xref: /freebsd/contrib/unbound/validator/autotrust.h (revision c6879c6c14eedbd060ba588a3129a6c60ebbe783) 
1b7579f77SDag-Erling Smørgrav /*
2b7579f77SDag-Erling Smørgrav  * validator/autotrust.h - RFC5011 trust anchor management for unbound.
3b7579f77SDag-Erling Smørgrav  *
4b7579f77SDag-Erling Smørgrav  * Copyright (c) 2009, NLnet Labs. All rights reserved.
5b7579f77SDag-Erling Smørgrav  *
6b7579f77SDag-Erling Smørgrav  * This software is open source.
7b7579f77SDag-Erling Smørgrav  *
8b7579f77SDag-Erling Smørgrav  * Redistribution and use in source and binary forms, with or without
9b7579f77SDag-Erling Smørgrav  * modification, are permitted provided that the following conditions
10b7579f77SDag-Erling Smørgrav  * are met:
11b7579f77SDag-Erling Smørgrav  *
12b7579f77SDag-Erling Smørgrav  * Redistributions of source code must retain the above copyright notice,
13b7579f77SDag-Erling Smørgrav  * this list of conditions and the following disclaimer.
14b7579f77SDag-Erling Smørgrav  *
15b7579f77SDag-Erling Smørgrav  * Redistributions in binary form must reproduce the above copyright notice,
16b7579f77SDag-Erling Smørgrav  * this list of conditions and the following disclaimer in the documentation
17b7579f77SDag-Erling Smørgrav  * and/or other materials provided with the distribution.
18b7579f77SDag-Erling Smørgrav  *
19b7579f77SDag-Erling Smørgrav  * Neither the name of the NLNET LABS nor the names of its contributors may
20b7579f77SDag-Erling Smørgrav  * be used to endorse or promote products derived from this software without
21b7579f77SDag-Erling Smørgrav  * specific prior written permission.
22b7579f77SDag-Erling Smørgrav  *
23b7579f77SDag-Erling Smørgrav  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
2417d15b25SDag-Erling Smørgrav  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
2517d15b25SDag-Erling Smørgrav  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
2617d15b25SDag-Erling Smørgrav  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
2717d15b25SDag-Erling Smørgrav  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
2817d15b25SDag-Erling Smørgrav  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
2917d15b25SDag-Erling Smørgrav  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
3017d15b25SDag-Erling Smørgrav  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
3117d15b25SDag-Erling Smørgrav  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
3217d15b25SDag-Erling Smørgrav  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
3317d15b25SDag-Erling Smørgrav  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34b7579f77SDag-Erling Smørgrav  */
35b7579f77SDag-Erling Smørgrav 
36b7579f77SDag-Erling Smørgrav /**
37b7579f77SDag-Erling Smørgrav  * \file
38b7579f77SDag-Erling Smørgrav  *
39b7579f77SDag-Erling Smørgrav  * Contains autotrust definitions.
40b7579f77SDag-Erling Smørgrav  */
41b7579f77SDag-Erling Smørgrav 
42b7579f77SDag-Erling Smørgrav #ifndef VALIDATOR_AUTOTRUST_H
43b7579f77SDag-Erling Smørgrav #define VALIDATOR_AUTOTRUST_H
44b7579f77SDag-Erling Smørgrav #include "util/rbtree.h"
45b7579f77SDag-Erling Smørgrav #include "util/data/packed_rrset.h"
46b7579f77SDag-Erling Smørgrav struct val_anchors;
47b7579f77SDag-Erling Smørgrav struct trust_anchor;
48b7579f77SDag-Erling Smørgrav struct ub_packed_rrset_key;
49b7579f77SDag-Erling Smørgrav struct module_env;
50838e13ceSDag-Erling Smørgrav struct module_qstate;
51b7579f77SDag-Erling Smørgrav struct val_env;
5217d15b25SDag-Erling Smørgrav struct sldns_buffer;
53b7579f77SDag-Erling Smørgrav 
54b7579f77SDag-Erling Smørgrav /** Autotrust anchor states */
55b7579f77SDag-Erling Smørgrav typedef enum {
56b7579f77SDag-Erling Smørgrav 	AUTR_STATE_START   = 0,
57b7579f77SDag-Erling Smørgrav 	AUTR_STATE_ADDPEND = 1,
58b7579f77SDag-Erling Smørgrav 	AUTR_STATE_VALID   = 2,
59b7579f77SDag-Erling Smørgrav 	AUTR_STATE_MISSING = 3,
60b7579f77SDag-Erling Smørgrav 	AUTR_STATE_REVOKED = 4,
61b7579f77SDag-Erling Smørgrav 	AUTR_STATE_REMOVED = 5
623005e0a3SDag-Erling Smørgrav } autr_state_type;
63b7579f77SDag-Erling Smørgrav 
64b7579f77SDag-Erling Smørgrav /**
65b7579f77SDag-Erling Smørgrav  * Autotrust metadata for one trust anchor key.
66b7579f77SDag-Erling Smørgrav  */
67b7579f77SDag-Erling Smørgrav struct autr_ta {
68b7579f77SDag-Erling Smørgrav 	/** next key */
69b7579f77SDag-Erling Smørgrav 	struct autr_ta* next;
70b7579f77SDag-Erling Smørgrav 	/** the RR */
7117d15b25SDag-Erling Smørgrav 	uint8_t* rr;
7217d15b25SDag-Erling Smørgrav 	/** length of rr */
7317d15b25SDag-Erling Smørgrav 	size_t rr_len, dname_len;
74b7579f77SDag-Erling Smørgrav 	/** last update of key state (new pending count keeps date the same) */
75b7579f77SDag-Erling Smørgrav 	time_t last_change;
76b7579f77SDag-Erling Smørgrav 	/** 5011 state */
773005e0a3SDag-Erling Smørgrav 	autr_state_type s;
78b7579f77SDag-Erling Smørgrav 	/** pending count */
79b7579f77SDag-Erling Smørgrav 	uint8_t pending_count;
80b7579f77SDag-Erling Smørgrav 	/** fresh TA was seen */
81b7579f77SDag-Erling Smørgrav 	uint8_t fetched;
82b7579f77SDag-Erling Smørgrav 	/** revoked TA was seen */
83b7579f77SDag-Erling Smørgrav 	uint8_t revoked;
84b7579f77SDag-Erling Smørgrav };
85b7579f77SDag-Erling Smørgrav 
86b7579f77SDag-Erling Smørgrav /**
87b7579f77SDag-Erling Smørgrav  * Autotrust metadata for a trust point.
88b7579f77SDag-Erling Smørgrav  * This is part of the struct trust_anchor data.
89b7579f77SDag-Erling Smørgrav  */
90b7579f77SDag-Erling Smørgrav struct autr_point_data {
91b7579f77SDag-Erling Smørgrav 	/** file to store the trust point in. chrootdir already applied. */
92b7579f77SDag-Erling Smørgrav 	char* file;
93b7579f77SDag-Erling Smørgrav 	/** rbtree node for probe sort, key is struct trust_anchor */
943005e0a3SDag-Erling Smørgrav 	rbnode_type pnode;
95b7579f77SDag-Erling Smørgrav 
96b7579f77SDag-Erling Smørgrav 	/** the keys */
97b7579f77SDag-Erling Smørgrav 	struct autr_ta* keys;
98b7579f77SDag-Erling Smørgrav 
99b7579f77SDag-Erling Smørgrav 	/** last queried DNSKEY set
100b7579f77SDag-Erling Smørgrav 	 * Not all failures are captured in this entry.
101b7579f77SDag-Erling Smørgrav 	 * If the validator did not even start (e.g. timeout or localservfail),
102b7579f77SDag-Erling Smørgrav 	 * then the last_queried and query_failed values are not updated.
103b7579f77SDag-Erling Smørgrav 	 */
104b7579f77SDag-Erling Smørgrav 	time_t last_queried;
105b7579f77SDag-Erling Smørgrav 	/** last successful DNSKEY set */
106b7579f77SDag-Erling Smørgrav 	time_t last_success;
107b7579f77SDag-Erling Smørgrav 	/** next probe time */
108b7579f77SDag-Erling Smørgrav 	time_t next_probe_time;
109b7579f77SDag-Erling Smørgrav 
110b7579f77SDag-Erling Smørgrav 	/** when to query if !failed */
11117d15b25SDag-Erling Smørgrav 	time_t query_interval;
112b7579f77SDag-Erling Smørgrav 	/** when to retry if failed */
11317d15b25SDag-Erling Smørgrav 	time_t retry_time;
114b7579f77SDag-Erling Smørgrav 
115b7579f77SDag-Erling Smørgrav 	/**
116b7579f77SDag-Erling Smørgrav 	 * How many times did it fail. diagnostic only (has no effect).
117b7579f77SDag-Erling Smørgrav 	 * Only updated if there was a dnskey rrset that failed to verify.
118b7579f77SDag-Erling Smørgrav 	 */
119b7579f77SDag-Erling Smørgrav 	uint8_t query_failed;
120b7579f77SDag-Erling Smørgrav 	/** true if the trust point has been revoked */
121b7579f77SDag-Erling Smørgrav 	uint8_t revoked;
122b7579f77SDag-Erling Smørgrav };
123b7579f77SDag-Erling Smørgrav 
124b7579f77SDag-Erling Smørgrav /**
125b7579f77SDag-Erling Smørgrav  * Autotrust global metadata.
126b7579f77SDag-Erling Smørgrav  */
127b7579f77SDag-Erling Smørgrav struct autr_global_data {
128b7579f77SDag-Erling Smørgrav 	/** rbtree of autotrust anchors sorted by next probe time.
129b7579f77SDag-Erling Smørgrav 	 * When time is equal, sorted by anchor class, name. */
1303005e0a3SDag-Erling Smørgrav 	rbtree_type probe;
131b7579f77SDag-Erling Smørgrav };
132b7579f77SDag-Erling Smørgrav 
133b7579f77SDag-Erling Smørgrav /**
134b7579f77SDag-Erling Smørgrav  * Create new global 5011 data structure.
135b7579f77SDag-Erling Smørgrav  * @return new structure or NULL on malloc failure.
136b7579f77SDag-Erling Smørgrav  */
137b7579f77SDag-Erling Smørgrav struct autr_global_data* autr_global_create(void);
138b7579f77SDag-Erling Smørgrav 
139b7579f77SDag-Erling Smørgrav /**
140b7579f77SDag-Erling Smørgrav  * Delete global 5011 data structure.
141b7579f77SDag-Erling Smørgrav  * @param global: global autotrust state to delete.
142b7579f77SDag-Erling Smørgrav  */
143b7579f77SDag-Erling Smørgrav void autr_global_delete(struct autr_global_data* global);
144b7579f77SDag-Erling Smørgrav 
145b7579f77SDag-Erling Smørgrav /**
146b7579f77SDag-Erling Smørgrav  * See if autotrust anchors are configured and how many.
147b7579f77SDag-Erling Smørgrav  * @param anchors: the trust anchors structure.
148b7579f77SDag-Erling Smørgrav  * @return number of autotrust trust anchors
149b7579f77SDag-Erling Smørgrav  */
150b7579f77SDag-Erling Smørgrav size_t autr_get_num_anchors(struct val_anchors* anchors);
151b7579f77SDag-Erling Smørgrav 
152b7579f77SDag-Erling Smørgrav /**
153b7579f77SDag-Erling Smørgrav  * Process probe timer.  Add new probes if needed.
154b7579f77SDag-Erling Smørgrav  * @param env: module environment with time, with anchors and with the mesh.
155b7579f77SDag-Erling Smørgrav  * @return time of next probe (in seconds from now).
156b7579f77SDag-Erling Smørgrav  * 	If 0, then there is no next probe anymore (trust points deleted).
157b7579f77SDag-Erling Smørgrav  */
15817d15b25SDag-Erling Smørgrav time_t autr_probe_timer(struct module_env* env);
159b7579f77SDag-Erling Smørgrav 
160b7579f77SDag-Erling Smørgrav /** probe tree compare function */
161b7579f77SDag-Erling Smørgrav int probetree_cmp(const void* x, const void* y);
162b7579f77SDag-Erling Smørgrav 
163b7579f77SDag-Erling Smørgrav /**
164b7579f77SDag-Erling Smørgrav  * Read autotrust file.
165b7579f77SDag-Erling Smørgrav  * @param anchors: the anchors structure.
166b7579f77SDag-Erling Smørgrav  * @param nm: name of the file (copied).
167b7579f77SDag-Erling Smørgrav  * @return false on failure.
168b7579f77SDag-Erling Smørgrav  */
169b7579f77SDag-Erling Smørgrav int autr_read_file(struct val_anchors* anchors, const char* nm);
170b7579f77SDag-Erling Smørgrav 
171b7579f77SDag-Erling Smørgrav /**
172b7579f77SDag-Erling Smørgrav  * Write autotrust file.
173b7579f77SDag-Erling Smørgrav  * @param env: environment with scratch space.
174b7579f77SDag-Erling Smørgrav  * @param tp: trust point to write.
175b7579f77SDag-Erling Smørgrav  */
176b7579f77SDag-Erling Smørgrav void autr_write_file(struct module_env* env, struct trust_anchor* tp);
177b7579f77SDag-Erling Smørgrav 
178b7579f77SDag-Erling Smørgrav /**
179b7579f77SDag-Erling Smørgrav  * Delete autr anchor, deletes the autr data but does not do
180b7579f77SDag-Erling Smørgrav  * unlinking from trees, caller does that.
181b7579f77SDag-Erling Smørgrav  * @param tp: trust point to delete.
182b7579f77SDag-Erling Smørgrav  */
183b7579f77SDag-Erling Smørgrav void autr_point_delete(struct trust_anchor* tp);
184b7579f77SDag-Erling Smørgrav 
185b7579f77SDag-Erling Smørgrav /**
186b7579f77SDag-Erling Smørgrav  * Perform autotrust processing.
187b7579f77SDag-Erling Smørgrav  * @param env: qstate environment with the anchors structure.
188b7579f77SDag-Erling Smørgrav  * @param ve: validator environment for verification of rrsigs.
189b7579f77SDag-Erling Smørgrav  * @param tp: trust anchor to process.
190b7579f77SDag-Erling Smørgrav  * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result).
191b7579f77SDag-Erling Smørgrav  * 	allocated in a region. Has not been validated yet.
192838e13ceSDag-Erling Smørgrav  * @param qstate: qstate with region.
193b7579f77SDag-Erling Smørgrav  * @return false if trust anchor was revoked completely.
194b7579f77SDag-Erling Smørgrav  * 	Otherwise logs errors to log, does not change return value.
195b7579f77SDag-Erling Smørgrav  * 	On errors, likely the trust point has been unchanged.
196b7579f77SDag-Erling Smørgrav  */
197b7579f77SDag-Erling Smørgrav int autr_process_prime(struct module_env* env, struct val_env* ve,
198838e13ceSDag-Erling Smørgrav 	struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset,
199838e13ceSDag-Erling Smørgrav 	struct module_qstate* qstate);
200b7579f77SDag-Erling Smørgrav 
201b7579f77SDag-Erling Smørgrav /**
202b7579f77SDag-Erling Smørgrav  * Debug printout of rfc5011 tracked anchors
203b7579f77SDag-Erling Smørgrav  * @param anchors: all the anchors.
204b7579f77SDag-Erling Smørgrav  */
205b7579f77SDag-Erling Smørgrav void autr_debug_print(struct val_anchors* anchors);
206b7579f77SDag-Erling Smørgrav 
207b7579f77SDag-Erling Smørgrav /** callback for query answer to 5011 probe */
20817d15b25SDag-Erling Smørgrav void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf,
209*4c75e3aaSDag-Erling Smørgrav 	enum sec_status sec, char* errinf, int was_ratelimited);
210b7579f77SDag-Erling Smørgrav 
211b7579f77SDag-Erling Smørgrav #endif /* VALIDATOR_AUTOTRUST_H */
212