]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hwdb: Update database of Bluetooth company identifiers
[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c
CommitLineData
2b442ac8
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2015 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <gcrypt.h>
23
24#include "alloc-util.h"
25#include "dns-domain.h"
72667f08 26#include "hexdecoct.h"
2b442ac8
LP		 27#include "resolved-dns-dnssec.h"
28#include "resolved-dns-packet.h"
24710c48 29#include "string-table.h"
2b442ac8
LP		 30
31/* Open question:
32 *
33 * How does the DNSSEC canonical form of a hostname with a label
34 * containing a dot look like, the way DNS-SD does it?
35 *
2cd87277
LP		 36 * TODO:
37 *
bb1fa242 38 * - Make trust anchor store read additional DS+DNSKEY data from disk
3ecc3df8 39 * - wildcard zones compatibility (NSEC/NSEC3 wildcard check is missing)
bb1fa242 40 * - multi-label zone compatibility
3e92a719 41 * - cname/dname compatibility
bb1fa242 42 * - per-interface DNSSEC setting
73b8d8e9 43 * - fix TTL for cache entries to match RRSIG TTL
3e92a719 44 * - retry on failed validation?
2cd87277
LP		 45 * - DSA support
46 * - EC support?
47 *
2b442ac8
LP		 48 * */
49
50#define VERIFY_RRS_MAX 256
51#define MAX_KEY_SIZE (32*1024)
52
896c5672
LP		 53/* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
54#define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
55
2b442ac8
LP		 56/*
57 * The DNSSEC Chain of trust:
58 *
59 * Normal RRs are protected via RRSIG RRs in combination with DNSKEY RRs, all in the same zone
60 * DNSKEY RRs are either protected like normal RRs, or via a DS from a zone "higher" up the tree
61 * DS RRs are protected like normal RRs
62 *
63 * Example chain:
64 * Normal RR → RRSIG/DNSKEY+ → DS → RRSIG/DNSKEY+ → DS → ... → DS → RRSIG/DNSKEY+ → DS
65 */
66
0638401a
LP		 67static void initialize_libgcrypt(void) {
68 const char *p;
69
70 if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
71 return;
72
73 p = gcry_check_version("1.4.5");
74 assert(p);
75
76 gcry_control(GCRYCTL_DISABLE_SECMEM);
77 gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
78}
79
2b442ac8 80static bool dnssec_algorithm_supported(int algorithm) {
964ef14c
LP		 81 return IN_SET(algorithm,
82 DNSSEC_ALGORITHM_RSASHA1,
83 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
84 DNSSEC_ALGORITHM_RSASHA256,
85 DNSSEC_ALGORITHM_RSASHA512);
2b442ac8
LP		 86}
87
2b442ac8
LP		 88uint16_t dnssec_keytag(DnsResourceRecord *dnskey) {
89 const uint8_t *p;
90 uint32_t sum;
91 size_t i;
92
93 /* The algorithm from RFC 4034, Appendix B. */
94
95 assert(dnskey);
96 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
97
98 sum = (uint32_t) dnskey->dnskey.flags +
99 ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);
100
101 p = dnskey->dnskey.key;
102
103 for (i = 0; i < dnskey->dnskey.key_size; i++)
104 sum += (i & 1) == 0 ? (uint32_t) p[i] << 8 : (uint32_t) p[i];
105
106 sum += (sum >> 16) & UINT32_C(0xFFFF);
107
108 return sum & UINT32_C(0xFFFF);
109}
110
111static int rr_compare(const void *a, const void *b) {
112 DnsResourceRecord **x = (DnsResourceRecord**) a, **y = (DnsResourceRecord**) b;
113 size_t m;
114 int r;
115
116 /* Let's order the RRs according to RFC 4034, Section 6.3 */
117
118 assert(x);
119 assert(*x);
120 assert((*x)->wire_format);
121 assert(y);
122 assert(*y);
123 assert((*y)->wire_format);
124
125 m = MIN((*x)->wire_format_size, (*y)->wire_format_size);
126
127 r = memcmp((*x)->wire_format, (*y)->wire_format, m);
128 if (r != 0)
129 return r;
130
131 if ((*x)->wire_format_size < (*y)->wire_format_size)
132 return -1;
133 else if ((*x)->wire_format_size > (*y)->wire_format_size)
134 return 1;
135
136 return 0;
137}
138
139static int dnssec_rsa_verify(
140 const char *hash_algorithm,
141 const void *signature, size_t signature_size,
142 const void *data, size_t data_size,
143 const void *exponent, size_t exponent_size,
144 const void *modulus, size_t modulus_size) {
145
146 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
147 gcry_mpi_t n = NULL, e = NULL, s = NULL;
148 gcry_error_t ge;
149 int r;
150
151 assert(hash_algorithm);
152
153 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature, signature_size, NULL);
154 if (ge != 0) {
155 r = -EIO;
156 goto finish;
157 }
158
159 ge = gcry_mpi_scan(&e, GCRYMPI_FMT_USG, exponent, exponent_size, NULL);
160 if (ge != 0) {
161 r = -EIO;
162 goto finish;
163 }
164
165 ge = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, modulus, modulus_size, NULL);
166 if (ge != 0) {
167 r = -EIO;
168 goto finish;
169 }
170
171 ge = gcry_sexp_build(&signature_sexp,
172 NULL,
173 "(sig-val (rsa (s %m)))",
174 s);
175
176 if (ge != 0) {
177 r = -EIO;
178 goto finish;
179 }
180
181 ge = gcry_sexp_build(&data_sexp,
182 NULL,
183 "(data (flags pkcs1) (hash %s %b))",
184 hash_algorithm,
185 (int) data_size,
186 data);
187 if (ge != 0) {
188 r = -EIO;
189 goto finish;
190 }
191
192 ge = gcry_sexp_build(&public_key_sexp,
193 NULL,
194 "(public-key (rsa (n %m) (e %m)))",
195 n,
196 e);
197 if (ge != 0) {
198 r = -EIO;
199 goto finish;
200 }
201
202 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
d12bf2bd 203 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
2b442ac8 204 r = 0;
d12bf2bd
LP		 205 else if (ge != 0) {
206 log_debug("RSA signature check failed: %s", gpg_strerror(ge));
2b442ac8 207 r = -EIO;
d12bf2bd 208 } else
2b442ac8
LP		 209 r = 1;
210
211finish:
212 if (e)
213 gcry_mpi_release(e);
214 if (n)
215 gcry_mpi_release(n);
216 if (s)
217 gcry_mpi_release(s);
218
219 if (public_key_sexp)
220 gcry_sexp_release(public_key_sexp);
221 if (signature_sexp)
222 gcry_sexp_release(signature_sexp);
223 if (data_sexp)
224 gcry_sexp_release(data_sexp);
225
226 return r;
227}
228
229static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
230 gcry_md_write(md, &v, sizeof(v));
231}
232
233static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
234 v = htobe16(v);
235 gcry_md_write(md, &v, sizeof(v));
236}
237
238static void md_add_uint32(gcry_md_hd_t md, uint32_t v) {
239 v = htobe32(v);
240 gcry_md_write(md, &v, sizeof(v));
241}
242
2a326321
LP		 243static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
244 usec_t expiration, inception, skew;
245
246 assert(rrsig);
247 assert(rrsig->key->type == DNS_TYPE_RRSIG);
248
249 if (realtime == USEC_INFINITY)
250 realtime = now(CLOCK_REALTIME);
251
252 expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
253 inception = rrsig->rrsig.inception * USEC_PER_SEC;
254
255 if (inception > expiration)
2a44bec4 256 return -EKEYREJECTED;
2a326321 257
896c5672
LP		 258 /* Permit a certain amount of clock skew of 10% of the valid
259 * time range. This takes inspiration from unbound's
260 * resolver. */
2a326321 261 skew = (expiration - inception) / 10;
896c5672
LP		 262 if (skew > SKEW_MAX)
263 skew = SKEW_MAX;
2a326321
LP		 264
265 if (inception < skew)
266 inception = 0;
267 else
268 inception -= skew;
269
270 if (expiration + skew < expiration)
271 expiration = USEC_INFINITY;
272 else
273 expiration += skew;
274
275 return realtime < inception || realtime > expiration;
276}
277
278int dnssec_verify_rrset(
279 DnsAnswer *a,
280 DnsResourceKey *key,
281 DnsResourceRecord *rrsig,
282 DnsResourceRecord *dnskey,
547973de
LP		 283 usec_t realtime,
284 DnssecResult *result) {
2a326321 285
2b442ac8
LP		 286 uint8_t wire_format_name[DNS_WIRE_FOMAT_HOSTNAME_MAX];
287 size_t exponent_size, modulus_size, hash_size;
288 void *exponent, *modulus, *hash;
289 DnsResourceRecord **list, *rr;
290 gcry_md_hd_t md = NULL;
291 size_t k, n = 0;
292 int r;
293
294 assert(key);
295 assert(rrsig);
296 assert(dnskey);
547973de 297 assert(result);
2a326321
LP		 298 assert(rrsig->key->type == DNS_TYPE_RRSIG);
299 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
2b442ac8
LP		 300
301 /* Verifies the the RRSet matching the specified "key" in "a",
302 * using the signature "rrsig" and the key "dnskey". It's
303 * assumed the RRSIG and DNSKEY match. */
304
203f1b35
LP		 305 if (!dnssec_algorithm_supported(rrsig->rrsig.algorithm)) {
306 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
307 return 0;
308 }
2b442ac8
LP		 309
310 if (a->n_rrs > VERIFY_RRS_MAX)
311 return -E2BIG;
312
2a326321
LP		 313 r = dnssec_rrsig_expired(rrsig, realtime);
314 if (r < 0)
315 return r;
547973de
LP		 316 if (r > 0) {
317 *result = DNSSEC_SIGNATURE_EXPIRED;
318 return 0;
319 }
2a326321 320
2b442ac8
LP		 321 /* Collect all relevant RRs in a single array, so that we can look at the RRset */
322 list = newa(DnsResourceRecord *, a->n_rrs);
323
324 DNS_ANSWER_FOREACH(rr, a) {
325 r = dns_resource_key_equal(key, rr->key);
326 if (r < 0)
327 return r;
328 if (r == 0)
329 continue;
330
331 /* We need the wire format for ordering, and digest calculation */
332 r = dns_resource_record_to_wire_format(rr, true);
333 if (r < 0)
334 return r;
335
336 list[n++] = rr;
337 }
338
339 if (n <= 0)
340 return -ENODATA;
341
342 /* Bring the RRs into canonical order */
6c5e8fbf 343 qsort_safe(list, n, sizeof(DnsResourceRecord*), rr_compare);
2b442ac8 344
0638401a
LP		 345 initialize_libgcrypt();
346
2b442ac8
LP		 347 /* OK, the RRs are now in canonical order. Let's calculate the digest */
348 switch (rrsig->rrsig.algorithm) {
349
350 case DNSSEC_ALGORITHM_RSASHA1:
964ef14c 351 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
2b442ac8
LP		 352 gcry_md_open(&md, GCRY_MD_SHA1, 0);
353 hash_size = 20;
354 break;
355
356 case DNSSEC_ALGORITHM_RSASHA256:
357 gcry_md_open(&md, GCRY_MD_SHA256, 0);
358 hash_size = 32;
359 break;
360
361 case DNSSEC_ALGORITHM_RSASHA512:
362 gcry_md_open(&md, GCRY_MD_SHA512, 0);
363 hash_size = 64;
364 break;
365
366 default:
367 assert_not_reached("Unknown digest");
368 }
369
370 if (!md)
371 return -EIO;
372
373 md_add_uint16(md, rrsig->rrsig.type_covered);
374 md_add_uint8(md, rrsig->rrsig.algorithm);
375 md_add_uint8(md, rrsig->rrsig.labels);
376 md_add_uint32(md, rrsig->rrsig.original_ttl);
377 md_add_uint32(md, rrsig->rrsig.expiration);
378 md_add_uint32(md, rrsig->rrsig.inception);
379 md_add_uint16(md, rrsig->rrsig.key_tag);
380
381 r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
382 if (r < 0)
383 goto finish;
384 gcry_md_write(md, wire_format_name, r);
385
386 for (k = 0; k < n; k++) {
e7ff0e0b 387 const char *suffix;
2b442ac8
LP		 388 size_t l;
389 rr = list[k];
390
e7ff0e0b
LP		 391 r = dns_name_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rrsig->rrsig.labels, &suffix);
392 if (r < 0)
393 goto finish;
394 if (r > 0) /* This is a wildcard! */
395 gcry_md_write(md, (uint8_t[]) { 1, '*'}, 2);
396
397 r = dns_name_to_wire_format(suffix, wire_format_name, sizeof(wire_format_name), true);
2b442ac8
LP		 398 if (r < 0)
399 goto finish;
400 gcry_md_write(md, wire_format_name, r);
401
402 md_add_uint16(md, rr->key->type);
403 md_add_uint16(md, rr->key->class);
404 md_add_uint32(md, rrsig->rrsig.original_ttl);
405
406 assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
407 l = rr->wire_format_size - rr->wire_format_rdata_offset;
408 assert(l <= 0xFFFF);
409
410 md_add_uint16(md, (uint16_t) l);
411 gcry_md_write(md, (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset, l);
412 }
413
414 hash = gcry_md_read(md, 0);
415 if (!hash) {
416 r = -EIO;
417 goto finish;
418 }
419
420 if (*(uint8_t*) dnskey->dnskey.key == 0) {
421 /* exponent is > 255 bytes long */
422
423 exponent = (uint8_t*) dnskey->dnskey.key + 3;
424 exponent_size =
425 ((size_t) (((uint8_t*) dnskey->dnskey.key)[0]) << 8) |
426 ((size_t) ((uint8_t*) dnskey->dnskey.key)[1]);
427
428 if (exponent_size < 256) {
429 r = -EINVAL;
430 goto finish;
431 }
432
433 if (3 + exponent_size >= dnskey->dnskey.key_size) {
434 r = -EINVAL;
435 goto finish;
436 }
437
438 modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;
439 modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;
440
441 } else {
442 /* exponent is <= 255 bytes long */
443
444 exponent = (uint8_t*) dnskey->dnskey.key + 1;
445 exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];
446
447 if (exponent_size <= 0) {
448 r = -EINVAL;
449 goto finish;
450 }
451
452 if (1 + exponent_size >= dnskey->dnskey.key_size) {
453 r = -EINVAL;
454 goto finish;
455 }
456
457 modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;
458 modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;
459 }
460
461 r = dnssec_rsa_verify(
462 gcry_md_algo_name(gcry_md_get_algo(md)),
463 rrsig->rrsig.signature, rrsig->rrsig.signature_size,
464 hash, hash_size,
465 exponent, exponent_size,
466 modulus, modulus_size);
467 if (r < 0)
468 goto finish;
469
547973de
LP		 470 *result = r ? DNSSEC_VALIDATED : DNSSEC_INVALID;
471 r = 0;
2b442ac8
LP		 472
473finish:
474 gcry_md_close(md);
475 return r;
476}
477
478int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey) {
479
480 assert(rrsig);
481 assert(dnskey);
482
483 /* Checks if the specified DNSKEY RR matches the key used for
484 * the signature in the specified RRSIG RR */
485
486 if (rrsig->key->type != DNS_TYPE_RRSIG)
487 return -EINVAL;
488
489 if (dnskey->key->type != DNS_TYPE_DNSKEY)
490 return 0;
491 if (dnskey->key->class != rrsig->key->class)
492 return 0;
493 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
494 return 0;
495 if (dnskey->dnskey.protocol != 3)
496 return 0;
497 if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)
498 return 0;
499
500 if (dnssec_keytag(dnskey) != rrsig->rrsig.key_tag)
501 return 0;
502
15accc27 503 return dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), rrsig->rrsig.signer);
2b442ac8
LP		 504}
505
105e1512 506int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
e7ff0e0b
LP		 507 int r;
508
2b442ac8
LP		 509 assert(key);
510 assert(rrsig);
511
512 /* Checks if the specified RRSIG RR protects the RRSet of the specified RR key. */
513
514 if (rrsig->key->type != DNS_TYPE_RRSIG)
515 return 0;
516 if (rrsig->key->class != key->class)
517 return 0;
518 if (rrsig->rrsig.type_covered != key->type)
519 return 0;
520
e7ff0e0b
LP		 521 /* Make sure signer is a parent of the RRset */
522 r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(rrsig->key), rrsig->rrsig.signer);
523 if (r <= 0)
524 return r;
525
526 /* Make sure the owner name has at least as many labels as the "label" fields indicates. */
527 r = dns_name_count_labels(DNS_RESOURCE_KEY_NAME(rrsig->key));
528 if (r < 0)
529 return r;
530 if (r < rrsig->rrsig.labels)
531 return 0;
532
2b442ac8
LP		 533 return dns_name_equal(DNS_RESOURCE_KEY_NAME(rrsig->key), DNS_RESOURCE_KEY_NAME(key));
534}
535
2a326321
LP		 536int dnssec_verify_rrset_search(
537 DnsAnswer *a,
538 DnsResourceKey *key,
539 DnsAnswer *validated_dnskeys,
547973de
LP		 540 usec_t realtime,
541 DnssecResult *result) {
2a326321 542
203f1b35 543 bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
2b442ac8
LP		 544 DnsResourceRecord *rrsig;
545 int r;
546
547 assert(key);
547973de 548 assert(result);
2b442ac8 549
105e1512 550 /* Verifies all RRs from "a" that match the key "key" against DNSKEYs in "validated_dnskeys" */
2b442ac8
LP		 551
552 if (!a || a->n_rrs <= 0)
553 return -ENODATA;
554
555 /* Iterate through each RRSIG RR. */
556 DNS_ANSWER_FOREACH(rrsig, a) {
557 DnsResourceRecord *dnskey;
105e1512 558 DnsAnswerFlags flags;
2b442ac8 559
203f1b35 560 /* Is this an RRSIG RR that applies to RRs matching our key? */
2b442ac8
LP		 561 r = dnssec_key_match_rrsig(key, rrsig);
562 if (r < 0)
563 return r;
564 if (r == 0)
565 continue;
566
567 found_rrsig = true;
568
547973de 569 /* Look for a matching key */
105e1512 570 DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {
547973de 571 DnssecResult one_result;
2b442ac8 572
105e1512
LP		 573 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
574 continue;
575
203f1b35 576 /* Is this a DNSKEY RR that matches they key of our RRSIG? */
2b442ac8
LP		 577 r = dnssec_rrsig_match_dnskey(rrsig, dnskey);
578 if (r < 0)
579 return r;
580 if (r == 0)
581 continue;
582
2a326321
LP		 583 /* Take the time here, if it isn't set yet, so
584 * that we do all validations with the same
585 * time. */
586 if (realtime == USEC_INFINITY)
587 realtime = now(CLOCK_REALTIME);
588
2b442ac8
LP		 589 /* Yay, we found a matching RRSIG with a matching
590 * DNSKEY, awesome. Now let's verify all entries of
591 * the RRSet against the RRSIG and DNSKEY
592 * combination. */
593
547973de 594 r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);
203f1b35 595 if (r < 0)
2b442ac8 596 return r;
203f1b35
LP		 597
598 switch (one_result) {
599
600 case DNSSEC_VALIDATED:
601 /* Yay, the RR has been validated,
602 * return immediately. */
547973de
LP		 603 *result = DNSSEC_VALIDATED;
604 return 0;
2b442ac8 605
203f1b35
LP		 606 case DNSSEC_INVALID:
607 /* If the signature is invalid, let's try another
608 key and/or signature. After all they
609 key_tags and stuff are not unique, and
610 might be shared by multiple keys. */
611 found_invalid = true;
612 continue;
613
614 case DNSSEC_UNSUPPORTED_ALGORITHM:
615 /* If the key algorithm is
616 unsupported, try another
617 RRSIG/DNSKEY pair, but remember we
618 encountered this, so that we can
619 return a proper error when we
620 encounter nothing better. */
621 found_unsupported_algorithm = true;
622 continue;
623
624 case DNSSEC_SIGNATURE_EXPIRED:
625 /* If the signature is expired, try
626 another one, but remember it, so
627 that we can return this */
628 found_expired_rrsig = true;
629 continue;
630
631 default:
632 assert_not_reached("Unexpected DNSSEC validation result");
633 }
2b442ac8
LP		 634 }
635 }
636
203f1b35
LP		 637 if (found_expired_rrsig)
638 *result = DNSSEC_SIGNATURE_EXPIRED;
639 else if (found_unsupported_algorithm)
640 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
641 else if (found_invalid)
547973de
LP		 642 *result = DNSSEC_INVALID;
643 else if (found_rrsig)
644 *result = DNSSEC_MISSING_KEY;
645 else
646 *result = DNSSEC_NO_SIGNATURE;
2b442ac8 647
547973de 648 return 0;
2b442ac8
LP		 649}
650
105e1512
LP		 651int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
652 DnsResourceRecord *rr;
653 int r;
654
655 /* Checks whether there's at least one RRSIG in 'a' that proctects RRs of the specified key */
656
657 DNS_ANSWER_FOREACH(rr, a) {
658 r = dnssec_key_match_rrsig(key, rr);
659 if (r < 0)
660 return r;
661 if (r > 0)
662 return 1;
663 }
664
665 return 0;
666}
667
2b442ac8 668int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max) {
2b442ac8
LP		 669 size_t c = 0;
670 int r;
671
672 /* Converts the specified hostname into DNSSEC canonicalized
673 * form. */
674
675 if (buffer_max < 2)
676 return -ENOBUFS;
677
678 for (;;) {
679 size_t i;
680
681 r = dns_label_unescape(&n, buffer, buffer_max);
682 if (r < 0)
683 return r;
684 if (r == 0)
685 break;
686 if (r > 0) {
687 int k;
688
689 /* DNSSEC validation is always done on the ASCII version of the label */
690 k = dns_label_apply_idna(buffer, r, buffer, buffer_max);
691 if (k < 0)
692 return k;
693 if (k > 0)
694 r = k;
695 }
696
697 if (buffer_max < (size_t) r + 2)
698 return -ENOBUFS;
699
700 /* The DNSSEC canonical form is not clear on what to
701 * do with dots appearing in labels, the way DNS-SD
702 * does it. Refuse it for now. */
703
704 if (memchr(buffer, '.', r))
705 return -EINVAL;
706
707 for (i = 0; i < (size_t) r; i ++) {
708 if (buffer[i] >= 'A' && buffer[i] <= 'Z')
709 buffer[i] = buffer[i] - 'A' + 'a';
710 }
711
712 buffer[r] = '.';
713
714 buffer += r + 1;
715 c += r + 1;
716
717 buffer_max -= r + 1;
718 }
719
720 if (c <= 0) {
721 /* Not even a single label: this is the root domain name */
722
723 assert(buffer_max > 2);
724 buffer[0] = '.';
725 buffer[1] = 0;
726
727 return 1;
728 }
729
730 return (int) c;
731}
732
a1972a91
LP		 733static int digest_to_gcrypt(uint8_t algorithm) {
734
735 /* Translates a DNSSEC digest algorithm into a gcrypt digest iedntifier */
736
737 switch (algorithm) {
738
739 case DNSSEC_DIGEST_SHA1:
740 return GCRY_MD_SHA1;
741
742 case DNSSEC_DIGEST_SHA256:
743 return GCRY_MD_SHA256;
744
745 default:
746 return -EOPNOTSUPP;
747 }
748}
749
2b442ac8 750int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds) {
2b442ac8 751 char owner_name[DNSSEC_CANONICAL_HOSTNAME_MAX];
a1972a91
LP		 752 gcry_md_hd_t md = NULL;
753 size_t hash_size;
754 int algorithm;
2b442ac8
LP		 755 void *result;
756 int r;
757
758 assert(dnskey);
759 assert(ds);
760
761 /* Implements DNSKEY verification by a DS, according to RFC 4035, section 5.2 */
762
763 if (dnskey->key->type != DNS_TYPE_DNSKEY)
764 return -EINVAL;
765 if (ds->key->type != DNS_TYPE_DS)
766 return -EINVAL;
767 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
768 return -EKEYREJECTED;
769 if (dnskey->dnskey.protocol != 3)
770 return -EKEYREJECTED;
771
2b442ac8
LP		 772 if (dnskey->dnskey.algorithm != ds->ds.algorithm)
773 return 0;
774 if (dnssec_keytag(dnskey) != ds->ds.key_tag)
775 return 0;
776
0638401a
LP		 777 initialize_libgcrypt();
778
a1972a91
LP		 779 algorithm = digest_to_gcrypt(ds->ds.digest_type);
780 if (algorithm < 0)
781 return algorithm;
2b442ac8 782
a1972a91
LP		 783 hash_size = gcry_md_get_algo_dlen(algorithm);
784 assert(hash_size > 0);
2b442ac8 785
a1972a91
LP		 786 if (ds->ds.digest_size != hash_size)
787 return 0;
2b442ac8 788
a1972a91
LP		 789 r = dnssec_canonicalize(DNS_RESOURCE_KEY_NAME(dnskey->key), owner_name, sizeof(owner_name));
790 if (r < 0)
791 return r;
2b442ac8 792
a1972a91 793 gcry_md_open(&md, algorithm, 0);
2b442ac8
LP		 794 if (!md)
795 return -EIO;
796
2b442ac8
LP		 797 gcry_md_write(md, owner_name, r);
798 md_add_uint16(md, dnskey->dnskey.flags);
799 md_add_uint8(md, dnskey->dnskey.protocol);
800 md_add_uint8(md, dnskey->dnskey.algorithm);
801 gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
802
803 result = gcry_md_read(md, 0);
804 if (!result) {
805 r = -EIO;
806 goto finish;
807 }
808
809 r = memcmp(result, ds->ds.digest, ds->ds.digest_size) != 0;
810
811finish:
812 gcry_md_close(md);
813 return r;
814}
24710c48 815
547973de
LP		 816int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
817 DnsResourceRecord *ds;
105e1512 818 DnsAnswerFlags flags;
547973de
LP		 819 int r;
820
821 assert(dnskey);
822
823 if (dnskey->key->type != DNS_TYPE_DNSKEY)
824 return 0;
825
105e1512
LP		 826 DNS_ANSWER_FOREACH_FLAGS(ds, flags, validated_ds) {
827
828 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
829 continue;
547973de
LP		 830
831 if (ds->key->type != DNS_TYPE_DS)
832 continue;
833
d1c4ee32
LP		 834 if (ds->key->class != dnskey->key->class)
835 continue;
836
837 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), DNS_RESOURCE_KEY_NAME(ds->key));
838 if (r < 0)
839 return r;
840 if (r == 0)
841 continue;
842
547973de
LP		 843 r = dnssec_verify_dnskey(dnskey, ds);
844 if (r < 0)
845 return r;
846 if (r > 0)
847 return 1;
848 }
849
850 return 0;
851}
852
72667f08
LP		 853int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
854 uint8_t wire_format[DNS_WIRE_FOMAT_HOSTNAME_MAX];
855 gcry_md_hd_t md = NULL;
856 size_t hash_size;
857 int algorithm;
858 void *result;
859 unsigned k;
860 int r;
861
862 assert(nsec3);
863 assert(name);
864 assert(ret);
865
866 if (nsec3->key->type != DNS_TYPE_NSEC3)
867 return -EINVAL;
868
869 algorithm = digest_to_gcrypt(nsec3->nsec3.algorithm);
870 if (algorithm < 0)
871 return algorithm;
872
873 initialize_libgcrypt();
874
875 hash_size = gcry_md_get_algo_dlen(algorithm);
876 assert(hash_size > 0);
877
878 if (nsec3->nsec3.next_hashed_name_size != hash_size)
879 return -EINVAL;
880
881 r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
882 if (r < 0)
883 return r;
884
885 gcry_md_open(&md, algorithm, 0);
886 if (!md)
887 return -EIO;
888
889 gcry_md_write(md, wire_format, r);
890 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
891
892 result = gcry_md_read(md, 0);
893 if (!result) {
894 r = -EIO;
895 goto finish;
896 }
897
898 for (k = 0; k < nsec3->nsec3.iterations; k++) {
899 uint8_t tmp[hash_size];
900 memcpy(tmp, result, hash_size);
901
902 gcry_md_reset(md);
903 gcry_md_write(md, tmp, hash_size);
904 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
905
906 result = gcry_md_read(md, 0);
907 if (!result) {
908 r = -EIO;
909 goto finish;
910 }
911 }
912
913 memcpy(ret, result, hash_size);
914 r = (int) hash_size;
915
916finish:
917 gcry_md_close(md);
918 return r;
919}
920
db5b0e92
LP		 921static int nsec3_is_good(DnsResourceRecord *rr, DnsAnswerFlags flags, DnsResourceRecord *nsec3) {
922 const char *a, *b;
923 int r;
924
925 assert(rr);
926
db5b0e92
LP		 927 if (rr->key->type != DNS_TYPE_NSEC3)
928 return 0;
929
930 /* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
931 if (!IN_SET(rr->nsec3.flags, 0, 1))
932 return 0;
933
934 if (!nsec3)
935 return 1;
936
937 /* If a second NSEC3 RR is specified, also check if they are from the same zone. */
938
939 if (nsec3 == rr) /* Shortcut */
940 return 1;
941
942 if (rr->key->class != nsec3->key->class)
943 return 0;
944 if (rr->nsec3.algorithm != nsec3->nsec3.algorithm)
945 return 0;
946 if (rr->nsec3.iterations != nsec3->nsec3.iterations)
947 return 0;
948 if (rr->nsec3.salt_size != nsec3->nsec3.salt_size)
949 return 0;
950 if (memcmp(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
951 return 0;
952
953 a = DNS_RESOURCE_KEY_NAME(rr->key);
954 r = dns_name_parent(&a); /* strip off hash */
955 if (r < 0)
956 return r;
957 if (r == 0)
958 return 0;
959
960 b = DNS_RESOURCE_KEY_NAME(nsec3->key);
961 r = dns_name_parent(&b); /* strip off hash */
962 if (r < 0)
963 return r;
964 if (r == 0)
965 return 0;
966
967 return dns_name_equal(a, b);
968}
969
ed29bfdc 970static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated) {
105e1512
LP		 971 _cleanup_free_ char *next_closer_domain = NULL, *l = NULL;
972 uint8_t hashed[DNSSEC_HASH_SIZE_MAX];
13b78323 973 const char *suffix, *p, *pp = NULL;
db5b0e92 974 DnsResourceRecord *rr, *suffix_rr;
105e1512
LP		 975 DnsAnswerFlags flags;
976 int hashed_size, r;
ed29bfdc 977 bool a;
72667f08
LP		 978
979 assert(key);
980 assert(result);
ed29bfdc 981 assert(authenticated);
72667f08 982
13b78323
LP		 983 /* First step, look for the longest common suffix we find with any NSEC3 RR in the response. */
984 suffix = DNS_RESOURCE_KEY_NAME(key);
985 for (;;) {
db5b0e92 986 DNS_ANSWER_FOREACH_FLAGS(suffix_rr, flags, answer) {
13b78323
LP		 987 _cleanup_free_ char *hashed_domain = NULL, *label = NULL;
988
db5b0e92
LP		 989 r = nsec3_is_good(suffix_rr, flags, NULL);
990 if (r < 0)
991 return r;
992 if (r == 0)
13b78323
LP		 993 continue;
994
db5b0e92 995 r = dns_name_equal_skip(DNS_RESOURCE_KEY_NAME(suffix_rr->key), 1, suffix);
13b78323
LP		 996 if (r < 0)
997 return r;
998 if (r > 0)
999 goto found_suffix;
1000 }
1001
1002 /* Strip one label from the front */
1003 r = dns_name_parent(&suffix);
1004 if (r < 0)
1005 return r;
1006 if (r == 0)
1007 break;
1008 }
1009
1010 *result = DNSSEC_NSEC_NO_RR;
1011 return 0;
1012
1013found_suffix:
1014 /* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */
105e1512
LP		 1015 p = DNS_RESOURCE_KEY_NAME(key);
1016 for (;;) {
db5b0e92 1017 _cleanup_free_ char *hashed_domain = NULL, *label = NULL;
72667f08 1018
db5b0e92
LP		 1019 hashed_size = dnssec_nsec3_hash(suffix_rr, p, hashed);
1020 if (hashed_size == -EOPNOTSUPP) {
1021 *result = DNSSEC_NSEC_UNSUPPORTED_ALGORITHM;
1022 return 0;
1023 }
1024 if (hashed_size < 0)
1025 return hashed_size;
72667f08 1026
db5b0e92
LP		 1027 label = base32hexmem(hashed, hashed_size, false);
1028 if (!label)
1029 return -ENOMEM;
72667f08 1030
db5b0e92
LP		 1031 hashed_domain = strjoin(label, ".", suffix, NULL);
1032 if (!hashed_domain)
1033 return -ENOMEM;
1034
1035 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
72667f08 1036
db5b0e92 1037 r = nsec3_is_good(rr, flags, suffix_rr);
72667f08
LP		 1038 if (r < 0)
1039 return r;
105e1512
LP		 1040 if (r == 0)
1041 continue;
1042
105e1512 1043 if (rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
db5b0e92 1044 continue;
105e1512
LP		 1045
1046 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), hashed_domain);
72667f08
LP		 1047 if (r < 0)
1048 return r;
ed29bfdc
LP		 1049 if (r > 0) {
1050 a = flags & DNS_ANSWER_AUTHENTICATED;
13b78323 1051 goto found_closest_encloser;
ed29bfdc 1052 }
105e1512
LP		 1053 }
1054
1055 /* We didn't find the closest encloser with this name,
1056 * but let's remember this domain name, it might be
1057 * the next closer name */
1058
1059 pp = p;
1060
1061 /* Strip one label from the front */
1062 r = dns_name_parent(&p);
1063 if (r < 0)
1064 return r;
1065 if (r == 0)
72667f08 1066 break;
105e1512 1067 }
72667f08 1068
105e1512
LP		 1069 *result = DNSSEC_NSEC_NO_RR;
1070 return 0;
72667f08 1071
13b78323 1072found_closest_encloser:
105e1512 1073 /* We found a closest encloser in 'p'; next closer is 'pp' */
72667f08 1074
105e1512
LP		 1075 /* Ensure this is not a DNAME domain, see RFC5155, section 8.3. */
1076 if (bitmap_isset(rr->nsec3.types, DNS_TYPE_DNAME))
1077 return -EBADMSG;
72667f08 1078
105e1512
LP		 1079 /* Ensure that this data is from the delegated domain
1080 * (i.e. originates from the "lower" DNS server), and isn't
1081 * just glue records (i.e. doesn't originate from the "upper"
1082 * DNS server). */
1083 if (bitmap_isset(rr->nsec3.types, DNS_TYPE_NS) &&
1084 !bitmap_isset(rr->nsec3.types, DNS_TYPE_SOA))
1085 return -EBADMSG;
72667f08 1086
105e1512
LP		 1087 if (!pp) {
1088 /* No next closer NSEC3 RR. That means there's a direct NSEC3 RR for our key. */
1089 *result = bitmap_isset(rr->nsec3.types, key->type) ? DNSSEC_NSEC_FOUND : DNSSEC_NSEC_NODATA;
ed29bfdc 1090 *authenticated = a;
105e1512
LP		 1091 return 0;
1092 }
72667f08 1093
105e1512
LP		 1094 r = dnssec_nsec3_hash(rr, pp, hashed);
1095 if (r < 0)
1096 return r;
1097 if (r != hashed_size)
1098 return -EBADMSG;
72667f08 1099
105e1512
LP		 1100 l = base32hexmem(hashed, hashed_size, false);
1101 if (!l)
1102 return -ENOMEM;
72667f08 1103
105e1512
LP		 1104 next_closer_domain = strjoin(l, ".", p, NULL);
1105 if (!next_closer_domain)
1106 return -ENOMEM;
72667f08 1107
105e1512
LP		 1108 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1109 _cleanup_free_ char *label = NULL, *next_hashed_domain = NULL;
105e1512 1110
db5b0e92 1111 r = nsec3_is_good(rr, flags, suffix_rr);
105e1512
LP		 1112 if (r < 0)
1113 return r;
1114 if (r == 0)
1115 continue;
1116
1117 label = base32hexmem(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, false);
1118 if (!label)
1119 return -ENOMEM;
1120
1121 next_hashed_domain = strjoin(label, ".", p, NULL);
1122 if (!next_hashed_domain)
1123 return -ENOMEM;
1124
1125 r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), next_closer_domain, next_hashed_domain);
1126 if (r < 0)
1127 return r;
1128 if (r > 0) {
1129 if (rr->nsec3.flags & 1)
1130 *result = DNSSEC_NSEC_OPTOUT;
1131 else
72667f08 1132 *result = DNSSEC_NSEC_NXDOMAIN;
105e1512 1133
ed29bfdc 1134 *authenticated = a && (flags & DNS_ANSWER_AUTHENTICATED);
105e1512
LP		 1135 return 1;
1136 }
1137 }
1138
1139 *result = DNSSEC_NSEC_NO_RR;
1140 return 0;
1141}
1142
ed29bfdc 1143int dnssec_test_nsec(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated) {
105e1512
LP		 1144 DnsResourceRecord *rr;
1145 bool have_nsec3 = false;
1146 DnsAnswerFlags flags;
1147 int r;
1148
1149 assert(key);
1150 assert(result);
ed29bfdc 1151 assert(authenticated);
105e1512
LP		 1152
1153 /* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
1154
1155 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1156
1157 if (rr->key->class != key->class)
1158 continue;
1159
105e1512
LP		 1160 switch (rr->key->type) {
1161
1162 case DNS_TYPE_NSEC:
1163
1164 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key));
1165 if (r < 0)
1166 return r;
1167 if (r > 0) {
1168 *result = bitmap_isset(rr->nsec.types, key->type) ? DNSSEC_NSEC_FOUND : DNSSEC_NSEC_NODATA;
ed29bfdc 1169 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
72667f08
LP		 1170 return 0;
1171 }
1172
105e1512
LP		 1173 r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key), rr->nsec.next_domain_name);
1174 if (r < 0)
1175 return r;
1176 if (r > 0) {
1177 *result = DNSSEC_NSEC_NXDOMAIN;
ed29bfdc 1178 *authenticated = flags & DNS_ANSWER_AUTHENTICATED;
105e1512
LP		 1179 return 0;
1180 }
72667f08 1181 break;
72667f08 1182
105e1512
LP		 1183 case DNS_TYPE_NSEC3:
1184 have_nsec3 = true;
72667f08
LP		 1185 break;
1186 }
1187 }
1188
105e1512
LP		 1189 /* OK, this was not sufficient. Let's see if NSEC3 can help. */
1190 if (have_nsec3)
ed29bfdc 1191 return dnssec_test_nsec3(answer, key, result, authenticated);
105e1512 1192
72667f08
LP		 1193 /* No approproate NSEC RR found, report this. */
1194 *result = DNSSEC_NSEC_NO_RR;
1195 return 0;
1196}
1197
24710c48
LP		 1198static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = {
1199 [DNSSEC_NO] = "no",
b652d4a2 1200 [DNSSEC_DOWNGRADE_OK] = "downgrade-ok",
24710c48
LP		 1201 [DNSSEC_YES] = "yes",
1202};
1203DEFINE_STRING_TABLE_LOOKUP(dnssec_mode, DnssecMode);
547973de
LP		 1204
1205static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
1206 [DNSSEC_VALIDATED] = "validated",
1207 [DNSSEC_INVALID] = "invalid",
203f1b35
LP		 1208 [DNSSEC_SIGNATURE_EXPIRED] = "signature-expired",
1209 [DNSSEC_UNSUPPORTED_ALGORITHM] = "unsupported-algorithm",
547973de
LP		 1210 [DNSSEC_NO_SIGNATURE] = "no-signature",
1211 [DNSSEC_MISSING_KEY] = "missing-key",
203f1b35 1212 [DNSSEC_UNSIGNED] = "unsigned",
547973de 1213 [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
72667f08 1214 [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
b652d4a2 1215 [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server",
547973de
LP		 1216};
1217DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
Unnamed repository; edit this file 'description' to name the repository.