1*b7579f77SDag-Erling Smørgrav /* 2*b7579f77SDag-Erling Smørgrav * validator/autotrust.h - RFC5011 trust anchor management for unbound. 3*b7579f77SDag-Erling Smørgrav * 4*b7579f77SDag-Erling Smørgrav * Copyright (c) 2009, NLnet Labs. All rights reserved. 5*b7579f77SDag-Erling Smørgrav * 6*b7579f77SDag-Erling Smørgrav * This software is open source. 7*b7579f77SDag-Erling Smørgrav * 8*b7579f77SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 9*b7579f77SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 10*b7579f77SDag-Erling Smørgrav * are met: 11*b7579f77SDag-Erling Smørgrav * 12*b7579f77SDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice, 13*b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer. 14*b7579f77SDag-Erling Smørgrav * 15*b7579f77SDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice, 16*b7579f77SDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation 17*b7579f77SDag-Erling Smørgrav * and/or other materials provided with the distribution. 18*b7579f77SDag-Erling Smørgrav * 19*b7579f77SDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may 20*b7579f77SDag-Erling Smørgrav * be used to endorse or promote products derived from this software without 21*b7579f77SDag-Erling Smørgrav * specific prior written permission. 22*b7579f77SDag-Erling Smørgrav * 23*b7579f77SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24*b7579f77SDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25*b7579f77SDag-Erling Smørgrav * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26*b7579f77SDag-Erling Smørgrav * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27*b7579f77SDag-Erling Smørgrav * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28*b7579f77SDag-Erling Smørgrav * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29*b7579f77SDag-Erling Smørgrav * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30*b7579f77SDag-Erling Smørgrav * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31*b7579f77SDag-Erling Smørgrav * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32*b7579f77SDag-Erling Smørgrav * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33*b7579f77SDag-Erling Smørgrav * POSSIBILITY OF SUCH DAMAGE. 34*b7579f77SDag-Erling Smørgrav */ 35*b7579f77SDag-Erling Smørgrav 36*b7579f77SDag-Erling Smørgrav /** 37*b7579f77SDag-Erling Smørgrav * \file 38*b7579f77SDag-Erling Smørgrav * 39*b7579f77SDag-Erling Smørgrav * Contains autotrust definitions. 40*b7579f77SDag-Erling Smørgrav */ 41*b7579f77SDag-Erling Smørgrav 42*b7579f77SDag-Erling Smørgrav #ifndef VALIDATOR_AUTOTRUST_H 43*b7579f77SDag-Erling Smørgrav #define VALIDATOR_AUTOTRUST_H 44*b7579f77SDag-Erling Smørgrav #include "util/rbtree.h" 45*b7579f77SDag-Erling Smørgrav #include "util/data/packed_rrset.h" 46*b7579f77SDag-Erling Smørgrav struct val_anchors; 47*b7579f77SDag-Erling Smørgrav struct trust_anchor; 48*b7579f77SDag-Erling Smørgrav struct ub_packed_rrset_key; 49*b7579f77SDag-Erling Smørgrav struct module_env; 50*b7579f77SDag-Erling Smørgrav struct val_env; 51*b7579f77SDag-Erling Smørgrav 52*b7579f77SDag-Erling Smørgrav /** Autotrust anchor states */ 53*b7579f77SDag-Erling Smørgrav typedef enum { 54*b7579f77SDag-Erling Smørgrav AUTR_STATE_START = 0, 55*b7579f77SDag-Erling Smørgrav AUTR_STATE_ADDPEND = 1, 56*b7579f77SDag-Erling Smørgrav AUTR_STATE_VALID = 2, 57*b7579f77SDag-Erling Smørgrav AUTR_STATE_MISSING = 3, 58*b7579f77SDag-Erling Smørgrav AUTR_STATE_REVOKED = 4, 59*b7579f77SDag-Erling Smørgrav AUTR_STATE_REMOVED = 5 60*b7579f77SDag-Erling Smørgrav } autr_state_t; 61*b7579f77SDag-Erling Smørgrav 62*b7579f77SDag-Erling Smørgrav /** 63*b7579f77SDag-Erling Smørgrav * Autotrust metadata for one trust anchor key. 64*b7579f77SDag-Erling Smørgrav */ 65*b7579f77SDag-Erling Smørgrav struct autr_ta { 66*b7579f77SDag-Erling Smørgrav /** next key */ 67*b7579f77SDag-Erling Smørgrav struct autr_ta* next; 68*b7579f77SDag-Erling Smørgrav /** the RR */ 69*b7579f77SDag-Erling Smørgrav ldns_rr* rr; 70*b7579f77SDag-Erling Smørgrav /** last update of key state (new pending count keeps date the same) */ 71*b7579f77SDag-Erling Smørgrav time_t last_change; 72*b7579f77SDag-Erling Smørgrav /** 5011 state */ 73*b7579f77SDag-Erling Smørgrav autr_state_t s; 74*b7579f77SDag-Erling Smørgrav /** pending count */ 75*b7579f77SDag-Erling Smørgrav uint8_t pending_count; 76*b7579f77SDag-Erling Smørgrav /** fresh TA was seen */ 77*b7579f77SDag-Erling Smørgrav uint8_t fetched; 78*b7579f77SDag-Erling Smørgrav /** revoked TA was seen */ 79*b7579f77SDag-Erling Smørgrav uint8_t revoked; 80*b7579f77SDag-Erling Smørgrav }; 81*b7579f77SDag-Erling Smørgrav 82*b7579f77SDag-Erling Smørgrav /** 83*b7579f77SDag-Erling Smørgrav * Autotrust metadata for a trust point. 84*b7579f77SDag-Erling Smørgrav * This is part of the struct trust_anchor data. 85*b7579f77SDag-Erling Smørgrav */ 86*b7579f77SDag-Erling Smørgrav struct autr_point_data { 87*b7579f77SDag-Erling Smørgrav /** file to store the trust point in. chrootdir already applied. */ 88*b7579f77SDag-Erling Smørgrav char* file; 89*b7579f77SDag-Erling Smørgrav /** rbtree node for probe sort, key is struct trust_anchor */ 90*b7579f77SDag-Erling Smørgrav rbnode_t pnode; 91*b7579f77SDag-Erling Smørgrav 92*b7579f77SDag-Erling Smørgrav /** the keys */ 93*b7579f77SDag-Erling Smørgrav struct autr_ta* keys; 94*b7579f77SDag-Erling Smørgrav 95*b7579f77SDag-Erling Smørgrav /** last queried DNSKEY set 96*b7579f77SDag-Erling Smørgrav * Not all failures are captured in this entry. 97*b7579f77SDag-Erling Smørgrav * If the validator did not even start (e.g. timeout or localservfail), 98*b7579f77SDag-Erling Smørgrav * then the last_queried and query_failed values are not updated. 99*b7579f77SDag-Erling Smørgrav */ 100*b7579f77SDag-Erling Smørgrav time_t last_queried; 101*b7579f77SDag-Erling Smørgrav /** last successful DNSKEY set */ 102*b7579f77SDag-Erling Smørgrav time_t last_success; 103*b7579f77SDag-Erling Smørgrav /** next probe time */ 104*b7579f77SDag-Erling Smørgrav time_t next_probe_time; 105*b7579f77SDag-Erling Smørgrav 106*b7579f77SDag-Erling Smørgrav /** when to query if !failed */ 107*b7579f77SDag-Erling Smørgrav uint32_t query_interval; 108*b7579f77SDag-Erling Smørgrav /** when to retry if failed */ 109*b7579f77SDag-Erling Smørgrav uint32_t retry_time; 110*b7579f77SDag-Erling Smørgrav 111*b7579f77SDag-Erling Smørgrav /** 112*b7579f77SDag-Erling Smørgrav * How many times did it fail. diagnostic only (has no effect). 113*b7579f77SDag-Erling Smørgrav * Only updated if there was a dnskey rrset that failed to verify. 114*b7579f77SDag-Erling Smørgrav */ 115*b7579f77SDag-Erling Smørgrav uint8_t query_failed; 116*b7579f77SDag-Erling Smørgrav /** true if the trust point has been revoked */ 117*b7579f77SDag-Erling Smørgrav uint8_t revoked; 118*b7579f77SDag-Erling Smørgrav }; 119*b7579f77SDag-Erling Smørgrav 120*b7579f77SDag-Erling Smørgrav /** 121*b7579f77SDag-Erling Smørgrav * Autotrust global metadata. 122*b7579f77SDag-Erling Smørgrav */ 123*b7579f77SDag-Erling Smørgrav struct autr_global_data { 124*b7579f77SDag-Erling Smørgrav /** rbtree of autotrust anchors sorted by next probe time. 125*b7579f77SDag-Erling Smørgrav * When time is equal, sorted by anchor class, name. */ 126*b7579f77SDag-Erling Smørgrav rbtree_t probe; 127*b7579f77SDag-Erling Smørgrav }; 128*b7579f77SDag-Erling Smørgrav 129*b7579f77SDag-Erling Smørgrav /** 130*b7579f77SDag-Erling Smørgrav * Create new global 5011 data structure. 131*b7579f77SDag-Erling Smørgrav * @return new structure or NULL on malloc failure. 132*b7579f77SDag-Erling Smørgrav */ 133*b7579f77SDag-Erling Smørgrav struct autr_global_data* autr_global_create(void); 134*b7579f77SDag-Erling Smørgrav 135*b7579f77SDag-Erling Smørgrav /** 136*b7579f77SDag-Erling Smørgrav * Delete global 5011 data structure. 137*b7579f77SDag-Erling Smørgrav * @param global: global autotrust state to delete. 138*b7579f77SDag-Erling Smørgrav */ 139*b7579f77SDag-Erling Smørgrav void autr_global_delete(struct autr_global_data* global); 140*b7579f77SDag-Erling Smørgrav 141*b7579f77SDag-Erling Smørgrav /** 142*b7579f77SDag-Erling Smørgrav * See if autotrust anchors are configured and how many. 143*b7579f77SDag-Erling Smørgrav * @param anchors: the trust anchors structure. 144*b7579f77SDag-Erling Smørgrav * @return number of autotrust trust anchors 145*b7579f77SDag-Erling Smørgrav */ 146*b7579f77SDag-Erling Smørgrav size_t autr_get_num_anchors(struct val_anchors* anchors); 147*b7579f77SDag-Erling Smørgrav 148*b7579f77SDag-Erling Smørgrav /** 149*b7579f77SDag-Erling Smørgrav * Process probe timer. Add new probes if needed. 150*b7579f77SDag-Erling Smørgrav * @param env: module environment with time, with anchors and with the mesh. 151*b7579f77SDag-Erling Smørgrav * @return time of next probe (in seconds from now). 152*b7579f77SDag-Erling Smørgrav * If 0, then there is no next probe anymore (trust points deleted). 153*b7579f77SDag-Erling Smørgrav */ 154*b7579f77SDag-Erling Smørgrav uint32_t autr_probe_timer(struct module_env* env); 155*b7579f77SDag-Erling Smørgrav 156*b7579f77SDag-Erling Smørgrav /** probe tree compare function */ 157*b7579f77SDag-Erling Smørgrav int probetree_cmp(const void* x, const void* y); 158*b7579f77SDag-Erling Smørgrav 159*b7579f77SDag-Erling Smørgrav /** 160*b7579f77SDag-Erling Smørgrav * Read autotrust file. 161*b7579f77SDag-Erling Smørgrav * @param anchors: the anchors structure. 162*b7579f77SDag-Erling Smørgrav * @param nm: name of the file (copied). 163*b7579f77SDag-Erling Smørgrav * @return false on failure. 164*b7579f77SDag-Erling Smørgrav */ 165*b7579f77SDag-Erling Smørgrav int autr_read_file(struct val_anchors* anchors, const char* nm); 166*b7579f77SDag-Erling Smørgrav 167*b7579f77SDag-Erling Smørgrav /** 168*b7579f77SDag-Erling Smørgrav * Write autotrust file. 169*b7579f77SDag-Erling Smørgrav * @param env: environment with scratch space. 170*b7579f77SDag-Erling Smørgrav * @param tp: trust point to write. 171*b7579f77SDag-Erling Smørgrav */ 172*b7579f77SDag-Erling Smørgrav void autr_write_file(struct module_env* env, struct trust_anchor* tp); 173*b7579f77SDag-Erling Smørgrav 174*b7579f77SDag-Erling Smørgrav /** 175*b7579f77SDag-Erling Smørgrav * Delete autr anchor, deletes the autr data but does not do 176*b7579f77SDag-Erling Smørgrav * unlinking from trees, caller does that. 177*b7579f77SDag-Erling Smørgrav * @param tp: trust point to delete. 178*b7579f77SDag-Erling Smørgrav */ 179*b7579f77SDag-Erling Smørgrav void autr_point_delete(struct trust_anchor* tp); 180*b7579f77SDag-Erling Smørgrav 181*b7579f77SDag-Erling Smørgrav /** 182*b7579f77SDag-Erling Smørgrav * Perform autotrust processing. 183*b7579f77SDag-Erling Smørgrav * @param env: qstate environment with the anchors structure. 184*b7579f77SDag-Erling Smørgrav * @param ve: validator environment for verification of rrsigs. 185*b7579f77SDag-Erling Smørgrav * @param tp: trust anchor to process. 186*b7579f77SDag-Erling Smørgrav * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result). 187*b7579f77SDag-Erling Smørgrav * allocated in a region. Has not been validated yet. 188*b7579f77SDag-Erling Smørgrav * @return false if trust anchor was revoked completely. 189*b7579f77SDag-Erling Smørgrav * Otherwise logs errors to log, does not change return value. 190*b7579f77SDag-Erling Smørgrav * On errors, likely the trust point has been unchanged. 191*b7579f77SDag-Erling Smørgrav */ 192*b7579f77SDag-Erling Smørgrav int autr_process_prime(struct module_env* env, struct val_env* ve, 193*b7579f77SDag-Erling Smørgrav struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset); 194*b7579f77SDag-Erling Smørgrav 195*b7579f77SDag-Erling Smørgrav /** 196*b7579f77SDag-Erling Smørgrav * Debug printout of rfc5011 tracked anchors 197*b7579f77SDag-Erling Smørgrav * @param anchors: all the anchors. 198*b7579f77SDag-Erling Smørgrav */ 199*b7579f77SDag-Erling Smørgrav void autr_debug_print(struct val_anchors* anchors); 200*b7579f77SDag-Erling Smørgrav 201*b7579f77SDag-Erling Smørgrav /** callback for query answer to 5011 probe */ 202*b7579f77SDag-Erling Smørgrav void probe_answer_cb(void* arg, int rcode, ldns_buffer* buf, 203*b7579f77SDag-Erling Smørgrav enum sec_status sec, char* errinf); 204*b7579f77SDag-Erling Smørgrav 205*b7579f77SDag-Erling Smørgrav #endif /* VALIDATOR_AUTOTRUST_H */ 206