]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-dnssec.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
resolved: properly implement RRSIG validation of wildcarded RRsets
[thirdparty/systemd.git] / src / resolve / resolved-dns-dnssec.c
CommitLineData
2b442ac8
LP		 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2015 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <gcrypt.h>
23
24#include "alloc-util.h"
25#include "dns-domain.h"
72667f08 26#include "hexdecoct.h"
2b442ac8
LP		 27#include "resolved-dns-dnssec.h"
28#include "resolved-dns-packet.h"
24710c48 29#include "string-table.h"
2b442ac8
LP		 30
31/* Open question:
32 *
33 * How does the DNSSEC canonical form of a hostname with a label
34 * containing a dot look like, the way DNS-SD does it?
35 *
2cd87277
LP		 36 * TODO:
37 *
bb1fa242
LP		 38 * - Make trust anchor store read additional DS+DNSKEY data from disk
39 * - wildcard zones compatibility
40 * - multi-label zone compatibility
3e92a719 41 * - cname/dname compatibility
bb1fa242 42 * - per-interface DNSSEC setting
73b8d8e9 43 * - fix TTL for cache entries to match RRSIG TTL
3e92a719 44 * - retry on failed validation?
2cd87277
LP		 45 * - DSA support
46 * - EC support?
47 *
2b442ac8
LP		 48 * */
49
50#define VERIFY_RRS_MAX 256
51#define MAX_KEY_SIZE (32*1024)
52
896c5672
LP		 53/* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
54#define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
55
2b442ac8
LP		 56/*
57 * The DNSSEC Chain of trust:
58 *
59 * Normal RRs are protected via RRSIG RRs in combination with DNSKEY RRs, all in the same zone
60 * DNSKEY RRs are either protected like normal RRs, or via a DS from a zone "higher" up the tree
61 * DS RRs are protected like normal RRs
62 *
63 * Example chain:
64 * Normal RR → RRSIG/DNSKEY+ → DS → RRSIG/DNSKEY+ → DS → ... → DS → RRSIG/DNSKEY+ → DS
65 */
66
0638401a
LP		 67static void initialize_libgcrypt(void) {
68 const char *p;
69
70 if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
71 return;
72
73 p = gcry_check_version("1.4.5");
74 assert(p);
75
76 gcry_control(GCRYCTL_DISABLE_SECMEM);
77 gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
78}
79
2b442ac8 80static bool dnssec_algorithm_supported(int algorithm) {
964ef14c
LP		 81 return IN_SET(algorithm,
82 DNSSEC_ALGORITHM_RSASHA1,
83 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
84 DNSSEC_ALGORITHM_RSASHA256,
85 DNSSEC_ALGORITHM_RSASHA512);
2b442ac8
LP		 86}
87
2b442ac8
LP		 88uint16_t dnssec_keytag(DnsResourceRecord *dnskey) {
89 const uint8_t *p;
90 uint32_t sum;
91 size_t i;
92
93 /* The algorithm from RFC 4034, Appendix B. */
94
95 assert(dnskey);
96 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
97
98 sum = (uint32_t) dnskey->dnskey.flags +
99 ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);
100
101 p = dnskey->dnskey.key;
102
103 for (i = 0; i < dnskey->dnskey.key_size; i++)
104 sum += (i & 1) == 0 ? (uint32_t) p[i] << 8 : (uint32_t) p[i];
105
106 sum += (sum >> 16) & UINT32_C(0xFFFF);
107
108 return sum & UINT32_C(0xFFFF);
109}
110
111static int rr_compare(const void *a, const void *b) {
112 DnsResourceRecord **x = (DnsResourceRecord**) a, **y = (DnsResourceRecord**) b;
113 size_t m;
114 int r;
115
116 /* Let's order the RRs according to RFC 4034, Section 6.3 */
117
118 assert(x);
119 assert(*x);
120 assert((*x)->wire_format);
121 assert(y);
122 assert(*y);
123 assert((*y)->wire_format);
124
125 m = MIN((*x)->wire_format_size, (*y)->wire_format_size);
126
127 r = memcmp((*x)->wire_format, (*y)->wire_format, m);
128 if (r != 0)
129 return r;
130
131 if ((*x)->wire_format_size < (*y)->wire_format_size)
132 return -1;
133 else if ((*x)->wire_format_size > (*y)->wire_format_size)
134 return 1;
135
136 return 0;
137}
138
139static int dnssec_rsa_verify(
140 const char *hash_algorithm,
141 const void *signature, size_t signature_size,
142 const void *data, size_t data_size,
143 const void *exponent, size_t exponent_size,
144 const void *modulus, size_t modulus_size) {
145
146 gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
147 gcry_mpi_t n = NULL, e = NULL, s = NULL;
148 gcry_error_t ge;
149 int r;
150
151 assert(hash_algorithm);
152
153 ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature, signature_size, NULL);
154 if (ge != 0) {
155 r = -EIO;
156 goto finish;
157 }
158
159 ge = gcry_mpi_scan(&e, GCRYMPI_FMT_USG, exponent, exponent_size, NULL);
160 if (ge != 0) {
161 r = -EIO;
162 goto finish;
163 }
164
165 ge = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, modulus, modulus_size, NULL);
166 if (ge != 0) {
167 r = -EIO;
168 goto finish;
169 }
170
171 ge = gcry_sexp_build(&signature_sexp,
172 NULL,
173 "(sig-val (rsa (s %m)))",
174 s);
175
176 if (ge != 0) {
177 r = -EIO;
178 goto finish;
179 }
180
181 ge = gcry_sexp_build(&data_sexp,
182 NULL,
183 "(data (flags pkcs1) (hash %s %b))",
184 hash_algorithm,
185 (int) data_size,
186 data);
187 if (ge != 0) {
188 r = -EIO;
189 goto finish;
190 }
191
192 ge = gcry_sexp_build(&public_key_sexp,
193 NULL,
194 "(public-key (rsa (n %m) (e %m)))",
195 n,
196 e);
197 if (ge != 0) {
198 r = -EIO;
199 goto finish;
200 }
201
202 ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
d12bf2bd 203 if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
2b442ac8 204 r = 0;
d12bf2bd
LP		 205 else if (ge != 0) {
206 log_debug("RSA signature check failed: %s", gpg_strerror(ge));
2b442ac8 207 r = -EIO;
d12bf2bd 208 } else
2b442ac8
LP		 209 r = 1;
210
211finish:
212 if (e)
213 gcry_mpi_release(e);
214 if (n)
215 gcry_mpi_release(n);
216 if (s)
217 gcry_mpi_release(s);
218
219 if (public_key_sexp)
220 gcry_sexp_release(public_key_sexp);
221 if (signature_sexp)
222 gcry_sexp_release(signature_sexp);
223 if (data_sexp)
224 gcry_sexp_release(data_sexp);
225
226 return r;
227}
228
229static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
230 gcry_md_write(md, &v, sizeof(v));
231}
232
233static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
234 v = htobe16(v);
235 gcry_md_write(md, &v, sizeof(v));
236}
237
238static void md_add_uint32(gcry_md_hd_t md, uint32_t v) {
239 v = htobe32(v);
240 gcry_md_write(md, &v, sizeof(v));
241}
242
2a326321
LP		 243static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
244 usec_t expiration, inception, skew;
245
246 assert(rrsig);
247 assert(rrsig->key->type == DNS_TYPE_RRSIG);
248
249 if (realtime == USEC_INFINITY)
250 realtime = now(CLOCK_REALTIME);
251
252 expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
253 inception = rrsig->rrsig.inception * USEC_PER_SEC;
254
255 if (inception > expiration)
2a44bec4 256 return -EKEYREJECTED;
2a326321 257
896c5672
LP		 258 /* Permit a certain amount of clock skew of 10% of the valid
259 * time range. This takes inspiration from unbound's
260 * resolver. */
2a326321 261 skew = (expiration - inception) / 10;
896c5672
LP		 262 if (skew > SKEW_MAX)
263 skew = SKEW_MAX;
2a326321
LP		 264
265 if (inception < skew)
266 inception = 0;
267 else
268 inception -= skew;
269
270 if (expiration + skew < expiration)
271 expiration = USEC_INFINITY;
272 else
273 expiration += skew;
274
275 return realtime < inception || realtime > expiration;
276}
277
278int dnssec_verify_rrset(
279 DnsAnswer *a,
280 DnsResourceKey *key,
281 DnsResourceRecord *rrsig,
282 DnsResourceRecord *dnskey,
547973de
LP		 283 usec_t realtime,
284 DnssecResult *result) {
2a326321 285
2b442ac8
LP		 286 uint8_t wire_format_name[DNS_WIRE_FOMAT_HOSTNAME_MAX];
287 size_t exponent_size, modulus_size, hash_size;
288 void *exponent, *modulus, *hash;
289 DnsResourceRecord **list, *rr;
290 gcry_md_hd_t md = NULL;
291 size_t k, n = 0;
292 int r;
293
294 assert(key);
295 assert(rrsig);
296 assert(dnskey);
547973de 297 assert(result);
2a326321
LP		 298 assert(rrsig->key->type == DNS_TYPE_RRSIG);
299 assert(dnskey->key->type == DNS_TYPE_DNSKEY);
2b442ac8
LP		 300
301 /* Verifies the the RRSet matching the specified "key" in "a",
302 * using the signature "rrsig" and the key "dnskey". It's
303 * assumed the RRSIG and DNSKEY match. */
304
203f1b35
LP		 305 if (!dnssec_algorithm_supported(rrsig->rrsig.algorithm)) {
306 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
307 return 0;
308 }
2b442ac8
LP		 309
310 if (a->n_rrs > VERIFY_RRS_MAX)
311 return -E2BIG;
312
2a326321
LP		 313 r = dnssec_rrsig_expired(rrsig, realtime);
314 if (r < 0)
315 return r;
547973de
LP		 316 if (r > 0) {
317 *result = DNSSEC_SIGNATURE_EXPIRED;
318 return 0;
319 }
2a326321 320
2b442ac8
LP		 321 /* Collect all relevant RRs in a single array, so that we can look at the RRset */
322 list = newa(DnsResourceRecord *, a->n_rrs);
323
324 DNS_ANSWER_FOREACH(rr, a) {
325 r = dns_resource_key_equal(key, rr->key);
326 if (r < 0)
327 return r;
328 if (r == 0)
329 continue;
330
331 /* We need the wire format for ordering, and digest calculation */
332 r = dns_resource_record_to_wire_format(rr, true);
333 if (r < 0)
334 return r;
335
336 list[n++] = rr;
337 }
338
339 if (n <= 0)
340 return -ENODATA;
341
342 /* Bring the RRs into canonical order */
6c5e8fbf 343 qsort_safe(list, n, sizeof(DnsResourceRecord*), rr_compare);
2b442ac8 344
0638401a
LP		 345 initialize_libgcrypt();
346
2b442ac8
LP		 347 /* OK, the RRs are now in canonical order. Let's calculate the digest */
348 switch (rrsig->rrsig.algorithm) {
349
350 case DNSSEC_ALGORITHM_RSASHA1:
964ef14c 351 case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
2b442ac8
LP		 352 gcry_md_open(&md, GCRY_MD_SHA1, 0);
353 hash_size = 20;
354 break;
355
356 case DNSSEC_ALGORITHM_RSASHA256:
357 gcry_md_open(&md, GCRY_MD_SHA256, 0);
358 hash_size = 32;
359 break;
360
361 case DNSSEC_ALGORITHM_RSASHA512:
362 gcry_md_open(&md, GCRY_MD_SHA512, 0);
363 hash_size = 64;
364 break;
365
366 default:
367 assert_not_reached("Unknown digest");
368 }
369
370 if (!md)
371 return -EIO;
372
373 md_add_uint16(md, rrsig->rrsig.type_covered);
374 md_add_uint8(md, rrsig->rrsig.algorithm);
375 md_add_uint8(md, rrsig->rrsig.labels);
376 md_add_uint32(md, rrsig->rrsig.original_ttl);
377 md_add_uint32(md, rrsig->rrsig.expiration);
378 md_add_uint32(md, rrsig->rrsig.inception);
379 md_add_uint16(md, rrsig->rrsig.key_tag);
380
381 r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
382 if (r < 0)
383 goto finish;
384 gcry_md_write(md, wire_format_name, r);
385
386 for (k = 0; k < n; k++) {
e7ff0e0b 387 const char *suffix;
2b442ac8
LP		 388 size_t l;
389 rr = list[k];
390
e7ff0e0b
LP		 391 r = dns_name_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rrsig->rrsig.labels, &suffix);
392 if (r < 0)
393 goto finish;
394 if (r > 0) /* This is a wildcard! */
395 gcry_md_write(md, (uint8_t[]) { 1, '*'}, 2);
396
397 r = dns_name_to_wire_format(suffix, wire_format_name, sizeof(wire_format_name), true);
2b442ac8
LP		 398 if (r < 0)
399 goto finish;
400 gcry_md_write(md, wire_format_name, r);
401
402 md_add_uint16(md, rr->key->type);
403 md_add_uint16(md, rr->key->class);
404 md_add_uint32(md, rrsig->rrsig.original_ttl);
405
406 assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
407 l = rr->wire_format_size - rr->wire_format_rdata_offset;
408 assert(l <= 0xFFFF);
409
410 md_add_uint16(md, (uint16_t) l);
411 gcry_md_write(md, (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset, l);
412 }
413
414 hash = gcry_md_read(md, 0);
415 if (!hash) {
416 r = -EIO;
417 goto finish;
418 }
419
420 if (*(uint8_t*) dnskey->dnskey.key == 0) {
421 /* exponent is > 255 bytes long */
422
423 exponent = (uint8_t*) dnskey->dnskey.key + 3;
424 exponent_size =
425 ((size_t) (((uint8_t*) dnskey->dnskey.key)[0]) << 8) |
426 ((size_t) ((uint8_t*) dnskey->dnskey.key)[1]);
427
428 if (exponent_size < 256) {
429 r = -EINVAL;
430 goto finish;
431 }
432
433 if (3 + exponent_size >= dnskey->dnskey.key_size) {
434 r = -EINVAL;
435 goto finish;
436 }
437
438 modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;
439 modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;
440
441 } else {
442 /* exponent is <= 255 bytes long */
443
444 exponent = (uint8_t*) dnskey->dnskey.key + 1;
445 exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];
446
447 if (exponent_size <= 0) {
448 r = -EINVAL;
449 goto finish;
450 }
451
452 if (1 + exponent_size >= dnskey->dnskey.key_size) {
453 r = -EINVAL;
454 goto finish;
455 }
456
457 modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;
458 modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;
459 }
460
461 r = dnssec_rsa_verify(
462 gcry_md_algo_name(gcry_md_get_algo(md)),
463 rrsig->rrsig.signature, rrsig->rrsig.signature_size,
464 hash, hash_size,
465 exponent, exponent_size,
466 modulus, modulus_size);
467 if (r < 0)
468 goto finish;
469
547973de
LP		 470 *result = r ? DNSSEC_VALIDATED : DNSSEC_INVALID;
471 r = 0;
2b442ac8
LP		 472
473finish:
474 gcry_md_close(md);
475 return r;
476}
477
478int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey) {
479
480 assert(rrsig);
481 assert(dnskey);
482
483 /* Checks if the specified DNSKEY RR matches the key used for
484 * the signature in the specified RRSIG RR */
485
486 if (rrsig->key->type != DNS_TYPE_RRSIG)
487 return -EINVAL;
488
489 if (dnskey->key->type != DNS_TYPE_DNSKEY)
490 return 0;
491 if (dnskey->key->class != rrsig->key->class)
492 return 0;
493 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
494 return 0;
495 if (dnskey->dnskey.protocol != 3)
496 return 0;
497 if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)
498 return 0;
499
500 if (dnssec_keytag(dnskey) != rrsig->rrsig.key_tag)
501 return 0;
502
15accc27 503 return dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), rrsig->rrsig.signer);
2b442ac8
LP		 504}
505
105e1512 506int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
e7ff0e0b
LP		 507 int r;
508
2b442ac8
LP		 509 assert(key);
510 assert(rrsig);
511
512 /* Checks if the specified RRSIG RR protects the RRSet of the specified RR key. */
513
514 if (rrsig->key->type != DNS_TYPE_RRSIG)
515 return 0;
516 if (rrsig->key->class != key->class)
517 return 0;
518 if (rrsig->rrsig.type_covered != key->type)
519 return 0;
520
e7ff0e0b
LP		 521 /* Make sure signer is a parent of the RRset */
522 r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(rrsig->key), rrsig->rrsig.signer);
523 if (r <= 0)
524 return r;
525
526 /* Make sure the owner name has at least as many labels as the "label" fields indicates. */
527 r = dns_name_count_labels(DNS_RESOURCE_KEY_NAME(rrsig->key));
528 if (r < 0)
529 return r;
530 if (r < rrsig->rrsig.labels)
531 return 0;
532
2b442ac8
LP		 533 return dns_name_equal(DNS_RESOURCE_KEY_NAME(rrsig->key), DNS_RESOURCE_KEY_NAME(key));
534}
535
2a326321
LP		 536int dnssec_verify_rrset_search(
537 DnsAnswer *a,
538 DnsResourceKey *key,
539 DnsAnswer *validated_dnskeys,
547973de
LP		 540 usec_t realtime,
541 DnssecResult *result) {
2a326321 542
203f1b35 543 bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
2b442ac8
LP		 544 DnsResourceRecord *rrsig;
545 int r;
546
547 assert(key);
547973de 548 assert(result);
2b442ac8 549
105e1512 550 /* Verifies all RRs from "a" that match the key "key" against DNSKEYs in "validated_dnskeys" */
2b442ac8
LP		 551
552 if (!a || a->n_rrs <= 0)
553 return -ENODATA;
554
555 /* Iterate through each RRSIG RR. */
556 DNS_ANSWER_FOREACH(rrsig, a) {
557 DnsResourceRecord *dnskey;
105e1512 558 DnsAnswerFlags flags;
2b442ac8 559
203f1b35 560 /* Is this an RRSIG RR that applies to RRs matching our key? */
2b442ac8
LP		 561 r = dnssec_key_match_rrsig(key, rrsig);
562 if (r < 0)
563 return r;
564 if (r == 0)
565 continue;
566
567 found_rrsig = true;
568
547973de 569 /* Look for a matching key */
105e1512 570 DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {
547973de 571 DnssecResult one_result;
2b442ac8 572
105e1512
LP		 573 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
574 continue;
575
203f1b35 576 /* Is this a DNSKEY RR that matches they key of our RRSIG? */
2b442ac8
LP		 577 r = dnssec_rrsig_match_dnskey(rrsig, dnskey);
578 if (r < 0)
579 return r;
580 if (r == 0)
581 continue;
582
2a326321
LP		 583 /* Take the time here, if it isn't set yet, so
584 * that we do all validations with the same
585 * time. */
586 if (realtime == USEC_INFINITY)
587 realtime = now(CLOCK_REALTIME);
588
2b442ac8
LP		 589 /* Yay, we found a matching RRSIG with a matching
590 * DNSKEY, awesome. Now let's verify all entries of
591 * the RRSet against the RRSIG and DNSKEY
592 * combination. */
593
547973de 594 r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);
203f1b35 595 if (r < 0)
2b442ac8 596 return r;
203f1b35
LP		 597
598 switch (one_result) {
599
600 case DNSSEC_VALIDATED:
601 /* Yay, the RR has been validated,
602 * return immediately. */
547973de
LP		 603 *result = DNSSEC_VALIDATED;
604 return 0;
2b442ac8 605
203f1b35
LP		 606 case DNSSEC_INVALID:
607 /* If the signature is invalid, let's try another
608 key and/or signature. After all they
609 key_tags and stuff are not unique, and
610 might be shared by multiple keys. */
611 found_invalid = true;
612 continue;
613
614 case DNSSEC_UNSUPPORTED_ALGORITHM:
615 /* If the key algorithm is
616 unsupported, try another
617 RRSIG/DNSKEY pair, but remember we
618 encountered this, so that we can
619 return a proper error when we
620 encounter nothing better. */
621 found_unsupported_algorithm = true;
622 continue;
623
624 case DNSSEC_SIGNATURE_EXPIRED:
625 /* If the signature is expired, try
626 another one, but remember it, so
627 that we can return this */
628 found_expired_rrsig = true;
629 continue;
630
631 default:
632 assert_not_reached("Unexpected DNSSEC validation result");
633 }
2b442ac8
LP		 634 }
635 }
636
203f1b35
LP		 637 if (found_expired_rrsig)
638 *result = DNSSEC_SIGNATURE_EXPIRED;
639 else if (found_unsupported_algorithm)
640 *result = DNSSEC_UNSUPPORTED_ALGORITHM;
641 else if (found_invalid)
547973de
LP		 642 *result = DNSSEC_INVALID;
643 else if (found_rrsig)
644 *result = DNSSEC_MISSING_KEY;
645 else
646 *result = DNSSEC_NO_SIGNATURE;
2b442ac8 647
547973de 648 return 0;
2b442ac8
LP		 649}
650
105e1512
LP		 651int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
652 DnsResourceRecord *rr;
653 int r;
654
655 /* Checks whether there's at least one RRSIG in 'a' that proctects RRs of the specified key */
656
657 DNS_ANSWER_FOREACH(rr, a) {
658 r = dnssec_key_match_rrsig(key, rr);
659 if (r < 0)
660 return r;
661 if (r > 0)
662 return 1;
663 }
664
665 return 0;
666}
667
2b442ac8 668int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max) {
2b442ac8
LP		 669 size_t c = 0;
670 int r;
671
672 /* Converts the specified hostname into DNSSEC canonicalized
673 * form. */
674
675 if (buffer_max < 2)
676 return -ENOBUFS;
677
678 for (;;) {
679 size_t i;
680
681 r = dns_label_unescape(&n, buffer, buffer_max);
682 if (r < 0)
683 return r;
684 if (r == 0)
685 break;
686 if (r > 0) {
687 int k;
688
689 /* DNSSEC validation is always done on the ASCII version of the label */
690 k = dns_label_apply_idna(buffer, r, buffer, buffer_max);
691 if (k < 0)
692 return k;
693 if (k > 0)
694 r = k;
695 }
696
697 if (buffer_max < (size_t) r + 2)
698 return -ENOBUFS;
699
700 /* The DNSSEC canonical form is not clear on what to
701 * do with dots appearing in labels, the way DNS-SD
702 * does it. Refuse it for now. */
703
704 if (memchr(buffer, '.', r))
705 return -EINVAL;
706
707 for (i = 0; i < (size_t) r; i ++) {
708 if (buffer[i] >= 'A' && buffer[i] <= 'Z')
709 buffer[i] = buffer[i] - 'A' + 'a';
710 }
711
712 buffer[r] = '.';
713
714 buffer += r + 1;
715 c += r + 1;
716
717 buffer_max -= r + 1;
718 }
719
720 if (c <= 0) {
721 /* Not even a single label: this is the root domain name */
722
723 assert(buffer_max > 2);
724 buffer[0] = '.';
725 buffer[1] = 0;
726
727 return 1;
728 }
729
730 return (int) c;
731}
732
a1972a91
LP		 733static int digest_to_gcrypt(uint8_t algorithm) {
734
735 /* Translates a DNSSEC digest algorithm into a gcrypt digest iedntifier */
736
737 switch (algorithm) {
738
739 case DNSSEC_DIGEST_SHA1:
740 return GCRY_MD_SHA1;
741
742 case DNSSEC_DIGEST_SHA256:
743 return GCRY_MD_SHA256;
744
745 default:
746 return -EOPNOTSUPP;
747 }
748}
749
2b442ac8 750int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds) {
2b442ac8 751 char owner_name[DNSSEC_CANONICAL_HOSTNAME_MAX];
a1972a91
LP		 752 gcry_md_hd_t md = NULL;
753 size_t hash_size;
754 int algorithm;
2b442ac8
LP		 755 void *result;
756 int r;
757
758 assert(dnskey);
759 assert(ds);
760
761 /* Implements DNSKEY verification by a DS, according to RFC 4035, section 5.2 */
762
763 if (dnskey->key->type != DNS_TYPE_DNSKEY)
764 return -EINVAL;
765 if (ds->key->type != DNS_TYPE_DS)
766 return -EINVAL;
767 if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
768 return -EKEYREJECTED;
769 if (dnskey->dnskey.protocol != 3)
770 return -EKEYREJECTED;
771
2b442ac8
LP		 772 if (dnskey->dnskey.algorithm != ds->ds.algorithm)
773 return 0;
774 if (dnssec_keytag(dnskey) != ds->ds.key_tag)
775 return 0;
776
0638401a
LP		 777 initialize_libgcrypt();
778
a1972a91
LP		 779 algorithm = digest_to_gcrypt(ds->ds.digest_type);
780 if (algorithm < 0)
781 return algorithm;
2b442ac8 782
a1972a91
LP		 783 hash_size = gcry_md_get_algo_dlen(algorithm);
784 assert(hash_size > 0);
2b442ac8 785
a1972a91
LP		 786 if (ds->ds.digest_size != hash_size)
787 return 0;
2b442ac8 788
a1972a91
LP		 789 r = dnssec_canonicalize(DNS_RESOURCE_KEY_NAME(dnskey->key), owner_name, sizeof(owner_name));
790 if (r < 0)
791 return r;
2b442ac8 792
a1972a91 793 gcry_md_open(&md, algorithm, 0);
2b442ac8
LP		 794 if (!md)
795 return -EIO;
796
2b442ac8
LP		 797 gcry_md_write(md, owner_name, r);
798 md_add_uint16(md, dnskey->dnskey.flags);
799 md_add_uint8(md, dnskey->dnskey.protocol);
800 md_add_uint8(md, dnskey->dnskey.algorithm);
801 gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
802
803 result = gcry_md_read(md, 0);
804 if (!result) {
805 r = -EIO;
806 goto finish;
807 }
808
809 r = memcmp(result, ds->ds.digest, ds->ds.digest_size) != 0;
810
811finish:
812 gcry_md_close(md);
813 return r;
814}
24710c48 815
547973de
LP		 816int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
817 DnsResourceRecord *ds;
105e1512 818 DnsAnswerFlags flags;
547973de
LP		 819 int r;
820
821 assert(dnskey);
822
823 if (dnskey->key->type != DNS_TYPE_DNSKEY)
824 return 0;
825
105e1512
LP		 826 DNS_ANSWER_FOREACH_FLAGS(ds, flags, validated_ds) {
827
828 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
829 continue;
547973de
LP		 830
831 if (ds->key->type != DNS_TYPE_DS)
832 continue;
833
834 r = dnssec_verify_dnskey(dnskey, ds);
835 if (r < 0)
836 return r;
837 if (r > 0)
838 return 1;
839 }
840
841 return 0;
842}
843
72667f08
LP		 844int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
845 uint8_t wire_format[DNS_WIRE_FOMAT_HOSTNAME_MAX];
846 gcry_md_hd_t md = NULL;
847 size_t hash_size;
848 int algorithm;
849 void *result;
850 unsigned k;
851 int r;
852
853 assert(nsec3);
854 assert(name);
855 assert(ret);
856
857 if (nsec3->key->type != DNS_TYPE_NSEC3)
858 return -EINVAL;
859
860 algorithm = digest_to_gcrypt(nsec3->nsec3.algorithm);
861 if (algorithm < 0)
862 return algorithm;
863
864 initialize_libgcrypt();
865
866 hash_size = gcry_md_get_algo_dlen(algorithm);
867 assert(hash_size > 0);
868
869 if (nsec3->nsec3.next_hashed_name_size != hash_size)
870 return -EINVAL;
871
872 r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
873 if (r < 0)
874 return r;
875
876 gcry_md_open(&md, algorithm, 0);
877 if (!md)
878 return -EIO;
879
880 gcry_md_write(md, wire_format, r);
881 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
882
883 result = gcry_md_read(md, 0);
884 if (!result) {
885 r = -EIO;
886 goto finish;
887 }
888
889 for (k = 0; k < nsec3->nsec3.iterations; k++) {
890 uint8_t tmp[hash_size];
891 memcpy(tmp, result, hash_size);
892
893 gcry_md_reset(md);
894 gcry_md_write(md, tmp, hash_size);
895 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
896
897 result = gcry_md_read(md, 0);
898 if (!result) {
899 r = -EIO;
900 goto finish;
901 }
902 }
903
904 memcpy(ret, result, hash_size);
905 r = (int) hash_size;
906
907finish:
908 gcry_md_close(md);
909 return r;
910}
911
105e1512
LP		 912static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result) {
913 _cleanup_free_ char *next_closer_domain = NULL, *l = NULL;
914 uint8_t hashed[DNSSEC_HASH_SIZE_MAX];
915 const char *p, *pp = NULL;
72667f08 916 DnsResourceRecord *rr;
105e1512
LP		 917 DnsAnswerFlags flags;
918 int hashed_size, r;
72667f08
LP		 919
920 assert(key);
921 assert(result);
922
105e1512
LP		 923 /* First step, look for the closest encloser NSEC3 RR in 'answer' that matches 'key' */
924 p = DNS_RESOURCE_KEY_NAME(key);
925 for (;;) {
926 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
927 _cleanup_free_ char *hashed_domain = NULL, *label = NULL;
72667f08 928
105e1512
LP		 929 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
930 continue;
72667f08 931
105e1512
LP		 932 if (rr->key->type != DNS_TYPE_NSEC3)
933 continue;
72667f08 934
105e1512
LP		 935 /* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
936 if (!IN_SET(rr->nsec3.flags, 0, 1))
937 continue;
72667f08 938
105e1512 939 r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(rr->key), p);
72667f08
LP		 940 if (r < 0)
941 return r;
105e1512
LP		 942 if (r == 0)
943 continue;
944
945 hashed_size = dnssec_nsec3_hash(rr, p, hashed);
946 if (hashed_size == -EOPNOTSUPP) {
947 *result = DNSSEC_NSEC_UNSUPPORTED_ALGORITHM;
72667f08
LP		 948 return 0;
949 }
105e1512
LP		 950 if (hashed_size < 0)
951 return hashed_size;
952 if (rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
953 return -EBADMSG;
72667f08 954
105e1512
LP		 955 label = base32hexmem(hashed, hashed_size, false);
956 if (!label)
957 return -ENOMEM;
958
959 hashed_domain = strjoin(label, ".", p, NULL);
960 if (!hashed_domain)
961 return -ENOMEM;
962
963 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), hashed_domain);
72667f08
LP		 964 if (r < 0)
965 return r;
105e1512
LP		 966 if (r > 0)
967 goto found;
968 }
969
970 /* We didn't find the closest encloser with this name,
971 * but let's remember this domain name, it might be
972 * the next closer name */
973
974 pp = p;
975
976 /* Strip one label from the front */
977 r = dns_name_parent(&p);
978 if (r < 0)
979 return r;
980 if (r == 0)
72667f08 981 break;
105e1512 982 }
72667f08 983
105e1512
LP		 984 *result = DNSSEC_NSEC_NO_RR;
985 return 0;
72667f08 986
105e1512
LP		 987found:
988 /* We found a closest encloser in 'p'; next closer is 'pp' */
72667f08 989
105e1512
LP		 990 /* Ensure this is not a DNAME domain, see RFC5155, section 8.3. */
991 if (bitmap_isset(rr->nsec3.types, DNS_TYPE_DNAME))
992 return -EBADMSG;
72667f08 993
105e1512
LP		 994 /* Ensure that this data is from the delegated domain
995 * (i.e. originates from the "lower" DNS server), and isn't
996 * just glue records (i.e. doesn't originate from the "upper"
997 * DNS server). */
998 if (bitmap_isset(rr->nsec3.types, DNS_TYPE_NS) &&
999 !bitmap_isset(rr->nsec3.types, DNS_TYPE_SOA))
1000 return -EBADMSG;
72667f08 1001
105e1512
LP		 1002 if (!pp) {
1003 /* No next closer NSEC3 RR. That means there's a direct NSEC3 RR for our key. */
1004 *result = bitmap_isset(rr->nsec3.types, key->type) ? DNSSEC_NSEC_FOUND : DNSSEC_NSEC_NODATA;
1005 return 0;
1006 }
72667f08 1007
105e1512
LP		 1008 r = dnssec_nsec3_hash(rr, pp, hashed);
1009 if (r < 0)
1010 return r;
1011 if (r != hashed_size)
1012 return -EBADMSG;
72667f08 1013
105e1512
LP		 1014 l = base32hexmem(hashed, hashed_size, false);
1015 if (!l)
1016 return -ENOMEM;
72667f08 1017
105e1512
LP		 1018 next_closer_domain = strjoin(l, ".", p, NULL);
1019 if (!next_closer_domain)
1020 return -ENOMEM;
72667f08 1021
105e1512
LP		 1022 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1023 _cleanup_free_ char *label = NULL, *next_hashed_domain = NULL;
1024 const char *nsec3_parent;
1025
1026 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
1027 continue;
72667f08 1028
105e1512
LP		 1029 if (rr->key->type != DNS_TYPE_NSEC3)
1030 continue;
72667f08 1031
105e1512
LP		 1032 /* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
1033 if (!IN_SET(rr->nsec3.flags, 0, 1))
1034 continue;
72667f08 1035
105e1512
LP		 1036 nsec3_parent = DNS_RESOURCE_KEY_NAME(rr->key);
1037 r = dns_name_parent(&nsec3_parent);
1038 if (r < 0)
1039 return r;
1040 if (r == 0)
1041 continue;
1042
1043 r = dns_name_equal(p, nsec3_parent);
1044 if (r < 0)
1045 return r;
1046 if (r == 0)
1047 continue;
1048
1049 label = base32hexmem(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, false);
1050 if (!label)
1051 return -ENOMEM;
1052
1053 next_hashed_domain = strjoin(label, ".", p, NULL);
1054 if (!next_hashed_domain)
1055 return -ENOMEM;
1056
1057 r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), next_closer_domain, next_hashed_domain);
1058 if (r < 0)
1059 return r;
1060 if (r > 0) {
1061 if (rr->nsec3.flags & 1)
1062 *result = DNSSEC_NSEC_OPTOUT;
1063 else
72667f08 1064 *result = DNSSEC_NSEC_NXDOMAIN;
105e1512
LP		 1065
1066 return 1;
1067 }
1068 }
1069
1070 *result = DNSSEC_NSEC_NO_RR;
1071 return 0;
1072}
1073
1074int dnssec_test_nsec(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result) {
1075 DnsResourceRecord *rr;
1076 bool have_nsec3 = false;
1077 DnsAnswerFlags flags;
1078 int r;
1079
1080 assert(key);
1081 assert(result);
1082
1083 /* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
1084
1085 DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
1086
1087 if (rr->key->class != key->class)
1088 continue;
1089
1090 if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
1091 continue;
1092
1093 switch (rr->key->type) {
1094
1095 case DNS_TYPE_NSEC:
1096
1097 r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key));
1098 if (r < 0)
1099 return r;
1100 if (r > 0) {
1101 *result = bitmap_isset(rr->nsec.types, key->type) ? DNSSEC_NSEC_FOUND : DNSSEC_NSEC_NODATA;
72667f08
LP		 1102 return 0;
1103 }
1104
105e1512
LP		 1105 r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key), rr->nsec.next_domain_name);
1106 if (r < 0)
1107 return r;
1108 if (r > 0) {
1109 *result = DNSSEC_NSEC_NXDOMAIN;
1110 return 0;
1111 }
72667f08 1112 break;
72667f08 1113
105e1512
LP		 1114 case DNS_TYPE_NSEC3:
1115 have_nsec3 = true;
72667f08
LP		 1116 break;
1117 }
1118 }
1119
105e1512
LP		 1120 /* OK, this was not sufficient. Let's see if NSEC3 can help. */
1121 if (have_nsec3)
1122 return dnssec_test_nsec3(answer, key, result);
1123
72667f08
LP		 1124 /* No approproate NSEC RR found, report this. */
1125 *result = DNSSEC_NSEC_NO_RR;
1126 return 0;
1127}
1128
24710c48
LP		 1129static const char* const dnssec_mode_table[_DNSSEC_MODE_MAX] = {
1130 [DNSSEC_NO] = "no",
24710c48
LP		 1131 [DNSSEC_YES] = "yes",
1132};
1133DEFINE_STRING_TABLE_LOOKUP(dnssec_mode, DnssecMode);
547973de
LP		 1134
1135static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
1136 [DNSSEC_VALIDATED] = "validated",
1137 [DNSSEC_INVALID] = "invalid",
203f1b35
LP		 1138 [DNSSEC_SIGNATURE_EXPIRED] = "signature-expired",
1139 [DNSSEC_UNSUPPORTED_ALGORITHM] = "unsupported-algorithm",
547973de
LP		 1140 [DNSSEC_NO_SIGNATURE] = "no-signature",
1141 [DNSSEC_MISSING_KEY] = "missing-key",
203f1b35 1142 [DNSSEC_UNSIGNED] = "unsigned",
547973de 1143 [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
72667f08 1144 [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
547973de
LP		 1145};
1146DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
Unnamed repository; edit this file 'description' to name the repository.