1 /* $NetBSD: ns_verify.c,v 1.1.1.2 2012/09/09 16:08:04 christos Exp $ */
2
3 /*
4 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (c) 1999 by Internet Software Consortium, Inc.
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
17 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 #ifndef lint
21 static const char rcsid[] = "Id: ns_verify.c,v 1.5 2006/03/09 23:57:56 marka Exp ";
22 #endif
23
24 /* Import. */
25
26 #include "port_before.h"
27 #include "fd_setsize.h"
28
29 #include <sys/types.h>
30 #include <sys/param.h>
31
32 #include <netinet/in.h>
33 #include <arpa/nameser.h>
34 #include <arpa/inet.h>
35
36 #include <errno.h>
37 #include <netdb.h>
38 #include <resolv.h>
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <time.h>
43 #include <unistd.h>
44
45 #include <isc/dst.h>
46
47 #include "port_after.h"
48
49 /* Private. */
50
51 #define BOUNDS_CHECK(ptr, count) \
52 do { \
53 if ((ptr) + (count) > eom) { \
54 return (NS_TSIG_ERROR_FORMERR); \
55 } \
56 } while (0)
57
58 /* Public. */
59
60 u_char *
ns_find_tsig(u_char * msg,u_char * eom)61 ns_find_tsig(u_char *msg, u_char *eom) {
62 HEADER *hp = (HEADER *)msg;
63 int n, type;
64 u_char *cp = msg, *start;
65
66 if (msg == NULL || eom == NULL || msg > eom)
67 return (NULL);
68
69 if (cp + HFIXEDSZ >= eom)
70 return (NULL);
71
72 if (hp->arcount == 0)
73 return (NULL);
74
75 cp += HFIXEDSZ;
76
77 n = ns_skiprr(cp, eom, ns_s_qd, ntohs(hp->qdcount));
78 if (n < 0)
79 return (NULL);
80 cp += n;
81
82 n = ns_skiprr(cp, eom, ns_s_an, ntohs(hp->ancount));
83 if (n < 0)
84 return (NULL);
85 cp += n;
86
87 n = ns_skiprr(cp, eom, ns_s_ns, ntohs(hp->nscount));
88 if (n < 0)
89 return (NULL);
90 cp += n;
91
92 n = ns_skiprr(cp, eom, ns_s_ar, ntohs(hp->arcount) - 1);
93 if (n < 0)
94 return (NULL);
95 cp += n;
96
97 start = cp;
98 n = dn_skipname(cp, eom);
99 if (n < 0)
100 return (NULL);
101 cp += n;
102 if (cp + INT16SZ >= eom)
103 return (NULL);
104
105 GETSHORT(type, cp);
106 if (type != ns_t_tsig)
107 return (NULL);
108 return (start);
109 }
110
111 /* ns_verify
112 *
113 * Parameters:
114 *\li statp res stuff
115 *\li msg received message
116 *\li msglen length of message
117 *\li key tsig key used for verifying.
118 *\li querysig (response), the signature in the query
119 *\li querysiglen (response), the length of the signature in the query
120 *\li sig (query), a buffer to hold the signature
121 *\li siglen (query), input - length of signature buffer
122 * output - length of signature
123 *
124 * Errors:
125 *\li - bad input (-1)
126 *\li - invalid dns message (NS_TSIG_ERROR_FORMERR)
127 *\li - TSIG is not present (NS_TSIG_ERROR_NO_TSIG)
128 *\li - key doesn't match (-ns_r_badkey)
129 *\li - TSIG verification fails with BADKEY (-ns_r_badkey)
130 *\li - TSIG verification fails with BADSIG (-ns_r_badsig)
131 *\li - TSIG verification fails with BADTIME (-ns_r_badtime)
132 *\li - TSIG verification succeeds, error set to BAKEY (ns_r_badkey)
133 *\li - TSIG verification succeeds, error set to BADSIG (ns_r_badsig)
134 *\li - TSIG verification succeeds, error set to BADTIME (ns_r_badtime)
135 */
136 int
ns_verify(u_char * msg,int * msglen,void * k,const u_char * querysig,int querysiglen,u_char * sig,int * siglen,time_t * timesigned,int nostrip)137 ns_verify(u_char *msg, int *msglen, void *k,
138 const u_char *querysig, int querysiglen, u_char *sig, int *siglen,
139 time_t *timesigned, int nostrip)
140 {
141 HEADER *hp = (HEADER *)msg;
142 DST_KEY *key = (DST_KEY *)k;
143 u_char *cp = msg, *eom;
144 char name[MAXDNAME], alg[MAXDNAME];
145 u_char *recstart, *rdatastart;
146 u_char *sigstart, *otherstart;
147 int n;
148 int error;
149 u_int16_t type, length;
150 u_int16_t fudge, sigfieldlen, otherfieldlen;
151
152 dst_init();
153 if (msg == NULL || msglen == NULL || *msglen < 0)
154 return (-1);
155
156 eom = msg + *msglen;
157
158 recstart = ns_find_tsig(msg, eom);
159 if (recstart == NULL)
160 return (NS_TSIG_ERROR_NO_TSIG);
161
162 cp = recstart;
163
164 /* Read the key name. */
165 n = dn_expand(msg, eom, cp, name, MAXDNAME);
166 if (n < 0)
167 return (NS_TSIG_ERROR_FORMERR);
168 cp += n;
169
170 /* Read the type. */
171 BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);
172 GETSHORT(type, cp);
173 if (type != ns_t_tsig)
174 return (NS_TSIG_ERROR_NO_TSIG);
175
176 /* Skip the class and TTL, save the length. */
177 cp += INT16SZ + INT32SZ;
178 GETSHORT(length, cp);
179 if (eom - cp != length)
180 return (NS_TSIG_ERROR_FORMERR);
181
182 /* Read the algorithm name. */
183 rdatastart = cp;
184 n = dn_expand(msg, eom, cp, alg, MAXDNAME);
185 if (n < 0)
186 return (NS_TSIG_ERROR_FORMERR);
187 if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1)
188 return (-ns_r_badkey);
189 cp += n;
190
191 /* Read the time signed and fudge. */
192 BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);
193 cp += INT16SZ;
194 GETLONG((*timesigned), cp);
195 GETSHORT(fudge, cp);
196
197 /* Read the signature. */
198 BOUNDS_CHECK(cp, INT16SZ);
199 GETSHORT(sigfieldlen, cp);
200 BOUNDS_CHECK(cp, sigfieldlen);
201 sigstart = cp;
202 cp += sigfieldlen;
203
204 /* Skip id and read error. */
205 BOUNDS_CHECK(cp, 2*INT16SZ);
206 cp += INT16SZ;
207 GETSHORT(error, cp);
208
209 /* Parse the other data. */
210 BOUNDS_CHECK(cp, INT16SZ);
211 GETSHORT(otherfieldlen, cp);
212 BOUNDS_CHECK(cp, otherfieldlen);
213 otherstart = cp;
214 cp += otherfieldlen;
215
216 if (cp != eom)
217 return (NS_TSIG_ERROR_FORMERR);
218
219 /* Verify that the key used is OK. */
220 if (key != NULL) {
221 if (key->dk_alg != KEY_HMAC_MD5)
222 return (-ns_r_badkey);
223 if (error != ns_r_badsig && error != ns_r_badkey) {
224 if (ns_samename(key->dk_key_name, name) != 1)
225 return (-ns_r_badkey);
226 }
227 }
228
229 hp->arcount = htons(ntohs(hp->arcount) - 1);
230
231 /*
232 * Do the verification.
233 */
234
235 if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) {
236 void *ctx;
237 u_char buf[MAXDNAME];
238 u_char buf2[MAXDNAME];
239
240 /* Digest the query signature, if this is a response. */
241 dst_verify_data(SIG_MODE_INIT, key, &ctx, NULL, 0, NULL, 0);
242 if (querysiglen > 0 && querysig != NULL) {
243 u_int16_t len_n = htons(querysiglen);
244 dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
245 (u_char *)&len_n, INT16SZ, NULL, 0);
246 dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
247 querysig, querysiglen, NULL, 0);
248 }
249
250 /* Digest the message. */
251 dst_verify_data(SIG_MODE_UPDATE, key, &ctx, msg, recstart - msg,
252 NULL, 0);
253
254 /* Digest the key name. */
255 n = ns_name_pton(name, buf2, sizeof(buf2));
256 if (n < 0)
257 return (-1);
258 n = ns_name_ntol(buf2, buf, sizeof(buf));
259 if (n < 0)
260 return (-1);
261 dst_verify_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0);
262
263 /* Digest the class and TTL. */
264 dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
265 recstart + dn_skipname(recstart, eom) + INT16SZ,
266 INT16SZ + INT32SZ, NULL, 0);
267
268 /* Digest the algorithm. */
269 n = ns_name_pton(alg, buf2, sizeof(buf2));
270 if (n < 0)
271 return (-1);
272 n = ns_name_ntol(buf2, buf, sizeof(buf));
273 if (n < 0)
274 return (-1);
275 dst_verify_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0);
276
277 /* Digest the time signed and fudge. */
278 dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
279 rdatastart + dn_skipname(rdatastart, eom),
280 INT16SZ + INT32SZ + INT16SZ, NULL, 0);
281
282 /* Digest the error and other data. */
283 dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
284 otherstart - INT16SZ - INT16SZ,
285 otherfieldlen + INT16SZ + INT16SZ, NULL, 0);
286
287 n = dst_verify_data(SIG_MODE_FINAL, key, &ctx, NULL, 0,
288 sigstart, sigfieldlen);
289
290 if (n < 0)
291 return (-ns_r_badsig);
292
293 if (sig != NULL && siglen != NULL) {
294 if (*siglen < sigfieldlen)
295 return (NS_TSIG_ERROR_NO_SPACE);
296 memcpy(sig, sigstart, sigfieldlen);
297 *siglen = sigfieldlen;
298 }
299 } else {
300 if (sigfieldlen > 0)
301 return (NS_TSIG_ERROR_FORMERR);
302 if (sig != NULL && siglen != NULL)
303 *siglen = 0;
304 }
305
306 /* Reset the counter, since we still need to check for badtime. */
307 hp->arcount = htons(ntohs(hp->arcount) + 1);
308
309 /* Verify the time. */
310 if (abs((*timesigned) - time(NULL)) > fudge)
311 return (-ns_r_badtime);
312
313 if (nostrip == 0) {
314 *msglen = recstart - msg;
315 hp->arcount = htons(ntohs(hp->arcount) - 1);
316 }
317
318 if (error != NOERROR)
319 return (error);
320
321 return (0);
322 }
323
324 int
ns_verify_tcp_init(void * k,const u_char * querysig,int querysiglen,ns_tcp_tsig_state * state)325 ns_verify_tcp_init(void *k, const u_char *querysig, int querysiglen,
326 ns_tcp_tsig_state *state)
327 {
328 dst_init();
329 if (state == NULL || k == NULL || querysig == NULL || querysiglen < 0)
330 return (-1);
331 state->counter = -1;
332 state->key = k;
333 if (state->key->dk_alg != KEY_HMAC_MD5)
334 return (-ns_r_badkey);
335 if (querysiglen > (int)sizeof(state->sig))
336 return (-1);
337 memcpy(state->sig, querysig, querysiglen);
338 state->siglen = querysiglen;
339 return (0);
340 }
341
342 int
ns_verify_tcp(u_char * msg,int * msglen,ns_tcp_tsig_state * state,int required)343 ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
344 int required)
345 {
346 HEADER *hp = (HEADER *)msg;
347 u_char *recstart, *sigstart;
348 unsigned int sigfieldlen, otherfieldlen;
349 u_char *cp, *eom, *cp2;
350 char name[MAXDNAME], alg[MAXDNAME];
351 u_char buf[MAXDNAME];
352 int n, type, length, fudge, error;
353 time_t timesigned;
354
355 if (msg == NULL || msglen == NULL || state == NULL)
356 return (-1);
357
358 eom = msg + *msglen;
359
360 state->counter++;
361 if (state->counter == 0)
362 return (ns_verify(msg, msglen, state->key,
363 state->sig, state->siglen,
364 state->sig, &state->siglen, ×igned, 0));
365
366 if (state->siglen > 0) {
367 u_int16_t siglen_n = htons(state->siglen);
368
369 dst_verify_data(SIG_MODE_INIT, state->key, &state->ctx,
370 NULL, 0, NULL, 0);
371 dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
372 (u_char *)&siglen_n, INT16SZ, NULL, 0);
373 dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
374 state->sig, state->siglen, NULL, 0);
375 state->siglen = 0;
376 }
377
378 cp = recstart = ns_find_tsig(msg, eom);
379
380 if (recstart == NULL) {
381 if (required)
382 return (NS_TSIG_ERROR_NO_TSIG);
383 dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
384 msg, *msglen, NULL, 0);
385 return (0);
386 }
387
388 hp->arcount = htons(ntohs(hp->arcount) - 1);
389 dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
390 msg, recstart - msg, NULL, 0);
391
392 /* Read the key name. */
393 n = dn_expand(msg, eom, cp, name, MAXDNAME);
394 if (n < 0)
395 return (NS_TSIG_ERROR_FORMERR);
396 cp += n;
397
398 /* Read the type. */
399 BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);
400 GETSHORT(type, cp);
401 if (type != ns_t_tsig)
402 return (NS_TSIG_ERROR_NO_TSIG);
403
404 /* Skip the class and TTL, save the length. */
405 cp += INT16SZ + INT32SZ;
406 GETSHORT(length, cp);
407 if (eom - cp != length)
408 return (NS_TSIG_ERROR_FORMERR);
409
410 /* Read the algorithm name. */
411 n = dn_expand(msg, eom, cp, alg, MAXDNAME);
412 if (n < 0)
413 return (NS_TSIG_ERROR_FORMERR);
414 if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1)
415 return (-ns_r_badkey);
416 cp += n;
417
418 /* Verify that the key used is OK. */
419 if ((ns_samename(state->key->dk_key_name, name) != 1 ||
420 state->key->dk_alg != KEY_HMAC_MD5))
421 return (-ns_r_badkey);
422
423 /* Read the time signed and fudge. */
424 BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);
425 cp += INT16SZ;
426 GETLONG(timesigned, cp);
427 GETSHORT(fudge, cp);
428
429 /* Read the signature. */
430 BOUNDS_CHECK(cp, INT16SZ);
431 GETSHORT(sigfieldlen, cp);
432 BOUNDS_CHECK(cp, sigfieldlen);
433 sigstart = cp;
434 cp += sigfieldlen;
435
436 /* Skip id and read error. */
437 BOUNDS_CHECK(cp, 2*INT16SZ);
438 cp += INT16SZ;
439 GETSHORT(error, cp);
440
441 /* Parse the other data. */
442 BOUNDS_CHECK(cp, INT16SZ);
443 GETSHORT(otherfieldlen, cp);
444 BOUNDS_CHECK(cp, otherfieldlen);
445 cp += otherfieldlen;
446
447 if (cp != eom)
448 return (NS_TSIG_ERROR_FORMERR);
449
450 /*
451 * Do the verification.
452 */
453
454 /* Digest the time signed and fudge. */
455 cp2 = buf;
456 PUTSHORT(0, cp2); /*%< Top 16 bits of time. */
457 PUTLONG(timesigned, cp2);
458 PUTSHORT(NS_TSIG_FUDGE, cp2);
459
460 dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
461 buf, cp2 - buf, NULL, 0);
462
463 n = dst_verify_data(SIG_MODE_FINAL, state->key, &state->ctx, NULL, 0,
464 sigstart, sigfieldlen);
465 if (n < 0)
466 return (-ns_r_badsig);
467
468 if (sigfieldlen > sizeof(state->sig))
469 return (NS_TSIG_ERROR_NO_SPACE);
470
471 memcpy(state->sig, sigstart, sigfieldlen);
472 state->siglen = sigfieldlen;
473
474 /* Verify the time. */
475 if (abs(timesigned - time(NULL)) > fudge)
476 return (-ns_r_badtime);
477
478 *msglen = recstart - msg;
479
480 if (error != NOERROR)
481 return (error);
482
483 return (0);
484 }
485
486 /*! \file */
487