Annotation of embedaddon/dnsmasq/src/dnssec.c, revision 1.1.1.3
1.1 misho 1: /* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
1.1.1.3 ! misho 2: and Copyright (c) 2012-2020 Simon Kelley
1.1 misho 3:
4: This program is free software; you can redistribute it and/or modify
5: it under the terms of the GNU General Public License as published by
6: the Free Software Foundation; version 2 dated June, 1991, or
7: (at your option) version 3 dated 29 June, 2007.
8:
9: This program is distributed in the hope that it will be useful,
10: but WITHOUT ANY WARRANTY; without even the implied warranty of
11: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12: GNU General Public License for more details.
13:
14: You should have received a copy of the GNU General Public License
15: along with this program. If not, see <http://www.gnu.org/licenses/>.
16: */
17:
18: #include "dnsmasq.h"
19:
20: #ifdef HAVE_DNSSEC
21:
22: #define SERIAL_UNDEF -100
23: #define SERIAL_EQ 0
24: #define SERIAL_LT -1
25: #define SERIAL_GT 1
26:
27: /* Convert from presentation format to wire format, in place.
28: Also map UC -> LC.
29: Note that using extract_name to get presentation format
30: then calling to_wire() removes compression and maps case,
31: thus generating names in canonical form.
32: Calling to_wire followed by from_wire is almost an identity,
33: except that the UC remains mapped to LC.
1.1.1.2 misho 34:
35: Note that both /000 and '.' are allowed within labels. These get
36: represented in presentation format using NAME_ESCAPE as an escape
37: character. In theory, if all the characters in a name were /000 or
38: '.' or NAME_ESCAPE then all would have to be escaped, so the
39: presentation format would be twice as long as the spec (1024).
1.1.1.3 ! misho 40: The buffers are all declared as 2049 (allowing for the trailing zero)
1.1.1.2 misho 41: for this reason.
1.1 misho 42: */
43: static int to_wire(char *name)
44: {
1.1.1.2 misho 45: unsigned char *l, *p, *q, term;
1.1 misho 46: int len;
47:
48: for (l = (unsigned char*)name; *l != 0; l = p)
49: {
50: for (p = l; *p != '.' && *p != 0; p++)
51: if (*p >= 'A' && *p <= 'Z')
52: *p = *p - 'A' + 'a';
1.1.1.2 misho 53: else if (*p == NAME_ESCAPE)
54: {
55: for (q = p; *q; q++)
56: *q = *(q+1);
57: (*p)--;
58: }
1.1 misho 59: term = *p;
60:
61: if ((len = p - l) != 0)
62: memmove(l+1, l, len);
63: *l = len;
64:
65: p++;
66:
67: if (term == 0)
68: *p = 0;
69: }
70:
71: return l + 1 - (unsigned char *)name;
72: }
73:
74: /* Note: no compression allowed in input. */
75: static void from_wire(char *name)
76: {
1.1.1.2 misho 77: unsigned char *l, *p, *last;
1.1 misho 78: int len;
1.1.1.2 misho 79:
80: for (last = (unsigned char *)name; *last != 0; last += *last+1);
81:
1.1 misho 82: for (l = (unsigned char *)name; *l != 0; l += len+1)
83: {
84: len = *l;
85: memmove(l, l+1, len);
1.1.1.2 misho 86: for (p = l; p < l + len; p++)
87: if (*p == '.' || *p == 0 || *p == NAME_ESCAPE)
88: {
89: memmove(p+1, p, 1 + last - p);
90: len++;
91: *p++ = NAME_ESCAPE;
92: (*p)++;
93: }
94:
1.1 misho 95: l[len] = '.';
96: }
97:
98: if ((char *)l != name)
99: *(l-1) = 0;
100: }
101:
102: /* Input in presentation format */
103: static int count_labels(char *name)
104: {
105: int i;
1.1.1.3 ! misho 106: char *p;
! 107:
1.1 misho 108: if (*name == 0)
109: return 0;
110:
1.1.1.3 ! misho 111: for (p = name, i = 0; *p; p++)
! 112: if (*p == '.')
1.1 misho 113: i++;
114:
1.1.1.3 ! misho 115: /* Don't count empty first label. */
! 116: return *name == '.' ? i : i+1;
1.1 misho 117: }
118:
119: /* Implement RFC1982 wrapped compare for 32-bit numbers */
1.1.1.2 misho 120: static int serial_compare_32(u32 s1, u32 s2)
1.1 misho 121: {
122: if (s1 == s2)
123: return SERIAL_EQ;
124:
125: if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
126: (s1 > s2 && (s1 - s2) > (1UL<<31)))
127: return SERIAL_LT;
128: if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
129: (s1 > s2 && (s1 - s2) < (1UL<<31)))
130: return SERIAL_GT;
131: return SERIAL_UNDEF;
132: }
133:
1.1.1.2 misho 134: /* Called at startup. If the timestamp file is configured and exists, put its mtime on
135: timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
136: return -1 -> Cannot create file.
137: 0 -> not using timestamp, or timestamp exists and is in past.
138: 1 -> timestamp exists and is in future.
139: */
140:
141: static time_t timestamp_time;
142:
143: int setup_timestamp(void)
1.1 misho 144: {
1.1.1.2 misho 145: struct stat statbuf;
146:
147: daemon->back_to_the_future = 0;
148:
149: if (!daemon->timestamp_file)
150: return 0;
151:
152: if (stat(daemon->timestamp_file, &statbuf) != -1)
153: {
154: timestamp_time = statbuf.st_mtime;
155: check_and_exit:
156: if (difftime(timestamp_time, time(0)) <= 0)
157: {
158: /* time already OK, update timestamp, and do key checking from the start. */
1.1.1.3 ! misho 159: if (utimes(daemon->timestamp_file, NULL) == -1)
1.1.1.2 misho 160: my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
161: daemon->back_to_the_future = 1;
162: return 0;
163: }
164: return 1;
165: }
166:
167: if (errno == ENOENT)
168: {
169: /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
170: int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666);
171: if (fd != -1)
172: {
1.1.1.3 ! misho 173: struct timeval tv[2];
1.1.1.2 misho 174:
175: close(fd);
176:
1.1.1.3 ! misho 177: timestamp_time = 1420070400; /* 1-1-2015 */
! 178: tv[0].tv_sec = tv[1].tv_sec = timestamp_time;
! 179: tv[0].tv_usec = tv[1].tv_usec = 0;
! 180: if (utimes(daemon->timestamp_file, tv) == 0)
1.1.1.2 misho 181: goto check_and_exit;
182: }
183: }
1.1 misho 184:
1.1.1.2 misho 185: return -1;
186: }
187:
188: /* Check whether today/now is between date_start and date_end */
1.1.1.3 ! misho 189: static int is_check_date(unsigned long curtime)
1.1.1.2 misho 190: {
1.1 misho 191: /* Checking timestamps may be temporarily disabled */
1.1.1.2 misho 192:
193: /* If the current time if _before_ the timestamp
194: on our persistent timestamp file, then assume the
195: time if not yet correct, and don't check the
196: key timestamps. As soon as the current time is
197: later then the timestamp, update the timestamp
198: and start checking keys */
199: if (daemon->timestamp_file)
200: {
201: if (daemon->back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
202: {
1.1.1.3 ! misho 203: if (utimes(daemon->timestamp_file, NULL) != 0)
1.1.1.2 misho 204: my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
205:
1.1.1.3 ! misho 206: my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
1.1.1.2 misho 207: daemon->back_to_the_future = 1;
1.1.1.3 ! misho 208: daemon->dnssec_no_time_check = 0;
1.1.1.2 misho 209: queue_event(EVENT_RELOAD); /* purge cache */
210: }
211:
1.1.1.3 ! misho 212: return daemon->back_to_the_future;
1.1.1.2 misho 213: }
1.1.1.3 ! misho 214: else
! 215: return !daemon->dnssec_no_time_check;
! 216: }
! 217:
! 218: /* Check whether today/now is between date_start and date_end */
! 219: static int check_date_range(unsigned long curtime, u32 date_start, u32 date_end)
! 220: {
1.1 misho 221: /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
222: return serial_compare_32(curtime, date_start) == SERIAL_GT
223: && serial_compare_32(curtime, date_end) == SERIAL_LT;
224: }
225:
1.1.1.3 ! misho 226: /* Return bytes of canonicalised rrdata one by one.
! 227: Init state->ip with the RR, and state->end with the end of same.
! 228: Init state->op to NULL.
! 229: Init state->desc to RR descriptor.
! 230: Init state->buff with a MAXDNAME * 2 buffer.
! 231:
! 232: After each call which returns 1, state->op points to the next byte of data.
! 233: On returning 0, the end has been reached.
! 234: */
! 235: struct rdata_state {
! 236: u16 *desc;
! 237: size_t c;
! 238: unsigned char *end, *ip, *op;
! 239: char *buff;
! 240: };
! 241:
! 242: static int get_rdata(struct dns_header *header, size_t plen, struct rdata_state *state)
1.1 misho 243: {
1.1.1.3 ! misho 244: int d;
1.1 misho 245:
1.1.1.3 ! misho 246: if (state->op && state->c != 1)
1.1.1.2 misho 247: {
1.1.1.3 ! misho 248: state->op++;
! 249: state->c--;
! 250: return 1;
1.1.1.2 misho 251: }
1.1.1.3 ! misho 252:
! 253: while (1)
! 254: {
! 255: d = *(state->desc);
1.1 misho 256:
1.1.1.3 ! misho 257: if (d == (u16)-1)
1.1 misho 258: {
1.1.1.3 ! misho 259: /* all the bytes to the end. */
! 260: if ((state->c = state->end - state->ip) != 0)
! 261: {
! 262: state->op = state->ip;
! 263: state->ip = state->end;;
! 264: }
! 265: else
! 266: return 0;
! 267: }
! 268: else
! 269: {
! 270: state->desc++;
! 271:
! 272: if (d == (u16)0)
! 273: {
! 274: /* domain-name, canonicalise */
! 275: int len;
! 276:
! 277: if (!extract_name(header, plen, &state->ip, state->buff, 1, 0) ||
! 278: (len = to_wire(state->buff)) == 0)
! 279: continue;
! 280:
! 281: state->c = len;
! 282: state->op = (unsigned char *)state->buff;
! 283: }
! 284: else
! 285: {
! 286: /* plain data preceding a domain-name, don't run off the end of the data */
! 287: if ((state->end - state->ip) < d)
! 288: d = state->end - state->ip;
! 289:
! 290: if (d == 0)
! 291: continue;
! 292:
! 293: state->op = state->ip;
! 294: state->c = d;
! 295: state->ip += d;
! 296: }
1.1 misho 297: }
298:
1.1.1.3 ! misho 299: return 1;
1.1 misho 300: }
301: }
302:
1.1.1.3 ! misho 303: /* Bubble sort the RRset into the canonical order. */
1.1 misho 304:
1.1.1.3 ! misho 305: static int sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
! 306: unsigned char **rrset, char *buff1, char *buff2)
1.1 misho 307: {
1.1.1.3 ! misho 308: int swap, i, j;
1.1 misho 309:
310: do
311: {
312: for (swap = 0, i = 0; i < rrsetidx-1; i++)
313: {
1.1.1.3 ! misho 314: int rdlen1, rdlen2;
! 315: struct rdata_state state1, state2;
! 316:
1.1 misho 317: /* Note that these have been determined to be OK previously,
318: so we don't need to check for NULL return here. */
1.1.1.3 ! misho 319: state1.ip = skip_name(rrset[i], header, plen, 10);
! 320: state2.ip = skip_name(rrset[i+1], header, plen, 10);
! 321: state1.op = state2.op = NULL;
! 322: state1.buff = buff1;
! 323: state2.buff = buff2;
! 324: state1.desc = state2.desc = rr_desc;
! 325:
! 326: state1.ip += 8; /* skip class, type, ttl */
! 327: GETSHORT(rdlen1, state1.ip);
! 328: if (!CHECK_LEN(header, state1.ip, plen, rdlen1))
! 329: return rrsetidx; /* short packet */
! 330: state1.end = state1.ip + rdlen1;
! 331:
! 332: state2.ip += 8; /* skip class, type, ttl */
! 333: GETSHORT(rdlen2, state2.ip);
! 334: if (!CHECK_LEN(header, state2.ip, plen, rdlen2))
! 335: return rrsetidx; /* short packet */
! 336: state2.end = state2.ip + rdlen2;
! 337:
! 338: /* If the RR has no names in it then canonicalisation
! 339: is the identity function and we can compare
! 340: the RRs directly. If not we compare the
! 341: canonicalised RRs one byte at a time. */
! 342: if (*rr_desc == (u16)-1)
1.1 misho 343: {
1.1.1.3 ! misho 344: int rdmin = rdlen1 > rdlen2 ? rdlen2 : rdlen1;
! 345: int cmp = memcmp(state1.ip, state2.ip, rdmin);
1.1 misho 346:
1.1.1.3 ! misho 347: if (cmp > 0 || (cmp == 0 && rdlen1 > rdmin))
1.1 misho 348: {
349: unsigned char *tmp = rrset[i+1];
350: rrset[i+1] = rrset[i];
351: rrset[i] = tmp;
1.1.1.3 ! misho 352: swap = 1;
! 353: }
! 354: else if (cmp == 0 && (rdlen1 == rdlen2))
! 355: {
! 356: /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
! 357: for (j = i+1; j < rrsetidx-1; j++)
! 358: rrset[j] = rrset[j+1];
! 359: rrsetidx--;
! 360: i--;
1.1 misho 361: }
362: }
1.1.1.3 ! misho 363: else
! 364: /* Comparing canonicalised RRs, byte-at-a-time. */
! 365: while (1)
! 366: {
! 367: int ok1, ok2;
! 368:
! 369: ok1 = get_rdata(header, plen, &state1);
! 370: ok2 = get_rdata(header, plen, &state2);
! 371:
! 372: if (!ok1 && !ok2)
! 373: {
! 374: /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
! 375: for (j = i+1; j < rrsetidx-1; j++)
! 376: rrset[j] = rrset[j+1];
! 377: rrsetidx--;
! 378: i--;
! 379: break;
! 380: }
! 381: else if (ok1 && (!ok2 || *state1.op > *state2.op))
! 382: {
! 383: unsigned char *tmp = rrset[i+1];
! 384: rrset[i+1] = rrset[i];
! 385: rrset[i] = tmp;
! 386: swap = 1;
! 387: break;
! 388: }
! 389: else if (ok2 && (!ok1 || *state2.op > *state1.op))
! 390: break;
! 391:
! 392: /* arrive here when bytes are equal, go round the loop again
! 393: and compare the next ones. */
! 394: }
1.1 misho 395: }
396: } while (swap);
1.1.1.3 ! misho 397:
! 398: return rrsetidx;
1.1 misho 399: }
400:
1.1.1.2 misho 401: static unsigned char **rrset = NULL, **sigs = NULL;
1.1 misho 402:
1.1.1.3 ! misho 403: /* Get pointers to RRset members and signature(s) for same.
1.1.1.2 misho 404: Check signatures, and return keyname associated in keyname. */
405: static int explore_rrset(struct dns_header *header, size_t plen, int class, int type,
406: char *name, char *keyname, int *sigcnt, int *rrcnt)
1.1 misho 407: {
1.1.1.2 misho 408: static int rrset_sz = 0, sig_sz = 0;
1.1 misho 409: unsigned char *p;
1.1.1.2 misho 410: int rrsetidx, sigidx, j, rdlen, res;
411: int gotkey = 0;
1.1 misho 412:
413: if (!(p = skip_questions(header, plen)))
1.1.1.3 ! misho 414: return 0;
1.1 misho 415:
1.1.1.2 misho 416: /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
1.1 misho 417: for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
418: j != 0; j--)
419: {
420: unsigned char *pstart, *pdata;
1.1.1.2 misho 421: int stype, sclass, type_covered;
1.1 misho 422:
423: pstart = p;
424:
425: if (!(res = extract_name(header, plen, &p, name, 0, 10)))
1.1.1.3 ! misho 426: return 0; /* bad packet */
1.1 misho 427:
428: GETSHORT(stype, p);
429: GETSHORT(sclass, p);
1.1.1.3 ! misho 430:
1.1 misho 431: pdata = p;
432:
1.1.1.3 ! misho 433: p += 4; /* TTL */
1.1 misho 434: GETSHORT(rdlen, p);
435:
436: if (!CHECK_LEN(header, p, plen, rdlen))
1.1.1.2 misho 437: return 0;
1.1 misho 438:
439: if (res == 1 && sclass == class)
440: {
441: if (stype == type)
442: {
443: if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
1.1.1.2 misho 444: return 0;
1.1 misho 445:
446: rrset[rrsetidx++] = pstart;
447: }
448:
449: if (stype == T_RRSIG)
450: {
451: if (rdlen < 18)
1.1.1.2 misho 452: return 0; /* bad packet */
1.1 misho 453:
454: GETSHORT(type_covered, p);
1.1.1.2 misho 455: p += 16; /* algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag */
456:
457: if (gotkey)
458: {
459: /* If there's more than one SIG, ensure they all have same keyname */
460: if (extract_name(header, plen, &p, keyname, 0, 0) != 1)
461: return 0;
462: }
463: else
464: {
465: gotkey = 1;
466:
467: if (!extract_name(header, plen, &p, keyname, 1, 0))
468: return 0;
469:
470: /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
471: the name of the zone containing the RRset. We can't tell that
472: for certain, but we can check that the RRset name is equal to
473: or encloses the signers name, which should be enough to stop
474: an attacker using signatures made with the key of an unrelated
475: zone he controls. Note that the root key is always allowed. */
476: if (*keyname != 0)
477: {
478: char *name_start;
479: for (name_start = name; !hostname_isequal(name_start, keyname); )
480: if ((name_start = strchr(name_start, '.')))
481: name_start++; /* chop a label off and try again */
482: else
483: return 0;
484: }
485: }
486:
1.1 misho 487:
488: if (type_covered == type)
489: {
490: if (!expand_workspace(&sigs, &sig_sz, sigidx))
1.1.1.2 misho 491: return 0;
1.1 misho 492:
493: sigs[sigidx++] = pdata;
494: }
495:
1.1.1.3 ! misho 496: p = pdata + 6; /* restore for ADD_RDLEN */
1.1 misho 497: }
498: }
499:
500: if (!ADD_RDLEN(header, p, plen, rdlen))
1.1.1.2 misho 501: return 0;
1.1 misho 502: }
503:
1.1.1.2 misho 504: *sigcnt = sigidx;
505: *rrcnt = rrsetidx;
506:
507: return 1;
508: }
509:
510: /* Validate a single RRset (class, type, name) in the supplied DNS reply
511: Return code:
512: STAT_SECURE if it validates.
513: STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
514: (In this case *wildcard_out points to the "body" of the wildcard within name.)
515: STAT_BOGUS signature is wrong, bad packet.
516: STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
517: STAT_NEED_DS need DS to complete validation (name is returned in keyname)
518:
519: If key is non-NULL, use that key, which has the algo and tag given in the params of those names,
520: otherwise find the key in the cache.
521:
522: Name is unchanged on exit. keyname is used as workspace and trashed.
523:
524: Call explore_rrset first to find and count RRs and sigs.
1.1.1.3 ! misho 525:
! 526: ttl_out is the floor on TTL, based on TTL and orig_ttl and expiration of sig used to validate.
1.1.1.2 misho 527: */
528: static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type, int sigidx, int rrsetidx,
1.1.1.3 ! misho 529: char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen,
! 530: int algo_in, int keytag_in, unsigned long *ttl_out)
1.1.1.2 misho 531: {
532: unsigned char *p;
1.1.1.3 ! misho 533: int rdlen, j, name_labels, algo, labels, key_tag;
1.1.1.2 misho 534: struct crec *crecp = NULL;
535: u16 *rr_desc = rrfilter_desc(type);
1.1.1.3 ! misho 536: u32 sig_expiration, sig_inception;
! 537:
! 538: unsigned long curtime = time(0);
! 539: int time_check = is_check_date(curtime);
! 540:
1.1.1.2 misho 541: if (wildcard_out)
542: *wildcard_out = NULL;
1.1 misho 543:
1.1.1.2 misho 544: name_labels = count_labels(name); /* For 4035 5.3.2 check */
545:
1.1 misho 546: /* Sort RRset records into canonical order.
547: Note that at this point keyname and daemon->workspacename buffs are
548: unused, and used as workspace by the sort. */
1.1.1.3 ! misho 549: rrsetidx = sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
1.1 misho 550:
551: /* Now try all the sigs to try and find one which validates */
552: for (j = 0; j <sigidx; j++)
553: {
554: unsigned char *psav, *sig, *digest;
555: int i, wire_len, sig_len;
556: const struct nettle_hash *hash;
557: void *ctx;
558: char *name_start;
1.1.1.3 ! misho 559: u32 nsigttl, ttl, orig_ttl;
1.1 misho 560:
561: p = sigs[j];
1.1.1.3 ! misho 562: GETLONG(ttl, p);
1.1 misho 563: GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
564: psav = p;
565:
566: p += 2; /* type_covered - already checked */
567: algo = *p++;
568: labels = *p++;
569: GETLONG(orig_ttl, p);
570: GETLONG(sig_expiration, p);
571: GETLONG(sig_inception, p);
572: GETSHORT(key_tag, p);
573:
574: if (!extract_name(header, plen, &p, keyname, 1, 0))
575: return STAT_BOGUS;
576:
1.1.1.3 ! misho 577: if ((time_check && !check_date_range(curtime, sig_inception, sig_expiration)) ||
1.1 misho 578: labels > name_labels ||
579: !(hash = hash_find(algo_digest_name(algo))) ||
580: !hash_init(hash, &ctx, &digest))
581: continue;
1.1.1.3 ! misho 582:
1.1 misho 583: /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
584: if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
585: return STAT_NEED_KEY;
1.1.1.3 ! misho 586:
! 587: if (ttl_out)
! 588: {
! 589: /* 4035 5.3.3 rules on TTLs */
! 590: if (orig_ttl < ttl)
! 591: ttl = orig_ttl;
! 592:
! 593: if (time_check && difftime(sig_expiration, curtime) < ttl)
! 594: ttl = difftime(sig_expiration, curtime);
! 595:
! 596: *ttl_out = ttl;
! 597: }
! 598:
1.1 misho 599: sig = p;
600: sig_len = rdlen - (p - psav);
601:
602: nsigttl = htonl(orig_ttl);
603:
604: hash->update(ctx, 18, psav);
605: wire_len = to_wire(keyname);
606: hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
607: from_wire(keyname);
1.1.1.3 ! misho 608:
! 609: #define RRBUFLEN 128 /* Most RRs are smaller than this. */
1.1 misho 610:
611: for (i = 0; i < rrsetidx; ++i)
612: {
1.1.1.3 ! misho 613: int j;
! 614: struct rdata_state state;
! 615: u16 len;
! 616: unsigned char rrbuf[RRBUFLEN];
1.1 misho 617:
618: p = rrset[i];
1.1.1.3 ! misho 619:
1.1 misho 620: if (!extract_name(header, plen, &p, name, 1, 10))
621: return STAT_BOGUS;
622:
623: name_start = name;
624:
625: /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
626: if (labels < name_labels)
627: {
1.1.1.3 ! misho 628: for (j = name_labels - labels; j != 0; j--)
1.1.1.2 misho 629: {
630: while (*name_start != '.' && *name_start != 0)
631: name_start++;
1.1.1.3 ! misho 632: if (j != 1 && *name_start == '.')
1.1.1.2 misho 633: name_start++;
634: }
635:
636: if (wildcard_out)
637: *wildcard_out = name_start+1;
638:
1.1 misho 639: name_start--;
640: *name_start = '*';
641: }
642:
643: wire_len = to_wire(name_start);
644: hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
645: hash->update(ctx, 4, p); /* class and type */
646: hash->update(ctx, 4, (unsigned char *)&nsigttl);
1.1.1.3 ! misho 647:
! 648: p += 8; /* skip type, class, ttl */
1.1 misho 649: GETSHORT(rdlen, p);
650: if (!CHECK_LEN(header, p, plen, rdlen))
651: return STAT_BOGUS;
1.1.1.3 ! misho 652:
! 653: /* Optimisation for RR types which need no cannonicalisation.
! 654: This includes DNSKEY DS NSEC and NSEC3, which are also long, so
! 655: it saves lots of calls to get_rdata, and avoids the pessimal
! 656: segmented insertion, even with a small rrbuf[].
! 657:
! 658: If canonicalisation is not needed, a simple insertion into the hash works.
! 659: */
! 660: if (*rr_desc == (u16)-1)
! 661: {
! 662: len = htons(rdlen);
! 663: hash->update(ctx, 2, (unsigned char *)&len);
! 664: hash->update(ctx, rdlen, p);
! 665: }
! 666: else
! 667: {
! 668: /* canonicalise rdata and calculate length of same, use
! 669: name buffer as workspace for get_rdata. */
! 670: state.ip = p;
! 671: state.op = NULL;
! 672: state.desc = rr_desc;
! 673: state.buff = name;
! 674: state.end = p + rdlen;
! 675:
! 676: for (j = 0; get_rdata(header, plen, &state); j++)
! 677: if (j < RRBUFLEN)
! 678: rrbuf[j] = *state.op;
! 679:
! 680: len = htons((u16)j);
! 681: hash->update(ctx, 2, (unsigned char *)&len);
! 682:
! 683: /* If the RR is shorter than RRBUFLEN (most of them, in practice)
! 684: then we can just digest it now. If it exceeds RRBUFLEN we have to
! 685: go back to the start and do it in chunks. */
! 686: if (j >= RRBUFLEN)
! 687: {
! 688: state.ip = p;
! 689: state.op = NULL;
! 690: state.desc = rr_desc;
! 691:
! 692: for (j = 0; get_rdata(header, plen, &state); j++)
! 693: {
! 694: rrbuf[j] = *state.op;
! 695:
! 696: if (j == RRBUFLEN - 1)
! 697: {
! 698: hash->update(ctx, RRBUFLEN, rrbuf);
! 699: j = -1;
! 700: }
! 701: }
! 702: }
! 703:
! 704: if (j != 0)
! 705: hash->update(ctx, j, rrbuf);
! 706: }
1.1 misho 707: }
708:
709: hash->digest(ctx, hash->digest_size, digest);
710:
711: /* namebuff used for workspace above, restore to leave unchanged on exit */
712: p = (unsigned char*)(rrset[0]);
713: extract_name(header, plen, &p, name, 1, 0);
714:
715: if (key)
716: {
717: if (algo_in == algo && keytag_in == key_tag &&
718: verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
719: return STAT_SECURE;
720: }
721: else
722: {
723: /* iterate through all possible keys 4035 5.3.1 */
724: for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
725: if (crecp->addr.key.algo == algo &&
726: crecp->addr.key.keytag == key_tag &&
727: crecp->uid == (unsigned int)class &&
728: verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
729: return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
730: }
731: }
732:
733: return STAT_BOGUS;
734: }
735:
1.1.1.2 misho 736:
1.1 misho 737: /* The DNS packet is expected to contain the answer to a DNSKEY query.
738: Put all DNSKEYs in the answer which are valid into the cache.
739: return codes:
1.1.1.2 misho 740: STAT_OK Done, key(s) in cache.
741: STAT_BOGUS No DNSKEYs found, which can be validated with DS,
742: or self-sign for DNSKEY RRset is not valid, bad packet.
743: STAT_NEED_DS DS records to validate a key not found, name in keyname
744: STAT_NEED_KEY DNSKEY records to validate a key not found, name in keyname
1.1 misho 745: */
746: int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
747: {
748: unsigned char *psave, *p = (unsigned char *)(header+1);
749: struct crec *crecp, *recp1;
1.1.1.3 ! misho 750: int rc, j, qtype, qclass, rdlen, flags, algo, valid, keytag;
! 751: unsigned long ttl, sig_ttl;
1.1 misho 752: struct blockdata *key;
1.1.1.3 ! misho 753: union all_addr a;
1.1 misho 754:
755: if (ntohs(header->qdcount) != 1 ||
1.1.1.3 ! misho 756: RCODE(header) == SERVFAIL || RCODE(header) == REFUSED ||
1.1 misho 757: !extract_name(header, plen, &p, name, 1, 4))
758: return STAT_BOGUS;
759:
760: GETSHORT(qtype, p);
761: GETSHORT(qclass, p);
762:
1.1.1.2 misho 763: if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
1.1 misho 764: return STAT_BOGUS;
765:
766: /* See if we have cached a DS record which validates this key */
767: if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
768: {
769: strcpy(keyname, name);
770: return STAT_NEED_DS;
771: }
772:
773: /* NOTE, we need to find ONE DNSKEY which matches the DS */
774: for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
775: {
776: /* Ensure we have type, class TTL and length */
777: if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
778: return STAT_BOGUS; /* bad packet */
779:
780: GETSHORT(qtype, p);
781: GETSHORT(qclass, p);
782: GETLONG(ttl, p);
783: GETSHORT(rdlen, p);
784:
785: if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
786: return STAT_BOGUS; /* bad packet */
787:
788: if (qclass != class || qtype != T_DNSKEY || rc == 2)
789: {
790: p += rdlen;
791: continue;
792: }
793:
794: psave = p;
795:
796: GETSHORT(flags, p);
797: if (*p++ != 3)
798: return STAT_BOGUS;
799: algo = *p++;
800: keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
801: key = NULL;
802:
803: /* key must have zone key flag set */
804: if (flags & 0x100)
805: key = blockdata_alloc((char*)p, rdlen - 4);
806:
807: p = psave;
808:
809: if (!ADD_RDLEN(header, p, plen, rdlen))
810: {
811: if (key)
812: blockdata_free(key);
813: return STAT_BOGUS; /* bad packet */
814: }
815:
816: /* No zone key flag or malloc failure */
817: if (!key)
818: continue;
819:
820: for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
821: {
822: void *ctx;
823: unsigned char *digest, *ds_digest;
824: const struct nettle_hash *hash;
1.1.1.2 misho 825: int sigcnt, rrcnt;
826:
1.1 misho 827: if (recp1->addr.ds.algo == algo &&
828: recp1->addr.ds.keytag == keytag &&
829: recp1->uid == (unsigned int)class &&
830: (hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
831: hash_init(hash, &ctx, &digest))
832:
833: {
834: int wire_len = to_wire(name);
835:
836: /* Note that digest may be different between DSs, so
837: we can't move this outside the loop. */
838: hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
839: hash->update(ctx, (unsigned int)rdlen, psave);
840: hash->digest(ctx, hash->digest_size, digest);
841:
842: from_wire(name);
843:
1.1.1.2 misho 844: if (!(recp1->flags & F_NEG) &&
845: recp1->addr.ds.keylen == (int)hash->digest_size &&
1.1.1.3 ! misho 846: (ds_digest = blockdata_retrieve(recp1->addr.ds.keydata, recp1->addr.ds.keylen, NULL)) &&
1.1 misho 847: memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
1.1.1.2 misho 848: explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) &&
849: sigcnt != 0 && rrcnt != 0 &&
850: validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname,
1.1.1.3 ! misho 851: NULL, key, rdlen - 4, algo, keytag, &sig_ttl) == STAT_SECURE)
1.1 misho 852: {
853: valid = 1;
854: break;
855: }
856: }
857: }
858: blockdata_free(key);
859: }
860:
861: if (valid)
862: {
1.1.1.2 misho 863: /* DNSKEY RRset determined to be OK, now cache it. */
1.1 misho 864: cache_start_insert();
865:
866: p = skip_questions(header, plen);
867:
868: for (j = ntohs(header->ancount); j != 0; j--)
869: {
870: /* Ensure we have type, class TTL and length */
871: if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1.1.1.2 misho 872: return STAT_BOGUS; /* bad packet */
1.1 misho 873:
874: GETSHORT(qtype, p);
875: GETSHORT(qclass, p);
876: GETLONG(ttl, p);
877: GETSHORT(rdlen, p);
1.1.1.3 ! misho 878:
! 879: /* TTL may be limited by sig. */
! 880: if (sig_ttl < ttl)
! 881: ttl = sig_ttl;
1.1 misho 882:
883: if (!CHECK_LEN(header, p, plen, rdlen))
884: return STAT_BOGUS; /* bad packet */
885:
886: if (qclass == class && rc == 1)
887: {
888: psave = p;
889:
890: if (qtype == T_DNSKEY)
891: {
892: if (rdlen < 4)
893: return STAT_BOGUS; /* bad packet */
894:
895: GETSHORT(flags, p);
896: if (*p++ != 3)
897: return STAT_BOGUS;
898: algo = *p++;
899: keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
900:
901: if ((key = blockdata_alloc((char*)p, rdlen - 4)))
902: {
1.1.1.3 ! misho 903: a.key.keylen = rdlen - 4;
! 904: a.key.keydata = key;
! 905: a.key.algo = algo;
! 906: a.key.keytag = keytag;
! 907: a.key.flags = flags;
! 908:
! 909: if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))
1.1.1.2 misho 910: {
911: blockdata_free(key);
912: return STAT_BOGUS;
913: }
1.1 misho 914: else
915: {
1.1.1.3 ! misho 916: a.log.keytag = keytag;
! 917: a.log.algo = algo;
! 918: if (algo_digest_name(algo))
1.1.1.2 misho 919: log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
920: else
921: log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
1.1 misho 922: }
923: }
924: }
1.1.1.2 misho 925:
1.1 misho 926: p = psave;
927: }
928:
929: if (!ADD_RDLEN(header, p, plen, rdlen))
930: return STAT_BOGUS; /* bad packet */
931: }
932:
933: /* commit cache insert. */
934: cache_end_insert();
1.1.1.2 misho 935: return STAT_OK;
1.1 misho 936: }
937:
1.1.1.2 misho 938: log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1.1 misho 939: return STAT_BOGUS;
940: }
941:
942: /* The DNS packet is expected to contain the answer to a DS query
943: Put all DSs in the answer which are valid into the cache.
1.1.1.2 misho 944: Also handles replies which prove that there's no DS at this location,
945: either because the zone is unsigned or this isn't a zone cut. These are
946: cached too.
1.1 misho 947: return codes:
1.1.1.2 misho 948: STAT_OK At least one valid DS found and in cache.
949: STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
950: STAT_NEED_KEY DNSKEY records to validate a DS not found, name in keyname
951: STAT_NEED_DS DS record needed.
1.1 misho 952: */
953:
954: int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
955: {
956: unsigned char *p = (unsigned char *)(header+1);
1.1.1.3 ! misho 957: int qtype, qclass, rc, i, neganswer, nons, neg_ttl = 0;
1.1.1.2 misho 958: int aclass, atype, rdlen;
959: unsigned long ttl;
1.1.1.3 ! misho 960: union all_addr a;
1.1 misho 961:
962: if (ntohs(header->qdcount) != 1 ||
963: !(p = skip_name(p, header, plen, 4)))
964: return STAT_BOGUS;
965:
966: GETSHORT(qtype, p);
967: GETSHORT(qclass, p);
968:
969: if (qtype != T_DS || qclass != class)
1.1.1.2 misho 970: rc = STAT_BOGUS;
1.1 misho 971: else
1.1.1.3 ! misho 972: rc = dnssec_validate_reply(now, header, plen, name, keyname, NULL, 0, &neganswer, &nons, &neg_ttl);
1.1 misho 973:
1.1.1.2 misho 974: if (rc == STAT_INSECURE)
1.1.1.3 ! misho 975: {
! 976: my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
! 977: rc = STAT_BOGUS;
! 978: }
! 979:
1.1 misho 980: p = (unsigned char *)(header+1);
981: extract_name(header, plen, &p, name, 1, 4);
982: p += 4; /* qtype, qclass */
983:
1.1.1.2 misho 984: /* If the key needed to validate the DS is on the same domain as the DS, we'll
985: loop getting nowhere. Stop that now. This can happen of the DS answer comes
986: from the DS's zone, and not the parent zone. */
987: if (rc == STAT_BOGUS || (rc == STAT_NEED_KEY && hostname_isequal(name, keyname)))
988: {
989: log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
990: return STAT_BOGUS;
991: }
1.1 misho 992:
1.1.1.2 misho 993: if (rc != STAT_SECURE)
994: return rc;
995:
996: if (!neganswer)
1.1 misho 997: {
1.1.1.2 misho 998: cache_start_insert();
999:
1000: for (i = 0; i < ntohs(header->ancount); i++)
1001: {
1002: if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1003: return STAT_BOGUS; /* bad packet */
1004:
1005: GETSHORT(atype, p);
1006: GETSHORT(aclass, p);
1007: GETLONG(ttl, p);
1008: GETSHORT(rdlen, p);
1009:
1010: if (!CHECK_LEN(header, p, plen, rdlen))
1011: return STAT_BOGUS; /* bad packet */
1012:
1013: if (aclass == class && atype == T_DS && rc == 1)
1014: {
1015: int algo, digest, keytag;
1016: unsigned char *psave = p;
1017: struct blockdata *key;
1.1.1.3 ! misho 1018:
1.1.1.2 misho 1019: if (rdlen < 4)
1020: return STAT_BOGUS; /* bad packet */
1021:
1022: GETSHORT(keytag, p);
1023: algo = *p++;
1024: digest = *p++;
1025:
1026: if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1027: {
1.1.1.3 ! misho 1028: a.ds.digest = digest;
! 1029: a.ds.keydata = key;
! 1030: a.ds.algo = algo;
! 1031: a.ds.keytag = keytag;
! 1032: a.ds.keylen = rdlen - 4;
! 1033:
! 1034: if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))
1.1.1.2 misho 1035: {
1036: blockdata_free(key);
1037: return STAT_BOGUS;
1038: }
1039: else
1040: {
1.1.1.3 ! misho 1041: a.log.keytag = keytag;
! 1042: a.log.algo = algo;
! 1043: a.log.digest = digest;
! 1044: if (ds_digest_name(digest) && algo_digest_name(algo))
1.1.1.2 misho 1045: log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
1046: else
1047: log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
1048: }
1049: }
1050:
1051: p = psave;
1052: }
1053: if (!ADD_RDLEN(header, p, plen, rdlen))
1054: return STAT_BOGUS; /* bad packet */
1055: }
1.1 misho 1056:
1.1.1.2 misho 1057: cache_end_insert();
1058:
1059: }
1060: else
1061: {
1062: int flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
1.1.1.3 ! misho 1063:
1.1 misho 1064: if (RCODE(header) == NXDOMAIN)
1065: flags |= F_NXDOMAIN;
1066:
1.1.1.2 misho 1067: /* We only cache validated DS records, DNSSECOK flag hijacked
1068: to store presence/absence of NS. */
1069: if (nons)
1070: flags &= ~F_DNSSECOK;
1.1 misho 1071:
1.1.1.3 ! misho 1072: cache_start_insert();
1.1 misho 1073:
1.1.1.3 ! misho 1074: /* Use TTL from NSEC for negative cache entries */
! 1075: if (!cache_insert(name, NULL, class, now, neg_ttl, flags))
! 1076: return STAT_BOGUS;
1.1 misho 1077:
1.1.1.3 ! misho 1078: cache_end_insert();
! 1079:
! 1080: log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no DS/cut" : "no DS");
1.1 misho 1081: }
1.1.1.2 misho 1082:
1083: return STAT_OK;
1.1 misho 1084: }
1085:
1.1.1.2 misho 1086:
1.1 misho 1087: /* 4034 6.1 */
1088: static int hostname_cmp(const char *a, const char *b)
1089: {
1090: char *sa, *ea, *ca, *sb, *eb, *cb;
1091: unsigned char ac, bc;
1092:
1093: sa = ea = (char *)a + strlen(a);
1094: sb = eb = (char *)b + strlen(b);
1095:
1096: while (1)
1097: {
1098: while (sa != a && *(sa-1) != '.')
1099: sa--;
1100:
1101: while (sb != b && *(sb-1) != '.')
1102: sb--;
1103:
1104: ca = sa;
1105: cb = sb;
1106:
1107: while (1)
1108: {
1109: if (ca == ea)
1110: {
1111: if (cb == eb)
1112: break;
1113:
1114: return -1;
1115: }
1116:
1117: if (cb == eb)
1118: return 1;
1119:
1120: ac = (unsigned char) *ca++;
1121: bc = (unsigned char) *cb++;
1122:
1123: if (ac >= 'A' && ac <= 'Z')
1124: ac += 'a' - 'A';
1125: if (bc >= 'A' && bc <= 'Z')
1126: bc += 'a' - 'A';
1127:
1128: if (ac < bc)
1129: return -1;
1130: else if (ac != bc)
1131: return 1;
1132: }
1133:
1134:
1135: if (sa == a)
1136: {
1137: if (sb == b)
1138: return 0;
1139:
1140: return -1;
1141: }
1142:
1143: if (sb == b)
1144: return 1;
1145:
1.1.1.2 misho 1146: ea = --sa;
1147: eb = --sb;
1.1 misho 1148: }
1149: }
1150:
1.1.1.3 ! misho 1151: static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, unsigned char **labels, int nsec_count,
! 1152: char *workspace1_in, char *workspace2, char *name, int type, int *nons)
1.1 misho 1153: {
1154: int i, rc, rdlen;
1155: unsigned char *p, *psave;
1156: int offset = (type & 0xff) >> 3;
1157: int mask = 0x80 >> (type & 0x07);
1.1.1.2 misho 1158:
1159: if (nons)
1160: *nons = 1;
1.1 misho 1161:
1162: /* Find NSEC record that proves name doesn't exist */
1163: for (i = 0; i < nsec_count; i++)
1164: {
1.1.1.3 ! misho 1165: char *workspace1 = workspace1_in;
! 1166: int sig_labels, name_labels;
! 1167:
1.1 misho 1168: p = nsecs[i];
1169: if (!extract_name(header, plen, &p, workspace1, 1, 10))
1.1.1.2 misho 1170: return 0;
1.1 misho 1171: p += 8; /* class, type, TTL */
1172: GETSHORT(rdlen, p);
1173: psave = p;
1174: if (!extract_name(header, plen, &p, workspace2, 1, 10))
1.1.1.2 misho 1175: return 0;
1.1.1.3 ! misho 1176:
! 1177: /* If NSEC comes from wildcard expansion, use original wildcard
! 1178: as name for computation. */
! 1179: sig_labels = *labels[i];
! 1180: name_labels = count_labels(workspace1);
! 1181:
! 1182: if (sig_labels < name_labels)
! 1183: {
! 1184: int k;
! 1185: for (k = name_labels - sig_labels; k != 0; k--)
! 1186: {
! 1187: while (*workspace1 != '.' && *workspace1 != 0)
! 1188: workspace1++;
! 1189: if (k != 1 && *workspace1 == '.')
! 1190: workspace1++;
! 1191: }
! 1192:
! 1193: workspace1--;
! 1194: *workspace1 = '*';
! 1195: }
! 1196:
1.1 misho 1197: rc = hostname_cmp(workspace1, name);
1198:
1199: if (rc == 0)
1200: {
1201: /* 4035 para 5.4. Last sentence */
1202: if (type == T_NSEC || type == T_RRSIG)
1.1.1.2 misho 1203: return 1;
1.1 misho 1204:
1205: /* NSEC with the same name as the RR we're testing, check
1206: that the type in question doesn't appear in the type map */
1207: rdlen -= p - psave;
1208: /* rdlen is now length of type map, and p points to it */
1209:
1.1.1.2 misho 1210: /* If we can prove that there's no NS record, return that information. */
1211: if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) != 0)
1212: *nons = 0;
1213:
1214: if (rdlen >= 2 && p[0] == 0)
1215: {
1216: /* A CNAME answer would also be valid, so if there's a CNAME is should
1217: have been returned. */
1218: if ((p[2] & (0x80 >> T_CNAME)) != 0)
1219: return 0;
1220:
1221: /* If the SOA bit is set for a DS record, then we have the
1.1.1.3 ! misho 1222: DS from the wrong side of the delegation. For the root DS,
! 1223: this is expected. */
! 1224: if (name_labels != 0 && type == T_DS && (p[2] & (0x80 >> T_SOA)) != 0)
1.1.1.2 misho 1225: return 0;
1226: }
1227:
1.1 misho 1228: while (rdlen >= 2)
1229: {
1230: if (!CHECK_LEN(header, p, plen, rdlen))
1.1.1.2 misho 1231: return 0;
1.1 misho 1232:
1233: if (p[0] == type >> 8)
1234: {
1235: /* Does the NSEC say our type exists? */
1236: if (offset < p[1] && (p[offset+2] & mask) != 0)
1.1.1.2 misho 1237: return 0;
1.1 misho 1238:
1.1.1.3 ! misho 1239: break; /* finished checking */
1.1 misho 1240: }
1241:
1242: rdlen -= p[1];
1243: p += p[1];
1244: }
1245:
1.1.1.2 misho 1246: return 1;
1.1 misho 1247: }
1248: else if (rc == -1)
1249: {
1250: /* Normal case, name falls between NSEC name and next domain name,
1251: wrap around case, name falls between NSEC name (rc == -1) and end */
1.1.1.2 misho 1252: if (hostname_cmp(workspace2, name) >= 0 || hostname_cmp(workspace1, workspace2) >= 0)
1253: return 1;
1.1 misho 1254: }
1255: else
1256: {
1257: /* wrap around case, name falls between start and next domain name */
1.1.1.2 misho 1258: if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
1259: return 1;
1.1 misho 1260: }
1261: }
1262:
1.1.1.2 misho 1263: return 0;
1.1 misho 1264: }
1265:
1266: /* return digest length, or zero on error */
1267: static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1268: unsigned char *salt, int salt_len, int iterations)
1269: {
1270: void *ctx;
1271: unsigned char *digest;
1272: int i;
1273:
1274: if (!hash_init(hash, &ctx, &digest))
1275: return 0;
1276:
1277: hash->update(ctx, to_wire(in), (unsigned char *)in);
1278: hash->update(ctx, salt_len, salt);
1279: hash->digest(ctx, hash->digest_size, digest);
1280:
1281: for(i = 0; i < iterations; i++)
1282: {
1283: hash->update(ctx, hash->digest_size, digest);
1284: hash->update(ctx, salt_len, salt);
1285: hash->digest(ctx, hash->digest_size, digest);
1286: }
1287:
1288: from_wire(in);
1289:
1290: *out = digest;
1291: return hash->digest_size;
1292: }
1293:
1294: /* Decode base32 to first "." or end of string */
1295: static int base32_decode(char *in, unsigned char *out)
1296: {
1297: int oc, on, c, mask, i;
1298: unsigned char *p = out;
1299:
1300: for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
1301: {
1302: if (c >= '0' && c <= '9')
1303: c -= '0';
1304: else if (c >= 'a' && c <= 'v')
1305: c -= 'a', c += 10;
1306: else if (c >= 'A' && c <= 'V')
1307: c -= 'A', c += 10;
1308: else
1309: return 0;
1310:
1311: for (mask = 0x10, i = 0; i < 5; i++)
1312: {
1313: if (c & mask)
1314: oc |= 1;
1315: mask = mask >> 1;
1316: if (((++on) & 7) == 0)
1317: *p++ = oc;
1318: oc = oc << 1;
1319: }
1320: }
1321:
1322: if ((on & 7) != 0)
1323: return 0;
1324:
1325: return p - out;
1326: }
1327:
1.1.1.2 misho 1328: static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1.1.1.3 ! misho 1329: char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons, int name_labels)
1.1.1.2 misho 1330: {
1331: int i, hash_len, salt_len, base32_len, rdlen, flags;
1332: unsigned char *p, *psave;
1333:
1334: for (i = 0; i < nsec_count; i++)
1335: if ((p = nsecs[i]))
1336: {
1337: if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1338: !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1339: return 0;
1340:
1341: p += 8; /* class, type, TTL */
1342: GETSHORT(rdlen, p);
1343: psave = p;
1344: p++; /* algo */
1345: flags = *p++; /* flags */
1346: p += 2; /* iterations */
1347: salt_len = *p++; /* salt_len */
1348: p += salt_len; /* salt */
1349: hash_len = *p++; /* p now points to next hashed name */
1350:
1351: if (!CHECK_LEN(header, p, plen, hash_len))
1352: return 0;
1353:
1354: if (digest_len == base32_len && hash_len == base32_len)
1355: {
1356: int rc = memcmp(workspace2, digest, digest_len);
1357:
1358: if (rc == 0)
1359: {
1360: /* We found an NSEC3 whose hashed name exactly matches the query, so
1361: we just need to check the type map. p points to the RR data for the record. */
1362:
1363: int offset = (type & 0xff) >> 3;
1364: int mask = 0x80 >> (type & 0x07);
1365:
1366: p += hash_len; /* skip next-domain hash */
1367: rdlen -= p - psave;
1368:
1369: if (!CHECK_LEN(header, p, plen, rdlen))
1370: return 0;
1371:
1372: if (rdlen >= 2 && p[0] == 0)
1373: {
1374: /* If we can prove that there's no NS record, return that information. */
1375: if (nons && (p[2] & (0x80 >> T_NS)) != 0)
1376: *nons = 0;
1377:
1378: /* A CNAME answer would also be valid, so if there's a CNAME is should
1379: have been returned. */
1380: if ((p[2] & (0x80 >> T_CNAME)) != 0)
1381: return 0;
1382:
1383: /* If the SOA bit is set for a DS record, then we have the
1.1.1.3 ! misho 1384: DS from the wrong side of the delegation. For the root DS,
! 1385: this is expected. */
! 1386: if (name_labels != 0 && type == T_DS && (p[2] & (0x80 >> T_SOA)) != 0)
1.1.1.2 misho 1387: return 0;
1388: }
1389:
1390: while (rdlen >= 2)
1391: {
1392: if (p[0] == type >> 8)
1393: {
1394: /* Does the NSEC3 say our type exists? */
1395: if (offset < p[1] && (p[offset+2] & mask) != 0)
1396: return 0;
1397:
1.1.1.3 ! misho 1398: break; /* finished checking */
1.1.1.2 misho 1399: }
1400:
1401: rdlen -= p[1];
1402: p += p[1];
1403: }
1404:
1405: return 1;
1406: }
1407: else if (rc < 0)
1408: {
1409: /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1410: wrap around case, name-hash falls between NSEC3 name-hash and end */
1411: if (memcmp(p, digest, digest_len) >= 0 || memcmp(workspace2, p, digest_len) >= 0)
1412: {
1413: if ((flags & 0x01) && nons) /* opt out */
1414: *nons = 0;
1415:
1416: return 1;
1417: }
1418: }
1419: else
1420: {
1421: /* wrap around case, name falls between start and next domain name */
1422: if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
1423: {
1424: if ((flags & 0x01) && nons) /* opt out */
1425: *nons = 0;
1426:
1427: return 1;
1428: }
1429: }
1430: }
1431: }
1432:
1433: return 0;
1434: }
1435:
1.1 misho 1436: static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1.1.1.2 misho 1437: char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
1.1 misho 1438: {
1439: unsigned char *salt, *p, *digest;
1.1.1.2 misho 1440: int digest_len, i, iterations, salt_len, base32_len, algo = 0;
1.1 misho 1441: struct nettle_hash const *hash;
1442: char *closest_encloser, *next_closest, *wildcard;
1.1.1.2 misho 1443:
1444: if (nons)
1445: *nons = 1;
1446:
1.1 misho 1447: /* Look though the NSEC3 records to find the first one with
1.1.1.2 misho 1448: an algorithm we support.
1.1 misho 1449:
1450: Take the algo, iterations, and salt of that record
1451: as the ones we're going to use, and prune any
1452: that don't match. */
1453:
1454: for (i = 0; i < nsec_count; i++)
1455: {
1456: if (!(p = skip_name(nsecs[i], header, plen, 15)))
1.1.1.2 misho 1457: return 0; /* bad packet */
1.1 misho 1458:
1459: p += 10; /* type, class, TTL, rdlen */
1460: algo = *p++;
1461:
1.1.1.2 misho 1462: if ((hash = hash_find(nsec3_digest_name(algo))))
1.1 misho 1463: break; /* known algo */
1464: }
1465:
1466: /* No usable NSEC3s */
1467: if (i == nsec_count)
1.1.1.2 misho 1468: return 0;
1.1 misho 1469:
1470: p++; /* flags */
1.1.1.2 misho 1471:
1.1 misho 1472: GETSHORT (iterations, p);
1.1.1.2 misho 1473: /* Upper-bound iterations, to avoid DoS.
1474: Strictly, there are lower bounds for small keys, but
1475: since we don't have key size info here, at least limit
1476: to the largest bound, for 4096-bit keys. RFC 5155 10.3 */
1477: if (iterations > 2500)
1478: return 0;
1479:
1.1 misho 1480: salt_len = *p++;
1481: salt = p;
1482: if (!CHECK_LEN(header, salt, plen, salt_len))
1.1.1.2 misho 1483: return 0; /* bad packet */
1.1 misho 1484:
1485: /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1486: for (i = 0; i < nsec_count; i++)
1487: {
1488: unsigned char *nsec3p = nsecs[i];
1.1.1.2 misho 1489: int this_iter, flags;
1.1 misho 1490:
1491: nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1492:
1493: if (!(p = skip_name(nsec3p, header, plen, 15)))
1.1.1.2 misho 1494: return 0; /* bad packet */
1.1 misho 1495:
1496: p += 10; /* type, class, TTL, rdlen */
1497:
1498: if (*p++ != algo)
1499: continue;
1500:
1.1.1.2 misho 1501: flags = *p++; /* flags */
1.1 misho 1502:
1.1.1.2 misho 1503: /* 5155 8.2 */
1504: if (flags != 0 && flags != 1)
1505: continue;
1506:
1.1 misho 1507: GETSHORT(this_iter, p);
1508: if (this_iter != iterations)
1509: continue;
1510:
1511: if (salt_len != *p++)
1512: continue;
1513:
1514: if (!CHECK_LEN(header, p, plen, salt_len))
1.1.1.2 misho 1515: return 0; /* bad packet */
1.1 misho 1516:
1517: if (memcmp(p, salt, salt_len) != 0)
1518: continue;
1519:
1520: /* All match, put the pointer back */
1521: nsecs[i] = nsec3p;
1522: }
1523:
1.1.1.2 misho 1524: if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1525: return 0;
1526:
1.1.1.3 ! misho 1527: if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons, count_labels(name)))
1.1.1.2 misho 1528: return 1;
1.1 misho 1529:
1.1.1.2 misho 1530: /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1531: or an answer inferred from a wildcard record. */
1.1 misho 1532: closest_encloser = name;
1533: next_closest = NULL;
1534:
1535: do
1536: {
1537: if (*closest_encloser == '.')
1538: closest_encloser++;
1539:
1.1.1.2 misho 1540: if (wildname && hostname_isequal(closest_encloser, wildname))
1541: break;
1542:
1.1 misho 1543: if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1.1.1.2 misho 1544: return 0;
1.1 misho 1545:
1546: for (i = 0; i < nsec_count; i++)
1547: if ((p = nsecs[i]))
1548: {
1549: if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1550: !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1.1.1.2 misho 1551: return 0;
1.1 misho 1552:
1553: if (digest_len == base32_len &&
1554: memcmp(digest, workspace2, digest_len) == 0)
1555: break; /* Gotit */
1556: }
1557:
1558: if (i != nsec_count)
1559: break;
1560:
1561: next_closest = closest_encloser;
1562: }
1563: while ((closest_encloser = strchr(closest_encloser, '.')));
1564:
1.1.1.2 misho 1565: if (!closest_encloser || !next_closest)
1566: return 0;
1567:
1568: /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1569: if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1570: return 0;
1571:
1.1.1.3 ! misho 1572: if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL, 1))
1.1.1.2 misho 1573: return 0;
1.1 misho 1574:
1.1.1.2 misho 1575: /* Finally, check that there's no seat of wildcard synthesis */
1576: if (!wildname)
1.1 misho 1577: {
1.1.1.2 misho 1578: if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1579: return 0;
1.1 misho 1580:
1.1.1.2 misho 1581: wildcard--;
1582: *wildcard = '*';
1583:
1584: if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1585: return 0;
1586:
1.1.1.3 ! misho 1587: if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL, 1))
1.1.1.2 misho 1588: return 0;
1589: }
1590:
1591: return 1;
1592: }
1593:
1.1.1.3 ! misho 1594: static int prove_non_existence(struct dns_header *header, size_t plen, char *keyname, char *name, int qtype, int qclass, char *wildname, int *nons, int *nsec_ttl)
1.1.1.2 misho 1595: {
1.1.1.3 ! misho 1596: static unsigned char **nsecset = NULL, **rrsig_labels = NULL;
! 1597: static int nsecset_sz = 0, rrsig_labels_sz = 0;
1.1.1.2 misho 1598:
1599: int type_found = 0;
1.1.1.3 ! misho 1600: unsigned char *auth_start, *p = skip_questions(header, plen);
1.1.1.2 misho 1601: int type, class, rdlen, i, nsecs_found;
1.1.1.3 ! misho 1602: unsigned long ttl;
1.1.1.2 misho 1603:
1604: /* Move to NS section */
1605: if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1606: return 0;
1.1.1.3 ! misho 1607:
! 1608: auth_start = p;
1.1.1.2 misho 1609:
1.1.1.3 ! misho 1610: for (nsecs_found = 0, i = 0; i < ntohs(header->nscount); i++)
1.1.1.2 misho 1611: {
1612: unsigned char *pstart = p;
1613:
1.1.1.3 ! misho 1614: if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10))
1.1.1.2 misho 1615: return 0;
1.1.1.3 ! misho 1616:
1.1.1.2 misho 1617: GETSHORT(type, p);
1618: GETSHORT(class, p);
1.1.1.3 ! misho 1619: GETLONG(ttl, p);
1.1.1.2 misho 1620: GETSHORT(rdlen, p);
1621:
1622: if (class == qclass && (type == T_NSEC || type == T_NSEC3))
1.1 misho 1623: {
1.1.1.3 ! misho 1624: if (nsec_ttl)
! 1625: {
! 1626: /* Limit TTL with sig TTL */
! 1627: if (daemon->rr_status[ntohs(header->ancount) + i] < ttl)
! 1628: ttl = daemon->rr_status[ntohs(header->ancount) + i];
! 1629: *nsec_ttl = ttl;
! 1630: }
! 1631:
1.1.1.2 misho 1632: /* No mixed NSECing 'round here, thankyouverymuch */
1633: if (type_found != 0 && type_found != type)
1634: return 0;
1635:
1636: type_found = type;
1637:
1638: if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1639: return 0;
1.1 misho 1640:
1.1.1.3 ! misho 1641: if (type == T_NSEC)
! 1642: {
! 1643: /* If we're looking for NSECs, find the corresponding SIGs, to
! 1644: extract the labels value, which we need in case the NSECs
! 1645: are the result of wildcard expansion.
! 1646: Note that the NSEC may not have been validated yet
! 1647: so if there are multiple SIGs, make sure the label value
! 1648: is the same in all, to avoid be duped by a rogue one.
! 1649: If there are no SIGs, that's an error */
! 1650: unsigned char *p1 = auth_start;
! 1651: int res, j, rdlen1, type1, class1;
! 1652:
! 1653: if (!expand_workspace(&rrsig_labels, &rrsig_labels_sz, nsecs_found))
! 1654: return 0;
! 1655:
! 1656: rrsig_labels[nsecs_found] = NULL;
! 1657:
! 1658: for (j = ntohs(header->nscount); j != 0; j--)
! 1659: {
! 1660: if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10)))
! 1661: return 0;
! 1662:
! 1663: GETSHORT(type1, p1);
! 1664: GETSHORT(class1, p1);
! 1665: p1 += 4; /* TTL */
! 1666: GETSHORT(rdlen1, p1);
! 1667:
! 1668: if (!CHECK_LEN(header, p1, plen, rdlen1))
! 1669: return 0;
! 1670:
! 1671: if (res == 1 && class1 == qclass && type1 == T_RRSIG)
! 1672: {
! 1673: int type_covered;
! 1674: unsigned char *psav = p1;
! 1675:
! 1676: if (rdlen1 < 18)
! 1677: return 0; /* bad packet */
! 1678:
! 1679: GETSHORT(type_covered, p1);
! 1680:
! 1681: if (type_covered == T_NSEC)
! 1682: {
! 1683: p1++; /* algo */
! 1684:
! 1685: /* labels field must be the same in every SIG we find. */
! 1686: if (!rrsig_labels[nsecs_found])
! 1687: rrsig_labels[nsecs_found] = p1;
! 1688: else if (*rrsig_labels[nsecs_found] != *p1) /* algo */
! 1689: return 0;
! 1690: }
! 1691: p1 = psav;
! 1692: }
! 1693:
! 1694: if (!ADD_RDLEN(header, p1, plen, rdlen1))
! 1695: return 0;
! 1696: }
! 1697:
! 1698: /* Must have found at least one sig. */
! 1699: if (!rrsig_labels[nsecs_found])
! 1700: return 0;
! 1701: }
! 1702:
! 1703: nsecset[nsecs_found++] = pstart;
1.1.1.2 misho 1704: }
1705:
1706: if (!ADD_RDLEN(header, p, plen, rdlen))
1707: return 0;
1708: }
1709:
1710: if (type_found == T_NSEC)
1.1.1.3 ! misho 1711: return prove_non_existence_nsec(header, plen, nsecset, rrsig_labels, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
1.1.1.2 misho 1712: else if (type_found == T_NSEC3)
1713: return prove_non_existence_nsec3(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, wildname, nons);
1714: else
1715: return 0;
1716: }
1717:
1718: /* Check signing status of name.
1719: returns:
1720: STAT_SECURE zone is signed.
1721: STAT_INSECURE zone proved unsigned.
1722: STAT_NEED_DS require DS record of name returned in keyname.
1723: STAT_NEED_KEY require DNSKEY record of name returned in keyname.
1724: name returned unaltered.
1725: */
1726: static int zone_status(char *name, int class, char *keyname, time_t now)
1727: {
1728: int name_start = strlen(name); /* for when TA is root */
1729: struct crec *crecp;
1730: char *p;
1731:
1732: /* First, work towards the root, looking for a trust anchor.
1733: This can either be one configured, or one previously cached.
1734: We can assume, if we don't find one first, that there is
1735: a trust anchor at the root. */
1736: for (p = name; p; p = strchr(p, '.'))
1737: {
1738: if (*p == '.')
1739: p++;
1740:
1741: if (cache_find_by_name(NULL, p, now, F_DS))
1742: {
1743: name_start = p - name;
1744: break;
1745: }
1746: }
1747:
1748: /* Now work away from the trust anchor */
1749: while (1)
1750: {
1751: strcpy(keyname, &name[name_start]);
1752:
1753: if (!(crecp = cache_find_by_name(NULL, keyname, now, F_DS)))
1754: return STAT_NEED_DS;
1755:
1.1.1.3 ! misho 1756: /* F_DNSSECOK misused in DS cache records to non-existence of NS record.
1.1.1.2 misho 1757: F_NEG && !F_DNSSECOK implies that we've proved there's no DS record here,
1758: but that's because there's no NS record either, ie this isn't the start
1759: of a zone. We only prove that the DNS tree below a node is unsigned when
1760: we prove that we're at a zone cut AND there's no DS record. */
1761: if (crecp->flags & F_NEG)
1762: {
1763: if (crecp->flags & F_DNSSECOK)
1764: return STAT_INSECURE; /* proved no DS here */
1765: }
1766: else
1767: {
1768: /* If all the DS records have digest and/or sig algos we don't support,
1769: then the zone is insecure. Note that if an algo
1770: appears in the DS, then RRSIGs for that algo MUST
1771: exist for each RRset: 4035 para 2.2 So if we find
1772: a DS here with digest and sig we can do, we're entitled
1773: to assume we can validate the zone and if we can't later,
1774: because an RRSIG is missing we return BOGUS.
1775: */
1776: do
1.1 misho 1777: {
1.1.1.2 misho 1778: if (crecp->uid == (unsigned int)class &&
1.1.1.3 ! misho 1779: ds_digest_name(crecp->addr.ds.digest) &&
! 1780: algo_digest_name(crecp->addr.ds.algo))
1.1.1.2 misho 1781: break;
1.1 misho 1782: }
1.1.1.2 misho 1783: while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS)));
1784:
1785: if (!crecp)
1786: return STAT_INSECURE;
1.1 misho 1787: }
1.1.1.2 misho 1788:
1789: if (name_start == 0)
1790: break;
1791:
1792: for (p = &name[name_start-2]; (*p != '.') && (p != name); p--);
1.1 misho 1793:
1.1.1.2 misho 1794: if (p != name)
1795: p++;
1796:
1797: name_start = p - name;
1798: }
1.1 misho 1799:
1.1.1.2 misho 1800: return STAT_SECURE;
1801: }
1802:
1803: /* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3)
1804: Return code:
1805: STAT_SECURE if it validates.
1806: STAT_INSECURE at least one RRset not validated, because in unsigned zone.
1807: STAT_BOGUS signature is wrong, bad packet, no validation where there should be.
1808: STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname, class in *class)
1.1.1.3 ! misho 1809: STAT_NEED_DS need DS to complete validation (name is returned in keyname)
! 1810:
! 1811: daemon->rr_status points to a char array which corressponds to the RRs in the
! 1812: answer and auth sections. This is set to 1 for each RR which is validated, and 0 for any which aren't.
! 1813:
! 1814: When validating replies to DS records, we're only interested in the NSEC{3} RRs in the auth section.
! 1815: Other RRs in that section missing sigs will not cause am INSECURE reply. We determine this mode
! 1816: is the nons argument is non-NULL.
1.1.1.2 misho 1817: */
1818: int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1.1.1.3 ! misho 1819: int *class, int check_unsigned, int *neganswer, int *nons, int *nsec_ttl)
1.1.1.2 misho 1820: {
1821: static unsigned char **targets = NULL;
1822: static int target_sz = 0;
1.1 misho 1823:
1.1.1.2 misho 1824: unsigned char *ans_start, *p1, *p2;
1.1.1.3 ! misho 1825: int type1, class1, rdlen1 = 0, type2, class2, rdlen2, qclass, qtype, targetidx;
! 1826: int i, j, rc = STAT_INSECURE;
! 1827: int secure = STAT_SECURE;
! 1828:
! 1829: /* extend rr_status if necessary */
! 1830: if (daemon->rr_status_sz < ntohs(header->ancount) + ntohs(header->nscount))
! 1831: {
! 1832: unsigned long *new = whine_malloc(sizeof(*daemon->rr_status) * (ntohs(header->ancount) + ntohs(header->nscount) + 64));
! 1833:
! 1834: if (!new)
! 1835: return STAT_BOGUS;
1.1.1.2 misho 1836:
1.1.1.3 ! misho 1837: free(daemon->rr_status);
! 1838: daemon->rr_status = new;
! 1839: daemon->rr_status_sz = ntohs(header->ancount) + ntohs(header->nscount) + 64;
! 1840: }
! 1841:
! 1842: memset(daemon->rr_status, 0, sizeof(*daemon->rr_status) * daemon->rr_status_sz);
! 1843:
1.1.1.2 misho 1844: if (neganswer)
1845: *neganswer = 0;
1.1 misho 1846:
1.1.1.2 misho 1847: if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1.1 misho 1848: return STAT_BOGUS;
1849:
1.1.1.2 misho 1850: if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1851: return STAT_INSECURE;
1852:
1853: p1 = (unsigned char *)(header+1);
1.1 misho 1854:
1.1.1.2 misho 1855: /* Find all the targets we're looking for answers to.
1856: The zeroth array element is for the query, subsequent ones
1857: for CNAME targets, unless the query is for a CNAME. */
1858:
1859: if (!expand_workspace(&targets, &target_sz, 0))
1.1 misho 1860: return STAT_BOGUS;
1861:
1.1.1.2 misho 1862: targets[0] = p1;
1863: targetidx = 1;
1864:
1.1 misho 1865: if (!extract_name(header, plen, &p1, name, 1, 4))
1866: return STAT_BOGUS;
1.1.1.2 misho 1867:
1.1 misho 1868: GETSHORT(qtype, p1);
1869: GETSHORT(qclass, p1);
1870: ans_start = p1;
1871:
1.1.1.2 misho 1872: /* Can't validate an RRSIG query */
1.1 misho 1873: if (qtype == T_RRSIG)
1874: return STAT_INSECURE;
1.1.1.2 misho 1875:
1876: if (qtype != T_CNAME)
1877: for (j = ntohs(header->ancount); j != 0; j--)
1878: {
1879: if (!(p1 = skip_name(p1, header, plen, 10)))
1880: return STAT_BOGUS; /* bad packet */
1881:
1882: GETSHORT(type2, p1);
1883: p1 += 6; /* class, TTL */
1884: GETSHORT(rdlen2, p1);
1885:
1886: if (type2 == T_CNAME)
1887: {
1888: if (!expand_workspace(&targets, &target_sz, targetidx))
1889: return STAT_BOGUS;
1890:
1891: targets[targetidx++] = p1; /* pointer to target name */
1892: }
1893:
1894: if (!ADD_RDLEN(header, p1, plen, rdlen2))
1895: return STAT_BOGUS;
1896: }
1.1 misho 1897:
1898: for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1899: {
1.1.1.3 ! misho 1900: if (i != 0 && !ADD_RDLEN(header, p1, plen, rdlen1))
! 1901: return STAT_BOGUS;
! 1902:
1.1 misho 1903: if (!extract_name(header, plen, &p1, name, 1, 10))
1904: return STAT_BOGUS; /* bad packet */
1905:
1906: GETSHORT(type1, p1);
1907: GETSHORT(class1, p1);
1908: p1 += 4; /* TTL */
1909: GETSHORT(rdlen1, p1);
1910:
1911: /* Don't try and validate RRSIGs! */
1.1.1.3 ! misho 1912: if (type1 == T_RRSIG)
! 1913: continue;
! 1914:
! 1915: /* Check if we've done this RRset already */
! 1916: for (p2 = ans_start, j = 0; j < i; j++)
1.1 misho 1917: {
1.1.1.3 ! misho 1918: if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
! 1919: return STAT_BOGUS; /* bad packet */
! 1920:
! 1921: GETSHORT(type2, p2);
! 1922: GETSHORT(class2, p2);
! 1923: p2 += 4; /* TTL */
! 1924: GETSHORT(rdlen2, p2);
1.1 misho 1925:
1.1.1.3 ! misho 1926: if (type2 == type1 && class2 == class1 && rc == 1)
! 1927: break; /* Done it before: name, type, class all match. */
! 1928:
! 1929: if (!ADD_RDLEN(header, p2, plen, rdlen2))
! 1930: return STAT_BOGUS;
! 1931: }
! 1932:
! 1933: /* Done already: copy the validation status */
! 1934: if (j != i)
! 1935: daemon->rr_status[i] = daemon->rr_status[j];
! 1936: else
! 1937: {
1.1 misho 1938: /* Not done, validate now */
1.1.1.3 ! misho 1939: int sigcnt, rrcnt;
! 1940: char *wildname;
! 1941:
! 1942: if (!explore_rrset(header, plen, class1, type1, name, keyname, &sigcnt, &rrcnt))
! 1943: return STAT_BOGUS;
! 1944:
! 1945: /* No signatures for RRset. We can be configured to assume this is OK and return an INSECURE result. */
! 1946: if (sigcnt == 0)
1.1 misho 1947: {
1.1.1.3 ! misho 1948: /* NSEC and NSEC3 records must be signed. We make this assumption elsewhere. */
! 1949: if (type1 == T_NSEC || type1 == T_NSEC3)
! 1950: rc = STAT_INSECURE;
! 1951: else if (nons && i >= ntohs(header->ancount))
! 1952: /* If we're validating a DS reply, rather than looking for the value of AD bit,
! 1953: we only care that NSEC and NSEC3 RRs in the auth section are signed.
! 1954: Return SECURE even if others (SOA....) are not. */
! 1955: rc = STAT_SECURE;
! 1956: else
1.1 misho 1957: {
1.1.1.3 ! misho 1958: /* unsigned RRsets in auth section are not BOGUS, but do make reply insecure. */
! 1959: if (check_unsigned && i < ntohs(header->ancount))
1.1.1.2 misho 1960: {
1961: rc = zone_status(name, class1, keyname, now);
1962: if (rc == STAT_SECURE)
1963: rc = STAT_BOGUS;
1.1.1.3 ! misho 1964: if (class)
! 1965: *class = class1; /* Class for NEED_DS or NEED_KEY */
1.1.1.2 misho 1966: }
1967: else
1968: rc = STAT_INSECURE;
1.1 misho 1969:
1.1.1.3 ! misho 1970: if (rc != STAT_INSECURE)
! 1971: return rc;
1.1.1.2 misho 1972: }
1.1.1.3 ! misho 1973: }
! 1974: else
! 1975: {
1.1.1.2 misho 1976: /* explore_rrset() gives us key name from sigs in keyname.
1977: Can't overwrite name here. */
1978: strcpy(daemon->workspacename, keyname);
1979: rc = zone_status(daemon->workspacename, class1, keyname, now);
1.1 misho 1980:
1.1.1.2 misho 1981: if (rc == STAT_BOGUS || rc == STAT_NEED_KEY || rc == STAT_NEED_DS)
1.1 misho 1982: {
1.1.1.2 misho 1983: if (class)
1.1.1.3 ! misho 1984: *class = class1; /* Class for NEED_DS or NEED_KEY */
1.1.1.2 misho 1985: return rc;
1.1.1.3 ! misho 1986: }
! 1987:
! 1988: /* Zone is insecure, don't need to validate RRset */
! 1989: if (rc == STAT_SECURE)
1.1.1.2 misho 1990: {
1.1.1.3 ! misho 1991: unsigned long sig_ttl;
! 1992: rc = validate_rrset(now, header, plen, class1, type1, sigcnt,
! 1993: rrcnt, name, keyname, &wildname, NULL, 0, 0, 0, &sig_ttl);
! 1994:
! 1995: if (rc == STAT_BOGUS || rc == STAT_NEED_KEY || rc == STAT_NEED_DS)
! 1996: {
! 1997: if (class)
! 1998: *class = class1; /* Class for DS or DNSKEY */
! 1999: return rc;
! 2000: }
! 2001:
1.1.1.2 misho 2002: /* rc is now STAT_SECURE or STAT_SECURE_WILDCARD */
1.1.1.3 ! misho 2003:
! 2004: /* Note that RR is validated */
! 2005: daemon->rr_status[i] = sig_ttl;
! 2006:
1.1.1.2 misho 2007: /* Note if we've validated either the answer to the question
2008: or the target of a CNAME. Any not noted will need NSEC or
2009: to be in unsigned space. */
2010: for (j = 0; j <targetidx; j++)
2011: if ((p2 = targets[j]))
2012: {
1.1.1.3 ! misho 2013: int rc1;
! 2014: if (!(rc1 = extract_name(header, plen, &p2, name, 0, 10)))
1.1.1.2 misho 2015: return STAT_BOGUS; /* bad packet */
2016:
1.1.1.3 ! misho 2017: if (class1 == qclass && rc1 == 1 && (type1 == T_CNAME || type1 == qtype || qtype == T_ANY ))
1.1.1.2 misho 2018: targets[j] = NULL;
2019: }
1.1.1.3 ! misho 2020:
! 2021: /* An attacker replay a wildcard answer with a different
! 2022: answer and overlay a genuine RR. To prove this
! 2023: hasn't happened, the answer must prove that
! 2024: the genuine record doesn't exist. Check that here.
! 2025: Note that we may not yet have validated the NSEC/NSEC3 RRsets.
! 2026: That's not a problem since if the RRsets later fail
! 2027: we'll return BOGUS then. */
! 2028: if (rc == STAT_SECURE_WILDCARD &&
! 2029: !prove_non_existence(header, plen, keyname, name, type1, class1, wildname, NULL, NULL))
1.1.1.2 misho 2030: return STAT_BOGUS;
1.1.1.3 ! misho 2031:
! 2032: rc = STAT_SECURE;
1.1 misho 2033: }
2034: }
2035: }
2036:
1.1.1.3 ! misho 2037: if (rc == STAT_INSECURE)
! 2038: secure = STAT_INSECURE;
1.1 misho 2039: }
2040:
1.1.1.2 misho 2041: /* OK, all the RRsets validate, now see if we have a missing answer or CNAME target. */
1.1.1.3 ! misho 2042: if (secure == STAT_SECURE)
! 2043: for (j = 0; j <targetidx; j++)
! 2044: if ((p2 = targets[j]))
! 2045: {
! 2046: if (neganswer)
! 2047: *neganswer = 1;
! 2048:
! 2049: if (!extract_name(header, plen, &p2, name, 1, 10))
! 2050: return STAT_BOGUS; /* bad packet */
! 2051:
! 2052: /* NXDOMAIN or NODATA reply, unanswered question is (name, qclass, qtype) */
! 2053:
! 2054: /* For anything other than a DS record, this situation is OK if either
! 2055: the answer is in an unsigned zone, or there's a NSEC records. */
! 2056: if (!prove_non_existence(header, plen, keyname, name, qtype, qclass, NULL, nons, nsec_ttl))
! 2057: {
! 2058: /* Empty DS without NSECS */
! 2059: if (qtype == T_DS)
! 2060: return STAT_BOGUS;
! 2061:
! 2062: if ((rc = zone_status(name, qclass, keyname, now)) != STAT_SECURE)
! 2063: {
! 2064: if (class)
! 2065: *class = qclass; /* Class for NEED_DS or NEED_KEY */
! 2066: return rc;
! 2067: }
! 2068:
! 2069: return STAT_BOGUS; /* signed zone, no NSECs */
! 2070: }
! 2071: }
1.1 misho 2072:
1.1.1.3 ! misho 2073: return secure;
1.1 misho 2074: }
2075:
2076:
2077: /* Compute keytag (checksum to quickly index a key). See RFC4034 */
2078: int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
2079: {
2080: if (alg == 1)
2081: {
2082: /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2083: See RFC4034, Appendix B.1 */
2084: return key[keylen-4] * 256 + key[keylen-3];
2085: }
2086: else
2087: {
2088: unsigned long ac = flags + 0x300 + alg;
2089: int i;
2090:
2091: for (i = 0; i < keylen; ++i)
2092: ac += (i & 1) ? key[i] : key[i] << 8;
2093:
2094: ac += (ac >> 16) & 0xffff;
2095: return ac & 0xffff;
2096: }
2097: }
2098:
1.1.1.2 misho 2099: size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class,
1.1.1.3 ! misho 2100: int type, int edns_pktsz)
1.1 misho 2101: {
2102: unsigned char *p;
1.1.1.2 misho 2103: size_t ret;
1.1 misho 2104:
2105: header->qdcount = htons(1);
2106: header->ancount = htons(0);
2107: header->nscount = htons(0);
2108: header->arcount = htons(0);
2109:
2110: header->hb3 = HB3_RD;
2111: SET_OPCODE(header, QUERY);
2112: /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2113: this allows it to select auth servers when one is returning bad data. */
2114: header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2115:
2116: /* ID filled in later */
2117:
2118: p = (unsigned char *)(header+1);
2119:
1.1.1.3 ! misho 2120: p = do_rfc1035_name(p, name, NULL);
1.1 misho 2121: *p++ = 0;
2122: PUTSHORT(type, p);
2123: PUTSHORT(class, p);
2124:
1.1.1.2 misho 2125: ret = add_do_bit(header, p - (unsigned char *)header, end);
1.1 misho 2126:
1.1.1.2 misho 2127: if (find_pseudoheader(header, ret, NULL, &p, NULL, NULL))
2128: PUTSHORT(edns_pktsz, p);
1.1 misho 2129:
1.1.1.2 misho 2130: return ret;
1.1 misho 2131: }
2132:
2133: #endif /* HAVE_DNSSEC */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnssec.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src