1 /* $NetBSD: tsig.c,v 1.1 2024/02/18 20:57:34 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 /*! \file */ 17 18 #include <inttypes.h> 19 #include <stdbool.h> 20 #include <stdlib.h> 21 22 #include <isc/buffer.h> 23 #include <isc/mem.h> 24 #include <isc/print.h> 25 #include <isc/refcount.h> 26 #include <isc/serial.h> 27 #include <isc/string.h> /* Required for HP/UX (and others?) */ 28 #include <isc/time.h> 29 #include <isc/util.h> 30 31 #include <pk11/site.h> 32 33 #include <dns/fixedname.h> 34 #include <dns/keyvalues.h> 35 #include <dns/log.h> 36 #include <dns/message.h> 37 #include <dns/rbt.h> 38 #include <dns/rdata.h> 39 #include <dns/rdatalist.h> 40 #include <dns/rdataset.h> 41 #include <dns/rdatastruct.h> 42 #include <dns/result.h> 43 #include <dns/tsig.h> 44 45 #include <dst/result.h> 46 47 #include "tsig_p.h" 48 49 #define TSIG_MAGIC ISC_MAGIC('T', 'S', 'I', 'G') 50 #define VALID_TSIG_KEY(x) ISC_MAGIC_VALID(x, TSIG_MAGIC) 51 52 #ifndef DNS_TSIG_MAXGENERATEDKEYS 53 #define DNS_TSIG_MAXGENERATEDKEYS 4096 54 #endif /* ifndef DNS_TSIG_MAXGENERATEDKEYS */ 55 56 #define is_response(msg) ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) 57 58 #define BADTIMELEN 6 59 60 static unsigned char hmacmd5_ndata[] = "\010hmac-md5\007sig-alg\003reg\003int"; 61 static unsigned char hmacmd5_offsets[] = { 0, 9, 17, 21, 25 }; 62 63 static dns_name_t const hmacmd5 = DNS_NAME_INITABSOLUTE(hmacmd5_ndata, 64 hmacmd5_offsets); 65 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_hmacmd5_name = &hmacmd5; 66 67 static unsigned char gsstsig_ndata[] = "\010gss-tsig"; 68 static unsigned char gsstsig_offsets[] = { 0, 9 }; 69 static dns_name_t const gsstsig = DNS_NAME_INITABSOLUTE(gsstsig_ndata, 70 gsstsig_offsets); 71 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_gssapi_name = &gsstsig; 72 73 /* 74 * Since Microsoft doesn't follow its own standard, we will use this 75 * alternate name as a second guess. 76 */ 77 static unsigned char gsstsigms_ndata[] = "\003gss\011microsoft\003com"; 78 static unsigned char gsstsigms_offsets[] = { 0, 4, 14, 18 }; 79 static dns_name_t const gsstsigms = DNS_NAME_INITABSOLUTE(gsstsigms_ndata, 80 gsstsigms_offsets); 81 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_gssapims_name = &gsstsigms; 82 83 static unsigned char hmacsha1_ndata[] = "\011hmac-sha1"; 84 static unsigned char hmacsha1_offsets[] = { 0, 10 }; 85 static dns_name_t const hmacsha1 = DNS_NAME_INITABSOLUTE(hmacsha1_ndata, 86 hmacsha1_offsets); 87 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_hmacsha1_name = &hmacsha1; 88 89 static unsigned char hmacsha224_ndata[] = "\013hmac-sha224"; 90 static unsigned char hmacsha224_offsets[] = { 0, 12 }; 91 static dns_name_t const hmacsha224 = DNS_NAME_INITABSOLUTE(hmacsha224_ndata, 92 hmacsha224_offsets); 93 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_hmacsha224_name = &hmacsha224; 94 95 static unsigned char hmacsha256_ndata[] = "\013hmac-sha256"; 96 static unsigned char hmacsha256_offsets[] = { 0, 12 }; 97 static dns_name_t const hmacsha256 = DNS_NAME_INITABSOLUTE(hmacsha256_ndata, 98 hmacsha256_offsets); 99 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_hmacsha256_name = &hmacsha256; 100 101 static unsigned char hmacsha384_ndata[] = "\013hmac-sha384"; 102 static unsigned char hmacsha384_offsets[] = { 0, 12 }; 103 static dns_name_t const hmacsha384 = DNS_NAME_INITABSOLUTE(hmacsha384_ndata, 104 hmacsha384_offsets); 105 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_hmacsha384_name = &hmacsha384; 106 107 static unsigned char hmacsha512_ndata[] = "\013hmac-sha512"; 108 static unsigned char hmacsha512_offsets[] = { 0, 12 }; 109 static dns_name_t const hmacsha512 = DNS_NAME_INITABSOLUTE(hmacsha512_ndata, 110 hmacsha512_offsets); 111 LIBDNS_EXTERNAL_DATA const dns_name_t *dns_tsig_hmacsha512_name = &hmacsha512; 112 113 static const struct { 114 const dns_name_t *name; 115 unsigned int dstalg; 116 } known_algs[] = { { &hmacmd5, DST_ALG_HMACMD5 }, 117 { &gsstsig, DST_ALG_GSSAPI }, 118 { &gsstsigms, DST_ALG_GSSAPI }, 119 { &hmacsha1, DST_ALG_HMACSHA1 }, 120 { &hmacsha224, DST_ALG_HMACSHA224 }, 121 { &hmacsha256, DST_ALG_HMACSHA256 }, 122 { &hmacsha384, DST_ALG_HMACSHA384 }, 123 { &hmacsha512, DST_ALG_HMACSHA512 } }; 124 125 static isc_result_t 126 tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg); 127 128 static void 129 tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) 130 ISC_FORMAT_PRINTF(3, 4); 131 132 static void 133 cleanup_ring(dns_tsig_keyring_t *ring); 134 static void 135 tsigkey_free(dns_tsigkey_t *key); 136 137 bool 138 dns__tsig_algvalid(unsigned int alg) { 139 return (alg == DST_ALG_HMACMD5 || alg == DST_ALG_HMACSHA1 || 140 alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 || 141 alg == DST_ALG_HMACSHA384 || alg == DST_ALG_HMACSHA512); 142 } 143 144 static void 145 tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) { 146 va_list ap; 147 char message[4096]; 148 char namestr[DNS_NAME_FORMATSIZE]; 149 char creatorstr[DNS_NAME_FORMATSIZE]; 150 151 if (!isc_log_wouldlog(dns_lctx, level)) { 152 return; 153 } 154 if (key != NULL) { 155 dns_name_format(&key->name, namestr, sizeof(namestr)); 156 } else { 157 strlcpy(namestr, "<null>", sizeof(namestr)); 158 } 159 160 if (key != NULL && key->generated && key->creator) { 161 dns_name_format(key->creator, creatorstr, sizeof(creatorstr)); 162 } else { 163 strlcpy(creatorstr, "<null>", sizeof(creatorstr)); 164 } 165 166 va_start(ap, fmt); 167 vsnprintf(message, sizeof(message), fmt, ap); 168 va_end(ap); 169 if (key != NULL && key->generated) { 170 isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, 171 DNS_LOGMODULE_TSIG, level, 172 "tsig key '%s' (%s): %s", namestr, creatorstr, 173 message); 174 } else { 175 isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, 176 DNS_LOGMODULE_TSIG, level, "tsig key '%s': %s", 177 namestr, message); 178 } 179 } 180 181 static void 182 remove_fromring(dns_tsigkey_t *tkey) { 183 if (tkey->generated) { 184 ISC_LIST_UNLINK(tkey->ring->lru, tkey, link); 185 tkey->ring->generated--; 186 } 187 (void)dns_rbt_deletename(tkey->ring->keys, &tkey->name, false); 188 } 189 190 static void 191 adjust_lru(dns_tsigkey_t *tkey) { 192 if (tkey->generated) { 193 RWLOCK(&tkey->ring->lock, isc_rwlocktype_write); 194 /* 195 * We may have been removed from the LRU list between 196 * removing the read lock and acquiring the write lock. 197 */ 198 if (ISC_LINK_LINKED(tkey, link) && tkey->ring->lru.tail != tkey) 199 { 200 ISC_LIST_UNLINK(tkey->ring->lru, tkey, link); 201 ISC_LIST_APPEND(tkey->ring->lru, tkey, link); 202 } 203 RWUNLOCK(&tkey->ring->lock, isc_rwlocktype_write); 204 } 205 } 206 207 /* 208 * A supplemental routine just to add a key to ring. Note that reference 209 * counter should be counted separately because we may be adding the key 210 * as part of creation of the key, in which case the reference counter was 211 * already initialized. Also note we don't need RWLOCK for the reference 212 * counter: it's protected by a separate lock. 213 */ 214 static isc_result_t 215 keyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name, 216 dns_tsigkey_t *tkey) { 217 isc_result_t result; 218 219 RWLOCK(&ring->lock, isc_rwlocktype_write); 220 ring->writecount++; 221 222 /* 223 * Do on the fly cleaning. Find some nodes we might not 224 * want around any more. 225 */ 226 if (ring->writecount > 10) { 227 cleanup_ring(ring); 228 ring->writecount = 0; 229 } 230 231 result = dns_rbt_addname(ring->keys, name, tkey); 232 if (result == ISC_R_SUCCESS && tkey->generated) { 233 /* 234 * Add the new key to the LRU list and remove the least 235 * recently used key if there are too many keys on the list. 236 */ 237 ISC_LIST_APPEND(ring->lru, tkey, link); 238 if (ring->generated++ > ring->maxgenerated) { 239 remove_fromring(ISC_LIST_HEAD(ring->lru)); 240 } 241 } 242 RWUNLOCK(&ring->lock, isc_rwlocktype_write); 243 244 return (result); 245 } 246 247 isc_result_t 248 dns_tsigkey_createfromkey(const dns_name_t *name, const dns_name_t *algorithm, 249 dst_key_t *dstkey, bool generated, 250 const dns_name_t *creator, isc_stdtime_t inception, 251 isc_stdtime_t expire, isc_mem_t *mctx, 252 dns_tsig_keyring_t *ring, dns_tsigkey_t **key) { 253 dns_tsigkey_t *tkey; 254 isc_result_t ret; 255 unsigned int refs = 0; 256 unsigned int dstalg = 0; 257 258 REQUIRE(key == NULL || *key == NULL); 259 REQUIRE(name != NULL); 260 REQUIRE(algorithm != NULL); 261 REQUIRE(mctx != NULL); 262 REQUIRE(key != NULL || ring != NULL); 263 264 tkey = isc_mem_get(mctx, sizeof(dns_tsigkey_t)); 265 266 dns_name_init(&tkey->name, NULL); 267 dns_name_dup(name, mctx, &tkey->name); 268 (void)dns_name_downcase(&tkey->name, &tkey->name, NULL); 269 270 /* Check against known algorithm names */ 271 dstalg = dns__tsig_algfromname(algorithm); 272 if (dstalg != 0) { 273 /* 274 * 'algorithm' must be set to a static pointer 275 * so that dns__tsig_algallocated() can compare them. 276 */ 277 tkey->algorithm = dns__tsig_algnamefromname(algorithm); 278 if (dstkey != NULL && dst_key_alg(dstkey) != dstalg) { 279 ret = DNS_R_BADALG; 280 goto cleanup_name; 281 } 282 } else { 283 dns_name_t *tmpname; 284 if (dstkey != NULL) { 285 ret = DNS_R_BADALG; 286 goto cleanup_name; 287 } 288 tmpname = isc_mem_get(mctx, sizeof(dns_name_t)); 289 dns_name_init(tmpname, NULL); 290 dns_name_dup(algorithm, mctx, tmpname); 291 (void)dns_name_downcase(tmpname, tmpname, NULL); 292 tkey->algorithm = tmpname; 293 } 294 295 if (creator != NULL) { 296 tkey->creator = isc_mem_get(mctx, sizeof(dns_name_t)); 297 dns_name_init(tkey->creator, NULL); 298 dns_name_dup(creator, mctx, tkey->creator); 299 } else { 300 tkey->creator = NULL; 301 } 302 303 tkey->key = NULL; 304 if (dstkey != NULL) { 305 dst_key_attach(dstkey, &tkey->key); 306 } 307 tkey->ring = ring; 308 309 if (key != NULL) { 310 refs = 1; 311 } 312 if (ring != NULL) { 313 refs++; 314 } 315 316 isc_refcount_init(&tkey->refs, refs); 317 318 tkey->generated = generated; 319 tkey->inception = inception; 320 tkey->expire = expire; 321 tkey->mctx = NULL; 322 isc_mem_attach(mctx, &tkey->mctx); 323 ISC_LINK_INIT(tkey, link); 324 325 tkey->magic = TSIG_MAGIC; 326 327 if (ring != NULL) { 328 ret = keyring_add(ring, name, tkey); 329 if (ret != ISC_R_SUCCESS) { 330 goto cleanup_refs; 331 } 332 } 333 334 /* 335 * Ignore this if it's a GSS key, since the key size is meaningless. 336 */ 337 if (dstkey != NULL && dst_key_size(dstkey) < 64 && 338 dstalg != DST_ALG_GSSAPI) 339 { 340 char namestr[DNS_NAME_FORMATSIZE]; 341 dns_name_format(name, namestr, sizeof(namestr)); 342 isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, 343 DNS_LOGMODULE_TSIG, ISC_LOG_INFO, 344 "the key '%s' is too short to be secure", 345 namestr); 346 } 347 348 if (key != NULL) { 349 *key = tkey; 350 } 351 352 return (ISC_R_SUCCESS); 353 354 cleanup_refs: 355 tkey->magic = 0; 356 while (refs-- > 0) { 357 isc_refcount_decrement0(&tkey->refs); 358 } 359 isc_refcount_destroy(&tkey->refs); 360 361 if (tkey->key != NULL) { 362 dst_key_free(&tkey->key); 363 } 364 if (tkey->creator != NULL) { 365 dns_name_free(tkey->creator, mctx); 366 isc_mem_put(mctx, tkey->creator, sizeof(dns_name_t)); 367 } 368 if (dns__tsig_algallocated(tkey->algorithm)) { 369 dns_name_t *tmpname; 370 DE_CONST(tkey->algorithm, tmpname); 371 if (dns_name_dynamic(tmpname)) { 372 dns_name_free(tmpname, mctx); 373 } 374 isc_mem_put(mctx, tmpname, sizeof(dns_name_t)); 375 } 376 cleanup_name: 377 dns_name_free(&tkey->name, mctx); 378 isc_mem_put(mctx, tkey, sizeof(dns_tsigkey_t)); 379 380 return (ret); 381 } 382 383 /* 384 * Find a few nodes to destroy if possible. 385 */ 386 static void 387 cleanup_ring(dns_tsig_keyring_t *ring) { 388 isc_result_t result; 389 dns_rbtnodechain_t chain; 390 dns_name_t foundname; 391 dns_fixedname_t fixedorigin; 392 dns_name_t *origin; 393 isc_stdtime_t now; 394 dns_rbtnode_t *node; 395 dns_tsigkey_t *tkey; 396 397 /* 398 * Start up a new iterator each time. 399 */ 400 isc_stdtime_get(&now); 401 dns_name_init(&foundname, NULL); 402 origin = dns_fixedname_initname(&fixedorigin); 403 404 again: 405 dns_rbtnodechain_init(&chain); 406 result = dns_rbtnodechain_first(&chain, ring->keys, &foundname, origin); 407 if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { 408 dns_rbtnodechain_invalidate(&chain); 409 return; 410 } 411 412 for (;;) { 413 node = NULL; 414 dns_rbtnodechain_current(&chain, &foundname, origin, &node); 415 tkey = node->data; 416 if (tkey != NULL) { 417 if (tkey->generated && 418 isc_refcount_current(&tkey->refs) == 1 && 419 tkey->inception != tkey->expire && 420 tkey->expire < now) 421 { 422 tsig_log(tkey, 2, "tsig expire: deleting"); 423 /* delete the key */ 424 dns_rbtnodechain_invalidate(&chain); 425 remove_fromring(tkey); 426 goto again; 427 } 428 } 429 result = dns_rbtnodechain_next(&chain, &foundname, origin); 430 if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { 431 dns_rbtnodechain_invalidate(&chain); 432 return; 433 } 434 } 435 } 436 437 static void 438 destroyring(dns_tsig_keyring_t *ring) { 439 isc_refcount_destroy(&ring->references); 440 dns_rbt_destroy(&ring->keys); 441 isc_rwlock_destroy(&ring->lock); 442 isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsig_keyring_t)); 443 } 444 445 /* 446 * Look up the DST_ALG_ constant for a given name. 447 */ 448 unsigned int 449 dns__tsig_algfromname(const dns_name_t *algorithm) { 450 int i; 451 int n = sizeof(known_algs) / sizeof(*known_algs); 452 for (i = 0; i < n; ++i) { 453 const dns_name_t *name = known_algs[i].name; 454 if (algorithm == name || dns_name_equal(algorithm, name)) { 455 return (known_algs[i].dstalg); 456 } 457 } 458 return (0); 459 } 460 461 /* 462 * Convert an algorithm name into a pointer to the 463 * corresponding pre-defined dns_name_t structure. 464 */ 465 const dns_name_t * 466 dns__tsig_algnamefromname(const dns_name_t *algorithm) { 467 int i; 468 int n = sizeof(known_algs) / sizeof(*known_algs); 469 for (i = 0; i < n; ++i) { 470 const dns_name_t *name = known_algs[i].name; 471 if (algorithm == name || dns_name_equal(algorithm, name)) { 472 return (name); 473 } 474 } 475 return (NULL); 476 } 477 478 /* 479 * Test whether the passed algorithm is NOT a pointer to one of the 480 * pre-defined known algorithms (and therefore one that has been 481 * dynamically allocated). 482 * 483 * This will return an incorrect result if passed a dynamically allocated 484 * dns_name_t that happens to match one of the pre-defined names. 485 */ 486 bool 487 dns__tsig_algallocated(const dns_name_t *algorithm) { 488 int i; 489 int n = sizeof(known_algs) / sizeof(*known_algs); 490 for (i = 0; i < n; ++i) { 491 const dns_name_t *name = known_algs[i].name; 492 if (algorithm == name) { 493 return (false); 494 } 495 } 496 return (true); 497 } 498 499 static isc_result_t 500 restore_key(dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) { 501 dst_key_t *dstkey = NULL; 502 char namestr[1024]; 503 char creatorstr[1024]; 504 char algorithmstr[1024]; 505 char keystr[4096]; 506 unsigned int inception, expire; 507 int n; 508 isc_buffer_t b; 509 dns_name_t *name, *creator, *algorithm; 510 dns_fixedname_t fname, fcreator, falgorithm; 511 isc_result_t result; 512 unsigned int dstalg; 513 514 n = fscanf(fp, "%1023s %1023s %u %u %1023s %4095s\n", namestr, 515 creatorstr, &inception, &expire, algorithmstr, keystr); 516 if (n == EOF) { 517 return (ISC_R_NOMORE); 518 } 519 if (n != 6) { 520 return (ISC_R_FAILURE); 521 } 522 523 if (isc_serial_lt(expire, now)) { 524 return (DNS_R_EXPIRED); 525 } 526 527 name = dns_fixedname_initname(&fname); 528 isc_buffer_init(&b, namestr, strlen(namestr)); 529 isc_buffer_add(&b, strlen(namestr)); 530 result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); 531 if (result != ISC_R_SUCCESS) { 532 return (result); 533 } 534 535 creator = dns_fixedname_initname(&fcreator); 536 isc_buffer_init(&b, creatorstr, strlen(creatorstr)); 537 isc_buffer_add(&b, strlen(creatorstr)); 538 result = dns_name_fromtext(creator, &b, dns_rootname, 0, NULL); 539 if (result != ISC_R_SUCCESS) { 540 return (result); 541 } 542 543 algorithm = dns_fixedname_initname(&falgorithm); 544 isc_buffer_init(&b, algorithmstr, strlen(algorithmstr)); 545 isc_buffer_add(&b, strlen(algorithmstr)); 546 result = dns_name_fromtext(algorithm, &b, dns_rootname, 0, NULL); 547 if (result != ISC_R_SUCCESS) { 548 return (result); 549 } 550 551 dstalg = dns__tsig_algfromname(algorithm); 552 if (dstalg == 0) { 553 return (DNS_R_BADALG); 554 } 555 556 result = dst_key_restore(name, dstalg, DNS_KEYOWNER_ENTITY, 557 DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, 558 ring->mctx, keystr, &dstkey); 559 if (result != ISC_R_SUCCESS) { 560 return (result); 561 } 562 563 result = dns_tsigkey_createfromkey(name, algorithm, dstkey, true, 564 creator, inception, expire, 565 ring->mctx, ring, NULL); 566 if (dstkey != NULL) { 567 dst_key_free(&dstkey); 568 } 569 return (result); 570 } 571 572 static void 573 dump_key(dns_tsigkey_t *tkey, FILE *fp) { 574 char *buffer = NULL; 575 int length = 0; 576 char namestr[DNS_NAME_FORMATSIZE]; 577 char creatorstr[DNS_NAME_FORMATSIZE]; 578 char algorithmstr[DNS_NAME_FORMATSIZE]; 579 isc_result_t result; 580 581 REQUIRE(tkey != NULL); 582 REQUIRE(fp != NULL); 583 584 dns_name_format(&tkey->name, namestr, sizeof(namestr)); 585 dns_name_format(tkey->creator, creatorstr, sizeof(creatorstr)); 586 dns_name_format(tkey->algorithm, algorithmstr, sizeof(algorithmstr)); 587 result = dst_key_dump(tkey->key, tkey->mctx, &buffer, &length); 588 if (result == ISC_R_SUCCESS) { 589 fprintf(fp, "%s %s %u %u %s %.*s\n", namestr, creatorstr, 590 tkey->inception, tkey->expire, algorithmstr, length, 591 buffer); 592 } 593 if (buffer != NULL) { 594 isc_mem_put(tkey->mctx, buffer, length); 595 } 596 } 597 598 isc_result_t 599 dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp) { 600 isc_result_t result; 601 dns_rbtnodechain_t chain; 602 dns_name_t foundname; 603 dns_fixedname_t fixedorigin; 604 dns_name_t *origin; 605 isc_stdtime_t now; 606 dns_rbtnode_t *node; 607 dns_tsigkey_t *tkey; 608 dns_tsig_keyring_t *ring; 609 610 REQUIRE(ringp != NULL && *ringp != NULL); 611 612 ring = *ringp; 613 *ringp = NULL; 614 615 if (isc_refcount_decrement(&ring->references) > 1) { 616 return (DNS_R_CONTINUE); 617 } 618 619 isc_stdtime_get(&now); 620 dns_name_init(&foundname, NULL); 621 origin = dns_fixedname_initname(&fixedorigin); 622 dns_rbtnodechain_init(&chain); 623 result = dns_rbtnodechain_first(&chain, ring->keys, &foundname, origin); 624 if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { 625 dns_rbtnodechain_invalidate(&chain); 626 goto destroy; 627 } 628 629 for (;;) { 630 node = NULL; 631 dns_rbtnodechain_current(&chain, &foundname, origin, &node); 632 tkey = node->data; 633 if (tkey != NULL && tkey->generated && tkey->expire >= now) { 634 dump_key(tkey, fp); 635 } 636 result = dns_rbtnodechain_next(&chain, &foundname, origin); 637 if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { 638 dns_rbtnodechain_invalidate(&chain); 639 if (result == ISC_R_NOMORE) { 640 result = ISC_R_SUCCESS; 641 } 642 goto destroy; 643 } 644 } 645 646 destroy: 647 destroyring(ring); 648 return (result); 649 } 650 651 const dns_name_t * 652 dns_tsigkey_identity(const dns_tsigkey_t *tsigkey) { 653 REQUIRE(tsigkey == NULL || VALID_TSIG_KEY(tsigkey)); 654 655 if (tsigkey == NULL) { 656 return (NULL); 657 } 658 if (tsigkey->generated) { 659 return (tsigkey->creator); 660 } else { 661 return (&tsigkey->name); 662 } 663 } 664 665 isc_result_t 666 dns_tsigkey_create(const dns_name_t *name, const dns_name_t *algorithm, 667 unsigned char *secret, int length, bool generated, 668 const dns_name_t *creator, isc_stdtime_t inception, 669 isc_stdtime_t expire, isc_mem_t *mctx, 670 dns_tsig_keyring_t *ring, dns_tsigkey_t **key) { 671 dst_key_t *dstkey = NULL; 672 isc_result_t result; 673 unsigned int dstalg = 0; 674 675 REQUIRE(length >= 0); 676 if (length > 0) { 677 REQUIRE(secret != NULL); 678 } 679 680 dstalg = dns__tsig_algfromname(algorithm); 681 if (dns__tsig_algvalid(dstalg)) { 682 if (secret != NULL) { 683 isc_buffer_t b; 684 685 isc_buffer_init(&b, secret, length); 686 isc_buffer_add(&b, length); 687 result = dst_key_frombuffer( 688 name, dstalg, DNS_KEYOWNER_ENTITY, 689 DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, &b, 690 mctx, &dstkey); 691 if (result != ISC_R_SUCCESS) { 692 return (result); 693 } 694 } 695 } else if (length > 0) { 696 return (DNS_R_BADALG); 697 } 698 699 result = dns_tsigkey_createfromkey(name, algorithm, dstkey, generated, 700 creator, inception, expire, mctx, 701 ring, key); 702 if (dstkey != NULL) { 703 dst_key_free(&dstkey); 704 } 705 return (result); 706 } 707 708 void 709 dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp) { 710 REQUIRE(VALID_TSIG_KEY(source)); 711 REQUIRE(targetp != NULL && *targetp == NULL); 712 713 isc_refcount_increment(&source->refs); 714 *targetp = source; 715 } 716 717 static void 718 tsigkey_free(dns_tsigkey_t *key) { 719 REQUIRE(VALID_TSIG_KEY(key)); 720 721 key->magic = 0; 722 dns_name_free(&key->name, key->mctx); 723 if (dns__tsig_algallocated(key->algorithm)) { 724 dns_name_t *name; 725 DE_CONST(key->algorithm, name); 726 dns_name_free(name, key->mctx); 727 isc_mem_put(key->mctx, name, sizeof(dns_name_t)); 728 } 729 if (key->key != NULL) { 730 dst_key_free(&key->key); 731 } 732 if (key->creator != NULL) { 733 dns_name_free(key->creator, key->mctx); 734 isc_mem_put(key->mctx, key->creator, sizeof(dns_name_t)); 735 } 736 isc_mem_putanddetach(&key->mctx, key, sizeof(dns_tsigkey_t)); 737 } 738 739 void 740 dns_tsigkey_detach(dns_tsigkey_t **keyp) { 741 REQUIRE(keyp != NULL && VALID_TSIG_KEY(*keyp)); 742 dns_tsigkey_t *key = *keyp; 743 *keyp = NULL; 744 745 if (isc_refcount_decrement(&key->refs) == 1) { 746 isc_refcount_destroy(&key->refs); 747 tsigkey_free(key); 748 } 749 } 750 751 void 752 dns_tsigkey_setdeleted(dns_tsigkey_t *key) { 753 REQUIRE(VALID_TSIG_KEY(key)); 754 REQUIRE(key->ring != NULL); 755 756 RWLOCK(&key->ring->lock, isc_rwlocktype_write); 757 remove_fromring(key); 758 RWUNLOCK(&key->ring->lock, isc_rwlocktype_write); 759 } 760 761 isc_result_t 762 dns_tsig_sign(dns_message_t *msg) { 763 dns_tsigkey_t *key = NULL; 764 dns_rdata_any_tsig_t tsig, querytsig; 765 unsigned char data[128]; 766 isc_buffer_t databuf, sigbuf; 767 isc_buffer_t *dynbuf = NULL; 768 dns_name_t *owner = NULL; 769 dns_rdata_t *rdata = NULL; 770 dns_rdatalist_t *datalist = NULL; 771 dns_rdataset_t *dataset = NULL; 772 isc_region_t r; 773 isc_stdtime_t now; 774 isc_mem_t *mctx; 775 dst_context_t *ctx = NULL; 776 isc_result_t ret; 777 unsigned char badtimedata[BADTIMELEN]; 778 unsigned int sigsize = 0; 779 bool response; 780 781 REQUIRE(msg != NULL); 782 key = dns_message_gettsigkey(msg); 783 REQUIRE(VALID_TSIG_KEY(key)); 784 785 /* 786 * If this is a response, there should be a TSIG in the query with the 787 * the exception if this is a TKEY request (see RFC 3645, Section 2.2). 788 */ 789 response = is_response(msg); 790 if (response && msg->querytsig == NULL) { 791 if (msg->tkey != 1) { 792 return (DNS_R_EXPECTEDTSIG); 793 } 794 } 795 796 mctx = msg->mctx; 797 798 tsig.mctx = mctx; 799 tsig.common.rdclass = dns_rdataclass_any; 800 tsig.common.rdtype = dns_rdatatype_tsig; 801 ISC_LINK_INIT(&tsig.common, link); 802 dns_name_init(&tsig.algorithm, NULL); 803 dns_name_clone(key->algorithm, &tsig.algorithm); 804 805 isc_stdtime_get(&now); 806 tsig.timesigned = now + msg->timeadjust; 807 tsig.fudge = DNS_TSIG_FUDGE; 808 809 tsig.originalid = msg->id; 810 811 isc_buffer_init(&databuf, data, sizeof(data)); 812 813 if (response) { 814 tsig.error = msg->querytsigstatus; 815 } else { 816 tsig.error = dns_rcode_noerror; 817 } 818 819 if (tsig.error != dns_tsigerror_badtime) { 820 tsig.otherlen = 0; 821 tsig.other = NULL; 822 } else { 823 isc_buffer_t otherbuf; 824 825 tsig.otherlen = BADTIMELEN; 826 tsig.other = badtimedata; 827 isc_buffer_init(&otherbuf, tsig.other, tsig.otherlen); 828 isc_buffer_putuint48(&otherbuf, tsig.timesigned); 829 } 830 831 if ((key->key != NULL) && (tsig.error != dns_tsigerror_badsig) && 832 (tsig.error != dns_tsigerror_badkey)) 833 { 834 unsigned char header[DNS_MESSAGE_HEADERLEN]; 835 isc_buffer_t headerbuf; 836 uint16_t digestbits; 837 bool querytsig_ok = false; 838 839 /* 840 * If it is a response, we assume that the request MAC 841 * has validated at this point. This is why we include a 842 * MAC length > 0 in the reply. 843 */ 844 ret = dst_context_create(key->key, mctx, DNS_LOGCATEGORY_DNSSEC, 845 true, 0, &ctx); 846 if (ret != ISC_R_SUCCESS) { 847 return (ret); 848 } 849 850 /* 851 * If this is a response, and if there was a TSIG in 852 * the query, digest the request's MAC. 853 * 854 * (Note: querytsig should be non-NULL for all 855 * responses except TKEY responses. Those may be signed 856 * with the newly-negotiated TSIG key even if the query 857 * wasn't signed.) 858 */ 859 if (response && msg->querytsig != NULL) { 860 dns_rdata_t querytsigrdata = DNS_RDATA_INIT; 861 862 INSIST(msg->verified_sig); 863 864 ret = dns_rdataset_first(msg->querytsig); 865 if (ret != ISC_R_SUCCESS) { 866 goto cleanup_context; 867 } 868 dns_rdataset_current(msg->querytsig, &querytsigrdata); 869 ret = dns_rdata_tostruct(&querytsigrdata, &querytsig, 870 NULL); 871 if (ret != ISC_R_SUCCESS) { 872 goto cleanup_context; 873 } 874 isc_buffer_putuint16(&databuf, querytsig.siglen); 875 if (isc_buffer_availablelength(&databuf) < 876 querytsig.siglen) 877 { 878 ret = ISC_R_NOSPACE; 879 goto cleanup_context; 880 } 881 isc_buffer_putmem(&databuf, querytsig.signature, 882 querytsig.siglen); 883 isc_buffer_usedregion(&databuf, &r); 884 ret = dst_context_adddata(ctx, &r); 885 if (ret != ISC_R_SUCCESS) { 886 goto cleanup_context; 887 } 888 querytsig_ok = true; 889 } 890 891 /* 892 * Digest the header. 893 */ 894 isc_buffer_init(&headerbuf, header, sizeof(header)); 895 dns_message_renderheader(msg, &headerbuf); 896 isc_buffer_usedregion(&headerbuf, &r); 897 ret = dst_context_adddata(ctx, &r); 898 if (ret != ISC_R_SUCCESS) { 899 goto cleanup_context; 900 } 901 902 /* 903 * Digest the remainder of the message. 904 */ 905 isc_buffer_usedregion(msg->buffer, &r); 906 isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); 907 ret = dst_context_adddata(ctx, &r); 908 if (ret != ISC_R_SUCCESS) { 909 goto cleanup_context; 910 } 911 912 if (msg->tcp_continuation == 0) { 913 /* 914 * Digest the name, class, ttl, alg. 915 */ 916 dns_name_toregion(&key->name, &r); 917 ret = dst_context_adddata(ctx, &r); 918 if (ret != ISC_R_SUCCESS) { 919 goto cleanup_context; 920 } 921 922 isc_buffer_clear(&databuf); 923 isc_buffer_putuint16(&databuf, dns_rdataclass_any); 924 isc_buffer_putuint32(&databuf, 0); /* ttl */ 925 isc_buffer_usedregion(&databuf, &r); 926 ret = dst_context_adddata(ctx, &r); 927 if (ret != ISC_R_SUCCESS) { 928 goto cleanup_context; 929 } 930 931 dns_name_toregion(&tsig.algorithm, &r); 932 ret = dst_context_adddata(ctx, &r); 933 if (ret != ISC_R_SUCCESS) { 934 goto cleanup_context; 935 } 936 } 937 /* Digest the timesigned and fudge */ 938 isc_buffer_clear(&databuf); 939 if (tsig.error == dns_tsigerror_badtime && querytsig_ok) { 940 tsig.timesigned = querytsig.timesigned; 941 } 942 isc_buffer_putuint48(&databuf, tsig.timesigned); 943 isc_buffer_putuint16(&databuf, tsig.fudge); 944 isc_buffer_usedregion(&databuf, &r); 945 ret = dst_context_adddata(ctx, &r); 946 if (ret != ISC_R_SUCCESS) { 947 goto cleanup_context; 948 } 949 950 if (msg->tcp_continuation == 0) { 951 /* 952 * Digest the error and other data length. 953 */ 954 isc_buffer_clear(&databuf); 955 isc_buffer_putuint16(&databuf, tsig.error); 956 isc_buffer_putuint16(&databuf, tsig.otherlen); 957 958 isc_buffer_usedregion(&databuf, &r); 959 ret = dst_context_adddata(ctx, &r); 960 if (ret != ISC_R_SUCCESS) { 961 goto cleanup_context; 962 } 963 964 /* 965 * Digest other data. 966 */ 967 if (tsig.otherlen > 0) { 968 r.length = tsig.otherlen; 969 r.base = tsig.other; 970 ret = dst_context_adddata(ctx, &r); 971 if (ret != ISC_R_SUCCESS) { 972 goto cleanup_context; 973 } 974 } 975 } 976 977 ret = dst_key_sigsize(key->key, &sigsize); 978 if (ret != ISC_R_SUCCESS) { 979 goto cleanup_context; 980 } 981 tsig.signature = isc_mem_get(mctx, sigsize); 982 983 isc_buffer_init(&sigbuf, tsig.signature, sigsize); 984 ret = dst_context_sign(ctx, &sigbuf); 985 if (ret != ISC_R_SUCCESS) { 986 goto cleanup_signature; 987 } 988 dst_context_destroy(&ctx); 989 digestbits = dst_key_getbits(key->key); 990 if (digestbits != 0) { 991 unsigned int bytes = (digestbits + 7) / 8; 992 if (querytsig_ok && bytes < querytsig.siglen) { 993 bytes = querytsig.siglen; 994 } 995 if (bytes > isc_buffer_usedlength(&sigbuf)) { 996 bytes = isc_buffer_usedlength(&sigbuf); 997 } 998 tsig.siglen = bytes; 999 } else { 1000 tsig.siglen = isc_buffer_usedlength(&sigbuf); 1001 } 1002 } else { 1003 tsig.siglen = 0; 1004 tsig.signature = NULL; 1005 } 1006 1007 ret = dns_message_gettemprdata(msg, &rdata); 1008 if (ret != ISC_R_SUCCESS) { 1009 goto cleanup_signature; 1010 } 1011 isc_buffer_allocate(msg->mctx, &dynbuf, 512); 1012 ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any, 1013 dns_rdatatype_tsig, &tsig, dynbuf); 1014 if (ret != ISC_R_SUCCESS) { 1015 goto cleanup_dynbuf; 1016 } 1017 1018 dns_message_takebuffer(msg, &dynbuf); 1019 1020 if (tsig.signature != NULL) { 1021 isc_mem_put(mctx, tsig.signature, sigsize); 1022 tsig.signature = NULL; 1023 } 1024 1025 ret = dns_message_gettempname(msg, &owner); 1026 if (ret != ISC_R_SUCCESS) { 1027 goto cleanup_rdata; 1028 } 1029 dns_name_copynf(&key->name, owner); 1030 1031 ret = dns_message_gettemprdatalist(msg, &datalist); 1032 if (ret != ISC_R_SUCCESS) { 1033 goto cleanup_owner; 1034 } 1035 1036 ret = dns_message_gettemprdataset(msg, &dataset); 1037 if (ret != ISC_R_SUCCESS) { 1038 goto cleanup_rdatalist; 1039 } 1040 datalist->rdclass = dns_rdataclass_any; 1041 datalist->type = dns_rdatatype_tsig; 1042 ISC_LIST_APPEND(datalist->rdata, rdata, link); 1043 RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == 1044 ISC_R_SUCCESS); 1045 msg->tsig = dataset; 1046 msg->tsigname = owner; 1047 1048 /* Windows does not like the tsig name being compressed. */ 1049 msg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS; 1050 1051 return (ISC_R_SUCCESS); 1052 1053 cleanup_rdatalist: 1054 dns_message_puttemprdatalist(msg, &datalist); 1055 cleanup_owner: 1056 dns_message_puttempname(msg, &owner); 1057 goto cleanup_rdata; 1058 cleanup_dynbuf: 1059 isc_buffer_free(&dynbuf); 1060 cleanup_rdata: 1061 dns_message_puttemprdata(msg, &rdata); 1062 cleanup_signature: 1063 if (tsig.signature != NULL) { 1064 isc_mem_put(mctx, tsig.signature, sigsize); 1065 } 1066 cleanup_context: 1067 if (ctx != NULL) { 1068 dst_context_destroy(&ctx); 1069 } 1070 return (ret); 1071 } 1072 1073 isc_result_t 1074 dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, 1075 dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2) { 1076 dns_rdata_any_tsig_t tsig, querytsig; 1077 isc_region_t r, source_r, header_r, sig_r; 1078 isc_buffer_t databuf; 1079 unsigned char data[32]; 1080 dns_name_t *keyname; 1081 dns_rdata_t rdata = DNS_RDATA_INIT; 1082 isc_stdtime_t now; 1083 isc_result_t ret; 1084 dns_tsigkey_t *tsigkey; 1085 dst_key_t *key = NULL; 1086 unsigned char header[DNS_MESSAGE_HEADERLEN]; 1087 dst_context_t *ctx = NULL; 1088 isc_mem_t *mctx; 1089 uint16_t addcount, id; 1090 unsigned int siglen; 1091 unsigned int alg; 1092 bool response; 1093 1094 REQUIRE(source != NULL); 1095 REQUIRE(DNS_MESSAGE_VALID(msg)); 1096 tsigkey = dns_message_gettsigkey(msg); 1097 response = is_response(msg); 1098 1099 REQUIRE(tsigkey == NULL || VALID_TSIG_KEY(tsigkey)); 1100 1101 msg->verify_attempted = 1; 1102 msg->verified_sig = 0; 1103 msg->tsigstatus = dns_tsigerror_badsig; 1104 1105 if (msg->tcp_continuation) { 1106 if (tsigkey == NULL || msg->querytsig == NULL) { 1107 return (DNS_R_UNEXPECTEDTSIG); 1108 } 1109 return (tsig_verify_tcp(source, msg)); 1110 } 1111 1112 /* 1113 * There should be a TSIG record... 1114 */ 1115 if (msg->tsig == NULL) { 1116 return (DNS_R_EXPECTEDTSIG); 1117 } 1118 1119 /* 1120 * If this is a response and there's no key or query TSIG, there 1121 * shouldn't be one on the response. 1122 */ 1123 if (response && (tsigkey == NULL || msg->querytsig == NULL)) { 1124 return (DNS_R_UNEXPECTEDTSIG); 1125 } 1126 1127 mctx = msg->mctx; 1128 1129 /* 1130 * If we're here, we know the message is well formed and contains a 1131 * TSIG record. 1132 */ 1133 1134 keyname = msg->tsigname; 1135 ret = dns_rdataset_first(msg->tsig); 1136 if (ret != ISC_R_SUCCESS) { 1137 return (ret); 1138 } 1139 dns_rdataset_current(msg->tsig, &rdata); 1140 ret = dns_rdata_tostruct(&rdata, &tsig, NULL); 1141 if (ret != ISC_R_SUCCESS) { 1142 return (ret); 1143 } 1144 dns_rdata_reset(&rdata); 1145 if (response) { 1146 ret = dns_rdataset_first(msg->querytsig); 1147 if (ret != ISC_R_SUCCESS) { 1148 return (ret); 1149 } 1150 dns_rdataset_current(msg->querytsig, &rdata); 1151 ret = dns_rdata_tostruct(&rdata, &querytsig, NULL); 1152 if (ret != ISC_R_SUCCESS) { 1153 return (ret); 1154 } 1155 } 1156 1157 /* 1158 * Do the key name and algorithm match that of the query? 1159 */ 1160 if (response && 1161 (!dns_name_equal(keyname, &tsigkey->name) || 1162 !dns_name_equal(&tsig.algorithm, &querytsig.algorithm))) 1163 { 1164 msg->tsigstatus = dns_tsigerror_badkey; 1165 tsig_log(msg->tsigkey, 2, 1166 "key name and algorithm do not match"); 1167 return (DNS_R_TSIGVERIFYFAILURE); 1168 } 1169 1170 /* 1171 * Get the current time. 1172 */ 1173 isc_stdtime_get(&now); 1174 1175 /* 1176 * Find dns_tsigkey_t based on keyname. 1177 */ 1178 if (tsigkey == NULL) { 1179 ret = ISC_R_NOTFOUND; 1180 if (ring1 != NULL) { 1181 ret = dns_tsigkey_find(&tsigkey, keyname, 1182 &tsig.algorithm, ring1); 1183 } 1184 if (ret == ISC_R_NOTFOUND && ring2 != NULL) { 1185 ret = dns_tsigkey_find(&tsigkey, keyname, 1186 &tsig.algorithm, ring2); 1187 } 1188 if (ret != ISC_R_SUCCESS) { 1189 msg->tsigstatus = dns_tsigerror_badkey; 1190 ret = dns_tsigkey_create(keyname, &tsig.algorithm, NULL, 1191 0, false, NULL, now, now, mctx, 1192 NULL, &msg->tsigkey); 1193 if (ret != ISC_R_SUCCESS) { 1194 return (ret); 1195 } 1196 tsig_log(msg->tsigkey, 2, "unknown key"); 1197 return (DNS_R_TSIGVERIFYFAILURE); 1198 } 1199 msg->tsigkey = tsigkey; 1200 } 1201 1202 key = tsigkey->key; 1203 1204 /* 1205 * Check digest length. 1206 */ 1207 alg = dst_key_alg(key); 1208 ret = dst_key_sigsize(key, &siglen); 1209 if (ret != ISC_R_SUCCESS) { 1210 return (ret); 1211 } 1212 if (dns__tsig_algvalid(alg)) { 1213 if (tsig.siglen > siglen) { 1214 tsig_log(msg->tsigkey, 2, "signature length too big"); 1215 return (DNS_R_FORMERR); 1216 } 1217 if (tsig.siglen > 0 && 1218 (tsig.siglen < 10 || tsig.siglen < ((siglen + 1) / 2))) 1219 { 1220 tsig_log(msg->tsigkey, 2, 1221 "signature length below minimum"); 1222 return (DNS_R_FORMERR); 1223 } 1224 } 1225 1226 if (tsig.siglen > 0) { 1227 uint16_t addcount_n; 1228 1229 sig_r.base = tsig.signature; 1230 sig_r.length = tsig.siglen; 1231 1232 ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, 1233 false, 0, &ctx); 1234 if (ret != ISC_R_SUCCESS) { 1235 return (ret); 1236 } 1237 1238 if (response) { 1239 isc_buffer_init(&databuf, data, sizeof(data)); 1240 isc_buffer_putuint16(&databuf, querytsig.siglen); 1241 isc_buffer_usedregion(&databuf, &r); 1242 ret = dst_context_adddata(ctx, &r); 1243 if (ret != ISC_R_SUCCESS) { 1244 goto cleanup_context; 1245 } 1246 if (querytsig.siglen > 0) { 1247 r.length = querytsig.siglen; 1248 r.base = querytsig.signature; 1249 ret = dst_context_adddata(ctx, &r); 1250 if (ret != ISC_R_SUCCESS) { 1251 goto cleanup_context; 1252 } 1253 } 1254 } 1255 1256 /* 1257 * Extract the header. 1258 */ 1259 isc_buffer_usedregion(source, &r); 1260 memmove(header, r.base, DNS_MESSAGE_HEADERLEN); 1261 isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); 1262 1263 /* 1264 * Decrement the additional field counter. 1265 */ 1266 memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); 1267 addcount_n = ntohs(addcount); 1268 addcount = htons((uint16_t)(addcount_n - 1)); 1269 memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); 1270 1271 /* 1272 * Put in the original id. 1273 */ 1274 id = htons(tsig.originalid); 1275 memmove(&header[0], &id, 2); 1276 1277 /* 1278 * Digest the modified header. 1279 */ 1280 header_r.base = (unsigned char *)header; 1281 header_r.length = DNS_MESSAGE_HEADERLEN; 1282 ret = dst_context_adddata(ctx, &header_r); 1283 if (ret != ISC_R_SUCCESS) { 1284 goto cleanup_context; 1285 } 1286 1287 /* 1288 * Digest all non-TSIG records. 1289 */ 1290 isc_buffer_usedregion(source, &source_r); 1291 r.base = source_r.base + DNS_MESSAGE_HEADERLEN; 1292 r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN; 1293 ret = dst_context_adddata(ctx, &r); 1294 if (ret != ISC_R_SUCCESS) { 1295 goto cleanup_context; 1296 } 1297 1298 /* 1299 * Digest the key name. 1300 */ 1301 dns_name_toregion(&tsigkey->name, &r); 1302 ret = dst_context_adddata(ctx, &r); 1303 if (ret != ISC_R_SUCCESS) { 1304 goto cleanup_context; 1305 } 1306 1307 isc_buffer_init(&databuf, data, sizeof(data)); 1308 isc_buffer_putuint16(&databuf, tsig.common.rdclass); 1309 isc_buffer_putuint32(&databuf, msg->tsig->ttl); 1310 isc_buffer_usedregion(&databuf, &r); 1311 ret = dst_context_adddata(ctx, &r); 1312 if (ret != ISC_R_SUCCESS) { 1313 goto cleanup_context; 1314 } 1315 1316 /* 1317 * Digest the key algorithm. 1318 */ 1319 dns_name_toregion(tsigkey->algorithm, &r); 1320 ret = dst_context_adddata(ctx, &r); 1321 if (ret != ISC_R_SUCCESS) { 1322 goto cleanup_context; 1323 } 1324 1325 isc_buffer_clear(&databuf); 1326 isc_buffer_putuint48(&databuf, tsig.timesigned); 1327 isc_buffer_putuint16(&databuf, tsig.fudge); 1328 isc_buffer_putuint16(&databuf, tsig.error); 1329 isc_buffer_putuint16(&databuf, tsig.otherlen); 1330 isc_buffer_usedregion(&databuf, &r); 1331 ret = dst_context_adddata(ctx, &r); 1332 if (ret != ISC_R_SUCCESS) { 1333 goto cleanup_context; 1334 } 1335 1336 if (tsig.otherlen > 0) { 1337 r.base = tsig.other; 1338 r.length = tsig.otherlen; 1339 ret = dst_context_adddata(ctx, &r); 1340 if (ret != ISC_R_SUCCESS) { 1341 goto cleanup_context; 1342 } 1343 } 1344 1345 ret = dst_context_verify(ctx, &sig_r); 1346 if (ret == DST_R_VERIFYFAILURE) { 1347 ret = DNS_R_TSIGVERIFYFAILURE; 1348 tsig_log(msg->tsigkey, 2, 1349 "signature failed to verify(1)"); 1350 goto cleanup_context; 1351 } else if (ret != ISC_R_SUCCESS) { 1352 goto cleanup_context; 1353 } 1354 msg->verified_sig = 1; 1355 } else if (!response || (tsig.error != dns_tsigerror_badsig && 1356 tsig.error != dns_tsigerror_badkey)) 1357 { 1358 tsig_log(msg->tsigkey, 2, "signature was empty"); 1359 return (DNS_R_TSIGVERIFYFAILURE); 1360 } 1361 1362 /* 1363 * Here at this point, the MAC has been verified. Even if any of 1364 * the following code returns a TSIG error, the reply will be 1365 * signed and WILL always include the request MAC in the digest 1366 * computation. 1367 */ 1368 1369 /* 1370 * Is the time ok? 1371 */ 1372 if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) { 1373 msg->tsigstatus = dns_tsigerror_badtime; 1374 tsig_log(msg->tsigkey, 2, "signature has expired"); 1375 ret = DNS_R_CLOCKSKEW; 1376 goto cleanup_context; 1377 } else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) { 1378 msg->tsigstatus = dns_tsigerror_badtime; 1379 tsig_log(msg->tsigkey, 2, "signature is in the future"); 1380 ret = DNS_R_CLOCKSKEW; 1381 goto cleanup_context; 1382 } 1383 1384 if (dns__tsig_algvalid(alg)) { 1385 uint16_t digestbits = dst_key_getbits(key); 1386 1387 if (tsig.siglen > 0 && digestbits != 0 && 1388 tsig.siglen < ((digestbits + 7) / 8)) 1389 { 1390 msg->tsigstatus = dns_tsigerror_badtrunc; 1391 tsig_log(msg->tsigkey, 2, 1392 "truncated signature length too small"); 1393 ret = DNS_R_TSIGVERIFYFAILURE; 1394 goto cleanup_context; 1395 } 1396 if (tsig.siglen > 0 && digestbits == 0 && tsig.siglen < siglen) 1397 { 1398 msg->tsigstatus = dns_tsigerror_badtrunc; 1399 tsig_log(msg->tsigkey, 2, "signature length too small"); 1400 ret = DNS_R_TSIGVERIFYFAILURE; 1401 goto cleanup_context; 1402 } 1403 } 1404 1405 if (response && tsig.error != dns_rcode_noerror) { 1406 msg->tsigstatus = tsig.error; 1407 if (tsig.error == dns_tsigerror_badtime) { 1408 ret = DNS_R_CLOCKSKEW; 1409 } else { 1410 ret = DNS_R_TSIGERRORSET; 1411 } 1412 goto cleanup_context; 1413 } 1414 1415 msg->tsigstatus = dns_rcode_noerror; 1416 ret = ISC_R_SUCCESS; 1417 1418 cleanup_context: 1419 if (ctx != NULL) { 1420 dst_context_destroy(&ctx); 1421 } 1422 1423 return (ret); 1424 } 1425 1426 static isc_result_t 1427 tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { 1428 dns_rdata_any_tsig_t tsig, querytsig; 1429 isc_region_t r, source_r, header_r, sig_r; 1430 isc_buffer_t databuf; 1431 unsigned char data[32]; 1432 dns_name_t *keyname; 1433 dns_rdata_t rdata = DNS_RDATA_INIT; 1434 isc_stdtime_t now; 1435 isc_result_t ret; 1436 dns_tsigkey_t *tsigkey; 1437 dst_key_t *key = NULL; 1438 unsigned char header[DNS_MESSAGE_HEADERLEN]; 1439 uint16_t addcount, id; 1440 bool has_tsig = false; 1441 isc_mem_t *mctx; 1442 unsigned int siglen; 1443 unsigned int alg; 1444 1445 REQUIRE(source != NULL); 1446 REQUIRE(msg != NULL); 1447 REQUIRE(dns_message_gettsigkey(msg) != NULL); 1448 REQUIRE(msg->tcp_continuation == 1); 1449 REQUIRE(msg->querytsig != NULL); 1450 1451 msg->verified_sig = 0; 1452 msg->tsigstatus = dns_tsigerror_badsig; 1453 1454 if (!is_response(msg)) { 1455 return (DNS_R_EXPECTEDRESPONSE); 1456 } 1457 1458 mctx = msg->mctx; 1459 1460 tsigkey = dns_message_gettsigkey(msg); 1461 key = tsigkey->key; 1462 1463 /* 1464 * Extract and parse the previous TSIG 1465 */ 1466 ret = dns_rdataset_first(msg->querytsig); 1467 if (ret != ISC_R_SUCCESS) { 1468 return (ret); 1469 } 1470 dns_rdataset_current(msg->querytsig, &rdata); 1471 ret = dns_rdata_tostruct(&rdata, &querytsig, NULL); 1472 if (ret != ISC_R_SUCCESS) { 1473 return (ret); 1474 } 1475 dns_rdata_reset(&rdata); 1476 1477 /* 1478 * If there is a TSIG in this message, do some checks. 1479 */ 1480 if (msg->tsig != NULL) { 1481 has_tsig = true; 1482 1483 keyname = msg->tsigname; 1484 ret = dns_rdataset_first(msg->tsig); 1485 if (ret != ISC_R_SUCCESS) { 1486 goto cleanup_querystruct; 1487 } 1488 dns_rdataset_current(msg->tsig, &rdata); 1489 ret = dns_rdata_tostruct(&rdata, &tsig, NULL); 1490 if (ret != ISC_R_SUCCESS) { 1491 goto cleanup_querystruct; 1492 } 1493 1494 /* 1495 * Do the key name and algorithm match that of the query? 1496 */ 1497 if (!dns_name_equal(keyname, &tsigkey->name) || 1498 !dns_name_equal(&tsig.algorithm, &querytsig.algorithm)) 1499 { 1500 msg->tsigstatus = dns_tsigerror_badkey; 1501 ret = DNS_R_TSIGVERIFYFAILURE; 1502 tsig_log(msg->tsigkey, 2, 1503 "key name and algorithm do not match"); 1504 goto cleanup_querystruct; 1505 } 1506 1507 /* 1508 * Check digest length. 1509 */ 1510 alg = dst_key_alg(key); 1511 ret = dst_key_sigsize(key, &siglen); 1512 if (ret != ISC_R_SUCCESS) { 1513 goto cleanup_querystruct; 1514 } 1515 if (dns__tsig_algvalid(alg)) { 1516 if (tsig.siglen > siglen) { 1517 tsig_log(tsigkey, 2, 1518 "signature length too big"); 1519 ret = DNS_R_FORMERR; 1520 goto cleanup_querystruct; 1521 } 1522 if (tsig.siglen > 0 && 1523 (tsig.siglen < 10 || 1524 tsig.siglen < ((siglen + 1) / 2))) 1525 { 1526 tsig_log(tsigkey, 2, 1527 "signature length below minimum"); 1528 ret = DNS_R_FORMERR; 1529 goto cleanup_querystruct; 1530 } 1531 } 1532 } 1533 1534 if (msg->tsigctx == NULL) { 1535 ret = dst_context_create(key, mctx, DNS_LOGCATEGORY_DNSSEC, 1536 false, 0, &msg->tsigctx); 1537 if (ret != ISC_R_SUCCESS) { 1538 goto cleanup_querystruct; 1539 } 1540 1541 /* 1542 * Digest the length of the query signature 1543 */ 1544 isc_buffer_init(&databuf, data, sizeof(data)); 1545 isc_buffer_putuint16(&databuf, querytsig.siglen); 1546 isc_buffer_usedregion(&databuf, &r); 1547 ret = dst_context_adddata(msg->tsigctx, &r); 1548 if (ret != ISC_R_SUCCESS) { 1549 goto cleanup_context; 1550 } 1551 1552 /* 1553 * Digest the data of the query signature 1554 */ 1555 if (querytsig.siglen > 0) { 1556 r.length = querytsig.siglen; 1557 r.base = querytsig.signature; 1558 ret = dst_context_adddata(msg->tsigctx, &r); 1559 if (ret != ISC_R_SUCCESS) { 1560 goto cleanup_context; 1561 } 1562 } 1563 } 1564 1565 /* 1566 * Extract the header. 1567 */ 1568 isc_buffer_usedregion(source, &r); 1569 memmove(header, r.base, DNS_MESSAGE_HEADERLEN); 1570 isc_region_consume(&r, DNS_MESSAGE_HEADERLEN); 1571 1572 /* 1573 * Decrement the additional field counter if necessary. 1574 */ 1575 if (has_tsig) { 1576 uint16_t addcount_n; 1577 1578 memmove(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2); 1579 addcount_n = ntohs(addcount); 1580 addcount = htons((uint16_t)(addcount_n - 1)); 1581 memmove(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2); 1582 1583 /* 1584 * Put in the original id. 1585 * 1586 * XXX Can TCP transfers be forwarded? How would that 1587 * work? 1588 */ 1589 /* cppcheck-suppress uninitStructMember 1590 * symbolName=tsig.originalid */ 1591 id = htons(tsig.originalid); 1592 memmove(&header[0], &id, 2); 1593 } 1594 1595 /* 1596 * Digest the modified header. 1597 */ 1598 header_r.base = (unsigned char *)header; 1599 header_r.length = DNS_MESSAGE_HEADERLEN; 1600 ret = dst_context_adddata(msg->tsigctx, &header_r); 1601 if (ret != ISC_R_SUCCESS) { 1602 goto cleanup_context; 1603 } 1604 1605 /* 1606 * Digest all non-TSIG records. 1607 */ 1608 isc_buffer_usedregion(source, &source_r); 1609 r.base = source_r.base + DNS_MESSAGE_HEADERLEN; 1610 if (has_tsig) { 1611 r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN; 1612 } else { 1613 r.length = source_r.length - DNS_MESSAGE_HEADERLEN; 1614 } 1615 ret = dst_context_adddata(msg->tsigctx, &r); 1616 if (ret != ISC_R_SUCCESS) { 1617 goto cleanup_context; 1618 } 1619 1620 /* 1621 * Digest the time signed and fudge. 1622 */ 1623 if (has_tsig) { 1624 isc_buffer_init(&databuf, data, sizeof(data)); 1625 isc_buffer_putuint48(&databuf, tsig.timesigned); 1626 isc_buffer_putuint16(&databuf, tsig.fudge); 1627 isc_buffer_usedregion(&databuf, &r); 1628 ret = dst_context_adddata(msg->tsigctx, &r); 1629 if (ret != ISC_R_SUCCESS) { 1630 goto cleanup_context; 1631 } 1632 1633 sig_r.base = tsig.signature; 1634 sig_r.length = tsig.siglen; 1635 if (tsig.siglen == 0) { 1636 if (tsig.error != dns_rcode_noerror) { 1637 msg->tsigstatus = tsig.error; 1638 if (tsig.error == dns_tsigerror_badtime) { 1639 ret = DNS_R_CLOCKSKEW; 1640 } else { 1641 ret = DNS_R_TSIGERRORSET; 1642 } 1643 } else { 1644 tsig_log(msg->tsigkey, 2, "signature is empty"); 1645 ret = DNS_R_TSIGVERIFYFAILURE; 1646 } 1647 goto cleanup_context; 1648 } 1649 1650 ret = dst_context_verify(msg->tsigctx, &sig_r); 1651 if (ret == DST_R_VERIFYFAILURE) { 1652 tsig_log(msg->tsigkey, 2, 1653 "signature failed to verify(2)"); 1654 ret = DNS_R_TSIGVERIFYFAILURE; 1655 goto cleanup_context; 1656 } else if (ret != ISC_R_SUCCESS) { 1657 goto cleanup_context; 1658 } 1659 msg->verified_sig = 1; 1660 1661 /* 1662 * Here at this point, the MAC has been verified. Even 1663 * if any of the following code returns a TSIG error, 1664 * the reply will be signed and WILL always include the 1665 * request MAC in the digest computation. 1666 */ 1667 1668 /* 1669 * Is the time ok? 1670 */ 1671 isc_stdtime_get(&now); 1672 1673 if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) { 1674 msg->tsigstatus = dns_tsigerror_badtime; 1675 tsig_log(msg->tsigkey, 2, "signature has expired"); 1676 ret = DNS_R_CLOCKSKEW; 1677 goto cleanup_context; 1678 } else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) 1679 { 1680 msg->tsigstatus = dns_tsigerror_badtime; 1681 tsig_log(msg->tsigkey, 2, "signature is in the future"); 1682 ret = DNS_R_CLOCKSKEW; 1683 goto cleanup_context; 1684 } 1685 1686 alg = dst_key_alg(key); 1687 ret = dst_key_sigsize(key, &siglen); 1688 if (ret != ISC_R_SUCCESS) { 1689 goto cleanup_context; 1690 } 1691 if (dns__tsig_algvalid(alg)) { 1692 uint16_t digestbits = dst_key_getbits(key); 1693 1694 if (tsig.siglen > 0 && digestbits != 0 && 1695 tsig.siglen < ((digestbits + 7) / 8)) 1696 { 1697 msg->tsigstatus = dns_tsigerror_badtrunc; 1698 tsig_log(msg->tsigkey, 2, 1699 "truncated signature length " 1700 "too small"); 1701 ret = DNS_R_TSIGVERIFYFAILURE; 1702 goto cleanup_context; 1703 } 1704 if (tsig.siglen > 0 && digestbits == 0 && 1705 tsig.siglen < siglen) 1706 { 1707 msg->tsigstatus = dns_tsigerror_badtrunc; 1708 tsig_log(msg->tsigkey, 2, 1709 "signature length too small"); 1710 ret = DNS_R_TSIGVERIFYFAILURE; 1711 goto cleanup_context; 1712 } 1713 } 1714 1715 if (tsig.error != dns_rcode_noerror) { 1716 msg->tsigstatus = tsig.error; 1717 if (tsig.error == dns_tsigerror_badtime) { 1718 ret = DNS_R_CLOCKSKEW; 1719 } else { 1720 ret = DNS_R_TSIGERRORSET; 1721 } 1722 goto cleanup_context; 1723 } 1724 } 1725 1726 msg->tsigstatus = dns_rcode_noerror; 1727 ret = ISC_R_SUCCESS; 1728 1729 cleanup_context: 1730 /* 1731 * Except in error conditions, don't destroy the DST context 1732 * for unsigned messages; it is a running sum till the next 1733 * TSIG signed message. 1734 */ 1735 if ((ret != ISC_R_SUCCESS || has_tsig) && msg->tsigctx != NULL) { 1736 dst_context_destroy(&msg->tsigctx); 1737 } 1738 1739 cleanup_querystruct: 1740 dns_rdata_freestruct(&querytsig); 1741 1742 return (ret); 1743 } 1744 1745 isc_result_t 1746 dns_tsigkey_find(dns_tsigkey_t **tsigkey, const dns_name_t *name, 1747 const dns_name_t *algorithm, dns_tsig_keyring_t *ring) { 1748 dns_tsigkey_t *key; 1749 isc_stdtime_t now; 1750 isc_result_t result; 1751 1752 REQUIRE(tsigkey != NULL); 1753 REQUIRE(*tsigkey == NULL); 1754 REQUIRE(name != NULL); 1755 REQUIRE(ring != NULL); 1756 1757 RWLOCK(&ring->lock, isc_rwlocktype_write); 1758 cleanup_ring(ring); 1759 RWUNLOCK(&ring->lock, isc_rwlocktype_write); 1760 1761 isc_stdtime_get(&now); 1762 RWLOCK(&ring->lock, isc_rwlocktype_read); 1763 key = NULL; 1764 result = dns_rbt_findname(ring->keys, name, 0, NULL, (void *)&key); 1765 if (result == DNS_R_PARTIALMATCH || result == ISC_R_NOTFOUND) { 1766 RWUNLOCK(&ring->lock, isc_rwlocktype_read); 1767 return (ISC_R_NOTFOUND); 1768 } 1769 if (algorithm != NULL && !dns_name_equal(key->algorithm, algorithm)) { 1770 RWUNLOCK(&ring->lock, isc_rwlocktype_read); 1771 return (ISC_R_NOTFOUND); 1772 } 1773 if (key->inception != key->expire && isc_serial_lt(key->expire, now)) { 1774 /* 1775 * The key has expired. 1776 */ 1777 RWUNLOCK(&ring->lock, isc_rwlocktype_read); 1778 RWLOCK(&ring->lock, isc_rwlocktype_write); 1779 remove_fromring(key); 1780 RWUNLOCK(&ring->lock, isc_rwlocktype_write); 1781 return (ISC_R_NOTFOUND); 1782 } 1783 #if 0 1784 /* 1785 * MPAXXX We really should look at the inception time. 1786 */ 1787 if (key->inception != key->expire && 1788 isc_serial_lt(key->inception, now)) { 1789 RWUNLOCK(&ring->lock, isc_rwlocktype_read); 1790 adjust_lru(key); 1791 return (ISC_R_NOTFOUND); 1792 } 1793 #endif /* if 0 */ 1794 isc_refcount_increment(&key->refs); 1795 RWUNLOCK(&ring->lock, isc_rwlocktype_read); 1796 adjust_lru(key); 1797 *tsigkey = key; 1798 return (ISC_R_SUCCESS); 1799 } 1800 1801 static void 1802 free_tsignode(void *node, void *_unused) { 1803 dns_tsigkey_t *key; 1804 1805 REQUIRE(node != NULL); 1806 1807 UNUSED(_unused); 1808 1809 key = node; 1810 if (key->generated) { 1811 if (ISC_LINK_LINKED(key, link)) { 1812 ISC_LIST_UNLINK(key->ring->lru, key, link); 1813 } 1814 } 1815 dns_tsigkey_detach(&key); 1816 } 1817 1818 isc_result_t 1819 dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) { 1820 isc_result_t result; 1821 dns_tsig_keyring_t *ring; 1822 1823 REQUIRE(mctx != NULL); 1824 REQUIRE(ringp != NULL); 1825 REQUIRE(*ringp == NULL); 1826 1827 ring = isc_mem_get(mctx, sizeof(dns_tsig_keyring_t)); 1828 1829 isc_rwlock_init(&ring->lock, 0, 0); 1830 ring->keys = NULL; 1831 result = dns_rbt_create(mctx, free_tsignode, NULL, &ring->keys); 1832 if (result != ISC_R_SUCCESS) { 1833 isc_rwlock_destroy(&ring->lock); 1834 isc_mem_put(mctx, ring, sizeof(dns_tsig_keyring_t)); 1835 return (result); 1836 } 1837 1838 ring->writecount = 0; 1839 ring->mctx = NULL; 1840 ring->generated = 0; 1841 ring->maxgenerated = DNS_TSIG_MAXGENERATEDKEYS; 1842 ISC_LIST_INIT(ring->lru); 1843 isc_mem_attach(mctx, &ring->mctx); 1844 isc_refcount_init(&ring->references, 1); 1845 1846 *ringp = ring; 1847 return (ISC_R_SUCCESS); 1848 } 1849 1850 isc_result_t 1851 dns_tsigkeyring_add(dns_tsig_keyring_t *ring, const dns_name_t *name, 1852 dns_tsigkey_t *tkey) { 1853 isc_result_t result; 1854 1855 result = keyring_add(ring, name, tkey); 1856 if (result == ISC_R_SUCCESS) { 1857 isc_refcount_increment(&tkey->refs); 1858 } 1859 1860 return (result); 1861 } 1862 1863 void 1864 dns_tsigkeyring_attach(dns_tsig_keyring_t *source, 1865 dns_tsig_keyring_t **target) { 1866 REQUIRE(source != NULL); 1867 REQUIRE(target != NULL && *target == NULL); 1868 1869 isc_refcount_increment(&source->references); 1870 1871 *target = source; 1872 } 1873 1874 void 1875 dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp) { 1876 dns_tsig_keyring_t *ring; 1877 1878 REQUIRE(ringp != NULL); 1879 REQUIRE(*ringp != NULL); 1880 1881 ring = *ringp; 1882 *ringp = NULL; 1883 1884 if (isc_refcount_decrement(&ring->references) == 1) { 1885 destroyring(ring); 1886 } 1887 } 1888 1889 void 1890 dns_keyring_restore(dns_tsig_keyring_t *ring, FILE *fp) { 1891 isc_stdtime_t now; 1892 isc_result_t result; 1893 1894 isc_stdtime_get(&now); 1895 do { 1896 result = restore_key(ring, now, fp); 1897 if (result == ISC_R_NOMORE) { 1898 return; 1899 } 1900 if (result == DNS_R_BADALG || result == DNS_R_EXPIRED) { 1901 result = ISC_R_SUCCESS; 1902 } 1903 } while (result == ISC_R_SUCCESS); 1904 } 1905