 }
943
944 return STAT_BOGUS;
945 }
946
947 /* The DNS packet is expected to contain the answer to a DNSKEY query.
948 Put all DNSKEYs in the answer which are valid into the cache.
949 return codes:
950 STAT_SECURE At least one valid DNSKEY found and in cache.
951 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
952 or self-sign for DNSKEY RRset is not valid, bad packet.
953 STAT_NEED_DS DS records to validate a key not found, name in keyname
954 */
955 int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
956 {
957 unsigned char *psave, *p = (unsigned char *)(header+1);
958 struct crec *crecp, *recp1;
959 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
960 struct blockdata *key;
961 struct all_addr a;
962
963 if (ntohs(header->qdcount) != 1 ||
964 !extract_name(header, plen, &p, name, 1, 4))
965 return STAT_BOGUS;
966
967 GETSHORT(qtype, p);
968 GETSHORT(qclass, p);
969
970 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
971 return STAT_BOGUS;
972
973 /* See if we have cached a DS record which validates this key */
974 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
975 {
976 strcpy(keyname, name);
977 return STAT_NEED_DS;
978 }
979
980 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
981 if (crecp->flags & F_NEG)
982 return STAT_INSECURE;
983
984 /* NOTE, we need to find ONE DNSKEY which matches the DS */
985 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
986 {
987 /* Ensure we have type, class TTL and length */
988 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
989 return STAT_BOGUS; /* bad packet */
990
991 GETSHORT(qtype, p);
992 GETSHORT(qclass, p);
993 GETLONG(ttl, p);
994 GETSHORT(rdlen, p);
995
996 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
997 return STAT_BOGUS; /* bad packet */
998
999 if (qclass != class || qtype != T_DNSKEY || rc == 2)
1000 {
1001 p += rdlen;
1002 continue;
1003 }
1004
1005 psave = p;
1006
1007 GETSHORT(flags, p);
1008 if (*p++ != 3)
1009 return STAT_BOGUS;
1010 algo = *p++;
1011 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1012 key = NULL;
1013
1014 /* key must have zone key flag set */
1015 if (flags & 0x100)
1016 key = blockdata_alloc((char*)p, rdlen - 4);
1017
1018 p = psave;
1019
1020 if (!ADD_RDLEN(header, p, plen, rdlen))
1021 {
1022 if (key)
1023 blockdata_free(key);
1024 return STAT_BOGUS; /* bad packet */
1025 }
1026
1027 /* No zone key flag or malloc failure */
1028 if (!key)
1029 continue;
1030
1031 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
1032 {
1033 void *ctx;
1034 unsigned char *digest, *ds_digest;
1035 const struct nettle_hash *hash;
1036
1037 if (recp1->addr.ds.algo == algo &&
1038 recp1->addr.ds.keytag == keytag &&
1039 recp1->uid == (unsigned int)class &&
1040 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
1041 hash_init(hash, &ctx, &digest))
1042
1043 {
1044 int wire_len = to_wire(name);
1045
1046 /* Note that digest may be different between DSs, so
1047 we can't move this outside the loop. */
1048 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
1049 hash->update(ctx, (unsigned int)rdlen, psave);
1050 hash->digest(ctx, hash->digest_size, digest);
1051
1052 from_wire(name);
1053
1054 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
1055 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
1056 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
1057 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
1058 {
1059 valid = 1;
1060 break;
1061 }
1062 }
1063 }
1064 blockdata_free(key);
1065 }
1066
1067 if (valid)
1068 {
1069 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
1070 cache_start_insert();
1071
1072 p = skip_questions(header, plen);
1073
1074 for (j = ntohs(header->ancount); j != 0; j--)
1075 {
1076 /* Ensure we have type, class TTL and length */
1077 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1078 return STAT_INSECURE; /* bad packet */
1079
1080 GETSHORT(qtype, p);
1081 GETSHORT(qclass, p);
1082 GETLONG(ttl, p);
1083 GETSHORT(rdlen, p);
1084
1085 if (!CHECK_LEN(header, p, plen, rdlen))
1086 return STAT_BOGUS; /* bad packet */
1087
1088 if (qclass == class && rc == 1)
1089 {
1090 psave = p;
1091
1092 if (qtype == T_DNSKEY)
1093 {
1094 if (rdlen < 4)
1095 return STAT_BOGUS; /* bad packet */
1096
1097 GETSHORT(flags, p);
1098 if (*p++ != 3)
1099 return STAT_BOGUS;
1100 algo = *p++;
1101 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1102
1103 /* Cache needs to known class for DNSSEC stuff */
1104 a.addr.dnssec.class = class;
1105
1106 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1107 {
1108 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1109 blockdata_free(key);
1110 else
1111 {
1112 a.addr.keytag = keytag;
1113 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1114
1115 recp1->addr.key.keylen = rdlen - 4;
1116 recp1->addr.key.keydata = key;
1117 recp1->addr.key.algo = algo;
1118 recp1->addr.key.keytag = keytag;
1119 recp1->addr.key.flags = flags;
1120 }
1121 }
1122 }
1123 else if (qtype == T_RRSIG)
1124 {
1125 /* RRSIG, cache if covers DNSKEY RRset */
1126 if (rdlen < 18)
1127 return STAT_BOGUS; /* bad packet */
1128
1129 GETSHORT(type_covered, p);
1130
1131 if (type_covered == T_DNSKEY)
1132 {
1133 a.addr.dnssec.class = class;
1134 a.addr.dnssec.type = type_covered;
1135
1136 algo = *p++;
1137 p += 13; /* labels, orig_ttl, expiration, inception */
1138 GETSHORT(keytag, p);
1139 if ((key = blockdata_alloc((char*)psave, rdlen)))
1140 {
1141 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1142 blockdata_free(key);
1143 else
1144 {
1145 crecp->addr.sig.keydata = key;
1146 crecp->addr.sig.keylen = rdlen;
1147 crecp->addr.sig.keytag = keytag;
1148 crecp->addr.sig.type_covered = type_covered;
1149 crecp->addr.sig.algo = algo;
1150 }
1151 }
1152 }
1153 }
1154
1155 p = psave;
1156 }
1157
1158 if (!ADD_RDLEN(header, p, plen, rdlen))
1159 return STAT_BOGUS; /* bad packet */
1160 }
1161
1162 /* commit cache insert. */
1163 cache_end_insert();
1164 return STAT_SECURE;
1165 }
1166
1167 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1168 return STAT_BOGUS;
1169 }
1170
1171 /* The DNS packet is expected to contain the answer to a DS query
1172 Put all DSs in the answer which are valid into the cache.
1173 return codes:
1174 STAT_SECURE At least one valid DS found and in cache.
1175 STAT_NO_DS It's proved there's no DS here.
1176 STAT_NO_NS It's proved there's no DS _or_ NS here.
1177 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
1178 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1179 */
1180
1181 int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1182 {
1183 unsigned char *p = (unsigned char *)(header+1);
1184 int qtype, qclass, val, i, neganswer, nons;
1185
1186 if (ntohs(header->qdcount) != 1 ||
1187 !(p = skip_name(p, header, plen, 4)))
1188 return STAT_BOGUS;
1189
1190 GETSHORT(qtype, p);
1191 GETSHORT(qclass, p);
1192
1193 if (qtype != T_DS || qclass != class)
1194 val = STAT_BOGUS;
1195 else
1196 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
1197 /* Note dnssec_validate_reply() will have cached positive answers */
1198
1199 if (val == STAT_NO_SIG || val == STAT_INSECURE)
1200 val = STAT_BOGUS;
1201
1202 p = (unsigned char *)(header+1);
1203 extract_name(header, plen, &p, name, 1, 4);
1204 p += 4; /* qtype, qclass */
1205
1206 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1207 val = STAT_BOGUS;
1208
1209 if (val == STAT_BOGUS)
1210 {
1211 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
1212 return STAT_BOGUS;
1213 }
1214
1215 /* By here, the answer is proved secure, and a positive answer has been cached. */
1216 if (val == STAT_SECURE && neganswer)
1217 {
1218 int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
1219 unsigned long ttl, minttl = ULONG_MAX;
1220 struct all_addr a;
1221
1222 if (RCODE(header) == NXDOMAIN)
1223 flags |= F_NXDOMAIN;
1224
1225 /* We only cache validated DS records, DNSSECOK flag hijacked
1226 to store presence/absence of NS. */
1227 if (nons)
1228 flags &= ~F_DNSSECOK;
1229
1230 for (i = ntohs(header->nscount); i != 0; i--)
1231 {
1232 if (!(p = skip_name(p, header, plen, 0)))
1233 return STAT_BOGUS;
1234
1235 GETSHORT(qtype, p);
1236 GETSHORT(qclass, p);
1237 GETLONG(ttl, p);
1238 GETSHORT(rdlen, p);
1239
1240 if (!CHECK_LEN(header, p, plen, rdlen))
1241 return STAT_BOGUS; /* bad packet */
1242
1243 if (qclass != class || qtype != T_SOA)
1244 {
1245 p += rdlen;
1246 continue;
1247 }
1248
1249 if (ttl < minttl)
1250 minttl = ttl;
1251
1252 /* MNAME */
1253 if (!(p = skip_name(p, header, plen, 0)))
1254 return STAT_BOGUS;
1255 /* RNAME */
1256 if (!(p = skip_name(p, header, plen, 20)))
1257 return STAT_BOGUS;
1258 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1259
1260 GETLONG(ttl, p); /* minTTL */
1261 if (ttl < minttl)
1262 minttl = ttl;
1263
1264 break;
1265 }
1266
1267 if (i != 0)
1268 {
1269 cache_start_insert();
1270
1271 a.addr.dnssec.class = class;
1272 cache_insert(name, &a, now, ttl, flags);
1273
1274 cache_end_insert();
1275
1276 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
1277 }
1278
1279 return nons ? STAT_NO_NS : STAT_NO_DS;
1280 }
1281
1282 return val;
1283 }
1284
1285 /* 4034 6.1 */
1286 static int hostname_cmp(const char *a, const char *b)
1287 {
1288 char *sa, *ea, *ca, *sb, *eb, *cb;
1289 unsigned char ac, bc;
1290
1291 sa = ea = (char *)a + strlen(a);
1292 sb = eb = (char *)b + strlen(b);
1293
1294 while (1)
1295 {
1296 while (sa != a && *(sa-1) != '.')
1297 sa--;
1298
1299 while (sb != b && *(sb-1) != '.')
1300 sb--;
1301
1302 ca = sa;
1303 cb = sb;
1304
1305 while (1)
1306 {
1307 if (ca == ea)
1308 {
1309 if (cb == eb)
1310 break;
1311
1312 return -1;
1313 }
1314
1315 if (cb == eb)
1316 return 1;
1317
1318 ac = (unsigned char) *ca++;
1319 bc = (unsigned char) *cb++;
1320
1321 if (ac >= 'A' && ac <= 'Z')
1322 ac += 'a' - 'A';
1323 if (bc >= 'A' && bc <= 'Z')
1324 bc += 'a' - 'A';
1325
1326 if (ac < bc)
1327 return -1;
1328 else if (ac != bc)
1329 return 1;
1330 }
1331
1332
1333 if (sa == a)
1334 {
1335 if (sb == b)
1336 return 0;
1337
1338 return -1;
1339 }
1340
1341 if (sb == b)
1342 return 1;
1343
1344 ea = sa--;
1345 eb = sb--;
1346 }
1347 }
1348
1349 /* Find all the NSEC or NSEC3 records in a reply.
1350 return an array of pointers to them. */
1351 static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1352 {
1353 static unsigned char **nsecset = NULL;
1354 static int nsecset_sz = 0;
1355
1356 int type_found = 0;
1357 unsigned char *p = skip_questions(header, plen);
1358 int type, class, rdlen, i, nsecs_found;
1359
1360 /* Move to NS section */
1361 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1362 return 0;
1363
1364 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1365 {
1366 unsigned char *pstart = p;
1367
1368 if (!(p = skip_name(p, header, plen, 10)))
1369 return 0;
1370
1371 GETSHORT(type, p);
1372 GETSHORT(class, p);
1373 p += 4; /* TTL */
1374 GETSHORT(rdlen, p);
1375
1376 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1377 {
1378 /* No mixed NSECing 'round here, thankyouverymuch */
1379 if (type_found == T_NSEC && type == T_NSEC3)
1380 return 0;
1381 if (type_found == T_NSEC3 && type == T_NSEC)
1382 return 0;
1383
1384 type_found = type;
1385
1386 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1387 return 0;
1388
1389 nsecset[nsecs_found++] = pstart;
1390 }
1391
1392 if (!ADD_RDLEN(header, p, plen, rdlen))
1393 return 0;
1394 }
1395
1396 *nsecsetp = nsecset;
1397 *nsecsetl = nsecs_found;
1398
1399 return type_found;
1400 }
1401
1402 static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1403 char *workspace1, char *workspace2, char *name, int type, int *nons)
1404 {
1405 int i, rc, rdlen;
1406 unsigned char *p, *psave;
1407 int offset = (type & 0xff) >> 3;
1408 int mask = 0x80 >> (type & 0x07);
1409
1410 if (nons)
1411 *nons = 0;
1412
1413 /* Find NSEC record that proves name doesn't exist */
1414 for (i = 0; i < nsec_count; i++)
1415 {
1416 p = nsecs[i];
1417 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1418 return STAT_BOGUS;
1419 p += 8; /* class, type, TTL */
1420 GETSHORT(rdlen, p);
1421 psave = p;
1422 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1423 return STAT_BOGUS;
1424
1425 rc = hostname_cmp(workspace1, name);
1426
1427 if (rc == 0)
1428 {
1429 /* 4035 para 5.4. Last sentence */
1430 if (type == T_NSEC || type == T_RRSIG)
1431 return STAT_SECURE;
1432
1433 /* NSEC with the same name as the RR we're testing, check
1434 that the type in question doesn't appear in the type map */
1435 rdlen -= p - psave;
1436 /* rdlen is now length of type map, and p points to it */
1437
1438 /* If we can prove that there's no NS record, return that information. */
1439 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1440 *nons = 1;
1441
1442 while (rdlen >= 2)
1443 {
1444 if (!CHECK_LEN(header, p, plen, rdlen))
1445 return STAT_BOGUS;
1446
1447 if (p[0] == type >> 8)
1448 {
1449 /* Does the NSEC say our type exists? */
1450 if (offset < p[1] && (p[offset+2] & mask) != 0)
1451 return STAT_BOGUS;
1452
1453 break; /* finshed checking */
1454 }
1455
1456 rdlen -= p[1];
1457 p += p[1];
1458 }
1459
1460 return STAT_SECURE;
1461 }
1462 else if (rc == -1)
1463 {
1464 /* Normal case, name falls between NSEC name and next domain name,
1465 wrap around case, name falls between NSEC name (rc == -1) and end */
1466 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1467 return STAT_SECURE;
1468 }
1469 else
1470 {
1471 /* wrap around case, name falls between start and next domain name */
1472 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1473 return STAT_SECURE;
1474 }
1475 }
1476
1477 return STAT_BOGUS;
1478 }
1479
1480 /* return digest length, or zero on error */
1481 static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1482 unsigned char *salt, int salt_len, int iterations)
1483 {
1484 void *ctx;
1485 unsigned char *digest;
1486 int i;
1487
1488 if (!hash_init(hash, &ctx, &digest))
1489 return 0;
1490
1491 hash->update(ctx, to_wire(in), (unsigned char *)in);
1492 hash->update(ctx, salt_len, salt);
1493 hash->digest(ctx, hash->digest_size, digest);
1494
1495 for(i = 0; i < iterations; i++)
1496 {
1497 hash->update(ctx, hash->digest_size, digest);
1498 hash->update(ctx, salt_len, salt);
1499 hash->digest(ctx, hash->digest_size, digest);
1500 }
1501
1502 from_wire(in);
1503
1504 *out = digest;
1505 return hash->digest_size;
1506 }
1507
1508 /* Decode base32 to first "." or end of string */
1509 static int base32_decode(char *in, unsigned char *out)
1510 {
1511 int oc, on, c, mask, i;
1512 unsigned char *p = out;
1513
1514 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
1515 {
1516 if (c >= '0' && c <= '9')
1517 c -= '0';
1518 else if (c >= 'a' && c <= 'v')
1519 c -= 'a', c += 10;
1520 else if (c >= 'A' && c <= 'V')
1521 c -= 'A', c += 10;
1522 else
1523 return 0;
1524
1525 for (mask = 0x10, i = 0; i < 5; i++)
1526 {
1527 if (c & mask)
1528 oc |= 1;
1529 mask = mask >> 1;
1530 if (((++on) & 7) == 0)
1531 *p++ = oc;
1532 oc = oc << 1;
1533 }
1534 }
1535
1536 if ((on & 7) != 0)
1537 return 0;
1538
1539 return p - out;
1540 }
1541
1542 static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1543 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
1544 {
1545 int i, hash_len, salt_len, base32_len, rdlen;
1546 unsigned char *p, *psave;
1547
1548 for (i = 0; i < nsec_count; i++)
1549 if ((p = nsecs[i]))
1550 {
1551 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1552 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1553 return 0;
1554
1555 p += 8; /* class, type, TTL */
1556 GETSHORT(rdlen, p);
1557 psave = p;
1558 p += 4; /* algo, flags, iterations */
1559 salt_len = *p++; /* salt_len */
1560 p += salt_len; /* salt */
1561 hash_len = *p++; /* p now points to next hashed name */
1562
1563 if (!CHECK_LEN(header, p, plen, hash_len))
1564 return 0;
1565
1566 if (digest_len == base32_len && hash_len == base32_len)
1567 {
1568 int rc = memcmp(workspace2, digest, digest_len);
1569
1570 if (rc == 0)
1571 {
1572 /* We found an NSEC3 whose hashed name exactly matches the query, so
1573 we just need to check the type map. p points to the RR data for the record. */
1574
1575 int offset = (type & 0xff) >> 3;
1576 int mask = 0x80 >> (type & 0x07);
1577
1578 p += hash_len; /* skip next-domain hash */
1579 rdlen -= p - psave;
1580
1581 if (!CHECK_LEN(header, p, plen, rdlen))
1582 return 0;
1583
1584 /* If we can prove that there's no NS record, return that information. */
1585 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1586 *nons = 1;
1587
1588 while (rdlen >= 2)
1589 {
1590 if (p[0] == type >> 8)
1591 {
1592 /* Does the NSEC3 say our type exists? */
1593 if (offset < p[1] && (p[offset+2] & mask) != 0)
1594 return STAT_BOGUS;
1595
1596 break; /* finshed checking */
1597 }
1598
1599 rdlen -= p[1];
1600 p += p[1];
1601 }
1602
1603 return 1;
1604 }
1605 else if (rc <= 0)
1606 {
1607 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1608 wrap around case, name-hash falls between NSEC3 name-hash and end */
1609 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1610 return 1;
1611 }
1612 else
1613 {
1614 /* wrap around case, name falls between start and next domain name */
1615 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1616 return 1;
1617 }
1618 }
1619 }
1620 return 0;
1621 }
1622
1623 static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1624 char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
1625 {
1626 unsigned char *salt, *p, *digest;
1627 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
1628 struct nettle_hash const *hash;
1629 char *closest_encloser, *next_closest, *wildcard;
1630
1631 if (nons)
1632 *nons = 0;
1633
1634 /* Look though the NSEC3 records to find the first one with
1635 an algorithm we support (currently only algo == 1).
1636
1637 Take the algo, iterations, and salt of that record
1638 as the ones we're going to use, and prune any
1639 that don't match. */
1640
1641 for (i = 0; i < nsec_count; i++)
1642 {
1643 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1644 return STAT_BOGUS; /* bad packet */
1645
1646 p += 10; /* type, class, TTL, rdlen */
1647 algo = *p++;
1648
1649 if (algo == 1)
1650 break; /* known algo */
1651 }
1652
1653 /* No usable NSEC3s */
1654 if (i == nsec_count)
1655 return STAT_BOGUS;
1656
1657 p++; /* flags */
1658 GETSHORT (iterations, p);
1659 salt_len = *p++;
1660 salt = p;
1661 if (!CHECK_LEN(header, salt, plen, salt_len))
1662 return STAT_BOGUS; /* bad packet */
1663
1664 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1665 for (i = 0; i < nsec_count; i++)
1666 {
1667 unsigned char *nsec3p = nsecs[i];
1668 int this_iter;
1669
1670 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1671
1672 if (!(p = skip_name(nsec3p, header, plen, 15)))
1673 return STAT_BOGUS; /* bad packet */
1674
1675 p += 10; /* type, class, TTL, rdlen */
1676
1677 if (*p++ != algo)
1678 continue;
1679
1680 p++; /* flags */
1681
1682 GETSHORT(this_iter, p);
1683 if (this_iter != iterations)
1684 continue;
1685
1686 if (salt_len != *p++)
1687 continue;
1688
1689 if (!CHECK_LEN(header, p, plen, salt_len))
1690 return STAT_BOGUS; /* bad packet */
1691
1692 if (memcmp(p, salt, salt_len) != 0)
1693 continue;
1694
1695 /* All match, put the pointer back */
1696 nsecs[i] = nsec3p;
1697 }
1698
1699 /* Algo is checked as 1 above */
1700 if (!(hash = hash_find("sha1")))
1701 return STAT_BOGUS;
1702
1703 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1704 return STAT_BOGUS;
1705
1706 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
1707 return STAT_SECURE;
1708
1709 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1710 or an answer inferred from a wildcard record. */
1711 closest_encloser = name;
1712 next_closest = NULL;
1713
1714 do
1715 {
1716 if (*closest_encloser == '.')
1717 closest_encloser++;
1718
1719 if (wildname && hostname_isequal(closest_encloser, wildname))
1720 break;
1721
1722 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1723 return STAT_BOGUS;
1724
1725 for (i = 0; i < nsec_count; i++)
1726 if ((p = nsecs[i]))
1727 {
1728 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1729 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1730 return STAT_BOGUS;
1731
1732 if (digest_len == base32_len &&
1733 memcmp(digest, workspace2, digest_len) == 0)
1734 break; /* Gotit */
1735 }
1736
1737 if (i != nsec_count)
1738 break;
1739
1740 next_closest = closest_encloser;
1741 }
1742 while ((closest_encloser = strchr(closest_encloser, '.')));
1743
1744 if (!closest_encloser)
1745 return STAT_BOGUS;
1746
1747 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1748 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1749 return STAT_BOGUS;
1750
1751 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1752 return STAT_BOGUS;
1753
1754 /* Finally, check that there's no seat of wildcard synthesis */
1755 if (!wildname)
1756 {
1757 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1758 return STAT_BOGUS;
1759
1760 wildcard--;
1761 *wildcard = '*';
1762
1763 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1764 return STAT_BOGUS;
1765
1766 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1767 return STAT_BOGUS;
1768 }
1769
1770 return STAT_SECURE;
1771 }
1772
1773 /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1774 /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1775 int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1776 int *class, int *neganswer, int *nons)
1777 {
1778 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1779 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1780 int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
1781 int nsec_type = 0, have_answer = 0;
1782
1783 if (neganswer)
1784 *neganswer = 0;
1785
1786 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1787 return STAT_BOGUS;
1788
1789 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1790 return STAT_INSECURE;
1791
1792 qname = p1 = (unsigned char *)(header+1);
1793
1794 if (!extract_name(header, plen, &p1, name, 1, 4))
1795 return STAT_BOGUS;
1796
1797 GETSHORT(qtype, p1);
1798 GETSHORT(qclass, p1);
1799 ans_start = p1;
1800
1801 if (qtype == T_ANY)
1802 have_answer = 1;
1803
1804 /* Can't validate an RRISG query */
1805 if (qtype == T_RRSIG)
1806 return STAT_INSECURE;
1807
1808 cname_loop:
1809 for (j = ntohs(header->ancount); j != 0; j--)
1810 {
1811 /* leave pointer to missing name in qname */
1812
1813 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1814 return STAT_BOGUS; /* bad packet */
1815
1816 GETSHORT(type2, p1);
1817 GETSHORT(class2, p1);
1818 p1 += 4; /* TTL */
1819 GETSHORT(rdlen2, p1);
1820
1821 if (rc == 1 && qclass == class2)
1822 {
1823 /* Do we have an answer for the question? */
1824 if (type2 == qtype)
1825 {
1826 have_answer = 1;
1827 break;
1828 }
1829 else if (type2 == T_CNAME)
1830 {
1831 qname = p1;
1832
1833 /* looped CNAMES */
1834 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1835 return STAT_BOGUS;
1836
1837 p1 = ans_start;
1838 goto cname_loop;
1839 }
1840 }
1841
1842 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1843 return STAT_BOGUS;
1844 }
1845
1846 if (neganswer && !have_answer)
1847 *neganswer = 1;
1848
1849 /* No data, therefore no sigs */
1850 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1851 return STAT_NO_SIG;
1852
1853 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1854 {
1855 if (!extract_name(header, plen, &p1, name, 1, 10))
1856 return STAT_BOGUS; /* bad packet */
1857
1858 GETSHORT(type1, p1);
1859 GETSHORT(class1, p1);
1860 p1 += 4; /* TTL */
1861 GETSHORT(rdlen1, p1);
1862
1863 /* Don't try and validate RRSIGs! */
1864 if (type1 != T_RRSIG)
1865 {
1866 /* Check if we've done this RRset already */
1867 for (p2 = ans_start, j = 0; j < i; j++)
1868 {
1869 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1870 return STAT_BOGUS; /* bad packet */
1871
1872 GETSHORT(type2, p2);
1873 GETSHORT(class2, p2);
1874 p2 += 4; /* TTL */
1875 GETSHORT(rdlen2, p2);
1876
1877 if (type2 == type1 && class2 == class1 && rc == 1)
1878 break; /* Done it before: name, type, class all match. */
1879
1880 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1881 return STAT_BOGUS;
1882 }
1883
1884 /* Not done, validate now */
1885 if (j == i)
1886 {
1887 int ttl, keytag, algo, digest, type_covered;
1888 unsigned char *psave;
1889 struct all_addr a;
1890 struct blockdata *key;
1891 struct crec *crecp;
1892 char *wildname;
1893 int have_wildcard = 0;
1894
1895 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
1896
1897 if (rc == STAT_SECURE_WILDCARD)
1898 {
1899 have_wildcard = 1;
1900
1901 /* An attacker replay a wildcard answer with a different
1902 answer and overlay a genuine RR. To prove this
1903 hasn't happened, the answer must prove that
1904 the gennuine record doesn't exist. Check that here. */
1905 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1906 return STAT_BOGUS; /* No NSECs or bad packet */
1907
1908 if (nsec_type == T_NSEC)
1909 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
1910 else
1911 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
1912 keyname, name, type1, wildname, NULL);
1913
1914 if (rc != STAT_SECURE)
1915 return rc;
1916 }
1917 else if (rc != STAT_SECURE)
1918 {
1919 if (class)
1920 *class = class1; /* Class for DS or DNSKEY */
1921 return rc;
1922 }
1923
1924 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1925 cache_start_insert();
1926
1927 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
1928 {
1929 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1930 return STAT_BOGUS; /* bad packet */
1931
1932 GETSHORT(type2, p2);
1933 GETSHORT(class2, p2);
1934 GETLONG(ttl, p2);
1935 GETSHORT(rdlen2, p2);
1936
1937 if (!CHECK_LEN(header, p2, plen, rdlen2))
1938 return STAT_BOGUS; /* bad packet */
1939
1940 if (class2 == class1 && rc == 1)
1941 {
1942 psave = p2;
1943
1944 if (type1 == T_DS && type2 == T_DS)
1945 {
1946 if (rdlen2 < 4)
1947 return STAT_BOGUS; /* bad packet */
1948
1949 GETSHORT(keytag, p2);
1950 algo = *p2++;
1951 digest = *p2++;
1952
1953 /* Cache needs to known class for DNSSEC stuff */
1954 a.addr.dnssec.class = class2;
1955
1956 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
1957 {
1958 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1959 blockdata_free(key);
1960 else
1961 {
1962 a.addr.keytag = keytag;
1963 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1964 crecp->addr.ds.digest = digest;
1965 crecp->addr.ds.keydata = key;
1966 crecp->addr.ds.algo = algo;
1967 crecp->addr.ds.keytag = keytag;
1968 crecp->addr.ds.keylen = rdlen2 - 4;
1969 }
1970 }
1971 }
1972 else if (type2 == T_RRSIG)
1973 {
1974 if (rdlen2 < 18)
1975 return STAT_BOGUS; /* bad packet */
1976
1977 GETSHORT(type_covered, p2);
1978
1979 if (type_covered == type1 &&
1980 (type_covered == T_A || type_covered == T_AAAA ||
1981 type_covered == T_CNAME || type_covered == T_DS ||
1982 type_covered == T_DNSKEY || type_covered == T_PTR))
1983 {
1984 a.addr.dnssec.type = type_covered;
1985 a.addr.dnssec.class = class1;
1986
1987 algo = *p2++;
1988 p2 += 13; /* labels, orig_ttl, expiration, inception */
1989 GETSHORT(keytag, p2);
1990
1991 /* We don't cache sigs for wildcard answers, because to reproduce the
1992 answer from the cache will require one or more NSEC/NSEC3 records
1993 which we don't cache. The lack of the RRSIG ensures that a query for
1994 this RRset asking for a secure answer will always be forwarded. */
1995 if (!have_wildcard && (key = blockdata_alloc((char*)psave, rdlen2)))
1996 {
1997 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1998 blockdata_free(key);
1999 else
2000 {
2001 crecp->addr.sig.keydata = key;
2002 crecp->addr.sig.keylen = rdlen2;
2003 crecp->addr.sig.keytag = keytag;
2004 crecp->addr.sig.type_covered = type_covered;
2005 crecp->addr.sig.algo = algo;
2006 }
2007 }
2008 }
2009 }
2010
2011 p2 = psave;
2012 }
2013
2014 if (!ADD_RDLEN(header, p2, plen, rdlen2))
2015 return STAT_BOGUS; /* bad packet */
2016 }
2017
2018 cache_end_insert();
2019 }
2020 }
2021
2022 if (!ADD_RDLEN(header, p1, plen, rdlen1))
2023 return STAT_BOGUS;
2024 }
2025
2026 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
2027 if (have_answer)
2028 return STAT_SECURE;
2029
2030 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
2031 /* First marshall the NSEC records, if we've not done it previously */
2032 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
2033 return STAT_BOGUS; /* No NSECs */
2034
2035 /* Get name of missing answer */
2036 if (!extract_name(header, plen, &qname, name, 1, 0))
2037 return STAT_BOGUS;
2038
2039 if (nsec_type == T_NSEC)
2040 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
2041 else
2042 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
2043 }
2044
2045 /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2046 Needed for proving answer in unsigned space.
2047 Return STAT_NEED_*
2048 STAT_BOGUS - error
2049 STAT_INSECURE - name of first non-secure record in name
2050 */
2051 int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
2052 {
2053 unsigned char *p = (unsigned char *)(header+1);
2054 int type, class, qclass, rdlen, j, rc;
2055 int cname_count = CNAME_CHAIN;
2056
2057 /* Get question */
2058 if (!extract_name(header, plen, &p, name, 1, 4))
2059 return STAT_BOGUS;
2060
2061 p +=2; /* type */
2062 GETSHORT(qclass, p);
2063
2064 while (1)
2065 {
2066 for (j = ntohs(header->ancount); j != 0; j--)
2067 {
2068 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
2069 return STAT_BOGUS; /* bad packet */
2070
2071 GETSHORT(type, p);
2072 GETSHORT(class, p);
2073 p += 4; /* TTL */
2074 GETSHORT(rdlen, p);
2075
2076 /* Not target, loop */
2077 if (rc == 2 || qclass != class)
2078 {
2079 if (!ADD_RDLEN(header, p, plen, rdlen))
2080 return STAT_BOGUS;
2081 continue;
2082 }
2083
2084 /* Got to end of CNAME chain. */
2085 if (type != T_CNAME)
2086 return STAT_INSECURE;
2087
2088 /* validate CNAME chain, return if insecure or need more data */
2089 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
2090 if (rc != STAT_SECURE)
2091 {
2092 if (rc == STAT_NO_SIG)
2093 rc = STAT_INSECURE;
2094 return rc;
2095 }
2096
2097 /* Loop down CNAME chain/ */
2098 if (!cname_count-- ||
2099 !extract_name(header, plen, &p, name, 1, 0) ||
2100 !(p = skip_questions(header, plen)))
2101 return STAT_BOGUS;
2102
2103 break;
2104 }
2105
2106 /* End of CNAME chain */
2107 return STAT_INSECURE;
2108 }
2109 }
2110
2111
2112 /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2113 int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
2114 {
2115 if (alg == 1)
2116 {
2117 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2118 See RFC4034, Appendix B.1 */
2119 return key[keylen-4] * 256 + key[keylen-3];
2120 }
2121 else
2122 {
2123 unsigned long ac = flags + 0x300 + alg;
2124 int i;
2125
2126 for (i = 0; i < keylen; ++i)
2127 ac += (i & 1) ? key[i] : key[i] << 8;
2128
2129 ac += (ac >> 16) & 0xffff;
2130 return ac & 0xffff;
2131 }
2132 }
2133
2134 size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2135 {
2136 unsigned char *p;
2137 char *types = querystr("dnssec-query", type);
2138
2139 if (addr->sa.sa_family == AF_INET)
2140 log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2141 #ifdef HAVE_IPV6
2142 else
2143 log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2144 #endif
2145
2146 header->qdcount = htons(1);
2147 header->ancount = htons(0);
2148 header->nscount = htons(0);
2149 header->arcount = htons(0);
2150
2151 header->hb3 = HB3_RD;
2152 SET_OPCODE(header, QUERY);
2153 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2154 this allows it to select auth servers when one is returning bad data. */
2155 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2156
2157 /* ID filled in later */
2158
2159 p = (unsigned char *)(header+1);
2160
2161 p = do_rfc1035_name(p, name);
2162 *p++ = 0;
2163 PUTSHORT(type, p);
2164 PUTSHORT(class, p);
2165
2166 return add_do_bit(header, p - (unsigned char *)header, end);
2167 }
2168
2169 /* Go through a domain name, find "pointers" and fix them up based on how many bytes
2170 we've chopped out of the packet, or check they don't point into an elided part. */
2171 static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2172 {
2173 unsigned char *ansp = *namep;
2174
2175 while(1)
2176 {
2177 unsigned int label_type;
2178
2179 if (!CHECK_LEN(header, ansp, plen, 1))
2180 return 0;
2181
2182 label_type = (*ansp) & 0xc0;
2183
2184 if (label_type == 0xc0)
2185 {
2186 /* pointer for compression. */
2187 unsigned int offset;
2188 int i;
2189 unsigned char *p;
2190
2191 if (!CHECK_LEN(header, ansp, plen, 2))
2192 return 0;
2193
2194 offset = ((*ansp++) & 0x3f) << 8;
2195 offset |= *ansp++;
2196
2197 p = offset + (unsigned char *)header;
2198
2199 for (i = 0; i < rr_count; i++)
2200 if (p < rrs[i])
2201 break;
2202 else
2203 if (i & 1)
2204 offset -= rrs[i] - rrs[i-1];
2205
2206 /* does the pointer end up in an elided RR? */
2207 if (i & 1)
2208 return 0;
2209
2210 /* No, scale the pointer */
2211 if (fixup)
2212 {
2213 ansp -= 2;
2214 *ansp++ = (offset >> 8) | 0xc0;
2215 *ansp++ = offset & 0xff;
2216 }
2217 break;
2218 }
2219 else if (label_type == 0x80)
2220 return 0; /* reserved */
2221 else if (label_type == 0x40)
2222 {
2223 /* Extended label type */
2224 unsigned int count;
2225
2226 if (!CHECK_LEN(header, ansp, plen, 2))
2227 return 0;
2228
2229 if (((*ansp++) & 0x3f) != 1)
2230 return 0; /* we only understand bitstrings */
2231
2232 count = *(ansp++); /* Bits in bitstring */
2233
2234 if (count == 0) /* count == 0 means 256 bits */
2235 ansp += 32;
2236 else
2237 ansp += ((count-1)>>3)+1;
2238 }
2239 else
2240 { /* label type == 0 Bottom six bits is length */
2241 unsigned int len = (*ansp++) & 0x3f;
2242
2243 if (!ADD_RDLEN(header, ansp, plen, len))
2244 return 0;
2245
2246 if (len == 0)
2247 break; /* zero length label marks the end. */
2248 }
2249 }
2250
2251 *namep = ansp;
2252
2253 return 1;
2254 }
2255
2256 /* Go through RRs and check or fixup the domain names contained within */
2257 static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2258 {
2259 int i, type, class, rdlen;
2260 unsigned char *pp;
2261
2262 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
2263 {
2264 pp = p;
2265
2266 if (!(p = skip_name(p, header, plen, 10)))
2267 return 0;
2268
2269 GETSHORT(type, p);
2270 GETSHORT(class, p);
2271 p += 4; /* TTL */
2272 GETSHORT(rdlen, p);
2273
2274 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2275 {
2276 /* fixup name of RR */
2277 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2278 return 0;
2279
2280 if (class == C_IN)
2281 {
2282 u16 *d;
2283
2284 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
2285 {
2286 if (*d != 0)
2287 pp += *d;
2288 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2289 return 0;
2290 }
2291 }
2292 }
2293
2294 if (!ADD_RDLEN(header, p, plen, rdlen))
2295 return 0;
2296 }
2297
2298 return 1;
2299 }
2300
2301
2302 size_t filter_rrsigs(struct dns_header *header, size_t plen)
2303 {
2304 static unsigned char **rrs;
2305 static int rr_sz = 0;
2306
2307 unsigned char *p = (unsigned char *)(header+1);
2308 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
2309
2310 if (ntohs(header->qdcount) != 1 ||
2311 !(p = skip_name(p, header, plen, 4)))
2312 return plen;
2313
2314 GETSHORT(qtype, p);
2315 GETSHORT(qclass, p);
2316
2317 /* First pass, find pointers to start and end of all the records we wish to elide:
2318 records added for DNSSEC, unless explicity queried for */
2319 for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
2320 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2321 i++)
2322 {
2323 unsigned char *pstart = p;
2324 int type, class;
2325
2326 if (!(p = skip_name(p, header, plen, 10)))
2327 return plen;
2328
2329 GETSHORT(type, p);
2330 GETSHORT(class, p);
2331 p += 4; /* TTL */
2332 GETSHORT(rdlen, p);
2333
2334 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2335 (type != qtype || class != qclass))
2336 {
2337 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2338 return plen;
2339
2340 rrs[rr_found++] = pstart;
2341
2342 if (!ADD_RDLEN(header, p, plen, rdlen))
2343 return plen;
2344
2345 rrs[rr_found++] = p;
2346
2347 if (i < ntohs(header->ancount))
2348 chop_an++;
2349 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
2350 chop_ns++;
2351 else
2352 chop_ar++;
2353 }
2354 else if (!ADD_RDLEN(header, p, plen, rdlen))
2355 return plen;
2356 }
2357
2358 /* Nothing to do. */
2359 if (rr_found == 0)
2360 return plen;
2361
2362 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2363 point to records we're going to elide. This is theoretically possible, but unlikely. If
2364 it happens, we give up and leave the answer unchanged. */
2365 p = (unsigned char *)(header+1);
2366
2367 /* question first */
2368 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2369 return plen;
2370 p += 4; /* qclass, qtype */
2371
2372 /* Now answers and NS */
2373 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2374 return plen;
2375
2376 /* Third pass, elide records */
2377 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2378 {
2379 unsigned char *start = rrs[i];
2380 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2381
2382 memmove(p, start, end-start);
2383 p += end-start;
2384 }
2385
2386 plen = p - (unsigned char *)header;
2387 header->ancount = htons(ntohs(header->ancount) - chop_an);
2388 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2389 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2390
2391 /* Fourth pass, fix up pointers in the remaining records */
2392 p = (unsigned char *)(header+1);
2393
2394 check_name(&p, header, plen, 1, rrs, rr_found);
2395 p += 4; /* qclass, qtype */
2396
2397 check_rrs(p, header, plen, 1, rrs, rr_found);
2398
2399 return plen;
2400 }
2401
2402 unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2403 {
2404 int q;
2405 unsigned int len;
2406 unsigned char *p = (unsigned char *)(header+1);
2407 const struct nettle_hash *hash;
2408 void *ctx;
2409 unsigned char *digest;
2410
2411 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2412 return NULL;
2413
2414 for (q = ntohs(header->qdcount); q != 0; q--)
2415 {
2416 if (!extract_name(header, plen, &p, name, 1, 4))
2417 break; /* bad packet */
2418
2419 len = to_wire(name);
2420 hash->update(ctx, len, (unsigned char *)name);
2421 /* CRC the class and type as well */
2422 hash->update(ctx, 4, p);
2423
2424 p += 4;
2425 if (!CHECK_LEN(header, p, plen, 0))
2426 break; /* bad packet */
2427 }
2428
2429 hash->digest(ctx, hash->digest_size, digest);
2430 return digest;
2431 }
2432
2433 #endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.