Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 758261d1c1850656b47c4c40486e4237bcd769a6 / . / ap / app / dnsmasq / dnsmasq-2.86 / src / dnssec.c
blob: 153cac4a1c16a08f58381c1b38bde85e51cb5f6c [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame]1/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2 and Copyright (c) 2012-2020 Simon Kelley
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; version 2 dated June, 1991, or
7 (at your option) version 3 dated 29 June, 2007.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
16*/
17
18#include "dnsmasq.h"
19
20#ifdef HAVE_DNSSEC
21
22#define SERIAL_UNDEF -100
23#define SERIAL_EQ 0
24#define SERIAL_LT -1
25#define SERIAL_GT 1
26
27/* Convert from presentation format to wire format, in place.
28 Also map UC -> LC.
29 Note that using extract_name to get presentation format
30 then calling to_wire() removes compression and maps case,
31 thus generating names in canonical form.
32 Calling to_wire followed by from_wire is almost an identity,
33 except that the UC remains mapped to LC.
34
35 Note that both /000 and '.' are allowed within labels. These get
36 represented in presentation format using NAME_ESCAPE as an escape
37 character. In theory, if all the characters in a name were /000 or
38 '.' or NAME_ESCAPE then all would have to be escaped, so the
39 presentation format would be twice as long as the spec (1024).
40 The buffers are all declared as 2049 (allowing for the trailing zero)
41 for this reason.
42*/
43static int to_wire(char *name)
44{
45 unsigned char *l, *p, *q, term;
46 int len;
47
48 for (l = (unsigned char*)name; *l != 0; l = p)
49 {
50 for (p = l; *p != '.' && *p != 0; p++)
51 if (*p >= 'A' && *p <= 'Z')
52 *p = *p - 'A' + 'a';
53 else if (*p == NAME_ESCAPE)
54 {
55 for (q = p; *q; q++)
56 *q = *(q+1);
57 (*p)--;
58 }
59 term = *p;
60
61 if ((len = p - l) != 0)
62 memmove(l+1, l, len);
63 *l = len;
64
65 p++;
66
67 if (term == 0)
68 *p = 0;
69 }
70
71 return l + 1 - (unsigned char *)name;
72}
73
74/* Note: no compression allowed in input. */
75static void from_wire(char *name)
76{
77 unsigned char *l, *p, *last;
78 int len;
79
80 for (last = (unsigned char *)name; *last != 0; last += *last+1);
81
82 for (l = (unsigned char *)name; *l != 0; l += len+1)
83 {
84 len = *l;
85 memmove(l, l+1, len);
86 for (p = l; p < l + len; p++)
87 if (*p == '.' || *p == 0 || *p == NAME_ESCAPE)
88 {
89 memmove(p+1, p, 1 + last - p);
90 len++;
91 *p++ = NAME_ESCAPE;
92 (*p)++;
93 }
94
95 l[len] = '.';
96 }
97
98 if ((char *)l != name)
99 *(l-1) = 0;
100}
101
102/* Input in presentation format */
103static int count_labels(char *name)
104{
105 int i;
106 char *p;
107
108 if (*name == 0)
109 return 0;
110
111 for (p = name, i = 0; *p; p++)
112 if (*p == '.')
113 i++;
114
115 /* Don't count empty first label. */
116 return *name == '.' ? i : i+1;
117}
118
119/* Implement RFC1982 wrapped compare for 32-bit numbers */
120static int serial_compare_32(u32 s1, u32 s2)
121{
122 if (s1 == s2)
123 return SERIAL_EQ;
124
125 if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
126 (s1 > s2 && (s1 - s2) > (1UL<<31)))
127 return SERIAL_LT;
128 if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
129 (s1 > s2 && (s1 - s2) < (1UL<<31)))
130 return SERIAL_GT;
131 return SERIAL_UNDEF;
132}
133
134/* Called at startup. If the timestamp file is configured and exists, put its mtime on
135 timestamp_time. If it doesn't exist, create it, and set the mtime to 1-1-2015.
136 return -1 -> Cannot create file.
137 0 -> not using timestamp, or timestamp exists and is in past.
138 1 -> timestamp exists and is in future.
139*/
140
141static time_t timestamp_time;
142
143int setup_timestamp(void)
144{
145 struct stat statbuf;
146
147 daemon->back_to_the_future = 0;
148
149 if (!daemon->timestamp_file)
150 return 0;
151
152 if (stat(daemon->timestamp_file, &statbuf) != -1)
153 {
154 timestamp_time = statbuf.st_mtime;
155 check_and_exit:
156 if (difftime(timestamp_time, time(0)) <= 0)
157 {
158 /* time already OK, update timestamp, and do key checking from the start. */
159 if (utimes(daemon->timestamp_file, NULL) == -1)
160 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
161 daemon->back_to_the_future = 1;
162 return 0;
163 }
164 return 1;
165 }
166
167 if (errno == ENOENT)
168 {
169 /* NB. for explanation of O_EXCL flag, see comment on pidfile in dnsmasq.c */
170 int fd = open(daemon->timestamp_file, O_WRONLY | O_CREAT | O_NONBLOCK | O_EXCL, 0666);
171 if (fd != -1)
172 {
173 struct timeval tv[2];
174
175 close(fd);
176
177 timestamp_time = 1420070400; /* 1-1-2015 */
178 tv[0].tv_sec = tv[1].tv_sec = timestamp_time;
179 tv[0].tv_usec = tv[1].tv_usec = 0;
180 if (utimes(daemon->timestamp_file, tv) == 0)
181 goto check_and_exit;
182 }
183 }
184
185 return -1;
186}
187
188/* Check whether today/now is between date_start and date_end */
189static int is_check_date(unsigned long curtime)
190{
191 /* Checking timestamps may be temporarily disabled */
192
193 /* If the current time if _before_ the timestamp
194 on our persistent timestamp file, then assume the
195 time if not yet correct, and don't check the
196 key timestamps. As soon as the current time is
197 later then the timestamp, update the timestamp
198 and start checking keys */
199 if (daemon->timestamp_file)
200 {
201 if (daemon->back_to_the_future == 0 && difftime(timestamp_time, curtime) <= 0)
202 {
203 if (utimes(daemon->timestamp_file, NULL) != 0)
204 my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
205
206 my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
207 daemon->back_to_the_future = 1;
208 daemon->dnssec_no_time_check = 0;
209 queue_event(EVENT_RELOAD); /* purge cache */
210 }
211
212 return daemon->back_to_the_future;
213 }
214 else
215 return !daemon->dnssec_no_time_check;
216}
217
218/* Return bytes of canonicalised rrdata one by one.
219 Init state->ip with the RR, and state->end with the end of same.
220 Init state->op to NULL.
221 Init state->desc to RR descriptor.
222 Init state->buff with a MAXDNAME * 2 buffer.
223
224 After each call which returns 1, state->op points to the next byte of data.
225 On returning 0, the end has been reached.
226*/
227struct rdata_state {
228 u16 *desc;
229 size_t c;
230 unsigned char *end, *ip, *op;
231 char *buff;
232};
233
234static int get_rdata(struct dns_header *header, size_t plen, struct rdata_state *state)
235{
236 int d;
237
238 if (state->op && state->c != 1)
239 {
240 state->op++;
241 state->c--;
242 return 1;
243 }
244
245 while (1)
246 {
247 d = *(state->desc);
248
249 if (d == (u16)-1)
250 {
251 /* all the bytes to the end. */
252 if ((state->c = state->end - state->ip) != 0)
253 {
254 state->op = state->ip;
255 state->ip = state->end;;
256 }
257 else
258 return 0;
259 }
260 else
261 {
262 state->desc++;
263
264 if (d == (u16)0)
265 {
266 /* domain-name, canonicalise */
267 int len;
268
269 if (!extract_name(header, plen, &state->ip, state->buff, 1, 0) ||
270 (len = to_wire(state->buff)) == 0)
271 continue;
272
273 state->c = len;
274 state->op = (unsigned char *)state->buff;
275 }
276 else
277 {
278 /* plain data preceding a domain-name, don't run off the end of the data */
279 if ((state->end - state->ip) < d)
280 d = state->end - state->ip;
281
282 if (d == 0)
283 continue;
284
285 state->op = state->ip;
286 state->c = d;
287 state->ip += d;
288 }
289 }
290
291 return 1;
292 }
293}
294
295/* Bubble sort the RRset into the canonical order. */
296
297static int sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
298 unsigned char **rrset, char *buff1, char *buff2)
299{
300 int swap, i, j;
301
302 do
303 {
304 for (swap = 0, i = 0; i < rrsetidx-1; i++)
305 {
306 int rdlen1, rdlen2;
307 struct rdata_state state1, state2;
308
309 /* Note that these have been determined to be OK previously,
310 so we don't need to check for NULL return here. */
311 state1.ip = skip_name(rrset[i], header, plen, 10);
312 state2.ip = skip_name(rrset[i+1], header, plen, 10);
313 state1.op = state2.op = NULL;
314 state1.buff = buff1;
315 state2.buff = buff2;
316 state1.desc = state2.desc = rr_desc;
317
318 state1.ip += 8; /* skip class, type, ttl */
319 GETSHORT(rdlen1, state1.ip);
320 if (!CHECK_LEN(header, state1.ip, plen, rdlen1))
321 return rrsetidx; /* short packet */
322 state1.end = state1.ip + rdlen1;
323
324 state2.ip += 8; /* skip class, type, ttl */
325 GETSHORT(rdlen2, state2.ip);
326 if (!CHECK_LEN(header, state2.ip, plen, rdlen2))
327 return rrsetidx; /* short packet */
328 state2.end = state2.ip + rdlen2;
329
330 /* If the RR has no names in it then canonicalisation
331 is the identity function and we can compare
332 the RRs directly. If not we compare the
333 canonicalised RRs one byte at a time. */
334 if (*rr_desc == (u16)-1)
335 {
336 int rdmin = rdlen1 > rdlen2 ? rdlen2 : rdlen1;
337 int cmp = memcmp(state1.ip, state2.ip, rdmin);
338
339 if (cmp > 0 || (cmp == 0 && rdlen1 > rdmin))
340 {
341 unsigned char *tmp = rrset[i+1];
342 rrset[i+1] = rrset[i];
343 rrset[i] = tmp;
344 swap = 1;
345 }
346 else if (cmp == 0 && (rdlen1 == rdlen2))
347 {
348 /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
349 for (j = i+1; j < rrsetidx-1; j++)
350 rrset[j] = rrset[j+1];
351 rrsetidx--;
352 i--;
353 }
354 }
355 else
356 /* Comparing canonicalised RRs, byte-at-a-time. */
357 while (1)
358 {
359 int ok1, ok2;
360
361 ok1 = get_rdata(header, plen, &state1);
362 ok2 = get_rdata(header, plen, &state2);
363
364 if (!ok1 && !ok2)
365 {
366 /* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
367 for (j = i+1; j < rrsetidx-1; j++)
368 rrset[j] = rrset[j+1];
369 rrsetidx--;
370 i--;
371 break;
372 }
373 else if (ok1 && (!ok2 || *state1.op > *state2.op))
374 {
375 unsigned char *tmp = rrset[i+1];
376 rrset[i+1] = rrset[i];
377 rrset[i] = tmp;
378 swap = 1;
379 break;
380 }
381 else if (ok2 && (!ok1 || *state2.op > *state1.op))
382 break;
383
384 /* arrive here when bytes are equal, go round the loop again
385 and compare the next ones. */
386 }
387 }
388 } while (swap);
389
390 return rrsetidx;
391}
392
393static unsigned char **rrset = NULL, **sigs = NULL;
394
395/* Get pointers to RRset members and signature(s) for same.
396 Check signatures, and return keyname associated in keyname. */
397static int explore_rrset(struct dns_header *header, size_t plen, int class, int type,
398 char *name, char *keyname, int *sigcnt, int *rrcnt)
399{
400 static int rrset_sz = 0, sig_sz = 0;
401 unsigned char *p;
402 int rrsetidx, sigidx, j, rdlen, res;
403 int gotkey = 0;
404
405 if (!(p = skip_questions(header, plen)))
406 return 0;
407
408 /* look for RRSIGs for this RRset and get pointers to each RR in the set. */
409 for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
410 j != 0; j--)
411 {
412 unsigned char *pstart, *pdata;
413 int stype, sclass, type_covered;
414
415 pstart = p;
416
417 if (!(res = extract_name(header, plen, &p, name, 0, 10)))
418 return 0; /* bad packet */
419
420 GETSHORT(stype, p);
421 GETSHORT(sclass, p);
422
423 pdata = p;
424
425 p += 4; /* TTL */
426 GETSHORT(rdlen, p);
427
428 if (!CHECK_LEN(header, p, plen, rdlen))
429 return 0;
430
431 if (res == 1 && sclass == class)
432 {
433 if (stype == type)
434 {
435 if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
436 return 0;
437
438 rrset[rrsetidx++] = pstart;
439 }
440
441 if (stype == T_RRSIG)
442 {
443 if (rdlen < 18)
444 return 0; /* bad packet */
445
446 GETSHORT(type_covered, p);
447 p += 16; /* algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag */
448
449 if (gotkey)
450 {
451 /* If there's more than one SIG, ensure they all have same keyname */
452 if (extract_name(header, plen, &p, keyname, 0, 0) != 1)
453 return 0;
454 }
455 else
456 {
457 gotkey = 1;
458
459 if (!extract_name(header, plen, &p, keyname, 1, 0))
460 return 0;
461
462 /* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
463 the name of the zone containing the RRset. We can't tell that
464 for certain, but we can check that the RRset name is equal to
465 or encloses the signers name, which should be enough to stop
466 an attacker using signatures made with the key of an unrelated
467 zone he controls. Note that the root key is always allowed. */
468 if (*keyname != 0)
469 {
470 char *name_start;
471 for (name_start = name; !hostname_isequal(name_start, keyname); )
472 if ((name_start = strchr(name_start, '.')))
473 name_start++; /* chop a label off and try again */
474 else
475 return 0;
476 }
477 }
478
479
480 if (type_covered == type)
481 {
482 if (!expand_workspace(&sigs, &sig_sz, sigidx))
483 return 0;
484
485 sigs[sigidx++] = pdata;
486 }
487
488 p = pdata + 6; /* restore for ADD_RDLEN */
489 }
490 }
491
492 if (!ADD_RDLEN(header, p, plen, rdlen))
493 return 0;
494 }
495
496 *sigcnt = sigidx;
497 *rrcnt = rrsetidx;
498
499 return 1;
500}
501
502/* Validate a single RRset (class, type, name) in the supplied DNS reply
503 Return code:
504 STAT_SECURE if it validates.
505 STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
506 (In this case *wildcard_out points to the "body" of the wildcard within name.)
507 STAT_BOGUS signature is wrong, bad packet.
508 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
509 STAT_NEED_DS need DS to complete validation (name is returned in keyname)
510
511 If key is non-NULL, use that key, which has the algo and tag given in the params of those names,
512 otherwise find the key in the cache.
513
514 Name is unchanged on exit. keyname is used as workspace and trashed.
515
516 Call explore_rrset first to find and count RRs and sigs.
517
518 ttl_out is the floor on TTL, based on TTL and orig_ttl and expiration of sig used to validate.
519*/
520static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class, int type, int sigidx, int rrsetidx,
521 char *name, char *keyname, char **wildcard_out, struct blockdata *key, int keylen,
522 int algo_in, int keytag_in, unsigned long *ttl_out)
523{
524 unsigned char *p;
525 int rdlen, j, name_labels, algo, labels, key_tag;
526 struct crec *crecp = NULL;
527 u16 *rr_desc = rrfilter_desc(type);
528 u32 sig_expiration, sig_inception;
529 int failflags = DNSSEC_FAIL_NOSIG | DNSSEC_FAIL_NYV | DNSSEC_FAIL_EXP | DNSSEC_FAIL_NOKEYSUP;
530
531 unsigned long curtime = time(0);
532 int time_check = is_check_date(curtime);
533
534 if (wildcard_out)
535 *wildcard_out = NULL;
536
537 name_labels = count_labels(name); /* For 4035 5.3.2 check */
538
539 /* Sort RRset records into canonical order.
540 Note that at this point keyname and daemon->workspacename buffs are
541 unused, and used as workspace by the sort. */
542 rrsetidx = sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
543
544 /* Now try all the sigs to try and find one which validates */
545 for (j = 0; j <sigidx; j++)
546 {
547 unsigned char *psav, *sig, *digest;
548 int i, wire_len, sig_len;
549 const struct nettle_hash *hash;
550 void *ctx;
551 char *name_start;
552 u32 nsigttl, ttl, orig_ttl;
553
554 failflags &= ~DNSSEC_FAIL_NOSIG;
555
556 p = sigs[j];
557 GETLONG(ttl, p);
558 GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
559 psav = p;
560
561 p += 2; /* type_covered - already checked */
562 algo = *p++;
563 labels = *p++;
564 GETLONG(orig_ttl, p);
565 GETLONG(sig_expiration, p);
566 GETLONG(sig_inception, p);
567 GETSHORT(key_tag, p);
568
569 if (!extract_name(header, plen, &p, keyname, 1, 0))
570 return STAT_BOGUS;
571
572 if (!time_check)
573 failflags &= ~(DNSSEC_FAIL_NYV | DNSSEC_FAIL_EXP);
574 else
575 {
576 /* We must explicitly check against wanted values, because of SERIAL_UNDEF */
577 if (serial_compare_32(curtime, sig_inception) == SERIAL_LT)
578 continue;
579 else
580 failflags &= ~DNSSEC_FAIL_NYV;
581
582 if (serial_compare_32(curtime, sig_expiration) == SERIAL_GT)
583 continue;
584 else
585 failflags &= ~DNSSEC_FAIL_EXP;
586 }
587
588 if (!(hash = hash_find(algo_digest_name(algo))))
589 continue;
590 else
591 failflags &= ~DNSSEC_FAIL_NOKEYSUP;
592
593 if (labels > name_labels ||
594 !hash_init(hash, &ctx, &digest))
595 continue;
596
597 /* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
598 if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
599 return STAT_NEED_KEY;
600
601 if (ttl_out)
602 {
603 /* 4035 5.3.3 rules on TTLs */
604 if (orig_ttl < ttl)
605 ttl = orig_ttl;
606
607 if (time_check && difftime(sig_expiration, curtime) < ttl)
608 ttl = difftime(sig_expiration, curtime);
609
610 *ttl_out = ttl;
611 }
612
613 sig = p;
614 sig_len = rdlen - (p - psav);
615
616 nsigttl = htonl(orig_ttl);
617
618 hash->update(ctx, 18, psav);
619 wire_len = to_wire(keyname);
620 hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
621 from_wire(keyname);
622
623#define RRBUFLEN 128 /* Most RRs are smaller than this. */
624
625 for (i = 0; i < rrsetidx; ++i)
626 {
627 int j;
628 struct rdata_state state;
629 u16 len;
630 unsigned char rrbuf[RRBUFLEN];
631
632 p = rrset[i];
633
634 if (!extract_name(header, plen, &p, name, 1, 10))
635 return STAT_BOGUS;
636
637 name_start = name;
638
639 /* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
640 if (labels < name_labels)
641 {
642 for (j = name_labels - labels; j != 0; j--)
643 {
644 while (*name_start != '.' && *name_start != 0)
645 name_start++;
646 if (j != 1 && *name_start == '.')
647 name_start++;
648 }
649
650 if (wildcard_out)
651 *wildcard_out = name_start+1;
652
653 name_start--;
654 *name_start = '*';
655 }
656
657 wire_len = to_wire(name_start);
658 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
659 hash->update(ctx, 4, p); /* class and type */
660 hash->update(ctx, 4, (unsigned char *)&nsigttl);
661
662 p += 8; /* skip type, class, ttl */
663 GETSHORT(rdlen, p);
664 if (!CHECK_LEN(header, p, plen, rdlen))
665 return STAT_BOGUS;
666
667 /* Optimisation for RR types which need no cannonicalisation.
668 This includes DNSKEY DS NSEC and NSEC3, which are also long, so
669 it saves lots of calls to get_rdata, and avoids the pessimal
670 segmented insertion, even with a small rrbuf[].
671
672 If canonicalisation is not needed, a simple insertion into the hash works.
673 */
674 if (*rr_desc == (u16)-1)
675 {
676 len = htons(rdlen);
677 hash->update(ctx, 2, (unsigned char *)&len);
678 hash->update(ctx, rdlen, p);
679 }
680 else
681 {
682 /* canonicalise rdata and calculate length of same, use
683 name buffer as workspace for get_rdata. */
684 state.ip = p;
685 state.op = NULL;
686 state.desc = rr_desc;
687 state.buff = name;
688 state.end = p + rdlen;
689
690 for (j = 0; get_rdata(header, plen, &state); j++)
691 if (j < RRBUFLEN)
692 rrbuf[j] = *state.op;
693
694 len = htons((u16)j);
695 hash->update(ctx, 2, (unsigned char *)&len);
696
697 /* If the RR is shorter than RRBUFLEN (most of them, in practice)
698 then we can just digest it now. If it exceeds RRBUFLEN we have to
699 go back to the start and do it in chunks. */
700 if (j >= RRBUFLEN)
701 {
702 state.ip = p;
703 state.op = NULL;
704 state.desc = rr_desc;
705
706 for (j = 0; get_rdata(header, plen, &state); j++)
707 {
708 rrbuf[j] = *state.op;
709
710 if (j == RRBUFLEN - 1)
711 {
712 hash->update(ctx, RRBUFLEN, rrbuf);
713 j = -1;
714 }
715 }
716 }
717
718 if (j != 0)
719 hash->update(ctx, j, rrbuf);
720 }
721 }
722
723 hash->digest(ctx, hash->digest_size, digest);
724
725 /* namebuff used for workspace above, restore to leave unchanged on exit */
726 p = (unsigned char*)(rrset[0]);
727 extract_name(header, plen, &p, name, 1, 0);
728
729 if (key)
730 {
731 if (algo_in == algo && keytag_in == key_tag &&
732 verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
733 return STAT_SECURE;
734 }
735 else
736 {
737 /* iterate through all possible keys 4035 5.3.1 */
738 for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
739 if (crecp->addr.key.algo == algo &&
740 crecp->addr.key.keytag == key_tag &&
741 crecp->uid == (unsigned int)class &&
742 verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
743 return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
744 }
745 }
746
747 /* If we reach this point, no verifying key was found */
748 return STAT_BOGUS | failflags | DNSSEC_FAIL_NOKEY;
749}
750
751
752/* The DNS packet is expected to contain the answer to a DNSKEY query.
753 Put all DNSKEYs in the answer which are valid into the cache.
754 return codes:
755 STAT_OK Done, key(s) in cache.
756 STAT_BOGUS No DNSKEYs found, which can be validated with DS,
757 or self-sign for DNSKEY RRset is not valid, bad packet.
758 STAT_NEED_DS DS records to validate a key not found, name in keyname
759 STAT_NEED_KEY DNSKEY records to validate a key not found, name in keyname
760*/
761int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
762{
763 unsigned char *psave, *p = (unsigned char *)(header+1);
764 struct crec *crecp, *recp1;
765 int rc, j, qtype, qclass, rdlen, flags, algo, valid, keytag;
766 unsigned long ttl, sig_ttl;
767 struct blockdata *key;
768 union all_addr a;
769 int failflags = DNSSEC_FAIL_NOSIG | DNSSEC_FAIL_NODSSUP | DNSSEC_FAIL_NOZONE | DNSSEC_FAIL_NOKEY;
770
771 if (ntohs(header->qdcount) != 1 ||
772 RCODE(header) == SERVFAIL || RCODE(header) == REFUSED ||
773 !extract_name(header, plen, &p, name, 1, 4))
774 return STAT_BOGUS | DNSSEC_FAIL_NOKEY;
775
776 GETSHORT(qtype, p);
777 GETSHORT(qclass, p);
778
779 if (qtype != T_DNSKEY || qclass != class || ntohs(header->ancount) == 0)
780 return STAT_BOGUS | DNSSEC_FAIL_NOKEY;
781
782 /* See if we have cached a DS record which validates this key */
783 if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
784 {
785 strcpy(keyname, name);
786 return STAT_NEED_DS;
787 }
788
789 /* NOTE, we need to find ONE DNSKEY which matches the DS */
790 for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
791 {
792 /* Ensure we have type, class TTL and length */
793 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
794 return STAT_BOGUS; /* bad packet */
795
796 GETSHORT(qtype, p);
797 GETSHORT(qclass, p);
798 GETLONG(ttl, p);
799 GETSHORT(rdlen, p);
800
801 if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
802 return STAT_BOGUS; /* bad packet */
803
804 if (qclass != class || qtype != T_DNSKEY || rc == 2)
805 {
806 p += rdlen;
807 continue;
808 }
809
810 psave = p;
811
812 GETSHORT(flags, p);
813 if (*p++ != 3)
814 return STAT_BOGUS | DNSSEC_FAIL_NOKEY;
815 algo = *p++;
816 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
817 key = NULL;
818
819 /* key must have zone key flag set */
820 if (flags & 0x100)
821 {
822 key = blockdata_alloc((char*)p, rdlen - 4);
823 failflags &= ~DNSSEC_FAIL_NOZONE;
824 }
825
826 p = psave;
827
828 if (!ADD_RDLEN(header, p, plen, rdlen))
829 {
830 if (key)
831 blockdata_free(key);
832 return STAT_BOGUS; /* bad packet */
833 }
834
835 /* No zone key flag or malloc failure */
836 if (!key)
837 continue;
838
839 for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
840 {
841 void *ctx;
842 unsigned char *digest, *ds_digest;
843 const struct nettle_hash *hash;
844 int sigcnt, rrcnt;
845 int wire_len;
846
847 if (recp1->addr.ds.algo == algo &&
848 recp1->addr.ds.keytag == keytag &&
849 recp1->uid == (unsigned int)class)
850 {
851 failflags &= ~DNSSEC_FAIL_NOKEY;
852
853 if (!(hash = hash_find(ds_digest_name(recp1->addr.ds.digest))))
854 continue;
855 else
856 failflags &= ~DNSSEC_FAIL_NODSSUP;
857
858 if (!hash_init(hash, &ctx, &digest))
859 continue;
860
861 wire_len = to_wire(name);
862
863 /* Note that digest may be different between DSs, so
864 we can't move this outside the loop. */
865 hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
866 hash->update(ctx, (unsigned int)rdlen, psave);
867 hash->digest(ctx, hash->digest_size, digest);
868
869 from_wire(name);
870
871 if (!(recp1->flags & F_NEG) &&
872 recp1->addr.ds.keylen == (int)hash->digest_size &&
873 (ds_digest = blockdata_retrieve(recp1->addr.ds.keydata, recp1->addr.ds.keylen, NULL)) &&
874 memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
875 explore_rrset(header, plen, class, T_DNSKEY, name, keyname, &sigcnt, &rrcnt) &&
876 rrcnt != 0)
877 {
878 if (sigcnt == 0)
879 continue;
880 else
881 failflags &= ~DNSSEC_FAIL_NOSIG;
882
883 rc = validate_rrset(now, header, plen, class, T_DNSKEY, sigcnt, rrcnt, name, keyname,
884 NULL, key, rdlen - 4, algo, keytag, &sig_ttl);
885
886 failflags &= rc;
887
888 if (STAT_ISEQUAL(rc, STAT_SECURE))
889 {
890 valid = 1;
891 break;
892 }
893 }
894 }
895 }
896 blockdata_free(key);
897 }
898
899 if (valid)
900 {
901 /* DNSKEY RRset determined to be OK, now cache it. */
902 cache_start_insert();
903
904 p = skip_questions(header, plen);
905
906 for (j = ntohs(header->ancount); j != 0; j--)
907 {
908 /* Ensure we have type, class TTL and length */
909 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
910 return STAT_BOGUS; /* bad packet */
911
912 GETSHORT(qtype, p);
913 GETSHORT(qclass, p);
914 GETLONG(ttl, p);
915 GETSHORT(rdlen, p);
916
917 /* TTL may be limited by sig. */
918 if (sig_ttl < ttl)
919 ttl = sig_ttl;
920
921 if (!CHECK_LEN(header, p, plen, rdlen))
922 return STAT_BOGUS; /* bad packet */
923
924 if (qclass == class && rc == 1)
925 {
926 psave = p;
927
928 if (qtype == T_DNSKEY)
929 {
930 if (rdlen < 4)
931 return STAT_BOGUS; /* bad packet */
932
933 GETSHORT(flags, p);
934 if (*p++ != 3)
935 return STAT_BOGUS;
936 algo = *p++;
937 keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
938
939 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
940 {
941 a.key.keylen = rdlen - 4;
942 a.key.keydata = key;
943 a.key.algo = algo;
944 a.key.keytag = keytag;
945 a.key.flags = flags;
946
947 if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK))
948 {
949 blockdata_free(key);
950 return STAT_BOGUS;
951 }
952 else
953 {
954 a.log.keytag = keytag;
955 a.log.algo = algo;
956 if (algo_digest_name(algo))
957 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu");
958 else
959 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %hu, algo %hu (not supported)");
960 }
961 }
962 }
963
964 p = psave;
965 }
966
967 if (!ADD_RDLEN(header, p, plen, rdlen))
968 return STAT_BOGUS; /* bad packet */
969 }
970
971 /* commit cache insert. */
972 cache_end_insert();
973 return STAT_OK;
974 }
975
976 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
977 return STAT_BOGUS | failflags;
978}
979
980/* The DNS packet is expected to contain the answer to a DS query
981 Put all DSs in the answer which are valid into the cache.
982 Also handles replies which prove that there's no DS at this location,
983 either because the zone is unsigned or this isn't a zone cut. These are
984 cached too.
985 return codes:
986 STAT_OK At least one valid DS found and in cache.
987 STAT_BOGUS no DS in reply or not signed, fails validation, bad packet.
988 STAT_NEED_KEY DNSKEY records to validate a DS not found, name in keyname
989 STAT_NEED_DS DS record needed.
990*/
991
992int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
993{
994 unsigned char *p = (unsigned char *)(header+1);
995 int qtype, qclass, rc, i, neganswer, nons, neg_ttl = 0;
996 int aclass, atype, rdlen;
997 unsigned long ttl;
998 union all_addr a;
999
1000 if (ntohs(header->qdcount) != 1 ||
1001 !(p = skip_name(p, header, plen, 4)))
1002 return STAT_BOGUS;
1003
1004 GETSHORT(qtype, p);
1005 GETSHORT(qclass, p);
1006
1007 if (qtype != T_DS || qclass != class)
1008 rc = STAT_BOGUS;
1009 else
1010 rc = dnssec_validate_reply(now, header, plen, name, keyname, NULL, 0, &neganswer, &nons, &neg_ttl);
1011
1012 if (STAT_ISEQUAL(rc, STAT_INSECURE))
1013 {
1014 my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
1015 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS - not secure");
1016 return STAT_BOGUS | DNSSEC_FAIL_INDET;
1017 }
1018
1019 p = (unsigned char *)(header+1);
1020 extract_name(header, plen, &p, name, 1, 4);
1021 p += 4; /* qtype, qclass */
1022
1023 /* If the key needed to validate the DS is on the same domain as the DS, we'll
1024 loop getting nowhere. Stop that now. This can happen of the DS answer comes
1025 from the DS's zone, and not the parent zone. */
1026 if (STAT_ISEQUAL(rc, STAT_NEED_KEY) && hostname_isequal(name, keyname))
1027 {
1028 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, "BOGUS DS");
1029 return STAT_BOGUS;
1030 }
1031
1032 if (!STAT_ISEQUAL(rc, STAT_SECURE))
1033 return rc;
1034
1035 if (!neganswer)
1036 {
1037 cache_start_insert();
1038
1039 for (i = 0; i < ntohs(header->ancount); i++)
1040 {
1041 if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1042 return STAT_BOGUS; /* bad packet */
1043
1044 GETSHORT(atype, p);
1045 GETSHORT(aclass, p);
1046 GETLONG(ttl, p);
1047 GETSHORT(rdlen, p);
1048
1049 if (!CHECK_LEN(header, p, plen, rdlen))
1050 return STAT_BOGUS; /* bad packet */
1051
1052 if (aclass == class && atype == T_DS && rc == 1)
1053 {
1054 int algo, digest, keytag;
1055 unsigned char *psave = p;
1056 struct blockdata *key;
1057
1058 if (rdlen < 4)
1059 return STAT_BOGUS; /* bad packet */
1060
1061 GETSHORT(keytag, p);
1062 algo = *p++;
1063 digest = *p++;
1064
1065 if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1066 {
1067 a.ds.digest = digest;
1068 a.ds.keydata = key;
1069 a.ds.algo = algo;
1070 a.ds.keytag = keytag;
1071 a.ds.keylen = rdlen - 4;
1072
1073 if (!cache_insert(name, &a, class, now, ttl, F_FORWARD | F_DS | F_DNSSECOK))
1074 {
1075 blockdata_free(key);
1076 return STAT_BOGUS;
1077 }
1078 else
1079 {
1080 a.log.keytag = keytag;
1081 a.log.algo = algo;
1082 a.log.digest = digest;
1083 if (ds_digest_name(digest) && algo_digest_name(algo))
1084 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu");
1085 else
1086 log_query(F_NOEXTRA | F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %hu, algo %hu, digest %hu (not supported)");
1087 }
1088 }
1089
1090 p = psave;
1091 }
1092 if (!ADD_RDLEN(header, p, plen, rdlen))
1093 return STAT_BOGUS; /* bad packet */
1094 }
1095
1096 cache_end_insert();
1097
1098 }
1099 else
1100 {
1101 int flags = F_FORWARD | F_DS | F_NEG | F_DNSSECOK;
1102
1103 if (RCODE(header) == NXDOMAIN)
1104 flags |= F_NXDOMAIN;
1105
1106 /* We only cache validated DS records, DNSSECOK flag hijacked
1107 to store presence/absence of NS. */
1108 if (nons)
1109 flags &= ~F_DNSSECOK;
1110
1111 cache_start_insert();
1112
1113 /* Use TTL from NSEC for negative cache entries */
1114 if (!cache_insert(name, NULL, class, now, neg_ttl, flags))
1115 return STAT_BOGUS;
1116
1117 cache_end_insert();
1118
1119 log_query(F_NOEXTRA | F_UPSTREAM, name, NULL, nons ? "no DS/cut" : "no DS");
1120 }
1121
1122 return STAT_OK;
1123}
1124
1125
1126/* 4034 6.1 */
1127static int hostname_cmp(const char *a, const char *b)
1128{
1129 char *sa, *ea, *ca, *sb, *eb, *cb;
1130 unsigned char ac, bc;
1131
1132 sa = ea = (char *)a + strlen(a);
1133 sb = eb = (char *)b + strlen(b);
1134
1135 while (1)
1136 {
1137 while (sa != a && *(sa-1) != '.')
1138 sa--;
1139
1140 while (sb != b && *(sb-1) != '.')
1141 sb--;
1142
1143 ca = sa;
1144 cb = sb;
1145
1146 while (1)
1147 {
1148 if (ca == ea)
1149 {
1150 if (cb == eb)
1151 break;
1152
1153 return -1;
1154 }
1155
1156 if (cb == eb)
1157 return 1;
1158
1159 ac = (unsigned char) *ca++;
1160 bc = (unsigned char) *cb++;
1161
1162 if (ac >= 'A' && ac <= 'Z')
1163 ac += 'a' - 'A';
1164 if (bc >= 'A' && bc <= 'Z')
1165 bc += 'a' - 'A';
1166
1167 if (ac < bc)
1168 return -1;
1169 else if (ac != bc)
1170 return 1;
1171 }
1172
1173
1174 if (sa == a)
1175 {
1176 if (sb == b)
1177 return 0;
1178
1179 return -1;
1180 }
1181
1182 if (sb == b)
1183 return 1;
1184
1185 ea = --sa;
1186 eb = --sb;
1187 }
1188}
1189
1190static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, unsigned char **labels, int nsec_count,
1191 char *workspace1_in, char *workspace2, char *name, int type, int *nons)
1192{
1193 int i, rc, rdlen;
1194 unsigned char *p, *psave;
1195 int offset = (type & 0xff) >> 3;
1196 int mask = 0x80 >> (type & 0x07);
1197
1198 if (nons)
1199 *nons = 1;
1200
1201 /* Find NSEC record that proves name doesn't exist */
1202 for (i = 0; i < nsec_count; i++)
1203 {
1204 char *workspace1 = workspace1_in;
1205 int sig_labels, name_labels;
1206
1207 p = nsecs[i];
1208 if (!extract_name(header, plen, &p, workspace1, 1, 10))
1209 return 0;
1210 p += 8; /* class, type, TTL */
1211 GETSHORT(rdlen, p);
1212 psave = p;
1213 if (!extract_name(header, plen, &p, workspace2, 1, 10))
1214 return 0;
1215
1216 /* If NSEC comes from wildcard expansion, use original wildcard
1217 as name for computation. */
1218 sig_labels = *labels[i];
1219 name_labels = count_labels(workspace1);
1220
1221 if (sig_labels < name_labels)
1222 {
1223 int k;
1224 for (k = name_labels - sig_labels; k != 0; k--)
1225 {
1226 while (*workspace1 != '.' && *workspace1 != 0)
1227 workspace1++;
1228 if (k != 1 && *workspace1 == '.')
1229 workspace1++;
1230 }
1231
1232 workspace1--;
1233 *workspace1 = '*';
1234 }
1235
1236 rc = hostname_cmp(workspace1, name);
1237
1238 if (rc == 0)
1239 {
1240 /* 4035 para 5.4. Last sentence */
1241 if (type == T_NSEC || type == T_RRSIG)
1242 return 1;
1243
1244 /* NSEC with the same name as the RR we're testing, check
1245 that the type in question doesn't appear in the type map */
1246 rdlen -= p - psave;
1247 /* rdlen is now length of type map, and p points to it */
1248
1249 /* If we can prove that there's no NS record, return that information. */
1250 if (nons && rdlen >= 2 && p[0] == 0 && (p[2] & (0x80 >> T_NS)) != 0)
1251 *nons = 0;
1252
1253 if (rdlen >= 2 && p[0] == 0)
1254 {
1255 /* A CNAME answer would also be valid, so if there's a CNAME is should
1256 have been returned. */
1257 if ((p[2] & (0x80 >> T_CNAME)) != 0)
1258 return 0;
1259
1260 /* If the SOA bit is set for a DS record, then we have the
1261 DS from the wrong side of the delegation. For the root DS,
1262 this is expected. */
1263 if (name_labels != 0 && type == T_DS && (p[2] & (0x80 >> T_SOA)) != 0)
1264 return 0;
1265 }
1266
1267 while (rdlen >= 2)
1268 {
1269 if (!CHECK_LEN(header, p, plen, rdlen))
1270 return 0;
1271
1272 if (p[0] == type >> 8)
1273 {
1274 /* Does the NSEC say our type exists? */
1275 if (offset < p[1] && (p[offset+2] & mask) != 0)
1276 return 0;
1277
1278 break; /* finished checking */
1279 }
1280
1281 rdlen -= p[1];
1282 p += p[1];
1283 }
1284
1285 return 1;
1286 }
1287 else if (rc == -1)
1288 {
1289 /* Normal case, name falls between NSEC name and next domain name,
1290 wrap around case, name falls between NSEC name (rc == -1) and end */
1291 if (hostname_cmp(workspace2, name) >= 0 || hostname_cmp(workspace1, workspace2) >= 0)
1292 return 1;
1293 }
1294 else
1295 {
1296 /* wrap around case, name falls between start and next domain name */
1297 if (hostname_cmp(workspace1, workspace2) >= 0 && hostname_cmp(workspace2, name) >=0 )
1298 return 1;
1299 }
1300 }
1301
1302 return 0;
1303}
1304
1305/* return digest length, or zero on error */
1306static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1307 unsigned char *salt, int salt_len, int iterations)
1308{
1309 void *ctx;
1310 unsigned char *digest;
1311 int i;
1312
1313 if (!hash_init(hash, &ctx, &digest))
1314 return 0;
1315
1316 hash->update(ctx, to_wire(in), (unsigned char *)in);
1317 hash->update(ctx, salt_len, salt);
1318 hash->digest(ctx, hash->digest_size, digest);
1319
1320 for(i = 0; i < iterations; i++)
1321 {
1322 hash->update(ctx, hash->digest_size, digest);
1323 hash->update(ctx, salt_len, salt);
1324 hash->digest(ctx, hash->digest_size, digest);
1325 }
1326
1327 from_wire(in);
1328
1329 *out = digest;
1330 return hash->digest_size;
1331}
1332
1333/* Decode base32 to first "." or end of string */
1334static int base32_decode(char *in, unsigned char *out)
1335{
1336 int oc, on, c, mask, i;
1337 unsigned char *p = out;
1338
1339 for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
1340 {
1341 if (c >= '0' && c <= '9')
1342 c -= '0';
1343 else if (c >= 'a' && c <= 'v')
1344 c -= 'a', c += 10;
1345 else if (c >= 'A' && c <= 'V')
1346 c -= 'A', c += 10;
1347 else
1348 return 0;
1349
1350 for (mask = 0x10, i = 0; i < 5; i++)
1351 {
1352 if (c & mask)
1353 oc |= 1;
1354 mask = mask >> 1;
1355 if (((++on) & 7) == 0)
1356 *p++ = oc;
1357 oc = oc << 1;
1358 }
1359 }
1360
1361 if ((on & 7) != 0)
1362 return 0;
1363
1364 return p - out;
1365}
1366
1367static int check_nsec3_coverage(struct dns_header *header, size_t plen, int digest_len, unsigned char *digest, int type,
1368 char *workspace1, char *workspace2, unsigned char **nsecs, int nsec_count, int *nons, int name_labels)
1369{
1370 int i, hash_len, salt_len, base32_len, rdlen, flags;
1371 unsigned char *p, *psave;
1372
1373 for (i = 0; i < nsec_count; i++)
1374 if ((p = nsecs[i]))
1375 {
1376 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1377 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1378 return 0;
1379
1380 p += 8; /* class, type, TTL */
1381 GETSHORT(rdlen, p);
1382 psave = p;
1383 p++; /* algo */
1384 flags = *p++; /* flags */
1385 p += 2; /* iterations */
1386 salt_len = *p++; /* salt_len */
1387 p += salt_len; /* salt */
1388 hash_len = *p++; /* p now points to next hashed name */
1389
1390 if (!CHECK_LEN(header, p, plen, hash_len))
1391 return 0;
1392
1393 if (digest_len == base32_len && hash_len == base32_len)
1394 {
1395 int rc = memcmp(workspace2, digest, digest_len);
1396
1397 if (rc == 0)
1398 {
1399 /* We found an NSEC3 whose hashed name exactly matches the query, so
1400 we just need to check the type map. p points to the RR data for the record. */
1401
1402 int offset = (type & 0xff) >> 3;
1403 int mask = 0x80 >> (type & 0x07);
1404
1405 p += hash_len; /* skip next-domain hash */
1406 rdlen -= p - psave;
1407
1408 if (!CHECK_LEN(header, p, plen, rdlen))
1409 return 0;
1410
1411 if (rdlen >= 2 && p[0] == 0)
1412 {
1413 /* If we can prove that there's no NS record, return that information. */
1414 if (nons && (p[2] & (0x80 >> T_NS)) != 0)
1415 *nons = 0;
1416
1417 /* A CNAME answer would also be valid, so if there's a CNAME is should
1418 have been returned. */
1419 if ((p[2] & (0x80 >> T_CNAME)) != 0)
1420 return 0;
1421
1422 /* If the SOA bit is set for a DS record, then we have the
1423 DS from the wrong side of the delegation. For the root DS,
1424 this is expected. */
1425 if (name_labels != 0 && type == T_DS && (p[2] & (0x80 >> T_SOA)) != 0)
1426 return 0;
1427 }
1428
1429 while (rdlen >= 2)
1430 {
1431 if (p[0] == type >> 8)
1432 {
1433 /* Does the NSEC3 say our type exists? */
1434 if (offset < p[1] && (p[offset+2] & mask) != 0)
1435 return 0;
1436
1437 break; /* finished checking */
1438 }
1439
1440 rdlen -= p[1];
1441 p += p[1];
1442 }
1443
1444 return 1;
1445 }
1446 else if (rc < 0)
1447 {
1448 /* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1449 wrap around case, name-hash falls between NSEC3 name-hash and end */
1450 if (memcmp(p, digest, digest_len) >= 0 || memcmp(workspace2, p, digest_len) >= 0)
1451 {
1452 if ((flags & 0x01) && nons) /* opt out */
1453 *nons = 0;
1454
1455 return 1;
1456 }
1457 }
1458 else
1459 {
1460 /* wrap around case, name falls between start and next domain name */
1461 if (memcmp(workspace2, p, digest_len) >= 0 && memcmp(p, digest, digest_len) >= 0)
1462 {
1463 if ((flags & 0x01) && nons) /* opt out */
1464 *nons = 0;
1465
1466 return 1;
1467 }
1468 }
1469 }
1470 }
1471
1472 return 0;
1473}
1474
1475static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1476 char *workspace1, char *workspace2, char *name, int type, char *wildname, int *nons)
1477{
1478 unsigned char *salt, *p, *digest;
1479 int digest_len, i, iterations, salt_len, base32_len, algo = 0;
1480 struct nettle_hash const *hash;
1481 char *closest_encloser, *next_closest, *wildcard;
1482
1483 if (nons)
1484 *nons = 1;
1485
1486 /* Look though the NSEC3 records to find the first one with
1487 an algorithm we support.
1488
1489 Take the algo, iterations, and salt of that record
1490 as the ones we're going to use, and prune any
1491 that don't match. */
1492
1493 for (i = 0; i < nsec_count; i++)
1494 {
1495 if (!(p = skip_name(nsecs[i], header, plen, 15)))
1496 return 0; /* bad packet */
1497
1498 p += 10; /* type, class, TTL, rdlen */
1499 algo = *p++;
1500
1501 if ((hash = hash_find(nsec3_digest_name(algo))))
1502 break; /* known algo */
1503 }
1504
1505 /* No usable NSEC3s */
1506 if (i == nsec_count)
1507 return 0;
1508
1509 p++; /* flags */
1510
1511 GETSHORT (iterations, p);
1512 /* Upper-bound iterations, to avoid DoS.
1513 Strictly, there are lower bounds for small keys, but
1514 since we don't have key size info here, at least limit
1515 to the largest bound, for 4096-bit keys. RFC 5155 10.3 */
1516 if (iterations > 2500)
1517 return 0;
1518
1519 salt_len = *p++;
1520 salt = p;
1521 if (!CHECK_LEN(header, salt, plen, salt_len))
1522 return 0; /* bad packet */
1523
1524 /* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1525 for (i = 0; i < nsec_count; i++)
1526 {
1527 unsigned char *nsec3p = nsecs[i];
1528 int this_iter, flags;
1529
1530 nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1531
1532 if (!(p = skip_name(nsec3p, header, plen, 15)))
1533 return 0; /* bad packet */
1534
1535 p += 10; /* type, class, TTL, rdlen */
1536
1537 if (*p++ != algo)
1538 continue;
1539
1540 flags = *p++; /* flags */
1541
1542 /* 5155 8.2 */
1543 if (flags != 0 && flags != 1)
1544 continue;
1545
1546 GETSHORT(this_iter, p);
1547 if (this_iter != iterations)
1548 continue;
1549
1550 if (salt_len != *p++)
1551 continue;
1552
1553 if (!CHECK_LEN(header, p, plen, salt_len))
1554 return 0; /* bad packet */
1555
1556 if (memcmp(p, salt, salt_len) != 0)
1557 continue;
1558
1559 /* All match, put the pointer back */
1560 nsecs[i] = nsec3p;
1561 }
1562
1563 if ((digest_len = hash_name(name, &digest, hash, salt, salt_len, iterations)) == 0)
1564 return 0;
1565
1566 if (check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, nons, count_labels(name)))
1567 return 1;
1568
1569 /* Can't find an NSEC3 which covers the name directly, we need the "closest encloser NSEC3"
1570 or an answer inferred from a wildcard record. */
1571 closest_encloser = name;
1572 next_closest = NULL;
1573
1574 do
1575 {
1576 if (*closest_encloser == '.')
1577 closest_encloser++;
1578
1579 if (wildname && hostname_isequal(closest_encloser, wildname))
1580 break;
1581
1582 if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1583 return 0;
1584
1585 for (i = 0; i < nsec_count; i++)
1586 if ((p = nsecs[i]))
1587 {
1588 if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1589 !(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1590 return 0;
1591
1592 if (digest_len == base32_len &&
1593 memcmp(digest, workspace2, digest_len) == 0)
1594 break; /* Gotit */
1595 }
1596
1597 if (i != nsec_count)
1598 break;
1599
1600 next_closest = closest_encloser;
1601 }
1602 while ((closest_encloser = strchr(closest_encloser, '.')));
1603
1604 if (!closest_encloser || !next_closest)
1605 return 0;
1606
1607 /* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1608 if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1609 return 0;
1610
1611 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL, 1))
1612 return 0;
1613
1614 /* Finally, check that there's no seat of wildcard synthesis */
1615 if (!wildname)
1616 {
1617 if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1618 return 0;
1619
1620 wildcard--;
1621 *wildcard = '*';
1622
1623 if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1624 return 0;
1625
1626 if (!check_nsec3_coverage(header, plen, digest_len, digest, type, workspace1, workspace2, nsecs, nsec_count, NULL, 1))
1627 return 0;
1628 }
1629
1630 return 1;
1631}
1632
1633static int prove_non_existence(struct dns_header *header, size_t plen, char *keyname, char *name, int qtype, int qclass, char *wildname, int *nons, int *nsec_ttl)
1634{
1635 static unsigned char **nsecset = NULL, **rrsig_labels = NULL;
1636 static int nsecset_sz = 0, rrsig_labels_sz = 0;
1637
1638 int type_found = 0;
1639 unsigned char *auth_start, *p = skip_questions(header, plen);
1640 int type, class, rdlen, i, nsecs_found;
1641 unsigned long ttl;
1642
1643 /* Move to NS section */
1644 if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1645 return 0;
1646
1647 auth_start = p;
1648
1649 for (nsecs_found = 0, i = 0; i < ntohs(header->nscount); i++)
1650 {
1651 unsigned char *pstart = p;
1652
1653 if (!extract_name(header, plen, &p, daemon->workspacename, 1, 10))
1654 return 0;
1655
1656 GETSHORT(type, p);
1657 GETSHORT(class, p);
1658 GETLONG(ttl, p);
1659 GETSHORT(rdlen, p);
1660
1661 if (class == qclass && (type == T_NSEC || type == T_NSEC3))
1662 {
1663 if (nsec_ttl)
1664 {
1665 /* Limit TTL with sig TTL */
1666 if (daemon->rr_status[ntohs(header->ancount) + i] < ttl)
1667 ttl = daemon->rr_status[ntohs(header->ancount) + i];
1668 *nsec_ttl = ttl;
1669 }
1670
1671 /* No mixed NSECing 'round here, thankyouverymuch */
1672 if (type_found != 0 && type_found != type)
1673 return 0;
1674
1675 type_found = type;
1676
1677 if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1678 return 0;
1679
1680 if (type == T_NSEC)
1681 {
1682 /* If we're looking for NSECs, find the corresponding SIGs, to
1683 extract the labels value, which we need in case the NSECs
1684 are the result of wildcard expansion.
1685 Note that the NSEC may not have been validated yet
1686 so if there are multiple SIGs, make sure the label value
1687 is the same in all, to avoid be duped by a rogue one.
1688 If there are no SIGs, that's an error */
1689 unsigned char *p1 = auth_start;
1690 int res, j, rdlen1, type1, class1;
1691
1692 if (!expand_workspace(&rrsig_labels, &rrsig_labels_sz, nsecs_found))
1693 return 0;
1694
1695 rrsig_labels[nsecs_found] = NULL;
1696
1697 for (j = ntohs(header->nscount); j != 0; j--)
1698 {
1699 if (!(res = extract_name(header, plen, &p1, daemon->workspacename, 0, 10)))
1700 return 0;
1701
1702 GETSHORT(type1, p1);
1703 GETSHORT(class1, p1);
1704 p1 += 4; /* TTL */
1705 GETSHORT(rdlen1, p1);
1706
1707 if (!CHECK_LEN(header, p1, plen, rdlen1))
1708 return 0;
1709
1710 if (res == 1 && class1 == qclass && type1 == T_RRSIG)
1711 {
1712 int type_covered;
1713 unsigned char *psav = p1;
1714
1715 if (rdlen1 < 18)
1716 return 0; /* bad packet */
1717
1718 GETSHORT(type_covered, p1);
1719
1720 if (type_covered == T_NSEC)
1721 {
1722 p1++; /* algo */
1723
1724 /* labels field must be the same in every SIG we find. */
1725 if (!rrsig_labels[nsecs_found])
1726 rrsig_labels[nsecs_found] = p1;
1727 else if (*rrsig_labels[nsecs_found] != *p1) /* algo */
1728 return 0;
1729 }
1730 p1 = psav;
1731 }
1732
1733 if (!ADD_RDLEN(header, p1, plen, rdlen1))
1734 return 0;
1735 }
1736
1737 /* Must have found at least one sig. */
1738 if (!rrsig_labels[nsecs_found])
1739 return 0;
1740 }
1741
1742 nsecset[nsecs_found++] = pstart;
1743 }
1744
1745 if (!ADD_RDLEN(header, p, plen, rdlen))
1746 return 0;
1747 }
1748
1749 if (type_found == T_NSEC)
1750 return prove_non_existence_nsec(header, plen, nsecset, rrsig_labels, nsecs_found, daemon->workspacename, keyname, name, qtype, nons);
1751 else if (type_found == T_NSEC3)
1752 return prove_non_existence_nsec3(header, plen, nsecset, nsecs_found, daemon->workspacename, keyname, name, qtype, wildname, nons);
1753 else
1754 return 0;
1755}
1756
1757/* Check signing status of name.
1758 returns:
1759 STAT_SECURE zone is signed.
1760 STAT_INSECURE zone proved unsigned.
1761 STAT_NEED_DS require DS record of name returned in keyname.
1762 STAT_NEED_KEY require DNSKEY record of name returned in keyname.
1763 name returned unaltered.
1764*/
1765static int zone_status(char *name, int class, char *keyname, time_t now)
1766{
1767 int name_start = strlen(name); /* for when TA is root */
1768 struct crec *crecp;
1769 char *p;
1770
1771 /* First, work towards the root, looking for a trust anchor.
1772 This can either be one configured, or one previously cached.
1773 We can assume, if we don't find one first, that there is
1774 a trust anchor at the root. */
1775 for (p = name; p; p = strchr(p, '.'))
1776 {
1777 if (*p == '.')
1778 p++;
1779
1780 if (cache_find_by_name(NULL, p, now, F_DS))
1781 {
1782 name_start = p - name;
1783 break;
1784 }
1785 }
1786
1787 /* Now work away from the trust anchor */
1788 while (1)
1789 {
1790 strcpy(keyname, &name[name_start]);
1791
1792 if (!(crecp = cache_find_by_name(NULL, keyname, now, F_DS)))
1793 return STAT_NEED_DS;
1794
1795 /* F_DNSSECOK misused in DS cache records to non-existence of NS record.
1796 F_NEG && !F_DNSSECOK implies that we've proved there's no DS record here,
1797 but that's because there's no NS record either, ie this isn't the start
1798 of a zone. We only prove that the DNS tree below a node is unsigned when
1799 we prove that we're at a zone cut AND there's no DS record. */
1800 if (crecp->flags & F_NEG)
1801 {
1802 if (crecp->flags & F_DNSSECOK)
1803 return STAT_INSECURE; /* proved no DS here */
1804 }
1805 else
1806 {
1807 /* If all the DS records have digest and/or sig algos we don't support,
1808 then the zone is insecure. Note that if an algo
1809 appears in the DS, then RRSIGs for that algo MUST
1810 exist for each RRset: 4035 para 2.2 So if we find
1811 a DS here with digest and sig we can do, we're entitled
1812 to assume we can validate the zone and if we can't later,
1813 because an RRSIG is missing we return BOGUS.
1814 */
1815 do
1816 {
1817 if (crecp->uid == (unsigned int)class &&
1818 ds_digest_name(crecp->addr.ds.digest) &&
1819 algo_digest_name(crecp->addr.ds.algo))
1820 break;
1821 }
1822 while ((crecp = cache_find_by_name(crecp, keyname, now, F_DS)));
1823
1824 if (!crecp)
1825 return STAT_INSECURE;
1826 }
1827
1828 if (name_start == 0)
1829 break;
1830
1831 for (p = &name[name_start-2]; (*p != '.') && (p != name); p--);
1832
1833 if (p != name)
1834 p++;
1835
1836 name_start = p - name;
1837 }
1838
1839 return STAT_SECURE;
1840}
1841
1842/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3)
1843 Return code:
1844 STAT_SECURE if it validates.
1845 STAT_INSECURE at least one RRset not validated, because in unsigned zone.
1846 STAT_BOGUS signature is wrong, bad packet, no validation where there should be.
1847 STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname, class in *class)
1848 STAT_NEED_DS need DS to complete validation (name is returned in keyname)
1849
1850 daemon->rr_status points to a char array which corressponds to the RRs in the
1851 answer and auth sections. This is set to 1 for each RR which is validated, and 0 for any which aren't.
1852
1853 When validating replies to DS records, we're only interested in the NSEC{3} RRs in the auth section.
1854 Other RRs in that section missing sigs will not cause am INSECURE reply. We determine this mode
1855 is the nons argument is non-NULL.
1856*/
1857int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname,
1858 int *class, int check_unsigned, int *neganswer, int *nons, int *nsec_ttl)
1859{
1860 static unsigned char **targets = NULL;
1861 static int target_sz = 0;
1862
1863 unsigned char *ans_start, *p1, *p2;
1864 int type1, class1, rdlen1 = 0, type2, class2, rdlen2, qclass, qtype, targetidx;
1865 int i, j, rc = STAT_INSECURE;
1866 int secure = STAT_SECURE;
1867
1868 /* extend rr_status if necessary */
1869 if (daemon->rr_status_sz < ntohs(header->ancount) + ntohs(header->nscount))
1870 {
1871 unsigned long *new = whine_malloc(sizeof(*daemon->rr_status) * (ntohs(header->ancount) + ntohs(header->nscount) + 64));
1872
1873 if (!new)
1874 return STAT_BOGUS;
1875
1876 free(daemon->rr_status);
1877 daemon->rr_status = new;
1878 daemon->rr_status_sz = ntohs(header->ancount) + ntohs(header->nscount) + 64;
1879 }
1880
1881 memset(daemon->rr_status, 0, sizeof(*daemon->rr_status) * daemon->rr_status_sz);
1882
1883 if (neganswer)
1884 *neganswer = 0;
1885
1886 if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1887 return STAT_BOGUS;
1888
1889 if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1890 return STAT_INSECURE;
1891
1892 p1 = (unsigned char *)(header+1);
1893
1894 /* Find all the targets we're looking for answers to.
1895 The zeroth array element is for the query, subsequent ones
1896 for CNAME targets, unless the query is for a CNAME or ANY. */
1897
1898 if (!expand_workspace(&targets, &target_sz, 0))
1899 return STAT_BOGUS;
1900
1901 targets[0] = p1;
1902 targetidx = 1;
1903
1904 if (!extract_name(header, plen, &p1, name, 1, 4))
1905 return STAT_BOGUS;
1906
1907 GETSHORT(qtype, p1);
1908 GETSHORT(qclass, p1);
1909 ans_start = p1;
1910
1911 /* Can't validate an RRSIG query */
1912 if (qtype == T_RRSIG)
1913 return STAT_INSECURE;
1914
1915 if (qtype != T_CNAME && qtype != T_ANY)
1916 for (j = ntohs(header->ancount); j != 0; j--)
1917 {
1918 if (!(p1 = skip_name(p1, header, plen, 10)))
1919 return STAT_BOGUS; /* bad packet */
1920
1921 GETSHORT(type2, p1);
1922 p1 += 6; /* class, TTL */
1923 GETSHORT(rdlen2, p1);
1924
1925 if (type2 == T_CNAME)
1926 {
1927 if (!expand_workspace(&targets, &target_sz, targetidx))
1928 return STAT_BOGUS;
1929
1930 targets[targetidx++] = p1; /* pointer to target name */
1931 }
1932
1933 if (!ADD_RDLEN(header, p1, plen, rdlen2))
1934 return STAT_BOGUS;
1935 }
1936
1937 for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1938 {
1939 if (i != 0 && !ADD_RDLEN(header, p1, plen, rdlen1))
1940 return STAT_BOGUS;
1941
1942 if (!extract_name(header, plen, &p1, name, 1, 10))
1943 return STAT_BOGUS; /* bad packet */
1944
1945 GETSHORT(type1, p1);
1946 GETSHORT(class1, p1);
1947 p1 += 4; /* TTL */
1948 GETSHORT(rdlen1, p1);
1949
1950 /* Don't try and validate RRSIGs! */
1951 if (type1 == T_RRSIG)
1952 continue;
1953
1954 /* Check if we've done this RRset already */
1955 for (p2 = ans_start, j = 0; j < i; j++)
1956 {
1957 if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1958 return STAT_BOGUS; /* bad packet */
1959
1960 GETSHORT(type2, p2);
1961 GETSHORT(class2, p2);
1962 p2 += 4; /* TTL */
1963 GETSHORT(rdlen2, p2);
1964
1965 if (type2 == type1 && class2 == class1 && rc == 1)
1966 break; /* Done it before: name, type, class all match. */
1967
1968 if (!ADD_RDLEN(header, p2, plen, rdlen2))
1969 return STAT_BOGUS;
1970 }
1971
1972 /* Done already: copy the validation status */
1973 if (j != i)
1974 daemon->rr_status[i] = daemon->rr_status[j];
1975 else
1976 {
1977 /* Not done, validate now */
1978 int sigcnt, rrcnt;
1979 char *wildname;
1980
1981 if (!explore_rrset(header, plen, class1, type1, name, keyname, &sigcnt, &rrcnt))
1982 return STAT_BOGUS;
1983
1984 /* No signatures for RRset. We can be configured to assume this is OK and return an INSECURE result. */
1985 if (sigcnt == 0)
1986 {
1987 /* NSEC and NSEC3 records must be signed. We make this assumption elsewhere. */
1988 if (type1 == T_NSEC || type1 == T_NSEC3)
1989 rc = STAT_INSECURE;
1990 else if (nons && i >= ntohs(header->ancount))
1991 /* If we're validating a DS reply, rather than looking for the value of AD bit,
1992 we only care that NSEC and NSEC3 RRs in the auth section are signed.
1993 Return SECURE even if others (SOA....) are not. */
1994 rc = STAT_SECURE;
1995 else
1996 {
1997 /* unsigned RRsets in auth section are not BOGUS, but do make reply insecure. */
1998 if (check_unsigned && i < ntohs(header->ancount))
1999 {
2000 rc = zone_status(name, class1, keyname, now);
2001 if (STAT_ISEQUAL(rc, STAT_SECURE))
2002 rc = STAT_BOGUS | DNSSEC_FAIL_NOSIG;
2003 if (class)
2004 *class = class1; /* Class for NEED_DS or NEED_KEY */
2005 }
2006 else
2007 rc = STAT_INSECURE;
2008
2009 if (!STAT_ISEQUAL(rc, STAT_INSECURE))
2010 return rc;
2011 }
2012 }
2013 else
2014 {
2015 /* explore_rrset() gives us key name from sigs in keyname.
2016 Can't overwrite name here. */
2017 strcpy(daemon->workspacename, keyname);
2018 rc = zone_status(daemon->workspacename, class1, keyname, now);
2019
2020 if (STAT_ISEQUAL(rc, STAT_BOGUS) || STAT_ISEQUAL(rc, STAT_NEED_KEY) || STAT_ISEQUAL(rc, STAT_NEED_DS))
2021 {
2022 if (class)
2023 *class = class1; /* Class for NEED_DS or NEED_KEY */
2024 return rc;
2025 }
2026
2027 /* Zone is insecure, don't need to validate RRset */
2028 if (STAT_ISEQUAL(rc, STAT_SECURE))
2029 {
2030 unsigned long sig_ttl;
2031 rc = validate_rrset(now, header, plen, class1, type1, sigcnt,
2032 rrcnt, name, keyname, &wildname, NULL, 0, 0, 0, &sig_ttl);
2033
2034 if (STAT_ISEQUAL(rc, STAT_BOGUS) || STAT_ISEQUAL(rc, STAT_NEED_KEY) || STAT_ISEQUAL(rc, STAT_NEED_DS))
2035 {
2036 if (class)
2037 *class = class1; /* Class for DS or DNSKEY */
2038 return rc;
2039 }
2040
2041 /* rc is now STAT_SECURE or STAT_SECURE_WILDCARD */
2042
2043 /* Note that RR is validated */
2044 daemon->rr_status[i] = sig_ttl;
2045
2046 /* Note if we've validated either the answer to the question
2047 or the target of a CNAME. Any not noted will need NSEC or
2048 to be in unsigned space. */
2049 for (j = 0; j <targetidx; j++)
2050 if ((p2 = targets[j]))
2051 {
2052 int rc1;
2053 if (!(rc1 = extract_name(header, plen, &p2, name, 0, 10)))
2054 return STAT_BOGUS; /* bad packet */
2055
2056 if (class1 == qclass && rc1 == 1 && (type1 == T_CNAME || type1 == qtype || qtype == T_ANY ))
2057 targets[j] = NULL;
2058 }
2059
2060 /* An attacker replay a wildcard answer with a different
2061 answer and overlay a genuine RR. To prove this
2062 hasn't happened, the answer must prove that
2063 the genuine record doesn't exist. Check that here.
2064 Note that we may not yet have validated the NSEC/NSEC3 RRsets.
2065 That's not a problem since if the RRsets later fail
2066 we'll return BOGUS then. */
2067 if (STAT_ISEQUAL(rc, STAT_SECURE_WILDCARD) &&
2068 !prove_non_existence(header, plen, keyname, name, type1, class1, wildname, NULL, NULL))
2069 return STAT_BOGUS | DNSSEC_FAIL_NONSEC;
2070
2071 rc = STAT_SECURE;
2072 }
2073 }
2074 }
2075
2076 if (STAT_ISEQUAL(rc, STAT_INSECURE))
2077 secure = STAT_INSECURE;
2078 }
2079
2080 /* OK, all the RRsets validate, now see if we have a missing answer or CNAME target. */
2081 if (STAT_ISEQUAL(secure, STAT_SECURE))
2082 for (j = 0; j <targetidx; j++)
2083 if ((p2 = targets[j]))
2084 {
2085 if (neganswer)
2086 *neganswer = 1;
2087
2088 if (!extract_name(header, plen, &p2, name, 1, 10))
2089 return STAT_BOGUS; /* bad packet */
2090
2091 /* NXDOMAIN or NODATA reply, unanswered question is (name, qclass, qtype) */
2092
2093 /* For anything other than a DS record, this situation is OK if either
2094 the answer is in an unsigned zone, or there's a NSEC records. */
2095 if (!prove_non_existence(header, plen, keyname, name, qtype, qclass, NULL, nons, nsec_ttl))
2096 {
2097 /* Empty DS without NSECS */
2098 if (qtype == T_DS)
2099 return STAT_BOGUS | DNSSEC_FAIL_NONSEC;
2100
2101 if (STAT_ISEQUAL((rc = zone_status(name, qclass, keyname, now)), STAT_SECURE))
2102 {
2103 if (class)
2104 *class = qclass; /* Class for NEED_DS or NEED_KEY */
2105 return rc;
2106 }
2107
2108 return STAT_BOGUS | DNSSEC_FAIL_NONSEC; /* signed zone, no NSECs */
2109 }
2110 }
2111
2112 return secure;
2113}
2114
2115
2116/* Compute keytag (checksum to quickly index a key). See RFC4034 */
2117int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
2118{
2119 if (alg == 1)
2120 {
2121 /* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
2122 See RFC4034, Appendix B.1 */
2123 return key[keylen-4] * 256 + key[keylen-3];
2124 }
2125 else
2126 {
2127 unsigned long ac = flags + 0x300 + alg;
2128 int i;
2129
2130 for (i = 0; i < keylen; ++i)
2131 ac += (i & 1) ? key[i] : key[i] << 8;
2132
2133 ac += (ac >> 16) & 0xffff;
2134 return ac & 0xffff;
2135 }
2136}
2137
2138size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class,
2139 int type, int edns_pktsz)
2140{
2141 unsigned char *p;
2142 size_t ret;
2143
2144 header->qdcount = htons(1);
2145 header->ancount = htons(0);
2146 header->nscount = htons(0);
2147 header->arcount = htons(0);
2148
2149 header->hb3 = HB3_RD;
2150 SET_OPCODE(header, QUERY);
2151 /* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2152 this allows it to select auth servers when one is returning bad data. */
2153 header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2154
2155 /* ID filled in later */
2156
2157 p = (unsigned char *)(header+1);
2158
2159 p = do_rfc1035_name(p, name, NULL);
2160 *p++ = 0;
2161 PUTSHORT(type, p);
2162 PUTSHORT(class, p);
2163
2164 ret = add_do_bit(header, p - (unsigned char *)header, end);
2165
2166 if (find_pseudoheader(header, ret, NULL, &p, NULL, NULL))
2167 PUTSHORT(edns_pktsz, p);
2168
2169 return ret;
2170}
2171
2172int errflags_to_ede(int status)
2173{
2174 /* We can end up with more than one flag set for some errors,
2175 so this encodes a rough priority so the (eg) No sig is reported
2176 before no-unexpired-sig. */
2177
2178 if (status & DNSSEC_FAIL_NYV)
2179 return EDE_SIG_NYV;
2180 else if (status & DNSSEC_FAIL_EXP)
2181 return EDE_SIG_EXP;
2182 else if (status & DNSSEC_FAIL_NOKEYSUP)
2183 return EDE_USUPDNSKEY;
2184 else if (status & DNSSEC_FAIL_NOZONE)
2185 return EDE_NO_ZONEKEY;
2186 else if (status & DNSSEC_FAIL_NOKEY)
2187 return EDE_NO_DNSKEY;
2188 else if (status & DNSSEC_FAIL_NODSSUP)
2189 return EDE_USUPDS;
2190 else if (status & DNSSEC_FAIL_NONSEC)
2191 return EDE_NO_NSEC;
2192 else if (status & DNSSEC_FAIL_INDET)
2193 return EDE_DNSSEC_IND;
2194 else if (status & DNSSEC_FAIL_NOSIG)
2195 return EDE_NO_RRSIG;
2196 else
2197 return EDE_UNSET;
2198}
2199#endif /* HAVE_DNSSEC */