1 /*
2 * validator/val_sigcrypt.c - validator signature crypto functions.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 /**
37 * \file
38 *
39 * This file contains helper functions for the validator module.
40 * The functions help with signature verification and checking, the
41 * bridging between RR wireformat data and crypto calls.
42 */
43 #include "config.h"
44 #include "validator/val_sigcrypt.h"
45 #include "validator/val_secalgo.h"
46 #include "validator/validator.h"
47 #include "util/data/msgreply.h"
48 #include "util/data/msgparse.h"
49 #include "util/data/dname.h"
50 #include "util/rbtree.h"
51 #include "util/rfc_1982.h"
52 #include "util/module.h"
53 #include "util/net_help.h"
54 #include "util/regional.h"
55 #include "util/config_file.h"
56 #include "sldns/keyraw.h"
57 #include "sldns/sbuffer.h"
58 #include "sldns/parseutil.h"
59 #include "sldns/wire2str.h"
60 #include "services/mesh.h"
61
62 #include <ctype.h>
63 #if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE)
64 #error "Need crypto library to do digital signature cryptography"
65 #endif
66
67 #ifdef HAVE_OPENSSL_ERR_H
68 #include <openssl/err.h>
69 #endif
70
71 #ifdef HAVE_OPENSSL_RAND_H
72 #include <openssl/rand.h>
73 #endif
74
75 #ifdef HAVE_OPENSSL_CONF_H
76 #include <openssl/conf.h>
77 #endif
78
79 #ifdef HAVE_OPENSSL_ENGINE_H
80 #include <openssl/engine.h>
81 #endif
82
83 /** Maximum number of RRSIG validations for an RRset. */
84 #define MAX_VALIDATE_RRSIGS 8
85
86 /** return number of rrs in an rrset */
87 static size_t
rrset_get_count(struct ub_packed_rrset_key * rrset)88 rrset_get_count(struct ub_packed_rrset_key* rrset)
89 {
90 struct packed_rrset_data* d = (struct packed_rrset_data*)
91 rrset->entry.data;
92 if(!d) return 0;
93 return d->count;
94 }
95
96 /**
97 * Get RR signature count
98 */
99 static size_t
rrset_get_sigcount(struct ub_packed_rrset_key * k)100 rrset_get_sigcount(struct ub_packed_rrset_key* k)
101 {
102 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
103 return d->rrsig_count;
104 }
105
106 /**
107 * Get signature keytag value
108 * @param k: rrset (with signatures)
109 * @param sig_idx: signature index.
110 * @return keytag or 0 if malformed rrsig.
111 */
112 static uint16_t
rrset_get_sig_keytag(struct ub_packed_rrset_key * k,size_t sig_idx)113 rrset_get_sig_keytag(struct ub_packed_rrset_key* k, size_t sig_idx)
114 {
115 uint16_t t;
116 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
117 log_assert(sig_idx < d->rrsig_count);
118 if(d->rr_len[d->count + sig_idx] < 2+18)
119 return 0;
120 memmove(&t, d->rr_data[d->count + sig_idx]+2+16, 2);
121 return ntohs(t);
122 }
123
124 /**
125 * Get signature signing algorithm value
126 * @param k: rrset (with signatures)
127 * @param sig_idx: signature index.
128 * @return algo or 0 if malformed rrsig.
129 */
130 static int
rrset_get_sig_algo(struct ub_packed_rrset_key * k,size_t sig_idx)131 rrset_get_sig_algo(struct ub_packed_rrset_key* k, size_t sig_idx)
132 {
133 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
134 log_assert(sig_idx < d->rrsig_count);
135 if(d->rr_len[d->count + sig_idx] < 2+3)
136 return 0;
137 return (int)d->rr_data[d->count + sig_idx][2+2];
138 }
139
140 /** get rdata pointer and size */
141 static void
rrset_get_rdata(struct ub_packed_rrset_key * k,size_t idx,uint8_t ** rdata,size_t * len)142 rrset_get_rdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** rdata,
143 size_t* len)
144 {
145 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
146 log_assert(d && idx < (d->count + d->rrsig_count));
147 *rdata = d->rr_data[idx];
148 *len = d->rr_len[idx];
149 }
150
151 uint16_t
dnskey_get_flags(struct ub_packed_rrset_key * k,size_t idx)152 dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx)
153 {
154 uint8_t* rdata;
155 size_t len;
156 uint16_t f;
157 rrset_get_rdata(k, idx, &rdata, &len);
158 if(len < 2+2)
159 return 0;
160 memmove(&f, rdata+2, 2);
161 f = ntohs(f);
162 return f;
163 }
164
165 /**
166 * Get DNSKEY protocol value from rdata
167 * @param k: DNSKEY rrset.
168 * @param idx: which key.
169 * @return protocol octet value
170 */
171 static int
dnskey_get_protocol(struct ub_packed_rrset_key * k,size_t idx)172 dnskey_get_protocol(struct ub_packed_rrset_key* k, size_t idx)
173 {
174 uint8_t* rdata;
175 size_t len;
176 rrset_get_rdata(k, idx, &rdata, &len);
177 if(len < 2+4)
178 return 0;
179 return (int)rdata[2+2];
180 }
181
182 int
dnskey_get_algo(struct ub_packed_rrset_key * k,size_t idx)183 dnskey_get_algo(struct ub_packed_rrset_key* k, size_t idx)
184 {
185 uint8_t* rdata;
186 size_t len;
187 rrset_get_rdata(k, idx, &rdata, &len);
188 if(len < 2+4)
189 return 0;
190 return (int)rdata[2+3];
191 }
192
193 /** get public key rdata field from a dnskey RR and do some checks */
194 static void
dnskey_get_pubkey(struct ub_packed_rrset_key * k,size_t idx,unsigned char ** pk,unsigned int * pklen)195 dnskey_get_pubkey(struct ub_packed_rrset_key* k, size_t idx,
196 unsigned char** pk, unsigned int* pklen)
197 {
198 uint8_t* rdata;
199 size_t len;
200 rrset_get_rdata(k, idx, &rdata, &len);
201 if(len < 2+5) {
202 *pk = NULL;
203 *pklen = 0;
204 return;
205 }
206 *pk = (unsigned char*)rdata+2+4;
207 *pklen = (unsigned)len-2-4;
208 }
209
210 int
ds_get_key_algo(struct ub_packed_rrset_key * k,size_t idx)211 ds_get_key_algo(struct ub_packed_rrset_key* k, size_t idx)
212 {
213 uint8_t* rdata;
214 size_t len;
215 rrset_get_rdata(k, idx, &rdata, &len);
216 if(len < 2+3)
217 return 0;
218 return (int)rdata[2+2];
219 }
220
221 int
ds_get_digest_algo(struct ub_packed_rrset_key * k,size_t idx)222 ds_get_digest_algo(struct ub_packed_rrset_key* k, size_t idx)
223 {
224 uint8_t* rdata;
225 size_t len;
226 rrset_get_rdata(k, idx, &rdata, &len);
227 if(len < 2+4)
228 return 0;
229 return (int)rdata[2+3];
230 }
231
232 uint16_t
ds_get_keytag(struct ub_packed_rrset_key * ds_rrset,size_t ds_idx)233 ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx)
234 {
235 uint16_t t;
236 uint8_t* rdata;
237 size_t len;
238 rrset_get_rdata(ds_rrset, ds_idx, &rdata, &len);
239 if(len < 2+2)
240 return 0;
241 memmove(&t, rdata+2, 2);
242 return ntohs(t);
243 }
244
245 /**
246 * Return pointer to the digest in a DS RR.
247 * @param k: DS rrset.
248 * @param idx: which DS.
249 * @param digest: digest data is returned.
250 * on error, this is NULL.
251 * @param len: length of digest is returned.
252 * on error, the length is 0.
253 */
254 static void
ds_get_sigdata(struct ub_packed_rrset_key * k,size_t idx,uint8_t ** digest,size_t * len)255 ds_get_sigdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** digest,
256 size_t* len)
257 {
258 uint8_t* rdata;
259 size_t rdlen;
260 rrset_get_rdata(k, idx, &rdata, &rdlen);
261 if(rdlen < 2+5) {
262 *digest = NULL;
263 *len = 0;
264 return;
265 }
266 *digest = rdata + 2 + 4;
267 *len = rdlen - 2 - 4;
268 }
269
270 /**
271 * Return size of DS digest according to its hash algorithm.
272 * @param k: DS rrset.
273 * @param idx: which DS.
274 * @return size in bytes of digest, or 0 if not supported.
275 */
276 static size_t
ds_digest_size_algo(struct ub_packed_rrset_key * k,size_t idx)277 ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
278 {
279 return ds_digest_size_supported(ds_get_digest_algo(k, idx));
280 }
281
282 /**
283 * Create a DS digest for a DNSKEY entry.
284 *
285 * @param env: module environment. Uses scratch space.
286 * @param dnskey_rrset: DNSKEY rrset.
287 * @param dnskey_idx: index of RR in rrset.
288 * @param ds_rrset: DS rrset
289 * @param ds_idx: index of RR in DS rrset.
290 * @param digest: digest is returned in here (must be correctly sized).
291 * @return false on error.
292 */
293 static int
ds_create_dnskey_digest(struct module_env * env,struct ub_packed_rrset_key * dnskey_rrset,size_t dnskey_idx,struct ub_packed_rrset_key * ds_rrset,size_t ds_idx,uint8_t * digest)294 ds_create_dnskey_digest(struct module_env* env,
295 struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
296 struct ub_packed_rrset_key* ds_rrset, size_t ds_idx,
297 uint8_t* digest)
298 {
299 sldns_buffer* b = env->scratch_buffer;
300 uint8_t* dnskey_rdata;
301 size_t dnskey_len;
302 rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len);
303
304 /* create digest source material in buffer
305 * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
306 * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */
307 sldns_buffer_clear(b);
308 sldns_buffer_write(b, dnskey_rrset->rk.dname,
309 dnskey_rrset->rk.dname_len);
310 query_dname_tolower(sldns_buffer_begin(b));
311 sldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
312 sldns_buffer_flip(b);
313
314 return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx),
315 (unsigned char*)sldns_buffer_begin(b), sldns_buffer_limit(b),
316 (unsigned char*)digest);
317 }
318
ds_digest_match_dnskey(struct module_env * env,struct ub_packed_rrset_key * dnskey_rrset,size_t dnskey_idx,struct ub_packed_rrset_key * ds_rrset,size_t ds_idx)319 int ds_digest_match_dnskey(struct module_env* env,
320 struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
321 struct ub_packed_rrset_key* ds_rrset, size_t ds_idx)
322 {
323 uint8_t* ds; /* DS digest */
324 size_t dslen;
325 uint8_t* digest; /* generated digest */
326 size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx);
327
328 if(digestlen == 0) {
329 verbose(VERB_QUERY, "DS fail: not supported, or DS RR "
330 "format error");
331 return 0; /* not supported, or DS RR format error */
332 }
333 #ifndef USE_SHA1
334 if(fake_sha1 && ds_get_digest_algo(ds_rrset, ds_idx)==LDNS_SHA1)
335 return 1;
336 #endif
337
338 /* check digest length in DS with length from hash function */
339 ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen);
340 if(!ds || dslen != digestlen) {
341 verbose(VERB_QUERY, "DS fail: DS RR algo and digest do not "
342 "match each other");
343 return 0; /* DS algorithm and digest do not match */
344 }
345
346 digest = regional_alloc(env->scratch, digestlen);
347 if(!digest) {
348 verbose(VERB_QUERY, "DS fail: out of memory");
349 return 0; /* mem error */
350 }
351 if(!ds_create_dnskey_digest(env, dnskey_rrset, dnskey_idx, ds_rrset,
352 ds_idx, digest)) {
353 verbose(VERB_QUERY, "DS fail: could not calc key digest");
354 return 0; /* digest algo failed */
355 }
356 if(memcmp(digest, ds, dslen) != 0) {
357 verbose(VERB_QUERY, "DS fail: digest is different");
358 return 0; /* digest different */
359 }
360 return 1;
361 }
362
363 int
ds_digest_algo_is_supported(struct ub_packed_rrset_key * ds_rrset,size_t ds_idx)364 ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
365 size_t ds_idx)
366 {
367 return (ds_digest_size_algo(ds_rrset, ds_idx) != 0);
368 }
369
370 int
ds_key_algo_is_supported(struct ub_packed_rrset_key * ds_rrset,size_t ds_idx)371 ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
372 size_t ds_idx)
373 {
374 return dnskey_algo_id_is_supported(ds_get_key_algo(ds_rrset, ds_idx));
375 }
376
377 uint16_t
dnskey_calc_keytag(struct ub_packed_rrset_key * dnskey_rrset,size_t dnskey_idx)378 dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx)
379 {
380 uint8_t* data;
381 size_t len;
382 rrset_get_rdata(dnskey_rrset, dnskey_idx, &data, &len);
383 /* do not pass rdatalen to ldns */
384 return sldns_calc_keytag_raw(data+2, len-2);
385 }
386
dnskey_algo_is_supported(struct ub_packed_rrset_key * dnskey_rrset,size_t dnskey_idx)387 int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
388 size_t dnskey_idx)
389 {
390 return dnskey_algo_id_is_supported(dnskey_get_algo(dnskey_rrset,
391 dnskey_idx));
392 }
393
dnskey_size_is_supported(struct ub_packed_rrset_key * dnskey_rrset,size_t dnskey_idx)394 int dnskey_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
395 size_t dnskey_idx)
396 {
397 #ifdef DEPRECATE_RSA_1024
398 uint8_t* rdata;
399 size_t len;
400 int alg = dnskey_get_algo(dnskey_rrset, dnskey_idx);
401 size_t keysize;
402
403 rrset_get_rdata(dnskey_rrset, dnskey_idx, &rdata, &len);
404 if(len < 2+4)
405 return 0;
406 keysize = sldns_rr_dnskey_key_size_raw(rdata+2+4, len-2-4, alg);
407
408 switch((sldns_algorithm)alg) {
409 case LDNS_RSAMD5:
410 case LDNS_RSASHA1:
411 case LDNS_RSASHA1_NSEC3:
412 case LDNS_RSASHA256:
413 case LDNS_RSASHA512:
414 /* reject RSA keys of 1024 bits and shorter */
415 if(keysize <= 1024)
416 return 0;
417 break;
418 default:
419 break;
420 }
421 #else
422 (void)dnskey_rrset; (void)dnskey_idx;
423 #endif /* DEPRECATE_RSA_1024 */
424 return 1;
425 }
426
dnskeyset_size_is_supported(struct ub_packed_rrset_key * dnskey_rrset)427 int dnskeyset_size_is_supported(struct ub_packed_rrset_key* dnskey_rrset)
428 {
429 size_t i, num = rrset_get_count(dnskey_rrset);
430 for(i=0; i<num; i++) {
431 if(!dnskey_size_is_supported(dnskey_rrset, i))
432 return 0;
433 }
434 return 1;
435 }
436
algo_needs_init_dnskey_add(struct algo_needs * n,struct ub_packed_rrset_key * dnskey,uint8_t * sigalg)437 void algo_needs_init_dnskey_add(struct algo_needs* n,
438 struct ub_packed_rrset_key* dnskey, uint8_t* sigalg)
439 {
440 uint8_t algo;
441 size_t i, total = n->num;
442 size_t num = rrset_get_count(dnskey);
443
444 for(i=0; i<num; i++) {
445 algo = (uint8_t)dnskey_get_algo(dnskey, i);
446 if(!dnskey_algo_id_is_supported((int)algo))
447 continue;
448 if(n->needs[algo] == 0) {
449 n->needs[algo] = 1;
450 sigalg[total] = algo;
451 total++;
452 }
453 }
454 sigalg[total] = 0;
455 n->num = total;
456 }
457
algo_needs_init_list(struct algo_needs * n,uint8_t * sigalg)458 void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg)
459 {
460 uint8_t algo;
461 size_t total = 0;
462
463 memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX);
464 while( (algo=*sigalg++) != 0) {
465 log_assert(dnskey_algo_id_is_supported((int)algo));
466 log_assert(n->needs[algo] == 0);
467 n->needs[algo] = 1;
468 total++;
469 }
470 n->num = total;
471 }
472
algo_needs_init_ds(struct algo_needs * n,struct ub_packed_rrset_key * ds,int fav_ds_algo,uint8_t * sigalg)473 void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds,
474 int fav_ds_algo, uint8_t* sigalg)
475 {
476 uint8_t algo;
477 size_t i, total = 0;
478 size_t num = rrset_get_count(ds);
479
480 memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX);
481 for(i=0; i<num; i++) {
482 if(ds_get_digest_algo(ds, i) != fav_ds_algo)
483 continue;
484 algo = (uint8_t)ds_get_key_algo(ds, i);
485 if(!dnskey_algo_id_is_supported((int)algo))
486 continue;
487 log_assert(algo != 0); /* we do not support 0 and is EOS */
488 if(n->needs[algo] == 0) {
489 n->needs[algo] = 1;
490 sigalg[total] = algo;
491 total++;
492 }
493 }
494 sigalg[total] = 0;
495 n->num = total;
496 }
497
algo_needs_set_secure(struct algo_needs * n,uint8_t algo)498 int algo_needs_set_secure(struct algo_needs* n, uint8_t algo)
499 {
500 if(n->needs[algo]) {
501 n->needs[algo] = 0;
502 n->num --;
503 if(n->num == 0) /* done! */
504 return 1;
505 }
506 return 0;
507 }
508
algo_needs_set_bogus(struct algo_needs * n,uint8_t algo)509 void algo_needs_set_bogus(struct algo_needs* n, uint8_t algo)
510 {
511 if(n->needs[algo]) n->needs[algo] = 2; /* need it, but bogus */
512 }
513
algo_needs_num_missing(struct algo_needs * n)514 size_t algo_needs_num_missing(struct algo_needs* n)
515 {
516 return n->num;
517 }
518
algo_needs_missing(struct algo_needs * n)519 int algo_needs_missing(struct algo_needs* n)
520 {
521 int i, miss = -1;
522 /* check if a needed algo was bogus - report that;
523 * check the first missing algo - report that;
524 * or return 0 */
525 for(i=0; i<ALGO_NEEDS_MAX; i++) {
526 if(n->needs[i] == 2)
527 return 0;
528 if(n->needs[i] == 1 && miss == -1)
529 miss = i;
530 }
531 if(miss != -1) return miss;
532 return 0;
533 }
534
535 /**
536 * verify rrset, with dnskey rrset, for a specific rrsig in rrset
537 * @param env: module environment, scratch space is used.
538 * @param ve: validator environment, date settings.
539 * @param now: current time for validation (can be overridden).
540 * @param rrset: to be validated.
541 * @param dnskey: DNSKEY rrset, keyset to try.
542 * @param sig_idx: which signature to try to validate.
543 * @param sortree: reused sorted order. Stored in region. Pass NULL at start,
544 * and for a new rrset.
545 * @param reason: if bogus, a string returned, fixed or alloced in scratch.
546 * @param reason_bogus: EDE (RFC8914) code paired with the reason of failure.
547 * @param section: section of packet where this rrset comes from.
548 * @param qstate: qstate with region.
549 * @param numverified: incremented when the number of RRSIG validations
550 * increases.
551 * @return secure if any key signs *this* signature. bogus if no key signs it,
552 * unchecked on error, or indeterminate if all keys are not supported by
553 * the crypto library (openssl3+ only).
554 */
555 static enum sec_status
dnskeyset_verify_rrset_sig(struct module_env * env,struct val_env * ve,time_t now,struct ub_packed_rrset_key * rrset,struct ub_packed_rrset_key * dnskey,size_t sig_idx,struct rbtree_type ** sortree,char ** reason,sldns_ede_code * reason_bogus,sldns_pkt_section section,struct module_qstate * qstate,int * numverified)556 dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve,
557 time_t now, struct ub_packed_rrset_key* rrset,
558 struct ub_packed_rrset_key* dnskey, size_t sig_idx,
559 struct rbtree_type** sortree,
560 char** reason, sldns_ede_code *reason_bogus,
561 sldns_pkt_section section, struct module_qstate* qstate,
562 int* numverified)
563 {
564 /* find matching keys and check them */
565 enum sec_status sec = sec_status_bogus;
566 uint16_t tag = rrset_get_sig_keytag(rrset, sig_idx);
567 int algo = rrset_get_sig_algo(rrset, sig_idx);
568 size_t i, num = rrset_get_count(dnskey);
569 size_t numchecked = 0;
570 size_t numindeterminate = 0;
571 int buf_canon = 0;
572 verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo);
573 if(!dnskey_algo_id_is_supported(algo)) {
574 if(reason_bogus)
575 *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG;
576 verbose(VERB_QUERY, "verify sig: unknown algorithm");
577 return sec_status_insecure;
578 }
579
580 for(i=0; i<num; i++) {
581 /* see if key matches keytag and algo */
582 if(algo != dnskey_get_algo(dnskey, i) ||
583 tag != dnskey_calc_keytag(dnskey, i))
584 continue;
585 numchecked ++;
586 (*numverified)++;
587
588 /* see if key verifies */
589 sec = dnskey_verify_rrset_sig(env->scratch,
590 env->scratch_buffer, ve, now, rrset, dnskey, i,
591 sig_idx, sortree, &buf_canon, reason, reason_bogus,
592 section, qstate);
593 if(sec == sec_status_secure)
594 return sec;
595 else if(sec == sec_status_indeterminate)
596 numindeterminate ++;
597 if(*numverified > MAX_VALIDATE_RRSIGS) {
598 *reason = "too many RRSIG validations";
599 if(reason_bogus)
600 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
601 verbose(VERB_ALGO, "verify sig: too many RRSIG validations");
602 return sec_status_bogus;
603 }
604 }
605 if(numchecked == 0) {
606 *reason = "signatures from unknown keys";
607 if(reason_bogus)
608 *reason_bogus = LDNS_EDE_DNSKEY_MISSING;
609 verbose(VERB_QUERY, "verify: could not find appropriate key");
610 return sec_status_bogus;
611 }
612 if(numindeterminate == numchecked) {
613 *reason = "unsupported algorithm by crypto library";
614 if(reason_bogus)
615 *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG;
616 verbose(VERB_ALGO, "verify sig: unsupported algorithm by "
617 "crypto library");
618 return sec_status_indeterminate;
619 }
620 return sec_status_bogus;
621 }
622
623 enum sec_status
dnskeyset_verify_rrset(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key * rrset,struct ub_packed_rrset_key * dnskey,uint8_t * sigalg,char ** reason,sldns_ede_code * reason_bogus,sldns_pkt_section section,struct module_qstate * qstate,int * verified,char * reasonbuf,size_t reasonlen)624 dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
625 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
626 uint8_t* sigalg, char** reason, sldns_ede_code *reason_bogus,
627 sldns_pkt_section section, struct module_qstate* qstate, int* verified,
628 char* reasonbuf, size_t reasonlen)
629 {
630 enum sec_status sec;
631 size_t i, num;
632 rbtree_type* sortree = NULL;
633 /* make sure that for all DNSKEY algorithms there are valid sigs */
634 struct algo_needs needs;
635 int alg;
636 *verified = 0;
637
638 num = rrset_get_sigcount(rrset);
639 if(num == 0) {
640 verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
641 "signatures");
642 *reason = "no signatures";
643 if(reason_bogus)
644 *reason_bogus = LDNS_EDE_RRSIGS_MISSING;
645 return sec_status_bogus;
646 }
647
648 if(sigalg) {
649 algo_needs_init_list(&needs, sigalg);
650 if(algo_needs_num_missing(&needs) == 0) {
651 verbose(VERB_QUERY, "zone has no known algorithms");
652 *reason = "zone has no known algorithms";
653 if(reason_bogus)
654 *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG;
655 return sec_status_insecure;
656 }
657 }
658 for(i=0; i<num; i++) {
659 sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset,
660 dnskey, i, &sortree, reason, reason_bogus,
661 section, qstate, verified);
662 /* see which algorithm has been fixed up */
663 if(sec == sec_status_secure) {
664 if(!sigalg)
665 return sec; /* done! */
666 else if(algo_needs_set_secure(&needs,
667 (uint8_t)rrset_get_sig_algo(rrset, i)))
668 return sec; /* done! */
669 } else if(sigalg && sec == sec_status_bogus) {
670 algo_needs_set_bogus(&needs,
671 (uint8_t)rrset_get_sig_algo(rrset, i));
672 }
673 if(*verified > MAX_VALIDATE_RRSIGS) {
674 verbose(VERB_QUERY, "rrset failed to verify, too many RRSIG validations");
675 *reason = "too many RRSIG validations";
676 if(reason_bogus)
677 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
678 return sec_status_bogus;
679 }
680 }
681 if(sigalg && (alg=algo_needs_missing(&needs)) != 0) {
682 verbose(VERB_ALGO, "rrset failed to verify: "
683 "no valid signatures for %d algorithms",
684 (int)algo_needs_num_missing(&needs));
685 algo_needs_reason(alg, reason, "no signatures", reasonbuf,
686 reasonlen);
687 } else {
688 verbose(VERB_ALGO, "rrset failed to verify: "
689 "no valid signatures");
690 }
691 return sec_status_bogus;
692 }
693
algo_needs_reason(int alg,char ** reason,char * s,char * reasonbuf,size_t reasonlen)694 void algo_needs_reason(int alg, char** reason, char* s, char* reasonbuf,
695 size_t reasonlen)
696 {
697 sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg);
698 if(t&&t->name)
699 snprintf(reasonbuf, reasonlen, "%s with algorithm %s", s,
700 t->name);
701 else snprintf(reasonbuf, reasonlen, "%s with algorithm ALG%u", s,
702 (unsigned)alg);
703 *reason = reasonbuf;
704 }
705
706 enum sec_status
dnskey_verify_rrset(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key * rrset,struct ub_packed_rrset_key * dnskey,size_t dnskey_idx,char ** reason,sldns_ede_code * reason_bogus,sldns_pkt_section section,struct module_qstate * qstate)707 dnskey_verify_rrset(struct module_env* env, struct val_env* ve,
708 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
709 size_t dnskey_idx, char** reason, sldns_ede_code *reason_bogus,
710 sldns_pkt_section section, struct module_qstate* qstate)
711 {
712 enum sec_status sec;
713 size_t i, num, numchecked = 0, numindeterminate = 0;
714 rbtree_type* sortree = NULL;
715 int buf_canon = 0;
716 uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx);
717 int algo = dnskey_get_algo(dnskey, dnskey_idx);
718 int numverified = 0;
719
720 num = rrset_get_sigcount(rrset);
721 if(num == 0) {
722 verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
723 "signatures");
724 *reason = "no signatures";
725 if(reason_bogus)
726 *reason_bogus = LDNS_EDE_RRSIGS_MISSING;
727 return sec_status_bogus;
728 }
729 for(i=0; i<num; i++) {
730 /* see if sig matches keytag and algo */
731 if(algo != rrset_get_sig_algo(rrset, i) ||
732 tag != rrset_get_sig_keytag(rrset, i))
733 continue;
734 buf_canon = 0;
735 sec = dnskey_verify_rrset_sig(env->scratch,
736 env->scratch_buffer, ve, *env->now, rrset,
737 dnskey, dnskey_idx, i, &sortree, &buf_canon, reason,
738 reason_bogus, section, qstate);
739 if(sec == sec_status_secure)
740 return sec;
741 numchecked ++;
742 numverified ++;
743 if(sec == sec_status_indeterminate)
744 numindeterminate ++;
745 if(numverified > MAX_VALIDATE_RRSIGS) {
746 verbose(VERB_QUERY, "rrset failed to verify, too many RRSIG validations");
747 *reason = "too many RRSIG validations";
748 if(reason_bogus)
749 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
750 return sec_status_bogus;
751 }
752 }
753 if(!numchecked) {
754 *reason = "signature for expected key and algorithm missing";
755 if(reason_bogus)
756 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
757 } else if(numchecked == numindeterminate) {
758 verbose(VERB_ALGO, "rrset failed to verify due to algorithm "
759 "refusal by cryptolib");
760 if(reason_bogus)
761 *reason_bogus = LDNS_EDE_UNSUPPORTED_DNSKEY_ALG;
762 *reason = "algorithm refused by cryptolib";
763 return sec_status_indeterminate;
764 }
765 verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
766 return sec_status_bogus;
767 }
768
769 /**
770 * RR entries in a canonical sorted tree of RRs
771 */
772 struct canon_rr {
773 /** rbtree node, key is this structure */
774 rbnode_type node;
775 /** rrset the RR is in */
776 struct ub_packed_rrset_key* rrset;
777 /** which RR in the rrset */
778 size_t rr_idx;
779 };
780
781 /**
782 * Compare two RR for canonical order, in a field-style sweep.
783 * @param d: rrset data
784 * @param desc: ldns wireformat descriptor.
785 * @param i: first RR to compare
786 * @param j: first RR to compare
787 * @return comparison code.
788 */
789 static int
canonical_compare_byfield(struct packed_rrset_data * d,const sldns_rr_descriptor * desc,size_t i,size_t j)790 canonical_compare_byfield(struct packed_rrset_data* d,
791 const sldns_rr_descriptor* desc, size_t i, size_t j)
792 {
793 /* sweep across rdata, keep track of some state:
794 * which rr field, and bytes left in field.
795 * current position in rdata, length left.
796 * are we in a dname, length left in a label.
797 */
798 int wfi = -1; /* current wireformat rdata field (rdf) */
799 int wfj = -1;
800 uint8_t* di = d->rr_data[i]+2; /* ptr to current rdata byte */
801 uint8_t* dj = d->rr_data[j]+2;
802 size_t ilen = d->rr_len[i]-2; /* length left in rdata */
803 size_t jlen = d->rr_len[j]-2;
804 int dname_i = 0; /* true if these bytes are part of a name */
805 int dname_j = 0;
806 size_t lablen_i = 0; /* 0 for label length byte,for first byte of rdf*/
807 size_t lablen_j = 0; /* otherwise remaining length of rdf or label */
808 int dname_num_i = (int)desc->_dname_count; /* decreased at root label */
809 int dname_num_j = (int)desc->_dname_count;
810
811 /* loop while there are rdata bytes available for both rrs,
812 * and still some lowercasing needs to be done; either the dnames
813 * have not been reached yet, or they are currently being processed */
814 while(ilen > 0 && jlen > 0 && (dname_num_i > 0 || dname_num_j > 0)) {
815 /* compare these two bytes */
816 /* lowercase if in a dname and not a label length byte */
817 if( ((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di)
818 != ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj)
819 ) {
820 if(((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di)
821 < ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj))
822 return -1;
823 return 1;
824 }
825 ilen--;
826 jlen--;
827 /* bytes are equal */
828
829 /* advance field i */
830 /* lablen 0 means that this byte is the first byte of the
831 * next rdata field; inspect this rdata field and setup
832 * to process the rest of this rdata field.
833 * The reason to first read the byte, then setup the rdf,
834 * is that we are then sure the byte is available and short
835 * rdata is handled gracefully (even if it is a formerr). */
836 if(lablen_i == 0) {
837 if(dname_i) {
838 /* scan this dname label */
839 /* capture length to lowercase */
840 lablen_i = (size_t)*di;
841 if(lablen_i == 0) {
842 /* end root label */
843 dname_i = 0;
844 dname_num_i--;
845 /* if dname num is 0, then the
846 * remainder is binary only */
847 if(dname_num_i == 0)
848 lablen_i = ilen;
849 }
850 } else {
851 /* scan this rdata field */
852 wfi++;
853 if(desc->_wireformat[wfi]
854 == LDNS_RDF_TYPE_DNAME) {
855 dname_i = 1;
856 lablen_i = (size_t)*di;
857 if(lablen_i == 0) {
858 dname_i = 0;
859 dname_num_i--;
860 if(dname_num_i == 0)
861 lablen_i = ilen;
862 }
863 } else if(desc->_wireformat[wfi]
864 == LDNS_RDF_TYPE_STR)
865 lablen_i = (size_t)*di;
866 else lablen_i = get_rdf_size(
867 desc->_wireformat[wfi]) - 1;
868 }
869 } else lablen_i--;
870
871 /* advance field j; same as for i */
872 if(lablen_j == 0) {
873 if(dname_j) {
874 lablen_j = (size_t)*dj;
875 if(lablen_j == 0) {
876 dname_j = 0;
877 dname_num_j--;
878 if(dname_num_j == 0)
879 lablen_j = jlen;
880 }
881 } else {
882 wfj++;
883 if(desc->_wireformat[wfj]
884 == LDNS_RDF_TYPE_DNAME) {
885 dname_j = 1;
886 lablen_j = (size_t)*dj;
887 if(lablen_j == 0) {
888 dname_j = 0;
889 dname_num_j--;
890 if(dname_num_j == 0)
891 lablen_j = jlen;
892 }
893 } else if(desc->_wireformat[wfj]
894 == LDNS_RDF_TYPE_STR)
895 lablen_j = (size_t)*dj;
896 else lablen_j = get_rdf_size(
897 desc->_wireformat[wfj]) - 1;
898 }
899 } else lablen_j--;
900 di++;
901 dj++;
902 }
903 /* end of the loop; because we advanced byte by byte; now we have
904 * that the rdata has ended, or that there is a binary remainder */
905 /* shortest first */
906 if(ilen == 0 && jlen == 0)
907 return 0;
908 if(ilen == 0)
909 return -1;
910 if(jlen == 0)
911 return 1;
912 /* binary remainder, capture comparison in wfi variable */
913 if((wfi = memcmp(di, dj, (ilen<jlen)?ilen:jlen)) != 0)
914 return wfi;
915 if(ilen < jlen)
916 return -1;
917 if(jlen < ilen)
918 return 1;
919 return 0;
920 }
921
922 /**
923 * Compare two RRs in the same RRset and determine their relative
924 * canonical order.
925 * @param rrset: the rrset in which to perform compares.
926 * @param i: first RR to compare
927 * @param j: first RR to compare
928 * @return 0 if RR i== RR j, -1 if <, +1 if >.
929 */
930 static int
canonical_compare(struct ub_packed_rrset_key * rrset,size_t i,size_t j)931 canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
932 {
933 struct packed_rrset_data* d = (struct packed_rrset_data*)
934 rrset->entry.data;
935 const sldns_rr_descriptor* desc;
936 uint16_t type = ntohs(rrset->rk.type);
937 size_t minlen;
938 int c;
939
940 if(i==j)
941 return 0;
942
943 switch(type) {
944 /* These RR types have only a name as RDATA.
945 * This name has to be canonicalized.*/
946 case LDNS_RR_TYPE_NS:
947 case LDNS_RR_TYPE_MD:
948 case LDNS_RR_TYPE_MF:
949 case LDNS_RR_TYPE_CNAME:
950 case LDNS_RR_TYPE_MB:
951 case LDNS_RR_TYPE_MG:
952 case LDNS_RR_TYPE_MR:
953 case LDNS_RR_TYPE_PTR:
954 case LDNS_RR_TYPE_DNAME:
955 /* the wireread function has already checked these
956 * dname's for correctness, and this double checks */
957 if(!dname_valid(d->rr_data[i]+2, d->rr_len[i]-2) ||
958 !dname_valid(d->rr_data[j]+2, d->rr_len[j]-2))
959 return 0;
960 return query_dname_compare(d->rr_data[i]+2,
961 d->rr_data[j]+2);
962
963 /* These RR types have STR and fixed size rdata fields
964 * before one or more name fields that need canonicalizing,
965 * and after that a byte-for byte remainder can be compared.
966 */
967 /* type starts with the name; remainder is binary compared */
968 case LDNS_RR_TYPE_NXT:
969 /* use rdata field formats */
970 case LDNS_RR_TYPE_MINFO:
971 case LDNS_RR_TYPE_RP:
972 case LDNS_RR_TYPE_SOA:
973 case LDNS_RR_TYPE_RT:
974 case LDNS_RR_TYPE_AFSDB:
975 case LDNS_RR_TYPE_KX:
976 case LDNS_RR_TYPE_MX:
977 case LDNS_RR_TYPE_SIG:
978 /* RRSIG signer name has to be downcased */
979 case LDNS_RR_TYPE_RRSIG:
980 case LDNS_RR_TYPE_PX:
981 case LDNS_RR_TYPE_NAPTR:
982 case LDNS_RR_TYPE_SRV:
983 desc = sldns_rr_descript(type);
984 log_assert(desc);
985 /* this holds for the types that need canonicalizing */
986 log_assert(desc->_minimum == desc->_maximum);
987 return canonical_compare_byfield(d, desc, i, j);
988
989 case LDNS_RR_TYPE_HINFO: /* no longer downcased */
990 case LDNS_RR_TYPE_NSEC:
991 default:
992 /* For unknown RR types, or types not listed above,
993 * no canonicalization is needed, do binary compare */
994 /* byte for byte compare, equal means shortest first*/
995 minlen = d->rr_len[i]-2;
996 if(minlen > d->rr_len[j]-2)
997 minlen = d->rr_len[j]-2;
998 c = memcmp(d->rr_data[i]+2, d->rr_data[j]+2, minlen);
999 if(c!=0)
1000 return c;
1001 /* rdata equal, shortest is first */
1002 if(d->rr_len[i] < d->rr_len[j])
1003 return -1;
1004 if(d->rr_len[i] > d->rr_len[j])
1005 return 1;
1006 /* rdata equal, length equal */
1007 break;
1008 }
1009 return 0;
1010 }
1011
1012 int
canonical_tree_compare(const void * k1,const void * k2)1013 canonical_tree_compare(const void* k1, const void* k2)
1014 {
1015 struct canon_rr* r1 = (struct canon_rr*)k1;
1016 struct canon_rr* r2 = (struct canon_rr*)k2;
1017 log_assert(r1->rrset == r2->rrset);
1018 return canonical_compare(r1->rrset, r1->rr_idx, r2->rr_idx);
1019 }
1020
1021 /**
1022 * Sort RRs for rrset in canonical order.
1023 * Does not actually canonicalize the RR rdatas.
1024 * Does not touch rrsigs.
1025 * @param rrset: to sort.
1026 * @param d: rrset data.
1027 * @param sortree: tree to sort into.
1028 * @param rrs: rr storage.
1029 */
1030 static void
canonical_sort(struct ub_packed_rrset_key * rrset,struct packed_rrset_data * d,rbtree_type * sortree,struct canon_rr * rrs)1031 canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d,
1032 rbtree_type* sortree, struct canon_rr* rrs)
1033 {
1034 size_t i;
1035 /* insert into rbtree to sort and detect duplicates */
1036 for(i=0; i<d->count; i++) {
1037 rrs[i].node.key = &rrs[i];
1038 rrs[i].rrset = rrset;
1039 rrs[i].rr_idx = i;
1040 if(!rbtree_insert(sortree, &rrs[i].node)) {
1041 /* this was a duplicate */
1042 }
1043 }
1044 }
1045
1046 /**
1047 * Insert canonical owner name into buffer.
1048 * @param buf: buffer to insert into at current position.
1049 * @param k: rrset with its owner name.
1050 * @param sig: signature with signer name and label count.
1051 * must be length checked, at least 18 bytes long.
1052 * @param can_owner: position in buffer returned for future use.
1053 * @param can_owner_len: length of canonical owner name.
1054 */
1055 static void
insert_can_owner(sldns_buffer * buf,struct ub_packed_rrset_key * k,uint8_t * sig,uint8_t ** can_owner,size_t * can_owner_len)1056 insert_can_owner(sldns_buffer* buf, struct ub_packed_rrset_key* k,
1057 uint8_t* sig, uint8_t** can_owner, size_t* can_owner_len)
1058 {
1059 int rrsig_labels = (int)sig[3];
1060 int fqdn_labels = dname_signame_label_count(k->rk.dname);
1061 *can_owner = sldns_buffer_current(buf);
1062 if(rrsig_labels == fqdn_labels) {
1063 /* no change */
1064 sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
1065 query_dname_tolower(*can_owner);
1066 *can_owner_len = k->rk.dname_len;
1067 return;
1068 }
1069 log_assert(rrsig_labels < fqdn_labels);
1070 /* *. | fqdn(rightmost rrsig_labels) */
1071 if(rrsig_labels < fqdn_labels) {
1072 int i;
1073 uint8_t* nm = k->rk.dname;
1074 size_t len = k->rk.dname_len;
1075 /* so skip fqdn_labels-rrsig_labels */
1076 for(i=0; i<fqdn_labels-rrsig_labels; i++) {
1077 dname_remove_label(&nm, &len);
1078 }
1079 *can_owner_len = len+2;
1080 sldns_buffer_write(buf, (uint8_t*)"\001*", 2);
1081 sldns_buffer_write(buf, nm, len);
1082 query_dname_tolower(*can_owner);
1083 }
1084 }
1085
1086 /**
1087 * Canonicalize Rdata in buffer.
1088 * @param buf: buffer at position just after the rdata.
1089 * @param rrset: rrset with type.
1090 * @param len: length of the rdata (including rdatalen uint16).
1091 */
1092 static void
canonicalize_rdata(sldns_buffer * buf,struct ub_packed_rrset_key * rrset,size_t len)1093 canonicalize_rdata(sldns_buffer* buf, struct ub_packed_rrset_key* rrset,
1094 size_t len)
1095 {
1096 uint8_t* datstart = sldns_buffer_current(buf)-len+2;
1097 switch(ntohs(rrset->rk.type)) {
1098 case LDNS_RR_TYPE_NXT:
1099 case LDNS_RR_TYPE_NS:
1100 case LDNS_RR_TYPE_MD:
1101 case LDNS_RR_TYPE_MF:
1102 case LDNS_RR_TYPE_CNAME:
1103 case LDNS_RR_TYPE_MB:
1104 case LDNS_RR_TYPE_MG:
1105 case LDNS_RR_TYPE_MR:
1106 case LDNS_RR_TYPE_PTR:
1107 case LDNS_RR_TYPE_DNAME:
1108 /* type only has a single argument, the name */
1109 query_dname_tolower(datstart);
1110 return;
1111 case LDNS_RR_TYPE_MINFO:
1112 case LDNS_RR_TYPE_RP:
1113 case LDNS_RR_TYPE_SOA:
1114 /* two names after another */
1115 query_dname_tolower(datstart);
1116 query_dname_tolower(datstart +
1117 dname_valid(datstart, len-2));
1118 return;
1119 case LDNS_RR_TYPE_RT:
1120 case LDNS_RR_TYPE_AFSDB:
1121 case LDNS_RR_TYPE_KX:
1122 case LDNS_RR_TYPE_MX:
1123 /* skip fixed part */
1124 if(len < 2+2+1) /* rdlen, skiplen, 1byteroot */
1125 return;
1126 datstart += 2;
1127 query_dname_tolower(datstart);
1128 return;
1129 case LDNS_RR_TYPE_SIG:
1130 /* downcase the RRSIG, compat with BIND (kept it from SIG) */
1131 case LDNS_RR_TYPE_RRSIG:
1132 /* skip fixed part */
1133 if(len < 2+18+1)
1134 return;
1135 datstart += 18;
1136 query_dname_tolower(datstart);
1137 return;
1138 case LDNS_RR_TYPE_PX:
1139 /* skip, then two names after another */
1140 if(len < 2+2+1)
1141 return;
1142 datstart += 2;
1143 query_dname_tolower(datstart);
1144 query_dname_tolower(datstart +
1145 dname_valid(datstart, len-2-2));
1146 return;
1147 case LDNS_RR_TYPE_NAPTR:
1148 if(len < 2+4)
1149 return;
1150 len -= 2+4;
1151 datstart += 4;
1152 if(len < (size_t)datstart[0]+1) /* skip text field */
1153 return;
1154 len -= (size_t)datstart[0]+1;
1155 datstart += (size_t)datstart[0]+1;
1156 if(len < (size_t)datstart[0]+1) /* skip text field */
1157 return;
1158 len -= (size_t)datstart[0]+1;
1159 datstart += (size_t)datstart[0]+1;
1160 if(len < (size_t)datstart[0]+1) /* skip text field */
1161 return;
1162 len -= (size_t)datstart[0]+1;
1163 datstart += (size_t)datstart[0]+1;
1164 if(len < 1) /* check name is at least 1 byte*/
1165 return;
1166 query_dname_tolower(datstart);
1167 return;
1168 case LDNS_RR_TYPE_SRV:
1169 /* skip fixed part */
1170 if(len < 2+6+1)
1171 return;
1172 datstart += 6;
1173 query_dname_tolower(datstart);
1174 return;
1175
1176 /* do not canonicalize NSEC rdata name, compat with
1177 * from bind 9.4 signer, where it does not do so */
1178 case LDNS_RR_TYPE_NSEC: /* type starts with the name */
1179 case LDNS_RR_TYPE_HINFO: /* not downcased */
1180 /* A6 not supported */
1181 default:
1182 /* nothing to do for unknown types */
1183 return;
1184 }
1185 }
1186
rrset_canonical_equal(struct regional * region,struct ub_packed_rrset_key * k1,struct ub_packed_rrset_key * k2)1187 int rrset_canonical_equal(struct regional* region,
1188 struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
1189 {
1190 struct rbtree_type sortree1, sortree2;
1191 struct canon_rr *rrs1, *rrs2, *p1, *p2;
1192 struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data;
1193 struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data;
1194 struct ub_packed_rrset_key fk;
1195 struct packed_rrset_data fd;
1196 size_t flen[2];
1197 uint8_t* fdata[2];
1198
1199 /* basic compare */
1200 if(k1->rk.dname_len != k2->rk.dname_len ||
1201 k1->rk.flags != k2->rk.flags ||
1202 k1->rk.type != k2->rk.type ||
1203 k1->rk.rrset_class != k2->rk.rrset_class ||
1204 query_dname_compare(k1->rk.dname, k2->rk.dname) != 0)
1205 return 0;
1206 if(d1->ttl != d2->ttl ||
1207 d1->count != d2->count ||
1208 d1->rrsig_count != d2->rrsig_count ||
1209 d1->trust != d2->trust ||
1210 d1->security != d2->security)
1211 return 0;
1212
1213 /* init */
1214 memset(&fk, 0, sizeof(fk));
1215 memset(&fd, 0, sizeof(fd));
1216 fk.entry.data = &fd;
1217 fd.count = 2;
1218 fd.rr_len = flen;
1219 fd.rr_data = fdata;
1220 rbtree_init(&sortree1, &canonical_tree_compare);
1221 rbtree_init(&sortree2, &canonical_tree_compare);
1222 if(d1->count > RR_COUNT_MAX || d2->count > RR_COUNT_MAX)
1223 return 1; /* protection against integer overflow */
1224 rrs1 = regional_alloc(region, sizeof(struct canon_rr)*d1->count);
1225 rrs2 = regional_alloc(region, sizeof(struct canon_rr)*d2->count);
1226 if(!rrs1 || !rrs2) return 1; /* alloc failure */
1227
1228 /* sort */
1229 canonical_sort(k1, d1, &sortree1, rrs1);
1230 canonical_sort(k2, d2, &sortree2, rrs2);
1231
1232 /* compare canonical-sorted RRs for canonical-equality */
1233 if(sortree1.count != sortree2.count)
1234 return 0;
1235 p1 = (struct canon_rr*)rbtree_first(&sortree1);
1236 p2 = (struct canon_rr*)rbtree_first(&sortree2);
1237 while(p1 != (struct canon_rr*)RBTREE_NULL &&
1238 p2 != (struct canon_rr*)RBTREE_NULL) {
1239 flen[0] = d1->rr_len[p1->rr_idx];
1240 flen[1] = d2->rr_len[p2->rr_idx];
1241 fdata[0] = d1->rr_data[p1->rr_idx];
1242 fdata[1] = d2->rr_data[p2->rr_idx];
1243
1244 if(canonical_compare(&fk, 0, 1) != 0)
1245 return 0;
1246 p1 = (struct canon_rr*)rbtree_next(&p1->node);
1247 p2 = (struct canon_rr*)rbtree_next(&p2->node);
1248 }
1249 return 1;
1250 }
1251
1252 /**
1253 * Create canonical form of rrset in the scratch buffer.
1254 * @param region: temporary region.
1255 * @param buf: the buffer to use.
1256 * @param k: the rrset to insert.
1257 * @param sig: RRSIG rdata to include.
1258 * @param siglen: RRSIG rdata len excluding signature field, but inclusive
1259 * signer name length.
1260 * @param sortree: if NULL is passed a new sorted rrset tree is built.
1261 * Otherwise it is reused.
1262 * @param section: section of packet where this rrset comes from.
1263 * @param qstate: qstate with region.
1264 * @return false on alloc error.
1265 */
1266 static int
rrset_canonical(struct regional * region,sldns_buffer * buf,struct ub_packed_rrset_key * k,uint8_t * sig,size_t siglen,struct rbtree_type ** sortree,sldns_pkt_section section,struct module_qstate * qstate)1267 rrset_canonical(struct regional* region, sldns_buffer* buf,
1268 struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen,
1269 struct rbtree_type** sortree, sldns_pkt_section section,
1270 struct module_qstate* qstate)
1271 {
1272 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
1273 uint8_t* can_owner = NULL;
1274 size_t can_owner_len = 0;
1275 struct canon_rr* walk;
1276 struct canon_rr* rrs;
1277
1278 if(!*sortree) {
1279 *sortree = (struct rbtree_type*)regional_alloc(region,
1280 sizeof(rbtree_type));
1281 if(!*sortree)
1282 return 0;
1283 if(d->count > RR_COUNT_MAX)
1284 return 0; /* integer overflow protection */
1285 rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count);
1286 if(!rrs) {
1287 *sortree = NULL;
1288 return 0;
1289 }
1290 rbtree_init(*sortree, &canonical_tree_compare);
1291 canonical_sort(k, d, *sortree, rrs);
1292 }
1293
1294 sldns_buffer_clear(buf);
1295 sldns_buffer_write(buf, sig, siglen);
1296 /* canonicalize signer name */
1297 query_dname_tolower(sldns_buffer_begin(buf)+18);
1298 RBTREE_FOR(walk, struct canon_rr*, (*sortree)) {
1299 /* see if there is enough space left in the buffer */
1300 if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
1301 + d->rr_len[walk->rr_idx]) {
1302 log_err("verify: failed to canonicalize, "
1303 "rrset too big");
1304 return 0;
1305 }
1306 /* determine canonical owner name */
1307 if(can_owner)
1308 sldns_buffer_write(buf, can_owner, can_owner_len);
1309 else insert_can_owner(buf, k, sig, &can_owner,
1310 &can_owner_len);
1311 sldns_buffer_write(buf, &k->rk.type, 2);
1312 sldns_buffer_write(buf, &k->rk.rrset_class, 2);
1313 sldns_buffer_write(buf, sig+4, 4);
1314 sldns_buffer_write(buf, d->rr_data[walk->rr_idx],
1315 d->rr_len[walk->rr_idx]);
1316 canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
1317 }
1318 sldns_buffer_flip(buf);
1319
1320 /* Replace RR owner with canonical owner for NSEC records in authority
1321 * section, to prevent that a wildcard synthesized NSEC can be used in
1322 * the non-existence proves. */
1323 if(ntohs(k->rk.type) == LDNS_RR_TYPE_NSEC &&
1324 section == LDNS_SECTION_AUTHORITY && qstate) {
1325 k->rk.dname = regional_alloc_init(qstate->region, can_owner,
1326 can_owner_len);
1327 if(!k->rk.dname)
1328 return 0;
1329 k->rk.dname_len = can_owner_len;
1330 }
1331
1332
1333 return 1;
1334 }
1335
1336 int
rrset_canonicalize_to_buffer(struct regional * region,sldns_buffer * buf,struct ub_packed_rrset_key * k)1337 rrset_canonicalize_to_buffer(struct regional* region, sldns_buffer* buf,
1338 struct ub_packed_rrset_key* k)
1339 {
1340 struct rbtree_type* sortree = NULL;
1341 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
1342 uint8_t* can_owner = NULL;
1343 size_t can_owner_len = 0;
1344 struct canon_rr* walk;
1345 struct canon_rr* rrs;
1346
1347 sortree = (struct rbtree_type*)regional_alloc(region,
1348 sizeof(rbtree_type));
1349 if(!sortree)
1350 return 0;
1351 if(d->count > RR_COUNT_MAX)
1352 return 0; /* integer overflow protection */
1353 rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count);
1354 if(!rrs) {
1355 return 0;
1356 }
1357 rbtree_init(sortree, &canonical_tree_compare);
1358 canonical_sort(k, d, sortree, rrs);
1359
1360 sldns_buffer_clear(buf);
1361 RBTREE_FOR(walk, struct canon_rr*, sortree) {
1362 /* see if there is enough space left in the buffer */
1363 if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
1364 + d->rr_len[walk->rr_idx]) {
1365 log_err("verify: failed to canonicalize, "
1366 "rrset too big");
1367 return 0;
1368 }
1369 /* determine canonical owner name */
1370 if(can_owner)
1371 sldns_buffer_write(buf, can_owner, can_owner_len);
1372 else {
1373 can_owner = sldns_buffer_current(buf);
1374 sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
1375 query_dname_tolower(can_owner);
1376 can_owner_len = k->rk.dname_len;
1377 }
1378 sldns_buffer_write(buf, &k->rk.type, 2);
1379 sldns_buffer_write(buf, &k->rk.rrset_class, 2);
1380 sldns_buffer_write_u32(buf, d->rr_ttl[walk->rr_idx]);
1381 sldns_buffer_write(buf, d->rr_data[walk->rr_idx],
1382 d->rr_len[walk->rr_idx]);
1383 canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
1384 }
1385 sldns_buffer_flip(buf);
1386 return 1;
1387 }
1388
1389 /** pretty print rrsig error with dates */
1390 static void
sigdate_error(const char * str,int32_t expi,int32_t incep,int32_t now)1391 sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now)
1392 {
1393 struct tm tm;
1394 char expi_buf[16];
1395 char incep_buf[16];
1396 char now_buf[16];
1397 time_t te, ti, tn;
1398
1399 if(verbosity < VERB_QUERY)
1400 return;
1401 te = (time_t)expi;
1402 ti = (time_t)incep;
1403 tn = (time_t)now;
1404 memset(&tm, 0, sizeof(tm));
1405 if(gmtime_r(&te, &tm) && strftime(expi_buf, 15, "%Y%m%d%H%M%S", &tm)
1406 &&gmtime_r(&ti, &tm) && strftime(incep_buf, 15, "%Y%m%d%H%M%S", &tm)
1407 &&gmtime_r(&tn, &tm) && strftime(now_buf, 15, "%Y%m%d%H%M%S", &tm)) {
1408 log_info("%s expi=%s incep=%s now=%s", str, expi_buf,
1409 incep_buf, now_buf);
1410 } else
1411 log_info("%s expi=%u incep=%u now=%u", str, (unsigned)expi,
1412 (unsigned)incep, (unsigned)now);
1413 }
1414
1415 /** check rrsig dates */
1416 static int
check_dates(struct val_env * ve,uint32_t unow,uint8_t * expi_p,uint8_t * incep_p,char ** reason,sldns_ede_code * reason_bogus)1417 check_dates(struct val_env* ve, uint32_t unow, uint8_t* expi_p,
1418 uint8_t* incep_p, char** reason, sldns_ede_code *reason_bogus)
1419 {
1420 /* read out the dates */
1421 uint32_t expi, incep, now;
1422 memmove(&expi, expi_p, sizeof(expi));
1423 memmove(&incep, incep_p, sizeof(incep));
1424 expi = ntohl(expi);
1425 incep = ntohl(incep);
1426
1427 /* get current date */
1428 if(ve->date_override) {
1429 if(ve->date_override == -1) {
1430 verbose(VERB_ALGO, "date override: ignore date");
1431 return 1;
1432 }
1433 now = ve->date_override;
1434 verbose(VERB_ALGO, "date override option %d", (int)now);
1435 } else now = unow;
1436
1437 /* check them */
1438 if(compare_1982(incep, expi) > 0) {
1439 sigdate_error("verify: inception after expiration, "
1440 "signature bad", expi, incep, now);
1441 *reason = "signature inception after expiration";
1442 if(reason_bogus){
1443 /* from RFC8914 on Signature Not Yet Valid: The resolver
1444 * attempted to perform DNSSEC validation, but no
1445 * signatures are presently valid and at least some are
1446 * not yet valid. */
1447 *reason_bogus = LDNS_EDE_SIGNATURE_NOT_YET_VALID;
1448 }
1449
1450 return 0;
1451 }
1452 if(compare_1982(incep, now) > 0) {
1453 /* within skew ? (calc here to avoid calculation normally) */
1454 uint32_t skew = subtract_1982(incep, expi)/10;
1455 if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min;
1456 if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max;
1457 if(subtract_1982(now, incep) > skew) {
1458 sigdate_error("verify: signature bad, current time is"
1459 " before inception date", expi, incep, now);
1460 *reason = "signature before inception date";
1461 if(reason_bogus)
1462 *reason_bogus = LDNS_EDE_SIGNATURE_NOT_YET_VALID;
1463 return 0;
1464 }
1465 sigdate_error("verify warning suspicious signature inception "
1466 " or bad local clock", expi, incep, now);
1467 }
1468 if(compare_1982(now, expi) > 0) {
1469 uint32_t skew = subtract_1982(incep, expi)/10;
1470 if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min;
1471 if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max;
1472 if(subtract_1982(expi, now) > skew) {
1473 sigdate_error("verify: signature expired", expi,
1474 incep, now);
1475 *reason = "signature expired";
1476 if(reason_bogus)
1477 *reason_bogus = LDNS_EDE_SIGNATURE_EXPIRED;
1478 return 0;
1479 }
1480 sigdate_error("verify warning suspicious signature expiration "
1481 " or bad local clock", expi, incep, now);
1482 }
1483 return 1;
1484 }
1485
1486 /** adjust rrset TTL for verified rrset, compare to original TTL and expi */
1487 static void
adjust_ttl(struct val_env * ve,uint32_t unow,struct ub_packed_rrset_key * rrset,uint8_t * orig_p,uint8_t * expi_p,uint8_t * incep_p)1488 adjust_ttl(struct val_env* ve, uint32_t unow,
1489 struct ub_packed_rrset_key* rrset, uint8_t* orig_p,
1490 uint8_t* expi_p, uint8_t* incep_p)
1491 {
1492 struct packed_rrset_data* d =
1493 (struct packed_rrset_data*)rrset->entry.data;
1494 /* read out the dates */
1495 int32_t origttl, expittl, expi, incep, now;
1496 memmove(&origttl, orig_p, sizeof(origttl));
1497 memmove(&expi, expi_p, sizeof(expi));
1498 memmove(&incep, incep_p, sizeof(incep));
1499 expi = ntohl(expi);
1500 incep = ntohl(incep);
1501 origttl = ntohl(origttl);
1502
1503 /* get current date */
1504 if(ve->date_override) {
1505 now = ve->date_override;
1506 } else now = (int32_t)unow;
1507 expittl = (int32_t)((uint32_t)expi - (uint32_t)now);
1508
1509 /* so now:
1510 * d->ttl: rrset ttl read from message or cache. May be reduced
1511 * origttl: original TTL from signature, authoritative TTL max.
1512 * MIN_TTL: minimum TTL from config.
1513 * expittl: TTL until the signature expires.
1514 *
1515 * Use the smallest of these, but don't let origttl set the TTL
1516 * below the minimum.
1517 */
1518 if(MIN_TTL > (time_t)origttl && d->ttl > MIN_TTL) {
1519 verbose(VERB_QUERY, "rrset TTL larger than original and minimum"
1520 " TTL, adjusting TTL downwards to minimum ttl");
1521 d->ttl = MIN_TTL;
1522 }
1523 else if(MIN_TTL <= origttl && d->ttl > (time_t)origttl) {
1524 verbose(VERB_QUERY, "rrset TTL larger than original TTL, "
1525 "adjusting TTL downwards to original ttl");
1526 d->ttl = origttl;
1527 }
1528
1529 if(expittl > 0 && d->ttl > (time_t)expittl) {
1530 verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl,"
1531 " adjusting TTL downwards");
1532 d->ttl = expittl;
1533 }
1534 }
1535
1536 enum sec_status
dnskey_verify_rrset_sig(struct regional * region,sldns_buffer * buf,struct val_env * ve,time_t now,struct ub_packed_rrset_key * rrset,struct ub_packed_rrset_key * dnskey,size_t dnskey_idx,size_t sig_idx,struct rbtree_type ** sortree,int * buf_canon,char ** reason,sldns_ede_code * reason_bogus,sldns_pkt_section section,struct module_qstate * qstate)1537 dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf,
1538 struct val_env* ve, time_t now,
1539 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
1540 size_t dnskey_idx, size_t sig_idx,
1541 struct rbtree_type** sortree, int* buf_canon,
1542 char** reason, sldns_ede_code *reason_bogus,
1543 sldns_pkt_section section, struct module_qstate* qstate)
1544 {
1545 enum sec_status sec;
1546 uint8_t* sig; /* RRSIG rdata */
1547 size_t siglen;
1548 size_t rrnum = rrset_get_count(rrset);
1549 uint8_t* signer; /* rrsig signer name */
1550 size_t signer_len;
1551 unsigned char* sigblock; /* signature rdata field */
1552 unsigned int sigblock_len;
1553 uint16_t ktag; /* DNSKEY key tag */
1554 unsigned char* key; /* public key rdata field */
1555 unsigned int keylen;
1556 rrset_get_rdata(rrset, rrnum + sig_idx, &sig, &siglen);
1557 /* min length of rdatalen, fixed rrsig, root signer, 1 byte sig */
1558 if(siglen < 2+20) {
1559 verbose(VERB_QUERY, "verify: signature too short");
1560 *reason = "signature too short";
1561 if(reason_bogus)
1562 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1563 return sec_status_bogus;
1564 }
1565
1566 if(!(dnskey_get_flags(dnskey, dnskey_idx) & DNSKEY_BIT_ZSK)) {
1567 verbose(VERB_QUERY, "verify: dnskey without ZSK flag");
1568 *reason = "dnskey without ZSK flag";
1569 if(reason_bogus)
1570 *reason_bogus = LDNS_EDE_NO_ZONE_KEY_BIT_SET;
1571 return sec_status_bogus;
1572 }
1573
1574 if(dnskey_get_protocol(dnskey, dnskey_idx) != LDNS_DNSSEC_KEYPROTO) {
1575 /* RFC 4034 says DNSKEY PROTOCOL MUST be 3 */
1576 verbose(VERB_QUERY, "verify: dnskey has wrong key protocol");
1577 *reason = "dnskey has wrong protocolnumber";
1578 if(reason_bogus)
1579 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1580 return sec_status_bogus;
1581 }
1582
1583 /* verify as many fields in rrsig as possible */
1584 signer = sig+2+18;
1585 signer_len = dname_valid(signer, siglen-2-18);
1586 if(!signer_len) {
1587 verbose(VERB_QUERY, "verify: malformed signer name");
1588 *reason = "signer name malformed";
1589 if(reason_bogus)
1590 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1591 return sec_status_bogus; /* signer name invalid */
1592 }
1593 if(!dname_subdomain_c(rrset->rk.dname, signer)) {
1594 verbose(VERB_QUERY, "verify: signer name is off-tree");
1595 *reason = "signer name off-tree";
1596 if(reason_bogus)
1597 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1598 return sec_status_bogus; /* signer name offtree */
1599 }
1600 sigblock = (unsigned char*)signer+signer_len;
1601 if(siglen < 2+18+signer_len+1) {
1602 verbose(VERB_QUERY, "verify: too short, no signature data");
1603 *reason = "signature too short, no signature data";
1604 if(reason_bogus)
1605 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1606 return sec_status_bogus; /* sig rdf is < 1 byte */
1607 }
1608 sigblock_len = (unsigned int)(siglen - 2 - 18 - signer_len);
1609
1610 /* verify key dname == sig signer name */
1611 if(query_dname_compare(signer, dnskey->rk.dname) != 0) {
1612 verbose(VERB_QUERY, "verify: wrong key for rrsig");
1613 log_nametypeclass(VERB_QUERY, "RRSIG signername is",
1614 signer, 0, 0);
1615 log_nametypeclass(VERB_QUERY, "the key name is",
1616 dnskey->rk.dname, 0, 0);
1617 *reason = "signer name mismatches key name";
1618 if(reason_bogus)
1619 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1620 return sec_status_bogus;
1621 }
1622
1623 /* verify covered type */
1624 /* memcmp works because type is in network format for rrset */
1625 if(memcmp(sig+2, &rrset->rk.type, 2) != 0) {
1626 verbose(VERB_QUERY, "verify: wrong type covered");
1627 *reason = "signature covers wrong type";
1628 if(reason_bogus)
1629 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1630 return sec_status_bogus;
1631 }
1632 /* verify keytag and sig algo (possibly again) */
1633 if((int)sig[2+2] != dnskey_get_algo(dnskey, dnskey_idx)) {
1634 verbose(VERB_QUERY, "verify: wrong algorithm");
1635 *reason = "signature has wrong algorithm";
1636 if(reason_bogus)
1637 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1638 return sec_status_bogus;
1639 }
1640 ktag = htons(dnskey_calc_keytag(dnskey, dnskey_idx));
1641 if(memcmp(sig+2+16, &ktag, 2) != 0) {
1642 verbose(VERB_QUERY, "verify: wrong keytag");
1643 *reason = "signature has wrong keytag";
1644 if(reason_bogus)
1645 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1646 return sec_status_bogus;
1647 }
1648
1649 /* verify labels is in a valid range */
1650 if((int)sig[2+3] > dname_signame_label_count(rrset->rk.dname)) {
1651 verbose(VERB_QUERY, "verify: labelcount out of range");
1652 *reason = "signature labelcount out of range";
1653 if(reason_bogus)
1654 *reason_bogus = LDNS_EDE_DNSSEC_BOGUS;
1655 return sec_status_bogus;
1656 }
1657
1658 /* original ttl, always ok */
1659
1660 if(!*buf_canon) {
1661 /* create rrset canonical format in buffer, ready for
1662 * signature */
1663 if(!rrset_canonical(region, buf, rrset, sig+2,
1664 18 + signer_len, sortree, section, qstate)) {
1665 log_err("verify: failed due to alloc error");
1666 return sec_status_unchecked;
1667 }
1668 *buf_canon = 1;
1669 }
1670
1671 /* check that dnskey is available */
1672 dnskey_get_pubkey(dnskey, dnskey_idx, &key, &keylen);
1673 if(!key) {
1674 verbose(VERB_QUERY, "verify: short DNSKEY RR");
1675 return sec_status_unchecked;
1676 }
1677
1678 /* verify */
1679 sec = verify_canonrrset(buf, (int)sig[2+2],
1680 sigblock, sigblock_len, key, keylen, reason);
1681
1682 /* count validation operation */
1683 if(qstate && qstate->env && qstate->env->mesh)
1684 qstate->env->mesh->val_ops++;
1685
1686 if(sec == sec_status_secure) {
1687 /* check if TTL is too high - reduce if so */
1688 adjust_ttl(ve, now, rrset, sig+2+4, sig+2+8, sig+2+12);
1689
1690 /* verify inception, expiration dates
1691 * Do this last so that if you ignore expired-sigs the
1692 * rest is sure to be OK. */
1693 if(!check_dates(ve, now, sig+2+8, sig+2+12,
1694 reason, reason_bogus)) {
1695 return sec_status_bogus;
1696 }
1697 }
1698
1699 return sec;
1700 }
1701