1 /* 2 * util/edns.c - handle base EDNS options. 3 * 4 * Copyright (c) 2018, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions for base EDNS options. 40 */ 41 42 #include "config.h" 43 #include "util/edns.h" 44 #include "util/config_file.h" 45 #include "util/netevent.h" 46 #include "util/net_help.h" 47 #include "util/regional.h" 48 #include "util/rfc_1982.h" 49 #include "util/siphash.h" 50 #include "util/data/msgparse.h" 51 #include "util/data/msgreply.h" 52 #include "sldns/sbuffer.h" 53 54 #if 0 55 /* XXX: remove me */ 56 #include "edns.h" 57 #endif 58 59 struct edns_strings* edns_strings_create(void) 60 { 61 struct edns_strings* edns_strings = calloc(1, 62 sizeof(struct edns_strings)); 63 if(!edns_strings) 64 return NULL; 65 if(!(edns_strings->region = regional_create())) { 66 edns_strings_delete(edns_strings); 67 return NULL; 68 } 69 return edns_strings; 70 } 71 72 void edns_strings_delete(struct edns_strings* edns_strings) 73 { 74 if(!edns_strings) 75 return; 76 regional_destroy(edns_strings->region); 77 free(edns_strings); 78 } 79 80 static int 81 edns_strings_client_insert(struct edns_strings* edns_strings, 82 struct sockaddr_storage* addr, socklen_t addrlen, int net, 83 const char* string) 84 { 85 struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region, 86 sizeof(struct edns_string_addr)); 87 if(!esa) 88 return 0; 89 esa->string_len = strlen(string); 90 esa->string = regional_alloc_init(edns_strings->region, string, 91 esa->string_len); 92 if(!esa->string) 93 return 0; 94 if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr, 95 addrlen, net)) { 96 verbose(VERB_QUERY, "duplicate EDNS client string ignored."); 97 } 98 return 1; 99 } 100 101 int edns_strings_apply_cfg(struct edns_strings* edns_strings, 102 struct config_file* config) 103 { 104 struct config_str2list* c; 105 regional_free_all(edns_strings->region); 106 addr_tree_init(&edns_strings->client_strings); 107 108 for(c=config->edns_client_strings; c; c=c->next) { 109 struct sockaddr_storage addr; 110 socklen_t addrlen; 111 int net; 112 log_assert(c->str && c->str2); 113 114 if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen, 115 &net)) { 116 log_err("cannot parse EDNS client string IP netblock: " 117 "%s", c->str); 118 return 0; 119 } 120 if(!edns_strings_client_insert(edns_strings, &addr, addrlen, 121 net, c->str2)) { 122 log_err("out of memory while adding EDNS strings"); 123 return 0; 124 } 125 } 126 edns_strings->client_string_opcode = config->edns_client_string_opcode; 127 128 addr_tree_init_parents(&edns_strings->client_strings); 129 return 1; 130 } 131 132 struct edns_string_addr* 133 edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, 134 socklen_t addrlen) 135 { 136 return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen); 137 } 138 139 uint8_t* 140 edns_cookie_server_hash(const uint8_t* in, const uint8_t* secret, int v4, 141 uint8_t* hash) 142 { 143 v4?siphash(in, 20, secret, hash, 8):siphash(in, 32, secret, hash, 8); 144 return hash; 145 } 146 147 void 148 edns_cookie_server_write(uint8_t* buf, const uint8_t* secret, int v4, 149 uint32_t timestamp) 150 { 151 uint8_t hash[8]; 152 buf[ 8] = 1; /* Version */ 153 buf[ 9] = 0; /* Reserved */ 154 buf[10] = 0; /* Reserved */ 155 buf[11] = 0; /* Reserved */ 156 sldns_write_uint32(buf + 12, timestamp); 157 (void)edns_cookie_server_hash(buf, secret, v4, hash); 158 memcpy(buf + 16, hash, 8); 159 } 160 161 enum edns_cookie_val_status 162 edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len, 163 const uint8_t* secret, size_t secret_len, int v4, 164 const uint8_t* hash_input, uint32_t now) 165 { 166 uint8_t hash[8]; 167 uint32_t timestamp; 168 uint32_t subt_1982 = 0; /* Initialize for the compiler; unused value */ 169 int comp_1982; 170 if(cookie_len != 24) 171 /* RFC9018 cookies are 24 bytes long */ 172 return COOKIE_STATUS_CLIENT_ONLY; 173 if(secret_len != 16 || /* RFC9018 cookies have 16 byte secrets */ 174 cookie[8] != 1) /* RFC9018 cookies are cookie version 1 */ 175 return COOKIE_STATUS_INVALID; 176 timestamp = sldns_read_uint32(cookie + 12); 177 if((comp_1982 = compare_1982(now, timestamp)) > 0 178 && (subt_1982 = subtract_1982(timestamp, now)) > 3600) 179 /* Cookie is older than 1 hour (see RFC9018 Section 4.3.) */ 180 return COOKIE_STATUS_EXPIRED; 181 if(comp_1982 <= 0 && subtract_1982(now, timestamp) > 300) 182 /* Cookie time is more than 5 minutes in the future. 183 * (see RFC9018 Section 4.3.) */ 184 return COOKIE_STATUS_FUTURE; 185 if(memcmp(edns_cookie_server_hash(hash_input, secret, v4, hash), 186 cookie + 16, 8) != 0) 187 /* Hashes do not match */ 188 return COOKIE_STATUS_INVALID; 189 if(comp_1982 > 0 && subt_1982 > 1800) 190 /* Valid cookie but older than 30 minutes, so create a new one 191 * anyway */ 192 return COOKIE_STATUS_VALID_RENEW; 193 return COOKIE_STATUS_VALID; 194 } 195 196 struct cookie_secrets* 197 cookie_secrets_create(void) 198 { 199 struct cookie_secrets* cookie_secrets = calloc(1, 200 sizeof(*cookie_secrets)); 201 if(!cookie_secrets) 202 return NULL; 203 lock_basic_init(&cookie_secrets->lock); 204 lock_protect(&cookie_secrets->lock, &cookie_secrets->cookie_count, 205 sizeof(cookie_secrets->cookie_count)); 206 lock_protect(&cookie_secrets->lock, cookie_secrets->cookie_secrets, 207 sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE); 208 return cookie_secrets; 209 } 210 211 void 212 cookie_secrets_delete(struct cookie_secrets* cookie_secrets) 213 { 214 if(!cookie_secrets) 215 return; 216 lock_basic_destroy(&cookie_secrets->lock); 217 explicit_bzero(cookie_secrets->cookie_secrets, 218 sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE); 219 free(cookie_secrets); 220 } 221 222 /** Read the cookie secret file */ 223 static int 224 cookie_secret_file_read(struct cookie_secrets* cookie_secrets, 225 char* cookie_secret_file) 226 { 227 char secret[UNBOUND_COOKIE_SECRET_SIZE * 2 + 2/*'\n' and '\0'*/]; 228 FILE* f; 229 int corrupt = 0; 230 size_t count; 231 232 log_assert(cookie_secret_file != NULL); 233 cookie_secrets->cookie_count = 0; 234 f = fopen(cookie_secret_file, "r"); 235 /* a non-existing cookie file is not an error */ 236 if( f == NULL ) { 237 if(errno != EPERM) { 238 log_err("Could not read cookie-secret-file '%s': %s", 239 cookie_secret_file, strerror(errno)); 240 return 0; 241 } 242 return 1; 243 } 244 /* cookie secret file exists and is readable */ 245 for( count = 0; count < UNBOUND_COOKIE_HISTORY_SIZE; count++ ) { 246 size_t secret_len = 0; 247 ssize_t decoded_len = 0; 248 if( fgets(secret, sizeof(secret), f) == NULL ) { break; } 249 secret_len = strlen(secret); 250 if( secret_len == 0 ) { break; } 251 log_assert( secret_len <= sizeof(secret) ); 252 secret_len = secret[secret_len - 1] == '\n' ? secret_len - 1 : secret_len; 253 if( secret_len != UNBOUND_COOKIE_SECRET_SIZE * 2 ) { corrupt++; break; } 254 /* needed for `hex_pton`; stripping potential `\n` */ 255 secret[secret_len] = '\0'; 256 decoded_len = hex_pton(secret, cookie_secrets->cookie_secrets[count].cookie_secret, 257 UNBOUND_COOKIE_SECRET_SIZE); 258 if( decoded_len != UNBOUND_COOKIE_SECRET_SIZE ) { corrupt++; break; } 259 cookie_secrets->cookie_count++; 260 } 261 fclose(f); 262 return corrupt == 0; 263 } 264 265 int 266 cookie_secrets_apply_cfg(struct cookie_secrets* cookie_secrets, 267 char* cookie_secret_file) 268 { 269 if(!cookie_secrets) { 270 if(!cookie_secret_file || !cookie_secret_file[0]) 271 return 1; /* There is nothing to read anyway */ 272 log_err("Could not read cookie secrets, no structure alloced"); 273 return 0; 274 } 275 if(!cookie_secret_file_read(cookie_secrets, cookie_secret_file)) 276 return 0; 277 return 1; 278 } 279 280 enum edns_cookie_val_status 281 cookie_secrets_server_validate(const uint8_t* cookie, size_t cookie_len, 282 struct cookie_secrets* cookie_secrets, int v4, 283 const uint8_t* hash_input, uint32_t now) 284 { 285 size_t i; 286 enum edns_cookie_val_status cookie_val_status, 287 last = COOKIE_STATUS_INVALID; 288 if(!cookie_secrets) 289 return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/ 290 lock_basic_lock(&cookie_secrets->lock); 291 if(cookie_secrets->cookie_count == 0) { 292 lock_basic_unlock(&cookie_secrets->lock); 293 return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/ 294 } 295 for(i=0; i<cookie_secrets->cookie_count; i++) { 296 cookie_val_status = edns_cookie_server_validate(cookie, 297 cookie_len, 298 cookie_secrets->cookie_secrets[i].cookie_secret, 299 UNBOUND_COOKIE_SECRET_SIZE, v4, hash_input, now); 300 if(cookie_val_status == COOKIE_STATUS_VALID || 301 cookie_val_status == COOKIE_STATUS_VALID_RENEW) { 302 lock_basic_unlock(&cookie_secrets->lock); 303 /* For staging cookies, write a fresh cookie. */ 304 if(i != 0) 305 return COOKIE_STATUS_VALID_RENEW; 306 return cookie_val_status; 307 } 308 if(last == COOKIE_STATUS_INVALID) 309 last = cookie_val_status; /* Store more interesting 310 failure to return. */ 311 } 312 lock_basic_unlock(&cookie_secrets->lock); 313 return last; 314 } 315 316 void add_cookie_secret(struct cookie_secrets* cookie_secrets, 317 uint8_t* secret, size_t secret_len) 318 { 319 log_assert(secret_len == UNBOUND_COOKIE_SECRET_SIZE); 320 (void)secret_len; 321 if(!cookie_secrets) 322 return; 323 324 /* New cookie secret becomes the staging secret (position 1) 325 * unless there is no active cookie yet, then it becomes the active 326 * secret. If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging cookies 327 * are moved one position down. 328 */ 329 if(cookie_secrets->cookie_count == 0) { 330 memcpy( cookie_secrets->cookie_secrets->cookie_secret 331 , secret, UNBOUND_COOKIE_SECRET_SIZE); 332 cookie_secrets->cookie_count = 1; 333 explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); 334 return; 335 } 336 #if UNBOUND_COOKIE_HISTORY_SIZE > 2 337 memmove( &cookie_secrets->cookie_secrets[2], &cookie_secrets->cookie_secrets[1] 338 , sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 2)); 339 #endif 340 memcpy( cookie_secrets->cookie_secrets[1].cookie_secret 341 , secret, UNBOUND_COOKIE_SECRET_SIZE); 342 cookie_secrets->cookie_count = cookie_secrets->cookie_count < UNBOUND_COOKIE_HISTORY_SIZE 343 ? cookie_secrets->cookie_count + 1 : UNBOUND_COOKIE_HISTORY_SIZE; 344 explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE); 345 } 346 347 void activate_cookie_secret(struct cookie_secrets* cookie_secrets) 348 { 349 uint8_t active_secret[UNBOUND_COOKIE_SECRET_SIZE]; 350 if(!cookie_secrets) 351 return; 352 /* The staging secret becomes the active secret. 353 * The active secret becomes a staging secret. 354 * If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging secrets are moved 355 * one position up and the previously active secret becomes the last 356 * staging secret. 357 */ 358 if(cookie_secrets->cookie_count < 2) 359 return; 360 memcpy( active_secret, cookie_secrets->cookie_secrets[0].cookie_secret 361 , UNBOUND_COOKIE_SECRET_SIZE); 362 memmove( &cookie_secrets->cookie_secrets[0], &cookie_secrets->cookie_secrets[1] 363 , sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 1)); 364 memcpy( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret 365 , active_secret, UNBOUND_COOKIE_SECRET_SIZE); 366 explicit_bzero(active_secret, UNBOUND_COOKIE_SECRET_SIZE); 367 } 368 369 void drop_cookie_secret(struct cookie_secrets* cookie_secrets) 370 { 371 if(!cookie_secrets) 372 return; 373 /* Drops a staging cookie secret. If there are more than one, it will 374 * drop the last staging secret. */ 375 if(cookie_secrets->cookie_count < 2) 376 return; 377 explicit_bzero( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret 378 , UNBOUND_COOKIE_SECRET_SIZE); 379 cookie_secrets->cookie_count -= 1; 380 } 381