1 /* 2 * validator/val_sigcrypt.c - validator signature crypto functions. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains helper functions for the validator module. 40 * The functions help with signature verification and checking, the 41 * bridging between RR wireformat data and crypto calls. 42 */ 43 #include "config.h" 44 #include "validator/val_sigcrypt.h" 45 #include "validator/val_secalgo.h" 46 #include "validator/validator.h" 47 #include "util/data/msgreply.h" 48 #include "util/data/msgparse.h" 49 #include "util/data/dname.h" 50 #include "util/rbtree.h" 51 #include "util/module.h" 52 #include "util/net_help.h" 53 #include "util/regional.h" 54 #include "sldns/keyraw.h" 55 #include "sldns/sbuffer.h" 56 #include "sldns/parseutil.h" 57 #include "sldns/wire2str.h" 58 59 #include <ctype.h> 60 #if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE) 61 #error "Need crypto library to do digital signature cryptography" 62 #endif 63 64 #ifdef HAVE_OPENSSL_ERR_H 65 #include <openssl/err.h> 66 #endif 67 68 #ifdef HAVE_OPENSSL_RAND_H 69 #include <openssl/rand.h> 70 #endif 71 72 #ifdef HAVE_OPENSSL_CONF_H 73 #include <openssl/conf.h> 74 #endif 75 76 #ifdef HAVE_OPENSSL_ENGINE_H 77 #include <openssl/engine.h> 78 #endif 79 80 /** return number of rrs in an rrset */ 81 static size_t 82 rrset_get_count(struct ub_packed_rrset_key* rrset) 83 { 84 struct packed_rrset_data* d = (struct packed_rrset_data*) 85 rrset->entry.data; 86 if(!d) return 0; 87 return d->count; 88 } 89 90 /** 91 * Get RR signature count 92 */ 93 static size_t 94 rrset_get_sigcount(struct ub_packed_rrset_key* k) 95 { 96 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; 97 return d->rrsig_count; 98 } 99 100 /** 101 * Get signature keytag value 102 * @param k: rrset (with signatures) 103 * @param sig_idx: signature index. 104 * @return keytag or 0 if malformed rrsig. 105 */ 106 static uint16_t 107 rrset_get_sig_keytag(struct ub_packed_rrset_key* k, size_t sig_idx) 108 { 109 uint16_t t; 110 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; 111 log_assert(sig_idx < d->rrsig_count); 112 if(d->rr_len[d->count + sig_idx] < 2+18) 113 return 0; 114 memmove(&t, d->rr_data[d->count + sig_idx]+2+16, 2); 115 return ntohs(t); 116 } 117 118 /** 119 * Get signature signing algorithm value 120 * @param k: rrset (with signatures) 121 * @param sig_idx: signature index. 122 * @return algo or 0 if malformed rrsig. 123 */ 124 static int 125 rrset_get_sig_algo(struct ub_packed_rrset_key* k, size_t sig_idx) 126 { 127 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; 128 log_assert(sig_idx < d->rrsig_count); 129 if(d->rr_len[d->count + sig_idx] < 2+3) 130 return 0; 131 return (int)d->rr_data[d->count + sig_idx][2+2]; 132 } 133 134 /** get rdata pointer and size */ 135 static void 136 rrset_get_rdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** rdata, 137 size_t* len) 138 { 139 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; 140 log_assert(d && idx < (d->count + d->rrsig_count)); 141 *rdata = d->rr_data[idx]; 142 *len = d->rr_len[idx]; 143 } 144 145 uint16_t 146 dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx) 147 { 148 uint8_t* rdata; 149 size_t len; 150 uint16_t f; 151 rrset_get_rdata(k, idx, &rdata, &len); 152 if(len < 2+2) 153 return 0; 154 memmove(&f, rdata+2, 2); 155 f = ntohs(f); 156 return f; 157 } 158 159 /** 160 * Get DNSKEY protocol value from rdata 161 * @param k: DNSKEY rrset. 162 * @param idx: which key. 163 * @return protocol octet value 164 */ 165 static int 166 dnskey_get_protocol(struct ub_packed_rrset_key* k, size_t idx) 167 { 168 uint8_t* rdata; 169 size_t len; 170 rrset_get_rdata(k, idx, &rdata, &len); 171 if(len < 2+4) 172 return 0; 173 return (int)rdata[2+2]; 174 } 175 176 int 177 dnskey_get_algo(struct ub_packed_rrset_key* k, size_t idx) 178 { 179 uint8_t* rdata; 180 size_t len; 181 rrset_get_rdata(k, idx, &rdata, &len); 182 if(len < 2+4) 183 return 0; 184 return (int)rdata[2+3]; 185 } 186 187 /** get public key rdata field from a dnskey RR and do some checks */ 188 static void 189 dnskey_get_pubkey(struct ub_packed_rrset_key* k, size_t idx, 190 unsigned char** pk, unsigned int* pklen) 191 { 192 uint8_t* rdata; 193 size_t len; 194 rrset_get_rdata(k, idx, &rdata, &len); 195 if(len < 2+5) { 196 *pk = NULL; 197 *pklen = 0; 198 return; 199 } 200 *pk = (unsigned char*)rdata+2+4; 201 *pklen = (unsigned)len-2-4; 202 } 203 204 int 205 ds_get_key_algo(struct ub_packed_rrset_key* k, size_t idx) 206 { 207 uint8_t* rdata; 208 size_t len; 209 rrset_get_rdata(k, idx, &rdata, &len); 210 if(len < 2+3) 211 return 0; 212 return (int)rdata[2+2]; 213 } 214 215 int 216 ds_get_digest_algo(struct ub_packed_rrset_key* k, size_t idx) 217 { 218 uint8_t* rdata; 219 size_t len; 220 rrset_get_rdata(k, idx, &rdata, &len); 221 if(len < 2+4) 222 return 0; 223 return (int)rdata[2+3]; 224 } 225 226 uint16_t 227 ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx) 228 { 229 uint16_t t; 230 uint8_t* rdata; 231 size_t len; 232 rrset_get_rdata(ds_rrset, ds_idx, &rdata, &len); 233 if(len < 2+2) 234 return 0; 235 memmove(&t, rdata+2, 2); 236 return ntohs(t); 237 } 238 239 /** 240 * Return pointer to the digest in a DS RR. 241 * @param k: DS rrset. 242 * @param idx: which DS. 243 * @param digest: digest data is returned. 244 * on error, this is NULL. 245 * @param len: length of digest is returned. 246 * on error, the length is 0. 247 */ 248 static void 249 ds_get_sigdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** digest, 250 size_t* len) 251 { 252 uint8_t* rdata; 253 size_t rdlen; 254 rrset_get_rdata(k, idx, &rdata, &rdlen); 255 if(rdlen < 2+5) { 256 *digest = NULL; 257 *len = 0; 258 return; 259 } 260 *digest = rdata + 2 + 4; 261 *len = rdlen - 2 - 4; 262 } 263 264 /** 265 * Return size of DS digest according to its hash algorithm. 266 * @param k: DS rrset. 267 * @param idx: which DS. 268 * @return size in bytes of digest, or 0 if not supported. 269 */ 270 static size_t 271 ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx) 272 { 273 return ds_digest_size_supported(ds_get_digest_algo(k, idx)); 274 } 275 276 /** 277 * Create a DS digest for a DNSKEY entry. 278 * 279 * @param env: module environment. Uses scratch space. 280 * @param dnskey_rrset: DNSKEY rrset. 281 * @param dnskey_idx: index of RR in rrset. 282 * @param ds_rrset: DS rrset 283 * @param ds_idx: index of RR in DS rrset. 284 * @param digest: digest is returned in here (must be correctly sized). 285 * @return false on error. 286 */ 287 static int 288 ds_create_dnskey_digest(struct module_env* env, 289 struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx, 290 struct ub_packed_rrset_key* ds_rrset, size_t ds_idx, 291 uint8_t* digest) 292 { 293 sldns_buffer* b = env->scratch_buffer; 294 uint8_t* dnskey_rdata; 295 size_t dnskey_len; 296 rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len); 297 298 /* create digest source material in buffer 299 * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); 300 * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */ 301 sldns_buffer_clear(b); 302 sldns_buffer_write(b, dnskey_rrset->rk.dname, 303 dnskey_rrset->rk.dname_len); 304 query_dname_tolower(sldns_buffer_begin(b)); 305 sldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/ 306 sldns_buffer_flip(b); 307 308 return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx), 309 (unsigned char*)sldns_buffer_begin(b), sldns_buffer_limit(b), 310 (unsigned char*)digest); 311 } 312 313 int ds_digest_match_dnskey(struct module_env* env, 314 struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx, 315 struct ub_packed_rrset_key* ds_rrset, size_t ds_idx) 316 { 317 uint8_t* ds; /* DS digest */ 318 size_t dslen; 319 uint8_t* digest; /* generated digest */ 320 size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx); 321 322 if(digestlen == 0) { 323 verbose(VERB_QUERY, "DS fail: not supported, or DS RR " 324 "format error"); 325 return 0; /* not supported, or DS RR format error */ 326 } 327 /* check digest length in DS with length from hash function */ 328 ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen); 329 if(!ds || dslen != digestlen) { 330 verbose(VERB_QUERY, "DS fail: DS RR algo and digest do not " 331 "match each other"); 332 return 0; /* DS algorithm and digest do not match */ 333 } 334 335 digest = regional_alloc(env->scratch, digestlen); 336 if(!digest) { 337 verbose(VERB_QUERY, "DS fail: out of memory"); 338 return 0; /* mem error */ 339 } 340 if(!ds_create_dnskey_digest(env, dnskey_rrset, dnskey_idx, ds_rrset, 341 ds_idx, digest)) { 342 verbose(VERB_QUERY, "DS fail: could not calc key digest"); 343 return 0; /* digest algo failed */ 344 } 345 if(memcmp(digest, ds, dslen) != 0) { 346 verbose(VERB_QUERY, "DS fail: digest is different"); 347 return 0; /* digest different */ 348 } 349 return 1; 350 } 351 352 int 353 ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, 354 size_t ds_idx) 355 { 356 return (ds_digest_size_algo(ds_rrset, ds_idx) != 0); 357 } 358 359 int 360 ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, 361 size_t ds_idx) 362 { 363 return dnskey_algo_id_is_supported(ds_get_key_algo(ds_rrset, ds_idx)); 364 } 365 366 uint16_t 367 dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx) 368 { 369 uint8_t* data; 370 size_t len; 371 rrset_get_rdata(dnskey_rrset, dnskey_idx, &data, &len); 372 /* do not pass rdatalen to ldns */ 373 return sldns_calc_keytag_raw(data+2, len-2); 374 } 375 376 int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset, 377 size_t dnskey_idx) 378 { 379 return dnskey_algo_id_is_supported(dnskey_get_algo(dnskey_rrset, 380 dnskey_idx)); 381 } 382 383 void algo_needs_init_dnskey_add(struct algo_needs* n, 384 struct ub_packed_rrset_key* dnskey, uint8_t* sigalg) 385 { 386 uint8_t algo; 387 size_t i, total = n->num; 388 size_t num = rrset_get_count(dnskey); 389 390 for(i=0; i<num; i++) { 391 algo = (uint8_t)dnskey_get_algo(dnskey, i); 392 if(!dnskey_algo_id_is_supported((int)algo)) 393 continue; 394 if(n->needs[algo] == 0) { 395 n->needs[algo] = 1; 396 sigalg[total] = algo; 397 total++; 398 } 399 } 400 sigalg[total] = 0; 401 n->num = total; 402 } 403 404 void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg) 405 { 406 uint8_t algo; 407 size_t total = 0; 408 409 memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX); 410 while( (algo=*sigalg++) != 0) { 411 log_assert(dnskey_algo_id_is_supported((int)algo)); 412 log_assert(n->needs[algo] == 0); 413 n->needs[algo] = 1; 414 total++; 415 } 416 n->num = total; 417 } 418 419 void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds, 420 int fav_ds_algo, uint8_t* sigalg) 421 { 422 uint8_t algo; 423 size_t i, total = 0; 424 size_t num = rrset_get_count(ds); 425 426 memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX); 427 for(i=0; i<num; i++) { 428 if(ds_get_digest_algo(ds, i) != fav_ds_algo) 429 continue; 430 algo = (uint8_t)ds_get_key_algo(ds, i); 431 if(!dnskey_algo_id_is_supported((int)algo)) 432 continue; 433 log_assert(algo != 0); /* we do not support 0 and is EOS */ 434 if(n->needs[algo] == 0) { 435 n->needs[algo] = 1; 436 sigalg[total] = algo; 437 total++; 438 } 439 } 440 sigalg[total] = 0; 441 n->num = total; 442 } 443 444 int algo_needs_set_secure(struct algo_needs* n, uint8_t algo) 445 { 446 if(n->needs[algo]) { 447 n->needs[algo] = 0; 448 n->num --; 449 if(n->num == 0) /* done! */ 450 return 1; 451 } 452 return 0; 453 } 454 455 void algo_needs_set_bogus(struct algo_needs* n, uint8_t algo) 456 { 457 if(n->needs[algo]) n->needs[algo] = 2; /* need it, but bogus */ 458 } 459 460 size_t algo_needs_num_missing(struct algo_needs* n) 461 { 462 return n->num; 463 } 464 465 int algo_needs_missing(struct algo_needs* n) 466 { 467 int i; 468 /* first check if a needed algo was bogus - report that */ 469 for(i=0; i<ALGO_NEEDS_MAX; i++) 470 if(n->needs[i] == 2) 471 return 0; 472 /* now check which algo is missing */ 473 for(i=0; i<ALGO_NEEDS_MAX; i++) 474 if(n->needs[i] == 1) 475 return i; 476 return 0; 477 } 478 479 enum sec_status 480 dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve, 481 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, 482 uint8_t* sigalg, char** reason) 483 { 484 enum sec_status sec; 485 size_t i, num; 486 rbtree_t* sortree = NULL; 487 /* make sure that for all DNSKEY algorithms there are valid sigs */ 488 struct algo_needs needs; 489 int alg; 490 491 num = rrset_get_sigcount(rrset); 492 if(num == 0) { 493 verbose(VERB_QUERY, "rrset failed to verify due to a lack of " 494 "signatures"); 495 *reason = "no signatures"; 496 return sec_status_bogus; 497 } 498 499 if(sigalg) { 500 algo_needs_init_list(&needs, sigalg); 501 if(algo_needs_num_missing(&needs) == 0) { 502 verbose(VERB_QUERY, "zone has no known algorithms"); 503 *reason = "zone has no known algorithms"; 504 return sec_status_insecure; 505 } 506 } 507 for(i=0; i<num; i++) { 508 sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset, 509 dnskey, i, &sortree, reason); 510 /* see which algorithm has been fixed up */ 511 if(sec == sec_status_secure) { 512 if(!sigalg) 513 return sec; /* done! */ 514 else if(algo_needs_set_secure(&needs, 515 (uint8_t)rrset_get_sig_algo(rrset, i))) 516 return sec; /* done! */ 517 } else if(sigalg && sec == sec_status_bogus) { 518 algo_needs_set_bogus(&needs, 519 (uint8_t)rrset_get_sig_algo(rrset, i)); 520 } 521 } 522 if(sigalg && (alg=algo_needs_missing(&needs)) != 0) { 523 verbose(VERB_ALGO, "rrset failed to verify: " 524 "no valid signatures for %d algorithms", 525 (int)algo_needs_num_missing(&needs)); 526 algo_needs_reason(env, alg, reason, "no signatures"); 527 } else { 528 verbose(VERB_ALGO, "rrset failed to verify: " 529 "no valid signatures"); 530 } 531 return sec_status_bogus; 532 } 533 534 void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s) 535 { 536 char buf[256]; 537 sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg); 538 if(t&&t->name) 539 snprintf(buf, sizeof(buf), "%s with algorithm %s", s, t->name); 540 else snprintf(buf, sizeof(buf), "%s with algorithm ALG%u", s, 541 (unsigned)alg); 542 *reason = regional_strdup(env->scratch, buf); 543 if(!*reason) 544 *reason = s; 545 } 546 547 enum sec_status 548 dnskey_verify_rrset(struct module_env* env, struct val_env* ve, 549 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, 550 size_t dnskey_idx, char** reason) 551 { 552 enum sec_status sec; 553 size_t i, num, numchecked = 0; 554 rbtree_t* sortree = NULL; 555 int buf_canon = 0; 556 uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx); 557 int algo = dnskey_get_algo(dnskey, dnskey_idx); 558 559 num = rrset_get_sigcount(rrset); 560 if(num == 0) { 561 verbose(VERB_QUERY, "rrset failed to verify due to a lack of " 562 "signatures"); 563 *reason = "no signatures"; 564 return sec_status_bogus; 565 } 566 for(i=0; i<num; i++) { 567 /* see if sig matches keytag and algo */ 568 if(algo != rrset_get_sig_algo(rrset, i) || 569 tag != rrset_get_sig_keytag(rrset, i)) 570 continue; 571 buf_canon = 0; 572 sec = dnskey_verify_rrset_sig(env->scratch, 573 env->scratch_buffer, ve, *env->now, rrset, 574 dnskey, dnskey_idx, i, &sortree, &buf_canon, reason); 575 if(sec == sec_status_secure) 576 return sec; 577 numchecked ++; 578 } 579 verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus"); 580 if(!numchecked) *reason = "signature missing"; 581 return sec_status_bogus; 582 } 583 584 enum sec_status 585 dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve, 586 time_t now, struct ub_packed_rrset_key* rrset, 587 struct ub_packed_rrset_key* dnskey, size_t sig_idx, 588 struct rbtree_t** sortree, char** reason) 589 { 590 /* find matching keys and check them */ 591 enum sec_status sec = sec_status_bogus; 592 uint16_t tag = rrset_get_sig_keytag(rrset, sig_idx); 593 int algo = rrset_get_sig_algo(rrset, sig_idx); 594 size_t i, num = rrset_get_count(dnskey); 595 size_t numchecked = 0; 596 int buf_canon = 0; 597 verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo); 598 if(!dnskey_algo_id_is_supported(algo)) { 599 verbose(VERB_QUERY, "verify sig: unknown algorithm"); 600 return sec_status_insecure; 601 } 602 603 for(i=0; i<num; i++) { 604 /* see if key matches keytag and algo */ 605 if(algo != dnskey_get_algo(dnskey, i) || 606 tag != dnskey_calc_keytag(dnskey, i)) 607 continue; 608 numchecked ++; 609 610 /* see if key verifies */ 611 sec = dnskey_verify_rrset_sig(env->scratch, 612 env->scratch_buffer, ve, now, rrset, dnskey, i, 613 sig_idx, sortree, &buf_canon, reason); 614 if(sec == sec_status_secure) 615 return sec; 616 } 617 if(numchecked == 0) { 618 *reason = "signatures from unknown keys"; 619 verbose(VERB_QUERY, "verify: could not find appropriate key"); 620 return sec_status_bogus; 621 } 622 return sec_status_bogus; 623 } 624 625 /** 626 * RR entries in a canonical sorted tree of RRs 627 */ 628 struct canon_rr { 629 /** rbtree node, key is this structure */ 630 rbnode_t node; 631 /** rrset the RR is in */ 632 struct ub_packed_rrset_key* rrset; 633 /** which RR in the rrset */ 634 size_t rr_idx; 635 }; 636 637 /** 638 * Compare two RR for canonical order, in a field-style sweep. 639 * @param d: rrset data 640 * @param desc: ldns wireformat descriptor. 641 * @param i: first RR to compare 642 * @param j: first RR to compare 643 * @return comparison code. 644 */ 645 static int 646 canonical_compare_byfield(struct packed_rrset_data* d, 647 const sldns_rr_descriptor* desc, size_t i, size_t j) 648 { 649 /* sweep across rdata, keep track of some state: 650 * which rr field, and bytes left in field. 651 * current position in rdata, length left. 652 * are we in a dname, length left in a label. 653 */ 654 int wfi = -1; /* current wireformat rdata field (rdf) */ 655 int wfj = -1; 656 uint8_t* di = d->rr_data[i]+2; /* ptr to current rdata byte */ 657 uint8_t* dj = d->rr_data[j]+2; 658 size_t ilen = d->rr_len[i]-2; /* length left in rdata */ 659 size_t jlen = d->rr_len[j]-2; 660 int dname_i = 0; /* true if these bytes are part of a name */ 661 int dname_j = 0; 662 size_t lablen_i = 0; /* 0 for label length byte,for first byte of rdf*/ 663 size_t lablen_j = 0; /* otherwise remaining length of rdf or label */ 664 int dname_num_i = (int)desc->_dname_count; /* decreased at root label */ 665 int dname_num_j = (int)desc->_dname_count; 666 667 /* loop while there are rdata bytes available for both rrs, 668 * and still some lowercasing needs to be done; either the dnames 669 * have not been reached yet, or they are currently being processed */ 670 while(ilen > 0 && jlen > 0 && (dname_num_i > 0 || dname_num_j > 0)) { 671 /* compare these two bytes */ 672 /* lowercase if in a dname and not a label length byte */ 673 if( ((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di) 674 != ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj) 675 ) { 676 if(((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di) 677 < ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj)) 678 return -1; 679 return 1; 680 } 681 ilen--; 682 jlen--; 683 /* bytes are equal */ 684 685 /* advance field i */ 686 /* lablen 0 means that this byte is the first byte of the 687 * next rdata field; inspect this rdata field and setup 688 * to process the rest of this rdata field. 689 * The reason to first read the byte, then setup the rdf, 690 * is that we are then sure the byte is available and short 691 * rdata is handled gracefully (even if it is a formerr). */ 692 if(lablen_i == 0) { 693 if(dname_i) { 694 /* scan this dname label */ 695 /* capture length to lowercase */ 696 lablen_i = (size_t)*di; 697 if(lablen_i == 0) { 698 /* end root label */ 699 dname_i = 0; 700 dname_num_i--; 701 /* if dname num is 0, then the 702 * remainder is binary only */ 703 if(dname_num_i == 0) 704 lablen_i = ilen; 705 } 706 } else { 707 /* scan this rdata field */ 708 wfi++; 709 if(desc->_wireformat[wfi] 710 == LDNS_RDF_TYPE_DNAME) { 711 dname_i = 1; 712 lablen_i = (size_t)*di; 713 if(lablen_i == 0) { 714 dname_i = 0; 715 dname_num_i--; 716 if(dname_num_i == 0) 717 lablen_i = ilen; 718 } 719 } else if(desc->_wireformat[wfi] 720 == LDNS_RDF_TYPE_STR) 721 lablen_i = (size_t)*di; 722 else lablen_i = get_rdf_size( 723 desc->_wireformat[wfi]) - 1; 724 } 725 } else lablen_i--; 726 727 /* advance field j; same as for i */ 728 if(lablen_j == 0) { 729 if(dname_j) { 730 lablen_j = (size_t)*dj; 731 if(lablen_j == 0) { 732 dname_j = 0; 733 dname_num_j--; 734 if(dname_num_j == 0) 735 lablen_j = jlen; 736 } 737 } else { 738 wfj++; 739 if(desc->_wireformat[wfj] 740 == LDNS_RDF_TYPE_DNAME) { 741 dname_j = 1; 742 lablen_j = (size_t)*dj; 743 if(lablen_j == 0) { 744 dname_j = 0; 745 dname_num_j--; 746 if(dname_num_j == 0) 747 lablen_j = jlen; 748 } 749 } else if(desc->_wireformat[wfj] 750 == LDNS_RDF_TYPE_STR) 751 lablen_j = (size_t)*dj; 752 else lablen_j = get_rdf_size( 753 desc->_wireformat[wfj]) - 1; 754 } 755 } else lablen_j--; 756 di++; 757 dj++; 758 } 759 /* end of the loop; because we advanced byte by byte; now we have 760 * that the rdata has ended, or that there is a binary remainder */ 761 /* shortest first */ 762 if(ilen == 0 && jlen == 0) 763 return 0; 764 if(ilen == 0) 765 return -1; 766 if(jlen == 0) 767 return 1; 768 /* binary remainder, capture comparison in wfi variable */ 769 if((wfi = memcmp(di, dj, (ilen<jlen)?ilen:jlen)) != 0) 770 return wfi; 771 if(ilen < jlen) 772 return -1; 773 if(jlen < ilen) 774 return 1; 775 return 0; 776 } 777 778 /** 779 * Compare two RRs in the same RRset and determine their relative 780 * canonical order. 781 * @param rrset: the rrset in which to perform compares. 782 * @param i: first RR to compare 783 * @param j: first RR to compare 784 * @return 0 if RR i== RR j, -1 if <, +1 if >. 785 */ 786 static int 787 canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j) 788 { 789 struct packed_rrset_data* d = (struct packed_rrset_data*) 790 rrset->entry.data; 791 const sldns_rr_descriptor* desc; 792 uint16_t type = ntohs(rrset->rk.type); 793 size_t minlen; 794 int c; 795 796 if(i==j) 797 return 0; 798 799 switch(type) { 800 /* These RR types have only a name as RDATA. 801 * This name has to be canonicalized.*/ 802 case LDNS_RR_TYPE_NS: 803 case LDNS_RR_TYPE_MD: 804 case LDNS_RR_TYPE_MF: 805 case LDNS_RR_TYPE_CNAME: 806 case LDNS_RR_TYPE_MB: 807 case LDNS_RR_TYPE_MG: 808 case LDNS_RR_TYPE_MR: 809 case LDNS_RR_TYPE_PTR: 810 case LDNS_RR_TYPE_DNAME: 811 /* the wireread function has already checked these 812 * dname's for correctness, and this double checks */ 813 if(!dname_valid(d->rr_data[i]+2, d->rr_len[i]-2) || 814 !dname_valid(d->rr_data[j]+2, d->rr_len[j]-2)) 815 return 0; 816 return query_dname_compare(d->rr_data[i]+2, 817 d->rr_data[j]+2); 818 819 /* These RR types have STR and fixed size rdata fields 820 * before one or more name fields that need canonicalizing, 821 * and after that a byte-for byte remainder can be compared. 822 */ 823 /* type starts with the name; remainder is binary compared */ 824 case LDNS_RR_TYPE_NXT: 825 /* use rdata field formats */ 826 case LDNS_RR_TYPE_MINFO: 827 case LDNS_RR_TYPE_RP: 828 case LDNS_RR_TYPE_SOA: 829 case LDNS_RR_TYPE_RT: 830 case LDNS_RR_TYPE_AFSDB: 831 case LDNS_RR_TYPE_KX: 832 case LDNS_RR_TYPE_MX: 833 case LDNS_RR_TYPE_SIG: 834 /* RRSIG signer name has to be downcased */ 835 case LDNS_RR_TYPE_RRSIG: 836 case LDNS_RR_TYPE_PX: 837 case LDNS_RR_TYPE_NAPTR: 838 case LDNS_RR_TYPE_SRV: 839 desc = sldns_rr_descript(type); 840 log_assert(desc); 841 /* this holds for the types that need canonicalizing */ 842 log_assert(desc->_minimum == desc->_maximum); 843 return canonical_compare_byfield(d, desc, i, j); 844 845 case LDNS_RR_TYPE_HINFO: /* no longer downcased */ 846 case LDNS_RR_TYPE_NSEC: 847 default: 848 /* For unknown RR types, or types not listed above, 849 * no canonicalization is needed, do binary compare */ 850 /* byte for byte compare, equal means shortest first*/ 851 minlen = d->rr_len[i]-2; 852 if(minlen > d->rr_len[j]-2) 853 minlen = d->rr_len[j]-2; 854 c = memcmp(d->rr_data[i]+2, d->rr_data[j]+2, minlen); 855 if(c!=0) 856 return c; 857 /* rdata equal, shortest is first */ 858 if(d->rr_len[i] < d->rr_len[j]) 859 return -1; 860 if(d->rr_len[i] > d->rr_len[j]) 861 return 1; 862 /* rdata equal, length equal */ 863 break; 864 } 865 return 0; 866 } 867 868 int 869 canonical_tree_compare(const void* k1, const void* k2) 870 { 871 struct canon_rr* r1 = (struct canon_rr*)k1; 872 struct canon_rr* r2 = (struct canon_rr*)k2; 873 log_assert(r1->rrset == r2->rrset); 874 return canonical_compare(r1->rrset, r1->rr_idx, r2->rr_idx); 875 } 876 877 /** 878 * Sort RRs for rrset in canonical order. 879 * Does not actually canonicalize the RR rdatas. 880 * Does not touch rrsigs. 881 * @param rrset: to sort. 882 * @param d: rrset data. 883 * @param sortree: tree to sort into. 884 * @param rrs: rr storage. 885 */ 886 static void 887 canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d, 888 rbtree_t* sortree, struct canon_rr* rrs) 889 { 890 size_t i; 891 /* insert into rbtree to sort and detect duplicates */ 892 for(i=0; i<d->count; i++) { 893 rrs[i].node.key = &rrs[i]; 894 rrs[i].rrset = rrset; 895 rrs[i].rr_idx = i; 896 if(!rbtree_insert(sortree, &rrs[i].node)) { 897 /* this was a duplicate */ 898 } 899 } 900 } 901 902 /** 903 * Inser canonical owner name into buffer. 904 * @param buf: buffer to insert into at current position. 905 * @param k: rrset with its owner name. 906 * @param sig: signature with signer name and label count. 907 * must be length checked, at least 18 bytes long. 908 * @param can_owner: position in buffer returned for future use. 909 * @param can_owner_len: length of canonical owner name. 910 */ 911 static void 912 insert_can_owner(sldns_buffer* buf, struct ub_packed_rrset_key* k, 913 uint8_t* sig, uint8_t** can_owner, size_t* can_owner_len) 914 { 915 int rrsig_labels = (int)sig[3]; 916 int fqdn_labels = dname_signame_label_count(k->rk.dname); 917 *can_owner = sldns_buffer_current(buf); 918 if(rrsig_labels == fqdn_labels) { 919 /* no change */ 920 sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len); 921 query_dname_tolower(*can_owner); 922 *can_owner_len = k->rk.dname_len; 923 return; 924 } 925 log_assert(rrsig_labels < fqdn_labels); 926 /* *. | fqdn(rightmost rrsig_labels) */ 927 if(rrsig_labels < fqdn_labels) { 928 int i; 929 uint8_t* nm = k->rk.dname; 930 size_t len = k->rk.dname_len; 931 /* so skip fqdn_labels-rrsig_labels */ 932 for(i=0; i<fqdn_labels-rrsig_labels; i++) { 933 dname_remove_label(&nm, &len); 934 } 935 *can_owner_len = len+2; 936 sldns_buffer_write(buf, (uint8_t*)"\001*", 2); 937 sldns_buffer_write(buf, nm, len); 938 query_dname_tolower(*can_owner); 939 } 940 } 941 942 /** 943 * Canonicalize Rdata in buffer. 944 * @param buf: buffer at position just after the rdata. 945 * @param rrset: rrset with type. 946 * @param len: length of the rdata (including rdatalen uint16). 947 */ 948 static void 949 canonicalize_rdata(sldns_buffer* buf, struct ub_packed_rrset_key* rrset, 950 size_t len) 951 { 952 uint8_t* datstart = sldns_buffer_current(buf)-len+2; 953 switch(ntohs(rrset->rk.type)) { 954 case LDNS_RR_TYPE_NXT: 955 case LDNS_RR_TYPE_NS: 956 case LDNS_RR_TYPE_MD: 957 case LDNS_RR_TYPE_MF: 958 case LDNS_RR_TYPE_CNAME: 959 case LDNS_RR_TYPE_MB: 960 case LDNS_RR_TYPE_MG: 961 case LDNS_RR_TYPE_MR: 962 case LDNS_RR_TYPE_PTR: 963 case LDNS_RR_TYPE_DNAME: 964 /* type only has a single argument, the name */ 965 query_dname_tolower(datstart); 966 return; 967 case LDNS_RR_TYPE_MINFO: 968 case LDNS_RR_TYPE_RP: 969 case LDNS_RR_TYPE_SOA: 970 /* two names after another */ 971 query_dname_tolower(datstart); 972 query_dname_tolower(datstart + 973 dname_valid(datstart, len-2)); 974 return; 975 case LDNS_RR_TYPE_RT: 976 case LDNS_RR_TYPE_AFSDB: 977 case LDNS_RR_TYPE_KX: 978 case LDNS_RR_TYPE_MX: 979 /* skip fixed part */ 980 if(len < 2+2+1) /* rdlen, skiplen, 1byteroot */ 981 return; 982 datstart += 2; 983 query_dname_tolower(datstart); 984 return; 985 case LDNS_RR_TYPE_SIG: 986 /* downcase the RRSIG, compat with BIND (kept it from SIG) */ 987 case LDNS_RR_TYPE_RRSIG: 988 /* skip fixed part */ 989 if(len < 2+18+1) 990 return; 991 datstart += 18; 992 query_dname_tolower(datstart); 993 return; 994 case LDNS_RR_TYPE_PX: 995 /* skip, then two names after another */ 996 if(len < 2+2+1) 997 return; 998 datstart += 2; 999 query_dname_tolower(datstart); 1000 query_dname_tolower(datstart + 1001 dname_valid(datstart, len-2-2)); 1002 return; 1003 case LDNS_RR_TYPE_NAPTR: 1004 if(len < 2+4) 1005 return; 1006 len -= 2+4; 1007 datstart += 4; 1008 if(len < (size_t)datstart[0]+1) /* skip text field */ 1009 return; 1010 len -= (size_t)datstart[0]+1; 1011 datstart += (size_t)datstart[0]+1; 1012 if(len < (size_t)datstart[0]+1) /* skip text field */ 1013 return; 1014 len -= (size_t)datstart[0]+1; 1015 datstart += (size_t)datstart[0]+1; 1016 if(len < (size_t)datstart[0]+1) /* skip text field */ 1017 return; 1018 len -= (size_t)datstart[0]+1; 1019 datstart += (size_t)datstart[0]+1; 1020 if(len < 1) /* check name is at least 1 byte*/ 1021 return; 1022 query_dname_tolower(datstart); 1023 return; 1024 case LDNS_RR_TYPE_SRV: 1025 /* skip fixed part */ 1026 if(len < 2+6+1) 1027 return; 1028 datstart += 6; 1029 query_dname_tolower(datstart); 1030 return; 1031 1032 /* do not canonicalize NSEC rdata name, compat with 1033 * from bind 9.4 signer, where it does not do so */ 1034 case LDNS_RR_TYPE_NSEC: /* type starts with the name */ 1035 case LDNS_RR_TYPE_HINFO: /* not downcased */ 1036 /* A6 not supported */ 1037 default: 1038 /* nothing to do for unknown types */ 1039 return; 1040 } 1041 } 1042 1043 int rrset_canonical_equal(struct regional* region, 1044 struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2) 1045 { 1046 struct rbtree_t sortree1, sortree2; 1047 struct canon_rr *rrs1, *rrs2, *p1, *p2; 1048 struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data; 1049 struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data; 1050 struct ub_packed_rrset_key fk; 1051 struct packed_rrset_data fd; 1052 size_t flen[2]; 1053 uint8_t* fdata[2]; 1054 1055 /* basic compare */ 1056 if(k1->rk.dname_len != k2->rk.dname_len || 1057 k1->rk.flags != k2->rk.flags || 1058 k1->rk.type != k2->rk.type || 1059 k1->rk.rrset_class != k2->rk.rrset_class || 1060 query_dname_compare(k1->rk.dname, k2->rk.dname) != 0) 1061 return 0; 1062 if(d1->ttl != d2->ttl || 1063 d1->count != d2->count || 1064 d1->rrsig_count != d2->rrsig_count || 1065 d1->trust != d2->trust || 1066 d1->security != d2->security) 1067 return 0; 1068 1069 /* init */ 1070 memset(&fk, 0, sizeof(fk)); 1071 memset(&fd, 0, sizeof(fd)); 1072 fk.entry.data = &fd; 1073 fd.count = 2; 1074 fd.rr_len = flen; 1075 fd.rr_data = fdata; 1076 rbtree_init(&sortree1, &canonical_tree_compare); 1077 rbtree_init(&sortree2, &canonical_tree_compare); 1078 if(d1->count > RR_COUNT_MAX || d2->count > RR_COUNT_MAX) 1079 return 1; /* protection against integer overflow */ 1080 rrs1 = regional_alloc(region, sizeof(struct canon_rr)*d1->count); 1081 rrs2 = regional_alloc(region, sizeof(struct canon_rr)*d2->count); 1082 if(!rrs1 || !rrs2) return 1; /* alloc failure */ 1083 1084 /* sort */ 1085 canonical_sort(k1, d1, &sortree1, rrs1); 1086 canonical_sort(k2, d2, &sortree2, rrs2); 1087 1088 /* compare canonical-sorted RRs for canonical-equality */ 1089 if(sortree1.count != sortree2.count) 1090 return 0; 1091 p1 = (struct canon_rr*)rbtree_first(&sortree1); 1092 p2 = (struct canon_rr*)rbtree_first(&sortree2); 1093 while(p1 != (struct canon_rr*)RBTREE_NULL && 1094 p2 != (struct canon_rr*)RBTREE_NULL) { 1095 flen[0] = d1->rr_len[p1->rr_idx]; 1096 flen[1] = d2->rr_len[p2->rr_idx]; 1097 fdata[0] = d1->rr_data[p1->rr_idx]; 1098 fdata[1] = d2->rr_data[p2->rr_idx]; 1099 1100 if(canonical_compare(&fk, 0, 1) != 0) 1101 return 0; 1102 p1 = (struct canon_rr*)rbtree_next(&p1->node); 1103 p2 = (struct canon_rr*)rbtree_next(&p2->node); 1104 } 1105 return 1; 1106 } 1107 1108 /** 1109 * Create canonical form of rrset in the scratch buffer. 1110 * @param region: temporary region. 1111 * @param buf: the buffer to use. 1112 * @param k: the rrset to insert. 1113 * @param sig: RRSIG rdata to include. 1114 * @param siglen: RRSIG rdata len excluding signature field, but inclusive 1115 * signer name length. 1116 * @param sortree: if NULL is passed a new sorted rrset tree is built. 1117 * Otherwise it is reused. 1118 * @return false on alloc error. 1119 */ 1120 static int 1121 rrset_canonical(struct regional* region, sldns_buffer* buf, 1122 struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen, 1123 struct rbtree_t** sortree) 1124 { 1125 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; 1126 uint8_t* can_owner = NULL; 1127 size_t can_owner_len = 0; 1128 struct canon_rr* walk; 1129 struct canon_rr* rrs; 1130 1131 if(!*sortree) { 1132 *sortree = (struct rbtree_t*)regional_alloc(region, 1133 sizeof(rbtree_t)); 1134 if(!*sortree) 1135 return 0; 1136 if(d->count > RR_COUNT_MAX) 1137 return 0; /* integer overflow protection */ 1138 rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count); 1139 if(!rrs) { 1140 *sortree = NULL; 1141 return 0; 1142 } 1143 rbtree_init(*sortree, &canonical_tree_compare); 1144 canonical_sort(k, d, *sortree, rrs); 1145 } 1146 1147 sldns_buffer_clear(buf); 1148 sldns_buffer_write(buf, sig, siglen); 1149 /* canonicalize signer name */ 1150 query_dname_tolower(sldns_buffer_begin(buf)+18); 1151 RBTREE_FOR(walk, struct canon_rr*, (*sortree)) { 1152 /* see if there is enough space left in the buffer */ 1153 if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4 1154 + d->rr_len[walk->rr_idx]) { 1155 log_err("verify: failed to canonicalize, " 1156 "rrset too big"); 1157 return 0; 1158 } 1159 /* determine canonical owner name */ 1160 if(can_owner) 1161 sldns_buffer_write(buf, can_owner, can_owner_len); 1162 else insert_can_owner(buf, k, sig, &can_owner, 1163 &can_owner_len); 1164 sldns_buffer_write(buf, &k->rk.type, 2); 1165 sldns_buffer_write(buf, &k->rk.rrset_class, 2); 1166 sldns_buffer_write(buf, sig+4, 4); 1167 sldns_buffer_write(buf, d->rr_data[walk->rr_idx], 1168 d->rr_len[walk->rr_idx]); 1169 canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]); 1170 } 1171 sldns_buffer_flip(buf); 1172 return 1; 1173 } 1174 1175 /** pretty print rrsig error with dates */ 1176 static void 1177 sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) 1178 { 1179 struct tm tm; 1180 char expi_buf[16]; 1181 char incep_buf[16]; 1182 char now_buf[16]; 1183 time_t te, ti, tn; 1184 1185 if(verbosity < VERB_QUERY) 1186 return; 1187 te = (time_t)expi; 1188 ti = (time_t)incep; 1189 tn = (time_t)now; 1190 memset(&tm, 0, sizeof(tm)); 1191 if(gmtime_r(&te, &tm) && strftime(expi_buf, 15, "%Y%m%d%H%M%S", &tm) 1192 &&gmtime_r(&ti, &tm) && strftime(incep_buf, 15, "%Y%m%d%H%M%S", &tm) 1193 &&gmtime_r(&tn, &tm) && strftime(now_buf, 15, "%Y%m%d%H%M%S", &tm)) { 1194 log_info("%s expi=%s incep=%s now=%s", str, expi_buf, 1195 incep_buf, now_buf); 1196 } else 1197 log_info("%s expi=%u incep=%u now=%u", str, (unsigned)expi, 1198 (unsigned)incep, (unsigned)now); 1199 } 1200 1201 /** check rrsig dates */ 1202 static int 1203 check_dates(struct val_env* ve, uint32_t unow, 1204 uint8_t* expi_p, uint8_t* incep_p, char** reason) 1205 { 1206 /* read out the dates */ 1207 int32_t expi, incep, now; 1208 memmove(&expi, expi_p, sizeof(expi)); 1209 memmove(&incep, incep_p, sizeof(incep)); 1210 expi = ntohl(expi); 1211 incep = ntohl(incep); 1212 1213 /* get current date */ 1214 if(ve->date_override) { 1215 if(ve->date_override == -1) { 1216 verbose(VERB_ALGO, "date override: ignore date"); 1217 return 1; 1218 } 1219 now = ve->date_override; 1220 verbose(VERB_ALGO, "date override option %d", (int)now); 1221 } else now = (int32_t)unow; 1222 1223 /* check them */ 1224 if(incep - expi > 0) { 1225 sigdate_error("verify: inception after expiration, " 1226 "signature bad", expi, incep, now); 1227 *reason = "signature inception after expiration"; 1228 return 0; 1229 } 1230 if(incep - now > 0) { 1231 /* within skew ? (calc here to avoid calculation normally) */ 1232 int32_t skew = (expi-incep)/10; 1233 if(skew < ve->skew_min) skew = ve->skew_min; 1234 if(skew > ve->skew_max) skew = ve->skew_max; 1235 if(incep - now > skew) { 1236 sigdate_error("verify: signature bad, current time is" 1237 " before inception date", expi, incep, now); 1238 *reason = "signature before inception date"; 1239 return 0; 1240 } 1241 sigdate_error("verify warning suspicious signature inception " 1242 " or bad local clock", expi, incep, now); 1243 } 1244 if(now - expi > 0) { 1245 int32_t skew = (expi-incep)/10; 1246 if(skew < ve->skew_min) skew = ve->skew_min; 1247 if(skew > ve->skew_max) skew = ve->skew_max; 1248 if(now - expi > skew) { 1249 sigdate_error("verify: signature expired", expi, 1250 incep, now); 1251 *reason = "signature expired"; 1252 return 0; 1253 } 1254 sigdate_error("verify warning suspicious signature expiration " 1255 " or bad local clock", expi, incep, now); 1256 } 1257 return 1; 1258 } 1259 1260 /** adjust rrset TTL for verified rrset, compare to original TTL and expi */ 1261 static void 1262 adjust_ttl(struct val_env* ve, uint32_t unow, 1263 struct ub_packed_rrset_key* rrset, uint8_t* orig_p, 1264 uint8_t* expi_p, uint8_t* incep_p) 1265 { 1266 struct packed_rrset_data* d = 1267 (struct packed_rrset_data*)rrset->entry.data; 1268 /* read out the dates */ 1269 int32_t origttl, expittl, expi, incep, now; 1270 memmove(&origttl, orig_p, sizeof(origttl)); 1271 memmove(&expi, expi_p, sizeof(expi)); 1272 memmove(&incep, incep_p, sizeof(incep)); 1273 expi = ntohl(expi); 1274 incep = ntohl(incep); 1275 origttl = ntohl(origttl); 1276 1277 /* get current date */ 1278 if(ve->date_override) { 1279 now = ve->date_override; 1280 } else now = (int32_t)unow; 1281 expittl = expi - now; 1282 1283 /* so now: 1284 * d->ttl: rrset ttl read from message or cache. May be reduced 1285 * origttl: original TTL from signature, authoritative TTL max. 1286 * MIN_TTL: minimum TTL from config. 1287 * expittl: TTL until the signature expires. 1288 * 1289 * Use the smallest of these, but don't let origttl set the TTL 1290 * below the minimum. 1291 */ 1292 if(MIN_TTL > (time_t)origttl && d->ttl > MIN_TTL) { 1293 verbose(VERB_QUERY, "rrset TTL larger than original and minimum" 1294 " TTL, adjusting TTL downwards to mimimum ttl"); 1295 d->ttl = MIN_TTL; 1296 } 1297 else if(MIN_TTL <= origttl && d->ttl > (time_t)origttl) { 1298 verbose(VERB_QUERY, "rrset TTL larger than original TTL, " 1299 "adjusting TTL downwards to original ttl"); 1300 d->ttl = origttl; 1301 } 1302 1303 if(expittl > 0 && d->ttl > (time_t)expittl) { 1304 verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl," 1305 " adjusting TTL downwards"); 1306 d->ttl = expittl; 1307 } 1308 } 1309 1310 enum sec_status 1311 dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf, 1312 struct val_env* ve, time_t now, 1313 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, 1314 size_t dnskey_idx, size_t sig_idx, 1315 struct rbtree_t** sortree, int* buf_canon, char** reason) 1316 { 1317 enum sec_status sec; 1318 uint8_t* sig; /* RRSIG rdata */ 1319 size_t siglen; 1320 size_t rrnum = rrset_get_count(rrset); 1321 uint8_t* signer; /* rrsig signer name */ 1322 size_t signer_len; 1323 unsigned char* sigblock; /* signature rdata field */ 1324 unsigned int sigblock_len; 1325 uint16_t ktag; /* DNSKEY key tag */ 1326 unsigned char* key; /* public key rdata field */ 1327 unsigned int keylen; 1328 rrset_get_rdata(rrset, rrnum + sig_idx, &sig, &siglen); 1329 /* min length of rdatalen, fixed rrsig, root signer, 1 byte sig */ 1330 if(siglen < 2+20) { 1331 verbose(VERB_QUERY, "verify: signature too short"); 1332 *reason = "signature too short"; 1333 return sec_status_bogus; 1334 } 1335 1336 if(!(dnskey_get_flags(dnskey, dnskey_idx) & DNSKEY_BIT_ZSK)) { 1337 verbose(VERB_QUERY, "verify: dnskey without ZSK flag"); 1338 *reason = "dnskey without ZSK flag"; 1339 return sec_status_bogus; 1340 } 1341 1342 if(dnskey_get_protocol(dnskey, dnskey_idx) != LDNS_DNSSEC_KEYPROTO) { 1343 /* RFC 4034 says DNSKEY PROTOCOL MUST be 3 */ 1344 verbose(VERB_QUERY, "verify: dnskey has wrong key protocol"); 1345 *reason = "dnskey has wrong protocolnumber"; 1346 return sec_status_bogus; 1347 } 1348 1349 /* verify as many fields in rrsig as possible */ 1350 signer = sig+2+18; 1351 signer_len = dname_valid(signer, siglen-2-18); 1352 if(!signer_len) { 1353 verbose(VERB_QUERY, "verify: malformed signer name"); 1354 *reason = "signer name malformed"; 1355 return sec_status_bogus; /* signer name invalid */ 1356 } 1357 if(!dname_subdomain_c(rrset->rk.dname, signer)) { 1358 verbose(VERB_QUERY, "verify: signer name is off-tree"); 1359 *reason = "signer name off-tree"; 1360 return sec_status_bogus; /* signer name offtree */ 1361 } 1362 sigblock = (unsigned char*)signer+signer_len; 1363 if(siglen < 2+18+signer_len+1) { 1364 verbose(VERB_QUERY, "verify: too short, no signature data"); 1365 *reason = "signature too short, no signature data"; 1366 return sec_status_bogus; /* sig rdf is < 1 byte */ 1367 } 1368 sigblock_len = (unsigned int)(siglen - 2 - 18 - signer_len); 1369 1370 /* verify key dname == sig signer name */ 1371 if(query_dname_compare(signer, dnskey->rk.dname) != 0) { 1372 verbose(VERB_QUERY, "verify: wrong key for rrsig"); 1373 log_nametypeclass(VERB_QUERY, "RRSIG signername is", 1374 signer, 0, 0); 1375 log_nametypeclass(VERB_QUERY, "the key name is", 1376 dnskey->rk.dname, 0, 0); 1377 *reason = "signer name mismatches key name"; 1378 return sec_status_bogus; 1379 } 1380 1381 /* verify covered type */ 1382 /* memcmp works because type is in network format for rrset */ 1383 if(memcmp(sig+2, &rrset->rk.type, 2) != 0) { 1384 verbose(VERB_QUERY, "verify: wrong type covered"); 1385 *reason = "signature covers wrong type"; 1386 return sec_status_bogus; 1387 } 1388 /* verify keytag and sig algo (possibly again) */ 1389 if((int)sig[2+2] != dnskey_get_algo(dnskey, dnskey_idx)) { 1390 verbose(VERB_QUERY, "verify: wrong algorithm"); 1391 *reason = "signature has wrong algorithm"; 1392 return sec_status_bogus; 1393 } 1394 ktag = htons(dnskey_calc_keytag(dnskey, dnskey_idx)); 1395 if(memcmp(sig+2+16, &ktag, 2) != 0) { 1396 verbose(VERB_QUERY, "verify: wrong keytag"); 1397 *reason = "signature has wrong keytag"; 1398 return sec_status_bogus; 1399 } 1400 1401 /* verify labels is in a valid range */ 1402 if((int)sig[2+3] > dname_signame_label_count(rrset->rk.dname)) { 1403 verbose(VERB_QUERY, "verify: labelcount out of range"); 1404 *reason = "signature labelcount out of range"; 1405 return sec_status_bogus; 1406 } 1407 1408 /* original ttl, always ok */ 1409 1410 if(!*buf_canon) { 1411 /* create rrset canonical format in buffer, ready for 1412 * signature */ 1413 if(!rrset_canonical(region, buf, rrset, sig+2, 1414 18 + signer_len, sortree)) { 1415 log_err("verify: failed due to alloc error"); 1416 return sec_status_unchecked; 1417 } 1418 *buf_canon = 1; 1419 } 1420 1421 /* check that dnskey is available */ 1422 dnskey_get_pubkey(dnskey, dnskey_idx, &key, &keylen); 1423 if(!key) { 1424 verbose(VERB_QUERY, "verify: short DNSKEY RR"); 1425 return sec_status_unchecked; 1426 } 1427 1428 /* verify */ 1429 sec = verify_canonrrset(buf, (int)sig[2+2], 1430 sigblock, sigblock_len, key, keylen, reason); 1431 1432 if(sec == sec_status_secure) { 1433 /* check if TTL is too high - reduce if so */ 1434 adjust_ttl(ve, now, rrset, sig+2+4, sig+2+8, sig+2+12); 1435 1436 /* verify inception, expiration dates 1437 * Do this last so that if you ignore expired-sigs the 1438 * rest is sure to be OK. */ 1439 if(!check_dates(ve, now, sig+2+8, sig+2+12, reason)) { 1440 return sec_status_bogus; 1441 } 1442 } 1443 1444 return sec; 1445 } 1446