1 /*
2 * validator/val_nsec3.c - validator NSEC3 denial of existence functions.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 /**
37 * \file
38 *
39 * This file contains helper functions for the validator module.
40 * The functions help with NSEC3 checking, the different NSEC3 proofs
41 * for denial of existence, and proofs for presence of types.
42 */
43 #include "config.h"
44 #include <ctype.h>
45 #include "validator/val_nsec3.h"
46 #include "validator/val_secalgo.h"
47 #include "validator/validator.h"
48 #include "validator/val_kentry.h"
49 #include "services/cache/rrset.h"
50 #include "util/regional.h"
51 #include "util/rbtree.h"
52 #include "util/module.h"
53 #include "util/net_help.h"
54 #include "util/data/packed_rrset.h"
55 #include "util/data/dname.h"
56 #include "util/data/msgreply.h"
57 /* we include nsec.h for the bitmap_has_type function */
58 #include "validator/val_nsec.h"
59 #include "sldns/sbuffer.h"
60
61 /**
62 * This function we get from ldns-compat or from base system
63 * it returns the number of data bytes stored at the target, or <0 on error.
64 */
65 int sldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength,
66 char *target, size_t targsize);
67 /**
68 * This function we get from ldns-compat or from base system
69 * it returns the number of data bytes stored at the target, or <0 on error.
70 */
71 int sldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len,
72 uint8_t *target, size_t targsize);
73
74 /**
75 * Closest encloser (ce) proof results
76 * Contains the ce and the next-closer (nc) proof.
77 */
78 struct ce_response {
79 /** the closest encloser name */
80 uint8_t* ce;
81 /** length of ce */
82 size_t ce_len;
83 /** NSEC3 record that proved ce. rrset */
84 struct ub_packed_rrset_key* ce_rrset;
85 /** NSEC3 record that proved ce. rr number */
86 int ce_rr;
87 /** NSEC3 record that proved nc. rrset */
88 struct ub_packed_rrset_key* nc_rrset;
89 /** NSEC3 record that proved nc. rr*/
90 int nc_rr;
91 };
92
93 /**
94 * Filter conditions for NSEC3 proof
95 * Used to iterate over the applicable NSEC3 RRs.
96 */
97 struct nsec3_filter {
98 /** Zone name, only NSEC3 records for this zone are considered */
99 uint8_t* zone;
100 /** length of the zonename */
101 size_t zone_len;
102 /** the list of NSEC3s to filter; array */
103 struct ub_packed_rrset_key** list;
104 /** number of rrsets in list */
105 size_t num;
106 /** class of records for the NSEC3, only this class applies */
107 uint16_t fclass;
108 };
109
110 /** return number of rrs in an rrset */
111 static size_t
rrset_get_count(struct ub_packed_rrset_key * rrset)112 rrset_get_count(struct ub_packed_rrset_key* rrset)
113 {
114 struct packed_rrset_data* d = (struct packed_rrset_data*)
115 rrset->entry.data;
116 if(!d) return 0;
117 return d->count;
118 }
119
120 /** return if nsec3 RR has unknown flags */
121 static int
nsec3_unknown_flags(struct ub_packed_rrset_key * rrset,int r)122 nsec3_unknown_flags(struct ub_packed_rrset_key* rrset, int r)
123 {
124 struct packed_rrset_data* d = (struct packed_rrset_data*)
125 rrset->entry.data;
126 log_assert(d && r < (int)d->count);
127 if(d->rr_len[r] < 2+2)
128 return 0; /* malformed */
129 return (int)(d->rr_data[r][2+1] & NSEC3_UNKNOWN_FLAGS);
130 }
131
132 int
nsec3_has_optout(struct ub_packed_rrset_key * rrset,int r)133 nsec3_has_optout(struct ub_packed_rrset_key* rrset, int r)
134 {
135 struct packed_rrset_data* d = (struct packed_rrset_data*)
136 rrset->entry.data;
137 log_assert(d && r < (int)d->count);
138 if(d->rr_len[r] < 2+2)
139 return 0; /* malformed */
140 return (int)(d->rr_data[r][2+1] & NSEC3_OPTOUT);
141 }
142
143 /** return nsec3 RR algorithm */
144 static int
nsec3_get_algo(struct ub_packed_rrset_key * rrset,int r)145 nsec3_get_algo(struct ub_packed_rrset_key* rrset, int r)
146 {
147 struct packed_rrset_data* d = (struct packed_rrset_data*)
148 rrset->entry.data;
149 log_assert(d && r < (int)d->count);
150 if(d->rr_len[r] < 2+1)
151 return 0; /* malformed */
152 return (int)(d->rr_data[r][2+0]);
153 }
154
155 /** return if nsec3 RR has known algorithm */
156 static int
nsec3_known_algo(struct ub_packed_rrset_key * rrset,int r)157 nsec3_known_algo(struct ub_packed_rrset_key* rrset, int r)
158 {
159 struct packed_rrset_data* d = (struct packed_rrset_data*)
160 rrset->entry.data;
161 log_assert(d && r < (int)d->count);
162 if(d->rr_len[r] < 2+1)
163 return 0; /* malformed */
164 switch(d->rr_data[r][2+0]) {
165 case NSEC3_HASH_SHA1:
166 return 1;
167 }
168 return 0;
169 }
170
171 /** return nsec3 RR iteration count */
172 static size_t
nsec3_get_iter(struct ub_packed_rrset_key * rrset,int r)173 nsec3_get_iter(struct ub_packed_rrset_key* rrset, int r)
174 {
175 uint16_t i;
176 struct packed_rrset_data* d = (struct packed_rrset_data*)
177 rrset->entry.data;
178 log_assert(d && r < (int)d->count);
179 if(d->rr_len[r] < 2+4)
180 return 0; /* malformed */
181 memmove(&i, d->rr_data[r]+2+2, sizeof(i));
182 i = ntohs(i);
183 return (size_t)i;
184 }
185
186 /** return nsec3 RR salt */
187 static int
nsec3_get_salt(struct ub_packed_rrset_key * rrset,int r,uint8_t ** salt,size_t * saltlen)188 nsec3_get_salt(struct ub_packed_rrset_key* rrset, int r,
189 uint8_t** salt, size_t* saltlen)
190 {
191 struct packed_rrset_data* d = (struct packed_rrset_data*)
192 rrset->entry.data;
193 log_assert(d && r < (int)d->count);
194 if(d->rr_len[r] < 2+5) {
195 *salt = 0;
196 *saltlen = 0;
197 return 0; /* malformed */
198 }
199 *saltlen = (size_t)d->rr_data[r][2+4];
200 if(d->rr_len[r] < 2+5+(size_t)*saltlen) {
201 *salt = 0;
202 *saltlen = 0;
203 return 0; /* malformed */
204 }
205 *salt = d->rr_data[r]+2+5;
206 return 1;
207 }
208
nsec3_get_params(struct ub_packed_rrset_key * rrset,int r,int * algo,size_t * iter,uint8_t ** salt,size_t * saltlen)209 int nsec3_get_params(struct ub_packed_rrset_key* rrset, int r,
210 int* algo, size_t* iter, uint8_t** salt, size_t* saltlen)
211 {
212 if(!nsec3_known_algo(rrset, r) || nsec3_unknown_flags(rrset, r))
213 return 0;
214 if(!nsec3_get_salt(rrset, r, salt, saltlen))
215 return 0;
216 *algo = nsec3_get_algo(rrset, r);
217 *iter = nsec3_get_iter(rrset, r);
218 return 1;
219 }
220
221 int
nsec3_get_nextowner(struct ub_packed_rrset_key * rrset,int r,uint8_t ** next,size_t * nextlen)222 nsec3_get_nextowner(struct ub_packed_rrset_key* rrset, int r,
223 uint8_t** next, size_t* nextlen)
224 {
225 size_t saltlen;
226 struct packed_rrset_data* d = (struct packed_rrset_data*)
227 rrset->entry.data;
228 log_assert(d && r < (int)d->count);
229 if(d->rr_len[r] < 2+5) {
230 *next = 0;
231 *nextlen = 0;
232 return 0; /* malformed */
233 }
234 saltlen = (size_t)d->rr_data[r][2+4];
235 if(d->rr_len[r] < 2+5+saltlen+1) {
236 *next = 0;
237 *nextlen = 0;
238 return 0; /* malformed */
239 }
240 *nextlen = (size_t)d->rr_data[r][2+5+saltlen];
241 if(d->rr_len[r] < 2+5+saltlen+1+*nextlen) {
242 *next = 0;
243 *nextlen = 0;
244 return 0; /* malformed */
245 }
246 *next = d->rr_data[r]+2+5+saltlen+1;
247 return 1;
248 }
249
nsec3_hash_to_b32(uint8_t * hash,size_t hashlen,uint8_t * zone,size_t zonelen,uint8_t * buf,size_t max)250 size_t nsec3_hash_to_b32(uint8_t* hash, size_t hashlen, uint8_t* zone,
251 size_t zonelen, uint8_t* buf, size_t max)
252 {
253 /* write b32 of name, leave one for length */
254 int ret;
255 if(max < hashlen*2+1) /* quick approx of b32, as if hexb16 */
256 return 0;
257 ret = sldns_b32_ntop_extended_hex(hash, hashlen, (char*)buf+1, max-1);
258 if(ret < 1)
259 return 0;
260 buf[0] = (uint8_t)ret; /* length of b32 label */
261 ret++;
262 if(max - ret < zonelen)
263 return 0;
264 memmove(buf+ret, zone, zonelen);
265 return zonelen+(size_t)ret;
266 }
267
nsec3_get_nextowner_b32(struct ub_packed_rrset_key * rrset,int r,uint8_t * buf,size_t max)268 size_t nsec3_get_nextowner_b32(struct ub_packed_rrset_key* rrset, int r,
269 uint8_t* buf, size_t max)
270 {
271 uint8_t* nm, *zone;
272 size_t nmlen, zonelen;
273 if(!nsec3_get_nextowner(rrset, r, &nm, &nmlen))
274 return 0;
275 /* append zone name; the owner name must be <b32>.zone */
276 zone = rrset->rk.dname;
277 zonelen = rrset->rk.dname_len;
278 dname_remove_label(&zone, &zonelen);
279 return nsec3_hash_to_b32(nm, nmlen, zone, zonelen, buf, max);
280 }
281
282 int
nsec3_has_type(struct ub_packed_rrset_key * rrset,int r,uint16_t type)283 nsec3_has_type(struct ub_packed_rrset_key* rrset, int r, uint16_t type)
284 {
285 uint8_t* bitmap;
286 size_t bitlen, skiplen;
287 struct packed_rrset_data* d = (struct packed_rrset_data*)
288 rrset->entry.data;
289 log_assert(d && r < (int)d->count);
290 skiplen = 2+4;
291 /* skip salt */
292 if(d->rr_len[r] < skiplen+1)
293 return 0; /* malformed, too short */
294 skiplen += 1+(size_t)d->rr_data[r][skiplen];
295 /* skip next hashed owner */
296 if(d->rr_len[r] < skiplen+1)
297 return 0; /* malformed, too short */
298 skiplen += 1+(size_t)d->rr_data[r][skiplen];
299 if(d->rr_len[r] < skiplen)
300 return 0; /* malformed, too short */
301 bitlen = d->rr_len[r] - skiplen;
302 bitmap = d->rr_data[r]+skiplen;
303 return nsecbitmap_has_type_rdata(bitmap, bitlen, type);
304 }
305
306 /**
307 * Iterate through NSEC3 list, per RR
308 * This routine gives the next RR in the list (or sets rrset null).
309 * Usage:
310 *
311 * size_t rrsetnum;
312 * int rrnum;
313 * struct ub_packed_rrset_key* rrset;
314 * for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset;
315 * rrset=filter_next(filter, &rrsetnum, &rrnum))
316 * do_stuff;
317 *
318 * Also filters out
319 * o unknown flag NSEC3s
320 * o unknown algorithm NSEC3s.
321 * @param filter: nsec3 filter structure.
322 * @param rrsetnum: in/out rrset number to look at.
323 * @param rrnum: in/out rr number in rrset to look at.
324 * @returns ptr to the next rrset (or NULL at end).
325 */
326 static struct ub_packed_rrset_key*
filter_next(struct nsec3_filter * filter,size_t * rrsetnum,int * rrnum)327 filter_next(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum)
328 {
329 size_t i;
330 int r;
331 uint8_t* nm;
332 size_t nmlen;
333 if(!filter->zone) /* empty list */
334 return NULL;
335 for(i=*rrsetnum; i<filter->num; i++) {
336 /* see if RRset qualifies */
337 if(ntohs(filter->list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 ||
338 ntohs(filter->list[i]->rk.rrset_class) !=
339 filter->fclass)
340 continue;
341 /* check RRset zone */
342 nm = filter->list[i]->rk.dname;
343 nmlen = filter->list[i]->rk.dname_len;
344 dname_remove_label(&nm, &nmlen);
345 if(query_dname_compare(nm, filter->zone) != 0)
346 continue;
347 if(i == *rrsetnum)
348 r = (*rrnum) + 1; /* continue at next RR */
349 else r = 0; /* new RRset start at first RR */
350 for(; r < (int)rrset_get_count(filter->list[i]); r++) {
351 /* skip unknown flags, algo */
352 if(nsec3_unknown_flags(filter->list[i], r) ||
353 !nsec3_known_algo(filter->list[i], r))
354 continue;
355 /* this one is a good target */
356 *rrsetnum = i;
357 *rrnum = r;
358 return filter->list[i];
359 }
360 }
361 return NULL;
362 }
363
364 /**
365 * Start iterating over NSEC3 records.
366 * @param filter: the filter structure, must have been filter_init-ed.
367 * @param rrsetnum: can be undefined on call, initialised.
368 * @param rrnum: can be undefined on call, initialised.
369 * @return first rrset of an NSEC3, together with rrnum this points to
370 * the first RR to examine. Is NULL on empty list.
371 */
372 static struct ub_packed_rrset_key*
filter_first(struct nsec3_filter * filter,size_t * rrsetnum,int * rrnum)373 filter_first(struct nsec3_filter* filter, size_t* rrsetnum, int* rrnum)
374 {
375 *rrsetnum = 0;
376 *rrnum = -1;
377 return filter_next(filter, rrsetnum, rrnum);
378 }
379
380 /** see if at least one RR is known (flags, algo) */
381 static int
nsec3_rrset_has_known(struct ub_packed_rrset_key * s)382 nsec3_rrset_has_known(struct ub_packed_rrset_key* s)
383 {
384 int r;
385 for(r=0; r < (int)rrset_get_count(s); r++) {
386 if(!nsec3_unknown_flags(s, r) && nsec3_known_algo(s, r))
387 return 1;
388 }
389 return 0;
390 }
391
392 /**
393 * Initialize the filter structure.
394 * Finds the zone by looking at available NSEC3 records and best match.
395 * (skips the unknown flag and unknown algo NSEC3s).
396 *
397 * @param filter: nsec3 filter structure.
398 * @param list: list of rrsets, an array of them.
399 * @param num: number of rrsets in list.
400 * @param qinfo:
401 * query name to match a zone for.
402 * query type (if DS a higher zone must be chosen)
403 * qclass, to filter NSEC3s with.
404 */
405 static void
filter_init(struct nsec3_filter * filter,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo)406 filter_init(struct nsec3_filter* filter, struct ub_packed_rrset_key** list,
407 size_t num, struct query_info* qinfo)
408 {
409 size_t i;
410 uint8_t* nm;
411 size_t nmlen;
412 filter->zone = NULL;
413 filter->zone_len = 0;
414 filter->list = list;
415 filter->num = num;
416 filter->fclass = qinfo->qclass;
417 for(i=0; i<num; i++) {
418 /* ignore other stuff in the list */
419 if(ntohs(list[i]->rk.type) != LDNS_RR_TYPE_NSEC3 ||
420 ntohs(list[i]->rk.rrset_class) != qinfo->qclass)
421 continue;
422 /* skip unknown flags, algo */
423 if(!nsec3_rrset_has_known(list[i]))
424 continue;
425
426 /* since NSEC3s are base32.zonename, we can find the zone
427 * name by stripping off the first label of the record */
428 nm = list[i]->rk.dname;
429 nmlen = list[i]->rk.dname_len;
430 dname_remove_label(&nm, &nmlen);
431 /* if we find a domain that can prove about the qname,
432 * and if this domain is closer to the qname */
433 if(dname_subdomain_c(qinfo->qname, nm) && (!filter->zone ||
434 dname_subdomain_c(nm, filter->zone))) {
435 /* for a type DS do not accept a zone equal to qname*/
436 if(qinfo->qtype == LDNS_RR_TYPE_DS &&
437 query_dname_compare(qinfo->qname, nm) == 0 &&
438 !dname_is_root(qinfo->qname))
439 continue;
440 filter->zone = nm;
441 filter->zone_len = nmlen;
442 }
443 }
444 }
445
446 /**
447 * Find max iteration count using config settings and key size
448 * @param ve: validator environment with iteration count config settings.
449 * @param bits: key size
450 * @return max iteration count
451 */
452 static size_t
get_max_iter(struct val_env * ve,size_t bits)453 get_max_iter(struct val_env* ve, size_t bits)
454 {
455 int i;
456 log_assert(ve->nsec3_keyiter_count > 0);
457 /* round up to nearest config keysize, linear search, keep it small */
458 for(i=0; i<ve->nsec3_keyiter_count; i++) {
459 if(bits <= ve->nsec3_keysize[i])
460 return ve->nsec3_maxiter[i];
461 }
462 /* else, use value for biggest key */
463 return ve->nsec3_maxiter[ve->nsec3_keyiter_count-1];
464 }
465
466 /**
467 * Determine if any of the NSEC3 rrs iteration count is too high, from key.
468 * @param ve: validator environment with iteration count config settings.
469 * @param filter: what NSEC3s to loop over.
470 * @param kkey: key entry used for verification; used for iteration counts.
471 * @return 1 if some nsec3s are above the max iteration count.
472 */
473 static int
nsec3_iteration_count_high(struct val_env * ve,struct nsec3_filter * filter,struct key_entry_key * kkey)474 nsec3_iteration_count_high(struct val_env* ve, struct nsec3_filter* filter,
475 struct key_entry_key* kkey)
476 {
477 size_t rrsetnum;
478 int rrnum;
479 struct ub_packed_rrset_key* rrset;
480 /* first determine the max number of iterations */
481 size_t bits = key_entry_keysize(kkey);
482 size_t max_iter = get_max_iter(ve, bits);
483 verbose(VERB_ALGO, "nsec3: keysize %d bits, max iterations %d",
484 (int)bits, (int)max_iter);
485
486 for(rrset=filter_first(filter, &rrsetnum, &rrnum); rrset;
487 rrset=filter_next(filter, &rrsetnum, &rrnum)) {
488 if(nsec3_get_iter(rrset, rrnum) > max_iter)
489 return 1;
490 }
491 return 0;
492 }
493
494 /* nsec3_cache_compare for rbtree */
495 int
nsec3_hash_cmp(const void * c1,const void * c2)496 nsec3_hash_cmp(const void* c1, const void* c2)
497 {
498 struct nsec3_cached_hash* h1 = (struct nsec3_cached_hash*)c1;
499 struct nsec3_cached_hash* h2 = (struct nsec3_cached_hash*)c2;
500 uint8_t* s1, *s2;
501 size_t s1len, s2len;
502 int c = query_dname_compare(h1->dname, h2->dname);
503 if(c != 0)
504 return c;
505 /* compare parameters */
506 /* if both malformed, its equal, robustness */
507 if(nsec3_get_algo(h1->nsec3, h1->rr) !=
508 nsec3_get_algo(h2->nsec3, h2->rr)) {
509 if(nsec3_get_algo(h1->nsec3, h1->rr) <
510 nsec3_get_algo(h2->nsec3, h2->rr))
511 return -1;
512 return 1;
513 }
514 if(nsec3_get_iter(h1->nsec3, h1->rr) !=
515 nsec3_get_iter(h2->nsec3, h2->rr)) {
516 if(nsec3_get_iter(h1->nsec3, h1->rr) <
517 nsec3_get_iter(h2->nsec3, h2->rr))
518 return -1;
519 return 1;
520 }
521 (void)nsec3_get_salt(h1->nsec3, h1->rr, &s1, &s1len);
522 (void)nsec3_get_salt(h2->nsec3, h2->rr, &s2, &s2len);
523 if(s1len != s2len) {
524 if(s1len < s2len)
525 return -1;
526 return 1;
527 }
528 return memcmp(s1, s2, s1len);
529 }
530
531 size_t
nsec3_get_hashed(sldns_buffer * buf,uint8_t * nm,size_t nmlen,int algo,size_t iter,uint8_t * salt,size_t saltlen,uint8_t * res,size_t max)532 nsec3_get_hashed(sldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
533 size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
534 {
535 size_t i, hash_len;
536 /* prepare buffer for first iteration */
537 sldns_buffer_clear(buf);
538 sldns_buffer_write(buf, nm, nmlen);
539 query_dname_tolower(sldns_buffer_begin(buf));
540 sldns_buffer_write(buf, salt, saltlen);
541 sldns_buffer_flip(buf);
542 hash_len = nsec3_hash_algo_size_supported(algo);
543 if(hash_len == 0) {
544 log_err("nsec3 hash of unknown algo %d", algo);
545 return 0;
546 }
547 if(hash_len > max)
548 return 0;
549 if(!secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
550 sldns_buffer_limit(buf), (unsigned char*)res))
551 return 0;
552 for(i=0; i<iter; i++) {
553 sldns_buffer_clear(buf);
554 sldns_buffer_write(buf, res, hash_len);
555 sldns_buffer_write(buf, salt, saltlen);
556 sldns_buffer_flip(buf);
557 if(!secalgo_nsec3_hash(algo,
558 (unsigned char*)sldns_buffer_begin(buf),
559 sldns_buffer_limit(buf), (unsigned char*)res))
560 return 0;
561 }
562 return hash_len;
563 }
564
565 /** perform hash of name */
566 static int
nsec3_calc_hash(struct regional * region,sldns_buffer * buf,struct nsec3_cached_hash * c)567 nsec3_calc_hash(struct regional* region, sldns_buffer* buf,
568 struct nsec3_cached_hash* c)
569 {
570 int algo = nsec3_get_algo(c->nsec3, c->rr);
571 size_t iter = nsec3_get_iter(c->nsec3, c->rr);
572 uint8_t* salt;
573 size_t saltlen, i;
574 if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen))
575 return -1;
576 /* prepare buffer for first iteration */
577 sldns_buffer_clear(buf);
578 sldns_buffer_write(buf, c->dname, c->dname_len);
579 query_dname_tolower(sldns_buffer_begin(buf));
580 sldns_buffer_write(buf, salt, saltlen);
581 sldns_buffer_flip(buf);
582 c->hash_len = nsec3_hash_algo_size_supported(algo);
583 if(c->hash_len == 0) {
584 log_err("nsec3 hash of unknown algo %d", algo);
585 return -1;
586 }
587 c->hash = (uint8_t*)regional_alloc(region, c->hash_len);
588 if(!c->hash)
589 return 0;
590 (void)secalgo_nsec3_hash(algo, (unsigned char*)sldns_buffer_begin(buf),
591 sldns_buffer_limit(buf), (unsigned char*)c->hash);
592 for(i=0; i<iter; i++) {
593 sldns_buffer_clear(buf);
594 sldns_buffer_write(buf, c->hash, c->hash_len);
595 sldns_buffer_write(buf, salt, saltlen);
596 sldns_buffer_flip(buf);
597 (void)secalgo_nsec3_hash(algo,
598 (unsigned char*)sldns_buffer_begin(buf),
599 sldns_buffer_limit(buf), (unsigned char*)c->hash);
600 }
601 return 1;
602 }
603
604 /** perform b32 encoding of hash */
605 static int
nsec3_calc_b32(struct regional * region,sldns_buffer * buf,struct nsec3_cached_hash * c)606 nsec3_calc_b32(struct regional* region, sldns_buffer* buf,
607 struct nsec3_cached_hash* c)
608 {
609 int r;
610 sldns_buffer_clear(buf);
611 r = sldns_b32_ntop_extended_hex(c->hash, c->hash_len,
612 (char*)sldns_buffer_begin(buf), sldns_buffer_limit(buf));
613 if(r < 1) {
614 log_err("b32_ntop_extended_hex: error in encoding: %d", r);
615 return 0;
616 }
617 c->b32_len = (size_t)r;
618 c->b32 = regional_alloc_init(region, sldns_buffer_begin(buf),
619 c->b32_len);
620 if(!c->b32)
621 return 0;
622 return 1;
623 }
624
625 int
nsec3_hash_name(rbtree_t * table,struct regional * region,sldns_buffer * buf,struct ub_packed_rrset_key * nsec3,int rr,uint8_t * dname,size_t dname_len,struct nsec3_cached_hash ** hash)626 nsec3_hash_name(rbtree_t* table, struct regional* region, sldns_buffer* buf,
627 struct ub_packed_rrset_key* nsec3, int rr, uint8_t* dname,
628 size_t dname_len, struct nsec3_cached_hash** hash)
629 {
630 struct nsec3_cached_hash* c;
631 struct nsec3_cached_hash looki;
632 #ifdef UNBOUND_DEBUG
633 rbnode_t* n;
634 #endif
635 int r;
636 looki.node.key = &looki;
637 looki.nsec3 = nsec3;
638 looki.rr = rr;
639 looki.dname = dname;
640 looki.dname_len = dname_len;
641 /* lookup first in cache */
642 c = (struct nsec3_cached_hash*)rbtree_search(table, &looki);
643 if(c) {
644 *hash = c;
645 return 1;
646 }
647 /* create a new entry */
648 c = (struct nsec3_cached_hash*)regional_alloc(region, sizeof(*c));
649 if(!c) return 0;
650 c->node.key = c;
651 c->nsec3 = nsec3;
652 c->rr = rr;
653 c->dname = dname;
654 c->dname_len = dname_len;
655 r = nsec3_calc_hash(region, buf, c);
656 if(r != 1)
657 return r;
658 r = nsec3_calc_b32(region, buf, c);
659 if(r != 1)
660 return r;
661 #ifdef UNBOUND_DEBUG
662 n =
663 #else
664 (void)
665 #endif
666 rbtree_insert(table, &c->node);
667 log_assert(n); /* cannot be duplicate, just did lookup */
668 *hash = c;
669 return 1;
670 }
671
672 /**
673 * compare a label lowercased
674 */
675 static int
label_compare_lower(uint8_t * lab1,uint8_t * lab2,size_t lablen)676 label_compare_lower(uint8_t* lab1, uint8_t* lab2, size_t lablen)
677 {
678 size_t i;
679 for(i=0; i<lablen; i++) {
680 if(tolower((unsigned char)*lab1) != tolower((unsigned char)*lab2)) {
681 if(tolower((unsigned char)*lab1) < tolower((unsigned char)*lab2))
682 return -1;
683 return 1;
684 }
685 lab1++;
686 lab2++;
687 }
688 return 0;
689 }
690
691 /**
692 * Compare a hashed name with the owner name of an NSEC3 RRset.
693 * @param flt: filter with zone name.
694 * @param hash: the hashed name.
695 * @param s: rrset with owner name.
696 * @return true if matches exactly, false if not.
697 */
698 static int
nsec3_hash_matches_owner(struct nsec3_filter * flt,struct nsec3_cached_hash * hash,struct ub_packed_rrset_key * s)699 nsec3_hash_matches_owner(struct nsec3_filter* flt,
700 struct nsec3_cached_hash* hash, struct ub_packed_rrset_key* s)
701 {
702 uint8_t* nm = s->rk.dname;
703 /* compare, does hash of name based on params in this NSEC3
704 * match the owner name of this NSEC3?
705 * name must be: <hashlength>base32 . zone name
706 * so; first label must not be root label (not zero length),
707 * and match the b32 encoded hash length,
708 * and the label content match the b32 encoded hash
709 * and the rest must be the zone name.
710 */
711 if(hash->b32_len != 0 && (size_t)nm[0] == hash->b32_len &&
712 label_compare_lower(nm+1, hash->b32, hash->b32_len) == 0 &&
713 query_dname_compare(nm+(size_t)nm[0]+1, flt->zone) == 0) {
714 return 1;
715 }
716 return 0;
717 }
718
719 /**
720 * Find matching NSEC3
721 * Find the NSEC3Record that matches a hash of a name.
722 * @param env: module environment with temporary region and buffer.
723 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
724 * @param ct: cached hashes table.
725 * @param nm: name to look for.
726 * @param nmlen: length of name.
727 * @param rrset: nsec3 that matches is returned here.
728 * @param rr: rr number in nsec3 rrset that matches.
729 * @return true if a matching NSEC3 is found, false if not.
730 */
731 static int
find_matching_nsec3(struct module_env * env,struct nsec3_filter * flt,rbtree_t * ct,uint8_t * nm,size_t nmlen,struct ub_packed_rrset_key ** rrset,int * rr)732 find_matching_nsec3(struct module_env* env, struct nsec3_filter* flt,
733 rbtree_t* ct, uint8_t* nm, size_t nmlen,
734 struct ub_packed_rrset_key** rrset, int* rr)
735 {
736 size_t i_rs;
737 int i_rr;
738 struct ub_packed_rrset_key* s;
739 struct nsec3_cached_hash* hash;
740 int r;
741
742 /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */
743 for(s=filter_first(flt, &i_rs, &i_rr); s;
744 s=filter_next(flt, &i_rs, &i_rr)) {
745 /* get name hashed for this NSEC3 RR */
746 r = nsec3_hash_name(ct, env->scratch, env->scratch_buffer,
747 s, i_rr, nm, nmlen, &hash);
748 if(r == 0) {
749 log_err("nsec3: malloc failure");
750 break; /* alloc failure */
751 } else if(r < 0)
752 continue; /* malformed NSEC3 */
753 else if(nsec3_hash_matches_owner(flt, hash, s)) {
754 *rrset = s; /* rrset with this name */
755 *rr = i_rr; /* matches hash with these parameters */
756 return 1;
757 }
758 }
759 *rrset = NULL;
760 *rr = 0;
761 return 0;
762 }
763
764 int
nsec3_covers(uint8_t * zone,struct nsec3_cached_hash * hash,struct ub_packed_rrset_key * rrset,int rr,sldns_buffer * buf)765 nsec3_covers(uint8_t* zone, struct nsec3_cached_hash* hash,
766 struct ub_packed_rrset_key* rrset, int rr, sldns_buffer* buf)
767 {
768 uint8_t* next, *owner;
769 size_t nextlen;
770 int len;
771 if(!nsec3_get_nextowner(rrset, rr, &next, &nextlen))
772 return 0; /* malformed RR proves nothing */
773
774 /* check the owner name is a hashed value . apex
775 * base32 encoded values must have equal length.
776 * hash_value and next hash value must have equal length. */
777 if(nextlen != hash->hash_len || hash->hash_len==0||hash->b32_len==0||
778 (size_t)*rrset->rk.dname != hash->b32_len ||
779 query_dname_compare(rrset->rk.dname+1+
780 (size_t)*rrset->rk.dname, zone) != 0)
781 return 0; /* bad lengths or owner name */
782
783 /* This is the "normal case: owner < next and owner < hash < next */
784 if(label_compare_lower(rrset->rk.dname+1, hash->b32,
785 hash->b32_len) < 0 &&
786 memcmp(hash->hash, next, nextlen) < 0)
787 return 1;
788
789 /* convert owner name from text to binary */
790 sldns_buffer_clear(buf);
791 owner = sldns_buffer_begin(buf);
792 len = sldns_b32_pton_extended_hex((char*)rrset->rk.dname+1,
793 hash->b32_len, owner, sldns_buffer_limit(buf));
794 if(len<1)
795 return 0; /* bad owner name in some way */
796 if((size_t)len != hash->hash_len || (size_t)len != nextlen)
797 return 0; /* wrong length */
798
799 /* this is the end of zone case: next <= owner &&
800 * (hash > owner || hash < next)
801 * this also covers the only-apex case of next==owner.
802 */
803 if(memcmp(next, owner, nextlen) <= 0 &&
804 ( memcmp(hash->hash, owner, nextlen) > 0 ||
805 memcmp(hash->hash, next, nextlen) < 0)) {
806 return 1;
807 }
808 return 0;
809 }
810
811 /**
812 * findCoveringNSEC3
813 * Given a name, find a covering NSEC3 from among a list of NSEC3s.
814 *
815 * @param env: module environment with temporary region and buffer.
816 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
817 * @param ct: cached hashes table.
818 * @param nm: name to check if covered.
819 * @param nmlen: length of name.
820 * @param rrset: covering NSEC3 rrset is returned here.
821 * @param rr: rr of cover is returned here.
822 * @return true if a covering NSEC3 is found, false if not.
823 */
824 static int
find_covering_nsec3(struct module_env * env,struct nsec3_filter * flt,rbtree_t * ct,uint8_t * nm,size_t nmlen,struct ub_packed_rrset_key ** rrset,int * rr)825 find_covering_nsec3(struct module_env* env, struct nsec3_filter* flt,
826 rbtree_t* ct, uint8_t* nm, size_t nmlen,
827 struct ub_packed_rrset_key** rrset, int* rr)
828 {
829 size_t i_rs;
830 int i_rr;
831 struct ub_packed_rrset_key* s;
832 struct nsec3_cached_hash* hash;
833 int r;
834
835 /* this loop skips other-zone and unknown NSEC3s, also non-NSEC3 RRs */
836 for(s=filter_first(flt, &i_rs, &i_rr); s;
837 s=filter_next(flt, &i_rs, &i_rr)) {
838 /* get name hashed for this NSEC3 RR */
839 r = nsec3_hash_name(ct, env->scratch, env->scratch_buffer,
840 s, i_rr, nm, nmlen, &hash);
841 if(r == 0) {
842 log_err("nsec3: malloc failure");
843 break; /* alloc failure */
844 } else if(r < 0)
845 continue; /* malformed NSEC3 */
846 else if(nsec3_covers(flt->zone, hash, s, i_rr,
847 env->scratch_buffer)) {
848 *rrset = s; /* rrset with this name */
849 *rr = i_rr; /* covers hash with these parameters */
850 return 1;
851 }
852 }
853 *rrset = NULL;
854 *rr = 0;
855 return 0;
856 }
857
858 /**
859 * findClosestEncloser
860 * Given a name and a list of NSEC3s, find the candidate closest encloser.
861 * This will be the first ancestor of 'name' (including itself) to have a
862 * matching NSEC3 RR.
863 * @param env: module environment with temporary region and buffer.
864 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
865 * @param ct: cached hashes table.
866 * @param qinfo: query that is verified for.
867 * @param ce: closest encloser information is returned in here.
868 * @return true if a closest encloser candidate is found, false if not.
869 */
870 static int
nsec3_find_closest_encloser(struct module_env * env,struct nsec3_filter * flt,rbtree_t * ct,struct query_info * qinfo,struct ce_response * ce)871 nsec3_find_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
872 rbtree_t* ct, struct query_info* qinfo, struct ce_response* ce)
873 {
874 uint8_t* nm = qinfo->qname;
875 size_t nmlen = qinfo->qname_len;
876
877 /* This scans from longest name to shortest, so the first match
878 * we find is the only viable candidate. */
879
880 /* (David:) FIXME: modify so that the NSEC3 matching the zone apex need
881 * not be present. (Mark Andrews idea).
882 * (Wouter:) But make sure you check for DNAME bit in zone apex,
883 * if the NSEC3 you find is the only NSEC3 in the zone, then this
884 * may be the case. */
885
886 while(dname_subdomain_c(nm, flt->zone)) {
887 if(find_matching_nsec3(env, flt, ct, nm, nmlen,
888 &ce->ce_rrset, &ce->ce_rr)) {
889 ce->ce = nm;
890 ce->ce_len = nmlen;
891 return 1;
892 }
893 dname_remove_label(&nm, &nmlen);
894 }
895 return 0;
896 }
897
898 /**
899 * Given a qname and its proven closest encloser, calculate the "next
900 * closest" name. Basically, this is the name that is one label longer than
901 * the closest encloser that is still a subdomain of qname.
902 *
903 * @param qname: query name.
904 * @param qnamelen: length of qname.
905 * @param ce: closest encloser
906 * @param nm: result name.
907 * @param nmlen: length of nm.
908 */
909 static void
next_closer(uint8_t * qname,size_t qnamelen,uint8_t * ce,uint8_t ** nm,size_t * nmlen)910 next_closer(uint8_t* qname, size_t qnamelen, uint8_t* ce,
911 uint8_t** nm, size_t* nmlen)
912 {
913 int strip = dname_count_labels(qname) - dname_count_labels(ce) -1;
914 *nm = qname;
915 *nmlen = qnamelen;
916 if(strip>0)
917 dname_remove_labels(nm, nmlen, strip);
918 }
919
920 /**
921 * proveClosestEncloser
922 * Given a List of nsec3 RRs, find and prove the closest encloser to qname.
923 * @param env: module environment with temporary region and buffer.
924 * @param flt: the NSEC3 RR filter, contains zone name and RRs.
925 * @param ct: cached hashes table.
926 * @param qinfo: query that is verified for.
927 * @param prove_does_not_exist: If true, then if the closest encloser
928 * turns out to be qname, then null is returned.
929 * If set true, and the return value is true, then you can be
930 * certain that the ce.nc_rrset and ce.nc_rr are set properly.
931 * @param ce: closest encloser information is returned in here.
932 * @return bogus if no closest encloser could be proven.
933 * secure if a closest encloser could be proven, ce is set.
934 * insecure if the closest-encloser candidate turns out to prove
935 * that an insecure delegation exists above the qname.
936 */
937 static enum sec_status
nsec3_prove_closest_encloser(struct module_env * env,struct nsec3_filter * flt,rbtree_t * ct,struct query_info * qinfo,int prove_does_not_exist,struct ce_response * ce)938 nsec3_prove_closest_encloser(struct module_env* env, struct nsec3_filter* flt,
939 rbtree_t* ct, struct query_info* qinfo, int prove_does_not_exist,
940 struct ce_response* ce)
941 {
942 uint8_t* nc;
943 size_t nc_len;
944 /* robust: clean out ce, in case it gets abused later */
945 memset(ce, 0, sizeof(*ce));
946
947 if(!nsec3_find_closest_encloser(env, flt, ct, qinfo, ce)) {
948 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: could "
949 "not find a candidate for the closest encloser.");
950 return sec_status_bogus;
951 }
952 log_nametypeclass(VERB_ALGO, "ce candidate", ce->ce, 0, 0);
953
954 if(query_dname_compare(ce->ce, qinfo->qname) == 0) {
955 if(prove_does_not_exist) {
956 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: "
957 "proved that qname existed, bad");
958 return sec_status_bogus;
959 }
960 /* otherwise, we need to nothing else to prove that qname
961 * is its own closest encloser. */
962 return sec_status_secure;
963 }
964
965 /* If the closest encloser is actually a delegation, then the
966 * response should have been a referral. If it is a DNAME, then
967 * it should have been a DNAME response. */
968 if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_NS) &&
969 !nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_SOA)) {
970 if(!nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DS)) {
971 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: "
972 "closest encloser is insecure delegation");
973 return sec_status_insecure;
974 }
975 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest "
976 "encloser was a delegation, bad");
977 return sec_status_bogus;
978 }
979 if(nsec3_has_type(ce->ce_rrset, ce->ce_rr, LDNS_RR_TYPE_DNAME)) {
980 verbose(VERB_ALGO, "nsec3 proveClosestEncloser: closest "
981 "encloser was a DNAME, bad");
982 return sec_status_bogus;
983 }
984
985 /* Otherwise, we need to show that the next closer name is covered. */
986 next_closer(qinfo->qname, qinfo->qname_len, ce->ce, &nc, &nc_len);
987 if(!find_covering_nsec3(env, flt, ct, nc, nc_len,
988 &ce->nc_rrset, &ce->nc_rr)) {
989 verbose(VERB_ALGO, "nsec3: Could not find proof that the "
990 "candidate encloser was the closest encloser");
991 return sec_status_bogus;
992 }
993 return sec_status_secure;
994 }
995
996 /** allocate a wildcard for the closest encloser */
997 static uint8_t*
nsec3_ce_wildcard(struct regional * region,uint8_t * ce,size_t celen,size_t * len)998 nsec3_ce_wildcard(struct regional* region, uint8_t* ce, size_t celen,
999 size_t* len)
1000 {
1001 uint8_t* nm;
1002 if(celen > LDNS_MAX_DOMAINLEN - 2)
1003 return 0; /* too long */
1004 nm = (uint8_t*)regional_alloc(region, celen+2);
1005 if(!nm) {
1006 log_err("nsec3 wildcard: out of memory");
1007 return 0; /* alloc failure */
1008 }
1009 nm[0] = 1;
1010 nm[1] = (uint8_t)'*'; /* wildcard label */
1011 memmove(nm+2, ce, celen);
1012 *len = celen+2;
1013 return nm;
1014 }
1015
1016 /** Do the name error proof */
1017 static enum sec_status
nsec3_do_prove_nameerror(struct module_env * env,struct nsec3_filter * flt,rbtree_t * ct,struct query_info * qinfo)1018 nsec3_do_prove_nameerror(struct module_env* env, struct nsec3_filter* flt,
1019 rbtree_t* ct, struct query_info* qinfo)
1020 {
1021 struct ce_response ce;
1022 uint8_t* wc;
1023 size_t wclen;
1024 struct ub_packed_rrset_key* wc_rrset;
1025 int wc_rr;
1026 enum sec_status sec;
1027
1028 /* First locate and prove the closest encloser to qname. We will
1029 * use the variant that fails if the closest encloser turns out
1030 * to be qname. */
1031 sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce);
1032 if(sec != sec_status_secure) {
1033 if(sec == sec_status_bogus)
1034 verbose(VERB_ALGO, "nsec3 nameerror proof: failed "
1035 "to prove a closest encloser");
1036 else verbose(VERB_ALGO, "nsec3 nameerror proof: closest "
1037 "nsec3 is an insecure delegation");
1038 return sec;
1039 }
1040 log_nametypeclass(VERB_ALGO, "nsec3 namerror: proven ce=", ce.ce,0,0);
1041
1042 /* At this point, we know that qname does not exist. Now we need
1043 * to prove that the wildcard does not exist. */
1044 log_assert(ce.ce);
1045 wc = nsec3_ce_wildcard(env->scratch, ce.ce, ce.ce_len, &wclen);
1046 if(!wc || !find_covering_nsec3(env, flt, ct, wc, wclen,
1047 &wc_rrset, &wc_rr)) {
1048 verbose(VERB_ALGO, "nsec3 nameerror proof: could not prove "
1049 "that the applicable wildcard did not exist.");
1050 return sec_status_bogus;
1051 }
1052
1053 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1054 verbose(VERB_ALGO, "nsec3 nameerror proof: nc has optout");
1055 return sec_status_insecure;
1056 }
1057 return sec_status_secure;
1058 }
1059
1060 enum sec_status
nsec3_prove_nameerror(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey)1061 nsec3_prove_nameerror(struct module_env* env, struct val_env* ve,
1062 struct ub_packed_rrset_key** list, size_t num,
1063 struct query_info* qinfo, struct key_entry_key* kkey)
1064 {
1065 rbtree_t ct;
1066 struct nsec3_filter flt;
1067
1068 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1069 return sec_status_bogus; /* no valid NSEC3s, bogus */
1070 rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */
1071 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1072 if(!flt.zone)
1073 return sec_status_bogus; /* no RRs */
1074 if(nsec3_iteration_count_high(ve, &flt, kkey))
1075 return sec_status_insecure; /* iteration count too high */
1076 log_nametypeclass(VERB_ALGO, "start nsec3 nameerror proof, zone",
1077 flt.zone, 0, 0);
1078 return nsec3_do_prove_nameerror(env, &flt, &ct, qinfo);
1079 }
1080
1081 /*
1082 * No code to handle qtype=NSEC3 specially.
1083 * This existed in early drafts, but was later (-05) removed.
1084 */
1085
1086 /** Do the nodata proof */
1087 static enum sec_status
nsec3_do_prove_nodata(struct module_env * env,struct nsec3_filter * flt,rbtree_t * ct,struct query_info * qinfo)1088 nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt,
1089 rbtree_t* ct, struct query_info* qinfo)
1090 {
1091 struct ce_response ce;
1092 uint8_t* wc;
1093 size_t wclen;
1094 struct ub_packed_rrset_key* rrset;
1095 int rr;
1096 enum sec_status sec;
1097
1098 if(find_matching_nsec3(env, flt, ct, qinfo->qname, qinfo->qname_len,
1099 &rrset, &rr)) {
1100 /* cases 1 and 2 */
1101 if(nsec3_has_type(rrset, rr, qinfo->qtype)) {
1102 verbose(VERB_ALGO, "proveNodata: Matching NSEC3 "
1103 "proved that type existed, bogus");
1104 return sec_status_bogus;
1105 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) {
1106 verbose(VERB_ALGO, "proveNodata: Matching NSEC3 "
1107 "proved that a CNAME existed, bogus");
1108 return sec_status_bogus;
1109 }
1110
1111 /*
1112 * If type DS: filter_init zone find already found a parent
1113 * zone, so this nsec3 is from a parent zone.
1114 * o can be not a delegation (unusual query for normal name,
1115 * no DS anyway, but we can verify that).
1116 * o can be a delegation (which is the usual DS check).
1117 * o may not have the SOA bit set (only the top of the
1118 * zone, which must have been above the name, has that).
1119 * Except for the root; which is checked by itself.
1120 *
1121 * If not type DS: matching nsec3 must not be a delegation.
1122 */
1123 if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
1124 && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
1125 !dname_is_root(qinfo->qname)) {
1126 verbose(VERB_ALGO, "proveNodata: apex NSEC3 "
1127 "abused for no DS proof, bogus");
1128 return sec_status_bogus;
1129 } else if(qinfo->qtype != LDNS_RR_TYPE_DS &&
1130 nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) &&
1131 !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
1132 if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) {
1133 verbose(VERB_ALGO, "proveNodata: matching "
1134 "NSEC3 is insecure delegation");
1135 return sec_status_insecure;
1136 }
1137 verbose(VERB_ALGO, "proveNodata: matching "
1138 "NSEC3 is a delegation, bogus");
1139 return sec_status_bogus;
1140 }
1141 return sec_status_secure;
1142 }
1143
1144 /* For cases 3 - 5, we need the proven closest encloser, and it
1145 * can't match qname. Although, at this point, we know that it
1146 * won't since we just checked that. */
1147 sec = nsec3_prove_closest_encloser(env, flt, ct, qinfo, 1, &ce);
1148 if(sec == sec_status_bogus) {
1149 verbose(VERB_ALGO, "proveNodata: did not match qname, "
1150 "nor found a proven closest encloser.");
1151 return sec_status_bogus;
1152 } else if(sec==sec_status_insecure && qinfo->qtype!=LDNS_RR_TYPE_DS){
1153 verbose(VERB_ALGO, "proveNodata: closest nsec3 is insecure "
1154 "delegation.");
1155 return sec_status_insecure;
1156 }
1157
1158 /* Case 3: removed */
1159
1160 /* Case 4: */
1161 log_assert(ce.ce);
1162 wc = nsec3_ce_wildcard(env->scratch, ce.ce, ce.ce_len, &wclen);
1163 if(wc && find_matching_nsec3(env, flt, ct, wc, wclen, &rrset, &rr)) {
1164 /* found wildcard */
1165 if(nsec3_has_type(rrset, rr, qinfo->qtype)) {
1166 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1167 "wildcard had qtype, bogus");
1168 return sec_status_bogus;
1169 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_CNAME)) {
1170 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1171 "wildcard had a CNAME, bogus");
1172 return sec_status_bogus;
1173 }
1174 if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
1175 && nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
1176 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1177 "wildcard for no DS proof has a SOA, bogus");
1178 return sec_status_bogus;
1179 } else if(qinfo->qtype != LDNS_RR_TYPE_DS &&
1180 nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS) &&
1181 !nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA)) {
1182 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1183 "wilcard is a delegation, bogus");
1184 return sec_status_bogus;
1185 }
1186 /* everything is peachy keen, except for optout spans */
1187 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1188 verbose(VERB_ALGO, "nsec3 nodata proof: matching "
1189 "wildcard is in optout range, insecure");
1190 return sec_status_insecure;
1191 }
1192 return sec_status_secure;
1193 }
1194
1195 /* Case 5: */
1196 /* Due to forwarders, cnames, and other collating effects, we
1197 * can see the ordinary unsigned data from a zone beneath an
1198 * insecure delegation under an optout here */
1199 if(!ce.nc_rrset) {
1200 verbose(VERB_ALGO, "nsec3 nodata proof: no next closer nsec3");
1201 return sec_status_bogus;
1202 }
1203
1204 /* We need to make sure that the covering NSEC3 is opt-out. */
1205 log_assert(ce.nc_rrset);
1206 if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1207 if(qinfo->qtype == LDNS_RR_TYPE_DS)
1208 verbose(VERB_ALGO, "proveNodata: covering NSEC3 was not "
1209 "opt-out in an opt-out DS NOERROR/NODATA case.");
1210 else verbose(VERB_ALGO, "proveNodata: could not find matching "
1211 "NSEC3, nor matching wildcard, nor optout NSEC3 "
1212 "-- no more options, bogus.");
1213 return sec_status_bogus;
1214 }
1215 /* RFC5155 section 9.2: if nc has optout then no AD flag set */
1216 return sec_status_insecure;
1217 }
1218
1219 enum sec_status
nsec3_prove_nodata(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey)1220 nsec3_prove_nodata(struct module_env* env, struct val_env* ve,
1221 struct ub_packed_rrset_key** list, size_t num,
1222 struct query_info* qinfo, struct key_entry_key* kkey)
1223 {
1224 rbtree_t ct;
1225 struct nsec3_filter flt;
1226
1227 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1228 return sec_status_bogus; /* no valid NSEC3s, bogus */
1229 rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */
1230 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1231 if(!flt.zone)
1232 return sec_status_bogus; /* no RRs */
1233 if(nsec3_iteration_count_high(ve, &flt, kkey))
1234 return sec_status_insecure; /* iteration count too high */
1235 return nsec3_do_prove_nodata(env, &flt, &ct, qinfo);
1236 }
1237
1238 enum sec_status
nsec3_prove_wildcard(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,uint8_t * wc)1239 nsec3_prove_wildcard(struct module_env* env, struct val_env* ve,
1240 struct ub_packed_rrset_key** list, size_t num,
1241 struct query_info* qinfo, struct key_entry_key* kkey, uint8_t* wc)
1242 {
1243 rbtree_t ct;
1244 struct nsec3_filter flt;
1245 struct ce_response ce;
1246 uint8_t* nc;
1247 size_t nc_len;
1248 size_t wclen;
1249 (void)dname_count_size_labels(wc, &wclen);
1250
1251 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1252 return sec_status_bogus; /* no valid NSEC3s, bogus */
1253 rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */
1254 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1255 if(!flt.zone)
1256 return sec_status_bogus; /* no RRs */
1257 if(nsec3_iteration_count_high(ve, &flt, kkey))
1258 return sec_status_insecure; /* iteration count too high */
1259
1260 /* We know what the (purported) closest encloser is by just
1261 * looking at the supposed generating wildcard.
1262 * The *. has already been removed from the wc name.
1263 */
1264 memset(&ce, 0, sizeof(ce));
1265 ce.ce = wc;
1266 ce.ce_len = wclen;
1267
1268 /* Now we still need to prove that the original data did not exist.
1269 * Otherwise, we need to show that the next closer name is covered. */
1270 next_closer(qinfo->qname, qinfo->qname_len, ce.ce, &nc, &nc_len);
1271 if(!find_covering_nsec3(env, &flt, &ct, nc, nc_len,
1272 &ce.nc_rrset, &ce.nc_rr)) {
1273 verbose(VERB_ALGO, "proveWildcard: did not find a covering "
1274 "NSEC3 that covered the next closer name.");
1275 return sec_status_bogus;
1276 }
1277 if(ce.nc_rrset && nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1278 verbose(VERB_ALGO, "proveWildcard: NSEC3 optout");
1279 return sec_status_insecure;
1280 }
1281 return sec_status_secure;
1282 }
1283
1284 /** test if list is all secure */
1285 static int
list_is_secure(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct key_entry_key * kkey,char ** reason)1286 list_is_secure(struct module_env* env, struct val_env* ve,
1287 struct ub_packed_rrset_key** list, size_t num,
1288 struct key_entry_key* kkey, char** reason)
1289 {
1290 struct packed_rrset_data* d;
1291 size_t i;
1292 for(i=0; i<num; i++) {
1293 d = (struct packed_rrset_data*)list[i]->entry.data;
1294 if(list[i]->rk.type != htons(LDNS_RR_TYPE_NSEC3))
1295 continue;
1296 if(d->security == sec_status_secure)
1297 continue;
1298 rrset_check_sec_status(env->rrset_cache, list[i], *env->now);
1299 if(d->security == sec_status_secure)
1300 continue;
1301 d->security = val_verify_rrset_entry(env, ve, list[i], kkey,
1302 reason);
1303 if(d->security != sec_status_secure) {
1304 verbose(VERB_ALGO, "NSEC3 did not verify");
1305 return 0;
1306 }
1307 rrset_update_sec_status(env->rrset_cache, list[i], *env->now);
1308 }
1309 return 1;
1310 }
1311
1312 enum sec_status
nsec3_prove_nods(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,char ** reason)1313 nsec3_prove_nods(struct module_env* env, struct val_env* ve,
1314 struct ub_packed_rrset_key** list, size_t num,
1315 struct query_info* qinfo, struct key_entry_key* kkey, char** reason)
1316 {
1317 rbtree_t ct;
1318 struct nsec3_filter flt;
1319 struct ce_response ce;
1320 struct ub_packed_rrset_key* rrset;
1321 int rr;
1322 log_assert(qinfo->qtype == LDNS_RR_TYPE_DS);
1323
1324 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey)) {
1325 *reason = "no valid NSEC3s";
1326 return sec_status_bogus; /* no valid NSEC3s, bogus */
1327 }
1328 if(!list_is_secure(env, ve, list, num, kkey, reason))
1329 return sec_status_bogus; /* not all NSEC3 records secure */
1330 rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */
1331 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1332 if(!flt.zone) {
1333 *reason = "no NSEC3 records";
1334 return sec_status_bogus; /* no RRs */
1335 }
1336 if(nsec3_iteration_count_high(ve, &flt, kkey))
1337 return sec_status_insecure; /* iteration count too high */
1338
1339 /* Look for a matching NSEC3 to qname -- this is the normal
1340 * NODATA case. */
1341 if(find_matching_nsec3(env, &flt, &ct, qinfo->qname, qinfo->qname_len,
1342 &rrset, &rr)) {
1343 /* If the matching NSEC3 has the SOA bit set, it is from
1344 * the wrong zone (the child instead of the parent). If
1345 * it has the DS bit set, then we were lied to. */
1346 if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
1347 qinfo->qname_len != 1) {
1348 verbose(VERB_ALGO, "nsec3 provenods: NSEC3 is from"
1349 " child zone, bogus");
1350 *reason = "NSEC3 from child zone";
1351 return sec_status_bogus;
1352 } else if(nsec3_has_type(rrset, rr, LDNS_RR_TYPE_DS)) {
1353 verbose(VERB_ALGO, "nsec3 provenods: NSEC3 has qtype"
1354 " DS, bogus");
1355 *reason = "NSEC3 has DS in bitmap";
1356 return sec_status_bogus;
1357 }
1358 /* If the NSEC3 RR doesn't have the NS bit set, then
1359 * this wasn't a delegation point. */
1360 if(!nsec3_has_type(rrset, rr, LDNS_RR_TYPE_NS))
1361 return sec_status_indeterminate;
1362 /* Otherwise, this proves no DS. */
1363 return sec_status_secure;
1364 }
1365
1366 /* Otherwise, we are probably in the opt-out case. */
1367 if(nsec3_prove_closest_encloser(env, &flt, &ct, qinfo, 1, &ce)
1368 != sec_status_secure) {
1369 /* an insecure delegation *above* the qname does not prove
1370 * anything about this qname exactly, and bogus is bogus */
1371 verbose(VERB_ALGO, "nsec3 provenods: did not match qname, "
1372 "nor found a proven closest encloser.");
1373 *reason = "no NSEC3 closest encloser";
1374 return sec_status_bogus;
1375 }
1376
1377 /* robust extra check */
1378 if(!ce.nc_rrset) {
1379 verbose(VERB_ALGO, "nsec3 nods proof: no next closer nsec3");
1380 *reason = "no NSEC3 next closer";
1381 return sec_status_bogus;
1382 }
1383
1384 /* we had the closest encloser proof, then we need to check that the
1385 * covering NSEC3 was opt-out -- the proveClosestEncloser step already
1386 * checked to see if the closest encloser was a delegation or DNAME.
1387 */
1388 log_assert(ce.nc_rrset);
1389 if(!nsec3_has_optout(ce.nc_rrset, ce.nc_rr)) {
1390 verbose(VERB_ALGO, "nsec3 provenods: covering NSEC3 was not "
1391 "opt-out in an opt-out DS NOERROR/NODATA case.");
1392 *reason = "covering NSEC3 was not opt-out in an opt-out "
1393 "DS NOERROR/NODATA case";
1394 return sec_status_bogus;
1395 }
1396 /* RFC5155 section 9.2: if nc has optout then no AD flag set */
1397 return sec_status_insecure;
1398 }
1399
1400 enum sec_status
nsec3_prove_nxornodata(struct module_env * env,struct val_env * ve,struct ub_packed_rrset_key ** list,size_t num,struct query_info * qinfo,struct key_entry_key * kkey,int * nodata)1401 nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve,
1402 struct ub_packed_rrset_key** list, size_t num,
1403 struct query_info* qinfo, struct key_entry_key* kkey, int* nodata)
1404 {
1405 enum sec_status sec, secnx;
1406 rbtree_t ct;
1407 struct nsec3_filter flt;
1408 *nodata = 0;
1409
1410 if(!list || num == 0 || !kkey || !key_entry_isgood(kkey))
1411 return sec_status_bogus; /* no valid NSEC3s, bogus */
1412 rbtree_init(&ct, &nsec3_hash_cmp); /* init names-to-hash cache */
1413 filter_init(&flt, list, num, qinfo); /* init RR iterator */
1414 if(!flt.zone)
1415 return sec_status_bogus; /* no RRs */
1416 if(nsec3_iteration_count_high(ve, &flt, kkey))
1417 return sec_status_insecure; /* iteration count too high */
1418
1419 /* try nxdomain and nodata after another, while keeping the
1420 * hash cache intact */
1421
1422 secnx = nsec3_do_prove_nameerror(env, &flt, &ct, qinfo);
1423 if(secnx==sec_status_secure)
1424 return sec_status_secure;
1425 sec = nsec3_do_prove_nodata(env, &flt, &ct, qinfo);
1426 if(sec==sec_status_secure) {
1427 *nodata = 1;
1428 } else if(sec == sec_status_insecure) {
1429 *nodata = 1;
1430 } else if(secnx == sec_status_insecure) {
1431 sec = sec_status_insecure;
1432 }
1433 return sec;
1434 }
1435