/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
+ and Copyright (c) 2012-2015 Simon Kelley
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "dnsmasq.h"
-#include "dnssec-crypto.h"
-#include <assert.h>
-/* Maximum length in octects of a domain name, in wire format */
-#define MAXCDNAME 256
+#ifdef HAVE_DNSSEC
+
+#include <nettle/rsa.h>
+#include <nettle/dsa.h>
+#ifndef NO_NETTLE_ECC
+# include <nettle/ecdsa.h>
+# include <nettle/ecc-curve.h>
+#endif
+#include <nettle/nettle-meta.h>
+#include <nettle/bignum.h>
+
+/* Nettle-3.0 moved to a new API for DSA. We use a name that's defined in the new API
+ to detect Nettle-3, and invoke the backwards compatibility mode. */
+#ifdef dsa_params_init
+#include <nettle/dsa-compat.h>
+#endif
+
+#include <utime.h>
#define SERIAL_UNDEF -100
#define SERIAL_EQ 0
#define SERIAL_LT -1
#define SERIAL_GT 1
-/* Implement RFC1982 wrapped compare for 32-bit numbers */
-static int serial_compare_32(unsigned long s1, unsigned long s2)
+/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
+static char *ds_digest_name(int digest)
{
- if (s1 == s2)
- return SERIAL_EQ;
+ switch (digest)
+ {
+ case 1: return "sha1";
+ case 2: return "sha256";
+ case 3: return "gosthash94";
+ case 4: return "sha384";
+ default: return NULL;
+ }
+}
+
+/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
+static char *algo_digest_name(int algo)
+{
+ switch (algo)
+ {
+ case 1: return "md5";
+ case 3: return "sha1";
+ case 5: return "sha1";
+ case 6: return "sha1";
+ case 7: return "sha1";
+ case 8: return "sha256";
+ case 10: return "sha512";
+ case 12: return "gosthash94";
+ case 13: return "sha256";
+ case 14: return "sha384";
+ default: return NULL;
+ }
+}
+
+/* Find pointer to correct hash function in nettle library */
+static const struct nettle_hash *hash_find(char *name)
+{
+ int i;
+
+ if (!name)
+ return NULL;
+
+ for (i = 0; nettle_hashes[i]; i++)
+ {
+ if (strcmp(nettle_hashes[i]->name, name) == 0)
+ return nettle_hashes[i];
+ }
- if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
- (s1 > s2 && (s1 - s2) > (1UL<<31)))
- return SERIAL_LT;
- if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
- (s1 > s2 && (s1 - s2) < (1UL<<31)))
- return SERIAL_GT;
- return SERIAL_UNDEF;
+ return NULL;
}
-/* Extract a DNS name from wire format, without handling compression. This is
- faster than extract_name() and does not require access to the full dns
- packet. */
-static int extract_name_no_compression(unsigned char *rr, int maxlen, char *buf)
+/* expand ctx and digest memory allocations if necessary and init hash function */
+static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
{
- unsigned char *start=rr, *end = rr+maxlen;
- int count;
+ static void *ctx = NULL;
+ static unsigned char *digest = NULL;
+ static unsigned int ctx_sz = 0;
+ static unsigned int digest_sz = 0;
+
+ void *new;
+
+ if (ctx_sz < hash->context_size)
+ {
+ if (!(new = whine_malloc(hash->context_size)))
+ return 0;
+ if (ctx)
+ free(ctx);
+ ctx = new;
+ ctx_sz = hash->context_size;
+ }
- while (rr < end && *rr != 0)
+ if (digest_sz < hash->digest_size)
{
- count = *rr++;
- while (count-- > 0 && rr < end)
- {
- *buf = *rr++;
- if (!isascii(*buf) || iscntrl(*buf) || *buf == '.')
- return 0;
- if (*buf >= 'A' && *buf <= 'Z')
- *buf += 'a' - 'A';
- buf++;
- }
- *buf++ = '.';
- }
- /* Remove trailing dot (if any) */
- if (rr != start)
- *(--buf) = 0;
- if (rr == end)
+ if (!(new = whine_malloc(hash->digest_size)))
+ return 0;
+ if (digest)
+ free(digest);
+ digest = new;
+ digest_sz = hash->digest_size;
+ }
+
+ *ctxp = ctx;
+ *digestp = digest;
+
+ hash->init(ctx);
+
+ return 1;
+}
+
+static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, int algo)
+{
+ unsigned char *p;
+ size_t exp_len;
+
+ static struct rsa_public_key *key = NULL;
+ static mpz_t sig_mpz;
+
+ if (key == NULL)
+ {
+ if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
+ return 0;
+
+ nettle_rsa_public_key_init(key);
+ mpz_init(sig_mpz);
+ }
+
+ if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
+ return 0;
+
+ key_len--;
+ if ((exp_len = *p++) == 0)
+ {
+ GETSHORT(exp_len, p);
+ key_len -= 2;
+ }
+
+ if (exp_len >= key_len)
return 0;
- /* Trailing \0 in source data must be consumed */
- return rr-start+1;
-}
-
-/* process_domain_name() - do operations with domain names in canonicalized wire format.
- *
- * Handling domain names in wire format can be done with buffers as large as MAXCDNAME (256),
- * while the representation format (as created by, eg., extract_name) requires MAXDNAME (1024).
- *
- * With "canonicalized wire format", we mean the standard DNS wire format, eg:
- *
- * <3>www<7>example<3>org<0>
- *
- * with all ÅSCII letters converted to lowercase, and no wire-level compression.
- *
- * The function works with two different buffers:
- * - Input buffer: 'rdata' is a pointer to the actual wire data, and 'rdlen' is
- * the total length till the end of the rdata or DNS packet section. Both
- * variables are updated after processing the domain name, so that rdata points
- * after it, and rdlen is decreased by the amount of the processed octects.
- * - Output buffer: 'out' points to it. In some cases, this buffer can be prefilled
- * and used as additional input (see below).
- *
- * The argument "action" decides what to do with the submitted domain name:
- *
- * PDN_EXTRACT:
- * Extract the domain name from input buffer into the output buffer, possibly uncompressing it.
- * Return the length of the domain name in the output buffer in octects, or zero if error.
- *
- * PDN_COMPARE:
- * Compare the domain name in the input buffer and the one in the output buffer (ignoring
- * differences in compression). Returns 0 in case of error, a positive number
- * if they are equal, or a negative number if they are different. This function always
- * consumes the whole name in the input buffer (there is no early exit).
- *
- * PDN_ORDER:
- * Order between the domain name in the input buffer and the domain name in the output buffer.
- * Returns 0 if the names are equal, 1 if input > output, or -1 if input < output. This
- * function early-exits when it finds a difference, so rdata might not be fully updated.
- *
- * Notice: because of compression, rdata/rdlen might be updated with a different quantity than
- * the returned number of octects. For instance, if we extract a compressed domain name, rdata/rdlen
- * might be updated only by 2 bytes (that is, rdata is incresed by 2, and rdlen decreased by 2),
- * because it then reuses existing data elsewhere in the DNS packet, while the return value might be
- * larger, reflecting the total number of octects composing the domain name.
- *
- */
-#define PWN_EXTRACT 0
-#define PWN_COMPARE 1
-#define PWN_ORDER 2
-static int process_domain_name(struct dns_header *header, size_t pktlen,
- unsigned char** rdata, size_t* rdlen,
- unsigned char *out, int action)
-{
- int hops = 0, total = 0, i;
- unsigned char label_type;
- unsigned char *end = (unsigned char *)header + pktlen;
- unsigned char count; unsigned char *p = *rdata;
- int nonequal = 0;
-
-#define PROCESS(ch) \
- do { \
- if (action == PWN_EXTRACT) \
- *out++ = ch; \
- else if (action == PWN_COMPARE) \
- { \
- if (*out++ != ch) \
- nonequal = 1; \
- } \
- else if (action == PWN_ORDER) \
- { \
- char _ch = *out++; \
- if (ch < _ch) \
- return -1; \
- else if (_ch > ch) \
- return 1; \
- } \
- } while (0)
+
+ key->size = key_len - exp_len;
+ mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
+ mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
- while (1)
+ mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
+
+ switch (algo)
{
- if (p >= end)
- return 0;
- if (!(count = *p++))
- break;
- label_type = count & 0xC0;
- if (label_type == 0xC0)
- {
- int l2;
- if (p >= end)
- return 0;
- l2 = *p++;
- if (hops == 0)
- {
- if (p - *rdata > *rdlen)
- return 0;
- *rdlen -= p - *rdata;
- *rdata = p;
- }
- if (++hops == 256)
- return 0;
- p = (unsigned char*)header + (count & 0x3F) * 256 + l2;
- }
- else if (label_type == 0x00)
- {
- if (p+count-1 >= end)
- return 0;
- total += count+1;
- if (total >= MAXCDNAME)
- return 0;
- PROCESS(count);
- for (i = 0; i < count; ++i)
- {
- unsigned char ch = *p++;
- if (ch >= 'A' && ch <= 'Z')
- ch += 'a' - 'A';
- PROCESS(ch);
- }
- }
- else
- return 0; /* unsupported label_type */
+ case 1:
+ return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
+ case 5: case 7:
+ return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
+ case 8:
+ return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
+ case 10:
+ return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
}
- if (hops == 0)
+ return 0;
+}
+
+static int dnsmasq_dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, int algo)
+{
+ unsigned char *p;
+ unsigned int t;
+
+ static struct dsa_public_key *key = NULL;
+ static struct dsa_signature *sig_struct;
+
+ if (key == NULL)
{
- if (p - *rdata > *rdlen)
- return 0;
- *rdlen -= p - *rdata;
- *rdata = p;
+ if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
+ !(key = whine_malloc(sizeof(struct dsa_public_key))))
+ return 0;
+
+ nettle_dsa_public_key_init(key);
+ nettle_dsa_signature_init(sig_struct);
}
- ++total;
- if (total >= MAXCDNAME)
+
+ if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
+ return 0;
+
+ t = *p++;
+
+ if (key_len < (213 + (t * 24)))
return 0;
- PROCESS(0);
+
+ mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
+ mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
+ mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
+ mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
+
+ mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
+ mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
+
+ (void)algo;
+
+ return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
+}
+
+#ifndef NO_NETTLE_ECC
+static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
+ unsigned char *sig, size_t sig_len,
+ unsigned char *digest, size_t digest_len, int algo)
+{
+ unsigned char *p;
+ unsigned int t;
+ struct ecc_point *key;
- /* If we arrived here without early-exit, they're equal */
- if (action == PWN_ORDER)
+ static struct ecc_point *key_256 = NULL, *key_384 = NULL;
+ static mpz_t x, y;
+ static struct dsa_signature *sig_struct;
+
+ if (!sig_struct)
+ {
+ if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
+ return 0;
+
+ nettle_dsa_signature_init(sig_struct);
+ mpz_init(x);
+ mpz_init(y);
+ }
+
+ switch (algo)
+ {
+ case 13:
+ if (!key_256)
+ {
+ if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
+ return 0;
+
+ nettle_ecc_point_init(key_256, &nettle_secp_256r1);
+ }
+
+ key = key_256;
+ t = 32;
+ break;
+
+ case 14:
+ if (!key_384)
+ {
+ if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
+ return 0;
+
+ nettle_ecc_point_init(key_384, &nettle_secp_384r1);
+ }
+
+ key = key_384;
+ t = 48;
+ break;
+
+ default:
+ return 0;
+ }
+
+ if (sig_len != 2*t || key_len != 2*t ||
+ !(p = blockdata_retrieve(key_data, key_len, NULL)))
return 0;
- return nonequal ? -total : total;
-
- #undef PROCESS
-}
-
-
-/* RDATA meta-description.
- *
- * RFC4034 §6.2 introduces the concept of a "canonical form of a RR". This canonical
- * form is used in two important points within the DNSSEC protocol/algorithm:
- *
- * 1) When computing the hash for verifying the RRSIG signature, we need to do it on
- * the canonical form.
- * 2) When ordering a RRset in canonical order (§6.3), we need to lexicographically sort
- * the RRs in canonical form.
- *
- * The canonical form of a RR is specifically tricky because it also affects the RDATA,
- * which is different for each RR type; in fact, RFC4034 says that "domain names in
- * RDATA must be canonicalized" (= uncompressed and lower-cased).
- *
- * To handle this correctly, we then need a way to describe how the RDATA section is
- * composed for each RR type; we don't need to describe every field, but just to specify
- * where domain names are. The following array contains this description, and it is
- * used by rrset_canonical_order() and verifyalg_add_rdata(), to adjust their behaviour
- * for each RR type.
- *
- * The format of the description is very easy, for instance:
- *
- * { 12, RDESC_DOMAIN, RDESC_DOMAIN, 4, RDESC_DOMAIN, RDESC_END }
- *
- * This means that this (ficticious) RR type has a RDATA section containing 12 octects
- * (we don't care what they contain), followed by 2 domain names, followed by 4 octects,
- * followed by 1 domain name, and then followed by an unspecificied number of octects (0
- * or more).
- */
-
-#define RDESC_DOMAIN -1
-#define RDESC_END 0
-static const int rdata_description[][8] =
-{
- /**/ { RDESC_END },
- /* 1: A */ { RDESC_END },
- /* 2: NS */ { RDESC_DOMAIN, RDESC_END },
- /* 3: .. */ { RDESC_END },
- /* 4: .. */ { RDESC_END },
- /* 5: CNAME */ { RDESC_DOMAIN, RDESC_END },
- /* 6: SOA */ { RDESC_DOMAIN, RDESC_DOMAIN, RDESC_END },
- /* 7: */ { RDESC_END },
- /* 8: */ { RDESC_END },
- /* 9: */ { RDESC_END },
- /* 10: */ { RDESC_END },
- /* 11: */ { RDESC_END },
- /* 12: */ { RDESC_END },
- /* 13: */ { RDESC_END },
- /* 14: */ { RDESC_END },
- /* 15: MX */ { 2, RDESC_DOMAIN, RDESC_END },
-};
-
-
-/* On-the-fly rdata canonicalization
- *
- * This set of functions allow the user to iterate over the rdata section of a RR
- * while canonicalizing it on-the-fly. This is a great memory saving since the user
- * doesn't need to allocate memory for a copy of the whole rdata section.
- *
- * Sample usage:
- *
- * RDataCFrom cf;
- * rdata_cfrom_init(
- * &cf,
- * header, pktlen, // dns_header
- * rdata, // pointer to rdata section
- * rrtype, // RR tyep
- * tmpbuf); // temporary buf (MAXCDNAME)
- *
- * while ((p = rdata_cfrom_next(&cf, &len))
- * {
- * // Process p[0..len]
- * }
- *
- * if (rdata_cfrom_error(&cf))
- * // error occurred while parsing
- *
- */
-typedef struct
-{
- struct dns_header *header;
- size_t pktlen;
- unsigned char *rdata;
- unsigned char *tmpbuf;
- size_t rdlen;
- int rrtype;
- int cnt;
-} RDataCForm;
-
-static void rdata_cform_init(RDataCForm *ctx, struct dns_header *header, size_t pktlen,
- unsigned char *rdata, int rrtype, unsigned char *tmpbuf)
-{
- if (rrtype >= countof(rdata_description))
- rrtype = 0;
- ctx->header = header;
- ctx->pktlen = pktlen;
- ctx->rdata = rdata;
- ctx->rrtype = rrtype;
- ctx->tmpbuf = tmpbuf;
- ctx->cnt = -1;
- GETSHORT(ctx->rdlen, ctx->rdata);
-}
-
-static int rdata_cform_error(RDataCForm *ctx)
-{
- return ctx->cnt == -2;
-}
-
-static unsigned char *rdata_cform_next(RDataCForm *ctx, size_t *len)
-{
- if (ctx->cnt != -1 && rdata_description[ctx->rrtype][ctx->cnt] == RDESC_END)
- return NULL;
+
+ mpz_import(x, t , 1, 1, 0, 0, p);
+ mpz_import(y, t , 1, 1, 0, 0, p + t);
- int d = rdata_description[ctx->rrtype][++ctx->cnt];
- if (d == RDESC_DOMAIN)
+ if (!ecc_point_set(key, x, y))
+ return 0;
+
+ mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
+ mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
+
+ return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
+}
+#endif
+
+static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
+ unsigned char *digest, size_t digest_len, int algo)
+{
+ (void)digest_len;
+
+ switch (algo)
{
- *len = process_domain_name(ctx->header, ctx->pktlen, &ctx->rdata, &ctx->rdlen, ctx->tmpbuf, PWN_EXTRACT);
- if (!*len)
- {
- ctx->cnt = -2;
- return NULL;
- }
- return ctx->tmpbuf;
+ case 1: case 5: case 7: case 8: case 10:
+ return dnsmasq_rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+ case 3: case 6:
+ return dnsmasq_dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
+
+#ifndef NO_NETTLE_ECC
+ case 13: case 14:
+ return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
+#endif
}
- else if (d == RDESC_END)
+
+ return 0;
+}
+
+/* Convert from presentation format to wire format, in place.
+ Also map UC -> LC.
+ Note that using extract_name to get presentation format
+ then calling to_wire() removes compression and maps case,
+ thus generating names in canonical form.
+ Calling to_wire followed by from_wire is almost an identity,
+ except that the UC remains mapped to LC.
+*/
+static int to_wire(char *name)
+{
+ unsigned char *l, *p, term;
+ int len;
+
+ for (l = (unsigned char*)name; *l != 0; l = p)
{
- *len = ctx->rdlen;
- return ctx->rdata;
+ for (p = l; *p != '.' && *p != 0; p++)
+ if (*p >= 'A' && *p <= 'Z')
+ *p = *p - 'A' + 'a';
+
+ term = *p;
+
+ if ((len = p - l) != 0)
+ memmove(l+1, l, len);
+ *l = len;
+
+ p++;
+
+ if (term == 0)
+ *p = 0;
}
- else
+
+ return l + 1 - (unsigned char *)name;
+}
+
+/* Note: no compression allowed in input. */
+static void from_wire(char *name)
+{
+ unsigned char *l;
+ int len;
+
+ for (l = (unsigned char *)name; *l != 0; l += len+1)
{
- unsigned char *ret = ctx->rdata;
- ctx->rdlen -= d;
- ctx->rdata += d;
- *len = d;
- return ret;
+ len = *l;
+ memmove(l, l+1, len);
+ l[len] = '.';
}
+
+ if ((char *)l != name)
+ *(l-1) = 0;
+}
+
+/* Input in presentation format */
+static int count_labels(char *name)
+{
+ int i;
+
+ if (*name == 0)
+ return 0;
+
+ for (i = 0; *name; name++)
+ if (*name == '.')
+ i++;
+
+ return i+1;
}
+/* Implement RFC1982 wrapped compare for 32-bit numbers */
+static int serial_compare_32(unsigned long s1, unsigned long s2)
+{
+ if (s1 == s2)
+ return SERIAL_EQ;
+
+ if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
+ (s1 > s2 && (s1 - s2) > (1UL<<31)))
+ return SERIAL_LT;
+ if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
+ (s1 > s2 && (s1 - s2) < (1UL<<31)))
+ return SERIAL_GT;
+ return SERIAL_UNDEF;
+}
+
+/* Called at startup. If the timestamp file is configured and exists, put its mtime on
+ timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
+ return -1 -> Cannot create file.
+ 0 -> not using timestamp, or timestamp exists and is in past.
+ 1 -> timestamp exists and is in future.
+*/
+
+static time_t timestamp_time;
+static int back_to_the_future;
+
+int setup_timestamp(void)
+{
+ struct stat statbuf;
+
+ back_to_the_future = 0;
+
+ if (!daemon->timestamp_file)
+ return 0;
+
+ if (stat(daemon->timestamp_file, &statbuf) != -1)
+ {
+ timestamp_time = statbuf.st_mtime;
+ check_and_exit:
+ if (difftime(timestamp_time, time(0)) <= 0)
+ {
+ /* time already OK, update timestamp, and do key checking from the start. */
+ if (utime(daemon->timestamp_file, NULL) == -1)
+ my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
+ back_to_the_future = 1;
+ return 0;
+ }
+ return 1;
+ }
+
+ if (errno == ENOENT)
+ {
+ /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
+ int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666);
+ if (fd != -1)
+ {
+ struct utimbuf timbuf;
+
+ close(fd);
+
+ timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
+ if (utime(daemon->timestamp_file, &timbuf) == 0)
+ goto check_and_exit;
+ }
+ }
+
+ return -1;
+}
/* Check whether today/now is between date_start and date_end */
static int check_date_range(unsigned long date_start, unsigned long date_end)
{
- /* TODO: double-check that time(0) is the correct time we are looking for */
- /* TODO: dnssec requires correct timing; implement SNTP in dnsmasq? */
unsigned long curtime = time(0);
-
+
+ /* Checking timestamps may be temporarily disabled */
+
+ /* If the current time if _before_ the timestamp
+ on our persistent timestamp file, then assume the
+ time if not yet correct, and don't check the
+ key timestamps. As soon as the current time is
+ later then the timestamp, update the timestamp
+ and start checking keys */
+ if (daemon->timestamp_file)
+ {
+ if (back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
+ {
+ if (utime(daemon->timestamp_file, NULL) != 0)
+ my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
+
+ back_to_the_future = 1;
+ set_option_bool(OPT_DNSSEC_TIME);
+ queue_event(EVENT_RELOAD); /* purge cache */
+ }
+
+ if (back_to_the_future == 0)
+ return 1;
+ }
+ else if (option_bool(OPT_DNSSEC_TIME))
+ return 1;
+
/* We must explicitly check against wanted values, because of SERIAL_UNDEF */
return serial_compare_32(curtime, date_start) == SERIAL_GT
- && serial_compare_32(curtime, date_end) == SERIAL_LT;
+ && serial_compare_32(curtime, date_end) == SERIAL_LT;
}
+static u16 *get_desc(int type)
+{
+ /* List of RRtypes which include domains in the data.
+ 0 -> domain
+ integer -> no of plain bytes
+ -1 -> end
+
+ zero is not a valid RRtype, so the final entry is returned for
+ anything which needs no mangling.
+ */
+
+ static u16 rr_desc[] =
+ {
+ T_NS, 0, -1,
+ T_MD, 0, -1,
+ T_MF, 0, -1,
+ T_CNAME, 0, -1,
+ T_SOA, 0, 0, -1,
+ T_MB, 0, -1,
+ T_MG, 0, -1,
+ T_MR, 0, -1,
+ T_PTR, 0, -1,
+ T_MINFO, 0, 0, -1,
+ T_MX, 2, 0, -1,
+ T_RP, 0, 0, -1,
+ T_AFSDB, 2, 0, -1,
+ T_RT, 2, 0, -1,
+ T_SIG, 18, 0, -1,
+ T_PX, 2, 0, 0, -1,
+ T_NXT, 0, -1,
+ T_KX, 2, 0, -1,
+ T_SRV, 6, 0, -1,
+ T_DNAME, 0, -1,
+ 0, -1 /* wildcard/catchall */
+ };
+
+ u16 *p = rr_desc;
+
+ while (*p != type && *p != 0)
+ while (*p++ != (u16)-1);
-/* Sort RRs within a RRset in canonical order, according to RFC4034, §6.3
- Notice that the RRDATA sections have been already normalized, so a memcpy
- is sufficient.
- NOTE: r1/r2 point immediately after the owner name. */
+ return p+1;
+}
-struct {
- struct dns_header *header;
- size_t pktlen;
-} rrset_canonical_order_ctx;
+/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
+ data, pointed to by *p, should be used raw. */
+static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
+ unsigned char **p, u16 **desc)
+{
+ int d = **desc;
+
+ /* No more data needs mangling */
+ if (d == (u16)-1)
+ {
+ /* If there's more data than we have space for, just return what fits,
+ we'll get called again for more chunks */
+ if (end - *p > bufflen)
+ {
+ memcpy(buff, *p, bufflen);
+ *p += bufflen;
+ return bufflen;
+ }
+
+ return 0;
+ }
+
+ (*desc)++;
+
+ if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
+ /* domain-name, canonicalise */
+ return to_wire(buff);
+ else
+ {
+ /* plain data preceding a domain-name, don't run off the end of the data */
+ if ((end - *p) < d)
+ d = end - *p;
+
+ if (d != 0)
+ {
+ memcpy(buff, *p, d);
+ *p += d;
+ }
+
+ return d;
+ }
+}
-static int rrset_canonical_order(const void *r1, const void *r2)
+static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
{
- size_t r1len, r2len;
- int rrtype;
- unsigned char *pr1=*(unsigned char**)r1, *pr2=*(unsigned char**)r2;
- unsigned char tmp1[MAXCDNAME], tmp2[MAXCDNAME]; /* TODO: use part of daemon->namebuff */
+ unsigned char **p;
+ int new_sz = *sz;
- GETSHORT(rrtype, pr1);
- pr1 += 6; pr2 += 8;
+ if (new_sz > new)
+ return 1;
+
+ if (new >= 100)
+ return 0;
- RDataCForm cf1, cf2;
- rdata_cform_init(&cf1, rrset_canonical_order_ctx.header, rrset_canonical_order_ctx.pktlen,
- pr1, rrtype, tmp1);
- rdata_cform_init(&cf2, rrset_canonical_order_ctx.header, rrset_canonical_order_ctx.pktlen,
- pr2, rrtype, tmp2);
- while ((pr1 = rdata_cform_next(&cf1, &r1len)) &&
- (pr2 = rdata_cform_next(&cf2, &r2len)))
+ new_sz += 5;
+
+ if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
+ return 0;
+
+ if (*wkspc)
{
- int res = memcmp(pr1, pr2, MIN(r1len,r2len));
- if (res != 0)
- return res;
- if (r1len < r2len)
- return -1;
- if (r2len > r1len)
- return 1;
+ memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
+ free(*wkspc);
}
+
+ *wkspc = p;
+ *sz = new_sz;
- /* If we reached this point, the two RRs are identical (or an error occurred).
- RFC2181 says that an RRset is not allowed to contain duplicate
- records. If it happens, it is a protocol error and anything goes. */
return 1;
}
-typedef struct PendingRRSIGValidation
-{
- VerifyAlgCtx *alg;
- char *signer_name;
- int keytag;
-} PendingRRSIGValidation;
+/* Bubble sort the RRset into the canonical order.
+ Note that the byte-streams from two RRs may get unsynced: consider
+ RRs which have two domain-names at the start and then other data.
+ The domain-names may have different lengths in each RR, but sort equal
+
+ ------------
+ |abcde|fghi|
+ ------------
+ |abcd|efghi|
+ ------------
-/* strchrnul - like strchr, but when character is not found, returns a pointer to the terminating \0.
+ leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
+*/
- This is an existing C GNU extension, but it's easier to reimplement it,
- rather than tweaking with configure. */
-static char *my_strchrnul(char *str, char ch)
+static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
+ unsigned char **rrset, char *buff1, char *buff2)
{
- while (*str && *str != ch)
- str++;
- return str;
+ int swap, quit, i;
+
+ do
+ {
+ for (swap = 0, i = 0; i < rrsetidx-1; i++)
+ {
+ int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
+ u16 *dp1, *dp2;
+ unsigned char *end1, *end2;
+ /* Note that these have been determined to be OK previously,
+ so we don't need to check for NULL return here. */
+ unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
+ unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
+
+ p1 += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen1, p1);
+ end1 = p1 + rdlen1;
+
+ p2 += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen2, p2);
+ end2 = p2 + rdlen2;
+
+ dp1 = dp2 = rr_desc;
+
+ for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
+ {
+ if (left1 != 0)
+ memmove(buff1, buff1 + len1 - left1, left1);
+
+ if ((len1 = get_rdata(header, plen, end1, buff1 + left1, MAXDNAME - left1, &p1, &dp1)) == 0)
+ {
+ quit = 1;
+ len1 = end1 - p1;
+ memcpy(buff1 + left1, p1, len1);
+ }
+ len1 += left1;
+
+ if (left2 != 0)
+ memmove(buff2, buff2 + len2 - left2, left2);
+
+ if ((len2 = get_rdata(header, plen, end2, buff2 + left2, MAXDNAME - left2, &p2, &dp2)) == 0)
+ {
+ quit = 1;
+ len2 = end2 - p2;
+ memcpy(buff2 + left2, p2, len2);
+ }
+ len2 += left2;
+
+ if (len1 > len2)
+ left1 = len1 - len2, left2 = 0, len = len2;
+ else
+ left2 = len2 - len1, left1 = 0, len = len1;
+
+ rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
+
+ if (rc > 0 || (rc == 0 && quit && len1 > len2))
+ {
+ unsigned char *tmp = rrset[i+1];
+ rrset[i+1] = rrset[i];
+ rrset[i] = tmp;
+ swap = quit = 1;
+ }
+ else if (rc < 0)
+ quit = 1;
+ }
+ }
+ } while (swap);
}
-/* Convert a domain name to wire format */
-static int convert_domain_to_wire(char *name, unsigned char* out)
+/* Validate a single RRset (class, type, name) in the supplied DNS reply
+ Return code:
+ STAT_SECURE if it validates.
+ STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
+ (In this case *wildcard_out points to the "body" of the wildcard within name.)
+ STAT_NO_SIG no RRsigs found.
+ STAT_INSECURE RRset empty.
+ STAT_BOGUS signature is wrong, bad packet.
+ STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
+
+ if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
+ otherwise find the key in the cache.
+
+ name is unchanged on exit. keyname is used as workspace and trashed.
+*/
+static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type,
+ char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen, int algo_in, int keytag_in)
{
- unsigned char len;
- unsigned char *start = out;
- char *p;
+ static unsigned char **rrset = NULL, **sigs = NULL;
+ static int rrset_sz = 0, sig_sz = 0;
+
+ unsigned char *p;
+ int rrsetidx, sigidx, res, rdlen, j, name_labels;
+ struct crec *crecp = NULL;
+ int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
+ u16 *rr_desc = get_desc(type);
+
+ if (wildcard_out)
+ *wildcard_out = NULL;
+
+ if (!(p = skip_questions(header, plen)))
+ return STAT_BOGUS;
+
+ name_labels = count_labels(name); /* For 4035 5.3.2 check */
- do
+ /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
+ for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
+ j != 0; j--)
{
- p = my_strchrnul(name, '.');
- if ((len = p-name))
- {
- *out++ = len;
- while (len--)
- {
- char ch = *name++;
- /* TODO: this will not be required anymore once we
- remove all usages of extract_name() from DNSSEC code */
- if (ch >= 'A' && ch <= 'Z')
- ch = ch - 'A' + 'a';
- *out++ = ch;
- }
- }
- name = p+1;
+ unsigned char *pstart, *pdata;
+ int stype, sclass;
+
+ pstart = p;
+
+ if (!(res = extract_name(header, plen, &p, name, 0, 10)))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(stype, p);
+ GETSHORT(sclass, p);
+ p += 4; /* TTL */
+
+ pdata = p;
+
+ GETSHORT(rdlen, p);
+
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return STAT_BOGUS;
+
+ if (res == 1 && sclass == class)
+ {
+ if (stype == type)
+ {
+ if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
+ return STAT_BOGUS;
+
+ rrset[rrsetidx++] = pstart;
+ }
+
+ if (stype == T_RRSIG)
+ {
+ if (rdlen < 18)
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type_covered, p);
+
+ if (type_covered == type)
+ {
+ if (!expand_workspace(&sigs, &sig_sz, sigidx))
+ return STAT_BOGUS;
+
+ sigs[sigidx++] = pdata;
+ }
+
+ p = pdata + 2; /* restore for ADD_RDLEN */
+ }
+ }
+
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ return STAT_BOGUS;
}
- while (*p);
+
+ /* RRset empty */
+ if (rrsetidx == 0)
+ return STAT_INSECURE;
- *out++ = '\0';
- return out-start;
+ /* no RRSIGs */
+ if (sigidx == 0)
+ return STAT_NO_SIG;
+
+ /* Sort RRset records into canonical order.
+ Note that at this point keyname and daemon->workspacename buffs are
+ unused, and used as workspace by the sort. */
+ sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
+
+ /* Now try all the sigs to try and find one which validates */
+ for (j = 0; j <sigidx; j++)
+ {
+ unsigned char *psav, *sig, *digest;
+ int i, wire_len, sig_len;
+ const struct nettle_hash *hash;
+ void *ctx;
+ char *name_start;
+ u32 nsigttl;
+
+ p = sigs[j];
+ GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
+ psav = p;
+
+ p += 2; /* type_covered - already checked */
+ algo = *p++;
+ labels = *p++;
+ GETLONG(orig_ttl, p);
+ GETLONG(sig_expiration, p);
+ GETLONG(sig_inception, p);
+ GETSHORT(key_tag, p);
+
+ if (!extract_name(header, plen, &p, keyname, 1, 0))
+ return STAT_BOGUS;
+
+ /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
+ the name of the zone containing the RRset. We can't tell that
+ for certain, but we can check that the RRset name is equal to
+ or encloses the signers name, which should be enough to stop
+ an attacker using signatures made with the key of an unrelated
+ zone he controls. Note that the root key is always allowed. */
+ if (*keyname != 0)
+ {
+ int failed = 0;
+
+ for (name_start = name; !hostname_isequal(name_start, keyname); )
+ if ((name_start = strchr(name_start, '.')))
+ name_start++; /* chop a label off and try again */
+ else
+ {
+ failed = 1;
+ break;
+ }
+
+ /* Bad sig, try another */
+ if (failed)
+ continue;
+ }
+
+ /* Other 5.3.1 checks */
+ if (!check_date_range(sig_inception, sig_expiration) ||
+ labels > name_labels ||
+ !(hash = hash_find(algo_digest_name(algo))) ||
+ !hash_init(hash, &ctx, &digest))
+ continue;
+
+ /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
+ if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
+ return STAT_NEED_KEY;
+
+ sig = p;
+ sig_len = rdlen - (p - psav);
+
+ nsigttl = htonl(orig_ttl);
+
+ hash->update(ctx, 18, psav);
+ wire_len = to_wire(keyname);
+ hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
+ from_wire(keyname);
+
+ for (i = 0; i < rrsetidx; ++i)
+ {
+ int seg;
+ unsigned char *end, *cp;
+ u16 len, *dp;
+
+ p = rrset[i];
+ if (!extract_name(header, plen, &p, name, 1, 10))
+ return STAT_BOGUS;
+
+ name_start = name;
+
+ /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
+ if (labels < name_labels)
+ {
+ int k;
+ for (k = name_labels - labels; k != 0; k--)
+ {
+ while (*name_start != '.' && *name_start != 0)
+ name_start++;
+ if (k != 1 && *name_start == '.')
+ name_start++;
+ }
+
+ if (wildcard_out)
+ *wildcard_out = name_start+1;
+
+ name_start--;
+ *name_start = '*';
+ }
+
+ wire_len = to_wire(name_start);
+ hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
+ hash->update(ctx, 4, p); /* class and type */
+ hash->update(ctx, 4, (unsigned char *)&nsigttl);
+
+ p += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen, p);
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return STAT_BOGUS;
+
+ end = p + rdlen;
+
+ /* canonicalise rdata and calculate length of same, use name buffer as workspace */
+ cp = p;
+ dp = rr_desc;
+ for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)) != 0; len += seg);
+ len += end - cp;
+ len = htons(len);
+ hash->update(ctx, 2, (unsigned char *)&len);
+
+ /* Now canonicalise again and digest. */
+ cp = p;
+ dp = rr_desc;
+ while ((seg = get_rdata(header, plen, end, name, MAXDNAME, &cp, &dp)))
+ hash->update(ctx, seg, (unsigned char *)name);
+ if (cp != end)
+ hash->update(ctx, end - cp, cp);
+ }
+
+ hash->digest(ctx, hash->digest_size, digest);
+
+ /* namebuff used for workspace above, restore to leave unchanged on exit */
+ p = (unsigned char*)(rrset[0]);
+ extract_name(header, plen, &p, name, 1, 0);
+
+ if (key)
+ {
+ if (algo_in == algo && keytag_in == key_tag &&
+ verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
+ return STAT_SECURE;
+ }
+ else
+ {
+ /* iterate through all possible keys 4035 5.3.1 */
+ for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
+ if (crecp->addr.key.algo == algo &&
+ crecp->addr.key.keytag == key_tag &&
+ crecp->uid == (unsigned int)class &&
+ verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
+ return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
+ }
+ }
+
+ return STAT_BOGUS;
}
+
+/* The DNS packet is expected to contain the answer to a DNSKEY query.
+ Put all DNSKEYs in the answer which are valid into the cache.
+ return codes:
+ STAT_SECURE At least one valid DNSKEY found and in cache.
+ STAT_BOGUS No DNSKEYs found, which can be validated with DS,
+ or self-sign for DNSKEY RRset is not valid, bad packet.
+ STAT_NEED_DS DS records to validate a key not found, name in keyname
+*/
+int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
+{
+ unsigned char *psave, *p = (unsigned char *)(header+1);
+ struct crec *crecp, *recp1;
+ int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
+ struct blockdata *key;
+ struct all_addr a;
+
+ if (ntohs(header->qdcount) != 1 ||
+ !extract_name(header, plen, &p, name, 1, 4))
+ return STAT_BOGUS;
+
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
+
+ if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
+ return STAT_BOGUS;
+
+ /* See if we have cached a DS record which validates this key */
+ if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
+ {
+ strcpy(keyname, name);
+ return STAT_NEED_DS;
+ }
+
+ /* If we've cached that DS provably doesn't exist, result must be INSECURE */
+ if (crecp->flags & F_NEG)
+ return STAT_INSECURE_DS;
+
+ /* NOTE, we need to find ONE DNSKEY which matches the DS */
+ for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
+ {
+ /* Ensure we have type, class TTL and length */
+ if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
+ GETLONG(ttl, p);
+ GETSHORT(rdlen, p);
+
+ if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
+ return STAT_BOGUS; /* bad packet */
+
+ if (qclass != class || qtype != T_DNSKEY || rc == 2)
+ {
+ p += rdlen;
+ continue;
+ }
+
+ psave = p;
+
+ GETSHORT(flags, p);
+ if (*p++ != 3)
+ return STAT_BOGUS;
+ algo = *p++;
+ keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
+ key = NULL;
+
+ /* key must have zone key flag set */
+ if (flags & 0x100)
+ key = blockdata_alloc((char*)p, rdlen - 4);
+
+ p = psave;
+
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ {
+ if (key)
+ blockdata_free(key);
+ return STAT_BOGUS; /* bad packet */
+ }
+
+ /* No zone key flag or malloc failure */
+ if (!key)
+ continue;
+
+ for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
+ {
+ void *ctx;
+ unsigned char *digest, *ds_digest;
+ const struct nettle_hash *hash;
+
+ if (recp1->addr.ds.algo == algo &&
+ recp1->addr.ds.keytag == keytag &&
+ recp1->uid == (unsigned int)class &&
+ (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
+ hash_init(hash, &ctx, &digest))
+
+ {
+ int wire_len = to_wire(name);
+
+ /* Note that digest may be different between DSs, so
+ we can't move this outside the loop. */
+ hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
+ hash->update(ctx, (unsigned int)rdlen, psave);
+ hash->digest(ctx, hash->digest_size, digest);
+
+ from_wire(name);
+
+ if (recp1->addr.ds.keylen == (int)hash->digest_size &&
+ (ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
+ memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
+ validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, NULL, key, rdlen - 4, algo, keytag) == STAT_SECURE)
+ {
+ valid = 1;
+ break;
+ }
+ }
+ }
+ blockdata_free(key);
+ }
+
+ if (valid)
+ {
+ /* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
+ cache_start_insert();
+
+ p = skip_questions(header, plen);
+
+ for (j = ntohs(header->ancount); j != 0; j--)
+ {
+ /* Ensure we have type, class TTL and length */
+ if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
+ return STAT_INSECURE; /* bad packet */
+
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
+ GETLONG(ttl, p);
+ GETSHORT(rdlen, p);
+
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return STAT_BOGUS; /* bad packet */
+
+ if (qclass == class && rc == 1)
+ {
+ psave = p;
+
+ if (qtype == T_DNSKEY)
+ {
+ if (rdlen < 4)
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(flags, p);
+ if (*p++ != 3)
+ return STAT_BOGUS;
+ algo = *p++;
+ keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
+
+ /* Cache needs to known class for DNSSEC stuff */
+ a.addr.dnssec.class = class;
+
+ if ((key = blockdata_alloc((char*)p, rdlen - 4)))
+ {
+ if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
+ blockdata_free(key);
+ else
+ {
+ a.addr.keytag = keytag;
+ log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
+
+ recp1->addr.key.keylen = rdlen - 4;
+ recp1->addr.key.keydata = key;
+ recp1->addr.key.algo = algo;
+ recp1->addr.key.keytag = keytag;
+ recp1->addr.key.flags = flags;
+ }
+ }
+ }
+ else if (qtype == T_RRSIG)
+ {
+ /* RRSIG, cache if covers DNSKEY RRset */
+ if (rdlen < 18)
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type_covered, p);
+
+ if (type_covered == T_DNSKEY)
+ {
+ a.addr.dnssec.class = class;
+ a.addr.dnssec.type = type_covered;
+
+ algo = *p++;
+ p += 13; /* labels, orig_ttl, expiration, inception */
+ GETSHORT(keytag, p);
+ if ((key = blockdata_alloc((char*)psave, rdlen)))
+ {
+ if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
+ blockdata_free(key);
+ else
+ {
+ crecp->addr.sig.keydata = key;
+ crecp->addr.sig.keylen = rdlen;
+ crecp->addr.sig.keytag = keytag;
+ crecp->addr.sig.type_covered = type_covered;
+ crecp->addr.sig.algo = algo;
+ }
+ }
+ }
+ }
+
+ p = psave;
+ }
+
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ return STAT_BOGUS; /* bad packet */
+ }
+
+ /* commit cache insert. */
+ cache_end_insert();
+ return STAT_SECURE;
+ }
+ log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
+ return STAT_BOGUS;
+}
-/* Pass a resource record's rdata field through the currently-initailized digest algorithm.
+/* The DNS packet is expected to contain the answer to a DS query
+ Put all DSs in the answer which are valid into the cache.
+ return codes:
+ STAT_SECURE At least one valid DS found and in cache.
+ STAT_NO_DS It's proved there's no DS here.
+ STAT_NO_NS It's proved there's no DS _or_ NS here.
+ STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
+ STAT_NEED_KEY DNSKEY records to validate a DS not found, name in keyname
+*/
- We must pass the record in DNS wire format, but if the record contains domain names,
- they must be uncompressed. This makes things very tricky, because */
-static int digestalg_add_rdata(int sigtype, struct dns_header *header, size_t pktlen,
- unsigned char *rdata)
+int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
{
- size_t len;
- unsigned char *p;
- unsigned short total;
- unsigned char tmpbuf[MAXDNAME]; /* TODO: reuse part of daemon->namebuff */
- RDataCForm cf1, cf2;
-
- /* Initialize two iterations over the canonical form*/
- rdata_cform_init(&cf1, header, pktlen, rdata, sigtype, tmpbuf);
- cf2 = cf1;
-
- /* Iteration 1: go through the canonical record and count the total octects.
- This number might be different from the non-canonical rdata length
- because of domain names compression. */
- total = 0;
- while ((p = rdata_cform_next(&cf1, &len)))
- total += len;
- if (rdata_cform_error(&cf1))
- return 0;
+ unsigned char *p = (unsigned char *)(header+1);
+ int qtype, qclass, val, i, neganswer, nons;
- /* Iteration 2: process the canonical record through the hash function */
- total = htons(total);
- digestalg_add_data(&total, 2);
+ if (ntohs(header->qdcount) != 1 ||
+ !(p = skip_name(p, header, plen, 4)))
+ return STAT_BOGUS;
+
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
- while ((p = rdata_cform_next(&cf2, &len)))
- digestalg_add_data(p, len);
+ if (qtype != T_DS || qclass != class)
+ val = STAT_BOGUS;
+ else
+ val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer, &nons);
+ /* Note dnssec_validate_reply() will have cached positive answers */
+
+ if (val == STAT_NO_SIG || val == STAT_INSECURE)
+ val = STAT_BOGUS;
+
+ p = (unsigned char *)(header+1);
+ extract_name(header, plen, &p, name, 1, 4);
+ p += 4; /* qtype, qclass */
+
+ if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
+ val = STAT_BOGUS;
+
+ /* If the key needed to validate the DS is on the same domain as the DS, we'll
+ loop getting nowhere. Stop that now. This can happen of the DS answer comes
+ from the DS's zone, and not the parent zone. */
+ if (val == STAT_BOGUS || (val == STAT_NEED_KEY && hostname_isequal(name, keyname)))
+ {
+ log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
+ return STAT_BOGUS;
+ }
- return 1;
+ /* By here, the answer is proved secure, and a positive answer has been cached. */
+ if (val == STAT_SECURE && neganswer)
+ {
+ int rdlen, flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
+ unsigned long ttl, minttl = ULONG_MAX;
+ struct all_addr a;
+
+ if (RCODE(header) == NXDOMAIN)
+ flags |= F_NXDOMAIN;
+
+ /* We only cache validated DS records, DNSSECOK flag hijacked
+ to store presence/absence of NS. */
+ if (nons)
+ flags &= ~F_DNSSECOK;
+
+ for (i = ntohs(header->nscount); i != 0; i--)
+ {
+ if (!(p = skip_name(p, header, plen, 0)))
+ return STAT_BOGUS;
+
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
+ GETLONG(ttl, p);
+ GETSHORT(rdlen, p);
+
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return STAT_BOGUS; /* bad packet */
+
+ if (qclass != class || qtype != T_SOA)
+ {
+ p += rdlen;
+ continue;
+ }
+
+ if (ttl < minttl)
+ minttl = ttl;
+
+ /* MNAME */
+ if (!(p = skip_name(p, header, plen, 0)))
+ return STAT_BOGUS;
+ /* RNAME */
+ if (!(p = skip_name(p, header, plen, 20)))
+ return STAT_BOGUS;
+ p += 16; /* SERIAL REFRESH RETRY EXPIRE */
+
+ GETLONG(ttl, p); /* minTTL */
+ if (ttl < minttl)
+ minttl = ttl;
+
+ break;
+ }
+
+ if (i != 0)
+ {
+ cache_start_insert();
+
+ a.addr.dnssec.class = class;
+ cache_insert(name, &a, now, ttl, flags);
+
+ cache_end_insert();
+
+ log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no delegation" : "no DS");
+ }
+
+ return nons ? STAT_NO_NS : STAT_NO_DS;
+ }
+
+ return val;
}
+/* 4034 6.1 */
+static int hostname_cmp(const char *a, const char *b)
+{
+ char *sa, *ea, *ca, *sb, *eb, *cb;
+ unsigned char ac, bc;
+
+ sa = ea = (char *)a + strlen(a);
+ sb = eb = (char *)b + strlen(b);
+
+ while (1)
+ {
+ while (sa != a && *(sa-1) != '.')
+ sa--;
+
+ while (sb != b && *(sb-1) != '.')
+ sb--;
+
+ ca = sa;
+ cb = sb;
+
+ while (1)
+ {
+ if (ca == ea)
+ {
+ if (cb == eb)
+ break;
+
+ return -1;
+ }
+
+ if (cb == eb)
+ return 1;
+
+ ac = (unsigned char) *ca++;
+ bc = (unsigned char) *cb++;
+
+ if (ac >= 'A' && ac <= 'Z')
+ ac += 'a' - 'A';
+ if (bc >= 'A' && bc <= 'Z')
+ bc += 'a' - 'A';
+
+ if (ac < bc)
+ return -1;
+ else if (ac != bc)
+ return 1;
+ }
+
+
+ if (sa == a)
+ {
+ if (sb == b)
+ return 0;
+
+ return -1;
+ }
+
+ if (sb == b)
+ return 1;
+
+ ea = sa--;
+ eb = sb--;
+ }
+}
-static int begin_rrsig_validation(struct dns_header *header, size_t pktlen,
- unsigned char *reply, int count, char *owner,
- int sigclass, int sigrdlen, unsigned char *sig,
- PendingRRSIGValidation *out)
+/* Find all the NSEC or NSEC3 records in a reply.
+ return an array of pointers to them. */
+static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
{
- int i, res;
- int sigtype, sigalg, siglbl;
- unsigned char *sigrdata = sig;
- unsigned long sigttl, date_end, date_start;
- unsigned char* p = reply;
- char* signer_name = daemon->namebuff;
- int signer_name_rdlen;
- int keytag;
- void *rrset[16]; /* TODO: max RRset size? */
- int rrsetidx = 0;
+ static unsigned char **nsecset = NULL;
+ static int nsecset_sz = 0;
- if (sigrdlen < 18)
+ int type_found = 0;
+ unsigned char *p = skip_questions(header, plen);
+ int type, class, rdlen, i, nsecs_found;
+
+ /* Move to NS section */
+ if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
return 0;
- GETSHORT(sigtype, sig);
- sigalg = *sig++;
- siglbl = *sig++;
- GETLONG(sigttl, sig);
- GETLONG(date_end, sig);
- GETLONG(date_start, sig);
- GETSHORT(keytag, sig);
- sigrdlen -= 18;
-
- if (!verifyalg_supported(sigalg))
- {
- printf("ERROR: RRSIG algorithm not supported: %d\n", sigalg);
- return 0;
+
+ for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
+ {
+ unsigned char *pstart = p;
+
+ if (!(p = skip_name(p, header, plen, 10)))
+ return 0;
+
+ GETSHORT(type, p);
+ GETSHORT(class, p);
+ p += 4; /* TTL */
+ GETSHORT(rdlen, p);
+
+ if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
+ {
+ /* No mixed NSECing 'round here, thankyouverymuch */
+ if (type_found == T_NSEC && type == T_NSEC3)
+ return 0;
+ if (type_found == T_NSEC3 && type == T_NSEC)
+ return 0;
+
+ type_found = type;
+
+ if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
+ return 0;
+
+ nsecset[nsecs_found++] = pstart;
+ }
+
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ return 0;
}
+
+ *nsecsetp = nsecset;
+ *nsecsetl = nsecs_found;
+
+ return type_found;
+}
- if (!check_date_range(date_start, date_end))
+static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
+ char *workspace1, char *workspace2, char *name, int type, int *nons)
+{
+ int i, rc, rdlen;
+ unsigned char *p, *psave;
+ int offset = (type & 0xff) >> 3;
+ int mask = 0x80 >> (type & 0x07);
+
+ if (nons)
+ *nons = 0;
+
+ /* Find NSEC record that proves name doesn't exist */
+ for (i = 0; i < nsec_count; i++)
{
- printf("ERROR: RRSIG outside date range\n");
- return 0;
+ p = nsecs[i];
+ if (!extract_name(header, plen, &p, workspace1, 1, 10))
+ return STAT_BOGUS;
+ p += 8; /* class, type, TTL */
+ GETSHORT(rdlen, p);
+ psave = p;
+ if (!extract_name(header, plen, &p, workspace2, 1, 10))
+ return STAT_BOGUS;
+
+ rc = hostname_cmp(workspace1, name);
+
+ if (rc == 0)
+ {
+ /* 4035 para 5.4. Last sentence */
+ if (type == T_NSEC || type == T_RRSIG)
+ return STAT_SECURE;
+
+ /* NSEC with the same name as the RR we're testing, check
+ that the type in question doesn't appear in the type map */
+ rdlen -= p - psave;
+ /* rdlen is now length of type map, and p points to it */
+
+ /* If we can prove that there's no NS record, return that information. */
+ if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
+ *nons = 1;
+
+ while (rdlen >= 2)
+ {
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return STAT_BOGUS;
+
+ if (p[0] == type >> 8)
+ {
+ /* Does the NSEC say our type exists? */
+ if (offset < p[1] && (p[offset+2] & mask) != 0)
+ return STAT_BOGUS;
+
+ break; /* finshed checking */
+ }
+
+ rdlen -= p[1];
+ p += p[1];
+ }
+
+ return STAT_SECURE;
+ }
+ else if (rc == -1)
+ {
+ /* Normal case, name falls between NSEC name and next domain name,
+ wrap around case, name falls between NSEC name (rc == -1) and end */
+ if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
+ return STAT_SECURE;
+ }
+ else
+ {
+ /* wrap around case, name falls between start and next domain name */
+ if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
+ return STAT_SECURE;
+ }
}
+
+ return STAT_BOGUS;
+}
- /* Iterate within the answer and find the RRsets matching the current RRsig */
- for (i = 0; i < count; ++i)
- {
- int qtype, qclass, rdlen;
- if (!(res = extract_name(header, pktlen, &p, owner, 0, 10)))
- return 0;
- rrset[rrsetidx] = p;
- GETSHORT(qtype, p);
- GETSHORT(qclass, p);
- p += 4; /* skip ttl */
- GETSHORT(rdlen, p);
- if (res == 1 && qtype == sigtype && qclass == sigclass)
- {
- ++rrsetidx;
- if (rrsetidx == countof(rrset))
- {
- /* Internal buffer too small */
- printf("internal buffer too small for this RRset\n");
- return 0;
- }
- }
- p += rdlen;
- }
-
- /* Sort RRset records in canonical order. */
- rrset_canonical_order_ctx.header = header;
- rrset_canonical_order_ctx.pktlen = pktlen;
- qsort(rrset, rrsetidx, sizeof(void*), rrset_canonical_order);
-
- /* Skip through the signer name; we don't extract it right now because
- we don't want to overwrite the single daemon->namebuff which contains
- the owner name. We'll get to this later. */
- if (!(p = skip_name(sig, header, pktlen, 0)))
- return 0;
- signer_name_rdlen = p - sig;
- sig = p; sigrdlen -= signer_name_rdlen;
+/* return digest length, or zero on error */
+static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
+ unsigned char *salt, int salt_len, int iterations)
+{
+ void *ctx;
+ unsigned char *digest;
+ int i;
- /* Now initialize the signature verification algorithm and process the whole
- RRset */
- VerifyAlgCtx *alg = verifyalg_alloc(sigalg);
- if (!alg)
+ if (!hash_init(hash, &ctx, &digest))
return 0;
- alg->sig = sig;
- alg->siglen = sigrdlen;
-
- sigtype = htons(sigtype);
- sigclass = htons(sigclass);
- sigttl = htonl(sigttl);
-
- /* TODO: we shouldn't need to convert this to wire here. Best solution would be:
- - Use process_name() instead of extract_name() everywhere in dnssec code
- - Convert from wire format to representation format only for querying/storing cache
- */
- unsigned char owner_wire[MAXCDNAME];
- int owner_wire_len = convert_domain_to_wire(owner, owner_wire);
-
- digestalg_begin(alg->vtbl->digest_algo);
- digestalg_add_data(sigrdata, 18+signer_name_rdlen);
- for (i = 0; i < rrsetidx; ++i)
- {
- p = (unsigned char*)(rrset[i]);
-
- digestalg_add_data(owner_wire, owner_wire_len);
- digestalg_add_data(&sigtype, 2);
- digestalg_add_data(&sigclass, 2);
- digestalg_add_data(&sigttl, 4);
-
- p += 8;
- if (!digestalg_add_rdata(ntohs(sigtype), header, pktlen, p))
- return 0;
+
+ hash->update(ctx, to_wire(in), (unsigned char *)in);
+ hash->update(ctx, salt_len, salt);
+ hash->digest(ctx, hash->digest_size, digest);
+
+ for(i = 0; i < iterations; i++)
+ {
+ hash->update(ctx, hash->digest_size, digest);
+ hash->update(ctx, salt_len, salt);
+ hash->digest(ctx, hash->digest_size, digest);
}
- int digest_len = digestalg_len();
- memcpy(alg->digest, digestalg_final(), digest_len);
+
+ from_wire(in);
- /* We don't need the owner name anymore; now extract the signer name */
- if (!extract_name_no_compression(sigrdata+18, signer_name_rdlen, signer_name))
+ *out = digest;
+ return hash->digest_size;
+}
+
+/* Decode base32 to first "." or end of string */
+static int base32_decode(char *in, unsigned char *out)
+{
+ int oc, on, c, mask, i;
+ unsigned char *p = out;
+
+ for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
+ {
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'v')
+ c -= 'a', c += 10;
+ else if (c >= 'A' && c <= 'V')
+ c -= 'A', c += 10;
+ else
+ return 0;
+
+ for (mask = 0x10, i = 0; i < 5; i++)
+ {
+ if (c & mask)
+ oc |= 1;
+ mask = mask >> 1;
+ if (((++on) & 7) == 0)
+ *p++ = oc;
+ oc = oc << 1;
+ }
+ }
+
+ if ((on & 7) != 0)
return 0;
- out->alg = alg;
- out->keytag = keytag;
- out->signer_name = signer_name;
- return 1;
+ return p - out;
}
-static int end_rrsig_validation(PendingRRSIGValidation *val, struct crec *crec_dnskey)
+static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
+ char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons)
{
- /* FIXME: keydata is non-contiguous */
- return val->alg->vtbl->verify(val->alg, crec_dnskey->addr.key.keydata, crec_dnskey->uid);
+ int i, hash_len, salt_len, base32_len, rdlen;
+ unsigned char *p, *psave;
+
+ for (i = 0; i < nsec_count; i++)
+ if ((p = nsecs[i]))
+ {
+ if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+ !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+ return 0;
+
+ p += 8; /* class, type, TTL */
+ GETSHORT(rdlen, p);
+ psave = p;
+ p += 4; /* algo, flags, iterations */
+ salt_len = *p++; /* salt_len */
+ p += salt_len; /* salt */
+ hash_len = *p++; /* p now points to next hashed name */
+
+ if (!CHECK_LEN(header, p, plen, hash_len))
+ return 0;
+
+ if (digest_len == base32_len && hash_len == base32_len)
+ {
+ int rc = memcmp(workspace2, digest, digest_len);
+
+ if (rc == 0)
+ {
+ /* We found an NSEC3 whose hashed name exactly matches the query, so
+ we just need to check the type map. p points to the RR data for the record. */
+
+ int offset = (type & 0xff) >> 3;
+ int mask = 0x80 >> (type & 0x07);
+
+ p += hash_len; /* skip next-domain hash */
+ rdlen -= p - psave;
+
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return 0;
+
+ /* If we can prove that there's no NS record, return that information. */
+ if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) == 0)
+ *nons = 1;
+
+ while (rdlen >= 2)
+ {
+ if (p[0] == type >> 8)
+ {
+ /* Does the NSEC3 say our type exists? */
+ if (offset < p[1] && (p[offset+2] & mask) != 0)
+ return STAT_BOGUS;
+
+ break; /* finshed checking */
+ }
+
+ rdlen -= p[1];
+ p += p[1];
+ }
+
+ return 1;
+ }
+ else if (rc <= 0)
+ {
+ /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
+ wrap around case, name-hash falls between NSEC3 name-hash and end */
+ if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
+ return 1;
+ }
+ else
+ {
+ /* wrap around case, name falls between start and next domain name */
+ if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
+ return 1;
+ }
+ }
+ }
+ return 0;
}
-static void dnssec_parserrsig(struct dns_header *header, size_t pktlen,
- unsigned char *reply, int count, char *owner,
- int sigclass, int sigrdlen, unsigned char *sig)
+static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
+ char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
{
- PendingRRSIGValidation val;
+ unsigned char *salt, *p, *digest;
+ int digest_len, i, iterations, salt_len, base32_len, algo = 0;
+ struct nettle_hash const *hash;
+ char *closest_encloser, *next_closest, *wildcard;
+
+ if (nons)
+ *nons = 0;
+
+ /* Look though the NSEC3 records to find the first one with
+ an algorithm we support (currently only algo == 1).
- /* Initiate the RRSIG validation process. The pending state is returned into val. */
- if (!begin_rrsig_validation(header, pktlen, reply, count, owner, sigclass, sigrdlen, sig, &val))
- return;
+ Take the algo, iterations, and salt of that record
+ as the ones we're going to use, and prune any
+ that don't match. */
+
+ for (i = 0; i < nsec_count; i++)
+ {
+ if (!(p = skip_name(nsecs[i], header, plen, 15)))
+ return STAT_BOGUS; /* bad packet */
+
+ p += 10; /* type, class, TTL, rdlen */
+ algo = *p++;
+
+ if (algo == 1)
+ break; /* known algo */
+ }
- printf("RRSIG: querying cache for DNSKEY %s (keytag: %d)\n", val.signer_name, val.keytag);
+ /* No usable NSEC3s */
+ if (i == nsec_count)
+ return STAT_BOGUS;
- /* Look in the cache for *all* the DNSKEYs with matching signer_name and keytag */
- char onekey = 0;
- struct crec *crecp = NULL;
- while ((crecp = cache_find_by_name(crecp, val.signer_name, time(0), F_DNSKEY))) /* TODO: time(0) */
+ p++; /* flags */
+ GETSHORT (iterations, p);
+ salt_len = *p++;
+ salt = p;
+ if (!CHECK_LEN(header, salt, plen, salt_len))
+ return STAT_BOGUS; /* bad packet */
+
+ /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
+ for (i = 0; i < nsec_count; i++)
{
- onekey = 1;
+ unsigned char *nsec3p = nsecs[i];
+ int this_iter;
+
+ nsecs[i] = NULL; /* Speculative, will be restored if OK. */
+
+ if (!(p = skip_name(nsec3p, header, plen, 15)))
+ return STAT_BOGUS; /* bad packet */
+
+ p += 10; /* type, class, TTL, rdlen */
+
+ if (*p++ != algo)
+ continue;
+
+ p++; /* flags */
+
+ GETSHORT(this_iter, p);
+ if (this_iter != iterations)
+ continue;
+
+ if (salt_len != *p++)
+ continue;
+
+ if (!CHECK_LEN(header, p, plen, salt_len))
+ return STAT_BOGUS; /* bad packet */
+
+ if (memcmp(p, salt, salt_len) != 0)
+ continue;
+
+ /* All match, put the pointer back */
+ nsecs[i] = nsec3p;
+ }
- if (crecp->addr.key.keytag == val.keytag
- && crecp->addr.key.algo == verifyalg_algonum(val.alg))
- {
- printf("RRSIG: found DNSKEY %d in cache, attempting validation\n", val.keytag);
+ /* Algo is checked as 1 above */
+ if (!(hash = hash_find("sha1")))
+ return STAT_BOGUS;
+
+ if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+ if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons))
+ return STAT_SECURE;
- if (end_rrsig_validation(&val, crecp))
- printf("Validation OK\n");
- else
- printf("ERROR: Validation FAILED (%s, keytag:%d, algo:%d)\n", owner, val.keytag, verifyalg_algonum(val.alg));
- }
+ /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
+ or an answer inferred from a wildcard record. */
+ closest_encloser = name;
+ next_closest = NULL;
+
+ do
+ {
+ if (*closest_encloser == '.')
+ closest_encloser++;
+
+ if (wildname && hostname_isequal(closest_encloser, wildname))
+ break;
+
+ if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+ for (i = 0; i < nsec_count; i++)
+ if ((p = nsecs[i]))
+ {
+ if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
+ !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
+ return STAT_BOGUS;
+
+ if (digest_len == base32_len &&
+ memcmp(digest, workspace2, digest_len) == 0)
+ break; /* Gotit */
+ }
+
+ if (i != nsec_count)
+ break;
+
+ next_closest = closest_encloser;
}
+ while ((closest_encloser = strchr(closest_encloser, '.')));
+
+ if (!closest_encloser)
+ return STAT_BOGUS;
+
+ /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
+ if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
- if (!onekey)
+ if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
+ return STAT_BOGUS;
+
+ /* Finally, check that there's no seat of wildcard synthesis */
+ if (!wildname)
{
- printf("DNSKEY not found, need to fetch it\n");
- /* TODO: store PendingRRSIGValidation in routing table,
- fetch key (and make it go through dnssec_parskey), then complete validation. */
+ if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
+ return STAT_BOGUS;
+
+ wildcard--;
+ *wildcard = '*';
+
+ if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
+ return STAT_BOGUS;
+
+ if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL))
+ return STAT_BOGUS;
}
+
+ return STAT_SECURE;
}
-
-/* Compute keytag (checksum to quickly index a key). See RFC4034 */
-static int dnskey_keytag(int alg, unsigned char *rdata, int rdlen)
+
+/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
+/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
+int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
+ int *class, int *neganswer, int *nons)
{
- if (alg == 1)
+ unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
+ int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
+ int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
+ int nsec_type = 0, have_answer = 0;
+
+ if (neganswer)
+ *neganswer = 0;
+
+ if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
+ return STAT_BOGUS;
+
+ if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
+ return STAT_INSECURE;
+
+ qname = p1 = (unsigned char *)(header+1);
+
+ if (!extract_name(header, plen, &p1, name, 1, 4))
+ return STAT_BOGUS;
+
+ GETSHORT(qtype, p1);
+ GETSHORT(qclass, p1);
+ ans_start = p1;
+
+ if (qtype == T_ANY)
+ have_answer = 1;
+
+ /* Can't validate an RRISG query */
+ if (qtype == T_RRSIG)
+ return STAT_INSECURE;
+
+ cname_loop:
+ for (j = ntohs(header->ancount); j != 0; j--)
{
- /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
- See RFC4034, Appendix B.1 */
- return rdata[rdlen-3] * 256 + rdata[rdlen-2];
+ /* leave pointer to missing name in qname */
+
+ if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type2, p1);
+ GETSHORT(class2, p1);
+ p1 += 4; /* TTL */
+ GETSHORT(rdlen2, p1);
+
+ if (rc == 1 && qclass == class2)
+ {
+ /* Do we have an answer for the question? */
+ if (type2 == qtype)
+ {
+ have_answer = 1;
+ break;
+ }
+ else if (type2 == T_CNAME)
+ {
+ qname = p1;
+
+ /* looped CNAMES */
+ if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
+ return STAT_BOGUS;
+
+ p1 = ans_start;
+ goto cname_loop;
+ }
+ }
+
+ if (!ADD_RDLEN(header, p1, plen, rdlen2))
+ return STAT_BOGUS;
}
- else
- {
- unsigned long ac;
- int i;
+
+ if (neganswer && !have_answer)
+ *neganswer = 1;
- ac = 0;
- for (i = 0; i < rdlen; ++i)
- ac += (i & 1) ? rdata[i] : rdata[i] << 8;
- ac += (ac >> 16) & 0xFFFF;
- return ac & 0xFFFF;
+ /* No data, therefore no sigs */
+ if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
+ return STAT_NO_SIG;
+
+ for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
+ {
+ if (!extract_name(header, plen, &p1, name, 1, 10))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type1, p1);
+ GETSHORT(class1, p1);
+ p1 += 4; /* TTL */
+ GETSHORT(rdlen1, p1);
+
+ /* Don't try and validate RRSIGs! */
+ if (type1 != T_RRSIG)
+ {
+ /* Check if we've done this RRset already */
+ for (p2 = ans_start, j = 0; j < i; j++)
+ {
+ if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type2, p2);
+ GETSHORT(class2, p2);
+ p2 += 4; /* TTL */
+ GETSHORT(rdlen2, p2);
+
+ if (type2 == type1 && class2 == class1 && rc == 1)
+ break; /* Done it before: name, type, class all match. */
+
+ if (!ADD_RDLEN(header, p2, plen, rdlen2))
+ return STAT_BOGUS;
+ }
+
+ /* Not done, validate now */
+ if (j == i)
+ {
+ int ttl, keytag, algo, digest, type_covered;
+ unsigned char *psave;
+ struct all_addr a;
+ struct blockdata *key;
+ struct crec *crecp;
+ char *wildname;
+ int have_wildcard = 0;
+
+ rc = validate_rrset(now, header, plen, class1, type1, name, keyname, &wildname, NULL, 0, 0, 0);
+
+ if (rc == STAT_SECURE_WILDCARD)
+ {
+ have_wildcard = 1;
+
+ /* An attacker replay a wildcard answer with a different
+ answer and overlay a genuine RR. To prove this
+ hasn't happened, the answer must prove that
+ the gennuine record doesn't exist. Check that here. */
+ if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
+ return STAT_BOGUS; /* No NSECs or bad packet */
+
+ if (nsec_type == T_NSEC)
+ rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1, NULL);
+ else
+ rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename,
+ keyname, name, type1, wildname, NULL);
+
+ if (rc != STAT_SECURE)
+ return rc;
+ }
+ else if (rc != STAT_SECURE)
+ {
+ if (class)
+ *class = class1; /* Class for DS or DNSKEY */
+ return rc;
+ }
+
+ /* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
+ cache_start_insert();
+
+ for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
+ {
+ if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type2, p2);
+ GETSHORT(class2, p2);
+ GETLONG(ttl, p2);
+ GETSHORT(rdlen2, p2);
+
+ if (!CHECK_LEN(header, p2, plen, rdlen2))
+ return STAT_BOGUS; /* bad packet */
+
+ if (class2 == class1 && rc == 1)
+ {
+ psave = p2;
+
+ if (type1 == T_DS && type2 == T_DS)
+ {
+ if (rdlen2 < 4)
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(keytag, p2);
+ algo = *p2++;
+ digest = *p2++;
+
+ /* Cache needs to known class for DNSSEC stuff */
+ a.addr.dnssec.class = class2;
+
+ if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
+ {
+ if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
+ blockdata_free(key);
+ else
+ {
+ a.addr.keytag = keytag;
+ log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
+ crecp->addr.ds.digest = digest;
+ crecp->addr.ds.keydata = key;
+ crecp->addr.ds.algo = algo;
+ crecp->addr.ds.keytag = keytag;
+ crecp->addr.ds.keylen = rdlen2 - 4;
+ }
+ }
+ }
+ else if (type2 == T_RRSIG)
+ {
+ if (rdlen2 < 18)
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type_covered, p2);
+
+ if (type_covered == type1 &&
+ (type_covered == T_A || type_covered == T_AAAA ||
+ type_covered == T_CNAME || type_covered == T_DS ||
+ type_covered == T_DNSKEY || type_covered == T_PTR))
+ {
+ a.addr.dnssec.type = type_covered;
+ a.addr.dnssec.class = class1;
+
+ algo = *p2++;
+ p2 += 13; /* labels, orig_ttl, expiration, inception */
+ GETSHORT(keytag, p2);
+
+ /* We don't cache sigs for wildcard answers, because to reproduce the
+ answer from the cache will require one or more NSEC/NSEC3 records
+ which we don't cache. The lack of the RRSIG ensures that a query for
+ this RRset asking for a secure answer will always be forwarded. */
+ if (!have_wildcard && (key = blockdata_alloc((char*)psave, rdlen2)))
+ {
+ if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
+ blockdata_free(key);
+ else
+ {
+ crecp->addr.sig.keydata = key;
+ crecp->addr.sig.keylen = rdlen2;
+ crecp->addr.sig.keytag = keytag;
+ crecp->addr.sig.type_covered = type_covered;
+ crecp->addr.sig.algo = algo;
+ }
+ }
+ }
+ }
+
+ p2 = psave;
+ }
+
+ if (!ADD_RDLEN(header, p2, plen, rdlen2))
+ return STAT_BOGUS; /* bad packet */
+ }
+
+ cache_end_insert();
+ }
+ }
+
+ if (!ADD_RDLEN(header, p1, plen, rdlen1))
+ return STAT_BOGUS;
}
-}
-
-/* Check if the DS record (from cache) points to the DNSKEY record (from cache) */
-static int dnskey_ds_match(struct crec *dnskey, struct crec *ds)
-{
- if (dnskey->addr.key.keytag != ds->addr.key.keytag)
- return 0;
- if (dnskey->addr.key.algo != ds->addr.key.algo)
- return 0;
-
- unsigned char owner[MAXCDNAME]; /* TODO: user part of daemon->namebuff */
- int owner_len = convert_domain_to_wire(cache_get_name(ds), owner);
- size_t keylen = dnskey->uid;
- int dig = ds->uid;
- int digsize;
- if (!digestalg_begin(dig))
- return 0;
- digsize = digestalg_len();
- digestalg_add_data(owner, owner_len);
- digestalg_add_data("\x01\x01\x03", 3);
- digestalg_add_data(&ds->addr.key.algo, 1);
- digestalg_add_keydata(dnskey->addr.key.keydata, keylen);
- return (memcmp(digestalg_final(), ds->addr.key.keydata->key, digsize) == 0);
+ /* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
+ if (have_answer)
+ return STAT_SECURE;
+
+ /* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
+ /* First marshall the NSEC records, if we've not done it previously */
+ if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
+ return STAT_NO_SIG; /* No NSECs, this is probably a dangling CNAME pointing into
+ an unsigned zone. Return STAT_NO_SIG to cause this to be proved. */
+
+ /* Get name of missing answer */
+ if (!extract_name(header, plen, &qname, name, 1, 0))
+ return STAT_BOGUS;
+
+ if (nsec_type == T_NSEC)
+ return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, nons);
+ else
+ return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype, NULL, nons);
}
-int dnssec_parsekey(struct dns_header *header, size_t pktlen, char *owner, unsigned long ttl,
- int rdlen, unsigned char *rdata)
+/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
+ Needed for proving answer in unsigned space.
+ Return STAT_NEED_*
+ STAT_BOGUS - error
+ STAT_INSECURE - name of first non-secure record in name
+*/
+int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
{
- int flags, proto, alg;
- struct blockdata *key; struct crec *crecp;
- unsigned char *ordata = rdata; int ordlen = rdlen;
+ unsigned char *p = (unsigned char *)(header+1);
+ int type, class, qclass, rdlen, j, rc;
+ int cname_count = CNAME_CHAIN;
- CHECKED_GETSHORT(flags, rdata, rdlen);
- CHECKED_GETCHAR(proto, rdata, rdlen);
- CHECKED_GETCHAR(alg, rdata, rdlen);
+ /* Get question */
+ if (!extract_name(header, plen, &p, name, 1, 4))
+ return STAT_BOGUS;
+
+ p +=2; /* type */
+ GETSHORT(qclass, p);
- if (proto != 3)
- return 0;
- /* Skip non-signing keys (as specified in RFC4034 */
- if (!(flags & 0x100))
- return 0;
+ while (1)
+ {
+ for (j = ntohs(header->ancount); j != 0; j--)
+ {
+ if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
+ return STAT_BOGUS; /* bad packet */
+
+ GETSHORT(type, p);
+ GETSHORT(class, p);
+ p += 4; /* TTL */
+ GETSHORT(rdlen, p);
+
+ /* Not target, loop */
+ if (rc == 2 || qclass != class)
+ {
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ return STAT_BOGUS;
+ continue;
+ }
+
+ /* Got to end of CNAME chain. */
+ if (type != T_CNAME)
+ return STAT_INSECURE;
+
+ /* validate CNAME chain, return if insecure or need more data */
+ rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, NULL, 0, 0, 0);
+ if (rc != STAT_SECURE)
+ {
+ if (rc == STAT_NO_SIG)
+ rc = STAT_INSECURE;
+ return rc;
+ }
+
+ /* Loop down CNAME chain/ */
+ if (!cname_count-- ||
+ !extract_name(header, plen, &p, name, 1, 0) ||
+ !(p = skip_questions(header, plen)))
+ return STAT_BOGUS;
+
+ break;
+ }
+
+ /* End of CNAME chain */
+ return STAT_INSECURE;
+ }
+}
- key = blockdata_alloc((char*)rdata, rdlen);
- /* TODO: time(0) is correct here? */
- crecp = cache_insert(owner, NULL, time(0), ttl, F_FORWARD | F_DNSKEY);
- if (crecp)
+/* Compute keytag (checksum to quickly index a key). See RFC4034 */
+int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
+{
+ if (alg == 1)
{
- /* TODO: improve union not to name "uid" this field */
- crecp->uid = rdlen;
- crecp->addr.key.keydata = key;
- crecp->addr.key.algo = alg;
- crecp->addr.key.keytag = dnskey_keytag(alg, ordata, ordlen);
- printf("DNSKEY: storing key for %s (keytag: %d)\n", owner, crecp->addr.key.keytag);
+ /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
+ See RFC4034, Appendix B.1 */
+ return key[keylen-4] * 256 + key[keylen-3];
}
else
{
- blockdata_free(key);
- /* TODO: if insertion really might fail, verify we don't depend on cache
- insertion success for validation workflow correctness */
- printf("DNSKEY: cache insertion failure\n");
- return 0;
+ unsigned long ac = flags + 0x300 + alg;
+ int i;
+
+ for (i = 0; i < keylen; ++i)
+ ac += (i & 1) ? key[i] : key[i] << 8;
+
+ ac += (ac >> 16) & 0xffff;
+ return ac & 0xffff;
}
- return 1;
}
-int dnssec_parseds(struct dns_header *header, size_t pktlen, char *owner, unsigned long ttl,
- int rdlen, unsigned char *rdata)
+size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
{
- int keytag, algo, dig;
- struct blockdata *key; struct crec *crec_ds, *crec_key;
-
- CHECKED_GETSHORT(keytag, rdata, rdlen);
- CHECKED_GETCHAR(algo, rdata, rdlen);
- CHECKED_GETCHAR(dig, rdata, rdlen);
+ unsigned char *p;
+ char *types = querystr("dnssec-query", type);
- if (!digestalg_supported(dig))
- return 0;
+ if (addr->sa.sa_family == AF_INET)
+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
+#ifdef HAVE_IPV6
+ else
+ log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
+#endif
+
+ header->qdcount = htons(1);
+ header->ancount = htons(0);
+ header->nscount = htons(0);
+ header->arcount = htons(0);
+
+ header->hb3 = HB3_RD;
+ SET_OPCODE(header, QUERY);
+ /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
+ this allows it to select auth servers when one is returning bad data. */
+ header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
+
+ /* ID filled in later */
+
+ p = (unsigned char *)(header+1);
+
+ p = do_rfc1035_name(p, name);
+ *p++ = 0;
+ PUTSHORT(type, p);
+ PUTSHORT(class, p);
+
+ return add_do_bit(header, p - (unsigned char *)header, end);
+}
- key = blockdata_alloc((char*)rdata, rdlen);
+/* Go through a domain name, find "pointers" and fix them up based on how many bytes
+ we've chopped out of the packet, or check they don't point into an elided part. */
+static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
+{
+ unsigned char *ansp = *namep;
- /* TODO: time(0) is correct here? */
- crec_ds = cache_insert(owner, NULL, time(0), ttl, F_FORWARD | F_DS);
- if (!crec_ds)
+ while(1)
{
- blockdata_free(key);
- /* TODO: if insertion really might fail, verify we don't depend on cache
- insertion success for validation workflow correctness */
- printf("DS: cache insertion failure\n");
- return 0;
+ unsigned int label_type;
+
+ if (!CHECK_LEN(header, ansp, plen, 1))
+ return 0;
+
+ label_type = (*ansp) & 0xc0;
+
+ if (label_type == 0xc0)
+ {
+ /* pointer for compression. */
+ unsigned int offset;
+ int i;
+ unsigned char *p;
+
+ if (!CHECK_LEN(header, ansp, plen, 2))
+ return 0;
+
+ offset = ((*ansp++) & 0x3f) << 8;
+ offset |= *ansp++;
+
+ p = offset + (unsigned char *)header;
+
+ for (i = 0; i < rr_count; i++)
+ if (p < rrs[i])
+ break;
+ else
+ if (i & 1)
+ offset -= rrs[i] - rrs[i-1];
+
+ /* does the pointer end up in an elided RR? */
+ if (i & 1)
+ return 0;
+
+ /* No, scale the pointer */
+ if (fixup)
+ {
+ ansp -= 2;
+ *ansp++ = (offset >> 8) | 0xc0;
+ *ansp++ = offset & 0xff;
+ }
+ break;
+ }
+ else if (label_type == 0x80)
+ return 0; /* reserved */
+ else if (label_type == 0x40)
+ {
+ /* Extended label type */
+ unsigned int count;
+
+ if (!CHECK_LEN(header, ansp, plen, 2))
+ return 0;
+
+ if (((*ansp++) & 0x3f) != 1)
+ return 0; /* we only understand bitstrings */
+
+ count = *(ansp++); /* Bits in bitstring */
+
+ if (count == 0) /* count == 0 means 256 bits */
+ ansp += 32;
+ else
+ ansp += ((count-1)>>3)+1;
+ }
+ else
+ { /* label type == 0 Bottom six bits is length */
+ unsigned int len = (*ansp++) & 0x3f;
+
+ if (!ADD_RDLEN(header, ansp, plen, len))
+ return 0;
+
+ if (len == 0)
+ break; /* zero length label marks the end. */
+ }
}
- /* TODO: improve union not to name "uid" this field */
- crec_ds->uid = dig;
- crec_ds->addr.key.keydata = key;
- crec_ds->addr.key.algo = algo;
- crec_ds->addr.key.keytag = keytag;
- printf("DS: storing key for %s (digest: %d)\n", owner, dig);
+ *namep = ansp;
- /* Now try to find a DNSKEY which matches this DS digest. */
- printf("Looking for a DNSKEY matching DS %d...\n", keytag);
- crec_key = NULL;
- while ((crec_key = cache_find_by_name(crec_key, owner, time(0), F_DNSKEY))) /* TODO: time(0) */
+ return 1;
+}
+
+/* Go through RRs and check or fixup the domain names contained within */
+static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
+{
+ int i, type, class, rdlen;
+ unsigned char *pp;
+
+ for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount); i++)
{
- if (dnskey_ds_match(crec_key, crec_ds))
- {
- /* TODO: create a link within the cache: ds => dnskey */
- printf("MATCH FOUND for keytag %d\n", keytag);
- return 1;
- }
- }
+ pp = p;
+
+ if (!(p = skip_name(p, header, plen, 10)))
+ return 0;
+
+ GETSHORT(type, p);
+ GETSHORT(class, p);
+ p += 4; /* TTL */
+ GETSHORT(rdlen, p);
- printf("ERROR: match not found for DS %d (owner: %s)\n", keytag, owner);
- return 0;
+ if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
+ {
+ /* fixup name of RR */
+ if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
+ return 0;
+
+ if (class == C_IN)
+ {
+ u16 *d;
+
+ for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
+ {
+ if (*d != 0)
+ pp += *d;
+ else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
+ return 0;
+ }
+ }
+ }
+
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ return 0;
+ }
+
+ return 1;
}
+
-int dnssec1_validate(struct dns_header *header, size_t pktlen)
+size_t filter_rrsigs(struct dns_header *header, size_t plen)
{
- unsigned char *p, *reply;
- char *owner = daemon->namebuff;
- int i, s, qtype, qclass, rdlen;
- unsigned long ttl;
- int slen[3] = { ntohs(header->ancount), ntohs(header->nscount), ntohs(header->arcount) };
-
- if (slen[0] + slen[1] + slen[2] == 0)
- return 0;
- if (!(reply = p = skip_questions(header, pktlen)))
- return 0;
+ static unsigned char **rrs;
+ static int rr_sz = 0;
+
+ unsigned char *p = (unsigned char *)(header+1);
+ int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns, chop_ar;
- /* First, process DNSKEY/DS records and add them to the cache. */
- cache_start_insert();
- for (i = 0; i < slen[0]; i++)
+ if (ntohs(header->qdcount) != 1 ||
+ !(p = skip_name(p, header, plen, 4)))
+ return plen;
+
+ GETSHORT(qtype, p);
+ GETSHORT(qclass, p);
+
+ /* First pass, find pointers to start and end of all the records we wish to elide:
+ records added for DNSSEC, unless explicity queried for */
+ for (rr_found = 0, chop_ns = 0, chop_an = 0, chop_ar = 0, i = 0;
+ i < ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount);
+ i++)
{
- if (!extract_name(header, pktlen, &p, owner, 1, 10))
- return 0;
- GETSHORT(qtype, p);
- GETSHORT(qclass, p);
- GETLONG(ttl, p);
+ unsigned char *pstart = p;
+ int type, class;
+
+ if (!(p = skip_name(p, header, plen, 10)))
+ return plen;
+
+ GETSHORT(type, p);
+ GETSHORT(class, p);
+ p += 4; /* TTL */
GETSHORT(rdlen, p);
- if (qtype == T_DS)
- {
- printf("DS found\n");
- dnssec_parseds(header, pktlen, owner, ttl, rdlen, p);
- }
- else if (qtype == T_DNSKEY)
- {
- printf("DNSKEY found\n");
- dnssec_parsekey(header, pktlen, owner, ttl, rdlen, p);
- }
- p += rdlen;
+
+ if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
+ (type != qtype || class != qclass))
+ {
+ if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
+ return plen;
+
+ rrs[rr_found++] = pstart;
+
+ if (!ADD_RDLEN(header, p, plen, rdlen))
+ return plen;
+
+ rrs[rr_found++] = p;
+
+ if (i < ntohs(header->ancount))
+ chop_an++;
+ else if (i < (ntohs(header->nscount) + ntohs(header->ancount)))
+ chop_ns++;
+ else
+ chop_ar++;
+ }
+ else if (!ADD_RDLEN(header, p, plen, rdlen))
+ return plen;
}
- cache_end_insert();
-
- /* After we have cached DNSKEY/DS records, start looking for RRSIGs.
- We want to do this in a separate step because we want the cache
- to be already populated with DNSKEYs before parsing signatures. */
- p = reply;
- for (s = 0; s < 3; ++s)
+
+ /* Nothing to do. */
+ if (rr_found == 0)
+ return plen;
+
+ /* Second pass, look for pointers in names in the records we're keeping and make sure they don't
+ point to records we're going to elide. This is theoretically possible, but unlikely. If
+ it happens, we give up and leave the answer unchanged. */
+ p = (unsigned char *)(header+1);
+
+ /* question first */
+ if (!check_name(&p, header, plen, 0, rrs, rr_found))
+ return plen;
+ p += 4; /* qclass, qtype */
+
+ /* Now answers and NS */
+ if (!check_rrs(p, header, plen, 0, rrs, rr_found))
+ return plen;
+
+ /* Third pass, elide records */
+ for (p = rrs[0], i = 1; i < rr_found; i += 2)
{
- reply = p;
- for (i = 0; i < slen[s]; i++)
- {
- if (!extract_name(header, pktlen, &p, owner, 1, 10))
- return 0;
- GETSHORT(qtype, p);
- GETSHORT(qclass, p);
- GETLONG(ttl, p);
- GETSHORT(rdlen, p);
- if (qtype == T_RRSIG)
- {
- printf("RRSIG found (owner: %s)\n", owner);
- /* TODO: missing logic. We should only validate RRSIGs for which we
- have a valid DNSKEY that is referenced by a DS record upstream.
- There is a memory vs CPU conflict here; should we validate everything
- to save memory and thus waste CPU, or better first acquire all information
- (wasting memory) and then doing the minimum CPU computations required? */
- dnssec_parserrsig(header, pktlen, reply, slen[s], owner, qclass, rdlen, p);
- }
- p += rdlen;
- }
+ unsigned char *start = rrs[i];
+ unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
+
+ memmove(p, start, end-start);
+ p += end-start;
}
+
+ plen = p - (unsigned char *)header;
+ header->ancount = htons(ntohs(header->ancount) - chop_an);
+ header->nscount = htons(ntohs(header->nscount) - chop_ns);
+ header->arcount = htons(ntohs(header->arcount) - chop_ar);
+
+ /* Fourth pass, fix up pointers in the remaining records */
+ p = (unsigned char *)(header+1);
+
+ check_name(&p, header, plen, 1, rrs, rr_found);
+ p += 4; /* qclass, qtype */
+
+ check_rrs(p, header, plen, 1, rrs, rr_found);
+
+ return plen;
+}
- return 1;
+unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
+{
+ int q;
+ unsigned int len;
+ unsigned char *p = (unsigned char *)(header+1);
+ const struct nettle_hash *hash;
+ void *ctx;
+ unsigned char *digest;
+
+ if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
+ return NULL;
+
+ for (q = ntohs(header->qdcount); q != 0; q--)
+ {
+ if (!extract_name(header, plen, &p, name, 1, 4))
+ break; /* bad packet */
+
+ len = to_wire(name);
+ hash->update(ctx, len, (unsigned char *)name);
+ /* CRC the class and type as well */
+ hash->update(ctx, 4, p);
+
+ p += 4;
+ if (!CHECK_LEN(header, p, plen, 0))
+ break; /* bad packet */
+ }
+
+ hash->digest(ctx, hash->digest_size, digest);
+ return digest;
}
+
+#endif /* HAVE_DNSSEC */