1 /*
2 * validator/val_nsec3.c - validator NSEC3 denial of existence functions.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 /**
37 * \file
38 *
39 * This file contains helper functions for the validator module.
40 * The functions help with NSEC3 checking, the different NSEC3 proofs
41 * for denial of existence, and proofs for presence of types.
42 */
43 #include "config.h"
44 #include <ctype.h>
45 #include "validator/val_nsec3.h"
46 #include "validator/val_secalgo.h"
47 #include "validator/validator.h"
48 #include "validator/val_kentry.h"
49 #include "services/cache/rrset.h"
50 #include "util/regional.h"
51 #include "util/rbtree.h"
52 #include "util/module.h"
53 #include "util/net_help.h"
54 #include "util/data/packed_rrset.h"
55 #include "util/data/dname.h"
56 #include "util/data/msgreply.h"
57 /* we include nsec.h for the bitmap_has_type function */
58 #include "validator/val_nsec.h"
59 #include "sldns/sbuffer.h"
60 #include "util/config_file.h"
61
62 /**
63 * When all allowed NSEC3 calculations at once resulted in error treat as
64 * bogus. NSEC3 hash errors are not cached and this helps breaks loops with
65 * erroneous data.
66 */
67 #define MAX_NSEC3_ERRORS -1
68
69 /**
70 * This function we get from ldns-compat or from base system
71 * it returns the number of data bytes stored at the target, or <0 on error.
72 */
73 int sldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
74 char *target, size_t targsize);
75 /**
76 * This function we get from ldns-compat or from base system
77 * it returns the number of data bytes stored at the target, or <0 on error.
78 */
79 int sldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len,
80 uint8_t *target, size_t targsize);
81
82 /**
83 * Closest encloser (ce) proof results
84 * Contains the ce and the next-closer (nc) proof.
85 */
86 struct ce_response {
87 /** the closest encloser name */
88 uint8_t* ce;
89 /** length of ce */
90 size_t ce_len;
91 /** NSEC3 record that proved ce. rrset */
92 struct ub_packed_rrset_key* ce_rrset;
93 /** NSEC3 record that proved ce. rr number */
94 int ce_rr;
95 /** NSEC3 record that proved nc. rrset */
96 struct ub_packed_rrset_key* nc_rrset;
97 /** NSEC3 record that proved nc. rr*/
98 int nc_rr;
99 };
100
101 /**
102 * Filter conditions for NSEC3 proof
103 * Used to iterate over the applicable NSEC3 RRs.
104 */
105 struct nsec3_filter {
106 /** Zone name, only NSEC3 records for this zone are considered */
107 uint8_t* zone;
108 /** length of the zonename */
109 size_t zone_len;
110 /** the list of NSEC3s to filter; array */
111 struct ub_packed_rrset_key** list;
112 /** number of rrsets in list */
113 size_t num;
114 /** class of records for the NSEC3, only this class applies */
115 uint16_t fclass;
116 };
117
118 /** return number of rrs in an rrset */
119 static size_t
rrset_get_count(struct ub_packed_rrset_key * rrset)120 rrset_get_count(struct ub_packed_rrset_key* rrset)
121 {
122 struct packed_rrset_data* d = (struct packed_rrset_data*)
123 rrset->entry.data;
124 if(!d) return 0;
125 return d->count;
126 }
127
128 /** return if nsec3 RR has unknown flags */
129 static int
nsec3_unknown_flags(struct ub_packed_rrset_key * rrset,int r)130 nsec3_unknown_flags(struct ub_packed_rrset_key* rrset, int r)
131 {
132 struct packed_rrset_data* d = (struct packed_rrset_data*)
133 rrset->entry.data;
134 log_assert(d && r < (int)d->count);
135 if(d->rr_len[r] < 2+2)
136 return 0; /* malformed */
137 return (int)(d->rr_data[r][2+1] & NSEC3_UNKNOWN_FLAGS);
138 }
139
140 int
nsec3_has_optout(struct ub_packed_rrset_key * rrset,int r)141 nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r)
142 {
143 struct packed_rrset_data* d = (struct packed_rrset_data*)
144 rrset->entry.data;
145 log_assert(d && r < (int)d->count);
146 if(d->rr_len[r] < 2+2)
147 return 0; /* malformed */
148 return (int)(d->rr_data[r][2+1] & NSEC3_OPTOUT);
149 }
150
151 /** return nsec3 RR algorithm */
152 static int
nsec3_get_algo(struct ub_packed_rrset_key * rrset,int r)153 nsec3_get_algo(struct ub_packed_rrset_key* rrset, int r)
154 {
155 struct packed_rrset_data* d = (struct packed_rrset_data*)
156 rrset->entry.data;
157 log_assert(d && r < (int)d->count);
158 if(d->rr_len[r] < 2+1)
159 return 0; /* malformed */
160 return (int)(d->rr_data[r][2+0]);
161 }
162
163 /** return if nsec3 RR has known algorithm */
164 static int
nsec3_known_algo(struct ub_packed_rrset_key * rrset,int r)165 nsec3_known_algo(struct ub_packed_rrset_key* rrset, int r)
166 {
167 struct packed_rrset_data* d = (struct packed_rrset_data*)
168 rrset->entry.data;
169 log_assert(d && r < (int)d->count);
170 if(d->rr_len[r] < 2+1)
171 return 0; /* malformed */
172 switch(d->rr_data[r][2+0]) {
173 case NSEC3_HASH_SHA1:
174 return 1;
175 }
176 return 0;
177 }
178
179 /** return nsec3 RR iteration count */
180 static size_t
nsec3_get_iter(struct ub_packed_rrset_key * rrset,int r)181 nsec3_get_iter(struct ub_packed_rrset_key* rrset, int r)
182 {
183 uint16_t i;
184 struct packed_rrset_data* d = (struct packed_rrset_data*)
185 rrset->entry.data;
186 log_assert(d && r < (int)d->count);
187 if(d->rr_len[r] < 2+4)
188 return 0; /* malformed */
189 memmove(&i, d->rr_data[r]+2+2, sizeof(i));
190 i = ntohs(i);
191 return (size_t)i;
192 }
193
194 /** return nsec3 RR salt */
195 static int
nsec3_get_salt(struct ub_packed_rrset_key * rrset,int r,uint8_t ** salt,size_t * saltlen)196 nsec3_get_salt(struct ub_packed_rrset_key* rrset, int r,
197 uint8_t** salt, size_t* saltlen)
198 {
199 struct packed_rrset_data* d = (struct packed_rrset_data*)
200 rrset->entry.data;
201 log_assert(d && r < (int)d->count);
202 if(d->rr_len[r] < 2+5) {
203 *salt = 0;
204 *saltlen = 0;
205 return 0; /* malformed */
206 }
207 *saltlen = (size_t)d->rr_data[r][2+4];
208 if(d->rr_len[r] < 2+5+(size_t)*saltlen) {
209 *salt = 0;
210 *saltlen = 0;
211 return 0; /* malformed */
212 }
213 *salt = d->rr_data[r]+2+5;
214 return 1;
215 }
216
nsec3_get_params(struct ub_packed_rrset_key * rrset,int r,int * algo,size_t * iter,uint8_t ** salt,size_t * saltlen)217 int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r,
218 int* algo, size_t* iter, uint8_t** salt, size_t* saltlen)
219 {
220 if(!nsec3_known_algo(rrset, r) || nsec3_unknown_flags(rrset, r))
221 return 0;
222 if(!nsec3_get_salt(rrset, r, salt, saltlen))
223 return 0;
224 *algo = nsec3_get_algo(rrset, r);
225 *iter = nsec3_get_iter(rrset, r);
226 return 1;
227 }
228
229 int
nsec3_get_nextowner(struct ub_packed_rrset_key * rrset,int r,uint8_t ** next,size_t * nextlen)230 nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r,
231 uint8_t** next, size_t* nextlen)
232 {
233 size_t saltlen;
234 struct packed_rrset_data* d = (struct packed_rrset_data*)
235 rrset->entry.data;
236 log_assert(d && r < (int)d->count);
237 if(d->rr_len[r] < 2+5) {
238 *next = 0;
239 *nextlen = 0;
240 return 0; /* malformed */
241 }
242 saltlen = (size_t)d->rr_data[r][2+4];
243 if(d->rr_len[r] < 2+5+saltlen+1) {
244 *next = 0;
245 *nextlen = 0;
246 return 0; /* malformed */
247 }
248 *nextlen = (size_t)d->rr_data[r][2+5+saltlen];
249 if(d->rr_len[r] < 2+5+saltlen+1+*nextlen) {
250 *next = 0;
251 *nextlen = 0;
252 return 0; /* malformed */
253 }
254 *next = d->rr_data[r]+2+5+saltlen+1;
255 return 1;
256 }
257
nsec3_hash_to_b32(uint8_t * hash,size_t hashlen,uint8_t * zone,size_t zonelen,uint8_t * buf,size_t max)258 size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone,
259 size_t zonelen, uint8_t* buf, size_t max)
260 {
261 /* write b32 of name, leave one for length */
262 int ret;
263 if(max < hashlen*2+1) /* quick approx of b32, as if hexb16 */
264 return 0;
265 ret = sldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1);
266 if(ret < 1)
267 return 0;
268 buf[0] = (uint8_t)ret; /* length of b32 label */
269 ret++;
270 if(max - ret < zonelen)
271 return 0;
272 memmove(buf+ret, zone, zonelen);
273 return zonelen+(size_t)ret;
274 }
275
nsec3_get_nextowner_b32(struct ub_packed_rrset_key * rrset,int r,uint8_t * buf,size_t max)276 size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r,
277 uint8_t* buf, size_t max)
278 {
279 uint8_t* nm, *zone;
280 size_t nmlen, zonelen;
281 if(!nsec3_get_nextowner(rrset, r, &nm, &nmlen))
282 return 0;
283 /* append zone name; the owner name must be <b32>.zone */
284 zone = rrset->rk.dname;
285 zonelen = rrset->rk.dname_len;
286 dname_remove_label(&zone, &zonelen);
287 return nsec3_hash_to_b32(nm, nmlen, zone, zonelen, buf, max);
288 }
289
290 int
nsec3_has_type(struct ub_packed_rrset_key * rrset,int r,uint16_t type)291 nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type)
292 {
293 uint8_t* bitmap;
294 size_t bitlen, skiplen;
295 struct packed_rrset_data* d = (struct packed_rrset_data*)
296 rrset->entry.data;
297 log_assert(d && r < (int)d->count);
298 skiplen = 2+4;
299 /* skip salt */
300 if(d->rr_len[r] < skiplen+1)
301 return 0; /* malformed, too short */
302 skiplen += 1+(size_t)d->rr_data[r][skiplen];
303 /* skip next hashed owner */
304 if(d->rr_len[r] < skiplen+1)
305 return 0; /* malformed, too short */
306 skiplen += 1+(size_t)d->rr_data[r][skiplen];
307 if(d->rr_len[r] < skiplen)
308 return 0; /* malformed, too short */
309 bitlen = d->rr_len[r] - skiplen;
310 bitmap = d->rr_data[r]+skiplen;
311 return nsecbitmap_has_type_rdata(bitmap, bitlen, type);
312 }
313
314 /**
315 * Iterate through NSEC3 list, per RR
316 * This routine gives the next RR in the list (or sets rrset null).
317 * Usage:
318 *
319 * size_t rrsetnum;
320 * int rrnum;
321 * struct ub_packed_rrset_key* rrset;
322 * for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset;
323 * rrset=filter_next(filter, &rrsetnum, &rrnum))
324 * do_stuff;
325 *
326 * Also filters out
327 * o unknown flag NSEC3s
328 * o unknown algorithm NSEC3s.
329 * @param filter: nsec3 filter structure.
330 * @param rrsetnum: in/out rrset number to look at.
331 * @param rrnum: in/out rr number in rrset to look at.
332 * @returns ptr to the next rrset (or NULL at end).
333 */
334 static struct ub_packed_rrset_key*
filter_next(struct nsec3_filter * filter,size_t * rrsetnum,int * rrnum)335 filter_next(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum)
336 {
337 size_t i;
338 int r;
339 uint8_t* nm;
340 size_t nmlen;
341 if(!filter->zone) /* empty list */
342 return NULL;
343 for(i=*rrsetnum; i<filter->num; i++) {
344 /* see if RRset qualifies */
345 if(ntohs(filter->list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 ||
346 ntohs(filter->list[i]->rk.rrset_class) !=
347 filter->fclass)
348 continue;
349 /* check RRset zone */
350 nm = filter->list[i]->rk.dname;
351 nmlen = filter->list[i]->rk.dname_len;
352 dname_remove_label(&nm, &nmlen);
353 if(query_dname_compare(nm, filter->zone) != 0)
354 continue;
355 if(i == *rrsetnum)
356 r = (*rrnum) + 1; /* continue at next RR */
357 else r = 0; /* new RRset start at first RR */
358 for(; r < (int)rrset_get_count(filter->list[i]); r++) {
359 /* skip unknown flags, algo */
360 if(nsec3_unknown_flags(filter->list[i], r) ||
361 !nsec3_known_algo(filter->list[i], r))
362 continue;
363 /* this one is a good target */
364 *rrsetnum = i;
365 *rrnum = r;
366 return filter->list[i];
367 }
368 }
369 return NULL;
370 }
371
372 /**
373 * Start iterating over NSEC3 records.
374 * @param filter: the filter structure, must have been filter_init-ed.
375 * @param rrsetnum: can be undefined on call, initialised.
376 * @param rrnum: can be undefined on call, initialised.
377 * @return first rrset of an NSEC3, together with rrnum this points to
378 * the first RR to examine. Is NULL on empty list.
379 */
380 static struct ub_packed_rrset_key*
filter_first(struct nsec3_filter * filter,size_t * rrsetnum,int * rrnum)381 filter_first(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum)
382 {
383 *rrsetnum = 0;
384 *rrnum = -1;
385 return filter_next(filter, rrsetnum, rrnum);
386 }
387
388 /** see if at least one RR is known (flags, algo) */
389 static int
nsec3_rrset_has_known(struct ub_packed_rrset_key * s)390 nsec3_rrset_has_known(struct ub_packed_rrset_key* s)
391 {
392 int r;
393 for(r=0; r < (int)rrset_get_count(s); r++) {
394 if(!nsec3_unknown_flags(s, r) && nsec3_known_algo(s, r))
395 return 1;
396 }
397 return 0;
398 }
399
400 /**
401 * Initialize the filter structure.
402 * Finds the zone by looking at available NSEC3 records and best match.
403 * (skips the unknown flag and unknown algo NSEC3s).
404 *
405 * @param filter: nsec3 filter structure.
406 * @param list: list of rrsets, an array of them.
407 * @param num: number of rrsets in list.
408 * @param qinfo:
409 * query name to match a zone for.
410 * query type (if DS a higher zone must be chosen)
411 * qclass, to filter NSEC3s with.
412 */
413 static void
filter_init(struct nsec3_filter * filter,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo)414 filter_init(struct nsec3_filter* filter, struct ub_packed_rrset_key** list,
415 size_t num, struct query_info* qinfo)
416 {
417 size_t i;
418 uint8_t* nm;
419 size_t nmlen;
420 filter->zone = NULL;
421 filter->zone_len = 0;
422 filter->list = list;
423 filter->num = num;
424 filter->fclass = qinfo->qclass;
425 for(i=0; i<num; i++) {
426 /* ignore other stuff in the list */
427 if(ntohs(list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 ||
428 ntohs(list[i]->rk.rrset_class) != qinfo->qclass)
429 continue;
430 /* skip unknown flags, algo */
431 if(!nsec3_rrset_has_known(list[i]))
432 continue;
433
434 /* since NSEC3s are base32.zonename, we can find the zone
435 * name by stripping off the first label of the record */
436 nm = list[i]->rk.dname;
437 nmlen = list[i]->rk.dname_len;
438 dname_remove_label(&nm, &nmlen);
439 /* if we find a domain that can prove about the qname,
440 * and if this domain is closer to the qname */
441 if(dname_subdomain_c(qinfo->qname, nm) && (!filter->zone ||
442 dname_subdomain_c(nm, filter->zone))) {
443 /* for a type DS do not accept a zone equal to qname*/
444 if(qinfo->qtype == LDNS_RR_TYPE_DS &&
445 query_dname_compare(qinfo->qname, nm) == 0 &&
446 !dname_is_root(qinfo->qname))
447 continue;
448 filter->zone = nm;
449 filter->zone_len = nmlen;
450 }
451 }
452 }
453
454 /** Check if the NSEC3s have the same parameter set. */
455 static int
param_set_same(struct nsec3_filter * flt,char ** reason)456 param_set_same(struct nsec3_filter* flt, char** reason)
457 {
458 size_t rrsetnum;
459 int rrnum;
460 struct ub_packed_rrset_key* rrset;
461 int have_params = 0;
462 int first_algo = 0;
463 size_t first_iter = 0;
464 uint8_t* first_salt = NULL;
465 size_t first_saltlen = 0;
466
467 /* If the NSEC3 parameter sets have distinct values, then they are
468 * from different NSEC3 chains, and we do not want that. */
469 for(rrset=filter_first(flt, &rrsetnum, &rrnum); rrset;
470 rrset=filter_next(flt, &rrsetnum, &rrnum)) {
471 if(!have_params) {
472 first_algo = nsec3_get_algo(rrset, rrnum);
473 first_iter = nsec3_get_iter(rrset, rrnum);
474 if(!nsec3_get_salt(rrset, rrnum, &first_salt,
475 &first_saltlen)) {
476 verbose(VERB_ALGO, "NSEC3 salt malformed");
477 if(reason)
478 *reason = "NSEC3 salt malformed";
479 return 0;
480 }
481 have_params = 1;
482 } else {
483 uint8_t* salt = NULL;
484 size_t saltlen = 0;
485 if(nsec3_get_algo(rrset, rrnum) != first_algo) {
486 verbose(VERB_ALGO, "NSEC3 algorithm mismatch");
487 if(reason)
488 *reason = "NSEC3 algorithm mismatch";
489 return 0;
490 }
491 if(nsec3_get_iter(rrset, rrnum) != first_iter) {
492 verbose(VERB_ALGO, "NSEC3 iterations mismatch");
493 if(reason)
494 *reason = "NSEC3 iterations mismatch";
495 return 0;
496 }
497 if(!nsec3_get_salt(rrset, rrnum, &salt, &saltlen)) {
498 verbose(VERB_ALGO, "NSEC3 salt malformed");
499 if(reason)
500 *reason = "NSEC3 salt malformed";
501 return 0;
502 }
503 if(saltlen != first_saltlen ||
504 memcmp(salt, first_salt, saltlen) != 0) {
505 verbose(VERB_ALGO, "NSEC3 salt mismatch");
506 if(reason)
507 *reason = "NSEC3 salt mismatch";
508 return 0;
509 }
510 }
511 }
512 return 1;
513 }
514
515 /**
516 * Find max iteration count using config settings and key size
517 * @param ve: validator environment with iteration count config settings.
518 * @param bits: key size
519 * @return max iteration count
520 */
521 static size_t
get_max_iter(struct val_env * ve,size_t bits)522 get_max_iter(struct val_env* ve, size_t bits)
523 {
524 int i;
525 log_assert(ve->nsec3_keyiter_count > 0);
526 /* round up to nearest config keysize, linear search, keep it small */
527 for(i=0; i<ve->nsec3_keyiter_count; i++) {
528 if(bits <= ve->nsec3_keysize[i])
529 return ve->nsec3_maxiter[i];
530 }
531 /* else, use value for biggest key */
532 return ve->nsec3_maxiter[ve->nsec3_keyiter_count-1];
533 }
534
535 /**
536 * Determine if any of the NSEC3 rrs iteration count is too high, from key.
537 * @param ve: validator environment with iteration count config settings.
538 * @param filter: what NSEC3s to loop over.
539 * @param kkey: key entry used for verification; used for iteration counts.
540 * @return 1 if some nsec3s are above the max iteration count.
541 */
542 static int
nsec3_iteration_count_high(struct val_env * ve,struct nsec3_filter * filter,struct key_entry_key * kkey)543 nsec3_iteration_count_high(struct val_env* ve, struct nsec3_filter* filter,
544 struct key_entry_key* kkey)
545 {
546 size_t rrsetnum;
547 int rrnum;
548 struct ub_packed_rrset_key* rrset;
549 /* first determine the max number of iterations */
550 size_t bits = key_entry_keysize(kkey);
551 size_t max_iter = get_max_iter(ve, bits);
552 verbose(VERB_ALGO, "nsec3: keysize %d bits, max iterations %d",
553 (int)bits, (int)max_iter);
554
555 for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset;
556 rrset=filter_next(filter, &rrsetnum, &rrnum)) {
557 if(nsec3_get_iter(rrset, rrnum) > max_iter)
558 return 1;
559 }
560 return 0;
561 }
562
563 /* nsec3_cache_compare for rbtree */
564 int
nsec3_hash_cmp(const void * c1,const void * c2)565 nsec3_hash_cmp(const void* c1, const void* c2)
566 {
567 struct nsec3_cached_hash* h1 = (struct nsec3_cached_hash*)c1;
568 struct nsec3_cached_hash* h2 = (struct nsec3_cached_hash*)c2;
569 uint8_t* s1, *s2;
570 size_t s1len, s2len;
571 int c = query_dname_compare(h1->dname, h2->dname);
572 if(c != 0)
573 return c;
574 /* compare parameters */
575 /* if both malformed, its equal, robustness */
576 if(nsec3_get_algo(h1->nsec3, h1->rr) !=
577 nsec3_get_algo(h2->nsec3, h2->rr)) {
578 if(nsec3_get_algo(h1->nsec3, h1->rr) <
579 nsec3_get_algo(h2->nsec3, h2->rr))
580 return -1;
581 return 1;
582 }
583 if(nsec3_get_iter(h1->nsec3, h1->rr) !=
584 nsec3_get_iter(h2->nsec3, h2->rr)) {
585 if(nsec3_get_iter(h1->nsec3, h1->rr) <
586 nsec3_get_iter(h2->nsec3, h2->rr))
587 return -1;
588 return 1;
589 }
590 (void)nsec3_get_salt(h1->nsec3, h1->rr, &s1, &s1len);
591 (void)nsec3_get_salt(h2->nsec3, h2->rr, &s2, &s2len);
592 if(s1len == 0 && s2len == 0)
593 return 0;
594 if(!s1) return -1;
595 if(!s2) return 1;
596 if(s1len != s2len) {
597 if(s1len < s2len)
598 return -1;
599 return 1;
600 }
601 return memcmp(s1, s2, s1len);
602 }
603
604 int
nsec3_cache_table_init(struct nsec3_cache_table * ct,struct regional * region)605 nsec3_cache_table_init(struct nsec3_cache_table* ct, struct regional* region)
606 {
607 if(ct->ct) return 1;
608 ct->ct = (rbtree_type*)regional_alloc(region, sizeof(*ct->ct));
609 if(!ct->ct) return 0;
610 ct->region = region;
611 rbtree_init(ct->ct, &nsec3_hash_cmp);
612 return 1;
613 }
614
615 size_t
nsec3_get_hashed(sldns_buffer * buf,uint8_t * nm,size_t nmlen,int algo,size_t iter,uint8_t * salt,size_t saltlen,uint8_t * res,size_t max)616 nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
617 size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
618 {
619 size_t i, hash_len;
620 /* prepare buffer for first iteration */
621 sldns_buffer_clear(buf);
622 sldns_buffer_write(buf, nm, nmlen);
623 query_dname_tolower(sldns_buffer_begin(buf));
624 if(saltlen != 0)
625 sldns_buffer_write(buf, salt, saltlen);
626 sldns_buffer_flip(buf);
627 hash_len = nsec3_hash_algo_size_supported(algo);
628 if(hash_len == 0) {
629 log_err("nsec3 hash of unknown algo %d", algo);
630 return 0;
631 }
632 if(hash_len > max)
633 return 0;
634 if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
635 sldns_buffer_limit(buf), (unsigned char*)res))
636 return 0;
637 for(i=0; i<iter; i++) {
638 sldns_buffer_clear(buf);
639 sldns_buffer_write(buf, res, hash_len);
640 if(saltlen != 0)
641 sldns_buffer_write(buf, salt, saltlen);
642 sldns_buffer_flip(buf);
643 if(!secalgo_nsec3_hash(algo,
644 (unsigned char*)sldns_buffer_begin(buf),
645 sldns_buffer_limit(buf), (unsigned char*)res))
646 return 0;
647 }
648 return hash_len;
649 }
650
651 /** perform hash of name */
652 static int
nsec3_calc_hash(struct regional * region,sldns_buffer * buf,struct nsec3_cached_hash * c)653 nsec3_calc_hash(struct regional* region, sldns_buffer* buf,
654 struct nsec3_cached_hash* c)
655 {
656 int algo = nsec3_get_algo(c->nsec3, c->rr);
657 size_t iter = nsec3_get_iter(c->nsec3, c->rr);
658 uint8_t* salt;
659 size_t saltlen, i;
660 if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen))
661 return -1;
662 /* prepare buffer for first iteration */
663 sldns_buffer_clear(buf);
664 sldns_buffer_write(buf, c->dname, c->dname_len);
665 query_dname_tolower(sldns_buffer_begin(buf));
666 sldns_buffer_write(buf, salt, saltlen);
667 sldns_buffer_flip(buf);
668 c->hash_len = nsec3_hash_algo_size_supported(algo);
669 if(c->hash_len == 0) {
670 log_err("nsec3 hash of unknown algo %d", algo);
671 return -1;
672 }
673 c->hash = (uint8_t*)regional_alloc(region, c->hash_len);
674 if(!c->hash)
675 return 0;
676 (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
677 sldns_buffer_limit(buf), (unsigned char*)c->hash);
678 for(i=0; i<iter; i++) {
679 sldns_buffer_clear(buf);
680 sldns_buffer_write(buf, c->hash, c->hash_len);
681 sldns_buffer_write(buf, salt, saltlen);
682 sldns_buffer_flip(buf);
683 (void)secalgo_nsec3_hash(algo,
684 (unsigned char*)sldns_buffer_begin(buf),
685 sldns_buffer_limit(buf), (unsigned char*)c->hash);
686 }
687 return 1;
688 }
689
690 /** perform b32 encoding of hash */
691 static int
nsec3_calc_b32(struct regional * region,sldns_buffer * buf,struct nsec3_cached_hash * c)692 nsec3_calc_b32(struct regional* region, sldns_buffer* buf,
693 struct nsec3_cached_hash* c)
694 {
695 int r;
696 sldns_buffer_clear(buf);
697 r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len,
698 (char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf));
699 if(r < 1) {
700 log_err("b32_ntop_extended_hex: error in encoding: %d", r);
701 return 0;
702 }
703 c->b32_len = (size_t)r;
704 c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf),
705 c->b32_len);
706 if(!c->b32)
707 return 0;
708 return 1;
709 }
710
711 int
nsec3_hash_name(rbtree_type * table,struct regional * region,sldns_buffer * buf,struct ub_packed_rrset_key * nsec3,int rr,uint8_t * dname,size_t dname_len,struct nsec3_cached_hash ** hash)712 nsec3_hash_name(rbtree_type* table, struct regional* region, sldns_buffer* buf,
713 struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname,
714 size_t dname_len, struct nsec3_cached_hash** hash)
715 {
716 struct nsec3_cached_hash* c;
717 struct nsec3_cached_hash looki;
718 #ifdef UNBOUND_DEBUG
719 rbnode_type* n;
720 #endif
721 int r;
722 looki.node.key = &looki;
723 looki.nsec3 = nsec3;
724 looki.rr = rr;
725 looki.dname = dname;
726 looki.dname_len = dname_len;
727 /* lookup first in cache */
728 c = (struct nsec3_cached_hash*)rbtree_search(table, &looki);
729 if(c) {
730 *hash = c;
731 return 2;
732 }
733 /* create a new entry */
734 c = (struct nsec3_cached_hash*)regional_alloc(region, sizeof(*c));
735 if(!c) return 0;
736 c->node.key = c;
737 c->nsec3 = nsec3;
738 c->rr = rr;
739 c->dname = dname;
740 c->dname_len = dname_len;
741 r = nsec3_calc_hash(region, buf, c);
742 if(r != 1)
743 return r; /* returns -1 or 0 */
744 r = nsec3_calc_b32(region, buf, c);
745 if(r != 1)
746 return r; /* returns 0 */
747 #ifdef UNBOUND_DEBUG
748 n =
749 #else
750 (void)
751 #endif
752 rbtree_insert(table, &c->node);
753 log_assert(n); /* cannot be duplicate, just did lookup */
754 *hash = c;
755 return 1;
756 }
757
758 /**
759 * compare a label lowercased
760 */
761 static int
label_compare_lower(uint8_t * lab1,uint8_t * lab2,size_t lablen)762 label_compare_lower(uint8_t* lab1, uint8_t* lab2, size_t lablen)
763 {
764 size_t i;
765 for(i=0; i<lablen; i++) {
766 if(tolower((unsigned char)*lab1) != tolower((unsigned char)*lab2)) {
767 if(tolower((unsigned char)*lab1) < tolower((unsigned char)*lab2))
768 return -1;
769 return 1;
770 }
771 lab1++;
772 lab2++;
773 }
774 return 0;
775 }
776
777 /**
778 * Compare a hashed name with the owner name of an NSEC3 RRset.
779 * @param flt: filter with zone name.
780 * @param hash: the hashed name.
781 * @param s: rrset with owner name.
782 * @return true if matches exactly, false if not.
783 */
784 static int
nsec3_hash_matches_owner(struct nsec3_filter * flt,struct nsec3_cached_hash * hash,struct ub_packed_rrset_key * s)785 nsec3_hash_matches_owner(struct nsec3_filter* flt,
786 struct nsec3_cached_hash* hash, struct ub_packed_rrset_key* s)
787 {
788 uint8_t* nm = s->rk.dname;
789 if(!hash) return 0; /* please clang */
790 /* compare, does hash of name based on params in this NSEC3
791 * match the owner name of this NSEC3?
792 * name must be: <hashlength>base32 . zone name
793 * so; first label must not be root label (not zero length),
794 * and match the b32 encoded hash length,
795 * and the label content match the b32 encoded hash
796 * and the rest must be the zone name.
797 */
798 if(hash->b32_len != 0 && (size_t)nm[0] == hash->b32_len &&
799 label_compare_lower(nm+1, hash->b32, hash->b32_len) == 0 &&
800 query_dname_compare(nm+(size_t)nm[0]+1, flt->zone) == 0) {
801 return 1;
802 }
803 return 0;
804 }
805
806 /**
807 * Find matching NSEC3
808 * Find the NSEC3Record that matches a hash of a name.
809 * @param env: module environment with temporary region and buffer.
810 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
811 * @param ct: cached hashes table.
812 * @param nm: name to look for.
813 * @param nmlen: length of name.
814 * @param rrset: nsec3 that matches is returned here.
815 * @param rr: rr number in nsec3 rrset that matches.
816 * @param calculations: current hash calculations.
817 * @return true if a matching NSEC3 is found, false if not.
818 */
819 static int
find_matching_nsec3(struct module_env * env,struct nsec3_filter * flt,struct nsec3_cache_table * ct,uint8_t * nm,size_t nmlen,struct ub_packed_rrset_key ** rrset,int * rr,int * calculations)820 find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt,
821 struct nsec3_cache_table* ct, uint8_t* nm, size_t nmlen,
822 struct ub_packed_rrset_key** rrset, int* rr,
823 int* calculations)
824 {
825 size_t i_rs;
826 int i_rr;
827 struct ub_packed_rrset_key* s;
828 struct nsec3_cached_hash* hash = NULL;
829 int r;
830 int calc_errors = 0;
831
832 /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */
833 for(s=filter_first(flt, &i_rs, &i_rr); s;
834 s=filter_next(flt, &i_rs, &i_rr)) {
835 /* check if we are allowed more calculations */
836 if(*calculations >= MAX_NSEC3_CALCULATIONS) {
837 if(calc_errors == *calculations) {
838 *calculations = MAX_NSEC3_ERRORS;
839 }
840 break;
841 }
842 /* get name hashed for this NSEC3 RR */
843 r = nsec3_hash_name(ct->ct, ct->region, env->scratch_buffer,
844 s, i_rr, nm, nmlen, &hash);
845 if(r == 0) {
846 log_err("nsec3: malloc failure");
847 break; /* alloc failure */
848 } else if(r < 0) {
849 /* malformed NSEC3 */
850 calc_errors++;
851 (*calculations)++;
852 continue;
853 } else {
854 if(r == 1) (*calculations)++;
855 if(nsec3_hash_matches_owner(flt, hash, s)) {
856 *rrset = s; /* rrset with this name */
857 *rr = i_rr; /* matches hash with these parameters */
858 return 1;
859 }
860 }
861 }
862 *rrset = NULL;
863 *rr = 0;
864 return 0;
865 }
866
867 int
nsec3_covers(uint8_t * zone,struct nsec3_cached_hash * hash,struct ub_packed_rrset_key * rrset,int rr,sldns_buffer * buf)868 nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
869 struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf)
870 {
871 uint8_t* next, *owner;
872 size_t nextlen;
873 int len;
874 if(!nsec3_get_nextowner(rrset, rr, &next, &nextlen))
875 return 0; /* malformed RR proves nothing */
876
877 if(!hash) return 0; /* please clang */
878 /* check the owner name is a hashed value . apex
879 * base32 encoded values must have equal length.
880 * hash_value and next hash value must have equal length. */
881 if(nextlen != hash->hash_len || hash->hash_len==0||hash->b32_len==0||
882 (size_t)*rrset->rk.dname != hash->b32_len ||
883 query_dname_compare(rrset->rk.dname+1+
884 (size_t)*rrset->rk.dname, zone) != 0)
885 return 0; /* bad lengths or owner name */
886
887 /* This is the "normal case: owner < next and owner < hash < next */
888 if(label_compare_lower(rrset->rk.dname+1, hash->b32,
889 hash->b32_len) < 0 &&
890 memcmp(hash->hash, next, nextlen) < 0)
891 return 1;
892
893 /* convert owner name from text to binary */
894 sldns_buffer_clear(buf);
895 owner = sldns_buffer_begin(buf);
896 len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1,
897 hash->b32_len, owner, sldns_buffer_limit(buf));
898 if(len<1)
899 return 0; /* bad owner name in some way */
900 if((size_t)len != hash->hash_len || (size_t)len != nextlen)
901 return 0; /* wrong length */
902
903 /* this is the end of zone case: next <= owner &&
904 * (hash > owner || hash < next)
905 * this also covers the only-apex case of next==owner.
906 */
907 if(memcmp(next, owner, nextlen) <= 0 &&
908 ( memcmp(hash->hash, owner, nextlen) > 0 ||
909 memcmp(hash->hash, next, nextlen) < 0)) {
910 return 1;
911 }
912 return 0;
913 }
914
915 /**
916 * findCoveringNSEC3
917 * Given a name, find a covering NSEC3 from among a list of NSEC3s.
918 *
919 * @param env: module environment with temporary region and buffer.
920 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
921 * @param ct: cached hashes table.
922 * @param nm: name to check if covered.
923 * @param nmlen: length of name.
924 * @param rrset: covering NSEC3 rrset is returned here.
925 * @param rr: rr of cover is returned here.
926 * @param calculations: current hash calculations.
927 * @return true if a covering NSEC3 is found, false if not.
928 */
929 static int
find_covering_nsec3(struct module_env * env,struct nsec3_filter * flt,struct nsec3_cache_table * ct,uint8_t * nm,size_t nmlen,struct ub_packed_rrset_key ** rrset,int * rr,int * calculations)930 find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt,
931 struct nsec3_cache_table* ct, uint8_t* nm, size_t nmlen,
932 struct ub_packed_rrset_key** rrset, int* rr,
933 int* calculations)
934 {
935 size_t i_rs;
936 int i_rr;
937 struct ub_packed_rrset_key* s;
938 struct nsec3_cached_hash* hash = NULL;
939 int r;
940 int calc_errors = 0;
941
942 /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */
943 for(s=filter_first(flt, &i_rs, &i_rr); s;
944 s=filter_next(flt, &i_rs, &i_rr)) {
945 /* check if we are allowed more calculations */
946 if(*calculations >= MAX_NSEC3_CALCULATIONS) {
947 if(calc_errors == *calculations) {
948 *calculations = MAX_NSEC3_ERRORS;
949 }
950 break;
951 }
952 /* get name hashed for this NSEC3 RR */
953 r = nsec3_hash_name(ct->ct, ct->region, env->scratch_buffer,
954 s, i_rr, nm, nmlen, &hash);
955 if(r == 0) {
956 log_err("nsec3: malloc failure");
957 break; /* alloc failure */
958 } else if(r < 0) {
959 /* malformed NSEC3 */
960 calc_errors++;
961 (*calculations)++;
962 continue;
963 } else {
964 if(r == 1) (*calculations)++;
965 if(nsec3_covers(flt->zone, hash, s, i_rr,
966 env->scratch_buffer)) {
967 *rrset = s; /* rrset with this name */
968 *rr = i_rr; /* covers hash with these parameters */
969 return 1;
970 }
971 }
972 }
973 *rrset = NULL;
974 *rr = 0;
975 return 0;
976 }
977
978 /**
979 * findClosestEncloser
980 * Given a name and a list of NSEC3s, find the candidate closest encloser.
981 * This will be the first ancestor of 'name' (including itself) to have a
982 * matching NSEC3 RR.
983 * @param env: module environment with temporary region and buffer.
984 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
985 * @param ct: cached hashes table.
986 * @param qinfo: query that is verified for.
987 * @param ce: closest encloser information is returned in here.
988 * @param calculations: current hash calculations.
989 * @return true if a closest encloser candidate is found, false if not.
990 */
991 static int
nsec3_find_closest_encloser(struct module_env * env,struct nsec3_filter * flt,struct nsec3_cache_table * ct,struct query_info * qinfo,struct ce_response * ce,int * calculations)992 nsec3_find_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
993 struct nsec3_cache_table* ct, struct query_info* qinfo,
994 struct ce_response* ce, int* calculations)
995 {
996 uint8_t* nm = qinfo->qname;
997 size_t nmlen = qinfo->qname_len;
998
999 /* This scans from longest name to shortest, so the first match
1000 * we find is the only viable candidate. */
1001
1002 /* (David:) FIXME: modify so that the NSEC3 matching the zone apex need
1003 * not be present. (Mark Andrews idea).
1004 * (Wouter:) But make sure you check for DNAME bit in zone apex,
1005 * if the NSEC3 you find is the only NSEC3 in the zone, then this
1006 * may be the case. */
1007
1008 while(dname_subdomain_c(nm, flt->zone)) {
1009 if(*calculations >= MAX_NSEC3_CALCULATIONS ||
1010 *calculations == MAX_NSEC3_ERRORS) {
1011 return 0;
1012 }
1013 if(find_matching_nsec3(env, flt, ct, nm, nmlen,
1014 &ce->ce_rrset, &ce->ce_rr, calculations)) {
1015 ce->ce = nm;
1016 ce->ce_len = nmlen;
1017 return 1;
1018 }
1019 dname_remove_label(&nm, &nmlen);
1020 }
1021 return 0;
1022 }
1023
1024 /**
1025 * Given a qname and its proven closest encloser, calculate the "next
1026 * closest" name. Basically, this is the name that is one label longer than
1027 * the closest encloser that is still a subdomain of qname.
1028 *
1029 * @param qname: query name.
1030 * @param qnamelen: length of qname.
1031 * @param ce: closest encloser
1032 * @param nm: result name.
1033 * @param nmlen: length of nm.
1034 */
1035 static void
next_closer(uint8_t * qname,size_t qnamelen,uint8_t * ce,uint8_t ** nm,size_t * nmlen)1036 next_closer(uint8_t* qname, size_t qnamelen, uint8_t* ce,
1037 uint8_t** nm, size_t* nmlen)
1038 {
1039 int strip = dname_count_labels(qname) - dname_count_labels(ce) -1;
1040 *nm = qname;
1041 *nmlen = qnamelen;
1042 if(strip>0)
1043 dname_remove_labels(nm, nmlen, strip);
1044 }
1045
1046 /**
1047 * proveClosestEncloser
1048 * Given a List of nsec3 RRs, find and prove the closest encloser to qname.
1049 * @param env: module environment with temporary region and buffer.
1050 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
1051 * @param ct: cached hashes table.
1052 * @param qinfo: query that is verified for.
1053 * @param prove_does_not_exist: If true, then if the closest encloser
1054 * turns out to be qname, then null is returned.
1055 * If set true, and the return value is true, then you can be
1056 * certain that the ce.nc_rrset and ce.nc_rr are set properly.
1057 * @param ce: closest encloser information is returned in here.
1058 * @param calculations: pointer to the current NSEC3 hash calculations.
1059 * @return bogus if no closest encloser could be proven.
1060 * secure if a closest encloser could be proven, ce is set.
1061 * insecure if the closest-encloser candidate turns out to prove
1062 * that an insecure delegation exists above the qname.
1063 * unchecked if no more hash calculations are allowed at this point.
1064 */
1065 static enum sec_status
nsec3_prove_closest_encloser(struct module_env * env,struct nsec3_filter * flt,struct nsec3_cache_table * ct,struct query_info * qinfo,int prove_does_not_exist,struct ce_response * ce,int * calculations)1066 nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
1067 struct nsec3_cache_table* ct, struct query_info* qinfo,
1068 int prove_does_not_exist, struct ce_response* ce, int* calculations)
1069 {
1070 uint8_t* nc;
1071 size_t nc_len;
1072 /* robust: clean out ce, in case it gets abused later */
1073 memset(ce, 0, sizeof(*ce));
1074
1075 if(!nsec3_find_closest_encloser(env, flt, ct, qinfo, ce, calculations)) {
1076 if(*calculations == MAX_NSEC3_ERRORS) {
1077 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could "
1078 "not find a candidate for the closest "
1079 "encloser; all attempted hash calculations "
1080 "were erroneous; bogus");
1081 return sec_status_bogus;
1082 } else if(*calculations >= MAX_NSEC3_CALCULATIONS) {
1083 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could "
1084 "not find a candidate for the closest "
1085 "encloser; reached MAX_NSEC3_CALCULATIONS "
1086 "(%d); unchecked still",
1087 MAX_NSEC3_CALCULATIONS);
1088 return sec_status_unchecked;
1089 }
1090 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could "
1091 "not find a candidate for the closest encloser.");
1092 return sec_status_bogus;
1093 }
1094 log_nametypeclass(VERB_ALGO, "ce candidate", ce->ce, 0, 0);
1095
1096 if(query_dname_compare(ce->ce, qinfo->qname) == 0) {
1097 if(prove_does_not_exist) {
1098 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: "
1099 "proved that qname existed, bad");
1100 return sec_status_bogus;
1101 }
1102 /* otherwise, we need to nothing else to prove that qname
1103 * is its own closest encloser. */
1104 return sec_status_secure;
1105 }
1106
1107 /* If the closest encloser is actually a delegation, then the
1108 * response should have been a referral. If it is a DNAME, then
1109 * it should have been a DNAME response. */
1110 if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_NS) &&
1111 !nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_SOA)) {
1112 if(!nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DS)) {
1113 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: "
1114 "closest encloser is insecure delegation");
1115 return sec_status_insecure;
1116 }
1117 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest "
1118 "encloser was a delegation, bad");
1119 return sec_status_bogus;
1120 }
1121 if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DNAME)) {
1122 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest "
1123 "encloser was a DNAME, bad");
1124 return sec_status_bogus;
1125 }
1126
1127 /* Otherwise, we need to show that the next closer name is covered. */
1128 next_closer(qinfo->qname, qinfo->qname_len, ce->ce, &nc, &nc_len);
1129 if(!find_covering_nsec3(env, flt, ct, nc, nc_len,
1130 &ce->nc_rrset, &ce->nc_rr, calculations)) {
1131 if(*calculations == MAX_NSEC3_ERRORS) {
1132 verbose(VERB_ALGO, "nsec3: Could not find proof that the "
1133 "candidate encloser was the closest encloser; "
1134 "all attempted hash calculations were "
1135 "erroneous; bogus");
1136 return sec_status_bogus;
1137 } else if(*calculations >= MAX_NSEC3_CALCULATIONS) {
1138 verbose(VERB_ALGO, "nsec3: Could not find proof that the "
1139 "candidate encloser was the closest encloser; "
1140 "reached MAX_NSEC3_CALCULATIONS (%d); "
1141 "unchecked still",
1142 MAX_NSEC3_CALCULATIONS);
1143 return sec_status_unchecked;
1144 }
1145 verbose(VERB_ALGO, "nsec3: Could not find proof that the "
1146 "candidate encloser was the closest encloser");
1147 return sec_status_bogus;
1148 }
1149 return sec_status_secure;
1150 }
1151
1152 /** allocate a wildcard for the closest encloser */
1153 static uint8_t*
nsec3_ce_wildcard(struct regional * region,uint8_t * ce,size_t celen,size_t * len)1154 nsec3_ce_wildcard(struct regional* region, uint8_t* ce, size_t celen,
1155 size_t* len)
1156 {
1157 uint8_t* nm;
1158 if(celen > LDNS_MAX_DOMAINLEN - 2)
1159 return 0; /* too long */
1160 nm = (uint8_t*)regional_alloc(region, celen+2);
1161 if(!nm) {
1162 log_err("nsec3 wildcard: out of memory");
1163 return 0; /* alloc failure */
1164 }
1165 nm[0] = 1;
1166 nm[1] = (uint8_t)'*'; /* wildcard label */
1167 memmove(nm+2, ce, celen);
1168 *len = celen+2;
1169 return nm;
1170 }
1171
1172 /** Do the name error proof */
1173 static enum sec_status
nsec3_do_prove_nameerror(struct module_env * env,struct nsec3_filter * flt,struct nsec3_cache_table * ct,struct query_info * qinfo,int * calc)1174 nsec3_do_prove_nameerror(struct module_env* env, struct nsec3_filter* flt,
1175 struct nsec3_cache_table* ct, struct query_info* qinfo, int* calc)
1176 {
1177 struct ce_response ce;
1178 uint8_t* wc;
1179 size_t wclen;
1180 struct ub_packed_rrset_key* wc_rrset;
1181 int wc_rr;
1182 enum sec_status sec;
1183
1184 /* First locate and prove the closest encloser to qname. We will
1185 * use the variant that fails if the closest encloser turns out
1186 * to be qname. */
1187 sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce, calc);
1188 if(sec != sec_status_secure) {
1189 if(sec == sec_status_bogus)
1190 verbose(VERB_ALGO, "nsec3 nameerror proof: failed "
1191 "to prove a closest encloser");
1192 else if(sec == sec_status_unchecked)
1193 verbose(VERB_ALGO, "nsec3 nameerror proof: will "
1194 "continue proving closest encloser after "
1195 "suspend");
1196 else verbose(VERB_ALGO, "nsec3 nameerror proof: closest "
1197 "nsec3 is an insecure delegation");
1198 return sec;
1199 }
1200 log_nametypeclass(VERB_ALGO, "nsec3 nameerror: proven ce=", ce.ce,0,0);
1201
1202 /* At this point, we know that qname does not exist. Now we need
1203 * to prove that the wildcard does not exist. */
1204 log_assert(ce.ce);
1205 wc = nsec3_ce_wildcard(ct->region, ce.ce, ce.ce_len, &wclen);
1206 if(!wc) {
1207 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove "
1208 "that the applicable wildcard did not exist.");
1209 return sec_status_bogus;
1210 }
1211 if(!find_covering_nsec3(env, flt, ct, wc, wclen, &wc_rrset, &wc_rr, calc)) {
1212 if(*calc == MAX_NSEC3_ERRORS) {
1213 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove "
1214 "that the applicable wildcard did not exist; "
1215 "all attempted hash calculations were "
1216 "erroneous; bogus");
1217 return sec_status_bogus;
1218 } else if(*calc >= MAX_NSEC3_CALCULATIONS) {
1219 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove "
1220 "that the applicable wildcard did not exist; "
1221 "reached MAX_NSEC3_CALCULATIONS (%d); "
1222 "unchecked still",
1223 MAX_NSEC3_CALCULATIONS);
1224 return sec_status_unchecked;
1225 }
1226 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove "
1227 "that the applicable wildcard did not exist.");
1228 return sec_status_bogus;
1229 }
1230
1231 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1232 verbose(VERB_ALGO, "nsec3 nameerror proof: nc has optout");
1233 return sec_status_insecure;
1234 }
1235 return sec_status_secure;
1236 }
1237
1238 enum sec_status
nsec3_prove_nameerror(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,struct nsec3_cache_table * ct,int * calc)1239 nsec3_prove_nameerror(struct module_env* env, struct val_env* ve,
1240 struct ub_packed_rrset_key** list, size_t num,
1241 struct query_info* qinfo, struct key_entry_key* kkey,
1242 struct nsec3_cache_table* ct, int* calc)
1243 {
1244 struct nsec3_filter flt;
1245
1246 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1247 return sec_status_bogus; /* no valid NSEC3s, bogus */
1248 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1249 if(!flt.zone)
1250 return sec_status_bogus; /* no RRs */
1251 if(!param_set_same(&flt, NULL))
1252 return sec_status_bogus; /* nsec3 params from distinct chains*/
1253 if(nsec3_iteration_count_high(ve, &flt, kkey))
1254 return sec_status_insecure; /* iteration count too high */
1255 log_nametypeclass(VERB_ALGO, "start nsec3 nameerror proof, zone",
1256 flt.zone, 0, 0);
1257 return nsec3_do_prove_nameerror(env, &flt, ct, qinfo, calc);
1258 }
1259
1260 /*
1261 * No code to handle qtype=NSEC3 specially.
1262 * This existed in early drafts, but was later (-05) removed.
1263 */
1264
1265 /** Do the nodata proof */
1266 static enum sec_status
nsec3_do_prove_nodata(struct module_env * env,struct nsec3_filter * flt,struct nsec3_cache_table * ct,struct query_info * qinfo,int * calc)1267 nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt,
1268 struct nsec3_cache_table* ct, struct query_info* qinfo,
1269 int* calc)
1270 {
1271 struct ce_response ce;
1272 uint8_t* wc;
1273 size_t wclen;
1274 struct ub_packed_rrset_key* rrset;
1275 int rr;
1276 enum sec_status sec;
1277
1278 if(find_matching_nsec3(env, flt, ct, qinfo->qname, qinfo->qname_len,
1279 &rrset, &rr, calc)) {
1280 /* cases 1 and 2 */
1281 if(nsec3_has_type(rrset, rr, qinfo->qtype)) {
1282 verbose(VERB_ALGO, "proveNodata: Matching NSEC3 "
1283 "proved that type existed, bogus");
1284 return sec_status_bogus;
1285 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) {
1286 verbose(VERB_ALGO, "proveNodata: Matching NSEC3 "
1287 "proved that a CNAME existed, bogus");
1288 return sec_status_bogus;
1289 }
1290
1291 /*
1292 * If type DS: filter_init zone find already found a parent
1293 * zone, so this nsec3 is from a parent zone.
1294 * o can be not a delegation (unusual query for normal name,
1295 * no DS anyway, but we can verify that).
1296 * o can be a delegation (which is the usual DS check).
1297 * o may not have the SOA bit set (only the top of the
1298 * zone, which must have been above the name, has that).
1299 * Except for the root; which is checked by itself.
1300 *
1301 * If not type DS: matching nsec3 must not be a delegation.
1302 */
1303 if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
1304 && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
1305 !dname_is_root(qinfo->qname)) {
1306 verbose(VERB_ALGO, "proveNodata: apex NSEC3 "
1307 "abused for no DS proof, bogus");
1308 return sec_status_bogus;
1309 } else if(qinfo->qtype != LDNS_RR_TYPE_DS &&
1310 nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) &&
1311 !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
1312 if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) {
1313 verbose(VERB_ALGO, "proveNodata: matching "
1314 "NSEC3 is insecure delegation");
1315 return sec_status_insecure;
1316 }
1317 verbose(VERB_ALGO, "proveNodata: matching "
1318 "NSEC3 is a delegation, bogus");
1319 return sec_status_bogus;
1320 }
1321 return sec_status_secure;
1322 }
1323 if(*calc == MAX_NSEC3_ERRORS) {
1324 verbose(VERB_ALGO, "proveNodata: all attempted hash "
1325 "calculations were erroneous while finding a matching "
1326 "NSEC3, bogus");
1327 return sec_status_bogus;
1328 } else if(*calc >= MAX_NSEC3_CALCULATIONS) {
1329 verbose(VERB_ALGO, "proveNodata: reached "
1330 "MAX_NSEC3_CALCULATIONS (%d) while finding a "
1331 "matching NSEC3; unchecked still",
1332 MAX_NSEC3_CALCULATIONS);
1333 return sec_status_unchecked;
1334 }
1335
1336 /* For cases 3 - 5, we need the proven closest encloser, and it
1337 * can't match qname. Although, at this point, we know that it
1338 * won't since we just checked that. */
1339 sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce, calc);
1340 if(sec == sec_status_bogus) {
1341 verbose(VERB_ALGO, "proveNodata: did not match qname, "
1342 "nor found a proven closest encloser.");
1343 return sec_status_bogus;
1344 } else if(sec==sec_status_insecure && qinfo->qtype!=LDNS_RR_TYPE_DS){
1345 verbose(VERB_ALGO, "proveNodata: closest nsec3 is insecure "
1346 "delegation.");
1347 return sec_status_insecure;
1348 } else if(sec==sec_status_unchecked) {
1349 return sec_status_unchecked;
1350 }
1351
1352 /* Case 3: removed */
1353
1354 /* Case 4: */
1355 log_assert(ce.ce);
1356 wc = nsec3_ce_wildcard(ct->region, ce.ce, ce.ce_len, &wclen);
1357 if(wc && find_matching_nsec3(env, flt, ct, wc, wclen, &rrset, &rr,
1358 calc)) {
1359 /* found wildcard */
1360 if(nsec3_has_type(rrset, rr, qinfo->qtype)) {
1361 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1362 "wildcard had qtype, bogus");
1363 return sec_status_bogus;
1364 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) {
1365 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1366 "wildcard had a CNAME, bogus");
1367 return sec_status_bogus;
1368 }
1369 if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
1370 && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
1371 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1372 "wildcard for no DS proof has a SOA, bogus");
1373 return sec_status_bogus;
1374 } else if(qinfo->qtype != LDNS_RR_TYPE_DS &&
1375 nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) &&
1376 !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
1377 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1378 "wildcard is a delegation, bogus");
1379 return sec_status_bogus;
1380 }
1381 /* everything is peachy keen, except for optout spans */
1382 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1383 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1384 "wildcard is in optout range, insecure");
1385 return sec_status_insecure;
1386 }
1387 return sec_status_secure;
1388 }
1389 if(*calc == MAX_NSEC3_ERRORS) {
1390 verbose(VERB_ALGO, "nsec3 nodata proof: all attempted hash "
1391 "calculations were erroneous while matching "
1392 "wildcard, bogus");
1393 return sec_status_bogus;
1394 } else if(*calc >= MAX_NSEC3_CALCULATIONS) {
1395 verbose(VERB_ALGO, "nsec3 nodata proof: reached "
1396 "MAX_NSEC3_CALCULATIONS (%d) while matching "
1397 "wildcard, unchecked still",
1398 MAX_NSEC3_CALCULATIONS);
1399 return sec_status_unchecked;
1400 }
1401
1402 /* Case 5: */
1403 /* Due to forwarders, cnames, and other collating effects, we
1404 * can see the ordinary unsigned data from a zone beneath an
1405 * insecure delegation under an optout here */
1406 if(!ce.nc_rrset) {
1407 verbose(VERB_ALGO, "nsec3 nodata proof: no next closer nsec3");
1408 return sec_status_bogus;
1409 }
1410
1411 /* We need to make sure that the covering NSEC3 is opt-out. */
1412 log_assert(ce.nc_rrset);
1413 if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1414 if(qinfo->qtype == LDNS_RR_TYPE_DS)
1415 verbose(VERB_ALGO, "proveNodata: covering NSEC3 was not "
1416 "opt-out in an opt-out DS NOERROR/NODATA case.");
1417 else verbose(VERB_ALGO, "proveNodata: could not find matching "
1418 "NSEC3, nor matching wildcard, nor optout NSEC3 "
1419 "-- no more options, bogus.");
1420 return sec_status_bogus;
1421 }
1422 /* RFC5155 section 9.2: if nc has optout then no AD flag set */
1423 return sec_status_insecure;
1424 }
1425
1426 enum sec_status
nsec3_prove_nodata(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,struct nsec3_cache_table * ct,int * calc)1427 nsec3_prove_nodata(struct module_env* env, struct val_env* ve,
1428 struct ub_packed_rrset_key** list, size_t num,
1429 struct query_info* qinfo, struct key_entry_key* kkey,
1430 struct nsec3_cache_table* ct, int* calc)
1431 {
1432 struct nsec3_filter flt;
1433
1434 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1435 return sec_status_bogus; /* no valid NSEC3s, bogus */
1436 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1437 if(!flt.zone)
1438 return sec_status_bogus; /* no RRs */
1439 if(!param_set_same(&flt, NULL))
1440 return sec_status_bogus; /* nsec3 params from distinct chains*/
1441 if(nsec3_iteration_count_high(ve, &flt, kkey))
1442 return sec_status_insecure; /* iteration count too high */
1443 return nsec3_do_prove_nodata(env, &flt, ct, qinfo, calc);
1444 }
1445
1446 enum sec_status
nsec3_prove_wildcard(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,uint8_t * wc,struct nsec3_cache_table * ct,int * calc)1447 nsec3_prove_wildcard(struct module_env* env, struct val_env* ve,
1448 struct ub_packed_rrset_key** list, size_t num,
1449 struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc,
1450 struct nsec3_cache_table* ct, int* calc)
1451 {
1452 struct nsec3_filter flt;
1453 struct ce_response ce;
1454 uint8_t* nc;
1455 size_t nc_len;
1456 size_t wclen;
1457 (void)dname_count_size_labels(wc, &wclen);
1458
1459 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1460 return sec_status_bogus; /* no valid NSEC3s, bogus */
1461 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1462 if(!flt.zone)
1463 return sec_status_bogus; /* no RRs */
1464 if(!param_set_same(&flt, NULL))
1465 return sec_status_bogus; /* nsec3 params from distinct chains*/
1466 if(nsec3_iteration_count_high(ve, &flt, kkey))
1467 return sec_status_insecure; /* iteration count too high */
1468
1469 /* We know what the (purported) closest encloser is by just
1470 * looking at the supposed generating wildcard.
1471 * The *. has already been removed from the wc name.
1472 */
1473 memset(&ce, 0, sizeof(ce));
1474 ce.ce = wc;
1475 ce.ce_len = wclen;
1476
1477 /* Now we still need to prove that the original data did not exist.
1478 * Otherwise, we need to show that the next closer name is covered. */
1479 next_closer(qinfo->qname, qinfo->qname_len, ce.ce, &nc, &nc_len);
1480 if(!find_covering_nsec3(env, &flt, ct, nc, nc_len,
1481 &ce.nc_rrset, &ce.nc_rr, calc)) {
1482 if(*calc == MAX_NSEC3_ERRORS) {
1483 verbose(VERB_ALGO, "proveWildcard: did not find a "
1484 "covering NSEC3 that covered the next closer "
1485 "name; all attempted hash calculations were "
1486 "erroneous; bogus");
1487 return sec_status_bogus;
1488 } else if(*calc >= MAX_NSEC3_CALCULATIONS) {
1489 verbose(VERB_ALGO, "proveWildcard: did not find a "
1490 "covering NSEC3 that covered the next closer "
1491 "name; reached MAX_NSEC3_CALCULATIONS "
1492 "(%d); unchecked still",
1493 MAX_NSEC3_CALCULATIONS);
1494 return sec_status_unchecked;
1495 }
1496 verbose(VERB_ALGO, "proveWildcard: did not find a covering "
1497 "NSEC3 that covered the next closer name.");
1498 return sec_status_bogus;
1499 }
1500 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1501 verbose(VERB_ALGO, "proveWildcard: NSEC3 optout");
1502 return sec_status_insecure;
1503 }
1504 return sec_status_secure;
1505 }
1506
1507 /** test if list is all secure */
1508 static int
list_is_secure(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct key_entry_key * kkey,char ** reason,sldns_ede_code * reason_bogus,struct module_qstate * qstate,char * reasonbuf,size_t reasonlen)1509 list_is_secure(struct module_env* env, struct val_env* ve,
1510 struct ub_packed_rrset_key** list, size_t num,
1511 struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus,
1512 struct module_qstate* qstate, char* reasonbuf, size_t reasonlen)
1513 {
1514 struct packed_rrset_data* d;
1515 size_t i;
1516 int verified = 0;
1517 for(i=0; i<num; i++) {
1518 d = (struct packed_rrset_data*)list[i]->entry.data;
1519 if(list[i]->rk.type != htons(LDNS_RR_TYPE_NSEC3))
1520 continue;
1521 if(d->security == sec_status_secure)
1522 continue;
1523 rrset_check_sec_status(env->rrset_cache, list[i], *env->now);
1524 if(d->security == sec_status_secure)
1525 continue;
1526 d->security = val_verify_rrset_entry(env, ve, list[i], kkey,
1527 reason, reason_bogus, LDNS_SECTION_AUTHORITY, qstate,
1528 &verified, reasonbuf, reasonlen);
1529 if(d->security != sec_status_secure) {
1530 verbose(VERB_ALGO, "NSEC3 did not verify");
1531 return 0;
1532 }
1533 rrset_update_sec_status(env->rrset_cache, list[i], *env->now);
1534 }
1535 return 1;
1536 }
1537
1538 enum sec_status
nsec3_prove_nods(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,char ** reason,sldns_ede_code * reason_bogus,struct module_qstate * qstate,struct nsec3_cache_table * ct,char * reasonbuf,size_t reasonlen)1539 nsec3_prove_nods(struct module_env* env, struct val_env* ve,
1540 struct ub_packed_rrset_key** list, size_t num,
1541 struct query_info* qinfo, struct key_entry_key* kkey, char** reason,
1542 sldns_ede_code* reason_bogus, struct module_qstate* qstate,
1543 struct nsec3_cache_table* ct, char* reasonbuf, size_t reasonlen)
1544 {
1545 struct nsec3_filter flt;
1546 struct ce_response ce;
1547 struct ub_packed_rrset_key* rrset;
1548 int rr;
1549 int calc = 0;
1550 enum sec_status sec;
1551
1552 log_assert(qinfo->qtype == LDNS_RR_TYPE_DS);
1553
1554 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) {
1555 *reason = "no valid NSEC3s";
1556 return sec_status_bogus; /* no valid NSEC3s, bogus */
1557 }
1558 if(!list_is_secure(env, ve, list, num, kkey, reason, reason_bogus,
1559 qstate, reasonbuf, reasonlen)) {
1560 *reason = "not all NSEC3 records secure";
1561 return sec_status_bogus; /* not all NSEC3 records secure */
1562 }
1563 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1564 if(!flt.zone) {
1565 *reason = "no NSEC3 records";
1566 return sec_status_bogus; /* no RRs */
1567 }
1568 if(!param_set_same(&flt, reason))
1569 return sec_status_bogus; /* nsec3 params from distinct chains*/
1570 if(nsec3_iteration_count_high(ve, &flt, kkey))
1571 return sec_status_insecure; /* iteration count too high */
1572
1573 /* Look for a matching NSEC3 to qname -- this is the normal
1574 * NODATA case. */
1575 if(find_matching_nsec3(env, &flt, ct, qinfo->qname, qinfo->qname_len,
1576 &rrset, &rr, &calc)) {
1577 /* If the matching NSEC3 has the SOA bit set, it is from
1578 * the wrong zone (the child instead of the parent). If
1579 * it has the DS bit set, then we were lied to. */
1580 if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
1581 qinfo->qname_len != 1) {
1582 verbose(VERB_ALGO, "nsec3 provenods: NSEC3 is from"
1583 " child zone, bogus");
1584 *reason = "NSEC3 from child zone";
1585 return sec_status_bogus;
1586 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) {
1587 verbose(VERB_ALGO, "nsec3 provenods: NSEC3 has qtype"
1588 " DS, bogus");
1589 *reason = "NSEC3 has DS in bitmap";
1590 return sec_status_bogus;
1591 }
1592 /* If the NSEC3 RR doesn't have the NS bit set, then
1593 * this wasn't a delegation point. */
1594 if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS))
1595 return sec_status_indeterminate;
1596 /* Otherwise, this proves no DS. */
1597 return sec_status_secure;
1598 }
1599 if(calc == MAX_NSEC3_ERRORS) {
1600 verbose(VERB_ALGO, "nsec3 provenods: all attempted hash "
1601 "calculations were erroneous while finding a matching "
1602 "NSEC3, bogus");
1603 return sec_status_bogus;
1604 } else if(calc >= MAX_NSEC3_CALCULATIONS) {
1605 verbose(VERB_ALGO, "nsec3 provenods: reached "
1606 "MAX_NSEC3_CALCULATIONS (%d) while finding a "
1607 "matching NSEC3, unchecked still",
1608 MAX_NSEC3_CALCULATIONS);
1609 return sec_status_unchecked;
1610 }
1611
1612 /* Otherwise, we are probably in the opt-out case. */
1613 sec = nsec3_prove_closest_encloser(env, &flt, ct, qinfo, 1, &ce, &calc);
1614 if(sec == sec_status_unchecked) {
1615 return sec_status_unchecked;
1616 } else if(sec != sec_status_secure) {
1617 /* an insecure delegation *above* the qname does not prove
1618 * anything about this qname exactly, and bogus is bogus */
1619 verbose(VERB_ALGO, "nsec3 provenods: did not match qname, "
1620 "nor found a proven closest encloser.");
1621 *reason = "no NSEC3 closest encloser";
1622 return sec_status_bogus;
1623 }
1624
1625 /* robust extra check */
1626 if(!ce.nc_rrset) {
1627 verbose(VERB_ALGO, "nsec3 nods proof: no next closer nsec3");
1628 *reason = "no NSEC3 next closer";
1629 return sec_status_bogus;
1630 }
1631
1632 /* we had the closest encloser proof, then we need to check that the
1633 * covering NSEC3 was opt-out -- the proveClosestEncloser step already
1634 * checked to see if the closest encloser was a delegation or DNAME.
1635 */
1636 log_assert(ce.nc_rrset);
1637 if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1638 verbose(VERB_ALGO, "nsec3 provenods: covering NSEC3 was not "
1639 "opt-out in an opt-out DS NOERROR/NODATA case.");
1640 *reason = "covering NSEC3 was not opt-out in an opt-out "
1641 "DS NOERROR/NODATA case";
1642 return sec_status_bogus;
1643 }
1644 /* RFC5155 section 9.2: if nc has optout then no AD flag set */
1645 return sec_status_insecure;
1646 }
1647
1648 enum sec_status
nsec3_prove_nxornodata(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,int * nodata,struct nsec3_cache_table * ct,int * calc)1649 nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve,
1650 struct ub_packed_rrset_key** list, size_t num,
1651 struct query_info* qinfo, struct key_entry_key* kkey, int* nodata,
1652 struct nsec3_cache_table* ct, int* calc)
1653 {
1654 enum sec_status sec, secnx;
1655 struct nsec3_filter flt;
1656 *nodata = 0;
1657
1658 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1659 return sec_status_bogus; /* no valid NSEC3s, bogus */
1660 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1661 if(!flt.zone)
1662 return sec_status_bogus; /* no RRs */
1663 if(!param_set_same(&flt, NULL))
1664 return sec_status_bogus; /* nsec3 params from distinct chains*/
1665 if(nsec3_iteration_count_high(ve, &flt, kkey))
1666 return sec_status_insecure; /* iteration count too high */
1667
1668 /* try nxdomain and nodata after another, while keeping the
1669 * hash cache intact */
1670
1671 secnx = nsec3_do_prove_nameerror(env, &flt, ct, qinfo, calc);
1672 if(secnx==sec_status_secure)
1673 return sec_status_secure;
1674 else if(secnx == sec_status_unchecked)
1675 return sec_status_unchecked;
1676 sec = nsec3_do_prove_nodata(env, &flt, ct, qinfo, calc);
1677 if(sec==sec_status_secure) {
1678 *nodata = 1;
1679 } else if(sec == sec_status_insecure) {
1680 *nodata = 1;
1681 } else if(secnx == sec_status_insecure) {
1682 sec = sec_status_insecure;
1683 } else if(sec == sec_status_unchecked) {
1684 return sec_status_unchecked;
1685 }
1686 return sec;
1687 }
1688