1 /* 2 * validator/val_nsec3.c - validator NSEC3 denial of existence functions. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains helper functions for the validator module. 40 * The functions help with NSEC3 checking, the different NSEC3 proofs 41 * for denial of existence, and proofs for presence of types. 42 */ 43 #include "config.h" 44 #include <ctype.h> 45 #include "validator/val_nsec3.h" 46 #include "validator/val_secalgo.h" 47 #include "validator/validator.h" 48 #include "validator/val_kentry.h" 49 #include "services/cache/rrset.h" 50 #include "util/regional.h" 51 #include "util/rbtree.h" 52 #include "util/module.h" 53 #include "util/net_help.h" 54 #include "util/data/packed_rrset.h" 55 #include "util/data/dname.h" 56 #include "util/data/msgreply.h" 57 /* we include nsec.h for the bitmap_has_type function */ 58 #include "validator/val_nsec.h" 59 #include "sldns/sbuffer.h" 60 #include "util/config_file.h" 61 62 /** 63 * When all allowed NSEC3 calculations at once resulted in error treat as 64 * bogus. NSEC3 hash errors are not cached and this helps breaks loops with 65 * erroneous data. 66 */ 67 #define MAX_NSEC3_ERRORS -1 68 69 /** 70 * This function we get from ldns-compat or from base system 71 * it returns the number of data bytes stored at the target, or <0 on error. 72 */ 73 int sldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, 74 char *target, size_t targsize); 75 /** 76 * This function we get from ldns-compat or from base system 77 * it returns the number of data bytes stored at the target, or <0 on error. 78 */ 79 int sldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, 80 uint8_t *target, size_t targsize); 81 82 /** 83 * Closest encloser (ce) proof results 84 * Contains the ce and the next-closer (nc) proof. 85 */ 86 struct ce_response { 87 /** the closest encloser name */ 88 uint8_t* ce; 89 /** length of ce */ 90 size_t ce_len; 91 /** NSEC3 record that proved ce. rrset */ 92 struct ub_packed_rrset_key* ce_rrset; 93 /** NSEC3 record that proved ce. rr number */ 94 int ce_rr; 95 /** NSEC3 record that proved nc. rrset */ 96 struct ub_packed_rrset_key* nc_rrset; 97 /** NSEC3 record that proved nc. rr*/ 98 int nc_rr; 99 }; 100 101 /** 102 * Filter conditions for NSEC3 proof 103 * Used to iterate over the applicable NSEC3 RRs. 104 */ 105 struct nsec3_filter { 106 /** Zone name, only NSEC3 records for this zone are considered */ 107 uint8_t* zone; 108 /** length of the zonename */ 109 size_t zone_len; 110 /** the list of NSEC3s to filter; array */ 111 struct ub_packed_rrset_key** list; 112 /** number of rrsets in list */ 113 size_t num; 114 /** class of records for the NSEC3, only this class applies */ 115 uint16_t fclass; 116 }; 117 118 /** return number of rrs in an rrset */ 119 static size_t 120 rrset_get_count(struct ub_packed_rrset_key* rrset) 121 { 122 struct packed_rrset_data* d = (struct packed_rrset_data*) 123 rrset->entry.data; 124 if(!d) return 0; 125 return d->count; 126 } 127 128 /** return if nsec3 RR has unknown flags */ 129 static int 130 nsec3_unknown_flags(struct ub_packed_rrset_key* rrset, int r) 131 { 132 struct packed_rrset_data* d = (struct packed_rrset_data*) 133 rrset->entry.data; 134 log_assert(d && r < (int)d->count); 135 if(d->rr_len[r] < 2+2) 136 return 0; /* malformed */ 137 return (int)(d->rr_data[r][2+1] & NSEC3_UNKNOWN_FLAGS); 138 } 139 140 int 141 nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r) 142 { 143 struct packed_rrset_data* d = (struct packed_rrset_data*) 144 rrset->entry.data; 145 log_assert(d && r < (int)d->count); 146 if(d->rr_len[r] < 2+2) 147 return 0; /* malformed */ 148 return (int)(d->rr_data[r][2+1] & NSEC3_OPTOUT); 149 } 150 151 /** return nsec3 RR algorithm */ 152 static int 153 nsec3_get_algo(struct ub_packed_rrset_key* rrset, int r) 154 { 155 struct packed_rrset_data* d = (struct packed_rrset_data*) 156 rrset->entry.data; 157 log_assert(d && r < (int)d->count); 158 if(d->rr_len[r] < 2+1) 159 return 0; /* malformed */ 160 return (int)(d->rr_data[r][2+0]); 161 } 162 163 /** return if nsec3 RR has known algorithm */ 164 static int 165 nsec3_known_algo(struct ub_packed_rrset_key* rrset, int r) 166 { 167 struct packed_rrset_data* d = (struct packed_rrset_data*) 168 rrset->entry.data; 169 log_assert(d && r < (int)d->count); 170 if(d->rr_len[r] < 2+1) 171 return 0; /* malformed */ 172 switch(d->rr_data[r][2+0]) { 173 case NSEC3_HASH_SHA1: 174 return 1; 175 } 176 return 0; 177 } 178 179 /** return nsec3 RR iteration count */ 180 static size_t 181 nsec3_get_iter(struct ub_packed_rrset_key* rrset, int r) 182 { 183 uint16_t i; 184 struct packed_rrset_data* d = (struct packed_rrset_data*) 185 rrset->entry.data; 186 log_assert(d && r < (int)d->count); 187 if(d->rr_len[r] < 2+4) 188 return 0; /* malformed */ 189 memmove(&i, d->rr_data[r]+2+2, sizeof(i)); 190 i = ntohs(i); 191 return (size_t)i; 192 } 193 194 /** return nsec3 RR salt */ 195 static int 196 nsec3_get_salt(struct ub_packed_rrset_key* rrset, int r, 197 uint8_t** salt, size_t* saltlen) 198 { 199 struct packed_rrset_data* d = (struct packed_rrset_data*) 200 rrset->entry.data; 201 log_assert(d && r < (int)d->count); 202 if(d->rr_len[r] < 2+5) { 203 *salt = 0; 204 *saltlen = 0; 205 return 0; /* malformed */ 206 } 207 *saltlen = (size_t)d->rr_data[r][2+4]; 208 if(d->rr_len[r] < 2+5+(size_t)*saltlen) { 209 *salt = 0; 210 *saltlen = 0; 211 return 0; /* malformed */ 212 } 213 *salt = d->rr_data[r]+2+5; 214 return 1; 215 } 216 217 int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r, 218 int* algo, size_t* iter, uint8_t** salt, size_t* saltlen) 219 { 220 if(!nsec3_known_algo(rrset, r) || nsec3_unknown_flags(rrset, r)) 221 return 0; 222 if(!nsec3_get_salt(rrset, r, salt, saltlen)) 223 return 0; 224 *algo = nsec3_get_algo(rrset, r); 225 *iter = nsec3_get_iter(rrset, r); 226 return 1; 227 } 228 229 int 230 nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r, 231 uint8_t** next, size_t* nextlen) 232 { 233 size_t saltlen; 234 struct packed_rrset_data* d = (struct packed_rrset_data*) 235 rrset->entry.data; 236 log_assert(d && r < (int)d->count); 237 if(d->rr_len[r] < 2+5) { 238 *next = 0; 239 *nextlen = 0; 240 return 0; /* malformed */ 241 } 242 saltlen = (size_t)d->rr_data[r][2+4]; 243 if(d->rr_len[r] < 2+5+saltlen+1) { 244 *next = 0; 245 *nextlen = 0; 246 return 0; /* malformed */ 247 } 248 *nextlen = (size_t)d->rr_data[r][2+5+saltlen]; 249 if(d->rr_len[r] < 2+5+saltlen+1+*nextlen) { 250 *next = 0; 251 *nextlen = 0; 252 return 0; /* malformed */ 253 } 254 *next = d->rr_data[r]+2+5+saltlen+1; 255 return 1; 256 } 257 258 size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone, 259 size_t zonelen, uint8_t* buf, size_t max) 260 { 261 /* write b32 of name, leave one for length */ 262 int ret; 263 if(max < hashlen*2+1) /* quick approx of b32, as if hexb16 */ 264 return 0; 265 ret = sldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1); 266 if(ret < 1) 267 return 0; 268 buf[0] = (uint8_t)ret; /* length of b32 label */ 269 ret++; 270 if(max - ret < zonelen) 271 return 0; 272 memmove(buf+ret, zone, zonelen); 273 return zonelen+(size_t)ret; 274 } 275 276 size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r, 277 uint8_t* buf, size_t max) 278 { 279 uint8_t* nm, *zone; 280 size_t nmlen, zonelen; 281 if(!nsec3_get_nextowner(rrset, r, &nm, &nmlen)) 282 return 0; 283 /* append zone name; the owner name must be <b32>.zone */ 284 zone = rrset->rk.dname; 285 zonelen = rrset->rk.dname_len; 286 dname_remove_label(&zone, &zonelen); 287 return nsec3_hash_to_b32(nm, nmlen, zone, zonelen, buf, max); 288 } 289 290 int 291 nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type) 292 { 293 uint8_t* bitmap; 294 size_t bitlen, skiplen; 295 struct packed_rrset_data* d = (struct packed_rrset_data*) 296 rrset->entry.data; 297 log_assert(d && r < (int)d->count); 298 skiplen = 2+4; 299 /* skip salt */ 300 if(d->rr_len[r] < skiplen+1) 301 return 0; /* malformed, too short */ 302 skiplen += 1+(size_t)d->rr_data[r][skiplen]; 303 /* skip next hashed owner */ 304 if(d->rr_len[r] < skiplen+1) 305 return 0; /* malformed, too short */ 306 skiplen += 1+(size_t)d->rr_data[r][skiplen]; 307 if(d->rr_len[r] < skiplen) 308 return 0; /* malformed, too short */ 309 bitlen = d->rr_len[r] - skiplen; 310 bitmap = d->rr_data[r]+skiplen; 311 return nsecbitmap_has_type_rdata(bitmap, bitlen, type); 312 } 313 314 /** 315 * Iterate through NSEC3 list, per RR 316 * This routine gives the next RR in the list (or sets rrset null). 317 * Usage: 318 * 319 * size_t rrsetnum; 320 * int rrnum; 321 * struct ub_packed_rrset_key* rrset; 322 * for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset; 323 * rrset=filter_next(filter, &rrsetnum, &rrnum)) 324 * do_stuff; 325 * 326 * Also filters out 327 * o unknown flag NSEC3s 328 * o unknown algorithm NSEC3s. 329 * @param filter: nsec3 filter structure. 330 * @param rrsetnum: in/out rrset number to look at. 331 * @param rrnum: in/out rr number in rrset to look at. 332 * @returns ptr to the next rrset (or NULL at end). 333 */ 334 static struct ub_packed_rrset_key* 335 filter_next(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) 336 { 337 size_t i; 338 int r; 339 uint8_t* nm; 340 size_t nmlen; 341 if(!filter->zone) /* empty list */ 342 return NULL; 343 for(i=*rrsetnum; i<filter->num; i++) { 344 /* see if RRset qualifies */ 345 if(ntohs(filter->list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 || 346 ntohs(filter->list[i]->rk.rrset_class) != 347 filter->fclass) 348 continue; 349 /* check RRset zone */ 350 nm = filter->list[i]->rk.dname; 351 nmlen = filter->list[i]->rk.dname_len; 352 dname_remove_label(&nm, &nmlen); 353 if(query_dname_compare(nm, filter->zone) != 0) 354 continue; 355 if(i == *rrsetnum) 356 r = (*rrnum) + 1; /* continue at next RR */ 357 else r = 0; /* new RRset start at first RR */ 358 for(; r < (int)rrset_get_count(filter->list[i]); r++) { 359 /* skip unknown flags, algo */ 360 if(nsec3_unknown_flags(filter->list[i], r) || 361 !nsec3_known_algo(filter->list[i], r)) 362 continue; 363 /* this one is a good target */ 364 *rrsetnum = i; 365 *rrnum = r; 366 return filter->list[i]; 367 } 368 } 369 return NULL; 370 } 371 372 /** 373 * Start iterating over NSEC3 records. 374 * @param filter: the filter structure, must have been filter_init-ed. 375 * @param rrsetnum: can be undefined on call, initialised. 376 * @param rrnum: can be undefined on call, initialised. 377 * @return first rrset of an NSEC3, together with rrnum this points to 378 * the first RR to examine. Is NULL on empty list. 379 */ 380 static struct ub_packed_rrset_key* 381 filter_first(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum) 382 { 383 *rrsetnum = 0; 384 *rrnum = -1; 385 return filter_next(filter, rrsetnum, rrnum); 386 } 387 388 /** see if at least one RR is known (flags, algo) */ 389 static int 390 nsec3_rrset_has_known(struct ub_packed_rrset_key* s) 391 { 392 int r; 393 for(r=0; r < (int)rrset_get_count(s); r++) { 394 if(!nsec3_unknown_flags(s, r) && nsec3_known_algo(s, r)) 395 return 1; 396 } 397 return 0; 398 } 399 400 /** 401 * Initialize the filter structure. 402 * Finds the zone by looking at available NSEC3 records and best match. 403 * (skips the unknown flag and unknown algo NSEC3s). 404 * 405 * @param filter: nsec3 filter structure. 406 * @param list: list of rrsets, an array of them. 407 * @param num: number of rrsets in list. 408 * @param qinfo: 409 * query name to match a zone for. 410 * query type (if DS a higher zone must be chosen) 411 * qclass, to filter NSEC3s with. 412 */ 413 static void 414 filter_init(struct nsec3_filter* filter, struct ub_packed_rrset_key** list, 415 size_t num, struct query_info* qinfo) 416 { 417 size_t i; 418 uint8_t* nm; 419 size_t nmlen; 420 filter->zone = NULL; 421 filter->zone_len = 0; 422 filter->list = list; 423 filter->num = num; 424 filter->fclass = qinfo->qclass; 425 for(i=0; i<num; i++) { 426 /* ignore other stuff in the list */ 427 if(ntohs(list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 || 428 ntohs(list[i]->rk.rrset_class) != qinfo->qclass) 429 continue; 430 /* skip unknown flags, algo */ 431 if(!nsec3_rrset_has_known(list[i])) 432 continue; 433 434 /* since NSEC3s are base32.zonename, we can find the zone 435 * name by stripping off the first label of the record */ 436 nm = list[i]->rk.dname; 437 nmlen = list[i]->rk.dname_len; 438 dname_remove_label(&nm, &nmlen); 439 /* if we find a domain that can prove about the qname, 440 * and if this domain is closer to the qname */ 441 if(dname_subdomain_c(qinfo->qname, nm) && (!filter->zone || 442 dname_subdomain_c(nm, filter->zone))) { 443 /* for a type DS do not accept a zone equal to qname*/ 444 if(qinfo->qtype == LDNS_RR_TYPE_DS && 445 query_dname_compare(qinfo->qname, nm) == 0 && 446 !dname_is_root(qinfo->qname)) 447 continue; 448 filter->zone = nm; 449 filter->zone_len = nmlen; 450 } 451 } 452 } 453 454 /** Check if the NSEC3s have the same parameter set. */ 455 static int 456 param_set_same(struct nsec3_filter* flt, char** reason) 457 { 458 size_t rrsetnum; 459 int rrnum; 460 struct ub_packed_rrset_key* rrset; 461 int have_params = 0; 462 int first_algo = 0; 463 size_t first_iter = 0; 464 uint8_t* first_salt = NULL; 465 size_t first_saltlen = 0; 466 467 /* If the NSEC3 parameter sets have distinct values, then they are 468 * from different NSEC3 chains, and we do not want that. */ 469 for(rrset=filter_first(flt, &rrsetnum, &rrnum); rrset; 470 rrset=filter_next(flt, &rrsetnum, &rrnum)) { 471 if(!have_params) { 472 first_algo = nsec3_get_algo(rrset, rrnum); 473 first_iter = nsec3_get_iter(rrset, rrnum); 474 if(!nsec3_get_salt(rrset, rrnum, &first_salt, 475 &first_saltlen)) { 476 verbose(VERB_ALGO, "NSEC3 salt malformed"); 477 if(reason) 478 *reason = "NSEC3 salt malformed"; 479 return 0; 480 } 481 have_params = 1; 482 } else { 483 uint8_t* salt = NULL; 484 size_t saltlen = 0; 485 if(nsec3_get_algo(rrset, rrnum) != first_algo) { 486 verbose(VERB_ALGO, "NSEC3 algorithm mismatch"); 487 if(reason) 488 *reason = "NSEC3 algorithm mismatch"; 489 return 0; 490 } 491 if(nsec3_get_iter(rrset, rrnum) != first_iter) { 492 verbose(VERB_ALGO, "NSEC3 iterations mismatch"); 493 if(reason) 494 *reason = "NSEC3 iterations mismatch"; 495 return 0; 496 } 497 if(!nsec3_get_salt(rrset, rrnum, &salt, &saltlen)) { 498 verbose(VERB_ALGO, "NSEC3 salt malformed"); 499 if(reason) 500 *reason = "NSEC3 salt malformed"; 501 return 0; 502 } 503 if(saltlen != first_saltlen || 504 memcmp(salt, first_salt, saltlen) != 0) { 505 verbose(VERB_ALGO, "NSEC3 salt mismatch"); 506 if(reason) 507 *reason = "NSEC3 salt mismatch"; 508 return 0; 509 } 510 } 511 } 512 return 1; 513 } 514 515 /** 516 * Find max iteration count using config settings and key size 517 * @param ve: validator environment with iteration count config settings. 518 * @param bits: key size 519 * @return max iteration count 520 */ 521 static size_t 522 get_max_iter(struct val_env* ve, size_t bits) 523 { 524 int i; 525 log_assert(ve->nsec3_keyiter_count > 0); 526 /* round up to nearest config keysize, linear search, keep it small */ 527 for(i=0; i<ve->nsec3_keyiter_count; i++) { 528 if(bits <= ve->nsec3_keysize[i]) 529 return ve->nsec3_maxiter[i]; 530 } 531 /* else, use value for biggest key */ 532 return ve->nsec3_maxiter[ve->nsec3_keyiter_count-1]; 533 } 534 535 /** 536 * Determine if any of the NSEC3 rrs iteration count is too high, from key. 537 * @param ve: validator environment with iteration count config settings. 538 * @param filter: what NSEC3s to loop over. 539 * @param kkey: key entry used for verification; used for iteration counts. 540 * @return 1 if some nsec3s are above the max iteration count. 541 */ 542 static int 543 nsec3_iteration_count_high(struct val_env* ve, struct nsec3_filter* filter, 544 struct key_entry_key* kkey) 545 { 546 size_t rrsetnum; 547 int rrnum; 548 struct ub_packed_rrset_key* rrset; 549 /* first determine the max number of iterations */ 550 size_t bits = key_entry_keysize(kkey); 551 size_t max_iter = get_max_iter(ve, bits); 552 verbose(VERB_ALGO, "nsec3: keysize %d bits, max iterations %d", 553 (int)bits, (int)max_iter); 554 555 for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset; 556 rrset=filter_next(filter, &rrsetnum, &rrnum)) { 557 if(nsec3_get_iter(rrset, rrnum) > max_iter) 558 return 1; 559 } 560 return 0; 561 } 562 563 /* nsec3_cache_compare for rbtree */ 564 int 565 nsec3_hash_cmp(const void* c1, const void* c2) 566 { 567 struct nsec3_cached_hash* h1 = (struct nsec3_cached_hash*)c1; 568 struct nsec3_cached_hash* h2 = (struct nsec3_cached_hash*)c2; 569 uint8_t* s1, *s2; 570 size_t s1len, s2len; 571 int c = query_dname_compare(h1->dname, h2->dname); 572 if(c != 0) 573 return c; 574 /* compare parameters */ 575 /* if both malformed, its equal, robustness */ 576 if(nsec3_get_algo(h1->nsec3, h1->rr) != 577 nsec3_get_algo(h2->nsec3, h2->rr)) { 578 if(nsec3_get_algo(h1->nsec3, h1->rr) < 579 nsec3_get_algo(h2->nsec3, h2->rr)) 580 return -1; 581 return 1; 582 } 583 if(nsec3_get_iter(h1->nsec3, h1->rr) != 584 nsec3_get_iter(h2->nsec3, h2->rr)) { 585 if(nsec3_get_iter(h1->nsec3, h1->rr) < 586 nsec3_get_iter(h2->nsec3, h2->rr)) 587 return -1; 588 return 1; 589 } 590 (void)nsec3_get_salt(h1->nsec3, h1->rr, &s1, &s1len); 591 (void)nsec3_get_salt(h2->nsec3, h2->rr, &s2, &s2len); 592 if(s1len == 0 && s2len == 0) 593 return 0; 594 if(!s1) return -1; 595 if(!s2) return 1; 596 if(s1len != s2len) { 597 if(s1len < s2len) 598 return -1; 599 return 1; 600 } 601 return memcmp(s1, s2, s1len); 602 } 603 604 int 605 nsec3_cache_table_init(struct nsec3_cache_table* ct, struct regional* region) 606 { 607 if(ct->ct) return 1; 608 ct->ct = (rbtree_type*)regional_alloc(region, sizeof(*ct->ct)); 609 if(!ct->ct) return 0; 610 ct->region = region; 611 rbtree_init(ct->ct, &nsec3_hash_cmp); 612 return 1; 613 } 614 615 size_t 616 nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo, 617 size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max) 618 { 619 size_t i, hash_len; 620 /* prepare buffer for first iteration */ 621 sldns_buffer_clear(buf); 622 sldns_buffer_write(buf, nm, nmlen); 623 query_dname_tolower(sldns_buffer_begin(buf)); 624 if(saltlen != 0) 625 sldns_buffer_write(buf, salt, saltlen); 626 sldns_buffer_flip(buf); 627 hash_len = nsec3_hash_algo_size_supported(algo); 628 if(hash_len == 0) { 629 log_err("nsec3 hash of unknown algo %d", algo); 630 return 0; 631 } 632 if(hash_len > max) 633 return 0; 634 if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf), 635 sldns_buffer_limit(buf), (unsigned char*)res)) 636 return 0; 637 for(i=0; i<iter; i++) { 638 sldns_buffer_clear(buf); 639 sldns_buffer_write(buf, res, hash_len); 640 if(saltlen != 0) 641 sldns_buffer_write(buf, salt, saltlen); 642 sldns_buffer_flip(buf); 643 if(!secalgo_nsec3_hash(algo, 644 (unsigned char*)sldns_buffer_begin(buf), 645 sldns_buffer_limit(buf), (unsigned char*)res)) 646 return 0; 647 } 648 return hash_len; 649 } 650 651 /** perform hash of name */ 652 static int 653 nsec3_calc_hash(struct regional* region, sldns_buffer* buf, 654 struct nsec3_cached_hash* c) 655 { 656 int algo = nsec3_get_algo(c->nsec3, c->rr); 657 size_t iter = nsec3_get_iter(c->nsec3, c->rr); 658 uint8_t* salt; 659 size_t saltlen, i; 660 if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen)) 661 return -1; 662 /* prepare buffer for first iteration */ 663 sldns_buffer_clear(buf); 664 sldns_buffer_write(buf, c->dname, c->dname_len); 665 query_dname_tolower(sldns_buffer_begin(buf)); 666 sldns_buffer_write(buf, salt, saltlen); 667 sldns_buffer_flip(buf); 668 c->hash_len = nsec3_hash_algo_size_supported(algo); 669 if(c->hash_len == 0) { 670 log_err("nsec3 hash of unknown algo %d", algo); 671 return -1; 672 } 673 c->hash = (uint8_t*)regional_alloc(region, c->hash_len); 674 if(!c->hash) 675 return 0; 676 (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf), 677 sldns_buffer_limit(buf), (unsigned char*)c->hash); 678 for(i=0; i<iter; i++) { 679 sldns_buffer_clear(buf); 680 sldns_buffer_write(buf, c->hash, c->hash_len); 681 sldns_buffer_write(buf, salt, saltlen); 682 sldns_buffer_flip(buf); 683 (void)secalgo_nsec3_hash(algo, 684 (unsigned char*)sldns_buffer_begin(buf), 685 sldns_buffer_limit(buf), (unsigned char*)c->hash); 686 } 687 return 1; 688 } 689 690 /** perform b32 encoding of hash */ 691 static int 692 nsec3_calc_b32(struct regional* region, sldns_buffer* buf, 693 struct nsec3_cached_hash* c) 694 { 695 int r; 696 sldns_buffer_clear(buf); 697 r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len, 698 (char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf)); 699 if(r < 1) { 700 log_err("b32_ntop_extended_hex: error in encoding: %d", r); 701 return 0; 702 } 703 c->b32_len = (size_t)r; 704 c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf), 705 c->b32_len); 706 if(!c->b32) 707 return 0; 708 return 1; 709 } 710 711 int 712 nsec3_hash_name(rbtree_type* table, struct regional* region, sldns_buffer* buf, 713 struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname, 714 size_t dname_len, struct nsec3_cached_hash** hash) 715 { 716 struct nsec3_cached_hash* c; 717 struct nsec3_cached_hash looki; 718 #ifdef UNBOUND_DEBUG 719 rbnode_type* n; 720 #endif 721 int r; 722 looki.node.key = &looki; 723 looki.nsec3 = nsec3; 724 looki.rr = rr; 725 looki.dname = dname; 726 looki.dname_len = dname_len; 727 /* lookup first in cache */ 728 c = (struct nsec3_cached_hash*)rbtree_search(table, &looki); 729 if(c) { 730 *hash = c; 731 return 2; 732 } 733 /* create a new entry */ 734 c = (struct nsec3_cached_hash*)regional_alloc(region, sizeof(*c)); 735 if(!c) return 0; 736 c->node.key = c; 737 c->nsec3 = nsec3; 738 c->rr = rr; 739 c->dname = dname; 740 c->dname_len = dname_len; 741 r = nsec3_calc_hash(region, buf, c); 742 if(r != 1) 743 return r; /* returns -1 or 0 */ 744 r = nsec3_calc_b32(region, buf, c); 745 if(r != 1) 746 return r; /* returns 0 */ 747 #ifdef UNBOUND_DEBUG 748 n = 749 #else 750 (void) 751 #endif 752 rbtree_insert(table, &c->node); 753 log_assert(n); /* cannot be duplicate, just did lookup */ 754 *hash = c; 755 return 1; 756 } 757 758 /** 759 * compare a label lowercased 760 */ 761 static int 762 label_compare_lower(uint8_t* lab1, uint8_t* lab2, size_t lablen) 763 { 764 size_t i; 765 for(i=0; i<lablen; i++) { 766 if(tolower((unsigned char)*lab1) != tolower((unsigned char)*lab2)) { 767 if(tolower((unsigned char)*lab1) < tolower((unsigned char)*lab2)) 768 return -1; 769 return 1; 770 } 771 lab1++; 772 lab2++; 773 } 774 return 0; 775 } 776 777 /** 778 * Compare a hashed name with the owner name of an NSEC3 RRset. 779 * @param flt: filter with zone name. 780 * @param hash: the hashed name. 781 * @param s: rrset with owner name. 782 * @return true if matches exactly, false if not. 783 */ 784 static int 785 nsec3_hash_matches_owner(struct nsec3_filter* flt, 786 struct nsec3_cached_hash* hash, struct ub_packed_rrset_key* s) 787 { 788 uint8_t* nm = s->rk.dname; 789 if(!hash) return 0; /* please clang */ 790 /* compare, does hash of name based on params in this NSEC3 791 * match the owner name of this NSEC3? 792 * name must be: <hashlength>base32 . zone name 793 * so; first label must not be root label (not zero length), 794 * and match the b32 encoded hash length, 795 * and the label content match the b32 encoded hash 796 * and the rest must be the zone name. 797 */ 798 if(hash->b32_len != 0 && (size_t)nm[0] == hash->b32_len && 799 label_compare_lower(nm+1, hash->b32, hash->b32_len) == 0 && 800 query_dname_compare(nm+(size_t)nm[0]+1, flt->zone) == 0) { 801 return 1; 802 } 803 return 0; 804 } 805 806 /** 807 * Find matching NSEC3 808 * Find the NSEC3Record that matches a hash of a name. 809 * @param env: module environment with temporary region and buffer. 810 * @param flt: the NSEC3 RR filter, contains zone name and RRs. 811 * @param ct: cached hashes table. 812 * @param nm: name to look for. 813 * @param nmlen: length of name. 814 * @param rrset: nsec3 that matches is returned here. 815 * @param rr: rr number in nsec3 rrset that matches. 816 * @param calculations: current hash calculations. 817 * @return true if a matching NSEC3 is found, false if not. 818 */ 819 static int 820 find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt, 821 struct nsec3_cache_table* ct, uint8_t* nm, size_t nmlen, 822 struct ub_packed_rrset_key** rrset, int* rr, 823 int* calculations) 824 { 825 size_t i_rs; 826 int i_rr; 827 struct ub_packed_rrset_key* s; 828 struct nsec3_cached_hash* hash = NULL; 829 int r; 830 int calc_errors = 0; 831 832 /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */ 833 for(s=filter_first(flt, &i_rs, &i_rr); s; 834 s=filter_next(flt, &i_rs, &i_rr)) { 835 /* check if we are allowed more calculations */ 836 if(*calculations >= MAX_NSEC3_CALCULATIONS) { 837 if(calc_errors == *calculations) { 838 *calculations = MAX_NSEC3_ERRORS; 839 } 840 break; 841 } 842 /* get name hashed for this NSEC3 RR */ 843 r = nsec3_hash_name(ct->ct, ct->region, env->scratch_buffer, 844 s, i_rr, nm, nmlen, &hash); 845 if(r == 0) { 846 log_err("nsec3: malloc failure"); 847 break; /* alloc failure */ 848 } else if(r < 0) { 849 /* malformed NSEC3 */ 850 calc_errors++; 851 (*calculations)++; 852 continue; 853 } else { 854 if(r == 1) (*calculations)++; 855 if(nsec3_hash_matches_owner(flt, hash, s)) { 856 *rrset = s; /* rrset with this name */ 857 *rr = i_rr; /* matches hash with these parameters */ 858 return 1; 859 } 860 } 861 } 862 *rrset = NULL; 863 *rr = 0; 864 return 0; 865 } 866 867 int 868 nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash, 869 struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf) 870 { 871 uint8_t* next, *owner; 872 size_t nextlen; 873 int len; 874 if(!nsec3_get_nextowner(rrset, rr, &next, &nextlen)) 875 return 0; /* malformed RR proves nothing */ 876 877 if(!hash) return 0; /* please clang */ 878 /* check the owner name is a hashed value . apex 879 * base32 encoded values must have equal length. 880 * hash_value and next hash value must have equal length. */ 881 if(nextlen != hash->hash_len || hash->hash_len==0||hash->b32_len==0|| 882 (size_t)*rrset->rk.dname != hash->b32_len || 883 query_dname_compare(rrset->rk.dname+1+ 884 (size_t)*rrset->rk.dname, zone) != 0) 885 return 0; /* bad lengths or owner name */ 886 887 /* This is the "normal case: owner < next and owner < hash < next */ 888 if(label_compare_lower(rrset->rk.dname+1, hash->b32, 889 hash->b32_len) < 0 && 890 memcmp(hash->hash, next, nextlen) < 0) 891 return 1; 892 893 /* convert owner name from text to binary */ 894 sldns_buffer_clear(buf); 895 owner = sldns_buffer_begin(buf); 896 len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1, 897 hash->b32_len, owner, sldns_buffer_limit(buf)); 898 if(len<1) 899 return 0; /* bad owner name in some way */ 900 if((size_t)len != hash->hash_len || (size_t)len != nextlen) 901 return 0; /* wrong length */ 902 903 /* this is the end of zone case: next <= owner && 904 * (hash > owner || hash < next) 905 * this also covers the only-apex case of next==owner. 906 */ 907 if(memcmp(next, owner, nextlen) <= 0 && 908 ( memcmp(hash->hash, owner, nextlen) > 0 || 909 memcmp(hash->hash, next, nextlen) < 0)) { 910 return 1; 911 } 912 return 0; 913 } 914 915 /** 916 * findCoveringNSEC3 917 * Given a name, find a covering NSEC3 from among a list of NSEC3s. 918 * 919 * @param env: module environment with temporary region and buffer. 920 * @param flt: the NSEC3 RR filter, contains zone name and RRs. 921 * @param ct: cached hashes table. 922 * @param nm: name to check if covered. 923 * @param nmlen: length of name. 924 * @param rrset: covering NSEC3 rrset is returned here. 925 * @param rr: rr of cover is returned here. 926 * @param calculations: current hash calculations. 927 * @return true if a covering NSEC3 is found, false if not. 928 */ 929 static int 930 find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt, 931 struct nsec3_cache_table* ct, uint8_t* nm, size_t nmlen, 932 struct ub_packed_rrset_key** rrset, int* rr, 933 int* calculations) 934 { 935 size_t i_rs; 936 int i_rr; 937 struct ub_packed_rrset_key* s; 938 struct nsec3_cached_hash* hash = NULL; 939 int r; 940 int calc_errors = 0; 941 942 /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */ 943 for(s=filter_first(flt, &i_rs, &i_rr); s; 944 s=filter_next(flt, &i_rs, &i_rr)) { 945 /* check if we are allowed more calculations */ 946 if(*calculations >= MAX_NSEC3_CALCULATIONS) { 947 if(calc_errors == *calculations) { 948 *calculations = MAX_NSEC3_ERRORS; 949 } 950 break; 951 } 952 /* get name hashed for this NSEC3 RR */ 953 r = nsec3_hash_name(ct->ct, ct->region, env->scratch_buffer, 954 s, i_rr, nm, nmlen, &hash); 955 if(r == 0) { 956 log_err("nsec3: malloc failure"); 957 break; /* alloc failure */ 958 } else if(r < 0) { 959 /* malformed NSEC3 */ 960 calc_errors++; 961 (*calculations)++; 962 continue; 963 } else { 964 if(r == 1) (*calculations)++; 965 if(nsec3_covers(flt->zone, hash, s, i_rr, 966 env->scratch_buffer)) { 967 *rrset = s; /* rrset with this name */ 968 *rr = i_rr; /* covers hash with these parameters */ 969 return 1; 970 } 971 } 972 } 973 *rrset = NULL; 974 *rr = 0; 975 return 0; 976 } 977 978 /** 979 * findClosestEncloser 980 * Given a name and a list of NSEC3s, find the candidate closest encloser. 981 * This will be the first ancestor of 'name' (including itself) to have a 982 * matching NSEC3 RR. 983 * @param env: module environment with temporary region and buffer. 984 * @param flt: the NSEC3 RR filter, contains zone name and RRs. 985 * @param ct: cached hashes table. 986 * @param qinfo: query that is verified for. 987 * @param ce: closest encloser information is returned in here. 988 * @param calculations: current hash calculations. 989 * @return true if a closest encloser candidate is found, false if not. 990 */ 991 static int 992 nsec3_find_closest_encloser(struct module_env* env, struct nsec3_filter* flt, 993 struct nsec3_cache_table* ct, struct query_info* qinfo, 994 struct ce_response* ce, int* calculations) 995 { 996 uint8_t* nm = qinfo->qname; 997 size_t nmlen = qinfo->qname_len; 998 999 /* This scans from longest name to shortest, so the first match 1000 * we find is the only viable candidate. */ 1001 1002 /* (David:) FIXME: modify so that the NSEC3 matching the zone apex need 1003 * not be present. (Mark Andrews idea). 1004 * (Wouter:) But make sure you check for DNAME bit in zone apex, 1005 * if the NSEC3 you find is the only NSEC3 in the zone, then this 1006 * may be the case. */ 1007 1008 while(dname_subdomain_c(nm, flt->zone)) { 1009 if(*calculations >= MAX_NSEC3_CALCULATIONS || 1010 *calculations == MAX_NSEC3_ERRORS) { 1011 return 0; 1012 } 1013 if(find_matching_nsec3(env, flt, ct, nm, nmlen, 1014 &ce->ce_rrset, &ce->ce_rr, calculations)) { 1015 ce->ce = nm; 1016 ce->ce_len = nmlen; 1017 return 1; 1018 } 1019 dname_remove_label(&nm, &nmlen); 1020 } 1021 return 0; 1022 } 1023 1024 /** 1025 * Given a qname and its proven closest encloser, calculate the "next 1026 * closest" name. Basically, this is the name that is one label longer than 1027 * the closest encloser that is still a subdomain of qname. 1028 * 1029 * @param qname: query name. 1030 * @param qnamelen: length of qname. 1031 * @param ce: closest encloser 1032 * @param nm: result name. 1033 * @param nmlen: length of nm. 1034 */ 1035 static void 1036 next_closer(uint8_t* qname, size_t qnamelen, uint8_t* ce, 1037 uint8_t** nm, size_t* nmlen) 1038 { 1039 int strip = dname_count_labels(qname) - dname_count_labels(ce) -1; 1040 *nm = qname; 1041 *nmlen = qnamelen; 1042 if(strip>0) 1043 dname_remove_labels(nm, nmlen, strip); 1044 } 1045 1046 /** 1047 * proveClosestEncloser 1048 * Given a List of nsec3 RRs, find and prove the closest encloser to qname. 1049 * @param env: module environment with temporary region and buffer. 1050 * @param flt: the NSEC3 RR filter, contains zone name and RRs. 1051 * @param ct: cached hashes table. 1052 * @param qinfo: query that is verified for. 1053 * @param prove_does_not_exist: If true, then if the closest encloser 1054 * turns out to be qname, then null is returned. 1055 * If set true, and the return value is true, then you can be 1056 * certain that the ce.nc_rrset and ce.nc_rr are set properly. 1057 * @param ce: closest encloser information is returned in here. 1058 * @param calculations: pointer to the current NSEC3 hash calculations. 1059 * @return bogus if no closest encloser could be proven. 1060 * secure if a closest encloser could be proven, ce is set. 1061 * insecure if the closest-encloser candidate turns out to prove 1062 * that an insecure delegation exists above the qname. 1063 * unchecked if no more hash calculations are allowed at this point. 1064 */ 1065 static enum sec_status 1066 nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt, 1067 struct nsec3_cache_table* ct, struct query_info* qinfo, 1068 int prove_does_not_exist, struct ce_response* ce, int* calculations) 1069 { 1070 uint8_t* nc; 1071 size_t nc_len; 1072 /* robust: clean out ce, in case it gets abused later */ 1073 memset(ce, 0, sizeof(*ce)); 1074 1075 if(!nsec3_find_closest_encloser(env, flt, ct, qinfo, ce, calculations)) { 1076 if(*calculations == MAX_NSEC3_ERRORS) { 1077 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could " 1078 "not find a candidate for the closest " 1079 "encloser; all attempted hash calculations " 1080 "were erroneous; bogus"); 1081 return sec_status_bogus; 1082 } else if(*calculations >= MAX_NSEC3_CALCULATIONS) { 1083 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could " 1084 "not find a candidate for the closest " 1085 "encloser; reached MAX_NSEC3_CALCULATIONS " 1086 "(%d); unchecked still", 1087 MAX_NSEC3_CALCULATIONS); 1088 return sec_status_unchecked; 1089 } 1090 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could " 1091 "not find a candidate for the closest encloser."); 1092 return sec_status_bogus; 1093 } 1094 log_nametypeclass(VERB_ALGO, "ce candidate", ce->ce, 0, 0); 1095 1096 if(query_dname_compare(ce->ce, qinfo->qname) == 0) { 1097 if(prove_does_not_exist) { 1098 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: " 1099 "proved that qname existed, bad"); 1100 return sec_status_bogus; 1101 } 1102 /* otherwise, we need to nothing else to prove that qname 1103 * is its own closest encloser. */ 1104 return sec_status_secure; 1105 } 1106 1107 /* If the closest encloser is actually a delegation, then the 1108 * response should have been a referral. If it is a DNAME, then 1109 * it should have been a DNAME response. */ 1110 if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_NS) && 1111 !nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_SOA)) { 1112 if(!nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DS)) { 1113 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: " 1114 "closest encloser is insecure delegation"); 1115 return sec_status_insecure; 1116 } 1117 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest " 1118 "encloser was a delegation, bad"); 1119 return sec_status_bogus; 1120 } 1121 if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DNAME)) { 1122 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest " 1123 "encloser was a DNAME, bad"); 1124 return sec_status_bogus; 1125 } 1126 1127 /* Otherwise, we need to show that the next closer name is covered. */ 1128 next_closer(qinfo->qname, qinfo->qname_len, ce->ce, &nc, &nc_len); 1129 if(!find_covering_nsec3(env, flt, ct, nc, nc_len, 1130 &ce->nc_rrset, &ce->nc_rr, calculations)) { 1131 if(*calculations == MAX_NSEC3_ERRORS) { 1132 verbose(VERB_ALGO, "nsec3: Could not find proof that the " 1133 "candidate encloser was the closest encloser; " 1134 "all attempted hash calculations were " 1135 "erroneous; bogus"); 1136 return sec_status_bogus; 1137 } else if(*calculations >= MAX_NSEC3_CALCULATIONS) { 1138 verbose(VERB_ALGO, "nsec3: Could not find proof that the " 1139 "candidate encloser was the closest encloser; " 1140 "reached MAX_NSEC3_CALCULATIONS (%d); " 1141 "unchecked still", 1142 MAX_NSEC3_CALCULATIONS); 1143 return sec_status_unchecked; 1144 } 1145 verbose(VERB_ALGO, "nsec3: Could not find proof that the " 1146 "candidate encloser was the closest encloser"); 1147 return sec_status_bogus; 1148 } 1149 return sec_status_secure; 1150 } 1151 1152 /** allocate a wildcard for the closest encloser */ 1153 static uint8_t* 1154 nsec3_ce_wildcard(struct regional* region, uint8_t* ce, size_t celen, 1155 size_t* len) 1156 { 1157 uint8_t* nm; 1158 if(celen > LDNS_MAX_DOMAINLEN - 2) 1159 return 0; /* too long */ 1160 nm = (uint8_t*)regional_alloc(region, celen+2); 1161 if(!nm) { 1162 log_err("nsec3 wildcard: out of memory"); 1163 return 0; /* alloc failure */ 1164 } 1165 nm[0] = 1; 1166 nm[1] = (uint8_t)'*'; /* wildcard label */ 1167 memmove(nm+2, ce, celen); 1168 *len = celen+2; 1169 return nm; 1170 } 1171 1172 /** Do the name error proof */ 1173 static enum sec_status 1174 nsec3_do_prove_nameerror(struct module_env* env, struct nsec3_filter* flt, 1175 struct nsec3_cache_table* ct, struct query_info* qinfo, int* calc) 1176 { 1177 struct ce_response ce; 1178 uint8_t* wc; 1179 size_t wclen; 1180 struct ub_packed_rrset_key* wc_rrset; 1181 int wc_rr; 1182 enum sec_status sec; 1183 1184 /* First locate and prove the closest encloser to qname. We will 1185 * use the variant that fails if the closest encloser turns out 1186 * to be qname. */ 1187 sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce, calc); 1188 if(sec != sec_status_secure) { 1189 if(sec == sec_status_bogus) 1190 verbose(VERB_ALGO, "nsec3 nameerror proof: failed " 1191 "to prove a closest encloser"); 1192 else if(sec == sec_status_unchecked) 1193 verbose(VERB_ALGO, "nsec3 nameerror proof: will " 1194 "continue proving closest encloser after " 1195 "suspend"); 1196 else verbose(VERB_ALGO, "nsec3 nameerror proof: closest " 1197 "nsec3 is an insecure delegation"); 1198 return sec; 1199 } 1200 log_nametypeclass(VERB_ALGO, "nsec3 nameerror: proven ce=", ce.ce,0,0); 1201 1202 /* At this point, we know that qname does not exist. Now we need 1203 * to prove that the wildcard does not exist. */ 1204 log_assert(ce.ce); 1205 wc = nsec3_ce_wildcard(ct->region, ce.ce, ce.ce_len, &wclen); 1206 if(!wc) { 1207 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove " 1208 "that the applicable wildcard did not exist."); 1209 return sec_status_bogus; 1210 } 1211 if(!find_covering_nsec3(env, flt, ct, wc, wclen, &wc_rrset, &wc_rr, calc)) { 1212 if(*calc == MAX_NSEC3_ERRORS) { 1213 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove " 1214 "that the applicable wildcard did not exist; " 1215 "all attempted hash calculations were " 1216 "erroneous; bogus"); 1217 return sec_status_bogus; 1218 } else if(*calc >= MAX_NSEC3_CALCULATIONS) { 1219 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove " 1220 "that the applicable wildcard did not exist; " 1221 "reached MAX_NSEC3_CALCULATIONS (%d); " 1222 "unchecked still", 1223 MAX_NSEC3_CALCULATIONS); 1224 return sec_status_unchecked; 1225 } 1226 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove " 1227 "that the applicable wildcard did not exist."); 1228 return sec_status_bogus; 1229 } 1230 1231 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { 1232 verbose(VERB_ALGO, "nsec3 nameerror proof: nc has optout"); 1233 return sec_status_insecure; 1234 } 1235 return sec_status_secure; 1236 } 1237 1238 enum sec_status 1239 nsec3_prove_nameerror(struct module_env* env, struct val_env* ve, 1240 struct ub_packed_rrset_key** list, size_t num, 1241 struct query_info* qinfo, struct key_entry_key* kkey, 1242 struct nsec3_cache_table* ct, int* calc) 1243 { 1244 struct nsec3_filter flt; 1245 1246 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) 1247 return sec_status_bogus; /* no valid NSEC3s, bogus */ 1248 filter_init(&flt, list, num, qinfo); /* init RR iterator */ 1249 if(!flt.zone) 1250 return sec_status_bogus; /* no RRs */ 1251 if(!param_set_same(&flt, NULL)) 1252 return sec_status_bogus; /* nsec3 params from distinct chains*/ 1253 if(nsec3_iteration_count_high(ve, &flt, kkey)) 1254 return sec_status_insecure; /* iteration count too high */ 1255 log_nametypeclass(VERB_ALGO, "start nsec3 nameerror proof, zone", 1256 flt.zone, 0, 0); 1257 return nsec3_do_prove_nameerror(env, &flt, ct, qinfo, calc); 1258 } 1259 1260 /* 1261 * No code to handle qtype=NSEC3 specially. 1262 * This existed in early drafts, but was later (-05) removed. 1263 */ 1264 1265 /** Do the nodata proof */ 1266 static enum sec_status 1267 nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt, 1268 struct nsec3_cache_table* ct, struct query_info* qinfo, 1269 int* calc) 1270 { 1271 struct ce_response ce; 1272 uint8_t* wc; 1273 size_t wclen; 1274 struct ub_packed_rrset_key* rrset; 1275 int rr; 1276 enum sec_status sec; 1277 1278 if(find_matching_nsec3(env, flt, ct, qinfo->qname, qinfo->qname_len, 1279 &rrset, &rr, calc)) { 1280 /* cases 1 and 2 */ 1281 if(nsec3_has_type(rrset, rr, qinfo->qtype)) { 1282 verbose(VERB_ALGO, "proveNodata: Matching NSEC3 " 1283 "proved that type existed, bogus"); 1284 return sec_status_bogus; 1285 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) { 1286 verbose(VERB_ALGO, "proveNodata: Matching NSEC3 " 1287 "proved that a CNAME existed, bogus"); 1288 return sec_status_bogus; 1289 } 1290 1291 /* 1292 * If type DS: filter_init zone find already found a parent 1293 * zone, so this nsec3 is from a parent zone. 1294 * o can be not a delegation (unusual query for normal name, 1295 * no DS anyway, but we can verify that). 1296 * o can be a delegation (which is the usual DS check). 1297 * o may not have the SOA bit set (only the top of the 1298 * zone, which must have been above the name, has that). 1299 * Except for the root; which is checked by itself. 1300 * 1301 * If not type DS: matching nsec3 must not be a delegation. 1302 */ 1303 if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1 1304 && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) && 1305 !dname_is_root(qinfo->qname)) { 1306 verbose(VERB_ALGO, "proveNodata: apex NSEC3 " 1307 "abused for no DS proof, bogus"); 1308 return sec_status_bogus; 1309 } else if(qinfo->qtype != LDNS_RR_TYPE_DS && 1310 nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) && 1311 !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { 1312 if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) { 1313 verbose(VERB_ALGO, "proveNodata: matching " 1314 "NSEC3 is insecure delegation"); 1315 return sec_status_insecure; 1316 } 1317 verbose(VERB_ALGO, "proveNodata: matching " 1318 "NSEC3 is a delegation, bogus"); 1319 return sec_status_bogus; 1320 } 1321 return sec_status_secure; 1322 } 1323 if(*calc == MAX_NSEC3_ERRORS) { 1324 verbose(VERB_ALGO, "proveNodata: all attempted hash " 1325 "calculations were erroneous while finding a matching " 1326 "NSEC3, bogus"); 1327 return sec_status_bogus; 1328 } else if(*calc >= MAX_NSEC3_CALCULATIONS) { 1329 verbose(VERB_ALGO, "proveNodata: reached " 1330 "MAX_NSEC3_CALCULATIONS (%d) while finding a " 1331 "matching NSEC3; unchecked still", 1332 MAX_NSEC3_CALCULATIONS); 1333 return sec_status_unchecked; 1334 } 1335 1336 /* For cases 3 - 5, we need the proven closest encloser, and it 1337 * can't match qname. Although, at this point, we know that it 1338 * won't since we just checked that. */ 1339 sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce, calc); 1340 if(sec == sec_status_bogus) { 1341 verbose(VERB_ALGO, "proveNodata: did not match qname, " 1342 "nor found a proven closest encloser."); 1343 return sec_status_bogus; 1344 } else if(sec==sec_status_insecure && qinfo->qtype!=LDNS_RR_TYPE_DS){ 1345 verbose(VERB_ALGO, "proveNodata: closest nsec3 is insecure " 1346 "delegation."); 1347 return sec_status_insecure; 1348 } else if(sec==sec_status_unchecked) { 1349 return sec_status_unchecked; 1350 } 1351 1352 /* Case 3: removed */ 1353 1354 /* Case 4: */ 1355 log_assert(ce.ce); 1356 wc = nsec3_ce_wildcard(ct->region, ce.ce, ce.ce_len, &wclen); 1357 if(wc && find_matching_nsec3(env, flt, ct, wc, wclen, &rrset, &rr, 1358 calc)) { 1359 /* found wildcard */ 1360 if(nsec3_has_type(rrset, rr, qinfo->qtype)) { 1361 verbose(VERB_ALGO, "nsec3 nodata proof: matching " 1362 "wildcard had qtype, bogus"); 1363 return sec_status_bogus; 1364 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) { 1365 verbose(VERB_ALGO, "nsec3 nodata proof: matching " 1366 "wildcard had a CNAME, bogus"); 1367 return sec_status_bogus; 1368 } 1369 if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1 1370 && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { 1371 verbose(VERB_ALGO, "nsec3 nodata proof: matching " 1372 "wildcard for no DS proof has a SOA, bogus"); 1373 return sec_status_bogus; 1374 } else if(qinfo->qtype != LDNS_RR_TYPE_DS && 1375 nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) && 1376 !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) { 1377 verbose(VERB_ALGO, "nsec3 nodata proof: matching " 1378 "wildcard is a delegation, bogus"); 1379 return sec_status_bogus; 1380 } 1381 /* everything is peachy keen, except for optout spans */ 1382 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { 1383 verbose(VERB_ALGO, "nsec3 nodata proof: matching " 1384 "wildcard is in optout range, insecure"); 1385 return sec_status_insecure; 1386 } 1387 return sec_status_secure; 1388 } 1389 if(*calc == MAX_NSEC3_ERRORS) { 1390 verbose(VERB_ALGO, "nsec3 nodata proof: all attempted hash " 1391 "calculations were erroneous while matching " 1392 "wildcard, bogus"); 1393 return sec_status_bogus; 1394 } else if(*calc >= MAX_NSEC3_CALCULATIONS) { 1395 verbose(VERB_ALGO, "nsec3 nodata proof: reached " 1396 "MAX_NSEC3_CALCULATIONS (%d) while matching " 1397 "wildcard, unchecked still", 1398 MAX_NSEC3_CALCULATIONS); 1399 return sec_status_unchecked; 1400 } 1401 1402 /* Case 5: */ 1403 /* Due to forwarders, cnames, and other collating effects, we 1404 * can see the ordinary unsigned data from a zone beneath an 1405 * insecure delegation under an optout here */ 1406 if(!ce.nc_rrset) { 1407 verbose(VERB_ALGO, "nsec3 nodata proof: no next closer nsec3"); 1408 return sec_status_bogus; 1409 } 1410 1411 /* We need to make sure that the covering NSEC3 is opt-out. */ 1412 log_assert(ce.nc_rrset); 1413 if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { 1414 if(qinfo->qtype == LDNS_RR_TYPE_DS) 1415 verbose(VERB_ALGO, "proveNodata: covering NSEC3 was not " 1416 "opt-out in an opt-out DS NOERROR/NODATA case."); 1417 else verbose(VERB_ALGO, "proveNodata: could not find matching " 1418 "NSEC3, nor matching wildcard, nor optout NSEC3 " 1419 "-- no more options, bogus."); 1420 return sec_status_bogus; 1421 } 1422 /* RFC5155 section 9.2: if nc has optout then no AD flag set */ 1423 return sec_status_insecure; 1424 } 1425 1426 enum sec_status 1427 nsec3_prove_nodata(struct module_env* env, struct val_env* ve, 1428 struct ub_packed_rrset_key** list, size_t num, 1429 struct query_info* qinfo, struct key_entry_key* kkey, 1430 struct nsec3_cache_table* ct, int* calc) 1431 { 1432 struct nsec3_filter flt; 1433 1434 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) 1435 return sec_status_bogus; /* no valid NSEC3s, bogus */ 1436 filter_init(&flt, list, num, qinfo); /* init RR iterator */ 1437 if(!flt.zone) 1438 return sec_status_bogus; /* no RRs */ 1439 if(!param_set_same(&flt, NULL)) 1440 return sec_status_bogus; /* nsec3 params from distinct chains*/ 1441 if(nsec3_iteration_count_high(ve, &flt, kkey)) 1442 return sec_status_insecure; /* iteration count too high */ 1443 return nsec3_do_prove_nodata(env, &flt, ct, qinfo, calc); 1444 } 1445 1446 enum sec_status 1447 nsec3_prove_wildcard(struct module_env* env, struct val_env* ve, 1448 struct ub_packed_rrset_key** list, size_t num, 1449 struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc, 1450 struct nsec3_cache_table* ct, int* calc) 1451 { 1452 struct nsec3_filter flt; 1453 struct ce_response ce; 1454 uint8_t* nc; 1455 size_t nc_len; 1456 size_t wclen; 1457 (void)dname_count_size_labels(wc, &wclen); 1458 1459 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) 1460 return sec_status_bogus; /* no valid NSEC3s, bogus */ 1461 filter_init(&flt, list, num, qinfo); /* init RR iterator */ 1462 if(!flt.zone) 1463 return sec_status_bogus; /* no RRs */ 1464 if(!param_set_same(&flt, NULL)) 1465 return sec_status_bogus; /* nsec3 params from distinct chains*/ 1466 if(nsec3_iteration_count_high(ve, &flt, kkey)) 1467 return sec_status_insecure; /* iteration count too high */ 1468 1469 /* We know what the (purported) closest encloser is by just 1470 * looking at the supposed generating wildcard. 1471 * The *. has already been removed from the wc name. 1472 */ 1473 memset(&ce, 0, sizeof(ce)); 1474 ce.ce = wc; 1475 ce.ce_len = wclen; 1476 1477 /* Now we still need to prove that the original data did not exist. 1478 * Otherwise, we need to show that the next closer name is covered. */ 1479 next_closer(qinfo->qname, qinfo->qname_len, ce.ce, &nc, &nc_len); 1480 if(!find_covering_nsec3(env, &flt, ct, nc, nc_len, 1481 &ce.nc_rrset, &ce.nc_rr, calc)) { 1482 if(*calc == MAX_NSEC3_ERRORS) { 1483 verbose(VERB_ALGO, "proveWildcard: did not find a " 1484 "covering NSEC3 that covered the next closer " 1485 "name; all attempted hash calculations were " 1486 "erroneous; bogus"); 1487 return sec_status_bogus; 1488 } else if(*calc >= MAX_NSEC3_CALCULATIONS) { 1489 verbose(VERB_ALGO, "proveWildcard: did not find a " 1490 "covering NSEC3 that covered the next closer " 1491 "name; reached MAX_NSEC3_CALCULATIONS " 1492 "(%d); unchecked still", 1493 MAX_NSEC3_CALCULATIONS); 1494 return sec_status_unchecked; 1495 } 1496 verbose(VERB_ALGO, "proveWildcard: did not find a covering " 1497 "NSEC3 that covered the next closer name."); 1498 return sec_status_bogus; 1499 } 1500 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { 1501 verbose(VERB_ALGO, "proveWildcard: NSEC3 optout"); 1502 return sec_status_insecure; 1503 } 1504 return sec_status_secure; 1505 } 1506 1507 /** test if list is all secure */ 1508 static int 1509 list_is_secure(struct module_env* env, struct val_env* ve, 1510 struct ub_packed_rrset_key** list, size_t num, 1511 struct key_entry_key* kkey, char** reason, sldns_ede_code *reason_bogus, 1512 struct module_qstate* qstate, char* reasonbuf, size_t reasonlen) 1513 { 1514 struct packed_rrset_data* d; 1515 size_t i; 1516 int verified = 0; 1517 for(i=0; i<num; i++) { 1518 d = (struct packed_rrset_data*)list[i]->entry.data; 1519 if(list[i]->rk.type != htons(LDNS_RR_TYPE_NSEC3)) 1520 continue; 1521 if(d->security == sec_status_secure) 1522 continue; 1523 rrset_check_sec_status(env->rrset_cache, list[i], *env->now); 1524 if(d->security == sec_status_secure) 1525 continue; 1526 d->security = val_verify_rrset_entry(env, ve, list[i], kkey, 1527 reason, reason_bogus, LDNS_SECTION_AUTHORITY, qstate, 1528 &verified, reasonbuf, reasonlen); 1529 if(d->security != sec_status_secure) { 1530 verbose(VERB_ALGO, "NSEC3 did not verify"); 1531 return 0; 1532 } 1533 rrset_update_sec_status(env->rrset_cache, list[i], *env->now); 1534 } 1535 return 1; 1536 } 1537 1538 enum sec_status 1539 nsec3_prove_nods(struct module_env* env, struct val_env* ve, 1540 struct ub_packed_rrset_key** list, size_t num, 1541 struct query_info* qinfo, struct key_entry_key* kkey, char** reason, 1542 sldns_ede_code* reason_bogus, struct module_qstate* qstate, 1543 struct nsec3_cache_table* ct, char* reasonbuf, size_t reasonlen) 1544 { 1545 struct nsec3_filter flt; 1546 struct ce_response ce; 1547 struct ub_packed_rrset_key* rrset; 1548 int rr; 1549 int calc = 0; 1550 enum sec_status sec; 1551 1552 log_assert(qinfo->qtype == LDNS_RR_TYPE_DS); 1553 1554 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) { 1555 *reason = "no valid NSEC3s"; 1556 return sec_status_bogus; /* no valid NSEC3s, bogus */ 1557 } 1558 if(!list_is_secure(env, ve, list, num, kkey, reason, reason_bogus, 1559 qstate, reasonbuf, reasonlen)) { 1560 *reason = "not all NSEC3 records secure"; 1561 return sec_status_bogus; /* not all NSEC3 records secure */ 1562 } 1563 filter_init(&flt, list, num, qinfo); /* init RR iterator */ 1564 if(!flt.zone) { 1565 *reason = "no NSEC3 records"; 1566 return sec_status_bogus; /* no RRs */ 1567 } 1568 if(!param_set_same(&flt, reason)) 1569 return sec_status_bogus; /* nsec3 params from distinct chains*/ 1570 if(nsec3_iteration_count_high(ve, &flt, kkey)) 1571 return sec_status_insecure; /* iteration count too high */ 1572 1573 /* Look for a matching NSEC3 to qname -- this is the normal 1574 * NODATA case. */ 1575 if(find_matching_nsec3(env, &flt, ct, qinfo->qname, qinfo->qname_len, 1576 &rrset, &rr, &calc)) { 1577 /* If the matching NSEC3 has the SOA bit set, it is from 1578 * the wrong zone (the child instead of the parent). If 1579 * it has the DS bit set, then we were lied to. */ 1580 if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) && 1581 qinfo->qname_len != 1) { 1582 verbose(VERB_ALGO, "nsec3 provenods: NSEC3 is from" 1583 " child zone, bogus"); 1584 *reason = "NSEC3 from child zone"; 1585 return sec_status_bogus; 1586 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) { 1587 verbose(VERB_ALGO, "nsec3 provenods: NSEC3 has qtype" 1588 " DS, bogus"); 1589 *reason = "NSEC3 has DS in bitmap"; 1590 return sec_status_bogus; 1591 } 1592 /* If the NSEC3 RR doesn't have the NS bit set, then 1593 * this wasn't a delegation point. */ 1594 if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS)) 1595 return sec_status_indeterminate; 1596 /* Otherwise, this proves no DS. */ 1597 return sec_status_secure; 1598 } 1599 if(calc == MAX_NSEC3_ERRORS) { 1600 verbose(VERB_ALGO, "nsec3 provenods: all attempted hash " 1601 "calculations were erroneous while finding a matching " 1602 "NSEC3, bogus"); 1603 return sec_status_bogus; 1604 } else if(calc >= MAX_NSEC3_CALCULATIONS) { 1605 verbose(VERB_ALGO, "nsec3 provenods: reached " 1606 "MAX_NSEC3_CALCULATIONS (%d) while finding a " 1607 "matching NSEC3, unchecked still", 1608 MAX_NSEC3_CALCULATIONS); 1609 return sec_status_unchecked; 1610 } 1611 1612 /* Otherwise, we are probably in the opt-out case. */ 1613 sec = nsec3_prove_closest_encloser(env, &flt, ct, qinfo, 1, &ce, &calc); 1614 if(sec == sec_status_unchecked) { 1615 return sec_status_unchecked; 1616 } else if(sec != sec_status_secure) { 1617 /* an insecure delegation *above* the qname does not prove 1618 * anything about this qname exactly, and bogus is bogus */ 1619 verbose(VERB_ALGO, "nsec3 provenods: did not match qname, " 1620 "nor found a proven closest encloser."); 1621 *reason = "no NSEC3 closest encloser"; 1622 return sec_status_bogus; 1623 } 1624 1625 /* robust extra check */ 1626 if(!ce.nc_rrset) { 1627 verbose(VERB_ALGO, "nsec3 nods proof: no next closer nsec3"); 1628 *reason = "no NSEC3 next closer"; 1629 return sec_status_bogus; 1630 } 1631 1632 /* we had the closest encloser proof, then we need to check that the 1633 * covering NSEC3 was opt-out -- the proveClosestEncloser step already 1634 * checked to see if the closest encloser was a delegation or DNAME. 1635 */ 1636 log_assert(ce.nc_rrset); 1637 if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) { 1638 verbose(VERB_ALGO, "nsec3 provenods: covering NSEC3 was not " 1639 "opt-out in an opt-out DS NOERROR/NODATA case."); 1640 *reason = "covering NSEC3 was not opt-out in an opt-out " 1641 "DS NOERROR/NODATA case"; 1642 return sec_status_bogus; 1643 } 1644 /* RFC5155 section 9.2: if nc has optout then no AD flag set */ 1645 return sec_status_insecure; 1646 } 1647 1648 enum sec_status 1649 nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve, 1650 struct ub_packed_rrset_key** list, size_t num, 1651 struct query_info* qinfo, struct key_entry_key* kkey, int* nodata, 1652 struct nsec3_cache_table* ct, int* calc) 1653 { 1654 enum sec_status sec, secnx; 1655 struct nsec3_filter flt; 1656 *nodata = 0; 1657 1658 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) 1659 return sec_status_bogus; /* no valid NSEC3s, bogus */ 1660 filter_init(&flt, list, num, qinfo); /* init RR iterator */ 1661 if(!flt.zone) 1662 return sec_status_bogus; /* no RRs */ 1663 if(!param_set_same(&flt, NULL)) 1664 return sec_status_bogus; /* nsec3 params from distinct chains*/ 1665 if(nsec3_iteration_count_high(ve, &flt, kkey)) 1666 return sec_status_insecure; /* iteration count too high */ 1667 1668 /* try nxdomain and nodata after another, while keeping the 1669 * hash cache intact */ 1670 1671 secnx = nsec3_do_prove_nameerror(env, &flt, ct, qinfo, calc); 1672 if(secnx==sec_status_secure) 1673 return sec_status_secure; 1674 else if(secnx == sec_status_unchecked) 1675 return sec_status_unchecked; 1676 sec = nsec3_do_prove_nodata(env, &flt, ct, qinfo, calc); 1677 if(sec==sec_status_secure) { 1678 *nodata = 1; 1679 } else if(sec == sec_status_insecure) { 1680 *nodata = 1; 1681 } else if(secnx == sec_status_insecure) { 1682 sec = sec_status_insecure; 1683 } else if(sec == sec_status_unchecked) { 1684 return sec_status_unchecked; 1685 } 1686 return sec; 1687 } 1688
Indexes created Wed Jun 24 00:24:50 UTC 2026