1933707f3Ssthen /* 2933707f3Ssthen * validator/autotrust.h - RFC5011 trust anchor management for unbound. 3933707f3Ssthen * 4933707f3Ssthen * Copyright (c) 2009, NLnet Labs. All rights reserved. 5933707f3Ssthen * 6933707f3Ssthen * This software is open source. 7933707f3Ssthen * 8933707f3Ssthen * Redistribution and use in source and binary forms, with or without 9933707f3Ssthen * modification, are permitted provided that the following conditions 10933707f3Ssthen * are met: 11933707f3Ssthen * 12933707f3Ssthen * Redistributions of source code must retain the above copyright notice, 13933707f3Ssthen * this list of conditions and the following disclaimer. 14933707f3Ssthen * 15933707f3Ssthen * Redistributions in binary form must reproduce the above copyright notice, 16933707f3Ssthen * this list of conditions and the following disclaimer in the documentation 17933707f3Ssthen * and/or other materials provided with the distribution. 18933707f3Ssthen * 19933707f3Ssthen * Neither the name of the NLNET LABS nor the names of its contributors may 20933707f3Ssthen * be used to endorse or promote products derived from this software without 21933707f3Ssthen * specific prior written permission. 22933707f3Ssthen * 23933707f3Ssthen * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 245d76a658Ssthen * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 255d76a658Ssthen * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 265d76a658Ssthen * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 275d76a658Ssthen * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 285d76a658Ssthen * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 295d76a658Ssthen * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 305d76a658Ssthen * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 315d76a658Ssthen * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 325d76a658Ssthen * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 335d76a658Ssthen * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34933707f3Ssthen */ 35933707f3Ssthen 36933707f3Ssthen /** 37933707f3Ssthen * \file 38933707f3Ssthen * 39933707f3Ssthen * Contains autotrust definitions. 40933707f3Ssthen */ 41933707f3Ssthen 42933707f3Ssthen #ifndef VALIDATOR_AUTOTRUST_H 43933707f3Ssthen #define VALIDATOR_AUTOTRUST_H 44933707f3Ssthen #include "util/rbtree.h" 45933707f3Ssthen #include "util/data/packed_rrset.h" 46933707f3Ssthen struct val_anchors; 47933707f3Ssthen struct trust_anchor; 48933707f3Ssthen struct ub_packed_rrset_key; 49933707f3Ssthen struct module_env; 50bdfc4d55Sflorian struct module_qstate; 51933707f3Ssthen struct val_env; 525d76a658Ssthen struct sldns_buffer; 53933707f3Ssthen 54933707f3Ssthen /** Autotrust anchor states */ 55933707f3Ssthen typedef enum { 56933707f3Ssthen AUTR_STATE_START = 0, 57933707f3Ssthen AUTR_STATE_ADDPEND = 1, 58933707f3Ssthen AUTR_STATE_VALID = 2, 59933707f3Ssthen AUTR_STATE_MISSING = 3, 60933707f3Ssthen AUTR_STATE_REVOKED = 4, 61933707f3Ssthen AUTR_STATE_REMOVED = 5 6277079be7Ssthen } autr_state_type; 63933707f3Ssthen 64933707f3Ssthen /** 65933707f3Ssthen * Autotrust metadata for one trust anchor key. 66933707f3Ssthen */ 67933707f3Ssthen struct autr_ta { 68933707f3Ssthen /** next key */ 69933707f3Ssthen struct autr_ta* next; 70933707f3Ssthen /** the RR */ 715d76a658Ssthen uint8_t* rr; 725d76a658Ssthen /** length of rr */ 735d76a658Ssthen size_t rr_len, dname_len; 74933707f3Ssthen /** last update of key state (new pending count keeps date the same) */ 75933707f3Ssthen time_t last_change; 76933707f3Ssthen /** 5011 state */ 7777079be7Ssthen autr_state_type s; 78933707f3Ssthen /** pending count */ 79933707f3Ssthen uint8_t pending_count; 80933707f3Ssthen /** fresh TA was seen */ 81933707f3Ssthen uint8_t fetched; 82933707f3Ssthen /** revoked TA was seen */ 83933707f3Ssthen uint8_t revoked; 84933707f3Ssthen }; 85933707f3Ssthen 86933707f3Ssthen /** 87933707f3Ssthen * Autotrust metadata for a trust point. 88933707f3Ssthen * This is part of the struct trust_anchor data. 89933707f3Ssthen */ 90933707f3Ssthen struct autr_point_data { 91933707f3Ssthen /** file to store the trust point in. chrootdir already applied. */ 92933707f3Ssthen char* file; 93933707f3Ssthen /** rbtree node for probe sort, key is struct trust_anchor */ 9477079be7Ssthen rbnode_type pnode; 95933707f3Ssthen 96933707f3Ssthen /** the keys */ 97933707f3Ssthen struct autr_ta* keys; 98933707f3Ssthen 99933707f3Ssthen /** last queried DNSKEY set 100933707f3Ssthen * Not all failures are captured in this entry. 101933707f3Ssthen * If the validator did not even start (e.g. timeout or localservfail), 102933707f3Ssthen * then the last_queried and query_failed values are not updated. 103933707f3Ssthen */ 104933707f3Ssthen time_t last_queried; 105933707f3Ssthen /** last successful DNSKEY set */ 106933707f3Ssthen time_t last_success; 107933707f3Ssthen /** next probe time */ 108933707f3Ssthen time_t next_probe_time; 109933707f3Ssthen 110933707f3Ssthen /** when to query if !failed */ 111229e174cSsthen time_t query_interval; 112933707f3Ssthen /** when to retry if failed */ 113229e174cSsthen time_t retry_time; 114933707f3Ssthen 115933707f3Ssthen /** 116933707f3Ssthen * How many times did it fail. diagnostic only (has no effect). 117933707f3Ssthen * Only updated if there was a dnskey rrset that failed to verify. 118933707f3Ssthen */ 119933707f3Ssthen uint8_t query_failed; 120933707f3Ssthen /** true if the trust point has been revoked */ 121933707f3Ssthen uint8_t revoked; 122933707f3Ssthen }; 123933707f3Ssthen 124933707f3Ssthen /** 125933707f3Ssthen * Autotrust global metadata. 126933707f3Ssthen */ 127933707f3Ssthen struct autr_global_data { 128933707f3Ssthen /** rbtree of autotrust anchors sorted by next probe time. 129933707f3Ssthen * When time is equal, sorted by anchor class, name. */ 13077079be7Ssthen rbtree_type probe; 131933707f3Ssthen }; 132933707f3Ssthen 133933707f3Ssthen /** 134933707f3Ssthen * Create new global 5011 data structure. 135933707f3Ssthen * @return new structure or NULL on malloc failure. 136933707f3Ssthen */ 137933707f3Ssthen struct autr_global_data* autr_global_create(void); 138933707f3Ssthen 139933707f3Ssthen /** 140933707f3Ssthen * Delete global 5011 data structure. 141933707f3Ssthen * @param global: global autotrust state to delete. 142933707f3Ssthen */ 143933707f3Ssthen void autr_global_delete(struct autr_global_data* global); 144933707f3Ssthen 145933707f3Ssthen /** 146933707f3Ssthen * See if autotrust anchors are configured and how many. 147933707f3Ssthen * @param anchors: the trust anchors structure. 148933707f3Ssthen * @return number of autotrust trust anchors 149933707f3Ssthen */ 150933707f3Ssthen size_t autr_get_num_anchors(struct val_anchors* anchors); 151933707f3Ssthen 152933707f3Ssthen /** 153933707f3Ssthen * Process probe timer. Add new probes if needed. 154933707f3Ssthen * @param env: module environment with time, with anchors and with the mesh. 155933707f3Ssthen * @return time of next probe (in seconds from now). 156933707f3Ssthen * If 0, then there is no next probe anymore (trust points deleted). 157933707f3Ssthen */ 158229e174cSsthen time_t autr_probe_timer(struct module_env* env); 159933707f3Ssthen 160933707f3Ssthen /** probe tree compare function */ 161933707f3Ssthen int probetree_cmp(const void* x, const void* y); 162933707f3Ssthen 163933707f3Ssthen /** 164933707f3Ssthen * Read autotrust file. 165933707f3Ssthen * @param anchors: the anchors structure. 166933707f3Ssthen * @param nm: name of the file (copied). 167933707f3Ssthen * @return false on failure. 168933707f3Ssthen */ 169933707f3Ssthen int autr_read_file(struct val_anchors* anchors, const char* nm); 170933707f3Ssthen 171933707f3Ssthen /** 172933707f3Ssthen * Write autotrust file. 173933707f3Ssthen * @param env: environment with scratch space. 174933707f3Ssthen * @param tp: trust point to write. 175933707f3Ssthen */ 176933707f3Ssthen void autr_write_file(struct module_env* env, struct trust_anchor* tp); 177933707f3Ssthen 178933707f3Ssthen /** 179933707f3Ssthen * Delete autr anchor, deletes the autr data but does not do 180933707f3Ssthen * unlinking from trees, caller does that. 181933707f3Ssthen * @param tp: trust point to delete. 182933707f3Ssthen */ 183933707f3Ssthen void autr_point_delete(struct trust_anchor* tp); 184933707f3Ssthen 185933707f3Ssthen /** 186933707f3Ssthen * Perform autotrust processing. 187933707f3Ssthen * @param env: qstate environment with the anchors structure. 188933707f3Ssthen * @param ve: validator environment for verification of rrsigs. 189933707f3Ssthen * @param tp: trust anchor to process. 190933707f3Ssthen * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result). 191933707f3Ssthen * allocated in a region. Has not been validated yet. 192bdfc4d55Sflorian * @param qstate: qstate with region. 193933707f3Ssthen * @return false if trust anchor was revoked completely. 194933707f3Ssthen * Otherwise logs errors to log, does not change return value. 195933707f3Ssthen * On errors, likely the trust point has been unchanged. 196933707f3Ssthen */ 197933707f3Ssthen int autr_process_prime(struct module_env* env, struct val_env* ve, 198bdfc4d55Sflorian struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset, 199bdfc4d55Sflorian struct module_qstate* qstate); 200933707f3Ssthen 201933707f3Ssthen /** 202933707f3Ssthen * Debug printout of rfc5011 tracked anchors 203933707f3Ssthen * @param anchors: all the anchors. 204933707f3Ssthen */ 205933707f3Ssthen void autr_debug_print(struct val_anchors* anchors); 206933707f3Ssthen 207933707f3Ssthen /** callback for query answer to 5011 probe */ 2085d76a658Ssthen void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf, 209*2308e98cSsthen enum sec_status sec, char* errinf, int was_ratelimited); 210933707f3Ssthen 211933707f3Ssthen #endif /* VALIDATOR_AUTOTRUST_H */ 212