]> git.ipfire.org Git - people/ms/dnsmasq.git/blob - src/dnssec.c
projects / people / ms / dnsmasq.git / blob
? search:


db5c768bd7510163f3982a204ce649859f5fe526
[people/ms/dnsmasq.git] / src / dnssec.c
1 /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2015 Simon Kelley
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include "dnsmasq.h"
19
20 #ifdef HAVE_DNSSEC
21
22 #include <nettle/rsa.h>
23 #include <nettle/dsa.h>
24 #ifndef NO_NETTLE_ECC
25 # include <nettle/ecdsa.h>
26 # include <nettle/ecc-curve.h>
27 #endif
28 #include <nettle/nettle-meta.h>
29 #include <nettle/bignum.h>
30
31 /* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
32 to detect Nettle-3, and invoke the backwards compatibility mode. */
33 #ifdef dsa_params_init
34 #include <nettle/dsa-compat.h>
35 #endif
36
37 #include <utime.h>
38
39 #define SERIAL_UNDEF -100
40 #define SERIAL_EQ 0
41 #define SERIAL_LT -1
42 #define SERIAL_GT 1
43
44 /* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
45 static char *ds_digest_name(int digest)
46 {
47 switch (digest)
48 {
49 case 1: return "sha1";
50 case 2: return "sha256";
51 case 3: return "gosthash94";
52 case 4: return "sha384";
53 default: return NULL;
54 }
55 }
56
57 /* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
58 static char *algo_digest_name(int algo)
59 {
60 switch (algo)
61 {
62 case 1: return "md5";
63 case 3: return "sha1";
64 case 5: return "sha1";
65 case 6: return "sha1";
66 case 7: return "sha1";
67 case 8: return "sha256";
68 case 10: return "sha512";
69 case 12: return "gosthash94";
70 case 13: return "sha256";
71 case 14: return "sha384";
72 default: return NULL;
73 }
74 }
75
76 /* Find pointer to correct hash function in nettle library */
77 static const struct nettle_hash *hash_find(char *name)
78 {
79 int i;
80
81 if (!name)
82 return NULL;
83
84 for (i = 0; nettle_hashes[i]; i++)
85 {
86 if (strcmp(nettle_hashes[i]->name, name) == 0)
87 return nettle_hashes[i];
88 }
89
90 return NULL;
91 }
92
93 /* expand ctx and digest memory allocations if necessary and init hash function */
94 static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
95 {
96 static void *ctx = NULL;
97 static unsigned char *digest = NULL;
98 static unsigned int ctx_sz = 0;
99 static unsigned int digest_sz = 0;
100
101 void *new;
102
103 if (ctx_sz < hash->context_size)
104 {
105 if (!(new = whine_malloc(hash->context_size)))
106 return 0;
107 if (ctx)
108 free(ctx);
109 ctx = new;
110 ctx_sz = hash->context_size;
111 }
112
113 if (digest_sz < hash->digest_size)
114 {
115 if (!(new = whine_malloc(hash->digest_size)))
116 return 0;
117 if (digest)
118 free(digest);
119 digest = new;
120 digest_sz = hash->digest_size;
121 }
122
123 *ctxp = ctx;
124 *digestp = digest;
125
126 hash->init(ctx);
127
128 return 1;
129 }
130
131 static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
132 unsigned char *digest, int algo)
133 {
134 unsigned char *p;
135 size_t exp_len;
136
137 static struct rsa_public_key *key = NULL;
138 static mpz_t sig_mpz;
139
140 if (key == NULL)
141 {
142 if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
143 return 0;
144
145 nettle_rsa_public_key_init(key);
146 mpz_init(sig_mpz);
147 }
148
149 if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
150 return 0;
151
152 key_len--;
153 if ((exp_len = *p++) == 0)
154 {
155 GETSHORT(exp_len, p);
156 key_len -= 2;
157 }
158
159 if (exp_len >= key_len)
160 return 0;
161
162 key->size = key_len - exp_len;
163 mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
164 mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
165
166 mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
167
168 switch (algo)
169 {
170 case 1:
171 return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
172 case 5: case 7:
173 return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
174 case 8:
175 return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
176 case 10:
177 return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
178 }
179
180 return 0;
181 }
182
183 static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
184 unsigned char *digest, int algo)
185 {
186 unsigned char *p;
187 unsigned int t;
188
189 static struct dsa_public_key *key = NULL;
190 static struct dsa_signature *sig_struct;
191
192 if (key == NULL)
193 {
194 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
195 !(key = whine_malloc(sizeof(struct dsa_public_key))))
196 return 0;
197
198 nettle_dsa_public_key_init(key);
199 nettle_dsa_signature_init(sig_struct);
200 }
201
202 if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
203 return 0;
204
205 t = *p++;
206
207 if (key_len < (213 + (t * 24)))
208 return 0;
209
210 mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
211 mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
212 mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
213 mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
214
215 mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
216 mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
217
218 (void)algo;
219
220 return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
221 }
222
223 #ifndef NO_NETTLE_ECC
224 static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
225 unsigned char *sig, size_t sig_len,
226 unsigned char *digest, size_t digest_len, int algo)
227 {
228 unsigned char *p;
229 unsigned int t;
230 struct ecc_point *key;
231
232 static struct ecc_point *key_256 = NULL, *key_384 = NULL;
233 static mpz_t x, y;
234 static struct dsa_signature *sig_struct;
235
236 if (!sig_struct)
237 {
238 if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
239 return 0;
240
241 nettle_dsa_signature_init(sig_struct);
242 mpz_init(x);
243 mpz_init(y);
244 }
245
246 switch (algo)
247 {
248 case 13:
249 if (!key_256)
250 {
251 if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
252 return 0;
253
254 nettle_ecc_point_init(key_256, &nettle_secp_256r1);
255 }
256
257 key = key_256;
258 t = 32;
259 break;
260
261 case 14:
262 if (!key_384)
263 {
264 if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
265 return 0;
266
267 nettle_ecc_point_init(key_384, &nettle_secp_384r1);
268 }
269
270 key = key_384;
271 t = 48;
272 break;
273
274 default:
275 return 0;
276 }
277
278 if (sig_len != 2*t || key_len != 2*t ||
279 !(p = blockdata_retrieve(key_data, key_len, NULL)))
280 return 0;
281
282 mpz_import(x, t , 1, 1, 0, 0, p);
283 mpz_import(y, t , 1, 1, 0, 0, p + t);
284
285 if (!ecc_point_set(key, x, y))
286 return 0;
287
288 mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
289 mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
290
291 return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
292 }
293 #endif
294
295 static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
296 unsigned char *digest, size_t digest_len, int algo)
297 {
298 (void)digest_len;
299
300 switch (algo)
301 {
302 case 1: case 5: case 7: case 8: case 10:
303 return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
304
305 case 3: case 6:
306 return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
307
308 #ifndef NO_NETTLE_ECC
309 case 13: case 14:
310 return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
311 #endif
312 }
313
314 return 0;
315 }
316
317 /* Convert from presentation format to wire format, in place.
318 Also map UC -> LC.
319 Note that using extract_name to get presentation format
320 then calling to_wire() removes compression and maps case,
321 thus generating names in canonical form.
322 Calling to_wire followed by from_wire is almost an identity,
323 except that the UC remains mapped to LC.
324 */
325 static int to_wire(char *name)
326 {
327 unsigned char *l, *p, term;
328 int len;
329
330 for (l = (unsigned char*)name; *l != 0; l = p)
331 {
332 for (p = l; *p != '.' && *p != 0; p++)
333 if (*p >= 'A' && *p <= 'Z')
334 *p = *p - 'A' + 'a';
335
336 term = *p;
337
338 if ((len = p - l) != 0)
339 memmove(l+1, l, len);
340 *l = len;
341
342 p++;
343
344 if (term == 0)
345 *p = 0;
346 }
347
348 return l + 1 - (unsigned char *)name;
349 }
350
351 /* Note: no compression allowed in input. */
352 static void from_wire(char *name)
353 {
354 unsigned char *l;
355 int len;
356
357 for (l = (unsigned char *)name; *l != 0; l += len+1)
358 {
359 len = *l;
360 memmove(l, l+1, len);
361 l[len] = '.';
362 }
363
364 if ((char *)l != name)
365 *(l-1) = 0;
366 }
367
368 /* Input in presentation format */
369 static int count_labels(char *name)
370 {
371 int i;
372
373 if (*name == 0)
374 return 0;
375
376 for (i = 0; *name; name++)
377 if (*name == '.')
378 i++;
379
380 return i+1;
381 }
382
383 /* Implement RFC1982 wrapped compare for 32-bit numbers */
384 static int serial_compare_32(unsigned long s1, unsigned long s2)
385 {
386 if (s1 == s2)
387 return SERIAL_EQ;
388
389 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
390 (s1 > s2 && (s1 - s2) > (1UL<<31)))
391 return SERIAL_LT;
392 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
393 (s1 > s2 && (s1 - s2) < (1UL<<31)))
394 return SERIAL_GT;
395 return SERIAL_UNDEF;
396 }
397
398 /* Called at startup. If the timestamp file is configured and exists, put its mtime on
399 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
400 return -1 -> Cannot create file.
401 0 -> not using timestamp, or timestamp exists and is in past.
402 1 -> timestamp exists and is in future.
403 */
404
405 static time_t timestamp_time;
406 static int back_to_the_future;
407
408 int setup_timestamp(void)
409 {
410 struct stat statbuf;
411
412 back_to_the_future = 0;
413
414 if (!daemon->timestamp_file)
415 return 0;
416
417 if (stat(daemon->timestamp_file, &statbuf) != -1)
418 {
419 timestamp_time = statbuf.st_mtime;
420 check_and_exit:
421 if (difftime(timestamp_time, time(0)) <= 0)
422 {
423 /* time already OK, update timestamp, and do key checking from the start. */
424 if (utime(daemon->timestamp_file, NULL) == -1)
425 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
426 back_to_the_future = 1;
427 return 0;
428 }
429 return 1;
430 }
431
432 if (errno == ENOENT)
433 {
434 /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
435 int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666);
436 if (fd != -1)
437 {
438 struct utimbuf timbuf;
439
440 close(fd);
441
442 timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
443 if (utime(daemon->timestamp_file, &timbuf) == 0)
444 goto check_and_exit;
445 }
446 }
447
448 return -1;
449 }
450
451 /* Check whether today/now is between date_start and date_end */
452 static int check_date_range(unsigned long date_start, unsigned long date_end)
453 {
454 unsigned long curtime = time(0);
455
456 /* Checking timestamps may be temporarily disabled */
457
458 /* If the current time if _before_ the timestamp
459 on our persistent timestamp file, then assume the
460 time if not yet correct, and don't check the
461 key timestamps. As soon as the current time is
462 later then the timestamp, update the timestamp
463 and start checking keys */
464 if (daemon->timestamp_file)
465 {
466 if (back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
467 {
468 if (utime(daemon->timestamp_file, NULL) != 0)
469 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
470
471 back_to_the_future = 1;
472 set_option_bool(OPT_DNSSEC_TIME);
473 queue_event(EVENT_RELOAD); /* purge cache */
474 }
475
476 if (back_to_the_future == 0)
477 return 1;
478 }
479 else if (option_bool(OPT_DNSSEC_TIME))
480 return 1;
481
482 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
483 return serial_compare_32(curtime, date_start) == SERIAL_GT
484 && serial_compare_32(curtime, date_end) == SERIAL_LT;
485 }
486
487 static u16 *get_desc(int type)
488 {
489 /* List of RRtypes which include domains in the data.
490 0 -> domain
491 integer -> no of plain bytes
492 -1 -> end
493
494 zero is not a valid RRtype, so the final entry is returned for
495 anything which needs no mangling.
496 */
497
498 static u16 rr_desc[] =
499 {
500 T_NS, 0, -1,
501 T_MD, 0, -1,
502 T_MF, 0, -1,
503 T_CNAME, 0, -1,
504 T_SOA, 0, 0, -1,
505 T_MB, 0, -1,
506 T_MG, 0, -1,
507 T_MR, 0, -1,
508 T_PTR, 0, -1,
509 T_MINFO, 0, 0, -1,
510 T_MX, 2, 0, -1,
511 T_RP, 0, 0, -1,
512 T_AFSDB, 2, 0, -1,
513 T_RT, 2, 0, -1,
514 T_SIG, 18, 0, -1,
515 T_PX, 2, 0, 0, -1,
516 T_NXT, 0, -1,
517 T_KX, 2, 0, -1,
518 T_SRV, 6, 0, -1,
519 T_DNAME, 0, -1,
520 0, -1 /* wildcard/catchall */
521 };
522
523 u16 *p = rr_desc;
524
525 while (*p != type && *p != 0)
526 while (*p++ != (u16)-1);
527
528 return p+1;
529 }
530
531 /* Return bytes of canonicalised rdata, when the return value is zero, the remaining
532 data, pointed to by *p, should be used raw. */
533 static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
534 unsigned char **p, u16 **desc)
535 {
536 int d = **desc;
537
538 /* No more data needs mangling */
539 if (d == (u16)-1)
540 {
541 /* If there's more data than we have space for, just return what fits,
542 we'll get called again for more chunks */
543 if (end - *p > bufflen)
544 {
545 memcpy(buff, *p, bufflen);
546 *p += bufflen;
547 return bufflen;
548 }
549
550 return 0;
551 }
552
553 (*desc)++;
554
555 if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
556 /* domain-name, canonicalise */
557 return to_wire(buff);
558 else
559 {
560 /* plain data preceding a domain-name, don't run off the end of the data */
561 if ((end - *p) < d)
562 d = end - *p;
563
564 if (d != 0)
565 {
566 memcpy(buff, *p, d);
567 *p += d;
568 }
569
570 return d;
571 }
572 }
573
574 static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
575 {
576 unsigned char **p;
577 int new_sz = *sz;
578
579 if (new_sz > new)
580 return 1;
581
582 if (new >= 100)
583 return 0;
584
585 new_sz += 5;
586
587 if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
588 return 0;
589
590 if (*wkspc)
591 {
592 memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
593 free(*wkspc);
594 }
595
596 *wkspc = p;
597 *sz = new_sz;
598
599 return 1;
600 }
601
602 /* Bubble sort the RRset into the canonical order.
603 Note that the byte-streams from two RRs may get unsynced: consider
604 RRs which have two domain-names at the start and then other data.
605 The domain-names may have different lengths in each RR, but sort equal
606
607 ------------
608 |abcde|fghi|
609 ------------
610 |abcd|efghi|
611 ------------
612
613 leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
614 */
615
616 static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
617 unsigned char **rrset, char *buff1, char *buff2)
618 {
619 int swap, quit, i;
620
621 do
622 {
623 for (swap = 0, i = 0; i < rrsetidx-1; i++)
624 {
625 int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
626 u16 *dp1, *dp2;
627 unsigned char *end1, *end2;
628 /* Note that these have been determined to be OK previously,
629 so we don't need to check for NULL return here. */
630 unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
631 unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
632
633 p1 += 8; /* skip class, type, ttl */
634 GETSHORT(rdlen1, p1);
635 end1 = p1 + rdlen1;
636
637 p2 += 8; /* skip class, type, ttl */
638 GETSHORT(rdlen2, p2);
639 end2 = p2 + rdlen2;
640
641 dp1 = dp2 = rr_desc;
642
643 for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
644 {
645 if (left1 != 0)
646 memmove(buff1, buff1 + len1 - left1, left1);
647
648 if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
649 {
650 quit = 1;
651 len1 = end1 - p1;
652 memcpy(buff1 + left1, p1, len1);
653 }
654 len1 += left1;
655
656 if (left2 != 0)
657 memmove(buff2, buff2 + len2 - left2, left2);
658
659 if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
660 {
661 quit = 1;
662 len2 = end2 - p2;
663 memcpy(buff2 + left2, p2, len2);
664 }
665 len2 += left2;
666
667 if (len1 > len2)
668 left1 = len1 - len2, left2 = 0, len = len2;
669 else
670 left2 = len2 - len1, left1 = 0, len = len1;
671
672 rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
673
674 if (rc > 0 || (rc == 0 && quit && len1 > len2))
675 {
676 unsigned char *tmp = rrset[i+1];
677 rrset[i+1] = rrset[i];
678 rrset[i] = tmp;
679 swap = quit = 1;
680 }
681 else if (rc < 0)
682 quit = 1;
683 }
684 }
685 } while (swap);
686 }
687
688 /* Validate a single RRset (class, type, name) in the supplied DNS reply
689 Return code:
690 STAT_SECURE if it validates.
691 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
692 (In this case *wildcard_out points to the "body" of the wildcard within name.)
693 STAT_NO_SIG no RRsigs found.
694 STAT_INSECURE RRset empty.
695 STAT_BOGUS signature is wrong, bad packet.
696 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
697
698 if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
699 otherwise find the key in the cache.
700
701 name is unchanged on exit. keyname is used as workspace and trashed.
702 */
703 static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
704 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
705 {
706 static unsigned char **rrset = NULL, **sigs = NULL;
707 static int rrset_sz = 0, sig_sz = 0;
708
709 unsigned char *p;
710 int rrsetidx, sigidx, res, rdlen, j, name_labels;
711 struct crec *crecp = NULL;
712 int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
713 u16 *rr_desc = get_desc(type);
714
715 if (wildcard_out)
716 *wildcard_out = NULL;
717
718 if (!(p = skip_questions(header, plen)))
719 return STAT_BOGUS;
720
721 name_labels = count_labels(name); /* For 4035 5.3.2 check */
722
723 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
724 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
725 j != 0; j--)
726 {
727 unsigned char *pstart, *pdata;
728 int stype, sclass;
729
730 pstart = p;
731
732 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
733 return STAT_BOGUS; /* bad packet */
734
735 GETSHORT(stype, p);
736 GETSHORT(sclass, p);
737 p += 4; /* TTL */
738
739 pdata = p;
740
741 GETSHORT(rdlen, p);
742
743 if (!CHECK_LEN(header, p, plen, rdlen))
744 return STAT_BOGUS;
745
746 if (res == 1 && sclass == class)
747 {
748 if (stype == type)
749 {
750 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
751 return STAT_BOGUS;
752
753 rrset[rrsetidx++] = pstart;
754 }
755
756 if (stype == T_RRSIG)
757 {
758 if (rdlen < 18)
759 return STAT_BOGUS; /* bad packet */
760
761 GETSHORT(type_covered, p);
762
763 if (type_covered == type)
764 {
765 if (!expand_workspace(&sigs, &sig_sz, sigidx))
766 return STAT_BOGUS;
767
768 sigs[sigidx++] = pdata;
769 }
770
771 p = pdata + 2; /* restore for ADD_RDLEN */
772 }
773 }
774
775 if (!ADD_RDLEN(header, p, plen, rdlen))
776 return STAT_BOGUS;
777 }
778
779 /* RRset empty */
780 if (rrsetidx == 0)
781 return STAT_INSECURE;
782
783 /* no RRSIGs */
784 if (sigidx == 0)
785 return STAT_NO_SIG;
786
787 /* Sort RRset records into canonical order.
788 Note that at this point keyname and daemon->workspacename buffs are
789 unused, and used as workspace by the sort. */
790 sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
791
792 /* Now try all the sigs to try and find one which validates */
793 for (j = 0; j <sigidx; j++)
794 {
795 unsigned char *psav, *sig, *digest;
796 int i, wire_len, sig_len;
797 const struct nettle_hash *hash;
798 void *ctx;
799 char *name_start;
800 u32 nsigttl;
801
802 p = sigs[j];
803 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
804 psav = p;
805
806 p += 2; /* type_covered - already checked */
807 algo = *p++;
808 labels = *p++;
809 GETLONG(orig_ttl, p);
810 GETLONG(sig_expiration, p);
811 GETLONG(sig_inception, p);
812 GETSHORT(key_tag, p);
813
814 if (!extract_name(header, plen, &p, keyname, 1, 0))
815 return STAT_BOGUS;
816
817 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
818 the name of the zone containing the RRset. We can't tell that
819 for certain, but we can check that the RRset name is equal to
820 or encloses the signers name, which should be enough to stop
821 an attacker using signatures made with the key of an unrelated
822 zone he controls. Note that the root key is always allowed. */
823 if (*keyname != 0)
824 {
825 int failed = 0;
826
827 for (name_start = name; !hostname_isequal(name_start, keyname); )
828 if ((name_start = strchr(name_start, '.')))
829 name_start++; /* chop a label off and try again */
830 else
831 {
832 failed = 1;
833 break;
834 }
835
836 /* Bad sig, try another */
837 if (failed)
838 continue;
839 }
840
841 /* Other 5.3.1 checks */
842 if (!check_date_range(sig_inception, sig_expiration) ||
843 labels > name_labels ||
844 !(hash = hash_find(algo_digest_name(algo))) ||
845 !hash_init(hash, &ctx, &digest))
846 continue;
847
848 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
849 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
850 return STAT_NEED_KEY;
851
852 sig = p;
853 sig_len = rdlen - (p - psav);
854
855 nsigttl = htonl(orig_ttl);
856
857 hash->update(ctx, 18, psav);
858 wire_len = to_wire(keyname);
859 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
860 from_wire(keyname);
861
862 for (i = 0; i < rrsetidx; ++i)
863 {
864 int seg;
865 unsigned char *end, *cp;
866 u16 len, *dp;
867
868 p = rrset[i];
869 if (!extract_name(header, plen, &p, name, 1, 10))
870 return STAT_BOGUS;
871
872 name_start = name;
873
874 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
875 if (labels < name_labels)
876 {
877 int k;
878 for (k = name_labels - labels; k != 0; k--)
879 {
880 while (*name_start != '.' && *name_start != 0)
881 name_start++;
882 if (k != 1 && *name_start == '.')
883 name_start++;
884 }
885
886 if (wildcard_out)
887 *wildcard_out = name_start+1;
888
889 name_start--;
890 *name_start = '*';
891 }
892
893 wire_len = to_wire(name_start);
894 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
895 hash->update(ctx, 4, p); /* class and type */
896 hash->update(ctx, 4, (unsigned char *)&nsigttl);
897
898 p += 8; /* skip class, type, ttl */
899 GETSHORT(rdlen, p);
900 if (!CHECK_LEN(header, p, plen, rdlen))
901 return STAT_BOGUS;
902
903 end = p + rdlen;
904
905 /* canonicalise rdata and calculate length of same, use name buffer as workspace */
906 cp = p;
907 dp = rr_desc;
908 for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
909 len += end - cp;
910 len = htons(len);
911 hash->update(ctx, 2, (unsigned char *)&len);
912
913 /* Now canonicalise again and digest. */
914 cp = p;
915 dp = rr_desc;
916 while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
917 hash->update(ctx, seg, (unsigned char *)name);
918 if (cp != end)
919 hash->update(ctx, end - cp, cp);
920 }
921
922 hash->digest(ctx, hash->digest_size, digest);
923
924 /* namebuff used for workspace above, restore to leave unchanged on exit */
925 p = (unsigned char*)(rrset[0]);
926 extract_name(header, plen, &p, name, 1, 0);
927
928 if (key)
929 {
930 if (algo_in == algo && keytag_in == key_tag &&
931 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
932 return STAT_SECURE;
933 }
934 else
935 {
936 /* iterate through all possible keys 4035 5.3.1 */
937 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
938 if (crecp->addr.key.algo == algo &&
939 crecp->addr.key.keytag == key_tag &&
940 crecp->uid == (unsigned int)class &&
941 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
942 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
943 }
944 }
945
946 return STAT_BOGUS;
947 }
948
949 /* The DNS packet is expected to contain the answer to a DNSKEY query.
950 Put all DNSKEYs in the answer which are valid into the cache.
951 return codes:
952 STAT_SECURE At least one valid DNSKEY found and in cache.
953 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
954 or self-sign for DNSKEY RRset is not valid, bad packet.
955 STAT_NEED_DS DS records to validate a key not found, name in keyname
956 */
957 int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
958 {
959 unsigned char *psave, *p = (unsigned char *)(header+1);
960 struct crec *crecp, *recp1;
961 int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
962 struct blockdata *key;
963 struct all_addr a;
964
965 if (ntohs(header->qdcount) != 1 ||
966 !extract_name(header, plen, &p, name, 1, 4))
967 return STAT_BOGUS;
968
969 GETSHORT(qtype, p);
970 GETSHORT(qclass, p);
971
972 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
973 return STAT_BOGUS;
974
975 /* See if we have cached a DS record which validates this key */
976 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
977 {
978 strcpy(keyname, name);
979 return STAT_NEED_DS;
980 }
981
982 /* If we've cached that DS provably doesn't exist, result must be INSECURE */
983 if (crecp->flags & F_NEG)
984 return STAT_INSECURE;
985
986 /* NOTE, we need to find ONE DNSKEY which matches the DS */
987 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
988 {
989 /* Ensure we have type, class TTL and length */
990 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
991 return STAT_BOGUS; /* bad packet */
992
993 GETSHORT(qtype, p);
994 GETSHORT(qclass, p);
995 GETLONG(ttl, p);
996 GETSHORT(rdlen, p);
997
998 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
999 return STAT_BOGUS; /* bad packet */
1000
1001 if (qclass != class || qtype != T_DNSKEY || rc == 2)
1002 {
1003 p += rdlen;
1004 continue;
1005 }
1006
1007 psave = p;
1008
1009 GETSHORT(flags, p);
1010 if (*p++ != 3)
1011 return STAT_BOGUS;
1012 algo = *p++;
1013 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1014 key = NULL;
1015
1016 /* key must have zone key flag set */
1017 if (flags & 0x100)
1018 key = blockdata_alloc((char*)p, rdlen - 4);
1019
1020 p = psave;
1021
1022 if (!ADD_RDLEN(header, p, plen, rdlen))
1023 {
1024 if (key)
1025 blockdata_free(key);
1026 return STAT_BOGUS; /* bad packet */
1027 }
1028
1029 /* No zone key flag or malloc failure */
1030 if (!key)
1031 continue;
1032
1033 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
1034 {
1035 void *ctx;
1036 unsigned char *digest, *ds_digest;
1037 const struct nettle_hash *hash;
1038
1039 if (recp1->addr.ds.algo == algo &&
1040 recp1->addr.ds.keytag == keytag &&
1041 recp1->uid == (unsigned int)class &&
1042 (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
1043 hash_init(hash, &ctx, &digest))
1044
1045 {
1046 int wire_len = to_wire(name);
1047
1048 /* Note that digest may be different between DSs, so
1049 we can't move this outside the loop. */
1050 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
1051 hash->update(ctx, (unsigned int)rdlen, psave);
1052 hash->digest(ctx, hash->digest_size, digest);
1053
1054 from_wire(name);
1055
1056 if (recp1->addr.ds.keylen == (int)hash->digest_size &&
1057 (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
1058 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
1059 validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
1060 {
1061 valid = 1;
1062 break;
1063 }
1064 }
1065 }
1066 blockdata_free(key);
1067 }
1068
1069 if (valid)
1070 {
1071 /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
1072 cache_start_insert();
1073
1074 p = skip_questions(header, plen);
1075
1076 for (j = ntohs(header->ancount); j != 0; j--)
1077 {
1078 /* Ensure we have type, class TTL and length */
1079 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1080 return STAT_INSECURE; /* bad packet */
1081
1082 GETSHORT(qtype, p);
1083 GETSHORT(qclass, p);
1084 GETLONG(ttl, p);
1085 GETSHORT(rdlen, p);
1086
1087 if (!CHECK_LEN(header, p, plen, rdlen))
1088 return STAT_BOGUS; /* bad packet */
1089
1090 if (qclass == class && rc == 1)
1091 {
1092 psave = p;
1093
1094 if (qtype == T_DNSKEY)
1095 {
1096 if (rdlen < 4)
1097 return STAT_BOGUS; /* bad packet */
1098
1099 GETSHORT(flags, p);
1100 if (*p++ != 3)
1101 return STAT_BOGUS;
1102 algo = *p++;
1103 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1104
1105 /* Cache needs to known class for DNSSEC stuff */
1106 a.addr.dnssec.class = class;
1107
1108 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1109 {
1110 if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1111 blockdata_free(key);
1112 else
1113 {
1114 a.addr.keytag = keytag;
1115 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1116
1117 recp1->addr.key.keylen = rdlen - 4;
1118 recp1->addr.key.keydata = key;
1119 recp1->addr.key.algo = algo;
1120 recp1->addr.key.keytag = keytag;
1121 recp1->addr.key.flags = flags;
1122 }
1123 }
1124 }
1125 else if (qtype == T_RRSIG)
1126 {
1127 /* RRSIG, cache if covers DNSKEY RRset */
1128 if (rdlen < 18)
1129 return STAT_BOGUS; /* bad packet */
1130
1131 GETSHORT(type_covered, p);
1132
1133 if (type_covered == T_DNSKEY)
1134 {
1135 a.addr.dnssec.class = class;
1136 a.addr.dnssec.type = type_covered;
1137
1138 algo = *p++;
1139 p += 13; /* labels, orig_ttl, expiration, inception */
1140 GETSHORT(keytag, p);
1141 if ((key = blockdata_alloc((char*)psave, rdlen)))
1142 {
1143 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1144 blockdata_free(key);
1145 else
1146 {
1147 crecp->addr.sig.keydata = key;
1148 crecp->addr.sig.keylen = rdlen;
1149 crecp->addr.sig.keytag = keytag;
1150 crecp->addr.sig.type_covered = type_covered;
1151 crecp->addr.sig.algo = algo;
1152 }
1153 }
1154 }
1155 }
1156
1157 p = psave;
1158 }
1159
1160 if (!ADD_RDLEN(header, p, plen, rdlen))
1161 return STAT_BOGUS; /* bad packet */
1162 }
1163
1164 /* commit cache insert. */
1165 cache_end_insert();
1166 return STAT_SECURE;
1167 }
1168
1169 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1170 return STAT_BOGUS;
1171 }
1172
1173 /* The DNS packet is expected to contain the answer to a DS query
1174 Put all DSs in the answer which are valid into the cache.
1175 return codes:
1176 STAT_SECURE At least one valid DS found and in cache.
1177 STAT_NO_DS It's proved there's no DS here.
1178 STAT_NO_NS It's proved there's no DS _or_ NS here.
1179 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
1180 STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1181 */
1182
1183 int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1184 {
1185 unsigned char *p = (unsigned char *)(header+1);
1186 int qtype, qclass, val, i, neganswer, nons;
1187
1188 if (ntohs(header->qdcount) != 1 ||
1189 !(p = skip_name(p, header, plen, 4)))
1190 return STAT_BOGUS;
1191
1192 GETSHORT(qtype, p);
1193 GETSHORT(qclass, p);
1194
1195 if (qtype != T_DS || qclass != class)
1196 val = STAT_BOGUS;
1197 else
1198 val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
1199 /* Note dnssec_validate_reply() will have cached positive answers */
1200
1201 if (val == STAT_NO_SIG || val == STAT_INSECURE)
1202 val = STAT_BOGUS;
1203
1204 p = (unsigned char *)(header+1);
1205 extract_name(header, plen, &p, name, 1, 4);
1206 p += 4; /* qtype, qclass */
1207
1208 if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1209 val = STAT_BOGUS;
1210
1211 if (val == STAT_BOGUS)
1212 {
1213 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
1214 return STAT_BOGUS;
1215 }
1216
1217 /* By here, the answer is proved secure, and a positive answer has been cached. */
1218 if (val == STAT_SECURE && neganswer)
1219 {
1220 int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
1221 unsigned long ttl, minttl = ULONG_MAX;
1222 struct all_addr a;
1223
1224 if (RCODE(header) == NXDOMAIN)
1225 flags |= F_NXDOMAIN;
1226
1227 /* We only cache validated DS records, DNSSECOK flag hijacked
1228 to store presence/absence of NS. */
1229 if (nons)
1230 flags &= ~F_DNSSECOK;
1231
1232 for (i = ntohs(header->nscount); i != 0; i--)
1233 {
1234 if (!(p = skip_name(p, header, plen, 0)))
1235 return STAT_BOGUS;
1236
1237 GETSHORT(qtype, p);
1238 GETSHORT(qclass, p);
1239 GETLONG(ttl, p);
1240 GETSHORT(rdlen, p);
1241
1242 if (!CHECK_LEN(header, p, plen, rdlen))
1243 return STAT_BOGUS; /* bad packet */
1244
1245 if (qclass != class || qtype != T_SOA)
1246 {
1247 p += rdlen;
1248 continue;
1249 }
1250
1251 if (ttl < minttl)
1252 minttl = ttl;
1253
1254 /* MNAME */
1255 if (!(p = skip_name(p, header, plen, 0)))
1256 return STAT_BOGUS;
1257 /* RNAME */
1258 if (!(p = skip_name(p, header, plen, 20)))
1259 return STAT_BOGUS;
1260 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1261
1262 GETLONG(ttl, p); /* minTTL */
1263 if (ttl < minttl)
1264 minttl = ttl;
1265
1266 break;
1267 }
1268
1269 if (i != 0)
1270 {
1271 cache_start_insert();
1272
1273 a.addr.dnssec.class = class;
1274 cache_insert(name, &a, now, ttl, flags);
1275
1276 cache_end_insert();
1277
1278 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
1279 }
1280
1281 return nons ? STAT_NO_NS : STAT_NO_DS;
1282 }
1283
1284 return val;
1285 }
1286
1287 /* 4034 6.1 */
1288 static int hostname_cmp(const char *a, const char *b)
1289 {
1290 char *sa, *ea, *ca, *sb, *eb, *cb;
1291 unsigned char ac, bc;
1292
1293 sa = ea = (char *)a + strlen(a);
1294 sb = eb = (char *)b + strlen(b);
1295
1296 while (1)
1297 {
1298 while (sa != a && *(sa-1) != '.')
1299 sa--;
1300
1301 while (sb != b && *(sb-1) != '.')
1302 sb--;
1303
1304 ca = sa;
1305 cb = sb;
1306
1307 while (1)
1308 {
1309 if (ca == ea)
1310 {
1311 if (cb == eb)
1312 break;
1313
1314 return -1;
1315 }
1316
1317 if (cb == eb)
1318 return 1;
1319
1320 ac = (unsigned char) *ca++;
1321 bc = (unsigned char) *cb++;
1322
1323 if (ac >= 'A' && ac <= 'Z')
1324 ac += 'a' - 'A';
1325 if (bc >= 'A' && bc <= 'Z')
1326 bc += 'a' - 'A';
1327
1328 if (ac < bc)
1329 return -1;
1330 else if (ac != bc)
1331 return 1;
1332 }
1333
1334
1335 if (sa == a)
1336 {
1337 if (sb == b)
1338 return 0;
1339
1340 return -1;
1341 }
1342
1343 if (sb == b)
1344 return 1;
1345
1346 ea = sa--;
1347 eb = sb--;
1348 }
1349 }
1350
1351 /* Find all the NSEC or NSEC3 records in a reply.
1352 return an array of pointers to them. */
1353 static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1354 {
1355 static unsigned char **nsecset = NULL;
1356 static int nsecset_sz = 0;
1357
1358 int type_found = 0;
1359 unsigned char *p = skip_questions(header, plen);
1360 int type, class, rdlen, i, nsecs_found;
1361
1362 /* Move to NS section */
1363 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1364 return 0;
1365
1366 for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1367 {
1368 unsigned char *pstart = p;
1369
1370 if (!(p = skip_name(p, header, plen, 10)))
1371 return 0;
1372
1373 GETSHORT(type, p);
1374 GETSHORT(class, p);
1375 p += 4; /* TTL */
1376 GETSHORT(rdlen, p);
1377
1378 if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1379 {
1380 /* No mixed NSECing 'round here, thankyouverymuch */
1381 if (type_found == T_NSEC && type == T_NSEC3)
1382 return 0;
1383 if (type_found == T_NSEC3 && type == T_NSEC)
1384 return 0;
1385
1386 type_found = type;
1387
1388 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1389 return 0;
1390
1391 nsecset[nsecs_found++] = pstart;
1392 }
1393
1394 if (!ADD_RDLEN(header, p, plen, rdlen))
1395 return 0;
1396 }
1397
1398 *nsecsetp = nsecset;
1399 *nsecsetl = nsecs_found;
1400
1401 return type_found;
1402 }
1403
1404 static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1405 char *workspace1, char *workspace2, char *name, int type, int *nons)
1406 {
1407 int i, rc, rdlen;
1408 unsigned char *p, *psave;
1409 int offset = (type & 0xff) >> 3;
1410 int mask = 0x80 >> (type & 0x07);
1411
1412 if (nons)
1413 *nons = 0;
1414
1415 /* Find NSEC record that proves name doesn't exist */
1416 for (i = 0; i < nsec_count; i++)
1417 {
1418 p = nsecs[i];
1419 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1420 return STAT_BOGUS;
1421 p += 8; /* class, type, TTL */
1422 GETSHORT(rdlen, p);
1423 psave = p;
1424 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1425 return STAT_BOGUS;
1426
1427 rc = hostname_cmp(workspace1, name);
1428
1429 if (rc == 0)
1430 {
1431 /* 4035 para 5.4. Last sentence */
1432 if (type == T_NSEC || type == T_RRSIG)
1433 return STAT_SECURE;
1434
1435 /* NSEC with the same name as the RR we're testing, check
1436 that the type in question doesn't appear in the type map */
1437 rdlen -= p - psave;
1438 /* rdlen is now length of type map, and p points to it */
1439
1440 /* If we can prove that there's no NS record, return that information. */
1441 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1442 *nons = 1;
1443
1444 while (rdlen >= 2)
1445 {
1446 if (!CHECK_LEN(header, p, plen, rdlen))
1447 return STAT_BOGUS;
1448
1449 if (p[0] == type >> 8)
1450 {
1451 /* Does the NSEC say our type exists? */
1452 if (offset < p[1] && (p[offset+2] & mask) != 0)
1453 return STAT_BOGUS;
1454
1455 break; /* finshed checking */
1456 }
1457
1458 rdlen -= p[1];
1459 p += p[1];
1460 }
1461
1462 return STAT_SECURE;
1463 }
1464 else if (rc == -1)
1465 {
1466 /* Normal case, name falls between NSEC name and next domain name,
1467 wrap around case, name falls between NSEC name (rc == -1) and end */
1468 if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1469 return STAT_SECURE;
1470 }
1471 else
1472 {
1473 /* wrap around case, name falls between start and next domain name */
1474 if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1475 return STAT_SECURE;
1476 }
1477 }
1478
1479 return STAT_BOGUS;
1480 }
1481
1482 /* return digest length, or zero on error */
1483 static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1484 unsigned char *salt, int salt_len, int iterations)
1485 {
1486 void *ctx;
1487 unsigned char *digest;
1488 int i;
1489
1490 if (!hash_init(hash, &ctx, &digest))
1491 return 0;
1492
1493 hash->update(ctx, to_wire(in), (unsigned char *)in);
1494 hash->update(ctx, salt_len, salt);
1495 hash->digest(ctx, hash->digest_size, digest);
1496
1497 for(i = 0; i < iterations; i++)
1498 {
1499 hash->update(ctx, hash->digest_size, digest);
1500 hash->update(ctx, salt_len, salt);
1501 hash->digest(ctx, hash->digest_size, digest);
1502 }
1503
1504 from_wire(in);
1505
1506 *out = digest;
1507 return hash->digest_size;
1508 }
1509
1510 /* Decode base32 to first "." or end of string */
1511 static int base32_decode(char *in, unsigned char *out)
1512 {
1513 int oc, on, c, mask, i;
1514 unsigned char *p = out;
1515
1516 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
1517 {
1518 if (c >= '0' && c <= '9')
1519 c -= '0';
1520 else if (c >= 'a' && c <= 'v')
1521 c -= 'a', c += 10;
1522 else if (c >= 'A' && c <= 'V')
1523 c -= 'A', c += 10;
1524 else
1525 return 0;
1526
1527 for (mask = 0x10, i = 0; i < 5; i++)
1528 {
1529 if (c & mask)
1530 oc |= 1;
1531 mask = mask >> 1;
1532 if (((++on) & 7) == 0)
1533 *p++ = oc;
1534 oc = oc << 1;
1535 }
1536 }
1537
1538 if ((on & 7) != 0)
1539 return 0;
1540
1541 return p - out;
1542 }
1543
1544 static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1545 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
1546 {
1547 int i, hash_len, salt_len, base32_len, rdlen;
1548 unsigned char *p, *psave;
1549
1550 for (i = 0; i < nsec_count; i++)
1551 if ((p = nsecs[i]))
1552 {
1553 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1554 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1555 return 0;
1556
1557 p += 8; /* class, type, TTL */
1558 GETSHORT(rdlen, p);
1559 psave = p;
1560 p += 4; /* algo, flags, iterations */
1561 salt_len = *p++; /* salt_len */
1562 p += salt_len; /* salt */
1563 hash_len = *p++; /* p now points to next hashed name */
1564
1565 if (!CHECK_LEN(header, p, plen, hash_len))
1566 return 0;
1567
1568 if (digest_len == base32_len && hash_len == base32_len)
1569 {
1570 int rc = memcmp(workspace2, digest, digest_len);
1571
1572 if (rc == 0)
1573 {
1574 /* We found an NSEC3 whose hashed name exactly matches the query, so
1575 we just need to check the type map. p points to the RR data for the record. */
1576
1577 int offset = (type & 0xff) >> 3;
1578 int mask = 0x80 >> (type & 0x07);
1579
1580 p += hash_len; /* skip next-domain hash */
1581 rdlen -= p - psave;
1582
1583 if (!CHECK_LEN(header, p, plen, rdlen))
1584 return 0;
1585
1586 /* If we can prove that there's no NS record, return that information. */
1587 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
1588 *nons = 1;
1589
1590 while (rdlen >= 2)
1591 {
1592 if (p[0] == type >> 8)
1593 {
1594 /* Does the NSEC3 say our type exists? */
1595 if (offset < p[1] && (p[offset+2] & mask) != 0)
1596 return STAT_BOGUS;
1597
1598 break; /* finshed checking */
1599 }
1600
1601 rdlen -= p[1];
1602 p += p[1];
1603 }
1604
1605 return 1;
1606 }
1607 else if (rc <= 0)
1608 {
1609 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1610 wrap around case, name-hash falls between NSEC3 name-hash and end */
1611 if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1612 return 1;
1613 }
1614 else
1615 {
1616 /* wrap around case, name falls between start and next domain name */
1617 if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1618 return 1;
1619 }
1620 }
1621 }
1622 return 0;
1623 }
1624
1625 static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1626 char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
1627 {
1628 unsigned char *salt, *p, *digest;
1629 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
1630 struct nettle_hash const *hash;
1631 char *closest_encloser, *next_closest, *wildcard;
1632
1633 if (nons)
1634 *nons = 0;
1635
1636 /* Look though the NSEC3 records to find the first one with
1637 an algorithm we support (currently only algo == 1).
1638
1639 Take the algo, iterations, and salt of that record
1640 as the ones we're going to use, and prune any
1641 that don't match. */
1642
1643 for (i = 0; i < nsec_count; i++)
1644 {
1645 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1646 return STAT_BOGUS; /* bad packet */
1647
1648 p += 10; /* type, class, TTL, rdlen */
1649 algo = *p++;
1650
1651 if (algo == 1)
1652 break; /* known algo */
1653 }
1654
1655 /* No usable NSEC3s */
1656 if (i == nsec_count)
1657 return STAT_BOGUS;
1658
1659 p++; /* flags */
1660 GETSHORT (iterations, p);
1661 salt_len = *p++;
1662 salt = p;
1663 if (!CHECK_LEN(header, salt, plen, salt_len))
1664 return STAT_BOGUS; /* bad packet */
1665
1666 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1667 for (i = 0; i < nsec_count; i++)
1668 {
1669 unsigned char *nsec3p = nsecs[i];
1670 int this_iter;
1671
1672 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1673
1674 if (!(p = skip_name(nsec3p, header, plen, 15)))
1675 return STAT_BOGUS; /* bad packet */
1676
1677 p += 10; /* type, class, TTL, rdlen */
1678
1679 if (*p++ != algo)
1680 continue;
1681
1682 p++; /* flags */
1683
1684 GETSHORT(this_iter, p);
1685 if (this_iter != iterations)
1686 continue;
1687
1688 if (salt_len != *p++)
1689 continue;
1690
1691 if (!CHECK_LEN(header, p, plen, salt_len))
1692 return STAT_BOGUS; /* bad packet */
1693
1694 if (memcmp(p, salt, salt_len) != 0)
1695 continue;
1696
1697 /* All match, put the pointer back */
1698 nsecs[i] = nsec3p;
1699 }
1700
1701 /* Algo is checked as 1 above */
1702 if (!(hash = hash_find("sha1")))
1703 return STAT_BOGUS;
1704
1705 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1706 return STAT_BOGUS;
1707
1708 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
1709 return STAT_SECURE;
1710
1711 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1712 or an answer inferred from a wildcard record. */
1713 closest_encloser = name;
1714 next_closest = NULL;
1715
1716 do
1717 {
1718 if (*closest_encloser == '.')
1719 closest_encloser++;
1720
1721 if (wildname && hostname_isequal(closest_encloser, wildname))
1722 break;
1723
1724 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1725 return STAT_BOGUS;
1726
1727 for (i = 0; i < nsec_count; i++)
1728 if ((p = nsecs[i]))
1729 {
1730 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1731 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1732 return STAT_BOGUS;
1733
1734 if (digest_len == base32_len &&
1735 memcmp(digest, workspace2, digest_len) == 0)
1736 break; /* Gotit */
1737 }
1738
1739 if (i != nsec_count)
1740 break;
1741
1742 next_closest = closest_encloser;
1743 }
1744 while ((closest_encloser = strchr(closest_encloser, '.')));
1745
1746 if (!closest_encloser)
1747 return STAT_BOGUS;
1748
1749 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1750 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1751 return STAT_BOGUS;
1752
1753 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1754 return STAT_BOGUS;
1755
1756 /* Finally, check that there's no seat of wildcard synthesis */
1757 if (!wildname)
1758 {
1759 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1760 return STAT_BOGUS;
1761
1762 wildcard--;
1763 *wildcard = '*';
1764
1765 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1766 return STAT_BOGUS;
1767
1768 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
1769 return STAT_BOGUS;
1770 }
1771
1772 return STAT_SECURE;
1773 }
1774
1775 /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1776 /* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1777 int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1778 int *class, int *neganswer, int *nons)
1779 {
1780 unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1781 int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1782 int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
1783 int nsec_type = 0, have_answer = 0;
1784
1785 if (neganswer)
1786 *neganswer = 0;
1787
1788 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1789 return STAT_BOGUS;
1790
1791 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1792 return STAT_INSECURE;
1793
1794 qname = p1 = (unsigned char *)(header+1);
1795
1796 if (!extract_name(header, plen, &p1, name, 1, 4))
1797 return STAT_BOGUS;
1798
1799 GETSHORT(qtype, p1);
1800 GETSHORT(qclass, p1);
1801 ans_start = p1;
1802
1803 if (qtype == T_ANY)
1804 have_answer = 1;
1805
1806 /* Can't validate an RRISG query */
1807 if (qtype == T_RRSIG)
1808 return STAT_INSECURE;
1809
1810 cname_loop:
1811 for (j = ntohs(header->ancount); j != 0; j--)
1812 {
1813 /* leave pointer to missing name in qname */
1814
1815 if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1816 return STAT_BOGUS; /* bad packet */
1817
1818 GETSHORT(type2, p1);
1819 GETSHORT(class2, p1);
1820 p1 += 4; /* TTL */
1821 GETSHORT(rdlen2, p1);
1822
1823 if (rc == 1 && qclass == class2)
1824 {
1825 /* Do we have an answer for the question? */
1826 if (type2 == qtype)
1827 {
1828 have_answer = 1;
1829 break;
1830 }
1831 else if (type2 == T_CNAME)
1832 {
1833 qname = p1;
1834
1835 /* looped CNAMES */
1836 if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1837 return STAT_BOGUS;
1838
1839 p1 = ans_start;
1840 goto cname_loop;
1841 }
1842 }
1843
1844 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1845 return STAT_BOGUS;
1846 }
1847
1848 if (neganswer && !have_answer)
1849 *neganswer = 1;
1850
1851 /* No data, therefore no sigs */
1852 if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1853 return STAT_NO_SIG;
1854
1855 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1856 {
1857 if (!extract_name(header, plen, &p1, name, 1, 10))
1858 return STAT_BOGUS; /* bad packet */
1859
1860 GETSHORT(type1, p1);
1861 GETSHORT(class1, p1);
1862 p1 += 4; /* TTL */
1863 GETSHORT(rdlen1, p1);
1864
1865 /* Don't try and validate RRSIGs! */
1866 if (type1 != T_RRSIG)
1867 {
1868 /* Check if we've done this RRset already */
1869 for (p2 = ans_start, j = 0; j < i; j++)
1870 {
1871 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1872 return STAT_BOGUS; /* bad packet */
1873
1874 GETSHORT(type2, p2);
1875 GETSHORT(class2, p2);
1876 p2 += 4; /* TTL */
1877 GETSHORT(rdlen2, p2);
1878
1879 if (type2 == type1 && class2 == class1 && rc == 1)
1880 break; /* Done it before: name, type, class all match. */
1881
1882 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1883 return STAT_BOGUS;
1884 }
1885
1886 /* Not done, validate now */
1887 if (j == i)
1888 {
1889 int ttl, keytag, algo, digest, type_covered;
1890 unsigned char *psave;
1891 struct all_addr a;
1892 struct blockdata *key;
1893 struct crec *crecp;
1894 char *wildname;
1895 int have_wildcard = 0;
1896
1897 rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
1898
1899 if (rc == STAT_SECURE_WILDCARD)
1900 {
1901 have_wildcard = 1;
1902
1903 /* An attacker replay a wildcard answer with a different
1904 answer and overlay a genuine RR. To prove this
1905 hasn't happened, the answer must prove that
1906 the gennuine record doesn't exist. Check that here. */
1907 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1908 return STAT_BOGUS; /* No NSECs or bad packet */
1909
1910 if (nsec_type == T_NSEC)
1911 rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
1912 else
1913 rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
1914 keyname, name, type1, wildname, NULL);
1915
1916 if (rc != STAT_SECURE)
1917 return rc;
1918 }
1919 else if (rc != STAT_SECURE)
1920 {
1921 if (class)
1922 *class = class1; /* Class for DS or DNSKEY */
1923 return rc;
1924 }
1925
1926 /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1927 cache_start_insert();
1928
1929 for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
1930 {
1931 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1932 return STAT_BOGUS; /* bad packet */
1933
1934 GETSHORT(type2, p2);
1935 GETSHORT(class2, p2);
1936 GETLONG(ttl, p2);
1937 GETSHORT(rdlen2, p2);
1938
1939 if (!CHECK_LEN(header, p2, plen, rdlen2))
1940 return STAT_BOGUS; /* bad packet */
1941
1942 if (class2 == class1 && rc == 1)
1943 {
1944 psave = p2;
1945
1946 if (type1 == T_DS && type2 == T_DS)
1947 {
1948 if (rdlen2 < 4)
1949 return STAT_BOGUS; /* bad packet */
1950
1951 GETSHORT(keytag, p2);
1952 algo = *p2++;
1953 digest = *p2++;
1954
1955 /* Cache needs to known class for DNSSEC stuff */
1956 a.addr.dnssec.class = class2;
1957
1958 if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
1959 {
1960 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1961 blockdata_free(key);
1962 else
1963 {
1964 a.addr.keytag = keytag;
1965 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1966 crecp->addr.ds.digest = digest;
1967 crecp->addr.ds.keydata = key;
1968 crecp->addr.ds.algo = algo;
1969 crecp->addr.ds.keytag = keytag;
1970 crecp->addr.ds.keylen = rdlen2 - 4;
1971 }
1972 }
1973 }
1974 else if (type2 == T_RRSIG)
1975 {
1976 if (rdlen2 < 18)
1977 return STAT_BOGUS; /* bad packet */
1978
1979 GETSHORT(type_covered, p2);
1980
1981 if (type_covered == type1 &&
1982 (type_covered == T_A || type_covered == T_AAAA ||
1983 type_covered == T_CNAME || type_covered == T_DS ||
1984 type_covered == T_DNSKEY || type_covered == T_PTR))
1985 {
1986 a.addr.dnssec.type = type_covered;
1987 a.addr.dnssec.class = class1;
1988
1989 algo = *p2++;
1990 p2 += 13; /* labels, orig_ttl, expiration, inception */
1991 GETSHORT(keytag, p2);
1992
1993 /* We don't cache sigs for wildcard answers, because to reproduce the
1994 answer from the cache will require one or more NSEC/NSEC3 records
1995 which we don't cache. The lack of the RRSIG ensures that a query for
1996 this RRset asking for a secure answer will always be forwarded. */
1997 if (!have_wildcard && (key = blockdata_alloc((char*)psave, rdlen2)))
1998 {
1999 if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
2000 blockdata_free(key);
2001 else
2002 {
2003 crecp->addr.sig.keydata = key;
2004 crecp->addr.sig.keylen = rdlen2;
2005 crecp->addr.sig.keytag = keytag;
2006 crecp->addr.sig.type_covered = type_covered;
2007 crecp->addr.sig.algo = algo;
2008 }
2009 }
2010 }
2011 }
2012
2013 p2 = psave;
2014 }
2015
2016 if (!ADD_RDLEN(header, p2, plen, rdlen2))
2017 return STAT_BOGUS; /* bad packet */
2018 }
2019
2020 cache_end_insert();
2021 }
2022 }
2023
2024 if (!ADD_RDLEN(header, p1, plen, rdlen1))
2025 return STAT_BOGUS;
2026 }
2027
2028 /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
2029 if (have_answer)
2030 return STAT_SECURE;
2031
2032 /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
2033 /* First marshall the NSEC records, if we've not done it previously */
2034 if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
2035 return STAT_NO_SIG; /* No NSECs, this is probably a dangling CNAME pointing into
2036 an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
2037
2038 /* Get name of missing answer */
2039 if (!extract_name(header, plen, &qname, name, 1, 0))
2040 return STAT_BOGUS;
2041
2042 if (nsec_type == T_NSEC)
2043 return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
2044 else
2045 return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
2046 }
2047
2048 /* Chase the CNAME chain in the packet until the first record which _doesn't validate.
2049 Needed for proving answer in unsigned space.
2050 Return STAT_NEED_*
2051 STAT_BOGUS - error
2052 STAT_INSECURE - name of first non-secure record in name
2053 */
2054 int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
2055 {
2056 unsigned char *p = (unsigned char *)(header+1);
2057 int type, class, qclass, rdlen, j, rc;
2058 int cname_count = CNAME_CHAIN;
2059
2060 /* Get question */
2061 if (!extract_name(header, plen, &p, name, 1, 4))
2062 return STAT_BOGUS;
2063
2064 p +=2; /* type */
2065 GETSHORT(qclass, p);
2066
2067 while (1)
2068 {
2069 for (j = ntohs(header->ancount); j != 0; j--)
2070 {
2071 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
2072 return STAT_BOGUS; /* bad packet */
2073
2074 GETSHORT(type, p);
2075 GETSHORT(class, p);
2076 p += 4; /* TTL */
2077 GETSHORT(rdlen, p);
2078
2079 /* Not target, loop */
2080 if (rc == 2 || qclass != class)
2081 {
2082 if (!ADD_RDLEN(header, p, plen, rdlen))
2083 return STAT_BOGUS;
2084 continue;
2085 }
2086
2087 /* Got to end of CNAME chain. */
2088 if (type != T_CNAME)
2089 return STAT_INSECURE;
2090
2091 /* validate CNAME chain, return if insecure or need more data */
2092 rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
2093 if (rc != STAT_SECURE)
2094 {
2095 if (rc == STAT_NO_SIG)
2096 rc = STAT_INSECURE;
2097 return rc;
2098 }
2099
2100 /* Loop down CNAME chain/ */
2101 if (!cname_count-- ||
2102 !extract_name(header, plen, &p, name, 1, 0) ||
2103 !(p = skip_questions(header, plen)))
2104 return STAT_BOGUS;
2105
2106 break;
2107 }
2108
2109 /* End of CNAME chain */
2110 return STAT_INSECURE;
2111 }
2112 }
2113
2114
2115 /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2116 int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
2117 {
2118 if (alg == 1)
2119 {
2120 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2121 See RFC4034, Appendix B.1 */
2122 return key[keylen-4] * 256 + key[keylen-3];
2123 }
2124 else
2125 {
2126 unsigned long ac = flags + 0x300 + alg;
2127 int i;
2128
2129 for (i = 0; i < keylen; ++i)
2130 ac += (i & 1) ? key[i] : key[i] << 8;
2131
2132 ac += (ac >> 16) & 0xffff;
2133 return ac & 0xffff;
2134 }
2135 }
2136
2137 size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2138 {
2139 unsigned char *p;
2140 char *types = querystr("dnssec-query", type);
2141
2142 if (addr->sa.sa_family == AF_INET)
2143 log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2144 #ifdef HAVE_IPV6
2145 else
2146 log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2147 #endif
2148
2149 header->qdcount = htons(1);
2150 header->ancount = htons(0);
2151 header->nscount = htons(0);
2152 header->arcount = htons(0);
2153
2154 header->hb3 = HB3_RD;
2155 SET_OPCODE(header, QUERY);
2156 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2157 this allows it to select auth servers when one is returning bad data. */
2158 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2159
2160 /* ID filled in later */
2161
2162 p = (unsigned char *)(header+1);
2163
2164 p = do_rfc1035_name(p, name);
2165 *p++ = 0;
2166 PUTSHORT(type, p);
2167 PUTSHORT(class, p);
2168
2169 return add_do_bit(header, p - (unsigned char *)header, end);
2170 }
2171
2172 /* Go through a domain name, find "pointers" and fix them up based on how many bytes
2173 we've chopped out of the packet, or check they don't point into an elided part. */
2174 static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2175 {
2176 unsigned char *ansp = *namep;
2177
2178 while(1)
2179 {
2180 unsigned int label_type;
2181
2182 if (!CHECK_LEN(header, ansp, plen, 1))
2183 return 0;
2184
2185 label_type = (*ansp) & 0xc0;
2186
2187 if (label_type == 0xc0)
2188 {
2189 /* pointer for compression. */
2190 unsigned int offset;
2191 int i;
2192 unsigned char *p;
2193
2194 if (!CHECK_LEN(header, ansp, plen, 2))
2195 return 0;
2196
2197 offset = ((*ansp++) & 0x3f) << 8;
2198 offset |= *ansp++;
2199
2200 p = offset + (unsigned char *)header;
2201
2202 for (i = 0; i < rr_count; i++)
2203 if (p < rrs[i])
2204 break;
2205 else
2206 if (i & 1)
2207 offset -= rrs[i] - rrs[i-1];
2208
2209 /* does the pointer end up in an elided RR? */
2210 if (i & 1)
2211 return 0;
2212
2213 /* No, scale the pointer */
2214 if (fixup)
2215 {
2216 ansp -= 2;
2217 *ansp++ = (offset >> 8) | 0xc0;
2218 *ansp++ = offset & 0xff;
2219 }
2220 break;
2221 }
2222 else if (label_type == 0x80)
2223 return 0; /* reserved */
2224 else if (label_type == 0x40)
2225 {
2226 /* Extended label type */
2227 unsigned int count;
2228
2229 if (!CHECK_LEN(header, ansp, plen, 2))
2230 return 0;
2231
2232 if (((*ansp++) & 0x3f) != 1)
2233 return 0; /* we only understand bitstrings */
2234
2235 count = *(ansp++); /* Bits in bitstring */
2236
2237 if (count == 0) /* count == 0 means 256 bits */
2238 ansp += 32;
2239 else
2240 ansp += ((count-1)>>3)+1;
2241 }
2242 else
2243 { /* label type == 0 Bottom six bits is length */
2244 unsigned int len = (*ansp++) & 0x3f;
2245
2246 if (!ADD_RDLEN(header, ansp, plen, len))
2247 return 0;
2248
2249 if (len == 0)
2250 break; /* zero length label marks the end. */
2251 }
2252 }
2253
2254 *namep = ansp;
2255
2256 return 1;
2257 }
2258
2259 /* Go through RRs and check or fixup the domain names contained within */
2260 static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2261 {
2262 int i, type, class, rdlen;
2263 unsigned char *pp;
2264
2265 for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
2266 {
2267 pp = p;
2268
2269 if (!(p = skip_name(p, header, plen, 10)))
2270 return 0;
2271
2272 GETSHORT(type, p);
2273 GETSHORT(class, p);
2274 p += 4; /* TTL */
2275 GETSHORT(rdlen, p);
2276
2277 if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2278 {
2279 /* fixup name of RR */
2280 if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2281 return 0;
2282
2283 if (class == C_IN)
2284 {
2285 u16 *d;
2286
2287 for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
2288 {
2289 if (*d != 0)
2290 pp += *d;
2291 else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2292 return 0;
2293 }
2294 }
2295 }
2296
2297 if (!ADD_RDLEN(header, p, plen, rdlen))
2298 return 0;
2299 }
2300
2301 return 1;
2302 }
2303
2304
2305 size_t filter_rrsigs(struct dns_header *header, size_t plen)
2306 {
2307 static unsigned char **rrs;
2308 static int rr_sz = 0;
2309
2310 unsigned char *p = (unsigned char *)(header+1);
2311 int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
2312
2313 if (ntohs(header->qdcount) != 1 ||
2314 !(p = skip_name(p, header, plen, 4)))
2315 return plen;
2316
2317 GETSHORT(qtype, p);
2318 GETSHORT(qclass, p);
2319
2320 /* First pass, find pointers to start and end of all the records we wish to elide:
2321 records added for DNSSEC, unless explicity queried for */
2322 for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
2323 i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
2324 i++)
2325 {
2326 unsigned char *pstart = p;
2327 int type, class;
2328
2329 if (!(p = skip_name(p, header, plen, 10)))
2330 return plen;
2331
2332 GETSHORT(type, p);
2333 GETSHORT(class, p);
2334 p += 4; /* TTL */
2335 GETSHORT(rdlen, p);
2336
2337 if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2338 (type != qtype || class != qclass))
2339 {
2340 if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2341 return plen;
2342
2343 rrs[rr_found++] = pstart;
2344
2345 if (!ADD_RDLEN(header, p, plen, rdlen))
2346 return plen;
2347
2348 rrs[rr_found++] = p;
2349
2350 if (i < ntohs(header->ancount))
2351 chop_an++;
2352 else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
2353 chop_ns++;
2354 else
2355 chop_ar++;
2356 }
2357 else if (!ADD_RDLEN(header, p, plen, rdlen))
2358 return plen;
2359 }
2360
2361 /* Nothing to do. */
2362 if (rr_found == 0)
2363 return plen;
2364
2365 /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2366 point to records we're going to elide. This is theoretically possible, but unlikely. If
2367 it happens, we give up and leave the answer unchanged. */
2368 p = (unsigned char *)(header+1);
2369
2370 /* question first */
2371 if (!check_name(&p, header, plen, 0, rrs, rr_found))
2372 return plen;
2373 p += 4; /* qclass, qtype */
2374
2375 /* Now answers and NS */
2376 if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2377 return plen;
2378
2379 /* Third pass, elide records */
2380 for (p = rrs[0], i = 1; i < rr_found; i += 2)
2381 {
2382 unsigned char *start = rrs[i];
2383 unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2384
2385 memmove(p, start, end-start);
2386 p += end-start;
2387 }
2388
2389 plen = p - (unsigned char *)header;
2390 header->ancount = htons(ntohs(header->ancount) - chop_an);
2391 header->nscount = htons(ntohs(header->nscount) - chop_ns);
2392 header->arcount = htons(ntohs(header->arcount) - chop_ar);
2393
2394 /* Fourth pass, fix up pointers in the remaining records */
2395 p = (unsigned char *)(header+1);
2396
2397 check_name(&p, header, plen, 1, rrs, rr_found);
2398 p += 4; /* qclass, qtype */
2399
2400 check_rrs(p, header, plen, 1, rrs, rr_found);
2401
2402 return plen;
2403 }
2404
2405 unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2406 {
2407 int q;
2408 unsigned int len;
2409 unsigned char *p = (unsigned char *)(header+1);
2410 const struct nettle_hash *hash;
2411 void *ctx;
2412 unsigned char *digest;
2413
2414 if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2415 return NULL;
2416
2417 for (q = ntohs(header->qdcount); q != 0; q--)
2418 {
2419 if (!extract_name(header, plen, &p, name, 1, 4))
2420 break; /* bad packet */
2421
2422 len = to_wire(name);
2423 hash->update(ctx, len, (unsigned char *)name);
2424 /* CRC the class and type as well */
2425 hash->update(ctx, 4, p);
2426
2427 p += 4;
2428 if (!CHECK_LEN(header, p, plen, 0))
2429 break; /* bad packet */
2430 }
2431
2432 hash->digest(ctx, hash->digest_size, digest);
2433 return digest;
2434 }
2435
2436 #endif /* HAVE_DNSSEC */
Michael's tree of dnsmasq.