2015-12-02 21:20:37 +01:00
|
|
|
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
|
|
|
|
|
|
|
|
|
|
/***
|
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
|
|
Copyright 2015 Lennart Poettering
|
|
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
***/
|
|
|
|
|
|
|
|
|
|
#include <gcrypt.h>
|
|
|
|
|
|
|
|
|
|
#include "alloc-util.h"
|
|
|
|
|
#include "dns-domain.h"
|
2015-12-14 21:26:42 +01:00
|
|
|
#include "hexdecoct.h"
|
2015-12-02 21:20:37 +01:00
|
|
|
#include "resolved-dns-dnssec.h"
|
|
|
|
|
#include "resolved-dns-packet.h"
|
2015-12-03 19:51:04 +01:00
|
|
|
#include "string-table.h"
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
/* Open question:
|
|
|
|
|
*
|
|
|
|
|
* How does the DNSSEC canonical form of a hostname with a label
|
|
|
|
|
* containing a dot look like, the way DNS-SD does it?
|
|
|
|
|
*
|
2015-12-03 19:53:13 +01:00
|
|
|
* TODO:
|
|
|
|
|
*
|
2015-12-21 22:07:41 +01:00
|
|
|
* - wildcard zones compatibility (NSEC/NSEC3 wildcard check is missing)
|
2015-12-03 21:16:07 +01:00
|
|
|
* - multi-label zone compatibility
|
2015-12-18 14:48:24 +01:00
|
|
|
* - cname/dname compatibility
|
2015-12-28 01:18:40 +01:00
|
|
|
* - nxdomain on qname
|
2016-01-05 19:59:19 +01:00
|
|
|
* - workable hack for the .corp, .home, .box case
|
|
|
|
|
* - bus calls to override DNSEC setting per interface
|
2016-01-06 18:39:08 +01:00
|
|
|
* - log all DNSSEC downgrades
|
|
|
|
|
* - enable by default
|
2015-12-03 19:53:13 +01:00
|
|
|
*
|
2015-12-02 21:20:37 +01:00
|
|
|
* */
|
|
|
|
|
|
|
|
|
|
#define VERIFY_RRS_MAX 256
|
|
|
|
|
#define MAX_KEY_SIZE (32*1024)
|
|
|
|
|
|
2015-12-03 19:03:21 +01:00
|
|
|
/* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
|
|
|
|
|
#define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
|
|
|
|
|
|
2016-01-02 21:33:17 +01:00
|
|
|
/* Maximum number of NSEC3 iterations we'll do. */
|
|
|
|
|
#define NSEC3_ITERATIONS_MAX 2048
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
/*
|
|
|
|
|
* The DNSSEC Chain of trust:
|
|
|
|
|
*
|
|
|
|
|
* Normal RRs are protected via RRSIG RRs in combination with DNSKEY RRs, all in the same zone
|
|
|
|
|
* DNSKEY RRs are either protected like normal RRs, or via a DS from a zone "higher" up the tree
|
|
|
|
|
* DS RRs are protected like normal RRs
|
|
|
|
|
*
|
|
|
|
|
* Example chain:
|
|
|
|
|
* Normal RR → RRSIG/DNSKEY+ → DS → RRSIG/DNSKEY+ → DS → ... → DS → RRSIG/DNSKEY+ → DS
|
|
|
|
|
*/
|
|
|
|
|
|
2015-12-14 21:21:16 +01:00
|
|
|
static void initialize_libgcrypt(void) {
|
|
|
|
|
const char *p;
|
|
|
|
|
|
|
|
|
|
if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
p = gcry_check_version("1.4.5");
|
|
|
|
|
assert(p);
|
|
|
|
|
|
|
|
|
|
gcry_control(GCRYCTL_DISABLE_SECMEM);
|
|
|
|
|
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-04 20:38:21 +01:00
|
|
|
uint16_t dnssec_keytag(DnsResourceRecord *dnskey, bool mask_revoke) {
|
2015-12-02 21:20:37 +01:00
|
|
|
const uint8_t *p;
|
2016-01-04 20:38:21 +01:00
|
|
|
uint32_t sum, f;
|
2015-12-02 21:20:37 +01:00
|
|
|
size_t i;
|
|
|
|
|
|
|
|
|
|
/* The algorithm from RFC 4034, Appendix B. */
|
|
|
|
|
|
|
|
|
|
assert(dnskey);
|
|
|
|
|
assert(dnskey->key->type == DNS_TYPE_DNSKEY);
|
|
|
|
|
|
2016-01-04 20:38:21 +01:00
|
|
|
f = (uint32_t) dnskey->dnskey.flags;
|
|
|
|
|
|
|
|
|
|
if (mask_revoke)
|
|
|
|
|
f &= ~DNSKEY_FLAG_REVOKE;
|
|
|
|
|
|
|
|
|
|
sum = f + ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
p = dnskey->dnskey.key;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < dnskey->dnskey.key_size; i++)
|
|
|
|
|
sum += (i & 1) == 0 ? (uint32_t) p[i] << 8 : (uint32_t) p[i];
|
|
|
|
|
|
|
|
|
|
sum += (sum >> 16) & UINT32_C(0xFFFF);
|
|
|
|
|
|
|
|
|
|
return sum & UINT32_C(0xFFFF);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int rr_compare(const void *a, const void *b) {
|
|
|
|
|
DnsResourceRecord **x = (DnsResourceRecord**) a, **y = (DnsResourceRecord**) b;
|
|
|
|
|
size_t m;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
/* Let's order the RRs according to RFC 4034, Section 6.3 */
|
|
|
|
|
|
|
|
|
|
assert(x);
|
|
|
|
|
assert(*x);
|
|
|
|
|
assert((*x)->wire_format);
|
|
|
|
|
assert(y);
|
|
|
|
|
assert(*y);
|
|
|
|
|
assert((*y)->wire_format);
|
|
|
|
|
|
2016-01-04 20:27:45 +01:00
|
|
|
m = MIN(DNS_RESOURCE_RECORD_RDATA_SIZE(*x), DNS_RESOURCE_RECORD_RDATA_SIZE(*y));
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2016-01-04 20:27:45 +01:00
|
|
|
r = memcmp(DNS_RESOURCE_RECORD_RDATA(*x), DNS_RESOURCE_RECORD_RDATA(*y), m);
|
2015-12-02 21:20:37 +01:00
|
|
|
if (r != 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2016-01-04 20:27:45 +01:00
|
|
|
if (DNS_RESOURCE_RECORD_RDATA_SIZE(*x) < DNS_RESOURCE_RECORD_RDATA_SIZE(*y))
|
2015-12-02 21:20:37 +01:00
|
|
|
return -1;
|
2016-01-04 20:27:45 +01:00
|
|
|
else if (DNS_RESOURCE_RECORD_RDATA_SIZE(*x) > DNS_RESOURCE_RECORD_RDATA_SIZE(*y))
|
2015-12-02 21:20:37 +01:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-27 14:05:45 +01:00
|
|
|
static int dnssec_rsa_verify_raw(
|
2015-12-02 21:20:37 +01:00
|
|
|
const char *hash_algorithm,
|
|
|
|
|
const void *signature, size_t signature_size,
|
|
|
|
|
const void *data, size_t data_size,
|
|
|
|
|
const void *exponent, size_t exponent_size,
|
|
|
|
|
const void *modulus, size_t modulus_size) {
|
|
|
|
|
|
|
|
|
|
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
|
|
|
|
|
gcry_mpi_t n = NULL, e = NULL, s = NULL;
|
|
|
|
|
gcry_error_t ge;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(hash_algorithm);
|
|
|
|
|
|
|
|
|
|
ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature, signature_size, NULL);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_mpi_scan(&e, GCRYMPI_FMT_USG, exponent, exponent_size, NULL);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_mpi_scan(&n, GCRYMPI_FMT_USG, modulus, modulus_size, NULL);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_sexp_build(&signature_sexp,
|
|
|
|
|
NULL,
|
|
|
|
|
"(sig-val (rsa (s %m)))",
|
|
|
|
|
s);
|
|
|
|
|
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_sexp_build(&data_sexp,
|
|
|
|
|
NULL,
|
|
|
|
|
"(data (flags pkcs1) (hash %s %b))",
|
|
|
|
|
hash_algorithm,
|
|
|
|
|
(int) data_size,
|
|
|
|
|
data);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_sexp_build(&public_key_sexp,
|
|
|
|
|
NULL,
|
|
|
|
|
"(public-key (rsa (n %m) (e %m)))",
|
|
|
|
|
n,
|
|
|
|
|
e);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
|
2015-12-09 17:40:32 +01:00
|
|
|
if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
|
2015-12-02 21:20:37 +01:00
|
|
|
r = 0;
|
2015-12-09 17:40:32 +01:00
|
|
|
else if (ge != 0) {
|
|
|
|
|
log_debug("RSA signature check failed: %s", gpg_strerror(ge));
|
2015-12-02 21:20:37 +01:00
|
|
|
r = -EIO;
|
2015-12-09 17:40:32 +01:00
|
|
|
} else
|
2015-12-02 21:20:37 +01:00
|
|
|
r = 1;
|
|
|
|
|
|
|
|
|
|
finish:
|
|
|
|
|
if (e)
|
|
|
|
|
gcry_mpi_release(e);
|
|
|
|
|
if (n)
|
|
|
|
|
gcry_mpi_release(n);
|
|
|
|
|
if (s)
|
|
|
|
|
gcry_mpi_release(s);
|
|
|
|
|
|
|
|
|
|
if (public_key_sexp)
|
|
|
|
|
gcry_sexp_release(public_key_sexp);
|
|
|
|
|
if (signature_sexp)
|
|
|
|
|
gcry_sexp_release(signature_sexp);
|
|
|
|
|
if (data_sexp)
|
|
|
|
|
gcry_sexp_release(data_sexp);
|
|
|
|
|
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-27 14:05:45 +01:00
|
|
|
static int dnssec_rsa_verify(
|
|
|
|
|
const char *hash_algorithm,
|
|
|
|
|
const void *hash, size_t hash_size,
|
|
|
|
|
DnsResourceRecord *rrsig,
|
|
|
|
|
DnsResourceRecord *dnskey) {
|
|
|
|
|
|
|
|
|
|
size_t exponent_size, modulus_size;
|
|
|
|
|
void *exponent, *modulus;
|
|
|
|
|
|
|
|
|
|
assert(hash_algorithm);
|
|
|
|
|
assert(hash);
|
|
|
|
|
assert(hash_size > 0);
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
assert(dnskey);
|
|
|
|
|
|
|
|
|
|
if (*(uint8_t*) dnskey->dnskey.key == 0) {
|
|
|
|
|
/* exponent is > 255 bytes long */
|
|
|
|
|
|
|
|
|
|
exponent = (uint8_t*) dnskey->dnskey.key + 3;
|
|
|
|
|
exponent_size =
|
2015-12-28 18:03:34 +01:00
|
|
|
((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |
|
|
|
|
|
((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);
|
2015-12-27 14:05:45 +01:00
|
|
|
|
|
|
|
|
if (exponent_size < 256)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (3 + exponent_size >= dnskey->dnskey.key_size)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;
|
|
|
|
|
modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
/* exponent is <= 255 bytes long */
|
|
|
|
|
|
|
|
|
|
exponent = (uint8_t*) dnskey->dnskey.key + 1;
|
|
|
|
|
exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];
|
|
|
|
|
|
|
|
|
|
if (exponent_size <= 0)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (1 + exponent_size >= dnskey->dnskey.key_size)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;
|
|
|
|
|
modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return dnssec_rsa_verify_raw(
|
|
|
|
|
hash_algorithm,
|
|
|
|
|
rrsig->rrsig.signature, rrsig->rrsig.signature_size,
|
|
|
|
|
hash, hash_size,
|
|
|
|
|
exponent, exponent_size,
|
|
|
|
|
modulus, modulus_size);
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-27 21:35:00 +01:00
|
|
|
static int dnssec_ecdsa_verify_raw(
|
|
|
|
|
const char *hash_algorithm,
|
|
|
|
|
const char *curve,
|
|
|
|
|
const void *signature_r, size_t signature_r_size,
|
|
|
|
|
const void *signature_s, size_t signature_s_size,
|
|
|
|
|
const void *data, size_t data_size,
|
|
|
|
|
const void *key, size_t key_size) {
|
|
|
|
|
|
|
|
|
|
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
|
|
|
|
|
gcry_mpi_t q = NULL, r = NULL, s = NULL;
|
|
|
|
|
gcry_error_t ge;
|
|
|
|
|
int k;
|
|
|
|
|
|
|
|
|
|
assert(hash_algorithm);
|
|
|
|
|
|
|
|
|
|
ge = gcry_mpi_scan(&r, GCRYMPI_FMT_USG, signature_r, signature_r_size, NULL);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
k = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_mpi_scan(&s, GCRYMPI_FMT_USG, signature_s, signature_s_size, NULL);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
k = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_mpi_scan(&q, GCRYMPI_FMT_USG, key, key_size, NULL);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
k = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_sexp_build(&signature_sexp,
|
|
|
|
|
NULL,
|
|
|
|
|
"(sig-val (ecdsa (r %m) (s %m)))",
|
|
|
|
|
r,
|
|
|
|
|
s);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
k = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_sexp_build(&data_sexp,
|
|
|
|
|
NULL,
|
|
|
|
|
"(data (flags rfc6979) (hash %s %b))",
|
|
|
|
|
hash_algorithm,
|
|
|
|
|
(int) data_size,
|
|
|
|
|
data);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
k = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_sexp_build(&public_key_sexp,
|
|
|
|
|
NULL,
|
|
|
|
|
"(public-key (ecc (curve %s) (q %m)))",
|
|
|
|
|
curve,
|
|
|
|
|
q);
|
|
|
|
|
if (ge != 0) {
|
|
|
|
|
k = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
|
|
|
|
|
if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
|
|
|
|
|
k = 0;
|
|
|
|
|
else if (ge != 0) {
|
|
|
|
|
log_debug("ECDSA signature check failed: %s", gpg_strerror(ge));
|
|
|
|
|
k = -EIO;
|
|
|
|
|
} else
|
|
|
|
|
k = 1;
|
|
|
|
|
finish:
|
|
|
|
|
if (r)
|
|
|
|
|
gcry_mpi_release(r);
|
|
|
|
|
if (s)
|
|
|
|
|
gcry_mpi_release(s);
|
|
|
|
|
if (q)
|
|
|
|
|
gcry_mpi_release(q);
|
|
|
|
|
|
|
|
|
|
if (public_key_sexp)
|
|
|
|
|
gcry_sexp_release(public_key_sexp);
|
|
|
|
|
if (signature_sexp)
|
|
|
|
|
gcry_sexp_release(signature_sexp);
|
|
|
|
|
if (data_sexp)
|
|
|
|
|
gcry_sexp_release(data_sexp);
|
|
|
|
|
|
|
|
|
|
return k;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int dnssec_ecdsa_verify(
|
|
|
|
|
const char *hash_algorithm,
|
|
|
|
|
int algorithm,
|
|
|
|
|
const void *hash, size_t hash_size,
|
|
|
|
|
DnsResourceRecord *rrsig,
|
|
|
|
|
DnsResourceRecord *dnskey) {
|
|
|
|
|
|
|
|
|
|
const char *curve;
|
|
|
|
|
size_t key_size;
|
|
|
|
|
uint8_t *q;
|
|
|
|
|
|
|
|
|
|
assert(hash);
|
|
|
|
|
assert(hash_size);
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
assert(dnskey);
|
|
|
|
|
|
|
|
|
|
if (algorithm == DNSSEC_ALGORITHM_ECDSAP256SHA256) {
|
|
|
|
|
key_size = 32;
|
|
|
|
|
curve = "NIST P-256";
|
|
|
|
|
} else if (algorithm == DNSSEC_ALGORITHM_ECDSAP384SHA384) {
|
|
|
|
|
key_size = 48;
|
|
|
|
|
curve = "NIST P-384";
|
|
|
|
|
} else
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
|
|
|
|
if (dnskey->dnskey.key_size != key_size * 2)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (rrsig->rrsig.signature_size != key_size * 2)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
q = alloca(key_size*2 + 1);
|
|
|
|
|
q[0] = 0x04; /* Prepend 0x04 to indicate an uncompressed key */
|
|
|
|
|
memcpy(q+1, dnskey->dnskey.key, key_size*2);
|
|
|
|
|
|
|
|
|
|
return dnssec_ecdsa_verify_raw(
|
|
|
|
|
hash_algorithm,
|
|
|
|
|
curve,
|
|
|
|
|
rrsig->rrsig.signature, key_size,
|
|
|
|
|
(uint8_t*) rrsig->rrsig.signature + key_size, key_size,
|
|
|
|
|
hash, hash_size,
|
|
|
|
|
q, key_size*2+1);
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
|
|
|
|
|
gcry_md_write(md, &v, sizeof(v));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
|
|
|
|
|
v = htobe16(v);
|
|
|
|
|
gcry_md_write(md, &v, sizeof(v));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void md_add_uint32(gcry_md_hd_t md, uint32_t v) {
|
|
|
|
|
v = htobe32(v);
|
|
|
|
|
gcry_md_write(md, &v, sizeof(v));
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 22:47:28 +01:00
|
|
|
static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
|
|
|
|
|
usec_t expiration, inception, skew;
|
|
|
|
|
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
assert(rrsig->key->type == DNS_TYPE_RRSIG);
|
|
|
|
|
|
|
|
|
|
if (realtime == USEC_INFINITY)
|
|
|
|
|
realtime = now(CLOCK_REALTIME);
|
|
|
|
|
|
|
|
|
|
expiration = rrsig->rrsig.expiration * USEC_PER_SEC;
|
|
|
|
|
inception = rrsig->rrsig.inception * USEC_PER_SEC;
|
|
|
|
|
|
|
|
|
|
if (inception > expiration)
|
2015-12-03 17:22:17 +01:00
|
|
|
return -EKEYREJECTED;
|
2015-12-02 22:47:28 +01:00
|
|
|
|
2015-12-03 19:03:21 +01:00
|
|
|
/* Permit a certain amount of clock skew of 10% of the valid
|
|
|
|
|
* time range. This takes inspiration from unbound's
|
|
|
|
|
* resolver. */
|
2015-12-02 22:47:28 +01:00
|
|
|
skew = (expiration - inception) / 10;
|
2015-12-03 19:03:21 +01:00
|
|
|
if (skew > SKEW_MAX)
|
|
|
|
|
skew = SKEW_MAX;
|
2015-12-02 22:47:28 +01:00
|
|
|
|
|
|
|
|
if (inception < skew)
|
|
|
|
|
inception = 0;
|
|
|
|
|
else
|
|
|
|
|
inception -= skew;
|
|
|
|
|
|
|
|
|
|
if (expiration + skew < expiration)
|
|
|
|
|
expiration = USEC_INFINITY;
|
|
|
|
|
else
|
|
|
|
|
expiration += skew;
|
|
|
|
|
|
|
|
|
|
return realtime < inception || realtime > expiration;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
static int algorithm_to_gcrypt_md(uint8_t algorithm) {
|
2015-12-27 13:07:36 +01:00
|
|
|
|
2015-12-29 19:27:09 +01:00
|
|
|
/* Translates a DNSSEC signature algorithm into a gcrypt
|
|
|
|
|
* digest identifier.
|
|
|
|
|
*
|
|
|
|
|
* Note that we implement all algorithms listed as "Must
|
|
|
|
|
* implement" and "Recommended to Implement" in RFC6944. We
|
|
|
|
|
* don't implement any algorithms that are listed as
|
|
|
|
|
* "Optional" or "Must Not Implement". Specifically, we do not
|
|
|
|
|
* implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
|
|
|
|
|
* GOST-ECC. */
|
2015-12-27 13:07:36 +01:00
|
|
|
|
|
|
|
|
switch (algorithm) {
|
|
|
|
|
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA1:
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
|
|
|
|
|
return GCRY_MD_SHA1;
|
|
|
|
|
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA256:
|
2015-12-27 21:35:00 +01:00
|
|
|
case DNSSEC_ALGORITHM_ECDSAP256SHA256:
|
2015-12-27 13:07:36 +01:00
|
|
|
return GCRY_MD_SHA256;
|
|
|
|
|
|
2015-12-27 21:35:00 +01:00
|
|
|
case DNSSEC_ALGORITHM_ECDSAP384SHA384:
|
|
|
|
|
return GCRY_MD_SHA384;
|
|
|
|
|
|
2015-12-27 13:07:36 +01:00
|
|
|
case DNSSEC_ALGORITHM_RSASHA512:
|
|
|
|
|
return GCRY_MD_SHA512;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 22:47:28 +01:00
|
|
|
int dnssec_verify_rrset(
|
|
|
|
|
DnsAnswer *a,
|
2016-01-04 20:38:21 +01:00
|
|
|
const DnsResourceKey *key,
|
2015-12-02 22:47:28 +01:00
|
|
|
DnsResourceRecord *rrsig,
|
|
|
|
|
DnsResourceRecord *dnskey,
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
usec_t realtime,
|
|
|
|
|
DnssecResult *result) {
|
2015-12-02 22:47:28 +01:00
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
uint8_t wire_format_name[DNS_WIRE_FOMAT_HOSTNAME_MAX];
|
2015-12-27 14:05:45 +01:00
|
|
|
size_t hash_size;
|
|
|
|
|
void *hash;
|
2015-12-02 21:20:37 +01:00
|
|
|
DnsResourceRecord **list, *rr;
|
|
|
|
|
gcry_md_hd_t md = NULL;
|
2015-12-27 22:56:08 +01:00
|
|
|
int r, md_algorithm;
|
2015-12-02 21:20:37 +01:00
|
|
|
size_t k, n = 0;
|
|
|
|
|
|
|
|
|
|
assert(key);
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
assert(dnskey);
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
assert(result);
|
2015-12-02 22:47:28 +01:00
|
|
|
assert(rrsig->key->type == DNS_TYPE_RRSIG);
|
|
|
|
|
assert(dnskey->key->type == DNS_TYPE_DNSKEY);
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
/* Verifies the the RRSet matching the specified "key" in "a",
|
|
|
|
|
* using the signature "rrsig" and the key "dnskey". It's
|
|
|
|
|
* assumed the RRSIG and DNSKEY match. */
|
|
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
|
|
|
|
|
if (md_algorithm == -EOPNOTSUPP) {
|
2015-12-11 13:55:26 +01:00
|
|
|
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-12-27 22:56:08 +01:00
|
|
|
if (md_algorithm < 0)
|
|
|
|
|
return md_algorithm;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-02 22:47:28 +01:00
|
|
|
r = dnssec_rrsig_expired(rrsig, realtime);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
if (r > 0) {
|
|
|
|
|
*result = DNSSEC_SIGNATURE_EXPIRED;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2015-12-02 22:47:28 +01:00
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
/* Collect all relevant RRs in a single array, so that we can look at the RRset */
|
|
|
|
|
list = newa(DnsResourceRecord *, a->n_rrs);
|
|
|
|
|
|
|
|
|
|
DNS_ANSWER_FOREACH(rr, a) {
|
|
|
|
|
r = dns_resource_key_equal(key, rr->key);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* We need the wire format for ordering, and digest calculation */
|
|
|
|
|
r = dns_resource_record_to_wire_format(rr, true);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
list[n++] = rr;
|
2015-12-28 19:05:59 +01:00
|
|
|
|
|
|
|
|
if (n > VERIFY_RRS_MAX)
|
|
|
|
|
return -E2BIG;
|
2015-12-02 21:20:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (n <= 0)
|
|
|
|
|
return -ENODATA;
|
|
|
|
|
|
|
|
|
|
/* Bring the RRs into canonical order */
|
2015-12-09 18:07:55 +01:00
|
|
|
qsort_safe(list, n, sizeof(DnsResourceRecord*), rr_compare);
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
/* OK, the RRs are now in canonical order. Let's calculate the digest */
|
2015-12-27 13:07:36 +01:00
|
|
|
initialize_libgcrypt();
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
hash_size = gcry_md_get_algo_dlen(md_algorithm);
|
2015-12-27 13:07:36 +01:00
|
|
|
assert(hash_size > 0);
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
gcry_md_open(&md, md_algorithm, 0);
|
2015-12-02 21:20:37 +01:00
|
|
|
if (!md)
|
|
|
|
|
return -EIO;
|
|
|
|
|
|
|
|
|
|
md_add_uint16(md, rrsig->rrsig.type_covered);
|
|
|
|
|
md_add_uint8(md, rrsig->rrsig.algorithm);
|
|
|
|
|
md_add_uint8(md, rrsig->rrsig.labels);
|
|
|
|
|
md_add_uint32(md, rrsig->rrsig.original_ttl);
|
|
|
|
|
md_add_uint32(md, rrsig->rrsig.expiration);
|
|
|
|
|
md_add_uint32(md, rrsig->rrsig.inception);
|
|
|
|
|
md_add_uint16(md, rrsig->rrsig.key_tag);
|
|
|
|
|
|
|
|
|
|
r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
gcry_md_write(md, wire_format_name, r);
|
|
|
|
|
|
|
|
|
|
for (k = 0; k < n; k++) {
|
2015-12-21 19:57:34 +01:00
|
|
|
const char *suffix;
|
2015-12-02 21:20:37 +01:00
|
|
|
size_t l;
|
|
|
|
|
rr = list[k];
|
|
|
|
|
|
2015-12-21 19:57:34 +01:00
|
|
|
r = dns_name_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rrsig->rrsig.labels, &suffix);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
if (r > 0) /* This is a wildcard! */
|
|
|
|
|
gcry_md_write(md, (uint8_t[]) { 1, '*'}, 2);
|
|
|
|
|
|
|
|
|
|
r = dns_name_to_wire_format(suffix, wire_format_name, sizeof(wire_format_name), true);
|
2015-12-02 21:20:37 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
gcry_md_write(md, wire_format_name, r);
|
|
|
|
|
|
|
|
|
|
md_add_uint16(md, rr->key->type);
|
|
|
|
|
md_add_uint16(md, rr->key->class);
|
|
|
|
|
md_add_uint32(md, rrsig->rrsig.original_ttl);
|
|
|
|
|
|
2016-01-04 20:27:45 +01:00
|
|
|
l = DNS_RESOURCE_RECORD_RDATA_SIZE(rr);
|
2015-12-02 21:20:37 +01:00
|
|
|
assert(l <= 0xFFFF);
|
|
|
|
|
|
|
|
|
|
md_add_uint16(md, (uint16_t) l);
|
2016-01-04 20:27:45 +01:00
|
|
|
gcry_md_write(md, DNS_RESOURCE_RECORD_RDATA(rr), l);
|
2015-12-02 21:20:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hash = gcry_md_read(md, 0);
|
|
|
|
|
if (!hash) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-27 21:35:00 +01:00
|
|
|
switch (rrsig->rrsig.algorithm) {
|
|
|
|
|
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA1:
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA256:
|
|
|
|
|
case DNSSEC_ALGORITHM_RSASHA512:
|
|
|
|
|
r = dnssec_rsa_verify(
|
2015-12-27 22:56:08 +01:00
|
|
|
gcry_md_algo_name(md_algorithm),
|
2015-12-27 21:35:00 +01:00
|
|
|
hash, hash_size,
|
|
|
|
|
rrsig,
|
|
|
|
|
dnskey);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case DNSSEC_ALGORITHM_ECDSAP256SHA256:
|
|
|
|
|
case DNSSEC_ALGORITHM_ECDSAP384SHA384:
|
|
|
|
|
r = dnssec_ecdsa_verify(
|
2015-12-27 22:56:08 +01:00
|
|
|
gcry_md_algo_name(md_algorithm),
|
2015-12-27 21:35:00 +01:00
|
|
|
rrsig->rrsig.algorithm,
|
|
|
|
|
hash, hash_size,
|
|
|
|
|
rrsig,
|
|
|
|
|
dnskey);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
goto finish;
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
*result = r ? DNSSEC_VALIDATED : DNSSEC_INVALID;
|
|
|
|
|
r = 0;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
finish:
|
|
|
|
|
gcry_md_close(md);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-04 20:38:21 +01:00
|
|
|
int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok) {
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
assert(dnskey);
|
|
|
|
|
|
|
|
|
|
/* Checks if the specified DNSKEY RR matches the key used for
|
|
|
|
|
* the signature in the specified RRSIG RR */
|
|
|
|
|
|
|
|
|
|
if (rrsig->key->type != DNS_TYPE_RRSIG)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (dnskey->key->type != DNS_TYPE_DNSKEY)
|
|
|
|
|
return 0;
|
|
|
|
|
if (dnskey->key->class != rrsig->key->class)
|
|
|
|
|
return 0;
|
|
|
|
|
if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
|
|
|
|
|
return 0;
|
2016-01-04 20:38:21 +01:00
|
|
|
if (!revoked_ok && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
|
2016-01-03 17:56:50 +01:00
|
|
|
return 0;
|
2015-12-02 21:20:37 +01:00
|
|
|
if (dnskey->dnskey.protocol != 3)
|
|
|
|
|
return 0;
|
|
|
|
|
if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2016-01-04 20:38:21 +01:00
|
|
|
if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag)
|
2015-12-02 21:20:37 +01:00
|
|
|
return 0;
|
|
|
|
|
|
2015-12-09 18:09:06 +01:00
|
|
|
return dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), rrsig->rrsig.signer);
|
2015-12-02 21:20:37 +01:00
|
|
|
}
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
|
2015-12-21 19:57:34 +01:00
|
|
|
int r;
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
assert(key);
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
|
|
|
|
|
/* Checks if the specified RRSIG RR protects the RRSet of the specified RR key. */
|
|
|
|
|
|
|
|
|
|
if (rrsig->key->type != DNS_TYPE_RRSIG)
|
|
|
|
|
return 0;
|
|
|
|
|
if (rrsig->key->class != key->class)
|
|
|
|
|
return 0;
|
|
|
|
|
if (rrsig->rrsig.type_covered != key->type)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2015-12-21 19:57:34 +01:00
|
|
|
/* Make sure signer is a parent of the RRset */
|
|
|
|
|
r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(rrsig->key), rrsig->rrsig.signer);
|
|
|
|
|
if (r <= 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
/* Make sure the owner name has at least as many labels as the "label" fields indicates. */
|
|
|
|
|
r = dns_name_count_labels(DNS_RESOURCE_KEY_NAME(rrsig->key));
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r < rrsig->rrsig.labels)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
return dns_name_equal(DNS_RESOURCE_KEY_NAME(rrsig->key), DNS_RESOURCE_KEY_NAME(key));
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-28 00:30:56 +01:00
|
|
|
static int dnssec_fix_rrset_ttl(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord *rrsig, usec_t realtime) {
|
|
|
|
|
DnsResourceRecord *rr;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(key);
|
|
|
|
|
assert(rrsig);
|
|
|
|
|
|
|
|
|
|
DNS_ANSWER_FOREACH(rr, a) {
|
|
|
|
|
r = dns_resource_key_equal(key, rr->key);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/* Pick the TTL as the minimum of the RR's TTL, the
|
|
|
|
|
* RR's original TTL according to the RRSIG and the
|
|
|
|
|
* RRSIG's own TTL, see RFC 4035, Section 5.3.3 */
|
|
|
|
|
rr->ttl = MIN3(rr->ttl, rrsig->rrsig.original_ttl, rrsig->ttl);
|
|
|
|
|
rr->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 22:47:28 +01:00
|
|
|
int dnssec_verify_rrset_search(
|
|
|
|
|
DnsAnswer *a,
|
2016-01-04 20:38:21 +01:00
|
|
|
const DnsResourceKey *key,
|
2015-12-02 22:47:28 +01:00
|
|
|
DnsAnswer *validated_dnskeys,
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
usec_t realtime,
|
|
|
|
|
DnssecResult *result) {
|
2015-12-02 22:47:28 +01:00
|
|
|
|
2015-12-11 13:55:26 +01:00
|
|
|
bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
|
2015-12-02 21:20:37 +01:00
|
|
|
DnsResourceRecord *rrsig;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(key);
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
assert(result);
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
/* Verifies all RRs from "a" that match the key "key" against DNSKEYs in "validated_dnskeys" */
|
2015-12-02 21:20:37 +01:00
|
|
|
|
|
|
|
|
if (!a || a->n_rrs <= 0)
|
|
|
|
|
return -ENODATA;
|
|
|
|
|
|
|
|
|
|
/* Iterate through each RRSIG RR. */
|
|
|
|
|
DNS_ANSWER_FOREACH(rrsig, a) {
|
|
|
|
|
DnsResourceRecord *dnskey;
|
2015-12-18 14:37:06 +01:00
|
|
|
DnsAnswerFlags flags;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-11 13:55:26 +01:00
|
|
|
/* Is this an RRSIG RR that applies to RRs matching our key? */
|
2015-12-02 21:20:37 +01:00
|
|
|
r = dnssec_key_match_rrsig(key, rrsig);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
found_rrsig = true;
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
/* Look for a matching key */
|
2015-12-18 14:37:06 +01:00
|
|
|
DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
DnssecResult one_result;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2015-12-11 13:55:26 +01:00
|
|
|
/* Is this a DNSKEY RR that matches they key of our RRSIG? */
|
2016-01-04 20:38:21 +01:00
|
|
|
r = dnssec_rrsig_match_dnskey(rrsig, dnskey, false);
|
2015-12-02 21:20:37 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2015-12-02 22:47:28 +01:00
|
|
|
/* Take the time here, if it isn't set yet, so
|
|
|
|
|
* that we do all validations with the same
|
|
|
|
|
* time. */
|
|
|
|
|
if (realtime == USEC_INFINITY)
|
|
|
|
|
realtime = now(CLOCK_REALTIME);
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
/* Yay, we found a matching RRSIG with a matching
|
|
|
|
|
* DNSKEY, awesome. Now let's verify all entries of
|
|
|
|
|
* the RRSet against the RRSIG and DNSKEY
|
|
|
|
|
* combination. */
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);
|
2015-12-11 13:55:26 +01:00
|
|
|
if (r < 0)
|
2015-12-02 21:20:37 +01:00
|
|
|
return r;
|
2015-12-11 13:55:26 +01:00
|
|
|
|
|
|
|
|
switch (one_result) {
|
|
|
|
|
|
|
|
|
|
case DNSSEC_VALIDATED:
|
|
|
|
|
/* Yay, the RR has been validated,
|
2015-12-28 00:30:56 +01:00
|
|
|
* return immediately, but fix up the expiry */
|
|
|
|
|
r = dnssec_fix_rrset_ttl(a, key, rrsig, realtime);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
*result = DNSSEC_VALIDATED;
|
|
|
|
|
return 0;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-11 13:55:26 +01:00
|
|
|
case DNSSEC_INVALID:
|
|
|
|
|
/* If the signature is invalid, let's try another
|
|
|
|
|
key and/or signature. After all they
|
|
|
|
|
key_tags and stuff are not unique, and
|
|
|
|
|
might be shared by multiple keys. */
|
|
|
|
|
found_invalid = true;
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
case DNSSEC_UNSUPPORTED_ALGORITHM:
|
|
|
|
|
/* If the key algorithm is
|
|
|
|
|
unsupported, try another
|
|
|
|
|
RRSIG/DNSKEY pair, but remember we
|
|
|
|
|
encountered this, so that we can
|
|
|
|
|
return a proper error when we
|
|
|
|
|
encounter nothing better. */
|
|
|
|
|
found_unsupported_algorithm = true;
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
case DNSSEC_SIGNATURE_EXPIRED:
|
|
|
|
|
/* If the signature is expired, try
|
|
|
|
|
another one, but remember it, so
|
|
|
|
|
that we can return this */
|
|
|
|
|
found_expired_rrsig = true;
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
assert_not_reached("Unexpected DNSSEC validation result");
|
|
|
|
|
}
|
2015-12-02 21:20:37 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-11 13:55:26 +01:00
|
|
|
if (found_expired_rrsig)
|
|
|
|
|
*result = DNSSEC_SIGNATURE_EXPIRED;
|
|
|
|
|
else if (found_unsupported_algorithm)
|
|
|
|
|
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
|
|
|
|
|
else if (found_invalid)
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
*result = DNSSEC_INVALID;
|
|
|
|
|
else if (found_rrsig)
|
|
|
|
|
*result = DNSSEC_MISSING_KEY;
|
|
|
|
|
else
|
|
|
|
|
*result = DNSSEC_NO_SIGNATURE;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
return 0;
|
2015-12-02 21:20:37 +01:00
|
|
|
}
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
|
|
|
|
|
DnsResourceRecord *rr;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
/* Checks whether there's at least one RRSIG in 'a' that proctects RRs of the specified key */
|
|
|
|
|
|
|
|
|
|
DNS_ANSWER_FOREACH(rr, a) {
|
|
|
|
|
r = dnssec_key_match_rrsig(key, rr);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0)
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max) {
|
|
|
|
|
size_t c = 0;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
/* Converts the specified hostname into DNSSEC canonicalized
|
|
|
|
|
* form. */
|
|
|
|
|
|
|
|
|
|
if (buffer_max < 2)
|
|
|
|
|
return -ENOBUFS;
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
|
|
r = dns_label_unescape(&n, buffer, buffer_max);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
break;
|
|
|
|
|
if (r > 0) {
|
|
|
|
|
int k;
|
|
|
|
|
|
|
|
|
|
/* DNSSEC validation is always done on the ASCII version of the label */
|
|
|
|
|
k = dns_label_apply_idna(buffer, r, buffer, buffer_max);
|
|
|
|
|
if (k < 0)
|
|
|
|
|
return k;
|
|
|
|
|
if (k > 0)
|
|
|
|
|
r = k;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (buffer_max < (size_t) r + 2)
|
|
|
|
|
return -ENOBUFS;
|
|
|
|
|
|
|
|
|
|
/* The DNSSEC canonical form is not clear on what to
|
|
|
|
|
* do with dots appearing in labels, the way DNS-SD
|
|
|
|
|
* does it. Refuse it for now. */
|
|
|
|
|
|
|
|
|
|
if (memchr(buffer, '.', r))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < (size_t) r; i ++) {
|
|
|
|
|
if (buffer[i] >= 'A' && buffer[i] <= 'Z')
|
|
|
|
|
buffer[i] = buffer[i] - 'A' + 'a';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buffer[r] = '.';
|
|
|
|
|
|
|
|
|
|
buffer += r + 1;
|
|
|
|
|
c += r + 1;
|
|
|
|
|
|
|
|
|
|
buffer_max -= r + 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (c <= 0) {
|
|
|
|
|
/* Not even a single label: this is the root domain name */
|
|
|
|
|
|
|
|
|
|
assert(buffer_max > 2);
|
|
|
|
|
buffer[0] = '.';
|
|
|
|
|
buffer[1] = 0;
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (int) c;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
static int digest_to_gcrypt_md(uint8_t algorithm) {
|
2015-12-14 21:20:05 +01:00
|
|
|
|
2015-12-27 13:07:36 +01:00
|
|
|
/* Translates a DNSSEC digest algorithm into a gcrypt digest identifier */
|
2015-12-14 21:20:05 +01:00
|
|
|
|
|
|
|
|
switch (algorithm) {
|
|
|
|
|
|
|
|
|
|
case DNSSEC_DIGEST_SHA1:
|
|
|
|
|
return GCRY_MD_SHA1;
|
|
|
|
|
|
|
|
|
|
case DNSSEC_DIGEST_SHA256:
|
|
|
|
|
return GCRY_MD_SHA256;
|
|
|
|
|
|
2015-12-27 12:58:37 +01:00
|
|
|
case DNSSEC_DIGEST_SHA384:
|
|
|
|
|
return GCRY_MD_SHA384;
|
|
|
|
|
|
2015-12-14 21:20:05 +01:00
|
|
|
default:
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-04 20:38:21 +01:00
|
|
|
int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
|
2015-12-02 21:20:37 +01:00
|
|
|
char owner_name[DNSSEC_CANONICAL_HOSTNAME_MAX];
|
2015-12-14 21:20:05 +01:00
|
|
|
gcry_md_hd_t md = NULL;
|
|
|
|
|
size_t hash_size;
|
2015-12-27 22:56:08 +01:00
|
|
|
int md_algorithm, r;
|
2015-12-02 21:20:37 +01:00
|
|
|
void *result;
|
|
|
|
|
|
|
|
|
|
assert(dnskey);
|
|
|
|
|
assert(ds);
|
|
|
|
|
|
|
|
|
|
/* Implements DNSKEY verification by a DS, according to RFC 4035, section 5.2 */
|
|
|
|
|
|
|
|
|
|
if (dnskey->key->type != DNS_TYPE_DNSKEY)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
if (ds->key->type != DNS_TYPE_DS)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)
|
|
|
|
|
return -EKEYREJECTED;
|
2016-01-04 20:38:21 +01:00
|
|
|
if (!mask_revoke && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))
|
|
|
|
|
return -EKEYREJECTED;
|
2015-12-02 21:20:37 +01:00
|
|
|
if (dnskey->dnskey.protocol != 3)
|
|
|
|
|
return -EKEYREJECTED;
|
|
|
|
|
|
|
|
|
|
if (dnskey->dnskey.algorithm != ds->ds.algorithm)
|
|
|
|
|
return 0;
|
2016-01-04 20:38:21 +01:00
|
|
|
if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)
|
2015-12-02 21:20:37 +01:00
|
|
|
return 0;
|
|
|
|
|
|
2015-12-14 21:21:16 +01:00
|
|
|
initialize_libgcrypt();
|
|
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
md_algorithm = digest_to_gcrypt_md(ds->ds.digest_type);
|
|
|
|
|
if (md_algorithm < 0)
|
|
|
|
|
return md_algorithm;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
hash_size = gcry_md_get_algo_dlen(md_algorithm);
|
2015-12-14 21:20:05 +01:00
|
|
|
assert(hash_size > 0);
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-14 21:20:05 +01:00
|
|
|
if (ds->ds.digest_size != hash_size)
|
|
|
|
|
return 0;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-14 21:20:05 +01:00
|
|
|
r = dnssec_canonicalize(DNS_RESOURCE_KEY_NAME(dnskey->key), owner_name, sizeof(owner_name));
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-27 22:56:08 +01:00
|
|
|
gcry_md_open(&md, md_algorithm, 0);
|
2015-12-02 21:20:37 +01:00
|
|
|
if (!md)
|
|
|
|
|
return -EIO;
|
|
|
|
|
|
|
|
|
|
gcry_md_write(md, owner_name, r);
|
2016-01-04 20:38:21 +01:00
|
|
|
if (mask_revoke)
|
|
|
|
|
md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
|
|
|
|
|
else
|
|
|
|
|
md_add_uint16(md, dnskey->dnskey.flags);
|
2015-12-02 21:20:37 +01:00
|
|
|
md_add_uint8(md, dnskey->dnskey.protocol);
|
|
|
|
|
md_add_uint8(md, dnskey->dnskey.algorithm);
|
|
|
|
|
gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
|
|
|
|
|
|
|
|
|
|
result = gcry_md_read(md, 0);
|
|
|
|
|
if (!result) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r = memcmp(result, ds->ds.digest, ds->ds.digest_size) != 0;
|
|
|
|
|
|
|
|
|
|
finish:
|
|
|
|
|
gcry_md_close(md);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
2015-12-03 19:51:04 +01:00
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {
|
|
|
|
|
DnsResourceRecord *ds;
|
2015-12-18 14:37:06 +01:00
|
|
|
DnsAnswerFlags flags;
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(dnskey);
|
|
|
|
|
|
|
|
|
|
if (dnskey->key->type != DNS_TYPE_DNSKEY)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
DNS_ANSWER_FOREACH_FLAGS(ds, flags, validated_ds) {
|
|
|
|
|
|
|
|
|
|
if ((flags & DNS_ANSWER_AUTHENTICATED) == 0)
|
|
|
|
|
continue;
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
|
|
|
|
|
if (ds->key->type != DNS_TYPE_DS)
|
|
|
|
|
continue;
|
|
|
|
|
|
2015-12-22 18:20:09 +01:00
|
|
|
if (ds->key->class != dnskey->key->class)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), DNS_RESOURCE_KEY_NAME(ds->key));
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2016-01-04 20:38:21 +01:00
|
|
|
r = dnssec_verify_dnskey(dnskey, ds, false);
|
|
|
|
|
if (r == -EKEYREJECTED)
|
|
|
|
|
return 0; /* The DNSKEY is revoked or otherwise invalid, we won't bless it */
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0)
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-29 20:50:03 +01:00
|
|
|
static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
|
|
|
|
|
|
|
|
|
|
/* Translates a DNSSEC NSEC3 hash algorithm into a gcrypt digest identifier */
|
|
|
|
|
|
|
|
|
|
switch (algorithm) {
|
|
|
|
|
|
|
|
|
|
case NSEC3_ALGORITHM_SHA1:
|
|
|
|
|
return GCRY_MD_SHA1;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-03 17:54:01 +01:00
|
|
|
int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
|
2015-12-14 21:26:42 +01:00
|
|
|
uint8_t wire_format[DNS_WIRE_FOMAT_HOSTNAME_MAX];
|
|
|
|
|
gcry_md_hd_t md = NULL;
|
|
|
|
|
size_t hash_size;
|
|
|
|
|
int algorithm;
|
|
|
|
|
void *result;
|
|
|
|
|
unsigned k;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(nsec3);
|
|
|
|
|
assert(name);
|
|
|
|
|
assert(ret);
|
|
|
|
|
|
|
|
|
|
if (nsec3->key->type != DNS_TYPE_NSEC3)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2016-01-03 17:54:01 +01:00
|
|
|
if (nsec3->nsec3.iterations > NSEC3_ITERATIONS_MAX) {
|
|
|
|
|
log_debug("Ignoring NSEC3 RR %s with excessive number of iterations.", dns_resource_record_to_string(nsec3));
|
2016-01-02 21:33:17 +01:00
|
|
|
return -EOPNOTSUPP;
|
2016-01-03 17:54:01 +01:00
|
|
|
}
|
2016-01-02 21:33:17 +01:00
|
|
|
|
2015-12-29 20:50:03 +01:00
|
|
|
algorithm = nsec3_hash_to_gcrypt_md(nsec3->nsec3.algorithm);
|
2015-12-14 21:26:42 +01:00
|
|
|
if (algorithm < 0)
|
|
|
|
|
return algorithm;
|
|
|
|
|
|
|
|
|
|
initialize_libgcrypt();
|
|
|
|
|
|
|
|
|
|
hash_size = gcry_md_get_algo_dlen(algorithm);
|
|
|
|
|
assert(hash_size > 0);
|
|
|
|
|
|
|
|
|
|
if (nsec3->nsec3.next_hashed_name_size != hash_size)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
gcry_md_open(&md, algorithm, 0);
|
|
|
|
|
if (!md)
|
|
|
|
|
return -EIO;
|
|
|
|
|
|
|
|
|
|
gcry_md_write(md, wire_format, r);
|
|
|
|
|
gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
|
|
|
|
|
|
|
|
|
|
result = gcry_md_read(md, 0);
|
|
|
|
|
if (!result) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (k = 0; k < nsec3->nsec3.iterations; k++) {
|
|
|
|
|
uint8_t tmp[hash_size];
|
|
|
|
|
memcpy(tmp, result, hash_size);
|
|
|
|
|
|
|
|
|
|
gcry_md_reset(md);
|
|
|
|
|
gcry_md_write(md, tmp, hash_size);
|
|
|
|
|
gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
|
|
|
|
|
|
|
|
|
|
result = gcry_md_read(md, 0);
|
|
|
|
|
if (!result) {
|
|
|
|
|
r = -EIO;
|
|
|
|
|
goto finish;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy(ret, result, hash_size);
|
|
|
|
|
r = (int) hash_size;
|
|
|
|
|
|
|
|
|
|
finish:
|
|
|
|
|
gcry_md_close(md);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-21 21:06:29 +01:00
|
|
|
static int nsec3_is_good(DnsResourceRecord *rr, DnsAnswerFlags flags, DnsResourceRecord *nsec3) {
|
|
|
|
|
const char *a, *b;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(rr);
|
|
|
|
|
|
|
|
|
|
if (rr->key->type != DNS_TYPE_NSEC3)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* RFC 5155, Section 8.2 says we MUST ignore NSEC3 RRs with flags != 0 or 1 */
|
|
|
|
|
if (!IN_SET(rr->nsec3.flags, 0, 1))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2015-12-29 20:50:03 +01:00
|
|
|
/* Ignore NSEC3 RRs whose algorithm we don't know */
|
|
|
|
|
if (nsec3_hash_to_gcrypt_md(rr->nsec3.algorithm) < 0)
|
|
|
|
|
return 0;
|
2016-01-02 21:33:17 +01:00
|
|
|
/* Ignore NSEC3 RRs with an excessive number of required iterations */
|
|
|
|
|
if (rr->nsec3.iterations > NSEC3_ITERATIONS_MAX)
|
|
|
|
|
return 0;
|
2015-12-29 20:50:03 +01:00
|
|
|
|
2015-12-21 21:06:29 +01:00
|
|
|
if (!nsec3)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
/* If a second NSEC3 RR is specified, also check if they are from the same zone. */
|
|
|
|
|
|
|
|
|
|
if (nsec3 == rr) /* Shortcut */
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
if (rr->key->class != nsec3->key->class)
|
|
|
|
|
return 0;
|
|
|
|
|
if (rr->nsec3.algorithm != nsec3->nsec3.algorithm)
|
|
|
|
|
return 0;
|
|
|
|
|
if (rr->nsec3.iterations != nsec3->nsec3.iterations)
|
|
|
|
|
return 0;
|
|
|
|
|
if (rr->nsec3.salt_size != nsec3->nsec3.salt_size)
|
|
|
|
|
return 0;
|
|
|
|
|
if (memcmp(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
a = DNS_RESOURCE_KEY_NAME(rr->key);
|
|
|
|
|
r = dns_name_parent(&a); /* strip off hash */
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
b = DNS_RESOURCE_KEY_NAME(nsec3->key);
|
|
|
|
|
r = dns_name_parent(&b); /* strip off hash */
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
return dns_name_equal(a, b);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-03 17:54:01 +01:00
|
|
|
static int nsec3_hashed_domain(DnsResourceRecord *nsec3, const char *domain, const char *zone, char **ret) {
|
2016-01-03 09:49:58 +01:00
|
|
|
_cleanup_free_ char *l = NULL, *hashed_domain = NULL;
|
2015-12-18 14:37:06 +01:00
|
|
|
uint8_t hashed[DNSSEC_HASH_SIZE_MAX];
|
2016-01-03 09:49:58 +01:00
|
|
|
int hashed_size;
|
|
|
|
|
|
|
|
|
|
assert(nsec3);
|
|
|
|
|
assert(domain);
|
|
|
|
|
assert(zone);
|
|
|
|
|
assert(ret);
|
|
|
|
|
|
|
|
|
|
hashed_size = dnssec_nsec3_hash(nsec3, domain, hashed);
|
|
|
|
|
if (hashed_size < 0)
|
|
|
|
|
return hashed_size;
|
|
|
|
|
|
|
|
|
|
l = base32hexmem(hashed, hashed_size, false);
|
|
|
|
|
if (!l)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
hashed_domain = strjoin(l, ".", zone, NULL);
|
|
|
|
|
if (!hashed_domain)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
*ret = hashed_domain;
|
|
|
|
|
hashed_domain = NULL;
|
|
|
|
|
|
|
|
|
|
return hashed_size;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-01 23:39:07 +01:00
|
|
|
/* See RFC 5155, Section 8
|
|
|
|
|
* First try to find a NSEC3 record that matches our query precisely, if that fails, find the closest
|
|
|
|
|
* enclosure. Secondly, find a proof that there is no closer enclosure and either a proof that there
|
|
|
|
|
* is no wildcard domain as a direct descendant of the closest enclosure, or find an NSEC3 record that
|
|
|
|
|
* matches the wildcard domain.
|
|
|
|
|
*
|
|
|
|
|
* Based on this we can prove either the existence of the record in @key, or NXDOMAIN or NODATA, or
|
|
|
|
|
* that there is no proof either way. The latter is the case if a the proof of non-existence of a given
|
|
|
|
|
* name uses an NSEC3 record with the opt-out bit set. Lastly, if we are given insufficient NSEC3 records
|
|
|
|
|
* to conclude anything we indicate this by returning NO_RR. */
|
2016-01-05 01:35:28 +01:00
|
|
|
static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
|
2016-01-01 23:39:07 +01:00
|
|
|
_cleanup_free_ char *next_closer_domain = NULL, *wildcard = NULL, *wildcard_domain = NULL;
|
2016-01-01 22:10:55 +01:00
|
|
|
const char *zone, *p, *pp = NULL;
|
2016-01-01 23:39:07 +01:00
|
|
|
DnsResourceRecord *rr, *enclosure_rr, *suffix_rr, *wildcard_rr = NULL;
|
2015-12-18 14:37:06 +01:00
|
|
|
DnsAnswerFlags flags;
|
|
|
|
|
int hashed_size, r;
|
2016-01-01 23:39:07 +01:00
|
|
|
bool a, no_closer = false, no_wildcard = false, optout = false;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
|
|
|
|
assert(key);
|
|
|
|
|
assert(result);
|
|
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
/* First step, find the zone name and the NSEC3 parameters of the zone.
|
|
|
|
|
* it is sufficient to look for the longest common suffix we find with
|
|
|
|
|
* any NSEC3 RR in the response. Any NSEC3 record will do as all NSEC3
|
|
|
|
|
* records from a given zone in a response must use the same
|
|
|
|
|
* parameters. */
|
|
|
|
|
zone = DNS_RESOURCE_KEY_NAME(key);
|
2015-12-21 20:00:34 +01:00
|
|
|
for (;;) {
|
2015-12-21 21:06:29 +01:00
|
|
|
DNS_ANSWER_FOREACH_FLAGS(suffix_rr, flags, answer) {
|
|
|
|
|
r = nsec3_is_good(suffix_rr, flags, NULL);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
2015-12-21 20:00:34 +01:00
|
|
|
continue;
|
|
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
r = dns_name_equal_skip(DNS_RESOURCE_KEY_NAME(suffix_rr->key), 1, zone);
|
2015-12-21 20:00:34 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0)
|
2016-01-01 22:10:55 +01:00
|
|
|
goto found_zone;
|
2015-12-21 20:00:34 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Strip one label from the front */
|
2016-01-01 22:10:55 +01:00
|
|
|
r = dns_name_parent(&zone);
|
2015-12-21 20:00:34 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*result = DNSSEC_NSEC_NO_RR;
|
|
|
|
|
return 0;
|
|
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
found_zone:
|
2015-12-21 20:00:34 +01:00
|
|
|
/* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */
|
2015-12-18 14:37:06 +01:00
|
|
|
p = DNS_RESOURCE_KEY_NAME(key);
|
|
|
|
|
for (;;) {
|
2016-01-03 09:49:58 +01:00
|
|
|
_cleanup_free_ char *hashed_domain = NULL;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2016-01-03 09:49:58 +01:00
|
|
|
hashed_size = nsec3_hashed_domain(suffix_rr, p, zone, &hashed_domain);
|
2015-12-21 21:06:29 +01:00
|
|
|
if (hashed_size == -EOPNOTSUPP) {
|
|
|
|
|
*result = DNSSEC_NSEC_UNSUPPORTED_ALGORITHM;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if (hashed_size < 0)
|
|
|
|
|
return hashed_size;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
DNS_ANSWER_FOREACH_FLAGS(enclosure_rr, flags, answer) {
|
2015-12-21 21:06:29 +01:00
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
r = nsec3_is_good(enclosure_rr, flags, suffix_rr);
|
2015-12-14 21:26:42 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2015-12-18 14:37:06 +01:00
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
if (enclosure_rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
|
2015-12-21 21:06:29 +01:00
|
|
|
continue;
|
2015-12-18 14:37:06 +01:00
|
|
|
|
2016-01-01 22:10:55 +01:00
|
|
|
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(enclosure_rr->key), hashed_domain);
|
2015-12-14 21:26:42 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2015-12-22 18:22:19 +01:00
|
|
|
if (r > 0) {
|
|
|
|
|
a = flags & DNS_ANSWER_AUTHENTICATED;
|
2015-12-21 20:00:34 +01:00
|
|
|
goto found_closest_encloser;
|
2015-12-22 18:22:19 +01:00
|
|
|
}
|
2015-12-18 14:37:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We didn't find the closest encloser with this name,
|
|
|
|
|
* but let's remember this domain name, it might be
|
|
|
|
|
* the next closer name */
|
|
|
|
|
|
|
|
|
|
pp = p;
|
|
|
|
|
|
|
|
|
|
/* Strip one label from the front */
|
|
|
|
|
r = dns_name_parent(&p);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
2015-12-14 21:26:42 +01:00
|
|
|
break;
|
2015-12-18 14:37:06 +01:00
|
|
|
}
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
*result = DNSSEC_NSEC_NO_RR;
|
|
|
|
|
return 0;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2015-12-21 20:00:34 +01:00
|
|
|
found_closest_encloser:
|
2015-12-18 14:37:06 +01:00
|
|
|
/* We found a closest encloser in 'p'; next closer is 'pp' */
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
/* Ensure this is not a DNAME domain, see RFC5155, section 8.3. */
|
2016-01-01 22:10:55 +01:00
|
|
|
if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_DNAME))
|
2015-12-18 14:37:06 +01:00
|
|
|
return -EBADMSG;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
/* Ensure that this data is from the delegated domain
|
|
|
|
|
* (i.e. originates from the "lower" DNS server), and isn't
|
|
|
|
|
* just glue records (i.e. doesn't originate from the "upper"
|
|
|
|
|
* DNS server). */
|
2016-01-01 22:10:55 +01:00
|
|
|
if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_NS) &&
|
|
|
|
|
!bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_SOA))
|
2015-12-18 14:37:06 +01:00
|
|
|
return -EBADMSG;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
if (!pp) {
|
|
|
|
|
/* No next closer NSEC3 RR. That means there's a direct NSEC3 RR for our key. */
|
2016-01-01 23:07:34 +01:00
|
|
|
if (bitmap_isset(enclosure_rr->nsec3.types, key->type))
|
|
|
|
|
*result = DNSSEC_NSEC_FOUND;
|
|
|
|
|
else if (bitmap_isset(enclosure_rr->nsec3.types, DNS_TYPE_CNAME))
|
|
|
|
|
*result = DNSSEC_NSEC_CNAME;
|
|
|
|
|
else
|
|
|
|
|
*result = DNSSEC_NSEC_NODATA;
|
|
|
|
|
|
2016-01-05 01:35:28 +01:00
|
|
|
if (authenticated)
|
|
|
|
|
*authenticated = a;
|
|
|
|
|
if (ttl)
|
|
|
|
|
*ttl = enclosure_rr->ttl;
|
2016-01-01 23:07:34 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2016-01-01 23:39:07 +01:00
|
|
|
/* Prove that there is no next closer and whether or not there is a wildcard domain. */
|
|
|
|
|
|
|
|
|
|
wildcard = strappend("*.", p);
|
|
|
|
|
if (!wildcard)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
r = nsec3_hashed_domain(enclosure_rr, wildcard, zone, &wildcard_domain);
|
2015-12-18 14:37:06 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r != hashed_size)
|
|
|
|
|
return -EBADMSG;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2016-01-03 09:49:58 +01:00
|
|
|
r = nsec3_hashed_domain(enclosure_rr, pp, zone, &next_closer_domain);
|
2015-12-18 14:37:06 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r != hashed_size)
|
|
|
|
|
return -EBADMSG;
|
2015-12-14 21:26:42 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
|
|
|
|
|
_cleanup_free_ char *label = NULL, *next_hashed_domain = NULL;
|
|
|
|
|
|
2015-12-21 21:06:29 +01:00
|
|
|
r = nsec3_is_good(rr, flags, suffix_rr);
|
2015-12-18 14:37:06 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r == 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
label = base32hexmem(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, false);
|
|
|
|
|
if (!label)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2016-01-01 22:18:24 +01:00
|
|
|
next_hashed_domain = strjoin(label, ".", zone, NULL);
|
2015-12-18 14:37:06 +01:00
|
|
|
if (!next_hashed_domain)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), next_closer_domain, next_hashed_domain);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0) {
|
|
|
|
|
if (rr->nsec3.flags & 1)
|
2016-01-01 23:39:07 +01:00
|
|
|
optout = true;
|
2015-12-18 14:37:06 +01:00
|
|
|
|
2016-01-01 23:39:07 +01:00
|
|
|
a = a && (flags & DNS_ANSWER_AUTHENTICATED);
|
|
|
|
|
|
|
|
|
|
no_closer = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), wildcard_domain);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0) {
|
|
|
|
|
a = a && (flags & DNS_ANSWER_AUTHENTICATED);
|
|
|
|
|
|
|
|
|
|
wildcard_rr = rr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), wildcard_domain, next_hashed_domain);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0) {
|
|
|
|
|
if (rr->nsec3.flags & 1)
|
|
|
|
|
/* This only makes sense if we have a wildcard delegation, which is
|
|
|
|
|
* very unlikely, see RFC 4592, Section 4.2, but we cannot rely on
|
|
|
|
|
* this not happening, so hence cannot simply conclude NXDOMAIN as
|
|
|
|
|
* we would wish */
|
|
|
|
|
optout = true;
|
|
|
|
|
|
|
|
|
|
a = a && (flags & DNS_ANSWER_AUTHENTICATED);
|
|
|
|
|
|
|
|
|
|
no_wildcard = true;
|
2015-12-18 14:37:06 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-01 23:39:07 +01:00
|
|
|
if (wildcard_rr && no_wildcard)
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
|
|
|
|
|
if (!no_closer) {
|
|
|
|
|
*result = DNSSEC_NSEC_NO_RR;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (wildcard_rr) {
|
|
|
|
|
/* A wildcard exists that matches our query. */
|
|
|
|
|
if (optout)
|
|
|
|
|
/* This is not specified in any RFC to the best of my knowledge, but
|
|
|
|
|
* if the next closer enclosure is covered by an opt-out NSEC3 RR
|
|
|
|
|
* it means that we cannot prove that the source of synthesis is
|
|
|
|
|
* correct, as there may be a closer match. */
|
|
|
|
|
*result = DNSSEC_NSEC_OPTOUT;
|
|
|
|
|
else if (bitmap_isset(wildcard_rr->nsec3.types, key->type))
|
|
|
|
|
*result = DNSSEC_NSEC_FOUND;
|
|
|
|
|
else if (bitmap_isset(wildcard_rr->nsec3.types, DNS_TYPE_CNAME))
|
|
|
|
|
*result = DNSSEC_NSEC_CNAME;
|
|
|
|
|
else
|
|
|
|
|
*result = DNSSEC_NSEC_NODATA;
|
|
|
|
|
} else {
|
|
|
|
|
if (optout)
|
|
|
|
|
/* The RFC only specifies that we have to care for optout for NODATA for
|
|
|
|
|
* DS records. However, children of an insecure opt-out delegation should
|
|
|
|
|
* also be considered opt-out, rather than verified NXDOMAIN.
|
|
|
|
|
* Note that we do not require a proof of wildcard non-existence if the
|
|
|
|
|
* next closer domain is covered by an opt-out, as that would not provide
|
|
|
|
|
* any additional information. */
|
|
|
|
|
*result = DNSSEC_NSEC_OPTOUT;
|
|
|
|
|
else if (no_wildcard)
|
|
|
|
|
*result = DNSSEC_NSEC_NXDOMAIN;
|
|
|
|
|
else {
|
|
|
|
|
*result = DNSSEC_NSEC_NO_RR;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-05 01:35:28 +01:00
|
|
|
if (authenticated)
|
|
|
|
|
*authenticated = a;
|
|
|
|
|
|
|
|
|
|
if (ttl)
|
|
|
|
|
*ttl = enclosure_rr->ttl;
|
2016-01-01 23:39:07 +01:00
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-05 01:35:28 +01:00
|
|
|
int dnssec_test_nsec(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
|
2015-12-18 14:37:06 +01:00
|
|
|
DnsResourceRecord *rr;
|
|
|
|
|
bool have_nsec3 = false;
|
|
|
|
|
DnsAnswerFlags flags;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(key);
|
|
|
|
|
assert(result);
|
|
|
|
|
|
|
|
|
|
/* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
|
|
|
|
|
|
|
|
|
|
DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
|
|
|
|
|
|
|
|
|
|
if (rr->key->class != key->class)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
switch (rr->key->type) {
|
|
|
|
|
|
|
|
|
|
case DNS_TYPE_NSEC:
|
|
|
|
|
|
|
|
|
|
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key));
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0) {
|
2016-01-01 23:07:34 +01:00
|
|
|
if (bitmap_isset(rr->nsec.types, key->type))
|
|
|
|
|
*result = DNSSEC_NSEC_FOUND;
|
|
|
|
|
else if (bitmap_isset(rr->nsec.types, DNS_TYPE_CNAME))
|
|
|
|
|
*result = DNSSEC_NSEC_CNAME;
|
|
|
|
|
else
|
|
|
|
|
*result = DNSSEC_NSEC_NODATA;
|
2016-01-05 01:35:28 +01:00
|
|
|
|
|
|
|
|
if (authenticated)
|
|
|
|
|
*authenticated = flags & DNS_ANSWER_AUTHENTICATED;
|
|
|
|
|
if (ttl)
|
|
|
|
|
*ttl = rr->ttl;
|
|
|
|
|
|
2015-12-14 21:26:42 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key), rr->nsec.next_domain_name);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
if (r > 0) {
|
|
|
|
|
*result = DNSSEC_NSEC_NXDOMAIN;
|
2016-01-05 01:35:28 +01:00
|
|
|
|
|
|
|
|
if (authenticated)
|
|
|
|
|
*authenticated = flags & DNS_ANSWER_AUTHENTICATED;
|
|
|
|
|
if (ttl)
|
|
|
|
|
*ttl = rr->ttl;
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-12-14 21:26:42 +01:00
|
|
|
break;
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
case DNS_TYPE_NSEC3:
|
|
|
|
|
have_nsec3 = true;
|
2015-12-14 21:26:42 +01:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-18 14:37:06 +01:00
|
|
|
/* OK, this was not sufficient. Let's see if NSEC3 can help. */
|
|
|
|
|
if (have_nsec3)
|
2016-01-05 01:35:28 +01:00
|
|
|
return dnssec_test_nsec3(answer, key, result, authenticated, ttl);
|
2015-12-18 14:37:06 +01:00
|
|
|
|
2015-12-14 21:26:42 +01:00
|
|
|
/* No approproate NSEC RR found, report this. */
|
|
|
|
|
*result = DNSSEC_NSEC_NO_RR;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
|
|
|
|
|
[DNSSEC_VALIDATED] = "validated",
|
|
|
|
|
[DNSSEC_INVALID] = "invalid",
|
2015-12-11 13:55:26 +01:00
|
|
|
[DNSSEC_SIGNATURE_EXPIRED] = "signature-expired",
|
|
|
|
|
[DNSSEC_UNSUPPORTED_ALGORITHM] = "unsupported-algorithm",
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
[DNSSEC_NO_SIGNATURE] = "no-signature",
|
|
|
|
|
[DNSSEC_MISSING_KEY] = "missing-key",
|
2015-12-11 13:55:26 +01:00
|
|
|
[DNSSEC_UNSIGNED] = "unsigned",
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
[DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
|
2015-12-14 21:26:42 +01:00
|
|
|
[DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
|
2015-12-25 15:05:46 +01:00
|
|
|
[DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server",
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
};
|
|
|
|
|
DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
|