1
/* dnssec.c is Copyright (c) 2012 Giovanni Bajo <rasky@develer.com>
2
and Copyright (c) 2012-2014 Simon Kelley
4
This program is free software; you can redistribute it and/or modify
5
it under the terms of the GNU General Public License as published by
6
the Free Software Foundation; version 2 dated June, 1991, or
7
(at your option) version 3 dated 29 June, 2007.
9
This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
14
You should have received a copy of the GNU General Public License
15
along with this program. If not, see <http://www.gnu.org/licenses/>.
22
#include <nettle/rsa.h>
23
#include <nettle/dsa.h>
25
# include <nettle/ecdsa.h>
26
# include <nettle/ecc-curve.h>
28
#include <nettle/nettle-meta.h>
31
#define SERIAL_UNDEF -100
36
/* http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
37
static char *ds_digest_name(int digest)
41
case 1: return "sha1";
42
case 2: return "sha256";
43
case 3: return "gosthash94";
44
case 4: return "sha384";
49
/* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
50
static char *algo_digest_name(int algo)
55
case 3: return "sha1";
56
case 5: return "sha1";
57
case 6: return "sha1";
58
case 7: return "sha1";
59
case 8: return "sha256";
60
case 10: return "sha512";
61
case 12: return "gosthash94";
62
case 13: return "sha256";
63
case 14: return "sha384";
68
/* Find pointer to correct hash function in nettle library */
69
static const struct nettle_hash *hash_find(char *name)
76
for (i = 0; nettle_hashes[i]; i++)
78
if (strcmp(nettle_hashes[i]->name, name) == 0)
79
return nettle_hashes[i];
85
/* expand ctx and digest memory allocations if necessary and init hash function */
86
static int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp)
88
static void *ctx = NULL;
89
static unsigned char *digest = NULL;
90
static unsigned int ctx_sz = 0;
91
static unsigned int digest_sz = 0;
95
if (ctx_sz < hash->context_size)
97
if (!(new = whine_malloc(hash->context_size)))
102
ctx_sz = hash->context_size;
105
if (digest_sz < hash->digest_size)
107
if (!(new = whine_malloc(hash->digest_size)))
112
digest_sz = hash->digest_size;
123
static int rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
124
unsigned char *digest, int algo)
129
static struct rsa_public_key *key = NULL;
130
static mpz_t sig_mpz;
134
if (!(key = whine_malloc(sizeof(struct rsa_public_key))))
137
nettle_rsa_public_key_init(key);
141
if ((key_len < 3) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
145
if ((exp_len = *p++) == 0)
147
GETSHORT(exp_len, p);
151
if (exp_len >= key_len)
154
key->size = key_len - exp_len;
155
mpz_import(key->e, exp_len, 1, 1, 0, 0, p);
156
mpz_import(key->n, key->size, 1, 1, 0, 0, p + exp_len);
158
mpz_import(sig_mpz, sig_len, 1, 1, 0, 0, sig);
163
return nettle_rsa_md5_verify_digest(key, digest, sig_mpz);
165
return nettle_rsa_sha1_verify_digest(key, digest, sig_mpz);
167
return nettle_rsa_sha256_verify_digest(key, digest, sig_mpz);
169
return nettle_rsa_sha512_verify_digest(key, digest, sig_mpz);
175
static int dsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
176
unsigned char *digest, int algo)
181
static struct dsa_public_key *key = NULL;
182
static struct dsa_signature *sig_struct;
186
if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))) ||
187
!(key = whine_malloc(sizeof(struct dsa_public_key))))
190
nettle_dsa_public_key_init(key);
191
nettle_dsa_signature_init(sig_struct);
194
if ((sig_len < 41) || !(p = blockdata_retrieve(key_data, key_len, NULL)))
199
if (key_len < (213 + (t * 24)))
202
mpz_import(key->q, 20, 1, 1, 0, 0, p); p += 20;
203
mpz_import(key->p, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
204
mpz_import(key->g, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
205
mpz_import(key->y, 64 + (t*8), 1, 1, 0, 0, p); p += 64 + (t*8);
207
mpz_import(sig_struct->r, 20, 1, 1, 0, 0, sig+1);
208
mpz_import(sig_struct->s, 20, 1, 1, 0, 0, sig+21);
212
return nettle_dsa_sha1_verify_digest(key, digest, sig_struct);
215
#ifndef NO_NETTLE_ECC
216
static int dnsmasq_ecdsa_verify(struct blockdata *key_data, unsigned int key_len,
217
unsigned char *sig, size_t sig_len,
218
unsigned char *digest, size_t digest_len, int algo)
222
struct ecc_point *key;
224
static struct ecc_point *key_256 = NULL, *key_384 = NULL;
226
static struct dsa_signature *sig_struct;
230
if (!(sig_struct = whine_malloc(sizeof(struct dsa_signature))))
233
nettle_dsa_signature_init(sig_struct);
243
if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
246
nettle_ecc_point_init(key_256, &nettle_secp_256r1);
256
if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
259
nettle_ecc_point_init(key_384, &nettle_secp_384r1);
270
if (sig_len != 2*t || key_len != 2*t ||
271
(p = blockdata_retrieve(key_data, key_len, NULL)))
274
mpz_import(x, t , 1, 1, 0, 0, p);
275
mpz_import(y, t , 1, 1, 0, 0, p + t);
277
if (!ecc_point_set(key, x, y))
280
mpz_import(sig_struct->r, t, 1, 1, 0, 0, sig);
281
mpz_import(sig_struct->s, t, 1, 1, 0, 0, sig + t);
283
return nettle_ecdsa_verify(key, digest_len, digest, sig_struct);
287
static int verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
288
unsigned char *digest, size_t digest_len, int algo)
294
case 1: case 5: case 7: case 8: case 10:
295
return rsa_verify(key_data, key_len, sig, sig_len, digest, algo);
298
return dsa_verify(key_data, key_len, sig, sig_len, digest, algo);
300
#ifndef NO_NETTLE_ECC
302
return dnsmasq_ecdsa_verify(key_data, key_len, sig, sig_len, digest, digest_len, algo);
309
/* Convert from presentation format to wire format, in place.
311
Note that using extract_name to get presentation format
312
then calling to_wire() removes compression and maps case,
313
thus generating names in canonical form.
314
Calling to_wire followed by from_wire is almost an identity,
315
except that the UC remains mapped to LC.
317
static int to_wire(char *name)
319
unsigned char *l, *p, term;
322
for (l = (unsigned char*)name; *l != 0; l = p)
324
for (p = l; *p != '.' && *p != 0; p++)
325
if (*p >= 'A' && *p <= 'Z')
330
if ((len = p - l) != 0)
331
memmove(l+1, l, len);
340
return l + 1 - (unsigned char *)name;
343
/* Note: no compression allowed in input. */
344
static void from_wire(char *name)
349
for (l = (unsigned char *)name; *l != 0; l += len+1)
352
memmove(l, l+1, len);
356
if ((char *)l != name)
360
/* Input in presentation format */
361
static int count_labels(char *name)
368
for (i = 0; *name; name++)
375
/* Implement RFC1982 wrapped compare for 32-bit numbers */
376
static int serial_compare_32(unsigned long s1, unsigned long s2)
381
if ((s1 < s2 && (s2 - s1) < (1UL<<31)) ||
382
(s1 > s2 && (s1 - s2) > (1UL<<31)))
384
if ((s1 < s2 && (s2 - s1) > (1UL<<31)) ||
385
(s1 > s2 && (s1 - s2) < (1UL<<31)))
390
/* Check whether today/now is between date_start and date_end */
391
static int check_date_range(unsigned long date_start, unsigned long date_end)
393
unsigned long curtime;
395
/* Checking timestamps may be temporarily disabled */
396
if (option_bool(OPT_DNSSEC_TIME))
401
/* We must explicitly check against wanted values, because of SERIAL_UNDEF */
402
return serial_compare_32(curtime, date_start) == SERIAL_GT
403
&& serial_compare_32(curtime, date_end) == SERIAL_LT;
406
static u16 *get_desc(int type)
408
/* List of RRtypes which include domains in the data.
410
integer -> no of plain bytes
413
zero is not a valid RRtype, so the final entry is returned for
414
anything which needs no mangling.
417
static u16 rr_desc[] =
439
0, -1 /* wildcard/catchall */
444
while (*p != type && *p != 0)
445
while (*p++ != (u16)-1);
450
/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
451
data, pointed to by *p, should be used raw. */
452
static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff,
453
unsigned char **p, u16 **desc)
459
/* No more data needs mangling */
463
if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
464
/* domain-name, canonicalise */
465
return to_wire(buff);
468
/* plain data preceding a domain-name, don't run off the end of the data */
482
static int expand_workspace(unsigned char ***wkspc, int *sz, int new)
495
if (!(p = whine_malloc((new_sz) * sizeof(unsigned char **))))
500
memcpy(p, *wkspc, *sz * sizeof(unsigned char **));
510
/* Bubble sort the RRset into the canonical order.
511
Note that the byte-streams from two RRs may get unsynced: consider
512
RRs which have two domain-names at the start and then other data.
513
The domain-names may have different lengths in each RR, but sort equal
521
leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
524
static void sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
525
unsigned char **rrset, char *buff1, char *buff2)
531
for (swap = 0, i = 0; i < rrsetidx-1; i++)
533
int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
535
unsigned char *end1, *end2;
536
/* Note that these have been determined to be OK previously,
537
so we don't need to check for NULL return here. */
538
unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
539
unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
541
p1 += 8; /* skip class, type, ttl */
542
GETSHORT(rdlen1, p1);
545
p2 += 8; /* skip class, type, ttl */
546
GETSHORT(rdlen2, p2);
551
for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
554
memmove(buff1, buff1 + len1 - left1, left1);
556
if ((len1 = get_rdata(header, plen, end1, buff1 + left1, &p1, &dp1)) == 0)
560
memcpy(buff1 + left1, p1, len1);
565
memmove(buff2, buff2 + len2 - left2, left2);
567
if ((len2 = get_rdata(header, plen, end2, buff2 + left2, &p2, &dp2)) == 0)
571
memcpy(buff2 + left2, p2, len2);
576
left1 = len1 - len2, left2 = 0, len = len2;
578
left2 = len2 - len1, left1 = 0, len = len1;
580
rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
582
if (rc > 0 || (rc == 0 && quit && len1 > len2))
584
unsigned char *tmp = rrset[i+1];
585
rrset[i+1] = rrset[i];
596
/* Validate a single RRset (class, type, name) in the supplied DNS reply
598
STAT_SECURE if it validates.
599
STAT_SECURE_WILDCARD if it validates and is the result of wildcard expansion.
600
STAT_NO_SIG no RRsigs found.
601
STAT_INSECURE RRset empty.
602
STAT_BOGUS signature is wrong, bad packet.
603
STAT_NEED_KEY need DNSKEY to complete validation (name is returned in keyname)
605
if key is non-NULL, use that key, which has the algo and tag given in the params of those names,
606
otherwise find the key in the cache.
608
name is unchanged on exit. keyname is used as workspace and trashed.
610
static int validate_rrset(time_t now, struct dns_header *header, size_t plen, int class,
611
int type, char *name, char *keyname, struct blockdata *key, int keylen, int algo_in, int keytag_in)
613
static unsigned char **rrset = NULL, **sigs = NULL;
614
static int rrset_sz = 0, sig_sz = 0;
617
int rrsetidx, sigidx, res, rdlen, j, name_labels;
618
struct crec *crecp = NULL;
619
int type_covered, algo, labels, orig_ttl, sig_expiration, sig_inception, key_tag;
620
u16 *rr_desc = get_desc(type);
622
if (!(p = skip_questions(header, plen)))
625
name_labels = count_labels(name); /* For 4035 5.3.2 check */
627
/* look for RRSIGs for this RRset and get pointers to each RR in the set. */
628
for (rrsetidx = 0, sigidx = 0, j = ntohs(header->ancount) + ntohs(header->nscount);
631
unsigned char *pstart, *pdata;
636
if (!(res = extract_name(header, plen, &p, name, 0, 10)))
637
return STAT_BOGUS; /* bad packet */
647
if (!CHECK_LEN(header, p, plen, rdlen))
650
if (res == 1 && sclass == class)
654
if (!expand_workspace(&rrset, &rrset_sz, rrsetidx))
657
rrset[rrsetidx++] = pstart;
660
if (stype == T_RRSIG)
663
return STAT_BOGUS; /* bad packet */
665
GETSHORT(type_covered, p);
667
if (type_covered == type)
669
if (!expand_workspace(&sigs, &sig_sz, sigidx))
672
sigs[sigidx++] = pdata;
675
p = pdata + 2; /* restore for ADD_RDLEN */
679
if (!ADD_RDLEN(header, p, plen, rdlen))
685
return STAT_INSECURE;
691
/* Sort RRset records into canonical order.
692
Note that at this point keyname and daemon->workspacename buffs are
693
unused, and used as workspace by the sort. */
694
sort_rrset(header, plen, rr_desc, rrsetidx, rrset, daemon->workspacename, keyname);
696
/* Now try all the sigs to try and find one which validates */
697
for (j = 0; j <sigidx; j++)
699
unsigned char *psav, *sig, *digest;
700
int i, wire_len, sig_len;
701
const struct nettle_hash *hash;
707
GETSHORT(rdlen, p); /* rdlen >= 18 checked previously */
710
p += 2; /* type_covered - already checked */
713
GETLONG(orig_ttl, p);
714
GETLONG(sig_expiration, p);
715
GETLONG(sig_inception, p);
716
GETSHORT(key_tag, p);
718
if (!extract_name(header, plen, &p, keyname, 1, 0))
721
/* RFC 4035 5.3.1 says that the Signer's Name field MUST equal
722
the name of the zone containing the RRset. We can't tell that
723
for certain, but we can check that the RRset name is equal to
724
or encloses the signers name, which should be enough to stop
725
an attacker using signatures made with the key of an unrelated
726
zone he controls. Note that the root key is always allowed. */
731
for (name_start = name; !hostname_isequal(name_start, keyname); )
732
if ((name_start = strchr(name_start, '.')))
733
name_start++; /* chop a label off and try again */
740
/* Bad sig, try another */
745
/* Other 5.3.1 checks */
746
if (!check_date_range(sig_inception, sig_expiration) ||
747
labels > name_labels ||
748
!(hash = hash_find(algo_digest_name(algo))) ||
749
!hash_init(hash, &ctx, &digest))
752
/* OK, we have the signature record, see if the relevant DNSKEY is in the cache. */
753
if (!key && !(crecp = cache_find_by_name(NULL, keyname, now, F_DNSKEY)))
754
return STAT_NEED_KEY;
757
sig_len = rdlen - (p - psav);
759
nsigttl = htonl(orig_ttl);
761
hash->update(ctx, 18, psav);
762
wire_len = to_wire(keyname);
763
hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
766
for (i = 0; i < rrsetidx; ++i)
769
unsigned char *end, *cp;
773
if (!extract_name(header, plen, &p, name, 1, 10))
778
/* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
779
if (labels < name_labels)
782
for (k = name_labels - labels; k != 0; k--)
783
while (*name_start != '.' && *name_start != 0)
789
wire_len = to_wire(name_start);
790
hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
791
hash->update(ctx, 4, p); /* class and type */
792
hash->update(ctx, 4, (unsigned char *)&nsigttl);
794
p += 8; /* skip class, type, ttl */
796
if (!CHECK_LEN(header, p, plen, rdlen))
801
/* canonicalise rdata and calculate length of same, use name buffer as workspace */
804
for (len = 0; (seg = get_rdata(header, plen, end, name, &cp, &dp)) != 0; len += seg);
807
hash->update(ctx, 2, (unsigned char *)&len);
809
/* Now canonicalise again and digest. */
812
while ((seg = get_rdata(header, plen, end, name, &cp, &dp)))
813
hash->update(ctx, seg, (unsigned char *)name);
815
hash->update(ctx, end - cp, cp);
818
hash->digest(ctx, hash->digest_size, digest);
820
/* namebuff used for workspace above, restore to leave unchanged on exit */
821
p = (unsigned char*)(rrset[0]);
822
extract_name(header, plen, &p, name, 1, 0);
826
if (algo_in == algo && keytag_in == key_tag &&
827
verify(key, keylen, sig, sig_len, digest, hash->digest_size, algo))
832
/* iterate through all possible keys 4035 5.3.1 */
833
for (; crecp; crecp = cache_find_by_name(crecp, keyname, now, F_DNSKEY))
834
if (crecp->addr.key.algo == algo &&
835
crecp->addr.key.keytag == key_tag &&
836
crecp->uid == (unsigned int)class &&
837
verify(crecp->addr.key.keydata, crecp->addr.key.keylen, sig, sig_len, digest, hash->digest_size, algo))
838
return (labels < name_labels) ? STAT_SECURE_WILDCARD : STAT_SECURE;
845
/* The DNS packet is expected to contain the answer to a DNSKEY query.
846
Put all DNSKEYs in the answer which are valid into the cache.
848
STAT_INSECURE No DNSKEYs in reply.
849
STAT_SECURE At least one valid DNSKEY found and in cache.
850
STAT_BOGUS No DNSKEYs found, which can be validated with DS,
851
or self-sign for DNSKEY RRset is not valid, bad packet.
852
STAT_NEED_DS DS records to validate a key not found, name in keyname
854
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
856
unsigned char *psave, *p = (unsigned char *)(header+1);
857
struct crec *crecp, *recp1;
858
int rc, j, qtype, qclass, ttl, rdlen, flags, algo, valid, keytag, type_covered;
859
struct blockdata *key;
862
if (ntohs(header->qdcount) != 1 ||
863
!extract_name(header, plen, &p, name, 1, 4))
869
if (qtype != T_DNSKEY || qclass != class)
872
if (ntohs(header->ancount) == 0)
873
return STAT_INSECURE;
875
/* See if we have cached a DS record which validates this key */
876
if (!(crecp = cache_find_by_name(NULL, name, now, F_DS)))
878
strcpy(keyname, name);
882
/* If we've cached that DS provably doesn't exist, result must be INSECURE */
883
if (crecp->flags & F_NEG)
884
return STAT_INSECURE;
886
/* NOTE, we need to find ONE DNSKEY which matches the DS */
887
for (valid = 0, j = ntohs(header->ancount); j != 0 && !valid; j--)
889
/* Ensure we have type, class TTL and length */
890
if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
891
return STAT_BOGUS; /* bad packet */
898
if (!CHECK_LEN(header, p, plen, rdlen) || rdlen < 4)
899
return STAT_BOGUS; /* bad packet */
901
if (qclass != class || qtype != T_DNSKEY || rc == 2)
913
keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
916
/* key must have zone key flag set */
918
key = blockdata_alloc((char*)p, rdlen - 4);
922
if (!ADD_RDLEN(header, p, plen, rdlen))
926
return STAT_BOGUS; /* bad packet */
929
/* No zone key flag or malloc failure */
933
for (recp1 = crecp; recp1; recp1 = cache_find_by_name(recp1, name, now, F_DS))
936
unsigned char *digest, *ds_digest;
937
const struct nettle_hash *hash;
939
if (recp1->addr.ds.algo == algo &&
940
recp1->addr.ds.keytag == keytag &&
941
recp1->uid == (unsigned int)class &&
942
(hash = hash_find(ds_digest_name(recp1->addr.ds.digest))) &&
943
hash_init(hash, &ctx, &digest))
946
int wire_len = to_wire(name);
948
/* Note that digest may be different between DSs, so
949
we can't move this outside the loop. */
950
hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name);
951
hash->update(ctx, (unsigned int)rdlen, psave);
952
hash->digest(ctx, hash->digest_size, digest);
956
if (recp1->addr.ds.keylen == (int)hash->digest_size &&
957
(ds_digest = blockdata_retrieve(recp1->addr.key.keydata, recp1->addr.ds.keylen, NULL)) &&
958
memcmp(ds_digest, digest, recp1->addr.ds.keylen) == 0 &&
959
validate_rrset(now, header, plen, class, T_DNSKEY, name, keyname, key, rdlen - 4, algo, keytag) == STAT_SECURE)
971
/* DNSKEY RRset determined to be OK, now cache it and the RRsigs that sign it. */
972
cache_start_insert();
974
p = skip_questions(header, plen);
976
for (j = ntohs(header->ancount); j != 0; j--)
978
/* Ensure we have type, class TTL and length */
979
if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
980
return STAT_INSECURE; /* bad packet */
987
if (!CHECK_LEN(header, p, plen, rdlen))
988
return STAT_BOGUS; /* bad packet */
990
if (qclass == class && rc == 1)
994
if (qtype == T_DNSKEY)
997
return STAT_BOGUS; /* bad packet */
1003
keytag = dnskey_keytag(algo, flags, p, rdlen - 4);
1005
/* Cache needs to known class for DNSSEC stuff */
1006
a.addr.dnssec.class = class;
1008
if ((key = blockdata_alloc((char*)p, rdlen - 4)))
1010
if (!(recp1 = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DNSSECOK)))
1011
blockdata_free(key);
1014
a.addr.keytag = keytag;
1015
log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DNSKEY keytag %u");
1017
recp1->addr.key.keylen = rdlen - 4;
1018
recp1->addr.key.keydata = key;
1019
recp1->addr.key.algo = algo;
1020
recp1->addr.key.keytag = keytag;
1021
recp1->addr.key.flags = flags;
1025
else if (qtype == T_RRSIG)
1027
/* RRSIG, cache if covers DNSKEY RRset */
1029
return STAT_BOGUS; /* bad packet */
1031
GETSHORT(type_covered, p);
1033
if (type_covered == T_DNSKEY)
1035
a.addr.dnssec.class = class;
1036
a.addr.dnssec.type = type_covered;
1039
p += 13; /* labels, orig_ttl, expiration, inception */
1040
GETSHORT(keytag, p);
1041
if ((key = blockdata_alloc((char*)psave, rdlen)))
1043
if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1044
blockdata_free(key);
1047
crecp->addr.sig.keydata = key;
1048
crecp->addr.sig.keylen = rdlen;
1049
crecp->addr.sig.keytag = keytag;
1050
crecp->addr.sig.type_covered = type_covered;
1051
crecp->addr.sig.algo = algo;
1060
if (!ADD_RDLEN(header, p, plen, rdlen))
1061
return STAT_BOGUS; /* bad packet */
1064
/* commit cache insert. */
1069
log_query(F_UPSTREAM, name, NULL, "BOGUS DNSKEY");
1073
/* The DNS packet is expected to contain the answer to a DS query
1074
Put all DSs in the answer which are valid into the cache.
1076
STAT_INSECURE no DS in reply or not signed.
1077
STAT_SECURE At least one valid DS found and in cache.
1078
STAT_NO_DS It's proved there's no DS here.
1079
STAT_BOGUS At least one DS found, which fails validation, bad packet.
1080
STAT_NEED_DNSKEY DNSKEY records to validate a DS not found, name in keyname
1083
int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int class)
1085
unsigned char *p = (unsigned char *)(header+1);
1086
int qtype, qclass, val, i, neganswer;
1088
if (ntohs(header->qdcount) != 1 ||
1089
!(p = skip_name(p, header, plen, 4)))
1093
GETSHORT(qclass, p);
1095
if (qtype != T_DS || qclass != class)
1098
val = dnssec_validate_reply(now, header, plen, name, keyname, NULL, &neganswer);
1100
if (val == STAT_NO_SIG)
1101
val = STAT_INSECURE;
1103
p = (unsigned char *)(header+1);
1104
extract_name(header, plen, &p, name, 1, 4);
1105
p += 4; /* qtype, qclass */
1107
if (!(p = skip_section(p, ntohs(header->ancount), header, plen)))
1110
if (val == STAT_BOGUS)
1111
log_query(F_UPSTREAM, name, NULL, "BOGUS DS");
1113
if ((val == STAT_SECURE || val == STAT_INSECURE) && neganswer)
1115
int rdlen, flags = F_FORWARD | F_DS | F_NEG;
1116
unsigned long ttl, minttl = ULONG_MAX;
1119
if (RCODE(header) == NXDOMAIN)
1120
flags |= F_NXDOMAIN;
1122
if (val == STAT_SECURE)
1123
flags |= F_DNSSECOK;
1125
for (i = ntohs(header->nscount); i != 0; i--)
1127
if (!(p = skip_name(p, header, plen, 0)))
1131
GETSHORT(qclass, p);
1135
if (!CHECK_LEN(header, p, plen, rdlen))
1136
return STAT_BOGUS; /* bad packet */
1138
if (qclass != class || qtype != T_SOA)
1148
if (!(p = skip_name(p, header, plen, 0)))
1151
if (!(p = skip_name(p, header, plen, 20)))
1153
p += 16; /* SERIAL REFRESH RETRY EXPIRE */
1155
GETLONG(ttl, p); /* minTTL */
1164
cache_start_insert();
1166
a.addr.dnssec.class = class;
1167
cache_insert(name, &a, now, ttl, flags);
1172
return (val == STAT_SECURE) ? STAT_NO_DS : STAT_INSECURE;
1179
static int hostname_cmp(const char *a, const char *b)
1181
char *sa, *ea, *ca, *sb, *eb, *cb;
1182
unsigned char ac, bc;
1184
sa = ea = (char *)a + strlen(a);
1185
sb = eb = (char *)b + strlen(b);
1189
while (sa != a && *(sa-1) != '.')
1192
while (sb != b && *(sb-1) != '.')
1211
ac = (unsigned char) *ca++;
1212
bc = (unsigned char) *cb++;
1214
if (ac >= 'A' && ac <= 'Z')
1216
if (bc >= 'A' && bc <= 'Z')
1242
/* Find all the NSEC or NSEC3 records in a reply.
1243
return an array of pointers to them. */
1244
static int find_nsec_records(struct dns_header *header, size_t plen, unsigned char ***nsecsetp, int *nsecsetl, int class_reqd)
1246
static unsigned char **nsecset = NULL;
1247
static int nsecset_sz = 0;
1250
unsigned char *p = skip_questions(header, plen);
1251
int type, class, rdlen, i, nsecs_found;
1253
/* Move to NS section */
1254
if (!p || !(p = skip_section(p, ntohs(header->ancount), header, plen)))
1257
for (nsecs_found = 0, i = ntohs(header->nscount); i != 0; i--)
1259
unsigned char *pstart = p;
1261
if (!(p = skip_name(p, header, plen, 10)))
1269
if (class == class_reqd && (type == T_NSEC || type == T_NSEC3))
1271
/* No mixed NSECing 'round here, thankyouverymuch */
1272
if (type_found == T_NSEC && type == T_NSEC3)
1274
if (type_found == T_NSEC3 && type == T_NSEC)
1279
if (!expand_workspace(&nsecset, &nsecset_sz, nsecs_found))
1282
nsecset[nsecs_found++] = pstart;
1285
if (!ADD_RDLEN(header, p, plen, rdlen))
1289
*nsecsetp = nsecset;
1290
*nsecsetl = nsecs_found;
1295
static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1296
char *workspace1, char *workspace2, char *name, int type)
1299
unsigned char *p, *psave;
1300
int offset = (type & 0xff) >> 3;
1301
int mask = 0x80 >> (type & 0x07);
1303
/* Find NSEC record that proves name doesn't exist */
1304
for (i = 0; i < nsec_count; i++)
1307
if (!extract_name(header, plen, &p, workspace1, 1, 10))
1309
p += 8; /* class, type, TTL */
1312
if (!extract_name(header, plen, &p, workspace2, 1, 10))
1315
rc = hostname_cmp(workspace1, name);
1319
/* 4035 para 5.4. Last sentence */
1320
if (type == T_NSEC || type == T_RRSIG)
1323
/* NSEC with the same name as the RR we're testing, check
1324
that the type in question doesn't appear in the type map */
1326
/* rdlen is now length of type map, and p points to it */
1330
if (!CHECK_LEN(header, p, plen, rdlen))
1333
if (p[0] == type >> 8)
1335
/* Does the NSEC say our type exists? */
1336
if (offset < p[1] && (p[offset+2] & mask) != 0)
1339
break; /* finshed checking */
1350
/* Normal case, name falls between NSEC name and next domain name,
1351
wrap around case, name falls between NSEC name (rc == -1) and end */
1352
if (hostname_cmp(workspace2, name) == 1 || hostname_cmp(workspace1, workspace2) == 1)
1357
/* wrap around case, name falls between start and next domain name */
1358
if (hostname_cmp(workspace1, workspace2) == 1 && hostname_cmp(workspace2, name) == 1)
1366
/* return digest length, or zero on error */
1367
static int hash_name(char *in, unsigned char **out, struct nettle_hash const *hash,
1368
unsigned char *salt, int salt_len, int iterations)
1371
unsigned char *digest;
1374
if (!hash_init(hash, &ctx, &digest))
1377
hash->update(ctx, to_wire(in), (unsigned char *)in);
1378
hash->update(ctx, salt_len, salt);
1379
hash->digest(ctx, hash->digest_size, digest);
1381
for(i = 0; i < iterations; i++)
1383
hash->update(ctx, hash->digest_size, digest);
1384
hash->update(ctx, salt_len, salt);
1385
hash->digest(ctx, hash->digest_size, digest);
1391
return hash->digest_size;
1394
/* Decode base32 to first "." or end of string */
1395
static int base32_decode(char *in, unsigned char *out)
1397
int oc, on, c, mask, i;
1398
unsigned char *p = out;
1400
for (c = *in, oc = 0, on = 0; c != 0 && c != '.'; c = *++in)
1402
if (c >= '0' && c <= '9')
1404
else if (c >= 'a' && c <= 'v')
1406
else if (c >= 'A' && c <= 'V')
1411
for (mask = 0x10, i = 0; i < 5; i++)
1416
if (((++on) & 7) == 0)
1428
static int prove_non_existence_nsec3(struct dns_header *header, size_t plen, unsigned char **nsecs, int nsec_count,
1429
char *workspace1, char *workspace2, char *name, int type)
1431
unsigned char *salt, *p, *digest;
1432
int digest_len, i, iterations, salt_len, hash_len, base32_len, algo = 0;
1433
struct nettle_hash const *hash;
1434
char *closest_encloser, *next_closest, *wildcard;
1436
/* Look though the NSEC3 records to find the first one with
1437
an algorithm we support (currently only algo == 1).
1439
Take the algo, iterations, and salt of that record
1440
as the ones we're going to use, and prune any
1441
that don't match. */
1443
for (i = 0; i < nsec_count; i++)
1445
if (!(p = skip_name(nsecs[i], header, plen, 15)))
1446
return STAT_BOGUS; /* bad packet */
1448
p += 10; /* type, class, TTL, rdlen */
1452
break; /* known algo */
1455
/* No usable NSEC3s */
1456
if (i == nsec_count)
1460
GETSHORT (iterations, p);
1463
if (!CHECK_LEN(header, salt, plen, salt_len))
1464
return STAT_BOGUS; /* bad packet */
1466
/* Now prune so we only have NSEC3 records with same iterations, salt and algo */
1467
for (i = 0; i < nsec_count; i++)
1469
unsigned char *nsec3p = nsecs[i];
1472
nsecs[i] = NULL; /* Speculative, will be restored if OK. */
1474
if (!(p = skip_name(nsec3p, header, plen, 15)))
1475
return STAT_BOGUS; /* bad packet */
1477
p += 10; /* type, class, TTL, rdlen */
1484
GETSHORT(this_iter, p);
1485
if (this_iter != iterations)
1488
if (salt_len != *p++)
1491
if (!CHECK_LEN(header, p, plen, salt_len))
1492
return STAT_BOGUS; /* bad packet */
1494
if (memcmp(p, salt, salt_len) != 0)
1497
/* All match, put the pointer back */
1501
/* Algo is checked as 1 above */
1502
if (!(hash = hash_find("sha1")))
1505
/* Now, we need the "closest encloser NSEC3" */
1506
closest_encloser = name;
1507
next_closest = NULL;
1511
if (*closest_encloser == '.')
1514
if ((digest_len = hash_name(closest_encloser, &digest, hash, salt, salt_len, iterations)) == 0)
1517
for (i = 0; i < nsec_count; i++)
1520
if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1521
!(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1524
if (digest_len == base32_len &&
1525
memcmp(digest, workspace2, digest_len) == 0)
1529
if (i != nsec_count)
1532
next_closest = closest_encloser;
1534
while ((closest_encloser = strchr(closest_encloser, '.')));
1536
/* No usable NSEC3s */
1537
if (i == nsec_count)
1542
/* We found an NSEC3 whose hashed name exactly matches the query, so
1543
Now we just need to check the type map. p points to the RR data for the record. */
1545
unsigned char *psave;
1546
int offset = (type & 0xff) >> 3;
1547
int mask = 0x80 >> (type & 0x07);
1549
p += 8; /* class, type, TTL */
1552
p += 5 + salt_len; /* algo, flags, iterations, salt_len, salt */
1554
if (!CHECK_LEN(header, p, plen, hash_len))
1555
return STAT_BOGUS; /* bad packet */
1561
if (!CHECK_LEN(header, p, plen, rdlen))
1564
if (p[0] == type >> 8)
1566
/* Does the NSEC3 say our type exists? */
1567
if (offset < p[1] && (p[offset+2] & mask) != 0)
1570
break; /* finshed checking */
1580
/* Look for NSEC3 that proves the non-existence of the next-closest encloser */
1581
if ((digest_len = hash_name(next_closest, &digest, hash, salt, salt_len, iterations)) == 0)
1584
for (i = 0; i < nsec_count; i++)
1587
if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1588
!(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1591
p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1592
hash_len = *p++; /* p now points to next hashed name */
1594
if (!CHECK_LEN(header, p, plen, hash_len))
1597
if (digest_len == base32_len && hash_len == base32_len)
1599
if (memcmp(workspace2, digest, digest_len) <= 0)
1601
/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1602
wrap around case, name-hash falls between NSEC3 name-hash and end */
1603
if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1608
/* wrap around case, name falls between start and next domain name */
1609
if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1615
/* Finally, check that there's no seat of wildcard synthesis */
1616
if (!(wildcard = strchr(next_closest, '.')) || wildcard == next_closest)
1622
if ((digest_len = hash_name(wildcard, &digest, hash, salt, salt_len, iterations)) == 0)
1625
for (i = 0; i < nsec_count; i++)
1628
if (!extract_name(header, plen, &p, workspace1, 1, 0) ||
1629
!(base32_len = base32_decode(workspace1, (unsigned char *)workspace2)))
1632
p += 15 + salt_len; /* class, type, TTL, rdlen, algo, flags, iterations, salt_len, salt */
1633
hash_len = *p++; /* p now points to next hashed name */
1635
if (!CHECK_LEN(header, p, plen, hash_len))
1638
if (digest_len == base32_len && hash_len == base32_len)
1640
if (memcmp(workspace2, digest, digest_len) <= 0)
1642
/* Normal case, hash falls between NSEC3 name-hash and next domain name-hash,
1643
wrap around case, name-hash falls between NSEC3 name-hash and end */
1644
if (memcmp(p, digest, digest_len) > 0 || memcmp(workspace2, p, digest_len) > 0)
1649
/* wrap around case, name falls between start and next domain name */
1650
if (memcmp(workspace2, p, digest_len) > 0 && memcmp(p, digest, digest_len) > 0)
1659
/* Validate all the RRsets in the answer and authority sections of the reply (4035:3.2.3) */
1660
/* Returns are the same as validate_rrset, plus the class if the missing key is in *class */
1661
int dnssec_validate_reply(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname, int *class, int *neganswer)
1663
unsigned char *ans_start, *qname, *p1, *p2, **nsecs;
1664
int type1, class1, rdlen1, type2, class2, rdlen2, qclass, qtype;
1665
int i, j, rc, nsec_count, cname_count = CNAME_CHAIN;
1666
int nsec_type = 0, have_answer = 0;
1671
if (RCODE(header) == SERVFAIL || ntohs(header->qdcount) != 1)
1674
if (RCODE(header) != NXDOMAIN && RCODE(header) != NOERROR)
1675
return STAT_INSECURE;
1677
qname = p1 = (unsigned char *)(header+1);
1679
if (!extract_name(header, plen, &p1, name, 1, 4))
1682
GETSHORT(qtype, p1);
1683
GETSHORT(qclass, p1);
1686
/* Can't validate an RRISG query */
1687
if (qtype == T_RRSIG)
1688
return STAT_INSECURE;
1691
for (j = ntohs(header->ancount); j != 0; j--)
1693
/* leave pointer to missing name in qname */
1695
if (!(rc = extract_name(header, plen, &p1, name, 0, 10)))
1696
return STAT_BOGUS; /* bad packet */
1698
GETSHORT(type2, p1);
1699
GETSHORT(class2, p1);
1701
GETSHORT(rdlen2, p1);
1703
if (rc == 1 && qclass == class2)
1705
/* Do we have an answer for the question? */
1711
else if (type2 == T_CNAME)
1716
if (!cname_count-- || !extract_name(header, plen, &p1, name, 1, 0))
1724
if (!ADD_RDLEN(header, p1, plen, rdlen2))
1728
if (neganswer && !have_answer)
1731
/* No data, therefore no sigs */
1732
if (ntohs(header->ancount) + ntohs(header->nscount) == 0)
1735
for (p1 = ans_start, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
1737
if (!extract_name(header, plen, &p1, name, 1, 10))
1738
return STAT_BOGUS; /* bad packet */
1740
GETSHORT(type1, p1);
1741
GETSHORT(class1, p1);
1743
GETSHORT(rdlen1, p1);
1745
/* Don't try and validate RRSIGs! */
1746
if (type1 != T_RRSIG)
1748
/* Check if we've done this RRset already */
1749
for (p2 = ans_start, j = 0; j < i; j++)
1751
if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1752
return STAT_BOGUS; /* bad packet */
1754
GETSHORT(type2, p2);
1755
GETSHORT(class2, p2);
1757
GETSHORT(rdlen2, p2);
1759
if (type2 == type1 && class2 == class1 && rc == 1)
1760
break; /* Done it before: name, type, class all match. */
1762
if (!ADD_RDLEN(header, p2, plen, rdlen2))
1766
/* Not done, validate now */
1769
int ttl, keytag, algo, digest, type_covered;
1770
unsigned char *psave;
1772
struct blockdata *key;
1775
rc = validate_rrset(now, header, plen, class1, type1, name, keyname, NULL, 0, 0, 0);
1777
if (rc == STAT_SECURE_WILDCARD)
1779
/* An attacker replay a wildcard answer with a different
1780
answer and overlay a genuine RR. To prove this
1781
hasn't happened, the answer must prove that
1782
the gennuine record doesn't exist. Check that here. */
1783
if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, class1)))
1784
return STAT_BOGUS; /* No NSECs or bad packet */
1786
if (nsec_type == T_NSEC)
1787
rc = prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
1789
rc = prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, type1);
1791
if (rc != STAT_SECURE)
1794
else if (rc != STAT_SECURE)
1797
*class = class1; /* Class for DS or DNSKEY */
1801
/* Cache RRsigs in answer section, and if we just validated a DS RRset, cache it */
1802
cache_start_insert();
1804
for (p2 = ans_start, j = 0; j < ntohs(header->ancount); j++)
1806
if (!(rc = extract_name(header, plen, &p2, name, 0, 10)))
1807
return STAT_BOGUS; /* bad packet */
1809
GETSHORT(type2, p2);
1810
GETSHORT(class2, p2);
1812
GETSHORT(rdlen2, p2);
1814
if (!CHECK_LEN(header, p2, plen, rdlen2))
1815
return STAT_BOGUS; /* bad packet */
1817
if (class2 == class1 && rc == 1)
1821
if (type1 == T_DS && type2 == T_DS)
1824
return STAT_BOGUS; /* bad packet */
1826
GETSHORT(keytag, p2);
1830
/* Cache needs to known class for DNSSEC stuff */
1831
a.addr.dnssec.class = class2;
1833
if ((key = blockdata_alloc((char*)p2, rdlen2 - 4)))
1835
if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DS | F_DNSSECOK)))
1836
blockdata_free(key);
1839
a.addr.keytag = keytag;
1840
log_query(F_KEYTAG | F_UPSTREAM, name, &a, "DS keytag %u");
1841
crecp->addr.ds.digest = digest;
1842
crecp->addr.ds.keydata = key;
1843
crecp->addr.ds.algo = algo;
1844
crecp->addr.ds.keytag = keytag;
1845
crecp->addr.ds.keylen = rdlen2 - 4;
1849
else if (type2 == T_RRSIG)
1852
return STAT_BOGUS; /* bad packet */
1854
GETSHORT(type_covered, p2);
1856
if (type_covered == type1 &&
1857
(type_covered == T_A || type_covered == T_AAAA ||
1858
type_covered == T_CNAME || type_covered == T_DS ||
1859
type_covered == T_DNSKEY || type_covered == T_PTR))
1861
a.addr.dnssec.type = type_covered;
1862
a.addr.dnssec.class = class1;
1865
p2 += 13; /* labels, orig_ttl, expiration, inception */
1866
GETSHORT(keytag, p2);
1868
if ((key = blockdata_alloc((char*)psave, rdlen2)))
1870
if (!(crecp = cache_insert(name, &a, now, ttl, F_FORWARD | F_DNSKEY | F_DS)))
1871
blockdata_free(key);
1874
crecp->addr.sig.keydata = key;
1875
crecp->addr.sig.keylen = rdlen2;
1876
crecp->addr.sig.keytag = keytag;
1877
crecp->addr.sig.type_covered = type_covered;
1878
crecp->addr.sig.algo = algo;
1887
if (!ADD_RDLEN(header, p2, plen, rdlen2))
1888
return STAT_BOGUS; /* bad packet */
1895
if (!ADD_RDLEN(header, p1, plen, rdlen1))
1899
/* OK, all the RRsets validate, now see if we have a NODATA or NXDOMAIN reply */
1903
/* NXDOMAIN or NODATA reply, prove that (name, class1, type1) can't exist */
1904
/* First marshall the NSEC records, if we've not done it previously */
1905
if (!nsec_type && !(nsec_type = find_nsec_records(header, plen, &nsecs, &nsec_count, qclass)))
1906
return STAT_BOGUS; /* No NSECs */
1908
/* Get name of missing answer */
1909
if (!extract_name(header, plen, &qname, name, 1, 0))
1912
if (nsec_type == T_NSEC)
1913
return prove_non_existence_nsec(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
1915
return prove_non_existence_nsec3(header, plen, nsecs, nsec_count, daemon->workspacename, keyname, name, qtype);
1918
/* Chase the CNAME chain in the packet until the first record which _doesn't validate.
1919
Needed for proving answer in unsigned space.
1922
STAT_INSECURE - name of first non-secure record in name
1924
int dnssec_chase_cname(time_t now, struct dns_header *header, size_t plen, char *name, char *keyname)
1926
unsigned char *p = (unsigned char *)(header+1);
1927
int type, class, qclass, rdlen, j, rc;
1928
int cname_count = CNAME_CHAIN;
1931
if (!extract_name(header, plen, &p, name, 1, 4))
1935
GETSHORT(qclass, p);
1939
for (j = ntohs(header->ancount); j != 0; j--)
1941
if (!(rc = extract_name(header, plen, &p, name, 0, 10)))
1942
return STAT_BOGUS; /* bad packet */
1949
/* Not target, loop */
1950
if (rc == 2 || qclass != class)
1952
if (!ADD_RDLEN(header, p, plen, rdlen))
1957
/* Got to end of CNAME chain. */
1958
if (type != T_CNAME)
1959
return STAT_INSECURE;
1961
/* validate CNAME chain, return if insecure or need more data */
1962
rc = validate_rrset(now, header, plen, class, type, name, keyname, NULL, 0, 0, 0);
1963
if (rc != STAT_SECURE)
1965
if (rc == STAT_NO_SIG)
1970
/* Loop down CNAME chain/ */
1971
if (!cname_count-- ||
1972
!extract_name(header, plen, &p, name, 1, 0) ||
1973
!(p = skip_questions(header, plen)))
1979
/* End of CNAME chain */
1980
return STAT_INSECURE;
1985
/* Compute keytag (checksum to quickly index a key). See RFC4034 */
1986
int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
1990
/* Algorithm 1 (RSAMD5) has a different (older) keytag calculation algorithm.
1991
See RFC4034, Appendix B.1 */
1992
return key[keylen-4] * 256 + key[keylen-3];
1996
unsigned long ac = flags + 0x300 + alg;
1999
for (i = 0; i < keylen; ++i)
2000
ac += (i & 1) ? key[i] : key[i] << 8;
2002
ac += (ac >> 16) & 0xffff;
2007
size_t dnssec_generate_query(struct dns_header *header, char *end, char *name, int class, int type, union mysockaddr *addr)
2010
char *types = querystr("dnssec-query", type);
2012
if (addr->sa.sa_family == AF_INET)
2013
log_query(F_DNSSEC | F_IPV4, name, (struct all_addr *)&addr->in.sin_addr, types);
2016
log_query(F_DNSSEC | F_IPV6, name, (struct all_addr *)&addr->in6.sin6_addr, types);
2019
header->qdcount = htons(1);
2020
header->ancount = htons(0);
2021
header->nscount = htons(0);
2022
header->arcount = htons(0);
2024
header->hb3 = HB3_RD;
2025
SET_OPCODE(header, QUERY);
2026
/* For debugging, set Checking Disabled, otherwise, have the upstream check too,
2027
this allows it to select auth servers when one is returning bad data. */
2028
header->hb4 = option_bool(OPT_DNSSEC_DEBUG) ? HB4_CD : 0;
2030
/* ID filled in later */
2032
p = (unsigned char *)(header+1);
2034
p = do_rfc1035_name(p, name);
2039
return add_do_bit(header, p - (unsigned char *)header, end);
2042
/* Go through a domain name, find "pointers" and fix them up based on how many bytes
2043
we've chopped out of the packet, or check they don't point into an elided part. */
2044
static int check_name(unsigned char **namep, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2046
unsigned char *ansp = *namep;
2050
unsigned int label_type;
2052
if (!CHECK_LEN(header, ansp, plen, 1))
2055
label_type = (*ansp) & 0xc0;
2057
if (label_type == 0xc0)
2059
/* pointer for compression. */
2060
unsigned int offset;
2064
if (!CHECK_LEN(header, ansp, plen, 2))
2067
offset = ((*ansp++) & 0x3f) << 8;
2070
p = offset + (unsigned char *)header;
2072
for (i = 0; i < rr_count; i++)
2077
offset -= rrs[i] - rrs[i-1];
2079
/* does the pointer end up in an elided RR? */
2083
/* No, scale the pointer */
2087
*ansp++ = (offset >> 8) | 0xc0;
2088
*ansp++ = offset & 0xff;
2092
else if (label_type == 0x80)
2093
return 0; /* reserved */
2094
else if (label_type == 0x40)
2096
/* Extended label type */
2099
if (!CHECK_LEN(header, ansp, plen, 2))
2102
if (((*ansp++) & 0x3f) != 1)
2103
return 0; /* we only understand bitstrings */
2105
count = *(ansp++); /* Bits in bitstring */
2107
if (count == 0) /* count == 0 means 256 bits */
2110
ansp += ((count-1)>>3)+1;
2113
{ /* label type == 0 Bottom six bits is length */
2114
unsigned int len = (*ansp++) & 0x3f;
2116
if (!ADD_RDLEN(header, ansp, plen, len))
2120
break; /* zero length label marks the end. */
2129
/* Go through RRs and check or fixup the domain names contained within */
2130
static int check_rrs(unsigned char *p, struct dns_header *header, size_t plen, int fixup, unsigned char **rrs, int rr_count)
2132
int i, type, class, rdlen;
2135
for (i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2139
if (!(p = skip_name(p, header, plen, 10)))
2147
if (type != T_NSEC && type != T_NSEC3 && type != T_RRSIG)
2149
/* fixup name of RR */
2150
if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2157
for (pp = p, d = get_desc(type); *d != (u16)-1; d++)
2161
else if (!check_name(&pp, header, plen, fixup, rrs, rr_count))
2167
if (!ADD_RDLEN(header, p, plen, rdlen))
2175
size_t filter_rrsigs(struct dns_header *header, size_t plen)
2177
static unsigned char **rrs;
2178
static int rr_sz = 0;
2180
unsigned char *p = (unsigned char *)(header+1);
2181
int i, rdlen, qtype, qclass, rr_found, chop_an, chop_ns;
2183
if (ntohs(header->qdcount) != 1 ||
2184
!(p = skip_name(p, header, plen, 4)))
2188
GETSHORT(qclass, p);
2190
/* First pass, find pointers to start and end of all the records we wish to elide:
2191
records added for DNSSEC, unless explicity queried for */
2192
for (rr_found = 0, chop_ns = 0, chop_an = 0, i = 0; i < ntohs(header->ancount) + ntohs(header->nscount); i++)
2194
unsigned char *pstart = p;
2197
if (!(p = skip_name(p, header, plen, 10)))
2205
if ((type == T_NSEC || type == T_NSEC3 || type == T_RRSIG) &&
2206
(type != qtype || class != qclass))
2208
if (!expand_workspace(&rrs, &rr_sz, rr_found + 1))
2211
rrs[rr_found++] = pstart;
2213
if (!ADD_RDLEN(header, p, plen, rdlen))
2216
rrs[rr_found++] = p;
2218
if (i < ntohs(header->ancount))
2223
else if (!ADD_RDLEN(header, p, plen, rdlen))
2227
/* Nothing to do. */
2231
/* Second pass, look for pointers in names in the records we're keeping and make sure they don't
2232
point to records we're going to elide. This is theoretically possible, but unlikely. If
2233
it happens, we give up and leave the answer unchanged. */
2234
p = (unsigned char *)(header+1);
2236
/* question first */
2237
if (!check_name(&p, header, plen, 0, rrs, rr_found))
2239
p += 4; /* qclass, qtype */
2241
/* Now answers and NS */
2242
if (!check_rrs(p, header, plen, 0, rrs, rr_found))
2245
/* Third pass, elide records */
2246
for (p = rrs[0], i = 1; i < rr_found; i += 2)
2248
unsigned char *start = rrs[i];
2249
unsigned char *end = (i != rr_found - 1) ? rrs[i+1] : ((unsigned char *)(header+1)) + plen;
2251
memmove(p, start, end-start);
2255
plen = p - (unsigned char *)header;
2256
header->ancount = htons(ntohs(header->ancount) - chop_an);
2257
header->nscount = htons(ntohs(header->nscount) - chop_ns);
2259
/* Fourth pass, fix up pointers in the remaining records */
2260
p = (unsigned char *)(header+1);
2262
check_name(&p, header, plen, 1, rrs, rr_found);
2263
p += 4; /* qclass, qtype */
2265
check_rrs(p, header, plen, 1, rrs, rr_found);
2270
unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
2274
unsigned char *p = (unsigned char *)(header+1);
2275
const struct nettle_hash *hash;
2277
unsigned char *digest;
2279
if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
2282
for (q = ntohs(header->qdcount); q != 0; q--)
2284
if (!extract_name(header, plen, &p, name, 1, 4))
2285
break; /* bad packet */
2287
len = to_wire(name);
2288
hash->update(ctx, len, (unsigned char *)name);
2289
/* CRC the class and type as well */
2290
hash->update(ctx, 4, p);
2293
if (!CHECK_LEN(header, p, plen, 0))
2294
break; /* bad packet */
2297
hash->digest(ctx, hash->digest_size, digest);
2301
#endif /* HAVE_DNSSEC */